feat: implement the gateway and auth0

AUTHENTICATION-CONFIGURATION.md

@@ -0,0 +1,208 @@
+AUTHENTICATION-CONFIGURATION.md
+# Auth0 and KrakenD Configuration Guide
+
+## Prerequisites
+Complete these configurations **before** running `./01cloud install`.
+
+## 1. Auth0 Setup
+
+### 1.1 Create Auth0 Account
+1. Go to [auth0.com](https://auth0.com) and create an account
+2. Create a new tenant
+
+### 1.2 Create Single Page Application
+1. Navigate to **Applications** → **Create Application**
+2. Select **Single Page Web Applications**
+3. Configure URLs:
+   - **Allowed Callback URLs**: `http://localhost:3000/callback`, `https://your-domain.com/callback`
+   - **Allowed Logout URLs**: `http://localhost:3000`, `https://your-domain.com`
+   - **Allowed Web Origins**: `http://localhost:3000`, `https://your-domain.com`
+
+### 1.3 Create Admin User
+Create a user with these credentials (required for database seeder):
+- **Email**: `admin@admin`
+- **Password**: `01cloud@2020`
+- **Connection**: `Username-Password-Authentication`
+
+### 1.4 Create Post-Login Action
+1. Navigate to **Actions** → **Triggers**
+2. Select **Post Login** → **Create Custom Action**
+3. Name the action (e.g., "Set Custom Claims")
+4. Copy and paste the following code:
+
+```javascript
+exports.onExecutePostLogin = async (event, api) => {
+  const namespace = 'https://myapp.com/'; // Must be a valid URI
+
+  // Helper function to safely get string values
+  const getString = (value) => {
+    if (typeof value === 'string' && value.trim()) {
+      return value.trim();
+    }
+    return null;
+  };
+
+  // Get name components with better fallback logic
+  let firstName = getString(event.user.given_name);
+  let lastName = getString(event.user.family_name);
+
+  // Apply fallback only if both are missing
+  if (!firstName && !lastName) {
+    const fullName = getString(event.user.name);
+    const nickname = getString(event.user.nickname);
+    const emailUsername = event.user.email ? event.user.email.split('@')[0].trim() : null;
+
+    if (fullName) {
+      const parts = fullName.split(/\s+/);
+      firstName = parts[0] || null;
+      lastName = parts.length > 1 ? parts.slice(1).join(' ') : null;
+    } else if (nickname) {
+      firstName = nickname;
+      lastName = null;
+    } else if (emailUsername) {
+      firstName = emailUsername;
+      lastName = null;
+    }
+  }
+
+  // Ensure we have strings (not null) for names to avoid issues
+  firstName = firstName || '-';
+  lastName = lastName || '-';
+
+  // Build profile object with proper null handling
+  const profile = {
+    email: getString(event.user.email),
+    email_verified: Boolean(event.user.email_verified),
+    first_name: firstName,
+    last_name: lastName,
+    image: getString(event.user.picture),
+    name: getString(event.user.name),
+    created_at: event.user.created_at || null,
+    updated_at: event.user.updated_at || null,
+    company: null,
+    designation: null,
+    active: true,
+    is_admin: false,
+    address_updated: false,
+    quotas: null,
+    used_demo: false,
+    reference: null
+  };
+
+  try {
+    // Set each profile key as an individual custom claim
+    Object.entries(profile).forEach(([key, value]) => {
+      api.accessToken.setCustomClaim(`${namespace}${key}`, value);
+    });
+
+    // Set roles if available
+    const roles = event.authorization?.roles || [];
+    api.accessToken.setCustomClaim(`${namespace}roles`, roles);
+
+  } catch (error) {
+    console.error('Error setting custom claims:', error);
+    // You might want to handle this error based on your requirements
+    // For now, we'll let the login continue even if claims fail
+  }
+};
+```
+
+5. Click **Deploy** to save the action
+
+### 1.5 Save Auth0 Configuration Values
+Save these values for later use:
+
+| Parameter | Location | Example |
+|-----------|----------|---------|
+| **Domain** | Application → Settings → Domain | `dev-xxx.us.auth0.comcom` |
+| **Client ID** | Application → Settings | `eyxxxxxME` |
+| **Audience** | Applications → API → API Identifier | `https://dev-xxx.us.auth0.com/api/v2/` |
+
+## 2. KrakenD Configuration
+
+### 2.1 Prepare Gateway Templates
+1. Navigate to the gateway directory:
+   ```bash
+   cd gateway
+   ```
+2. Extract the template files:
+   ```bash
+   tar -xzf krakend-templates.tgz
+   ```
+
+### 2.2 Update Auth0 Template Files
+Update the following template files with your Auth0 values:
+
+**File:** `gateway/config/dev/partials/auth0_audience.tmpl`
+```json
+"https://{{ domain-name }}.us.auth0.com/api/v2/"
+```
+
+**File:** `gateway/config/dev/partials/auth0_jwk_url.tmpl`
+```json
+"https://{{ domain-name }}/.well-known/jwks.json"
+```
+Replace `{{ domain-name }}` with your Auth0 tenant domain
+
+**File:** `gateway/config/dev/partials/auth0_validator.tmpl`
+```json
+{
+  "audience": "https://{{ domain-name }}.us.auth0.com/api/v2/",
+  "jwk_url": "https://{{ domain-name }}/.well-known/jwks.json",
+}
+```
+Update both `audience` and `jwk_url` with your actual values.
+
+### 2.3 Generate KrakenD Configuration
+From the project root directory (`01cloud-platform/`), run:
+
+```bash
+docker run \
+  --rm -it \
+  --user "$(id -u):$(id -g)" \
+  -p "8080:8080" \
+  -v "$PWD:/etc/krakend" \
+  -e FC_ENABLE=1 \
+  -e FC_SETTINGS=gateway/config/dev/settings/prod \
+  -e FC_PARTIALS=gateway/config/dev/partials \
+  -e FC_TEMPLATES=gateway/config/common/templates \
+  -e FC_OUT=/etc/krakend/gateway/krakend/files/krakend.json \
+  -e SERVICE_NAME="KrakenD API Gateway" \
+  krakend:2.10.0 check -tdc "krakend.tmpl"
+```
+
+**Note:** This command will automatically update the `krakend.json` file in the KrakenD Helm chart.
+
+## 3. Update UI Configuration
+
+### 3.1 Console UI ConfigMap
+Update the following environment variables:
+
+```yaml
+REACT_APP_AUTH0_DOMAIN: "your-tenant.auth0.com"
+REACT_APP_AUTH0_CLIENT_ID: "your_client_id"
+REACT_APP_AUTH0_AUDIENCE: "https://your-tenant.auth0.com/api/v2/"
+```
+
+### 3.2 Admin UI ConfigMap
+Update the following environment variables:
+
+```yaml
+REACT_APP_AUTH0_DOMAIN: "your-tenant.auth0.com"
+REACT_APP_AUTH0_CLIENT_ID: "your_client_id"
+REACT_APP_AUTH0_AUDIENCE: "https://your-tenant.auth0.com/api/v2/"
+```
+
+## 4. Installation
+
+After completing all configurations, run the installation script:
+
+```bash
+./01cloud install
+```
+
+## Troubleshooting
+
+- **Missing templates**: Ensure you've extracted `krakend-templates.tgz` in the gateway directory
+- **Invalid JSON**: Verify your Auth0 values are correctly formatted in the template files
+- **Authentication failures**: Double-check that all URLs and domains match exactly between Auth0 and your configuration

README.md

@@ -36,7 +36,7 @@ A local, reproducible Kubernetes development environment for the 01Cloud platfor
   - [Stopping and cleanup](#stopping-and-cleanup)
 - [Configuration](#configuration)
   - [Helm values](#helm-values)
-  - [Ingress and hostnames](#ingress-and-hostnames)
+  - [Httproutes and hostnames](#httproute-and-hostnames)
   - [Images and building locally](#images-and-building-locally)
 - [Alerting and Monitoring](#alerting-and-monitoring)
 - [Contributing](#contributing)
@@ -47,11 +47,11 @@ A local, reproducible Kubernetes development environment for the 01Cloud platfor
 
 ## Overview
 
-01Cloud Development Environment is a batteries-included local stack to run the full 01Cloud platform on Kubernetes. It automates cluster setup, installs core controllers (Ingress, Tekton, MetalLB), provisions databases and messaging, deploys all 01Cloud services via a Helm chart, and optionally seeds the system with sample configuration and data for an instant test drive.
+01Cloud Development Environment is a batteries-included local stack to run the full 01Cloud platform on Kubernetes. It automates cluster setup, installs core controllers (Gateway API, Tekton, MetalLB), provisions databases and messaging, deploys all 01Cloud services via a Helm chart, and optionally seeds the system with sample configuration and data for an instant test drive.
 
 What it does:
 - Creates or prepares a local Kubernetes cluster (Kind)
-- Installs ingress and load balancer controllers
+- Installs Gateway API and load balancer controllers
 - Deploys databases and queues (PostgreSQL, MongoDB, RabbitMQ)
 - Deploys all 01Cloud microservices via Helm and Skaffold
 - Sets up local hostnames and TLS for easy browsing
@@ -77,26 +77,28 @@ Why it was created:
 ## Features
 
 - One-command bootstrap of the full stack via a friendly CLI
-- Local Kubernetes with Kind and MetalLB, plus NGINX Ingress
+- Local Kubernetes with Kind and MetalLB, plus Gateway API Controller
 - Tekton installation for CI/CD workflows inside the cluster
 - Helm chart to deploy 01Cloud microservices with configurable values
 - Skaffold integration for dev/run/build workflows
-- Predefined services and ingresses for UI, Admin, API, Terminal, etc.
+- Predefined services and httproute for UI, Admin, API, Terminal, etc.
 - Data layer ready out-of-the-box: PostgreSQL, MongoDB, RabbitMQ
 - Seeder utility to populate default configuration and sample data
 - Hostname automation to route staging.* domains to your local cluster
 - Clean teardown of services and data
+- Integrated Auth0 authentication with KrakenD API Gateway
 
 ---
 
 ## Architecture and Components
 
 Core components deployed by this environment:
-- Controllers: NGINX Ingress Controller, MetalLB, Tekton
+- Controllers: Gateway API Controller, MetalLB, Tekton
 - Data services: PostgreSQL, MongoDB, RabbitMQ
 - 01Cloud services: UI, Admin, API, Core, Notifications, Payments, Support, Monitoring, Backup, Helm CD, Terminal
+- Authentication: Auth0 + KrakenD API Gateway for JWT validation
 - Observability hooks: optional logging and monitoring configuration
-- TLS integration and ingress with hostnames like console.staging.01cloud.dev
+- TLS integration and httproute with hostnames like console.staging.01cloud.dev
 
 All services are orchestrated via:
 - Helm chart at charts/
@@ -116,6 +118,9 @@ All services are orchestrated via:
   - Helm 3.x
   - Skaffold 2.x
   - git, curl, jq
+  - Configure Auth0 and KrankenD, see [Authentication Configuration Guide](AUTHENTICATION-CONFIGURATION.md) for detailed steps
+
+
 Install snippets (Linux/Ubuntu):
 
 
@@ -133,6 +138,7 @@ Verify:
 kubectl cluster-info
 kubectl get nodes
 ```
+
 ### 2)Template preparation:
 Fill the values [`Values.yaml`](charts/template/values.yaml)  and [`ConfigMap.yaml`](charts/template/configmap.yaml) inside the charts/template folder. These Template are necessary during provision for one to get features like 0Auth, mail service etc.
 
@@ -154,7 +160,7 @@ chmod +x ./01cloud
 Option B: Step-by-step
 
 ```bash
-# Install MetalLB, Tekton, and NGINX Ingress Controller
+# Install MetalLB, Tekton, and Gateway API Controller
 ./01cloud setup
 
