Update Helm charts to make ingress-nginx more configurable

Given we want to try out Direktiv in Kubernetes When we install the dependencies Then we want the ability to be able to bring our own ingress-nginx, and set our own annotations for the ingress so for things like external dns, cert manager etc.

Acceptance criteria:

API Ingress Manifest

charts/direktiv/templates/ingress-api.yaml

• [ ] Add Annotations to charts/direktiv/values.yaml under ingress line 92 for ingress-api.yaml

UI Ingress Manifest

charts/direktiv/templates/ingress-ui.yaml

• [ ] Add Annotations to charts/direktiv/values.yaml under ingress line 92 for ingress-ui.yaml

Note: it could be better to put the ingress configuration under the ui: and api: as it will make it scalable for the future

Add ingress-nginx dependency as optional

charts/direktiv/Chart.yaml

• [ ] Have a flag for whether you install the ingress-nginx or not.

Is your feature request related to a problem? Please describe.

It would be good if the instance could access the instance id. If I want to publish events and want to use something as context value to wait for e.g. multiple async subflows.

Describe the solution you'd like

Up for discussion

Describe alternatives you've considered

At the moment I'm using something like jq(.name + (now | todateiso8601 | fromdate | tostring)). Not so nice output.

Describe the bug A clear and concise description of what the bug is.

To Reproduce Steps to reproduce the behavior:

1. docker run --privileged -p 8080:80 -ti vorteil/direktiv-kube (done,It works)
2. direkcli namespaces create demo (done,It works)
3. create test.yml file below content (done)

`id: check-nsfw-image description: "Classify an image uploaded to Azure Blob Storage as SFW or NSFW using Google Vision, AWS Lambda and Azure Storage functions" start: type: event state: getRatingFromGoogleVision event: type: Microsoft.Storage.BlobCreated functions:

• id: imageCheck image: vorteil/imagerecognition:v2
• id: awslambda image: vorteil/lambda:v2
• id: send-email image: vorteil/smtp:v2
• id: azureupload image: vorteil/azure-upload:v2
• id: azurecli image: vorteil/azgo:v2 size: large
  states:
• id: getRatingFromGoogleVision type: action action: secrets: ["GOOGLE_SERVICE_ACCOUNT_KEY"] function: imageCheck input: '{ "url": ."Microsoft.Storage.BlobCreated".url, "serviceAccountKey": .secrets.GOOGLE_SERVICE_ACCOUNT_KEY
  }' transition: checkRatingForImage
• id: checkRatingForImage log: "." type: switch conditions:
  • condition: .return.safeForWork == true transition: addWaterMarkApproved defaultTransition: addWaterMarkNotApproved
• id: addWaterMarkApproved type: action action: function: awslambda secrets: ["LAMBDA_KEY", "LAMBDA_SECRET"] input: '{ key: .secrets.LAMBDA_KEY, secret: .secrets.LAMBDA_SECRET, region: "ap-southeast-2", function: "python-watermark", body: { imageurl: ."Microsoft.Storage.BlobCreated".url, message: "Approved by Direktiv.io", } }' transform: '.notify = .return | del(.return)' transition: copyFileToSafeForWork
• id: addWaterMarkNotApproved type: action action: function: awslambda secrets: ["LAMBDA_KEY", "LAMBDA_SECRET"] input: '{ key: .secrets.LAMBDA_KEY, secret: .secrets.LAMBDA_SECRET, region: "ap-southeast-2", function: "python-watermark", body: { imageurl: ."Microsoft.Storage.BlobCreated".url, message: "Not approved by Direktiv.io", } }' transform: '.notify = .return | del(.return)' transition: sendEmail
• id: sendEmail type: action log: "." action: function: send-email secrets: ["GMAIL_PASSWORD"] input: '{ "from": "[email protected]", "to": "[email protected]", "subject": "Direktiv NSFW Image Workflow", "message": "NSFW Image detected", "server": "smtp.gmail.com", "port": 587, "password": .secrets.GMAIL_PASSWORD }' transition: copyFileToNotSafeForWork
• id: copyFileToNotSafeForWork type: action log: "." action: secrets: ["AZ_STORAGE_ACCOUNT", "AZ_STORAGE_KEY"] function: azureupload input: '{ "container": "not-safe-for-work", "storage-account": .secrets.AZ_STORAGE_ACCOUNT, "storage-account-key": .secrets.AZ_STORAGE_KEY, "data": .notify.body, "upload-name": ."Microsoft.Storage.BlobCreated".url | capture("(?[a-z.]+$)").filename }' transition: cleanup
• id: copyFileToSafeForWork type: action log: "." action: secrets: ["AZ_STORAGE_ACCOUNT", "AZ_STORAGE_KEY"] function: azureupload input: '{ "container": "safe-for-work", "storage-account": .secrets.AZ_STORAGE_ACCOUNT, "storage-account-key": .secrets.AZ_STORAGE_KEY, "data": .notify.body, "upload-name": ."Microsoft.Storage.BlobCreated".url | capture("(?[a-z.]+$)").filename }' transition: cleanup
• id: cleanup type: action action: secrets: ["AZ_STORAGE_ACCOUNT", "AZ_NAME", "AZ_PASSWORD", "AZ_TENANT","AZ_STORAGE_KEY"] function: azurecli input: '{ "name": .secrets.AZ_NAME, "password": .secrets.AZ_PASSWORD, "tenant": .secrets.AZ_TENANT, "command": ["storage", "blob", "delete", "--container", "processing", "--name", (."Microsoft.Storage.BlobCreated".url | split("processing/")[1]), "--account-name", .secrets.AZ_STORAGE_ACCOUNT, "--account-key", .secrets.AZ_STORAGE_KEY] }' `

