From d06d028bb8517dafd2d856d92691c5c85a2428fb Mon Sep 17 00:00:00 2001
From: Paul Garewal <paul.garewal@gov.bc.ca>
Date: Thu, 6 Feb 2025 17:58:38 -0800
Subject: [PATCH 01/24] initial work on pipeline begin

---
 .github/workflows/.deploy.yml | 34 +++++++++++++++++-----------------
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/.github/workflows/.deploy.yml b/.github/workflows/.deploy.yml
index 4a66d569e..5ede1eff6 100644
--- a/.github/workflows/.deploy.yml
+++ b/.github/workflows/.deploy.yml
@@ -145,21 +145,21 @@ jobs:
               -p EMAIL_NOTIFICATION_RECIPIENT=${{ vars.EMAIL_NOTIFICATION_RECIPIENT }}
               -p GEOCODER_ADDRESS_API_BASE=${{ vars.GEOCODER_ADDRESS_API_BASE }}
 
-  # frontend: 
-  #   name: Frontend
-  #   needs: [ init, database, backend ]
-  #   environment: ${{ inputs.environment }}
-  #   runs-on: ubuntu-24.04
-  #   steps:
-  #     - name: Deploy Frontend
-  #       uses: bcgov/action-deployer-openshift@v3.0.1
-  #       with:
-  #         oc_namespace: ${{ vars.OC_NAMESPACE }}
-  #         oc_server: ${{ vars.OC_SERVER }}
-  #         oc_token: ${{ secrets.OC_TOKEN }}
-  #         oc_version: "4.14.37"
-  #         file: frontend/openshift.deploy.yml
-  #         parameters:
-  #           -p ZONE=${{ inputs.target }}
-  #           -p TAG=${{ inputs.tag }}
+  frontend: 
+    name: Frontend
+    needs: [ init, database, backend ]
+    environment: ${{ inputs.environment }}
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Deploy Frontend
+        uses: bcgov/action-deployer-openshift@v3.0.1
+        with:
+          oc_namespace: ${{ vars.OC_NAMESPACE }}
+          oc_server: ${{ vars.OC_SERVER }}
+          oc_token: ${{ secrets.OC_TOKEN }}
+          oc_version: "4.14.37"
+          file: frontend/openshift.deploy.yml
+          parameters:
+            -p ZONE=${{ inputs.target }}
+            -p TAG=${{ inputs.tag }}
             
\ No newline at end of file

From bb4e422bbb090581dc11826f40f23076b92e05e9 Mon Sep 17 00:00:00 2001
From: Paul Garewal <paul.garewal@gov.bc.ca>
Date: Fri, 7 Feb 2025 09:57:35 -0800
Subject: [PATCH 02/24] expose backend service route

---
 backend/openshift.deploy.yml | 54 ++++++++++++++++++------------------
 1 file changed, 27 insertions(+), 27 deletions(-)

diff --git a/backend/openshift.deploy.yml b/backend/openshift.deploy.yml
index 5ceb4eca1..6fcb32b35 100644
--- a/backend/openshift.deploy.yml
+++ b/backend/openshift.deploy.yml
@@ -202,16 +202,16 @@ objects:
         #         cpu: 10m
         #         memory: 128Mi
             
-        # volumes:
-        #   - name: staticfiles
-        #     emptyDir:
-        #       sizeLimit: 250Mi
+        volumes:
+          - name: staticfiles
+            emptyDir:
+              sizeLimit: 250Mi
         containers:
         - name: ${REPO}-${ZONE}-${COMPONENT}-app
           image: 'ghcr.io/bcgov/${REPO}/${COMPONENT}:${TAG}'
-          # volumeMounts:
-          #   - name: staticfiles
-          #     mountPath: /app/staticfiles
+          volumeMounts:
+            - name: staticfiles
+              mountPath: /app/staticfiles
           ports:
           - containerPort: 8000
             protocol: TCP
@@ -520,23 +520,23 @@ objects:
       name: ${REPO}-${ZONE}-${COMPONENT}
     type: ClusterIP
     sessionAffinity: None
-# - kind: Route
-#   apiVersion: v1
-#   metadata:
-#     name: ${REPO}-${ZONE}-${COMPONENT}
-#     labels:
-#       frontend: 'true'
-#       app: ${REPO}-${ZONE}-${COMPONENT}
-#   spec:
-#     host: ${REPO}-${ZONE}-${COMPONENT}.apps.silver.devops.gov.bc.ca
-#     path: "/gwells"
-#     to:
-#       kind: Service
-#       name: ${REPO}-${ZONE}-${COMPONENT}
-#       weight: 100
-#     port:
-#       targetPort: web
-#     tls:
-#       insecureEdgeTerminationPolicy: Redirect
-#       termination: edge
-#     wildcardPolicy: None
+- kind: Route
+  apiVersion: v1
+  metadata:
+    name: ${REPO}-${ZONE}-${COMPONENT}
+    labels:
+      frontend: 'true'
+      app: ${REPO}-${ZONE}-${COMPONENT}
+  spec:
+    host: ${REPO}-${ZONE}-${COMPONENT}.apps.silver.devops.gov.bc.ca
+    path: "/gwells"
+    to:
+      kind: Service
+      name: ${REPO}-${ZONE}-${COMPONENT}
+      weight: 100
+    port:
+      targetPort: web
+    tls:
+      insecureEdgeTerminationPolicy: Redirect
+      termination: edge
+    wildcardPolicy: None

From a262b975862197225dcdab6ac459da6c9c2d81ae Mon Sep 17 00:00:00 2001
From: Paul Garewal <paul.garewal@gov.bc.ca>
Date: Fri, 7 Feb 2025 10:21:08 -0800
Subject: [PATCH 03/24] uncomment init container

---
 backend/openshift.deploy.yml | 62 ++++++++++++++++++------------------
 1 file changed, 31 insertions(+), 31 deletions(-)

diff --git a/backend/openshift.deploy.yml b/backend/openshift.deploy.yml
index 6fcb32b35..5a2af776e 100644
--- a/backend/openshift.deploy.yml
+++ b/backend/openshift.deploy.yml
@@ -170,37 +170,37 @@ objects:
           name: ${REPO}-${ZONE}-${COMPONENT}
           deployment: ${REPO}-${ZONE}-${COMPONENT}
       spec:
-        # initContainers:
-        #   - name: check-database
-        #     image: 'ghcr.io/bcgov/${REPO}/database:${TAG}'
-        #     labels: 
-        #       name: ${REPO}-${ZONE}-${COMPONENT}
-        #     command: ["/bin/bash", "-c", "set -x; psql -qtAX -c 'select 1'"]
-        #     env:
-        #       - name: PGDATABASE
-        #         valueFrom:
-        #           secretKeyRef: 
-        #             name: ${REPO}-${ZONE}-database
-        #             key: database-name
-        #       - name: PGUSER
-        #         valueFrom:
-        #           secretKeyRef: 
-        #             name: ${REPO}-${ZONE}-database
-        #             key: database-user
-        #       - name: PGPASSWORD
-        #         valueFrom:
-        #           secretKeyRef: 
-        #             name: ${REPO}-${ZONE}-database
-        #             key: database-password
-        #       - name: PGHOST
-        #         value: ${REPO}-${ZONE}-database
-        #     resources:
-        #       limits:
-        #         cpu: 50m
-        #         memory: 256Mi
-        #       requests:
-        #         cpu: 10m
-        #         memory: 128Mi
+        initContainers:
+          - name: check-database
+            image: 'ghcr.io/bcgov/${REPO}/database:${TAG}'
+            labels: 
+              name: ${REPO}-${ZONE}-${COMPONENT}
+            command: ["/bin/bash", "-c", "set -x; psql -qtAX -c 'select 1'"]
+            env:
+              - name: PGDATABASE
+                valueFrom:
+                  secretKeyRef: 
+                    name: ${REPO}-${ZONE}-database
+                    key: database-name
+              - name: PGUSER
+                valueFrom:
+                  secretKeyRef: 
+                    name: ${REPO}-${ZONE}-database
+                    key: database-user
+              - name: PGPASSWORD
+                valueFrom:
+                  secretKeyRef: 
+                    name: ${REPO}-${ZONE}-database
+                    key: database-password
+              - name: PGHOST
+                value: ${REPO}-${ZONE}-database
+            resources:
+              limits:
+                cpu: 50m
+                memory: 256Mi
+              requests:
+                cpu: 10m
+                memory: 128Mi
             
         volumes:
           - name: staticfiles

From dfdf7340ac5165171a24133a7cbab3a99ea0f197 Mon Sep 17 00:00:00 2001
From: Paul Garewal <paul.garewal@gov.bc.ca>
Date: Fri, 7 Feb 2025 11:03:46 -0800
Subject: [PATCH 04/24] readiness probe debugging

---
 database/openshift.deploy.yml | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/database/openshift.deploy.yml b/database/openshift.deploy.yml
index 37a4e450e..9801592ec 100644
--- a/database/openshift.deploy.yml
+++ b/database/openshift.deploy.yml
@@ -238,13 +238,11 @@ objects:
                     - bash
                     - '-c'
                     - >-
-                      psql -q -d
-                      $PG_DATABASE -c 'SELECT 1'
-                failureThreshold: 5
-                initialDelaySeconds: 30
-                periodSeconds: 15
-                successThreshold: 1
-                timeoutSeconds: 1
+                      PGPASSWORD=$PG_PASSWORD psql -h localhost -U $PG_USER -d $PG_DATABASE -c 'SELECT 1'
+                initialDelaySeconds: 60
+                periodSeconds: 20
+                failureThreshold: 6
+                timeoutSeconds: 5
               resources:
                 requests:
                   cpu: ${REQUEST_CPU}
@@ -253,8 +251,11 @@ objects:
                   cpu: ${LIMIT_CPU}
                   memory: ${LIMIT_MEMORY}
               securityContext:
-                capabilities: {}
-                privileged: false
+                # capabilities: {}
+                # privileged: false
+                runAsUser: 26
+                runAsGroup: 26
+                fsGroup: 26
               terminationMessagePath: /dev/termination-log
               volumeMounts:
                 - mountPath: /pgdata
@@ -274,3 +275,6 @@ objects:
             - configMap:
                 name: ${REPO}-${ZONE}-${COMPONENT}-setupcfg
               name: ${REPO}-${ZONE}-${COMPONENT}-setupcfg
+          securityContext:
+            fsGroup: 26
+            supplementalGroups: [26]

From 841832ebdd74de906cd7c435c0d24b8926023a4d Mon Sep 17 00:00:00 2001
From: Paul Garewal <paul.garewal@gov.bc.ca>
Date: Fri, 7 Feb 2025 11:09:14 -0800
Subject: [PATCH 05/24] revert back

---
 database/openshift.deploy.yml | 22 +++++++++-------------
 1 file changed, 9 insertions(+), 13 deletions(-)

diff --git a/database/openshift.deploy.yml b/database/openshift.deploy.yml
index 9801592ec..37a4e450e 100644
--- a/database/openshift.deploy.yml
+++ b/database/openshift.deploy.yml
@@ -238,11 +238,13 @@ objects:
                     - bash
                     - '-c'
                     - >-
-                      PGPASSWORD=$PG_PASSWORD psql -h localhost -U $PG_USER -d $PG_DATABASE -c 'SELECT 1'
-                initialDelaySeconds: 60
-                periodSeconds: 20
-                failureThreshold: 6
-                timeoutSeconds: 5
+                      psql -q -d
+                      $PG_DATABASE -c 'SELECT 1'
+                failureThreshold: 5
+                initialDelaySeconds: 30
+                periodSeconds: 15
+                successThreshold: 1
+                timeoutSeconds: 1
               resources:
                 requests:
                   cpu: ${REQUEST_CPU}
@@ -251,11 +253,8 @@ objects:
                   cpu: ${LIMIT_CPU}
                   memory: ${LIMIT_MEMORY}
               securityContext:
-                # capabilities: {}
-                # privileged: false
-                runAsUser: 26
-                runAsGroup: 26
-                fsGroup: 26
+                capabilities: {}
+                privileged: false
               terminationMessagePath: /dev/termination-log
               volumeMounts:
                 - mountPath: /pgdata
@@ -275,6 +274,3 @@ objects:
             - configMap:
                 name: ${REPO}-${ZONE}-${COMPONENT}-setupcfg
               name: ${REPO}-${ZONE}-${COMPONENT}-setupcfg
-          securityContext:
-            fsGroup: 26
-            supplementalGroups: [26]

From c4daeee14cf6ae2485ac4e3d9dd2e0243cb4b192 Mon Sep 17 00:00:00 2001
From: Paul Garewal <paul.garewal@gov.bc.ca>
Date: Fri, 7 Feb 2025 13:49:45 -0800
Subject: [PATCH 06/24] added network policy to db

---
 database/openshift.deploy.yml | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/database/openshift.deploy.yml b/database/openshift.deploy.yml
index 37a4e450e..704e512e5 100644
--- a/database/openshift.deploy.yml
+++ b/database/openshift.deploy.yml
@@ -274,3 +274,23 @@ objects:
             - configMap:
                 name: ${REPO}-${ZONE}-${COMPONENT}-setupcfg
               name: ${REPO}-${ZONE}-${COMPONENT}-setupcfg
+  - apiVersion: networking.k8s.io/v1
+    kind: NetworkPolicy
+    metadata:
+      name: ${REPO}-${ZONE}-${COMPONENT}-network-policy
+      labels:
+        app: ${REPO}-${ZONE}
+    spec:
+      podSelector:
+        matchLabels:
+          name: ${REPO}-${ZONE}-${COMPONENT}
+      ingress:
+        - from:
+            - podSelector:
+                matchLabels:
+                  name: ${REPO}-${ZONE}-backend
+          ports:
+            - protocol: TCP
+              port: 5432
+      policyTypes:
+        - Ingress

From 4b2dc79df1a6929a4d461c937e91095ab102fffa Mon Sep 17 00:00:00 2001
From: Paul Garewal <paul.garewal@gov.bc.ca>
Date: Fri, 7 Feb 2025 15:13:39 -0800
Subject: [PATCH 07/24] readiness probe edit security context

---
 database/openshift.deploy.yml | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/database/openshift.deploy.yml b/database/openshift.deploy.yml
index 704e512e5..2f006242a 100644
--- a/database/openshift.deploy.yml
+++ b/database/openshift.deploy.yml
@@ -238,13 +238,12 @@ objects:
                     - bash
                     - '-c'
                     - >-
-                      psql -q -d
-                      $PG_DATABASE -c 'SELECT 1'
+                      PGDATA=/pgdata/userdata PGHOST=/tmp pg_isready -p 5432
                 failureThreshold: 5
-                initialDelaySeconds: 30
+                initialDelaySeconds: 60
                 periodSeconds: 15
                 successThreshold: 1
-                timeoutSeconds: 1
+                timeoutSeconds: 5
               resources:
                 requests:
                   cpu: ${REQUEST_CPU}
@@ -253,8 +252,10 @@ objects:
                   cpu: ${LIMIT_CPU}
                   memory: ${LIMIT_MEMORY}
               securityContext:
-                capabilities: {}
-                privileged: false
+                runAsUser: 26
+                runAsGroup: 26
+                fsGroup: 26
+                allowPrivilegeEscalation: false
               terminationMessagePath: /dev/termination-log
               volumeMounts:
                 - mountPath: /pgdata

From 1fcd1f1504590ae5646ea7c0bf9d7664000f7ec6 Mon Sep 17 00:00:00 2001
From: Paul Garewal <paul.garewal@gov.bc.ca>
Date: Fri, 7 Feb 2025 15:25:59 -0800
Subject: [PATCH 08/24] did not succeed, revert back securityContext

---
 database/openshift.deploy.yml | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/database/openshift.deploy.yml b/database/openshift.deploy.yml
index 2f006242a..779b2669b 100644
--- a/database/openshift.deploy.yml
+++ b/database/openshift.deploy.yml
@@ -238,8 +238,8 @@ objects:
                     - bash
                     - '-c'
                     - >-
-                      PGDATA=/pgdata/userdata PGHOST=/tmp pg_isready -p 5432
-                failureThreshold: 5
+                      psql -q -d
+                      $PG_DATABASE -c 'SELECT 1'
                 initialDelaySeconds: 60
                 periodSeconds: 15
                 successThreshold: 1
@@ -252,10 +252,8 @@ objects:
                   cpu: ${LIMIT_CPU}
                   memory: ${LIMIT_MEMORY}
               securityContext:
-                runAsUser: 26
-                runAsGroup: 26
-                fsGroup: 26
-                allowPrivilegeEscalation: false
+                capabilities: {}
+                privileged: false
               terminationMessagePath: /dev/termination-log
               volumeMounts:
                 - mountPath: /pgdata

