From 48f964566895367b4e49ccd896d2129c4e477eb5 Mon Sep 17 00:00:00 2001 From: Kuan Fan <31664961+kuanfandevops@users.noreply.github.com> Date: Thu, 6 Jul 2023 09:27:28 -0700 Subject: [PATCH] Build frontend and backend for Jan pipeline (#2421) --- .github/workflows/branch-build-template.yaml | 2 +- .github/workflows/branch-deploy-template.yaml | 107 ++++++++++++++++++ .github/workflows/dev-jan-release.yaml | 57 ++++------ charts/tfrs-apps/Chart.yaml | 4 +- .../tfrs-apps/charts/tfrs-backend/Chart.yaml | 2 +- .../tfrs-backend/templates/_helpers.tpl | 80 +------------ .../templates/deployment-config.yaml | 25 ++-- .../charts/tfrs-backend/templates/hpa.yaml | 32 ++++++ .../charts/tfrs-backend/templates/route.yaml | 20 ++++ .../tfrs-backend/templates/service.yaml | 15 +++ .../charts/tfrs-backend/values-dev-jan.yaml | 29 ++--- .../charts/tfrs-frontend/.helmignore | 23 ++++ .../tfrs-apps/charts/tfrs-frontend/Chart.yaml | 24 ++++ .../tfrs-frontend/templates/_helpers.tpl | 66 +++++++++++ .../tfrs-frontend/templates/configmap.yaml | 28 +++++ .../templates/deployment-config.yaml | 96 ++++++++++++++++ .../charts/tfrs-frontend/templates/hpa.yaml | 32 ++++++ .../charts/tfrs-frontend/templates/route.yaml | 22 ++++ .../tfrs-frontend/templates/service.yaml | 16 +++ .../charts/tfrs-frontend/values-dev-jan.yaml | 28 +++++ openshift-v4/templates/knp/2a-apps-jan.yaml | 63 +++++++++++ openshift-v4/templates/knp/3a-spilo-jan.yaml | 98 ++++++++++++++++ .../templates/knp/4a-clamav-rabbitmq.yaml | 102 +++++++++++++++++ 23 files changed, 829 insertions(+), 142 deletions(-) create mode 100644 .github/workflows/branch-deploy-template.yaml create mode 100644 charts/tfrs-apps/charts/tfrs-backend/templates/hpa.yaml create mode 100644 charts/tfrs-apps/charts/tfrs-backend/templates/route.yaml create mode 100644 charts/tfrs-apps/charts/tfrs-backend/templates/service.yaml create mode 100644 charts/tfrs-apps/charts/tfrs-frontend/.helmignore create mode 100644 charts/tfrs-apps/charts/tfrs-frontend/Chart.yaml create mode 100644 charts/tfrs-apps/charts/tfrs-frontend/templates/_helpers.tpl create mode 100644 charts/tfrs-apps/charts/tfrs-frontend/templates/configmap.yaml create mode 100644 charts/tfrs-apps/charts/tfrs-frontend/templates/deployment-config.yaml create mode 100644 charts/tfrs-apps/charts/tfrs-frontend/templates/hpa.yaml create mode 100644 charts/tfrs-apps/charts/tfrs-frontend/templates/route.yaml create mode 100644 charts/tfrs-apps/charts/tfrs-frontend/templates/service.yaml create mode 100644 charts/tfrs-apps/charts/tfrs-frontend/values-dev-jan.yaml create mode 100644 openshift-v4/templates/knp/2a-apps-jan.yaml create mode 100644 openshift-v4/templates/knp/3a-spilo-jan.yaml create mode 100644 openshift-v4/templates/knp/4a-clamav-rabbitmq.yaml diff --git a/.github/workflows/branch-build-template.yaml b/.github/workflows/branch-build-template.yaml index 5555b7d2e..1ed52e579 100644 --- a/.github/workflows/branch-build-template.yaml +++ b/.github/workflows/branch-build-template.yaml @@ -1,5 +1,5 @@ -name: PR Build Template +name: Branch Build Template on: workflow_call: diff --git a/.github/workflows/branch-deploy-template.yaml b/.github/workflows/branch-deploy-template.yaml new file mode 100644 index 000000000..fa5942a56 --- /dev/null +++ b/.github/workflows/branch-deploy-template.yaml @@ -0,0 +1,107 @@ +name: Branch Deploy Template + +on: + workflow_call: + inputs: + branch-name: # sample value: release-2.9.0 or main-release-jan-2024 + required: true + type: string + # suffix is in format of -dev, -test, -dev-jan, test-jan, -dev-1923, dev-jan-1923 + suffix: + required: true + type: string + # env-name is in format of dev, test + env-name: + required: true + type: string + # database-service-host-name sample tfrs-spilo, tfrs-spilo-jan, tfrs-spilo-dev-1988 + database-service-host-name: + required: true + type: string + secrets: + tools-namespace: + required: true + namespace: + required: true + openshift-server: + required: true + openshift-token: + required: true + +jobs: + + deploy: + + name: Deploy tfrs + runs-on: ubuntu-latest + timeout-minutes: 60 + + steps: + + - name: Check out repository + uses: actions/checkout@v3 + with: + ref: ${{ inputs.branch-name }} + + - name: Log in to Openshift + uses: redhat-actions/oc-login@v1.2 + with: + openshift_server_url: ${{ secrets.openshift-server }} + openshift_token: ${{ secrets.openshift-token }} + insecure_skip_tls_verify: true + namespace: ${{ secrets.tools-namespace }} + + - name: Tag Images from tools + run: | + oc tag ${{ secrets.tools-namespace }}/tfrs-frontend:build-${{ inputs.branch-name }} ${{ secrets.namespace }}/tfrs-frontend:${{ inputs.env-name }}-${{ inputs.branch-name }} + oc tag ${{ secrets.tools-namespace }}/tfrs-backend:build-${{ inputs.branch-name }} ${{ secrets.namespace }}/tfrs-backend:${{ inputs.env-name }}-${{ inputs.branch-name }} + + - name: Deploy tfrs-frontend + shell: bash {0} + run: | + cd charts/tfrs-apps/charts/tfrs-frontend + helm status -n ${{ secrets.namespace }} tfrs-frontend${{ inputs.suffix }} + if [ $? -eq 0 ]; then + echo "tfrs-frontend${{ inputs.suffix }} release exists already" + helm upgrade \ + --set frontendImageTagName=${{ inputs.env-name }}-${{ inputs.branch-name }} \ + --set suffix=${{ inputs.suffix }} \ + --set namespace=${{ secrets.namespace }} \ + --set envName=${{ inputs.env-Name }} \ + -n ${{ secrets.namespace }} -f ./values${{ inputs.suffix }}.yaml tfrs-frontend${{ inputs.suffix }} . + else + echo "tfrs-frontend${{ inputs.suffix }} release does not exist" + helm install \ + --set frontendImageTagName=${{ inputs.env-name }}-${{ inputs.branch-name }} \ + --set suffix=${{ inputs.suffix }} \ + --set namespace=${{ secrets.namespace }} \ + --set envName=${{ inputs.env-Name }} \ + -n ${{ secrets.namespace }} -f ./values${{ inputs.suffix }}.yaml tfrs-frontend${{ inputs.suffix }} . + fi + + + - name: Deploy tfrs-backend + shell: bash {0} + run: | + cd charts/tfrs-apps/charts/tfrs-backend + helm status -n ${{ secrets.namespace }} tfrs-backend${{ inputs.suffix }} + if [ $? -eq 0 ]; then + echo "tfrs-backend${{ inputs.suffix }} release exists already" + helm upgrade \ + --set backendImageTagName=${{ inputs.env-name }}-${{ inputs.branch-name }} \ + --set suffix=${{ inputs.suffix }} \ + --set namespace=${{ secrets.namespace }} \ + --set envName=${{ inputs.env-Name }} \ + --set databaseServiceHostName=${{ inputs.database-service-host-name }} \ + -n ${{ secrets.namespace }} -f ./values${{ inputs.suffix }}.yaml tfrs-backend${{ inputs.suffix }} . + else + echo "tfrs-backend${{ inputs.suffix }} release does not exist" + helm install \ + --set backendImageTagName=${{ inputs.env-name }}-${{ inputs.branch-name }} \ + --set suffix=${{ inputs.suffix }} \ + --set namespace=${{ secrets.namespace }} \ + --set envName=${{ inputs.env-Name }} \ + --set databaseServiceHostName=${{ inputs.database-service-host-name }} \ + -n ${{ secrets.namespace }} -f ./values${{ inputs.suffix }}.yaml tfrs-backend${{ inputs.suffix }} . + fi + diff --git a/.github/workflows/dev-jan-release.yaml b/.github/workflows/dev-jan-release.yaml index ef0f0fce7..d2d47ba65 100644 --- a/.github/workflows/dev-jan-release.yaml +++ b/.github/workflows/dev-jan-release.yaml @@ -6,11 +6,12 @@ name: TFRS Dev Jan 2024 Release on: push: - branches: [ jan-pipelin ] - # paths: - # - frontend/** - # - backend/** - # workflow_dispatch: + branches: [ main-release-jan-2024 ] + paths: + - frontend/** + - backend/** + - security-scan/** + workflow_dispatch: concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -65,7 +66,8 @@ jobs: LOG_LEVEL: WARN build: - # needs: [unit-test, lint] + name: Build + needs: [unit-test, lint] uses: ./.github/workflows/branch-build-template.yaml with: branch-name: ${{ github.ref_name }} @@ -74,30 +76,19 @@ jobs: openshift-server: ${{ secrets.OPENSHIFT_SERVER }} openshift-token: ${{ secrets.OPENSHIFT_TOKEN }} - # deploy-on-dev: - - # name: Deploy TFRS on Dev - # runs-on: ubuntu-latest - # timeout-minutes: 240 - # needs: build - - # steps: - - # ## it will checkout to /home/runner/work/itvr/itvr - # - name: Check out repository - # uses: actions/checkout@v3 - - # - name: Log in to Openshift - # ##uses: redhat-actions/oc-login@v1 - # uses: smlgbl/oc-login@main - # with: - # openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }} - # openshift_token: ${{ secrets.OPENSHIFT_TOKEN }} - # insecure_skip_tls_verify: true - # namespace: ${{ secrets.OPENSHIFT_NAMESPACE_PLATE }}-tools - - # - name: Run deploy - # run: | - # cd .pipeline - # npm install - # npm run deploy -- --pr=${{ env.PR_NUMBER }} --env=dev + # The suffix is -dev-jan, the deployment names are tfrs-backend-dev-jan, tfrs-frontend-dev-jan and etc.. + # The image tags are tfrs-backend:dev-main-release-jan-2024, tfrs-frontend:dev-main-release-jan-2024 