From 77f74696951ef8d532eda274ea8b3eb07c5297d4 Mon Sep 17 00:00:00 2001 From: Jayendra Date: Wed, 10 Jun 2020 15:38:59 +0530 Subject: [PATCH 1/8] Added property of bucket service account --- .../file/storage/StorageConfiguration.java | 12 ++++++++++++ .../storage/impl/GoogleStorageProvider.java | 7 ++++++- src/main/resources/application-dev.yml | 7 ++++--- src/main/resources/application-production.yml | 17 +++++++++-------- 4 files changed, 31 insertions(+), 12 deletions(-) diff --git a/src/main/java/biz/nynja/content/file/storage/StorageConfiguration.java b/src/main/java/biz/nynja/content/file/storage/StorageConfiguration.java index 886c8b9..4e7ae98 100644 --- a/src/main/java/biz/nynja/content/file/storage/StorageConfiguration.java +++ b/src/main/java/biz/nynja/content/file/storage/StorageConfiguration.java @@ -21,6 +21,13 @@ public class StorageConfiguration { private final int signedUrlTTL; private final String cdnURI; + /** + * Added By Jayendra + * 10-June-2020 + * Added property to fetch service account key location for bucket + */ + private final String serviceAccountPath; + @Autowired public StorageConfiguration(Environment env) { this.localStorageLocation = env.getRequiredProperty("storage.local.location"); @@ -30,6 +37,8 @@ public class StorageConfiguration { this.signKey = env.getRequiredProperty("storage.google.sign_url.key"); this.signedUrlTTL = parseProperty(env, "storage.google.sign_url.ttl"); this.cdnURI = env.getRequiredProperty("storage.google.sign_url.cdn_uri"); + this.serviceAccountPath = env.getRequiredProperty("storage.google.service_account_path"); + } private int parseProperty(Environment env, String property) throws InternalError { @@ -71,4 +80,7 @@ public class StorageConfiguration { return cdnURI; } + public String getServiceAccountPath() { + return serviceAccountPath; + } } diff --git a/src/main/java/biz/nynja/content/file/storage/impl/GoogleStorageProvider.java b/src/main/java/biz/nynja/content/file/storage/impl/GoogleStorageProvider.java index d50966d..b2585fc 100644 --- a/src/main/java/biz/nynja/content/file/storage/impl/GoogleStorageProvider.java +++ b/src/main/java/biz/nynja/content/file/storage/impl/GoogleStorageProvider.java @@ -3,6 +3,7 @@ */ package biz.nynja.content.file.storage.impl; +import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; import java.net.URI; @@ -73,11 +74,15 @@ public class GoogleStorageProvider implements StorageProvider { this.uploadTokenService = uploadTokenService; HttpTransport httpTransport; try { + httpTransport = GoogleNetHttpTransport.newTrustedTransport(); // Build an account credential. - GoogleCredential credential = GoogleCredential.getApplicationDefault(); + // Updated By Jayendra (10 June 2020) + //GoogleCredential credential = GoogleCredential.getApplicationDefault(); + GoogleCredential credential = GoogleCredential.fromStream(new FileInputStream(storageConfiguration.getServiceAccountPath())); credential = credential.createScoped(Arrays.asList(StorageScopes.DEVSTORAGE_FULL_CONTROL)); requestFactory = httpTransport.createRequestFactory(credential); + } catch (GeneralSecurityException | IOException e) { logger.error("Error with Google credentials: {}", e.getMessage()); logger.debug("Error with Google credentials: {}", e.getCause()); diff --git a/src/main/resources/application-dev.yml b/src/main/resources/application-dev.yml index 98f2571..d507130 100644 --- a/src/main/resources/application-dev.yml +++ b/src/main/resources/application-dev.yml @@ -48,13 +48,14 @@ storage: location: src/main/resources google: uri: https://storage.googleapis.com - bucket: nynja-content-service-dev + bucket: content-service-storage-dev-uw1 upload_chunk_size: 262144 # measured in bytes (B) and must be a multiple of 256K bytes (that is, 262144 bytes) + service_account_path: F:/JSS/Projects/NynjaProject/Cloud storage key/nynja-cloud-storage-3a21469fad1b.json sign_url: key_name: key: - ttl: 86400 # measured in seconds. - cdn_uri: http://content-cdn.dev-eu.nynja.net + ttl: 3600 # measured in seconds. + cdn_uri: https://content-cdn.dev.nynja.net # To enable colors in Eclipse: diff --git a/src/main/resources/application-production.yml b/src/main/resources/application-production.yml index 781a3cb..82a4bc7 100644 --- a/src/main/resources/application-production.yml +++ b/src/main/resources/application-production.yml @@ -36,11 +36,11 @@ media-types: file: upload: - url: ${FILE_UPLOAD_URL:https://content.dev-eu.nynja.net/rest/file/upload/} + url: ${FILE_UPLOAD_URL:https://content.dev.nynja.net/rest/file/upload/} job: ttl: 1 # measured in hours. download: - url: ${FILE_DOWNLOAD_URL:https://content.dev-eu.nynja.net/rest/file/download/} + url: ${FILE_DOWNLOAD_URL:https://content.dev.nynja.net/rest/file/download/} storage: provider: ${STORAGE_PROVIDER:GOOGLE} @@ -48,13 +48,14 @@ storage: location: ${LOCAL_STORAGE_LOCATION:/opt/nynja/} google: uri: ${GOOGLE_STORAGE_URI:https://storage.googleapis.com} - bucket: ${GOOGLE_STORAGE_BUCKET:content-service-dev} - upload_chunk_size: 262144 # measured in bytes (B) and must be a multiple of 256K bytes (that is, 262144 bytes) + bucket: ${GOOGLE_STORAGE_BUCKET:content-service-storage-dev-uw1} + upload_chunk_size: ${GOOGLE_UPLOAD_CHUNK_SIZE:262144} # measured in bytes (B) and must be a multiple of 256K bytes (that is, 262144 bytes) + service_account_path: ${GOOGLE_SERVICE_ACCOUNT_PATH:} sign_url: - key_name: ${SIGN_URL_KEY_NAME:content-service-dev-key} - key: ${SIGN_URL_KEY:dsankldmsakdmkalsdmksa==} - ttl: ${SIGN_URL_TTL:86400} # measured in seconds. - cdn_uri: ${SIGN_URL_CDN_URI:http://35.244.165.21} + key_name: ${SIGN_URL_KEY_NAME:content-cdn-dev-uw1-lb-sign-key2} + key: ${SIGN_URL_KEY:LEVsBE1vMfGh0XeuDVU00w==} + ttl: ${SIGN_URL_TTL:3600} # measured in seconds. + cdn_uri: ${SIGN_URL_CDN_URI:https://content-cdn.dev.nynja.net} # To enable colors in Eclipse: # spring.output.ansi.enabled=ALWAYS and in eclipse -- GitLab From a861949a4fd76609d5de74084eaeb850bbe59a1d Mon Sep 17 00:00:00 2001 From: Chetan Rathore Date: Fri, 12 Jun 2020 11:51:17 +0530 Subject: [PATCH 2/8] Updated env variables and added sealedsecret --- .../templates/content-gcs-sealedsecret.yaml | 13 ++++ .../content-service/templates/deployment.yaml | 21 ++++++- charts/content-service/values.yaml | 63 +++++++++++++++++++ 3 files changed, 95 insertions(+), 2 deletions(-) create mode 100644 charts/content-service/templates/content-gcs-sealedsecret.yaml diff --git a/charts/content-service/templates/content-gcs-sealedsecret.yaml b/charts/content-service/templates/content-gcs-sealedsecret.yaml new file mode 100644 index 0000000..13c4632 --- /dev/null +++ b/charts/content-service/templates/content-gcs-sealedsecret.yaml @@ -0,0 +1,13 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + name: {{ template "service.fullname" . }}-gcs-sealedsecret + labels: + app: {{ template "service.name" . }} + chart: {{ template "service.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +spec: + encryptedData: + credentials.json: {{ .Values.google.SealedSecret | quote }} \ No newline at end of file diff --git a/charts/content-service/templates/deployment.yaml b/charts/content-service/templates/deployment.yaml index 7faf027..06d8d34 100644 --- a/charts/content-service/templates/deployment.yaml +++ b/charts/content-service/templates/deployment.yaml @@ -58,6 +58,18 @@ spec: value: {{ .Values.ports.containerPort.http | quote }} - name: GRPC_SERVER_PORT value: {{ .Values.ports.containerPort.grpc | quote }} + #Cassandra Config + - name: CASSANDRA_KEYSPACE + value: {{ .Values.ports.containerPort.http | quote }} + - name: CASSANDRA_CONTACT_POINTS + value: {{ .Values.ports.containerPort.grpc | quote }} + - name: CASSANDRA_PORT + value: {{ .Values.ports.containerPort.http | quote }} + - name: CASSANDRA_KEYSPACE_REPLICATION + value: {{ .Values.ports.containerPort.grpc | quote }} + - name: GOOGLE_APPLICATION_CREDENTIALS + value: "/etc/secrets/google/credentials.json" + {{ if .Values.extra_vars -}} {{ toYaml .Values.extra_vars | indent 8 }} {{- end -}} @@ -67,8 +79,10 @@ spec: name: content-service-gcloud key: sign_url_key volumeMounts: - - name: service-account-gcloud - mountPath: /opt/nynja/config + - name: google-service-account + mountPath: /etc/secrets/google/ + - name: service-account-gcloud + mountPath: /opt/nynja/config resources: {{ toYaml .Values.resources | indent 12 }} {{- with .Values.nodeSelector }} @@ -85,6 +99,9 @@ spec: {{- end }} volumes: + - name: google-service-account + secret: + secretName: content-gcs-sealedsecret - name: service-account-gcloud secret: secretName: content-service-gcloud diff --git a/charts/content-service/values.yaml b/charts/content-service/values.yaml index dc61f6f..5a5ac4d 100644 --- a/charts/content-service/values.yaml +++ b/charts/content-service/values.yaml @@ -23,6 +23,12 @@ ports: http: grpc: +cassandra: + keyspace-name: "content" + contact-points: "cassandra.cassandra.svc.cluster.local" + port: "9042" + replication: "3" + nodeSelector: {} tolerations: [] @@ -37,15 +43,72 @@ corsPolicy: maxAge: extra_vars: + - name: TOKEN_ENCRYPTDECRYPT_KEY + value: "someKeyUsedForEncryptionAndDecryption" + - name: TOKEN_TIMETOLIVE + value: "36000" + - name: MAX_FILE_SIZE + value: "1610612736" + - name: TOKEN_MAXUPLOADRETRIES + value: "3" + - name: MEDIA-TYPES_TEXT + value: "doc, docx, odt, rtf, txt" + - name: MEDIA-TYPES_AUDIO + value: "mp3, wav, wma" + - name: MEDIA-TYPES_VIDEO + value: "avi, mov, mp4, mpg, wmv" + - name: MEDIA-TYPES_IMAGE + value: "bmp, gif, jpg, png, svg" + - name: MEDIA-TYPES_PAGE-LAYOUT + value: "pdf" + - name: MEDIA-TYPES_SPREADSHEET + value: "xls, xlsx" + - name: MEDIA-TYPES_COMPRESSED + value: "7z, zip" + - name: MEDIA-TYPES_DATA + value: "csv, ppt, pptx" - name: FILE_UPLOAD_URL value: https://content.dev-eu.nynja.net/file/upload - name: FILE_DOWNLOAD_URL value: https://content.dev-eu.nynja.net/file/download/ + - name: STORAGE_PROVIDER + value: "GOOGLE" - name: LOCAL_STORAGE_LOCATION value: /src/main/resources - name: GOOGLE_STORAGE_URI value: https://storage.googleapis.com - name: GOOGLE_STORAGE_BUCKET value: content-service-dev + - name: GOOGLE_UPLOAD_CHUNK_SIZE + value: "262144" + - name: GOOGLE_SERVICE_ACCOUNT_PATH + value: "" + - name: SIGN_URL_KEY_NAME + value: "content-cdn-dev-uw1-lb-sign-key2" + - name: SIGN_URL_KEY + value: "LEVsBE1vMfGh0XeuDVU00w==" + - name: SIGN_URL_TTL + value: "3600" + - name: SIGN_URL_CDN_URI + value: "https://content-cdn.dev.nynja.net" + - name: OUTPUT_ANSI_ENABLED + value: "ALWAYS" + - name: LOGGING_LEVEL_ROOT + value: "INFO" + - name: LOGGING_LEVEL_ORG_SPRINGFRAMEWORK_WEB + value: "INFO" + - name: MANAGEMENT_ENDPOINT_METRICS_ENABLED + value: true + - name: MANAGEMENT_ENDPOINT_PROMETHEUS_ENABLED + value: true + - name: MANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE + value: "prometheus, health, info, loggers" + - name: MANAGEMENT_METRICS_EXPORT_PROMETHEUS_ENABLED + value: true + - name: GOOGLE_APPLICATION_CREDENTIALS + value: /opt/nynja/application-credentials.json - name: GOOGLE_APPLICATION_CREDENTIALS value: /opt/nynja/application-credentials.json + +google: + SealedSecret: "" \ No newline at end of file -- GitLab From 5842c4205dde911b913770053e4eed7729abbd83 Mon Sep 17 00:00:00 2001 From: Chetan Rathore Date: Fri, 12 Jun 2020 11:58:11 +0530 Subject: [PATCH 3/8] Updated values.yml --- charts/content-service/templates/deployment.yaml | 8 ++++---- charts/content-service/values.yaml | 2 -- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/charts/content-service/templates/deployment.yaml b/charts/content-service/templates/deployment.yaml index 06d8d34..d0bfa5a 100644 --- a/charts/content-service/templates/deployment.yaml +++ b/charts/content-service/templates/deployment.yaml @@ -60,13 +60,13 @@ spec: value: {{ .Values.ports.containerPort.grpc | quote }} #Cassandra Config - name: CASSANDRA_KEYSPACE - value: {{ .Values.ports.containerPort.http | quote }} + value: {{ .Values.cassandra.keyspace-name | quote }} - name: CASSANDRA_CONTACT_POINTS - value: {{ .Values.ports.containerPort.grpc | quote }} + value: {{ .Values.cassandra.contact-points | quote }} - name: CASSANDRA_PORT - value: {{ .Values.ports.containerPort.http | quote }} + value: {{ .Values.cassandra.port | quote }} - name: CASSANDRA_KEYSPACE_REPLICATION - value: {{ .Values.ports.containerPort.grpc | quote }} + value: {{ .Values.cassandra.replication | quote }} - name: GOOGLE_APPLICATION_CREDENTIALS value: "/etc/secrets/google/credentials.json" diff --git a/charts/content-service/values.yaml b/charts/content-service/values.yaml index 5a5ac4d..f787e1a 100644 --- a/charts/content-service/values.yaml +++ b/charts/content-service/values.yaml @@ -107,8 +107,6 @@ extra_vars: value: true - name: GOOGLE_APPLICATION_CREDENTIALS value: /opt/nynja/application-credentials.json - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /opt/nynja/application-credentials.json google: SealedSecret: "" \ No newline at end of file -- GitLab From 4f8af7e4fa7ce270cb023b53583d2aae4a9e92b1 Mon Sep 17 00:00:00 2001 From: Chetan Rathore Date: Fri, 12 Jun 2020 12:00:43 +0530 Subject: [PATCH 4/8] fixed indentation on deployment.yml --- charts/content-service/templates/deployment.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/content-service/templates/deployment.yaml b/charts/content-service/templates/deployment.yaml index d0bfa5a..b5935bf 100644 --- a/charts/content-service/templates/deployment.yaml +++ b/charts/content-service/templates/deployment.yaml @@ -79,10 +79,10 @@ spec: name: content-service-gcloud key: sign_url_key volumeMounts: - - name: google-service-account - mountPath: /etc/secrets/google/ - - name: service-account-gcloud - mountPath: /opt/nynja/config + - name: google-service-account + mountPath: /etc/secrets/google/ + - name: service-account-gcloud + mountPath: /opt/nynja/config resources: {{ toYaml .Values.resources | indent 12 }} {{- with .Values.nodeSelector }} -- GitLab From 135c841b23919b20883ffc2b36fa78bdc210a9fb Mon Sep 17 00:00:00 2001 From: jitender Date: Fri, 12 Jun 2020 16:40:45 +0800 Subject: [PATCH 5/8] modified chart with variables and sealedsecrets [chart 0.2.0] --- charts/content-service/Chart.yaml | 2 +- .../templates/content-gcs-sealedsecret.yaml | 3 +- .../templates/content-token-sealedsecret.yaml | 13 +++++ .../content-service/templates/deployment.yaml | 41 ++++++++------- charts/content-service/templates/secret.yaml | 11 ---- charts/content-service/values.yaml | 52 +++++++------------ 6 files changed, 59 insertions(+), 63 deletions(-) create mode 100644 charts/content-service/templates/content-token-sealedsecret.yaml delete mode 100644 charts/content-service/templates/secret.yaml diff --git a/charts/content-service/Chart.yaml b/charts/content-service/Chart.yaml index 6f288a4..0e1f10f 100644 --- a/charts/content-service/Chart.yaml +++ b/charts/content-service/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "1.0" description: Deployment of Nynja content service. name: content-service -version: 0.1.0 +version: 0.2.0 diff --git a/charts/content-service/templates/content-gcs-sealedsecret.yaml b/charts/content-service/templates/content-gcs-sealedsecret.yaml index 13c4632..9bc9b0f 