Routing for /sandbox/api

.github/workflows/deploy_images.yml

@@ -33,6 +33,11 @@ on:
         default: true
         description: Build new image of save-orchestrator
         required: false
+      sandbox:
+        type: boolean
+        default: true
+        description: Build new image of save-sandbox
+        required: false
       preprocessor:
         type: boolean
         default: true
@@ -57,7 +62,7 @@ jobs:
         name: Prepare to build
         working-directory: save-cloud
         run: |
-          echo GRADLE_TASKS=:api-gateway:bootBuildImage :save-backend:bootBuildImage :save-frontend:buildImage :save-orchestrator:bootBuildImage :save-preprocessor:bootBuildImage >> $GITHUB_ENV
+          echo GRADLE_TASKS=:api-gateway:bootBuildImage :save-backend:bootBuildImage :save-frontend:buildImage :save-orchestrator:bootBuildImage :save-sandbox:bootBuildImage :save-preprocessor:bootBuildImage >> $GITHUB_ENV
       - if: github.event_name == 'workflow_dispatch'
         name: Prepare to build from branch
         working-directory: save-cloud
@@ -69,6 +74,7 @@ jobs:
           if ${{ inputs.backend }} == 'true'; then GRADLE_TASKS+=":save-backend:bootBuildImage "; fi
           if ${{ inputs.frontend }} == 'true'; then GRADLE_TASKS+=":save-frontend:buildImage "; fi
           if ${{ inputs.orchestrator }} == 'true'; then GRADLE_TASKS+=":save-orchestrator:bootBuildImage "; fi
+          if ${{ inputs.sandbox }} == 'true'; then GRADLE_TASKS+=":save-sandbox:bootBuildImage "; fi
           if ${{ inputs.preprocessor }} == 'true'; then GRADLE_TASKS+=":save-preprocessor:bootBuildImage "; fi
           echo GRADLE_TASKS=$GRADLE_TASKS >> $GITHUB_ENV
       - name: checkout save-core

api-gateway/src/main/resources/application-dev.yml

@@ -3,6 +3,8 @@ gateway:
     url: http://localhost:5800
   frontend:
     url: http://localhost:5810
+  sandbox:
+    url: http://localhost:5400
 spring:
   security:
     oauth2:

api-gateway/src/main/resources/application.yml

@@ -9,6 +9,8 @@ gateway:
     url: http://frontend:5810
   grafana:
     url: http://grafana:9100
+  sandbox:
+    url: http://sandbox:5400
 management:
   endpoints:
     web:
@@ -50,6 +52,14 @@ spring:
           uri: ${gateway.grafana.url}
           predicates:
             - Path=/grafana/**
+        - id: sandbox-api_route
+          uri: ${gateway.sandbox.url}
+          predicates:
+            - Path=/sandbox/api/**
+          filters:
+            # If SESSION cookie is passed to downstream, it is then removed, because downstream discards it
+            - RemoveRequestHeader=Cookie
+            - ConvertAuthorizationHeader=
 
 ---
 spring:

buildSrc/src/main/kotlin/com/saveourtool/save/buildutils/DatabaseUtils.kt

@@ -39,16 +39,14 @@ fun Project.getDatabaseCredentials(profile: String): DatabaseCredentials {
         }
     }
 
-    val databaseUrl: String
+    val databaseUrl: String = props.getProperty("spring.datasource.url")
     val username: String
     val password: String
 
     if (profile == "prod") {
-        databaseUrl = props.getProperty("spring.datasource.url")
         username = props.getProperty("username")
         password = props.getProperty("password")
     } else {
-        databaseUrl = props.getProperty("datasource.dev.url")
         username = props.getProperty("spring.datasource.username")
         password = props.getProperty("spring.datasource.password")
     }

buildSrc/src/main/kotlin/com/saveourtool/save/buildutils/DockerStackConfiguration.kt

@@ -105,6 +105,7 @@ fun Project.createStackDeployTask(profile: String) {
                     FRONTEND_TAG=${defaultVersionOrProperty("frontend.dockerTag")}
                     GATEWAY_TAG=${defaultVersionOrProperty("gateway.dockerTag")}
                     ORCHESTRATOR_TAG=${defaultVersionOrProperty("orchestrator.dockerTag")}
+                    SANDBOX_TAG=${defaultVersionOrProperty("sandbox.dockerTag")}
                     PREPROCESSOR_TAG=${defaultVersionOrProperty("preprocessor.dockerTag")}
                     PROFILE=$profile
                 """.trimIndent()

docker-compose.yaml

@@ -33,16 +33,34 @@ services:
       labels:
         - "prometheus-job=save-orchestrator"
     logging: *loki-logging-jvm
+  sandbox:
+    image: ghcr.io/saveourtool/save-sandbox:${SANDBOX_TAG}
+    user: root  # to access host's docker socket
+    environment:
+      - "SPRING_PROFILES_ACTIVE=${PROFILE},docker-secrets"
+    secrets:
+      - db_username
+      - db_password
+    ports:
+      - "5400:5400"
+    volumes:
+      - "/var/run/docker.sock:/var/run/docker.sock"
+      - /home/saveu/configs/sandbox:/home/cnb/config
+      - save-fs-storage:/home/cnb/files
+      - save-tmp-resources:/tmp
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+    deploy:
+      labels:
+        - "prometheus-job=save-sandbox"
+    logging: *loki-logging-jvm
   backend:
     image: ghcr.io/saveourtool/save-backend:${BACKEND_TAG}
     environment:
       - "SPRING_PROFILES_ACTIVE=${PROFILE},secure,docker-secrets"
-      - "MYSQL_USER=/run/secrets/db_username"
-      - "MYSQL_PASSWORD_FILE=/run/secrets/db_password"
     secrets:
       - db_username
       - db_password
-      - db_url
     volumes:
       - save-fs-storage:/home/cnb/files
       - /home/saveu/configs/backend:/home/cnb/config
@@ -144,5 +162,3 @@ secrets:
     external: true
   db_username:
     external: true
-  db_url:
-    external: true

gradle/libs.versions.toml

@@ -84,6 +84,7 @@ spring-boot-starter-test = { module = "org.springframework.boot:spring-boot-star
 spring-boot-starter-data-jpa = { module = "org.springframework.boot:spring-boot-starter-data-jpa" }
 spring-boot-starter-quartz = { module = "org.springframework.boot:spring-boot-starter-quartz" }
 spring-boot-starter-security = { module = "org.springframework.boot:spring-boot-starter-security" }
+spring-boot = { module = "org.springframework.boot:spring-boot" }
 spring-boot-configuration-processor = { module = "org.springframework.boot:spring-boot-configuration-processor", version.ref = "spring-boot" }
 spring-security-core = { module = "org.springframework.security:spring-security-core" }
 spring-security-oauth2-client = { module = "org.springframework.security:spring-security-oauth2-client" }

save-backend/src/main/resources/META-INF/spring.factories

@@ -1 +1 @@
-org.springframework.boot.env.EnvironmentPostProcessor=com.saveourtool.save.backend.postprocessor.DockerSecretsDatabaseProcessor
+org.springframework.boot.env.EnvironmentPostProcessor=com.saveourtool.save.spring.postprocessor.DockerSecretsDatabaseProcessor

save-backend/src/main/resources/application-dev.properties

@@ -1,7 +1,4 @@
-spring.liquibase.enabled=false
-# `mysql` is resolved when running mysql in docker-compose, change to `datasource.dev.url` if running backend via `bootRun` or from IDE
 spring.datasource.url=jdbc:mysql://localhost:3306/save_cloud
-datasource.dev.url=jdbc:mysql://localhost:3306/save_cloud
 spring.datasource.username=root
 spring.datasource.password=123
 backend.url=http://host.docker.internal:${server.port}

save-backend/src/main/resources/application-prod.properties

@@ -1,3 +1,3 @@
-spring.liquibase.enabled=false
+spring.datasource.url=jdbc:mysql://192.168.0.250:3306/save_cloud
 spring.quartz.job-store-type=jdbc
 spring.quartz.jdbc.initialize-schema=ALWAYS

save-backend/src/main/resources/application.properties

@@ -3,7 +3,7 @@ backend.preprocessorUrl=http://preprocessor:5200
 backend.orchestratorUrl=http://orchestrator:5100
 backend.initialBatchSize=100
 backend.fileStorage.location=/home/cnb/files
-server.port = 5800
+server.port=5800
 server.error.path=/error
 management.endpoints.web.exposure.include=health,info,prometheus,quartz
 server.error.include-message=always
@@ -20,3 +20,4 @@ spring.jpa.properties.hibernate.order_updates=true
 logging.level.org.hibernate.engine.internal.StatisticalLoggingSessionEventListener=WARN
 spring.cloud.kubernetes.enabled=false
 spring.codec.max-in-memory-size=100MB
+spring.liquibase.enabled=false

save-cloud-charts/save-cloud/templates/mysql-deployment.yaml

@@ -6,9 +6,9 @@ kind: Secret
 metadata:
   name: db-secrets
 stringData:
-  spring.datasource.url: 'jdbc:mysql://mysql-service:3306/{{ .Values.mysql.schema }}'
+  spring.datasource.url: 'jdbc:mysql://mysql-service:3306/{{ .Values.mysql.sandbox_schema }}'
   spring.datasource.username: root
-  spring.datasource.password: '123'
+  spring.datasource.password: {{ .Values.mysql.root_password }}
 
 ---
   {{ end }}
@@ -36,9 +36,9 @@ spec:
               name: mysql
           env:
             - name: MYSQL_ROOT_PASSWORD
-              value: '123'
+              value: {{ .Values.mysql.root_password }}
             - name: MYSQL_DATABASE
-              value: save_cloud
+              value: {{ .Values.mysql.schema }}
           volumeMounts:
             - name: mysql-persistent-storage
               mountPath: /var/lib/mysql

save-cloud-charts/save-cloud/templates/sandbox-configmap.yaml

@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Values.sandbox.name }}-config
+data:
+  application.properties: |
+    sandbox.backendUrl=http://backend/internal
+
+    sandbox.kubernetes.apiServerUrl=http://kubernetes.default.svc
+    sandbox.kubernetes.serviceAccount=${POD_SERVICE_ACCOUNT}
+    sandbox.kubernetes.namespace=${POD_NAMESPACE}
+
+    server.shutdown=graceful
+    management.endpoints.web.exposure.include=*
+    sandbox.agent-settings.orchestrator-url=http://{{ .Values.sandbox.name }}
+    sandbox.agent-settings.backend-url=http://{{ .Values.sandbox.name }}
+    sandbox.agent-settings.debug=true
+
+    sandbox.test-resources.tmp-path=/tmp/save/resources
+
+    logging.level.com.saveourtool.save.orchestrator.kubernetes=DEBUG
+
+    {{ if .Values.sandbox.applicationProperties }}
+    {{- .Values.sandbox.applicationProperties | nindent 4 }}
+    {{ end }}

