public/nplus
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Public Information

Browse Source
This commit is contained in:
Andreas Ahmann
2025-01-24 16:18:47 +01:00
commit 0bd2038c86
449 changed files with 108655 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
samples/shared/README.md Normal file
View File

@@ -0,0 +1,34 @@
# Sharing Instances
Some organisations have multiple tenants that share common services, like *nscale Rendition Server* or
have a common IT department, thus using only a single *nscale Monitoring Console* acress all tenants.
This is the Central Services Part:
```
helm install \
--values samples/shared/centralservices.yaml \
--values samples/environment/demo.yaml \
sample-shared-cs nplus/nplus-instance
```
And this is the tenant using the Central Services:
```
helm install \
--values samples/shared/shared.yaml \
--values samples/environment/demo.yaml \
sample-shared nplus/nplus-instance
```
If you enable security based on *Network Policies*, you need to add additional Policies to allow access. Please see `shared-networkpolicy.yaml` and `centralservices-networkpolicy.yaml` as an example.
You also want to set the *monitoringInstance* in the `global` section of the values file to enable the Network Policy for incoming monitoring traffic.
```yaml
global:
security:
cni:
monitoringInstance: sample-shared-cs
```

71
samples/shared/build.sh Executable file
View File

@@ -0,0 +1,71 @@
#!/bin/bash
#
# This sample script builds the example as described. It is also used to build the test environment in our lab,
# so it should be well tested.
#
# Make sure it fails immediately, if anything goes wrong
set -e
# -- ENVironment variables:
# CHARTS: The path to the source code
# DEST: The path to the build destination
# SAMPLE: The directory of the sample
# NAME: The name of the sample, used as the .Release.Name
# KUBE_CONTEXT: The name of the kube context, used to build this sample depending on where you run it against. You might have different Environments such as lab, dev, qa, prod, demo, local, ...
# Check, if we have the source code available
if [ ! -d "$CHARTS" ]; then
echo "ERROR Building $SAMPLE example: The Charts Sources folder is not set. Please make sure to run this script with the full Source Code available"
exit 1
fi
if [ ! -d "$DEST" ]; then
echo "ERROR Building $SAMPLE example: DEST folder not found."
exit 1
fi
if [ ! -d "$CHARTS/instance" ]; then
echo "ERROR Building $SAMPLE example: Chart Sources in $CHARTS/instance not found. Are you running this script as a subscriber?"
exit 1
fi
# Set the Variables
SAMPLE="shared"
NAME="sample-$SAMPLE"
# Output what is happening
echo "Building $NAME"
# Create the manifest
mkdir -p $DEST/instance
helm template --debug \
--values $SAMPLES/shared/shared.yaml \
--values $SAMPLES/application/empty.yaml \
--values $SAMPLES/environment/$KUBE_CONTEXT.yaml \
--values $SAMPLES/resources/$KUBE_CONTEXT.yaml \
$NAME $CHARTS/instance > $DEST/instance/$SAMPLE.yaml
# Adding the extra network policy
echo -e "\n---\n" >> $DEST/instance/$SAMPLE.yaml
cat $SAMPLES/shared/shared-networkpolicy.yaml >> $DEST/instance/$SAMPLE.yaml
# Set the Variables
SAMPLE="shared-cs"
NAME="sample-$SAMPLE"
# Output what is happening
echo "Building $NAME"
# Create the manifest
mkdir -p $DEST/instance
helm template --debug \
--values $SAMPLES/shared/centralservices.yaml \
--values $SAMPLES/environment/$KUBE_CONTEXT.yaml \
--values $SAMPLES/resources/$KUBE_CONTEXT.yaml \
$NAME $CHARTS/instance > $DEST/instance/$SAMPLE.yaml
# Adding the extra network policy
echo -e "\n---\n" >> $DEST/instance/$SAMPLE.yaml
cat $SAMPLES/shared/centralservices-networkpolicy.yaml >> $DEST/instance/$SAMPLE.yaml

53
samples/shared/centralservices-networkpolicy.yaml Normal file
View File

@@ -0,0 +1,53 @@
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: sample-shared-cs-interinstance-core
labels:
nplus/instance: sample-shared-cs
spec:
podSelector:
matchLabels:
nplus/instance: sample-shared-cs
nplus/type: nstl
policyTypes:
- Ingress
ingress:
#
# allow access from alien CORE components to a central nscale Storage Layer
#
- from:
- podSelector:
matchLabels:
nplus/instance: sample-shared
nplus/type: core
ports:
- protocol: TCP
port: 3005
---
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: sample-shared-cs-interinstance-mon
labels:
nplus/instance: sample-shared-cs
spec:
podSelector:
matchLabels:
nplus/instance: sample-shared-cs
nplus/type: mon
policyTypes:
- Egress
egress:
#
# allow monitoring console to monitor alien components.
# you will have to set the alien monitoring in the target namespace / instance.
# .Values.security.cni.monitoringNamespace .Values.security.cni.monitoringInstance
#
- to:
- podSelector:
matchLabels:
nplus/instance: sample-shared
nplus/type: core
ports:
- protocol: TCP
port: 3005

14
samples/shared/centralservices.yaml Normal file
View File

@@ -0,0 +1,14 @@
components:
application: false
nappl: false
nappljobs: false
rs: true
mon: true
cmis: false
ilm: false
database: false
web: false
nstl: true
pipeliner: false
administrator: false
webdav: false

38
samples/shared/shared-networkpolicy.yaml Normal file
View File

@@ -0,0 +1,38 @@
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: sample-shared-interinstance
labels:
nplus/instance: sample-shared
spec:
podSelector:
matchLabels:
nplus/instance: sample-shared
nplus/type: core
policyTypes:
- Egress
egress:
#
# allow access from CORE components to a central nscale Storage Layer
#
- to:
- podSelector:
matchLabels:
nplus/instance: sample-shared-cs
nplus/type: nstl
ports:
- protocol: TCP
port: 3005
#
# allow access from CORE components to a central nscale Rendition Server
#
- to:
- podSelector:
matchLabels:
nplus/instance: sample-shared-cs
nplus/type: rs
ports:
- protocol: TCP
port: 8192
- protocol: TCP
port: 8193

19
samples/shared/shared.yaml Normal file
View File

@@ -0,0 +1,19 @@
components:
application: true
rs: false
mon: false
nstl: false
application:
enabled: true
docAreas:
- id: "DA"
nstl:
host: "sample-shared-cs-nstl.{{ .Release.Namespace }}"
rs:
host: "sample-shared-cs-rs.{{ .Release.Namespace }}"
global:
security:
cni:
monitoringInstance: sample-shared-cs