Cleanup

.gitignore

@@ -2,7 +2,6 @@
 instance/*
 !instance/.gitignore
 .webassets-cache
-.env
 
 ### Flask.Python Stack ###
 # Byte-compiled / optimized / DLL files

Dockerfile

-# Use the Keycloak base image as the builder
-FROM quay.io/keycloak/keycloak:latest as builder
-
-# Enable health and metrics support
-ENV KC_HEALTH_ENABLED=true
-ENV KC_METRICS_ENABLED=true
-
-# Configure a database vendor
-ENV KC_DB=postgres
-
-WORKDIR /opt/keycloak
-
-# Generate a self-signed certificate (for demonstration purposes only)
-RUN keytool -genkeypair -storepass password -storetype PKCS12 -keyalg RSA -keysize 2048 -dname "CN=server" -alias server -ext "SAN:c=DNS:localhost,IP:127.0.0.1" -keystore conf/server.keystore
-
-# Build Keycloak with required features
-RUN /opt/keycloak/bin/kc.sh build --features="docker,token-exchange"
-
-# Start a new stage
-FROM quay.io/keycloak/keycloak:latest
-
-# Copy built Keycloak configuration from the builder stage
-COPY --from=builder /opt/keycloak/ /opt/keycloak/
-
-# Change permissions for the entrypoint script to make it executable
-# RUN chmod +x /opt/keycloak/entrypoint.sh
-
-# Set environment variables
-ENV KEYCLOAK_CREATE_ADMIN_USER=true
-ENV KEYCLOAK_ADMIN_USER=keycloak-admin
-ENV KEYCLOAK_ADMIN_PASSWORD=Anumericpassword78
-ENV KEYCLOAK_MANAGEMENT_USER=keycloak-manager
-ENV KEYCLOAK_MANAGEMENT_PASSWORD=Anumericpassword78
-
-ENV KEYCLOAK_DATABASE_HOST=${DB_HOST}
-ENV KEYCLOAK_DATABASE_PORT=${DB_PORT}
-ENV KEYCLOAK_DATABASE_NAME=${POSTGRES_DB}
-ENV KEYCLOAK_DATABASE_USER=${POSTGRES_USER}
-ENV KEYCLOAK_DATABASE_PASSWORD=${POSTGRES_PASSWORD}
-ENV KEYCLOAK_DATABASE_SCHEMA=${DB_SCHEMA}
-
-ENV KEYCLOAK_PRODUCTION=true
-ENV KEYCLOAK_JDBC_PARAMS=sslmode=disable&connectTimeout=40000
-ENV KEYCLOAK_EXTRA_ARGS="-Dkeycloak.profile.feature.docker=enabled"
-
-ENV KEYCLOAK_ENABLE_HTTPS=true
-ENV KEYCLOAK_HTTPS_PORT=8443
-ENV KEYCLOAK_HTTPS_USE_PEM=true
-ENV KEYCLOAK_HTTPS_CERTIFICATE_FILE=/opt/bitnami/keycloak/certs/fullchain.pem
-ENV KEYCLOAK_HTTPS_CERTIFICATE_KEY_FILE=/opt/bitnami/keycloak/certs/privkey.pem
-
-# Specify the custom entrypoint script to run Keycloak
-# ENTRYPOINT ["/opt/keycloak/entrypoint.sh"]

Makefile

+.PHONY: all push push-frontend push-backend frontend backend
+
+all: frontend backend
+
+frontend:
+	docker build -t nepheleproject/frontend ./frontend
+
+backend:
+	docker build -t nepheleproject/backend ./backend
+
+push: push-frontend push-backend
+
+push-frontend:
+	docker push nepheleproject/frontend
+
+push-backend:
+	docker push nepheleproject/backend

README.md

 # Nephele-Dashboard
-
 This repository hosts the Nephele Dashboard implementation consisting of a Flask REST API that serves as the back-end of the Dashboard and a front-end.
 
