🚧 api-admin and api rename

carverauto · Nov 25, 2024 · f0b0ed4 · f0b0ed4
1 parent 882ad20
commit f0b0ed4
Show file tree

Hide file tree

Showing 27 changed files with 365 additions and 72 deletions.
diff --git a/cmd/api-admin/.ko.yaml b/cmd/api-admin/.ko.yaml
@@ -0,0 +1,6 @@
+defaultBaseImage: ghcr.io/carverauto/eventrunner-base:v2
+builds:
+  - id: api-admin
+    main: .
+    platforms:
+      - linux/amd64
diff --git a/cmd/api-admin/Dockerfile b/cmd/api-admin/Dockerfile
@@ -0,0 +1,30 @@
+# Start from a minimal Alpine image to set up our directory structure
+FROM --platform=linux/amd64 alpine:3.14 AS builder
+
+# Create necessary directories
+WORKDIR /app
+RUN mkdir -p /app/configs /app/migrations
+
+# Copy migrations and configs
+COPY migrations/ /app/migrations/
+COPY configs/.env /app/configs/.env
+COPY configs/.staging.env /app/configs/.staging.env
+
+# Now, create our final image based on distroless
+FROM --platform=linux/amd64 cgr.dev/chainguard/go:latest
+# debug using a container with a shell
+#FROM --platform=linux/amd64 alpine:3.14
+
+# Copy the directory structure from the builder stage
+COPY --from=builder /app /app
+
+# Set working directory
+WORKDIR /app
+
+# Set environment variables
+ENV APP_ENV=staging
+ENV GOFR_MIGRATIONS_DIR=/app/migrations
+
+# The ko-built binary will be added as "app" in the container
+# We don't set an ENTRYPOINT here as ko will do that for us
+ENTRYPOINT ["sh"]
diff --git a/cmd/api-admin/Makefile b/cmd/api-admin/Makefile
@@ -0,0 +1,22 @@
+# Define variables
+KO_DOCKER_REPO := ghcr.io/carverauto/api-admin
+VERSION := v0.0.01
+
+# Default target
+all: build
+
+# Build the binary locally
+build:
+	go build -o api-admin .
+
+# Build and push the container image using ko
+ko-build:
+	@export KO_DOCKER_REPO=$(KO_DOCKER_REPO) && \
+	export VERSION=$(VERSION) && \
+	ko build --bare --tags $(VERSION) ./
+
+# Clean up
+clean:
+	rm -f api-admin
+
+.PHONY: all build ko-build clean
diff --git a/cmd/api-admin/configs/.env b/cmd/api-admin/configs/.env
@@ -3,7 +3,7 @@ HTTP_PORT=8201
 
 LOG_LEVEL=DEBUG
 
-JWKS_SERVER=https://affectionate-brattain-fl0yahcycw.projects.oryapis.com/.well-known/jwks.json
+DSN=mongodb://er-mongodb.mongo.svc.cluster.local:27017
 ORY_SCHEMA_ID=
 DB_HOST=localhost
 DB_USER=root

diff --git a/cmd/api-admin/main.go b/cmd/api-admin/main.go
@@ -1,4 +1,4 @@
-// File: main.go
+// Package main cmd/api-admin/main.go
 
 package main
 
@@ -24,7 +24,7 @@ func main() {
 	ctx := context.Background()
 
 	// Set up MongoDB
-	db := mongo.New(&mongo.Config{URI: "mongodb://er-mongodb.mongo.svc.cluster.local:27017", Database: "eventrunner"})
+	db := mongo.New(&mongo.Config{URI: os.Getenv("DB_URL"), Database: "eventrunner"})
 
 	// setup a context with a timeout
 	dbCtx, cancel := context.WithTimeout(ctx, dbConnectTimeout)
@@ -39,7 +39,6 @@ func main() {
 	// Initialize Ory client
 	oryClient := ory.NewConfiguration()
 	oryClient.Servers = ory.ServerConfigurations{{URL: os.Getenv("ORY_SDK_URL")}}
-	// oryClient.DefaultHeader["Authorization"] = "Bearer " + os.Getenv("ORY_PAT")
 
 	apiClient := ory.NewAPIClient(oryClient)
 
@@ -53,6 +52,17 @@ func main() {
 	// Add other middleware and routes
 	app.UseMiddleware(middleware.CustomHeadersMiddleware())
 