and etc.. + deploy-on-dev: + name: Deploy on Dev + needs: build + uses: ./.github/workflows/branch-deploy-template.yaml + with: + branch-name: ${{ github.ref_name }} + suffix: -dev-jan + env-name: dev + database-service-host-name: tfrs-spilo-jan + secrets: + tools-namespace: ${{ secrets.OPENSHIFT_NAMESPACE_PLATE }}-tools + namespace: ${{ secrets.OPENSHIFT_NAMESPACE_PLATE }}-dev + openshift-server: ${{ secrets.OPENSHIFT_SERVER }} + openshift-token: ${{ secrets.OPENSHIFT_TOKEN }} diff --git a/charts/tfrs-apps/Chart.yaml b/charts/tfrs-apps/Chart.yaml index 9a8fc539e..0b9a41aee 100644 --- a/charts/tfrs-apps/Chart.yaml +++ b/charts/tfrs-apps/Chart.yaml @@ -15,10 +15,10 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 +version: 1.0.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "1.16.0" +appVersion: "3.0.0" diff --git a/charts/tfrs-apps/charts/tfrs-backend/Chart.yaml b/charts/tfrs-apps/charts/tfrs-backend/Chart.yaml index 4efbf3ad4..3a573ec96 100644 --- a/charts/tfrs-apps/charts/tfrs-backend/Chart.yaml +++ b/charts/tfrs-apps/charts/tfrs-backend/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.0.0 +version: 0.1.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/tfrs-apps/charts/tfrs-backend/templates/_helpers.tpl b/charts/tfrs-apps/charts/tfrs-backend/templates/_helpers.tpl index a64557262..1b1c0be19 100644 --- a/charts/tfrs-apps/charts/tfrs-backend/templates/_helpers.tpl +++ b/charts/tfrs-apps/charts/tfrs-backend/templates/_helpers.tpl @@ -16,10 +16,13 @@ The selector lables: .Release.Name comes from command helm install example: helm install tfrs-backend-dev ... or helm install tfrs-backend-dev-jan ... +.Chart.Name come from the name attribute in Chart.yaml + */}} {{/* -Expand the name of the chart. +Expand the name of the chart. If nameOverride is empty, use .Chart.Name. +Typically no need to assign value to nameOverride, */}} {{- define "tfrs-backend.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} @@ -28,8 +31,7 @@ Expand the name of the chart. {{/* Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -The .Release.Name is the first parameter of command helm install tfrs-backend +The .Release.Name is the first parameter of command helm install tfrs-backend-dev or tfrs-backend-dev-jan */}} {{- define "tfrs-backend.fullname" -}} {{- .Release.Name }} @@ -60,76 +62,6 @@ Selector labels */}} {{- define "tfrs-backend.selectorLabels" -}} app.kubernetes.io/name: {{ include "tfrs-backend.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Define the deploymentconfig name -*/}} -{{- define "tfrs-backend.deploymentconfigName" -}} -{{- include "tfrs-backend.fullname" . }} -{{- end }} - -{{/* -Define the deploymentconfig name -*/}} -{{- define "tfrs-backend.imagestreamName" -}} -{{- include "tfrs-backend.fullname" . }} -{{- end }} - -{{/* -Define the service name -*/}} -{{- define "tfrs-backend.serviceName" -}} -{{- include "tfrs-backend.fullname" . }} -{{- end }} - - -{{/* -Define the backend route name -*/}} -{{- define "tfrs-backend.routeName" -}} -{{- include "tfrs-backend.fullname" . }} -{{- end }} - -{{/* -Define the backend admin route name, used by task queue -*/}} -{{- define "tfrs-backend.adminRouteName" -}} -tfrs-backend-admin{{ .Values.suffix }} -{{- end }} - -{{/* -Define the backend static route name, used by task queue -*/}} -{{- define "tfrs-backend.staticRouteName" -}} -tfrs-backend-static{{ .Values.suffix }} -{{- end }} - -{{/* -Define the djangoSecretKey -*/}} -{{- define "tfrs-backend.djangoSecretKey" -}} -{{- randAlphaNum 50 | nospace | b64enc }} +app.kubernetes.io/instance: {{ include "tfrs-backend.fullname" . }} {{- end }} -{{/* -Define the djangoSaltKey -*/}} -{{- define "tfrs-backend.djangoSaltKey" -}} -{{- randAlphaNum 50 | nospace | b64enc }} -{{- end }} - -{{/* -Define the django-secret name -*/}} -{{- define "tfrs-backend.django-secret" -}} -tfrs-django-secret -{{- end }} - -{{/* -Define the django-salt name -*/}} -{{- define "tfrs-backend.django-salt" -}} -tfrs-django-salt -{{- end }} \ No newline at end of file diff --git a/charts/tfrs-apps/charts/tfrs-backend/templates/deployment-config.yaml b/charts/tfrs-apps/charts/tfrs-backend/templates/deployment-config.yaml index 2f19fe2e9..20542721e 100644 --- a/charts/tfrs-apps/charts/tfrs-backend/templates/deployment-config.yaml +++ b/charts/tfrs-apps/charts/tfrs-backend/templates/deployment-config.yaml @@ -3,7 +3,7 @@ apiVersion: apps.openshift.io/v1 metadata: annotations: description: Defines how to deploy the backend application - name: {{ include "tfrs-backend.deploymentconfigName" . }} + name: tfrs-backend{{ .Values.suffix }} labels: {{- include "tfrs-backend.labels" . | nindent 4 }} spec: @@ -30,7 +30,7 @@ spec: from: kind: ImageStreamTag namespace: {{ .Values.namespace }} - name: {{ include "tfrs-backend.name" . }}:{{ .Values.backendImageTagName }} + name: tfrs-backend:{{ .Values.backendImageTagName }} - type: ConfigChange replicas: {{ .Values.replicaCount }} revisionHistoryLimit: 10 @@ -79,7 +79,7 @@ spec: - name: SMTP_SERVER_PORT value: '2500' - name: DATABASE_SERVICE_NAME - value: {{ .Values.env.databaseServiceName }} + value: {{ .Values.databaseServiceHostName }} - name: DATABASE_ENGINE value: postgresql - name: DATABASE_NAME @@ -98,7 +98,7 @@ spec: name: tfrs-patroni-app key: app-db-password - name: POSTGRESQL_SERVICE_HOST - value: {{ .Values.env.postgresqlServiceHost }} + value: {{ .Values.databaseServiceHostName }}.{{ .Values.namespace }}.svc.cluster.local - name: POSTGRESQL_SERVICE_PORT value: '5432' - name: RABBITMQ_USER @@ -107,9 +107,9 @@ spec: name: tfrs-rabbitmq-app key: username - name: RABBITMQ_VHOST - value: tfrs-vhost + value: tfrs{{ .Values.suffix }}-vhost - name: RABBITMQ_HOST - value: {{ .Values.env.rabbitmqHost }} + value: tfrs-rabbitmq.{{ .Values.namespace }}.svc.cluster.local - name: RABBITMQ_PASSWORD valueFrom: secretKeyRef: @@ -118,7 +118,7 @@ spec: - name: RABBITMQ_PORT value: '5672' - name: MINIO_ENDPOINT - value: {{ .Values.env.minioEndpoint }} + value: tfrs-minio-{{ .Values.envName }}.apps.silver.devops.gov.bc.ca:443 - name: MINIO_USE_SSL value: 'true' - name: DOCUMENTS_API_ENABLED @@ -126,13 +126,13 @@ spec: - name: MINIO_ACCESS_KEY valueFrom: secretKeyRef: - name: {{ .Values.env.minioSecretName }} - key: {{ .Values.env.minioAccessKey}} + name: tfrs-minio-{{ .Values.envName }} + key: MINIO_ACCESS_KEY - name: MINIO_SECRET_KEY valueFrom: secretKeyRef: - name: {{ .Values.env.minioSecretName }} - key: {{ .Values.env.minioSecretKey}} + name: tfrs-minio-{{ .Values.envName }} + key: MINIO_SECRET_KEY - name: FUEL_CODES_API_ENABLED value: '{{ .Values.env.fuelCodesApiEnabled}}' - name: CREDIT_CALCULATION_API_ENABLED @@ -151,8 +151,7 @@ spec: - name: KEYCLOAK_AUDIENCE value: tfrs-on-gold-4308 - name: WELL_KNOWN_ENDPOINT - value: >- - {{ .Values.env.wellKnownEndpoint}} + value: https://{{ .Values.envName }}.loginproxy.gov.bc.ca/auth/realms/standard/.well-known/openid-configuration ports: - containerPort: 8080 protocol: TCP diff --git a/charts/tfrs-apps/charts/tfrs-backend/templates/hpa.yaml b/charts/tfrs-apps/charts/tfrs-backend/templates/hpa.yaml new file mode 100644 index 000000000..0643f8a07 --- /dev/null +++ b/charts/tfrs-apps/charts/tfrs-backend/templates/hpa.yaml @@ -0,0 +1,32 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2beta2 +kind: HorizontalPodAutoscaler +metadata: + name: tfrs-backend{{ .Values.suffix }} + labels: + {{- include "tfrs-backend.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps.openshift.io/v1 + kind: DeploymentConfig + name: tfrs-backend{{ .Values.suffix }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/charts/tfrs-apps/charts/tfrs-backend/templates/route.yaml b/charts/tfrs-apps/charts/tfrs-backend/templates/route.yaml new file mode 100644 index 000000000..52105f810 --- /dev/null +++ b/charts/tfrs-apps/charts/tfrs-backend/templates/route.yaml @@ -0,0 +1,20 @@ +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: tfrs-backend{{ .Values.suffix }} + annotations: + haproxy.router.openshift.io/timeout: 1200s + labels: + {{- include "tfrs-backend.labels" . | nindent 4 }} +spec: + host: tfrs-backend{{ .Values.suffix }}.apps.silver.devops.gov.bc.ca + port: + targetPort: web + tls: + insecureEdgeTerminationPolicy: Redirect + termination: edge + to: + kind: Service + name: tfrs-backend{{ .Values.suffix }} + weight: 100 + wildcardPolicy: None diff --git a/charts/tfrs-apps/charts/tfrs-backend/templates/service.yaml b/charts/tfrs-apps/charts/tfrs-backend/templates/service.yaml new file mode 100644 index 000000000..d5c5bc4df --- /dev/null +++ b/charts/tfrs-apps/charts/tfrs-backend/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: tfrs-backend{{ .Values.suffix }} + labels: + {{- include "tfrs-backend.labels" . | nindent 4 }} +spec: + type: ClusterIP + ports: + - port: 8080 + targetPort: 8080 + protocol: TCP + name: web + selector: + {{- include "tfrs-backend.selectorLabels" . | nindent 4 }} diff --git a/charts/tfrs-apps/charts/tfrs-backend/values-dev-jan.yaml b/charts/tfrs-apps/charts/tfrs-backend/values-dev-jan.yaml index ab839e9a6..d1508cea6 100644 --- a/charts/tfrs-apps/charts/tfrs-backend/values-dev-jan.yaml +++ b/charts/tfrs-apps/charts/tfrs-backend/values-dev-jan.yaml @@ -2,40 +2,33 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. +# backendImageTagName is not in this file, it comes as a argument from the helm command line +# helm template command +# helm template --set backendImageTagName=dev-main-release-jan-2024 -f ./values-dev-jan.yaml tfrs-backend-dev-jan . +# helm -n --set backendImageTagName=dev-main-release-jan-2024 -f ./values-dev-jan.yaml upgrade tfrs-backend-dev-jan . + replicaCount: 1 resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: - cpu: 60m - memory: 60Mi + cpu: 400m + memory: 1200Mi requests: - cpu: 30m - memory: 30Mi + cpu: 200m + memory: 600Mi autoscaling: - enabled: false + enabled: true minReplicas: 1 - maxReplicas: 1 + maxReplicas: 2 targetCPUUtilizationPercentage: 80 # targetMemoryUtilizationPercentage: 90 env: emailSendingEnabled: true djangoDebug: true - databaseServiceName: tfrs-spilo - postgresqlServiceHost: tfrs-spilo.0ab226-dev.svc.cluster.local - rabbitmqHost: tfrs-rabbitmq.0ab226-dev.svc.cluster.local - minioEndpoint: tfrs-minio-test.apps.silver.devops.gov.bc.ca:443 documentsApiEnabled: true - minioSecretName: tfrs-minio-test - minioAccessKey: MINIO_ACCESS_KEY - minioSecretKey: MINIO_SECRET_KEY fuelCodesApiEnabled: true creditCalculationApiEnabled: true complianceReportingApiEnabled: true exclusionReportsApiEnabled: true - wellKnownEndpoint: https://test.loginproxy.gov.bc.ca/auth/realms/standard/.well-known/openid-configuration diff --git a/charts/tfrs-apps/charts/tfrs-frontend/.helmignore b/charts/tfrs-apps/charts/tfrs-frontend/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/charts/tfrs-apps/charts/tfrs-frontend/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/tfrs-apps/charts/tfrs-frontend/Chart.yaml b/charts/tfrs-apps/charts/tfrs-frontend/Chart.yaml new file mode 100644 index 000000000..6dfef21e9 --- /dev/null +++ b/charts/tfrs-apps/charts/tfrs-frontend/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: tfrs-frontend +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "3.0.0" diff --git a/charts/tfrs-apps/charts/tfrs-frontend/templates/_helpers.tpl b/charts/tfrs-apps/charts/tfrs-frontend/templates/_helpers.tpl new file mode 100644 index 000000000..a34119769 --- /dev/null +++ b/charts/tfrs-apps/charts/tfrs-frontend/templates/_helpers.tpl @@ -0,0 +1,66 @@ +{{/* + +The labels for all components: + labels: + helm.sh/chart: tfrs-frontend-1.0.0 + app.kubernetes.io/name: tfrs-frontend + app.kubernetes.io/instance: tfrs-frontend-dev or tfrs-frontend-dev-jan + app.kubernetes.io/version: "3.0.0" + app.kubernetes.io/managed-by: Helm + +The selector lables: + selector: + app.kubernetes.io/name: tfrs-frontend + app.kubernetes.io/instance: tfrs-frontend-dev-1977 + +.Release.Name comes from command helm install + example: helm install tfrs-frontend-dev ... or helm install tfrs-frontend-dev-jan ... + +.Chart.Name come from the name attribute in Chart.yaml + +*/}} + +{{/* +Expand the name of the chart. If nameOverride is empty, use .Chart.Name. +Typically no need to assign value to nameOverride, +*/}} +{{- define "tfrs-frontend.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +The .Release.Name is the first parameter of command helm install tfrs-frontend-dev or tfrs-frontend-dev-jan +*/}} +{{- define "tfrs-frontend.fullname" -}} +{{- .Release.Name }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "tfrs-frontend.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels: +app.kubernetes.io/managed-by would be Helm +*/}} +{{- define "tfrs-frontend.labels" -}} +helm.sh/chart: {{ include "tfrs-frontend.chart" . }} +{{ include "tfrs-frontend.