From 2bddd3aa724ebeb091337b27cfb6e4afbb4e48b0 Mon Sep 17 00:00:00 2001 From: Kuan Fan Date: Tue, 7 May 2024 10:52:14 -0700 Subject: [PATCH] add cra --- .github/workflows/pr-deploy-template.yaml | 1 + .../templates/deploymentconfig.yaml | 17 ++- .../charts/itvr-backend/values-dev.yaml | 2 - .../charts/itvr-backend/values-prod.yaml | 2 - .../charts/itvr-backend/values-test.yaml | 2 - .../itvr-apps/charts/itvr-cra/values-dev.yaml | 10 +- .../charts/itvr-cra/values-prod.yaml | 138 ++++++++++++++++++ .../charts/itvr-cra/values-test.yaml | 10 +- openshift/templates/cra/cra-secret.yaml | 25 +++- 9 files changed, 192 insertions(+), 15 deletions(-) create mode 100644 chart/itvr-apps/charts/itvr-cra/values-prod.yaml diff --git a/.github/workflows/pr-deploy-template.yaml b/.github/workflows/pr-deploy-template.yaml index 8165c755..542bda6f 100644 --- a/.github/workflows/pr-deploy-template.yaml +++ b/.github/workflows/pr-deploy-template.yaml @@ -87,6 +87,7 @@ jobs: --set namespace=${{ secrets.namespace }} \ --set backendImageTagName=${{ inputs.image-tag-name }} \ --set suffix=${{ inputs.suffix }} \ + --set envName=${{ inputs.env-name }} \ --set frontendRouteHostName=${{ inputs.frontend-route-host-name }} \ -n ${{ secrets.namespace }} -f ./values-${{ inputs.env-name }}.yaml itvr-backend${{ inputs.suffix }} . diff --git a/chart/itvr-apps/charts/itvr-backend/templates/deploymentconfig.yaml b/chart/itvr-apps/charts/itvr-backend/templates/deploymentconfig.yaml index ef905beb..685e7b11 100644 --- a/chart/itvr-apps/charts/itvr-backend/templates/deploymentconfig.yaml +++ b/chart/itvr-apps/charts/itvr-backend/templates/deploymentconfig.yaml @@ -250,15 +250,24 @@ spec: - name: CRYPTO_SERVICE_URL value: {{ .Values.backend.cryptoServiceUrl }} - name: CRA_CERTIFICATE - value: {{ .Values.backend.craCertificate }} + valueFrom: + secretKeyRef: + name: itvr-cra-{{ .Values.envName }} + key: CRA_CERTIFICATE - name: CRA_CERTIFICATE_CRL_DN - value: 'cn=CRL5,ou=EXTTESTCA,ou=Extern,ou=cra-arc,o=GC,c=CA' + valueFrom: + secretKeyRef: + name: itvr-cra-{{ .Values.envName }} + key: CRA_CERTIFICATE_CRL_DN - name: EPF_FILENAME - value: {{ .Values.backend.epfFilename }} + valueFrom: + secretKeyRef: + name: itvr-cra-{{ .Values.envName }} + key: EPF_FILENAME - name: EPF_PASSWORD valueFrom: secretKeyRef: - name: itvr-cra-secret + name: itvr-cra-{{ .Values.envName }} key: EPF_PASSWORD ports: - containerPort: 8080 diff --git a/chart/itvr-apps/charts/itvr-backend/values-dev.yaml b/chart/itvr-apps/charts/itvr-backend/values-dev.yaml index cb951dc1..082982b1 100644 --- a/chart/itvr-apps/charts/itvr-backend/values-dev.yaml +++ b/chart/itvr-apps/charts/itvr-backend/values-dev.yaml @@ -30,5 +30,3 @@ backend: djangoDebug: "False" virusScanEnabled: "True" cryptoServiceUrl: "http://itvr-cra-dev.ac294c-dev.svc.cluster.local:8080" - craCertificate: cra_test_public_key.der - epfFilename: BCVRTEST.epf diff --git a/chart/itvr-apps/charts/itvr-backend/values-prod.yaml b/chart/itvr-apps/charts/itvr-backend/values-prod.yaml index 3a169bc2..5b25e633 100644 --- a/chart/itvr-apps/charts/itvr-backend/values-prod.yaml +++ b/chart/itvr-apps/charts/itvr-backend/values-prod.yaml @@ -30,5 +30,3 @@ backend: djangoDebug: "False" virusScanEnabled: "True" cryptoServiceUrl: "http://itvr-cra-prod.ac294c-prod.svc.cluster.local:8080" - craCertificate: cra_test_public_key.der - epfFilename: BCVRTEST.epf diff --git a/chart/itvr-apps/charts/itvr-backend/values-test.yaml b/chart/itvr-apps/charts/itvr-backend/values-test.yaml index adb1cd7a..bbe6daec 100644 --- a/chart/itvr-apps/charts/itvr-backend/values-test.yaml +++ b/chart/itvr-apps/charts/itvr-backend/values-test.yaml @@ -30,5 +30,3 @@ backend: djangoDebug: "False" virusScanEnabled: "True" cryptoServiceUrl: "http://itvr-cra-test.ac294c-test.svc.cluster.local:8080" - craCertificate: cra_test_public_key.der - epfFilename: BCVRTEST.epf diff --git a/chart/itvr-apps/charts/itvr-cra/values-dev.yaml b/chart/itvr-apps/charts/itvr-cra/values-dev.yaml index 27b06870..5fae6908 100644 --- a/chart/itvr-apps/charts/itvr-cra/values-dev.yaml +++ b/chart/itvr-apps/charts/itvr-cra/values-dev.yaml @@ -113,9 +113,15 @@ env: - name: SERVER_PORT value: "8080" - name: DIRECTORY_IP - value: "198.103.185.198" + valueFrom: + secretKeyRef: + name: itvr-cra-dev + key: DIRECTORY_IP - name: DIRECTORY_PORT - value: "389" + valueFrom: + secretKeyRef: + name: itvr-cra-dev + key: DIRECTORY_PORT - name: MINIO_ENDPOINT value: http://itvr-minio-dev.ac294c-dev.svc.cluster.local:9000 - name: MINIO_ROOT_USER diff --git a/chart/itvr-apps/charts/itvr-cra/values-prod.yaml b/chart/itvr-apps/charts/itvr-cra/values-prod.yaml new file mode 100644 index 00000000..2dc33680 --- /dev/null +++ b/chart/itvr-apps/charts/itvr-cra/values-prod.yaml @@ -0,0 +1,138 @@ +# Default values for itvr-cra. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: image-registry.openshift-image-registry.svc:5000/ac294c-prod/itvr-cra + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} +podLabels: {} + +podSecurityContext: + {} + # fsGroup: 2000 + +securityContext: + {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 8080 + +ingress: + enabled: false + className: "" + annotations: + {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + limits: + cpu: 200m + memory: 600Mi + requests: + cpu: 100m + memory: 300Mi + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 2 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +# Additional volumes on the output Deployment definition. +volumes: [] +# - name: foo +# secret: +# secretName: mysecret +# optional: false + +# Additional volumeMounts on the output Deployment definition. +volumeMounts: [] +# - name: foo +# mountPath: "/etc/foo" +# readOnly: true + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +route: + create: false + +env: + - name: SERVER_PORT + value: "8080" + - name: DIRECTORY_IP + valueFrom: + secretKeyRef: + name: itvr-cra-prod + key: DIRECTORY_IP + - name: DIRECTORY_PORT + valueFrom: + secretKeyRef: + name: itvr-cra-prod + key: DIRECTORY_PORT + - name: MINIO_ENDPOINT + value: http://itvr-minio-prod.ac294c-prod.svc.cluster.local:9000 + - name: MINIO_ROOT_USER + valueFrom: + secretKeyRef: + name: itvr-minio-prod + key: root-user + - name: MINIO_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: itvr-minio-prod + key: root-password + - name: MINIO_BUCKET_NAME + value: cra diff --git a/chart/itvr-apps/charts/itvr-cra/values-test.yaml b/chart/itvr-apps/charts/itvr-cra/values-test.yaml index 1ca08b95..0ccf2e5a 100644 --- a/chart/itvr-apps/charts/itvr-cra/values-test.yaml +++ b/chart/itvr-apps/charts/itvr-cra/values-test.yaml @@ -113,9 +113,15 @@ env: - name: SERVER_PORT value: "8080" - name: DIRECTORY_IP - value: "198.103.185.198" + valueFrom: + secretKeyRef: + name: itvr-cra-test + key: DIRECTORY_IP - name: DIRECTORY_PORT - value: "389" + valueFrom: + secretKeyRef: + name: itvr-cra-test + key: DIRECTORY_PORT - name: MINIO_ENDPOINT value: http://itvr-minio-test.ac294c-test.svc.cluster.local:9000 - name: MINIO_ROOT_USER diff --git a/openshift/templates/cra/cra-secret.yaml b/openshift/templates/cra/cra-secret.yaml index d71211cb..f66ae6e6 100644 --- a/openshift/templates/cra/cra-secret.yaml +++ b/openshift/templates/cra/cra-secret.yaml @@ -4,13 +4,36 @@ metadata: creationTimestamp: null name: itvr-cra-secret parameters: + - name: ENV + description: ENV + required: true + - name: CRA_CERTIFICATE + description: CRA_CERTIFICATE + required: true + - name: CRA_CERTIFICATE_CRL_DN + description: CRA_CERTIFICATE_CRL_DN + required: true + - name: EPF_FILENAME + description: EPF_FILENAME + required: true - name: EPF_PASSWORD description: EPF password for CRA required: true + - name: DIRECTORY_IP + description: DIRECTORY_IP + required: true + - name: DIRECTORY_PORT + description: DIRECTORY_PORT + required: true objects: - apiVersion: v1 kind: Secret metadata: - name: itvr-cra-secret + name: itvr-cra-${ENV} stringData: + CRA_CERTIFICATE: ${CRA_CERTIFICATE} + CRA_CERTIFICATE_CRL_DN: ${CRA_CERTIFICATE_CRL_DN} + EPF_FILENAME: ${EPF_FILENAME} EPF_PASSWORD: ${EPF_PASSWORD} + DIRECTORY_IP: ${DIRECTORY_IP} + DIRECTORY_PORT: ${DIRECTORY_PORT}