From 7830e2b35e2b9187e62e32c73981bbc550c7e64e Mon Sep 17 00:00:00 2001
From: Martin Weise <martin.weise@tuwien.ac.at>
Date: Sun, 2 Feb 2025 17:58:37 +0100
Subject: [PATCH] Use gateway
Signed-off-by: Martin Weise <martin.weise@tuwien.ac.at>
---
dbrepo-gateway-service/dbrepo.conf | 24 +++++++++++++++
dbrepo-ui/nuxt.config.ts | 32 ++++++++++----------
docker-compose.yml | 2 +-
helm/dbrepo/templates/gateway-configmap.yaml | 18 +++++++++++
helm/dbrepo/templates/ui-secret.yaml | 5 +++
helm/dbrepo/values.yaml | 20 ++++++------
6 files changed, 75 insertions(+), 26 deletions(-)
diff --git a/dbrepo-gateway-service/dbrepo.conf b/dbrepo-gateway-service/dbrepo.conf
index fd66cf805e..68778de757 100644
--- a/dbrepo-gateway-service/dbrepo.conf
+++ b/dbrepo-gateway-service/dbrepo.conf
@@ -40,6 +40,10 @@ upstream dashboard-service {
server dashboard-service:3000;
}
+upstream auth-service {
+ server auth-service:8080;
+}
+
server {
listen 8080 default_server;
server_name _;
@@ -67,6 +71,26 @@ server {
proxy_read_timeout 90;
}
+ # Proxy Keycloak OIDC connections, c.f. https://www.keycloak.org/server/reverseproxy#_exposed_path_recommendations
+ location /realms {
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_pass http://auth-service;
+ proxy_read_timeout 90;
+ }
+
+ # Proxy Keycloak assets, c.f. https://www.keycloak.org/server/reverseproxy#_exposed_path_recommendations
+ location /resources {
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_pass http://auth-service;
+ proxy_read_timeout 90;
+ }
+
location /api/search {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
diff --git a/dbrepo-ui/nuxt.config.ts b/dbrepo-ui/nuxt.config.ts
index 0f2099a387..92403e293a 100644
--- a/dbrepo-ui/nuxt.config.ts
+++ b/dbrepo-ui/nuxt.config.ts
@@ -3,19 +3,19 @@ import vuetify from 'vite-plugin-vuetify'
const proxy: any = {}
-// /* proxies the backend calls, >>NOT<< the frontend calls (clicking) */
-// if (process.env.NODE_ENV === 'development') {
-// const api = 'http://localhost'
-// proxy['/api'] = api
-// proxy['/pid'] = {
-// target: api + '/api',
-// changeOrigin: true,
-// pathRewrite: {
-// '^/pid': '/pid'
-// }
-// }
-// process.env.NUXT_PUBLIC_API_SERVER = api
-// }
+/* proxies the backend calls, >>NOT<< the frontend calls */
+if (process.env.NODE_ENV === 'development') {
+ const api = 'http://localhost'
+ proxy['/api'] = api
+ proxy['/pid'] = {
+ target: api + '/api',
+ changeOrigin: true,
+ pathRewrite: {
+ '^/pid': '/pid'
+ }
+ }
+ process.env.NUXT_PUBLIC_API_SERVER = api
+}
/**
* https://nuxt.com/docs/guide/concepts/rendering#hybrid-rendering
@@ -111,15 +111,15 @@ export default defineNuxtConfig({
providers: {
keycloak: {
audience: 'account',
- baseUrl: 'http://localhost:8080/realms/dbrepo',
+ baseUrl: 'http://localhost/realms/dbrepo',
clientId: 'dbrepo-client',
clientSecret: '', // inject on runtime
scope: ['openid', 'roles'],
optionalClaims: ['realm_access'],
- redirectUri: 'http://localhost:3001/auth/keycloak/callback',
+ redirectUri: 'http://localhost/auth/keycloak/callback',
userNameClaim: 'preferred_username',
exposeAccessToken: true,
- logoutRedirectUri: 'http://localhost:3001',
+ logoutRedirectUri: 'http://localhost',
},
},
middleware: {
diff --git a/docker-compose.yml b/docker-compose.yml
index ed0f7e26c0..25e0b39733 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -335,7 +335,7 @@ services:
