[9.101.x-prod] SRVLOGIC-390: Adjust cors configuration for the dev profile deployments, and JS and DI deployments

bundle.prod/manifests/logic-operator-rhel8-controllers-config_v1_configmap.yaml

@@ -1,6 +1,6 @@
 apiVersion: v1
 data:
-  controllers_cfg.yaml: |-
+  controllers_cfg.yaml: |
     # The default size of Kaniko PVC when using the internal operator builder manager
     defaultPvcKanikoSize: 1Gi
     # How much time (in seconds) to wait for a devmode workflow to start.

bundle.prod/manifests/logic-operator-rhel8.clusterserviceversion.yaml

@@ -787,10 +787,10 @@ spec:
                 resources:
                   limits:
                     cpu: 500m
-                    memory: 128Mi
+                    memory: 500Mi
                   requests:
-                    cpu: 10m
-                    memory: 64Mi
+                    cpu: 100m
+                    memory: 200Mi
                 securityContext:
                   allowPrivilegeEscalation: false
                   capabilities:

bundle/manifests/sonataflow-operator.clusterserviceversion.yaml

@@ -779,10 +779,10 @@ spec:
                 resources:
                   limits:
                     cpu: 500m
-                    memory: 128Mi
+                    memory: 500Mi
                   requests:
-                    cpu: 10m
-                    memory: 64Mi
+                    cpu: 100m
+                    memory: 200Mi
                 securityContext:
                   allowPrivilegeEscalation: false
                   capabilities:

config/manager/manager.yaml

@@ -56,9 +56,9 @@ spec:
         resources:
           limits:
             cpu: 500m
-            memory: 128Mi
+            memory: 500Mi
           requests:
-            cpu: 10m
-            memory: 64Mi
+            cpu: 100m
+            memory: 200Mi
       serviceAccountName: controller-manager
       terminationGracePeriodSeconds: 10

config/manager/prod/SonataFlow-Builder.containerfile

@@ -1,4 +1,4 @@
-FROM registry.redhat.io/openshift-serverless-1/logic-swf-builder-rhel8:latest AS builder
+FROM registry.redhat.io/openshift-serverless-1/logic-swf-builder-rhel8:1.34.0 AS builder
 
 # variables that can be overridden by the builder
 # To add a Quarkus extension to your application

config/manager/prod/manager.yaml

@@ -55,9 +55,9 @@ spec:
         resources:
           limits:
             cpu: 500m
-            memory: 128Mi
+            memory: 500Mi
           requests:
-            cpu: 10m
-            memory: 64Mi
+            cpu: 100m
+            memory: 200Mi
       serviceAccountName: controller-manager
       terminationGracePeriodSeconds: 10

controllers/discovery/discovery_openshift_test.go

@@ -33,11 +33,11 @@ import (
 )
 
 func Test_QueryOpenShiftRoute(t *testing.T) {
-	doTestQueryOpenShiftRoute(t, false, "http://openshiftroutehost1:80")
+	doTestQueryOpenShiftRoute(t, false, "http://openshiftroutehost1")
 }
 
 func Test_QueryOpenShiftRouteWithTLS(t *testing.T) {
-	doTestQueryOpenShiftRoute(t, true, "https://openshiftroutehost1:443")
+	doTestQueryOpenShiftRoute(t, true, "https://openshiftroutehost1")
 }
 
 func doTestQueryOpenShiftRoute(t *testing.T, tls bool, expectedUri string) {

controllers/discovery/openshift_catalog.go

@@ -107,12 +107,11 @@ func (c openShiftServiceCatalog) resolveOpenShiftRouteQuery(ctx context.Context,
 		return "", err
 	} else {
 		scheme := httpProtocol
-		port := defaultHttpPort
 		if route.Spec.TLS != nil {
 			scheme = httpsProtocol
-			port = defaultHttpsPort
 		}
-		return buildURI(scheme, route.Spec.Host, port), nil
+		// the OpenShift routes are only opened at the http/https standard ports.
+		return fmt.Sprintf("%s://%s", scheme, route.Spec.Host), nil
 	}
 }
 

controllers/profiles/common/constants/workflows.go

@@ -24,4 +24,6 @@ const (
 	KnativeInjectedEnvVar                    = "${K_SINK}"
 	KnativeEventingBrokerDefault             = "default"
 	QuarkusDevUICorsEnabled                  = "quarkus.dev-ui.cors.enabled"
+	QuarkusHttpCors                          = "quarkus.http.cors"
+	QuarkusHttpCorsOrigins                   = "quarkus.http.cors.origins"
 )

controllers/profiles/common/properties/managed.go

@@ -97,6 +97,10 @@ func (a *managedPropertyHandler) Build() string {
 		// produce the MicroProfileConfigServiceCatalog properties for the service discovery property values if any.
 		discoveryProps.Merge(generateDiscoveryProperties(a.ctx, a.catalog, userProps, a.workflow))
 	}
+	if profiles.IsDevProfile(a.workflow) && a.requireServiceDiscovery() {
+		// produce dev profile properties that must be calculated at service discovery time.
+		setDevProfileDiscoveryProperties(a.ctx, a.catalog, a.defaultManagedProperties, a.workflow)
+	}
 	userProps = utils.NewApplicationPropertiesBuilder().
 		WithInitialProperties(discoveryProps).
 		WithImmutableProperties(properties.MustLoadString(immutableApplicationProperties)).
@@ -191,6 +195,26 @@ func setDevProfileProperties(props *properties.Properties) {
 	props.Set(constants.QuarkusDevUICorsEnabled, "false")
 }
 
+func setDevProfileDiscoveryProperties(ctx context.Context, catalog discovery.ServiceCatalog, props *properties.Properties, workflow *operatorapi.SonataFlow) {
+	if utils.IsOpenShift() {
+		// in OpenShift deployments the route is created before the workflow, at this point it can be queried safely.
+		routeUrl, err := catalog.Query(ctx, *discovery.NewResourceUriBuilder(discovery.OpenshiftScheme).
+			Kind("routes").
+			Group("route.openshift.io").
+			Version("v1").
+			Namespace(workflow.Namespace).
+			Name(workflow.Name).
+			Build(),
+			discovery.KubernetesDNSAddress)
+		if err != nil {
+			klog.V(log.E).ErrorS(err, "An error was produced while getting workflow route url. ", "workflow", workflow.Name)
+		} else {
+			props.Set(constants.QuarkusHttpCors, "true")
+			props.Set(constants.QuarkusHttpCorsOrigins, routeUrl)
+		}
+	}
+}
+
 // ApplicationManagedProperties immutable default application properties that can be used with any workflow based on Quarkus.
 // Alias for NewManagedPropertyHandler(workflow).Build()
 func ApplicationManagedProperties(workflow *operatorapi.SonataFlow, platform *operatorapi.SonataFlowPlatform) (string, error) {

controllers/profiles/dev/states_dev.go

@@ -74,6 +74,15 @@ func (e *ensureRunningWorkflowState) Do(ctx context.Context, workflow *operatora
 	if err != nil {
 		return ctrl.Result{Requeue: false}, objs, err
 	}
+
+	// Create the OpenShift route before starting the WF deployment.
+	// Non OpenShift deployments executes no-ops.
+	route, _, err := e.ensurers.network.Ensure(ctx, workflow)
+	if err != nil {
+		return ctrl.Result{RequeueAfter: constants.RequeueAfterFailure}, objs, err
+	}
+	objs = append(objs, route)
+
 	if pl != nil && len(pl.Spec.DevMode.BaseImage) > 0 {
 		devBaseContainerImage = pl.Spec.DevMode.BaseImage
 	}
@@ -111,12 +120,6 @@ func (e *ensureRunningWorkflowState) Do(ctx context.Context, workflow *operatora
 	}
 	objs = append(objs, service)
 
-	route, _, err := e.ensurers.network.Ensure(ctx, workflow)
-	if err != nil {
-		return ctrl.Result{RequeueAfter: constants.RequeueAfterFailure}, objs, err
-	}
-	objs = append(objs, route)
-
 	if knativeObjs, err := common.NewKnativeEventingHandler(e.StateSupport).Ensure(ctx, workflow); err != nil {
 		return ctrl.Result{RequeueAfter: constants.RequeueAfterFailure}, objs, err
 	} else {

operator.yaml

@@ -27131,10 +27131,10 @@ spec:
         resources:
           limits:
             cpu: 500m
-            memory: 128Mi
+            memory: 500Mi
           requests:
-            cpu: 10m
-            memory: 64Mi
+            cpu: 100m
+            memory: 200Mi
         securityContext:
           allowPrivilegeEscalation: false
           capabilities: