diff --git a/.jenkins/docker/contrib/jenkins/configuration/config.xml b/.jenkins/docker/contrib/jenkins/configuration/config.xml
new file mode 100644
index 000000000..05a856331
--- /dev/null
+++ b/.jenkins/docker/contrib/jenkins/configuration/config.xml
@@ -0,0 +1,127 @@
+
+
+
+ GitHubHookRegisterProblemMonitor
+ jenkins.security.QueueItemAuthenticatorMonitor
+
+ 2.176.1
+ RUNNING
+ 0
+ EXCLUSIVE
+ true
+
+ com.cloudbees.plugins.credentials.CredentialsProvider.Create:kuanfandevops-admin-edit-view
+ com.cloudbees.plugins.credentials.CredentialsProvider.Delete:kuanfandevops-admin-edit-view
+ com.cloudbees.plugins.credentials.CredentialsProvider.ManageDomains:kuanfandevops-admin-edit-view
+ com.cloudbees.plugins.credentials.CredentialsProvider.Update:kuanfandevops-admin-edit-view
+ com.cloudbees.plugins.credentials.CredentialsProvider.View:kuanfandevops-admin-edit-view
+ hudson.model.Computer.Configure:kuanfandevops-admin-edit-view
+ hudson.model.Computer.Connect:jenkins-slave
+ hudson.model.Computer.Create:jenkins-slave
+ hudson.model.Computer.Delete:kuanfandevops-admin-edit-view
+ hudson.model.Hudson.Administer:kuanfandevops-admin-edit-view
+ hudson.model.Hudson.Read:jenkins-slave
+ hudson.model.Hudson.Read:kuanfandevops-admin-edit-view
+ hudson.model.Hudson.RunScripts:kuanfandevops-admin-edit-view
+ hudson.model.Item.Build:kuanfandevops-admin-edit-view
+ hudson.model.Item.Cancel:kuanfandevops-admin-edit-view
+ hudson.model.Item.Configure:kuanfandevops-admin-edit-view
+ hudson.model.Item.Create:kuanfandevops-admin-edit-view
+ hudson.model.Item.Delete:kuanfandevops-admin-edit-view
+ hudson.model.Item.Discover:kuanfandevops-admin-edit-view
+ hudson.model.Item.Read:kuanfandevops-admin-edit-view
+ hudson.model.Item.Workspace:kuanfandevops-admin-edit-view
+ hudson.model.Run.Delete:kuanfandevops-admin-edit-view
+ hudson.model.Run.Update:kuanfandevops-admin-edit-view
+ hudson.model.View.Configure:kuanfandevops-admin-edit-view
+ hudson.model.View.Create:kuanfandevops-admin-edit-view
+ hudson.model.View.Delete:kuanfandevops-admin-edit-view
+ hudson.scm.SCM.Tag:kuanfandevops-admin-edit-view
+
+
+ /run/secrets/kubernetes.io/serviceaccount
+ jenkins-prod
+ https://openshift.default.svc
+ https://console.pathfinder.gov.bc.ca:8443
+ system:serviceaccount:tbiwaq-tools:jenkins-prod
+ eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJ0Yml3YXEtdG9vbHMiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlY3JldC5uYW1lIjoiamVua2lucy1wcm9kLXRva2VuLWhteHo5Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImplbmtpbnMtcHJvZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjEyZDJlYWNlLTJjMTItMTFlYS1hZGNkLTAwNTA1NjgzNDhjYyIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDp0Yml3YXEtdG9vbHM6amVua2lucy1wcm9kIn0.PJ7GysGdZdy3uPSLUmFRLUHZHpkocbPV08aXGeeIW5zWWlbwlWMHeTyiF3Tqo4ToYMhcXmqhFukEr6NNRtgxrVUsHuOx4i7OH8UFrW1TeXYgPBBUpfwXhOoIhhTA2Jl5lbWVvsPNNoB_f-SFe3cqcNC0sIctb2EwIl6CBV8JksjfWtxSXzJGkdBYFf9mvBftCq7QlEYVoMWBJ_goOd-j3ITHyo5klVFdmLN4i7GphWPcoFMEsxxEGhbvbG3NNiwA0J_43Ueo6po7V-UH9HNTuD38coqWJbK3PXsr9IUrlncVqj3pbWi3P9Ir_CInjInALpCQPiOupBZ7w2BfgiHdAA
+ tbiwaq-tools
+
+ https://console.pathfinder.gov.bc.ca:8443
+ https://console.pathfinder.gov.bc.ca:8443/oauth/authorize
+ https://console.pathfinder.gov.bc.ca:8443/oauth/token
+
+
+
+ true
+
+ ${JENKINS_HOME}/workspace/${ITEM_FULL_NAME}
+ ${JENKINS_HOME}/builds/${ITEM_FULL_NAME}
+
+
+
+
+
+
+ openshift
+
+
+
+ false
+ false
+ false
+ 10
+ 5
+ 5
+ 15
+ false
+ 32
+ 600
+
+
+
+ openshift
+
+
+
+ false
+ false
+ false
+ http://jenkins-prod.tbiwaq-tools.svc:8080
+ jenkins-prod.tbiwaq-tools.svc:50000
+ 10
+ 5
+ 5
+ 15
+ false
+ 32
+ 600
+
+
+
+ 5
+ 0
+
+
+
+ all
+ false
+ false
+
+
+
+ all
+ 50000
+
+ JNLP-connect
+ JNLP2-connect
+ JNLP3-connect
+
+
+
+ true
+
+
+
+ true
+
diff --git a/.jenkins/docker/contrib/jenkins/configuration/jobs/zeva-release-pipelines/config.xml b/.jenkins/docker/contrib/jenkins/configuration/jobs/zeva-release-pipelines/config.xml
new file mode 100644
index 000000000..b97a091e6
--- /dev/null
+++ b/.jenkins/docker/contrib/jenkins/configuration/jobs/zeva-release-pipelines/config.xml
@@ -0,0 +1,22 @@
+
+
+
+
+
+
+
+ All
+ false
+ false
+
+
+
+
+
+
+
+ false
+
+
+
+
diff --git a/.jenkins/docker/contrib/jenkins/configuration/jobs/zeva-release-pipelines/jobs/develop-pipeline/config.xml b/.jenkins/docker/contrib/jenkins/configuration/jobs/zeva-release-pipelines/jobs/develop-pipeline/config.xml
new file mode 100644
index 000000000..8a1237a48
--- /dev/null
