Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(ci): backend frontend docker #241

Closed
wants to merge 24 commits into from
Closed

chore(ci): backend frontend docker #241

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
24 commits
Select commit Hold shift + click to select a range
d06d028
initial work on pipeline begin
PaulGarewal Feb 7, 2025
bb4e422
expose backend service route
PaulGarewal Feb 7, 2025
a262b97
uncomment init container
PaulGarewal Feb 7, 2025
dfdf734
readiness probe debugging
PaulGarewal Feb 7, 2025
841832e
revert back
PaulGarewal Feb 7, 2025
c4daeee
added network policy to db
PaulGarewal Feb 7, 2025
4b2dc79
readiness probe edit security context
PaulGarewal Feb 7, 2025
1fcd1f1
did not succeed, revert back securityContext
PaulGarewal Feb 7, 2025
8688b50
added failure threshold
PaulGarewal Feb 7, 2025
2b4ede9
add horizontalPodAutoScaler explicitly
PaulGarewal Feb 7, 2025
9779998
ensure db service properly defined
PaulGarewal Feb 7, 2025
69942e8
explicit network policy db update
PaulGarewal Feb 7, 2025
496cd1b
update postgres auth
PaulGarewal Feb 7, 2025
ec6dcae
modify readiness probe
PaulGarewal Feb 7, 2025
4f460e1
cleanup
PaulGarewal Feb 8, 2025
0a0be50
cleanup pt. II
PaulGarewal Feb 8, 2025
4b862f5
increased delay seconds and added wait for database startup
PaulGarewal Feb 11, 2025
d4f9d7d
removed duplicate configMap
PaulGarewal Feb 11, 2025
78ce8dc
reduced cpu request
PaulGarewal Feb 11, 2025
d349515
updated mountPath
PaulGarewal Feb 11, 2025
7ade65f
added name to configmap db
PaulGarewal Feb 11, 2025
756e9c7
remove pg.conf
PaulGarewal Feb 11, 2025
d2a9828
readiness probe increase wait time
PaulGarewal Feb 11, 2025
63e26e7
changed readinessProbe database connection
PaulGarewal Feb 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
40 changes: 21 additions & 19 deletions .github/workflows/.deploy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,9 @@ jobs:

database:
name: Database
needs: init
needs:
- init
if: success()
environment: ${{ inputs.environment }}
runs-on: ubuntu-24.04
steps:
Expand All @@ -96,7 +98,7 @@ jobs:
-p TAG=${{ inputs.tag }}
-p ZONE=${{ inputs.target }}
-p STORAGE_CLASS=netapp-file-standard
-p REQUEST_CPU=200m
-p REQUEST_CPU=85m
-p LIMIT_CPU=500m
-p LIMIT_MEMORY=1Gi

Expand Down Expand Up @@ -145,21 +147,21 @@ jobs:
-p EMAIL_NOTIFICATION_RECIPIENT=${{ vars.EMAIL_NOTIFICATION_RECIPIENT }}
-p GEOCODER_ADDRESS_API_BASE=${{ vars.GEOCODER_ADDRESS_API_BASE }}

# frontend:
# name: Frontend
# needs: [ init, database, backend ]
# environment: ${{ inputs.environment }}
# runs-on: ubuntu-24.04
# steps:
# - name: Deploy Frontend
# uses: bcgov/[email protected]
# with:
# oc_namespace: ${{ vars.OC_NAMESPACE }}
# oc_server: ${{ vars.OC_SERVER }}
# oc_token: ${{ secrets.OC_TOKEN }}
# oc_version: "4.14.37"
# file: frontend/openshift.deploy.yml
# parameters:
# -p ZONE=${{ inputs.target }}
# -p TAG=${{ inputs.tag }}
frontend:
name: Frontend
needs: [ init, database, backend ]
environment: ${{ inputs.environment }}
runs-on: ubuntu-24.04
steps:
- name: Deploy Frontend
uses: bcgov/[email protected]
with:
oc_namespace: ${{ vars.OC_NAMESPACE }}
oc_server: ${{ vars.OC_SERVER }}
oc_token: ${{ secrets.OC_TOKEN }}
oc_version: "4.14.37"
file: frontend/openshift.deploy.yml
parameters:
-p ZONE=${{ inputs.target }}
-p TAG=${{ inputs.tag }}

