Move OTT to Director (#1741)

kyma-incubator · Mar 11, 2021 · 4c52cc0 · 4c52cc0
1 parent ba0894d
commit 4c52cc0
Show file tree

Hide file tree

Showing 123 changed files with 4,750 additions and 2,958 deletions.
diff --git a/chart/compass/charts/connectivity-adapter/templates/tests/tests.yaml b/chart/compass/charts/connectivity-adapter/templates/tests/tests.yaml
@@ -34,7 +34,7 @@ spec:
             - name: APP_CONNECTIVITY_ADAPTER_URL
               value: http://compass-connectivity-adapter.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.global.connectivity_adapter.port }}
             - name: APP_DIRECTOR_URL
-              value: http://compass-director.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.global.director.port }}/graphql
+              value: http://compass-director.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.global.director.graphql.external.port }}/graphql
             - name: APP_SKIP_SSL_VERIFY
               value: {{ .Values.tests.skipTLSVerify | quote }}
             - name: APP_CONNECTIVITY_ADAPTER_URL
@@ -44,7 +44,7 @@ spec:
             - name: APP_TENANT
               value: {{ .Values.global.defaultTenant | quote }}
             - name: APP_DIRECTOR_HEALTHZ_URL
-              value: "http://compass-director.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.global.director.port }}/healthz"
+              value: "http://compass-director.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.global.director.graphql.external.port }}/healthz"
           command:
             - "/bin/sh"
           args:

diff --git a/chart/compass/charts/connector/templates/deployment.yaml b/chart/compass/charts/connector/templates/deployment.yaml
@@ -11,6 +11,7 @@ metadata:
     app.kubernetes.io/managed-by: {{ .Release.Service }}
     app.kubernetes.io/instance: {{ .Release.Name }}
 spec:
+  replicas: {{ .Values.deployment.replicaCount }}
   selector:
     matchLabels:
       app: {{ .Chart.Name }}
@@ -38,9 +39,6 @@ spec:
             - name: http-gql-ext
               containerPort: {{ .Values.global.connector.graphql.external.port }}
               protocol: TCP
-            - name: http-gql-int
-              containerPort: {{ .Values.global.connector.graphql.internal.port }}
-              protocol: TCP
             - name: http-validator
               containerPort: {{ .Values.global.connector.validator.port }}
               protocol: TCP
@@ -49,18 +47,10 @@ spec:
           env:
             - name: APP_EXTERNAL_ADDRESS
               value: "0.0.0.0:{{ .Values.global.connector.graphql.external.port }}"
-            - name: APP_INTERNAL_ADDRESS
-              value: "0.0.0.0:{{ .Values.global.connector.graphql.internal.port }}"
             - name: APP_HYDRATOR_ADDRESS
               value: "0.0.0.0:{{ .Values.global.connector.validator.port }}"
             - name: APP_PLAYGROUND_API_ENDPOINT
               value: "{{ .Values.global.connector.prefix }}/graphql"
-            - name: APP_TOKEN_LENGTH
-              value: {{ .Values.deployment.args.token.length | quote }}
-            - name: APP_TOKEN_RUNTIME_EXPIRATION
-              value: {{ .Values.deployment.args.token.runtimeExpiration | quote }}
-            - name: APP_TOKEN_APPLICATION_EXPIRATION
-              value: {{ .Values.deployment.args.token.applicationExpiration | quote }}
             - name: APP_CERTIFICATE_VALIDITY_TIME
               value: {{ .Values.deployment.args.certificateValidityTime | quote }}
             - name: APP_CA_SECRET_NAME
@@ -97,6 +87,8 @@ spec:
               value: {{ .Values.deployment.kubernetesClient.pollInterval | quote }}
             - name: APP_KUBERNETES_CLIENT_POLL_TIMEOUT
               value: {{ .Values.deployment.kubernetesClient.pollTimeout | quote }}
+            - name: APP_ONE_TIME_TOKEN_URL
+              value: "http://compass-director.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.global.director.graphql.internal.port }}/graphql"
           {{- with .Values.deployment.securityContext }}
           securityContext:
 {{ toYaml . | indent 12 }}

diff --git a/chart/compass/charts/connector/templates/service-role-binding.yaml b/chart/compass/charts/connector/templates/service-role-binding.yaml
diff --git a/chart/compass/charts/connector/templates/service.yaml b/chart/compass/charts/connector/templates/service.yaml
@@ -19,9 +19,6 @@ spec:
     - port: {{ .Values.global.connector.validator.port }}
       protocol: TCP
       name: http-validator
-    - port: {{ .Values.global.connector.graphql.internal.port }}
-      protocol: TCP
-      name: http-gql-int
     - port: {{ .Values.global.istio.proxy.port }}
       protocol: TCP
       name: proxy-status

diff --git a/chart/compass/charts/connector/templates/tests/role-binding.yaml b/chart/compass/charts/connector/templates/tests/role-binding.yaml
@@ -32,7 +32,7 @@ metadata:
 subjects:
 - kind: ServiceAccount
   name: {{ template "fullname" . }}-tests
-  namespace: {{ .Release.Namespace }}
+  namespace: kyma-system
 roleRef:
   kind: Role
   name: {{ template "fullname" . }}-{{ .Values.global.connector.revocation.configmap.name }}-tests

diff --git a/chart/compass/charts/connector/templates/tests/service-account.yaml b/chart/compass/charts/connector/templates/tests/service-account.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: {{ template "fullname" . }}-tests
-  namespace: {{ .Release.Namespace }}
+  namespace: kyma-system
   labels:
     release: {{ .Release.Name }}
     helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}

diff --git a/chart/compass/charts/connector/templates/tests/test-connector.yaml b/chart/compass/charts/connector/templates/tests/test-connector.yaml
@@ -9,6 +9,7 @@ metadata:
     app.kubernetes.io/name: {{ template "name" . }}-tests
     app.kubernetes.io/managed-by: {{ .Release.Service }}
     app.kubernetes.io/instance: {{ .Release.Name }}
+  namespace: kyma-system
 spec:
   disableConcurrency: true
   template:
@@ -24,20 +25,34 @@ spec:
         image: {{ .Values.global.images.containerRegistry.path }}/{{ .Values.global.images.tests.connector.dir }}connector-tests:{{ .Values.global.images.tests.connector.version }}
         imagePullPolicy: IfNotPresent
         env:
-        - name: APP_EXTERNAL_CONNECTOR_URL
-          value: 'http://{{ template "fullname" . }}:{{ .Values.global.connector.graphql.external.port }}/graphql'
-        - name: APP_INTERNAL_CONNECTOR_URL
-          value: 'http://{{ template "fullname" . }}:{{ .Values.global.connector.graphql.internal.port }}/graphql'
         - name: APP_CONNECTOR_URL
           value: 'https://{{ .Values.global.gateway.tls.host }}.{{ .Values.global.ingress.domainName }}{{ .Values.global.connector.prefix }}/graphql'
-        - name: APP_HYDRATOR_URL
-          value: 'http://{{ template "fullname" . }}:{{ .Values.global.connector.validator.port }}'
+        - name: APP_DIRECTOR_URL
+          value: 'https://{{ .Values.global.gateway.tls.host }}.{{ .Values.global.ingress.domainName }}{{ .Values.global.director.prefix }}/graphql'
+        - name: APP_CONNECTOR_HYDRATOR_URL
+          value: 'http://compass-connector.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.global.connector.validator.port }}'
+        - name: APP_DIRECTOR_HYDRATOR_URL
+          value: "http://compass-director.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.global.director.validator.port }}"
         - name: APP_CERTIFICATE_DATA_HEADER
           value: {{ .Values.global.connector.certificateDataHeader }}
         - name: APP_REVOCATION_CONFIG_MAP_NAMESPACE
           value: {{ tpl .Values.global.connector.revocation.configmap.namespace . }}
         - name: APP_REVOCATION_CONFIG_MAP_NAME
           value: {{ .Values.global.connector.revocation.configmap.name | quote }}
+        - name: APP_TENANT
+          value: "{{.Values.global.defaultTenant}}"
+        - name: DOMAIN
+          value: "{{ .Values.global.ingress.domainName }}"
+        - name: USER_EMAIL
+          valueFrom:
+            secretKeyRef:
+              name: admin-user
+              key: email
+        - name: USER_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: admin-user
+              key: password
         command:
         - "/bin/sh"
         args:
@@ -48,6 +63,7 @@ spec:
       hostAliases:
         - ip: {{ .Values.global.minikubeIP }}
           hostnames:
+            - "dex.{{ .Values.global.ingress.domainName }}"
             - "{{ .Values.global.gateway.tls.host }}.{{ .Values.global.ingress.domainName }}"
             - "{{ .Values.global.gateway.mtls.host }}.{{ .Values.global.ingress.domainName }}"
       {{ end }}
diff --git a/chart/compass/charts/connector/values.yaml b/chart/compass/charts/connector/values.yaml
@@ -1,4 +1,5 @@
 deployment:
+  replicaCount: 1
   image:
     pullPolicy: IfNotPresent
   resources: {}
@@ -31,10 +32,3 @@ certsSetupJob:
   generatedCertificateValidity: 92d
   securityContext: # Set on container level
     runAsUser: 2000
-
-istio:
-  rbac:
-    enabled: true
-    connectorInternalApi:
-      compassDirector: cluster.local/ns/{{ .Release.Namespace }}/sa/compass-director
-      compassConnectorTests: cluster.local/ns/{{ .Release.Namespace }}/sa/compass-connector-tests
diff --git a/chart/compass/charts/director/templates/authorization-policy.yaml b/chart/compass/charts/director/templates/authorization-policy.yaml
@@ -25,9 +25,18 @@ spec:
       - operation:
           ports:
           - "{{ .Values.global.director.operations.port }}"
+    - from:
+      - source:
+          principals:
+          - {{ tpl .Values.istio.rbac.directorInternalApi.compassConnector . }}
+      to:
+      - operation:
+          ports:
+          - "{{ .Values.global.director.graphql.internal.port }}"
     - to:
       - operation:
           ports:
-          - "{{ .Values.global.director.port }}"
-          - "{{ .Values.metrics.port }}"
-{{ end }}
+          - "{{ .Values.global.director.graphql.external.port }}"
+          - "{{ .Values.global.director.metrics.port }}"
+          - "{{ .Values.global.director.validator.port }}"
+{{ end }}
diff --git a/chart/compass/charts/director/templates/deployment.yaml b/chart/compass/charts/director/templates/deployment.yaml
@@ -42,13 +42,19 @@ spec:
           imagePullPolicy: {{ .Values.deployment.image.pullPolicy }}
           ports:
             - name: http
-              containerPort: {{ .Values.deployment.args.containerPort }}
+              containerPort: {{ .Values.global.director.graphql.external.port }}
+              protocol: TCP
+            - name: http-gql-int
+              containerPort: {{ .Values.global.director.graphql.internal.port }}
+              protocol: TCP
+            - name: http-validator
+              containerPort: {{ .Values.global.director.validator.port }}
               protocol: TCP
             - name: http-internal
               containerPort: {{ .Values.global.director.operations.port }}
               protocol: TCP
             - name: metrics
-              containerPort: {{ .Values.metrics.port }}
+              containerPort: {{ .Values.global.director.metrics.port }}
               protocol: TCP
           resources:
             {{- toYaml .Values.deployment.resources | nindent 12 }}
@@ -58,11 +64,15 @@ spec:
           {{- end }}
           env:
             - name: APP_ADDRESS
-              value: "0.0.0.0:{{ .Values.deployment.args.containerPort }}"
+              value: "0.0.0.0:{{ .Values.global.director.graphql.external.port }}"
+            - name: APP_GRAPHQL_INTERNAL_ADDRESS
+              value: "0.0.0.0:{{ .Values.global.director.graphql.internal.port }}"
+            - name: APP_HYDRATOR_ADDRESS
+              value: "0.0.0.0:{{ .Values.global.director.validator.port }}"
             - name: APP_INTERNAL_ADDRESS
               value: "0.0.0.0:{{ .Values.global.director.operations.port }}"
             - name: APP_METRICS_ADDRESS
-              value: "0.0.0.0:{{ .Values.metrics.port }}"
+              value: "0.0.0.0:{{ .Values.global.director.metrics.port }}"
             - name: APP_PLAYGROUND_API_ENDPOINT
               value: "{{ .Values.global.director.prefix }}/graphql"
             - name: APP_JWKS_ENDPOINT
@@ -101,8 +111,14 @@ spec:
               value: "{{.Values.deployment.dbPool.maxOpenConnections}}"
             - name: APP_DB_MAX_IDLE_CONNECTIONS
               value: "{{.Values.deployment.dbPool.maxIdleConnections}}"
-            - name: APP_ONE_TIME_TOKEN_URL
-              value: "http://compass-connector.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.global.connector.graphql.internal.port }}/graphql"
+            - name: APP_ONE_TIME_TOKEN_LENGTH
+              value: {{ .Values.deployment.args.token.length | quote }}
+            - name: APP_ONE_TIME_TOKEN_RUNTIME_EXPIRATION
+              value: {{ .Values.deployment.args.token.runtimeExpiration | quote }}
+            - name: APP_ONE_TIME_TOKEN_APPLICATION_EXPIRATION
+              value: {{ .Values.deployment.args.token.applicationExpiration | quote }}
+            - name: APP_ONE_TIME_TOKEN_CSR_EXPIRATION
+              value: {{ .Values.deployment.args.token.csrExpiration | quote }}
             - name: APP_URL
               value: "https://{{ .Values.global.gateway.tls.host }}.{{ .Values.global.ingress.domainName }}{{ .Values.global.director.prefix }}"
             - name: APP_CONNECTOR_URL
@@ -135,14 +151,14 @@ spec:
             {{- end }}
           livenessProbe:
             httpGet:
-              port: {{.Values.deployment.args.containerPort }}
+              port: {{ .Values.global.director.graphql.external.port }}
               path: "/healthz"
             initialDelaySeconds: {{ .Values.global.livenessProbe.initialDelaySeconds }}
             timeoutSeconds: {{ .Values.global.livenessProbe.timeoutSeconds }}
             periodSeconds: {{.Values.global.livenessProbe.periodSeconds }}
           readinessProbe:
             httpGet:
-              port: {{.Values.deployment.args.containerPort }}
+              port: {{ .Values.global.director.graphql.external.port }}
               path: "/readyz"
             initialDelaySeconds: {{ .Values.global.readinessProbe.initialDelaySeconds }}
             timeoutSeconds: {{ .Values.global.readinessProbe.timeoutSeconds }}