+++ b/.jenkins/docker/contrib/jenkins/configuration/jobs/zeva-release-pipelines/jobs/develop-pipeline/config.xml
@@ -0,0 +1,36 @@
+
+
+
+
+ false
+
+
+
+ false
+ false
+
+
+
+
+ 2
+
+
+ https://github.com/bcgov/zeva.git
+ github-account
+
+
+
+
+ release-pipeline
+
+
+ false
+
+
+
+ openshift/pipelines/Jenkinsfile-develop
+ false
+
+
+ false
+
diff --git a/openshift/pipelines/Jenkinsfile-develop b/openshift/pipelines/Jenkinsfile-develop
new file mode 100644
index 000000000..edc56ef62
--- /dev/null
+++ b/openshift/pipelines/Jenkinsfile-develop
@@ -0,0 +1,56 @@
+result = 0
+runParallel = true
+zevaRelease="release-pipeline"
+
+podTemplate(label: "develop-maven-${env.BUILD_NUMBER}", name: "develop-maven-${env.BUILD_NUMBER}", serviceAccount: 'jenkins-prod', cloud: 'openshift',
+ containers: [
+ containerTemplate(
+ name: 'jnlp',
+ image: 'registry.access.redhat.com/openshift3/jenkins-slave-maven-rhel7:v3.9',
+ resourceRequestCpu: '500m',
+ resourceLimitCpu: '1000m',
+ resourceRequestMemory: '2Gi',
+ resourceLimitMemory: '4Gi',
+ workingDir: '/home/jenkins',
+ activeDeadlineSeconds: 600,
+ slaveConnectTimeout: 600,
+ command: '',
+ args: '${computer.jnlpmac} ${computer.name}'
+
+ )
+ ]
+) {
+
+ node("develop-maven-${env.BUILD_NUMBER}") {
+ //checkout code
+ checkout changelog: false, poll: false, scm: [$class: 'GitSCM', branches: [[name: "${zevaRelease}"]], doGenerateSubmoduleConfigurations: false, extensions: [], submoduleCfg: [], userRemoteConfigs: [[credentialsId: 'github-account', url: 'https://github.com/bcgov/zeva.git']]]
+
+ //load groovy scripts
+ def prepareBuilds = load "openshift/pipelines/scripts/prepareBuilds.groovy"
+
+ buildStages = prepareBuilds.buildStages('dev',zevaRelease)
+
+ for (builds in buildStages) {
+ if (runParallel) {
+ parallel(builds)
+ } else {
+ // run serially (nb. Map is unordered! )
+ for (build in builds.values()) {
+ build.call()
+ }
+ }
+ }
+
+ //load deployment scripts
+ def prepareDeployments = load "openshift/pipelines/scripts/prepareDeployments.groovy"
+
+ //apply deployment config
+ prepareDeployments.frontendDeployStage("dev").call()
+
+ //refresh the dev tag to deploy on dev
+ openshift.withProject("tbiwaq-dev") {
+ openshift.tag("tbiwaq-tools/frontend:${zevaRelease}", 'tbiwaq-dev/frontend:dev')
+ }
+
+ }
+}
diff --git a/openshift/pipelines/scripts/prepareBuilds.groovy b/openshift/pipelines/scripts/prepareBuilds.groovy
new file mode 100644
index 000000000..13e4d4a8d
--- /dev/null
+++ b/openshift/pipelines/scripts/prepareBuilds.groovy
@@ -0,0 +1,26 @@
+def buildStages(String envName, String zevaRelease) {
+ def buildList = []
+ def buildStages = [:]
+ buildStages.put('Build Frontend', prepareBuildFrontend(envName, zevaRelease))
+ buildList.add(buildStages)
+ return buildList
+}
+
+def prepareBuildFrontend(String envName, String zevaRelease) {
+ return {
+ stage('Build-Frontend') {
+ timeout(30) {
+ script {
+ openshift.withProject("tbiwaq-tools") {
+ def frontendyaml = openshift.process(readFile(file:'openshift/templates/frontend/frontend-bc-release.yaml'), '-p', 'GIT_URL=https://github.com/bcgov/zeva.git', "GIT_REF=${zevaRelease}")
+ openshift.apply(frontendyaml)
+ def frontendBuildSelector = openshift.selector("bc", "frontend")
+ frontendBuildSelector.startBuild("--wait")
+ }
+ } //end of script
+ } //end of timeout
+ }
+ }
+}
+
+return this
diff --git a/openshift/pipelines/scripts/prepareDeployments.groovy b/openshift/pipelines/scripts/prepareDeployments.groovy
new file mode 100644
index 000000000..fb7f49f92
--- /dev/null
+++ b/openshift/pipelines/scripts/prepareDeployments.groovy
@@ -0,0 +1,40 @@
+def frontendDeployStage (String envName) {
+ return {
+ stage("Apply Frontend Deployment Config on ${envName}") {
+ timeout(30) {
+ script {
+ def projectName
+ def ENV_NAME
+ def DASH_ENV_NAME
+ def CPU_REQUEST
+ def CPU_LIMIT
+ def MEMORY_REQUEST
+ def MEMORY_LIMIT
+ if(envName == 'dev') {
+ projectName = 'tbiwaq-dev'
+ ENV_NAME = 'dev'
+ DASH_ENV_NAME = '-dev'
+ CPU_REQUEST='100m'
+ CPU_LIMIT='400m'
+ MEMORY_REQUEST='128Mi'
+ MEMORY_LIMIT='256Mi'
+ }
+ openshift.withProject("${projectName}") {
+ def frontendDCYaml = openshift.process(readFile(file:'openshift/templates/frontend/frontend-dc-release.yaml'),
+ "-p",
+ "ENV_NAME=${ENV_NAME}",
+ "DASH_ENV_NAME=${DASH_ENV_NAME}",
+ "CPU_REQUEST=${CPU_REQUEST}",
+ "CPU_LIMIT=${CPU_LIMIT}",
+ "MEMORY_REQUEST=${MEMORY_REQUEST}",
+ "MEMORY_LIMIT=${MEMORY_LIMIT}"
+ )
+ openshift.apply(frontendDCYaml)
+ }
+ }
+ }
+ }
+ }
+}
+
+return this
