Skip to content

Commit

Permalink
Merge pull request #269 from gabriel-farache/fix/orchestrator-k8s_int…
Browse files Browse the repository at this point in the history 
…egrity-sha

Bump dynamic plugins version
  • Loading branch information
@rgolangh
rgolangh authored Sep 11, 2024
2 parents fa5d4ed + 7cc193a commit e153744
Show file tree
Hide file tree
Showing 2 changed files with 61 additions and 97 deletions.
2 changes: 1 addition & 1 deletion charts/orchestrator-k8s/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ name: orchestrator-k8s
description: |
Helm chart to deploy the Orchestrator solution suite on Kubernetes, including Janus IDP backstage, SonataFlow Operator, Knative Eventing and Knative Serving.
type: application
version: 0.3.10
version: 0.3.11
appVersion: "0.0.1"

dependencies:
Expand Down
156 changes: 60 additions & 96 deletions charts/orchestrator-k8s/values.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,11 @@
global:
host: localhost # Specify your own Ingress host

appName: orchestrator
serviceAccountName: orchestrator-sa
labels:
- app: orchestartor

sonataflowOperator:
image: quay.io/kiegroup/kogito-serverless-operator-nightly:latest

postgresql-persistent:
# depends on sonataflow-operator which still uses the ephemeral image.
enabled: false
Expand All @@ -22,76 +19,71 @@ postgresql-persistent:
port: 5432
image:
tag: "latest"

backstage:
route:
# set to false for kubernetes
enabled: false
global:
dynamic:
includes:
- dynamic-plugins.default.yaml
- dynamic-plugins.default.yaml
plugins:
- disabled: false
package: "@janus-idp/[email protected]"
integrity: sha512-rdTBb0PWZlJh63raLUvhriP/Dexc4z5XOcBOjWTa9nNsvU9BQHkXHaAYkEhbE0g0842MkeEzWrXfedaOWNrx6g==
pluginConfig:
orchestrator:
dataIndexService:
url: http://sonataflow-platform-data-index-service
editor:
path: https://sandbox.kie.org/swf-chrome-extension/0.32.0
- disabled: false
package: "@janus-idp/[email protected]"
integrity: sha512-f/XBL1prZWrnv3ckZNzaiRVOlGpc0jHn7RAHHndhuKRh0Hlzfsmxvs31+hBljE4aLXi6wBwm8iOn604JfiMsTA==
pluginConfig:
dynamicPlugins:
frontend:
janus-idp.backstage-plugin-orchestrator:
appIcons:
- importName: OrchestratorIcon
module: OrchestratorPlugin
name: orchestratorIcon
dynamicRoutes:
- importName: OrchestratorPage
menuItem:
icon: orchestratorIcon
text: Orchestrator
module: OrchestratorPlugin
path: /orchestrator

- disabled: false
package: "https://github.com/redhat-developer/rhdh-plugin-export-backstage-backstage/releases/download/v1.2.0/backstage-plugin-notifications-dynamic-0.2.0.tgz"
integrity: sha512-juXCynHPSIYThJHh1ZfR+77kyAtla3vNOl1telUgC402KZCUoAVB+X3H4ZACWGZNvFQ8ySyVc5q/mE1MrCzW0g==
pluginConfig:
dynamicPlugins:
frontend:
backstage.plugin-notifications:
dynamicRoutes:
- importName: NotificationsPage
menuItem:
config:
props:
titleCounterEnabled: true
webNotificationsEnabled: false
importName: NotificationsSidebarItem
path: /notifications


