From b1f77ae8af9d41370b20263cd364491886267bce Mon Sep 17 00:00:00 2001
From: Nils Ove Tendenes <nils.ove@tendenes.com>
Date: Tue, 11 Jun 2024 14:08:06 +0200
Subject: [PATCH] chore: kustomize deploy

---
 .github/workflows/deploy-prod&demo.yaml       | 23 +++++--
 .github/workflows/deploy-staging.yaml         | 20 +++++-
 deploy/base/deployment-fdk-harvest-admin.yaml | 46 +++++++++++++
 deploy/base/kustomization.yaml                | 10 +++
 deploy/base/service-fdk-harvest-admin.yaml    | 14 ++++
 deploy/demo/env.yaml                          | 69 +++++++++++++++++++
 deploy/demo/ingress.yaml                      | 18 +++++
 deploy/demo/kustomization.yaml                | 10 +++
 deploy/prod/env.yaml                          | 69 +++++++++++++++++++
 deploy/prod/ingress.yaml                      | 18 +++++
 deploy/prod/kustomization.yaml                | 10 +++
 deploy/staging/env.yaml                       | 69 +++++++++++++++++++
 deploy/staging/ingress.yaml                   | 18 +++++
 deploy/staging/kustomization.yaml             | 10 +++
 14 files changed, 396 insertions(+), 8 deletions(-)
 create mode 100644 deploy/base/deployment-fdk-harvest-admin.yaml
 create mode 100644 deploy/base/kustomization.yaml
 create mode 100644 deploy/base/service-fdk-harvest-admin.yaml
 create mode 100644 deploy/demo/env.yaml
 create mode 100644 deploy/demo/ingress.yaml
 create mode 100644 deploy/demo/kustomization.yaml
 create mode 100644 deploy/prod/env.yaml
 create mode 100644 deploy/prod/ingress.yaml
 create mode 100644 deploy/prod/kustomization.yaml
 create mode 100644 deploy/staging/env.yaml
 create mode 100644 deploy/staging/ingress.yaml
 create mode 100644 deploy/staging/kustomization.yaml

diff --git a/.github/workflows/deploy-prod&demo.yaml b/.github/workflows/deploy-prod&demo.yaml
index 1d84d84..27058ab 100644
--- a/.github/workflows/deploy-prod&demo.yaml
+++ b/.github/workflows/deploy-prod&demo.yaml
@@ -18,24 +18,37 @@ jobs:
       GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
 
-  build-and-deploy-production:
+  build-and-push-image:
     needs: run-tests
     name: Deploy to prod on merge to main branch
-    uses: Informasjonsforvaltning/workflows/.github/workflows/build-deploy.yaml@main
+    uses: Informasjonsforvaltning/workflows/.github/workflows/build-push.yaml@main
     with:
       app_name: fdk-harvest-admin
       environment: prod
-      cluster: digdir-fdk-prod
+      build_env: true
+      build_env_name: BINARY
+      build_env_value: fdk-harvest-admin
     secrets:
       GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       GCP_SA_DIGDIR_FDK_GCR_KEY: ${{ secrets.GCP_SA_DIGDIR_FDK_GCR_KEY }}
+
+  deploy-to-prod:
+    needs: build-and-push-image
+    name: Deploy to prod if prod-deploy is successful
+    uses: Informasjonsforvaltning/workflows/.github/workflows/kustomize-deploy.yaml@main
+    with:
+      app_name: fdk-harvest-admin
+      environment: prod
+      cluster: digdir-fdk-prod
+    secrets:
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       DIGDIR_FDK_AUTODEPLOY: ${{ secrets.DIGDIR_FDK_PROD_AUTODEPLOY }}
       SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
 
   deploy-to-demo:
-    needs: build-and-deploy-production
+    needs: deploy-to-prod
     name: Deploy to demo if prod-deploy is successful
-    uses: Informasjonsforvaltning/workflows/.github/workflows/deploy.yaml@main
+    uses: Informasjonsforvaltning/workflows/.github/workflows/kustomize-deploy.yaml@main
     with:
       app_name: fdk-harvest-admin
       environment: demo
diff --git a/.github/workflows/deploy-staging.yaml b/.github/workflows/deploy-staging.yaml
index a3aac28..5fa3bfa 100644
--- a/.github/workflows/deploy-staging.yaml
+++ b/.github/workflows/deploy-staging.yaml
@@ -18,17 +18,31 @@ jobs:
       GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
 
-  build-and-deploy-staging:
+  build-and-push-image:
     needs: run-tests
     name: Call reusable workflow when pull request is created
     if: ${{ github.actor != 'dependabot[bot]' && github.event.pull_request.draft == false }}
