From 885ad47abeba58c46b04a7a22d6e25f6a94cff03 Mon Sep 17 00:00:00 2001 From: amadzarak Date: Sat, 25 Apr 2026 22:59:50 -0400 Subject: [PATCH] OPC # 0002: Improvements to Client provisioning workflows Co-authored-by: Copilot --- .../Services/ClarityContainerService.cs | 9 ++++----- .../conf.d/fdev-app-clarity-01000000.conf | 19 +++++++++++++++++++ infra/nginx/conf.d/keycloak.clarity.test.conf | 15 +++++++++++++++ 3 files changed, 38 insertions(+), 5 deletions(-) create mode 100644 infra/nginx/conf.d/fdev-app-clarity-01000000.conf create mode 100644 infra/nginx/conf.d/keycloak.clarity.test.conf diff --git a/ControlPlane.Worker/Services/ClarityContainerService.cs b/ControlPlane.Worker/Services/ClarityContainerService.cs index d08cb27..726c714 100644 --- a/ControlPlane.Worker/Services/ClarityContainerService.cs +++ b/ControlPlane.Worker/Services/ClarityContainerService.cs @@ -110,8 +110,8 @@ public class ClarityContainerService( // Ensure Keycloak and Vault are reachable on the managed network via their Docker DNS aliases. // Aspire places them on its own bridge; tenant containers on clarity-net need them aliased here. - await EnsureContainerOnNetworkAsync(docker, "keycloak", Infra.Network, "keycloak", cancellationToken); - await EnsureContainerOnNetworkAsync(docker, "vault", Infra.Network, "vault", cancellationToken); + await EnsureContainerOnNetworkAsync(docker, "clarity-keycloak", Infra.Network, "keycloak", cancellationToken); + await EnsureContainerOnNetworkAsync(docker, "clarity-vault", Infra.Network, "vault", cancellationToken); var started = await docker.Containers.StartContainerAsync(container.ID, null, cancellationToken); if (!started) @@ -244,14 +244,13 @@ public class ClarityContainerService( { using var docker = CreateClient(); - // Find the nginx container by image name — Aspire appends a random suffix to the name - // so we can't rely on the static name "nginx". + // Find the nginx container by name — platform infra always uses "clarity-nginx". var containers = await docker.Containers.ListContainersAsync( new ContainersListParameters { Filters = new Dictionary> { - ["ancestor"] = new Dictionary { ["nginx"] = true } + ["name"] = new Dictionary { ["clarity-nginx"] = true } } }, ct); diff --git a/infra/nginx/conf.d/fdev-app-clarity-01000000.conf b/infra/nginx/conf.d/fdev-app-clarity-01000000.conf new file mode 100644 index 0000000..1988f9f --- /dev/null +++ b/infra/nginx/conf.d/fdev-app-clarity-01000000.conf @@ -0,0 +1,19 @@ +# Auto-generated by ControlPlane.Worker — do not edit manually. +# Tenant: fdev-app-clarity-01000000 +server { + listen 443 ssl; + server_name fdev-app-clarity-01000000.clarity.test; + + ssl_certificate /etc/nginx/certs/clarity.test.crt; + ssl_certificate_key /etc/nginx/certs/clarity.test.key; + + location / { + # Docker DNS resolves the container name on the managed network + set $upstream http://fdev-app-clarity-01000000:8080; + proxy_pass $upstream; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} \ No newline at end of file diff --git a/infra/nginx/conf.d/keycloak.clarity.test.conf b/infra/nginx/conf.d/keycloak.clarity.test.conf new file mode 100644 index 0000000..a0e835c --- /dev/null +++ b/infra/nginx/conf.d/keycloak.clarity.test.conf @@ -0,0 +1,15 @@ +server { + listen 443 ssl; + server_name keycloak.clarity.test; + + ssl_certificate /etc/nginx/certs/clarity.test.crt; + ssl_certificate_key /etc/nginx/certs/clarity.test.key; + + location / { + proxy_pass http://keycloak:8080; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +}