diff --git a/.github/workflows/deploy-pr.yml b/.github/workflows/deploy-pr.yml index b33e27e..07de104 100644 --- a/.github/workflows/deploy-pr.yml +++ b/.github/workflows/deploy-pr.yml @@ -31,8 +31,8 @@ on: description: 'IDE images tag (appdefinitions and preloading)' required: false default: 'latest' - helm_chart_branch: - description: 'Branch of theia-cloud-helm to use (leave empty for default)' + helm_chart_tag: + description: 'Preview OCI tag from theia-cloud-helm to use (for example pr-123)' required: false default: '' @@ -49,7 +49,7 @@ jobs: environment: test1 theia_cloud_tag: ${{ inputs.theia_cloud_tag || 'latest' }} ide_images_tag: ${{ inputs.ide_images_tag || 'latest' }} - helm_chart_branch: ${{ inputs.helm_chart_branch || '' }} + helm_chart_tag: ${{ inputs.helm_chart_tag || '' }} deploy_shared_gateway: false shared_gateway_values_file: deployments/shared-gateway/values.yaml shared_gateway_namespace: gateway-system @@ -67,7 +67,7 @@ jobs: environment: test2 theia_cloud_tag: ${{ inputs.theia_cloud_tag || 'latest' }} ide_images_tag: ${{ inputs.ide_images_tag || 'latest' }} - helm_chart_branch: ${{ inputs.helm_chart_branch || '' }} + helm_chart_tag: ${{ inputs.helm_chart_tag || '' }} deploy_shared_gateway: false shared_gateway_values_file: deployments/shared-gateway/values.yaml shared_gateway_namespace: gateway-system @@ -85,7 +85,7 @@ jobs: environment: test3 theia_cloud_tag: ${{ inputs.theia_cloud_tag || 'latest' }} ide_images_tag: ${{ inputs.ide_images_tag || 'latest' }} - helm_chart_branch: ${{ inputs.helm_chart_branch || '' }} + helm_chart_tag: ${{ inputs.helm_chart_tag || '' }} deploy_shared_gateway: false shared_gateway_values_file: deployments/shared-gateway/values.yaml shared_gateway_namespace: gateway-system diff --git a/.github/workflows/deploy-theia.yml b/.github/workflows/deploy-theia.yml index bb143d3..9cadfc8 100644 --- a/.github/workflows/deploy-theia.yml +++ b/.github/workflows/deploy-theia.yml @@ -54,8 +54,8 @@ on: required: false type: string default: "latest" - helm_chart_branch: - description: "Branch of theia-cloud-helm to use (leave empty for main/published)" + helm_chart_tag: + description: "Published OCI preview tag to use for upstream helm charts (e.g. pr-123)" required: false type: string default: "" @@ -80,6 +80,7 @@ jobs: name: Install Theia Cloud Helm Chart permissions: contents: read + packages: read runs-on: ubuntu-latest # Link to GitHub Environment for secrets and protection rules environment: ${{ inputs.environment }} @@ -114,55 +115,77 @@ jobs: kubectl config get-contexts kubectl get nodes - # Step 3.5: Checkout upstream Helm chart branch if specified - - name: Checkout Upstream Helm Branch - if: inputs.helm_chart_branch != '' - uses: actions/checkout@v4 - with: - repository: EduIDE/EduIDE-Helm - ref: ${{ inputs.helm_chart_branch }} - path: upstream-helm - - # Step 3.6: Patch Chart.yaml to use local upstream chart - - name: Patch Chart.yaml - if: inputs.helm_chart_branch != '' + - name: Patch Chart.yaml for OCI preview tag + if: inputs.helm_chart_tag != '' run: | - echo "Patching Chart.yaml to use local upstream chart from branch: ${{ inputs.helm_chart_branch }}" - - # Remove Chart.lock to force fresh dependency resolution - rm -f ./charts/theia-cloud-combined/Chart.lock - - # Get the version from the local upstream chart - UPSTREAM_VERSION=$(grep '^version:' ./upstream-helm/charts/theia-cloud/Chart.yaml | head -1 | awk '{print $2}') - echo "Detected upstream chart version: $UPSTREAM_VERSION" - - # Patch the repository URL to use local file path - sed -i 's|repository: "https://eduide.github.io/EduIDE-Helm"|repository: "file://../../upstream-helm/charts/theia-cloud"|' ./charts/theia-cloud-combined/Chart.yaml - - # Patch the version to match the local chart's version exactly - sed -i "/name: theia-cloud/{n;s/version: .*/version: $UPSTREAM_VERSION/}" ./charts/theia-cloud-combined/Chart.yaml - - echo "Patched Chart.yaml content:" + set -euo pipefail + + get_theia_cloud_version() { + awk ' + $1 == "-" && $2 == "name:" && $3 == "theia-cloud" { in_dep=1; next } + in_dep && $1 == "version:" { print $2; exit } + ' ./charts/theia-cloud-combined/Chart.yaml + } + + normalize_preview_version() { + local base="$1" + local tag="$2" + printf '%s.%s' "$base" "$tag" + } + + THEIA_CLOUD_VERSION="$(get_theia_cloud_version)" + PREVIEW_VERSION="$(normalize_preview_version "$THEIA_CLOUD_VERSION" "${{ inputs.helm_chart_tag }}")" + sed -i "/name: theia-cloud/{n;s|version: .