Poseidon

Oceanbox's comprehensive platform for oceanic data visualization, analysis, and processing.

Documentation

• Nix Build System - Comprehensive guide to the Nix-based build system, packages, containers, and workflows
• Scripts - Available utility scripts for development and deployment

Bootstrapping Guide

To bootstrap Atlantis for development, build and run it using Tilt.

Some setup is required:

Kubernetes Access

To run our application on the kubernetes cluster, Tilt needs access. You need to authenticate with oidc, using your microsoft account. Authentication configuration must be added to your ~/.kube/config:

---
- name: oidc
  user:
      exec:
          apiVersion: client.authentication.k8s.io/v1beta1
          args:
              - oidc-login
              - get-token
              - --oidc-issuer-url=https://login.microsoftonline.com/<...>/v2.0
              - --oidc-client-id=<...>
              - --oidc-client-secret=<...>
          command: kubectl
          env: null
          interactiveMode: IfAvailable
          provideClusterInfo: false

Substitute each <...> for the values corresponding to the correct Entra tenant.

Next, configure the required contexts to use oidc (also in your ~/.kube/config):

---
- context:
    cluster: ekman
    namespace: sorcerer
    user: oidc
  name: ekman
- context:
    cluster: oceanbox
    namespace: atlantis
    user: oidc
  name: oceanbox

Finally, you must be granted the necessary priveleges in Entra to access the clusters. Verify that you have access with kubectl:

kubectl --context oceanbox -n default get pods

Manifests

Required helm manifests are hosted in a separate repository: https://gitlab.com/oceanbox/manifests. Clone it into a directory in the same parent directory as this repository.

You'll have to run helm dependency update in the atlantis directory within the manifest repo to download the charts.

NuGet

To retrieve packages from the private Oceanbox nuget registry, configure it with credentials in your ~/.nuget/NuGet/NuGet.Config:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
    <packageSources>
        <add key="nuget.org" value="https://api.nuget.org/v3/index.json" protocolVersion="3" />
        <add key="oceanbox" value="https://gitlab.com/api/v4/groups/14873744/-/packages/nuget/index.json" />
    </packageSources>
    <packageSourceCredentials>
        <oceanbox>
            <add key="Username" value="<Your-GitLab-Username>" />
            <add key="ClearTextPassword" value="<Your-GitLab-PAT>" />
        </oceanbox>
    </packageSourceCredentials>
    <packageSourceMapping>
        <packageSource key="nuget.org">
            <package pattern="*" />
        </packageSource>
        <packageSource key="oceanbox">
            <package pattern="Oceanbox.*" />
            <package pattern="ProjNet.FSharp" />
            <package pattern="Drifters.Api" />
            <package pattern="Fable.Lit" />
            <package pattern="Fable.Lit.*" />
            <package pattern="Fable.SignalR" />
            <package pattern="Fable.SignalR.*" />
            <package pattern="Fable.OpenLayers" />
            <package pattern="Matplotlib.*" />
        </packageSource>
    </packageSourceMapping>
</configuration>

Substitute with your own gitlab username and PAT in the credentials.

Now, we should be able to restore:

dotnet restore Poseidon.slnx

for dotnet-tools we use nix, so entering the shell using nix-shell or direnv is enough.

Mkcert

To generate certificates correctly, vite needs the mkcert binary in a predefined path in our home directory. mkcert is included in our dev shell, so we can create a symlink to its location in the nix store:

which mkcert | xargs -I{} ln -s {} ~/.vite-plugin-mkcert

If this directory does not exist, create it first with mkdir.

Docker Login

In order for Tilt to push the images it builds to the oceanbox registry, we must use docker login to authenticate with it. First, create a personal access token in your gitlab account. It should have the read_registry and write_registry scopes set.

set -x TOKEN glpat-xxxx

Then, supply it to docker login:

echo "$TOKEN" | docker login gitlab.com -u <user> --password-stdin

When prompted, authenticate with your gitlab username and the PAT you just created.

Create k8s Namespace

A namespace must be created for your tilt application to live in on the cluster.

kubectl create ns "$APP_NAMESPACE" --context oceanbox

Running Tilt

In the project root, run tilt with the following command:

tilt up --context oceanbox

You should now be able to access the Atlantis client (with HMR) on atlantis.local.oceanbox.io:8080.

Trust Root Certificate

Note

You'll need to run just run-client in src/Atlantis to generate the certificates in ~/.vite-plugin-mkcert/certs

In order for your browser to allow you to access the web application, you must add the root certificate generated by mkcert to the list of trusted authorities in your browser:

1. In firefox, navigate to settings and search for "Certificates".
2. Click on "View Certificates", then "Import..." in the "Authorities" tab.
3. Select the root certificate; ~/.vite-plugin-mkcert/certs/rootCA.pem.
   • Make sure to check "This certificate can identify websites".

Add user to OpenFGA

Ask sales to add your azure-ad-user to OpenFGA.

CORS for Sorcerer

Add the url of your instance to the CORS list of Sorcerer here.