From 9b0481b25888c8803984909bea74dd6212039d24 Mon Sep 17 00:00:00 2001 From: Till Wegmueller Date: Sat, 29 Nov 2025 15:38:07 +0100 Subject: [PATCH] refactor: update crabidp references to barycenter and add Gateway API support MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Replace all remaining references to "crabidp" with "barycenter" across: - Source code (error diagnostics, CLI name, comments) - Configuration files and defaults - Environment variable prefixes (CRABIDP__ → BARYCENTER__) - Documentation (CLAUDE.md, README.md, DEPLOYMENT.md) - Deployment configurations (Docker Compose, Helm, systemd, FreeBSD, illumos) - Database filenames (crabidp.db → barycenter.db) Add Kubernetes Gateway API support to Helm chart: - New HTTPRoute template for Gateway API - Configurable parentRefs, hostnames, filters, and weights - Support for advanced traffic management features - Gateway API as modern alternative to traditional Ingress - Documentation and examples in DEPLOYMENT.md Benefits of Gateway API: - More expressive and extensible routing - Role-oriented design with separation of concerns - Better vendor portability - Advanced traffic management capabilities The Helm chart now supports both traditional Ingress and Gateway API, allowing users to choose based on their cluster capabilities and requirements. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- .claude/settings.local.json | 10 ++- CLAUDE.md | 2 +- DEPLOYMENT.md | 63 ++++++++++++++++--- README.md | 2 +- config.toml | 2 +- deploy/freebsd/README.md | 2 +- .../helm/barycenter/templates/httproute.yaml | 36 +++++++++++ deploy/helm/barycenter/values.yaml | 28 ++++++++- deploy/illumos/README.md | 4 +- deploy/systemd/README.md | 4 +- docker-compose.yml | 8 +-- src/errors.rs | 14 ++--- src/main.rs | 2 +- src/settings.rs | 4 +- 14 files changed, 148 insertions(+), 33 deletions(-) create mode 100644 deploy/helm/barycenter/templates/httproute.yaml diff --git a/.claude/settings.local.json b/.claude/settings.local.json index 9835063..ce61f6a 100644 --- a/.claude/settings.local.json +++ b/.claude/settings.local.json @@ -13,7 +13,15 @@ "Bash(pkill:*)", "mcp__github__search_repositories", "mcp__github__get_me", - "mcp__github__search_users" + "mcp__github__search_users", + "Bash(git push:*)", + "Bash(mkdir:*)", + "Bash(git add:*)", + "Bash(gh run list:*)", + "Bash(gh run view:*)", + "Bash(cargo fmt:*)", + "Bash(cargo clippy:*)", + "Bash(rm:*)" ], "deny": [], "ask": [] diff --git a/CLAUDE.md b/CLAUDE.md index 466f4c6..917eead 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -64,7 +64,7 @@ cargo nextest run test_name The application loads configuration from: 1. Default values (defined in `src/settings.rs`) 2. Configuration file (default: `config.toml`) -3. Environment variables with prefix `CRABIDP__` (e.g., `CRABIDP__SERVER__PORT=9090`) +3. Environment variables with prefix `BARYCENTER__` (e.g., `BARYCENTER__SERVER__PORT=9090`) Environment variables use double underscores as separators for nested keys. diff --git a/DEPLOYMENT.md b/DEPLOYMENT.md index aa39775..7636224 100644 --- a/DEPLOYMENT.md +++ b/DEPLOYMENT.md @@ -71,7 +71,7 @@ Edit `docker-compose.yml` to customize: ```yaml environment: - RUST_LOG=info - - CRABIDP__SERVER__PUBLIC_BASE_URL=https://idp.example.com + - BARYCENTER__SERVER__PUBLIC_BASE_URL=https://idp.example.com ``` --- @@ -150,6 +150,53 @@ helm install barycenter ./deploy/helm/barycenter \ --values my-values.yaml ``` +4. **Using Gateway API instead of Ingress:** + +The Helm chart supports Kubernetes Gateway API as a modern alternative to Ingress. Gateway API requires the Gateway API CRDs to be installed in your cluster. + +Create `gateway-values.yaml`: + +```yaml +# Disable traditional Ingress +ingress: + enabled: false + +# Enable Gateway API +gatewayAPI: + enabled: true + parentRefs: + - name: my-gateway + namespace: gateway-system + sectionName: https # Optional: target specific listener + hostnames: + - idp.example.com + annotations: + # Optional annotations for the HTTPRoute + example.com/custom: value + +config: + server: + publicBaseUrl: "https://idp.example.com" + +persistence: + enabled: true + size: 20Gi +``` + +Install with Gateway API: + +```bash +helm install barycenter ./deploy/helm/barycenter \ + --namespace barycenter \ + --values gateway-values.yaml +``` + +**Benefits of Gateway API:** +- More expressive and extensible than Ingress +- Role-oriented design with clear separation of concerns +- Better support for advanced traffic management +- Vendor-neutral and portable across implementations + ### Management **Upgrade:** @@ -297,15 +344,15 @@ sudo svcadm enable barycenter ### Environment Variables -All configuration can be overridden using environment variables with the `CRABIDP__` prefix: +All configuration can be overridden using environment variables with the `BARYCENTER__` prefix: ```bash # Override server settings -export CRABIDP__SERVER__PORT=9090 -export CRABIDP__SERVER__PUBLIC_BASE_URL=https://idp.example.com +export BARYCENTER__SERVER__PORT=9090 +export BARYCENTER__SERVER__PUBLIC_BASE_URL=https://idp.example.com # Override database -export CRABIDP__DATABASE__URL=sqlite:///custom/path/db.sqlite +export BARYCENTER__DATABASE__URL=sqlite:///custom/path/db.sqlite # Set logging export RUST_LOG=debug @@ -322,7 +369,7 @@ port = 8080 public_base_url = "https://idp.example.com" # Required in production [database] -url = "sqlite://crabidp.db?mode=rwc" +url = "sqlite://barycenter.db?mode=rwc" [keys] jwks_path = "data/jwks.json" @@ -399,7 +446,7 @@ chown barycenter:barycenter /var/lib/barycenter **Critical files to backup:** 1. Private RSA key (`private_key.pem`) -2. Database (`crabidp.db`) +2. Database (`barycenter.db`) 3. Configuration (`config.toml`) **Backup script example:** @@ -410,7 +457,7 @@ BACKUP_DIR=/backup/barycenter/$(date +%Y%m%d) mkdir -p $BACKUP_DIR # Backup database -sqlite3 /var/lib/barycenter/crabidp.db ".backup '$BACKUP_DIR/crabidp.db'" +sqlite3 /var/lib/barycenter/barycenter.db ".backup '$BACKUP_DIR/barycenter.db'" # Backup keys and config cp /var/lib/barycenter/data/private_key.pem $BACKUP_DIR/ diff --git a/README.md b/README.md index 5a7f66a..a92594b 100644 --- a/README.md +++ b/README.md @@ -53,7 +53,7 @@ port = 8080 public_base_url = "http://localhost:8080" [database] -connection_string = "sqlite://crabidp.db?mode=rwc" +connection_string = "sqlite://barycenter.db?mode=rwc" [keys] jwks_path = "data/jwks.json" diff --git a/config.toml b/config.toml index daaa5d4..52e4233 100644 --- a/config.toml +++ b/config.toml @@ -5,7 +5,7 @@ port = 8080 # public_base_url = "https://idp.example.com" [database] -url = "sqlite://crabidp.db?mode=rwc" +url = "sqlite://barycenter.db?mode=rwc" [keys] jwks_path = "data/jwks.json" diff --git a/deploy/freebsd/README.md b/deploy/freebsd/README.md index 7da7610..cacd933 100644 --- a/deploy/freebsd/README.md +++ b/deploy/freebsd/README.md @@ -37,7 +37,7 @@ This directory contains rc.d script for running Barycenter on FreeBSD systems. Edit `/usr/local/etc/barycenter/config.toml` and update paths: ```toml [database] - url = "sqlite:///var/db/barycenter/crabidp.db?mode=rwc" + url = "sqlite:///var/db/barycenter/barycenter.db?mode=rwc" [keys] jwks_path = "/var/db/barycenter/data/jwks.json" diff --git a/deploy/helm/barycenter/templates/httproute.yaml b/deploy/helm/barycenter/templates/httproute.yaml new file mode 100644 index 0000000..1be0cf6 --- /dev/null +++ b/deploy/helm/barycenter/templates/httproute.yaml @@ -0,0 +1,36 @@ +{{- if .Values.gatewayAPI.enabled }} +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: {{ include "barycenter.fullname" . }} + labels: + {{- include "barycenter.labels" . | nindent 4 }} + {{- with .Values.gatewayAPI.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- with .Values.gatewayAPI.parentRefs }} + parentRefs: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.gatewayAPI.hostnames }} + hostnames: + {{- toYaml . | nindent 4 }} + {{- end }} + rules: + - matches: + - path: + type: PathPrefix + value: / + backendRefs: + - name: {{ include "barycenter.fullname" . }} + port: {{ .Values.service.port }} + {{- if .Values.gatewayAPI.backendWeight }} + weight: {{ .Values.gatewayAPI.backendWeight }} + {{- end }} + {{- with .Values.gatewayAPI.filters }} + filters: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/deploy/helm/barycenter/values.yaml b/deploy/helm/barycenter/values.yaml index d1b8495..b7135f2 100644 --- a/deploy/helm/barycenter/values.yaml +++ b/deploy/helm/barycenter/values.yaml @@ -55,6 +55,30 @@ ingress: # hosts: # - idp.example.com +# Kubernetes Gateway API support (alternative to Ingress) +# Requires Gateway API CRDs to be installed in the cluster +gatewayAPI: + enabled: false + annotations: {} + # Reference to the Gateway resource + parentRefs: + - name: gateway + namespace: gateway-system + # Optional: specify listener name + # sectionName: https + # Hostnames for the HTTPRoute + hostnames: + - idp.example.com + # Optional: backend weight for traffic splitting + # backendWeight: 100 + # Optional: filters for request/response modification + filters: [] + # - type: RequestHeaderModifier + # requestHeaderModifier: + # add: + # - name: X-Custom-Header + # value: custom-value + resources: limits: cpu: 1000m @@ -84,7 +108,7 @@ config: # publicBaseUrl: "https://idp.example.com" database: - url: "sqlite:///app/data/crabidp.db?mode=rwc" + url: "sqlite:///app/data/barycenter.db?mode=rwc" keys: jwksPath: "/app/data/jwks.json" @@ -99,7 +123,7 @@ env: - name: RUST_LOG value: "info" # Add additional environment variables here - # - name: CRABIDP__SERVER__PUBLIC_BASE_URL + # - name: BARYCENTER__SERVER__PUBLIC_BASE_URL # value: "https://idp.example.com" # Persistence for database and keys diff --git a/deploy/illumos/README.md b/deploy/illumos/README.md index 3dffe5a..5df4f59 100644 --- a/deploy/illumos/README.md +++ b/deploy/illumos/README.md @@ -40,7 +40,7 @@ This directory contains SMF (Service Management Facility) manifest for running B Edit `/etc/barycenter/config.toml` and update paths: ```toml [database] - url = "sqlite:///var/barycenter/crabidp.db?mode=rwc" + url = "sqlite:///var/barycenter/barycenter.db?mode=rwc" [keys] jwks_path = "/var/barycenter/data/jwks.json" @@ -110,7 +110,7 @@ To set environment variables, edit the manifest and modify the `method_environme ```xml - + ``` diff --git a/deploy/systemd/README.md b/deploy/systemd/README.md index 2ca4b79..d0a6200 100644 --- a/deploy/systemd/README.md +++ b/deploy/systemd/README.md @@ -32,7 +32,7 @@ This directory contains systemd service files for running Barycenter on Linux sy Edit `/etc/barycenter/config.toml` and update paths: ```toml [database] - url = "sqlite:///var/lib/barycenter/crabidp.db?mode=rwc" + url = "sqlite:///var/lib/barycenter/barycenter.db?mode=rwc" [keys] jwks_path = "/var/lib/barycenter/data/jwks.json" @@ -89,6 +89,6 @@ You can override configuration using environment variables in the service file: ```ini [Service] -Environment="CRABIDP__SERVER__PUBLIC_BASE_URL=https://idp.example.com" +Environment="BARYCENTER__SERVER__PUBLIC_BASE_URL=https://idp.example.com" Environment="RUST_LOG=debug" ``` diff --git a/docker-compose.yml b/docker-compose.yml index a8f5c62..6459709 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -14,11 +14,11 @@ services: environment: # Override config via environment variables - # Use CRABIDP__ prefix with double underscores for nested keys + # Use BARYCENTER__ prefix with double underscores for nested keys - RUST_LOG=info - # Example: CRABIDP__SERVER__PORT=8080 - # Example: CRABIDP__SERVER__PUBLIC_BASE_URL=https://idp.example.com - # Example: CRABIDP__DATABASE__URL=sqlite:///app/data/crabidp.db?mode=rwc + # Example: BARYCENTER__SERVER__PORT=8080 + # Example: BARYCENTER__SERVER__PUBLIC_BASE_URL=https://idp.example.com + # Example: BARYCENTER__DATABASE__URL=sqlite:///app/data/barycenter.db?mode=rwc volumes: # Persist database and keys diff --git a/src/errors.rs b/src/errors.rs index 10f5012..640f818 100644 --- a/src/errors.rs +++ b/src/errors.rs @@ -4,31 +4,31 @@ use thiserror::Error; #[derive(Debug, Error, Diagnostic)] pub enum CrabError { #[error("I/O error: {0}")] - #[diagnostic(code(crabidp::io))] + #[diagnostic(code(barycenter::io))] Io(#[from] std::io::Error), #[error("Config error: {0}")] - #[diagnostic(code(crabidp::config))] + #[diagnostic(code(barycenter::config))] Config(#[from] config::ConfigError), #[error("Serialization error: {0}")] - #[diagnostic(code(crabidp::serde))] + #[diagnostic(code(barycenter::serde))] Serde(#[from] serde_json::Error), #[error("Database error: {0}")] - #[diagnostic(code(crabidp::db))] + #[diagnostic(code(barycenter::db))] Db(#[from] sea_orm::DbErr), #[error("JOSE error: {0}")] - #[diagnostic(code(crabidp::jose))] + #[diagnostic(code(barycenter::jose))] Jose(String), #[error("Bad request: {0}")] - #[diagnostic(code(crabidp::bad_request))] + #[diagnostic(code(barycenter::bad_request))] BadRequest(String), #[error("{0}")] - #[diagnostic(code(crabidp::other))] + #[diagnostic(code(barycenter::other))] Other(String), } diff --git a/src/main.rs b/src/main.rs index 135db29..6c897b0 100644 --- a/src/main.rs +++ b/src/main.rs @@ -10,7 +10,7 @@ use miette::{IntoDiagnostic, Result}; use tracing_subscriber::{fmt, EnvFilter}; #[derive(Parser, Debug)] -#[command(name = "crabidp", version, about = "OpenID Connect IdP (scaffold)")] +#[command(name = "barycenter", version, about = "OpenID Connect Identity Provider")] struct Cli { /// Path to configuration file #[arg(short, long, default_value = "config.toml")] diff --git a/src/settings.rs b/src/settings.rs index 22d3017..ae4382e 100644 --- a/src/settings.rs +++ b/src/settings.rs @@ -20,7 +20,7 @@ pub struct Server { #[derive(Debug, Clone, Serialize, Deserialize)] pub struct Database { - /// SeaORM/SQLx connection string, e.g., sqlite://crabidp.db?mode=rwc + /// SeaORM/SQLx connection string, e.g., sqlite://barycenter.db?mode=rwc pub url: String, } @@ -55,7 +55,7 @@ impl Default for Server { impl Default for Database { fn default() -> Self { Self { - url: "sqlite://crabidp.db?mode=rwc".to_string(), + url: "sqlite://barycenter.db?mode=rwc".to_string(), } } }