*|version: ${PREVIEW_VERSION}|;}" ./charts/theia-cloud-combined/Chart.yaml + + echo "Using OCI preview version: ${PREVIEW_VERSION}" cat ./charts/theia-cloud-combined/Chart.yaml + - name: Login to GHCR + env: + GHCR_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + echo "$GHCR_TOKEN" | helm registry login ghcr.io -u "${{ github.actor }}" --password-stdin + # Step 4: Install Theia Cloud base components, CRDs, and cluster-wide monitoring # These are prerequisites from the upstream Theia Cloud Helm repository - name: Setup Helm dependencies env: KUBECONFIG: ${{ github.workspace }}/kubeconfig run: | - # Add EduIDE Theia Cloud Helm repository - helm repo add theia-cloud-repo https://eduide.github.io/EduIDE-Helm/ - helm repo update - # Update dependencies for our custom chart helm dependency update ./charts/theia-cloud-combined + - name: Install Theia Cloud base and CRDs + env: + KUBECONFIG: ${{ github.workspace }}/kubeconfig + run: | + set -euo pipefail + + THEIA_CLOUD_BASE_VERSION="1.4.0-next.0" + THEIA_CLOUD_CRDS_VERSION="1.2.0-next.0" + + if [ -n "${{ inputs.helm_chart_tag }}" ]; then + normalize_preview_version() { + local base="$1" + local tag="$2" + printf '%s.%s' "$base" "$tag" + } + + THEIA_CLOUD_BASE_VERSION="$(normalize_preview_version "$THEIA_CLOUD_BASE_VERSION" "${{ inputs.helm_chart_tag }}")" + THEIA_CLOUD_CRDS_VERSION="$(normalize_preview_version "$THEIA_CLOUD_CRDS_VERSION" "${{ inputs.helm_chart_tag }}")" + fi + THEIA_CLOUD_BASE_CHART=oci://ghcr.io/eduide/charts/theia-cloud-base + THEIA_CLOUD_CRDS_CHART=oci://ghcr.io/eduide/charts/theia-cloud-crds # Install base components (operator base, metrics, etc.) - helm upgrade theia-cloud-base theia-cloud-repo/theia-cloud-base --install -n default -f ${{ vars.HELM_VALUES_PATH }}/theia-base-helm-values.yml + helm upgrade theia-cloud-base "$THEIA_CLOUD_BASE_CHART" --version "$THEIA_CLOUD_BASE_VERSION" --install -n default -f ${{ vars.HELM_VALUES_PATH }}/theia-base-helm-values.yml # Install Custom Resource Definitions (CRDs) for Theia Cloud - helm upgrade theia-cloud-crds theia-cloud-repo/theia-cloud-crds --install -n default -f ${{ vars.HELM_VALUES_PATH }}/theia-crds-helm-values.yml + helm upgrade theia-cloud-crds "$THEIA_CLOUD_CRDS_CHART" --version "$THEIA_CLOUD_CRDS_VERSION" --install -n default -f ${{ vars.HELM_VALUES_PATH }}/theia-crds-helm-values.yml + + - name: Install cluster-wide monitoring + env: + KUBECONFIG: ${{ github.workspace }}/kubeconfig + run: | # Install cluster-wide monitoring (PodMonitors + Grafana Dashboards) # This is installed once per cluster, not per environment @@ -176,12 +199,18 @@ jobs: SHARED_GATEWAY_VALUES_FILE: ${{ inputs.shared_gateway_values_file }} SHARED_GATEWAY_NAMESPACE: ${{ inputs.shared_gateway_namespace }} run: | + set -euo pipefail + SHARED_GATEWAY_NAMESPACE="${SHARED_GATEWAY_NAMESPACE:-gateway-system}" + echo "${{ secrets.THEIA_WILDCARD_CERTIFICATE_CERT }}" | base64 -w 0 > shared-gateway-wildcard.crt + echo "${{ secrets.THEIA_WILDCARD_CERTIFICATE_KEY }}" | base64 -w 0 > shared-gateway-wildcard.key helm upgrade --install theia-shared-gateway ./charts/theia-shared-gateway \ --namespace "$SHARED_GATEWAY_NAMESPACE" \ --create-namespace \ - -f "$SHARED_GATEWAY_VALUES_FILE" + -f "$SHARED_GATEWAY_VALUES_FILE" \ + --set wildcardTLSSecret.certificate="$(cat shared-gateway-wildcard.crt)" \ + --set wildcardTLSSecret.key="$(cat shared-gateway-wildcard.key)" # Step 6: Install the main Theia Cloud application with environment-specific configuration # This includes the operator, service, certificates, and app definitions @@ -209,14 +238,14 @@ jobs: --set theia-certificates.wildcardCertificate="$(cat wildcard.crt)" \ --set theia-certificates.wildcardKey="$(cat wildcard.key)" \ --set theia-cloud.keycloak.cookieSecret="${{ secrets.THEIA_KEYCLOAK_COOKIE_SECRET }}" \ - --set theia-cloud.landingPage.image="ghcr.io/ls1intum/theia/landing-page:${THEIA_CLOUD_TAG}" \ - --set theia-cloud.operator.image="ghcr.io/ls1intum/theia/operator:${THEIA_CLOUD_TAG}" \ - --set theia-cloud.service.image="ghcr.io/ls1intum/theia/service:${THEIA_CLOUD_TAG}" \ - --set "theia-cloud.preloading.images[0]=ghcr.io/ls1intum/theia/landing-page:${THEIA_CLOUD_TAG}" \ - --set "theia-cloud.preloading.images[1]=ghcr.io/ls1intum/theia/java-17:${IDE_IMAGES_TAG}" \ - --set "theia-cloud.preloading.images[2]=ghcr.io/ls1intum/theia/c:${IDE_IMAGES_TAG}" \ - --set "theia-cloud.preloading.images[3]=ghcr.io/ls1intum/theia/javascript:${IDE_IMAGES_TAG}" \ - --set "theia-cloud.preloading.images[4]=ghcr.io/ls1intum/theia/ocaml:${IDE_IMAGES_TAG}" \ - --set "theia-cloud.preloading.images[5]=ghcr.io/ls1intum/theia/rust:${IDE_IMAGES_TAG}" \ - --set "theia-cloud.preloading.images[6]=ghcr.io/ls1intum/theia/python:${IDE_IMAGES_TAG}" \ + --set theia-cloud.landingPage.image="ghcr.io/eduide/eduide-cloud/landing-page:${THEIA_CLOUD_TAG}" \ + --set theia-cloud.operator.image="ghcr.io/eduide/eduide-cloud/operator:${THEIA_CLOUD_TAG}" \ + --set theia-cloud.service.image="ghcr.io/eduide/eduide-cloud/service:${THEIA_CLOUD_TAG}" \ + --set "theia-cloud.preloading.images[0]=ghcr.io/eduide/eduide-cloud/landing-page:${THEIA_CLOUD_TAG}" \ + --set "theia-cloud.preloading.images[1]=ghcr.io/eduide/eduide/java-17:${IDE_IMAGES_TAG}" \ + --set "theia-cloud.preloading.images[2]=ghcr.io/eduide/eduide/c:${IDE_IMAGES_TAG}" \ + --set "theia-cloud.preloading.images[3]=ghcr.io/eduide/eduide/javascript:${IDE_IMAGES_TAG}" \ + --set "theia-cloud.preloading.images[4]=ghcr.io/eduide/eduide/ocaml:${IDE_IMAGES_TAG}" \ + --set "theia-cloud.preloading.images[5]=ghcr.io/eduide/eduide/rust:${IDE_IMAGES_TAG}" \ + --set "theia-cloud.preloading.images[6]=ghcr.io/eduide/eduide/python:${IDE_IMAGES_TAG}" \ --set theia-appdefinitions.defaultImageTag="${IDE_IMAGES_TAG}" diff --git a/README.md b/README.md index 5fac8fb..d94eb1f 100644 --- a/README.md +++ b/README.md @@ -129,13 +129,12 @@ Configuration files for each environment are located in the [deployments/](deplo 2. **Install Theia Cloud base charts**: ```bash - helm repo add theia-cloud-repo https://eclipse-theia.github.io/theia-cloud-helm/ - helm repo update + helm registry login ghcr.io - helm upgrade theia-cloud-base theia-cloud-repo/theia-cloud-base --install \ + helm upgrade theia-cloud-base oci://ghcr.io/eduide/charts/theia-cloud-base --version 1.2.0-next.0 --install \ -f deployments/your-environment/theia-base-helm-values.yml - helm upgrade theia-cloud-crds theia-cloud-repo/theia-cloud-crds --install \ + helm upgrade theia-cloud-crds oci://ghcr.io/eduide/charts/theia-cloud-crds --version 1.2.0-next.0 --install \ -f deployments/your-environment/theia-crds-helm-values.yml ``` @@ -150,11 +149,16 @@ Configuration files for each environment are located in the [deployments/](deplo 4. **Install the combined Theia Cloud chart**: ```bash + helm registry login ghcr.io helm upgrade --install theia-cloud-combined ./charts/theia-cloud-combined \ --namespace your-namespace --create-namespace \ -f deployments/your-environment/values.yaml ``` +Normal deployments consume released OCI charts from `ghcr.io/eduide/charts`. +The `theia-cloud` dependency version in `charts/theia-cloud-combined/Chart.yaml` controls the main application chart, while `theia-cloud-base` and `theia-cloud-crds` are pinned separately in the workflow at `1.2.0-next.0` and `1.4.0-next.0`. +For PR previews, you can set `helm_chart_tag` to a value like `pr-123` to pull preview OCI charts published from `theia-cloud-helm` pull requests as versions such as `.pr-123`. + When using GitHub Actions, shared-gateway settings are passed as hardcoded inputs by the caller workflows (`deploy-pr.yml`, `deploy-staging.yml`, `deploy-production.yml`): - `deploy_shared_gateway` (`true`/`false`) diff --git a/charts/theia-appdefinitions/templates/appdefinition.yaml b/charts/theia-appdefinitions/templates/appdefinition.yaml index 0676b9a..525dfb4 100644 --- a/charts/theia-appdefinitions/templates/appdefinition.yaml +++ b/charts/theia-appdefinitions/templates/appdefinition.yaml @@ -8,7 +8,7 @@ metadata: helm.sh/revision: {{ $.Release.Revision | quote }} spec: name: {{ .name }} - image: {{ .image | default "ghcr.io/ls1intum/theia/default" }}:{{ .imageTag | default $.Values.defaultImageTag | default "latest" }} + image: {{ .image | default "ghcr.io/eduide/eduide/default" }}:{{ .imageTag | default $.Values.defaultImageTag | default "latest" }} uid: {{ .uid | default 101 }} port: {{ .port | default 3000 }} ingressname: {{ .ingressname | default "theia-cloud-demo-ws-route" }} diff --git a/charts/theia-appdefinitions/values.yaml b/charts/theia-appdefinitions/values.yaml index e6ddcfb..a342dec 100644 --- a/charts/theia-appdefinitions/values.yaml +++ b/charts/theia-appdefinitions/values.yaml @@ -5,7 +5,7 @@ defaultImageTag: latest apps: - name: java-17-latest - image: ghcr.io/ls1intum/theia/java-17 + image: ghcr.io/eduide/eduide/java-17 # imageTag: latest # Optional: override defaultImageTag for this app requestsMemory: 2000M requestsCpu: 500m @@ -17,7 +17,7 @@ apps: dataBridgePort: "16281" - name: c-latest - image: ghcr.io/ls1intum/theia/c + image: ghcr.io/eduide/eduide/c # imageTag: latest # Optional: override defaultImageTag for this app requestsMemory: 100M requestsCpu: 200m @@ -29,7 +29,7 @@ apps: dataBridgePort: "16281" - name: javascript-latest - image: ghcr.io/ls1intum/theia/javascript + image: ghcr.io/eduide/eduide/javascript # imageTag: latest # Optional: override defaultImageTag for this app requestsMemory: 100M requestsCpu: 200m @@ -41,7 +41,7 @@ apps: dataBridgePort: "16281" - name: ocaml-latest - image: ghcr.io/ls1intum/theia/ocaml + image: ghcr.io/eduide/eduide/ocaml # imageTag: latest # Optional: override defaultImageTag for this app requestsMemory: 100M requestsCpu: 200m @@ -53,7 +53,7 @@ apps: dataBridgePort: "16281" - name: python-latest - image: ghcr.io/ls1intum/theia/python + image: ghcr.io/eduide/eduide/python # imageTag: latest # Optional: override defaultImageTag for this app requestsMemory: 100M requestsCpu: 200m @@ -65,7 +65,7 @@ apps: dataBridgePort: "16281" - name: rust-latest - image: ghcr.io/ls1intum/theia/rust + image: ghcr.io/eduide/eduide/rust # imageTag: latest # Optional: override defaultImageTag for this app requestsMemory: 100M requestsCpu: 200m diff --git a/charts/theia-cloud-combined/Chart.yaml b/charts/theia-cloud-combined/Chart.yaml index 7f8673e..2a3df9b 100644 --- a/charts/theia-cloud-combined/Chart.yaml +++ b/charts/theia-cloud-combined/Chart.yaml @@ -7,7 +7,7 @@ appVersion: 1.0.0 dependencies: - name: theia-cloud version: 1.4.0-next.0 - repository: "https://eduide.github.io/EduIDE-Helm" + repository: "oci://ghcr.io/eduide/charts" - name: theia-certificates version: 0.1.0 diff --git a/charts/theia-cloud-combined/values.yaml b/charts/theia-cloud-combined/values.yaml index 32febb8..f245724 100644 --- a/charts/theia-cloud-combined/values.yaml +++ b/charts/theia-cloud-combined/values.yaml @@ -41,26 +41,26 @@ theia-cloud: interval: 3 operator: - image: ghcr.io/ls1intum/theia/operator:latest + image: ghcr.io/eduide/eduide/operator:latest replicas: 1 sessionsPerUser: 10 storageClassName: csi-rbd-sc eagerStart: true service: - image: ghcr.io/ls1intum/theia/service:latest + image: ghcr.io/eduide/eduide/service:latest # Public token (must match app.id or be set explicitly) authToken: nJV3nKZmpxTD4wu2 preloading: images: - - ghcr.io/ls1intum/theia/landing-page:latest - - ghcr.io/ls1intum/theia/java-17:latest - - ghcr.io/ls1intum/theia/c:latest - - ghcr.io/ls1intum/theia/javascript:latest - - ghcr.io/ls1intum/theia/ocaml:latest - - ghcr.io/ls1intum/theia/rust:latest - - ghcr.io/ls1intum/theia/python:latest + - ghcr.io/eduide/eduide/landing-page:latest + - ghcr.io/eduide/eduide/java-17:latest + - ghcr.io/eduide/eduide/c:latest + - ghcr.io/eduide/eduide/javascript:latest + - ghcr.io/eduide/eduide/ocaml:latest + - ghcr.io/eduide/eduide/rust:latest + - ghcr.io/eduide/eduide/python:latest imagePullPolicy: Always @@ -70,7 +70,7 @@ theia-cloud: landingPage: # We use the try now page as landing page since the default does not support mutliple apps -> https://github.com/eclipsesource/theia-cloud/discussions/301 - image: ghcr.io/ls1intum/theia/landing-page:latest + image: ghcr.io/eduide/eduide/landing-page:latest # We can define a default blueprint appDefinition: "java-17-latest" ephemeralStorage: false @@ -137,16 +137,16 @@ theia-appdefinitions: # Individual apps can override the tag in their definition, e.g.: # apps: # - name: java-17-v1 - # image: ghcr.io/ls1intum/theia/java-17 + # image: ghcr.io/eduide/eduide/java-17 # imageTag: v1.0.0 # - name: python-v2 - # image: ghcr.io/ls1intum/theia/python + # image: ghcr.io/eduide/eduide/python # imageTag: v2.0.0 theia-workspace-garbage-collector: replicaCount: 1 image: - repository: ghcr.io/ls1intum/theia/garbage-collector + repository: ghcr.io/eduide/eduide/garbage-collector tag: latest pullPolicy: Always diff --git a/charts/theia-shared-gateway/README.md b/charts/theia-shared-gateway/README.md index 40b1b28..d5d5851 100644 --- a/charts/theia-shared-gateway/README.md +++ b/charts/theia-shared-gateway/README.md @@ -21,7 +21,8 @@ For production cluster values, use `deployments/shared-gateway-prod/values.yaml` ## Notes -- TLS secrets referenced by listeners must exist in `gateway.namespace`. +- The shared gateway chart should own the TLS material referenced by its listeners. +- For production, use cert-manager `Certificate` resources for concrete hosts and create the wildcard webview secret in `gateway.namespace` from the deploy-time wildcard certificate/key. - Tenant charts should set: - `theia-cloud.gateway.create=false` - `theia-cloud.gateway.routes.enabled=true` diff --git a/charts/theia-shared-gateway/templates/certificates.yaml b/charts/theia-shared-gateway/templates/certificates.yaml new file mode 100644 index 0000000..3711b4c --- /dev/null +++ b/charts/theia-shared-gateway/templates/certificates.