From 9045685b2bf257ec7ad070cf56fde0c239307754 Mon Sep 17 00:00:00 2001 From: Isala Piyarisi Date: Tue, 10 Mar 2026 19:36:05 +0530 Subject: [PATCH 1/2] Add workload.yaml descriptors for OpenChoreo source builds --- audit-service/workload.yaml | 43 ++++++++++++ exchange/consent-engine/workload.yaml | 56 +++++++++++++++ exchange/orchestration-engine/workload.yaml | 55 +++++++++++++++ exchange/policy-decision-point/workload.yaml | 51 ++++++++++++++ portal-backend/workload.yaml | 73 ++++++++++++++++++++ portals/admin-portal/workload.yaml | 37 ++++++++++ portals/consent-portal/workload.yaml | 40 +++++++++++ portals/member-portal/workload.yaml | 35 ++++++++++ 8 files changed, 390 insertions(+) create mode 100644 audit-service/workload.yaml create mode 100644 exchange/consent-engine/workload.yaml create mode 100644 exchange/orchestration-engine/workload.yaml create mode 100644 exchange/policy-decision-point/workload.yaml create mode 100644 portal-backend/workload.yaml create mode 100644 portals/admin-portal/workload.yaml create mode 100644 portals/consent-portal/workload.yaml create mode 100644 portals/member-portal/workload.yaml diff --git a/audit-service/workload.yaml b/audit-service/workload.yaml new file mode 100644 index 00000000..b33c0955 --- /dev/null +++ b/audit-service/workload.yaml @@ -0,0 +1,43 @@ +apiVersion: openchoreo.dev/v1alpha1 + +metadata: + name: ndx-audit-service + +endpoints: + - name: api + port: 3001 + type: REST + +configurations: + env: + - name: PORT + value: "3001" + - name: DB_TYPE + value: postgres + - name: DB_HOST + valueFrom: + secretKeyRef: + name: ndx-db-secrets + key: host + - name: DB_PORT + valueFrom: + secretKeyRef: + name: ndx-db-secrets + key: port + - name: DB_USERNAME + valueFrom: + secretKeyRef: + name: ndx-db-secrets + key: username + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: ndx-db-secrets + key: password + - name: DB_NAME + valueFrom: + secretKeyRef: + name: ndx-db-secrets + key: database + - name: LOG_LEVEL + value: info diff --git a/exchange/consent-engine/workload.yaml b/exchange/consent-engine/workload.yaml new file mode 100644 index 00000000..7b6ac327 --- /dev/null +++ b/exchange/consent-engine/workload.yaml @@ -0,0 +1,56 @@ +apiVersion: openchoreo.dev/v1alpha1 + +metadata: + name: ndx-consent-engine + +endpoints: + - name: api + port: 8081 + type: REST + +connections: + - component: ndx-audit-service + endpoint: api + visibility: project + envBindings: + address: AUDIT_SERVICE_URL + +configurations: + env: + - name: PORT + value: "8081" + - name: ENVIRONMENT + value: production + - name: LOG_LEVEL + value: info + - name: LOG_FORMAT + value: json + - name: DB_HOST + valueFrom: + secretKeyRef: + name: ndx-db-secrets + key: host + - name: DB_PORT + valueFrom: + secretKeyRef: + name: ndx-db-secrets + key: port + - name: DB_USERNAME + valueFrom: + secretKeyRef: + name: ndx-db-secrets + key: username + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: ndx-db-secrets + key: password + - name: DB_NAME + valueFrom: + secretKeyRef: + name: ndx-db-secrets + key: database + - name: DB_SSLMODE + value: disable + - name: RUN_MIGRATION + value: "false" diff --git a/exchange/orchestration-engine/workload.yaml b/exchange/orchestration-engine/workload.yaml new file mode 100644 index 00000000..813dc560 --- /dev/null +++ b/exchange/orchestration-engine/workload.yaml @@ -0,0 +1,55 @@ +apiVersion: openchoreo.dev/v1alpha1 + +metadata: + name: ndx-orchestration-engine + +endpoints: + - name: api + port: 4000 + type: GraphQL + visibility: + - external + +connections: + - component: ndx-consent-engine + endpoint: api + visibility: project + envBindings: + address: CONSENT_ENGINE_URL + - component: ndx-pdp + endpoint: api + visibility: project + envBindings: + address: PDP_URL + - component: ndx-audit-service + endpoint: api + visibility: project + envBindings: + address: AUDIT_SERVICE_URL + +configurations: + env: + - name: SERVER_PORT + value: "4000" + - name: SERVER_HOST + value: 0.0.0.0 + - name: LOG_LEVEL + value: info + - name: ENVIRONMENT + value: production + files: + - name: config.json + mountPath: /app + value: | + { + "environment": "production", + "ceUrl": "http://ndx-consent-engine:8081/internal/api/v1", + "pdpUrl": "http://ndx-pdp:8082", + "auditConfig": { + "serviceUrl": "http://ndx-audit-service:3001", + "actorType": "SERVICE", + "actorId": "orchestration-engine" + }, + "providers": [], + "trustUpstream": true + } diff --git a/exchange/policy-decision-point/workload.yaml b/exchange/policy-decision-point/workload.yaml new file mode 100644 index 00000000..84c4297b --- /dev/null +++ b/exchange/policy-decision-point/workload.yaml @@ -0,0 +1,51 @@ +apiVersion: openchoreo.dev/v1alpha1 + +metadata: + name: ndx-pdp + +endpoints: + - name: api + port: 8082 + type: REST + +configurations: + env: + - name: PORT + value: "8082" + - name: ENVIRONMENT + value: production + - name: LOG_LEVEL + value: info + - name: LOG_FORMAT + value: json + - name: SERVICE_NAME + value: policy-decision-point + - name: DB_HOST + valueFrom: + secretKeyRef: + name: ndx-db-secrets + key: host + - name: DB_PORT + valueFrom: + secretKeyRef: + name: ndx-db-secrets + key: port + - name: DB_USERNAME + valueFrom: + secretKeyRef: + name: ndx-db-secrets + key: username + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: ndx-db-secrets + key: password + - name: DB_NAME + valueFrom: + secretKeyRef: + name: ndx-db-secrets + key: database + - name: DB_SSLMODE + value: disable + - name: RUN_MIGRATION + value: "true" diff --git a/portal-backend/workload.yaml b/portal-backend/workload.yaml new file mode 100644 index 00000000..b9781009 --- /dev/null +++ b/portal-backend/workload.yaml @@ -0,0 +1,73 @@ +apiVersion: openchoreo.dev/v1alpha1 + +metadata: + name: ndx-portal-backend + +endpoints: + - name: api + port: 3000 + type: REST + visibility: + - external + +connections: + - component: ndx-pdp + endpoint: api + visibility: project + envBindings: + address: CHOREO_PDP_CONNECTION_SERVICEURL + - component: ndx-audit-service + endpoint: api + visibility: project + envBindings: + address: CHOREO_AUDIT_CONNECTION_SERVICEURL + +configurations: + env: + - name: PORT + value: "3000" + - name: CHOREO_OPENDIF_DB_HOSTNAME + valueFrom: + secretKeyRef: + name: ndx-db-secrets + key: host + - name: CHOREO_OPENDIF_DB_PORT + valueFrom: + secretKeyRef: + name: ndx-db-secrets + key: port + - name: CHOREO_OPENDIF_DB_USERNAME + valueFrom: + secretKeyRef: + name: ndx-db-secrets + key: username + - name: CHOREO_OPENDIF_DB_PASSWORD + valueFrom: + secretKeyRef: + name: ndx-db-secrets + key: password + - name: CHOREO_OPENDIF_DB_DATABASENAME + valueFrom: + secretKeyRef: + name: ndx-db-secrets + key: database + - name: DB_SSLMODE + value: disable + - name: RUN_MIGRATION + value: "true" + - name: AUTHORIZATION_MODE + value: fail_open_admin + - name: LOG_LEVEL + value: info + - name: ASGARDEO_BASE_URL + value: http://thunder-service.thunder.svc.cluster.local:8090 + - name: ASGARDEO_CLIENT_ID + value: NDX_ADMIN_PORTAL + - name: ASGARDEO_CLIENT_SECRET + value: placeholder + - name: CHOREO_PDP_CONNECTION_CHOREOAPIKEY + value: placeholder + - name: ASGARDEO_MEMBER_PORTAL_CLIENT_ID + value: NDX_MEMBER_PORTAL + - name: ASGARDEO_ADMIN_PORTAL_CLIENT_ID + value: NDX_ADMIN_PORTAL diff --git a/portals/admin-portal/workload.yaml b/portals/admin-portal/workload.yaml new file mode 100644 index 00000000..4cb11493 --- /dev/null +++ b/portals/admin-portal/workload.yaml @@ -0,0 +1,37 @@ +apiVersion: openchoreo.dev/v1alpha1 + +metadata: + name: ndx-admin-portal + +endpoints: + - name: web + port: 80 + type: HTTP + visibility: + - external + +connections: + - component: ndx-portal-backend + endpoint: api + visibility: project + envBindings: + address: NDX_PORTAL_BACKEND_URL + +configurations: + env: + - name: VITE_API_URL + value: "" + - name: VITE_LOGS_URL + value: "" + - name: VITE_IDP_CLIENT_ID + value: NDX_ADMIN_PORTAL + - name: VITE_IDP_BASE_URL + value: http://thunder-service.thunder.svc.cluster.local:8090 + - name: VITE_IDP_SCOPE + value: "openid profile email groups" + - name: VITE_IDP_ADMIN_ROLE + value: admin + - name: VITE_SIGN_IN_REDIRECT_URL + value: "" + - name: VITE_SIGN_OUT_REDIRECT_URL + value: "" diff --git a/portals/consent-portal/workload.yaml b/portals/consent-portal/workload.yaml new file mode 100644 index 00000000..25002603 --- /dev/null +++ b/portals/consent-portal/workload.yaml @@ -0,0 +1,40 @@ +apiVersion: openchoreo.dev/v1alpha1 + +metadata: + name: ndx-consent-portal + +endpoints: + - name: web + port: 80 + type: HTTP + visibility: + - external + +connections: + - component: ndx-consent-engine + endpoint: api + visibility: project + envBindings: + address: NDX_CONSENT_ENGINE_URL + - component: ndx-portal-backend + endpoint: api + visibility: project + envBindings: + address: NDX_PORTAL_BACKEND_URL + +configurations: + env: + - name: VITE_CONSENT_ENGINE_URL + value: "" + - name: VITE_API_URL + value: "" + - name: VITE_CLIENT_ID + value: NDX_CONSENT_PORTAL + - name: VITE_BASE_URL + value: http://thunder-service.thunder.svc.cluster.local:8090 + - name: VITE_SCOPE + value: "openid profile email" + - name: VITE_SIGN_IN_REDIRECT_URL + value: "" + - name: VITE_SIGN_OUT_REDIRECT_URL + value: "" diff --git a/portals/member-portal/workload.yaml b/portals/member-portal/workload.yaml new file mode 100644 index 00000000..c724288d --- /dev/null +++ b/portals/member-portal/workload.yaml @@ -0,0 +1,35 @@ +apiVersion: openchoreo.dev/v1alpha1 + +metadata: + name: ndx-member-portal + +endpoints: + - name: web + port: 80 + type: HTTP + visibility: + - external + +connections: + - component: ndx-portal-backend + endpoint: api + visibility: project + envBindings: + address: NDX_PORTAL_BACKEND_URL + +configurations: + env: + - name: VITE_API_URL + value: "" + - name: VITE_LOGS_URL + value: "" + - name: VITE_CLIENT_ID + value: NDX_MEMBER_PORTAL + - name: VITE_BASE_URL + value: http://thunder-service.thunder.svc.cluster.local:8090 + - name: VITE_SCOPE + value: "openid profile email groups" + - name: VITE_SIGN_IN_REDIRECT_URL + value: "" + - name: VITE_SIGN_OUT_REDIRECT_URL + value: "" From c166efdb958683035a05b7020c2c99beb1c085a4 Mon Sep 17 00:00:00 2001 From: Isala Piyarisi Date: Tue, 10 Mar 2026 20:16:38 +0530 Subject: [PATCH 2/2] Fix GORM auto-migration FK constraint issue --- portal-backend/v1/database.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/portal-backend/v1/database.go b/portal-backend/v1/database.go index c6eb4262..3b84c1fd 100644 --- a/portal-backend/v1/database.go +++ b/portal-backend/v1/database.go @@ -59,7 +59,8 @@ func ConnectGormDB(config *DatabaseConfig) (*gorm.DB, error) { gormLogger := logger.Default.LogMode(logger.Warn) db, err := gorm.Open(postgres.Open(dsn), &gorm.Config{ - Logger: gormLogger, + Logger: gormLogger, + DisableForeignKeyConstraintWhenMigrating: true, }) if err != nil { return nil, fmt.Errorf("failed to connect to database: %w", err)