Merge remote-tracking branch 'upstream/development' into development

.env

@@ -1,6 +1,6 @@
 ##################################################
-# 
-# General settings for your component 
+#
+# General settings for your component
 #
 ##################################################
 
@@ -18,16 +18,41 @@ APP_VERSION=V.0.1
 APP_DEBUG=1
 # What is the enviroment type you want to use for local production? (choose between dec,stag,prod, acce or test)
 APP_ENV=dev
-# We use a build to tag images, this is swithced to the version on master and to env on other branches 
+# We use a build to tag images, this is swithced to the version on master and to env on other branches
 APP_BUILD=dev
 # The description for this api
 APP_DESCRIPTION='Naast deze JSON rest API is er ook een [graphql](/graphql) interface beschikbaar.'
 
+# The urls on wich this api is available
+TRUSTED_PROXIES=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
+TRUSTED_HOSTS=^(.+\.)?conduction\.nl$|^(.+\.)?vng\.cloud$|^(.+\.)?huwelijksplanner\.online$|^(.+\.)?larping\.eu$|^(.+\.)?common-ground\.dev$|^(.+\.)?trouwplanner\.online$|^(.+\.)?zaakonline\.nl$|localhost
+
+##################################################
+# Orgization details
+##################################################
+
+# The following details describe your organisations and are used for both certificate creation, nlx (if active) and common-ground.dev
+
+ORGANIZATION_NAME=Conduction
+ORGANIZATION_EMAIL_ADDRESS=[email protected]
+ORGANIZATION_COUNTRY_NAME=Netherlands
+ORGANIZATION_STATE=Noord-Holland
+ORGANIZATION_LOCALITY=Amsterdam
+ORGANIZATION_UNIT_NAME=Common-Ground
+
 ##################################################
 # Documentation settings
 ##################################################
 
+# The primary domain for this API @depracticed
+APP_DOMAIN=conduction.nl
+# he domains on wich you want to provide this component, the first wil be used as primary (or common in cert-manger terms)
+APP_DOMAINS=["conduction.nl","vng.cloud","zaakonline.nl","larping.eu","common-ground.dev","trouwplanner.online","huwelijksplanner.online"]
+# If set to true wil provide the component on an {APP_NAME}.{APP_DOMAIN} basis for production enviroment, and  {APP_NAME}.{APP_ENV}.{APP_DOMAIN} basis for other enviroments. Wil skipp the {APP_NAME}. on both if set to false 
+APP_USE_NAME_AS_SUBDOMAIN=true
+# The demo enviroment for this component @depracticed
 APP_DEMO=pc.zaakonline.nl
+# he Repository for this component
 APP_REPRO=https://github.com/ConductionNL/Proto-component-commonground
 
 ##################################################
@@ -36,14 +61,15 @@ APP_REPRO=https://github.com/ConductionNL/Proto-component-commonground
 
 CONTAINER_REGISTRY_BASE=docker.io/conduction
 CONTAINER_PROJECT_NAME=pc
+# The repository for the primary (php) container of this project
 CONTAINER_REPRO=https://hub.docker.com/repository/docker/conduction/pc-php
 
 ##################################################
 # Notifcation settings
 ##################################################
 
-NOTIFICATION_ENABLED=false
-NOTIFICATION_PROVIDER=sasd
+NOTIFICATION_ENABLED=falsedxfddxf
+NOTIFICATION_PROVIDER=sasdasd
 NOTIFICATION_ENABLED_AUTHORIZATION=sasd
 
 ##################################################
@@ -73,17 +99,17 @@ HEALTH_ENABLED=false
 ARCHIVE_ENABLED=false
 
 ##################################################
-# NLX Setup, read more at https://docs.nlx.io/get-started/# 
+# NLX Setup, read more at https://docs.nlx.io/get-started/#
 ##################################################
 
 # Do you want to provide an nlx outway? (option for your component to reach nlx services)
-NLX_OUTWAY=true 
+NLX_OUTWAY=true
 
