diff --git a/charts/content-service/Chart.yaml b/charts/content-service/Chart.yaml index 6f288a45c7af259b090406824ecf8414dffc92a2..2a0d14d44f21e868acfeb5430b85087899a72a8a 100644 --- a/charts/content-service/Chart.yaml +++ b/charts/content-service/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "1.0" description: Deployment of Nynja content service. name: content-service -version: 0.1.0 +version: 0.2.2 diff --git a/charts/content-service/templates/authentication-policy.yaml b/charts/content-service/templates/authentication-policy.yaml index be24b2761505dcf8d844cb2d50063d0976dad0a7..8eeab4354111a17aa7f912c7988ca8e28844bb1a 100644 --- a/charts/content-service/templates/authentication-policy.yaml +++ b/charts/content-service/templates/authentication-policy.yaml @@ -12,8 +12,8 @@ spec: - name: {{ template "service.name" . }} origins: - jwt: - issuer: https://auth.nynja.biz/ - jwksUri: http://auth-service.auth.svc.cluster.local:8008/keys/public + issuer: {{ .Values.jwt.issuer | quote }} + jwksUri: {{ .Values.jwt.jwksUri | quote }} trigger_rules: - excluded_paths: - exact: /actuator/health diff --git a/charts/content-service/templates/content-gcs-sealedsecret.yaml b/charts/content-service/templates/content-gcs-sealedsecret.yaml new file mode 100644 index 0000000000000000000000000000000000000000..9bc9b0f34a5bff881b4398f3dd6cb9b5354d94b8 --- /dev/null +++ b/charts/content-service/templates/content-gcs-sealedsecret.yaml @@ -0,0 +1,14 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + name: {{ template "service.fullname" . }}-gcs-sealedsecret + labels: + app: {{ template "service.name" . }} + chart: {{ template "service.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +spec: + encryptedData: + credentials.json: {{ .Values.sealedSecret.google.serviceAccount | quote }} + sign_url_key: {{ .Values.sealedSecret.google.signUrlKey | quote }} \ No newline at end of file diff --git a/charts/content-service/templates/content-token-sealedsecret.yaml b/charts/content-service/templates/content-token-sealedsecret.yaml new file mode 100644 index 0000000000000000000000000000000000000000..a759ef2ee555236d62145d84e6775a0197ee325c --- /dev/null +++ b/charts/content-service/templates/content-token-sealedsecret.yaml @@ -0,0 +1,13 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + name: {{ template "service.fullname" . }}-token-sealedsecret + labels: + app: {{ template "service.name" . }} + chart: {{ template "service.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +spec: + encryptedData: + token_encryptdecrypt_key: {{ .Values.sealedSecret.token.encryptDecryptKey | quote }} \ No newline at end of file diff --git a/charts/content-service/templates/cronjob.yaml b/charts/content-service/templates/cronjob.yaml index 9c7e037938000b38f8c2246cc5198354a7b0ea0c..211ca81f7b1353a815eda856300c7a68c22cd656 100644 --- a/charts/content-service/templates/cronjob.yaml +++ b/charts/content-service/templates/cronjob.yaml @@ -8,7 +8,7 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: - schedule: "0 3 * * *" + schedule: {{ .Values.db_cleanup_schedule | quote }} failedJobsHistoryLimit: 5 successfulJobsHistoryLimit: 3 jobTemplate: diff --git a/charts/content-service/templates/deployment.yaml b/charts/content-service/templates/deployment.yaml index 7faf0279e0bb3cdc5e2aee0c4b299b4776af6b31..87dd92f31de06dfa679b8cfc1987f9f89077499a 100644 --- a/charts/content-service/templates/deployment.yaml +++ b/charts/content-service/templates/deployment.yaml @@ -58,19 +58,49 @@ spec: value: {{ .Values.ports.containerPort.http | quote }} - name: GRPC_SERVER_PORT value: {{ .Values.ports.containerPort.grpc | quote }} + ## Cassandra Config + - name: CASSANDRA_KEYSPACE + value: {{ .Values.cassandra.keyspace-name | quote }} + - name: CASSANDRA_CONTACT_POINTS + value: {{ .Values.cassandra.contact-points | quote }} + - name: CASSANDRA_PORT + value: {{ .Values.cassandra.port | quote }} + - name: CASSANDRA_KEYSPACE_REPLICATION + value: {{ .Values.cassandra.replication | quote }} +## Extra variables {{ if .Values.extra_vars -}} {{ toYaml .Values.extra_vars | indent 8 }} {{- end -}} + + #- name: GOOGLE_APPLICATION_CREDENTIALS + # value: "/etc/secrets/google/credentials.json" + + ## SIGN_URL_KEY - name: SIGN_URL_KEY valueFrom: secretKeyRef: - name: content-service-gcloud + name: {{ template "service.fullname" . }}-gcs-sealedsecret key: sign_url_key + ## TOKEN_ENCRYPTDECRYPT_KEY + - name: TOKEN_ENCRYPTDECRYPT_KEY + valueFrom: + secretKeyRef: + name: {{ template "service.fullname" . }}-token-sealedsecret + key: token_encryptdecrypt_key + ## GOOGLE_SERVICE_ACCOUNT_PATH volumeMounts: - - name: service-account-gcloud + - name: google-service-account mountPath: /opt/nynja/config resources: {{ toYaml .Values.resources | indent 12 }} + ## GOOGLE_SERVICE_ACCOUNT_PATH + volumes: + - name: google-service-account + secret: + secretName: {{ template "service.fullname" . }}-gcs-sealedsecret + items: + - key: credentials.json + path: credentials.json {{- with .Values.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} @@ -83,11 +113,3 @@ spec: tolerations: {{ toYaml . | indent 8 }} {{- end }} - - volumes: - - name: service-account-gcloud - secret: - secretName: content-service-gcloud - items: - - key: application-credentials.json - path: application-credentials.json diff --git a/charts/content-service/templates/envoy-grpc-web.yaml b/charts/content-service/templates/envoy-grpc-web.yaml index d6ddbd625a6a99383f0215557083c52a3f784494..eeef84027b5bf830dd78ca929bd166c50cb0bd28 100644 --- a/charts/content-service/templates/envoy-grpc-web.yaml +++ b/charts/content-service/templates/envoy-grpc-web.yaml @@ -12,7 +12,7 @@ spec: app: {{ template "service.name" . }} filters: - listenerMatch: - portNumber: 6563 + portNumber: {{ .Values.ports.containerPort.grpc }} listenerType: SIDECAR_INBOUND filterName: envoy.grpc_web filterType: HTTP diff --git a/charts/content-service/templates/secret.yaml b/charts/content-service/templates/secret.yaml deleted file mode 100644 index fae7bd290e521e9bd3dd58a359f417098d2d669a..0000000000000000000000000000000000000000 --- a/charts/content-service/templates/secret.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{ if and .Values.sign_url_key .Values.account_service -}} ---- -apiVersion: v1 -kind: Secret -metadata: - name: content-service-gcloud - namespace: content -data: - sign_url_key: {{ .Values.sign_url_key | b64enc }} - application-credentials.json: {{ .Values.account_service }} -{{- end -}} diff --git a/charts/content-service/values.yaml b/charts/content-service/values.yaml index dc61f6f15ff1647113f264a53c511f84a4e56572..df42ac658b9bf330af4eaac7487405395989d373 100644 --- a/charts/content-service/values.yaml +++ b/charts/content-service/values.yaml @@ -23,6 +23,12 @@ ports: http: grpc: +cassandra: + keyspace-name: "content" + contact-points: "cassandra.cassandra.svc.cluster.local" + port: "9042" + replication: "3" + nodeSelector: {} tolerations: [] @@ -37,15 +43,67 @@ corsPolicy: maxAge: extra_vars: + - name: TOKEN_TIME_TO_LIVE + value: "36000" + - name: MAX_FILE_SIZE + value: "1610612736" + - name: TOKEN_MAX_UPLOAD_RETRIES + value: "3" + - name: MEDIA-TYPES_TEXT + value: "doc, docx, odt, rtf, txt" + - name: MEDIA-TYPES_AUDIO + value: "mp3, wav, wma" + - name: MEDIA-TYPES_VIDEO + value: "avi, mov, mp4, mpg, wmv" + - name: MEDIA-TYPES_IMAGE + value: "bmp, gif, jpg, png, svg" + - name: MEDIA-TYPES_PAGE-LAYOUT + value: "pdf" + - name: MEDIA-TYPES_SPREADSHEET + value: "xls, xlsx" + - name: MEDIA-TYPES_COMPRESSED + value: "7z, zip" + - name: MEDIA-TYPES_DATA + value: "csv, ppt, pptx" - name: FILE_UPLOAD_URL - value: https://content.dev-eu.nynja.net/file/upload + value: "https://content.dev-eu.nynja.net/file/upload" + - name: FILE_UPLOAD_JOB_TTL + value: "1" - name: FILE_DOWNLOAD_URL - value: https://content.dev-eu.nynja.net/file/download/ + value: "https://content.dev-eu.nynja.net/file/download/" + - name: STORAGE_PROVIDER + value: "GOOGLE" - name: LOCAL_STORAGE_LOCATION - value: /src/main/resources + value: "/opt/nynja/" - name: GOOGLE_STORAGE_URI - value: https://storage.googleapis.com + value: "https://storage.googleapis.com" - name: GOOGLE_STORAGE_BUCKET - value: content-service-dev - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /opt/nynja/application-credentials.json + value: "content-service-storage-dev-uw1" + - name: GOOGLE_UPLOAD_CHUNK_SIZE + value: "262144" + - name: GOOGLE_SERVICE_ACCOUNT_PATH + value: "/opt/nynja/config/credentials.json" + - name: SIGN_URL_KEY_NAME + value: "content-cdn-dev-uw1-lb-sign-key2" + - name: SIGN_URL_TTL + value: "3600" + - name: SIGN_URL_CDN_URI + value: "https://content-cdn.dev.nynja.net" + #- name: GOOGLE_APPLICATION_CREDENTIALS + # value: /opt/nynja/application-credentials.json + +google_api_hosts: + +db_cleanup_schedule: "0 3 * * *" + +jwt: + issuer: "https://auth.nynja.biz/" + jwksUri: "http://auth-service.auth.svc.cluster.local:8008/keys/public" + + +sealedSecret: + google: + serviceAccount: "" + signUrlKey: "" + token: + encryptDecryptKey: "" diff --git a/releases/dev/content-service.yaml b/releases/dev/content-service.yaml index 8f69cb892545fbd3973ce92ce7c8b79a81c54156..5a8331e0d4fdc3c6c3e4d140ccf41f15059234e8 100644 --- a/releases/dev/content-service.yaml +++ b/releases/dev/content-service.yaml @@ -8,7 +8,7 @@ spec: chart: repository: https://nynjagroup.jfrog.io/nynjagroup/helm/ name: content-service - version: 0.1.0 + version: 0.2.2 values: replicaCount: 1 @@ -32,9 +32,15 @@ spec: ports: containerPort: - http: 8001 - grpc: 6563 + http: 8000 + grpc: 6565 + cassandra: + keyspace-name: "content" + contact-points: "cassandra.cassandra.svc.cluster.local" + port: "9042" + replication: "3" + # CORS policy corsPolicy: allowOrigin: @@ -47,6 +53,9 @@ spec: - https://web.dev.nynja.net - https://web.staging.nynja.net - https://web.nynja.net + - https://desktop.dev.nynja.net + - https://desktop.staging.nynja.net + - https://desktop.nynja.net allowMethods: - POST - GET @@ -57,33 +66,74 @@ spec: - x-grpc-web maxAge: "600s" - google_api_hosts: - - www.googleapis.com - - accounts.google.com - - oauth2.googleapis.com - - storage.googleapis.com + # Allow Egress traffic to Google API extra_vars: + - name: TOKEN_TIME_TO_LIVE + value: "36000" + - name: MAX_FILE_SIZE + value: "1610612736" + - name: TOKEN_MAX_UPLOAD_RETRIES + value: "3" + - name: MEDIA-TYPES_TEXT + value: "doc, docx, odt, rtf, txt" + - name: MEDIA-TYPES_AUDIO + value: "mp3, wav, wma" + - name: MEDIA-TYPES_VIDEO + value: "avi, mov, mp4, mpg, wmv" + - name: MEDIA-TYPES_IMAGE + value: "bmp, gif, jpg, png, svg" + - name: MEDIA-TYPES_PAGE-LAYOUT + value: "pdf" + - name: MEDIA-TYPES_SPREADSHEET + value: "xls, xlsx" + - name: MEDIA-TYPES_COMPRESSED + value: "7z, zip" + - name: MEDIA-TYPES_DATA + value: "csv, ppt, pptx" - name: FILE_UPLOAD_URL - value: https://content.dev.nynja.net/rest/file/upload/ + value: "https://content.dev.nynja.net/file/upload" + - name: FILE_UPLOAD_JOB_TTL + value: "1" - name: FILE_DOWNLOAD_URL - value: https://content.dev.nynja.net/rest/file/download/ + value: "https://content.dev.nynja.net/file/download/" + - name: STORAGE_PROVIDER + value: "GOOGLE" - name: LOCAL_STORAGE_LOCATION value: "/opt/nynja/" - name: GOOGLE_STORAGE_URI value: "https://storage.googleapis.com" - name: GOOGLE_STORAGE_BUCKET - value: nynja-content-service-dev - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /opt/nynja/config/application-credentials.json + value: "content-service-storage-dev-uw1" + - name: GOOGLE_UPLOAD_CHUNK_SIZE + value: "262144" + - name: GOOGLE_SERVICE_ACCOUNT_PATH + value: "/opt/nynja/config/credentials.json" - name: SIGN_URL_KEY_NAME - value: content-dev-sign-key + value: "content-cdn-dev-uw1-lb-sign-key2" - name: SIGN_URL_TTL - value: "86400" + value: "3600" - name: SIGN_URL_CDN_URI - value: "http://content-cdn.dev-eu.nynja.net" - - name: STORAGE_PROVIDER - value: GOOGLE - - name: MAX_FILE_SIZE - value: "3072" + value: "https://content-cdn.dev.nynja.net" + + google_api_hosts: + - www.googleapis.com + - accounts.google.com + - oauth2.googleapis.com + - storage.googleapis.com + + db_cleanup_schedule: "0 3 * * *" + + jwt: + issuer: "https://auth.nynja.biz/" + jwksUri: "http://auth-service.auth.svc.cluster.local:8008/keys/public" + + + sealedSecret: + google: + serviceAccount: "AgCINMWSjcrWmMNhPGyUN8LVfqZ/nNwtfkZbZC2cezsQfJyY2RY5NNftSxL9tA6AmDyy239zEJ4twFEv5uGYR1Vsx83K8bv4oWhWUOLyfGeeocEA9CWXji8ZWn3uIKAzg8oMZ1by4UxBplAl6h7r9ihsbxDS+8kP8r51/sX9Nm2Xsa6Azb1RYHdYTZ5DUW29nWFmpNUXTaYw35d7LVe5npblKV+geUXwXnpO9rMvjFRlSv8olof4FWhjla0wzN9GG5QQmod2ZaSbHNADrUE/fX6HC2wSIF8JJ3VRs7oBDtiFKE6e2mw+1JNAnPOgnSEOvJvZeIf2urp/dz80AaZT61BKZIHOj7/cnaARp/33V4BNcWtUHtRMP7CfLTmnCJkEmV+wF6EL8BBI91JnJYooZl9uRuV6FtyIGdFNdvlFe4FoEQ4Z8yM4VduvjgSCOVx8UvNEfvVl+VQ2oOD+R+lxpuk79s9bMt5cRTdH0uHbXk+/VI3BuR9g7NfzsdQelcs2Ek1j89CnuWdInpd5jhvFYzfumw+60mpuddd7QerIoyUGoWvTvGXFJbILSASSwe7s1x4dVOM6FbawwKLwqJ6kPGs+slWguP7vKGHLp4dK+0N7E3VPWzBZ/bGiLkiyoEg2IroA4qKLrB6ZMgcBJJjp0ppbI5uWVlftC/us2nMuvdjAD9iDpqQcpS05BgW4sUoajpkNe7G6jppfHo6KnAKPOYFRhubW3MNNZd/PvJpmPEKO8eMzx2kUCd/79P6Uflh6R9gfnYFyAGx+1VKGNnNBuXXOSVIkcOJHOY6EgYQ9YlsGj0YYGuVUSxECX+ogO4ub4K0XrWzOU+ouS0Z8JMSGAz9fQGO3jXUDgwJw76328xViZvrg6oYBk+HGKNhpiKkcl0CybCgBvZzFUMajWd/CKH5OoOOo0UZO/PPbmnCJ0AAqSOjOnk43NNdoIAOwmUhO4jVnftjw1yFj/XCnX2QML9Kjc1mDnxcB6KwTmtKLXbs4vC7C2sGovjZXiSp3cYYK+0sWnzlrETJtJbxfjqQA+SAHb76GOn44DEnKG5ZEX8pvyHcFEwzZ/ZgVknVdo8mtw2Mt1ANaTRQK2oWOOXil7rdxcU7T6WIElmLhv5jb09ltrKQlfHfnSbplWmITNpzICg7SVHthh39MncEwdTfZl/AHjaqnV/WFzFg6iUekKMc5IO3gVOtn5q84/ES+Hlgn1GoqVLHg0Ko7y/qR09pBu7Q5lnB5ioO2YD+O55cuQqO9lrD+RFeZi70rR3Dohm7ysTPrZoyXV6kG3kerE4qLp8Kg6yOHXHY9iSh9eb2tsV0eCOedOL8ng2uThB4IJ6HwQSErigvu9KRdxNKwPsx3X947pLj3f3ALZ7yKuGu1dtMasex5/d+Yb5lwgfjFoAaV2mXA7Gzu1RMpXFtgxR9RrCYwtT5ka0FSSEnDQpDrgjNuVNvi/GQkSVKX4j8RBINGtsyIsuGYYphnkMBsuIiUv+VP6/GMylTICpewGws8jizNd9Y0ek7xh1q8JOOI28fJ4vf8yGtWMr0yN2pq4va+mcGvFwiuKTnco9nFju98r+dwo7ZbXgu37P/MISvSIbVDvBbB+xiNa6fB8E4vhZj330HWaBwoVaHXeJ3sqIC+JI0ONFSXgPqlmycsmTsCjIQbPArEGqAgbNfzWMC2jvG9vAFC7jAL0Ax0cfLe2WK5ox9y3+SNB4MJPTTuVrUNpz/AgVlpG3qkL+vWEu0fPAwK14DQ3kJIgu+W5RTU+Pq0SPQEa5g3ufCAxpxKr/a9BCg2uLX/CcCeo1pcUR4/Gw0Mv4k6YTXYw7IwLHxt5F7A3xSthVfV+VHFDpxyYBU1NmM5AF9MbDJKCBBy5PjKPgz+OltcFlXKpKn2cV0OpjCWGTUohCBGmGjEHTsYdO6U0AkPsUAHUJFbr+HKGGI62Tr6YscgPTDsK287FRgWGjb2RwmgNpZyPWRCWENtiy5kNNg/aQhRSEwukUPzxzyjiYXCLSXlIoJ4OhFJUmvWGefqC31NyX9f5I5Ml4Ble8kADKHHFISZ1oJdUqpueCPOcABTofiGUV90bzsUC1gGPtO8uXNaDzPAiwxIeOkLmN5HHfjYmEQ5rZhCxp+5E8hNd9o2eYqreVa089r9zZA/FrdgY6QZWyIpZDm/CrgytG61tzDafH2N9XNoJM3a6UMqy2AQm501WdPU85BKgAG6r0mf/6iox2BYi+/oPU7dA6FEuNr4ecRyNvds3AEu5HN2u4S3e/Dw+D2jO8Y/k/fXbqvCI+UuXSbK0bFpxO3XK1cZDInYOIgswmTAJTPV67ujzHojHm5uy4dtelhL9B5f+jJ7Y4ANIVb8L0KwdNKsu2KLD6nt3w3CjtLrtEXh1+NzAQro+BHPoWOxM8I3E83KokFKwiHkyLzcGD7/6NrduUDge7Xuu6Ei+BXsOnnFqfxiprDm8V5OANTBJG59BgI4BdU+Y+dbjScqmOzwZVsCtZ1GilG8fxSvzvdjuV+oyXPKYcwhLnphxRnKcZOep53tRilQ0jkw196dM0df8EUDOQj+OkZJU2UPNXvc+vxxUq3i2486zcGwTjCpFOlbFsyC915/ULmB5UlPQvDbT04t7INM5bRPly9rrs7BAkwWr4UOZ7k1qD8B0oX+HQFuJhmfX8C+zUlKrC+xgbKKuKI/71okN7FRJIEqUiNiHf0NYfGPKdW74yKZtEc+2IrIKDrQbLVc3bqf7LGBc2RepZU9JIRWuJ7EwPHUeMrTor/6kNTIW+SiNh399syYp+9nJS44AfVyZsrc7bzJHNB54rP+O2yJNgvde/L9jt88fU5LvuaIooDsjUV8RptgFXziJSceb1owzJVpwaj8nO2bK37xYUdseZ878vz7n5FkxvutJE9NBXsBcInXYU8jISxZUtqNODJfKTNB5RN3victOcYtWi9HypWCHC+ka+FgkgGpjTtEFDx3qt1Hs0iOJoeNXALA8EoLfcnn25PD8+GPGatqmDUHSXCzGcRl362xgpMUtQXrNAKZ/xiURqGyNahbv8pCdCO6xaaBXPMB+X5xyjBpTorNZJZnUQCE/04bbKsX9pH5jSerwp4iiY3syItKECUvgpt1JxG/P6/LBGPOiGkA1LsluIQz52D3JFzNYny8CU57luy/vYTln/0yNGY3XFUOu+VBmHzlU2Bl6mggwR0eLRB/iX1u5NG2wtKmLCLMU11J8wgdVWiCM6e0Y7ixoab5DOPcmXkUt9bIz8PA3SwLhMYoRUEHsqq+GtcnyCgHKUnH+ppn50IJHWG29Cch8qitJXMILg+yBq7wUpGEO2vJ6fZpYTSzh+SO95emkgFk2lEb60+frsWsJFiVM+Rdef0wwnFUh9Q8giRZ9oOXg4SC+ZWu1Ca5G0YRaDlqg9dhIXuLK8f5mogK8ebDhzuvWlRTSzUvn1w1sjP2pczay2VwcnP+AZE1VvpA/s88NFsUMuhCxWQ0krNylPuH+2pg7NZ4KEdI7y5gHAsdrM+lEJnt3Kgn0yrZvsMlu9jDUJ6X35d2wDssrbel1JPjIGy0b9bUXiEipTY14GAgwCqWqw57+q1P4AczQyBVM4FZ3Jg8a/N+3N8JXnTUvPsvfhvEHuyahf0S5fVyxOYOzSYtXHFIjMTxwX11ZplFkFyuV/KNk7UOGLRmirx2mw6912AfGW5hO/3hhwHQEHAIb62waD00j31OgLi0knhhTFCILi4pN+w/Be/fy9Poq3srYfLV1NBgbvP7SLtqVO+N0X2FZt+T1ss710Sp7BG5NyJj1kb/xrFu+nvDVOpSrIy+Ru94ftrGAFOjv+50gJSuDsK5wnKLpEY3t/V7TEJVmoR9QgpI" + signUrlKey: "AgAtbGCYSQkXUPTxnaFvCMfcpMgR68cqKF6xzqy85enBVmnkW/n8yl3YdxcgD8VEozXkqIdhLH0r08ngXYW3ekkbdY8JzdXS49a2+nRVd3UF9Oi287yD123nlIQJO+tVNlfLycWOzs+u8VTrbCEg74vaMS9vsGfPf0oqnm1o9kwGD04OTN/wYfw58J0tlc717vCwm9YkdzgARQKx1Qjir5xImglQjHgJFAuTQUhMVVxvLOk2Hl4sZ0BTSz0R/IzINPvnRT12JgxUaXKTpHPGibu/kY/H4LWX1hyHhedZRTlVIyyE3Au3kWg2twjwT7dAeIZCmVvQmEnpfpnSIeFhNd+XfH1P4QXjfrStbEVNpG9kPD8bdg6CaIx92ibRLpBuCc7GZ03xlvTPtqvqk8Xih4Z4ygbLpdxmA1SdsseKchS2ZaWW21yN3ZKwbDyZnKEIMfnptUce8KRxrHlM//kFE3adK5znz3LL2X82tWHaISRUPYyhg1lrYzMDvE1XRdIeqRnYovBAjFh5GIJt2elDbwNwEYlh6CPq98omYevb1Xqcb/n6Ky3ttDVFTi94QAMRLz3LfPE9Hk5K8B7zblURJ8B+trquRvovuPoo27aPc482XAD8U0hXQMTBOTmjqY0GHlSYepqm4LprTH1ruVs6RIhM1HyHY7XDZYaqiDlbnH1Ud+YEz+7gfiTq42cqTGcHQ9SS2/+HOBsWEYHiw/zDUot7TD1PEJ2T+Zc=" + token: + encryptDecryptKey: "AgBr1BiihcmeUFH+sVk/HdNRcfadbzXMz8blOSSfwCtofE9K7bOh+waVNkvZJdDGWdFtOhv8DFXkmU0KHZO0VKWbUKBq04Vl+5iDrzfrRjTpd8S9vEGnb2PLfZIy1BqOTxV+4bXTlSRg76Ju2wntkEPGLhIDSJDN4zX8qYacTzxFltlIoLdHmPR2Lfx2j2JTG7xljeYNoBOEgxhhfwV0PIIN0t3fpeMmifhBH+7VEAqNXgCZ/50Ssac1+Fh+vqyTGIBlhT5HLNPQxAVBmuxUWkVGVUuHW94Fld3KiJQley43P1QcqXO6ijgHd5yHsO84pCRE95AX4ez8cLYb+Z6+b/YkbLa+zWHS3bLn2HMnL6oFXQ5VfQlgN4NdBZLZcBVQGvuyetpCYozvVP2LIzfd/EXdjGc+wDzmxde9zjuWhKGRgk5/qk6ct70hYre+MmifpgbIjewmvCHZwOR9HXaKgDnVnmpLa6F7o8fKzVeIpTnRrja3WbEbEijKkwGCh/i6O74FtbWgFroTOrdtMLrLml1OFsNRAqAj8CLXgdh2EupM1GjyLuOmE5b6Ewi2EUOhnViQklP0I3Javt5uPxyqVccOH2BHAY3HQFcoSsdQwzypTcprFkD1wgaIrXjLqoZckh7mz+Rn5I5lAsnJtvtP6PkW1TgYr4sSdXCyJGOBnsTVLIyFyMtT5NJ3NjQr6k+HeAqVTzYm9B5XgaZn3MBGfCoxc62jayRnnZfQ9amfYxMHZdaDe5xJ" + \ No newline at end of file diff --git a/releases/prod/content-service.yaml b/releases/prod/content-service.yaml index 1014f38cb9c937d74e373c989d8dd7c33bb87b16..1ed67de4d0656da8c3e8f0e2773750e7a3875bf1 100644 --- a/releases/prod/content-service.yaml +++ b/releases/prod/content-service.yaml @@ -8,9 +8,9 @@ spec: chart: repository: https://nynjagroup.jfrog.io/nynjagroup/helm/ name: content-service - version: 0.1.0 + version: 0.2.2 values: - replicaCount: 2 + replicaCount: 1 image: repository: ${IMAGE_NAME} @@ -21,3 +21,112 @@ spec: - api-gateway.default.svc.cluster.local hosts: - content.nynja.net + + resources: + limits: + cpu: 1 + memory: 1500Mi + requests: + cpu: 500m + memory: 1000Mi + + ports: + containerPort: + http: 8000 + grpc: 6565 + + cassandra: + keyspace-name: "content" + contact-points: "cassandra.cassandra.svc.cluster.local" + port: "9042" + replication: "3" + + # CORS policy + corsPolicy: + allowOrigin: + - https://web.dev.nynja.net + - https://web.staging.nynja.net + - https://web.nynja.net + - https://desktop.dev.nynja.net + - https://desktop.staging.nynja.net + - https://desktop.nynja.net + allowMethods: + - POST + - GET + - OPTIONS + allowCredentials: false + allowHeaders: + - content-type + - x-grpc-web + maxAge: "600s" + + + + # Allow Egress traffic to Google API + extra_vars: + - name: TOKEN_TIME_TO_LIVE + value: "36000" + - name: MAX_FILE_SIZE + value: "1610612736" + - name: TOKEN_MAX_UPLOAD_RETRIES + value: "3" + - name: MEDIA-TYPES_TEXT + value: "doc, docx, odt, rtf, txt" + - name: MEDIA-TYPES_AUDIO + value: "mp3, wav, wma" + - name: MEDIA-TYPES_VIDEO + value: "avi, mov, mp4, mpg, wmv" + - name: MEDIA-TYPES_IMAGE + value: "bmp, gif, jpg, png, svg" + - name: MEDIA-TYPES_PAGE-LAYOUT + value: "pdf" + - name: MEDIA-TYPES_SPREADSHEET + value: "xls, xlsx" + - name: MEDIA-TYPES_COMPRESSED + value: "7z, zip" + - name: MEDIA-TYPES_DATA + value: "csv, ppt, pptx" + - name: FILE_UPLOAD_URL + value: "https://content.nynja.net/file/upload" + - name: FILE_UPLOAD_JOB_TTL + value: "1" + - name: FILE_DOWNLOAD_URL + value: "https://content.nynja.net/file/download/" + - name: STORAGE_PROVIDER + value: "GOOGLE" + - name: LOCAL_STORAGE_LOCATION + value: "/opt/nynja/" + - name: GOOGLE_STORAGE_URI + value: "https://storage.googleapis.com" + - name: GOOGLE_STORAGE_BUCKET + value: "content-service-storage-prod-uw1" + - name: GOOGLE_UPLOAD_CHUNK_SIZE + value: "262144" + - name: GOOGLE_SERVICE_ACCOUNT_PATH + value: "/opt/nynja/config/credentials.json" + - name: SIGN_URL_KEY_NAME + value: "content-cdn-prod-uw1-lb-sign-key" + - name: SIGN_URL_TTL + value: "3600" + - name: SIGN_URL_CDN_URI + value: "https://content-cdn.nynja.net" + + google_api_hosts: + - www.googleapis.com + - accounts.google.com + - oauth2.googleapis.com + - storage.googleapis.com + + db_cleanup_schedule: "0 3 * * *" + + jwt: + issuer: "https://auth.nynja.biz/" + jwksUri: "http://auth-service.auth.svc.cluster.local:8008/keys/public" + + + sealedSecret: + google: + serviceAccount: "" + signUrlKey: "" + token: + encryptDecryptKey: "" diff --git a/releases/staging/content-service.yaml b/releases/staging/content-service.yaml index 5bf2eff2d3bb64d567416a817eaab580f711824d..a9eed59f1296834ceea665fbc17773533949594e 100644 --- a/releases/staging/content-service.yaml +++ b/releases/staging/content-service.yaml @@ -8,9 +8,9 @@ spec: chart: repository: https://nynjagroup.jfrog.io/nynjagroup/helm/ name: content-service - version: 0.1.0 + version: 0.2.2 values: - replicaCount: 2 + replicaCount: 1 image: repository: ${IMAGE_NAME} @@ -32,13 +32,24 @@ spec: ports: containerPort: - http: 8001 - grpc: 6563 + http: 8000 + grpc: 6565 + cassandra: + keyspace-name: "content" + contact-points: "cassandra.cassandra.svc.cluster.local" + port: "9042" + replication: "3" + # CORS policy corsPolicy: allowOrigin: + - https://web.dev.nynja.net - https://web.staging.nynja.net + - https://web.nynja.net + - https://desktop.dev.nynja.net + - https://desktop.staging.nynja.net + - https://desktop.nynja.net allowMethods: - POST - GET @@ -49,3 +60,74 @@ spec: - x-grpc-web maxAge: "600s" + + + # Allow Egress traffic to Google API + extra_vars: + - name: TOKEN_TIME_TO_LIVE + value: "36000" + - name: MAX_FILE_SIZE + value: "1610612736" + - name: TOKEN_MAX_UPLOAD_RETRIES + value: "3" + - name: MEDIA-TYPES_TEXT + value: "doc, docx, odt, rtf, txt" + - name: MEDIA-TYPES_AUDIO + value: "mp3, wav, wma" + - name: MEDIA-TYPES_VIDEO + value: "avi, mov, mp4, mpg, wmv" + - name: MEDIA-TYPES_IMAGE + value: "bmp, gif, jpg, png, svg" + - name: MEDIA-TYPES_PAGE-LAYOUT + value: "pdf" + - name: MEDIA-TYPES_SPREADSHEET + value: "xls, xlsx" + - name: MEDIA-TYPES_COMPRESSED + value: "7z, zip" + - name: MEDIA-TYPES_DATA + value: "csv, ppt, pptx" + - name: FILE_UPLOAD_URL + value: "https://content.staging.nynja.net/file/upload" + - name: FILE_UPLOAD_JOB_TTL + value: "1" + - name: FILE_DOWNLOAD_URL + value: "https://content.staging.nynja.net/file/download/" + - name: STORAGE_PROVIDER + value: "GOOGLE" + - name: LOCAL_STORAGE_LOCATION + value: "/opt/nynja/" + - name: GOOGLE_STORAGE_URI + value: "https://storage.googleapis.com" + - name: GOOGLE_STORAGE_BUCKET + value: "content-service-storage-staging-uw1" + - name: GOOGLE_UPLOAD_CHUNK_SIZE + value: "262144" + - name: GOOGLE_SERVICE_ACCOUNT_PATH + value: "/opt/nynja/config/credentials.json" + - name: SIGN_URL_KEY_NAME + value: "content-cdn-staging-uw1-lb-sign-key" + - name: SIGN_URL_TTL + value: "3600" + - name: SIGN_URL_CDN_URI + value: "https://content-cdn.staging.nynja.net" + + google_api_hosts: + - www.googleapis.com + - accounts.google.com + - oauth2.googleapis.com + - storage.googleapis.com + + db_cleanup_schedule: "0 3 * * *" + + jwt: + issuer: "https://auth.nynja.biz/" + jwksUri: "http://auth-service.auth.svc.cluster.local:8008/keys/public" + + + sealedSecret: + google: + serviceAccount: "" + signUrlKey: "" + token: + encryptDecryptKey: "" + diff --git a/src/main/java/biz/nynja/content/file/storage/StorageConfiguration.java b/src/main/java/biz/nynja/content/file/storage/StorageConfiguration.java index 886c8b916f57693e3d31a5ee787e13c56aa117c7..4e7ae98a48b1d38586170a34ec04b3583b382ca8 100644 --- a/src/main/java/biz/nynja/content/file/storage/StorageConfiguration.java +++ b/src/main/java/biz/nynja/content/file/storage/StorageConfiguration.java @@ -21,6 +21,13 @@ public class StorageConfiguration { private final int signedUrlTTL; private final String cdnURI; + /** + * Added By Jayendra + * 10-June-2020 + * Added property to fetch service account key location for bucket + */ + private final String serviceAccountPath; + @Autowired public StorageConfiguration(Environment env) { this.localStorageLocation = env.getRequiredProperty("storage.local.location"); @@ -30,6 +37,8 @@ public class StorageConfiguration { this.signKey = env.getRequiredProperty("storage.google.sign_url.key"); this.signedUrlTTL = parseProperty(env, "storage.google.sign_url.ttl"); this.cdnURI = env.getRequiredProperty("storage.google.sign_url.cdn_uri"); + this.serviceAccountPath = env.getRequiredProperty("storage.google.service_account_path"); + } private int parseProperty(Environment env, String property) throws InternalError { @@ -71,4 +80,7 @@ public class StorageConfiguration { return cdnURI; } + public String getServiceAccountPath() { + return serviceAccountPath; + } } diff --git a/src/main/java/biz/nynja/content/file/storage/impl/GoogleStorageProvider.java b/src/main/java/biz/nynja/content/file/storage/impl/GoogleStorageProvider.java index d50966db47931d05d0b8b2a2de1a1a23b578235f..b2585fc5605038f94870b97167f6558c0a33d31d 100644 --- a/src/main/java/biz/nynja/content/file/storage/impl/GoogleStorageProvider.java +++ b/src/main/java/biz/nynja/content/file/storage/impl/GoogleStorageProvider.java @@ -3,6 +3,7 @@ */ package biz.nynja.content.file.storage.impl; +import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; import java.net.URI; @@ -73,11 +74,15 @@ public class GoogleStorageProvider implements StorageProvider { this.uploadTokenService = uploadTokenService; HttpTransport httpTransport; try { + httpTransport = GoogleNetHttpTransport.newTrustedTransport(); // Build an account credential. - GoogleCredential credential = GoogleCredential.getApplicationDefault(); + // Updated By Jayendra (10 June 2020) + //GoogleCredential credential = GoogleCredential.getApplicationDefault(); + GoogleCredential credential = GoogleCredential.fromStream(new FileInputStream(storageConfiguration.getServiceAccountPath())); credential = credential.createScoped(Arrays.asList(StorageScopes.DEVSTORAGE_FULL_CONTROL)); requestFactory = httpTransport.createRequestFactory(credential); + } catch (GeneralSecurityException | IOException e) { logger.error("Error with Google credentials: {}", e.getMessage()); logger.debug("Error with Google credentials: {}", e.getCause()); diff --git a/src/main/resources/application-dev.yml b/src/main/resources/application-dev.yml index 98f2571d5012284553960885b655e43496c332c3..d507130e47c53c7a9f1160efdf7f80ba1ddd264c 100644 --- a/src/main/resources/application-dev.yml +++ b/src/main/resources/application-dev.yml @@ -48,13 +48,14 @@ storage: location: src/main/resources google: uri: https://storage.googleapis.com - bucket: nynja-content-service-dev + bucket: content-service-storage-dev-uw1 upload_chunk_size: 262144 # measured in bytes (B) and must be a multiple of 256K bytes (that is, 262144 bytes) + service_account_path: F:/JSS/Projects/NynjaProject/Cloud storage key/nynja-cloud-storage-3a21469fad1b.json sign_url: key_name: key: - ttl: 86400 # measured in seconds. - cdn_uri: http://content-cdn.dev-eu.nynja.net + ttl: 3600 # measured in seconds. + cdn_uri: https://content-cdn.dev.nynja.net # To enable colors in Eclipse: diff --git a/src/main/resources/application-production.yml b/src/main/resources/application-production.yml index 781a3cbce33b7343286d7ae58eef2fc15d911cee..82a4bc7b472199eb3e433c106c5126d0d9a3f2c7 100644 --- a/src/main/resources/application-production.yml +++ b/src/main/resources/application-production.yml @@ -36,11 +36,11 @@ media-types: file: upload: - url: ${FILE_UPLOAD_URL:https://content.dev-eu.nynja.net/rest/file/upload/} + url: ${FILE_UPLOAD_URL:https://content.dev.nynja.net/rest/file/upload/} job: ttl: 1 # measured in hours. download: - url: ${FILE_DOWNLOAD_URL:https://content.dev-eu.nynja.net/rest/file/download/} + url: ${FILE_DOWNLOAD_URL:https://content.dev.nynja.net/rest/file/download/} storage: provider: ${STORAGE_PROVIDER:GOOGLE} @@ -48,13 +48,14 @@ storage: location: ${LOCAL_STORAGE_LOCATION:/opt/nynja/} google: uri: ${GOOGLE_STORAGE_URI:https://storage.googleapis.com} - bucket: ${GOOGLE_STORAGE_BUCKET:content-service-dev} - upload_chunk_size: 262144 # measured in bytes (B) and must be a multiple of 256K bytes (that is, 262144 bytes) + bucket: ${GOOGLE_STORAGE_BUCKET:content-service-storage-dev-uw1} + upload_chunk_size: ${GOOGLE_UPLOAD_CHUNK_SIZE:262144} # measured in bytes (B) and must be a multiple of 256K bytes (that is, 262144 bytes) + service_account_path: ${GOOGLE_SERVICE_ACCOUNT_PATH:} sign_url: - key_name: ${SIGN_URL_KEY_NAME:content-service-dev-key} - key: ${SIGN_URL_KEY:dsankldmsakdmkalsdmksa==} - ttl: ${SIGN_URL_TTL:86400} # measured in seconds. - cdn_uri: ${SIGN_URL_CDN_URI:http://35.244.165.21} + key_name: ${SIGN_URL_KEY_NAME:content-cdn-dev-uw1-lb-sign-key2} + key: ${SIGN_URL_KEY:LEVsBE1vMfGh0XeuDVU00w==} + ttl: ${SIGN_URL_TTL:3600} # measured in seconds. + cdn_uri: ${SIGN_URL_CDN_URI:https://content-cdn.dev.nynja.net} # To enable colors in Eclipse: # spring.output.ansi.enabled=ALWAYS and in eclipse