+	// API Credentials routes
+	app.POST("/api/credentials", middleware.Adapt(
+		h.CreateAPICredential,
+		middleware.RequireUser,
+	))
+
+	app.GET("/api/credentials", middleware.Adapt(
+		h.ListAPICredentials,
+		middleware.RequireUser,
+	))
+
 	// this endpoint is used by the Ory Kratos login flow
 	app.GET("/callback", func(ctx *gofr.Context) (interface{}, error) {
 		code := ctx.Request.Param("code")

diff --git a/cmd/api/configs/.env b/cmd/api/configs/.env
@@ -4,6 +4,7 @@ HTTP_PORT=8200
 LOG_LEVEL=DEBUG
 
 JWKS_SERVER=https://affectionate-brattain-fl0yahcycw.projects.oryapis.com/.well-known/jwks.json
+DSN=mongodb://er-mongodb.mongo.svc.cluster.local:27017
 ORY_SCHEMA_ID=
 DB_HOST=localhost
 DB_USER=root

diff --git a/...eventrunner-api/base/eventrunner-api.yaml → k8s/api-admin/base/api-admin.yaml b/...eventrunner-api/base/eventrunner-api.yaml → k8s/api-admin/base/api-admin.yaml
@@ -1,44 +1,36 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: eventrunner-api
+  name: api-admin
   namespace: eventrunner
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app: eventrunner-api
+      app: api-admin
   template:
     metadata:
-      annotations:
-        sidecar.istio.io/logLevel: debug
-        proxy.istio.io/config: |
-          tracing:
-            sampling: 100.0
-            customTags:
-              request.host:
-                header:
-                  name: :authority
       labels:
-        app: eventrunner-api
-        sidecar.istio.io/inject: "false"
+        app: api-admin
     spec:
       serviceAccountName: eventrunner-account
       imagePullSecrets:
         - name: ghcr-io-cred
       containers:
-        - name: eventrunner-api
-          image: ghcr.io/carverauto/eventrunner-api:v0.0.28
+        - name: api-admin
+          image: ghcr.io/carverauto/api-admin:v0.0.04
           imagePullPolicy: Always
           env:
             - name: DB_PASSWORD
               valueFrom:
                 secretKeyRef:
                   name: db-credentials
                   key: DB_PASSWORD
+            - name: ORY_SDK_URL
+              value: "http://hydra-admin.auth:4445"
           envFrom:
             - configMapRef:
-                name: eventrunner-config
+                name: api-admin-config
           volumeMounts:
             - name: config
               mountPath: /app/configs
@@ -48,7 +40,7 @@ spec:
       volumes:
         - name: config
           configMap:
-            name: eventrunner-config
+            name: api-admin-config
         - name: nats-creds
           secret:
             secretName: nats-creds