diff --git a/openshift/templates/backend/backend-bc-release.yaml b/openshift/templates/backend/backend-bc-release.yaml
new file mode 100644
index 000000000..e1a0fdc13
--- /dev/null
+++ b/openshift/templates/backend/backend-bc-release.yaml
@@ -0,0 +1,70 @@
+apiVersion: template.openshift.io/v1
+kind: Template
+metadata:
+ creationTimestamp: null
+ name: backend
+parameters:
+ - name: GIT_URL
+ displayName:
+ description: zeva repo
+ required: true
+ - name: GIT_REF
+ displayName:
+ description: zeva release name
+ required: true
+objects:
+ - apiVersion: image.openshift.io/v1
+ kind: ImageStream
+ metadata:
+ annotations:
+ description: Keeps track of changes in the backend image
+ creationTimestamp: null
+ name: backend
+ spec:
+ lookupPolicy:
+ local: false
+ status:
+ dockerImageRepository: ""
+ - apiVersion: build.openshift.io/v1
+ kind: BuildConfig
+ metadata:
+ annotations:
+ description: Defines how to build the application
+ creationTimestamp: null
+ name: backend
+ spec:
+ nodeSelector: null
+ output:
+ to:
+ kind: ImageStreamTag
+ name: backend:${GIT_REF}
+ postCommit: {}
+ resources:
+ limits:
+ cpu: 2000m
+ memory: 2G
+ requests:
+ cpu: 500m
+ memory: 200M
+ runPolicy: SerialLatestOnly
+ source:
+ contextDir: backend
+ git:
+ ref: ${GIT_REF}
+ uri: ${GIT_URL}
+ type: Git
+ strategy:
+ sourceStrategy:
+ env:
+ - name: PIP_INDEX_URL
+ from:
+ kind: ImageStreamTag
+ name: python:3.6
+ namespace: openshift
+ type: Source
+ triggers:
+ - imageChange: {}
+ type: ImageChange
+ - type: ConfigChange
+ status:
+ lastVersion: 0
diff --git a/openshift/templates/backend/backend-bc.yaml b/openshift/templates/backend/backend-bc.yaml
new file mode 100644
index 000000000..65b581f4e
--- /dev/null
+++ b/openshift/templates/backend/backend-bc.yaml
@@ -0,0 +1,82 @@
+apiVersion: template.openshift.io/v1
+kind: Template
+metadata:
+ creationTimestamp: null
+ name: zeva-backend-bc
+parameters:
+ - name: NAME
+ displayName:
+ description: the module name entered when run yo bcdk:pipeline, which is zeva
+ required: true
+ - name: SUFFIX
+ displayName:
+ description: sample is -pr-0
+ required: true
+ - name: VERSION
+ displayName:
+ description: image tag name for output
+ required: true
+ - name: GIT_URL
+ displayName:
+ description: zeva repo
+ required: true
+ - name: GIT_REF
+ displayName:
+ description: zeva branch name of the pr
+ required: true
+objects:
+ - apiVersion: image.openshift.io/v1
+ kind: ImageStream
+ metadata:
+ annotations:
+ description: Keeps track of changes in the backend image
+ creationTimestamp: null
+ name: ${NAME}-backend
+ spec:
+ lookupPolicy:
+ local: false
+ status:
+ dockerImageRepository: ""
+ - apiVersion: build.openshift.io/v1
+ kind: BuildConfig
+ metadata:
+ annotations:
+ description: Defines how to build the application
+ creationTimestamp: null
+ name: ${NAME}-backend${SUFFIX}
+ spec:
+ nodeSelector: null
+ output:
+ to:
+ kind: ImageStreamTag
+ name: ${NAME}-backend:${VERSION}
+ postCommit: {}
+ resources:
+ limits:
+ cpu: 2000m
+ memory: 2G
+ requests:
+ cpu: 500m
+ memory: 200M
+ runPolicy: SerialLatestOnly
+ source:
+ contextDir: backend
+ git:
+ ref: ${GIT_REF}
+ uri: ${GIT_URL}
+ type: Git
+ strategy:
+ sourceStrategy:
+ env:
+ - name: PIP_INDEX_URL
+ from:
+ kind: ImageStreamTag
+ name: python:3.6
+ namespace: openshift
+ type: Source
+ triggers:
+ - imageChange: {}
+ type: ImageChange
+ - type: ConfigChange
+ status:
+ lastVersion: 0
diff --git a/openshift/templates/backend/backend-dc-release.yaml b/openshift/templates/backend/backend-dc-release.yaml
new file mode 100644
index 000000000..46a6f8be7
--- /dev/null
+++ b/openshift/templates/backend/backend-dc-release.yaml
@@ -0,0 +1,186 @@
+apiVersion: template.openshift.io/v1
+kind: Template
+metadata:
+ creationTimestamp: null
+ name: backend
+parameters:
+ - name: ENV_NAME
+ value: dev
+ displayName: Environment name
+ description: Environment name, dev, test and prod
+ required: true
+ - name: DASH_ENV_NAME
+ value: -dev
+ displayName: Environment name
+ description: Environment name, -dev, -test and empty for prod
+ required: true
+ - name: CPU_REQUEST
+ displayName: Requested CPU
+ description: Requested CPU
+ required: true
+ - name: CPU_LIMIT
+ displayName: CPU upper limit
+ description: CPU upper limit
+ required: true
+ - name: MEMORY_REQUEST
+ displayName: Requested memory
+ description: Requested memory
+ required: true
+ - name: MEMORY_LIMIT
+ displayName: Memory upper limit
+ description: Memory upper limit
+ required: true
+ - name: POSTGRESQL_USER
