diff --git a/.github/readme.md b/.github/readme.md index 197a9d89..5706efa5 100644 --- a/.github/readme.md +++ b/.github/readme.md @@ -1,20 +1,34 @@ -# TFRS Post Release Work +# ITVR Post Release Work After the release is deployed on Prod * Merge the tracking pull request to master * Create the release from master amd make it as the lasted release * Create the new release branch from master -* Update the following fields in various files +* Update the following fields .github/workflows/build-release.yaml + * name + * branches + * PR_NUMBER + * RELEASE_NAME +* Update .pipeline/lib/config.js + * const version +* Update frontend/package.json + * version * Create the tracking pull request to merge the new release branch to master -## Update .github/workflows/tfrs-release.yaml -* name -* branches -* PR_NUMBER -* RELEASE_NAME +# Pre-required Secrets before running the pipeline +itvr-keycloak +itvr-django-secret +itvr-django-salt +itvr-email-service +itvr-patroni-app +itvr-patroni-admin +itvr-object-storage +itvr-ncda +itvr-db-backup-s3 -## Update .pipeline/lib/config.js -* const version +# Pre-required Image Streams before running the pipeline +itvr-frontend +itvr-backend +itvr-task-queue -## Update frontend/package.json -* version \ No newline at end of file +tbd \ No newline at end of file diff --git a/.github/workflows/build-release.yaml b/.github/workflows/build-release.yaml index db83cd94..d6d0408b 100644 --- a/.github/workflows/build-release.yaml +++ b/.github/workflows/build-release.yaml @@ -1,10 +1,10 @@ ## For each release, the value of workflow name, branches and PR_NUMBER need to be adjusted accordingly -name: ITVR release-1.16.0 +name: ITVR release-1.17.0 (BCDK) on: push: - branches: [ release-1.16.0 ] + branches: [ release-1.17.0 ] paths: - django/** - backend/** @@ -14,8 +14,8 @@ on: env: ## The pull request number of the Tracking pull request to merge the release branch to main ## Also remember to update the version in .pipeline/lib/config.js - PR_NUMBER: 468 - RELEASE_NAME: release-1.16.0 + PR_NUMBER: 494 + RELEASE_NAME: release-1.17.0 jobs: diff --git a/.github/workflows/pr-build-template.yaml b/.github/workflows/pr-build-template.yaml new file mode 100644 index 00000000..b43b23a6 --- /dev/null +++ b/.github/workflows/pr-build-template.yaml @@ -0,0 +1,70 @@ +name: PR Build Template + +on: + workflow_call: + inputs: + pr-number: + required: true + type: string + build-suffix: + required: true + type: string + build-image-tag-name: + required: true + type: string + secrets: + tools-namespace: + required: true + openshift-server: + required: true + openshift-token: + required: true + +env: + GIT_URL: https://github.com/bcgov/itvr.git + +jobs: + + build: + + name: Build itvr on Openshift + runs-on: ubuntu-latest + timeout-minutes: 60 + + steps: + + - name: Check out repository + uses: actions/checkout@v3 + with: + ref: refs/pull/${{ inputs.pr-number }}/head + + - name: Log in to Openshift + uses: redhat-actions/oc-login@v1.2 + with: + openshift_server_url: ${{ secrets.openshift-server }} + openshift_token: ${{ secrets.openshift-token }} + insecure_skip_tls_verify: true + namespace: ${{ secrets.tools-namespace }} + + - name: Build itvr Backend + run: | + cd openshift/templates/backend + oc process -f ./backend-bc.yaml NAME=itvr SUFFIX=${{ inputs.build-suffix }} VERSION=${{ inputs.build-image-tag-name }} GIT_URL=${{ env.GIT_URL }} GIT_REF=refs/pull/${{ inputs.pr-number }}/head | oc apply --wait=true -f - -n ${{ secrets.tools-namespace }} + oc cancel-build bc/itvr-backend${{ inputs.build-suffix }} + oc start-build --wait=true itvr-backend${{ inputs.build-suffix }} + + - name: Build itvr Frontend + run: | + cd openshift/templates/frontend + oc process -f ./frontend-bc-docker.yaml NAME=itvr SUFFIX=${{ inputs.build-suffix }} VERSION=${{ inputs.build-image-tag-name }} GIT_URL=${{ env.GIT_URL }} GIT_REF=refs/pull/${{ inputs.pr-number }}/head | oc apply --wait=true -f - -n ${{ secrets.tools-namespace }} + oc cancel-build bc/itvr-frontend${{ inputs.build-suffix }} + oc start-build --wait=true itvr-frontend${{ inputs.build-suffix }} + + - name: Build itvr task queue + run: | + cd openshift/templates/task-queue + oc process -f ./task-queue-bc.yaml NAME=itvr SUFFIX=${{ inputs.build-suffix }} VERSION=${{ inputs.build-image-tag-name }} GIT_URL=${{ env.GIT_URL }} GIT_REF=refs/pull/${{ inputs.pr-number }}/head | oc apply --wait=true -f - -n ${{ secrets.tools-namespace }} + oc cancel-build bc/itvr-task-queue${{ inputs.build-suffix }} + oc start-build --wait=true itvr-task-queue${{ inputs.build-suffix }} + + \ No newline at end of file diff --git a/.github/workflows/pr-deploy-template.yaml b/.github/workflows/pr-deploy-template.yaml new file mode 100644 index 00000000..b226c1c3 --- /dev/null +++ b/.github/workflows/pr-deploy-template.yaml @@ -0,0 +1,137 @@ +name: PR Deploy Template + +on: + workflow_call: + inputs: + pr-number: + required: true + type: string + # suffix is in format of -dev-487, -dev, -test, -prod + suffix: + required: true + type: string + # build-image-tag-name is in format of build-release-1.17.0-487 + build-image-tag-name: + required: true + type: string + # image-tag-name is in format of dev-release-1.17.0-487, test-release-1.17.0-487, prod-release-1.17.0-487 + image-tag-name: + required: true + type: string + # env-name is in format of dev, test, prod + env-name: + required: true + type: string + # sample host name itvr-dev.apps.silver.devops.gov.bc.ca, itvr-dev-494.apps.silver.devops.gov.bc.ca + frontend-route-host-name: + required: true + type: string + secrets: + tools-namespace: + required: true + namespace: + required: true + openshift-server: + required: true + openshift-token: + required: true + +jobs: + + deploy: + + name: Deploy itvr + runs-on: ubuntu-latest + timeout-minutes: 60 + + steps: + + - name: Check out repository + uses: actions/checkout@v3 + with: + ref: refs/pull/${{ inputs.pr-number }}/head + + - name: Log in to Openshift + uses: redhat-actions/oc-login@v1.2 + with: + openshift_server_url: ${{ secrets.openshift-server }} + openshift_token: ${{ secrets.openshift-token }} + insecure_skip_tls_verify: true + namespace: ${{ secrets.tools-namespace }} + + - name: Tag Images from tools + run: | + oc tag ${{ secrets.tools-namespace }}/itvr-frontend:${{ inputs.build-image-tag-name }} ${{ secrets.namespace }}/itvr-frontend:${{ inputs.image-tag-name }} + oc tag ${{ secrets.tools-namespace }}/itvr-backend:${{ inputs.build-image-tag-name }} ${{ secrets.namespace }}/itvr-backend:${{ inputs.image-tag-name }} + oc tag ${{ secrets.tools-namespace }}/itvr-task-queue:${{ inputs.build-image-tag-name }} ${{ secrets.namespace }}/itvr-task-queue:${{ inputs.image-tag-name }} + + - name: Deploy itvr-frontend + shell: bash {0} + run: | + cd chart/itvr-apps/charts/itvr-frontend + helm status -n ${{ secrets.namespace }} itvr-frontend${{ inputs.suffix }} + if [ $? -eq 0 ]; then + echo "itvr-frontend${{ inputs.suffix }} release exists already" + helm upgrade \ + --set namespace=${{ secrets.namespace }} \ + --set frontendImageTagName=${{ inputs.image-tag-name }} \ + --set suffix=${{ inputs.suffix }} \ + --set envName=${{ inputs.env-name }} \ + --set frontendRouteHostName=${{ inputs.frontend-route-host-name }} \ + -n ${{ secrets.namespace }} -f ./values-${{ inputs.env-name }}.yaml itvr-frontend${{ inputs.suffix }} . + else + echo "itvr-frontend${{ inputs.suffix }} release does not exist" + helm install \ + --set namespace=${{ secrets.namespace }} \ + --set frontendImageTagName=${{ inputs.image-tag-name }} \ + --set suffix=${{ inputs.suffix }} \ + --set envName=${{ inputs.env-name }} \ + --set frontendRouteHostName=${{ inputs.frontend-route-host-name }} \ + -n ${{ secrets.namespace }} -f ./values-${{ inputs.env-name }}.yaml itvr-frontend${{ inputs.suffix }} . + fi + + - name: Deploy itvr-backend + shell: bash {0} + run: | + cd chart/itvr-apps/charts/itvr-backend + helm status -n ${{ secrets.namespace }} itvr-backend${{ inputs.suffix }} + if [ $? -eq 0 ]; then + echo "itvr-backend${{ inputs.suffix }} release exists already" + helm upgrade \ + --set namespace=${{ secrets.namespace }} \ + --set backendImageTagName=${{ inputs.image-tag-name }} \ + --set suffix=${{ inputs.suffix }} \ + --set frontendRouteHostName=${{ inputs.frontend-route-host-name }} \ + -n ${{ secrets.namespace }} -f ./values-${{ inputs.env-name }}.yaml itvr-backend${{ inputs.suffix }} . + else + echo "itvr-backend${{ inputs.suffix }} release does not exist" + helm install \ + --set namespace=${{ secrets.namespace }} \ + --set backendImageTagName=${{ inputs.image-tag-name }} \ + --set suffix=${{ inputs.suffix }} \ + --set frontendRouteHostName=${{ inputs.frontend-route-host-name }} \ + -n ${{ secrets.namespace }} -f ./values-${{ inputs.env-name }}.yaml itvr-backend${{ inputs.suffix }} . + fi + + - name: Deploy itvr-task-queue + shell: bash {0} + run: | + cd chart/itvr-apps/charts/itvr-task-queue + helm status -n ${{ secrets.namespace }} itvr-task-queue${{ inputs.suffix }} + if [ $? -eq 0 ]; then + echo "itvr-task-queue${{ inputs.suffix }} release exists already" + helm upgrade \ + --set namespace=${{ secrets.namespace }} \ + --set taskQueueImageTagName=${{ inputs.image-tag-name }} \ + --set suffix=${{ inputs.suffix }} \ + --set envName=${{ inputs.env-name }} \ + -n ${{ secrets.namespace }} -f ./values-${{ inputs.env-name }}.yaml itvr-task-queue${{ inputs.suffix }} . + else + echo "itvr-task-queue${{ inputs.suffix }} release does not exist" + helm install \ + --set namespace=${{ secrets.namespace }} \ + --set taskQueueImageTagName=${{ inputs.image-tag-name }} \ + --set suffix=${{ inputs.suffix }} \ + --set envName=${{ inputs.env-name }} \ + -n ${{ secrets.namespace }} -f ./values-${{ inputs.env-name }}.yaml itvr-task-queue${{ inputs.suffix }} . + fi diff --git a/.github/workflows/pr-dev-cicd.yaml b/.github/workflows/pr-dev-cicd.yaml new file mode 100644 index 00000000..3baf8c56 --- /dev/null +++ b/.github/workflows/pr-dev-cicd.yaml @@ -0,0 +1,61 @@ +# Please refer to ./readme.md for how to build single pull request + +# Update this workflow name per pull request +name: PR Dev CICD +on: + workflow_dispatch: + pull_request: + types: [opened, edited, reopened] + branches: + - 'release-*' + +jobs: + + # call-unit-test: + # uses: ./.github/workflows/unit-test-template.yaml + # with: + # pr-number: ${{ github.event.pull_request.number }} + + call-pr-build-template: + if: endsWith( github.event.pull_request.title, 'build-on-dev' ) + # needs: call-unit-test + uses: ./.github/workflows/pr-build-template.yaml + with: + pr-number: ${{ github.event.pull_request.number }} + build-suffix: -build-${{ github.event.pull_request.number }} + build-image-tag-name: build-${{ github.event.pull_request.base.ref }}-${{ github.event.pull_request.number }} + secrets: + tools-namespace: ${{ secrets.OPENSHIFT_NAMESPACE_PLATE }}-tools + openshift-server: ${{ secrets.OPENSHIFT_SERVER }} + openshift-token: ${{ secrets.OPENSHIFT_TOKEN }} + + call-pr-dev-database-template: + if: endsWith( github.event.pull_request.title, 'build-on-dev' ) + uses: ./.github/workflows/pr-dev-database-template.yaml + with: + pr-number: ${{ github.event.pull_request.number }} + dev-suffix: -dev-${{ github.event.pull_request.number }} + secrets: + dev-namespace: ${{ secrets.OPENSHIFT_NAMESPACE_PLATE }}-dev + itvr-dev-username: ${{ secrets.ITVR_DEV_USERNAME }} + itvr-dev-password: ${{ secrets.ITVR_DEV_PASSWORD }} + openshift-server: ${{ secrets.OPENSHIFT_SERVER }} + openshift-token: ${{ secrets.OPENSHIFT_TOKEN }} + + call-pr-deploy-template: + if: endsWith( github.event.pull_request.title, 'build-on-dev' ) + needs: [call-pr-build-template, call-pr-dev-database-template] + uses: ./.github/workflows/pr-deploy-template.yaml + with: + pr-number: ${{ github.event.pull_request.number }} + suffix: -dev-${{ github.event.pull_request.number }} + build-image-tag-name: build-${{ github.event.pull_request.base.ref }}-${{ github.event.pull_request.number }} + image-tag-name: dev-${{ github.event.pull_request.base.ref }}-${{ github.event.pull_request.number }} + env-name: dev + frontend-route-host-name: itvr-dev-${{ github.event.pull_request.number }}.apps.silver.devops.gov.bc.ca + secrets: + tools-namespace: ${{ secrets.OPENSHIFT_NAMESPACE_PLATE }}-tools + namespace: ${{ secrets.OPENSHIFT_NAMESPACE_PLATE }}-dev + openshift-server: ${{ secrets.OPENSHIFT_SERVER }} + openshift-token: ${{ secrets.OPENSHIFT_TOKEN }} + \ No newline at end of file diff --git a/.github/workflows/pr-dev-database-template.yaml b/.github/workflows/pr-dev-database-template.yaml new file mode 100644 index 00000000..52f37267 --- /dev/null +++ b/.github/workflows/pr-dev-database-template.yaml @@ -0,0 +1,67 @@ +name: PR Dev Database Template + +on: + workflow_call: + inputs: + pr-number: + required: true + type: string + dev-suffix: + required: true + type: string + secrets: + dev-namespace: + required: true + itvr-dev-username: + required: true + itvr-dev-password: + required: true + openshift-server: + required: true + openshift-token: + required: true + +jobs: + + database: + + name: Start Database + runs-on: ubuntu-latest + timeout-minutes: 60 + + steps: + + - name: Check out repository + uses: actions/checkout@v3 + with: + ref: refs/pull/${{ inputs.pr-number }}/head + + - name: Log in to Openshift + uses: redhat-actions/oc-login@v1.2 + with: + openshift_server_url: ${{ secrets.openshift-server }} + openshift_token: ${{ secrets.openshift-token }} + insecure_skip_tls_verify: true + namespace: ${{ secrets.dev-namespace }} + + - name: Setup Database + shell: bash {0} + run: | + cd chart/itvr-spilo + helm dependency build + helm status -n ${{ secrets.dev-namespace }} itvr-spilo${{ inputs.dev-suffix }} + if [ $? -eq 0 ]; then + echo "itvr-spilo${{ inputs.dev-suffix }} exists already" + else + echo "Installing itvr-spilo${{ inputs.dev-suffix }}" + helm install -n ${{ secrets.dev-namespace }} -f ./values-dev.yaml --wait itvr-spilo${{ inputs.dev-suffix }} . + oc -n ${{ secrets.dev-namespace }} wait --for=condition=Ready pod/itvr-spilo${{ inputs.dev-suffix }}-0 + oc -n ${{ secrets.dev-namespace }} exec itvr-spilo${{ inputs.dev-suffix }}-0 -- psql -c "create user ${{ secrets.itvr-dev-username }} WITH PASSWORD '${{ secrets.itvr-dev-password }}'" || true + oc -n ${{ secrets.dev-namespace }} exec itvr-spilo${{ inputs.dev-suffix }}-0 -- psql -c "create database itvr owner ${{ secrets.itvr-dev-username }} ENCODING 'UTF8' LC_COLLATE = 'en_US.UTF-8' LC_CTYPE = 'en_US.UTF-8'" || true + oc -n ${{ secrets.dev-namespace }} exec itvr-spilo${{ inputs.dev-suffix }}-0 -- psql -c "ALTER SYSTEM SET log_filename='postgresql-%H.log'" || true + oc -n ${{ secrets.dev-namespace }} exec itvr-spilo${{ inputs.dev-suffix }}-0 -- psql -c "ALTER SYSTEM SET log_connections='off'" || true + oc -n ${{ secrets.dev-namespace }} exec itvr-spilo${{ inputs.dev-suffix }}-0 -- psql -c "ALTER SYSTEM SET log_disconnections='off'" || true + oc -n ${{ secrets.dev-namespace }} exec itvr-spilo${{ inputs.dev-suffix }}-0 -- psql -c "ALTER SYSTEM SET log_checkpoints='off'" || true + oc -n ${{ secrets.dev-namespace }} exec itvr-spilo${{ inputs.dev-suffix }}-0 -- psql -c "select pg_reload_conf()" || true + fi + diff --git a/.github/workflows/pr-teardown.yaml b/.github/workflows/pr-teardown.yaml new file mode 100644 index 00000000..38e420cb --- /dev/null +++ b/.github/workflows/pr-teardown.yaml @@ -0,0 +1,37 @@ +name: PR Teardown on Dev + +on: + pull_request: + types: closed + branches: + - 'release-*' + +env: + TOOLS_NAMESPACE: ${{ secrets.OPENSHIFT_NAMESPACE_PLATE }}-tools + DEV_NAMESPACE: ${{ secrets.OPENSHIFT_NAMESPACE_PLATE }}-dev + +jobs: + + teardown-on-dev: + if: endsWith( github.event.pull_request.title, 'build-on-dev' ) + name: Tear ITVR down on Dev + runs-on: ubuntu-latest + timeout-minutes: 20 + + steps: + + - name: Log in to Openshift + uses: redhat-actions/oc-login@v1.2 + with: + openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }} + openshift_token: ${{ secrets.OPENSHIFT_TOKEN }} + insecure_skip_tls_verify: true + namespace: ${{ env.TOOLS_NAMESPACE }} + + - name: Undeploy on Dev + shell: bash {0} + run: | + helm -n ${{ env.DEV_NAMESPACE }} uninstall itvr-backend-dev-${{ github.event.pull_request.number }} || true + helm -n ${{ env.DEV_NAMESPACE }} uninstall itvr-task-queue-dev-${{ github.event.pull_request.number }} || true + helm -n ${{ env.DEV_NAMESPACE }} uninstall itvr-frontend-dev-${{ github.event.pull_request.number }} || true + helm -n ${{ env.DEV_NAMESPACE }} uninstall itvr-spilo-dev-${{ github.event.pull_request.number }} || true diff --git a/.github/workflows/release-cicd.yaml b/.github/workflows/release-cicd.yaml new file mode 100644 index 00000000..15da341a --- /dev/null +++ b/.github/workflows/release-cicd.yaml @@ -0,0 +1,135 @@ +## For each release, the value of workflow name, branches and PR_NUMBER need to be adjusted accordingly + +name: RITVR release-1.17.0 (HELM) + +on: + pull_request: + types: [opened,edited,synchronize] + paths: + - frontend/** + - backend/** + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + + call-pr-dev-database-template: + if: startsWith( github.event.pull_request.title, 'Tracking pull request' ) + uses: ./.github/workflows/pr-dev-database-template.yaml + with: + pr-number: ${{ github.event.pull_request.number }} + dev-suffix: -dev + secrets: + dev-namespace: ${{ secrets.OPENSHIFT_NAMESPACE_PLATE }}-dev + itvr-dev-username: ${{ secrets.ITVR_DEV_USERNAME }} + itvr-dev-password: ${{ secrets.ITVR_DEV_PASSWORD }} + openshift-server: ${{ secrets.OPENSHIFT_SERVER }} + openshift-token: ${{ secrets.OPENSHIFT_TOKEN }} + + build-release: + if: startsWith( github.event.pull_request.title, 'Tracking pull request' ) + name: Build release + uses: ./.github/workflows/pr-build-template.yaml + with: + pr-number: ${{ github.event.pull_request.number }} + build-suffix: -build-${{ github.event.pull_request.number }} + build-image-tag-name: build-${{ github.event.pull_request.head.ref }}-${{ github.event.pull_request.number }} + secrets: + tools-namespace: ${{ secrets.OPENSHIFT_NAMESPACE_PLATE }}-tools + openshift-server: ${{ secrets.OPENSHIFT_SERVER }} + openshift-token: ${{ secrets.OPENSHIFT_TOKEN }} + + # approval-deploy-on-dev: + # name: Approval the deployment on Dev + # needs: [call-pr-dev-database-template,build-release] + # runs-on: ubuntu-latest + # timeout-minutes: 30 + # steps: + # - name: Ask for approval for ITVR Dev deployment + # uses: trstringer/manual-approval@v1.6.0 + # with: + # secret: ${{ github.TOKEN }} + # approvers: AlexZorkin,emi-hi,tim738745,kuanfandevops,jig-patel + # minimum-approvals: 1 + # issue-title: "ITVR ${{ github.event.pull_request.head.ref }} Dev Deployment" + + deploy-on-dev: + name: Deploy on Dev + needs: build-release + uses: ./.github/workflows/pr-deploy-template.yaml + with: + pr-number: ${{ github.event.pull_request.number }} + suffix: -dev + build-image-tag-name: build-${{ github.event.pull_request.head.ref }}-${{ github.event.pull_request.number }} + image-tag-name: dev-${{ github.event.pull_request.head.ref }}-${{ github.event.pull_request.number }} + env-name: dev + frontend-route-host-name: itvr-dev.apps.silver.devops.gov.bc.ca + secrets: + tools-namespace: ${{ secrets.OPENSHIFT_NAMESPACE_PLATE }}-tools + namespace: ${{ secrets.OPENSHIFT_NAMESPACE_PLATE }}-dev + openshift-server: ${{ secrets.OPENSHIFT_SERVER }} + openshift-token: ${{ secrets.OPENSHIFT_TOKEN }} + + approval-deploy-on-test: + name: Approval the deployment on Test + needs: deploy-on-dev + runs-on: ubuntu-latest + timeout-minutes: 20 + steps: + - name: Ask for approval for ITVR Test deployment + uses: trstringer/manual-approval@v1.6.0 + with: + secret: ${{ github.TOKEN }} + approvers: AlexZorkin,emi-hi,tim738745,kuanfandevops,jig-patel + minimum-approvals: 1 + issue-title: "ITVR ${{ github.event.pull_request.head.ref }} Test Deployment" + + deploy-on-test: + name: Deploy on Test + needs: approval-deploy-on-test + uses: ./.github/workflows/pr-deploy-template.yaml + with: + pr-number: ${{ github.event.pull_request.number }} + suffix: -test + build-image-tag-name: build-${{ github.event.pull_request.head.ref }}-${{ github.event.pull_request.number }} + image-tag-name: test-${{ github.event.pull_request.head.ref }}-${{ github.event.pull_request.number }} + env-name: test + frontend-route-host-name: itvr-test.apps.silver.devops.gov.bc.ca + secrets: + tools-namespace: ${{ secrets.OPENSHIFT_NAMESPACE_PLATE }}-tools + namespace: ${{ secrets.OPENSHIFT_NAMESPACE_PLATE }}-test + openshift-server: ${{ secrets.OPENSHIFT_SERVER }} + openshift-token: ${{ secrets.OPENSHIFT_TOKEN }} + + approval-deploy-on-prod: + name: Approval the deployment on Prod + needs: deploy-on-test + runs-on: ubuntu-latest + timeout-minutes: 60 + steps: + - name: Ask for approval for ITVR Prod deployment + uses: trstringer/manual-approval@v1.6.0 + with: + secret: ${{ github.TOKEN }} + approvers: AlexZorkin,emi-hi,tim738745,kuanfandevops,jig-patel + minimum-approvals: 1 + issue-title: "ITVR ${{ github.event.pull_request.head.ref }} Prod Deployment" + + deploy-on-prod: + name: Deploy on Prod + needs: approval-deploy-on-prod + uses: ./.github/workflows/pr-deploy-template.yaml + with: + pr-number: ${{ github.event.pull_request.number }} + suffix: -prod + build-image-tag-name: build-${{ github.event.pull_request.head.ref }}-${{ github.event.pull_request.number }} + image-tag-name: prod-${{ github.event.pull_request.head.ref }}-${{ github.event.pull_request.number }} + env-name: prod + frontend-route-host-name: electric-vehicle-rebates.gov.bc.ca + secrets: + tools-namespace: ${{ secrets.OPENSHIFT_NAMESPACE_PLATE }}-tools + namespace: ${{ secrets.OPENSHIFT_NAMESPACE_PLATE }}-prod + openshift-server: ${{ secrets.OPENSHIFT_SERVER }} + openshift-token: ${{ secrets.OPENSHIFT_TOKEN }} diff --git a/.pipeline/lib/config.js b/.pipeline/lib/config.js index 50db6a8b..5f234d5d 100644 --- a/.pipeline/lib/config.js +++ b/.pipeline/lib/config.js @@ -1,7 +1,7 @@ 'use strict'; const options= require('@bcgov/pipeline-cli').Util.parseArguments() const changeId = options.pr //aka pull-request -const version = '1.16.0' +const version = '1.17.0' const name = 'itvr' const ocpName = 'apps.silver.devops' diff --git a/chart/itvr-apps/charts/itvr-backend/Chart.yaml b/chart/itvr-apps/charts/itvr-backend/Chart.yaml index 02ef8580..f157cf41 100644 --- a/chart/itvr-apps/charts/itvr-backend/Chart.yaml +++ b/chart/itvr-apps/charts/itvr-backend/Chart.yaml @@ -21,4 +21,4 @@ version: 1.0.0 # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "1.6.0" +appVersion: "1.17.0" diff --git a/chart/itvr-apps/charts/itvr-backend/templates/NOTES.txt b/chart/itvr-apps/charts/itvr-backend/templates/NOTES.txt deleted file mode 100644 index d88e21bb..00000000 --- a/chart/itvr-apps/charts/itvr-backend/templates/NOTES.txt +++ /dev/null @@ -1,22 +0,0 @@ -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "itvr-backend.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "itvr-backend.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "itvr-backend.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "itvr-backend.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT -{{- end }} diff --git a/chart/itvr-apps/charts/itvr-backend/templates/_helpers.tpl b/chart/itvr-apps/charts/itvr-backend/templates/_helpers.tpl index 3134ac07..856febaa 100644 --- a/chart/itvr-apps/charts/itvr-backend/templates/_helpers.tpl +++ b/chart/itvr-apps/charts/itvr-backend/templates/_helpers.tpl @@ -1,39 +1,17 @@ {{/* -version: 1.0.0 -appVersion: "1.6.0" -nameOverride: "" -fullnameOverride: "" - -1. deploy PR based -pr225 is the .Release.Name -Set below to to be empty string in values file - nameOverride: "" - fullnameOverride: "" -imageTools value should be the build PR image in tools project -Run the below command -helm template -f ./values-dev.yaml pr225 . - name: pr225-itvr-backend +The labels for all components: labels: helm.sh/chart: itvr-backend-1.0.0 app.kubernetes.io/name: itvr-backend - app.kubernetes.io/instance: pr225 - app.kubernetes.io/version: "1.6.0" + app.kubernetes.io/instance: itvr-backend-dev-1977 + app.kubernetes.io/version: "1.17.0" app.kubernetes.io/managed-by: Helm -2. only build racking PR -helm template -f ./values-dev.yaml itvr-backend . - name: itvr-backend - labels: - helm.sh/chart: itvr-backend-1.0.0 +The selector lables: + selector: app.kubernetes.io/name: itvr-backend - app.kubernetes.io/instance: itvr-backend - app.kubernetes.io/version: "1.6.0" - app.kubernetes.io/managed-by: Helm - -it makes PR based pipeline possible for dev environment - -At this moment, when deploy on Dev, Test and Prod, set the value for nameOverride and fullnameOverride to be itvr-backend + app.kubernetes.io/instance: itvr-backend-dev-1977 */}} @@ -52,16 +30,7 @@ If release name contains chart name it will be used as a full name. The .Release.Name is the first parameter of command helm install itvr-backend */}} {{- define "itvr-backend.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} +{{- .Release.Name }} {{- end }} {{/* @@ -115,12 +84,26 @@ Define the service name {{/* -Define the route name +Define the backend route name */}} {{- define "itvr-backend.routeName" -}} {{- include "itvr-backend.fullname" . }} {{- end }} +{{/* +Define the backend admin route name, used by task queue +*/}} +{{- define "itvr-backend.adminRouteName" -}} +itvr-backend-admin{{ .Values.suffix }} +{{- end }} + +{{/* +Define the backend static route name, used by task queue +*/}} +{{- define "itvr-backend.staticRouteName" -}} +itvr-backend-static{{ .Values.suffix }} +{{- end }} + {{/* Define the djangoSecretKey */}} @@ -139,12 +122,12 @@ Define the djangoSaltKey Define the django-secret name */}} {{- define "itvr-backend.django-secret" -}} -itvr-django-secret-{{ .Values.envName }} +itvr-django-secret {{- end }} {{/* Define the django-salt name */}} {{- define "itvr-backend.django-salt" -}} -itvr-django-salt-{{ .Values.envName }} +itvr-django-salt {{- end }} \ No newline at end of file diff --git a/chart/itvr-apps/charts/itvr-backend/templates/deploymentconfig.yaml b/chart/itvr-apps/charts/itvr-backend/templates/deploymentconfig.yaml index b0065011..3d3a4cd5 100644 --- a/chart/itvr-apps/charts/itvr-backend/templates/deploymentconfig.yaml +++ b/chart/itvr-apps/charts/itvr-backend/templates/deploymentconfig.yaml @@ -31,8 +31,8 @@ spec: - backend from: kind: ImageStreamTag - namespace: {{ .Values.image.namespace }} - name: {{ include "itvr-backend.fullname" . }}:{{ .Values.imageEnv.tag }} + namespace: {{ .Values.namespace }} + name: {{ include "itvr-backend.name" . }}:{{ .Values.backendImageTagName }} - type: ConfigChange replicas: 1 revisionHistoryLimit: 10 @@ -73,17 +73,29 @@ spec: failureThreshold: 20 env: - name: ALLOWED_HOSTS - value: {{ .Values.backend.allowedHost }} + value: {{ include "itvr-backend.fullname" . }}.apps.silver.devops.gov.bc.ca - name: CORS_ORIGIN_WHITELIST - value: {{ .Values.backend.corsOriginWhitlist }} + value: https://{{ .Values.frontendRouteHostName }} - name: BACKEND_ORIGIN - value: {{ .Values.backend.backendOrigin }} + value: https://{{ include "itvr-backend.fullname" . }}.apps.silver.devops.gov.bc.ca - name: DB_ENGINE value: django.db.backends.postgresql - name: DB_HOST + {{ if eq .Values.suffix "-test" }} value: itvr-spilo + {{ else if eq .Values.suffix "-prod" }} + value: itvr-spilo + {{ else }} + value: itvr-spilo{{ .Values.suffix }} + {{ end }} - name: DB_HOST_READONLY + {{ if eq .Values.suffix "-test" }} + value: itvr-spilo-readonly + {{ else if eq .Values.suffix "-prod" }} value: itvr-spilo-readonly + {{ else }} + value: itvr-spilo{{ .Values.suffix }}-readonly + {{ end }} - name: DB_NAME value: itvr - name: DB_PASSWORD diff --git a/chart/itvr-apps/charts/itvr-backend/templates/djangosalt.yaml b/chart/itvr-apps/charts/itvr-backend/templates/djangosalt.yaml deleted file mode 100644 index c2d8e969..00000000 --- a/chart/itvr-apps/charts/itvr-backend/templates/djangosalt.yaml +++ /dev/null @@ -1,9 +0,0 @@ -kind: Secret -apiVersion: v1 -metadata: - name: {{ include "itvr-backend.django-salt" . }} - labels: - {{- include "itvr-backend.labels" . | nindent 4 }} -data: - DJANGO_SALT_KEY: {{ include "itvr-backend.djangoSaltKey" . }} -type: Opaque diff --git a/chart/itvr-apps/charts/itvr-backend/templates/djangosecret.yaml b/chart/itvr-apps/charts/itvr-backend/templates/djangosecret.yaml deleted file mode 100644 index 506d12ff..00000000 --- a/chart/itvr-apps/charts/itvr-backend/templates/djangosecret.yaml +++ /dev/null @@ -1,10 +0,0 @@ -kind: Secret -apiVersion: v1 -metadata: - name: {{ include "itvr-backend.django-secret" . }} - creationTimestamp: null - labels: - {{- include "itvr-backend.labels" . | nindent 4 }} -data: - DJANGO_SECRET_KEY: {{ include "itvr-backend.djangoSecretKey" . }} -type: Opaque diff --git a/chart/itvr-apps/charts/itvr-backend/templates/hpa.yaml b/chart/itvr-apps/charts/itvr-backend/templates/hpa.yaml index ce9fa5f2..2f320c7a 100644 --- a/chart/itvr-apps/charts/itvr-backend/templates/hpa.yaml +++ b/chart/itvr-apps/charts/itvr-backend/templates/hpa.yaml @@ -7,8 +7,8 @@ metadata: {{- include "itvr-backend.labels" . | nindent 4 }} spec: scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment + apiVersion: apps.openshift.io/v1 + kind: DeploymentConfig name: {{ include "itvr-backend.fullname" . }} minReplicas: {{ .Values.autoscaling.minReplicas }} maxReplicas: {{ .Values.autoscaling.maxReplicas }} diff --git a/chart/itvr-apps/charts/itvr-backend/templates/imagestream.yaml b/chart/itvr-apps/charts/itvr-backend/templates/imagestream.yaml deleted file mode 100644 index bcdb84b3..00000000 --- a/chart/itvr-apps/charts/itvr-backend/templates/imagestream.