 # Do you want to provice an nlx inway (option for nlx services to reach your api)
-NLX_INWAY=false 
+NLX_INWAY=false
 
 # NLX Certification Details
-NLX_COUNTRY_NAME=Netherlands 
+NLX_COUNTRY_NAME=Netherlands
 NLX_STATE=Noord-Holland
 NLX_LOCALITY=Amsterdam
 NLX_ORGANIZATION_NAME=Conduction

.github/deploy.yml

@@ -0,0 +1,4 @@
+# View examples and documentation at https://deliverybot.dev/docs/
+production:
+  environment: production
+  production_environment: true

.github/workflows/dockerimage.yml

@@ -63,6 +63,10 @@ jobs:
         run: docker-compose logs
       - name: Security Checks
         run: docker-compose exec -T php composer req sensiolabs/security-checker
+      - name: Database Update
+        run: docker-compose exec -T php bin/console doctrine:schema:update --force
+      - name: Database Check
+        run: docker-compose exec -T php bin/console doctrine:schema:validate
       - name: Chores
         run: docker-compose down
       - name: Login to DockerHub Registry
@@ -95,22 +99,34 @@ jobs:
         if: (contains( github.ref, 'master' ) || contains( github.ref, 'staging' ) || contains( github.ref, 'development' )) && steps.kubeconfig.outputs.success == 'true'
         run: helm upgrade $APP_NAME-$APP_ENV ./api/helm  --kubeconfig="kubeconfig.yaml" --namespace=$APP_ENV  --set settings.env=$APP_ENV,settings.debug=1
       - name: Install through helm
-        if: failure()
+        if: failure() && (contains( github.ref, 'master' ) || contains( github.ref, 'staging' ) || contains( github.ref, 'development' )) && steps.kubeconfig.outputs.success == 'true'
         run: helm install --name $APP_NAME-$APP_ENV ./api/helm  --kubeconfig="kubeconfig.yaml" --namespace=$APP_ENV  --set settings.env=$APP_ENV,settings.debug=1 
       - name: Rollout new containers
-        if: (contains( github.ref, 'master' ) || contains( github.ref, 'staging' ) || contains( github.ref, 'development' )) && steps.kubeconfig.outputs.success == 'true' && steps.helm-install.success == 'true'
+        if: (contains( github.ref, 'master' ) || contains( github.ref, 'staging' ) || contains( github.ref, 'development' )) && steps.kubeconfig.outputs.success == 'true' && success()
         run: |
             kubectl rollout restart deployment/$APP_NAME-php --kubeconfig="kubeconfig.yaml"  --namespace=$APP_ENV
             kubectl rollout restart deployment/$APP_NAME-nginx --kubeconfig="kubeconfig.yaml"  --namespace=$APP_ENV
             kubectl rollout restart deployment/$APP_NAME-varnish --kubeconfig="kubeconfig.yaml"  --namespace=$APP_ENV
+      - name: Export release code
+        if: (success() || failure())
+        id: releasecode
+        run: |
+            export RELEASE=$APP_BUILD-$(git rev-parse --short $GITHUB_SHA)
+            echo "##[set-output name=releasename]$RELEASE"
+      - name: Print release name
+        if: (success() || failure())
+        run: echo $RELEASENAME
+        env:
+            RELEASENAME: ${{ steps.releasecode.outputs.releasename }}
       - name: Create Release
-        if: contains( github.ref, 'master' )
+        if: contains( github.ref, 'master' ) && steps.kubeconfig.outputs.success == 'true' && ( success() || failure() )
         id: create_release
         uses: actions/create-release@v1
+        continue-on-error: true
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
+            GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
         with:
-          tag_name: $APP_BUILD
-          release_name: $APP_BUILD
-          draft: false
-          prerelease: false
+            tag_name: ${{ steps.releasecode.outputs.releasename }}
+            release_name: ${{ steps.releasecode.outputs.releasename }}
+            draft: false
+            prerelease: false

INSTALLATION.md

@@ -4,6 +4,7 @@ This document dives a little bit deeper into installing your component on a kube
 ## Setting up helm
 
 
+
 ## Setting up tiller
 Create the tiller service account:
 
@@ -18,70 +19,108 @@ $ kubectl create clusterrolebinding tiller --clusterrole cluster-admin --service
 
 Now we can run helm init, which installs Tiller on our cluster, along with some local housekeeping tasks such as downloading the stable repo details:
 ```CLI
-$ helm init --service-account tiller --kubeconfig="api/helm/kubeconfig.yaml"
+$ helm init --service-account tiller --kubeconfig="kubeconfig.yaml"
 ```
 
 To verify that Tiller is running, list the pods in the kube-system namespace:
 ```CLI
-$ kubectl get pods --namespace kube-system --kubeconfig="api/helm/kubeconfig.yaml"
+$ kubectl get pods --namespace kube-system --kubeconfig="kubeconfig.yaml"
 ```
 
 The Tiller pod name begins with the prefix tiller-deploy-.
 
 Now that we've installed both Helm components, we're ready to use helm to install our first application.
 
+
+## Setting up ingress
+We need at least one nginx controller per kubernetes kluster, doh optionally we could set on up on a per namebase basis
+
+```CLI
+$ helm install stable/nginx-ingress --name loadbalancer --kubeconfig="kubeconfig.yaml"
+```
+
+We can check that out with 
+
+```CLI
+$ kubectl describe ingress pc-dev-ingress -n=kube-system --kubeconfig="kubeconfig.yaml"
+```
+
 ## Setting up Kubernetes Dashboard
 After we installed helm and tiller we can easily use both to install kubernetes dashboard
+
 ```CLI
-$ helm install stable/kubernetes-dashboard --name dashboard --kubeconfig="api/helm/kubeconfig.yaml" --namespace="kube-system"
+$ helm install stable/kubernetes-dashboard --name dashboard --kubeconfig="kubeconfig.yaml" --namespace="kube-system"
 ```
 
 But before we can login to tiller we need a token, we can get one of those trough the secrets. Get yourself a secret list by running the following command
 ```CLI
-$ kubectl -n kube-system get secret  --kubeconfig="api/helm/kubeconfig.yaml"
+$ kubectl -n kube-system get secret  --kubeconfig="kubeconfig.yaml"
 ```
 
 Because we just bound tiller to our admin account and use tiller (trough helm) to manage our code deployment it makes sense to use the tiller token, lets look at the tiller secret (it should look something like "tiller-token-XXXXX" and ask for the corresponding token. 
 
 ```CLI
-$ kubectl -n kube-system describe secrets tiller-token-xxxxx  --kubeconfig="api/helm/kubeconfig.yaml"
+$ kubectl -n kube-system describe secrets tiller-token-xxxxx  --kubeconfig="kubeconfig.yaml"
 ```
 
 This should return the token, copy it to somewhere save (just the token not the other returned information) and start up a dashboard connection
 
 ```CLI
-$kubectl proxy --kubeconfig="api/helm/kubeconfig.yaml"
+$ kubectl proxy --kubeconfig="kubeconfig.yaml"
 ```
 
 This should proxy our dashboard to helm making it available trough our favorite browser and a simple link
 ```CLI
 http://localhost:8001/api/v1/namespaces/kube-system/services/https:dashboard-kubernetes-dashboard:https/proxy/#!/login
 ```
 
