From c167a6f87c08a29872e175130d187a942969e2bc Mon Sep 17 00:00:00 2001 From: Walter Medvedeo Date: Wed, 25 Sep 2024 20:42:07 +0200 Subject: [PATCH 1/3] SRVLOGIC-390: Adjust cors configuration for the dev profile deployments, and JS and DI deployments - add the quarkus.http.cors and quarkus.http.cors.origins properties calculation --- .../discovery/discovery_openshift_test.go | 4 ++-- controllers/discovery/openshift_catalog.go | 5 ++-- .../profiles/common/constants/workflows.go | 2 ++ .../profiles/common/properties/managed.go | 24 +++++++++++++++++++ controllers/profiles/dev/states_dev.go | 15 +++++++----- 5 files changed, 39 insertions(+), 11 deletions(-) diff --git a/controllers/discovery/discovery_openshift_test.go b/controllers/discovery/discovery_openshift_test.go index ac54da721..91fbf6ccb 100644 --- a/controllers/discovery/discovery_openshift_test.go +++ b/controllers/discovery/discovery_openshift_test.go @@ -33,11 +33,11 @@ import ( ) func Test_QueryOpenShiftRoute(t *testing.T) { - doTestQueryOpenShiftRoute(t, false, "http://openshiftroutehost1:80") + doTestQueryOpenShiftRoute(t, false, "http://openshiftroutehost1") } func Test_QueryOpenShiftRouteWithTLS(t *testing.T) { - doTestQueryOpenShiftRoute(t, true, "https://openshiftroutehost1:443") + doTestQueryOpenShiftRoute(t, true, "https://openshiftroutehost1") } func doTestQueryOpenShiftRoute(t *testing.T, tls bool, expectedUri string) { diff --git a/controllers/discovery/openshift_catalog.go b/controllers/discovery/openshift_catalog.go index d01a75dca..c28389042 100644 --- a/controllers/discovery/openshift_catalog.go +++ b/controllers/discovery/openshift_catalog.go @@ -107,12 +107,11 @@ func (c openShiftServiceCatalog) resolveOpenShiftRouteQuery(ctx context.Context, return "", err } else { scheme := httpProtocol - port := defaultHttpPort if route.Spec.TLS != nil { scheme = httpsProtocol - port = defaultHttpsPort } - return buildURI(scheme, route.Spec.Host, port), nil + // the OpenShift routes are only opened at the http/https standard ports. + return fmt.Sprintf("%s://%s", scheme, route.Spec.Host), nil } } diff --git a/controllers/profiles/common/constants/workflows.go b/controllers/profiles/common/constants/workflows.go index 1a2fa9519..663fdbaf1 100644 --- a/controllers/profiles/common/constants/workflows.go +++ b/controllers/profiles/common/constants/workflows.go @@ -24,4 +24,6 @@ const ( KnativeInjectedEnvVar = "${K_SINK}" KnativeEventingBrokerDefault = "default" QuarkusDevUICorsEnabled = "quarkus.dev-ui.cors.enabled" + QuarkusHttpCors = "quarkus.http.cors" + QuarkusHttpCorsOrigins = "quarkus.http.cors.origins" ) diff --git a/controllers/profiles/common/properties/managed.go b/controllers/profiles/common/properties/managed.go index af4d51f50..2fe192ee8 100644 --- a/controllers/profiles/common/properties/managed.go +++ b/controllers/profiles/common/properties/managed.go @@ -97,6 +97,10 @@ func (a *managedPropertyHandler) Build() string { // produce the MicroProfileConfigServiceCatalog properties for the service discovery property values if any. discoveryProps.Merge(generateDiscoveryProperties(a.ctx, a.catalog, userProps, a.workflow)) } + if profiles.IsDevProfile(a.workflow) && a.requireServiceDiscovery() { + // produce dev profile properties that must be calculated at service discovery time. + setDevProfileDiscoveryProperties(a.ctx, a.catalog, a.defaultManagedProperties, a.workflow) + } userProps = utils.NewApplicationPropertiesBuilder(). WithInitialProperties(discoveryProps). WithImmutableProperties(properties.MustLoadString(immutableApplicationProperties)). @@ -191,6 +195,26 @@ func setDevProfileProperties(props *properties.Properties) { props.Set(constants.QuarkusDevUICorsEnabled, "false") } +func setDevProfileDiscoveryProperties(ctx context.Context, catalog discovery.ServiceCatalog, props *properties.Properties, workflow *operatorapi.SonataFlow) { + if utils.IsOpenShift() { + // in OpenShift deployments the route is created before the workflow, at this point it can be queried safely. + routeUrl, err := catalog.Query(ctx, *discovery.NewResourceUriBuilder(discovery.OpenshiftScheme). + Kind("routes"). + Group("route.openshift.io"). + Version("v1"). + Namespace(workflow.Namespace). + Name(workflow.Name). + Build(), + discovery.KubernetesDNSAddress) + if err != nil { + klog.V(log.E).ErrorS(err, "An error was produced while getting workflow route url. ", "workflow", workflow.Name) + } else { + props.Set(constants.QuarkusHttpCors, "true") + props.Set(constants.QuarkusHttpCorsOrigins, routeUrl) + } + } +} + // ApplicationManagedProperties immutable default application properties that can be used with any workflow based on Quarkus. // Alias for NewManagedPropertyHandler(workflow).Build() func ApplicationManagedProperties(workflow *operatorapi.SonataFlow, platform *operatorapi.SonataFlowPlatform) (string, error) { diff --git a/controllers/profiles/dev/states_dev.go b/controllers/profiles/dev/states_dev.go index 17bd5a80a..54a8f7e44 100644 --- a/controllers/profiles/dev/states_dev.go +++ b/controllers/profiles/dev/states_dev.go @@ -74,6 +74,15 @@ func (e *ensureRunningWorkflowState) Do(ctx context.Context, workflow *operatora if err != nil { return ctrl.Result{Requeue: false}, objs, err } + + // Create the OpenShift route before starting the WF deployment. + // Non OpenShift deployments executes no-ops. + route, _, err := e.ensurers.network.Ensure(ctx, workflow) + if err != nil { + return ctrl.Result{RequeueAfter: constants.RequeueAfterFailure}, objs, err + } + objs = append(objs, route) + if pl != nil && len(pl.Spec.DevMode.BaseImage) > 0 { devBaseContainerImage = pl.Spec.DevMode.BaseImage } @@ -111,12 +120,6 @@ func (e *ensureRunningWorkflowState) Do(ctx context.Context, workflow *operatora } objs = append(objs, service) - route, _, err := e.ensurers.network.Ensure(ctx, workflow) - if err != nil { - return ctrl.Result{RequeueAfter: constants.RequeueAfterFailure}, objs, err - } - objs = append(objs, route) - if knativeObjs, err := common.NewKnativeEventingHandler(e.StateSupport).Ensure(ctx, workflow); err != nil { return ctrl.Result{RequeueAfter: constants.RequeueAfterFailure}, objs, err } else { From 703c97c749a10f1ed7c93435ba38e515c2f2c7ef Mon Sep 17 00:00:00 2001 From: Walter Medvedeo Date: Thu, 26 Sep 2024 18:15:57 +0200 Subject: [PATCH 2/3] SRVLOGIC-390: Adjust cors configuration for the dev profile deployments, and JS and DI deployments - increase operator controller manager resource limits --- .../logic-operator-rhel8.clusterserviceversion.yaml | 6 +++--- .../sonataflow-operator.clusterserviceversion.yaml | 6 +++--- operator.yaml | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/bundle.prod/manifests/logic-operator-rhel8.clusterserviceversion.yaml b/bundle.prod/manifests/logic-operator-rhel8.clusterserviceversion.yaml index 0b13913f6..56718fc98 100644 --- a/bundle.prod/manifests/logic-operator-rhel8.clusterserviceversion.yaml +++ b/bundle.prod/manifests/logic-operator-rhel8.clusterserviceversion.yaml @@ -787,10 +787,10 @@ spec: resources: limits: cpu: 500m - memory: 128Mi + memory: 500Mi requests: - cpu: 10m - memory: 64Mi + cpu: 100m + memory: 200Mi securityContext: allowPrivilegeEscalation: false capabilities: diff --git a/bundle/manifests/sonataflow-operator.clusterserviceversion.yaml b/bundle/manifests/sonataflow-operator.clusterserviceversion.yaml index e581164c6..dffd8a46c 100644 --- a/bundle/manifests/sonataflow-operator.clusterserviceversion.yaml +++ b/bundle/manifests/sonataflow-operator.clusterserviceversion.yaml @@ -779,10 +779,10 @@ spec: resources: limits: cpu: 500m - memory: 128Mi + memory: 500Mi requests: - cpu: 10m - memory: 64Mi + cpu: 100m + memory: 200Mi securityContext: allowPrivilegeEscalation: false capabilities: diff --git a/operator.yaml b/operator.yaml index dc6d67652..76aab2681 100644 --- a/operator.yaml +++ b/operator.yaml @@ -27131,10 +27131,10 @@ spec: resources: limits: cpu: 500m - memory: 128Mi + memory: 500Mi requests: - cpu: 10m - memory: 64Mi + cpu: 100m + memory: 200Mi securityContext: allowPrivilegeEscalation: false capabilities: From a76b978fe01222ed4dc747383b3aa34ddff6997d Mon Sep 17 00:00:00 2001 From: Walter Medvedeo Date: Thu, 26 Sep 2024 20:23:07 +0200 Subject: [PATCH 3/3] SRVLOGIC-390: Adjust cors configuration for the dev profile deployments, and JS and DI deployments - Update config/manager/manager.yaml, config/manager/prod/manager.yaml, config/manager/prod/SonataFlow-Builder.containerfile templates --- ...ogic-operator-rhel8-controllers-config_v1_configmap.yaml | 2 +- config/manager/manager.yaml | 6 +++--- config/manager/prod/SonataFlow-Builder.containerfile | 2 +- config/manager/prod/manager.yaml | 6 +++--- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/bundle.prod/manifests/logic-operator-rhel8-controllers-config_v1_configmap.yaml b/bundle.prod/manifests/logic-operator-rhel8-controllers-config_v1_configmap.yaml index 413a7bc70..27898017e 100644 --- a/bundle.prod/manifests/logic-operator-rhel8-controllers-config_v1_configmap.yaml +++ b/bundle.prod/manifests/logic-operator-rhel8-controllers-config_v1_configmap.yaml @@ -1,6 +1,6 @@ apiVersion: v1 data: - controllers_cfg.yaml: |- + controllers_cfg.yaml: | # The default size of Kaniko PVC when using the internal operator builder manager defaultPvcKanikoSize: 1Gi # How much time (in seconds) to wait for a devmode workflow to start. diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index eb34274f2..ece1636ee 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -56,9 +56,9 @@ spec: resources: limits: cpu: 500m - memory: 128Mi + memory: 500Mi requests: - cpu: 10m - memory: 64Mi + cpu: 100m + memory: 200Mi serviceAccountName: controller-manager terminationGracePeriodSeconds: 10 diff --git a/config/manager/prod/SonataFlow-Builder.containerfile b/config/manager/prod/SonataFlow-Builder.containerfile index c0e1b0a25..167b00216 100644 --- a/config/manager/prod/SonataFlow-Builder.containerfile +++ b/config/manager/prod/SonataFlow-Builder.containerfile @@ -1,4 +1,4 @@ -FROM registry.redhat.io/openshift-serverless-1/logic-swf-builder-rhel8:latest AS builder +FROM registry.redhat.io/openshift-serverless-1/logic-swf-builder-rhel8:1.34.0 AS builder # variables that can be overridden by the builder # To add a Quarkus extension to your application diff --git a/config/manager/prod/manager.yaml b/config/manager/prod/manager.yaml index 3a5d65124..765b39e89 100644 --- a/config/manager/prod/manager.yaml +++ b/config/manager/prod/manager.yaml @@ -55,9 +55,9 @@ spec: resources: limits: cpu: 500m - memory: 128Mi + memory: 500Mi requests: - cpu: 10m - memory: 64Mi + cpu: 100m + memory: 200Mi serviceAccountName: controller-manager terminationGracePeriodSeconds: 10