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "tfrs-frontend.selectorLabels" -}} +app.kubernetes.io/name: {{ include "tfrs-frontend.name" . }} +app.kubernetes.io/instance: {{ include "tfrs-frontend.fullname" . }} +{{- end }} diff --git a/charts/tfrs-apps/charts/tfrs-frontend/templates/configmap.yaml b/charts/tfrs-apps/charts/tfrs-frontend/templates/configmap.yaml new file mode 100644 index 000000000..8f3e92ee1 --- /dev/null +++ b/charts/tfrs-apps/charts/tfrs-frontend/templates/configmap.yaml @@ -0,0 +1,28 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: tfrs-frontend{{ .Values.suffix }} + creationTimestamp: +data: + features.js: | + window.tfrs_config = { + "keycloak.realm": "standard", + "keycloak.client_id": "{{ .Values.configmap.keycloak.clientId }}", + "keycloak.auth_url": "https://{{ .Values.envName }}.loginproxy.gov.bc.ca/auth", + "keycloak.callback_url": "https://tfrs{{ .Values.suffix }}.apps.silver.devops.gov.bc.ca", + "keycloak.post_logout_url": "https://tfrs{{ .Values.suffix }}.apps.silver.devops.gov.bc.ca", + "keycloak.siteminder_logout_url": "{{ .Values.configmap.keycloak.siteminderLogoutUrl }}", + "debug.enabled": {{ .Values.configmap.debugEnabled }}, + "secure_document_upload.enabled": true, + "secure_document_upload.max_file_size": 50000000, + "fuel_codes.enabled": true, + "keycloak.custom_login": true, + "credit_transfer.enabled": true, + "compliance_reporting.enabled": true, + "compliance_reporting.starting_year": 2017, + "compliance_reporting.create_effective_date": "2019-01-01", + "credit_calculation_api.enabled": true, + "exclusion_reports.enabled": true, + "exclusion_reports.create_effective_date": "2019-01-01", + "api_base": "https://tfrs-backend{{ .Values.suffix }}.apps.silver.devops.gov.bc.ca/api" + }; \ No newline at end of file diff --git a/charts/tfrs-apps/charts/tfrs-frontend/templates/deployment-config.yaml b/charts/tfrs-apps/charts/tfrs-frontend/templates/deployment-config.yaml new file mode 100644 index 000000000..f494076d6 --- /dev/null +++ b/charts/tfrs-apps/charts/tfrs-frontend/templates/deployment-config.yaml @@ -0,0 +1,96 @@ + +apiVersion: apps.openshift.io/v1 +kind: DeploymentConfig +metadata: + name: tfrs-frontend{{ .Values.suffix }} + annotations: + description: Defines how to deploy the frontend application + creationTimestamp: null + labels: + {{- include "tfrs-frontend.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + revisionHistoryLimit: 10 + automountServiceAccountToken: false + selector: + {{- include "tfrs-frontend.selectorLabels" . | nindent 4 }} + strategy: + activeDeadlineSeconds: 600 + recreateParams: + timeoutSeconds: 300 + resources: {} + type: Recreate + template: + metadata: + creationTimestamp: null + labels: + {{- include "tfrs-frontend.labels" . | nindent 8 }} + spec: + volumes: + - name: tfrs-frontend{{ .Values.suffix }} + configMap: + name: tfrs-frontend{{ .Values.suffix }} + containers: + - name: frontend + env: null + image: + imagePullPolicy: IfNotPresent + volumeMounts: + - name: tfrs-frontend{{ .Values.suffix }} + mountPath: /app/static/js/config + ports: + - containerPort: 8080 + protocol: TCP + env: + - name: RABBITMQ_VHOST + value: tfrs{{ .Values.suffix }}-vhost + - name: RABBITMQ_USER + valueFrom: + secretKeyRef: + name: tfrs-rabbitmq-app + key: username + - name: RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: tfrs-rabbitmq-app + key: password + - name: RABBITMQ_HOST + value: tfrs-rabbitmq.{{ .Values.namespace }}.svc.cluster.local + - name: RABBITMQ_PORT + value: '5672' + livenessProbe: + failureThreshold: 10 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + tcpSocket: + port: 8080 + timeoutSeconds: 3 + readinessProbe: + failureThreshold: 10 + initialDelaySeconds: 20 + periodSeconds: 10 + successThreshold: 1 + tcpSocket: + port: 8080 + timeoutSeconds: 3 + resources: +{{ toYaml .Values.resources | indent 12 }} + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + terminationGracePeriodSeconds: 30 + test: false + triggers: + - imageChangeParams: + automatic: true + containerNames: + - frontend + from: + kind: ImageStreamTag + name: tfrs-frontend:{{ .Values.frontendImageTagName }} + lastTriggeredImage: + type: ImageChange + - type: ConfigChange diff --git a/charts/tfrs-apps/charts/tfrs-frontend/templates/hpa.yaml b/charts/tfrs-apps/charts/tfrs-frontend/templates/hpa.yaml new file mode 100644 index 000000000..af2553cfd --- /dev/null +++ b/charts/tfrs-apps/charts/tfrs-frontend/templates/hpa.yaml @@ -0,0 +1,32 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2beta2 +kind: HorizontalPodAutoscaler +metadata: + name: tfrs-frontend{{ .Values.suffix }} + labels: + {{- include "tfrs-frontend.