diff --git a/backend/openshift.deploy.yml b/backend/openshift.deploy.yml deleted file mode 100644 index 436a4ad7d..000000000 --- a/backend/openshift.deploy.yml +++ /dev/null @@ -1,292 +0,0 @@ -apiVersion: template.openshift.io/v1 -kind: Template -labels: - app: ${NAME}-${ZONE} - app.kubernetes.io/part-of: ${NAME}-${ZONE} -parameters: - - name: NAME - description: Module name - value: nr-compliance-enforcement - - name: COMPONENT - description: Component name - value: backend - - name: ZONE - description: Deployment zone, e.g. pr-### or prod - required: true - - name: IMAGE_TAG - description: Image tag to use - value: latest - - name: DOMAIN - value: apps.silver.devops.gov.bc.ca - - name: CPU_REQUEST - value: "20m" - - name: MEMORY_REQUEST - value: "100Mi" - - name: CPU_LIMIT - value: "40m" - - name: MEMORY_LIMIT - value: "200Mi" - - name: MIN_REPLICAS - description: The minimum amount of replicas for the horizontal pod autoscaler. - value: "3" - - name: MAX_REPLICAS - description: The maximum amount of replicas for the horizontal pod autoscaler. - value: "5" - - name: REGISTRY - description: Container registry to import from (internal is image-registry.openshift-image-registry.svc:5000) - value: ghcr.io - - name: PROMOTE - description: Image (namespace/name:tag) to promote/import - value: bcgov/nr-compliance-enforcement/backend:prod - - name: PROMOTE_MIGRATION - description: Image (namespace/name:tag) for migration to promote/import - value: bcgov/nr-compliance-enforcement/database-migrations:test - - name: COMPONENT_DB_MIGRATION - description: Component name for database migrations - value: database-migrations - - name: FLYWAY_LOCATIONS - description: Location of flyway scripts, useful when there's a need to run flyway scripts differently in each environment - -objects: - - apiVersion: v1 - kind: ImageStream - metadata: - labels: - app: ${NAME}-${ZONE} - name: ${NAME}-${ZONE}-${COMPONENT} - spec: - lookupPolicy: - local: false - tags: - - name: ${IMAGE_TAG} - from: - kind: DockerImage - name: ${REGISTRY}/${PROMOTE} - referencePolicy: - type: Local - - apiVersion: v1 - kind: ImageStream - metadata: - labels: - app: ${NAME}-${ZONE} - name: ${NAME}-${ZONE}-${COMPONENT_DB_MIGRATION} - spec: - lookupPolicy: - local: false - tags: - - name: ${IMAGE_TAG} - from: - kind: DockerImage - name: ${REGISTRY}/${PROMOTE_MIGRATION} - referencePolicy: - type: Local - - apiVersion: v1 - kind: DeploymentConfig - metadata: - labels: - app: ${NAME}-${ZONE} - name: ${NAME}-${ZONE}-${COMPONENT} - spec: - replicas: 1 - triggers: - - type: ConfigChange - - type: ImageChange - imageChangeParams: - automatic: true - containerNames: - - ${NAME} - from: - kind: ImageStreamTag - name: ${NAME}-${ZONE}-${COMPONENT}:${IMAGE_TAG} - - type: ImageChange - imageChangeParams: - automatic: true - containerNames: - - ${NAME}-${COMPONENT_DB_MIGRATION} - from: - kind: ImageStreamTag - name: ${NAME}-${ZONE}-${COMPONENT_DB_MIGRATION}:${IMAGE_TAG} - selector: - deploymentconfig: ${NAME}-${ZONE}-${COMPONENT} - strategy: - type: Rolling - template: - metadata: - labels: - app: ${NAME}-${ZONE} - deploymentconfig: ${NAME}-${ZONE}-${COMPONENT} - spec: - containers: - - image: ${NAME}-${ZONE}-${COMPONENT}:${IMAGE_TAG} - imagePullPolicy: Always - name: ${NAME} - env: - - name: NODE_TLS_REJECT_UNAUTHORIZED - value: "0" - - name: POSTGRESQL_HOST - value: ${NAME}-${ZONE}-database - - name: POSTGRESQL_DATABASE - valueFrom: - secretKeyRef: - name: ${NAME}-${ZONE}-database - key: database-name - - name: POSTGRESQL_PASSWORD - valueFrom: - secretKeyRef: - name: ${NAME}-${ZONE}-database - key: database-password - - name: POSTGRESQL_USER - valueFrom: - secretKeyRef: - name: ${NAME}-${ZONE}-database - key: database-user - - name: KEYCLOCK_CLIENT_ID - valueFrom: - secretKeyRef: - name: ceds-backend-oicd - key: keycloak-client-id - - name: JWKS_URI - valueFrom: - secretKeyRef: - name: ceds-backend-oicd - key: jwks-uri - - name: JWT_ISSUER - valueFrom: - secretKeyRef: - name: ceds-backend-oicd - key: jwt-issuer - - name: BC_GEOCODER_API_URL - valueFrom: - secretKeyRef: - name: bc-geo-coder - key: BC_GEOCODER_API_URL - - name: COMPLAINTS_API_KEY - valueFrom: - secretKeyRef: - name: webeoc - key: complaints-api-key - - name: CASE_MANAGEMENT_API_URL - valueFrom: - secretKeyRef: - name: ${NAME}-${ZONE}-case-management - key: case-management-api-url - - name: SEQ_RESET_VALUE - valueFrom: - secretKeyRef: - name: sequence-reset-cron - key: seq-reset-value - - name: SEQ_RESET_CRON_EXPRESSION - valueFrom: - secretKeyRef: - name: sequence-reset-cron - key: seq-reset-cron-expression - - name: COMS_JWT_AUTH_URI - valueFrom: - secretKeyRef: - name: cdogs - key: coms-jwt-auth-uri - - name: CDOGS_URI - valueFrom: - secretKeyRef: - name: cdogs - key: cdogs-uri - - name: CDOGS_CLIENT_ID - valueFrom: - secretKeyRef: - name: cdogs - key: cdogs-client-id - - name: CDOGS_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: cdogs - key: cdogs-client-secret - ports: - - containerPort: 3000 - protocol: TCP - resources: - requests: - cpu: ${CPU_REQUEST} - memory: ${MEMORY_REQUEST} - limits: - cpu: ${CPU_LIMIT} - memory: ${MEMORY_LIMIT} - readinessProbe: - httpGet: - path: /api - port: 3000 - scheme: HTTP - initialDelaySeconds: 60 - periodSeconds: 15 - timeoutSeconds: 5 - livenessProbe: - successThreshold: 1 - failureThreshold: 3 - httpGet: - path: /api - port: 3000 - scheme: HTTP - initialDelaySeconds: 60 - periodSeconds: 30 - timeoutSeconds: 5 - initContainers: - - name: ${NAME}-${COMPONENT_DB_MIGRATION} - image: ${NAME}-${ZONE}-${COMPONENT_DB_MIGRATION}:${IMAGE_TAG} - env: - - name: FLYWAY_URL - value: "jdbc:postgresql://${NAME}-${ZONE}-database:5432/${NAME}" - - name: FLYWAY_USER - valueFrom: - secretKeyRef: - name: ${NAME}-${ZONE}-database - key: database-user - - name: FLYWAY_PASSWORD - valueFrom: - secretKeyRef: - name: ${NAME}-${ZONE}-database - key: database-password - - name: FLYWAY_BASELINE_ON_MIGRATE - value: "true" - - name: FLYWAY_LOCATIONS - value: ${FLYWAY_LOCATIONS} - - name: FLYWAY_DEFAULT_SCHEMA - value: "public" - resources: - requests: - cpu: ${CPU_REQUEST} - memory: ${MEMORY_REQUEST} - limits: - cpu: ${CPU_LIMIT} - memory: ${MEMORY_LIMIT} - - apiVersion: v1 - kind: Service - metadata: - labels: - app: ${NAME}-${ZONE} - name: ${NAME}-${ZONE}-${COMPONENT} - spec: - ports: - - name: 3000-tcp - protocol: TCP - port: 80 - targetPort: 3000 - selector: - deploymentconfig: ${NAME}-${ZONE}-${COMPONENT} - - - apiVersion: autoscaling/v2 - kind: HorizontalPodAutoscaler - metadata: - name: ${NAME}-${ZONE}-${COMPONENT} - spec: - scaleTargetRef: - apiVersion: apps.openshift.io/v1 - kind: DeploymentConfig - name: ${NAME}-${ZONE}-${COMPONENT} - minReplicas: ${{MIN_REPLICAS}} - maxReplicas: ${{MAX_REPLICAS}} - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: 100 diff --git a/charts/app/templates/backend/templates/deployment.yaml b/charts/app/templates/backend/templates/deployment.yaml index 84f3b9423..82d0ba9d7 100644 --- a/charts/app/templates/backend/templates/deployment.yaml +++ b/charts/app/templates/backend/templates/deployment.yaml @@ -45,7 +45,15 @@ spec: - name: FLYWAY_CONNECT_RETRIES value: "10" - name: FLYWAY_LOCATIONS - value: "filesystem:/flyway/sql,filesystem:/flyway/sql-test" + value: {{- if eq .Release.Namespace "dev" -}} + {{ .Values.global.secrets.flywayLocations.dev }} + {{- else if eq .Release.Namespace "test" -}} + {{ .Values.global.secrets.flywayLocations.test }} + {{- else if eq .Release.Namespace "prod" -}} + {{ .Values.global.secrets.flywayLocations.prod }} + {{- else -}} + "filesystem:./migrations/sql" + {{- end }} resources: limits: cpu: 200m diff --git a/charts/app/values.yaml b/charts/app/values.yaml index 24e60098c..e13b33d53 100644 --- a/charts/app/values.yaml +++ b/charts/app/values.yaml @@ -48,6 +48,10 @@ global: keycloakClientId: ~ caseManagementApiUrl: ~ postgresqlEnableLogging: "false" + flwayLocations: + dev: "filesystem:./migrations/sql-dev, filesystem:./migrations/test-only-migrations" + test: "filesystem:./migrations/sql-dev, filesystem:./migrations/test-only-migrations" + prod: "filesystem:./migrations/sql-dev" #-- domain of the application, it is required, apps.silver.devops.gov.bc.ca for silver cluster and apps.devops.gov.bc.ca for gold cluster domain: "apps.silver.devops.gov.bc.ca" # it is apps.gold.devops.gov.bc.ca for gold cluster diff --git a/frontend/openshift.deploy.yml b/frontend/openshift.deploy.yml deleted file mode 100644 index 8ca1e3932..000000000 --- a/frontend/openshift.deploy.yml +++ /dev/null @@ -1,220 +0,0 @@ -apiVersion: template.openshift.io/v1 -kind: Template -labels: - app: ${NAME}-${ZONE} - app.kubernetes.io/part-of: ${NAME}-${ZONE} -parameters: - - name: NAME - description: Module name - value: nr-compliance-enforcement - - name: COMPONENT - description: Component name - value: frontend - - name: ZONE - description: Deployment zone, e.g. pr-### or prod - required: true - - name: IMAGE_TAG - description: Image tag to use - value: latest - - name: DOMAIN - value: apps.silver.devops.gov.bc.ca - - name: CPU_REQUEST - value: "25m" - - name: MEMORY_REQUEST - value: "50Mi" - - name: CPU_LIMIT - value: "50m" - - name: MEMORY_LIMIT - value: "100Mi" - - name: MIN_REPLICAS - description: The minimum amount of replicas for the horizontal pod autoscaler. - value: "3" - - name: MAX_REPLICAS - description: The maximum amount of replicas for the horizontal pod autoscaler. - value: "5" - - name: REGISTRY - description: Container registry to import from (internal is image-registry.openshift-image-registry.svc:5000) - value: ghcr.io - - name: PROMOTE - description: Image (namespace/name:tag) to promote/import - value: bcgov/nr-compliance-enforcement/frontend:prod - - name: KEYCLOAK_URL - description: Keycloak auth url - value: https://dev.loginproxy.gov.bc.ca/auth - - name: COMS_URL - description: COMS URL - value: https://coms-dev.api.gov.bc.ca/api/v1 - - name: COMS_BUCKET - description: COMS BUCKET - value: "b105c416-21cd-44fa-8f5b-175d6ca56e93" - - name: LOG_LEVEL - description: Caddy logging level DEBUG, INFO, WARN, ERROR, PANIC, and FATAL (https://github.com/caddyserver/caddy/blob/master/logging.go) - value: "info" - - name: SHOW_EXPERIMENTAL_FEATURES - description: Hides or shows experimental features - value: "false" - - name: ENVIRONMENT_NAME - description: Used to show a banner in the dev and test environments - value: "production" -objects: - - apiVersion: v1 - kind: ImageStream - metadata: - labels: - app: ${NAME}-${ZONE} - name: ${NAME}-${ZONE}-${COMPONENT} - spec: - lookupPolicy: - local: false - tags: - - name: ${IMAGE_TAG} - from: - kind: DockerImage - name: ${REGISTRY}/${PROMOTE} - referencePolicy: - type: Local - - - apiVersion: v1 - kind: DeploymentConfig - metadata: - labels: - app: ${NAME}-${ZONE} - name: ${NAME}-${ZONE}-${COMPONENT} - spec: - replicas: 1 - triggers: - - type: ConfigChange - - type: ImageChange - imageChangeParams: - automatic: true - containerNames: - - ${NAME} - from: - kind: ImageStreamTag - name: ${NAME}-${ZONE}-${COMPONENT}:${IMAGE_TAG} - selector: - deploymentconfig: ${NAME}-${ZONE}-${COMPONENT} - strategy: - type: Rolling - template: - metadata: - labels: - app: ${NAME}-${ZONE} - deploymentconfig: ${NAME}-${ZONE}-${COMPONENT} - spec: - containers: - - image: ${NAME}-${ZONE}-${COMPONENT}:${IMAGE_TAG} - securityContext: - capabilities: - add: ["NET_BIND_SERVICE"] - imagePullPolicy: Always - name: ${NAME} - env: - - name: BACKEND_URL - value: http://${NAME}-${ZONE}-backend - - name: KEYCLOAK_URL - valueFrom: - secretKeyRef: - name: react-app - key: keycloak-url - - name: COMS_URL - valueFrom: - secretKeyRef: - name: react-app - key: coms-url - - name: COMS_BUCKET - valueFrom: - secretKeyRef: - name: react-app - key: coms-bucket - - name: LOG_LEVEL - valueFrom: - secretKeyRef: - name: react-app - key: log-level - - name: SHOW_EXPERIMENTAL_FEATURES - valueFrom: - secretKeyRef: - name: react-app - key: show-experimental-features - - name: ENVIRONMENT_NAME - value: ${ENVIRONMENT_NAME} - ports: - - containerPort: 3000 - protocol: TCP - resources: - requests: - cpu: ${CPU_REQUEST} - memory: ${MEMORY_REQUEST} - limits: - cpu: ${CPU_LIMIT} - memory: ${MEMORY_LIMIT} - readinessProbe: - httpGet: - path: /health - port: 3001 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 2 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 30 - livenessProbe: - successThreshold: 1 - failureThreshold: 3 - httpGet: - path: /health - port: 3001 - scheme: HTTP - initialDelaySeconds: 30 - periodSeconds: 30 - timeoutSeconds: 5 - - apiVersion: v1 - kind: Service - metadata: - labels: - app: ${NAME}-${ZONE} - name: ${NAME}-${ZONE}-${COMPONENT} - spec: - ports: - - name: 3000-tcp - protocol: TCP - port: 80 - targetPort: 3000 - selector: - deploymentconfig: ${NAME}-${ZONE}-${COMPONENT} - - apiVersion: route.openshift.io/v1 - kind: Route - metadata: - labels: - app: ${NAME}-${ZONE} - name: ${NAME}-${ZONE}-${COMPONENT} - spec: - host: ${NAME}-${ZONE}-${COMPONENT}.${DOMAIN} - port: - targetPort: 3000-tcp - to: - kind: Service - name: ${NAME}-${ZONE}-${COMPONENT} - weight: 100 - tls: - termination: edge - insecureEdgeTerminationPolicy: Redirect - - apiVersion: autoscaling/v2 - kind: HorizontalPodAutoscaler - metadata: - name: ${NAME}-${ZONE}-${COMPONENT} - spec: - scaleTargetRef: - apiVersion: apps.openshift.io/v1 - kind: DeploymentConfig - name: ${NAME}-${ZONE}-${COMPONENT} - minReplicas: ${{MIN_REPLICAS}} - maxReplicas: ${{MAX_REPLICAS}} - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: 100 diff --git a/webeoc/openshift.deploy.yml b/webeoc/openshift.deploy.yml deleted file mode 100644 index 4194fff3b..000000000 --- a/webeoc/openshift.deploy.yml +++ /dev/null @@ -1,200 +0,0 @@ -apiVersion: template.openshift.io/v1 -kind: Template -labels: - app: ${NAME}-${ZONE} - app.kubernetes.io/part-of: ${NAME}-${ZONE} -parameters: - - name: NAME - description: Module name - value: nr-compliance-enforcement - - name: COMPONENT - description: Component name - value: webeoc - - name: ZONE - description: Deployment zone, e.g. pr-### or prod - required: true - - name: IMAGE_TAG - description: Image tag to use - value: latest - - name: DOMAIN - value: apps.silver.devops.gov.bc.ca - - name: CPU_REQUEST - value: "40m" - - name: MEMORY_REQUEST - value: "75Mi" - - name: CPU_LIMIT - value: "80m" - - name: MEMORY_LIMIT - value: "150Mi" - - name: MIN_REPLICAS - description: The minimum amount of replicas for the horizontal pod autoscaler. - value: "2" - - name: MAX_REPLICAS - description: The maximum amount of replicas for the horizontal pod autoscaler. - value: "3" - - name: REGISTRY - description: Container registry to import from (internal is image-registry.openshift-image-registry.svc:5000) - value: ghcr.io - - name: PROMOTE - description: Image (namespace/name:tag) to promote/import - value: bcgov/nr-compliance-enforcement/webeoc:prod -objects: - - apiVersion: v1 - kind: ImageStream - metadata: - labels: - app: ${NAME}-${ZONE} - name: ${NAME}-${ZONE}-${COMPONENT} - spec: - lookupPolicy: - local: false - tags: - - name: ${IMAGE_TAG} - from: - kind: DockerImage - name: ${REGISTRY}/${PROMOTE} - referencePolicy: - type: Local - - apiVersion: v1 - kind: DeploymentConfig - metadata: - labels: - app: ${NAME}-${ZONE} - name: ${NAME}-${ZONE}-${COMPONENT} - spec: - replicas: 1 - triggers: - - type: ConfigChange - - type: ImageChange - imageChangeParams: - automatic: true - containerNames: - - ${NAME} - from: - kind: ImageStreamTag - name: ${NAME}-${ZONE}-${COMPONENT}:${IMAGE_TAG} - selector: - deploymentconfig: ${NAME}-${ZONE}-${COMPONENT} - strategy: - type: Rolling - template: - metadata: - labels: - app: ${NAME}-${ZONE} - deploymentconfig: ${NAME}-${ZONE}-${COMPONENT} - spec: - containers: - - image: ${NAME}-${ZONE}-${COMPONENT}:${IMAGE_TAG} - imagePullPolicy: Always - name: ${NAME} - env: - - name: NODE_TLS_REJECT_UNAUTHORIZED - value: "0" - - name: NATS_HOST - value: nats://${NAME}-${ZONE}-nats:4222 - - name: COMPLAINTS_MANAGEMENT_API_URL - value: https://${NAME}-${ZONE}-frontend.${DOMAIN}/api/v1 - - name: COMPLAINTS_API_KEY - valueFrom: - secretKeyRef: - name: webeoc - key: complaints-api-key - - name: WEBEOC_USERNAME - valueFrom: - secretKeyRef: - name: webeoc - key: webeoc-username - - name: WEBEOC_PASSWORD - valueFrom: - secretKeyRef: - name: webeoc - key: webeoc-password - - name: WEBEOC_POSITION - valueFrom: - secretKeyRef: - name: webeoc - key: webeoc-position - - name: WEBEOC_INCIDENT - valueFrom: - secretKeyRef: - name: webeoc - key: webeoc-incident - - name: WEBEOC_URL - valueFrom: - secretKeyRef: - name: webeoc - key: webeoc-url - - name: WEBEOC_COMPLAINT_HISTORY_SECONDS - valueFrom: - secretKeyRef: - name: webeoc - key: webeoc-complaint-history-seconds - - name: WEBEOC_CRON_EXPRESSION - valueFrom: - secretKeyRef: - name: webeoc - key: webeoc-cron-expression - ports: - - containerPort: 3002 - protocol: TCP - resources: - requests: - cpu: ${CPU_REQUEST} - memory: ${MEMORY_REQUEST} - limits: - cpu: ${CPU_LIMIT} - memory: ${MEMORY_LIMIT} - readinessProbe: - exec: - command: - - /usr/bin/env - - bash - - -c - - ls - initialDelaySeconds: 60 - periodSeconds: 15 - timeoutSeconds: 15 - livenessProbe: - successThreshold: 1 - failureThreshold: 3 - exec: - command: - - /usr/bin/env - - bash - - -c - - ls - initialDelaySeconds: 60 - periodSeconds: 30 - timeoutSeconds: 15 - - apiVersion: v1 - kind: Service - metadata: - labels: - app: ${NAME}-${ZONE} - name: ${NAME}-${ZONE}-${COMPONENT} - spec: - ports: - - name: 3002-tcp - protocol: TCP - port: 80 - targetPort: 3002 - selector: - deploymentconfig: ${NAME}-${ZONE}-${COMPONENT} - - apiVersion: autoscaling/v2 - kind: HorizontalPodAutoscaler - metadata: - name: ${NAME}-${ZONE}-${COMPONENT} - spec: - scaleTargetRef: - apiVersion: apps.openshift.io/v1 - kind: DeploymentConfig - name: ${NAME}-${ZONE}-${COMPONENT} - minReplicas: ${{MIN_REPLICAS}} - maxReplicas: ${{MAX_REPLICAS}} - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: 100