-    uses: Informasjonsforvaltning/workflows/.github/workflows/build-deploy.yaml@main
+    uses: Informasjonsforvaltning/workflows/.github/workflows/build-push.yaml@main
     with:
       app_name: fdk-harvest-admin
       environment: staging
-      cluster: digdir-fdk-dev
+      build_env: true
+      build_env_name: BINARY
+      build_env_value: fdk-harvest-admin
     secrets:
       GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       GCP_SA_DIGDIR_FDK_GCR_KEY: ${{ secrets.GCP_SA_DIGDIR_FDK_GCR_KEY }}
+
+  deploy:
+    name: Deploy to staging environment with reusable workflow
+    if: github.event.pull_request.draft == false
+    needs: [ run-tests, build-and-push-image ]
+    uses: Informasjonsforvaltning/workflows/.github/workflows/kustomize-deploy.yaml@main
+    with:
+      app_name: fdk-harvest-admin
+      environment: staging
+      cluster: digdir-fdk-dev
+    secrets:
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       DIGDIR_FDK_AUTODEPLOY: ${{ secrets.DIGDIR_FDK_DEV_AUTODEPLOY }}
       SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
diff --git a/deploy/base/deployment-fdk-harvest-admin.yaml b/deploy/base/deployment-fdk-harvest-admin.yaml
new file mode 100644
index 0000000..759be3d
--- /dev/null
+++ b/deploy/base/deployment-fdk-harvest-admin.yaml
@@ -0,0 +1,46 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: fdk-harvest-admin
+  labels:
+    app: fdk-harvest-admin
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: fdk-harvest-admin
+  strategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app: fdk-harvest-admin
+      annotations:
+        prometheus.io/scrape: "false"
+    spec:
+      containers:
+        - name: fdk-harvest-admin
+          image: fdk-harvest-admin
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 8080
+          livenessProbe:
+            httpGet:
+              path: /ping
+              port: 8080
+            initialDelaySeconds: 20
+            periodSeconds: 30
+            successThreshold: 1
+            failureThreshold: 5
+          readinessProbe:
+            httpGet:
+              path: /ready
+              port: 8080
+            initialDelaySeconds: 20
+            periodSeconds: 30
+            successThreshold: 1
+            failureThreshold: 5
+          volumeMounts:
+            - mountPath: /var/secrets/google
+              name: error-reporting-sa
diff --git a/deploy/base/kustomization.yaml b/deploy/base/kustomization.yaml
new file mode 100644
index 0000000..0079e28
--- /dev/null
+++ b/deploy/base/kustomization.yaml
@@ -0,0 +1,10 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - deployment-fdk-harvest-admin.yaml
+  - service-fdk-harvest-admin.yaml
+images:
+  - name: fdk-harvest-admin
+    newName: eu.gcr.io/digdir-fdk-infra/fdk-harvest-admin
+    newTag: $(GIT_COMMIT_SHA)
diff --git a/deploy/base/service-fdk-harvest-admin.yaml b/deploy/base/service-fdk-harvest-admin.yaml
new file mode 100644
index 0000000..ce10376
--- /dev/null
+++ b/deploy/base/service-fdk-harvest-admin.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: fdk-harvest-admin
+spec:
+  selector:
+    app: fdk-harvest-admin
+  ports:
+    - name: http
+      protocol: TCP
+      port: 8080
+      targetPort: 8080
+  type: NodePort
diff --git a/deploy/demo/env.yaml b/deploy/demo/env.yaml
new file mode 100644
index 0000000..409a44c
--- /dev/null
+++ b/deploy/demo/env.yaml
@@ -0,0 +1,69 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: fdk-harvest-admin
+  labels:
+    app: fdk-harvest-admin
+spec:
+  template:
+    spec:
+      containers:
+        - name: fdk-harvest-admin
+          env:
+            - name: GOOGLE_APPLICATION_CREDENTIALS
+              value: /var/secrets/google/error-reporting-sa-key.json
+            - name: MONGO_HOST
+              valueFrom:
+                secretKeyRef:
+                  name: mongo-demo
+                  key: MONGO_HOST
+            - name: MONGO_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: mongo-demo
+                  key: MONGO_USERNAME
+            - name: MONGO_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: mongo-demo
