diff --git a/apps/faf-icebreaker/templates/config.yaml b/apps/faf-icebreaker/templates/config.yaml index 312864ac..26c52e71 100644 --- a/apps/faf-icebreaker/templates/config.yaml +++ b/apps/faf-icebreaker/templates/config.yaml @@ -10,8 +10,11 @@ data: SELF_URL: "https://ice.{{.Values.baseDomain}}" DB_USERNAME: "faf-icebreaker" DB_URL: "jdbc:mariadb://mariadb:3306/faf-icebreaker?ssl=false" + RABBITMQ_HOST: "rabbitmq" + RABBITMQ_USER: "faf-icebreaker" + RABBITMQ_PORT: "5672" CLOUDFLARE_ENABLED: "false" XIRSYS_ENABLED: "true" XIRSYS_TURN_ENABLED: "true" GEOIPUPDATE_EDITION_IDS: "GeoLite2-City" - + LOKI_BASE_URL: "http://loki.faf-ops.svc:3100" diff --git a/apps/faf-icebreaker/templates/deployment.yaml b/apps/faf-icebreaker/templates/deployment.yaml index 82d47f6b..2adbdb1e 100644 --- a/apps/faf-icebreaker/templates/deployment.yaml +++ b/apps/faf-icebreaker/templates/deployment.yaml @@ -32,7 +32,7 @@ spec: - name: geolite-db mountPath: /usr/share/GeoIP containers: - - image: faforever/faf-icebreaker:1.0.15 + - image: faforever/faf-icebreaker:1.1.2 imagePullPolicy: Always name: faf-icebreaker envFrom: diff --git a/apps/faf-user-service/templates/config-hydra2.yaml b/apps/faf-user-service/templates/config-hydra2.yaml new file mode 100644 index 00000000..a92d5cec --- /dev/null +++ b/apps/faf-user-service/templates/config-hydra2.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: faf-user-service-hydra2 + labels: + app: faf-user-service-hydra2 +data: + # Only for testing environments + FAF_ENVIRONMENT: {{ eq .Values.environment "prod" | ternary "" .Values.environment }} + REAL_IP_HEADER: "Cf-Connecting-Ip" + PASSWORD_RESET_URL: "https://www.{{.Values.baseDomain}}/account/password/reset" + REGISTER_ACCOUNT_URL: "https://www.{{.Values.baseDomain}}/account/register" + ACTIVATION_URL_FORMAT: "https://user.{{.Values.baseDomain}}/register/activate?token=%s" + FAILED_LOGIN_ACCOUNT_THRESHOLD: "5" + FAILED_LOGIN_ATTEMPT_THRESHOLD: "10" + FAILED_LOGIN_THROTTLING_MINUTES: "5" + FAILED_LOGIN_DAYS_TO_CHECK: "1" + HYDRA_TOKEN_ISSUER: "https://login.{{.Values.baseDomain}}" + HYDRA_JWKS_URL: "https://login.{{.Values.baseDomain}}/.well-known/jwks.json" + HYDRA_BASE_ADMIN_URL: "http://ory-hydra2:4445" + DB_URL: "jdbc:mariadb://mariadb:3306/faf_lobby?ssl=false" + DB_USERNAME: "faf-user-service" + DB_DATABASE: "faf_lobby" # for mariadb init script + LOBBY_URL: "wss://ws.{{.Values.baseDomain}}" + IRC_TOKEN_TTL: "300" + JAVA_OPTS: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005" \ No newline at end of file diff --git a/apps/faf-user-service/templates/deployment-hydra2.yaml b/apps/faf-user-service/templates/deployment-hydra2.yaml new file mode 100644 index 00000000..0128bd8c --- /dev/null +++ b/apps/faf-user-service/templates/deployment-hydra2.yaml @@ -0,0 +1,56 @@ +# This is for temporary running Ory Hydra 1.10 and 2.x in parallel. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: faf-user-service-hydra2 + labels: + app: faf-user-service-hydra2 + annotations: + reloader.stakater.com/auto: "true" +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: faf-user-service-hydra2 + template: + metadata: + labels: + app: faf-user-service-hydra2 + annotations: + prometheus.io/scrape: 'true' + prometheus.io/port: '8081' + prometheus.io/path: '/actuator/prometheus' + spec: + containers: + - image: faforever/faf-user-service:3.2.0-RC2 + imagePullPolicy: Always + name: faf-user-service + envFrom: + - configMapRef: + name: faf-user-service-hydra2 + - secretRef: + name: faf-user-service + volumeMounts: + - name: mail-templates + mountPath: /config/mail/ + readOnly: true + ports: + - containerPort: 8080 + startupProbe: + httpGet: + port: 8080 + path: /q/health + failureThreshold: 10 + periodSeconds: 3 + livenessProbe: + httpGet: + port: 8080 + path: /q/health + failureThreshold: 3 + periodSeconds: 10 + restartPolicy: Always + volumes: + - name: mail-templates + configMap: + name: faf-user-service-mail-templates diff --git a/apps/faf-user-service/templates/ingress.yaml b/apps/faf-user-service/templates/ingress.yaml index eb6236b5..afb9fae6 100644 --- a/apps/faf-user-service/templates/ingress.yaml +++ b/apps/faf-user-service/templates/ingress.yaml @@ -11,3 +11,9 @@ spec: services: - name: faf-user-service port: 8080 + # This is for temporary running Ory Hydra 1.10 and 2.x in parallel. + - match: Host(`user-nx.