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.managedCertificates.enabled (gt (len .Values.managedCertificates.certificates) 0) }} +{{- range $cert := .Values.managedCertificates.certificates }} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ $cert.name }} + namespace: {{ default $.Values.gateway.namespace $cert.namespace }} +spec: + secretName: {{ $cert.secretName }} + commonName: {{ $cert.hostname | quote }} + dnsNames: + - {{ $cert.hostname | quote }} + issuerRef: + kind: {{ $.Values.managedCertificates.issuerRef.kind }} + name: {{ $.Values.managedCertificates.issuerRef.name }} + privateKey: + rotationPolicy: Never +{{- end }} +{{- end }} diff --git a/charts/theia-shared-gateway/templates/envoyproxy.yaml b/charts/theia-shared-gateway/templates/envoyproxy.yaml new file mode 100644 index 0000000..8671814 --- /dev/null +++ b/charts/theia-shared-gateway/templates/envoyproxy.yaml @@ -0,0 +1,17 @@ +{{- if .Values.envoyProxy.create }} +apiVersion: gateway.envoyproxy.io/v1alpha1 +kind: EnvoyProxy +metadata: + name: {{ .Values.envoyProxy.name }} + namespace: {{ .Values.envoyProxy.namespace }} + {{- with .Values.envoyProxy.labels }} + labels: +{{ toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.envoyProxy.annotations }} + annotations: +{{ toYaml . | nindent 4 }} + {{- end }} +spec: +{{ toYaml .Values.envoyProxy.spec | nindent 2 }} +{{- end }} diff --git a/charts/theia-shared-gateway/templates/gatewayclass.yaml b/charts/theia-shared-gateway/templates/gatewayclass.yaml new file mode 100644 index 0000000..d183ffb --- /dev/null +++ b/charts/theia-shared-gateway/templates/gatewayclass.yaml @@ -0,0 +1,20 @@ +{{- if .Values.gatewayClass.create }} +apiVersion: gateway.networking.k8s.io/v1 +kind: GatewayClass +metadata: + name: {{ .Values.gateway.className }} + {{- with .Values.gatewayClass.labels }} + labels: +{{ toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.gatewayClass.annotations }} + annotations: +{{ toYaml . | nindent 4 }} + {{- end }} +spec: + controllerName: {{ .Values.gatewayClass.controllerName }} + {{- with .Values.gatewayClass.parametersRef }} + parametersRef: +{{ toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/theia-shared-gateway/templates/wildcard-secret.yaml b/charts/theia-shared-gateway/templates/wildcard-secret.yaml new file mode 100644 index 0000000..325ed6c --- /dev/null +++ b/charts/theia-shared-gateway/templates/wildcard-secret.yaml @@ -0,0 +1,11 @@ +{{- if .Values.wildcardTLSSecret.create }} +apiVersion: v1 +kind: Secret +type: kubernetes.io/tls +metadata: + name: {{ .Values.wildcardTLSSecret.name }} + namespace: {{ .Values.wildcardTLSSecret.namespace }} +data: + tls.crt: {{ .Values.wildcardTLSSecret.certificate }} + tls.key: {{ .Values.wildcardTLSSecret.key }} +{{- end }} diff --git a/charts/theia-shared-gateway/values.yaml b/charts/theia-shared-gateway/values.yaml index 5a83455..1da3c3c 100644 --- a/charts/theia-shared-gateway/values.yaml +++ b/charts/theia-shared-gateway/values.yaml @@ -19,3 +19,32 @@ gateway: # - hostname # - tlsSecretName listeners: [] + +gatewayClass: + create: false + controllerName: gateway.envoyproxy.io/gatewayclass-controller + labels: {} + annotations: {} + parametersRef: {} + +envoyProxy: + create: false + name: theia-shared-gateway + namespace: envoy-gateway-system + labels: {} + annotations: {} + spec: {} + +managedCertificates: + enabled: false + issuerRef: + kind: ClusterIssuer + name: letsencrypt-prod + certificates: [] + +wildcardTLSSecret: + create: false + name: static-theia-cert + namespace: gateway-system + certificate: "" + key: "" diff --git a/deployments/shared-gateway-prod/values.yaml b/deployments/shared-gateway-prod/values.yaml index 435edbe..17cc8a0 100644 --- a/deployments/shared-gateway-prod/values.yaml +++ b/deployments/shared-gateway-prod/values.yaml @@ -10,13 +10,56 @@ gateway: listeners: - name: prod-landing hostname: theia.artemis.cit.tum.de - tlsSecretName: shared-theia-cert + tlsSecretName: landing-page-cert-secret - name: prod-service hostname: service.theia.artemis.cit.tum.de - tlsSecretName: shared-theia-cert + tlsSecretName: service-cert-secret - name: prod-instances hostname: instance.theia.artemis.cit.tum.de - tlsSecretName: shared-theia-cert + tlsSecretName: ws-cert-secret - name: prod-webview hostname: "*.webview.instance.theia.artemis.cit.tum.de" tlsSecretName: static-theia-cert + +gatewayClass: + create: true + controllerName: gateway.envoyproxy.io/gatewayclass-controller + parametersRef: + group: gateway.envoyproxy.io + kind: EnvoyProxy + name: theia-shared-gateway + namespace: envoy-gateway-system + +envoyProxy: + create: true + name: theia-shared-gateway + namespace: envoy-gateway-system + spec: + provider: + type: Kubernetes + kubernetes: + envoyService: + annotations: + metallb.io/address-pool: ingress + metallb.io/loadBalancerIPs: 131.159.88.82 + +managedCertificates: + enabled: true + issuerRef: + kind: ClusterIssuer + name: letsencrypt-prod + certificates: + - name: landing-page-cert + secretName: landing-page-cert-secret + hostname: theia.artemis.cit.tum.de + - name: service-cert + secretName: service-cert-secret + hostname: service.theia.artemis.cit.tum.de + - name: instance-cert + secretName: ws-cert-secret + hostname: instance.theia.artemis.cit.tum.de + +wildcardTLSSecret: + create: true + name: static-theia-cert + namespace: gateway-system diff --git a/deployments/test1.theia-test.artemis.cit.tum.de/values.yaml b/deployments/test1.theia-test.artemis.cit.tum.de/values.yaml index 0c43346..f0c907e 100644 --- a/deployments/test1.theia-test.artemis.cit.tum.de/values.yaml +++ b/deployments/test1.theia-test.artemis.cit.tum.de/values.yaml @@ -43,24 +43,24 @@ theia-cloud: interval: 3 operator: - #image: ghcr.io/ls1intum/theia/operator:latest + #image: ghcr.io/eduide/eduide/operator:latest #eagerStart: false replicas: 1 sessionsPerUser: 1000 # Needed for load tests - not recommended for production storageClassName: csi-rbd-sc # service: - # image: ghcr.io/ls1intum/theia/service:latest + # image: ghcr.io/eduide/eduide/service:latest preloading: images: - - ghcr.io/ls1intum/theia/landing-page:latest - - ghcr.io/ls1intum/theia/java-17:latest - - ghcr.io/ls1intum/theia/c:latest - - ghcr.io/ls1intum/theia/javascript:latest - - ghcr.io/ls1intum/theia/ocaml:latest - - ghcr.io/ls1intum/theia/rust:latest - - ghcr.io/ls1intum/theia/python:latest + - ghcr.io/eduide/eduide/landing-page:latest + - ghcr.io/eduide/eduide/java-17:latest + - ghcr.io/eduide/eduide/c:latest + - ghcr.io/eduide/eduide/javascript:latest + - ghcr.io/eduide/eduide/ocaml:latest + - ghcr.io/eduide/eduide/rust:latest + - ghcr.io/eduide/eduide/python:latest imagePullPolicy: Always @@ -70,7 +70,7 @@ theia-cloud: landingPage: # We use the try now page as landing page since the default does not support mutliple apps -> https://github.com/eclipsesource/theia-cloud/discussions/301 - image: ghcr.io/ls1intum/theia/landing-page + image: ghcr.io/eduide/eduide/landing-page # We can define a default blueprint appDefinition: "java-17-latest" ephemeralStorage: true diff --git a/deployments/test2.theia-test.artemis.cit.tum.de/values.yaml b/deployments/test2.theia-test.artemis.cit.tum.de/values.yaml index 4ee8008..176519c 100644 --- a/deployments/test2.theia-test.artemis.cit.tum.de/values.yaml +++ b/deployments/test2.theia-test.artemis.cit.tum.de/values.yaml @@ -43,24 +43,24 @@ theia-cloud: interval: 3 operator: - #image: ghcr.io/ls1intum/theia/operator:latest + #image: ghcr.io/eduide/eduide/operator:latest #eagerStart: false replicas: 1 sessionsPerUser: 10 storageClassName: csi-rbd-sc # service: - # image: ghcr.io/ls1intum/theia/service:latest + # image: ghcr.io/eduide/eduide/service:latest preloading: images: - - ghcr.io/ls1intum/theia/landing-page:latest - - ghcr.io/ls1intum/theia/java-17:latest - - ghcr.io/ls1intum/theia/c:latest - - ghcr.io/ls1intum/theia/javascript:latest - - ghcr.io/ls1intum/theia/ocaml:latest - - ghcr.io/ls1intum/theia/rust:latest - - ghcr.io/ls1intum/theia/python:latest + - ghcr.io/eduide/eduide/landing-page:latest + - ghcr.io/eduide/eduide/java-17:latest + - ghcr.io/eduide/eduide/c:latest + - ghcr.io/eduide/eduide/javascript:latest + - ghcr.io/eduide/eduide/ocaml:latest + - ghcr.io/eduide/eduide/rust:latest + - ghcr.io/eduide/eduide/python:latest imagePullPolicy: Always @@ -70,7 +70,7 @@ theia-cloud: landingPage: # We use the try now page as landing page since the default does not support multiple apps -> https://github.com/eclipsesource/theia-cloud/discussions/301 - image: ghcr.io/ls1intum/theia/landing-page + image: ghcr.io/eduide/eduide/landing-page # We can define a default blueprint appDefinition: "java-17-latest" ephemeralStorage: true diff --git a/deployments/test3.theia-test.artemis.cit.tum.de/values.yaml b/deployments/test3.theia-test.artemis.cit.tum.de/values.yaml index 15171f5..063095a 100644 --- a/deployments/test3.theia-test.artemis.cit.tum.de/values.yaml +++ b/deployments/test3.theia-test.artemis.cit.tum.de/values.yaml @@ -43,7 +43,7 @@ theia-cloud: interval: 3 operator: - image: ghcr.io/ls1intum/theia/operator:latest + image: ghcr.io/eduide/eduide/operator:latest #eagerStart: false replicas: 1 sessionsPerUser: 10 @@ -55,19 +55,19 @@ theia-cloud: ephemeral-storage: "256Mi" # service: - # image: ghcr.io/ls1intum/theia/service:latest + # image: ghcr.io/eduide/eduide/service:latest preloading: images: - - ghcr.io/ls1intum/theia/landing-page:latest - - ghcr.io/ls1intum/theia/java-17:latest - - ghcr.io/ls1intum/theia/c:latest - - ghcr.io/ls1intum/theia/javascript:latest - - ghcr.io/ls1intum/theia/ocaml:latest - - ghcr.io/ls1intum/theia/rust:latest - - ghcr.io/ls1intum/theia/python:latest - - ghcr.io/ls1intum/theia/theia-no-ls:pr-46 - - ghcr.io/ls1intum/theia/langserver-java:pr-46 + - ghcr.io/eduide/eduide/landing-page:latest + - ghcr.io/eduide/eduide/java-17:latest + - ghcr.io/eduide/eduide/c:latest + - ghcr.io/eduide/eduide/javascript:latest + - ghcr.io/eduide/eduide/ocaml:latest + - ghcr.io/eduide/eduide/rust:latest + - ghcr.io/eduide/eduide/python:latest + - ghcr.io/eduide/eduide/theia-no-ls:pr-46 + - ghcr.io/eduide/eduide/langserver-java:pr-46 imagePullPolicy: Always @@ -77,7 +77,7 @@ theia-cloud: landingPage: # We use the try now page as landing page since the default does not support mutliple apps -> https://github.com/eclipsesource/theia-cloud/discussions/301 - image: ghcr.io/ls1intum/theia/landing-page + image: ghcr.io/eduide/eduide/landing-page # We can define a default blueprint # 1. The actual image data (Must be a Base64 encoded string) @@ -137,10 +137,10 @@ theia-cloud: theia-appdefinitions: apps: - name: java-ls-test - image: ghcr.io/ls1intum/theia/theia-no-ls + image: ghcr.io/eduide/eduide/theia-no-ls imageTag: pr-46 options: - langserver-image: ghcr.io/ls1intum/theia/langserver-java:pr-46 + langserver-image: ghcr.io/eduide/eduide/langserver-java:pr-46 monitoring: targetNamespaces: diff --git a/deployments/theia-staging.artemis.cit.tum.de/values.yaml b/deployments/theia-staging.artemis.cit.tum.de/values.yaml index db6cfac..9cb1397 100644 --- a/deployments/theia-staging.artemis.cit.tum.de/values.yaml +++ b/deployments/theia-staging.artemis.cit.tum.de/values.yaml @@ -42,24 +42,24 @@ theia-cloud: interval: 3 operator: - #image: ghcr.io/ls1intum/theia/operator:latest + #image: ghcr.io/eduide/eduide/operator:latest #eagerStart: false replicas: 1 sessionsPerUser: 10 storageClassName: csi-rbd-sc # service: - # image: ghcr.io/ls1intum/theia/service:latest + # image: ghcr.io/eduide/eduide/service:latest preloading: images: - - ghcr.io/ls1intum/theia/landing-page:latest - - ghcr.io/ls1intum/theia/java-17:latest - - ghcr.io/ls1intum/theia/c:latest - - ghcr.io/ls1intum/theia/javascript:latest - - ghcr.io/ls1intum/theia/ocaml:latest - - ghcr.io/ls1intum/theia/rust:latest - - ghcr.io/ls1intum/theia/python:latest + - ghcr.io/eduide/eduide/landing-page:latest + - ghcr.io/eduide/eduide/java-17:latest + - ghcr.io/eduide/eduide/c:latest + - ghcr.io/eduide/eduide/javascript:latest + - ghcr.io/eduide/eduide/ocaml:latest + - ghcr.io/eduide/eduide/rust:latest + - ghcr.io/eduide/eduide/python:latest imagePullPolicy: Always @@ -69,7 +69,7 @@ theia-cloud: landingPage: # We use the try now page as landing page since the default does not support mutliple apps -> https://github.com/eclipsesource/theia-cloud/discussions/301 - image: ghcr.io/ls1intum/theia/landing-page + image: ghcr.io/eduide/eduide/landing-page logoFileExtension: "png" # We can define a default blueprint appDefinition: "java-17-latest" diff --git a/deployments/theia.artemis.cit.tum.de/values.yaml b/deployments/theia.artemis.cit.tum.de/values.yaml index b633b1b..0596259 100644 --- a/deployments/theia.artemis.cit.tum.de/values.yaml +++ b/deployments/theia.artemis.cit.tum.de/values.yaml @@ -42,24 +42,24 @@ theia-cloud: interval: 3 operator: - #image: ghcr.io/ls1intum/theia/operator:latest + #image: ghcr.io/eduide/eduide/operator:latest #eagerStart: false replicas: 3 sessionsPerUser: 10 storageClassName: csi-rbd-sc # service: - # image: ghcr.io/ls1intum/theia/service:latest + # image: ghcr.io/eduide/eduide/service:latest