diff --git a/.github/workflows/claim-namespace.yml b/.github/workflows/claim-namespace.yml index 15bcbcc53..785bf7009 100644 --- a/.github/workflows/claim-namespace.yml +++ b/.github/workflows/claim-namespace.yml @@ -1,7 +1,9 @@ name: Claim Namespace on: - issues: - types: [opened, edited, labeled] + # alibi value to not show the workflow as broken + workflow_dispatch: +# issues: +# types: [opened, edited, labeled] concurrency: group: ${{ github.workflow }}-${{ github.event.issue.number }} cancel-in-progress: true @@ -119,4 +121,4 @@ jobs: GH_REPO: ${{ github.repository }} NUMBER: ${{ github.event.issue.number }} LABELS: granted - ASSIGNEE: tfroment \ No newline at end of file + ASSIGNEE: tfroment diff --git a/.gitignore b/.gitignore index eaabf8fab..0e09140f7 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ /generated-staging/ /jsonnet-generated-production/ /jsonnet-generated-staging/ +/charts/openvsx/charts diff --git a/Dockerfile b/Dockerfile index 86935a796..11a12825e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG SERVER_VERSION=v0.27.0 +ARG SERVER_VERSION=v0.28.0 # Builder image to compile the website FROM ubuntu AS builder @@ -33,7 +33,6 @@ ARG SERVER_VERSION COPY --from=builder --chown=openvsx:openvsx /workdir/website/static/ BOOT-INF/classes/static/ COPY --from=builder --chown=openvsx:openvsx /workdir/configuration/application.yml config/ COPY --from=builder --chown=openvsx:openvsx /workdir/configuration/logback-spring.xml BOOT-INF/classes/ -COPY --from=builder --chown=openvsx:openvsx /workdir/configuration/ehcache.xml BOOT-INF/classes/ # Replace version placeholder with arg value RUN sed -i "s//$SERVER_VERSION/g" config/application.yml \ No newline at end of file diff --git a/charts/openvsx/Chart.lock b/charts/openvsx/Chart.lock new file mode 100644 index 000000000..d3dcdc1a0 --- /dev/null +++ b/charts/openvsx/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: alloy + repository: https://grafana.github.io/helm-charts + version: 1.1.2 +digest: sha256:66403884b7f293e86e2a61d0d822fd0878a6b4a64e5e88f181b93022bc4f9bcd +generated: "2025-08-20T12:51:18.346537659+03:00" diff --git a/charts/openvsx/Chart.yaml b/charts/openvsx/Chart.yaml index ed99222dd..37f2b46a7 100644 --- a/charts/openvsx/Chart.yaml +++ b/charts/openvsx/Chart.yaml @@ -2,5 +2,9 @@ apiVersion: v2 name: openvsx description: A Helm chart for Kubernetes type: application -version: 0.1.0 +version: 0.2.0 appVersion: "1.16.0" +dependencies: + - name: alloy + version: 1.1.2 + repository: https://grafana.github.io/helm-charts \ No newline at end of file diff --git a/charts/openvsx/crds/redis-cluster.yaml b/charts/openvsx/crds/redis-cluster.yaml new file mode 100644 index 000000000..10d3fec73 --- /dev/null +++ b/charts/openvsx/crds/redis-cluster.yaml @@ -0,0 +1,61 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: redisclusters.open-vsx.org +spec: + scope: Namespaced + group: open-vsx.org + names: + kind: RedisCluster + plural: redisclusters + singular: rediscluster + shortNames: + - rcl + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + replicas: + type: integer + minimum: 6 + maxmemory: + type: string + image: + type: string + imagePullPolicy: + type: string + resources: + type: object + properties: + requests: + type: object + properties: + memory: + type: string + cpu: + type: string + limits: + type: object + properties: + memory: + type: string + cpu: + type: string + persistence: + type: object + properties: + storageGi: + type: number + format: int32 + storageClass: + type: string + status: + type: object + x-kubernetes-preserve-unknown-fields: true diff --git a/charts/openvsx/templates/configmap.yaml b/charts/openvsx/templates/configmap.yaml deleted file mode 100644 index 77f3b0200..000000000 --- a/charts/openvsx/templates/configmap.yaml +++ /dev/null @@ -1,65 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app: {{ .Values.name }} - environment: {{ .Values.environment }} - name: grafana-agent-configmap-{{ .Values.environment }} - namespace: {{ .Values.namespace }} -data: - agent.yml: | - server: - log_level: debug - integrations: - prometheus_remote_write: - - basic_auth: - password: ${PROMETHEUS_PASSWORD} - username: ${PROMETHEUS_USERNAME} - url: ${PROMETHEUS_URL} - agent: - enabled: true - relabel_configs: - - action: replace - source_labels: - - agent_hostname - target_label: instance - - action: replace - target_label: job - replacement: integrations/agent-check - metric_relabel_configs: - - action: keep - regex: (prometheus_target_sync_length_seconds_sum|prometheus_target_scrapes_.*|prometheus_target_interval.*|prometheus_sd_discovered_targets|agent_build.*|agent_wal_samples_appended_total|process_start_time_seconds) - source_labels: - - __name__ - metrics: - configs: - - name: integrations - remote_write: - - basic_auth: - password: ${PROMETHEUS_PASSWORD} - username: ${PROMETHEUS_USERNAME} - url: ${PROMETHEUS_URL} - scrape_configs: - - job_name: integrations/spring-boot - static_configs: - - targets: ['localhost:8081'] - metrics_path: /actuator/prometheus - metric_relabel_configs: - - source_labels: [exported_instance] - target_label: instance - - regex: ^(exported_instance|deployment_environment|service_instance_id|service_name)$ - action: labeldrop - global: - scrape_interval: 60s - traces: - configs: - - name: default - remote_write: - - endpoint: ${TEMPO_URL} - basic_auth: - username: ${TEMPO_USERNAME} - password: ${TEMPO_PASSWORD} - receivers: - zipkin: - endpoint: localhost:9411 - parse_string_tags: false diff --git a/charts/openvsx/templates/deployment.yaml b/charts/openvsx/templates/deployment.yaml index c9bdaa4d4..b2e0bc91f 100644 --- a/charts/openvsx/templates/deployment.yaml +++ b/charts/openvsx/templates/deployment.yaml @@ -77,29 +77,7 @@ spec: path: /actuator/health/readiness port: http-management periodSeconds: 10 - - name: grafana-agent - image: docker.io/grafana/agent:v0.39.1 - command: - - /bin/grafana-agent - args: - - --config.file=$(CONFIG_FILE_PATH) - - --metrics.wal-directory=$(DATA_FILE_PATH) - - --config.expand-env=true - env: - - name: CONFIG_FILE_PATH - value: /etc/grafana-agent/agent.yml - - name: DATA_FILE_PATH - value: /etc/grafana-agent/data - - name: ENVNAME - value: {{ .Values.environment }} - envFrom: - - secretRef: - name: grafana-cloud-secret-{{ .Values.environment }} - volumeMounts: - - name: grafana-agent-config-volume - mountPath: /etc/grafana-agent - - name: grafana-agent-data-volume - mountPath: /etc/grafana-agent/data + initialDelaySeconds: 30 initContainers: - command: - sh @@ -117,7 +95,7 @@ spec: matchLabels: app: open-vsx-org environment: {{ .Values.environment }} - maxSkew: 1 + maxSkew: 2 topologyKey: kubernetes.io/hostname whenUnsatisfiable: DoNotSchedule volumes: @@ -131,15 +109,6 @@ spec: defaultMode: 420 optional: false secretName: elasticsearch-{{ .Values.environment }}-es-http-certs-internal - - name: grafana-agent-config-volume - configMap: - name: grafana-agent-configmap-{{ .Values.environment }} - items: - - key: agent.yml - path: agent.yml - - name: grafana-agent-data-volume - emptyDir: - medium: Memory - name: truststore-with-elasticsearch-certs emptyDir: medium: Memory diff --git a/charts/openvsx/templates/grafana-alloy.yaml b/charts/openvsx/templates/grafana-alloy.yaml new file mode 100644 index 000000000..c135eee24 --- /dev/null +++ b/charts/openvsx/templates/grafana-alloy.yaml @@ -0,0 +1,103 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app: {{ .Values.name }} + environment: {{ .Values.environment }} + name: {{ .Values.alloy.alloy.configMap.name }} + namespace: {{ .Values.namespace }} +data: + {{ .Values.alloy.alloy.configMap.key }}: | + logging { + level = "info" + format = "logfmt" + } + + prometheus.operator.servicemonitors "spring_boot" { + namespaces = ["{{ .Values.namespace }}"] + selector { + match_labels = { + app = "{{ .Values.name }}", + environment = "{{ .Values.environment }}", + } + } + + forward_to = [prometheus.relabel.spring_boot_relabel.receiver] + } + + prometheus.relabel "spring_boot_relabel" { + rule { + source_labels = ["exported_instance"] + target_label = "instance" + action = "replace" + } + + rule { + regex = "^(exported_instance|deployment_environment|service_instance_id|service_name)$" + action = "labeldrop" + } + + forward_to = [prometheus.remote_write.default.receiver] + } + {{- $name := .Values.redis.name }} + {{- $environment := .Values.environment }} + {{- range $index := until (int .Values.redis.replicas) }} + + prometheus.exporter.redis "redis_metrics_{{ $index }}" { + redis_addr = "{{ $name }}-{{ $environment }}-{{ $index }}.{{ $name }}-{{ $environment }}-service:6379" + redis_user = sys.env("REDIS_METRICS_USERNAME") + redis_password = sys.env("REDIS_METRICS_PASSWORD") + } + + prometheus.scrape "redis_scrape_{{ $index }}" { + targets = prometheus.exporter.redis.redis_metrics_{{ $index }}.targets + scrape_interval = "600s" + forward_to = [prometheus.remote_write.default.receiver] + } + + {{- end }} + prometheus.remote_write "default" { + endpoint { + name = "hosted-prometheus" + url = sys.env("PROMETHEUS_URL") + + basic_auth { + username = sys.env("PROMETHEUS_USERNAME") + password = sys.env("PROMETHEUS_PASSWORD") + } + } + } + + otelcol.receiver.zipkin "default" { + endpoint = "0.0.0.0:9411" + output { + traces = [otelcol.processor.memory_limiter.default.input] + } + } + + otelcol.processor.memory_limiter "default" { + check_interval = "1s" + limit = "400MiB" + spike_limit = "80MiB" + output { + traces = [otelcol.processor.batch.default.input] + } + } + + otelcol.processor.batch "default" { + output { + traces = [otelcol.exporter.otlp.tempo.input] + } + } + + otelcol.auth.basic "tempo_auth" { + username = sys.env("TEMPO_USERNAME") + password = sys.env("TEMPO_PASSWORD") + } + + otelcol.exporter.otlp "tempo" { + client { + endpoint = sys.env("TEMPO_URL") + auth = otelcol.auth.basic.tempo_auth.handler + } + } diff --git a/charts/openvsx/templates/redis-cluster-operator/deployment.yaml b/charts/openvsx/templates/redis-cluster-operator/deployment.yaml new file mode 100644 index 000000000..0e64f5a64 --- /dev/null +++ b/charts/openvsx/templates/redis-cluster-operator/deployment.yaml @@ -0,0 +1,39 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: {{ .Values.name }} + environment: {{ .Values.environment }} + name: redis-cluster-operator-{{ .Values.environment }} + namespace: {{ .Values.namespace }} +spec: + selector: + matchLabels: + app: {{ .Values.name }} + environment: {{ .Values.environment }} + component: redis-cluster-operator + template: + metadata: + labels: + app: {{ .Values.name }} + environment: {{ .Values.environment }} + component: redis-cluster-operator + spec: + serviceAccountName: {{ .Values.redis.serviceAccountName }} + containers: + - name: redis-cluster-operator + image: "ghcr.io/eclipsefdn/redis-cluster-operator" + imagePullPolicy: Always + env: + - name: NAMESPACE + value: {{ .Values.namespace }} + - name: REDIS_USERNAME + valueFrom: + secretKeyRef: + name: redis-secret-{{ .Values.environment }} + key: REDIS_CLI_USERNAME + - name: REDISCLI_AUTH + valueFrom: + secretKeyRef: + name: redis-secret-{{ .Values.environment }} + key: REDIS_CLI_PASSWORD diff --git a/charts/openvsx/templates/redis-cluster-operator/rbac.yaml b/charts/openvsx/templates/redis-cluster-operator/rbac.yaml new file mode 100644 index 000000000..d13d5ce35 --- /dev/null +++ b/charts/openvsx/templates/redis-cluster-operator/rbac.yaml @@ -0,0 +1,86 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.redis.serviceAccountName }} + namespace: {{ .Values.namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: redis-cluster-operator-role-cluster +rules: + # Kopf: runtime observation of namespaces & CRDs (addition/deletion). + - apiGroups: [apiextensions.k8s.io] + resources: [customresourcedefinitions] + verbs: [list, watch] + - apiGroups: ["storage.k8s.io"] + resources: [storageclasses] + verbs: [get] + - apiGroups: [""] + resources: [namespaces] + verbs: [list, watch] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: redis-cluster-operator-role-binding-cluster +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: redis-cluster-operator-role-cluster +subjects: + - kind: ServiceAccount + name: {{ .Values.redis.serviceAccountName }} + namespace: {{ .Values.namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + namespace: {{ .Values.namespace }} + name: redis-cluster-operator-role +rules: + # Kopf: knowing which other operators are running (i.e. peering). + - apiGroups: [open-vsx.org] + resources: [kopfpeerings] + verbs: [list, watch, patch, get] + # Kopf: posting the events about the handlers progress/errors. + - apiGroups: [""] + resources: [events] + verbs: [create] + # App: watching & handling for the custom resource. + - apiGroups: [open-vsx.org] + resources: [redisclusters] + verbs: [list, watch, patch] + - apiGroups: [open-vsx.org] + resources: [redisclusters/finalizers] + verbs: [update, patch] + # App: resources it produces and manipulates. + - apiGroups: [""] + resources: [configmaps, services] + verbs: [get, list, create, patch, update] + - apiGroups: ["apps"] + resources: [statefulsets] + verbs: [create, patch] + - apiGroups: [""] + resources: [secrets] + verbs: [get] + - apiGroups: [""] + resources: [pods] + verbs: [watch, delete] + - apiGroups: [""] + resources: [persistentvolumeclaims] + verbs: [patch] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + namespace: {{ .Values.namespace }} + name: redis-cluster-operator-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: redis-cluster-operator-role +subjects: + - kind: ServiceAccount + name: {{ .Values.redis.serviceAccountName }} + namespace: {{ .Values.namespace }} diff --git a/charts/openvsx/templates/redis-cluster.yaml b/charts/openvsx/templates/redis-cluster.yaml new file mode 100644 index 000000000..66468950a --- /dev/null +++ b/charts/openvsx/templates/redis-cluster.yaml @@ -0,0 +1,17 @@ +apiVersion: open-vsx.org/v1 +kind: RedisCluster +metadata: + labels: + app: {{ .Values.name }} + environment: {{ .Values.environment }} + name: {{ .Values.redis.name }} + namespace: {{ .Values.namespace }} +spec: + image: "{{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag}}" + imagePullPolicy: {{ .Values.redis.image.pullPolicy }} + maxmemory: {{ .Values.redis.maxmemory }} + replicas: {{ .Values.redis.replicas }} + resources: + {{- toYaml .Values.redis.resources | nindent 4 }} + persistence: + {{- toYaml .Values.redis.persistence | nindent 4 }} diff --git a/charts/openvsx/templates/service-monitor.yaml b/charts/openvsx/templates/service-monitor.yaml new file mode 100644 index 000000000..38060ebcc --- /dev/null +++ b/charts/openvsx/templates/service-monitor.yaml @@ -0,0 +1,21 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + app: {{ .Values.name }} + environment: {{ .Values.environment }} + name: spring-boot-monitor-{{ .Values.environment }} + namespace: {{ .Values.namespace }} +spec: + selector: + matchLabels: + app: {{ .Values.name }} + environment: {{ .Values.environment }} + type: website + namespaceSelector: + matchNames: + - {{ .Values.namespace }} + endpoints: + - port: management + path: /actuator/prometheus + interval: 60s \ No newline at end of file diff --git a/charts/openvsx/templates/service.yaml b/charts/openvsx/templates/service.yaml index 68ebaba65..ae2c2bf16 100644 --- a/charts/openvsx/templates/service.yaml +++ b/charts/openvsx/templates/service.yaml @@ -4,6 +4,7 @@ metadata: labels: app: {{ .Values.name }} environment: {{ .Values.environment }} + type: website name: {{ .Values.name }}-{{ .Values.environment }} namespace: {{ .Values.namespace }} spec: @@ -13,6 +14,10 @@ spec: port: {{ .Values.service.port }} protocol: TCP targetPort: {{ .Values.service.targetPort }} + - name: management + port: 8081 + protocol: TCP + targetPort: 8081 selector: app: {{ .Values.name }} environment: {{ .Values.environment }} diff --git a/charts/openvsx/values-staging.yaml b/charts/openvsx/values-staging.yaml index a671a788e..6ee199548 100644 --- a/charts/openvsx/values-staging.yaml +++ b/charts/openvsx/values-staging.yaml @@ -1,8 +1,8 @@ # Default values for openvsx staging. -name: open-vsx-org -environment: staging -namespace: open-vsx-org +name: &name open-vsx-org +environment: &environment staging +namespace: &namespace open-vsx-org host: staging.open-vsx.org replicaCount: 1 @@ -12,7 +12,7 @@ image: repository: ghcr.io/eclipsefdn/openvsx-website pullPolicy: Always # Overrides the image tag whose default is the chart appVersion. - tag: 06c8bea-430 + tag: 6d777ca-570 website: jvmArgs: -Dspring.datasource.hikari.maximum-pool-size=5 -Xms512M -Xmx1536M -XX:+AlwaysPreTouch -XX:+HeapDumpOnOutOfMemoryError -XX:+UseStringDeduplication -XX:+ParallelRefProcEnabled -XX:+DisableExplicitGC -XX:+UnlockExperimentalVMOptions -XX:+UnlockDiagnosticVMOptions -Dlog4j2.formatMsgNoLookups=true -Dlog4j.formatMsgNoLookups=true @@ -45,3 +45,51 @@ es: memory: 2Gi storage_class: cephfs-new +# redis +redis: + name: redis + replicas: 6 + image: + repository: redis + tag: "7.2.10" + pullPolicy: IfNotPresent + maxmemory: "256mb" + resources: + requests: + memory: "128Mi" + cpu: "50m" + limits: + memory: "512Mi" + cpu: "100m" + persistence: + storageGi: 1 + storageClass: cephfs-new + serviceAccountName: redis-cluster-operator + +# grafana alloy +alloy: + alloy: + configMap: + create: false + name: "grafana-alloy-configmap-staging" + key: "config.river" + envFrom: + - secretRef: + name: grafana-cloud-secret-staging + - secretRef: + name: redis-secret-staging + extraPorts: + - name: zipkin + port: 9411 + targetPort: 9411 + crds: + create: true + controller: + type: "daemonset" + podLabels: + app: *name + environment: *environment + nodeSelector: + openvsx-staging-alloy: "true" + fullnameOverride: grafana-alloy-staging + namespaceOverride: *namespace diff --git a/charts/openvsx/values.yaml b/charts/openvsx/values.yaml index e3f02f205..10fb774e4 100644 --- a/charts/openvsx/values.yaml +++ b/charts/openvsx/values.yaml @@ -1,8 +1,8 @@ # Default values for openvsx. -name: open-vsx-org -environment: production -namespace: open-vsx-org +name: &name open-vsx-org +environment: &environment production +namespace: &namespace open-vsx-org host: open-vsx.org replicaCount: 6 @@ -44,3 +44,52 @@ es: cpu: 1 memory: 8Gi storage_class: cephfs-new + +# redis +redis: + name: redis + replicas: 6 + image: + repository: redis + tag: "7.2.10" + pullPolicy: IfNotPresent + maxmemory: "896mb" + resources: + requests: + memory: "512Mi" + cpu: "250m" + limits: + memory: "1536Mi" + cpu: "500m" + persistence: + storageGi: 5 + storageClass: cephfs-new + serviceAccountName: redis-cluster-operator + +# grafana alloy +alloy: + alloy: + configMap: + create: false + name: "grafana-alloy-configmap-production" + key: "config.river" + envFrom: + - secretRef: + name: grafana-cloud-secret-production + - secretRef: + name: redis-secret-production + extraPorts: + - name: zipkin + port: 9411 + targetPort: 9411 + crds: + create: true + controller: + type: "daemonset" + podLabels: + app: *name + environment: *environment + nodeSelector: + openvsx-production-alloy: "true" + fullnameOverride: grafana-alloy-production + namespaceOverride: *namespace diff --git a/configuration/application.yml b/configuration/application.yml index 80c06ad42..20ebe9ad1 100644 --- a/configuration/application.yml +++ b/configuration/application.yml @@ -27,9 +27,6 @@ spring: name: openvsx-server config: import: file:${DEPLOYMENT_CONFIG} - cache: - jcache: - config: classpath:ehcache.xml datasource: hikari: maximum-pool-size: 10 @@ -105,6 +102,7 @@ org: allow-anonymous-data-usage: false bucket4j: enabled: true + cache-to-use: redis-cluster-jedis filters: - cache-name: buckets url: '/api/-/(namespace/create|publish)' @@ -158,6 +156,7 @@ bucket4j: time: 1 unit: seconds ovsx: + token-prefix: ovsxp_ storage: primary-service: azure-blob webui: @@ -166,6 +165,7 @@ ovsx: base-url: https://api.eclipse.org/ publisher-agreement: version: 1 + allowed-versions: "1,1.0,1.1" publishing: require-license: true elasticsearch: @@ -186,3 +186,27 @@ ovsx: key-pair: create registry: version: + caching: + files-extension: + tti: PT1H + max-size: 200 + files-webresource: + tti: PT1H + max-size: 500 + files-browse: + tti: PT1H + max-size: 100 + average-review-rating: + ttl: P3D + namespace-details-json: + ttl: PT1H + database-search: + ttl:PT1H + extension-json: + ttl: PT1H + latest-extension-version: + ttl: PT1H + sitemap: + ttl: PT1H + malicious-extensions: + ttl: P3D \ No newline at end of file diff --git a/configuration/ehcache.xml b/configuration/ehcache.xml deleted file mode 100644 index 75b4757d8..000000000 --- a/configuration/ehcache.xml +++ /dev/null @@ -1,121 +0,0 @@ - - - - - - - - 1 - 1 - 2 - - - - - 3600 - - - 1024 - 32 - 128 - - - - - 3600 - - - 1024 - - - - - 10800 - - - 8192 - 256 - 1024 - - - - - 10800 - - - 4096 - 256 - 1024 - - - - - 3600 - - - 1024 - 32 - 128 - - - - - 3600 - - - 1 - 2 - 8 - - - - - 1 - - - 1 - 2 - 8 - - - - - 1 - - - - org.eclipse.openvsx.cache.ExpiredFileListener - ASYNCHRONOUS - UNORDERED - EXPIRED - EVICTED - REMOVED - UPDATED - - - - 500 - - - - - 2 - - - - org.eclipse.openvsx.cache.ExpiredFileListener - ASYNCHRONOUS - UNORDERED - EXPIRED - EVICTED - REMOVED - UPDATED - - - - 200 - - - \ No newline at end of file diff --git a/kubernetes/README.md b/kubernetes/README.md index b5e8832c1..72247ae2c 100644 --- a/kubernetes/README.md +++ b/kubernetes/README.md @@ -13,7 +13,14 @@ Where `` can be de4f2c Where `` can be de4f2c +## Preparing for EF JIRO specific environment +Since EF [JIRO](https://foundation.eclipse.org/ci/infra/job/open-vsx.org) runs with specific user, `clusterroles.yaml` has been added to allow jenkins to deploy environment. Resources need to be added with: + +```bash +kubectl apply -f clusterroles.yaml +``` + ## Dependencies * bash 4 -* [Helm](https://https://helm.sh/) \ No newline at end of file +* [Helm](https://https://helm.sh/) diff --git a/kubernetes/clusterroles.yaml b/kubernetes/clusterroles.yaml new file mode 100644 index 000000000..ca16f82a3 --- /dev/null +++ b/kubernetes/clusterroles.yaml @@ -0,0 +1,33 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: ci-bot-manage-cluster-rbac +rules: + - apiGroups: ["rbac.authorization.k8s.io"] + resources: ["clusterroles","clusterrolebindings"] + verbs: ["get","list","watch"] + - apiGroups: ["rbac.authorization.k8s.io"] + resources: ["roles","rolebindings"] + verbs: ["get","list","watch"] + - apiGroups: ["open-vsx.org"] + resources: ["redisclusters"] + resourceNames: ["redis"] + verbs: ["get","list","watch","update","patch"] + - apiGroups: ["monitoring.coreos.com"] + resources: ["servicemonitors"] + resourceNames: ["spring-boot-monitor-staging", "spring-boot-monitor-production"] + verbs: ["get","list","watch","update","patch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: ci-bot-manage-cluster-rbac +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ci-bot-manage-cluster-rbac +subjects: + - kind: ServiceAccount + name: ci-bot + namespace: foundation-internal-infra + diff --git a/kubernetes/helm-deploy.sh b/kubernetes/helm-deploy.sh index 46b129da4..bda6e5b50 100755 --- a/kubernetes/helm-deploy.sh +++ b/kubernetes/helm-deploy.sh @@ -48,13 +48,17 @@ else exit 1 fi -if helm list -n "${namespace}" | grep "${release_name}" > /dev/null; then - echo "Found installed Helm chart for release name '${release_name}'. Upgrading..." - action="upgrade" -else - echo "Found no installed Helm chart for release name '${release_name}'. Installing..." - action="install" -fi +chmod 600 "${KUBECONFIG}" + +export HELM_CACHE_HOME="${ROOT_DIR}/.helm/cache" +export HELM_CONFIG_HOME="${ROOT_DIR}/.helm/config" +export HELM_DATA_HOME="${ROOT_DIR}/.helm/data" + +mkdir -p "${HELM_CACHE_HOME}" +mkdir -p "${HELM_CONFIG_HOME}" +mkdir -p "${HELM_DATA_HOME}" -helm "${action}" "${release_name}" "${ROOT_DIR}/charts/${chart_name}" -f "${values_file}" --set image.tag="${image_tag}" --namespace "${namespace}" - \ No newline at end of file +helm version +helm repo add grafana https://grafana.github.io/helm-charts +helm dependency build "${ROOT_DIR}/charts/openvsx" +helm upgrade --install "${release_name}" "${ROOT_DIR}/charts/openvsx" -f "${values_file}" --set image.tag="${image_tag}" --namespace "${namespace}" diff --git a/website/src/about.tsx b/website/src/about.tsx index 428635d7e..195b11ee9 100644 --- a/website/src/about.tsx +++ b/website/src/about.tsx @@ -42,9 +42,15 @@ const About = () => { Contact Us + + To report malicious extensions, extensions with known vulnerabilities, or other urgent matters, connect with us + at openvsx@eclipse-foundation.org. + For non-urgent questions, including managing namespaces or publishing extensions, please visit + our wiki. + We use Slack for instant messaging and general communication, - use this link to join our Slack workspace. + use this link to join our Slack workspace. ; diff --git a/website/src/page-settings.tsx b/website/src/page-settings.tsx index 8407f9cb6..9ee21eaed 100644 --- a/website/src/page-settings.tsx +++ b/website/src/page-settings.tsx @@ -168,7 +168,7 @@ export default function createPageSettings(theme: Theme, prefersDarkMode: boolea const reportAbuseText = encodeURIComponent(''); const extensionURL = encodeURIComponent(`${location.protocol}//${location.hostname}/extension/${extension.namespace}/${extension.name}`); return Report Abuse ;