diff --git a/chart/compass/charts/director/templates/policy.yaml b/chart/compass/charts/director/templates/policy.yaml
@@ -8,5 +8,5 @@ spec:
     matchLabels:
       app: {{ .Chart.Name }}
   portLevelMtls:
-    {{ .Values.metrics.port }}:
+    {{ .Values.global.director.metrics.port }}:
       mode: "PERMISSIVE"
diff --git a/chart/compass/charts/director/templates/service.yaml b/chart/compass/charts/director/templates/service.yaml
@@ -9,7 +9,7 @@ metadata:
 spec:
   type: ClusterIP
   ports:
-    - port: {{ .Values.global.director.port }}
+    - port: {{ .Values.global.director.graphql.external.port }}
       protocol: TCP
       name: http
     - port: {{ .Values.global.director.operations.port }}
@@ -18,6 +18,12 @@ spec:
     - port: {{ .Values.global.istio.proxy.port }}
       protocol: TCP
       name: proxy-status
+    - port: {{ .Values.global.director.validator.port }}
+      protocol: TCP
+      name: http-validator
+    - port: {{ .Values.global.director.graphql.internal.port }}
+      protocol: TCP
+      name: http-gql-int
   selector:
     app: {{ .Chart.Name }}
     release: {{ .Release.Name }}
@@ -34,7 +40,7 @@ metadata:
 spec:
   type: ClusterIP
   ports:
-    - port: {{ .Values.metrics.port }}
+    - port: {{ .Values.global.director.metrics.port }}
       protocol: TCP
       name: metrics
   selector:

diff --git a/chart/compass/charts/director/values.yaml b/chart/compass/charts/director/values.yaml
@@ -8,7 +8,11 @@ deployment:
     requests: {}
     limits: {}
   args:
-    containerPort: 3000
+    token:
+      length: 64
+      runtimeExpiration: 60m
+      applicationExpiration: 5m
+      csrExpiration: 5m
   securityContext: # Set on container level
     runAsUser: 2000
     allowPrivilegeEscalation: false
@@ -19,9 +23,6 @@ deployment:
   strategy: {} # Read more: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
   nodeSelector: {}
 
-metrics:
-  port: 3001
-
 adminGroupNames: "mps-superadmin, runtimeAdmin, runtimeNamespaceAdmin"
 operatorGroupNames: "runtimeOperator"
 
@@ -33,4 +34,5 @@ istio:
   rbac:
     enabled: true
     directorInternalApi:
-      compassOperationsController: cluster.local/ns/{{ .Release.Namespace }}/sa/compass-operations-controller
+      compassConnector: cluster.local/ns/{{ .Release.Namespace }}/sa/compass-connector
+      compassOperationsController: cluster.local/ns/{{ .Release.Namespace }}/sa/compass-operations-controller
diff --git a/chart/compass/charts/gateway/templates/deployment.yaml b/chart/compass/charts/gateway/templates/deployment.yaml
@@ -39,7 +39,7 @@ spec:
             - name: APP_ADDRESS
               value: "0.0.0.0:{{ .Values.global.gateway.port }}"
             - name: APP_DIRECTOR_ORIGIN
-              value: "http://compass-director.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.global.director.port }}"
+              value: "http://compass-director.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.global.director.graphql.external.port }}"
             - name: APP_METRICS_ADDRESS
               value: "0.0.0.0:{{ .Values.metrics.port }}"
             - name: APP_CONNECTOR_ORIGIN

diff --git a/chart/compass/charts/ord-service/templates/tests/ord-service-test.yaml b/chart/compass/charts/ord-service/templates/tests/ord-service-test.yaml
@@ -37,13 +37,13 @@ spec:
             - name: ORD_SERVICE_STATIC_URL
               value: "https://{{ .Values.global.gateway.tls.host }}.{{ .Values.global.ingress.domainName }}{{ .Values.global.ordService.staticPrefix }}"
             - name: ORD_SERVICE_HEALTHZ_URL
-              value: "http://compass-ord-service.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.global.director.port }}/actuator/health"
+              value: "http://compass-ord-service.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.global.director.graphql.external.port }}/actuator/health"
             - name: ORD_SERVICE_DEFAULT_RESPONSE_TYPE
               value: {{ .Values.global.ordService.defaultResponseType }}
             - name: DIRECTOR_URL
               value: "https://{{ .Values.global.gateway.tls.host }}.{{ .Values.global.ingress.domainName }}{{ .Values.global.director.prefix }}"
             - name: DIRECTOR_HEALTHZ_URL
-              value: "http://compass-director.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.global.director.port }}/healthz"
+              value: "http://compass-director.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.global.director.graphql.external.port }}/healthz"
             - name: ALL_SCOPES
               value: "{{ .Values.global.director.tests.scopes }}"
             - name: USER_EMAIL

diff --git a/chart/compass/charts/system-broker/templates/tests/system-broker-test.yaml b/chart/compass/charts/system-broker/templates/tests/system-broker-test.yaml
@@ -33,7 +33,7 @@ spec:
           args: ["-c", "/system-broker.test -test.v; exit_code=$?; curl -XPOST http://127.0.0.1:15020/quitquitquit; sleep 4; exit $exit_code;"]
           env:
             - name: DIRECTOR_HEALTHZ_URL
-              value: "http://compass-director.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.global.director.port }}/healthz"
+              value: "http://compass-director.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.global.director.graphql.external.port }}/healthz"
             - name: CONNECTOR_HEALTHZ_URL
               value: "http://compass-connector.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.global.connector.graphql.external.port }}/healthz"
             - name: SYSTEM_BROKER_HEALTHZ_URL