From 8688b50318dc0a51ff031e23f27e6d36fcf93d1c Mon Sep 17 00:00:00 2001
From: Paul Garewal <paul.garewal@gov.bc.ca>
Date: Fri, 7 Feb 2025 15:26:55 -0800
Subject: [PATCH 09/24] added failure threshold

---
 database/openshift.deploy.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/database/openshift.deploy.yml b/database/openshift.deploy.yml
index 779b2669b..124b7e782 100644
--- a/database/openshift.deploy.yml
+++ b/database/openshift.deploy.yml
@@ -243,6 +243,7 @@ objects:
                 initialDelaySeconds: 60
                 periodSeconds: 15
                 successThreshold: 1
+                failureThreshold: 5
                 timeoutSeconds: 5
               resources:
                 requests:

From 2b4ede98cf9ea9c7ca87f6ca0df892ea515ee426 Mon Sep 17 00:00:00 2001
From: Paul Garewal <paul.garewal@gov.bc.ca>
Date: Fri, 7 Feb 2025 15:30:34 -0800
Subject: [PATCH 10/24] add horizontalPodAutoScaler explicitly

---
 database/openshift.deploy.yml | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/database/openshift.deploy.yml b/database/openshift.deploy.yml
index 124b7e782..2c2f8fca7 100644
--- a/database/openshift.deploy.yml
+++ b/database/openshift.deploy.yml
@@ -294,3 +294,24 @@ objects:
               port: 5432
       policyTypes:
         - Ingress
+  - apiVersion: autoscaling/v2
+    kind: HorizontalPodAutoscaler
+    metadata:
+      name: ${REPO}-${ZONE}-${COMPONENT}
+      labels:
+        app: ${REPO}-${ZONE}
+        appver: ${REPO}-${ZONE}-${COMPONENT}
+    spec:
+      scaleTargetRef:
+        apiVersion: apps/v1
+        kind: Deployment
+        name: ${REPO}-${ZONE}-${COMPONENT}
+      minReplicas: 1
+      maxReplicas: 5
+      metrics:
+        - type: Resource
+          resource:
+            name: cpu
+            target:
+              type: Utilization
+              averageUtilization: 90

From 9779998520617967236d83da75c6ce87c808b6b7 Mon Sep 17 00:00:00 2001
From: Paul Garewal <paul.garewal@gov.bc.ca>
Date: Fri, 7 Feb 2025 15:33:53 -0800
Subject: [PATCH 11/24] ensure db service properly defined

---
 backend/openshift.deploy.yml  | 12 ++++++++----
 database/openshift.deploy.yml | 14 +++++---------
 2 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/backend/openshift.deploy.yml b/backend/openshift.deploy.yml
index 5a2af776e..e44c8b631 100644
--- a/backend/openshift.deploy.yml
+++ b/backend/openshift.deploy.yml
@@ -216,10 +216,14 @@ objects:
           - containerPort: 8000
             protocol: TCP
           env:
-          - name: DATABASE_SERVICE_NAME
-            value: ${REPO}-${ZONE}-database
-          - name: DATABASE_PORT
-            value: "5432"
+            - name: DATABASE_SERVICE_NAME
+              value: ${REPO}-${ZONE}-database
+            - name: DATABASE_PORT
+              value: "5432"
+            - name: DATABASE_HOST
+              value: ${REPO}-${ZONE}-database
+            - name: PGHOST
+              value: ${REPO}-${ZONE}-database
           - name: DATABASE_NAME
             valueFrom:
               secretKeyRef:
diff --git a/database/openshift.deploy.yml b/database/openshift.deploy.yml
index 2c2f8fca7..d17c7ff9d 100644
--- a/database/openshift.deploy.yml
+++ b/database/openshift.deploy.yml
@@ -114,24 +114,18 @@ objects:
   - apiVersion: v1
     kind: Service
     metadata:
-      labels:
-        app: ${REPO}-${ZONE}
-      annotations:
-        template.openshift.io/expose-uri: postgres://{.spec.clusterIP}:{.spec.ports[?(.name=="postgresql")].port}
       name: ${REPO}-${ZONE}-${COMPONENT}
+      labels:
+        app: ${REPO}-${ZONE}-${COMPONENT}
     spec:
       ports:
         - name: postgresql
-          nodePort: 0
           port: 5432
           protocol: TCP
           targetPort: 5432
       selector:
         name: ${REPO}-${ZONE}-${COMPONENT}
-      sessionAffinity: None
       type: ClusterIP
-    status:
-      loadBalancer: {}
   - apiVersion: v1
     kind: PersistentVolumeClaim
     metadata:
@@ -181,7 +175,9 @@ objects:
                 - name: PGDATA_PATH_OVERRIDE
                   value: userdata
                 - name: PGHOST
-                  value: /tmp
+                  value: '*'
+                - name: LISTEN_ADDRESSES
+                  value: '*'
                 - name: PG_DATABASE
                   valueFrom:
                     secretKeyRef:

From 69942e8e2bd8687685449973adae047cebe755fd Mon Sep 17 00:00:00 2001
From: Paul Garewal <paul.garewal@gov.bc.ca>
Date: Fri, 7 Feb 2025 15:46:35 -0800
Subject: [PATCH 12/24] explicit network policy db update

---
 database/openshift.deploy.yml | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)

diff --git a/database/openshift.deploy.yml b/database/openshift.deploy.yml
index d17c7ff9d..6615e7e0d 100644
--- a/database/openshift.deploy.yml
+++ b/database/openshift.deploy.yml
@@ -273,21 +273,17 @@ objects:
   - apiVersion: networking.k8s.io/v1
     kind: NetworkPolicy
     metadata:
-      name: ${REPO}-${ZONE}-${COMPONENT}-network-policy
+      name: allow-same-namespace
       labels:
-        app: ${REPO}-${ZONE}
+        template: nr-gwells-backend-network-security-policy
     spec:
-      podSelector:
-        matchLabels:
-          name: ${REPO}-${ZONE}-${COMPONENT}
+      podSelector: {}
       ingress:
         - from:
-            - podSelector:
+            - namespaceSelector:
                 matchLabels:
-                  name: ${REPO}-${ZONE}-backend
-          ports:
-            - protocol: TCP
-              port: 5432
+                  environment: dev
+                  name: cd43d9
       policyTypes:
         - Ingress
   - apiVersion: autoscaling/v2

From 496cd1b4672254c0f5b8be935e12f78a101bfa08 Mon Sep 17 00:00:00 2001
From: Paul Garewal <paul.garewal@gov.bc.ca>
Date: Fri, 7 Feb 2025 15:50:38 -0800
Subject: [PATCH 13/24] update postgres auth

---
 database/openshift.deploy.yml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/database/openshift.deploy.yml b/database/openshift.deploy.yml
index 6615e7e0d..9366ce38b 100644
--- a/database/openshift.deploy.yml
+++ b/database/openshift.deploy.yml
@@ -47,7 +47,19 @@ parameters:
     value: gluster-file-db
 objects:
   - apiVersion: v1
+    kind: ConfigMap
+    metadata:
+      name: ${REPO}-${ZONE}-${COMPONENT}-config
+      labels:
+        app: ${REPO}-${ZONE}
     data:
+      pg_hba.conf: |
+        # TYPE  DATABASE        USER            ADDRESS                 METHOD
+        local   all            all                                     trust
+        host    all            all             127.0.0.1/32           trust
+        host    all            all             ::1/128                 trust
+        host    all            all             0.0.0.0/0              md5
+
       setup.sql: |-
         SET application_name="container_setup";
 
@@ -259,6 +271,9 @@ objects:
                   name: ${REPO}-${ZONE}-${COMPONENT}-run
                 - mountPath: /pgconf
                   name: ${REPO}-${ZONE}-${COMPONENT}-setupcfg
+                - mountPath: /etc/postgresql/pg_hba.conf
+                  name: ${REPO}-${ZONE}-${COMPONENT}-config
+                  subPath: pg_hba.conf
           dnsPolicy: ClusterFirst
           restartPolicy: Always
           volumes:
@@ -267,6 +282,9 @@ objects:
                 claimName: ${REPO}-${ZONE}-${COMPONENT}
             - name: ${REPO}-${ZONE}-${COMPONENT}-run
               emptyDir: {}
+            - name: ${REPO}-${ZONE}-${COMPONENT}-config
+              configMap:
+                name: ${REPO}-${ZONE}-${COMPONENT}-config
             - configMap:
                 name: ${REPO}-${ZONE}-${COMPONENT}-setupcfg
               name: ${REPO}-${ZONE}-${COMPONENT}-setupcfg

From ec6dcae375d78491637132099608c529a0aa43bc Mon Sep 17 00:00:00 2001
From: Paul Garewal <paul.garewal@gov.bc.ca>
Date: Fri, 7 Feb 2025 15:53:52 -0800
Subject: [PATCH 14/24] modify readiness probe

---
 database/openshift.deploy.yml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/database/openshift.deploy.yml b/database/openshift.deploy.yml
index 9366ce38b..61be095dd 100644
--- a/database/openshift.deploy.yml
+++ b/database/openshift.deploy.yml
@@ -58,7 +58,9 @@ objects:
         local   all            all                                     trust
         host    all            all             127.0.0.1/32           trust
         host    all            all             ::1/128                 trust
+        host    all            all             localhost               trust
         host    all            all             0.0.0.0/0              md5
+        host    all            all             ::/0                    md5
 
       setup.sql: |-
         SET application_name="container_setup";
@@ -246,8 +248,7 @@ objects:
                     - bash
                     - '-c'
                     - >-
-                      psql -q -d
-                      $PG_DATABASE -c 'SELECT 1'
+                      PGPASSWORD=$PG_PASSWORD PGHOST=localhost psql -U $PG_USER -d $PG_DATABASE -c 'SELECT 1'
                 initialDelaySeconds: 60
                 periodSeconds: 15
                 successThreshold: 1
@@ -271,7 +272,7 @@ objects:
                   name: ${REPO}-${ZONE}-${COMPONENT}-run
                 - mountPath: /pgconf
                   name: ${REPO}-${ZONE}-${COMPONENT}-setupcfg
-                - mountPath: /etc/postgresql/pg_hba.conf
+                - mountPath: /pgdata/userdata/pg_hba.conf
                   name: ${REPO}-${ZONE}-${COMPONENT}-config
                   subPath: pg_hba.conf
           dnsPolicy: ClusterFirst

From 4f460e1ce434855f67b6eb8c490a91847879d8bb Mon Sep 17 00:00:00 2001
From: Paul Garewal <paul.garewal@gov.bc.ca>
Date: Fri, 7 Feb 2025 16:06:12 -0800
Subject: [PATCH 15/24] cleanup