NUXT_PUBLIC_API_CLIENT: "${BASE_URL:-http://localhost}"
NUXT_PUBLIC_API_SERVER: "${BASE_URL:-http://gateway-service}"
NUXT_PUBLIC_UPLOAD_CLIENT: "${BASE_URL:-http://localhost}/api/upload/files"
- NUXT_OIDC_PROVIDERS_KEYCLOAK_BASE_URL: "${BASE_URL:-http://localhost:8080}/realms/dbrepo"
+ NUXT_OIDC_PROVIDERS_KEYCLOAK_BASE_URL: "${BASE_URL:-http://localhost}/realms/dbrepo"
NUXT_OIDC_PROVIDERS_KEYCLOAK_CLIENT_ID: "${AUTH_SERVICE_CLIENT:-dbrepo-client}"
NUXT_OIDC_PROVIDERS_KEYCLOAK_CLIENT_SECRET: "${AUTH_SERVICE_CLIENT:-MUwRc7yfXSJwX8AdRMWaQC3Nep1VjwgG}"
NUXT_OIDC_PROVIDERS_KEYCLOAK_REDIRECT_URI: "${BASE_URL:-http://localhost}/auth/keycloak/callback"
diff --git a/helm/dbrepo/templates/gateway-configmap.yaml b/helm/dbrepo/templates/gateway-configmap.yaml
index aa314d3c65..66a8bc945a 100644
--- a/helm/dbrepo/templates/gateway-configmap.yaml
+++ b/helm/dbrepo/templates/gateway-configmap.yaml
@@ -39,6 +39,24 @@ data:
proxy_read_timeout 90;
}
+ location /realms {
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_pass http://auth-service;
+ proxy_read_timeout 90;
+ }
+
+ location /resources {
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_pass http://auth-service;
+ proxy_read_timeout 90;
+ }
+
location /api/search {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
diff --git a/helm/dbrepo/templates/ui-secret.yaml b/helm/dbrepo/templates/ui-secret.yaml
index 5620e7b2da..bab14fce20 100644
--- a/helm/dbrepo/templates/ui-secret.yaml
+++ b/helm/dbrepo/templates/ui-secret.yaml
@@ -22,4 +22,9 @@ stringData:
NUXT_PUBLIC_PID_DEFAULT_PUBLISHER: "{{ .Values.ui.public.pid.default.publisher }}"
NUXT_PUBLIC_UPLOAD_CLIENT: "{{ .Values.ui.public.upload.client | default $uploadEndpoint }}"
NUXT_PUBLIC_BROKER_CONNECTIONS: "{{ include "dbrepo.broker.connections" . }}"
+ NUXT_OIDC_PROVIDERS_KEYCLOAK_BASE_URL: "{{ .Values.gateway }}/api/auth/realms/dbrepo"
+ NUXT_OIDC_PROVIDERS_KEYCLOAK_CLIENT_ID: "{{ .Values.authservice.client.id }}"
+ NUXT_OIDC_PROVIDERS_KEYCLOAK_CLIENT_SECRET: "{{ .Values.authservice.client.secret }}"
+ NUXT_OIDC_PROVIDERS_KEYCLOAK_REDIRECT_URI: "{{ .Values.gateway }}/auth/keycloak/callback"
+ NUXT_OIDC_PROVIDERS_KEYCLOAK_LOGOUT_REDIRECT_URI: "{{ .Values.gateway }}"
{{- end }}
diff --git a/helm/dbrepo/values.yaml b/helm/dbrepo/values.yaml
index 626aea471b..cd2de433e2 100644
--- a/helm/dbrepo/values.yaml
+++ b/helm/dbrepo/values.yaml
@@ -585,15 +585,17 @@ dataservice:
## @param dataservice.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
type: "RuntimeDefault"
## @param dataservice.resourcesPreset The container resource preset
- resourcesPreset: "large"
+ resourcesPreset: ""
## @param dataservice.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
- resources: { }
- ## requests:
- ## cpu: 250m
- ## memory: 64Mi
- ## limits:
- ## cpu: 500m
- ## memory: 1024Mi
+ resources:
+ requests:
+ cpu: 500m
+ memory: 1024Mi
+ ephemeral-storage: 50Mi
+ limits:
+ cpu: 1.0
+ memory: 3072Mi
+ ephemeral-storage: 2Gi
## @skip dataservice.resources
grant:
## @param dataservice.grant.read The default database permissions for users with read access.
@@ -1054,7 +1056,7 @@ gatewayservice:
computeservice:
## @param computeservice.endpoint Configure the number of parallel workers with local[n]
- endpoint: local[2]
+ endpoint: local[1]
## @section Ingress
--
GitLab