 # Add hostnames (requires sudo)
@@ -175,7 +181,7 @@ Option B: Step-by-step
 
 ```bash
 kubectl get pods -n 01cloud-staging
-kubectl get ing -A
+kubectl get httproutes -A
 ```
 Then open in your browser:
 - https://console.staging.01cloud.dev
@@ -197,7 +203,7 @@ Common commands:
 
 ```bash
 ./01cloud install [env [mode]]   # setup + host + dbrun + run (+ seed in install.sh)
-./01cloud setup [env [mode]]     # install required controllers (Tekton, Ingress, MetalLB)
+./01cloud setup [env [mode]]     # install required controllers (Tekton, Gateway API, MetalLB)
 ./01cloud host [add|remove]      # map local LB IP to staging.* hostnames in /etc/hosts
 ./01cloud dbrun [rwo|rwx]        # install PostgreSQL, MongoDB, RabbitMQ with PVCs
 ./01cloud dbseed                 # seed sample data and defaults
@@ -242,7 +248,7 @@ Tip: Review seeder/seeder.sh to understand exactly what is being created and adj
 # Remove app + DB resources
 ./01cloud dbstop
 
-# Remove all setup (ingress, controllers) and resources
+# Remove all setup (Gateway API, controllers) and resources
 ./01cloud clean
 
 # Optionally delete the Kind cluster when finished
@@ -291,7 +297,7 @@ This project is licensed under the MIT License. See the LICENSE file for details
 ## Credits
 
 - 01Cloud team at [BerryBytes](https://01cloud.io/)
-- Open-source projects that make this possible: Kubernetes, Kind, Helm, Skaffold, Tekton, MetalLB, NGINX Ingress Controller, PostgreSQL, MongoDB, RabbitMQ, Loki, and others.
+- Open-source projects that make this possible: Kubernetes, Kind, Helm, Skaffold, Tekton, MetalLB, Gateway API Controller, PostgreSQL, MongoDB, RabbitMQ, Loki, and others.
 
 If your organization uses this environment or contributes improvements, consider adding yourself to CONTRIBUTORS.md in a future PR.
 
@@ -307,7 +313,7 @@ If your organization uses this environment or contributes improvements, consider
 
 ## Troubleshooting
 
-- No external IP for ingress:
+- No external IP for gatewway:
   - Ensure MetalLB installed and ready: kubectl get pods -n metallb-system
   - Re-run: ./01cloud setup
 - Hostnames not resolving:

alerting/README.md

@@ -1,4 +1,4 @@
-For implementing alert manager in the skaffold environemnt, follow the steps below:
+For implementing alert manager in the skaffold environment, follow the steps below:
 
 ## Step 1:
 Add Prometheus repo in a separate namespace for monitoring

charts/templates/configmap.yaml

@@ -5,8 +5,8 @@ items:
     config.js: |
       window.config = {
           REACT_APP_01CLOUD_DOCS: "https://docs.01cloud.io",
-          REACT_APP_RESTAPI_ENDPOINT: "https://api.staging.01cloud.dev",
-          REACT_APP_SOCKET_IO_ENDPOINT: "wss://api.staging.01cloud.dev/ws",
+          REACT_APP_RESTAPI_ENDPOINT: "https://api-gateway.staging.01cloud.dev",
+          REACT_APP_SOCKET_IO_ENDPOINT: "wss://ws-gateway.staging.01cloud.dev/ws",
           REACT_APP_RECAPTCHA_SITEKEY: "--- YOUR-RECAPTCHA-SITEKEY ---",
           REACT_APP_MESSAGE_ORIGIN_URL: "https://console.staging.01cloud.dev",
           REACT_APP_GITHUB_AUTHORIZE_ENDPOINT: "https://github.com/login/oauth/authorize",
@@ -20,10 +20,10 @@ items:
           REACT_APP_CLUSTER_MANAGER_OAUTH: " ",
           REACT_APP_CLUSTER_OAUTH_REDIRECT_URL: "https://console.staging.01cloud.dev/loginsso/clustermanager",
           REACT_APP_01CLOUD_APPID: "01cloud",
-          REACT_APP_AUTH0_MODE: "legacy",
-          REACT_APP_AUTH0_DOMAIN: "--- YOUR-AUTH0-DOMAIN ---",
-          REACT_APP_AUTH0_CLIENT_ID: "--- YOUR-AUTH0-CLIENT-ID ---",
-          REACT_APP_AUTH0_AUDIENCE: "--- YOUR-AUTH0-AUDIENCE ---"
+          REACT_APP_AUTH0_MODE: "",
+          REACT_APP_AUTH0_DOMAIN: "dev-xxxxx.us.auth0.com",
+          REACT_APP_AUTH0_CLIENT_ID: "xxxxxxx",
+          REACT_APP_AUTH0_AUDIENCE:  "https://dev-xxxxx.us.auth0.com/api/v2/",
       }
   kind: ConfigMap
   metadata:
@@ -32,8 +32,13 @@ items:
   data:
     config.js: |
       window.config = {
-          REACT_APP_RESTAPI_ENDPOINT: "https://api.staging.01cloud.dev",
-          REACT_APP_SOCKET_IO_ENDPOINT: "wss://api.staging.01cloud.dev/ws"
+          REACT_APP_RESTAPI_ENDPOINT: "https://api-gateway.staging.01cloud.dev",
+          REACT_APP_SOCKET_IO_ENDPOINT: "wss://ws-gateway.staging.01cloud.dev/ws",
+          REACT_APP_01CLOUD_CONSOLE_URL: "https://console.staging.01cloud.dev",
+          REACT_APP_AUTH0_MODE: "",
+          REACT_APP_AUTH0_DOMAIN: "dev-xxxxx.us.auth0.com",
+          REACT_APP_AUTH0_CLIENT_ID: "xxxxxxx",
+          REACT_APP_AUTH0_AUDIENCE:  "https://dev-xxxxx.us.auth0.com/api/v2/",
       }
   kind: ConfigMap
   metadata:

charts/templates/deployment_backup.yaml

@@ -86,8 +86,6 @@ spec:
         - mountPath: /data
           name: 01cloud-data
       dnsPolicy: ClusterFirst
-      imagePullSecrets:
-      - name: ovh-registry
       restartPolicy: Always
       schedulerName: default-scheduler
       volumes: