diff --git a/apps/events/deploy.yaml b/apps/events/deploy.yaml new file mode 100644 index 00000000..4c6a11a8 --- /dev/null +++ b/apps/events/deploy.yaml @@ -0,0 +1,170 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: events + namespace: default + labels: + app: events +spec: + replicas: 1 + selector: + matchLabels: + app: events + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + template: + metadata: + labels: + app: events + spec: + serviceAccountName: events + containers: + - name: events + image: ghcr.io/wisvch/events:20231012-2728d29 # {"$imagepolicy": "flux-system:events"} + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8080 + protocol: TCP + livenessProbe: + httpGet: + path: /events/actuator/health/liveness + port: http + initialDelaySeconds: 15 + periodSeconds: 20 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /events/actuator/health/readiness + port: http + initialDelaySeconds: 15 + periodSeconds: 20 + successThreshold: 1 + timeoutSeconds: 5 + env: + - name: MANAGEMENT_CONTEXT_PATH + value: /management + - name: MANAGEMENT_ENDPOINTS_ENABLED + value: "false" + - name: MANAGEMENT_ENDPOINTS_HEALTH_ENABLED + value: "true" + - name: SERVER_PORT + value: "8080" + - name: SERVER_SERVLET_CONTEXT_PATH + value: /events/ + - name: SERVER_FORWARD_HEADERS_STRATEGY + value: "FRAMEWORK" + - name: SERVER_ADDRESS + value: "0.0.0.0" + - name: SPRING_MAIL_HOST + valueFrom: + secretKeyRef: + name: mail + key: host + - name: SPRING_MAIL_PORT + valueFrom: + secretKeyRef: + name: mail + key: port + - name: SPRING_MAIL_USERNAME + valueFrom: + secretKeyRef: + name: mail + key: username + - name: SPRING_MAIL_PASSWORD + valueFrom: + secretKeyRef: + name: mail + key: password + - name: SPRING_MAIL_PROPERTIES_MAIL_SMTP_AUTH + value: "true" + - name: SPRING_MAIL_PROPERTIES_MAIL_SMTP_STARTTLS_ENABLE + value: "true" + - name: SPRING_PROFILES_ACTIVE + value: production + - name: SPRING_HTTP_MULTIPART_MAX_FILE_SIZE + value: 5mb + - name: JAVA_OPTS + value: -Xms128m -Xmx192m + - name: SPRING_DATASOURCE_USERNAME + valueFrom: + secretKeyRef: + name: postgres + key: username + - name: SPRING_DATASOURCE_PASSWORD + valueFrom: + secretKeyRef: + name: postgres + key: password + - name: SPRING_DATASOURCE_URL + value: jdbc:postgresql://127.0.0.1:5432/events + - name: SPRING_JPA_HIBERNATE_HB2MDDL_AUTO + value: validate + - name: SPRING_JPA_GENERATE_DDL + value: "false" + - name: SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_WISVCHCONNECT_ISSUER_URI + value: https://connect.ch.tudelft.nl + - name: SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_WISVCHCONNECT_CLIENTURI + value: https://ch.tudelft.nl/events + - name: SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_WISVCHCONNECT_CLIENT_ID + value: events-cloud + - name: SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_WISVCHCONNECT_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: events + key: connect-client-secret + - name: SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_WISVCHCONNECT_SCOPE + value: openid, profile, email, auth + - name: SPRING_FLYWAY_ENABLED + value: "true" + - name: SPRING_FLYWAY_SCHEMAS + value: event + - name: SPRING_FLYWAY_TABLE + value: schema_version + - name: TZ + value: Europe/Amsterdam + - name: WISVCH_CONNECT_ADMIN_GROUPS + value: chbeheer,dienst2,epa,vc + - name: WISVCH_CONNECT_BETA_USERS + value: joepj,juliand,danys + - name: WISVCH_CONNECT_CLAIM_NAME + value: google_groups + - name: WISVCH_EVENTS_IMAGE_PATH + value: https://ch.tudelft.nl/events/api/v1/documents/ + - name: MOLLIE_CLIENTURI + value: https://ch.tudelft.nl/events + - name: MOLLIE_APIKEY + valueFrom: + secretKeyRef: + name: events + key: mollie-key + - name: LINKS_GTC + value: "https://ch.tudelft.nl/wp-content/uploads/Deelnemersvoorwaarden_versie_12_06_2023.pdf" + - name: LINKS_PASSES + value: "http://passes.default.svc.cluster.local./passes" + resources: + limits: + memory: 512Mi + requests: + cpu: 50m + memory: 150Mi + - name: cloud-sql-proxy + image: gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.0.0 + args: + - "--structured-logs" + - "--private-ip" + - "--port=5432" + - "-i" # Enables automatic authentication through the serviceaccount + - "wisvch:europe-west4:geurt" + securityContext: + runAsNonRoot: true + resources: + limits: + memory: 200Mi + requests: + cpu: 20m + memory: 100Mi diff --git a/apps/events/httproute.yaml b/apps/events/httproute.yaml new file mode 100644 index 00000000..dac4c01c --- /dev/null +++ b/apps/events/httproute.yaml @@ -0,0 +1,25 @@ +apiVersion: gateway.networking.k8s.io/v1beta1 +kind: HTTPRoute +metadata: + name: events-wisvch-redirect + namespace: default +spec: + parentRefs: + - kind: Gateway + namespace: gateway-infra + name: gateway + hostnames: + - events.wisv.ch + rules: + - matches: + - path: + type: PathPrefix + value: / + - filters: + - type: RequestRedirect + requestRedirect: + hostname: ch.tudelft.nl + path: + type: ReplacePrefixMatch + replacePrefixMatch: /events + statusCode: 302 \ No newline at end of file diff --git a/apps/events/kustomization.yaml b/apps/events/kustomization.yaml index 7d411c74..4fa02cba 100644 --- a/apps/events/kustomization.yaml +++ b/apps/events/kustomization.yaml @@ -2,5 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - image.yaml - - release.yaml + - service.yaml + - deploy.yaml + - httproute.yaml - serviceaccount.yaml diff --git a/apps/events/release.yaml b/apps/events/release.yaml deleted file mode 100644 index e98e9bf4..00000000 --- a/apps/events/release.yaml +++ /dev/null @@ -1,82 +0,0 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: events - namespace: default -spec: - interval: 15m - chart: - spec: - chart: ./events - version: "0.1.x" - interval: 5m - reconcileStrategy: Revision - sourceRef: - kind: GitRepository - name: wisvch - namespace: flux-system - values: - replicaCount: 1 - tlsSecret: wisvch-tls - domains: - - wisv.ch/events - image: - repository: ghcr.io/wisvch/events - tag: 20231012-2728d29 # {"$imagepolicy": "flux-system:events:tag"} - oauth: - issuer: https://connect.ch.tudelft.nl - client: - url: https://events.wisv.ch - scope: openid, profile, email, auth - claimName: google_groups - groups: - admin: beheer, vc, epa, bestuur - beta: joepj, juliand, danys - postgres: - database: events - host: 127.0.0.1 - port: 5432 - cloudSQL: true - hibernate: - generateDdl: true - hb2mddl: - auto: validate - flyway: - enabled: true - valuesFrom: - - kind: Secret - name: postgres - valuesKey: username - targetPath: postgres.username - - kind: Secret - name: postgres - valuesKey: password - targetPath: postgres.password - - kind: Secret - name: events - valuesKey: mollie-key - targetPath: mollie.key - - kind: Secret - name: events - valuesKey: connect-client-secret - targetPath: oauth.client.secret - - kind: Secret - name: events - valuesKey: connect-client-id - targetPath: oauth.client.id - - kind: Secret - name: mail - valuesKey: username - targetPath: mail.username - - kind: Secret - name: mail - valuesKey: password - targetPath: mail.password - - kind: Secret - name: mail - valuesKey: port - targetPath: mail.port - - kind: Secret - name: mail - valuesKey: host - targetPath: mail.host diff --git a/apps/events/service.yaml b/apps/events/service.yaml new file mode 100644 index 00000000..bca32d62 --- /dev/null +++ b/apps/events/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: events + labels: + app: events + namespace: default +spec: + type: ClusterIP + ports: + - name: http + protocol: TCP + port: 80 + targetPort: http + selector: + app: events \ No newline at end of file diff --git a/secrets/events.yaml b/secrets/events.yaml index 56fd57be..2a2097e9 100644 --- a/secrets/events.yaml +++ b/secrets/events.yaml @@ -4,9 +4,9 @@ metadata: name: events namespace: default stringData: - connect-client-secret: ENC[AES256_GCM,data:yqsd/ihj0Usa6CR0DOLBKcMmkcSZzl4wjjnDXtf1trVi5vnqMOyswBXM/td3buB085CExGXt93acWPJBAyzHDzrQ/XT6f+xfj9J+A//02F3HVkh5790=,iv:EfjR1JxIiBuM6iFx8+KeHNkDVO95d7sS30R9WsMMKhg=,tag:7O6hJZdEXYfOCPmoz5HSTA==,type:str] - mollie-key: ENC[AES256_GCM,data:TB7p8T/NONcQVxmEWpA3tWldh7nobrzYgdJI+OWbOLgETSU=,iv:zmE8yFsMkWSvLN9rgHVPxqOCG52C3RUOTK2gu/OZ8pI=,tag:L/qzNyCuly6kksLtNArBDQ==,type:str] - connect-client-id: ENC[AES256_GCM,data:VJgoUOBAhlLd5GvSMg9ekqNvRwgIFPV1QYUbxxaatuGdcGQl,iv:4lZ4YU+Qhe7BmRswiPjppjw21HesWKfPIY6vRv8MYnQ=,tag:kZ1xIVCUGkJD5RDHa6VSXw==,type:str] + mollie-key: ENC[AES256_GCM,data:9Gh8WJDOAnd5snrmy4PWuUvZ0Aj7icDa2imgKOvMeUulRKs=,iv:65nCJjjkqr+ETn6n+PKoAjadDs7xgRfwVmS8b4/GVJs=,tag:PvffCZSguBs9a6ecqZDN2A==,type:str] + connect-client-secret: ENC[AES256_GCM,data:5HZkXke8SrjyshRqUoUOQ79j08q0gCl6ZTowcLtosjuIV7asTTBUblgDDzQZTG0PwohGC1gL+qCAMPxAbyAnU1kyoVCdkfy9TCy52PoHEN8bfWQGvWI=,iv:1/uHslLNEh0Y2i/1y0fgMYpxtN+/70Gsj0FqU4RqyVg=,tag:72X8Tb2pj8NVg9ZkoRq9uA==,type:str] + connect-client-id: ENC[AES256_GCM,data:jdBGd+SgTbVI5AIMZFsbdUZVBjsI5WGgIm4jnAlTekVMrtJG,iv:qpFXNlAe5+MW9DmxGQq2Jj2iY7FR+Jso4jwRgMnO3WM=,tag:vmJFrZfAD45klD6JJXUkyg==,type:str] sops: kms: [] gcp_kms: [] @@ -16,14 +16,14 @@ sops: - recipient: age1ug2fepnvaqsfpn7t5gjjh2l0j8074jwh9h50pnjcjxn08v8pp3xq7ymxn2 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXTUt5OFVhTWppS2R3QmhI - MFQ0aituc1BjVy9ZdUQ2U2JrOWFySURCOFh3CmFjUkRldmc0RkpKbEZiWFVhL1li - YmhsdktmRmphUGU1d1pLVDYzcCtZTDgKLS0tIGg0dnQ0a3p1V0xqdkFEUUxERFFq - bGxlTlFGSWk3V3JwMXVOZmt5V3RES28KJpSI9Fn4pM7rrP/llGoGEFinZTVYeWqP - 6lhZGfRZddJYllB8nI7cDxjxM8Ch3cUrbSpWUdS7zqOVguXx3yw49A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqTHlURFRuTEV1VmNNMEJm + ZHlMSjBFaFVJbUFaS3VBRFlHNnF2bU42c1RNCmxBYVVZVUJLUXEvY0dwZmlTMyt0 + d0VFWGYwSWxCVlFJbHhjUlVkcHFaRTgKLS0tIHc2MTBWQlRQTEhnUmpFRjU2Y0Zv + OVEyS2ZPWnpjbjBZUTVJbXMrRHFBWVEKeYBk6tdzeM1zn59z6weunuYkzQkr4TzO + XWcjQGAL6IXrEjqscSeYe15Zblc1WOYlITFXkbZmSIGQjAxVi3mv1A== -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-12-20T17:05:16Z" - mac: ENC[AES256_GCM,data:EmyRm3b7Bu9IAQ2dPI5mCj7bmBIysupb/xSp8ZInwQSmAo8rElY1RTIWAS84gSKRgYyyFxaQIPB+Ucf9obCyHfFHbyxzpZOGqsYv6RwWpOEGK+XUP2A51kocRGM3Nojx5/grFs42lRX7xHYcLW9tCG5wsikOtwVWVHKjxlaj1nU=,iv:90pCKLvBNW3sqfdnT22kjH1QCMMlQ/8RRMDHY/4iegk=,tag:eh2N/uSSjuaGB1lsP14u2A==,type:str] + lastmodified: "2023-11-02T18:21:12Z" + mac: ENC[AES256_GCM,data:pM5J/HndzEvalSNSujR5PEzCsQ8rxNiT57SO10NT5QP84sVeSaqA6vsLzvwq4mV4vHEwLFPRgomTEYqqZBj2v+v8fueGYOCp0MHUg8CQtA/G4DoOXJSRObcftOWZVAi/4X1++052efuOT4i39edL61t8/gkgkmCG/yRyehQcgHo=,iv:f71qNqN39JK1T9bbZSHmToLZXqI/2X5AAjC5LFauBVQ=,tag:xaG2PbKQIhhUypnYKS871g==,type:str] pgp: [] encrypted_regex: ^(data|stringData)$ version: 3.7.3