100644 --- a/charts/content-service/templates/content-gcs-sealedsecret.yaml +++ b/charts/content-service/templates/content-gcs-sealedsecret.yaml @@ -10,4 +10,5 @@ metadata: type: Opaque spec: encryptedData: - credentials.json: {{ .Values.google.SealedSecret | quote }} \ No newline at end of file + credentials.json: {{ .Values.sealedSecret.google.serviceAccount | quote }} + sign_url_key: {{ .Values.sealedSecret.google.signUrlKey | quote }} \ No newline at end of file diff --git a/charts/content-service/templates/content-token-sealedsecret.yaml b/charts/content-service/templates/content-token-sealedsecret.yaml new file mode 100644 index 0000000..a759ef2 --- /dev/null +++ b/charts/content-service/templates/content-token-sealedsecret.yaml @@ -0,0 +1,13 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + name: {{ template "service.fullname" . }}-token-sealedsecret + labels: + app: {{ template "service.name" . }} + chart: {{ template "service.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +spec: + encryptedData: + token_encryptdecrypt_key: {{ .Values.sealedSecret.token.encryptDecryptKey | quote }} \ No newline at end of file diff --git a/charts/content-service/templates/deployment.yaml b/charts/content-service/templates/deployment.yaml index b5935bf..87dd92f 100644 --- a/charts/content-service/templates/deployment.yaml +++ b/charts/content-service/templates/deployment.yaml @@ -58,7 +58,7 @@ spec: value: {{ .Values.ports.containerPort.http | quote }} - name: GRPC_SERVER_PORT value: {{ .Values.ports.containerPort.grpc | quote }} - #Cassandra Config + ## Cassandra Config - name: CASSANDRA_KEYSPACE value: {{ .Values.cassandra.keyspace-name | quote }} - name: CASSANDRA_CONTACT_POINTS @@ -67,24 +67,40 @@ spec: value: {{ .Values.cassandra.port | quote }} - name: CASSANDRA_KEYSPACE_REPLICATION value: {{ .Values.cassandra.replication | quote }} - - name: GOOGLE_APPLICATION_CREDENTIALS - value: "/etc/secrets/google/credentials.json" - +## Extra variables {{ if .Values.extra_vars -}} {{ toYaml .Values.extra_vars | indent 8 }} {{- end -}} + + #- name: GOOGLE_APPLICATION_CREDENTIALS + # value: "/etc/secrets/google/credentials.json" + + ## SIGN_URL_KEY - name: SIGN_URL_KEY valueFrom: secretKeyRef: - name: content-service-gcloud + name: {{ template "service.fullname" . }}-gcs-sealedsecret key: sign_url_key + ## TOKEN_ENCRYPTDECRYPT_KEY + - name: TOKEN_ENCRYPTDECRYPT_KEY + valueFrom: + secretKeyRef: + name: {{ template "service.fullname" . }}-token-sealedsecret + key: token_encryptdecrypt_key + ## GOOGLE_SERVICE_ACCOUNT_PATH volumeMounts: - name: google-service-account - mountPath: /etc/secrets/google/ - - name: service-account-gcloud mountPath: /opt/nynja/config resources: {{ toYaml .Values.resources | indent 12 }} + ## GOOGLE_SERVICE_ACCOUNT_PATH + volumes: + - name: google-service-account + secret: + secretName: {{ template "service.fullname" . }}-gcs-sealedsecret + items: + - key: credentials.json + path: credentials.json {{- with .Values.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} @@ -97,14 +113,3 @@ spec: tolerations: {{ toYaml . | indent 8 }} {{- end }} - - volumes: - - name: google-service-account - secret: - secretName: content-gcs-sealedsecret - - name: service-account-gcloud - secret: - secretName: content-service-gcloud - items: - - key: application-credentials.json - path: application-credentials.json diff --git a/charts/content-service/templates/secret.yaml b/charts/content-service/templates/secret.yaml deleted file mode 100644 index fae7bd2..0000000 --- a/charts/content-service/templates/secret.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{ if and .Values.sign_url_key .Values.account_service -}} ---- -apiVersion: v1 -kind: Secret -metadata: - name: content-service-gcloud - namespace: content -data: - sign_url_key: {{ .Values.sign_url_key | b64enc }} - application-credentials.json: {{ .Values.account_service }} -{{- end -}} diff --git a/charts/content-service/values.yaml b/charts/content-service/values.yaml index f787e1a..c5d0d9a 100644 --- a/charts/content-service/values.yaml +++ b/charts/content-service/values.yaml @@ -43,13 +43,11 @@ corsPolicy: maxAge: extra_vars: - - name: TOKEN_ENCRYPTDECRYPT_KEY - value: "someKeyUsedForEncryptionAndDecryption" - - name: TOKEN_TIMETOLIVE + - name: TOKEN_TIME_TO_LIVE value: "36000" - name: MAX_FILE_SIZE value: "1610612736" - - name: TOKEN_MAXUPLOADRETRIES + - name: TOKEN_MAX_UPLOAD_RETRIES value: "3" - name: MEDIA-TYPES_TEXT value: "doc, docx, odt, rtf, txt" @@ -68,45 +66,35 @@ extra_vars: - name: MEDIA-TYPES_DATA value: "csv, ppt, pptx" - name: FILE_UPLOAD_URL - value: https://content.dev-eu.nynja.net/file/upload + value: "https://content.dev-eu.nynja.net/file/upload" + - name: FILE_UPLOAD_JOB_TTL + value: "1" - name: FILE_DOWNLOAD_URL - value: https://content.dev-eu.nynja.net/file/download/ + value: "https://content.dev-eu.nynja.net/file/download/" - name: STORAGE_PROVIDER value: "GOOGLE" - name: LOCAL_STORAGE_LOCATION - value: /src/main/resources + value: "/opt/nynja/" - name: GOOGLE_STORAGE_URI - value: https://storage.googleapis.com + value: "https://storage.googleapis.com" - name: GOOGLE_STORAGE_BUCKET - value: content-service-dev + value: "content-service-storage-dev-uw1" - name: GOOGLE_UPLOAD_CHUNK_SIZE value: "262144" - name: GOOGLE_SERVICE_ACCOUNT_PATH - value: "" + value: "/opt/nynja/config/credentials.json" - name: SIGN_URL_KEY_NAME - value: "content-cdn-dev-uw1-lb-sign-key2" - - name: SIGN_URL_KEY - value: "LEVsBE1vMfGh0XeuDVU00w==" + value: "content-cdn-dev-uw1-lb-sign-key2" - name: SIGN_URL_TTL - value: "3600" + value: "3600" - name: SIGN_URL_CDN_URI value: "https://content-cdn.dev.nynja.net" - - name: OUTPUT_ANSI_ENABLED - value: "ALWAYS" - - name: LOGGING_LEVEL_ROOT - value: "INFO" - - name: LOGGING_LEVEL_ORG_SPRINGFRAMEWORK_WEB - value: "INFO" - - name: MANAGEMENT_ENDPOINT_METRICS_ENABLED - value: true - - name: MANAGEMENT_ENDPOINT_PROMETHEUS_ENABLED - value: true - - name: MANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE - value: "prometheus, health, info, loggers" - - name: MANAGEMENT_METRICS_EXPORT_PROMETHEUS_ENABLED - value: true - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /opt/nynja/application-credentials.json + #- name: GOOGLE_APPLICATION_CREDENTIALS + # value: /opt/nynja/application-credentials.json -google: - SealedSecret: "" \ No newline at end of file +sealedSecret: + google: + serviceAccount: "" + signUrlKey: "" + token: + encryptDecryptKey: "" -- GitLab From 4092b6a073a287990b37e495bd482e48988ff049 Mon Sep 17 00:00:00 2001 From: Chetan Rathore Date: Fri, 12 Jun 2020 15:56:13 +0530 Subject: [PATCH 6/8] added google_api_hosts in values.yml --- charts/content-service/Chart.yaml | 2 +- charts/content-service/values.yaml | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/charts/content-service/Chart.yaml b/charts/content-service/Chart.yaml index 0e1f10f..3a34eae 100644 --- a/charts/content-service/Chart.yaml +++ b/charts/content-service/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "1.0" description: Deployment of Nynja content service. name: content-service -version: 0.2.0 +version: 0.2.1 diff --git a/charts/content-service/values.yaml b/charts/content-service/values.yaml index c5d0d9a..18f83fd 100644 --- a/charts/content-service/values.yaml +++ b/charts/content-service/values.yaml @@ -92,6 +92,9 @@ extra_vars: #- name: GOOGLE_APPLICATION_CREDENTIALS # value: /opt/nynja/application-credentials.json +google_api_hosts: + + sealedSecret: google: serviceAccount: "" -- GitLab From 88c9e6eb2dc6de13e6486093e358d4667820df6b Mon Sep 17 00:00:00 2001 From: Chetan Rathore Date: Mon, 15 Jun 2020 14:22:02 +0530 Subject: [PATCH 7/8] Chart update with values.yml --- charts/content-service/Chart.yaml | 2 +- charts/content-service/templates/authentication-policy.yaml | 4 ++-- charts/content-service/templates/cronjob.yaml | 2 +- charts/content-service/templates/envoy-grpc-web.yaml | 2 +- charts/content-service/values.yaml | 6 ++++++ 5 files changed, 11 insertions(+), 5 deletions(-) diff --git a/charts/content-service/Chart.yaml b/charts/content-service/Chart.yaml index 3a34eae..2a0d14d 100644 --- a/charts/content-service/Chart.yaml +++ b/charts/content-service/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "1.0" description: Deployment of Nynja content service. name: content-service -version: 0.2.1 +version: 0.2.2 diff --git a/charts/content-service/templates/authentication-policy.yaml b/charts/content-service/templates/authentication-policy.yaml index be24b27..8eeab43 100644 --- a/charts/content-service/templates/authentication-policy.yaml +++ b/charts/content-service/templates/authentication-policy.yaml @@ -12,8 +12,8 @@ spec: - name: {{ template "service.name" . }} origins: - jwt: - issuer: https://auth.nynja.biz/ - jwksUri: http://auth-service.auth.svc.cluster.local:8008/keys/public + issuer: {{ .Values.jwt.issuer | quote }} + jwksUri: {{ .Values.jwt.jwksUri | quote }} trigger_rules: - excluded_paths: - exact: /actuator/health diff --git a/charts/content-service/templates/cronjob.yaml b/charts/content-service/templates/cronjob.yaml index 9c7e037..211ca81 100644 --- a/charts/content-service/templates/cronjob.yaml +++ b/charts/content-service/templates/cronjob.yaml @@ -8,7 +8,7 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: - schedule: "0 3 * * *" + schedule: {{ .Values.db_cleanup_schedule | quote }} failedJobsHistoryLimit: 5 successfulJobsHistoryLimit: 3 jobTemplate: diff --git a/charts/content-service/templates/envoy-grpc-web.yaml b/charts/content-service/templates/envoy-grpc-web.yaml index d6ddbd6..eeef840 100644 --- a/charts/content-service/templates/envoy-grpc-web.yaml +++ b/charts/content-service/templates/envoy-grpc-web.yaml @@ -12,7 +12,7 @@ spec: app: {{ template "service.name" . }} filters: - listenerMatch: - portNumber: 6563 + portNumber: {{ .Values.ports.containerPort.grpc }} listenerType: SIDECAR_INBOUND filterName: envoy.grpc_web filterType: HTTP diff --git a/charts/content-service/values.yaml b/charts/content-service/values.yaml index 18f83fd..df42ac6 100644 --- a/charts/content-service/values.yaml +++ b/charts/content-service/values.yaml @@ -93,6 +93,12 @@ extra_vars: # value: /opt/nynja/application-credentials.json google_api_hosts: + +db_cleanup_schedule: "0 3 * * *" + +jwt: + issuer: "https://auth.nynja.biz/" + jwksUri: "http://auth-service.auth.svc.cluster.local:8008/keys/public" sealedSecret: -- GitLab From d2c7787d50986f0a0e0aca41ffb21aabcfacd0d7 Mon Sep 17 00:00:00 2001 From: Chetan Rathore Date: Mon, 15 Jun 2020 16:12:29 +0530 Subject: [PATCH 8/8] Updated release files for chart 0.2.2 --- releases/dev/content-service.yaml | 90 +++++++++++++++----- releases/prod/content-service.yaml | 113 +++++++++++++++++++++++++- releases/staging/content-service.yaml | 90 +++++++++++++++++++- 3 files changed, 267 insertions(+), 26 deletions(-) diff --git a/releases/dev/content-service.yaml b/releases/dev/content-service.yaml index 8f69cb8..5a8331e 100644 --- a/releases/dev/content-service.yaml +++ b/releases/dev/content-service.yaml @@ -8,7 +8,7 @@ spec: chart: repository: https://nynjagroup.jfrog.io/nynjagroup/helm/ name: content-service - version: 0.1.0 + version: 0.2.2 values: replicaCount: 1 @@ -32,9 +32,15 @@ spec: ports: containerPort: - http: 8001 - grpc: 6563 + http: 8000 + grpc: 6565 + cassandra: + keyspace-name: "content" + contact-points: "cassandra.cassandra.svc.cluster.local" + port: "9042" + replication: "3" + # CORS policy corsPolicy: allowOrigin: @@ -47,6 +53,9 @@ spec: - https://web.dev.nynja.net - https://web.staging.nynja.net - https://web.nynja.net + - https://desktop.dev.nynja.net + - https://desktop.staging.nynja.net + - https://desktop.nynja.net allowMethods: - POST - GET @@ -57,33 +66,74 @@ spec: - x-grpc-web maxAge: "600s" - google_api_hosts: - - www.googleapis.com - - accounts.google.com - - oauth2.googleapis.com - - storage.googleapis.com + # Allow Egress traffic to Google API extra_vars: + - name: TOKEN_TIME_TO_LIVE + value: "36000" + - name: MAX_FILE_SIZE + value: "1610612736" + - name: TOKEN_MAX_UPLOAD_RETRIES + value: "3" + - name: MEDIA-TYPES_TEXT + value: "doc, docx, odt, rtf, txt" + - name: MEDIA-TYPES_AUDIO + value: "mp3, wav, wma" + - name: MEDIA-TYPES_VIDEO + value: "avi, mov, mp4, mpg, wmv" + - name: MEDIA-TYPES_IMAGE + value: "bmp, gif, jpg, png, svg" + - name: MEDIA-TYPES_PAGE-LAYOUT + value: "pdf" + - name: MEDIA-TYPES_SPREADSHEET + value: "xls, xlsx" + - name: MEDIA-TYPES_COMPRESSED + value: "7z, zip" + - name: MEDIA-TYPES_DATA + value: "csv, ppt, pptx" - name: FILE_UPLOAD_URL - value: https://content.dev.nynja.net/rest/file/upload/ + value: "https://content.dev.nynja.net/file/upload" + - name: FILE_UPLOAD_JOB_TTL + value: "1" - name: FILE_DOWNLOAD_URL - value: https://content.dev.nynja.net/rest/file/download/ + value: "https://content.dev.nynja.net/file/download/" + - name: STORAGE_PROVIDER + value: "GOOGLE" - name: LOCAL_STORAGE_LOCATION value: "/opt/nynja/" - name: GOOGLE_STORAGE_URI value: "https://storage.googleapis.com" - name: GOOGLE_STORAGE_BUCKET - value: nynja-content-service-dev - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /opt/nynja/config/application-credentials.json + value: "content-service-storage-dev-uw1" + - name: GOOGLE_UPLOAD_CHUNK_SIZE + value: "262144" + - name: GOOGLE_SERVICE_ACCOUNT_PATH + value: "/opt/nynja/config/credentials.json" - name: SIGN_URL_KEY_NAME - value: content-dev-sign-key + value: "content-cdn-dev-uw1-lb-sign-key2" - name: SIGN_URL_TTL - value: "86400" + value: "3600" - name: SIGN_URL_CDN_URI - value: "http://content-cdn.dev-eu.nynja.net" - - name: STORAGE_PROVIDER - value: GOOGLE - - name: MAX_FILE_SIZE - value: "3072" + value: "https://content-cdn.dev.nynja.net" + + google_api_hosts: + - www.googleapis.com + - accounts.google.com + - oauth2.googleapis.com + - storage.googleapis.com + + db_cleanup_schedule: "0 3 * * *" + + jwt: + issuer: "https://auth.nynja.biz/" + jwksUri: "http://auth-service.auth.svc.cluster.local:8008/keys/public" + + + sealedSecret: + google: + serviceAccount: "AgCINMWSjcrWmMNhPGyUN8LVfqZ/nNwtfkZbZC2cezsQfJyY2RY5NNftSxL9tA6AmDyy239zEJ4twFEv5uGYR1Vsx83K8bv4oWhWUOLyfGeeocEA9CWXji8ZWn3uIKAzg8oMZ1by4UxBplAl6h7r9ihsbxDS+8kP8r51/sX9Nm2Xsa6Azb1RYHdYTZ5DUW29nWFmpNUXTaYw35d7LVe5npblKV+geUXwXnpO9rMvjFRlSv8olof4FWhjla0wzN9GG5QQmod2ZaSbHNADrUE/fX6HC2wSIF8JJ3VRs7oBDtiFKE6e2mw+1JNAnPOgnSEOvJvZeIf2urp/dz80AaZT61BKZIHOj7/cnaARp/33V4BNcWtUHtRMP7CfLTmnCJkEmV+wF6EL8BBI91JnJYooZl9uRuV6FtyIGdFNdvlFe4FoEQ4Z8yM4VduvjgSCOVx8UvNEfvVl+VQ2oOD+R+lxpuk79s9bMt5cRTdH0uHbXk+/VI3BuR9g7NfzsdQelcs2Ek1j89CnuWdInpd5jhvFYzfumw+60mpuddd7QerIoyUGoWvTvGXFJbILSASSwe7s1x4dVOM6FbawwKLwqJ6kPGs+slWguP7vKGHLp4dK+0N7E3VPWzBZ/bGiLkiyoEg2IroA4qKLrB6ZMgcBJJjp0ppbI5uWVlftC/us2nMuvdjAD9iDpqQcpS05BgW4sUoajpkNe7G6jppfHo6KnAKPOYFRhubW3MNNZd/PvJpmPEKO8eMzx2kUCd/79P6Uflh6R9gfnYFyAGx+1VKGNnNBuXXOSVIkcOJHOY6EgYQ9YlsGj0YYGuVUSxECX+ogO4ub4K0XrWzOU+ouS0Z8JMSGAz9fQGO3jXUDgwJw76328xViZvrg6oYBk+HGKNhpiKkcl0CybCgBvZzFUMajWd/CKH5OoOOo0UZO/PPbmnCJ0AAqSOjOnk43NNdoIAOwmUhO4jVnftjw1yFj/XCnX2QML9Kjc1mDnxcB6KwTmtKLXbs4vC7C2sGovjZXiSp3cYYK+0sWnzlrETJtJbxfjqQA+SAHb76GOn44DEnKG5ZEX8pvyHcFEwzZ/ZgVknVdo8