+ displayName: Postgresql database user
+ description: Postgresql database user
+ required: true
+ - name: POSTGRESQL_PASSWORD
+ displayName: Postgresql database password
+ description: Postgresql database password
+ required: true
+objects:
+- apiVersion: image.openshift.io/v1
+ kind: ImageStream
+ metadata:
+ annotations:
+ description: Keeps track of changes in the backend image
+ creationTimestamp: null
+ name: backend
+ spec:
+ lookupPolicy:
+ local: false
+ status:
+ dockerImageRepository: ""
+- apiVersion: v1
+ kind: Service
+ metadata:
+ creationTimestamp: null
+ name: backend
+ labels:
+ name: backend
+ app: zeva
+ role: backend
+ env: ${ENV_NAME}
+ spec:
+ ports:
+ - name: backend
+ port: 8080
+ protocol: TCP
+ targetPort: 8080
+ selector:
+ name: backend
+ sessionAffinity: None
+ type: ClusterIP
+ status:
+ loadBalancer: {}
+- apiVersion: apps.openshift.io/v1
+ kind: DeploymentConfig
+ metadata:
+ annotations:
+ description: Defines how to deploy the application server
+ creationTimestamp: null
+ labels:
+ template: backend
+ name: backend
+ spec:
+ replicas: 1
+ revisionHistoryLimit: 10
+ selector:
+ name: backend
+ strategy:
+ activeDeadlineSeconds: 21600
+ recreateParams:
+ mid:
+ execNewPod:
+ command:
+ - /bin/sh
+ - -c
+ - python manage.py migrate;
+ containerName: backend
+ failurePolicy: Abort
+ timeoutSeconds: 600
+ resources: {}
+ type: Recreate
+ template:
+ metadata:
+ creationTimestamp: null
+ labels:
+ name: backend
+ name: backend
+ spec:
+ containers:
+ - env:
+ - name: DATABASE_URL
+ value: "postgresql://${POSTGRESQL_USER}:${POSTGRESQL_PASSWORD}@postgresql.tbiwaq-${ENV_NAME}.svc.cluster.local/zeva"
+ - name: KEYCLOAK_CERTS_URL
+ value: "https://sso${DASH_ENV_NAME}.pathfinder.gov.bc.ca/auth/realms/rzh2zkjq/protocol/openid-connect/certs"
+ - name: KEYCLOAK_REALM
+ value: "https://sso${DASH_ENV_NAME}.pathfinder.gov.bc.ca/auth/realms/rzh2zkjq"
+ - name: KEYCLOAK_AUTHORITY
+ value: "https://sso${DASH_ENV_NAME}.pathfinder.gov.bc.ca/auth/realms/rzh2zkjq"
+ - name: KEYCLOAK_ISSUER
+ value: "https://sso${DASH_ENV_NAME}.pathfinder.gov.bc.ca/auth/realms/rzh2zkjq"
+ - name: KEYCLOAK_AUDIENCE
+ value: 'rzh2zkjq'
+ - name: KEYCLOAK_CLIENT_ID
+ value: 'rzh2zkjq'
+ image:
+ imagePullPolicy: IfNotPresent
+ livenessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: /health
+ port: 8080
+ scheme: HTTP
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 3
+ name: backend
+ ports:
+ - containerPort: 8080
+ protocol: TCP
+ readinessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: /health
+ port: 8080
+ scheme: HTTP
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 3
+ resources:
+ limits:
+ cpu: ${CPU_LIMIT}
+ memory: ${MEMORY_LIMIT}
+ requests:
+ cpu: ${CPU_REQUEST}
+ memory: ${MEMORY_REQUEST}
+ terminationMessagePath: /dev/termination-log
+ terminationMessagePolicy: File
+ dnsPolicy: ClusterFirst
+ restartPolicy: Always
+ schedulerName: default-scheduler
+ securityContext: {}
+ terminationGracePeriodSeconds: 30
+ test: false
+ triggers:
+ - imageChangeParams:
+ automatic: true
+ containerNames:
+ - backend
+ from:
+ kind: ImageStreamTag
+ name: backend:${ENV_NAME}
+ namespace: tbiwaq-${ENV_NAME}
+ lastTriggeredImage:
+ type: ImageChange
+ - type: ConfigChange
+ status:
+ availableReplicas: 0
+ latestVersion: 0
+ observedGeneration: 0
+ replicas: 0
+ unavailableReplicas: 0
+ updatedReplicas: 0
diff --git a/openshift/templates/backend/backend-dc.yaml b/openshift/templates/backend/backend-dc.yaml
new file mode 100644
index 000000000..5bd4ef080
--- /dev/null
+++ b/openshift/templates/backend/backend-dc.yaml
@@ -0,0 +1,199 @@
+apiVersion: template.openshift.io/v1
+kind: Template
+metadata:
+ creationTimestamp: null
+ name: zeva-backend-dc
+parameters:
+ - name: NAME
+ displayName:
+ description: the module name entered when run yo bcdk:pipeline, which is zeva
+ required: true
+ - name: SUFFIX
+ displayName:
+ description: sample is -pr-0
+ required: true
+ - name: VERSION
+ displayName:
+ description: image tag name for output
+ required: true
+ - name: ENV_NAME
+ value: dev
+ displayName: Environment name
+ description: Environment name, dev, test and prod
+ required: true
+ - name: DASH_ENV_NAME
+ value: -dev
+ displayName: Environment name
+ description: Environment name, -dev, -test and empty for prod
+ required: true
+ - name: CPU_REQUEST
+ displayName: Requested CPU
+ description: Requested CPU
+ required: true
+ - name: CPU_LIMIT
+ displayName: CPU upper limit
+ description: CPU upper limit
