From d170d57d38939a17a9d6f8b458dbd8cad3e8299c Mon Sep 17 00:00:00 2001 From: Josh-Williams-BC Date: Sun, 22 Jan 2023 15:00:46 -0800 Subject: [PATCH] Deployment Changes --- devops/base/dev/api/deploy.yaml | 99 ++++++++++++++++++ devops/base/{ => dev}/api/kustomization.yaml | 0 devops/base/{ => dev}/api/policy.yaml | 0 devops/base/{ => dev}/web/config.yaml | 0 devops/base/dev/web/deploy.yaml | 104 +++++++++++++++++++ devops/base/{ => dev}/web/kustomization.yaml | 0 devops/base/{ => prod}/api/deploy.yaml | 0 devops/base/prod/api/kustomization.yaml | 21 ++++ devops/base/prod/api/policy.yaml | 33 ++++++ devops/base/prod/web/config.yaml | 59 +++++++++++ devops/base/{ => prod}/web/deploy.yaml | 0 devops/base/prod/web/kustomization.yaml | 20 ++++ devops/base/test/api/deploy.yaml | 99 ++++++++++++++++++ devops/base/test/api/kustomization.yaml | 21 ++++ devops/base/test/api/policy.yaml | 33 ++++++ devops/base/test/web/config.yaml | 59 +++++++++++ devops/base/test/web/deploy.yaml | 104 +++++++++++++++++++ devops/base/test/web/kustomization.yaml | 20 ++++ devops/env/dev/api-env.properties | 6 +- devops/env/dev/api-replica-patch.yaml | 23 ++++ devops/env/dev/api-resource-patch.yaml | 33 ++++++ devops/env/dev/db-pvc-patch.yaml | 34 ++++++ devops/env/dev/db-replica-patch.yaml | 24 +++++ devops/env/dev/db-resoure-patch.yaml | 34 ++++++ devops/env/dev/kustomization.yaml | 17 ++- devops/env/dev/web-replica-patch.yaml | 23 ++++ devops/env/dev/web-resource-patch.yaml | 33 ++++++ devops/env/dev/web-to-api-route.yaml | 34 ++++++ devops/env/prod/api-env.properties | 8 +- devops/env/prod/kustomization.yaml | 4 +- devops/env/test/api-env.properties | 8 +- devops/env/test/kustomization.yaml | 6 +- web/.env.dev | 3 +- web/.env.local | 1 - web/.env.production | 1 - web/.env.testing | 2 +- web/public/statics/keycloak-dev.json | 10 +- web/public/statics/keycloak-test.json | 8 ++ web/public/statics/keycloak.json | 10 +- 39 files changed, 959 insertions(+), 35 deletions(-) create mode 100644 devops/base/dev/api/deploy.yaml rename devops/base/{ => dev}/api/kustomization.yaml (100%) rename devops/base/{ => dev}/api/policy.yaml (100%) rename devops/base/{ => dev}/web/config.yaml (100%) create mode 100644 devops/base/dev/web/deploy.yaml rename devops/base/{ => dev}/web/kustomization.yaml (100%) rename devops/base/{ => prod}/api/deploy.yaml (100%) create mode 100644 devops/base/prod/api/kustomization.yaml create mode 100644 devops/base/prod/api/policy.yaml create mode 100644 devops/base/prod/web/config.yaml rename devops/base/{ => prod}/web/deploy.yaml (100%) create mode 100644 devops/base/prod/web/kustomization.yaml create mode 100644 devops/base/test/api/deploy.yaml create mode 100644 devops/base/test/api/kustomization.yaml create mode 100644 devops/base/test/api/policy.yaml create mode 100644 devops/base/test/web/config.yaml create mode 100644 devops/base/test/web/deploy.yaml create mode 100644 devops/base/test/web/kustomization.yaml create mode 100644 devops/env/dev/api-replica-patch.yaml create mode 100644 devops/env/dev/api-resource-patch.yaml create mode 100644 devops/env/dev/db-pvc-patch.yaml create mode 100644 devops/env/dev/db-replica-patch.yaml create mode 100644 devops/env/dev/db-resoure-patch.yaml create mode 100644 devops/env/dev/web-replica-patch.yaml create mode 100644 devops/env/dev/web-resource-patch.yaml create mode 100644 devops/env/dev/web-to-api-route.yaml create mode 100644 web/public/statics/keycloak-test.json diff --git a/devops/base/dev/api/deploy.yaml b/devops/base/dev/api/deploy.yaml new file mode 100644 index 00000000..37e55d28 --- /dev/null +++ b/devops/base/dev/api/deploy.yaml @@ -0,0 +1,99 @@ +# Copyright 2021 The Province of British Columbia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: timemachine + name: api +spec: + replicas: 1 + selector: + matchLabels: + app: timemachine + component: api + strategy: + type: RollingUpdate + rollingParams: + intervalSeconds: 1 + maxSurge: 25% + maxUnavailable: 25% + timeoutSeconds: 600 + updatePeriodSeconds: 1 + template: + metadata: + labels: + app: timemachine + role: api + component: api + spec: + containers: + - name: timemachine-api + image: image-registry.openshift-image-registry.svc:5000/ed57f0-tools/timemachine-api-dev:latest + imagePullPolicy: Always + ports: + - containerPort: 8080 + protocol: TCP + resources: + limits: + cpu: 60m + memory: 384Mi + requests: + cpu: 20m + memory: 288Mi + envFrom: + - configMapRef: + name: api-env + - secretRef: + name: api-creds + dnsPolicy: ClusterFirst + restartPolicy: Always +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: timemachine + name: api +spec: + ports: + - name: 8080-tcp + port: 8080 + protocol: TCP + targetPort: 8080 + selector: + app: timemachine + component: api + sessionAffinity: None + type: ClusterIP +--- +apiVersion: v1 +kind: Route +metadata: + labels: + app: timemachine + component: api + name: api +spec: + port: + targetPort: 8080-tcp + tls: + insecureEdgeTerminationPolicy: Redirect + terminationc: edge + to: + kind: Service + name: api + weight: 100 diff --git a/devops/base/api/kustomization.yaml b/devops/base/dev/api/kustomization.yaml similarity index 100% rename from devops/base/api/kustomization.yaml rename to devops/base/dev/api/kustomization.yaml diff --git a/devops/base/api/policy.yaml b/devops/base/dev/api/policy.yaml similarity index 100% rename from devops/base/api/policy.yaml rename to devops/base/dev/api/policy.yaml diff --git a/devops/base/web/config.yaml b/devops/base/dev/web/config.yaml similarity index 100% rename from devops/base/web/config.yaml rename to devops/base/dev/web/config.yaml diff --git a/devops/base/dev/web/deploy.yaml b/devops/base/dev/web/deploy.yaml new file mode 100644 index 00000000..86c17c83 --- /dev/null +++ b/devops/base/dev/web/deploy.yaml @@ -0,0 +1,104 @@ +# Copyright 2021 The Province of British Columbia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: timemachine + name: web +spec: + strategy: + type: RollingUpdate + replicas: 1 + selector: + matchLabels: + app: timemachine + component: web + template: + metadata: + labels: + app: timemachine + role: web + component: web + name: timemachine + spec: + containers: + - name: timemachine-web + image: image-registry.openshift-image-registry.svc:5000/ed57f0-tools/timemachine-web-dev:latest + imagePullPolicy: Always + startupProbe: + httpGet: + path: / + port: 2015 + failureThreshold: 11 + periodSeconds: 3 + readinessProbe: + httpGet: + path: / + port: 2015 + timeoutSeconds: 3 + ports: + - containerPort: 2015 + resources: + limits: + cpu: 30m + memory: 48Mi + requests: + cpu: 10m + memory: 32Mi + volumeMounts: + - name: config-vol + mountPath: /etc/caddy/Caddyfile + subPath: Caddyfile + volumes: + - name: config-vol + configMap: + name: web-config +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: timemachine + component: web + name: web +spec: + selector: + app: timemachine + component: web + ports: + - name: 2015-tcp + port: 2015 + protocol: TCP + targetPort: 2015 +--- +apiVersion: v1 +kind: Route +metadata: + labels: + app: timemachine + component: web + name: web +spec: + port: + targetPort: 2015-tcp + tls: + insecureEdgeTerminationPolicy: Redirect + terminationc: edge + to: + kind: Service + name: web + weight: 100 diff --git a/devops/base/web/kustomization.yaml b/devops/base/dev/web/kustomization.yaml similarity index 100% rename from devops/base/web/kustomization.yaml rename to devops/base/dev/web/kustomization.yaml diff --git a/devops/base/api/deploy.yaml b/devops/base/prod/api/deploy.yaml similarity index 100% rename from devops/base/api/deploy.yaml rename to devops/base/prod/api/deploy.yaml diff --git a/devops/base/prod/api/kustomization.yaml b/devops/base/prod/api/kustomization.yaml new file mode 100644 index 00000000..db920cbd --- /dev/null +++ b/devops/base/prod/api/kustomization.yaml @@ -0,0 +1,21 @@ +# Copyright 2021 The Province of British Columbia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - deploy.yaml + - policy.yaml + \ No newline at end of file diff --git a/devops/base/prod/api/policy.yaml b/devops/base/prod/api/policy.yaml new file mode 100644 index 00000000..ed7116a8 --- /dev/null +++ b/devops/base/prod/api/policy.yaml @@ -0,0 +1,33 @@ +# Copyright 2021 The Province of British Columbia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: allow-api-to-patroni +spec: + # Allow the API to talk to the patroni + # database cluster on the given port. + podSelector: + matchLabels: + statefulset: timemachine-patroni + ingress: + - from: + - podSelector: + matchLabels: + role: api + ports: + - protocol: TCP + port: 5432 \ No newline at end of file diff --git a/devops/base/prod/web/config.yaml b/devops/base/prod/web/config.yaml new file mode 100644 index 00000000..3abb4887 --- /dev/null +++ b/devops/base/prod/web/config.yaml @@ -0,0 +1,59 @@ +# Copyright 2020 The Province of British Columbia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: web-config + labels: + app: timemachine +data: + Caddyfile: | + # Where caddy should listen + :2015 + + # Turn on the Web/file server + file_server + #templates { + # mime "text/javascript" "application/javascript" + #} + + # The site root + root * /opt/app-root/src + + # Because we should + encode zstd gzip + + # This rewrite rule may be required to get React apps + # to deal with trailing slashes properly. + #@filter { + # not path_regexp ^\/0.0.0.0 + # file { + # try_files {path} {path}/ /?url={uri} + # } + #} + #rewrite @try_files {http.matchers.file.relative} + + # This properly deals with react routes. + try_files {path} {path}/ /index.html + + # On OCP we should log to stdout so Prometheus can + # slurp up the logs for human consumption. + log { + #errors stdout + output stdout + format single_field common_log + level info + } diff --git a/devops/base/web/deploy.yaml b/devops/base/prod/web/deploy.yaml similarity index 100% rename from devops/base/web/deploy.yaml rename to devops/base/prod/web/deploy.yaml diff --git a/devops/base/prod/web/kustomization.yaml b/devops/base/prod/web/kustomization.yaml new file mode 100644 index 00000000..32432a0f --- /dev/null +++ b/devops/base/prod/web/kustomization.yaml @@ -0,0 +1,20 @@ +# Copyright 2021 The Province of British Columbia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - deploy.yaml + - config.yaml diff --git a/devops/base/test/api/deploy.yaml b/devops/base/test/api/deploy.yaml new file mode 100644 index 00000000..e3527e05 --- /dev/null +++ b/devops/base/test/api/deploy.yaml @@ -0,0 +1,99 @@ +# Copyright 2021 The Province of British Columbia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: timemachine + name: api +spec: + replicas: 1 + selector: + matchLabels: + app: timemachine + component: api + strategy: + type: RollingUpdate + rollingParams: + intervalSeconds: 1 + maxSurge: 25% + maxUnavailable: 25% + timeoutSeconds: 600 + updatePeriodSeconds: 1 + template: + metadata: + labels: + app: timemachine + role: api + component: api + spec: + containers: + - name: timemachine-api + image: image-registry.openshift-image-registry.svc:5000/ed57f0-tools/timemachine-api-test:latest + imagePullPolicy: Always + ports: + - containerPort: 8080 + protocol: TCP + resources: + limits: + cpu: 60m + memory: 384Mi + requests: + cpu: 20m + memory: 288Mi + envFrom: + - configMapRef: + name: api-env + - secretRef: + name: api-creds + dnsPolicy: ClusterFirst + restartPolicy: Always +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: timemachine + name: api +spec: + ports: + - name: 8080-tcp + port: 8080 + protocol: TCP + targetPort: 8080 + selector: + app: timemachine + component: api + sessionAffinity: None + type: ClusterIP +--- +apiVersion: v1 +kind: Route +metadata: + labels: + app: timemachine + component: api + name: api +spec: + port: + targetPort: 8080-tcp + tls: + insecureEdgeTerminationPolicy: Redirect + terminationc: edge + to: + kind: Service + name: api + weight: 100 diff --git a/devops/base/test/api/kustomization.yaml b/devops/base/test/api/kustomization.yaml new file mode 100644 index 00000000..db920cbd --- /dev/null +++ b/devops/base/test/api/kustomization.yaml @@ -0,0 +1,21 @@ +# Copyright 2021 The Province of British Columbia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - deploy.yaml + - policy.yaml + \ No newline at end of file diff --git a/devops/base/test/api/policy.yaml b/devops/base/test/api/policy.yaml new file mode 100644 index 00000000..ed7116a8 --- /dev/null +++ b/devops/base/test/api/policy.yaml @@ -0,0 +1,33 @@ +# Copyright 2021 The Province of British Columbia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: allow-api-to-patroni +spec: + # Allow the API to talk to the patroni + # database cluster on the given port. + podSelector: + matchLabels: + statefulset: timemachine-patroni + ingress: + - from: + - podSelector: + matchLabels: + role: api + ports: + - protocol: TCP + port: 5432 \ No newline at end of file diff --git a/devops/base/test/web/config.yaml b/devops/base/test/web/config.yaml new file mode 100644 index 00000000..3abb4887 --- /dev/null +++ b/devops/base/test/web/config.yaml @@ -0,0 +1,59 @@ +# Copyright 2020 The Province of British Columbia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: web-config + labels: + app: timemachine +data: + Caddyfile: | + # Where caddy should listen + :2015 + + # Turn on the Web/file server + file_server + #templates { + # mime "text/javascript" "application/javascript" + #} + + # The site root + root * /opt/app-root/src + + # Because we should + encode zstd gzip + + # This rewrite rule may be required to get React apps + # to deal with trailing slashes properly. + #@filter { + # not path_regexp ^\/0.0.0.0 + # file { + # try_files {path} {path}/ /?url={uri} + # } + #} + #rewrite @try_files {http.matchers.file.relative} + + # This properly deals with react routes. + try_files {path} {path}/ /index.html + + # On OCP we should log to stdout so Prometheus can + # slurp up the logs for human consumption. + log { + #errors stdout + output stdout + format single_field common_log + level info + } diff --git a/devops/base/test/web/deploy.yaml b/devops/base/test/web/deploy.yaml new file mode 100644 index 00000000..744f260c --- /dev/null +++ b/devops/base/test/web/deploy.yaml @@ -0,0 +1,104 @@ +# Copyright 2021 The Province of British Columbia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: timemachine + name: web +spec: + strategy: + type: RollingUpdate + replicas: 1 + selector: + matchLabels: + app: timemachine + component: web + template: + metadata: + labels: + app: timemachine + role: web + component: web + name: timemachine + spec: + containers: + - name: timemachine-web + image: image-registry.openshift-image-registry.svc:5000/ed57f0-tools/timemachine-web-test:latest + imagePullPolicy: Always + startupProbe: + httpGet: + path: / + port: 2015 + failureThreshold: 11 + periodSeconds: 3 + readinessProbe: + httpGet: + path: / + port: 2015 + timeoutSeconds: 3 + ports: + - containerPort: 2015 + resources: + limits: + cpu: 30m + memory: 48Mi + requests: + cpu: 10m + memory: 32Mi + volumeMounts: + - name: config-vol + mountPath: /etc/caddy/Caddyfile + subPath: Caddyfile + volumes: + - name: config-vol + configMap: + name: web-config +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: timemachine + component: web + name: web +spec: + selector: + app: timemachine + component: web + ports: + - name: 2015-tcp + port: 2015 + protocol: TCP + targetPort: 2015 +--- +apiVersion: v1 +kind: Route +metadata: + labels: + app: timemachine + component: web + name: web +spec: + port: + targetPort: 2015-tcp + tls: + insecureEdgeTerminationPolicy: Redirect + terminationc: edge + to: + kind: Service + name: web + weight: 100 diff --git a/devops/base/test/web/kustomization.yaml b/devops/base/test/web/kustomization.yaml new file mode 100644 index 00000000..32432a0f --- /dev/null +++ b/devops/base/test/web/kustomization.yaml @@ -0,0 +1,20 @@ +# Copyright 2021 The Province of British Columbia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - deploy.yaml + - config.yaml diff --git a/devops/env/dev/api-env.properties b/devops/env/dev/api-env.properties index 5b5107c6..741721bc 100644 --- a/devops/env/dev/api-env.properties +++ b/devops/env/dev/api-env.properties @@ -5,6 +5,6 @@ db_type=postgres db_port=5432 db_synchronize=true db_name=timemachine -kc_authServerUrl=https://oidc.gov.bc.ca/auth -kc_realm=b9xip88d -kc_resource=timeMachineApp +kc_authServerUrl=https://dev.loginproxy.gov.bc.ca/auth +kc_realm=standard +kc_resource=time-machine-4338 diff --git a/devops/env/dev/api-replica-patch.yaml b/devops/env/dev/api-replica-patch.yaml new file mode 100644 index 00000000..1a853b56 --- /dev/null +++ b/devops/env/dev/api-replica-patch.yaml @@ -0,0 +1,23 @@ +# Copyright 2021 The Province of British Columbia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + labels: + app: timemachine + name: api +spec: + replicas: 3 diff --git a/devops/env/dev/api-resource-patch.yaml b/devops/env/dev/api-resource-patch.yaml new file mode 100644 index 00000000..c02e8d60 --- /dev/null +++ b/devops/env/dev/api-resource-patch.yaml @@ -0,0 +1,33 @@ +# Copyright 2021 The Province of British Columbia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + labels: + app: timemachine + name: api +spec: + template: + spec: + containers: + - name: timemachine-api + resources: + limits: + cpu: 250m + memory: 1G + requests: + cpu: 100m + memory: 640Mi diff --git a/devops/env/dev/db-pvc-patch.yaml b/devops/env/dev/db-pvc-patch.yaml new file mode 100644 index 00000000..4d19041a --- /dev/null +++ b/devops/env/dev/db-pvc-patch.yaml @@ -0,0 +1,34 @@ +# Copyright 2021 The Province of British Columbia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: timemachine-patroni + labels: + app: timemachine + cluster-name: timemachine-patroni +spec: + volumeClaimTemplates: + - metadata: + name: postgresql + spec: + storageClassName: netapp-file-standard + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + diff --git a/devops/env/dev/db-replica-patch.yaml b/devops/env/dev/db-replica-patch.yaml new file mode 100644 index 00000000..be782bbc --- /dev/null +++ b/devops/env/dev/db-replica-patch.yaml @@ -0,0 +1,24 @@ +# Copyright 2021 The Province of British Columbia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: timemachine-patroni + labels: + app: timemachine + cluster-name: timemachine-patroni +spec: + replicas: 3 diff --git a/devops/env/dev/db-resoure-patch.yaml b/devops/env/dev/db-resoure-patch.yaml new file mode 100644 index 00000000..5c15264a --- /dev/null +++ b/devops/env/dev/db-resoure-patch.yaml @@ -0,0 +1,34 @@ +# Copyright 2021 The Province of British Columbia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: timemachine-patroni + labels: + app: timemachine + cluster-name: timemachine-patroni +spec: + template: + spec: + containers: + - name: postgresql + resources: + limits: + cpu: 160m + memory: 512Mi + requests: + cpu: 100m + memory: 320Mi diff --git a/devops/env/dev/kustomization.yaml b/devops/env/dev/kustomization.yaml index 5174091f..8b49d282 100644 --- a/devops/env/dev/kustomization.yaml +++ b/devops/env/dev/kustomization.yaml @@ -18,9 +18,20 @@ kind: Kustomization namespace: ed57f0-dev bases: - ../../base/db - - ../../base/api - - ../../base/web + - ../../base/dev/api + - ../../base/dev/web - ../../base/policy + - ../../base/backup +resources: + - web-to-api-route.yaml +patches: + - api-resource-patch.yaml + - api-replica-patch.yaml + - web-replica-patch.yaml + - web-resource-patch.yaml + - db-replica-patch.yaml + - db-pvc-patch.yaml + - db-resoure-patch.yaml generatorOptions: labels: app: timemachine @@ -38,7 +49,7 @@ secretGenerator: type: Opaque env: db-secret.properties images: - - name: image-registry.openshift-image-registry.svc:5000/ed57f0-tools/timemachine-api + - name: image-registry.openshift-image-registry.svc:5000/ed57f0-tools/timemachine-api-dev newTag: "latest" - name: image-registry.openshift-image-registry.svc:5000/bcgov/patroni-postgres newTag: "12.4-latest" diff --git a/devops/env/dev/web-replica-patch.yaml b/devops/env/dev/web-replica-patch.yaml new file mode 100644 index 00000000..0f230737 --- /dev/null +++ b/devops/env/dev/web-replica-patch.yaml @@ -0,0 +1,23 @@ +# Copyright 2021 The Province of British Columbia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + labels: + app: timemachine + name: web +spec: + replicas: 3 diff --git a/devops/env/dev/web-resource-patch.yaml b/devops/env/dev/web-resource-patch.yaml new file mode 100644 index 00000000..ac26ca9e --- /dev/null +++ b/devops/env/dev/web-resource-patch.yaml @@ -0,0 +1,33 @@ +# Copyright 2021 The Province of British Columbia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + labels: + app: timemachine + name: web +spec: + template: + spec: + containers: + - name: timemachine-web + resources: + limits: + cpu: 20m + memory: 92Mi + requests: + cpu: 10m + memory: 64Mi diff --git a/devops/env/dev/web-to-api-route.yaml b/devops/env/dev/web-to-api-route.yaml new file mode 100644 index 00000000..fc61aa8e --- /dev/null +++ b/devops/env/dev/web-to-api-route.yaml @@ -0,0 +1,34 @@ +# Copyright 2021 The Province of British Columbia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +apiVersion: v1 +kind: Route +metadata: + labels: + app: timemachine + component: api + name: web-to-api +spec: + host: web-ed57f0-dev.apps.silver.devops.gov.bc.ca + path: /api + port: + targetPort: 8080-tcp + tls: + insecureEdgeTerminationPolicy: Redirect + terminationc: edge + to: + kind: Service + name: api + weight: 100 diff --git a/devops/env/prod/api-env.properties b/devops/env/prod/api-env.properties index 5b5107c6..651b0e77 100644 --- a/devops/env/prod/api-env.properties +++ b/devops/env/prod/api-env.properties @@ -1,10 +1,10 @@ -environment=dev +environment=prod PORT=8080 db_host=timemachine-patroni-master db_type=postgres db_port=5432 db_synchronize=true db_name=timemachine -kc_authServerUrl=https://oidc.gov.bc.ca/auth -kc_realm=b9xip88d -kc_resource=timeMachineApp +kc_authServerUrl=https://loginproxy.gov.bc.ca/auth +kc_realm=standard +kc_resource=time-machine-4338 diff --git a/devops/env/prod/kustomization.yaml b/devops/env/prod/kustomization.yaml index 5f5cd6ec..0d27d6de 100644 --- a/devops/env/prod/kustomization.yaml +++ b/devops/env/prod/kustomization.yaml @@ -18,8 +18,8 @@ kind: Kustomization namespace: ed57f0-prod bases: - ../../base/db - - ../../base/api - - ../../base/web + - ../../base/prod/api + - ../../base/prod/web - ../../base/policy - ../../base/backup resources: diff --git a/devops/env/test/api-env.properties b/devops/env/test/api-env.properties index 5b5107c6..f6181cfe 100644 --- a/devops/env/test/api-env.properties +++ b/devops/env/test/api-env.properties @@ -1,10 +1,10 @@ -environment=dev +environment=prod PORT=8080 db_host=timemachine-patroni-master db_type=postgres db_port=5432 db_synchronize=true db_name=timemachine -kc_authServerUrl=https://oidc.gov.bc.ca/auth -kc_realm=b9xip88d -kc_resource=timeMachineApp +kc_authServerUrl=https://test.loginproxy.gov.bc.ca/auth +kc_realm=standard +kc_resource=time-machine-4338 diff --git a/devops/env/test/kustomization.yaml b/devops/env/test/kustomization.yaml index 4b792a2f..e93e6400 100644 --- a/devops/env/test/kustomization.yaml +++ b/devops/env/test/kustomization.yaml @@ -18,8 +18,8 @@ kind: Kustomization namespace: ed57f0-test bases: - ../../base/db - - ../../base/api - - ../../base/web + - ../../base/test/api + - ../../base/test/web - ../../base/policy - ../../base/backup resources: @@ -49,7 +49,7 @@ secretGenerator: type: Opaque env: db-secret.properties images: - - name: image-registry.openshift-image-registry.svc:5000/ed57f0-tools/timemachine-api + - name: image-registry.openshift-image-registry.svc:5000/ed57f0-tools/timemachine-api-test newTag: "latest" - name: image-registry.openshift-image-registry.svc:5000/bcgov/patroni-postgres newTag: "12.4-latest" diff --git a/web/.env.dev b/web/.env.dev index c2ec0958..2523c184 100644 --- a/web/.env.dev +++ b/web/.env.dev @@ -1 +1,2 @@ -VUE_APP_API_URI=https://timemachine-api-ed57f0-dev.apps.silver.devops.gov.bc.ca \ No newline at end of file +VUE_APP_API_URI=https://timemachine-api-ed57f0-dev.apps.silver.devops.gov.bc.ca +VUE_APP_KEYCLOAK_JSON_FILENAME=statics/keycloak-dev \ No newline at end of file diff --git a/web/.env.local b/web/.env.local index 706d52dd..ddc67f09 100644 --- a/web/.env.local +++ b/web/.env.local @@ -1,6 +1,5 @@ VUE_APP_API_URI=http://localhost:3000/api VUE_APP_KEYCLOAK_JSON_FILENAME=statics/keycloak-local -kc_authServerUrl=https://dev.loginproxy.gov.bc.ca/auth # Configure client side to use OIDC; but server side is not configured for this yet. # VUE_APP_KEYCLOAK_JSON_FILENAME=statics/keycloak diff --git a/web/.env.production b/web/.env.production index 819bd318..b184669d 100644 --- a/web/.env.production +++ b/web/.env.production @@ -1,3 +1,2 @@ VUE_APP_API_URI=https://timemachine-api-ed57f0-prod.apps.silver.devops.gov.bc.ca -kc_authServerUrl=https://oidc.gov.bc.ca/auth/admin/b9xip88d/console/ VUE_APP_KEYCLOAK_JSON_FILENAME=statics/keycloak \ No newline at end of file diff --git a/web/.env.testing b/web/.env.testing index 5e2509b3..496bdbe3 100644 --- a/web/.env.testing +++ b/web/.env.testing @@ -1,2 +1,2 @@ VUE_APP_API_URI=https://timemachine-api-ed57f0-test.apps.silver.devops.gov.bc.ca -VUE_APP_KEYCLOAK_JSON_FILENAME=statics/keycloak \ No newline at end of file +VUE_APP_KEYCLOAK_JSON_FILENAME=statics/keycloak-test \ No newline at end of file diff --git a/web/public/statics/keycloak-dev.json b/web/public/statics/keycloak-dev.json index 3e204c86..c64044c1 100644 --- a/web/public/statics/keycloak-dev.json +++ b/web/public/statics/keycloak-dev.json @@ -1,10 +1,8 @@ { - "realm": "b9xip88d", - "auth-server-url": "https://dev.oidc.gov.bc.ca/auth", + "confidential-port": 0, + "auth-server-url": "https://dev.loginproxy.gov.bc.ca/auth", + "realm": "standard", "ssl-required": "none", - "resource": "timeMachineApp", - "clientId": "timeMachineApp", "public-client": true, - "confidential-port": 0, - "ignore-oauth-query-parameter":true + "resource": "time-machine-4338" } diff --git a/web/public/statics/keycloak-test.json b/web/public/statics/keycloak-test.json new file mode 100644 index 00000000..84b7c33a --- /dev/null +++ b/web/public/statics/keycloak-test.json @@ -0,0 +1,8 @@ +{ + "confidential-port": 0, + "auth-server-url": "https://test.loginproxy.gov.bc.ca/auth", + "realm": "standard", + "ssl-required": "none", + "public-client": true, + "resource": "time-machine-4338" +} \ No newline at end of file diff --git a/web/public/statics/keycloak.json b/web/public/statics/keycloak.json index f762ec74..247fc28f 100644 --- a/web/public/statics/keycloak.json +++ b/web/public/statics/keycloak.json @@ -1,10 +1,8 @@ { - "realm": "b9xip88d", - "auth-server-url": "https://oidc.gov.bc.ca/auth", + "confidential-port": 0, + "auth-server-url": "https://loginproxy.gov.bc.ca/auth", + "realm": "standard", "ssl-required": "none", - "resource": "timeMachineApp", - "clientId": "timeMachineApp", "public-client": true, - "confidential-port": 0, - "ignore-oauth-query-parameter":true + "resource": "time-machine-4338" }