-## Backend
-### Run docker compose that runs keycloak, postgresql, flask_backend, volume and network
-```bash
-docker-compose up -d
-```
-
-### run frontend
-```bash
-cd /dashboard/nephele-front
-
-```
-# Nephele Repository (nephele-frontend)
-
-## Install the dependencies
-
+## Docker images
+To build the container images for the frontend and the backend simply run:
 ```bash
-yarn
-
+make all
 ```
-
-### Start the app in development mode (hot-code reloading, error reporting, etc.)
-
+If you want to push the images and you are authorized to Dockerhub run:
 ```bash
-quasar dev
+make push
 ```
 
-### Lint the files
-
-```bash
-yarn lint
-
-```
-
-### Format the files
-
-```bash
-yarn format
-
-```
-
-### Build the app for production
-
-```bash
-quasar build
-```
-
-### Serve the build
+## Kubernetes deployment guide
+### Setup the Nephele platform components
+1. Install `traefik` by running :
+    ```bash
+    $ helm install traefik traefik/traefik \
+        -n traefik --create-namespace \
+        --values traefik-values.yml
+    ```
+    with the values file:
+    ```yaml
+    service:
+    enabled: true
+    annotations: {}
+    type: LoadBalancer
+    externalIPs:
+        - X.X.X.X
+    ```
+    where `X.X.X.X` is a public IP that Traefik will asign to LoadBalancer services.
+
+2. Install `cert-manager` manually (according to the cert-manager documentation, it should not be installed as a Helm sub-chart):
+    ```bash
+    $ kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.15.3/cert-manager.yaml
+    ```
+
+3. Install the helm chart:
+    ```bash
+    helmchart$ helm install platform . --namespace nephele-platform --create-namespace
+    ```
+
+4. Upload the Keycloak realm json file.
 
+## Backend
+### Run docker compose that runs keycloak, postgresql, flask_backend, volume and network
+There is a docker compose file that runs the backend in the `archive` directory if the appropriate `.env` file is present:
 ```bash
-quasar serve dist/spa --history
+$ docker-compose up -d
 ```
 
-### Customize the configuration
-
-See [Configuring quasar.config.js](https://v2.quasar.dev/quasar-cli-vite/quasar-config-js).
-
-
-
-
-#NEPHELE Dashboard Functionalitiesi
+## Frontend
+- Install the dependencies
+    ```bash
+    frontend$ yarn
+    ```
+- Start the app in development mode (hot-code reloading, error reporting, etc.)
+    ```bash
+    frontend$ quasar dev
+    ```
+- Lint the files
+    ```bash
+    frontend$ yarn lint
+    ```
+- Format the files
+    ```bash
+    frontend$ yarn format
+    ```
+- Build the app for production
+    ```bash
+    frontend$ quasar build
+    ```
+- Serve the build
+    ```bash
+    frontend$ quasar serve dist/spa --history
+    ```
+- Customize the configuration
+    See [Configuring quasar.config.js](https://v2.quasar.dev/quasar-cli-vite/quasar-config-js).
+
+
+## NEPHELE Dashboard Functionalities
 The Dashboard is currently under development using Vue.js as frontend and Python Flask as backend.
 
 - User Management

archive/.env.example

+FLASK_USERNAME="XXXXXX"
+FLASK_PASSWORD="XXXXXX"
+DB_USER = 'XXXXXX'
+DB_PASSWORD = 'XXXXXX'
+DB_HOST = 'XXXXXX'
+DB_NAME = 'XXXXXX'

dashboard/Dockerfile → backend/Dockerfile

@@ -2,36 +2,29 @@
 FROM python:3.11.3-slim-buster
 
 # Set environment variables for Python optimizations
-ENV PYTHONDONTWRITEBYTECODE 1
-ENV PYTHONUNBUFFERED 1
+ENV PYTHONDONTWRITEBYTECODE=1
+ENV PYTHONUNBUFFERED=1
 
 # Create a directory for the app
 WORKDIR /app
 
-COPY /certbot/keycloak-certs/keycloak_certificate.pem /usr/local/share/ca-certificates/keycloak_certificate.pem
-
-RUN update-ca-certificates
-
-
 # Copy requirements file and install dependencies
 COPY requirements.txt /app/
 # RUN pip install --no-cache-dir -r requirements.txt
 