+ required: true
+ - name: MEMORY_REQUEST
+ displayName: Requested memory
+ description: Requested memory
+ required: true
+ - name: MEMORY_LIMIT
+ displayName: Memory upper limit
+ description: Memory upper limit
+ required: true
+ - name: POSTGRESQL_USER
+ displayName: Postgresql database user
+ description: Postgresql database user
+ required: true
+ - name: POSTGRESQL_PASSWORD
+ displayName: Postgresql database password
+ description: Postgresql database password
+ required: true
+objects:
+- apiVersion: image.openshift.io/v1
+ kind: ImageStream
+ metadata:
+ annotations:
+ description: Keeps track of changes in the backend image
+ creationTimestamp: null
+ name: ${NAME}-backend
+ spec:
+ lookupPolicy:
+ local: false
+ status:
+ dockerImageRepository: ""
+- apiVersion: v1
+ kind: Service
+ metadata:
+ creationTimestamp: null
+ name: backend
+ labels:
+ name: backend
+ app: zeva
+ role: backend
+ env: ${ENV_NAME}
+ spec:
+ ports:
+ - name: backend
+ port: 8080
+ protocol: TCP
+ targetPort: 8080
+ selector:
+ name: ${NAME}-backend${SUFFIX}
+ sessionAffinity: None
+ type: ClusterIP
+ status:
+ loadBalancer: {}
+- apiVersion: apps.openshift.io/v1
+ kind: DeploymentConfig
+ metadata:
+ annotations:
+ description: Defines how to deploy the application server
+ creationTimestamp: null
+ labels:
+ name: backend
+ app: zeva
+ role: backend
+ env: ${ENV_NAME}
+ name: ${NAME}-backend${SUFFIX}
+ spec:
+ replicas: 1
+ revisionHistoryLimit: 10
+ selector:
+ name: ${NAME}-backend${SUFFIX}
+ strategy:
+ activeDeadlineSeconds: 21600
+ recreateParams:
+ mid:
+ execNewPod:
+ command:
+ - /bin/sh
+ - -c
+ - python manage.py migrate;
+ containerName: backend
+ failurePolicy: Abort
+ timeoutSeconds: 600
+ resources: {}
+ type: Recreate
+ template:
+ metadata:
+ creationTimestamp: null
+ labels:
+ name: ${NAME}-backend${SUFFIX}
+ spec:
+ containers:
+ - env:
+ - name: DATABASE_URL
+ value: "postgresql://${POSTGRESQL_USER}:${POSTGRESQL_PASSWORD}@postgresql.tbiwaq-${ENV_NAME}.svc.cluster.local/zeva"
+ - name: KEYCLOAK_CERTS_URL
+ value: "https://sso${DASH_ENV_NAME}.pathfinder.gov.bc.ca/auth/realms/rzh2zkjq/protocol/openid-connect/certs"
+ - name: KEYCLOAK_REALM
+ value: "https://sso${DASH_ENV_NAME}.pathfinder.gov.bc.ca/auth/realms/rzh2zkjq"
+ - name: KEYCLOAK_AUTHORITY
+ value: "https://sso${DASH_ENV_NAME}.pathfinder.gov.bc.ca/auth/realms/rzh2zkjq"
+ - name: KEYCLOAK_ISSUER
+ value: "https://sso${DASH_ENV_NAME}.pathfinder.gov.bc.ca/auth/realms/rzh2zkjq"
+ - name: KEYCLOAK_AUDIENCE
+ value: 'rzh2zkjq'
+ - name: KEYCLOAK_CLIENT_ID
+ value: 'rzh2zkjq'
+ image:
+ imagePullPolicy: IfNotPresent
+ livenessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: /health
+ port: 8080
+ scheme: HTTP
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 3
+ name: backend
+ ports:
+ - containerPort: 8080
+ protocol: TCP
+ readinessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: /health
+ port: 8080
+ scheme: HTTP
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 3
+ resources:
+ limits:
+ cpu: ${CPU_LIMIT}
+ memory: ${MEMORY_LIMIT}
+ requests:
+ cpu: ${CPU_REQUEST}
+ memory: ${MEMORY_REQUEST}
+ terminationMessagePath: /dev/termination-log
+ terminationMessagePolicy: File
+ dnsPolicy: ClusterFirst
+ restartPolicy: Always
+ schedulerName: default-scheduler
+ securityContext: {}
+ terminationGracePeriodSeconds: 30
+ test: false
+ triggers:
+ - imageChangeParams:
+ automatic: true
+ containerNames:
+ - backend
+ from:
+ kind: ImageStreamTag
+ name: ${NAME}-backend:${VERSION}
+ lastTriggeredImage:
+ type: ImageChange
+ - type: ConfigChange
+ status:
+ availableReplicas: 0
+ latestVersion: 0
+ observedGeneration: 0
+ replicas: 0
+ unavailableReplicas: 0
+ updatedReplicas: 0
diff --git a/openshift/templates/backend/create.sh b/openshift/templates/backend/create.sh
new file mode 100644
index 000000000..fcfe4812b
--- /dev/null
+++ b/openshift/templates/backend/create.sh
@@ -0,0 +1,2 @@
+oc process -f ./backend-bc-release.yaml GIT_URL=https://github.com/bcgov/zeva.git GIT_REF=release-pipeline | oc create -f - -n tbiwaq-tools --dry-run=true
+oc process -f ./backend-dc-release.yaml ENV_NAME=dev DASH_ENV_NAME=-dev CPU_REQUEST=100m CPU_LIMIT=500m MEMORY_REQUEST=512Mi MEMORY_LIMIT=2Gi POSTGRESQL_USER=*** POSTGRESQL_PASSWORD=*** | oc create -f - -n tbiwaq-dev --dry-run=true
diff --git a/openshift/templates/envoy/envoy-bc-working.yaml b/openshift/templates/envoy/envoy-bc-release.yaml
similarity index 100%
rename from openshift/templates/envoy/envoy-bc-working.yaml
