oceanbox/Poseidon
6
0
Fork 0
Code Issues 48 Pull Requests 6 Actions Packages Projects Releases 149 Wiki Activity
Files
main
Poseidon/README.md

185 lines
5.8 KiB
Markdown
Raw Permalink Blame History

[![built with nix](https://img.shields.io/badge/built%20with-nix-%235277C3?logo=nixos)](https://nixos.org/)
# Poseidon
Oceanbox's comprehensive platform for oceanic data visualization, analysis, and processing.
## Documentation
- **[Nix Build System](nix/README.md)** - Comprehensive guide to the Nix-based build system, packages, containers, and workflows
- **[Scripts](scripts/README.md)** - Available utility scripts for development and deployment
## Bootstrapping Guide
To bootstrap Atlantis for development, build and run it using Tilt.
Some setup is required:
### Kubernetes Access
To run our application on the kubernetes cluster, Tilt needs access.
You need to authenticate with `oidc`, using your microsoft account.
Authentication configuration must be added to your `~/.kube/config`:
```yaml
---
- name: oidc
user:
exec:
apiVersion: client.authentication.k8s.io/v1beta1
args:
- oidc-login
- get-token
- --oidc-issuer-url=https://login.microsoftonline.com/<...>/v2.0
- --oidc-client-id=<...>
- --oidc-client-secret=<...>
command: kubectl
env: null
interactiveMode: IfAvailable
provideClusterInfo: false
```
Substitute each `<...>` for the values corresponding to the correct Entra tenant.
Next, configure the required contexts to use `oidc` (also in your `~/.kube/config`):
```yaml
---
- context:
cluster: ekman
namespace: sorcerer
user: oidc
name: ekman
- context:
cluster: oceanbox
namespace: atlantis
user: oidc
name: oceanbox
```
Finally, **you must be granted the necessary priveleges in Entra to access the clusters.**
Verify that you have access with `kubectl`:
```shell
kubectl --context oceanbox -n default get pods
```
### Manifests
Required helm manifests are hosted in a separate repository: <https://gitlab.com/oceanbox/manifests>.
Clone it into a directory _in the same parent directory as this repository._
You'll have to run `helm dependency update` in the atlantis directory within the manifest repo to download the charts.
### NuGet
To retrieve packages from the private Oceanbox nuget registry, configure it with credentials in your `~/.nuget/NuGet/NuGet.Config`:
```xml
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<packageSources>
<add key="nuget.org" value="https://api.nuget.org/v3/index.json" protocolVersion="3" />
<add key="oceanbox" value="https://gitlab.com/api/v4/groups/14873744/-/packages/nuget/index.json" />
</packageSources>
<packageSourceCredentials>
<oceanbox>
<add key="Username" value="<Your-GitLab-Username>" />
<add key="ClearTextPassword" value="<Your-GitLab-PAT>" />
</oceanbox>
</packageSourceCredentials>
<packageSourceMapping>
<packageSource key="nuget.org">
<package pattern="*" />
</packageSource>
<packageSource key="oceanbox">
<package pattern="Oceanbox.*" />
<package pattern="ProjNet.FSharp" />
<package pattern="Drifters.Api" />
<package pattern="Fable.Lit" />
<package pattern="Fable.Lit.*" />
<package pattern="Fable.SignalR" />
<package pattern="Fable.SignalR.*" />
<package pattern="Fable.OpenLayers" />
<package pattern="Matplotlib.*" />
</packageSource>
</packageSourceMapping>
</configuration>
```
Substitute with your own gitlab username and PAT in the credentials.
Now, we should be able to `restore`:
```shell
dotnet restore Poseidon.slnx
```
for `dotnet-tools` we use nix, so entering the shell using `nix-shell` or `direnv` is enough.
### Mkcert
To generate certificates correctly, vite needs the `mkcert` binary in a predefined path in our home directory.
`mkcert` is included in our dev shell, so we can create a symlink to its location in the nix store:
```fish
which mkcert | xargs -I{} ln -s {} ~/.vite-plugin-mkcert
```
> If this directory does not exist, create it first with `mkdir`.
### Docker Login
In order for Tilt to push the images it builds to the oceanbox registry, we must use `docker login` to authenticate with it.
First, create a personal access token in your gitlab account. It should have the `read_registry` and `write_registry` scopes set.
```fish
set -x TOKEN glpat-xxxx
```
Then, supply it to `docker login`:
```shell
echo "$TOKEN" | docker login gitlab.com -u <user> --password-stdin
```
When prompted, authenticate with your gitlab username and the PAT you just created.
### Create k8s Namespace
A namespace must be created for your tilt application to live in on the cluster.
```shell
kubectl create ns "$APP_NAMESPACE" --context oceanbox
```
### Running Tilt
In the project root, run tilt with the following command:
```shell
tilt up --context oceanbox
```
You should now be able to access the Atlantis client (with HMR) on <atlantis.local.oceanbox.io:8080>.
### Trust Root Certificate
> [!note]
> You'll need to run `just run-client` in `src/Atlantis` to generate the certificates in `~/.vite-plugin-mkcert/certs`
In order for your browser to allow you to access the web application, you must add the root certificate generated by `mkcert` to the list of trusted authorities in your browser:
1. In firefox, navigate to settings and search for _"Certificates"._
2. Click on _"View Certificates",_ then _"Import..."_ in the _"Authorities"_ tab.
3. Select the root certificate; `~/.vite-plugin-mkcert/certs/rootCA.pem`.
- Make sure to check _"This certificate can identify websites"._
### Add `user` to OpenFGA
Ask [sales](support@oceanbox.io) to add your `azure-ad-user` to OpenFGA.
### CORS for Sorcerer
Add the `url` of your instance to the CORS list of Sorcerer
[here](https://gitlab.com/oceanbox/manifests/-/blob/main/values/sorcerer/kustomize/prod/appsettings.json?ref_type=heads#L52).
Reference in New Issue View Git Blame Copy Permalink