 RUN pip install --trusted-host pypi.python.org -r requirements.txt
 
-
 # Copy the Flask application code into the container
 COPY . /app/
 
-
-ENV NAME dashboard
+ENV NAME=dashboard
 
 # # Drop privileges for the container user
 # RUN useradd -m myuser
 # USER myuser
 
 # Expose the port that the Flask app runs on
-EXPOSE 3000
+EXPOSE 5000
 
 # Set the command to run the Flask app
 # CMD ["gunicorn", "-w", "2", "-b", "0.0.0.0:443", "--certfile=/app/certbot/conf/live/nephele.netmode.ece.ntua.gr/cert.pem", "--keyfile=/app/certbot/conf/live/nephele.netmode.ece.ntua.gr/privkey.pem", "app:dashboard"]

dashboard/app.py → backend/app.py

@@ -6,7 +6,6 @@ from config import configs
 from errors import errors, error_handlers
 from models import db
 from blueprints.dashboard import dashboard
-from dotenv import load_dotenv
 from flasgger import Swagger
 from flask_cors import CORS, cross_origin
 
@@ -21,19 +20,9 @@ def create_app(app_name='dashboard'):
     app = Flask(app_name, static_url_path='', static_folder='nephele-front/dist/spa/')
     swagger = Swagger(app)
     cors = CORS(app)
-    app.config['CORS_HEADERS'] = 'Content-Type'
 
-    with open('keycloak.json', 'r') as file:
-        keycloak_config = json.load(file)
-    load_dotenv()
-    app.config['FLASK_USERNAME'] = os.getenv('FLASK_USERNAME')
-    app.config['FLASK_PASSWORD'] = os.getenv('FLASK_PASSWORD')
-    app.config['KEYCLOAK_URL'] = keycloak_config['web']['keycloak_url']
-    app.config['REALM_NAME'] = keycloak_config['web']['realm']
-    app.config['CLIENT_ID'] = keycloak_config['web']['client_id']
-    app.config['CLIENT_SECRET'] = keycloak_config['web']['client_secret']
-    app.config['SECRET_KEY'] = keycloak_config['web'].get('app_secret_key', 'your_secret_key')
-    app.config['FORCE_HTTPS'] = True
+    app.config.from_object(configs[env])
+    app.config['CORS_HEADERS'] = 'Content-Type'
 
     # Load other configurations as needed
     app.config.from_object(configs[env])

dashboard/blueprints/dashboard.py → backend/blueprints/dashboard.py

@@ -53,6 +53,7 @@ keycloak_admin = KeycloakAdmin(server_url=dashboard_config.KEYCLOAK_URL,
                                 client_id=dashboard_config.CLIENT_ID,
                                 client_secret_key=dashboard_config.CLIENT_SECRET,
                                 verify=True)
+
 # print (keycloak_admin.token)
 keycloak_openid = KeycloakOpenID(server_url=dashboard_config.KEYCLOAK_URL,
                                     client_id=dashboard_config.CLIENT_ID,
@@ -93,7 +94,7 @@ def obtain_backend_access_token():
     token = keycloak_admin.token
     return token['access_token']
 
-#TODO make this work with refresh 
+#TODO make this work with refresh
 def obtain_backend_openID_token():
     keycloak_openid = KeycloakOpenID(server_url=dashboard_config.KEYCLOAK_URL,
                                     client_id=dashboard_config.CLIENT_ID,
@@ -130,9 +131,9 @@ def check_group_access():
     # Exclude certain routes from requiring authorization
     if request.path in PUBLIC_ROUTES:
         return
-    
-    try: 
-        data=request.json 
+
+    try:
+        data=request.json
         group_name = data.get('project_name')
         # print ("group", group_name)
     except BadRequest:
@@ -160,11 +161,11 @@ def check_group_access():
         user_id = keycloak_admin.get_user_id(username=username)
         if not is_user_in_group(user_id, group_name):
             return jsonify({'error': 'Access denied'}), 403
-    else: 
+    else:
         return jsonify({'error': 'Access denied'}), 403
 