+
+## Cert Manager
+https://cert-manager.io/docs/installation/kubernetes/
+
+```CLI
+$ kubectl apply --validate=false -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.12/deploy/manifests/00-crds.yaml --kubeconfig="kubeconfig.yaml"
+$ kubectl create namespace cert-manager --kubeconfig="kubeconfig.yaml"
+```
+
+ The we need tp deploy the cert manager to our cluster
+
+```CLI
+$ helm repo add jetstack https://charts.jetstack.io
+$ helm install --name cert-manager --namespace cert-manager --version v0.12.0 \ jetstack/cert-manager --kubeconfig="kubeconfig.yaml"
+```
+
+lets check if everything is working
+
+```CLI
+$ kubectl get pods --namespace cert-manager --kubeconfig="kubeconfig.yaml"
+$ kubectl describe certificate -n dev --kubeconfig="kubeconfig.yaml"
+```
+
 ## Deploying trough helm
 First we always need to update our dependencies
 ```CLI
 $ helm dependency update ./api/helm
 ```
 If you want to create a new instance
 ```CLI
-$ helm install --name pc-dev ./api/helm  --kubeconfig="api/helm/kubeconfig.yaml" --namespace=dev  --set settings.env=dev,settings.debug=1,settings.loadbalancerEnabled=true
-$ helm install --name pc-stag ./api/helm --kubeconfig="api/helm/kubeconfig.yaml" --namespace=stag --set settings.env=stag,settings.debug=0,settings.loadbalancerEnabled=true
-$ helm install --name pc-prod ./api/helm --kubeconfig="api/helm/kubeconfig.yaml" --namespace=prod --set settings.env=prod,settings.debug=0,settings.loadbalancerEnabled=true 
+$ helm install --name pc-dev ./api/helm  --kubeconfig="api/helm/kubeconfig.yaml" --namespace=dev  --set settings.env=dev,settings.debug=1
+$ helm install --name pc-stag ./api/helm --kubeconfig="api/helm/kubeconfig.yaml" --namespace=stag --set settings.env=stag,settings.debug=0
+$ helm install --name pc-prod ./api/helm --kubeconfig="api/helm/kubeconfig.yaml" --namespace=prod --set settings.env=prod,settings.debug=0
 ```
 
 Or update if you want to update an existing one
 ```CLI
-$ helm upgrade pc-dev ./api/helm  --kubeconfig="api/helm/kubeconfig.yaml" --namespace=dev  --set settings.env=dev,settings.debug=1,settings.loadbalancerEnabled=true 
-$ helm upgrade pc-stag ./api/helm --kubeconfig="api/helm/kubeconfig.yaml" --namespace=stag --set settings.env=stag,settings.debug=0,settings.loadbalancerEnabled=true
-$ helm upgrade pc-prod ./api/helm --kubeconfig="api/helm/kubeconfig.yaml" --namespace=prod --set settings.env=prod,settings.debug=0,settings.loadbalancerEnabled=true
+$ helm upgrade pc-dev ./api/helm  --kubeconfig="api/helm/kubeconfig.yaml" --namespace=dev  --set settings.env=dev,settings.debug=1
+$ helm upgrade pc-stag ./api/helm --kubeconfig="api/helm/kubeconfig.yaml" --namespace=stag --set settings.env=stag,settings.debug=0
+$ helm upgrade pc-prod ./api/helm --kubeconfig="api/helm/kubeconfig.yaml" --namespace=prod --set settings.env=prod,settings.debug=0
 ```
 
 Or del if you want to delete an existing  one
 ```CLI
-$ helm del pc-dev  --purge --kubeconfig="api/helm/kubeconfig.yaml --namespace=dev" 
-$ helm del pc-stag --purge --kubeconfig="api/helm/kubeconfig.yaml --namespace=stag" 
-$ helm del pp-prod --purge --kubeconfig="api/helm/kubeconfig.yaml --namespace=prod" 
+$ helm del pc-dev  --purge --kubeconfig="api/helm/kubeconfig.yaml" 
+$ helm del pc-stag --purge --kubeconfig="api/helm/kubeconfig.yaml" 
+$ helm del pc-prod --purge --kubeconfig="api/helm/kubeconfig.yaml" 
 ```
 
 Note that you can replace common ground with the namespace that you want to use (normally the name of your component).