---
 database/openshift.deploy.yml | 22 ++++++++--------------
 1 file changed, 8 insertions(+), 14 deletions(-)

diff --git a/database/openshift.deploy.yml b/database/openshift.deploy.yml
index 61be095dd..17f26595d 100644
--- a/database/openshift.deploy.yml
+++ b/database/openshift.deploy.yml
@@ -53,15 +53,6 @@ objects:
       labels:
         app: ${REPO}-${ZONE}
     data:
-      pg_hba.conf: |
-        # TYPE  DATABASE        USER            ADDRESS                 METHOD
-        local   all            all                                     trust
-        host    all            all             127.0.0.1/32           trust
-        host    all            all             ::1/128                 trust
-        host    all            all             localhost               trust
-        host    all            all             0.0.0.0/0              md5
-        host    all            all             ::/0                    md5
-
       setup.sql: |-
         SET application_name="container_setup";
 
@@ -128,18 +119,23 @@ objects:
   - apiVersion: v1
     kind: Service
     metadata:
-      name: ${REPO}-${ZONE}-${COMPONENT}
       labels:
-        app: ${REPO}-${ZONE}-${COMPONENT}
+        app: ${REPO}-${ZONE}
+      annotations:
+        template.openshift.io/expose-uri: postgres://{.spec.clusterIP}:{.spec.ports[?(.name=="postgresql")].port}
     spec:
       ports:
         - name: postgresql
+          nodePort: 0
           port: 5432
           protocol: TCP
           targetPort: 5432
       selector:
         name: ${REPO}-${ZONE}-${COMPONENT}
+        sessionAffinity: None
       type: ClusterIP
+      status:
+        loadBalancer: {}
   - apiVersion: v1
     kind: PersistentVolumeClaim
     metadata:
@@ -189,9 +185,7 @@ objects:
                 - name: PGDATA_PATH_OVERRIDE
                   value: userdata
                 - name: PGHOST
-                  value: '*'
-                - name: LISTEN_ADDRESSES
-                  value: '*'
+                  value: /tmp
                 - name: PG_DATABASE
                   valueFrom:
                     secretKeyRef:

From 0a0be50dd555914df3db467b7faa57ba92adcf9e Mon Sep 17 00:00:00 2001
From: Paul Garewal <paul.garewal@gov.bc.ca>
Date: Fri, 7 Feb 2025 16:07:56 -0800
Subject: [PATCH 16/24] cleanup pt. II

---
 database/openshift.deploy.yml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/database/openshift.deploy.yml b/database/openshift.deploy.yml
index 17f26595d..166c06e3d 100644
--- a/database/openshift.deploy.yml
+++ b/database/openshift.deploy.yml
@@ -123,6 +123,7 @@ objects:
         app: ${REPO}-${ZONE}
       annotations:
         template.openshift.io/expose-uri: postgres://{.spec.clusterIP}:{.spec.ports[?(.name=="postgresql")].port}
+      name: ${REPO}-${ZONE}-${COMPONENT}
     spec:
       ports:
         - name: postgresql
@@ -132,10 +133,10 @@ objects:
           targetPort: 5432
       selector:
         name: ${REPO}-${ZONE}-${COMPONENT}
-        sessionAffinity: None
+      sessionAffinity: None
       type: ClusterIP
-      status:
-        loadBalancer: {}
+    status:
+      loadBalancer: {}
   - apiVersion: v1
     kind: PersistentVolumeClaim
     metadata:

From 4b862f59e47adc1e80d9d00a45f4b33fc857e257 Mon Sep 17 00:00:00 2001
From: Paul Garewal <paul.garewal@gov.bc.ca>
Date: Tue, 11 Feb 2025 11:15:52 -0800
Subject: [PATCH 17/24] increased delay seconds and added wait for database
 startup

---
 backend/openshift.deploy.yml  | 16 ++++++++++++++--
 database/openshift.deploy.yml |  8 ++++----
 2 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/backend/openshift.deploy.yml b/backend/openshift.deploy.yml
index e44c8b631..2b890aa94 100644
--- a/backend/openshift.deploy.yml
+++ b/backend/openshift.deploy.yml
@@ -175,7 +175,16 @@ objects:
             image: 'ghcr.io/bcgov/${REPO}/database:${TAG}'
             labels: 
               name: ${REPO}-${ZONE}-${COMPONENT}
-            command: ["/bin/bash", "-c", "set -x; psql -qtAX -c 'select 1'"]
+            command:
+              - /bin/bash
+              - "-c"
+              - |
+                echo "Waiting for PostgreSQL..."
+                until PGPASSWORD=$PGPASSWORD psql -h ${PGHOST} -U ${PGUSER} -d ${PGDATABASE} -c "SELECT 1"; do
+                  echo "PostgreSQL is unavailable - sleeping"
+                  sleep 5
+                done
+                echo "PostgreSQL is up!"
             env:
               - name: PGDATABASE
                 valueFrom:
@@ -221,7 +230,10 @@ objects:
             - name: DATABASE_PORT
               value: "5432"
             - name: DATABASE_HOST
-              value: ${REPO}-${ZONE}-database
+            valueFrom:
+              secretKeyRef:
+                name: ${REPO}-${ZONE}-database
+                key: database-host
             - name: PGHOST
               value: ${REPO}-${ZONE}-database
           - name: DATABASE_NAME
diff --git a/database/openshift.deploy.yml b/database/openshift.deploy.yml
index 166c06e3d..46796bbc8 100644
--- a/database/openshift.deploy.yml
+++ b/database/openshift.deploy.yml
@@ -243,11 +243,11 @@ objects:
                     - bash
                     - '-c'
                     - >-
-                      PGPASSWORD=$PG_PASSWORD PGHOST=localhost psql -U $PG_USER -d $PG_DATABASE -c 'SELECT 1'
-                initialDelaySeconds: 60
+                      PGPASSWORD=$PG_PASSWORD PGHOST=${REPO}-${ZONE}-${COMPONENT} psql -U $PG_USER -d $PG_DATABASE -c 'SELECT 1'
+                initialDelaySeconds: 120
                 periodSeconds: 15
                 successThreshold: 1
-                failureThreshold: 5
+                failureThreshold: 10
                 timeoutSeconds: 5
               resources:
                 requests:
@@ -261,7 +261,7 @@ objects:
                 privileged: false
               terminationMessagePath: /dev/termination-log
               volumeMounts:
-                - mountPath: /pgdata
+                - mountPath: /var/lib/postgresql/data
                   name: ${REPO}-${ZONE}-${COMPONENT}-data
                 - mountPath: /var/run/postgresql
                   name: ${REPO}-${ZONE}-${COMPONENT}-run

From d4f9d7dab679ce02e2b2bf3628029fe57af4a845 Mon Sep 17 00:00:00 2001
From: Paul Garewal <paul.garewal@gov.bc.ca>
Date: Tue, 11 Feb 2025 11:40:42 -0800
Subject: [PATCH 18/24] removed duplicate configMap

---
 .github/workflows/.deploy.yml | 4 +++-
 backend/openshift.deploy.yml  | 4 ++--
 database/openshift.deploy.yml | 7 -------
 3 files changed, 5 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/.deploy.yml b/.github/workflows/.deploy.yml
index 5ede1eff6..d6a6ae86d 100644
--- a/.github/workflows/.deploy.yml
+++ b/.github/workflows/.deploy.yml
@@ -77,7 +77,9 @@ jobs:
 
   database:
     name: Database
-    needs: init
+    needs: 
+      - init
+    if: success()
     environment: ${{ inputs.environment }}
     runs-on: ubuntu-24.04
     steps:
diff --git a/backend/openshift.deploy.yml b/backend/openshift.deploy.yml
index 2b890aa94..cb8a5e93f 100644
--- a/backend/openshift.deploy.yml
+++ b/backend/openshift.deploy.yml
@@ -503,7 +503,7 @@ objects:
           capabilities:
             add: ["NET_BIND_SERVICE"]
         schedulerName: default-scheduler
-- apiVersion: autoscaling/v1
+- apiVersion: autoscaling/v2
   kind: HorizontalPodAutoscaler
   metadata:
     creationTimestamp: 
@@ -515,7 +515,7 @@ objects:
     maxReplicas: 5
     minReplicas: 1
     scaleTargetRef:
-      apiVersion: v1
+      apiVersion: apps/v1
       kind: Deployment
       name: ${REPO}-${ZONE}-${COMPONENT}
     targetCPUUtilizationPercentage: 90
diff --git a/database/openshift.deploy.yml b/database/openshift.deploy.yml
index 46796bbc8..84a051a3a 100644
--- a/database/openshift.deploy.yml
+++ b/database/openshift.deploy.yml
@@ -109,13 +109,6 @@ objects:
         grant usage on schema postgis_ftw to ftw_reader;
         ALTER DEFAULT PRIVILEGES IN SCHEMA postgis_ftw GRANT SELECT ON TABLES TO ftw_reader;
 
-    kind: ConfigMap
-    metadata:
-      labels:
-        app: ${REPO}-${ZONE}
-        name: ${REPO}-${ZONE}-${COMPONENT}-setupcfg
-        appver: ${REPO}-${ZONE}-${COMPONENT}
-      name: ${REPO}-${ZONE}-${COMPONENT}-setupcfg
   - apiVersion: v1
     kind: Service
     metadata:

From 78ce8dceb09f8e8dd69368438efb9d5df2c0d574 Mon Sep 17 00:00:00 2001
From: Paul Garewal <paul.garewal@gov.bc.ca>
Date: Tue, 11 Feb 2025 14:11:34 -0800
Subject: [PATCH 19/24] reduced cpu request

---
 .github/workflows/.deploy.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/.deploy.yml b/.github/workflows/.deploy.yml
index d6a6ae86d..98f171562 100644
--- a/.github/workflows/.deploy.yml
+++ b/.github/workflows/.deploy.yml
@@ -98,7 +98,7 @@ jobs:
             -p TAG=${{ inputs.tag }}
             -p ZONE=${{ inputs.target }}
             -p STORAGE_CLASS=netapp-file-standard
-            -p REQUEST_CPU=200m
+            -p REQUEST_CPU=85m
             -p LIMIT_CPU=500m
             -p LIMIT_MEMORY=1Gi
 

From d349515a0c5264c4674497a49bf06b3520dca98d Mon Sep 17 00:00:00 2001
From: Paul Garewal <paul.garewal@gov.bc.ca>
Date: Tue, 11 Feb 2025 14:31:32 -0800
Subject: [PATCH 20/24] updated mountPath

---
 database/openshift.deploy.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/database/openshift.deploy.yml b/database/openshift.deploy.yml
index 84a051a3a..23ff93ba5 100644
--- a/database/openshift.deploy.yml
+++ b/database/openshift.deploy.yml
@@ -254,7 +254,7 @@ objects:
                 privileged: false
               terminationMessagePath: /dev/termination-log
               volumeMounts:
-                - mountPath: /var/lib/postgresql/data
+                - mountPath: /pgdata
                   name: ${REPO}-${ZONE}-${COMPONENT}-data
                 - mountPath: /var/run/postgresql
                   name: ${REPO}-${ZONE}-${COMPONENT}-run