 @dashboard.route('/user_groups', methods=['POST'])
-@login_required  
+@login_required
 @swag_from('swagger_docs/user_groups.yml')
 def get_user_groups():
     # Extract access token from request headers
@@ -175,7 +176,7 @@ def get_user_groups():
             return jsonify({'error': 'Access token missing'}), 401
         # Get userinfo from Keycloak using the access token
         print ("access token", access_token)
-        try: 
+        try:
             userinfo = keycloak_openid.userinfo(access_token)
         except KeycloakAuthenticationError:
             return jsonify({'error': 'Access token invalid'}), 401
@@ -192,9 +193,9 @@ def get_user_groups():
             return jsonify({'error': 'Failed to get user groups from Keycloak'}), 404
         # Everything went ok return groups for specific username
         return jsonify({'username': username, 'groups': user_groups})
-    else: 
-        return jsonify({'error': 'Access denied'}), 401 
-    
+    else:
+        return jsonify({'error': 'Access denied'}), 401
+
 
 # Route for creating a new project
 @dashboard.route('/create_project', methods=['POST'])
@@ -241,7 +242,7 @@ def create_project():
         try:
             keycloak_admin.group_user_add(user_id, group_id)
         except KeycloakPutError:
-            return jsonify({'message': 'User already belong to group'})          
+            return jsonify({'message': 'User already belong to group'})
     else:
         return jsonify({'message': 'User does not exist'})
     return jsonify({'message': 'Project created successfully and User is Assigned to Group'})
@@ -251,7 +252,7 @@ def create_project():
 def refresh_token():
     # print (request.form)
     refresh_token = request.form['refresh_token']
-    try: 
+    try:
         tokens = keycloak_openid.refresh_token(refresh_token)
     except KeycloakPostError:
         return jsonify({'error': 'You have to login again'}), 403
@@ -260,7 +261,7 @@ def refresh_token():
         return jsonify({'access_token': access_token})
     else:
         return jsonify({'error': 'Token refresh failed'}), 401
-    
+
 # Registration route
 @dashboard.route('/register', methods=['POST'])
 @swag_from('swagger_docs/register.yml')
@@ -287,7 +288,7 @@ def register():
     # Register user
 
     # Add any additional fields required by Keycloak for user registration
-    try: 
+    try:
         user_id = keycloak_admin.create_user(payload=payload)#, email, credentials=credentials, enabled=True)
     except KeycloakPostError:
         return jsonify({'error': 'User exists'}), 409
@@ -313,7 +314,7 @@ def login():
     username = data.get('username')
     password = data.get('password')
     access_token, refresh_token = obtain_user_tokens(username, password)
-    if access_token and refresh_token:   
+    if access_token and refresh_token:
         access_token, refresh_token = obtain_user_tokens(username, password)
         # Authentication successful, return tokens as JSON response
         return jsonify({'access_token': access_token, 'refresh_token': refresh_token})
@@ -411,7 +412,7 @@ def publish_hdag():
     else:
         return f"Error: {response.status_code} - {response.text}", response.status_code
 
-#TODO Test and finalize it is not working 
+#TODO Test and finalize it is not working
 @dashboard.route('/update_hdag', methods=['POST'])
 # @swag_from('swagger_docs/update_hdag.yml')
 def update_hdag():
@@ -428,7 +429,7 @@ def update_hdag():
         return response.text #TODO propably trigger SMO! Send also the project in which is the HDAG
     else:
         return f"Error: {response.status_code} - {response.text}", response.status_code
-    
+
 @dashboard.route('/clusters', methods=['GET'])
 @swag_from('swagger_docs/clusters.yml')
 @login_required
@@ -470,7 +471,7 @@ def get_devices():
 @swag_from('swagger_docs/app_graphs.yml')
 def app_graphs():
     data = request.json
-    project_name = data.get('project_name') 
+    project_name = data.get('project_name')
     url = f'http://10.0.2.114:8000/graph/project/{project_name}'
     response = requests.get(url)
     data = response.json()