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: image.openshift.io/v1 -kind: ImageStream -metadata: - labels: - {{- include "itvr-backend.labels" . | nindent 4 }} - creationTimestamp: null - name: {{ include "itvr-backend.imagestreamName" . }} -spec: - lookupPolicy: - local: false - tags: - - name: {{ .Values.imageEnv.tag }} - from: - kind: ImageStreamImage - namespace: {{ .Values.toolsNamespace }} - name: {{ .Values.imageTools.tag }} - importPolicy: {} - referencePolicy: - type: Local diff --git a/chart/itvr-apps/charts/itvr-backend/templates/ingress.yaml b/chart/itvr-apps/charts/itvr-backend/templates/ingress.yaml deleted file mode 100644 index facbe97b..00000000 --- a/chart/itvr-apps/charts/itvr-backend/templates/ingress.yaml +++ /dev/null @@ -1,61 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "itvr-backend.fullname" . -}} -{{- $svcPort := .Values.service.port -}} -{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} - {{- end }} -{{- end }} -{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $fullName }} - labels: - {{- include "itvr-backend.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .Values.ingress.className }} - {{- end }} - {{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .pathType }} - {{- end }} - backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - service: - name: {{ $fullName }} - port: - number: {{ $svcPort }} - {{- else }} - serviceName: {{ $fullName }} - servicePort: {{ $svcPort }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} diff --git a/chart/itvr-apps/charts/itvr-backend/templates/route.yaml b/chart/itvr-apps/charts/itvr-backend/templates/route.yaml index 6273ed97..8a939164 100644 --- a/chart/itvr-apps/charts/itvr-backend/templates/route.yaml +++ b/chart/itvr-apps/charts/itvr-backend/templates/route.yaml @@ -1,3 +1,4 @@ +--- apiVersion: route.openshift.io/v1 kind: Route metadata: @@ -7,9 +8,49 @@ metadata: labels: {{- include "itvr-backend.labels" . | nindent 4 }} spec: - host: {{ include "itvr-backend.fullname" . }}-{{ .Values.envName }}.apps.silver.devops.gov.bc.ca + host: {{ include "itvr-backend.fullname" . }}.apps.silver.devops.gov.bc.ca port: - targetPort: http + targetPort: backend + tls: + insecureEdgeTerminationPolicy: Redirect + termination: edge + to: + kind: Service + name: {{ include "itvr-backend.fullname" . }} + weight: 100 + wildcardPolicy: None +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ include "itvr-backend.adminRouteName" . }} + labels: + {{- include "itvr-backend.labels" . | nindent 4 }} +spec: + host: {{ include "itvr-backend.fullname" . }}.apps.silver.devops.gov.bc.ca + path: /admin + port: + targetPort: backend + tls: + insecureEdgeTerminationPolicy: Redirect + termination: edge + to: + kind: Service + name: {{ include "itvr-backend.fullname" . }} + weight: 100 + wildcardPolicy: None +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ include "itvr-backend.staticRouteName" . }} + labels: + {{- include "itvr-backend.labels" . | nindent 4 }} +spec: + host: {{ include "itvr-backend.fullname" . }}.apps.silver.devops.gov.bc.ca + path: /static + port: + targetPort: backend tls: insecureEdgeTerminationPolicy: Redirect termination: edge diff --git a/chart/itvr-apps/charts/itvr-backend/templates/service.yaml b/chart/itvr-apps/charts/itvr-backend/templates/service.yaml index d83596bb..277f7a13 100644 --- a/chart/itvr-apps/charts/itvr-backend/templates/service.yaml +++ b/chart/itvr-apps/charts/itvr-backend/templates/service.yaml @@ -5,12 +5,12 @@ metadata: labels: {{- include "itvr-backend.labels" . | nindent 4 }} spec: - type: {{ .Values.service.type }} + type: ClusterIP ports: - - port: {{ .Values.service.port }} - targetPort: http + - port: 8080 + targetPort: 8080 protocol: TCP - name: http + name: backend selector: {{- include "itvr-backend.selectorLabels" . | nindent 4 }} sessionAffinity: None diff --git a/chart/itvr-apps/charts/itvr-backend/values-dev.yaml b/chart/itvr-apps/charts/itvr-backend/values-dev.yaml index 3a3e32bb..fe8877f2 100644 --- a/chart/itvr-apps/charts/itvr-backend/values-dev.yaml +++ b/chart/itvr-apps/charts/itvr-backend/values-dev.yaml @@ -4,74 +4,6 @@ replicaCount: 1 -toolsNamespace: ac294c-tools -envNamespace: ac294c-dev -envName: dev - -# decide which image in tools project will be used -imageTools: - repository: image-registry.openshift-image-registry.svc:5000 - tag: itvr-backend@sha256:02f9ffc40dc5ed1f17eb364676a9cf4c0ea111c060d0144a9df7d0c5e6211604 - pullPolicy: IfNotPresent - -# decide the imagestream will be created in env projects -# for pr based, coulde user the value fpr 1.0.0- -imageEnv: - tag: 1.0.0 - -imagePullSecrets: [] - -## For ITVR Baclend App, set the following two, will result in -## itvr-backend.fullname and itvr-backend.name are itve-backend -nameOverride: "itvr-backend" -fullnameOverride: "itvr-backend" - -#nameOverride: "" -#fullnameOverride: "" - - -serviceAccount: - # Specifies whether a service account should be created - create: false - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -podAnnotations: {} - -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -service: - type: ClusterIP - port: 8080 - -ingress: - enabled: false - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: - - path: / - pathType: ImplementationSpecific - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - resources: # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little @@ -85,22 +17,13 @@ resources: memory: 30Mi autoscaling: - enabled: true + enabled: false minReplicas: 1 - maxReplicas: 2 - targetCPUUtilizationPercentage: 90 - targetMemoryUtilizationPercentage: 90 - -nodeSelector: {} - -tolerations: [] - -affinity: {} + maxReplicas: 1 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 90 backend: - allowedHost: itvr-backend-test.apps.silver.devops.gov.bc.ca - corsOriginWhitlist: https://itvr-test.apps.silver.devops.gov.bc.ca - backendOrigin: https://itvr-backend-test.apps.silver.devops.gov.bc.ca sendEmail: 'True' minioBucketName: itvrdv craEnvrionment: A diff --git a/chart/itvr-apps/charts/itvr-backend/values-prod.yaml b/chart/itvr-apps/charts/itvr-backend/values-prod.yaml index 5e6a42a3..62f4ece9 100644 --- a/chart/itvr-apps/charts/itvr-backend/values-prod.yaml +++ b/chart/itvr-apps/charts/itvr-backend/values-prod.yaml @@ -2,62 +2,7 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -replicaCount: 1 - -image: - repository: image-registry.openshift-image-registry.svc:5000/ac294c-tools/itvr-backend - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: "build-1.0.0-205" - -imagePullSecrets: [] - -## For ITVR Frontend App, set the following two, will result in -## itvr-backend.fullname and itvr-backend.name are itve-frontend -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - # Specifies whether a service account should be created - create: false - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -podAnnotations: {} - -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -service: - type: ClusterIP - port: 8080 - -ingress: - enabled: false - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: - - path: / - pathType: ImplementationSpecific - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local +replicaCount: 3 resources: # We usually recommend not to specify default resources and to leave this as a conscious @@ -65,21 +10,23 @@ resources: # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: - cpu: 100m - memory: 128Mi + cpu: 120m + memory: 400Mi requests: - cpu: 100m - memory: 128Mi + cpu: 60m + memory: 200Mi autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 + enabled: true + minReplicas: 3 + maxReplicas: 5 targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -nodeSelector: {} + # targetMemoryUtilizationPercentage: 90 -tolerations: [] +backend: + sendEmail: 'True' + minioBucketName: itvrpr + craEnvrionment: A + djangoDebug: 'False' + virusScanEnabled: 'True' -affinity: {} diff --git a/chart/itvr-apps/charts/itvr-backend/values-test.yaml b/chart/itvr-apps/charts/itvr-backend/values-test.yaml index 5e6a42a3..e0af1afb 100644 --- a/chart/itvr-apps/charts/itvr-backend/values-test.yaml +++ b/chart/itvr-apps/charts/itvr-backend/values-test.yaml @@ -2,62 +2,7 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -replicaCount: 1 - -image: - repository: image-registry.openshift-image-registry.svc:5000/ac294c-tools/itvr-backend - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: "build-1.0.0-205" - -imagePullSecrets: [] - -## For ITVR Frontend App, set the following two, will result in -## itvr-backend.fullname and itvr-backend.name are itve-frontend -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - # Specifies whether a service account should be created - create: false - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -podAnnotations: {} - -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -service: - type: ClusterIP - port: 8080 - -ingress: - enabled: false - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: - - path: / - pathType: ImplementationSpecific - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local +replicaCount: 2 resources: # We usually recommend not to specify default resources and to leave this as a conscious @@ -65,21 +10,23 @@ resources: # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: - cpu: 100m - memory: 128Mi + cpu: 60m + memory: 60Mi requests: - cpu: 100m - memory: 128Mi + cpu: 30m + memory: 30Mi autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 + enabled: true + minReplicas: 2 + maxReplicas: 3 targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -nodeSelector: {} + # targetMemoryUtilizationPercentage: 90 -tolerations: [] +backend: + sendEmail: 'True' + minioBucketName: itvrts + craEnvrionment: A + djangoDebug: 'False' + virusScanEnabled: 'True' -affinity: {} diff --git a/chart/itvr-apps/charts/itvr-backend/values.yaml b/chart/itvr-apps/charts/itvr-backend/values.yaml deleted file mode 100644 index 2ef80771..00000000 --- a/chart/itvr-apps/charts/itvr-backend/values.yaml +++ /dev/null @@ -1,82 +0,0 @@ -# Default values for itvr-backend. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -image: - repository: nginx - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: "" - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -podAnnotations: {} - -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -service: - type: ClusterIP - port: 80 - -ingress: - enabled: false - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: - - path: / - pathType: ImplementationSpecific - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -nodeSelector: {} - -tolerations: [] - -affinity: {} diff --git a/chart/itvr-apps/charts/itvr-frontend/Chart.yaml b/chart/itvr-apps/charts/itvr-frontend/Chart.yaml index 0bc528ea..8e7b13f8 100644 --- a/chart/itvr-apps/charts/itvr-frontend/Chart.yaml +++ b/chart/itvr-apps/charts/itvr-frontend/Chart.yaml @@ -21,4 +21,4 @@ version: 1.0.0 # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "1.6.0" +appVersion: "1.17.0" diff --git a/chart/itvr-apps/charts/itvr-frontend/templates/NOTES.txt b/chart/itvr-apps/charts/itvr-frontend/templates/NOTES.txt deleted file mode 100644 index 06978c90..00000000 --- a/chart/itvr-apps/charts/itvr-frontend/templates/NOTES.txt +++ /dev/null @@ -1,22 +0,0 @@ -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "itvr-frontend.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "itvr-frontend.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "itvr-frontend.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "itvr-frontend.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT -{{- end }} diff --git a/chart/itvr-apps/charts/itvr-frontend/templates/_helpers.tpl b/chart/itvr-apps/charts/itvr-frontend/templates/_helpers.tpl index c41352d0..0cc2deca 100644 --- a/chart/itvr-apps/charts/itvr-frontend/templates/_helpers.tpl +++ b/chart/itvr-apps/charts/itvr-frontend/templates/_helpers.tpl @@ -1,67 +1,38 @@ {{/* - -version: 1.0.0 -appVersion: "1.6.0" -nameOverride: "" -fullnameOverride: "" - -1. deploy PR based -pr225 is the .Release.Name -Set below to to be empty string in values file - nameOverride: "" - fullnameOverride: "" -imageTools value should be the build PR image in tools project -Run the below command -helm template -f ./values-dev.yaml pr225 . - name: pr225-itvr-frontend +The labels for all components: labels: helm.sh/chart: itvr-frontend-1.0.0 app.kubernetes.io/name: itvr-frontend - app.kubernetes.io/instance: pr225 - app.kubernetes.io/version: "1.6.0" + app.kubernetes.io/instance: itvr-frontend-dev-1977 + app.kubernetes.io/version: "1.17.0" app.kubernetes.io/managed-by: Helm -2. only build racking PR -helm template -f ./values-dev.yaml itvr-frontend . - name: itvr-frontend - labels: - helm.sh/chart: itvr-frontend-1.0.0 +The selector lables: + selector: app.kubernetes.io/name: itvr-frontend - app.kubernetes.io/instance: itvr-frontend - app.kubernetes.io/version: "1.6.0" - app.kubernetes.io/managed-by: Helm - -it makes PR based pipeline possible for dev environment - -At this moment, when deploy on Dev, Test and Prod, set the value for nameOverride and fullnameOverride to be itvr-frontend - + app.kubernetes.io/instance: itvr-frontend-dev-1977 */}} {{/* Expand the name of the chart. +set the value to be .Chart.NAme if Values.nameOverride is not given +In values file, we don't provide nameOverride +So finally: itvr-frontend.name=itve-frontend */}} {{- define "itvr-frontend.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} {{- end }} {{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -The .Release.Name is the first parameter of command helm install itvr-frontend +.Release.Name is the one in the helm install command, it is one of the following: + itvr-frontend-dev + itvr-frontend-dev- + itvr-frontend-test + itvr-frontend-prod */}} {{- define "itvr-frontend.