144 changes: 80 additions & 64 deletions backend/openshift.deploy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -170,56 +170,72 @@ objects:
name: ${REPO}-${ZONE}-${COMPONENT}
deployment: ${REPO}-${ZONE}-${COMPONENT}
spec:
# initContainers:
# - name: check-database
# image: 'ghcr.io/bcgov/${REPO}/database:${TAG}'
# labels:
# name: ${REPO}-${ZONE}-${COMPONENT}
# command: ["/bin/bash", "-c", "set -x; psql -qtAX -c 'select 1'"]
# env:
# - name: PGDATABASE
# valueFrom:
# secretKeyRef:
# name: ${REPO}-${ZONE}-database
# key: database-name
# - name: PGUSER
# valueFrom:
# secretKeyRef:
# name: ${REPO}-${ZONE}-database
# key: database-user
# - name: PGPASSWORD
# valueFrom:
# secretKeyRef:
# name: ${REPO}-${ZONE}-database
# key: database-password
# - name: PGHOST
# value: ${REPO}-${ZONE}-database
# resources:
# limits:
# cpu: 50m
# memory: 256Mi
# requests:
# cpu: 10m
# memory: 128Mi
initContainers:
- name: check-database
image: 'ghcr.io/bcgov/${REPO}/database:${TAG}'
labels:
name: ${REPO}-${ZONE}-${COMPONENT}
command:
- /bin/bash
- "-c"
- |
echo "Waiting for PostgreSQL..."
until PGPASSWORD=$PGPASSWORD psql -h ${PGHOST} -U ${PGUSER} -d ${PGDATABASE} -c "SELECT 1"; do
echo "PostgreSQL is unavailable - sleeping"
sleep 5
done
echo "PostgreSQL is up!"
env:
- name: PGDATABASE
valueFrom:
secretKeyRef:
name: ${REPO}-${ZONE}-database
key: database-name
- name: PGUSER
valueFrom:
secretKeyRef:
name: ${REPO}-${ZONE}-database
key: database-user
- name: PGPASSWORD
valueFrom:
secretKeyRef:
name: ${REPO}-${ZONE}-database
key: database-password
- name: PGHOST
value: ${REPO}-${ZONE}-database
resources:
limits:
cpu: 50m
memory: 256Mi
requests:
cpu: 10m
memory: 128Mi

# volumes:
# - name: staticfiles
# emptyDir:
# sizeLimit: 250Mi
volumes:
- name: staticfiles
emptyDir:
sizeLimit: 250Mi
containers:
- name: ${REPO}-${ZONE}-${COMPONENT}-app
image: 'ghcr.io/bcgov/${REPO}/${COMPONENT}:${TAG}'
# volumeMounts:
# - name: staticfiles
# mountPath: /app/staticfiles
volumeMounts:
- name: staticfiles
mountPath: /app/staticfiles
ports:
- containerPort: 8000
protocol: TCP
env:
- name: DATABASE_SERVICE_NAME
value: ${REPO}-${ZONE}-database
- name: DATABASE_PORT
value: "5432"
- name: DATABASE_SERVICE_NAME
value: ${REPO}-${ZONE}-database
- name: DATABASE_PORT
value: "5432"
- name: DATABASE_HOST
valueFrom:
secretKeyRef:
name: ${REPO}-${ZONE}-database
key: database-host
- name: PGHOST
value: ${REPO}-${ZONE}-database
- name: DATABASE_NAME
valueFrom:
secretKeyRef:
Expand Down Expand Up @@ -487,7 +503,7 @@ objects:
capabilities:
add: ["NET_BIND_SERVICE"]
schedulerName: default-scheduler
- apiVersion: autoscaling/v1
- apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
creationTimestamp:
Expand All @@ -499,7 +515,7 @@ objects:
maxReplicas: 5
minReplicas: 1
scaleTargetRef:
apiVersion: v1
apiVersion: apps/v1
kind: Deployment
name: ${REPO}-${ZONE}-${COMPONENT}
targetCPUUtilizationPercentage: 90
Expand All @@ -520,23 +536,23 @@ objects:
name: ${REPO}-${ZONE}-${COMPONENT}
type: ClusterIP
sessionAffinity: None
# - kind: Route
# apiVersion: v1
# metadata:
# name: ${REPO}-${ZONE}-${COMPONENT}
# labels:
# frontend: 'true'
# app: ${REPO}-${ZONE}-${COMPONENT}
# spec:
# host: ${REPO}-${ZONE}-${COMPONENT}.apps.silver.devops.gov.bc.ca
# path: "/gwells"
# to:
# kind: Service
# name: ${REPO}-${ZONE}-${COMPONENT}
# weight: 100
# port:
# targetPort: web
# tls:
# insecureEdgeTerminationPolicy: Redirect
# termination: edge
# wildcardPolicy: None
- kind: Route
apiVersion: v1
metadata:
name: ${REPO}-${ZONE}-${COMPONENT}
labels:
frontend: 'true'
app: ${REPO}-${ZONE}-${COMPONENT}
spec:
host: ${REPO}-${ZONE}-${COMPONENT}.apps.silver.devops.gov.bc.ca
path: "/gwells"
to:
kind: Service
name: ${REPO}-${ZONE}-${COMPONENT}
weight: 100
port:
targetPort: web
tls:
insecureEdgeTerminationPolicy: Redirect
termination: edge
wildcardPolicy: None
63 changes: 49 additions & 14 deletions database/openshift.deploy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,11 @@ parameters:
value: gluster-file-db
objects:
- apiVersion: v1
kind: ConfigMap
metadata:
name: ${REPO}-${ZONE}-${COMPONENT}-config
labels:
app: ${REPO}-${ZONE}
data:
setup.sql: |-
SET application_name="container_setup";
Expand Down Expand Up @@ -104,13 +109,6 @@ objects:
grant usage on schema postgis_ftw to ftw_reader;
ALTER DEFAULT PRIVILEGES IN SCHEMA postgis_ftw GRANT SELECT ON TABLES TO ftw_reader;

kind: ConfigMap
metadata:
labels:
app: ${REPO}-${ZONE}
name: ${REPO}-${ZONE}-${COMPONENT}-setupcfg
appver: ${REPO}-${ZONE}-${COMPONENT}
name: ${REPO}-${ZONE}-${COMPONENT}-setupcfg
- apiVersion: v1
kind: Service
metadata:
Expand Down Expand Up @@ -240,11 +238,11 @@ objects:
- >-
psql -q -d
$PG_DATABASE -c 'SELECT 1'
failureThreshold: 5
initialDelaySeconds: 30
periodSeconds: 15
initialDelaySeconds: 180
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 1
failureThreshold: 15
timeoutSeconds: 10
resources:
requests:
cpu: ${REQUEST_CPU}
Expand All @@ -257,7 +255,7 @@ objects:
privileged: false
terminationMessagePath: /dev/termination-log
volumeMounts:
- mountPath: /pgdata
- mountPath: /pgdata/userdata
name: ${REPO}-${ZONE}-${COMPONENT}-data
- mountPath: /var/run/postgresql
name: ${REPO}-${ZONE}-${COMPONENT}-run
Expand All @@ -271,6 +269,43 @@ objects:
claimName: ${REPO}-${ZONE}-${COMPONENT}
- name: ${REPO}-${ZONE}-${COMPONENT}-run
emptyDir: {}
- configMap:
- name: ${REPO}-${ZONE}-${COMPONENT}-setupcfg
configMap:
name: ${REPO}-${ZONE}-${COMPONENT}-setupcfg
name: ${REPO}-${ZONE}-${COMPONENT}-setupcfg
- apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-same-namespace
labels:
template: nr-gwells-backend-network-security-policy
spec:
podSelector: {}
ingress:
- from:
- namespaceSelector:
matchLabels:
environment: dev
name: cd43d9
policyTypes:
- Ingress
- apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: ${REPO}-${ZONE}-${COMPONENT}
labels:
app: ${REPO}-${ZONE}
appver: ${REPO}-${ZONE}-${COMPONENT}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: ${REPO}-${ZONE}-${COMPONENT}
minReplicas: 1
maxReplicas: 5
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 90
Loading