- disabled: false
package: "https://github.com/redhat-developer/rhdh-plugin-export-backstage-backstage/releases/download/v1.2.0/backstage-plugin-notifications-backend-dynamic-0.2.0.tgz"
integrity: sha512-QxIkZ7uX8CuCu9EUm8t0T0HOv9KT2AboMBwyr0Xu6Xa1I2U3E59YL5f5NQO9yVpidf+6rlV7qTCvJSn5MAQGnw==
- disabled: false
package: https://github.com/redhat-developer/rhdh-plugin-export-backstage-backstage/releases/download/v1.2.0/backstage-plugin-signals-dynamic-0.0.5.tgz
integrity: sha512-QSDkIYPWjgzcBdt3Gvd7Omq472rMI4oy6x7vLTXVHpIzmWetJalaB6SH8dXxORCFqL6hb3ccJjPsn3rSV8+2Jw==
pluginConfig:
dynamicPlugins:
frontend:
backstage.plugin-signals: {}
- disabled: false
package: https://github.com/redhat-developer/rhdh-plugin-export-backstage-backstage/releases/download/v1.2.0/backstage-plugin-signals-backend-dynamic-0.1.3.tgz
integrity: sha512-124+7o/wurgiWkSY5j/80SaauAX/3iVACIm+jR5g09r5QlKfO+GCCNuqhJ8xfbNT+bT6OeyWjPRJMkkjap0u4Q==

- disabled: false
package: "@janus-idp/[email protected]"
integrity: sha512-eaI6aAg8JAvNGwdTvXudoOKjfFnKygLScn6QP9hMvgt6pehtovYb1ZY/+nrym74Shl2OHEbygtxGQr8IH8z6fg==
pluginConfig:
orchestrator:
dataIndexService:
url: http://sonataflow-platform-data-index-service
editor:
path: https://sandbox.kie.org/swf-chrome-extension/0.32.0
- disabled: false
package: "@janus-idp/[email protected]"
integrity: sha512-BUxgmg+zT9eulBqWHQrgzfxVdAATRGMkW1CyILprCWCC3sED+f55QEXNp12xf9hnjSt6ERAU+uSJj0v4RZaAPA==
pluginConfig:
dynamicPlugins:
frontend:
janus-idp.backstage-plugin-orchestrator:
appIcons:
- importName: OrchestratorIcon
module: OrchestratorPlugin
name: orchestratorIcon
dynamicRoutes:
- importName: OrchestratorPage
menuItem:
icon: orchestratorIcon
text: Orchestrator
module: OrchestratorPlugin
path: /orchestrator
- disabled: false
package: "https://github.com/redhat-developer/rhdh-plugin-export-backstage-backstage/releases/download/v1.2.0/backstage-plugin-notifications-dynamic-0.2.0.tgz"
integrity: sha512-juXCynHPSIYThJHh1ZfR+77kyAtla3vNOl1telUgC402KZCUoAVB+X3H4ZACWGZNvFQ8ySyVc5q/mE1MrCzW0g==
pluginConfig:
dynamicPlugins:
frontend:
backstage.plugin-notifications:
dynamicRoutes:
- importName: NotificationsPage
menuItem:
config:
props:
titleCounterEnabled: true
webNotificationsEnabled: false
importName: NotificationsSidebarItem
path: /notifications
- disabled: false
package: "https://github.com/redhat-developer/rhdh-plugin-export-backstage-backstage/releases/download/v1.2.0/backstage-plugin-notifications-backend-dynamic-0.2.0.tgz"
integrity: sha512-QxIkZ7uX8CuCu9EUm8t0T0HOv9KT2AboMBwyr0Xu6Xa1I2U3E59YL5f5NQO9yVpidf+6rlV7qTCvJSn5MAQGnw==
- disabled: false
package: https://github.com/redhat-developer/rhdh-plugin-export-backstage-backstage/releases/download/v1.2.0/backstage-plugin-signals-dynamic-0.0.5.tgz
integrity: sha512-QSDkIYPWjgzcBdt3Gvd7Omq472rMI4oy6x7vLTXVHpIzmWetJalaB6SH8dXxORCFqL6hb3ccJjPsn3rSV8+2Jw==
pluginConfig:
dynamicPlugins:
frontend:
backstage.plugin-signals: {}
- disabled: false
package: https://github.com/redhat-developer/rhdh-plugin-export-backstage-backstage/releases/download/v1.2.0/backstage-plugin-signals-backend-dynamic-0.1.3.tgz
integrity: sha512-124+7o/wurgiWkSY5j/80SaauAX/3iVACIm+jR5g09r5QlKfO+GCCNuqhJ8xfbNT+bT6OeyWjPRJMkkjap0u4Q==
upstream:
# TODO when setting this to false the secret is still referenced in the rhdh
# deployment, looks like rhdh-backstage chart doesn't support excluding
Expand All @@ -102,15 +94,13 @@ backstage:
resources:
limits:
ephemeral-storage: 2Gi