preloading: images: - - ghcr.io/ls1intum/theia/landing-page:latest - - ghcr.io/ls1intum/theia/java-17:latest - - ghcr.io/ls1intum/theia/c:latest - - ghcr.io/ls1intum/theia/javascript:latest - - ghcr.io/ls1intum/theia/ocaml:latest - - ghcr.io/ls1intum/theia/rust:latest - - ghcr.io/ls1intum/theia/python:latest + - ghcr.io/eduide/eduide/landing-page:latest + - ghcr.io/eduide/eduide/java-17:latest + - ghcr.io/eduide/eduide/c:latest + - ghcr.io/eduide/eduide/javascript:latest + - ghcr.io/eduide/eduide/ocaml:latest + - ghcr.io/eduide/eduide/rust:latest + - ghcr.io/eduide/eduide/python:latest imagePullPolicy: Always @@ -69,7 +69,7 @@ theia-cloud: landingPage: # We use the try now page as landing page since the default does not support mutliple apps -> https://github.com/eclipsesource/theia-cloud/discussions/301 - image: ghcr.io/ls1intum/theia/landing-page + image: ghcr.io/eduide/eduide/landing-page logoFileExtension: "png" # We can define a default blueprint appDefinition: "java-17-latest" diff --git a/docs/adding-environments.md b/docs/adding-environments.md index e31bff9..3d00998 100644 --- a/docs/adding-environments.md +++ b/docs/adding-environments.md @@ -194,7 +194,7 @@ deploy-test2: environment: test2 theia_cloud_tag: ${{ inputs.theia_cloud_tag || 'latest' }} ide_images_tag: ${{ inputs.ide_images_tag || 'latest' }} - helm_chart_branch: ${{ inputs.helm_chart_branch || '' }} + helm_chart_tag: ${{ inputs.helm_chart_tag || '' }} deploy_shared_gateway: true shared_gateway_values_file: deployments/shared-gateway/values.yaml shared_gateway_namespace: gateway-system diff --git a/value-reference-files/theia-cloud-helm-values.yml b/value-reference-files/theia-cloud-helm-values.yml index 8955848..412e407 100644 --- a/value-reference-files/theia-cloud-helm-values.yml +++ b/value-reference-files/theia-cloud-helm-values.yml @@ -42,13 +42,13 @@ service: preloading: images: - - ghcr.io/ls1intum/theia/landing-page:latest - - ghcr.io/ls1intum/theia/java-17:latest - - ghcr.io/ls1intum/theia/c:latest - - ghcr.io/ls1intum/theia/javascript:latest - - ghcr.io/ls1intum/theia/ocaml:latest - - ghcr.io/ls1intum/theia/rust:latest - - ghcr.io/ls1intum/theia/python:latest + - ghcr.io/eduide/eduide/landing-page:latest + - ghcr.io/eduide/eduide/java-17:latest + - ghcr.io/eduide/eduide/c:latest + - ghcr.io/eduide/eduide/javascript:latest + - ghcr.io/eduide/eduide/ocaml:latest + - ghcr.io/eduide/eduide/rust:latest + - ghcr.io/eduide/eduide/python:latest imagePullPolicy: Always @@ -58,7 +58,7 @@ demoApplication: landingPage: # We use the try now page as landing page since the default does not support mutliple apps -> https://github.com/eclipsesource/theia-cloud/discussions/301 - image: ghcr.io/ls1intum/theia/landing-page + image: ghcr.io/eduide/eduide/landing-page # We can define a default blueprint appDefinition: "java-17-latest" ephemeralStorage: true diff --git a/value-reference-files/tum-theia-cloud-helm-test-values.yaml b/value-reference-files/tum-theia-cloud-helm-test-values.yaml index 9518709..69e5519 100644 --- a/value-reference-files/tum-theia-cloud-helm-test-values.yaml +++ b/value-reference-files/tum-theia-cloud-helm-test-values.yaml @@ -40,24 +40,24 @@ theia-cloud: interval: 3 operator: - image: ghcr.io/ls1intum/theia/operator:pr-22 + image: ghcr.io/eduide/eduide/operator:pr-22 eagerStart: false replicas: 1 sessionsPerUser: 10 storageClassName: csi-rbd-sc service: - image: ghcr.io/ls1intum/theia/service:pr-22 + image: ghcr.io/eduide/eduide/service:pr-22 preloading: images: - - ghcr.io/ls1intum/theia/landing-page:latest - - ghcr.io/ls1intum/theia/java-17:latest - - ghcr.io/ls1intum/theia/c:latest - - ghcr.io/ls1intum/theia/javascript:latest - - ghcr.io/ls1intum/theia/ocaml:latest - - ghcr.io/ls1intum/theia/rust:latest - - ghcr.io/ls1intum/theia/python:latest + - ghcr.io/eduide/eduide/landing-page:latest + - ghcr.io/eduide/eduide/java-17:latest + - ghcr.io/eduide/eduide/c:latest + - ghcr.io/eduide/eduide/javascript:latest + - ghcr.io/eduide/eduide/ocaml:latest + - ghcr.io/eduide/eduide/rust:latest + - ghcr.io/eduide/eduide/python:latest imagePullPolicy: Always @@ -67,7 +67,7 @@ theia-cloud: landingPage: # We use the try now page as landing page since the default does not support mutliple apps -> https://github.com/eclipsesource/theia-cloud/discussions/301 - image: ghcr.io/ls1intum/theia/landing-page + image: ghcr.io/eduide/eduide/landing-page # We can define a default blueprint appDefinition: "java-17-latest" ephemeralStorage: false