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} +{{- .Release.Name }} {{- end }} {{/* @@ -107,7 +78,7 @@ Create the name of the service account to use Define the configmap name */}} {{- define "itvr-frontend.configmapName" -}} -{{- include "itvr-frontend.fullname" . }}-features +{{- include "itvr-frontend.fullname" . }} {{- end }} {{/* @@ -121,7 +92,7 @@ Define the deploymentconfig name Define the deploymentconfig name */}} {{- define "itvr-frontend.imagestreamName" -}} -{{- include "itvr-frontend.fullname" . }} +{{- include "itvr-frontend.name" . }} {{- end }} {{/* diff --git a/chart/itvr-apps/charts/itvr-frontend/templates/configmap.yaml b/chart/itvr-apps/charts/itvr-frontend/templates/configmap.yaml index c3f79c2d..096995b7 100644 --- a/chart/itvr-apps/charts/itvr-frontend/templates/configmap.yaml +++ b/chart/itvr-apps/charts/itvr-frontend/templates/configmap.yaml @@ -1,12 +1,18 @@ kind: ConfigMap apiVersion: v1 metadata: - name: {{ include "itvr-frontend.configmapName" . }} - creationTimestamp: + name: {{ include "itvr-frontend.configmapName" . }} + labels: + {{- include "itvr-frontend.labels" . | nindent 4 }} data: - features.js: "window.itvr_config = {\n \"REACT_APP_BCSC_KEYCLOAK_CLIENT_ID\": \"{{ .Values.frontend.reactAppBCSCKeycloakClientId }}\",\n - \ \"REACT_APP_BCSC_KEYCLOAK_REALM\": \" {{ .Values.frontend.reactAppBCSCKeycloakRealm }}\",\n \"REACT_APP_BCSC_KEYCLOAK_URL\": - \"{{ .Values.frontend.reactAppBCSCKeycloakUrl }}\", \n \"REACT_APP_BCEID_KEYCLOAK_CLIENT_ID\": - \"{{ .Values.frontend.reactAppBCeIDKeycloakClientId }}\",\n \"REACT_APP_BCEID_KEYCLOAK_REALM\": \"{{ .Values.frontend.reactAppBCeIDKeycloakRealm }}\",\n - \ \"REACT_APP_BCEID_KEYCLOAK_URL\": \"{{ .Values.frontend.reactAppBCeIDKeycloakUrl }}\",\n \"REACT_APP_API_BASE\": - \"{{ .Values.frontend.reactAppApiBase }}\",\n \"REACT_APP_ENV\": \"{{ .Values.envName }}\",\n \"SNOWPLOW_COLLECTOR\": \"{{ .Values.snowplowCollector }}\"\n};\n" + features.js: | + window.itvr_config = { + "REACT_APP_BCSC_KEYCLOAK_CLIENT_ID": "{{ .Values.frontend.reactAppBCSCKeycloakClientId }}", + "REACT_APP_BCSC_KEYCLOAK_REALM": "{{ .Values.frontend.reactAppBCSCKeycloakRealm }}", + "REACT_APP_BCSC_KEYCLOAK_URL": "{{ .Values.frontend.reactAppBCSCKeycloakUrl }}", + "REACT_APP_BCEID_KEYCLOAK_CLIENT_ID": "{{ .Values.frontend.reactAppBCeIDKeycloakClientId }}", + "REACT_APP_BCEID_KEYCLOAK_REALM": "{{ .Values.frontend.reactAppBCeIDKeycloakRealm }}", + "REACT_APP_BCEID_KEYCLOAK_URL": "{{ .Values.frontend.reactAppBCeIDKeycloakUrl }}", + "REACT_APP_API_BASE": "https://itvr-backend{{ .Values.suffix }}.apps.silver.devops.gov.bc.ca", + "REACT_APP_ENV": "{{ .Values.envName }}", + "SNOWPLOW_COLLECTOR": "{{ .Values.frontend.snowplowCollector }}" }; diff --git a/chart/itvr-apps/charts/itvr-frontend/templates/deploymentconfig.yaml b/chart/itvr-apps/charts/itvr-frontend/templates/deploymentconfig.yaml index 42ebddae..6aaa6302 100644 --- a/chart/itvr-apps/charts/itvr-frontend/templates/deploymentconfig.yaml +++ b/chart/itvr-apps/charts/itvr-frontend/templates/deploymentconfig.yaml @@ -7,6 +7,10 @@ metadata: labels: {{- include "itvr-frontend.labels" . | nindent 4 }} spec: + replicas: {{ .Values.replicaCount }} + revisionHistoryLimit: 10 + selector: + {{- include "itvr-frontend.selectorLabels" . | nindent 4 }} strategy: type: Recreate recreateParams: @@ -21,14 +25,9 @@ spec: - frontend from: kind: ImageStreamTag - namespace: {{ .Values.image.namespace }} - name: {{ include "itvr-frontend.fullname" . }}:{{ .Values.imageEnv.tag }} + namespace: {{ .Values.namespace }} + name: "{{ include "itvr-frontend.name" . }}:{{.Values.frontendImageTagName}}" - type: ConfigChange - replicas: 1 - revisionHistoryLimit: 10 - test: false - selector: - {{- include "itvr-frontend.selectorLabels" . | nindent 4 }} template: metadata: creationTimestamp: null diff --git a/chart/itvr-apps/charts/itvr-frontend/templates/hpa.yaml b/chart/itvr-apps/charts/itvr-frontend/templates/hpa.yaml index a099fea9..cd9f5d67 100644 --- a/chart/itvr-apps/charts/itvr-frontend/templates/hpa.yaml +++ b/chart/itvr-apps/charts/itvr-frontend/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2beta2 kind: HorizontalPodAutoscaler metadata: name: {{ include "itvr-frontend.fullname" . }} @@ -7,8 +7,8 @@ metadata: {{- include "itvr-frontend.labels" . | nindent 4 }} spec: scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment + apiVersion: apps.openshift.io/v1 + kind: DeploymentConfig name: {{ include "itvr-frontend.fullname" . }} minReplicas: {{ .Values.autoscaling.minReplicas }} maxReplicas: {{ .Values.autoscaling.maxReplicas }} @@ -17,12 +17,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} {{- end }} diff --git a/chart/itvr-apps/charts/itvr-frontend/templates/imagestream.yaml b/chart/itvr-apps/charts/itvr-frontend/templates/imagestream.yaml deleted file mode 100644 index f6bbb593..00000000 --- a/chart/itvr-apps/charts/itvr-frontend/templates/imagestream.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: image.openshift.io/v1 -kind: ImageStream -metadata: - labels: - {{- include "itvr-frontend.labels" . | nindent 4 }} - creationTimestamp: null - name: {{ include "itvr-frontend.imagestreamName" . }} -spec: - lookupPolicy: - local: false - tags: - - name: {{ .Values.imageEnv.tag }} - from: - kind: ImageStreamImage - namespace: {{ .Values.toolsNamespace }} - name: {{ .Values.imageTools.tag }} - importPolicy: {} - referencePolicy: - type: Local diff --git a/chart/itvr-apps/charts/itvr-frontend/templates/ingress.yaml b/chart/itvr-apps/charts/itvr-frontend/templates/ingress.yaml deleted file mode 100644 index fce7363a..00000000 --- a/chart/itvr-apps/charts/itvr-frontend/templates/ingress.yaml +++ /dev/null @@ -1,61 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "itvr-frontend.fullname" . -}} -{{- $svcPort := .Values.service.port -}} -{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} - {{- end }} -{{- end }} -{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $fullName }} - labels: - {{- include "itvr-frontend.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .Values.ingress.className }} - {{- end }} - {{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .pathType }} - {{- end }} - backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - service: - name: {{ $fullName }} - port: - number: {{ $svcPort }} - {{- else }} - serviceName: {{ $fullName }} - servicePort: {{ $svcPort }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} diff --git a/chart/itvr-apps/charts/itvr-frontend/templates/route.yaml b/chart/itvr-apps/charts/itvr-frontend/templates/route.yaml index a3406237..d8af23e5 100644 --- a/chart/itvr-apps/charts/itvr-frontend/templates/route.yaml +++ b/chart/itvr-apps/charts/itvr-frontend/templates/route.yaml @@ -1,3 +1,4 @@ +{{- if .Values.frontend.createFrontendRoute }} apiVersion: route.openshift.io/v1 kind: Route metadata: @@ -7,9 +8,9 @@ metadata: labels: {{- include "itvr-frontend.labels" . | nindent 4 }} spec: - host: {{ include "itvr-frontend.fullname" . }}-{{ .Values.envName }}.apps.silver.devops.gov.bc.ca + host: {{ .Values.frontendRouteHostName }} port: - targetPort: http + targetPort: web tls: insecureEdgeTerminationPolicy: Redirect termination: edge @@ -17,4 +18,5 @@ spec: kind: Service name: {{ include "itvr-frontend.fullname" . }} weight: 100 - wildcardPolicy: None \ No newline at end of file + wildcardPolicy: None + {{- end }} \ No newline at end of file diff --git a/chart/itvr-apps/charts/itvr-frontend/templates/service.yaml b/chart/itvr-apps/charts/itvr-frontend/templates/service.yaml index 5c5f7fd9..9bf4afae 100644 --- a/chart/itvr-apps/charts/itvr-frontend/templates/service.yaml +++ b/chart/itvr-apps/charts/itvr-frontend/templates/service.yaml @@ -5,12 +5,12 @@ metadata: labels: {{- include "itvr-frontend.labels" . | nindent 4 }} spec: - type: {{ .Values.service.type }} + type: ClusterIP ports: - - port: {{ .Values.service.port }} - targetPort: http + - port: 8080 + targetPort: 8080 protocol: TCP - name: http + name: web selector: {{- include "itvr-frontend.selectorLabels" . | nindent 4 }} sessionAffinity: None diff --git a/chart/itvr-apps/charts/itvr-frontend/templates/serviceaccount.yaml b/chart/itvr-apps/charts/itvr-frontend/templates/serviceaccount.yaml deleted file mode 100644 index bb9f9f1e..00000000 --- a/chart/itvr-apps/charts/itvr-frontend/templates/serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "itvr-frontend.serviceAccountName" . }} - labels: - {{- include "itvr-frontend.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/chart/itvr-apps/charts/itvr-frontend/values-dev.yaml b/chart/itvr-apps/charts/itvr-frontend/values-dev.yaml index a8df6a5b..c1897a50 100644 --- a/chart/itvr-apps/charts/itvr-frontend/values-dev.yaml +++ b/chart/itvr-apps/charts/itvr-frontend/values-dev.yaml @@ -4,74 +4,6 @@ replicaCount: 1 -toolsNamespace: ac294c-tools -envNamespace: ac294c-dev -envName: dev - -# decide which image in tools project will be used -imageTools: - repository: image-registry.openshift-image-registry.svc:5000 - tag: itvr-frontend@sha256:40d75efd2f366efc04d251dbe14bcfcd05a66a93f8419968d72c0596a4965e23 - pullPolicy: IfNotPresent - -# decide the imagestream will be created in env projects -# for pr based, coulde user the value fpr 1.0.0- -imageEnv: - tag: 1.0.0 - -imagePullSecrets: [] - -## For ITVR Frontend App, set the following two, will result in -## itvr-frontend.fullname and itvr-frontend.name are itve-frontend -#nameOverride: "itvr-frontend" -#fullnameOverride: "itvr-frontend" - -nameOverride: "" -fullnameOverride: "" - - -serviceAccount: - # Specifies whether a service account should be created - create: false - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -podAnnotations: {} - -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -service: - type: ClusterIP - port: 8080 - -ingress: - enabled: false - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: - - path: / - pathType: ImplementationSpecific - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - resources: # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little @@ -87,24 +19,19 @@ resources: autoscaling: enabled: false minReplicas: 1 - maxReplicas: 100 + maxReplicas: 1 targetCPUUtilizationPercentage: 80 # targetMemoryUtilizationPercentage: 80 -nodeSelector: {} - -tolerations: [] - -affinity: {} - frontend: reactAppBCSCKeycloakClientId: itvr - reactAppBCSCKeycloakRealm: rzh2zkjq - reactAppBCSCKeycloakUrl: https://dev.oidc.gov.bc.ca/auth/ + reactAppBCSCKeycloakRealm: zelda + reactAppBCSCKeycloakUrl: https://dev.loginproxy.gov.bc.ca/auth/ reactAppApiBase: https://itvr-backend-dev.apps.silver.devops.gov.bc.ca reactAppBCeIDKeycloakClientId: itvr-on-gold-cluster-3972 reactAppBCeIDKeycloakRealm: standard reactAppBCeIDKeycloakUrl: https://dev.loginproxy.gov.bc.ca/auth/ - snowplowCollector: "" + snowplowCollector: spm.apps.gov.bc.ca + createFrontendRoute: true diff --git a/chart/itvr-apps/charts/itvr-frontend/values-prod.yaml b/chart/itvr-apps/charts/itvr-frontend/values-prod.yaml index ff35ce81..67dde1dc 100644 --- a/chart/itvr-apps/charts/itvr-frontend/values-prod.yaml +++ b/chart/itvr-apps/charts/itvr-frontend/values-prod.yaml @@ -2,62 +2,7 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -replicaCount: 1 - -image: - repository: image-registry.openshift-image-registry.svc:5000/ac294c-tools/itvr-frontend - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: "build-1.0.0-205" - -imagePullSecrets: [] - -## For ITVR Frontend App, set the following two, will result in -## itvr-frontend.fullname and itvr-frontend.name are itve-frontend -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - # Specifies whether a service account should be created - create: false - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -podAnnotations: {} - -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -service: - type: ClusterIP - port: 8080 - -ingress: - enabled: false - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: - - path: / - pathType: ImplementationSpecific - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local +replicaCount: 2 resources: # We usually recommend not to specify default resources and to leave this as a conscious @@ -65,21 +10,28 @@ resources: # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: - cpu: 100m - memory: 128Mi + cpu: 60m + memory: 60Mi requests: - cpu: 100m - memory: 128Mi + cpu: 30m + memory: 30Mi autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 + enabled: true + minReplicas: 2 + maxReplicas: 5 targetCPUUtilizationPercentage: 80 # targetMemoryUtilizationPercentage: 80 -nodeSelector: {} +frontend: + reactAppBCSCKeycloakClientId: itvr + reactAppBCSCKeycloakRealm: zelda + reactAppBCSCKeycloakUrl: https://loginproxy.gov.bc.ca/auth/ + reactAppApiBase: https://itvr-backend-prod.apps.silver.devops.gov.bc.ca + reactAppBCeIDKeycloakClientId: itvr-on-gold-cluster-3972 + reactAppBCeIDKeycloakRealm: standard + reactAppBCeIDKeycloakUrl: https://loginproxy.gov.bc.ca/auth/ + snowplowCollector: spt.apps.gov.bc.ca + createFrontendRoute: false -tolerations: [] -affinity: {} diff --git a/chart/itvr-apps/charts/itvr-frontend/values-test.yaml b/chart/itvr-apps/charts/itvr-frontend/values-test.yaml index ff35ce81..b388b226 100644 --- a/chart/itvr-apps/charts/itvr-frontend/values-test.yaml +++ b/chart/itvr-apps/charts/itvr-frontend/values-test.yaml @@ -2,62 +2,7 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -replicaCount: 1 - -image: - repository: image-registry.openshift-image-registry.svc:5000/ac294c-tools/itvr-frontend - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: "build-1.0.0-205" - -imagePullSecrets: [] - -## For ITVR Frontend App, set the following two, will result in -## itvr-frontend.fullname and itvr-frontend.name are itve-frontend -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - # Specifies whether a service account should be created - create: false - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -podAnnotations: {} - -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -service: - type: ClusterIP - port: 8080 - -ingress: - enabled: false - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: - - path: / - pathType: ImplementationSpecific - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local +replicaCount: 2 resources: # We usually recommend not to specify default resources and to leave this as a conscious @@ -65,21 +10,28 @@ resources: # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: - cpu: 100m - memory: 128Mi + cpu: 60m + memory: 60Mi requests: - cpu: 100m - memory: 128Mi + cpu: 30m + memory: 30Mi autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 + enabled: true + minReplicas: 2 + maxReplicas: 3 targetCPUUtilizationPercentage: 80 # targetMemoryUtilizationPercentage: 80 -nodeSelector: {} +frontend: + reactAppBCSCKeycloakClientId: itvr + reactAppBCSCKeycloakRealm: zelda + reactAppBCSCKeycloakUrl: https://test.loginproxy.gov.bc.ca/auth/ + reactAppApiBase: https://itvr-backend-test.apps.silver.devops.gov.bc.ca + reactAppBCeIDKeycloakClientId: itvr-on-gold-cluster-3972 + reactAppBCeIDKeycloakRealm: standard + reactAppBCeIDKeycloakUrl: https://test.loginproxy.gov.bc.ca/auth/ + snowplowCollector: spm.apps.gov.bc.ca + createFrontendRoute: true -tolerations: [] -affinity: {} diff --git a/chart/itvr-apps/charts/itvr-frontend/values.yaml b/chart/itvr-apps/charts/itvr-frontend/values.yaml deleted file mode 100644 index 3d157bd4..00000000 --- a/chart/itvr-apps/charts/itvr-frontend/values.yaml +++ /dev/null @@ -1,82 +0,0 @@ -# Default values for itvr-frontend. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -image: - repository: nginx - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: "" - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -podAnnotations: {} - -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -service: - type: ClusterIP - port: 80 - -ingress: - enabled: false - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: - - path: / - pathType: ImplementationSpecific - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -nodeSelector: {} - -tolerations: [] - -affinity: {} diff --git a/chart/itvr-apps/charts/itvr-taskq/Chart.yaml b/chart/itvr-apps/charts/itvr-task-queue/Chart.yaml similarity index 96% rename from chart/itvr-apps/charts/itvr-taskq/Chart.yaml rename to chart/itvr-apps/charts/itvr-task-queue/Chart.yaml index 47035a91..b590c9a2 100644 --- a/chart/itvr-apps/charts/itvr-taskq/Chart.yaml +++ b/chart/itvr-apps/charts/itvr-task-queue/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -name: itvr-taskq +name: itvr-task-queue description: A Helm chart for Kubernetes # A chart can be either an 'application' or a 'library' chart. @@ -21,4 +21,4 @@ version: 1.0.0 # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "1.6.0" +appVersion: "1.17.0" diff --git a/chart/itvr-apps/charts/itvr-task-queue/templates/_helpers.tpl b/chart/itvr-apps/charts/itvr-task-queue/templates/_helpers.tpl new file mode 100644 index 00000000..2e7a7561 --- /dev/null +++ b/chart/itvr-apps/charts/itvr-task-queue/templates/_helpers.tpl @@ -0,0 +1,70 @@ +{{/* + +The labels for all components: + labels: + helm.sh/chart: itvr-backend-1.0.0 + app.kubernetes.io/name: itvr-backend + app.kubernetes.io/instance: itvr-backend-dev-1977 + app.kubernetes.io/version: "1.17.0" + app.kubernetes.io/managed-by: Helm + +The selector lables: + selector: + app.kubernetes.io/name: itvr-backend + app.kubernetes.io/instance: itvr-backend-dev-1977 + +*/}} + + +{{/* +Expand the name of the chart. +*/}} +{{- define "itvr-task-queue.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +The .Release.Name is the first parameter of command helm install itvr-task-queue +*/}} +{{- define "itvr-task-queue.fullname" -}} +{{- .Release.Name }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "itvr-task-queue.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels: +app.kubernetes.io/managed-by would be Helm +*/}} +{{- define "itvr-task-queue.labels" -}} +helm.sh/chart: {{ include "itvr-task-queue.chart" . }} +{{ include "itvr-task-queue.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "itvr-task-queue.selectorLabels" -}} +app.kubernetes.io/name: {{ include "itvr-task-queue.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Define the deploymentconfig name +*/}} +{{- define "itvr-task-queue.deploymentconfigName" -}} +{{- include "itvr-task-queue.fullname" . }} +{{- end }} + diff --git a/chart/itvr-apps/charts/itvr-taskq/templates/deploymentconfig.yaml b/chart/itvr-apps/charts/itvr-task-queue/templates/deploymentconfig.yaml similarity index 73% rename from chart/itvr-apps/charts/itvr-taskq/templates/deploymentconfig.yaml rename to chart/itvr-apps/charts/itvr-task-queue/templates/deploymentconfig.yaml index 240d8a06..d6cbafb3 100644 --- a/chart/itvr-apps/charts/itvr-taskq/templates/deploymentconfig.yaml +++ b/chart/itvr-apps/charts/itvr-task-queue/templates/deploymentconfig.yaml @@ -4,14 +4,14 @@ metadata: annotations: description: Defines how to deploy the application server creationTimestamp: null - name: {{ include "itvr-taskq.deploymentconfigName" . }} + name: {{ include "itvr-task-queue.fullname" . }} labels: - {{- include "itvr-taskq.labels" . | nindent 4 }} + {{- include "itvr-task-queue.labels" . | nindent 4 }} spec: replicas: 1 revisionHistoryLimit: 10 selector: - {{- include "itvr-taskq.selectorLabels" . | nindent 4 }} + {{- include "itvr-task-queue.selectorLabels" . | nindent 4 }} strategy: activeDeadlineSeconds: 800 recreateParams: @@ -34,7 +34,7 @@ spec: metadata: creationTimestamp: null labels: - {{- include "itvr-taskq.labels" . | nindent 8 }} + {{- include "itvr-task-queue.labels" . | nindent 8 }} spec: containers: - name: task-queue @@ -44,9 +44,21 @@ spec: - name: DB_ENGINE value: django.db.backends.postgresql - name: DB_HOST + {{ if eq .Values.suffix "-test" }} value: itvr-spilo + {{ else if eq .Values.suffix "-prod" }} + value: itvr-spilo + {{ else }} + value: itvr-spilo{{ .Values.suffix }} + {{ end }} - name: DB_HOST_READONLY + {{ if eq .Values.suffix "-test" }} + value: itvr-spilo-readonly + {{ else if eq .Values.suffix "-prod" }} value: itvr-spilo-readonly + {{ else }} + value: itvr-spilo{{ .Values.suffix }}-readonly + {{ end }} - name: DB_NAME value: itvr - name: DB_PASSWORD @@ -64,12 +76,12 @@ spec: - name: DJANGO_SECRET_KEY valueFrom: secretKeyRef: - name: {{ include "itvr-taskq.django-secret" . }} + name: itvr-django-secret key: DJANGO_SECRET_KEY - name: DJANGO_SALT_KEY valueFrom: secretKeyRef: - name: {{ include "itvr-taskq.django-salt" . }} + name: itvr-django-salt key: DJANGO_SALT_KEY - name: EMAIL_SERVICE_CLIENT_ID valueFrom: @@ -107,13 +119,13 @@ spec: name: itvr-email-service key: BCC_EMAIL - name: SEND_EMAIL - value: '{{ .Values.taskq.sendEmail }}' + value: '{{ .Values.taskQueue.sendEmail }}' - name: DJANGO_DEBUG - value: '{{ .Values.taskq.djangoDebug }}' + value: '{{ .Values.taskQueue.djangoDebug }}' - name: DJANGO_TASKS value: 'true' - name: CORS_ORIGIN_WHITELIST - value: {{ .Values.taskq.corsOriginWhitlist }} + value: https://itvr-fronend{{ .Values.suffix }}.apps.silver.devops.gov.bc.ca - name: NCDA_CLIENT_ID valueFrom: secretKeyRef: @@ -140,9 +152,26 @@ spec: name: itvr-ncda key: NCDA_SHAREPOINT_URL - name: CRA_ENVIRONMENT - value: {{ .Values.taskq.craEnvrionment }} + value: {{ .Values.taskQueue.craEnvrionment }} - name: RUN_JOBS - value: 'true' + value: 'true' + - name: MINIO_ENDPOINT + valueFrom: + secretKeyRef: + name: itvr-object-storage + key: server-url + - name: MINIO_ROOT_USER + valueFrom: + secretKeyRef: + name: itvr-object-storage + key: root-user + - name: MINIO_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: itvr-object-storage + key: root-password + - name: MINIO_BUCKET_NAME + value: {{ .Values.taskQueue.bucketName }} readinessProbe: exec: command: @@ -176,8 +205,8 @@ spec: - task-queue from: kind: ImageStreamTag - namespace: {{ .Values.image.namespace }} - name: {{ include "itvr-taskq.fullname" . }}:{{ .Values.imageEnv.tag }} + namespace: {{ .Values.namespace }} + name: {{ include "itvr-task-queue.name" . }}:{{ .Values.taskQueueImageTagName }} lastTriggeredImage: null type: ImageChange - type: ConfigChange diff --git a/chart/itvr-apps/charts/itvr-task-queue/values-dev.yaml b/chart/itvr-apps/charts/itvr-task-queue/values-dev.yaml new file mode 100644 index 00000000..77165a9f --- /dev/null +++ b/chart/itvr-apps/charts/itvr-task-queue/values-dev.yaml @@ -0,0 +1,23 @@ +# Default values for itvr-task-queue. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 400m + memory: 120Mi + requests: + cpu: 200m + memory: 60Mi + +taskQueue: + sendEmail: 'True' + craEnvrionment: A + djangoDebug: 'False' + bucketName: itvrdv \ No newline at end of file diff --git a/chart/itvr-apps/charts/itvr-task-queue/values-prod.yaml b/chart/itvr-apps/charts/itvr-task-queue/values-prod.yaml new file mode 100644 index 00000000..92d96875 --- /dev/null +++ b/chart/itvr-apps/charts/itvr-task-queue/values-prod.yaml @@ -0,0 +1,23 @@ +# Default values for itvr-task-queue. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 500m + memory: 120Mi + requests: + cpu: 250m + memory: 60Mi + +taskQueue: + sendEmail: 'True' + craEnvrionment: A + djangoDebug: 'False' + bucketName: itvrpr \ No newline at end of file diff --git a/chart/itvr-apps/charts/itvr-task-queue/values-test.yaml b/chart/itvr-apps/charts/itvr-task-queue/values-test.yaml new file mode 100644 index 00000000..795e6373 --- /dev/null +++ b/chart/itvr-apps/charts/itvr-task-queue/values-test.yaml @@ -0,0 +1,23 @@ +# Default values for itvr-task-queue. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 400m + memory: 120Mi + requests: + cpu: 200m + memory: 60Mi + +taskQueue: + sendEmail: 'True' + craEnvrionment: A + djangoDebug: 'False' + bucketName: itvrts \ No newline at end of file diff --git a/chart/itvr-apps/charts/itvr-taskq/templates/NOTES.txt b/chart/itvr-apps/charts/itvr-taskq/templates/NOTES.txt deleted file mode 100644 index 8954442e..00000000 --- a/chart/itvr-apps/charts/itvr-taskq/templates/NOTES.txt +++ /dev/null @@ -1,22 +0,0 @@ -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "itvr-taskq.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "itvr-taskq.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "itvr-taskq.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "itvr-taskq.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT -{{- end }} diff --git a/chart/itvr-apps/charts/itvr-taskq/templates/_helpers.tpl b/chart/itvr-apps/charts/itvr-taskq/templates/_helpers.tpl deleted file mode 100644 index 25226c36..00000000 --- a/chart/itvr-apps/charts/itvr-taskq/templates/_helpers.tpl +++ /dev/null @@ -1,121 +0,0 @@ -{{/* - -version: 1.0.0 -appVersion: "1.6.0" -nameOverride: "" -fullnameOverride: "" - -1. deploy PR based -pr225 is the .Release.Name -Set below to to be empty string in values file - nameOverride: "" - fullnameOverride: "" -imageTools value should be the build PR image in tools project -Run the below command -helm template -f ./values-dev.yaml pr225 . - name: pr225-itvr-taskq - labels: - helm.sh/chart: itvr-taskq-1.0.0 - app.kubernetes.io/name: itvr-taskq - app.kubernetes.io/instance: pr225 - app.kubernetes.io/version: "1.6.0" - app.kubernetes.io/managed-by: Helm - -2. only build racking PR -helm template -f ./values-dev.yaml itvr-taskq . - name: itvr-taskq - labels: - helm.sh/chart: itvr-taskq-1.0.0 - app.kubernetes.io/name: itvr-taskq - app.kubernetes.io/instance: itvr-taskq - app.kubernetes.io/version: "1.6.0" - app.kubernetes.io/managed-by: Helm - -it makes PR based pipeline possible for dev environment - -At this moment, when deploy on Dev, Test and Prod, set the value for nameOverride and fullnameOverride to be itvr-taskq - -*/}} - - -{{/* -Expand the name of the chart. -*/}} -{{- define "itvr-taskq.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -The .Release.Name is the first parameter of command helm install itvr-taskq -*/}} -{{- define "itvr-taskq.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "itvr-taskq.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels: -app.kubernetes.io/managed-by would be Helm -*/}} -{{- define "itvr-taskq.labels" -}} -helm.sh/chart: {{ include "itvr-taskq.chart" . }} -{{ include "itvr-taskq.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "itvr-taskq.selectorLabels" -}} -app.kubernetes.io/name: {{ include "itvr-taskq.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Define the deploymentconfig name -*/}} -{{- define "itvr-taskq.deploymentconfigName" -}} -{{- include "itvr-taskq.fullname" . }} -{{- end }} - -{{/* -Define the deploymentconfig name -*/}} -{{- define "itvr-taskq.imagestreamName" -}} -{{- include "itvr-taskq.fullname" . }} -{{- end }} - -{{/* -Define the django-secret name -*/}} -{{- define "itvr-taskq.django-secret" -}} -itvr-django-secret-{{ .Values.envName }} -{{- end }} - -{{/* -Define the django-salt name -*/}} -{{- define "itvr-taskq.django-salt" -}} -itvr-django-salt-{{ .Values.envName }} -{{- end }} \ No newline at end of file diff --git a/chart/itvr-apps/charts/itvr-taskq/templates/imagestream.yaml b/chart/itvr-apps/charts/itvr-taskq/templates/imagestream.yaml deleted file mode 100644 index 519e5ba9..00000000 --- a/chart/itvr-apps/charts/itvr-taskq/templates/imagestream.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: image.openshift.io/v1 -kind: ImageStream -metadata: - labels: - {{- include "itvr-taskq.labels" . | nindent 4 }} - creationTimestamp: null - name: {{ include "itvr-taskq.imagestreamName" . }} -spec: - lookupPolicy: - local: false - tags: - - name: {{ .Values.imageEnv.tag }} - from: - kind: ImageStreamImage - namespace: {{ .Values.toolsNamespace }} - name: {{ .Values.imageTools.tag }} - importPolicy: {} - referencePolicy: - type: Local diff --git a/chart/itvr-apps/charts/itvr-taskq/templates/ingress.yaml b/chart/itvr-apps/charts/itvr-taskq/templates/ingress.yaml deleted file mode 100644 index facbe97b..00000000 --- a/chart/itvr-apps/charts/itvr-taskq/templates/ingress.yaml +++ /dev/null @@ -1,61 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "itvr-backend.fullname" . -}} -{{- $svcPort := .Values.service.port -}} -{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} - {{- end }} -{{- end }} -{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $fullName }} - labels: - {{- include "itvr-backend.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .Values.ingress.className }} - {{- end }} - {{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .pathType }} - {{- end }} - backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - service: - name: {{ $fullName }} - port: - number: {{ $svcPort }} - {{- else }} - serviceName: {{ $fullName }} - servicePort: {{ $svcPort }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} diff --git a/chart/itvr-apps/charts/itvr-taskq/values-dev.yaml b/chart/itvr-apps/charts/itvr-taskq/values-dev.yaml deleted file mode 100644 index 1d9136b8..00000000 --- a/chart/itvr-apps/charts/itvr-taskq/values-dev.yaml +++ /dev/null @@ -1,105 +0,0 @@ -# Default values for itvr-taskq. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -toolsNamespace: ac294c-tools -envNamespace: ac294c-dev -envName: dev - -# decide which image in tools project will be used -imageTools: - repository: image-registry.openshift-image-registry.svc:5000 - tag: itvr-task-queue@sha256:d6a7444b87b553663daa9f1a61484d6d3f77875ae3523f3c8964c9d47735360d - pullPolicy: IfNotPresent - -# decide the imagestream will be created in env projects -# for pr based, coulde user the value fpr 1.0.0- -imageEnv: - tag: 1.0.0 - -imagePullSecrets: [] - -## For ITVR Baclend App, set the following two, will result in -## itvr-taskq.fullname and itvr-taskq.name are itvr-taskq -nameOverride: "itvr-taskq" -fullnameOverride: "itvr-taskq" - -#nameOverride: "" -#fullnameOverride: "" - - -serviceAccount: - # Specifies whether a service account should be created - create: false - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -podAnnotations: {} - -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -service: - type: ClusterIP - port: 8080 - -ingress: - enabled: false - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: - - path: / - pathType: ImplementationSpecific - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - limits: - cpu: 60m - memory: 60Mi - requests: - cpu: 30m - memory: 30Mi - -autoscaling: - enabled: true - minReplicas: 1 - maxReplicas: 2 - targetCPUUtilizationPercentage: 90 - targetMemoryUtilizationPercentage: 90 - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -taskq: - corsOriginWhitlist: https://itvr-test.apps.silver.devops.gov.bc.ca - sendEmail: 'True' - craEnvrionment: A - djangoDebug: 'False' - diff --git a/chart/itvr-apps/charts/itvr-taskq/values-prod.yaml b/chart/itvr-apps/charts/itvr-taskq/values-prod.yaml deleted file mode 100644 index 5e6a42a3..00000000 --- a/chart/itvr-apps/charts/itvr-taskq/values-prod.yaml +++ /dev/null @@ -1,85 +0,0 @@ -# Default values for itvr-backend. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -image: - repository: image-registry.openshift-image-registry.svc:5000/ac294c-tools/itvr-backend - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: "build-1.0.0-205" - -imagePullSecrets: [] - -## For ITVR Frontend App, set the following two, will result in -## itvr-backend.fullname and itvr-backend.name are itve-frontend -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - # Specifies whether a service account should be created - create: false - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -podAnnotations: {} - -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -service: - type: ClusterIP - port: 8080 - -ingress: - enabled: false - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: - - path: / - pathType: ImplementationSpecific - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 100m - memory: 128Mi - -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -nodeSelector: {} - -tolerations: [] - -affinity: {} diff --git a/chart/itvr-apps/charts/itvr-taskq/values-test.yaml b/chart/itvr-apps/charts/itvr-taskq/values-test.yaml deleted file mode 100644 index 5e6a42a3..00000000 --- a/chart/itvr-apps/charts/itvr-taskq/values-test.yaml +++ /dev/null @@ -1,85 +0,0 @@ -# Default values for itvr-backend. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -image: - repository: image-registry.openshift-image-registry.svc:5000/ac294c-tools/itvr-backend - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: "build-1.0.0-205" - -imagePullSecrets: [] - -## For ITVR Frontend App, set the following two, will result in -## itvr-backend.fullname and itvr-backend.name are itve-frontend -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - # Specifies whether a service account should be created - create: false - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -podAnnotations: {} - -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -service: - type: ClusterIP - port: 8080 - -ingress: - enabled: false - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: - - path: / - pathType: ImplementationSpecific - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 100m - memory: 128Mi - -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -nodeSelector: {} - -tolerations: [] - -affinity: {} diff --git a/chart/itvr-apps/charts/itvr-taskq/values.yaml b/chart/itvr-apps/charts/itvr-taskq/values.yaml deleted file mode 100644 index 2ef80771..00000000 --- a/chart/itvr-apps/charts/itvr-taskq/values.yaml +++ /dev/null @@ -1,82 +0,0 @@ -# Default values for itvr-backend. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -image: - repository: nginx - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: "" - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -podAnnotations: {} - -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -service: - type: ClusterIP - port: 80 - -ingress: - enabled: false - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: - - path: / - pathType: ImplementationSpecific - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -nodeSelector: {} - -tolerations: [] - -affinity: {} diff --git a/chart/itvr-apps/charts/readme.md b/chart/itvr-apps/charts/readme.md new file mode 100644 index 00000000..274ce3c6 --- /dev/null +++ b/chart/itvr-apps/charts/readme.md @@ -0,0 +1,66 @@ +# Sample pull request build + +## Frontend + +openshift/templates/frontend $ +oc process -f ./frontend-bc-docker.yaml \ +NAME=itvr \ +SUFFIX=-build-497 \ +VERSION=build-release-1.17.0-497 \ +GIT_URL=https://github.com/bcgov/itvr.git \ +GIT_REF=refs/pull/497/head \ +| oc apply --wait=true -f - -n + +## Backend + +oc process -f ./backend-bc.yaml \ +NAME=itvr \ +SUFFIX=-build-497 \ +VERSION=build-release-1.17.0-497 \ +GIT_URL=https://github.com/bcgov/itvr.git \ +GIT_REF=refs/pull/497/head \ +| oc apply --wait=true -f - -n + +## Task Queue + +oc process -f ./task-queue-bc.yaml \ +NAME=itvr \ +SUFFIX=-build-497 \ +VERSION=build-release-1.17.0-497 \ +GIT_URL=https://github.com/bcgov/itvr.git \ +GIT_REF=refs/pull/497/head \ +| oc apply --wait=true -f - -n + +# Deploy + +## Single pull request Deploy on Dev + +helm template -f ./values-dev.yaml \ +--set suffix=-dev-497 \ +--set namespace=ac294c-dev \ +--set frontendImageTagName=dev-release-1.17.0-497 \ +--set envName=dev \ +-n ac294c-dev -f ./values-dev.yaml itvr-frontend-dev-497 . + +## Backend + +helm template -f ./values-dev.yaml \ +--set suffix=-dev-497 \ +--set namespace=ac294c-dev \ +--set backendImageTagName=dev-release-1.17.0-497 \ +--set suffix=-dev-497 \ +--set envName=dev \ +-n ac294c-dev -f ./values-dev.yaml itvr-backend-dev-497 . + +## Task Queue + +helm template -f ./values-dev.yaml \ +--set suffix=-dev-497 \ +--set namespace=ac294c-dev \ +--set taskQueueTagName=dev-release-1.17.0-497 \ +--set suffix=-dev-497 \ +--set envName=dev \ +-n ac294c-dev -f ./values-dev.yaml itvr-task-queue-dev-497 . + +Notes: For tracking pull request Deploy on Dev, set suffix=dev-497 from previous command line and everything else is same + diff --git a/chart/itvr-spilo/values-dev.yaml b/chart/itvr-spilo/values-dev.yaml index 0fe86f4d..dc522563 100644 --- a/chart/itvr-spilo/values-dev.yaml +++ b/chart/itvr-spilo/values-dev.yaml @@ -1,6 +1,6 @@ spilo: - replicaCount: 2 + replicaCount: 1 credentials: useExistingSecret: true @@ -11,7 +11,7 @@ spilo: standbyKey: password-standby continuousArchive: - enabled: true + enabled: false scheduleCronJob: "0 10 * * *" retainBackups: 3 storage: s3 @@ -21,9 +21,6 @@ spilo: shipLogs: enabled: false -# s3: -# bucket: s3://itvrdv -# shipSchedule: 0 7 * * * persistentVolume: size: 2Gi diff --git a/chart/spilo/templates/statefulset.yaml b/chart/spilo/templates/statefulset.yaml index 73f94aea..6aaff658 100644 --- a/chart/spilo/templates/statefulset.yaml +++ b/chart/spilo/templates/statefulset.yaml @@ -193,6 +193,8 @@ spec: successThreshold: 1 failureThreshold: {{ .Values.probes.readiness.failureThreshold }} {{- end }} + securityContext: + allowPrivilegeEscalation: true affinity: # Make sure we don't schedule multiple pods on the same node podAntiAffinity: diff --git a/frontend/README.md b/frontend/README.md index 58beeacc..1ccb2008 100644 --- a/frontend/README.md +++ b/frontend/README.md @@ -68,3 +68,5 @@ This section has moved here: [https://facebook.github.io/create-react-app/docs/d ### `npm run build` fails to minify This section has moved here: [https://facebook.github.io/create-react-app/docs/troubleshooting#npm-run-build-fails-to-minify](https://facebook.github.io/create-react-app/docs/troubleshooting#npm-run-build-fails-to-minify) + +tbd6 \ No newline at end of file diff --git a/frontend/package.json b/frontend/package.json index eae5af38..98de01b3 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -1,6 +1,6 @@ { "name": "frontend", - "version": "1.16.0", + "version": "1.17.0", "private": true, "dependencies": { "@date-io/date-fns": "^2.14.0", diff --git a/openshift/chart/templates/hpa.yaml b/openshift/chart/templates/hpa.yaml index ac1c66f5..40c750ba 100644 --- a/openshift/chart/templates/hpa.yaml +++ b/openshift/chart/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2beta2 kind: HorizontalPodAutoscaler metadata: name: {{ include "cas-cif.fullname" . }} @@ -17,12 +17,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} {{- end }} diff --git a/openshift/templates/knp-for-helm-deployment/README.md b/openshift/templates/knp-for-helm-deployment/README.md new file mode 100644 index 00000000..4212e42d --- /dev/null +++ b/openshift/templates/knp-for-helm-deployment/README.md @@ -0,0 +1,34 @@ + +## For Aporeto network security policies + +### remove all Aporeto network security policies +oc get nsp -n +oc delete nsp,en --all -n + +### Apply generic Aporeto network security policies +oc process -f nsp-generic.yaml NAMESPACE_PREFIX= ENVIRONMENT= | oc apply -f - -n +Note: once it is applied, the application will NOT be blocked by Aporeto. Aporeto should become transparent. + +## For the new network policies + +### For tools project, apply quick start +oc process -f knp-quick-start.yaml NAMESPACE_PREFIX= ENVIRONMENT= | oc apply -f - -n +Note : the quick start include three knps: deny-by-default, allow-from-openshift-ingress and allow-all-internal. Once the quick start is applied, the application will NOT be blocked by Openshift network policies. + +### For environment projects +oc process -f knp-env-base.yaml | oc create -f - -n +oc process -f knp-env-non-pr.yaml | oc create -f - -n +#### For Dev +Apply knp-env-pr.yaml through pipeline +#### For Test and Prod +oc process -f knp-env-pr.yaml SUFFIX=-test ENVIRONMENT=test | oc create -f - -n +oc process -f knp-env-pr.yaml SUFFIX=-prod ENVIRONMENT=prod | oc create -f - -n + +## Setup the new network policies on Test +oc get nsp -n -test +oc delete nsp,en --all -n -test +oc process -f nsp-generic.yaml NAMESPACE_PREFIX= ENVIRONMENT=test | oc apply -f - -n -test +oc process -f knp-env-base.yaml ENVIRONMENT=test | oc create -f - -n -test +oc process -f knp-env-non-pr.yaml ENVIRONMENT=test | oc create -f - -n -test +oc process -f knp-env-pr.yaml SUFFIX=-test ENVIRONMENT=test | oc create -f - -n -test + \ No newline at end of file diff --git a/openshift/templates/knp-for-helm-deployment/knp-diagram.drawio b/openshift/templates/knp-for-helm-deployment/knp-diagram.drawio new file mode 100644 index 00000000..36669c8a --- /dev/null +++ b/openshift/templates/knp-for-helm-deployment/knp-diagram.drawio @@ -0,0 +1,110 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/openshift/templates/knp-for-helm-deployment/knp-env-base.yaml b/openshift/templates/knp-for-helm-deployment/knp-env-base.yaml new file mode 100644 index 00000000..0a916433 --- /dev/null +++ b/openshift/templates/knp-for-helm-deployment/knp-env-base.yaml @@ -0,0 +1,36 @@ +--- +apiVersion: template.openshift.io/v1 +kind: Template +labels: + template: itvr-network-policy +metadata: + name: itvr-network-policy +objects: + ## Base Network Policies + - kind: NetworkPolicy + apiVersion: networking.k8s.io/v1 + metadata: + name: deny-by-default + spec: + # The default posture for a security first namespace is to + # deny all traffic. If not added this rule will be added + # by Platform Services during environment cut-over. + podSelector: {} + ingress: [] + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-from-openshift-ingress + spec: + # This policy allows any pod with a route & service combination + # to accept traffic from the OpenShift router pods. This is + # required for things outside of OpenShift (like the Internet) + # to reach your pods. + ingress: + - from: + - namespaceSelector: + matchLabels: + network.openshift.io/policy-group: ingress + podSelector: {} + policyTypes: + - Ingress diff --git a/openshift/templates/knp-for-helm-deployment/knp-env-pr.yaml b/openshift/templates/knp-for-helm-deployment/knp-env-pr.yaml new file mode 100644 index 00000000..ecea510f --- /dev/null +++ b/openshift/templates/knp-for-helm-deployment/knp-env-pr.yaml @@ -0,0 +1,111 @@ +--- +apiVersion: template.openshift.io/v1 +kind: Template +labels: + template: itvr-network-policy +metadata: + name: itvr-network-policy +parameters: + - name: SUFFIX + displayName: null + description: sample is -dev-97 + required: true + - name: ENVIRONMENT + displayName: null + description: such as dev, test or prod + required: true +objects: + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-backend-accepts${SUFFIX} + spec: + ## Allow backend to accept communication from frontend + podSelector: + matchLabels: + app.kubernetes.io/instance: itvr-backend${SUFFIX} + app.kubernetes.io/name: itvr-backend + ingress: + - from: + - podSelector: + matchLabels: + app.kubernetes.io/instance: itvr-frontend${SUFFIX} + app.kubernetes.io/name: itvr-frontend + ports: + - protocol: TCP + port: 8080 + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-spilo-accepts${SUFFIX} + spec: + ## Allow spilo to accept communications from backend + ## Allow spilo to accept communications from backend mid lifecycle pod + ## Allow spilo to accept communications from backup container + ## Allow spilo to accept communications from task-queue + podSelector: + matchLabels: + app.kubernetes.io/instance: itvr-spilo + app.kubernetes.io/name: spilo + ingress: + - from: + - podSelector: + matchLabels: + app.kubernetes.io/instance: itvr-backend${SUFFIX} + app.kubernetes.io/name: itvr-backend + - podSelector: + matchLabels: + openshift.io/deployer-pod.type: hook-mid + - podSelector: + matchLabels: + name: patroni-backup + - podSelector: + matchLabels: + app.kubernetes.io/instance: itvr-task-queue${SUFFIX} + app.kubernetes.io/name: itvr-task-queue + ports: + - protocol: TCP + port: 5432 + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-clamav-accepts${SUFFIX} + spec: + ## Allow clamav to accept communication from backend + podSelector: + matchLabels: + app.kubernetes.io/instance: itvr-clamav + app.kubernetes.io/name: clamav + ingress: + - from: + - podSelector: + matchLabels: + app.kubernetes.io/instance: itvr-backend${SUFFIX} + app.kubernetes.io/name: itvr-backend + ports: + - protocol: TCP + port: 3310 + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-spilo-accepts-metabase + spec: + ## Allow spilo to accept communication from metabase + podSelector: + matchLabels: + app.kubernetes.io/instance: itvr-spilo + app.kubernetes.io/name: spilo + ingress: + - ports: + - protocol: TCP + port: 5432 + from: + - namespaceSelector: + matchLabels: + environment: ${ENVIRONMENT} + name: 30b186 + - podSelector: + matchLabels: + app: metabase + policyTypes: + - Ingress \ No newline at end of file diff --git a/openshift/templates/knp-for-helm-deployment/knp-quick-start.yaml b/openshift/templates/knp-for-helm-deployment/knp-quick-start.yaml new file mode 100644 index 00000000..e7a97a6b --- /dev/null +++ b/openshift/templates/knp-for-helm-deployment/knp-quick-start.yaml @@ -0,0 +1,60 @@ +--- +apiVersion: template.openshift.io/v1 +kind: Template +labels: + template: zeva-network-policy +metadata: + name: zeva-network-policy +parameters: + - name: ENVIRONMENT + displayName: null + description: such as dev, test or prod + required: true + - name: NAMESPACE_PREFIX + displayName: null + description: the namespace prefix + required: true +objects: + - kind: NetworkPolicy + apiVersion: networking.k8s.io/v1 + metadata: + name: deny-by-default + spec: + # The default posture for a security first namespace is to + # deny all traffic. If not added this rule will be added + # by Platform Services during environment cut-over. + podSelector: {} + ingress: [] + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-from-openshift-ingress + spec: + # This policy allows any pod with a route & service combination + # to accept traffic from the OpenShift router pods. This is + # required for things outside of OpenShift (like the Internet) + # to reach your pods. + ingress: + - from: + - namespaceSelector: + matchLabels: + network.openshift.io/policy-group: ingress + podSelector: {} + policyTypes: + - Ingress + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-all-internal + spec: + # Allow all pods within the current namespace to communicate + # to one another. + ingress: + - from: + - namespaceSelector: + matchLabels: + environment: ${ENVIRONMENT} + name: ${NAMESPACE_PREFIX} + podSelector: {} + policyTypes: + - Ingress \ No newline at end of file diff --git a/openshift/templates/knp/knp-env-pr.yaml b/openshift/templates/knp/knp-env-pr.yaml index e629cf3f..29a9913f 100644 --- a/openshift/templates/knp/knp-env-pr.yaml +++ b/openshift/templates/knp/knp-env-pr.yaml @@ -17,7 +17,6 @@ objects: name: allow-backend-accepts${SUFFIX} spec: ## Allow backend to accept communication from frontend - ## Allow backend to accept communication from schema-spy podSelector: matchLabels: name: itvr-backend${SUFFIX} @@ -26,9 +25,6 @@ objects: - podSelector: matchLabels: name: itvr-frontend${SUFFIX} - - podSelector: - matchLabels: - name: schemaspy-public${SUFFIX} ports: - protocol: TCP port: 8080 @@ -40,8 +36,7 @@ objects: ## Allow patroni to accept communications from backend ## Allow patroni to accept communications from backend mid lifecycle pod ## Allow patroni to accept communications from backup container - ## Allow patroni to accept communications from django-q - ## Allow patroni to accept communications from schemaspy + ## Allow patroni to accept communications from task-queue podSelector: matchLabels: app.kubernetes.io/instance: itvr-spilo @@ -59,9 +54,6 @@ objects: - podSelector: matchLabels: name: itvr-task-queue${SUFFIX} - - podSelector: - matchLabels: - name: schemaspy-public${SUFFIX} ports: - protocol: TCP port: 5432 diff --git a/openshift/templates/maintenance-page/Dockerfile b/openshift/templates/maintenance-page/Dockerfile new file mode 100644 index 00000000..d0596728 --- /dev/null +++ b/openshift/templates/maintenance-page/Dockerfile @@ -0,0 +1,5 @@ +FROM artifacts.developer.gov.bc.ca/docker-remote/httpd:2.4 +COPY ./httpd.conf /usr/local/apache2/conf/httpd.conf +COPY ./public-html/ /usr/local/apache2/htdocs/ +RUN chgrp -R root /usr/local/apache2/logs \ + && chmod -R g+w /usr/local/apache2/logs \ No newline at end of file diff --git a/openshift/templates/maintenance-page/httpd.conf b/openshift/templates/maintenance-page/httpd.conf new file mode 100644 index 00000000..d891e310 --- /dev/null +++ b/openshift/templates/maintenance-page/httpd.conf @@ -0,0 +1,551 @@ +# +# This is the main Apache HTTP server configuration file. It contains the +# configuration directives that give the server its instructions. +# See for detailed information. +# In particular, see +# +# for a discussion of each configuration directive. +# +# Do NOT simply read the instructions in here without understanding +# what they do. They're here only as hints or reminders. If you are unsure +# consult the online docs. You have been warned. +# +# Configuration and logfile names: If the filenames you specify for many +# of the server's control files begin with "/" (or "drive:/" for Win32), the +# server will use that explicit path. If the filenames do *not* begin +# with "/", the value of ServerRoot is prepended -- so "logs/access_log" +# with ServerRoot set to "/usr/local/apache2" will be interpreted by the +# server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log" +# will be interpreted as '/logs/access_log'. + +# +# ServerRoot: The top of the directory tree under which the server's +# configuration, error, and log files are kept. +# +# Do not add a slash at the end of the directory path. If you point +# ServerRoot at a non-local disk, be sure to specify a local disk on the +# Mutex directive, if file-based mutexes are used. If you wish to share the +# same ServerRoot for multiple httpd daemons, you will need to change at +# least PidFile. +# +ServerRoot "/usr/local/apache2" + +# +# Mutex: Allows you to set the mutex mechanism and mutex file directory +# for individual mutexes, or change the global defaults +# +# Uncomment and change the directory if mutexes are file-based and the default +# mutex file directory is not on a local disk or is not appropriate for some +# other reason. +# +# Mutex default:logs + +# +# Listen: Allows you to bind Apache to specific IP addresses and/or +# ports, instead of the default. See also the +# directive. +# +# Change this to Listen on specific IP addresses as shown below to +# prevent Apache from glomming onto all bound IP addresses. +# +#Listen 12.34.56.78:80 +Listen 0.0.0.0:8080 + +# +# Dynamic Shared Object (DSO) Support +# +# To be able to use the functionality of a module which was built as a DSO you +# have to place corresponding `LoadModule' lines at this location so the +# directives contained in it are actually available _before_ they are used. +# Statically compiled modules (those listed by `httpd -l') do not need +# to be loaded here. +# +# Example: +# LoadModule foo_module modules/mod_foo.so +# +LoadModule mpm_event_module modules/mod_mpm_event.so +#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so +#LoadModule mpm_worker_module modules/mod_mpm_worker.so +LoadModule authn_file_module modules/mod_authn_file.so +#LoadModule authn_dbm_module modules/mod_authn_dbm.so +#LoadModule authn_anon_module modules/mod_authn_anon.so +#LoadModule authn_dbd_module modules/mod_authn_dbd.so +#LoadModule authn_socache_module modules/mod_authn_socache.so +LoadModule authn_core_module modules/mod_authn_core.so +LoadModule authz_host_module modules/mod_authz_host.so +LoadModule authz_groupfile_module modules/mod_authz_groupfile.so +LoadModule authz_user_module modules/mod_authz_user.so +#LoadModule authz_dbm_module modules/mod_authz_dbm.so +#LoadModule authz_owner_module modules/mod_authz_owner.so +#LoadModule authz_dbd_module modules/mod_authz_dbd.so +LoadModule authz_core_module modules/mod_authz_core.so +#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so +#LoadModule authnz_fcgi_module modules/mod_authnz_fcgi.so +LoadModule access_compat_module modules/mod_access_compat.so +LoadModule auth_basic_module modules/mod_auth_basic.so +#LoadModule auth_form_module modules/mod_auth_form.so +#LoadModule auth_digest_module modules/mod_auth_digest.so +#LoadModule allowmethods_module modules/mod_allowmethods.so +#LoadModule isapi_module modules/mod_isapi.so +#LoadModule file_cache_module modules/mod_file_cache.so +#LoadModule cache_module modules/mod_cache.so +#LoadModule cache_disk_module modules/mod_cache_disk.so +#LoadModule cache_socache_module modules/mod_cache_socache.so +#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so +#LoadModule socache_dbm_module modules/mod_socache_dbm.so +#LoadModule socache_memcache_module modules/mod_socache_memcache.so +#LoadModule socache_redis_module modules/mod_socache_redis.so +#LoadModule watchdog_module modules/mod_watchdog.so +#LoadModule macro_module modules/mod_macro.so +#LoadModule dbd_module modules/mod_dbd.so +#LoadModule bucketeer_module modules/mod_bucketeer.so +#LoadModule dumpio_module modules/mod_dumpio.so +#LoadModule echo_module modules/mod_echo.so +#LoadModule example_hooks_module modules/mod_example_hooks.so +#LoadModule case_filter_module modules/mod_case_filter.so +#LoadModule case_filter_in_module modules/mod_case_filter_in.so +#LoadModule example_ipc_module modules/mod_example_ipc.so +#LoadModule buffer_module modules/mod_buffer.so +#LoadModule data_module modules/mod_data.so +#LoadModule ratelimit_module modules/mod_ratelimit.so +LoadModule reqtimeout_module modules/mod_reqtimeout.so +#LoadModule ext_filter_module modules/mod_ext_filter.so +#LoadModule request_module modules/mod_request.so +#LoadModule include_module modules/mod_include.so +LoadModule filter_module modules/mod_filter.so +#LoadModule reflector_module modules/mod_reflector.so +#LoadModule substitute_module modules/mod_substitute.so +#LoadModule sed_module modules/mod_sed.so +#LoadModule charset_lite_module modules/mod_charset_lite.so +#LoadModule deflate_module modules/mod_deflate.so +#LoadModule xml2enc_module modules/mod_xml2enc.so +#LoadModule proxy_html_module modules/mod_proxy_html.so +#LoadModule brotli_module modules/mod_brotli.so +LoadModule mime_module modules/mod_mime.so +#LoadModule ldap_module modules/mod_ldap.so +LoadModule log_config_module modules/mod_log_config.so +#LoadModule log_debug_module modules/mod_log_debug.so +#LoadModule log_forensic_module modules/mod_log_forensic.so +#LoadModule logio_module modules/mod_logio.so +#LoadModule lua_module modules/mod_lua.so +LoadModule env_module modules/mod_env.so +#LoadModule mime_magic_module modules/mod_mime_magic.so +#LoadModule cern_meta_module modules/mod_cern_meta.so +#LoadModule expires_module modules/mod_expires.so +LoadModule headers_module modules/mod_headers.so +#LoadModule ident_module modules/mod_ident.so +#LoadModule usertrack_module modules/mod_usertrack.so +#LoadModule unique_id_module modules/mod_unique_id.so +LoadModule setenvif_module modules/mod_setenvif.so +LoadModule version_module modules/mod_version.so +#LoadModule remoteip_module modules/mod_remoteip.so +#LoadModule proxy_module modules/mod_proxy.so +#LoadModule proxy_connect_module modules/mod_proxy_connect.so +#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so +#LoadModule proxy_http_module modules/mod_proxy_http.so +#LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so +#LoadModule proxy_scgi_module modules/mod_proxy_scgi.so +#LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so +#LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so +#LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so +#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so +#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so +#LoadModule proxy_express_module modules/mod_proxy_express.so +#LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so +#LoadModule session_module modules/mod_session.so +#LoadModule session_cookie_module modules/mod_session_cookie.so +#LoadModule session_crypto_module modules/mod_session_crypto.so +#LoadModule session_dbd_module modules/mod_session_dbd.so +#LoadModule slotmem_shm_module modules/mod_slotmem_shm.so +#LoadModule slotmem_plain_module modules/mod_slotmem_plain.so +#LoadModule ssl_module modules/mod_ssl.so +#LoadModule optional_hook_export_module modules/mod_optional_hook_export.so +#LoadModule optional_hook_import_module modules/mod_optional_hook_import.so +#LoadModule optional_fn_import_module modules/mod_optional_fn_import.so +#LoadModule optional_fn_export_module modules/mod_optional_fn_export.so +#LoadModule dialup_module modules/mod_dialup.so +#LoadModule http2_module modules/mod_http2.so +#LoadModule proxy_http2_module modules/mod_proxy_http2.so +#LoadModule md_module modules/mod_md.so +#LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so +#LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so +#LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so +#LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so +LoadModule unixd_module modules/mod_unixd.so +#LoadModule heartbeat_module modules/mod_heartbeat.so +#LoadModule heartmonitor_module modules/mod_heartmonitor.so +#LoadModule dav_module modules/mod_dav.so +LoadModule status_module modules/mod_status.so +LoadModule autoindex_module modules/mod_autoindex.so +#LoadModule asis_module modules/mod_asis.so +#LoadModule info_module modules/mod_info.so +#LoadModule suexec_module modules/mod_suexec.so + + #LoadModule cgid_module modules/mod_cgid.so + + + #LoadModule cgi_module modules/mod_cgi.so + +#LoadModule dav_fs_module modules/mod_dav_fs.so +#LoadModule dav_lock_module modules/mod_dav_lock.so +#LoadModule vhost_alias_module modules/mod_vhost_alias.so +#LoadModule negotiation_module modules/mod_negotiation.so +LoadModule dir_module modules/mod_dir.so +#LoadModule imagemap_module modules/mod_imagemap.so +#LoadModule actions_module modules/mod_actions.so +#LoadModule speling_module modules/mod_speling.so +#LoadModule userdir_module modules/mod_userdir.so +LoadModule alias_module modules/mod_alias.so +#LoadModule rewrite_module modules/mod_rewrite.so + + +# +# If you wish httpd to run as a different user or group, you must run +# httpd as root initially and it will switch. +# +# User/Group: The name (or #number) of the user/group to run httpd as. +# It is usually good practice to create a dedicated user and group for +# running httpd, as with most system services. +# +User daemon +Group daemon + + + +# 'Main' server configuration +# +# The directives in this section set up the values used by the 'main' +# server, which responds to any requests that aren't handled by a +# definition. These values also provide defaults for +# any containers you may define later in the file. +# +# All of these directives may appear inside containers, +# in which case these default settings will be overridden for the +# virtual host being defined. +# + +# +# ServerAdmin: Your address, where problems with the server should be +# e-mailed. This address appears on some server-generated pages, such +# as error documents. e.g. admin@your-domain.com +# +ServerAdmin you@example.com + +# +# ServerName gives the name and port that the server uses to identify itself. +# This can often be determined automatically, but we recommend you specify +# it explicitly to prevent problems during startup. +# +# If your host doesn't have a registered DNS name, enter its IP address here. +# +#ServerName www.example.com:80 + +# +# Deny access to the entirety of your server's filesystem. You must +# explicitly permit access to web content directories in other +# blocks below. +# + + AllowOverride none + Require all denied + + +# +# Note that from this point forward you must specifically allow +# particular features to be enabled - so if something's not working as +# you might expect, make sure that you have specifically enabled it +# below. +# + +# +# DocumentRoot: The directory out of which you will serve your +# documents. By default, all requests are taken from this directory, but +# symbolic links and aliases may be used to point to other locations. +# +DocumentRoot "/usr/local/apache2/htdocs" + + # + # Possible values for the Options directive are "None", "All", + # or any combination of: + # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews + # + # Note that "MultiViews" must be named *explicitly* --- "Options All" + # doesn't give it to you. + # + # The Options directive is both complicated and important. Please see + # http://httpd.apache.org/docs/2.4/mod/core.html#options + # for more information. + # + Options Indexes FollowSymLinks + + # + # AllowOverride controls what directives may be placed in .htaccess files. + # It can be "All", "None", or any combination of the keywords: + # AllowOverride FileInfo AuthConfig Limit + # + AllowOverride None + + # + # Controls who can get stuff from this server. + # + Require all granted + + +# +# DirectoryIndex: sets the file that Apache will serve if a directory +# is requested. +# + + DirectoryIndex index.html + + +# +# The following lines prevent .htaccess and .htpasswd files from being +# viewed by Web clients. +# + + Require all denied + + +# +# ErrorLog: The location of the error log file. +# If you do not specify an ErrorLog directive within a +# container, error messages relating to that virtual host will be +# logged here. If you *do* define an error logfile for a +# container, that host's errors will be logged there and not here. +# +ErrorLog /proc/self/fd/2 + +# +# LogLevel: Control the number of messages logged to the error_log. +# Possible values include: debug, info, notice, warn, error, crit, +# alert, emerg. +# +LogLevel warn + + + # + # The following directives define some format nicknames for use with + # a CustomLog directive (see below). + # + LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined + LogFormat "%h %l %u %t \"%r\" %>s %b" common + + + # You need to enable mod_logio.c to use %I and %O + LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio + + + # + # The location and format of the access logfile (Common Logfile Format). + # If you do not define any access logfiles within a + # container, they will be logged here. Contrariwise, if you *do* + # define per- access logfiles, transactions will be + # logged therein and *not* in this file. + # + CustomLog /proc/self/fd/1 common + + # + # If you prefer a logfile with access, agent, and referer information + # (Combined Logfile Format) you can use the following directive. + # + #CustomLog "logs/access_log" combined + + + + # + # Redirect: Allows you to tell clients about documents that used to + # exist in your server's namespace, but do not anymore. The client + # will make a new request for the document at its new location. + # Example: + # Redirect permanent /foo http://www.example.com/bar + + # + # Alias: Maps web paths into filesystem paths and is used to + # access content that does not live under the DocumentRoot. + # Example: + # Alias /webpath /full/filesystem/path + # + # If you include a trailing / on /webpath then the server will + # require it to be present in the URL. You will also likely + # need to provide a section to allow access to + # the filesystem path. + + # + # ScriptAlias: This controls which directories contain server scripts. + # ScriptAliases are essentially the same as Aliases, except that + # documents in the target directory are treated as applications and + # run by the server when requested rather than as documents sent to the + # client. The same rules about trailing "/" apply to ScriptAlias + # directives as to Alias. + # + ScriptAlias /cgi-bin/ "/usr/local/apache2/cgi-bin/" + + + + + # + # ScriptSock: On threaded servers, designate the path to the UNIX + # socket used to communicate with the CGI daemon of mod_cgid. + # + #Scriptsock cgisock + + +# +# "/usr/local/apache2/cgi-bin" should be changed to whatever your ScriptAliased +# CGI directory exists, if you have that configured. +# + + AllowOverride None + Options None + Require all granted + + + + # + # Avoid passing HTTP_PROXY environment to CGI's on this or any proxied + # backend servers which have lingering "httpoxy" defects. + # 'Proxy' request header is undefined by the IETF, not listed by IANA + # + RequestHeader unset Proxy early + + + + # + # TypesConfig points to the file containing the list of mappings from + # filename extension to MIME-type. + # + TypesConfig conf/mime.types + + # + # AddType allows you to add to or override the MIME configuration + # file specified in TypesConfig for specific file types. + # + #AddType application/x-gzip .tgz + # + # AddEncoding allows you to have certain browsers uncompress + # information on the fly. Note: Not all browsers support this. + # + #AddEncoding x-compress .Z + #AddEncoding x-gzip .gz .tgz + # + # If the AddEncoding directives above are commented-out, then you + # probably should define those extensions to indicate media types: + # + AddType application/x-compress .Z + AddType application/x-gzip .gz .tgz + + # + # AddHandler allows you to map certain file extensions to "handlers": + # actions unrelated to filetype. These can be either built into the server + # or added with the Action directive (see below) + # + # To use CGI scripts outside of ScriptAliased directories: + # (You will also need to add "ExecCGI" to the "Options" directive.) + # + #AddHandler cgi-script .cgi + + # For type maps (negotiated resources): + #AddHandler type-map var + + # + # Filters allow you to process content before it is sent to the client. + # + # To parse .shtml files for server-side includes (SSI): + # (You will also need to add "Includes" to the "Options" directive.) + # + #AddType text/html .shtml + #AddOutputFilter INCLUDES .shtml + + +# +# The mod_mime_magic module allows the server to use various hints from the +# contents of the file itself to determine its type. The MIMEMagicFile +# directive tells the module where the hint definitions are located. +# +#MIMEMagicFile conf/magic + +# +# Customizable error responses come in three flavors: +# 1) plain text 2) local redirects 3) external redirects +# +# Some examples: +#ErrorDocument 500 "The server made a boo boo." +#ErrorDocument 404 /missing.html +#ErrorDocument 404 "/cgi-bin/missing_handler.pl" +#ErrorDocument 402 http://www.example.com/subscription_info.html +# + +# +# MaxRanges: Maximum number of Ranges in a request before +# returning the entire resource, or one of the special +# values 'default', 'none' or 'unlimited'. +# Default setting is to accept 200 Ranges. +#MaxRanges unlimited + +# +# EnableMMAP and EnableSendfile: On systems that support it, +# memory-mapping or the sendfile syscall may be used to deliver +# files. This usually improves server performance, but must +# be turned off when serving from networked-mounted +# filesystems or if support for these functions is otherwise +# broken on your system. +# Defaults: EnableMMAP On, EnableSendfile Off +# +#EnableMMAP off +#EnableSendfile on + +# Supplemental configuration +# +# The configuration files in the conf/extra/ directory can be +# included to add extra features or to modify the default configuration of +# the server, or you may simply copy their contents here and change as +# necessary. + +# Server-pool management (MPM specific) +#Include conf/extra/httpd-mpm.conf + +# Multi-language error messages +#Include conf/extra/httpd-multilang-errordoc.conf + +# Fancy directory listings +#Include conf/extra/httpd-autoindex.conf + +# Language settings +#Include conf/extra/httpd-languages.conf + +# User home directories +#Include conf/extra/httpd-userdir.conf + +# Real-time info on requests and configuration +#Include conf/extra/httpd-info.conf + +# Virtual hosts +#Include conf/extra/httpd-vhosts.conf + +# Local access to the Apache HTTP Server Manual +#Include conf/extra/httpd-manual.conf + +# Distributed authoring and versioning (WebDAV) +#Include conf/extra/httpd-dav.conf + +# Various default settings +#Include conf/extra/httpd-default.conf + +# Configure mod_proxy_html to understand HTML4/XHTML1 + +Include conf/extra/proxy-html.conf + + +# Secure (SSL/TLS) connections +#Include conf/extra/httpd-ssl.conf +# +# Note: The following must must be present to support +# starting without SSL on platforms with no /dev/random equivalent +# but a statically compiled-in mod_ssl. +# + +SSLRandomSeed startup builtin +SSLRandomSeed connect builtin + + diff --git a/openshift/templates/maintenance-page/maintenance-bc.yaml b/openshift/templates/maintenance-page/maintenance-bc.yaml new file mode 100644 index 00000000..77c213d3 --- /dev/null +++ b/openshift/templates/maintenance-page/maintenance-bc.yaml @@ -0,0 +1,68 @@ +--- +kind: Template +apiVersion: template.openshift.io/v1 +metadata: + name: maintenance-page +parameters: +- name: NAME + displayName: Name + description: The suffix for all created objects + required: false + value: maintenance-page +objects: +- kind: ImageStream + apiVersion: image.openshift.io/v1 + metadata: + name: maintenance-page + creationTimestamp: + labels: + app: maintenance-page + spec: + lookupPolicy: + local: false + status: + dockerImageRepository: '' +- kind: BuildConfig + apiVersion: build.openshift.io/v1 + metadata: + name: maintenance-page + creationTimestamp: + labels: + app: maintenance-page + spec: + triggers: + - type: ConfigChange + - type: ImageChange + imageChange: {} + runPolicy: SerialLatestOnly + source: + type: Git + contextDir: "openshift/templates/maintenance-page" + git: + uri: https://github.com/bcgov/itvr.git + ref: release-1.17.0 + strategy: + dockerStrategy: + env: + - name: ARTIFACTORY_USER + valueFrom: + secretKeyRef: + name: artifacts-default-pwpgbz + key: username + - name: ARTIFACTORY_PASSWORD + valueFrom: + secretKeyRef: + name: artifacts-default-pwpgbz + key: password + forcePull: true + noCache: true + type: Docker + output: + to: + kind: ImageStreamTag + name: maintenance-page:latest + resources: {} + postCommit: {} + nodeSelector: + successfulBuildsHistoryLimit: 5 + failedBuildsHistoryLimit: 5 diff --git a/openshift/templates/maintenance-page/maintenance-dc.yaml b/openshift/templates/maintenance-page/maintenance-dc.yaml new file mode 100644 index 00000000..3facdfce --- /dev/null +++ b/openshift/templates/maintenance-page/maintenance-dc.yaml @@ -0,0 +1,112 @@ +--- +kind: Template +apiVersion: template.openshift.io/v1 +metadata: + name: maintenance-page-dc +parameters: +- name: ENV_NAME + displayName: Environment name + description: The environment name + required: true +objects: +- kind: DeploymentConfig + apiVersion: apps.openshift.io/v1 + metadata: + name: maintenance-page + creationTimestamp: + labels: + app: maintenance-page + spec: + strategy: + type: Rolling + rollingParams: + updatePeriodSeconds: 1 + intervalSeconds: 1 + timeoutSeconds: 600 + maxUnavailable: 25% + maxSurge: 25% + resources: {} + activeDeadlineSeconds: 21600 + triggers: + - type: ConfigChange + - type: ImageChange + imageChangeParams: + automatic: true + containerNames: + - maintenance-page + from: + kind: ImageStreamTag + namespace: ac294c-tools + name: maintenance-page:latest + replicas: 1 + revisionHistoryLimit: 10 + test: false + selector: + app: maintenance-page + template: + metadata: + creationTimestamp: + labels: + app: maintenance-page + annotations: + openshift.io/generated-by: OpenShiftNewApp + spec: + containers: + - name: maintenance-page + image: " " + ports: + - containerPort: 8080 + protocol: TCP + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + terminationMessagePath: "/dev/termination-log" + terminationMessagePolicy: File + imagePullPolicy: Always + restartPolicy: Always + terminationGracePeriodSeconds: 30 + dnsPolicy: ClusterFirst + securityContext: {} + schedulerName: default-scheduler +- kind: Service + apiVersion: v1 + metadata: + name: maintenance-page + creationTimestamp: + labels: + app: maintenance-page + spec: + ports: + - name: web + protocol: TCP + port: 8080 + targetPort: 8080 + selector: + app: maintenance-page + type: ClusterIP + sessionAffinity: None +- kind: Route + apiVersion: route.openshift.io/v1 + metadata: + name: maintenance-page + creationTimestamp: + labels: + app: maintenance-page + annotations: + openshift.io/host.generated: 'true' + spec: + host: itvr-maintenance-page-${ENV_NAME}.apps.silver.devops.gov.bc.ca + to: + kind: Service + name: maintenance-page + weight: 100 + port: + targetPort: web + tls: + termination: edge + insecureEdgeTerminationPolicy: Redirect + wildcardPolicy: None diff --git a/openshift/templates/maintenance-page/public-html/index.html b/openshift/templates/maintenance-page/public-html/index.html new file mode 100644 index 00000000..927aa971 --- /dev/null +++ b/openshift/templates/maintenance-page/public-html/index.html @@ -0,0 +1,18 @@ + +Site Maintenance + + +
+

We’ll be back soon!

+
+

Sorry for the inconvenience. We're performing maintenance and should be back shortly.

+

— Electric Vehicle Rebates

+
+