ingress:
enabled: true # Use Kubernetes Ingress instead of OpenShift Route
enabled: true # Use Kubernetes Ingress instead of OpenShift Route
backstage:
extraVolumes:
- name: backstage-locations
configMap:
name: backstage-locations

- name: dynamic-plugins-root
ephemeral:
volumeClaimTemplate:
Expand All @@ -121,8 +111,6 @@ backstage:
requests:
# -- Size of the volume that will contain the dynamic plugins. It should be large enough to contain all the plugins.
storage: 1Gi


# Volume that will expose the `dynamic-plugins.yaml` file from the `dynamic-plugins` config map.
# The `dynamic-plugins` config map is created by the helm chart from the content of the `global.dynamic` field.
- name: dynamic-plugins
Expand All @@ -135,7 +123,6 @@ backstage:
defaultMode: 420
name: '{{ printf "%s-backstage-app-config" .Release.Name }}'
optional: false

# Optional volume that allows exposing the `.npmrc` file (through a `dynamic-plugins-npmrc` secret)
# to be used when running `npm pack` during the dynamic plugins installation by the initContainer.
- name: dynamic-plugins-npmrc
Expand All @@ -148,36 +135,29 @@ backstage:
extraVolumeMounts:
- name: backstage-locations
mountPath: /opt/backstage/locations

- mountPath: /opt/app-root/src/.npmrc.dynamic-plugins
name: dynamic-plugins-npmrc

- name: dynamic-plugins-root
mountPath: /opt/app-root/src/dynamic-plugins-root

- name: app-config
readOnly: true
mountPath: /opt/app-root/src/default.app-config.yaml
subPath: default.app-config.yaml

- name: dynamic-plugins
readOnly: true
mountPath: /opt/app-root/src/dynamic-plugins.yaml
subPath: dynamic-plugins.yaml

resources:
limits:
memory: 2Gi
cpu: 1000m
requests:
memory: 800Mi
cpu: 200m

podSecurityContext: # Vanilla Kubernetes doesn't feature OpenShift default SCCs with dynamic UIDs, adjust accordingly to the deployed image
podSecurityContext: # Vanilla Kubernetes doesn't feature OpenShift default SCCs with dynamic UIDs, adjust accordingly to the deployed image
runAsUser: 1001
runAsGroup: 1001
fsGroup: 1001

image:
# use 1.2 till we get the CI working again and publishing upstream
# versions of the orchestrtor and notification plugins
Expand Down Expand Up @@ -214,21 +194,9 @@ backstage:
guest:
dangerouslyAllowOutsideDevelopment: true
userEntityRef: user:default/guest

catalog:
rules:
- allow:
[
Component,
System,
Group,
Resource,
Location,
Template,
API,
User,
Domain,
]
- allow: [Component, System, Group, Resource, Location, Template, API, User, Domain]
locations:
- target: https://github.com/janus-idp/software-templates/blob/main/showcase-templates.yaml
type: url
Expand All @@ -238,14 +206,10 @@ backstage:
type: file
- target: /opt/backstage/locations/workflow-resources.yaml
type: file

csp:
script-src: ["'self'", "'unsafe-inline'", "'unsafe-eval'"]
script-src-elem: ["'self'", "'unsafe-inline'", "'unsafe-eval'"]
connect-src: ["'self'", 'http:', 'https:', 'data:']

orchestrator:
catalog:
environment: development


0 comments on commit e153744

Please sign in to comment.