rename to openshift/templates/envoy/envoy-bc-release.yaml
diff --git a/openshift/templates/envoy/envoy-dc-working.yaml b/openshift/templates/envoy/envoy-dc-release.yaml
similarity index 100%
rename from openshift/templates/envoy/envoy-dc-working.yaml
rename to openshift/templates/envoy/envoy-dc-release.yaml
diff --git a/openshift/templates/envoy/envoy-old.yaml b/openshift/templates/envoy/envoy-old.yaml
new file mode 100644
index 000000000..586719d35
--- /dev/null
+++ b/openshift/templates/envoy/envoy-old.yaml
@@ -0,0 +1,60 @@
+admin:
+ access_log_path: /tmp/admin_access.log
+ address:
+ socket_address: { address: 0.0.0.0, port_value: 9901 }
+
+static_resources:
+ listeners:
+ - name: listener_0
+ address:
+ socket_address: { address: 0.0.0.0, port_value: 10000 }
+ filter_chains:
+ - filters:
+ - name: envoy.http_connection_manager
+ typed_config:
+ "@type": type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager
+ stat_prefix: ingress_http
+ codec_type: AUTO
+ upgrade_configs:
+ - upgrade_type: "websocket"
+ enabled: true
+ route_config:
+ name: local_route
+ virtual_hosts:
+ - name: local_service
+ domains: ["*"]
+ routes:
+ - match: { prefix: "/grpc/" }
+ route:
+ prefix_rewrite: "/"
+ cluster: python_transaction_service
+ max_grpc_timeout: 0s
+ - match: { prefix: "/sockjs-node/" }
+ route:
+ cluster: frontend
+ - match: { prefix: "/" }
+ route: { cluster: frontend }
+ http_filters:
+ - name: envoy.grpc_web
+ - name: envoy.router
+ clusters:
+ - name: frontend
+ connect_timeout: 0.25s
+ type: LOGICAL_DNS
+ lb_policy: ROUND_ROBIN
+ hosts:
+ - socket_address:
+ address: frontend.tbiwaq-dev.svc.cluster.local
+ port_value: 5001
+ - name: python_transaction_service
+ connect_timeout: 0.25s
+ type: LOGICAL_DNS
+ lb_policy: ROUND_ROBIN
+ http2_protocol_options: {}
+ upstream_connection_options:
+ tcp_keepalive:
+ keepalive_time: 300
+ hosts:
+ - socket_address:
+ address: python-backend.tbiwaq-dev.svc.cluster.local
+ port_value: 10102
\ No newline at end of file
diff --git a/openshift/templates/envoy/envoy.yaml b/openshift/templates/envoy/envoy.yaml
index 586719d35..489ba4213 100644
--- a/openshift/templates/envoy/envoy.yaml
+++ b/openshift/templates/envoy/envoy.yaml
@@ -32,20 +32,66 @@ static_resources:
- match: { prefix: "/sockjs-node/" }
route:
cluster: frontend
+ - match: { prefix: "/socket.io/" }
+ route:
+ cluster: frontend-notifications
- match: { prefix: "/" }
route: { cluster: frontend }
http_filters:
- name: envoy.grpc_web
- name: envoy.router
+ - name: listener_1
+ address:
+ socket_address: { address: 0.0.0.0, port_value: 8888 }
+ filter_chains:
+ - filters:
+ - name: envoy.http_connection_manager
+ typed_config:
+ "@type": type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager
+ stat_prefix: ingress_http
+ codec_type: AUTO
+ route_config:
+ name: local_route
+ virtual_hosts:
+ - name: local_service
+ domains: ["*"]
+ cors:
+ allow_origin_regex:
+ - "https?:\\/\\/localhost:\\d+"
+ allow_methods: GET, PUT, DELETE, POST, PATCH, OPTIONS
+ allow_headers: authorization,keep-alive,user-agent,cache-control,content-type,content-transfer-encoding,x-accept-content-transfer-encoding,x-accept-response-streaming,x-user-agent,x-grpc-web
+ expose_headers: grpc-status,grpc-message,x-envoy-upstream-service-time
+ routes:
+ - match: { prefix: "/" }
+ route: { cluster: keycloak }
+ http_filters:
+ - name: envoy.cors
+ - name: envoy.router
clusters:
+ - name: keycloak
+ connect_timeout: 0.25s
+ type: LOGICAL_DNS
+ lb_policy: ROUND_ROBIN
+ hosts:
+ - socket_address:
+ address: keycloak
+ port_value: 8080
- name: frontend
connect_timeout: 0.25s
type: LOGICAL_DNS
lb_policy: ROUND_ROBIN
hosts:
- socket_address:
- address: frontend.tbiwaq-dev.svc.cluster.local
+ address: frontend
port_value: 5001
+ - name: frontend-notifications
+ connect_timeout: 0.25s
+ type: LOGICAL_DNS
+ lb_policy: ROUND_ROBIN
+ hosts:
+ - socket_address:
+ address: frontend
+ port_value: 5002
- name: python_transaction_service
connect_timeout: 0.25s
type: LOGICAL_DNS
@@ -56,5 +102,5 @@ static_resources:
keepalive_time: 300
hosts:
- socket_address:
- address: python-backend.tbiwaq-dev.svc.cluster.local
- port_value: 10102
\ No newline at end of file
+ address: python-backend
+ port_value: 10102
diff --git a/openshift/templates/frontend/create.sh b/openshift/templates/frontend/create.sh
index 564c3a518..3c4b353c9 100755
--- a/openshift/templates/frontend/create.sh
+++ b/openshift/templates/frontend/create.sh
@@ -1,2 +1,2 @@