+                  key: MONGO_PASSWORD
+            - name: RABBIT_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: rabbitmq-demo
+                  key: RABBITMQ_USERNAME
+            - name: RABBIT_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: rabbitmq-demo
+                  key: RABBITMQ_PASSWORD
+            - name: RABBIT_HOST
+              valueFrom:
+                secretKeyRef:
+                  name: rabbitmq-demo
+                  key: RABBITMQ_HOST
+            - name: RABBIT_PORT
+              valueFrom:
+                secretKeyRef:
+                  name: rabbitmq-demo
+                  key: RABBITMQ_PORT
+            - name: SSO_AUTH_URI
+              valueFrom:
+                secretKeyRef:
+                  name: commonurl-demo
+                  key: SSO_AUTH_URI
+            - name: PROJECT_ID_GCP
+              valueFrom:
+                secretKeyRef:
+                  name: common-demo
+                  key: PROJECT_ID
+            - name: API_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: fdk-harvest-admin
+                  key: API_KEY
+      volumes:
+        - name: error-reporting-sa
+          secret:
+            secretName: error-reporting-sa-demo
diff --git a/deploy/demo/ingress.yaml b/deploy/demo/ingress.yaml
new file mode 100644
index 0000000..4b7fff0
--- /dev/null
+++ b/deploy/demo/ingress.yaml
@@ -0,0 +1,18 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: fdk-harvest-admin
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: admin-api.demo.fellesdatakatalog.digdir.no
+      http:
+        paths:
+          - backend:
+              service:
+                name: fdk-harvest-admin
+                port:
+                  number: 8080
+            path: /
+            pathType: Prefix
diff --git a/deploy/demo/kustomization.yaml b/deploy/demo/kustomization.yaml
new file mode 100644
index 0000000..2f54574
--- /dev/null
+++ b/deploy/demo/kustomization.yaml
@@ -0,0 +1,10 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: demo
+resources:
+  - ../base
+  - ingress.yaml
+
+patchesStrategicMerge:
+  - env.yaml
diff --git a/deploy/prod/env.yaml b/deploy/prod/env.yaml
new file mode 100644
index 0000000..f33210d
--- /dev/null
+++ b/deploy/prod/env.yaml
@@ -0,0 +1,69 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: fdk-harvest-admin
+  labels:
+    app: fdk-harvest-admin
+spec:
+  template:
+    spec:
+      containers:
+        - name: fdk-harvest-admin
+          env:
+            - name: GOOGLE_APPLICATION_CREDENTIALS
+              value: /var/secrets/google/error-reporting-sa-key.json
+            - name: MONGO_HOST
+              valueFrom:
+                secretKeyRef:
+                  name: mongo-prod
+                  key: MONGO_HOST
+            - name: MONGO_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: mongo-prod
+                  key: MONGO_USERNAME
+            - name: MONGO_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: mongo-prod
+                  key: MONGO_PASSWORD
+            - name: RABBIT_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: rabbitmq-prod
+                  key: RABBITMQ_USERNAME
+            - name: RABBIT_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: rabbitmq-prod
+                  key: RABBITMQ_PASSWORD
+            - name: RABBIT_HOST
+              valueFrom:
+                secretKeyRef:
+                  name: rabbitmq-prod
+                  key: RABBITMQ_HOST
+            - name: RABBIT_PORT
+              valueFrom:
+                secretKeyRef:
+                  name: rabbitmq-prod
+                  key: RABBITMQ_PORT
+            - name: SSO_AUTH_URI
+              valueFrom:
+                secretKeyRef:
+                  name: commonurl-prod
+                  key: SSO_AUTH_URI
+            - name: PROJECT_ID_GCP
+              valueFrom:
+                secretKeyRef:
+                  name: common-prod
+                  key: PROJECT_ID
+            - name: API_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: fdk-harvest-admin
+                  key: API_KEY
+      volumes:
+        - name: error-reporting-sa
+          secret:
+            secretName: error-reporting-sa-prod
diff --git a/deploy/prod/ingress.yaml b/deploy/prod/ingress.yaml
new file mode 100644
index 0000000..febf4cc
--- /dev/null
+++ b/deploy/prod/ingress.yaml
@@ -0,0 +1,18 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: fdk-harvest-admin
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: admin-api.fellesdatakatalog.digdir.no
+      http:
+        paths:
+          - backend:
+              service:
+                name: fdk-harvest-admin
+                port:
+                  number: 8080
+            path: /
+            pathType: Prefix
diff --git a/deploy/prod/kustomization.yaml b/deploy/prod/kustomization.yaml
new file mode 100644
index 0000000..5babc47
--- /dev/null
+++ b/deploy/prod/kustomization.yaml
@@ -0,0 +1,10 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: prod
+resources:
+  - ../base
+  - ingress.yaml
+
+patchesStrategicMerge:
+  - env.yaml
diff --git a/deploy/staging/env.yaml b/deploy/staging/env.yaml
new file mode 100644
index 0000000..59daf11
--- /dev/null
+++ b/deploy/staging/env.yaml
@@ -0,0 +1,69 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: fdk-harvest-admin
+  labels:
+    app: fdk-harvest-admin
+spec:
+  template:
+    spec:
+      containers:
+        - name: fdk-harvest-admin
+          env:
+            - name: GOOGLE_APPLICATION_CREDENTIALS
+              value: /var/secrets/google/error-reporting-sa-key.json
+            - name: MONGO_HOST
+              valueFrom:
+                secretKeyRef:
+                  name: mongo-staging
+                  key: MONGO_HOST
+            - name: MONGO_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: mongo-staging
+                  key: MONGO_USERNAME
+            - name: MONGO_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: mongo-staging
+                  key: MONGO_PASSWORD
+            - name: RABBIT_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: rabbitmq-staging
+                  key: RABBITMQ_USERNAME
+            - name: RABBIT_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: rabbitmq-staging
+                  key: RABBITMQ_PASSWORD
+            - name: RABBIT_HOST
+              valueFrom:
+                secretKeyRef:
+                  name: rabbitmq-staging
+                  key: RABBITMQ_HOST
+            - name: RABBIT_PORT
+              valueFrom:
+                secretKeyRef:
+                  name: rabbitmq-staging
+                  key: RABBITMQ_PORT
+            - name: SSO_AUTH_URI
+              valueFrom:
+                secretKeyRef:
+                  name: commonurl-staging
+                  key: SSO_AUTH_URI
+            - name: PROJECT_ID_GCP
+              valueFrom:
+                secretKeyRef:
+                  name: common-staging
+                  key: PROJECT_ID
+            - name: API_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: fdk-harvest-admin
+                  key: API_KEY
+      volumes:
+        - name: error-reporting-sa
+          secret:
+            secretName: error-reporting-sa-staging
diff --git a/deploy/staging/ingress.yaml b/deploy/staging/ingress.yaml
new file mode 100644
index 0000000..66a95b2
--- /dev/null
+++ b/deploy/staging/ingress.yaml
@@ -0,0 +1,18 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: fdk-harvest-admin
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: admin-api.staging.fellesdatakatalog.digdir.no
+      http:
+        paths:
+          - backend:
+              service:
+                name: fdk-harvest-admin
+                port:
+                  number: 8080
+            path: /
+            pathType: Prefix
diff --git a/deploy/staging/kustomization.yaml b/deploy/staging/kustomization.yaml
new file mode 100644
index 0000000..c2aea96
--- /dev/null
+++ b/deploy/staging/kustomization.yaml
@@ -0,0 +1,10 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: staging
+resources:
+  - ../base
+  - ingress.yaml
+  
+patchesStrategicMerge:
+  - env.yaml