diff --git a/src/app.ts b/src/app.ts index b0efc8ff..9ce136b6 100644 --- a/src/app.ts +++ b/src/app.ts @@ -129,9 +129,7 @@ export const getSpec = (): OtomiSpec => { return otomiSpec } export const getAppSchema = (appId: string): Schema => { - let id: string = appId - if (appId.startsWith('ingress-nginx')) id = 'ingress-nginx-platform' - return getSpec().valuesSchema.properties.apps.properties[id] + return getSpec().valuesSchema.properties.apps.properties[appId] } export const getAppList = (): string[] => { diff --git a/src/openapi/app.yaml b/src/openapi/app.yaml index 8250e377..8f5d8055 100644 --- a/src/openapi/app.yaml +++ b/src/openapi/app.yaml @@ -12,7 +12,6 @@ AppList: - gitea - grafana - harbor - - ingress-nginx - istio - keycloak - knative diff --git a/src/otomi-stack.ts b/src/otomi-stack.ts index 7381f3e4..80b873f1 100644 --- a/src/otomi-stack.ts +++ b/src/otomi-stack.ts @@ -99,6 +99,8 @@ import { EDITOR_INACTIVITY_TIMEOUT, GIT_BRANCH, GIT_EMAIL, + GIT_INIT_MAX_RETRIES, + GIT_INIT_RETRY_INTERVAL_MS, GIT_LOCAL_PATH, GIT_PASSWORD, GIT_REPO_URL, @@ -111,8 +113,6 @@ import { PREINSTALLED_EXCLUDED_APPS, TOOLS_HOST, VERSIONS, - GIT_INIT_MAX_RETRIES, - GIT_INIT_RETRY_INTERVAL_MS, } from 'src/validators' import { v4 as uuidv4 } from 'uuid' import { parse as parseYaml, stringify as stringifyYaml } from 'yaml' @@ -278,12 +278,7 @@ export default class OtomiStack { } async getAppList() { - let apps = getAppList() - apps = apps.filter((item) => item !== 'ingress-nginx') - const { ingress } = await this.getSettings() - const allClasses = ['platform'].concat(ingress?.classes?.map((obj) => obj.className as string) || []) - const ingressApps = allClasses.map((name) => `ingress-nginx-${name}`) - return apps.concat(ingressApps) + return getAppList() } async getValues(query): Promise> { @@ -607,62 +602,8 @@ export default class OtomiStack { } } - async loadIngressApps(id: string): Promise { - try { - debug(`Loading ingress apps for ${id}`) - const content = await this.git.loadConfig('env/apps/ingress-nginx.yaml', 'env/apps/secrets.ingress-nginx.yaml') - const values = content?.apps?.['ingress-nginx'] ?? {} - - const filePath = getResourceFilePath('AplApp', id) - const aplApp = toPlatformObject('AplApp', id, { enabled: true, rawValues: {}, ...values }) - this.fileStore.set(filePath, aplApp) - - debug(`Ingress app loaded for ${id}`) - } catch (error) { - debug(`Failed to load ingress apps for ${id}:`) - } - } - - async removeIngressApps(id: string): Promise { - try { - debug(`Removing ingress apps for ${id}`) - const filePath = `env/apps/${id}.yaml` - const secretsPath = `env/apps/secrets.${id}.yaml` - - this.fileStore.delete(filePath) - await this.git.removeFile(filePath) - await this.git.removeFile(secretsPath) - debug(`Ingress app removed for ${id}`) - } catch (error) { - debug(`Failed to remove ingress app for ${id}:`) - } - } - - async editIngressApps(settings: Settings, data: Settings, settingId: string): Promise { - if (settingId !== 'ingress') return - const initClasses = settings[settingId]?.classes || [] - const initClassNames = initClasses.map((obj) => obj.className) - const dataClasses = data[settingId]?.classes || [] - const dataClassNames = dataClasses.map((obj) => obj.className) - // Ingress app addition - for (const ingressClass of dataClasses) { - if (!initClassNames.includes(ingressClass.className)) { - const id = `ingress-nginx-${ingressClass.className}` - await this.loadIngressApps(id) - } - } - // Ingress app deletion - for (const ingressClass of initClasses) { - if (!dataClassNames.includes(ingressClass.className)) { - const id = `ingress-nginx-${ingressClass.className}` - await this.removeIngressApps(id) - } - } - } - async editSettings(data: Settings, settingId: string): Promise { const settings = await this.getSettings() - await this.editIngressApps(settings, data, settingId) const updatedSettingsData: any = { ...data } if (settingId === 'otomi') { // convert otomi.nodeSelector to object diff --git a/src/validators.ts b/src/validators.ts index 0f305dc5..51b50eea 100644 --- a/src/validators.ts +++ b/src/validators.ts @@ -93,7 +93,7 @@ export const PREINSTALLED_EXCLUDED_APPS = json({ export const HIDDEN_APPS = json({ desc: 'Applications that are hidden from the apps page', default: { - apps: ['ingress-nginx-platform'], + apps: [], }, }) export const OBJ_STORAGE_APPS = json({ diff --git a/test/apps.yaml b/test/apps.yaml index fdf0327c..27471f24 100644 --- a/test/apps.yaml +++ b/test/apps.yaml @@ -85,16 +85,6 @@ appsInfo: dependencies: None about: Harbor is an open source trusted cloud native registry project that stores, signs, and scans content. Harbor extends the open source Docker Distribution by adding the functionalities usually required by users such as security, identity and management. Having a registry closer to the build and run environment can improve the image transfer efficiency. Harbor supports replication of images between registries, and also offers advanced security features such as user management, access control and activity auditing. integration: Harbor can be enabled to provide each team with a private registry. Harbor has been made user and tenant aware. APL runs automated tasks that take care of creating a project in Harbor for each team, creating a bot-account for each team, and creating a Kubernetes pull secret in the team namespace to enable pulling of images out of the local registry. - ingress-nginx: - title: Ingress-NGINX - appVersion: 1.13.1 - repo: https://github.com/kubernetes/ingress-nginx - maintainers: NGINX - relatedLinks: - - https://docs.nginx.com/nginx-ingress-controller - license: Apache 2.0 - about: ingress-nginx is an Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer. - integration: APL integrated ingress-nginx into an advanced ingress architecture. istio: title: Istio appVersion: 1.26.3 diff --git a/test/core.yaml b/test/core.yaml index 9023df3c..478b3abe 100644 --- a/test/core.yaml +++ b/test/core.yaml @@ -19,6 +19,7 @@ k8s: app: harbor - name: apl-harbor-operator disableIstioInjection: true + - name: git-server - name: gitea - name: apl-gitea-operator disableIstioInjection: true @@ -28,14 +29,6 @@ k8s: app: grafana - name: istio-system disableIstioInjection: true - labels: - 'apl.io/ingress-controller-scope': 'true' - - name: ingress - # disabling istio sidecar as it does not preserve client ip (yet) - # TODO: enable once it does - disableIstioInjection: true - labels: - 'apl.io/ingress-controller-scope': 'true' - name: keycloak - name: apl-keycloak-operator disableIstioInjection: true @@ -58,6 +51,8 @@ k8s: - name: kyverno app: kyverno disableIstioInjection: true + - name: tekton-dashboard + app: tekton-pipelines - name: tekton-pipelines disableIstioInjection: true disablePolicyChecks: true @@ -87,6 +82,11 @@ k8s: disablePolicyChecks: true - name: sealed-secrets app: sealed-secrets + - name: external-secrets + app: external-secrets + disableIstioInjection: true + - name: apl-secrets + disableIstioInjection: true - name: policy-reporter app: policy-reporter disablePolicyChecks: true @@ -97,22 +97,10 @@ adminApps: tags: [alerting, observability] deps: [prometheus] ownHost: true - ingress: - - svc: po-alertmanager - namespace: monitoring - # namespace: alertmanager - port: 9093 - type: public - auth: true - name: argocd tags: [cicd, gitops] isShared: true ownHost: true - ingress: - - svc: argocd-server - namespace: argocd - type: public - auth: true - name: cert-manager tags: [ingress, security, tls] - name: cnpg @@ -121,12 +109,6 @@ adminApps: tags: [tty] isShared: true ownHost: true - ingress: - - svc: tty - # virtual service is not going to be used. - namespace: ingress - type: public - auth: true - name: external-dns tags: [ingress, security, tls] - name: gitea @@ -134,61 +116,24 @@ adminApps: isShared: true ownHost: true path: /user/oauth2/otomi-idp - ingress: - - namespace: gitea - svc: gitea-http - port: 3000 - type: public - name: grafana tags: [tracing, telemetry, observability] deps: [prometheus] path: /dashboards ownHost: true - ingress: - - svc: po-grafana - namespace: grafana - removeRequestHeaders: - - authorization - type: public - auth: true - name: harbor tags: [security] isShared: true ownHost: true - ingress: - - svc: harbor-portal - namespace: harbor - type: public - auth: true - - svc: harbor-core - namespace: harbor - paths: [/api/, /c/] - forwardPath: true - type: public - auth: true - - svc: harbor-core - namespace: harbor - paths: [/chartrepo/, /service/, /v1/, /v2/] - forwardPath: true - type: public - hasOwnIngress: true - name: hello hide: true tags: [demo] - - name: ingress-nginx - tags: [ingress, auth] - name: istio tags: [ingress, egress, routing, security, tls, observability, policies] - name: keycloak path: /admin/otomi/console/ tags: [auth, sso] - # isShared: true ownHost: true - ingress: - - namespace: keycloak - svc: keycloak-keycloakx-http - type: public - port: 8080 - name: knative tags: [serverless, functions] deps: [istio] @@ -196,26 +141,12 @@ adminApps: tags: [ai, ml] ownHost: true isShared: true - ingress: - - svc: ml-pipeline-ui - namespace: kfp - port: 80 - type: public - auth: true - name: kserve tags: [ai] - name: tekton tags: [buildpacks, ci, pipelines] ownHost: true path: /#/namespaces/team-admin/pipelineruns - ingress: - - svc: tekton-dashboard - namespace: tekton-pipelines - port: 9097 - type: public - auth: true - removeRequestHeaders: - - authorization - name: loki tags: [logging, telemetry, observability] deps: [grafana, prometheus, otel] @@ -225,37 +156,13 @@ adminApps: hide: true isShared: true ownHost: true - ingress: - - svc: otomi-api - namespace: otomi - paths: [/api/] - type: public - auth: true - - svc: otomi-console - namespace: otomi - type: public - auth: true - name: api # Used by any client that do not support cookies hide: true isShared: true ownHost: true - ingress: - - svc: otomi-api - namespace: otomi - type: public - # RequestAuthentication and AuthorizationPolicy ensure Authorization header validation - auth: false - - name: prometheus tags: [metrics, observability] ownHost: true - ingress: - - svc: po-prometheus - port: 9090 - namespace: monitoring - # namespace: prometheus - type: public - auth: true - name: sealed-secrets tags: [secrets, security, observability] ownHost: true @@ -273,33 +180,11 @@ teamApps: - name: alertmanager ownHost: true path: /#/alerts?silenced=false&inhibited=false&active=true&filter=%7Bnamespace%3D"team-#TEAM#"%7D - ingress: - - svc: po-alertmanager - hasPrefix: true - port: 9093 - type: public - auth: true - name: grafana ownHost: true path: /dashboards - ingress: - - svc: po-grafana - hasPrefix: true - forwardPath: true - removeRequestHeaders: - - authorization - type: public - auth: true - name: loki useHost: grafana path: /explore?orgId=1&left=%7B"datasource":"loki","queries":%5B%7B"refId":"A","expr":"","queryType":"range","datasource":%7B"type":"loki","uid":"loki"%7D%7D%5D,"range":%7B"from":"now-1h","to":"now"%7D%7D - name: tekton ownHost: true - ingress: - - svc: tekton-dashboard - hasPrefix: true - port: 9097 - type: public - auth: true - removeRequestHeaders: - - authorization diff --git a/test/env/teams/apps.admin.yaml b/test/env/teams/apps.admin.yaml index 8affc6bd..12cfd43a 100644 --- a/test/env/teams/apps.admin.yaml +++ b/test/env/teams/apps.admin.yaml @@ -9,7 +9,6 @@ teamConfig: gitea: {} grafana: {} harbor: {} - ingress-nginx: {} istio: {} keycloak: {} knative: {}