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps.openshift.io/v1 + kind: DeploymentConfig + name: tfrs-frontend{{ .Values.suffix }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/charts/tfrs-apps/charts/tfrs-frontend/templates/route.yaml b/charts/tfrs-apps/charts/tfrs-frontend/templates/route.yaml new file mode 100644 index 000000000..2bc10c2ef --- /dev/null +++ b/charts/tfrs-apps/charts/tfrs-frontend/templates/route.yaml @@ -0,0 +1,22 @@ +{{- if .Values.route.createFrontendRoute }} +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: tfrs-frontend{{ .Values.suffix }} + annotations: + haproxy.router.openshift.io/timeout: 1200s + labels: + {{- include "tfrs-frontend.labels" . | nindent 4 }} +spec: + host: tfrs-frontend{{ .Values.suffix }}.apps.silver.devops.gov.bc.ca + port: + targetPort: web + tls: + insecureEdgeTerminationPolicy: Redirect + termination: edge + to: + kind: Service + name: tfrs-frontend{{ .Values.suffix }} + weight: 100 + wildcardPolicy: None + {{- end }} \ No newline at end of file diff --git a/charts/tfrs-apps/charts/tfrs-frontend/templates/service.yaml b/charts/tfrs-apps/charts/tfrs-frontend/templates/service.yaml new file mode 100644 index 000000000..3cd86a0a9 --- /dev/null +++ b/charts/tfrs-apps/charts/tfrs-frontend/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: tfrs-frontend{{ .Values.suffix }} + labels: + {{- include "tfrs-frontend.labels" . | nindent 4 }} +spec: + type: ClusterIP + ports: + - port: 8080 + targetPort: 8080 + protocol: TCP + name: web + sessionAffinity: None + selector: + {{- include "tfrs-frontend.selectorLabels" . | nindent 4 }} diff --git a/charts/tfrs-apps/charts/tfrs-frontend/values-dev-jan.yaml b/charts/tfrs-apps/charts/tfrs-frontend/values-dev-jan.yaml new file mode 100644 index 000000000..882ab1112 --- /dev/null +++ b/charts/tfrs-apps/charts/tfrs-frontend/values-dev-jan.yaml @@ -0,0 +1,28 @@ +# Default values for tfrs-frontend. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +configmap: + keycloak: + clientId: tfrs-on-gold-4308 + siteminderLogoutUrl: https://logontest7.gov.bc.ca/clp-cgi/logoff.cgi?retnow=1&returl= + debugEnabled: true + +resources: + limits: + cpu: 80m + memory: 120Mi + requests: + cpu: 40m + memory: 60Mi + +route: + createFrontendRoute: true + +autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 2 + targetCPUUtilizationPercentage: 80 diff --git a/openshift-v4/templates/knp/2a-apps-jan.yaml b/openshift-v4/templates/knp/2a-apps-jan.yaml new file mode 100644 index 000000000..f24967bdf --- /dev/null +++ b/openshift-v4/templates/knp/2a-apps-jan.yaml @@ -0,0 +1,63 @@ +--- +apiVersion: template.openshift.io/v1 +kind: Template +labels: + template: tfrs-network-policy-jan +metadata: + name: tfrs-network-policy-jan +parameters: + - name: ENVIRONMENT + displayName: null + description: such as dev or test + required: true +objects: + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-tfrs-backend-accepts-frontend-${ENVIRONMENT}-jan + spec: + ## Allow backend to accept communication from frontend + podSelector: + matchLabels: + name: tfrs-backend-${ENVIRONMENT}-jan + ingress: + - from: + - podSelector: + matchLabels: + name: tfrs-frontend-${ENVIRONMENT}-jan + ports: + - protocol: TCP + port: 8080 + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-tfrs-minio-accepts-${ENVIRONMENT}-jan + spec: + ## Allow minio to accept communications from scan coordinator + ## Allow minio to accept communications from celery + ## Allow minio to accept communications from backend + podSelector: + matchLabels: + name: tfrs-minio-${ENVIRONMENT} + ingress: + - from: + - podSelector: + matchLabels: + name: tfrs-scan-coordinator-${ENVIRONMENT}-jan + ports: + - protocol: TCP + port: 9000 + - from: + - podSelector: + matchLabels: + name: tfrs-celery-${ENVIRONMENT}-jan + ports: + - protocol: TCP + port: 9000 + - from: + - podSelector: + matchLabels: + name: tfrs-backend-${ENVIRONMENT}-jan + ports: + - protocol: TCP + port: 9000 diff --git a/openshift-v4/templates/knp/3a-spilo-jan.yaml b/openshift-v4/templates/knp/3a-spilo-jan.yaml new file mode 100644 index 000000000..4a03c4a81 --- /dev/null +++ b/openshift-v4/templates/knp/3a-spilo-jan.yaml @@ -0,0 +1,98 @@ +--- +apiVersion: template.openshift.io/v1 +kind: Template +labels: + template: tfrs-spilo-network-policy-jan +metadata: + name: tfrs-spilo-network-policy-jan +parameters: + - name: ENVIRONMENT + displayName: null + description: such as dev or test + required: true +objects: + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-tfrs-spilo-accepts-${ENVIRONMENT}-jan + spec: + ## Allow tfrs-spilo to accept communications from backend + ## Allow tfrs-spilo to accept communications from backend-mid + ## Allow tfrs-spilo to accept communications from scan-handler + ## Allow tfrs-spilo to accept communications from schema-public + ## Allow tfrs-spilo to accept communications from schema-audit + ## Allow tfrs-spilo to accept communications from celery + ## Allow tfrs-spilo to accept communications from nagios + ## Allow tfrs-spilo to accept communications from backup-container + ## Allow tfrs-spilo to accept communications from metabase from cthub + podSelector: + matchLabels: + app.kubernetes.io/instance: tfrs-spilo-jan + ingress: + - from: + - podSelector: + matchLabels: + name: tfrs-backend-${ENVIRONMENT}-jan + ports: + - protocol: TCP + port: 5432 + - from: + - podSelector: + matchLabels: + openshift.io/deployer-pod.type: hook-mid + ports: + - protocol: TCP + port: 5432 + - from: + - podSelector: + matchLabels: + name: tfrs-scan-handler-${ENVIRONMENT}-jan + ports: + - protocol: TCP + port: 5432 + - from: + - podSelector: + matchLabels: + name: tfrs-schema-spy-public-${ENVIRONMENT}-jan + ports: + - protocol: TCP + port: 5432 + - from: + - podSelector: + matchLabels: + name: tfrs-schema-spy-audit-${ENVIRONMENT}-jan + ports: + - protocol: TCP + port: 5432 + - from: + - podSelector: + matchLabels: + name: tfrs-celery-${ENVIRONMENT}-jan + ports: + - protocol: TCP + port: 5432 + - from: + - podSelector: + matchLabels: + app: nagios + ports: + - protocol: TCP + port: 5432 + - from: + - podSelector: + matchLabels: + name: patroni-backup-jan + ports: + - protocol: TCP + port: 5432 + - from: + - namespaceSelector: + matchLabels: + name: 30b186 + environment: ${ENVIRONMENT} + - podSelector: + matchLabels: + app: metabase + ports: + - protocol: TCP + port: 5432 diff --git a/openshift-v4/templates/knp/4a-clamav-rabbitmq.yaml b/openshift-v4/templates/knp/4a-clamav-rabbitmq.yaml new file mode 100644 index 000000000..797ffaf4d --- /dev/null +++ b/openshift-v4/templates/knp/4a-clamav-rabbitmq.yaml @@ -0,0 +1,102 @@ +--- +apiVersion: template.openshift.io/v1 +kind: Template +labels: + template: tfrs-network-policy-jan +metadata: + name: tfrs-network-policy-jan +parameters: + - name: ENVIRONMENT + displayName: null + description: such as dev or test + required: true +objects: + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-tfrs-rabbitmq-accepts-${ENVIRONMENT}-jan + spec: + ## Allow rabbitmq to accept communications from notification server + ## Allow rabbitmq to accept communications from backend + ## Allow rabbitmq to accept communications from scan handler + ## Allow rabbitmq to accept communications from scan coordinator + ## Allow rabbitmq to accept communications from celery + ## Allow rabbitmq to accept communications from other rabbitmq pods + podSelector: + matchLabels: + app.kubernetes.io/instance: tfrs-rabbitmq + ingress: + - from: + - podSelector: + matchLabels: + name: tfrs-notification-server-${ENVIRONMENT}-jan + ports: + - protocol: TCP + port: 5672 + - from: + - podSelector: + matchLabels: + name: tfrs-backend-${ENVIRONMENT}-jan + ports: + - protocol: TCP + port: 5672 + - from: + - podSelector: + matchLabels: + name: tfrs-scan-handler-${ENVIRONMENT}-jan + ports: + - protocol: TCP + port: 5672 + - from: + - podSelector: + matchLabels: + name: tfrs-scan-coordinator-${ENVIRONMENT}-jan + ports: + - protocol: TCP + port: 5672 + - from: + - podSelector: + matchLabels: + name: tfrs-celery-${ENVIRONMENT}-jan + ports: + - protocol: TCP + port: 5672 + - from: + - podSelector: + matchLabels: + app.kubernetes.io/instance: tfrs-rabbitmq + ports: + - protocol: TCP + port: 5672 + - protocol: TCP + port: 15672 + - protocol: TCP + port: 25672 + - protocol: TCP + port: 4369 + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-tfrs-clamav-accepts-${ENVIRONMENT}-jan + spec: + ## Allow clamav to accept communications from scan coordinator + ## Allow clamav to accept communications from backend + podSelector: + matchLabels: + app.kubernetes.io/instance: tfrs-clamav + ingress: + - from: + - podSelector: + matchLabels: + name: tfrs-scan-coordinator-${ENVIRONMENT}-jan + ports: + - protocol: TCP + port: 3310 + - from: + - podSelector: + matchLabels: + name: tfrs-backend-${ENVIRONMENT}-jan + ports: + - protocol: TCP + port: 3310 +