mtw2Mt1ANaTRQK2oWOOXil7rdxcU7T6WIElmLhv5jb09ltrKQlfHfnSbplWmITNpzICg7SVHthh39MncEwdTfZl/AHjaqnV/WFzFg6iUekKMc5IO3gVOtn5q84/ES+Hlgn1GoqVLHg0Ko7y/qR09pBu7Q5lnB5ioO2YD+O55cuQqO9lrD+RFeZi70rR3Dohm7ysTPrZoyXV6kG3kerE4qLp8Kg6yOHXHY9iSh9eb2tsV0eCOedOL8ng2uThB4IJ6HwQSErigvu9KRdxNKwPsx3X947pLj3f3ALZ7yKuGu1dtMasex5/d+Yb5lwgfjFoAaV2mXA7Gzu1RMpXFtgxR9RrCYwtT5ka0FSSEnDQpDrgjNuVNvi/GQkSVKX4j8RBINGtsyIsuGYYphnkMBsuIiUv+VP6/GMylTICpewGws8jizNd9Y0ek7xh1q8JOOI28fJ4vf8yGtWMr0yN2pq4va+mcGvFwiuKTnco9nFju98r+dwo7ZbXgu37P/MISvSIbVDvBbB+xiNa6fB8E4vhZj330HWaBwoVaHXeJ3sqIC+JI0ONFSXgPqlmycsmTsCjIQbPArEGqAgbNfzWMC2jvG9vAFC7jAL0Ax0cfLe2WK5ox9y3+SNB4MJPTTuVrUNpz/AgVlpG3qkL+vWEu0fPAwK14DQ3kJIgu+W5RTU+Pq0SPQEa5g3ufCAxpxKr/a9BCg2uLX/CcCeo1pcUR4/Gw0Mv4k6YTXYw7IwLHxt5F7A3xSthVfV+VHFDpxyYBU1NmM5AF9MbDJKCBBy5PjKPgz+OltcFlXKpKn2cV0OpjCWGTUohCBGmGjEHTsYdO6U0AkPsUAHUJFbr+HKGGI62Tr6YscgPTDsK287FRgWGjb2RwmgNpZyPWRCWENtiy5kNNg/aQhRSEwukUPzxzyjiYXCLSXlIoJ4OhFJUmvWGefqC31NyX9f5I5Ml4Ble8kADKHHFISZ1oJdUqpueCPOcABTofiGUV90bzsUC1gGPtO8uXNaDzPAiwxIeOkLmN5HHfjYmEQ5rZhCxp+5E8hNd9o2eYqreVa089r9zZA/FrdgY6QZWyIpZDm/CrgytG61tzDafH2N9XNoJM3a6UMqy2AQm501WdPU85BKgAG6r0mf/6iox2BYi+/oPU7dA6FEuNr4ecRyNvds3AEu5HN2u4S3e/Dw+D2jO8Y/k/fXbqvCI+UuXSbK0bFpxO3XK1cZDInYOIgswmTAJTPV67ujzHojHm5uy4dtelhL9B5f+jJ7Y4ANIVb8L0KwdNKsu2KLD6nt3w3CjtLrtEXh1+NzAQro+BHPoWOxM8I3E83KokFKwiHkyLzcGD7/6NrduUDge7Xuu6Ei+BXsOnnFqfxiprDm8V5OANTBJG59BgI4BdU+Y+dbjScqmOzwZVsCtZ1GilG8fxSvzvdjuV+oyXPKYcwhLnphxRnKcZOep53tRilQ0jkw196dM0df8EUDOQj+OkZJU2UPNXvc+vxxUq3i2486zcGwTjCpFOlbFsyC915/ULmB5UlPQvDbT04t7INM5bRPly9rrs7BAkwWr4UOZ7k1qD8B0oX+HQFuJhmfX8C+zUlKrC+xgbKKuKI/71okN7FRJIEqUiNiHf0NYfGPKdW74yKZtEc+2IrIKDrQbLVc3bqf7LGBc2RepZU9JIRWuJ7EwPHUeMrTor/6kNTIW+SiNh399syYp+9nJS44AfVyZsrc7bzJHNB54rP+O2yJNgvde/L9jt88fU5LvuaIooDsjUV8RptgFXziJSceb1owzJVpwaj8nO2bK37xYUdseZ878vz7n5FkxvutJE9NBXsBcInXYU8jISxZUtqNODJfKTNB5RN3victOcYtWi9HypWCHC+ka+FgkgGpjTtEFDx3qt1Hs0iOJoeNXALA8EoLfcnn25PD8+GPGatqmDUHSXCzGcRl362xgpMUtQXrNAKZ/xiURqGyNahbv8pCdCO6xaaBXPMB+X5xyjBpTorNZJZnUQCE/04bbKsX9pH5jSerwp4iiY3syItKECUvgpt1JxG/P6/LBGPOiGkA1LsluIQz52D3JFzNYny8CU57luy/vYTln/0yNGY3XFUOu+VBmHzlU2Bl6mggwR0eLRB/iX1u5NG2wtKmLCLMU11J8wgdVWiCM6e0Y7ixoab5DOPcmXkUt9bIz8PA3SwLhMYoRUEHsqq+GtcnyCgHKUnH+ppn50IJHWG29Cch8qitJXMILg+yBq7wUpGEO2vJ6fZpYTSzh+SO95emkgFk2lEb60+frsWsJFiVM+Rdef0wwnFUh9Q8giRZ9oOXg4SC+ZWu1Ca5G0YRaDlqg9dhIXuLK8f5mogK8ebDhzuvWlRTSzUvn1w1sjP2pczay2VwcnP+AZE1VvpA/s88NFsUMuhCxWQ0krNylPuH+2pg7NZ4KEdI7y5gHAsdrM+lEJnt3Kgn0yrZvsMlu9jDUJ6X35d2wDssrbel1JPjIGy0b9bUXiEipTY14GAgwCqWqw57+q1P4AczQyBVM4FZ3Jg8a/N+3N8JXnTUvPsvfhvEHuyahf0S5fVyxOYOzSYtXHFIjMTxwX11ZplFkFyuV/KNk7UOGLRmirx2mw6912AfGW5hO/3hhwHQEHAIb62waD00j31OgLi0knhhTFCILi4pN+w/Be/fy9Poq3srYfLV1NBgbvP7SLtqVO+N0X2FZt+T1ss710Sp7BG5NyJj1kb/xrFu+nvDVOpSrIy+Ru94ftrGAFOjv+50gJSuDsK5wnKLpEY3t/V7TEJVmoR9QgpI" + signUrlKey: "AgAtbGCYSQkXUPTxnaFvCMfcpMgR68cqKF6xzqy85enBVmnkW/n8yl3YdxcgD8VEozXkqIdhLH0r08ngXYW3ekkbdY8JzdXS49a2+nRVd3UF9Oi287yD123nlIQJO+tVNlfLycWOzs+u8VTrbCEg74vaMS9vsGfPf0oqnm1o9kwGD04OTN/wYfw58J0tlc717vCwm9YkdzgARQKx1Qjir5xImglQjHgJFAuTQUhMVVxvLOk2Hl4sZ0BTSz0R/IzINPvnRT12JgxUaXKTpHPGibu/kY/H4LWX1hyHhedZRTlVIyyE3Au3kWg2twjwT7dAeIZCmVvQmEnpfpnSIeFhNd+XfH1P4QXjfrStbEVNpG9kPD8bdg6CaIx92ibRLpBuCc7GZ03xlvTPtqvqk8Xih4Z4ygbLpdxmA1SdsseKchS2ZaWW21yN3ZKwbDyZnKEIMfnptUce8KRxrHlM//kFE3adK5znz3LL2X82tWHaISRUPYyhg1lrYzMDvE1XRdIeqRnYovBAjFh5GIJt2elDbwNwEYlh6CPq98omYevb1Xqcb/n6Ky3ttDVFTi94QAMRLz3LfPE9Hk5K8B7zblURJ8B+trquRvovuPoo27aPc482XAD8U0hXQMTBOTmjqY0GHlSYepqm4LprTH1ruVs6RIhM1HyHY7XDZYaqiDlbnH1Ud+YEz+7gfiTq42cqTGcHQ9SS2/+HOBsWEYHiw/zDUot7TD1PEJ2T+Zc=" + token: + encryptDecryptKey: "AgBr1BiihcmeUFH+sVk/HdNRcfadbzXMz8blOSSfwCtofE9K7bOh+waVNkvZJdDGWdFtOhv8DFXkmU0KHZO0VKWbUKBq04Vl+5iDrzfrRjTpd8S9vEGnb2PLfZIy1BqOTxV+4bXTlSRg76Ju2wntkEPGLhIDSJDN4zX8qYacTzxFltlIoLdHmPR2Lfx2j2JTG7xljeYNoBOEgxhhfwV0PIIN0t3fpeMmifhBH+7VEAqNXgCZ/50Ssac1+Fh+vqyTGIBlhT5HLNPQxAVBmuxUWkVGVUuHW94Fld3KiJQley43P1QcqXO6ijgHd5yHsO84pCRE95AX4ez8cLYb+Z6+b/YkbLa+zWHS3bLn2HMnL6oFXQ5VfQlgN4NdBZLZcBVQGvuyetpCYozvVP2LIzfd/EXdjGc+wDzmxde9zjuWhKGRgk5/qk6ct70hYre+MmifpgbIjewmvCHZwOR9HXaKgDnVnmpLa6F7o8fKzVeIpTnRrja3WbEbEijKkwGCh/i6O74FtbWgFroTOrdtMLrLml1OFsNRAqAj8CLXgdh2EupM1GjyLuOmE5b6Ewi2EUOhnViQklP0I3Javt5uPxyqVccOH2BHAY3HQFcoSsdQwzypTcprFkD1wgaIrXjLqoZckh7mz+Rn5I5lAsnJtvtP6PkW1TgYr4sSdXCyJGOBnsTVLIyFyMtT5NJ3NjQr6k+HeAqVTzYm9B5XgaZn3MBGfCoxc62jayRnnZfQ9amfYxMHZdaDe5xJ" + \ No newline at end of file diff --git a/releases/prod/content-service.yaml b/releases/prod/content-service.yaml index 1014f38..1ed67de 100644 --- a/releases/prod/content-service.yaml +++ b/releases/prod/content-service.yaml @@ -8,9 +8,9 @@ spec: chart: repository: https://nynjagroup.jfrog.io/nynjagroup/helm/ name: content-service - version: 0.1.0 + version: 0.2.2 values: - replicaCount: 2 + replicaCount: 1 image: repository: ${IMAGE_NAME} @@ -21,3 +21,112 @@ spec: - api-gateway.default.svc.cluster.local hosts: - content.nynja.net + + resources: + limits: + cpu: 1 + memory: 1500Mi + requests: + cpu: 500m + memory: 1000Mi + + ports: + containerPort: + http: 8000 + grpc: 6565 + + cassandra: + keyspace-name: "content" + contact-points: "cassandra.cassandra.svc.cluster.local" + port: "9042" + replication: "3" + + # CORS policy + corsPolicy: + allowOrigin: + - https://web.dev.nynja.net + - https://web.staging.nynja.net + - https://web.nynja.net + - https://desktop.dev.nynja.net + - https://desktop.staging.nynja.net + - https://desktop.nynja.net + allowMethods: + - POST + - GET + - OPTIONS + allowCredentials: false + allowHeaders: + - content-type + - x-grpc-web + maxAge: "600s" + + + + # Allow Egress traffic to Google API + extra_vars: + - name: TOKEN_TIME_TO_LIVE + value: "36000" + - name: MAX_FILE_SIZE + value: "1610612736" + - name: TOKEN_MAX_UPLOAD_RETRIES + value: "3" + - name: MEDIA-TYPES_TEXT + value: "doc, docx, odt, rtf, txt" + - name: MEDIA-TYPES_AUDIO + value: "mp3, wav, wma" + - name: MEDIA-TYPES_VIDEO + value: "avi, mov, mp4, mpg, wmv" + - name: MEDIA-TYPES_IMAGE + value: "bmp, gif, jpg, png, svg" + - name: MEDIA-TYPES_PAGE-LAYOUT + value: "pdf" + - name: MEDIA-TYPES_SPREADSHEET + value: "xls, xlsx" + - name: MEDIA-TYPES_COMPRESSED + value: "7z, zip" + - name: MEDIA-TYPES_DATA + value: "csv, ppt, pptx" + - name: FILE_UPLOAD_URL + value: "https://content.nynja.net/file/upload" + - name: FILE_UPLOAD_JOB_TTL + value: "1" + - name: FILE_DOWNLOAD_URL + value: "https://content.nynja.net/file/download/" + - name: STORAGE_PROVIDER + value: "GOOGLE" + - name: LOCAL_STORAGE_LOCATION + value: "/opt/nynja/" + - name: GOOGLE_STORAGE_URI + value: "https://storage.googleapis.com" + - name: GOOGLE_STORAGE_BUCKET + value: "content-service-storage-prod-uw1" + - name: GOOGLE_UPLOAD_CHUNK_SIZE + value: "262144" + - name: GOOGLE_SERVICE_ACCOUNT_PATH + value: "/opt/nynja/config/credentials.json" + - name: SIGN_URL_KEY_NAME + value: "content-cdn-prod-uw1-lb-sign-key" + - name: SIGN_URL_TTL + value: "3600" + - name: SIGN_URL_CDN_URI + value: "https://content-cdn.nynja.net" + + google_api_hosts: + - www.googleapis.com + - accounts.google.com + - oauth2.googleapis.com + - storage.googleapis.com + + db_cleanup_schedule: "0 3 * * *" + + jwt: + issuer: "https://auth.nynja.biz/" + jwksUri: "http://auth-service.auth.svc.cluster.local:8008/keys/public" + + + sealedSecret: + google: + serviceAccount: "" + signUrlKey: "" + token: + encryptDecryptKey: "" diff --git a/releases/staging/content-service.yaml b/releases/staging/content-service.yaml index 5bf2eff..a9eed59 100644 --- a/releases/staging/content-service.yaml +++ b/releases/staging/content-service.yaml @@ -8,9 +8,9 @@ spec: chart: repository: https://nynjagroup.jfrog.io/nynjagroup/helm/ name: content-service - version: 0.1.0 + version: 0.2.2 values: - replicaCount: 2 + replicaCount: 1 image: repository: ${IMAGE_NAME} @@ -32,13 +32,24 @@ spec: ports: containerPort: - http: 8001 - grpc: 6563 + http: 8000 + grpc: 6565 + cassandra: + keyspace-name: "content" + contact-points: "cassandra.cassandra.svc.cluster.local" + port: "9042" + replication: "3" + # CORS policy corsPolicy: allowOrigin: + - https://web.dev.nynja.net - https://web.staging.nynja.net + - https://web.nynja.net + - https://desktop.dev.nynja.net + - https://desktop.staging.nynja.net + - https://desktop.nynja.net allowMethods: - POST - GET @@ -49,3 +60,74 @@ spec: - x-grpc-web maxAge: "600s" + + + # Allow Egress traffic to Google API + extra_vars: + - name: TOKEN_TIME_TO_LIVE + value: "36000" + - name: MAX_FILE_SIZE + value: "1610612736" + - name: TOKEN_MAX_UPLOAD_RETRIES + value: "3" + - name: MEDIA-TYPES_TEXT + value: "doc, docx, odt, rtf, txt" + - name: MEDIA-TYPES_AUDIO + value: "mp3, wav, wma" + - name: MEDIA-TYPES_VIDEO + value: "avi, mov, mp4, mpg, wmv" + - name: MEDIA-TYPES_IMAGE + value: "bmp, gif, jpg, png, svg" + - name: MEDIA-TYPES_PAGE-LAYOUT + value: "pdf" + - name: MEDIA-TYPES_SPREADSHEET + value: "xls, xlsx" + - name: MEDIA-TYPES_COMPRESSED + value: "7z, zip" + - name: MEDIA-TYPES_DATA + value: "csv, ppt, pptx" + - name: FILE_UPLOAD_URL + value: "https://content.staging.nynja.net/file/upload" + - name: FILE_UPLOAD_JOB_TTL + value: "1" + - name: FILE_DOWNLOAD_URL + value: "https://content.staging.nynja.net/file/download/" + - name: STORAGE_PROVIDER + value: "GOOGLE" + - name: LOCAL_STORAGE_LOCATION + value: "/opt/nynja/" + - name: GOOGLE_STORAGE_URI + value: "https://storage.googleapis.com" + - name: GOOGLE_STORAGE_BUCKET + value: "content-service-storage-staging-uw1" + - name: GOOGLE_UPLOAD_CHUNK_SIZE + value: "262144" + - name: GOOGLE_SERVICE_ACCOUNT_PATH + value: "/opt/nynja/config/credentials.json" + - name: SIGN_URL_KEY_NAME + value: "content-cdn-staging-uw1-lb-sign-key" + - name: SIGN_URL_TTL + value: "3600" + - name: SIGN_URL_CDN_URI + value: "https://content-cdn.staging.nynja.net" + + google_api_hosts: + - www.googleapis.com + - accounts.google.com + - oauth2.googleapis.com + - storage.googleapis.com + + db_cleanup_schedule: "0 3 * * *" + + jwt: + issuer: "https://auth.nynja.biz/" + jwksUri: "http://auth-service.auth.svc.cluster.local:8008/keys/public" + + + sealedSecret: + google: + serviceAccount: "" + signUrlKey: "" + token: + encryptDecryptKey: "" + -- GitLab