From 7ade65fa8717da25de085c2e2006cafabd6da5dd Mon Sep 17 00:00:00 2001
From: Paul Garewal <paul.garewal@gov.bc.ca>
Date: Tue, 11 Feb 2025 14:32:35 -0800
Subject: [PATCH 21/24] added name to configmap db

---
 database/openshift.deploy.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/database/openshift.deploy.yml b/database/openshift.deploy.yml
index 23ff93ba5..c33360ea2 100644
--- a/database/openshift.deploy.yml
+++ b/database/openshift.deploy.yml
@@ -274,9 +274,9 @@ objects:
             - name: ${REPO}-${ZONE}-${COMPONENT}-config
               configMap:
                 name: ${REPO}-${ZONE}-${COMPONENT}-config
-            - configMap:
+            - name: ${REPO}-${ZONE}-${COMPONENT}-setupcfg
+              configMap:
                 name: ${REPO}-${ZONE}-${COMPONENT}-setupcfg
-              name: ${REPO}-${ZONE}-${COMPONENT}-setupcfg
   - apiVersion: networking.k8s.io/v1
     kind: NetworkPolicy
     metadata:

From 756e9c7679d5011b5234b9e7fb828030309df166 Mon Sep 17 00:00:00 2001
From: Paul Garewal <paul.garewal@gov.bc.ca>
Date: Tue, 11 Feb 2025 14:44:05 -0800
Subject: [PATCH 22/24] remove pg.conf

---
 database/openshift.deploy.yml | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/database/openshift.deploy.yml b/database/openshift.deploy.yml
index c33360ea2..48277d33e 100644
--- a/database/openshift.deploy.yml
+++ b/database/openshift.deploy.yml
@@ -260,9 +260,6 @@ objects:
                   name: ${REPO}-${ZONE}-${COMPONENT}-run
                 - mountPath: /pgconf
                   name: ${REPO}-${ZONE}-${COMPONENT}-setupcfg
-                - mountPath: /pgdata/userdata/pg_hba.conf
-                  name: ${REPO}-${ZONE}-${COMPONENT}-config
-                  subPath: pg_hba.conf
           dnsPolicy: ClusterFirst
           restartPolicy: Always
           volumes:
@@ -271,9 +268,6 @@ objects:
                 claimName: ${REPO}-${ZONE}-${COMPONENT}
             - name: ${REPO}-${ZONE}-${COMPONENT}-run
               emptyDir: {}
-            - name: ${REPO}-${ZONE}-${COMPONENT}-config
-              configMap:
-                name: ${REPO}-${ZONE}-${COMPONENT}-config
             - name: ${REPO}-${ZONE}-${COMPONENT}-setupcfg
               configMap:
                 name: ${REPO}-${ZONE}-${COMPONENT}-setupcfg

From d2a982820533be67d2183253d5b4d33775b9f016 Mon Sep 17 00:00:00 2001
From: Paul Garewal <paul.garewal@gov.bc.ca>
Date: Tue, 11 Feb 2025 14:50:31 -0800
Subject: [PATCH 23/24] readiness probe increase wait time

---
 database/openshift.deploy.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/database/openshift.deploy.yml b/database/openshift.deploy.yml
index 48277d33e..80e9d28a2 100644
--- a/database/openshift.deploy.yml
+++ b/database/openshift.deploy.yml
@@ -237,11 +237,11 @@ objects:
                     - '-c'
                     - >-
                       PGPASSWORD=$PG_PASSWORD PGHOST=${REPO}-${ZONE}-${COMPONENT} psql -U $PG_USER -d $PG_DATABASE -c 'SELECT 1'
-                initialDelaySeconds: 120
-                periodSeconds: 15
+                initialDelaySeconds: 180
+                periodSeconds: 30
                 successThreshold: 1
-                failureThreshold: 10
-                timeoutSeconds: 5
+                failureThreshold: 15
+                timeoutSeconds: 10
               resources:
                 requests:
                   cpu: ${REQUEST_CPU}
@@ -254,7 +254,7 @@ objects:
                 privileged: false
               terminationMessagePath: /dev/termination-log
               volumeMounts:
-                - mountPath: /pgdata
+                - mountPath: /pgdata/userdata
                   name: ${REPO}-${ZONE}-${COMPONENT}-data
                 - mountPath: /var/run/postgresql
                   name: ${REPO}-${ZONE}-${COMPONENT}-run

From 63e26e727f8d474f809f47be090aec53fd3c401a Mon Sep 17 00:00:00 2001
From: Paul Garewal <paul.garewal@gov.bc.ca>
Date: Tue, 11 Feb 2025 14:59:56 -0800
Subject: [PATCH 24/24] changed readinessProbe database connection

---
 database/openshift.deploy.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/database/openshift.deploy.yml b/database/openshift.deploy.yml
index 80e9d28a2..f16b8913c 100644
--- a/database/openshift.deploy.yml
+++ b/database/openshift.deploy.yml
@@ -236,7 +236,8 @@ objects:
                     - bash
                     - '-c'
                     - >-
-                      PGPASSWORD=$PG_PASSWORD PGHOST=${REPO}-${ZONE}-${COMPONENT} psql -U $PG_USER -d $PG_DATABASE -c 'SELECT 1'
+                      psql -q -d
+                      $PG_DATABASE -c 'SELECT 1'
                 initialDelaySeconds: 180
                 periodSeconds: 30
                 successThreshold: 1