Use gateway

Signed-off-by: Martin Weise <martin.weise@tuwien.ac.at>

Use gateway
7830e2b3 · Martin Weise · 558a3afa · 7830e2b3 · 7830e2b3 · 7830e2b3
Verified Commit 7830e2b3 authored 4 months ago by Martin Weise
--- a/dbrepo-gateway-service/dbrepo.conf
+++ b/dbrepo-gateway-service/dbrepo.conf
@@ -40,6 +40,10 @@ upstream dashboard-service {
    server dashboard-service:3000;
 }

+upstream auth-service {
+    server auth-service:8080;
+}
+
 server {
    listen 8080 default_server;
    server_name _;
@@ -67,6 +71,26 @@ server {
        proxy_read_timeout      90;
    }

+    # Proxy Keycloak OIDC connections, c.f. https://www.keycloak.org/server/reverseproxy#_exposed_path_recommendations
+    location /realms {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://auth-service;
+        proxy_read_timeout      90;
+    }
+
+    # Proxy Keycloak assets, c.f. https://www.keycloak.org/server/reverseproxy#_exposed_path_recommendations
+    location /resources {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://auth-service;
+        proxy_read_timeout      90;
+    }
+
    location /api/search {
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;

--- a/dbrepo-ui/nuxt.config.ts
+++ b/dbrepo-ui/nuxt.config.ts
@@ -3,19 +3,19 @@ import vuetify from 'vite-plugin-vuetify'

 const proxy: any = {}

-// /* proxies the backend calls, >>NOT<< the frontend calls (clicking) */
-// if (process.env.NODE_ENV === 'development') {
-//   const api = 'http://localhost'
-//   proxy['/api'] = api
-//   proxy['/pid'] = {
-//     target: api + '/api',
-//     changeOrigin: true,
-//     pathRewrite: {
-//       '^/pid': '/pid'
-//     }
-//   }
-//   process.env.NUXT_PUBLIC_API_SERVER = api
-// }
+/* proxies the backend calls, >>NOT<< the frontend calls */
+if (process.env.NODE_ENV === 'development') {
+  const api = 'http://localhost'
+  proxy['/api'] = api
+  proxy['/pid'] = {
+    target: api + '/api',
+    changeOrigin: true,
+    pathRewrite: {
+      '^/pid': '/pid'
+    }
+  }
+  process.env.NUXT_PUBLIC_API_SERVER = api
+}

 /**
 * https://nuxt.com/docs/guide/concepts/rendering#hybrid-rendering
@@ -111,15 +111,15 @@ export default defineNuxtConfig({
    providers: {
      keycloak: {
        audience: 'account',
-        baseUrl: 'http://localhost:8080/realms/dbrepo',
+        baseUrl: 'http://localhost/realms/dbrepo',
        clientId: 'dbrepo-client',
        clientSecret: '', // inject on runtime
        scope: ['openid', 'roles'],
        optionalClaims: ['realm_access'],
-        redirectUri: 'http://localhost:3001/auth/keycloak/callback',
+        redirectUri: 'http://localhost/auth/keycloak/callback',
        userNameClaim: 'preferred_username',
        exposeAccessToken: true,
-        logoutRedirectUri: 'http://localhost:3001',
+        logoutRedirectUri: 'http://localhost',
      },
    },
    middleware: {

--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -335,7 +335,7 @@ services:
      NUXT_PUBLIC_API_CLIENT: "${BASE_URL:-http://localhost}"
      NUXT_PUBLIC_API_SERVER: "${BASE_URL:-http://gateway-service}"
      NUXT_PUBLIC_UPLOAD_CLIENT: "${BASE_URL:-http://localhost}/api/upload/files"
-      NUXT_OIDC_PROVIDERS_KEYCLOAK_BASE_URL: "${BASE_URL:-http://localhost:8080}/realms/dbrepo"
+      NUXT_OIDC_PROVIDERS_KEYCLOAK_BASE_URL: "${BASE_URL:-http://localhost}/realms/dbrepo"
      NUXT_OIDC_PROVIDERS_KEYCLOAK_CLIENT_ID: "${AUTH_SERVICE_CLIENT:-dbrepo-client}"
      NUXT_OIDC_PROVIDERS_KEYCLOAK_CLIENT_SECRET: "${AUTH_SERVICE_CLIENT:-MUwRc7yfXSJwX8AdRMWaQC3Nep1VjwgG}"
      NUXT_OIDC_PROVIDERS_KEYCLOAK_REDIRECT_URI: "${BASE_URL:-http://localhost}/auth/keycloak/callback"