{{.Values.baseDomain}}`) + kind: Rule + services: + - name: faf-user-service-hydra2 + port: 8080 diff --git a/apps/faf-user-service/templates/service-hydra2.yaml b/apps/faf-user-service/templates/service-hydra2.yaml new file mode 100644 index 00000000..2af5d455 --- /dev/null +++ b/apps/faf-user-service/templates/service-hydra2.yaml @@ -0,0 +1,13 @@ +# This is for temporary running Ory Hydra 1.10 and 2.x in parallel. +apiVersion: v1 +kind: Service +metadata: + name: faf-user-service-hydra2 + labels: + app: faf-user-service-hydra2 +spec: + selector: + app: faf-user-service-hydra2 + ports: + - port: 8080 + targetPort: 8080 diff --git a/apps/ory-hydra2/Chart.yaml b/apps/ory-hydra2/Chart.yaml new file mode 100644 index 00000000..48025b92 --- /dev/null +++ b/apps/ory-hydra2/Chart.yaml @@ -0,0 +1,3 @@ +apiVersion: v2 +name: ory-hydra2 +version: 1.0.0 diff --git a/apps/ory-hydra2/templates/config.yaml b/apps/ory-hydra2/templates/config.yaml new file mode 100644 index 00000000..a9034af4 --- /dev/null +++ b/apps/ory-hydra2/templates/config.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: ory-hydra2 + namespace: faf-apps + labels: + app: ory-hydra2 +data: + URLS_SELF_ISSUER: "https://login.{{.Values.baseDomain}}" + URLS_LOGIN: "https://user-nx.{{.Values.baseDomain}}/oauth2/login" + URLS_CONSENT: "https://user-nx.{{.Values.baseDomain}}/oauth2/consent" + STRATEGIES_ACCESS_TOKEN: "jwt" + OAUTH2_CLIENT_CREDENTIALS_DEFAULT_GRANT_ALLOWED_SCOPE: "true" + # These are only used for postgres init script, it is redundant in the DSN secret! Don't forget to also create a secret for DB_PASSWORD + DB_USER: "hydra" + DB_NAME: "ory-hydra" diff --git a/apps/ory-hydra2/templates/deployment.yaml b/apps/ory-hydra2/templates/deployment.yaml new file mode 100644 index 00000000..97809c29 --- /dev/null +++ b/apps/ory-hydra2/templates/deployment.yaml @@ -0,0 +1,35 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ory-hydra2 + namespace: faf-apps + labels: + app: ory-hydra2 + annotations: + reloader.stakater.com/auto: "true" +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: ory-hydra2 + template: + metadata: + labels: + app: ory-hydra2 + annotations: + prometheus.io/scrape: 'false' + spec: + containers: + - image: oryd/hydra:v2.2.0 + imagePullPolicy: Always + name: ory-hydra2 + envFrom: + - configMapRef: + name: ory-hydra2 + - secretRef: + name: ory-hydra2 + ports: + - containerPort: 4444 + - containerPort: 4445 + restartPolicy: Always \ No newline at end of file diff --git a/apps/ory-hydra2/templates/ingress.yaml b/apps/ory-hydra2/templates/ingress.yaml new file mode 100644 index 00000000..b0b2343d --- /dev/null +++ b/apps/ory-hydra2/templates/ingress.yaml @@ -0,0 +1,13 @@ +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: ory-hydra2 +spec: + entryPoints: + - websecure + routes: + - match: Host(`login.{{.Values.baseDomain}}`) + kind: Rule + services: + - name: ory-hydra2 + port: 4444 diff --git a/apps/ory-hydra2/templates/migration-cronjob.yaml b/apps/ory-hydra2/templates/migration-cronjob.yaml new file mode 100644 index 00000000..253226d9 --- /dev/null +++ b/apps/ory-hydra2/templates/migration-cronjob.yaml @@ -0,0 +1,35 @@ +kind: CronJob +apiVersion: batch/v1 +metadata: + name: ory-hydra2-migration + namespace: faf-apps + labels: + app: ory-hydra-migration +spec: + # Disabled because triggered manually + schedule: "0 0 31 2 *" + suspend: true + concurrencyPolicy: Forbid + jobTemplate: + metadata: + labels: + app: ory-hydra2-migration + annotations: + prometheus.io/scrape: 'false' + spec: + template: + spec: + containers: + - image: oryd/hydra:v2.2.0 + imagePullPolicy: Always + name: ory-hydra + envFrom: + - configMapRef: + name: ory-hydra2 + - secretRef: + name: ory-hydra2 + ports: + - containerPort: 4444 + - containerPort: 4445 + args: [ "migrate", "sql", "--read-from-env", "--yes"] + restartPolicy: Never diff --git a/apps/ory-hydra2/templates/secret.yaml b/apps/ory-hydra2/templates/secret.yaml new file mode 100644 index 00000000..83c53349 --- /dev/null +++ b/apps/ory-hydra2/templates/secret.yaml @@ -0,0 +1,19 @@ +apiVersion: secrets.infisical.com/v1alpha1 +kind: InfisicalSecret +metadata: + name: ory-hydra2 + namespace: faf-apps +spec: + authentication: + universalAuth: + credentialsRef: + secretName: infisical-machine-identity + secretNamespace: faf-ops + secretsScope: + projectSlug: {{.Values.infisical.projectSlug}} + envSlug: {{.Values.infisical.envSlug}} + secretsPath: "/ory-hydra2" + managedSecretReference: + secretName: ory-hydra2 + secretNamespace: faf-apps + creationPolicy: "Owner" diff --git a/apps/ory-hydra2/templates/service.yaml b/apps/ory-hydra2/templates/service.yaml new file mode 100644 index 00000000..55f65f0d --- /dev/null +++ b/apps/ory-hydra2/templates/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: ory-hydra2 + namespace: faf-apps + labels: + app: ory-hydra2 +spec: + selector: + app: ory-hydra2 + ports: + - name: public-port + port: 4444 + targetPort: 4444 + - name: admin-port + port: 4445 + targetPort: 4445 diff --git a/cluster/storage/values.yaml b/cluster/storage/values.yaml index 374e8dd4..5abc8e17 100644 --- a/cluster/storage/values.yaml +++ b/cluster/storage/values.yaml @@ -24,6 +24,12 @@ managedStorages: size: 500Gi pvc: namespace: faf-apps + - pv: + name: faf-replays-old + folderName: replays-old + size: 500Gi + pvc: + namespace: faf-apps - pv: name: faf-maps folderName: maps diff --git a/cluster/telepresence/Chart.yaml b/cluster/telepresence/Chart.yaml new file mode 100644 index 00000000..2596ffc2 --- /dev/null +++ b/cluster/telepresence/Chart.yaml @@ -0,0 +1,7 @@ +apiVersion: v2 +name: telepresence +version: 1.0.0 +dependencies: + - name: telepresence-oss + version: 2.21.3 + repository: oci://ghcr.io/telepresenceio \ No newline at end of file diff --git a/cluster/telepresence/values.yaml b/cluster/telepresence/values.yaml new file mode 100644 index 00000000..72fa2a8d --- /dev/null +++ b/cluster/telepresence/values.yaml @@ -0,0 +1,3 @@ +namespace: telepresence +telepresence: + releaseName: traffic-manager \ No newline at end of file diff --git a/cluster/traefik/Chart.yaml b/cluster/traefik/Chart.yaml index 54db93e8..99d51580 100644 --- a/cluster/traefik/Chart.yaml +++ b/cluster/traefik/Chart.yaml @@ -3,5 +3,5 @@ name: traefik version: 1.0.0 dependencies: - name: traefik - version: 34.3.0 + version: 34.5.0 repository: https://traefik.github.io/charts diff --git a/scripts/init-postgres.sh b/scripts/init-postgres.sh index 30de1d9e..55ef788d 100755 --- a/scripts/init-postgres.sh +++ b/scripts/init-postgres.sh @@ -50,5 +50,6 @@ create_user_and_db() { } create_user_and_db faf-apps wikijs DB_USER DB_PASS DB_NAME +create_user_and_db faf-apps ory-hydra2 DB_USER DB_PASSWORD DB_NAME echo "All users and databases have been processed." diff --git a/scripts/init-rabbitmq.sh b/scripts/init-rabbitmq.sh index 0f1b9c73..7f1a8528 100755 --- a/scripts/init-rabbitmq.sh +++ b/scripts/init-rabbitmq.sh @@ -61,4 +61,5 @@ create_user_for_vhost faf-lobby-server MQ_USER MQ_PASSWORD $VHOST_FAF_CORE create_user_for_vhost faf-api RABBIT_USERNAME RABBIT_PASSWORD $VHOST_FAF_CORE create_user_for_vhost faf-league-service MQ_USER MQ_PASSWORD $VHOST_FAF_CORE create_user_for_vhost debezium RABBITMQ_USER RABBITMQ_PASSWORD $VHOST_FAF_CORE +create_user_for_vhost faf-icebreaker RABBITMQ_USER RABBITMQ_PASSWORD $VHOST_FAF_CORE