Update OneUptime app deployment and add isolated-vm upstream in Nginx configuration

HelmChart/Public/oneuptime/templates/isolated-vm.yaml

@@ -1,7 +1,52 @@
-# OneUptime isolatedVM Deployment
-{{- $isolatedVMEnv := dict "OPENTELEMETRY_EXPORTER_OTLP_HEADERS" $.Values.openTelemetryExporter.headers.isolatedVM "PORT" $.Values.port.isolatedVM -}}
-{{- $isolatedVMDeploymentArgs :=dict "ServiceName" "isolated-vm" "Port" $.Values.port.isolatedVM "Release" $.Release "Values" $.Values "Env" $isolatedVMEnv -}}
-{{- include "oneuptime.deployment" $isolatedVMDeploymentArgs }}
+
+# OneUptime app Deployment
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ printf "%s-%s" $.Release.Name "isolated-vm"  }}
+  namespace: {{ $.Release.Namespace }}
+  labels:
+    app: {{ printf "%s-%s" $.Release.Name "isolated-vm"  }}
+    app.kubernetes.io/part-of: oneuptime
+    app.kubernetes.io/managed-by: Helm
+    appname: oneuptime
+    date: "{{ now | unixEpoch }}"
+spec:
+  selector:
+    matchLabels:
+      app: {{ printf "%s-%s" $.Release.Name "isolated-vm"  }}
+  replicas: {{ $.Values.deployment.replicaCount }}
+  template:
+    metadata:
+      labels:
+        app: {{ printf "%s-%s" $.Release.Name "isolated-vm"  }}
+        date: "{{ now | unixEpoch }}"
+        appname: oneuptime
+    spec:
+      {{- if $.Values.podSecurityContext }}
+      securityContext: {{- $.Values.podSecurityContext | toYaml | nindent 8 }}
+      {{- end }}
+      containers:
+        - image: {{ printf "%s/%s/%s:%s" $.Values.image.registry $.Values.image.repository "isolated-vm" $.Values.image.tag }}
+          name: {{ printf "%s-%s" $.Release.Name "isolated-vm"  }}
+          {{- if $.Values.containerSecurityContext }}
+          securityContext: {{- $.Values.containerSecurityContext | toYaml | nindent 12 }}
+          {{- end }}
+          imagePullPolicy: {{ $.Values.image.pullPolicy }}
+          env:
+            {{- include "oneuptime.env.common" . | nindent 12 }}
+            {{- include "oneuptime.env.oneuptimeSecret" . | nindent 12 }}
+            - name: OPENTELEMETRY_EXPORTER_OTLP_HEADERS
+              value: {{ $.Values.openTelemetryExporter.headers.isolatedVM }}
+            - name: PORT
+              value: {{ $.Values.port.isolatedVM | quote }} 
+        
+          ports:
+            - containerPort: {{ $.Values.port.isolatedVM }}
+              protocol: TCP
+              name: http
+      restartPolicy: {{ $.Values.image.restartPolicy }}
+
 ---
 
 # OneUptime isolatedVM autoscaler

IsolatedVM/Utils/VM.ts

@@ -2,29 +2,32 @@ import { JSONObject, JSONValue } from "Common/Types/JSON";
 import http from "http";
 import https from "https";
 import axios from "axios";
-import vm from "node:vm";
+import vm, { Context } from "node:vm";
 
 export default class VMUtil {
     public static async runCodeInSandbox(
         code: string,
         options: {
             timeout?: number;
-            allowAsync?: boolean;
-            includeHttpPackage: boolean;
-            consoleLog?: (logValue: JSONValue) => void | undefined;
             args?: JSONObject | undefined;
         }
-    ): Promise<any> {
-        let sandbox: any = {};
+    ): Promise<{
+        returnValue: any;
+        logMessages: string[];
+    }> {
 
-        if (options.includeHttpPackage) {
-            sandbox = {
-                ...sandbox,
-                http: http,
-                https: https,
-                axios: axios,
-            };
-        }
+        let logMessages: string[] = [];
+
+        let sandbox: Context = {
+            console: {
+                log: (...args: JSONValue[]) => {
+                    logMessages.push(args.join(' '));
+                },
+            },
+            http: http,
+            https: https,
+            axios: axios,
+        };
 
         if (options.args) {
             sandbox = {
@@ -33,21 +36,17 @@ export default class VMUtil {
             };
         }
 
-        if (options.consoleLog) {
-            sandbox = {
-                ...sandbox,
-                console: {
-                    log: options.consoleLog,
-                },
-            };
-        }
-
         vm.createContext(sandbox); // Contextify the object.
 
         const script: string = `module.exports = async function(args) { ${(code as string) || ''} }`;
 
-        const returnVal: any = vm.runInContext(script, sandbox); // run the script 
+        const returnVal: any = vm.runInContext(script, sandbox, {
+            timeout: options.timeout || 5000,
+        }); // run the script 
 
-        return returnVal;
+        return {
+            returnValue: returnVal,
+            logMessages,
+        };
     }
 }

Nginx/default.conf.template

@@ -18,6 +18,10 @@ upstream admin-dashboard {
     server ${SERVER_ADMIN_DASHBOARD_HOSTNAME}:${ADMIN_DASHBOARD_PORT} weight=10 max_fails=3 fail_timeout=30s;
 }
 
+upstream isolated-vm {
+    server ${SERVER_ISOLATED_VM_HOSTNAME}:${ADMIN_ISOLATED_VM_PORT} weight=10 max_fails=3 fail_timeout=30s;
+}
+
 upstream status-page {
     server ${SERVER_STATUS_PAGE_HOSTNAME}:${STATUS_PAGE_PORT} weight=10 max_fails=3 fail_timeout=30s;
 }
@@ -520,6 +524,19 @@ server {
         proxy_pass http://admin-dashboard;
     }
 
+    location /isolated-vm {
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme; 
+
+        # enable WebSockets (for ws://sockjs not connected error in the accounts source: https://stackoverflow.com/questions/41381444/websocket-connection-failed-error-during-websocket-handshake-unexpected-respon)
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_pass http://isolated-vm;
+    }
+
     location /status-page {
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;