-oc process -f ./frontend-dc.yaml CPU_REQUEST=100m CPU_LIMIT=500m MEMORY_REQUEST=1100M MEMORY_LIMIT=2G ENV_NAME=dev DASH_ENV_NAME=-dev | oc create -f - -n tbiwaq-dev --dry-run=true
-oc process -f ./frontend-bc.yaml | oc create -f - -n tbiwaq-tools --dry-run=true
\ No newline at end of file
+oc process -f ./frontend-dc-release.yaml CPU_REQUEST=100m CPU_LIMIT=500m MEMORY_REQUEST=1100M MEMORY_LIMIT=2G ENV_NAME=dev DASH_ENV_NAME=-dev | oc create -f - -n tbiwaq-dev --dry-run=true
+oc process -f ./frontend-bc-release.yaml GIT_URL=https://github.com/bcgov/zeva.git GIT_REF=release-pipeline | oc create -f - -n tbiwaq-tools --dry-run=true
diff --git a/openshift/templates/frontend/frontend-bc-working.yaml b/openshift/templates/frontend/frontend-bc-release.yaml
similarity index 62%
rename from openshift/templates/frontend/frontend-bc-working.yaml
rename to openshift/templates/frontend/frontend-bc-release.yaml
index 87e105131..faa752861 100644
--- a/openshift/templates/frontend/frontend-bc-working.yaml
+++ b/openshift/templates/frontend/frontend-bc-release.yaml
@@ -3,6 +3,15 @@ kind: Template
metadata:
creationTimestamp: null
name: frontend
+parameters:
+ - name: GIT_URL
+ displayName:
+ description: zeva repo
+ required: true
+ - name: GIT_REF
+ displayName:
+ description: zeva release name
+ required: true
objects:
- apiVersion: image.openshift.io/v1
kind: ImageStream
@@ -28,28 +37,27 @@ objects:
output:
to:
kind: ImageStreamTag
- name: frontend:latest
+ name: frontend:${GIT_REF}
postCommit: {}
- resources: {}
+ resources:
+ limits:
+ cpu: 2000m
+ memory: 2G
+ requests:
+ cpu: 500m
+ memory: 200M
runPolicy: Serial
source:
- dockerfile: |-
- FROM node:8-jessie
- RUN apt-get update
- RUN apt-get install git
- ADD https://github.com/vishnubob/wait-for-it/compare/master...HEAD /dev/null
- RUN git clone https://github.com/vishnubob/wait-for-it.git /wfi
- RUN git clone https://github.com/bcgov/zeva.git /tmp/zeva
- RUN mv /tmp/zeva/frontend /app
- WORKDIR /app
- RUN npm install
- RUN npm rebuild node-sass
- CMD npm run start
- type: Dockerfile
+ git:
+ ref: ${GIT_REF}
+ uri: ${GIT_URL}
+ type: Git
+ contextDir: frontend
strategy:
dockerStrategy:
forcePull: false
noCache: true
+ imageOptimizationPolicy: SkipLayers
type: Docker
successfulBuildsHistoryLimit: 5
triggers: []
diff --git a/openshift/templates/frontend/frontend-dc-working.yaml b/openshift/templates/frontend/frontend-dc-release.yaml
similarity index 98%
rename from openshift/templates/frontend/frontend-dc-working.yaml
rename to openshift/templates/frontend/frontend-dc-release.yaml
index 494d8ce1a..946dcc818 100644
--- a/openshift/templates/frontend/frontend-dc-working.yaml
+++ b/openshift/templates/frontend/frontend-dc-release.yaml
@@ -175,8 +175,8 @@ objects:
- frontend
from:
kind: ImageStreamTag
- name: frontend:dev
- namespace: tbiwaq-tools
+ name: frontend:${ENV_NAME}
+ namespace: tbiwaq-${ENV_NAME}
lastTriggeredImage:
type: ImageChange
- type: ConfigChange
diff --git a/openshift/templates/frontend/frontend-dc.yaml b/openshift/templates/frontend/frontend-dc.yaml
index 0a3561df4..e81e3fbdd 100644
--- a/openshift/templates/frontend/frontend-dc.yaml
+++ b/openshift/templates/frontend/frontend-dc.yaml
@@ -51,7 +51,6 @@ objects:
labels:
shared: "true"
creationTimestamp: null
- generation: 643
name: ${NAME}-frontend
spec:
lookupPolicy:
diff --git a/openshift/templates/postgresql/create.sh b/openshift/templates/postgresql/create.sh
index 3154d6316..897abba0e 100755
--- a/openshift/templates/postgresql/create.sh
+++ b/openshift/templates/postgresql/create.sh
@@ -1,4 +1,2 @@
-oc process -f ./postgresql-dc.yaml CPU_REQUEST=100m CPU_LIMIT=500m MEMORY_REQUEST=1100M MEMORY_LIMIT=2G | oc create -f - -n tbiwaq-dev --dry-run=true
-
-
-oc process -f ./postgresql-dc.yaml ENV_NAME=dev CPU_REQUEST=100m CPU_LIMIT=500m MEMORY_REQUEST=256Mi MEMORY_LIMIT=1Gi | oc create -f - -n tbiwaq-dev --dry-run=true
+oc process -f ./postgresql-release-dc.yaml CPU_REQUEST=100m CPU_LIMIT=500m MEMORY_REQUEST=1100M MEMORY_LIMIT=2G | oc create -f - -n tbiwaq-dev --dry-run=true
+oc process -f ./postgresql-release-dc.yaml ENV_NAME=dev CPU_REQUEST=100m CPU_LIMIT=500m MEMORY_REQUEST=256Mi MEMORY_LIMIT=2Gi | oc create -f - -n tbiwaq-dev --dry-run=true
diff --git a/openshift/templates/postgresql/postgresql-dc-working.yaml b/openshift/templates/postgresql/postgresql-release-dc.yaml
similarity index 97%
rename from openshift/templates/postgresql/postgresql-dc-working.yaml
rename to openshift/templates/postgresql/postgresql-release-dc.yaml