4. ./direkcli workflows create demo test.yml (failed)

Expected behavior

Screenshots

Desktop (please complete the following information):

• OS: Macos Big Sur 11.3

I want to use direktiv to do some ci job in serverless worker , but after I look up the function document(link), I find we cannot mount something to pod, so we cannot do docker in docker , that means we cannot use docker or podman to operate image. How can we create a function to do CI job now ?

Description

Please describe the aim of the pull request and the changes made in the commits.

Purpose

• [ ] Bug fix
• [ ] New feature
• [ ] Other

How was this tested? (if applicable)

Please describe how the proposed changes have been tested, and the outcome of the tests.

Test Platform Details (if applicable)

Operating system: OSX/Windows 10/Ubuntu 20.04/etc.

CLI version:

Hypervisors/Platforms (if applicable): qemu/hyper-v/google cloud platform/vmware workstation/etc

Kernel version (if applicable):

Checklist

• [ ] Code is commented
• [ ] Unit test coverage encompasses new code
• [ ] Existing unit tests pass with these changes
• [ ] PR is signed

Describe the bug

Upgrading to latest ent schemas will trigger the following error on postgres if it's using a older database.

2021-11-30 13:57:10.201 AEST [864] ERROR:  column "created_at" contains null values
2021-11-30 13:57:10.201 AEST [864] STATEMENT:  ALTER TABLE "refs" ADD COLUMN "created_at" timestamp with time zone NOT NULL

We need to investigate if its possible to adjust the migration process of ent to accommodate for this new column. Or if there is something we can change in the schema.

Is your feature request related to a problem? Please describe.

All other states accept JQ input for their fields. The error state can only accept a string for the error field. I wanted to catch an error, handle it and then still raise it after. The use-case would be to do jq(.error.code) in the error field.

The message has the same "issue". If it would be JQ instead of the args field it would be easier to use because Direktiv has a basically a sprintf with jq.

Now:

- id: error-out-of-date
  type: error
  error: validation.outOfDate
  message: "food item %s is out of date"
  args:
  - jq(.item.name)

New

- id: error-out-of-date
  type: error
  error: jq(.whatever) OR my.new.error
  message: 'This is an error jq(.myvalue)'

…is provided.

Signed-off-by: Alan Murtagh [email protected]

I've decided for GET requests it's fine to assume JSON input. GET requests cannot reasonably handle binary data anyway, and if you really want to you can emulate it by passing ?input.input=, and setting to base64 encoded binary data.

in Previous version the parent workflow relate to the child workflow by field "id",Workflow does not has filed "id",how the parent workflow relate to the child workflow

Describe the bug Received an event from Google Cloud EventArc via the Direktiv container as described in the document. The event is received and can execute a workflow. When I try and trigger the event again the following error appears:

"send namespace event: method is not allowed"

Example the event input is shown below (not the data is binary - something wrong in the direktic google eventarc container code):