save-cloud-charts/save-cloud/templates/sandbox-deployment.yaml

@@ -0,0 +1,125 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: sandbox
+  labels:
+    {{- include "common.labels" (merge (dict "service" .Values.sandbox) .) | nindent 4 }}
+spec:
+  selector:
+    matchLabels:
+      io.kompose.service: sandbox
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        {{- include "pod.common.labels" (merge (dict "service" .Values.sandbox ) .) | nindent 8 }}
+      annotations:
+        {{- include "pod.common.annotations" (dict "service" .Values.backend ) | nindent 8 }}
+    spec:
+      serviceAccountName: sandbox-sa
+      restartPolicy: Always
+      {{- if .Values.sandbox.nodeName }}
+      nodeName: {{ .Values.sandbox.nodeName }}
+      {{- end }}
+      {{- include "cnb.securityContext" . | nindent 6 }}
+      containers:
+        - name: sandbox
+          {{- include "spring-boot.common" (merge (dict "service" .Values.sandbox) .) | nindent 10 }}
+          env:
+            {{- include "spring-boot.common.env" (merge (dict "service" .Values.sandbox) .) | nindent 12 }}
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: JAVA_TOOL_OPTIONS
+              value: -XX:ReservedCodeCacheSize=48M
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: POD_SERVICE_ACCOUNT
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.serviceAccountName
+            - name: NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+          volumeMounts:
+            - {{ include "spring-boot.config-volume-mount" . | indent 14 | trim }}
+            - name: fs-storage
+              mountPath: /home/cnb/files
+            - name: database-secret
+              mountPath: {{ .Values.sandbox.dbPasswordFile }}
+          {{- include "spring-boot.management" .Values.sandbox | nindent 10 }}
+          resources:
+            limits:
+              memory: 800M
+            requests:
+              memory: 600M
+      initContainers:
+        - name: git-cloner
+          image: alpine/git
+          args:
+            - clone
+            - --single-branch
+            - --branch
+            - {{ .Values.mysql.migrations.branch | default "master" }}
+            - --
+            - https://github.com/saveourtool/save-cloud.git
+            - /data
+          volumeMounts:
+            - mountPath: /data
+              name: migrations-data
+        - name: liquibase-runner
+          image: liquibase/liquibase:4.15
+          securityContext:
+            runAsUser: 1001
+            runAsGroup: 1001
+          args:
+            - --url=$(DB_URL)
+            - --changeLogFile=save-sandbox/db/db.changelog-master.xml
+            - --username=$(DB_USERNAME)
+            - --password=$(DB_PASSWORD)
+            - --log-level=info
+            - --contexts={{ .Values.profile }}
+            - update
+          resources:
+            requests:
+              memory: 100M
+            limits:
+              memory: 300M
+          env:
+            # See https://hub.docker.com/r/liquibase/liquibase, section 'Notice for MySQL Users'
+            - name: INSTALL_MYSQL
+              value: 'true'
+            - name: DB_URL
+              valueFrom:
+                secretKeyRef:
+                  name: sandbox-db-secrets
+                  key: spring.datasource.url
+            - name: DB_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: sandbox-db-secrets
+                  key: spring.datasource.username
+            - name: DB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: sandbox-db-secrets
+                  key: spring.datasource.password
+          volumeMounts:
+            - mountPath: /liquibase/changelog
+              name: migrations-data
+            - mountPath: {{ .Values.sandbox.dbPasswordFile }}
+              name: database-secret
+      volumes:
+        - {{ include "spring-boot.config-volume" (dict "service" .Values.sandbox) | indent 10 | trim }}
+        - name: fs-storage
+          persistentVolumeClaim:
+            claimName: save-fs-storage
+        - name: database-secret
+          secret:
+            secretName: sandbox-db-secrets
+        - name: migrations-data
+          emptyDir: { }

save-cloud-charts/save-cloud/templates/sandbox-mysql-deployment.yaml

@@ -0,0 +1,49 @@
+{{- if not .Values.sandbox_mysql.external -}}
+
+  {{- if eq .Values.profile "dev" -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: sandbox-db-secrets
+stringData:
+  spring.datasource.url: 'jdbc:mysql://mysql-service:3306/{{ .Values.sandbox_mysql.schema }}'
+  spring.datasource.username: root
+  spring.datasource.password: {{ .Values.sandbox_mysql.root_password }}
+
+---
+  {{ end }}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: sandbox-mysql
+  annotations:
+    io.kompose.service: mysql
+spec:
+  selector:
+    matchLabels:
+      io.kompose.service: mysql
+  template:
+    metadata:
+      labels:
+        io.kompose.service: mysql
+    spec:
+      containers:
+        - image: mysql:8.0.28
+          name: mysql
+          ports:
+            - containerPort: 3306
+              name: mysql
+          env:
+            - name: MYSQL_ROOT_PASSWORD
+              value: {{ .Values.sandbox_mysql.root_password }}
+            - name: MYSQL_DATABASE
+              value: {{ .Values.sandbox_mysql.schema }}
+          volumeMounts:
+            - name: mysql-persistent-storage
+              mountPath: /var/lib/mysql
+      volumes:
+        - name: mysql-persistent-storage
+          hostPath:
+            path: /home/data/mysql
+{{- end }}