index d506db32a..7bb8242af 100644
--- a/openshift/templates/postgresql/postgresql-dc-working.yaml
+++ b/openshift/templates/postgresql/postgresql-release-dc.yaml
@@ -88,7 +88,7 @@ objects:
metadata:
name: postgresql
annotations:
- volume.beta.kubernetes.io/storage-class: gluster-file-db
+ volume.beta.kubernetes.io/storage-class: netapp-block-standard
template.openshift.io.bcgov/create: 'true'
spec:
accessModes:
@@ -101,7 +101,7 @@ objects:
metadata:
name: postgresql-backup
annotations:
- volume.beta.kubernetes.io/storage-class: gluster-file
+ volume.beta.kubernetes.io/storage-class: netapp-file-standard
template.openshift.io.bcgov/create: 'true'
spec:
accessModes:
diff --git a/openshift/templates/rabbitmq/rabbitmq-bc.yaml b/openshift/templates/rabbitmq/rabbitmq-bc.yaml
new file mode 100644
index 000000000..588625de5
--- /dev/null
+++ b/openshift/templates/rabbitmq/rabbitmq-bc.yaml
@@ -0,0 +1,48 @@
+apiVersion: template.openshift.io/v1
+kind: Template
+metadata:
+ creationTimestamp: null
+ name: rabbitmq-bc
+objects:
+- apiVersion: build.openshift.io/v1
+ kind: BuildConfig
+ metadata:
+ creationTimestamp: null
+ name: rabbitmq-tfrs
+ spec:
+ nodeSelector: null
+ output:
+ to:
+ kind: ImageStreamTag
+ name: rabbitmq-tfrs:latest
+ postCommit: {}
+ resources: {}
+ runPolicy: Serial
+ source:
+ dockerfile: |-
+ FROM rabbitmq:3.7.7-management
+ RUN apt-get update
+ RUN apt-get install -y gettext-base
+ RUN chgrp -R root /var/log/rabbitmq
+ RUN chmod -R g+w /var/log/rabbitmq
+ ARG ADMIN_PASSWORD
+ ARG TFRS_PASSWORD
+ RUN echo "H4sICHQioFsCA2RlZmluaXRpb25zLnN0cmlwcGVkLmpzb24AtVLLasMwELz7K4zpqQQXWtpAb4FQ6KEP4kIPpZiNLUsCWzLSKmkx/vdKwrYgNukpF4FmdjWzs+qiOE4U7Pcc8wNRmkuRPMbJXbpO18nKkUZb2GJf9hLHnT8tLKAhrhLKhgtf6eEWtD5KVTrqarN9eX7N3zdZ9vm224YiBppxQXOoqVQcWeOqBxPjA/lYpBnc3j+EZgSqJ2GuUQFKlXi2Xy17xMpOsGzx42mXXcrhYMqe3z7JA5Maz0R5432eNLVENVy7vSx0ut3MB/Q64cEJL6SoODXKi6XXgTjaEWegIlAO2GK4o/bJB7iQ+JQH+SkYCErO5Cgk8ooXgD60f53hb+vbKhDSYMBLYxdeOwqVIRMMBmVekpp41xXUOnBcIFEC6hkBipqGCL/9rg8jRX30B3tV1p2CAwAA" | base64 -d | gunzip - | envsubst > /etc/rabbitmq/definitions.json
+ type: Dockerfile
+ strategy:
+ dockerStrategy:
+ env:
+ - name: ADMIN_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ key: ADMIN_PASSWORD
+ name: rabbitmq
+ - name: TFRS_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ key: TFRS_PASSWORD
+ name: rabbitmq
+ type: Docker
+ triggers: []
+ status:
+ lastVersion: 0
diff --git a/openshift/templates/rabbitmq/rabbitmq-dc.yaml b/openshift/templates/rabbitmq/rabbitmq-dc.yaml
new file mode 100644
index 000000000..a83071163
--- /dev/null
+++ b/openshift/templates/rabbitmq/rabbitmq-dc.yaml
@@ -0,0 +1,93 @@
+apiVersion: template.openshift.io/v1
+kind: Template
+metadata:
+ creationTimestamp: null
+ name: rabbitma-dc
+objects:
+- apiVersion: apps/v1
+ kind: StatefulSet
+ metadata:
+ annotations:
+ description: Deploys a RabbitMQ instance within a TFRS environment
+ creationTimestamp: null
+ generation: 3
+ labels:
+ template: tfrs-app-environment
+ name: rabbitmq
+ spec:
+ podManagementPolicy: OrderedReady
+ replicas: 1
+ revisionHistoryLimit: 10
+ selector:
+ matchLabels:
+ app: rabbitmq
+ serviceName: ""
+ template:
+ metadata:
+ creationTimestamp: null
+ labels:
+ app: rabbitmq
+ spec:
+ containers:
+ - command:
+ - rabbitmq-server
+ image: docker-registry.default.svc:5000/mem-tfrs-tools/rabbitmq-tfrs:dev
+ imagePullPolicy: Always
+ name: rabbitmq
+ ports:
+ - containerPort: 15672
+ name: web-management
+ protocol: TCP
+ - containerPort: 5672
+ name: amqp
+ protocol: TCP
+ readinessProbe:
+ failureThreshold: 3
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ successThreshold: 1
+ tcpSocket:
+ port: 5672
+ timeoutSeconds: 3
+ resources:
+ limits:
+ cpu: 200m
+ memory: 1Gi
+ requests:
+ cpu: 100m
+ memory: 512Mi
+ terminationMessagePath: /dev/termination-log
+ terminationMessagePolicy: File
+ volumeMounts:
+ - mountPath: /var/lib/rabbitmq
+ name: rabbit
+ dnsPolicy: ClusterFirst
+ restartPolicy: Always
+ schedulerName: default-scheduler
+ securityContext: {}
+ terminationGracePeriodSeconds: 30
+ updateStrategy:
+ rollingUpdate:
+ partition: 0
+ type: RollingUpdate
+ volumeClaimTemplates:
+ - metadata:
+ creationTimestamp: null
+ name: rabbit
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 512Mi
+ status:
+ phase: Pending
+ status:
+ collisionCount: 0
+ currentReplicas: 1
+ currentRevision: rabbitmq-d5f45ddf7
+ observedGeneration: 3
+ readyReplicas: 1
+ replicas: 1
+ updateRevision: rabbitmq-d5f45ddf7
+ updatedReplicas: 1