Add fraud ui (#247)

* Add fraud ui * Cilium policies
2024-11-06 00:45:18 +00:00 · 2021-11-30 11:13:51 +03:00 · 2021-11-30 11:13:51 +03:00 · 0b45ecbeac
commit 0b45ecbeac
parent 63d8321a8f
5 changed files with 135 additions and 0 deletions
--- a/config/fraudbusters-ui/appConfig.json.gotmpl
+++ b/config/fraudbusters-ui/appConfig.json.gotmpl
@ -0,0 +1,6 @@
+{{- $domainWithNamespace := printf "%s.%s" .Release.Namespace .Values.services.ingress.rootDomain -}}
+{{- $ingressDomain := .Values.services.ingress.namespacedDomain | ternary $domainWithNamespace .Values.services.ingress.rootDomain -}}
+{
+    "fbManagementEndpoint": "https://api.{{ $ingressDomain | default "rbk.dev" }}",
+    "pageSize": 10
+}
--- a/config/fraudbusters-ui/authConfig.json.gotmpl
+++ b/config/fraudbusters-ui/authConfig.json.gotmpl
@ -0,0 +1,9 @@
+{{- $domainWithNamespace := printf "%s.%s" .Release.Namespace .Values.services.ingress.rootDomain -}}
+{{- $ingressDomain := .Values.services.ingress.namespacedDomain | ternary $domainWithNamespace .Values.services.ingress.rootDomain -}}
+{
+    "realm": "internal",
+    "auth-server-url": "https://auth.{{ $ingressDomain | default "rbk.dev" }}/auth/",
+    "ssl-required": "none",
+    "resource": "fraudbusters-app",
+    "public-client": true
+}
--- a/config/fraudbusters-ui/values.yaml.gotmpl
+++ b/config/fraudbusters-ui/values.yaml.gotmpl
@ -0,0 +1,100 @@
+# -*- mode: yaml -*-
+replicaCount: 1
+
+image:
+  repository: {{ .Values.services.global.registry.repository | default "docker.io/rbkmoney" }}/fraudbusters-ui
+  tag: f0d4b45c0726f6b45f8ad42b77fb7f7750bd86b1
+  pullPolicy: IfNotPresent
+
+{{ if .Values.services.global.registry.imagePullSecret }}
+imagePullSecrets:
+  - name: {{ .Values.services.global.registry.imagePullSecret }}
+{{ end }}
+
+service:
+  type: ClusterIP
+  ports:
+    - name: http
+      port: 8080
+
+configMap:
+  data:
+    appConfig.json: |
+      {{- tpl (readFile "appConfig.json.gotmpl") . | nindent 6 }}
+    authConfig.json: |
+      {{- tpl (readFile "authConfig.json.gotmpl") . | nindent 6 }}
+    fraudbusters-ui.conf: |
+      {{- readFile "vhost.conf" | nindent 6 }}
+
+volumeMounts:
+  - name: config-volume
+    mountPath: /usr/share/nginx/html/appConfig.json
+    subPath: appConfig.json
+    readOnly: true
+  - name: config-volume
+    mountPath: /usr/share/nginx/html/authConfig.json
+    subPath: authConfig.json
+    readOnly: true
+  - name: config-volume
+    mountPath: /etc/nginx/vhosts.d/fraudbusters-ui.conf
+    subPath: fraudbusters-ui.conf
+    readOnly: true
+
+volumes:
+  - name: config-volume
+    configMap:
+      name: {{ .Release.Name }}
+
+livenessProbe:
+  httpGet:
+    path: /appConfig.json
+    port: http
+  initialDelaySeconds: 30
+  timeoutSeconds: 3
+readinessProbe:
+  httpGet:
+    path: /appConfig.json
+    port: http
+  initialDelaySeconds: 30
+  timeoutSeconds: 3
+
+{{ $domainWithNamespace := printf "%s.%s" .Release.Namespace .Values.services.ingress.rootDomain }}
+{{ $ingressDomain := .Values.services.ingress.namespacedDomain | ternary $domainWithNamespace .Values.services.ingress.rootDomain }}
+
+ingress:
+  enabled: true
+  annotations:
+{{- if .Values.services.ingress.tls.letsEncrypt.enabled }}
+    cert-manager.io/cluster-issuer: {{ .Values.services.ingress.tls.letsEncrypt.issuer }}
+{{- end }}
+    kubernetes.io/ingress.class: {{ .Values.services.ingress.class | quote }}
+    nginx.ingress.kubernetes.io/enable-cors: "true" 
+    nginx.ingress.kubernetes.io/cors-allow-methods: "PUT, GET, POST, OPTIONS"
+    nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
+    nginx.ingress.kubernetes.io/configuration-snippet: |
+       more_set_headers "Access-Control-Allow-Origin: $http_origin";
+  hosts:
+    - host: fraudbusters-ui.{{ $ingressDomain | default "rbk.dev" }}
+      paths:
+        - /
+{{- if .Values.services.ingress.tls.enabled }}
+  tls:
+  {{ if .Values.services.ingress.tls.letsEncrypt.enabled }}
+    - secretName: fraudbusters-ui-{{ .Values.services.ingress.tls.secretName }}
+  {{- else }}
+    - secretName: {{ .Values.services.ingress.tls.secretName }}
+  {{- end }}
+      hosts:
+        - fraudbusters-ui.{{ $ingressDomain | default "rbk.dev" }}
+{{- end }}
+  servicePort: 8080
+
+ciliumPolicies:
+  - filters:
+    - port: 8080
+      type: TCP
+    name: fraudbusters-mgmt
+  - filters:
+    - port: 8080
+      type: TCP
+    name: keycloak
--- a/config/fraudbusters-ui/vhost.conf
+++ b/config/fraudbusters-ui/vhost.conf
@ -0,0 +1,16 @@
+server {
+    listen       8080;
+    listen       [::]:8080;
+    server_name  localhost;
+
+    location / {
+        root   /usr/share/nginx/html;
+        index  index.html index.htm;
+        try_files $uri $uri/ /index.html =404;
+    }
+
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/share/nginx/html;
+    }
+}
--- a/helmfile.yaml
+++ b/helmfile.yaml
@ -323,3 +323,7 @@ releases:
  needs:
    - {{ .Namespace | default "default" }}/hellgate
    - {{ .Namespace | default "default" }}/kafka
+- name: fraudbusters-ui
+  <<: *generic_stateless_json
+  needs:
+    - {{ .Namespace | default "default" }}/keycloak