--- a/helm/dbrepo/templates/gateway-configmap.yaml
+++ b/helm/dbrepo/templates/gateway-configmap.yaml
@@ -39,6 +39,24 @@ data:
            proxy_read_timeout      90;
        }

+        location /realms {
+            proxy_set_header        Host $host;
+            proxy_set_header        X-Real-IP $remote_addr;
+            proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header        X-Forwarded-Proto $scheme;
+            proxy_pass              http://auth-service;
+            proxy_read_timeout      90;
+        }
+
+        location /resources {
+            proxy_set_header        Host $host;
+            proxy_set_header        X-Real-IP $remote_addr;
+            proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header        X-Forwarded-Proto $scheme;
+            proxy_pass              http://auth-service;
+            proxy_read_timeout      90;
+        }
+
        location /api/search {
            proxy_set_header        Host $host;
            proxy_set_header        X-Real-IP $remote_addr;

--- a/helm/dbrepo/templates/ui-secret.yaml
+++ b/helm/dbrepo/templates/ui-secret.yaml
@@ -22,4 +22,9 @@ stringData:
  NUXT_PUBLIC_PID_DEFAULT_PUBLISHER: "{{ .Values.ui.public.pid.default.publisher }}"
  NUXT_PUBLIC_UPLOAD_CLIENT: "{{ .Values.ui.public.upload.client | default $uploadEndpoint }}"
  NUXT_PUBLIC_BROKER_CONNECTIONS: "{{ include "dbrepo.broker.connections" . }}"
+  NUXT_OIDC_PROVIDERS_KEYCLOAK_BASE_URL: "{{ .Values.gateway }}/api/auth/realms/dbrepo"
+  NUXT_OIDC_PROVIDERS_KEYCLOAK_CLIENT_ID: "{{ .Values.authservice.client.id }}"
+  NUXT_OIDC_PROVIDERS_KEYCLOAK_CLIENT_SECRET: "{{ .Values.authservice.client.secret }}"
+  NUXT_OIDC_PROVIDERS_KEYCLOAK_REDIRECT_URI: "{{ .Values.gateway }}/auth/keycloak/callback"
+  NUXT_OIDC_PROVIDERS_KEYCLOAK_LOGOUT_REDIRECT_URI: "{{ .Values.gateway }}"
 {{- end }}
--- a/helm/dbrepo/values.yaml
+++ b/helm/dbrepo/values.yaml
@@ -585,15 +585,17 @@ dataservice:
      ## @param dataservice.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
      type: "RuntimeDefault"
  ## @param dataservice.resourcesPreset The container resource preset
-  resourcesPreset: "large"
+  resourcesPreset: ""
  ## @param dataservice.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
-  resources: { }
-  ##   requests:
-  ##     cpu: 250m
-  ##     memory: 64Mi
-  ##   limits:
-  ##     cpu: 500m
-  ##     memory: 1024Mi
+  resources:
+    requests:
+      cpu: 500m
+      memory: 1024Mi
+      ephemeral-storage: 50Mi
+    limits:
+      cpu: 1.0
+      memory: 3072Mi
+      ephemeral-storage: 2Gi
  ## @skip dataservice.resources
  grant:
    ## @param dataservice.grant.read The default database permissions for users with read access.
@@ -1054,7 +1056,7 @@ gatewayservice:

 computeservice:
  ## @param computeservice.endpoint Configure the number of parallel workers with local[n]
-  endpoint: local[2]
+  endpoint: local[1]

 ## @section Ingress