diff --git a/k8s/api-admin/base/configmap.yaml b/k8s/api-admin/base/configmap.yaml
@@ -0,0 +1,30 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: api-admin-config
+  namespace: eventrunner
+data:
+  .env: |
+    APP_NAME=api-admin
+    HTTP_PORT=8200
+    LOG_LEVEL=DEBUG
+    ORY_PROJECT_URL=http://hydra-admin.auth:4445
+    DB_HOST=localhost
+    DB_USER=root
+    DB_PASSWORD=password
+    DB_NAME=eventrunner
+    DB_PORT=2001
+    DB_DIALECT=mongo
+    DB_URL=mongodb://er-mongodb.svc.cluster.local:27017
+  .staging.env: |
+    LOG_LEVEL=DEBUG
+    APP_NAME=api-admin
+    HTTP_PORT=8200
+    ORY_PROJECT_URL=http://hydra-admin.auth:4445
+    DB_HOST=localhost
+    DB_USER=root
+    DB_PASSWORD=password
+    DB_NAME=eventrunner
+    DB_PORT=2001
+    DB_DIALECT=mongo
+    DB_URL=mongodb://er-mongodb.svc.cluster.local:27017
diff --git a/k8s/api-admin/base/db-creds.yaml b/k8s/api-admin/base/db-creds.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: eventrunner-db-credentials
+  namespace: eventrunner
+type: Opaque
+stringData:
+  username: eventrunner
+  password: changeme
diff --git a/k8s/api-admin/base/health-alive-ingress.yaml b/k8s/api-admin/base/health-alive-ingress.yaml
@@ -0,0 +1,57 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: api-admin-health
+  namespace: eventrunner
+  annotations:
+    cert-manager.io/cluster-issuer: threadr-issuer
+    nginx.ingress.kubernetes.io/auth-response-headers: X-User,X-Tenant-ID,X-Request-Id,Authorization
+    nginx.ingress.kubernetes.io/auth-snippet: |
+      proxy_set_header X-Original-Uri $request_uri;
+    nginx.ingress.kubernetes.io/auth-url: http://oathkeeper-proxy.auth.svc.cluster.local:4455/decisions/health
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: api-admin.tunnel.threadr.ai
+      http:
+        paths:
+          - path: /.well-known/health
+            pathType: ImplementationSpecific
+            backend:
+              service:
+                name: api-admin
+                port:
+                  number: 8200
+  tls:
+    - hosts:
+        - api-admin.tunnel.threadr.ai
+      secretName: eventrunner-api-tls
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: api-admin-alive
+  namespace: eventrunner
+  annotations:
+    cert-manager.io/cluster-issuer: threadr-issuer
+    nginx.ingress.kubernetes.io/auth-response-headers: X-User,X-Tenant-ID,X-Request-Id,Authorization
+    nginx.ingress.kubernetes.io/auth-url: http://oathkeeper-proxy.auth.svc.cluster.local:4455/decisions/alive
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: api-admin.tunnel.threadr.ai
+      http:
+        paths:
+          - path: /.well-known/alive
+            pathType: ImplementationSpecific
+            backend:
+              service:
+                name: api-admin
+                port:
+                  number: 8200
+  tls:
+    - hosts:
+        - api-admin.tunnel.threadr.ai
+      secretName: eventrunner-api-tls
diff --git a/k8s/api-admin/base/ingress-api.yaml b/k8s/api-admin/base/ingress-api.yaml
@@ -0,0 +1,25 @@
+# ingress-api.yaml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: api-admin
+  namespace: eventrunner
+  annotations:
+    cert-manager.io/cluster-issuer: threadr-issuer
+spec:
+  ingressClassName: nginx
+  tls:
+    - hosts:
+        - api-admin.tunnel.threadr.ai
+      secretName: eventrunner-api-tls
+  rules:
+    - host: api-admin.tunnel.threadr.ai
+      http:
+        paths:
+          - path: /api-admin
+            pathType: Prefix
+            backend:
+              service:
+                name: oathkeeper-proxy
+                port:
+                  number: 4455
diff --git a/k8s/api-admin/base/ingress-callback.yaml b/k8s/api-admin/base/ingress-callback.yaml
@@ -0,0 +1,28 @@
+# ingress-callback.yaml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: api-admin-callback
+  namespace: eventrunner
+  annotations:
+    cert-manager.io/cluster-issuer: threadr-issuer
+    nginx.ingress.kubernetes.io/use-regex: "true"
+    nginx.ingress.kubernetes.io/proxy-pass-params: "on"
+    nginx.ingress.kubernetes.io/rewrite-target: /callback$1
+spec:
+  ingressClassName: nginx
+  tls:
+    - hosts:
+        - api-admin.tunnel.threadr.ai
+      secretName: eventrunner-api-tls
+  rules:
+    - host: api-admin.tunnel.threadr.ai
+      http:
+        paths:
+          - path: /callback(.*)
+            pathType: ImplementationSpecific
+            backend:
+              service:
+                name: api-admin
+                port:
+                  number: 8200
diff --git a/k8s/api-admin/base/ingress.yaml b/k8s/api-admin/base/ingress.yaml
@@ -0,0 +1,33 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: api-admin
+  namespace: eventrunner
+  annotations:
+    cert-manager.io/cluster-issuer: threadr-issuer
+    nginx.ingress.kubernetes.io/rewrite-target: /$2
+    nginx.ingress.kubernetes.io/use-regex: "true"
+spec:
+  ingressClassName: nginx
+  tls:
+    - hosts:
+        - api-admin.tunnel.threadr.ai
+      secretName: eventrunner-api-tls
+  rules:
+    - host: api-admin.tunnel.threadr.ai
+      http:
+        paths:
+          - path: /callback(/|$)(.*)
+            pathType: ImplementationSpecific
+            backend:
+              service:
+                name: api-admin
+                port:
+                  number: 8200
+          - path: /api
+            pathType: Prefix
+            backend:
+              service:
+                name: oathkeeper-proxy
+                port:
+                  number: 4455
diff --git a/k8s/eventrunner-api/base/kustomization.yaml → k8s/api-admin/base/kustomization.yaml b/k8s/eventrunner-api/base/kustomization.yaml → k8s/api-admin/base/kustomization.yaml
@@ -2,8 +2,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: eventrunner
 resources:
-  - eventrunner-api.yaml
   - configmap.yaml
+  - api-admin.yaml
   - service.yaml
   - health-alive-ingress.yaml
   - service-proxy.yaml

diff --git a/k8s/eventrunner-api/base/service-proxy.yaml → k8s/api-admin/base/service-proxy.yaml b/k8s/eventrunner-api/base/service-proxy.yaml → k8s/api-admin/base/service-proxy.yaml