Context Attributes, specversion: 1.0 type: google.cloud.audit.log.v1.written source: //cloudaudit.googleapis.com/projects/exalted-iridium-367300/logs/activity id: projects/exalted-iridium-367300/logs/cloudaudit.googleapis.com%2Factivityr7a0hndbrmi1667689902263958 time: 2022-11-05T23:11:42.837387365Z datacontenttype: application/json Data (binary), { "protoPayload": { "authenticationInfo": { "principalEmail": "[email protected]" }, "requestMetadata": { "callerIp": "2601:643:4001:4c0:9c47:2941:e9b5:bc90", "callerSuppliedUserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36,gzip(gfe),gzip(gfe)" }, "serviceName": "compute.googleapis.com", "methodName": "v1.compute.instances.delete", "resourceName": "projects/exalted-iridium-367300/zones/us-central1-a/instances/instance-template-1", "serviceData": {}, "request": { "@type": "type.googleapis.com/compute.instances.delete" } }, "insertId": "r7a0hndbrmi", "resource": { "type": "gce_instance", "labels": { "instance_id": "3705468946020520950", "zone": "us-central1-a", "project_id": "exalted-iridium-367300" } }, "timestamp": "2022-11-05T23:11:42.263958Z", "severity": "NOTICE", "logName": "projects/exalted-iridium-367300/logs/cloudaudit.googleapis.com%2Factivity", "operation": { "id": "operation-1667689855034-5ecc14d67a55a-625b9bf3-04683458", "producer": "compute.googleapis.com", "last": true }, "receiveTimestamp": "2022-11-05T23:11:42.837387365Z" }

Describe the bug

I renamed a few files in https://github.com/direktiv/apps-svc. The follwoing rename actions were applied:

 rename generate-tags.yaml => generate-tags._yaml (100%)
 rename get-html.yaml => get-html._yaml (100%)
 rename get-swagger.yaml => get-swagger._yaml (100%)
 rename list.yaml => list._yaml (100%)
 rename load-spec.yaml => load-spec_.yaml (100%)
 rename load-specs.yaml => load-specs._yaml (100%)
 rename md.yaml => md._yaml (100%)
 rename pq.yaml => pq._yaml (100%)
 rename spec.yaml => spec._yaml (100%)
 rename tags.yaml => tags._yaml (100%)
 rename uri-key.yaml => uri-key._yaml (100%)
 rename uri-tag-key.yaml => uri-tag-key._yaml (100%)

The sync fails with :+1:

Mirror activity 'sync' failed: ent: validator failed for field "Inode.name": value does not match validation

The last log lines:

{"level":"info","timestamp":"2022-07-26T08:27:34Z","caller":"flow/logs.go:126","msg":"Deleted workflow '/get-swagger'.","component":"flow","build":"10e25bf","trace":"00000000000000000000000000000000","namespace":"svc","namespace-id":"8fb6dc8f-1b1d-470b-a5fa-d44b1ed75f80"}
{"level":"debug","timestamp":"2022-07-26T08:27:34Z","caller":"flow/pubsub.go:517","msg":"PS Notify Inode: c4f1d45f-8ca0-43d3-a968-26627cdb7090","component":"flow","build":"10e25bf"}
{"level":"info","timestamp":"2022-07-26T08:27:34Z","caller":"flow/logs.go:126","msg":"Deleted workflow '/uri-tag-key'.","component":"flow","build":"10e25bf","trace":"00000000000000000000000000000000","namespace":"svc","namespace-id":"8fb6dc8f-1b1d-470b-a5fa-d44b1ed75f80"}
{"level":"debug","timestamp":"2022-07-26T08:27:34Z","caller":"flow/pubsub.go:517","msg":"PS Notify Inode: c4f1d45f-8ca0-43d3-a968-26627cdb7090","component":"flow","build":"10e25bf"}
{"level":"info","timestamp":"2022-07-26T08:27:34Z","caller":"flow/logs.go:271","msg":"Mirror activity 'sync' failed: ent: validator failed for field \"Inode.name\": value does not match validation","component":"flow","build":"10e25bf","trace":"00000000000000000000000000000000","namespace":"svc","namespace-id":"8fb6dc8f-1b1d-470b-a5fa-d44b1ed75f80","mirror-id":"13340a02-1184-4ad5-b8c7-9413ae545d96"}

It seems to be obvious that it is cause by the renaming rename load-spec.yaml => load-spec_.yaml. The solution is to improve the logs? Because this was a rename to an invalid workflow name.

Description

K8s feature-gates 'TTLAfterFinished' flag was removed see this.

This PR removes 'TTLAfterFinished' usage in the k3s installation instruction.

Describe the bug Install k3s instructions in Readme is broken due to removal of this k8s feature.

--kube-apiserver-arg feature-gates=TTLAfterFinished=true need to be removed.

Is your feature request related to a problem? Please describe.

At the moment services can define commands and environment variables (0.8.0).

Additionally they should be able to run as privileged and potentially mount disks.

At the moment the API has swagger configurations but it is an implementation-first approach. This can lead to discrepancies between implementation and swagger documentation.

The API should be build on swagger first and the implementation needs to follow. That guarantees a consistent documentation and implementation.

Is your feature request related to a problem? Please describe.

The API has three services which are only implementing Server Side Events:

• watchNamespaceRevisions
• watchNamespaceRevision
• singleNamespaceServiceSSE

Although there are not needed for the UI they should be implemented for consistency.