DBC22-1141

Updated HELM charts to release to dev
Updated github actions so they are now available for all the new

.github/workflows/dev.yml

@@ -9,7 +9,10 @@ jobs:
   build-static:
     runs-on: ubuntu-latest
     name: Build & Deploy Docker Static images
-    environment: dev
+    environment: 
+      name: dev
+      url: https://dev-drivebc.apps.silver.devops.gov.bc.ca
+
 
     steps:
     - name: checkout code
@@ -20,10 +23,10 @@ jobs:
       with:
         context: .
         layers: true
-        image: static
+        image: dev-static
         tags: latest ${{ github.sha }}
         labels: |
-          app=drivebc
+          app=dev-drivebc
         containerfiles: ./compose/frontend/StaticBuild
         build-args: |
           API_HOST=${{ vars.API_HOST }}
@@ -40,7 +43,7 @@ jobs:
     - name: push to registry
       uses: redhat-actions/push-to-registry@v2.7
       with:
-        image: static
+        image: dev-static
         registry: ${{ secrets.REGISTRY }}
         username: ${{ secrets.BUILDER_USERNAME }}
         password: ${{ secrets.BUILDER_TOKEN }}
@@ -56,17 +59,17 @@ jobs:
     - name: build backend
       uses: redhat-actions/buildah-build@v2
       with:
-        image: django
+        image: dev-django
         tags: latest ${{ github.sha }}
         labels: |
-          app=drivebc
+          app=dev-drivebc
         containerfiles: ./compose/backend/Dockerfile
         build-args:
           DEBUG_BUILD=true
     - name: push to registry
       uses: redhat-actions/push-to-registry@v2.7
       with:
-        image: django
+        image: dev-django
         registry: ${{ secrets.REGISTRY }}
         username: ${{ secrets.BUILDER_USERNAME }}
         password: ${{ secrets.BUILDER_TOKEN }}

.github/workflows/prod.yml

@@ -0,0 +1,73 @@
+name: Deploy main to prod
+
+on:
+  workflow_dispatch:
+
+
+jobs:
+
+  build-static:
+    runs-on: ubuntu-latest
+    name: Build & Deploy Docker Static images
+    environment: prod
+
+    steps:
+    - name: checkout code
+      uses: actions/checkout@v3
+
+    - name: build static
+      uses: redhat-actions/buildah-build@v2
+      with:
+        context: .
+        layers: true
+        image: prod-static
+        tags: latest ${{ github.sha }}
+        labels: |
+          app=prod-drivebc
+        containerfiles: ./compose/frontend/StaticBuild
+        build-args: |
+          API_HOST=${{ vars.API_HOST }}
+          BASE_MAP=${{ vars.BASE_MAP }}
+          MAP_STYLE=${{ vars.MAP_STYLE }}
+          HIGHWAY_LAYER=${{ vars.HIGHWAY_LAYER }}
+          OPEN511_LAYER=${{ vars.OPEN511_LAYER }}
+          REPLAY_THE_DAY=${{ vars.REPLAY_THE_DAY }}
+          ROUTE_PLANNER=${{ vars.ROUTE_PLANNER }}
+          ROUTE_PLANNER_KEY=${{ vars.ROUTE_PLANNER_KEY }}
+          GEOCODER_HOST=${{ vars.GEOCODER_HOST }}
+          GEOCODER_API_AUTH_KEY=${{ vars.GEOCODER_API_AUTH_KEY }}
+          DEBUG_BUILD=false
+    - name: push to registry
+      uses: redhat-actions/push-to-registry@v2.7
+      with:
+        image: prod-static
+        registry: ${{ secrets.REGISTRY }}
+        username: ${{ secrets.BUILDER_USERNAME }}
+        password: ${{ secrets.BUILDER_TOKEN }}
+
+  build-backend:
+    runs-on: ubuntu-latest
+    name: Build & Deploy Docker backend images
+    environment: prod
+
+    steps:
+    - name: checkout code
+      uses: actions/checkout@v3
+
+    - name: build backend
+      uses: redhat-actions/buildah-build@v2
+      with:
+        image: prod-django
+        tags: latest ${{ github.sha }}
+        labels: |
+          app=prod-drivebc
+        containerfiles: ./compose/backend/Dockerfile
+        build-args:
+          DEBUG_BUILD=false
+    - name: push to registry
+      uses: redhat-actions/push-to-registry@v2.7
+      with:
+        image: prod-django
+        registry: ${{ secrets.REGISTRY }}
+        username: ${{ secrets.BUILDER_USERNAME }}
+        password: ${{ secrets.BUILDER_TOKEN }}

.github/workflows/test.yml

@@ -21,10 +21,10 @@ jobs:
       with:
         context: .
         layers: true
-        image: static
+        image: test-static
         tags: latest ${{ github.sha }}
         labels: |
-          app=drivebc
+          app=test-drivebc
         containerfiles: ./compose/frontend/StaticBuild
         build-args: |
           API_HOST=${{ vars.API_HOST }}
@@ -41,7 +41,7 @@ jobs:
     - name: push to registry
       uses: redhat-actions/push-to-registry@v2.7
       with:
-        image: static
+        image: test-static
         registry: ${{ secrets.REGISTRY }}
         username: ${{ secrets.BUILDER_USERNAME }}
         password: ${{ secrets.BUILDER_TOKEN }}
@@ -58,17 +58,17 @@ jobs:
     - name: build backend
       uses: redhat-actions/buildah-build@v2
       with:
-        image: django
+        image: test-django
         tags: latest ${{ github.sha }}
         labels: |
-          app=drivebc
+          app=test-drivebc
         containerfiles: ./compose/backend/Dockerfile
         build-args:
           DEBUG_BUILD=true
     - name: push to registry
       uses: redhat-actions/push-to-registry@v2.7
       with:
-        image: django
+        image: test-django
         registry: ${{ secrets.REGISTRY }}
         username: ${{ secrets.BUILDER_USERNAME }}
         password: ${{ secrets.BUILDER_TOKEN }}

.github/workflows/uat.yml

@@ -1,8 +1,9 @@
-name: Deploy to UAT
+name: Deploy main to uat
 
 on:
   workflow_dispatch:
 
+
 jobs:
 
   build-static:

.github/workflows/zapscan.yml

@@ -13,5 +13,5 @@ jobs:
       - name: ZAP Scan
         uses: zaproxy/action-full-scan@v0.7.0
         with:
-          target: "https://drivebc-frontend-c59ecc-dev.apps.silver.devops.gov.bc.ca/"
+          target: "https://dev-drivebc.apps.silver.devops.gov.bc.ca/"
 #          rules_file_name: ".zap/rules.tsv"

infrastructure/_django/templates/django-route.yaml

@@ -3,6 +3,10 @@ kind: Route
 metadata:
   name: {{ template "app.fullname" . }}-backend
   labels: {{ include "app.labels" . | nindent 4 }}
+{{ if .Values.route.iprestricted }}
+  annotations:
+    haproxy.router.openshift.io/ip_whitelist: {{ .Values.route.ipallowlist  }}
+{{ end }}
 spec:
   to:
     kind: Service
@@ -13,4 +17,28 @@ spec:
     termination: edge
     insecureEdgeTerminationPolicy: Redirect
   wildcardPolicy: None
-  host: {{ .Values.route.host  }}
+  host: {{ .Values.route.host  }}
+  path: {{ .Values.route.backendpath  }}
+
+---
+apiVersion: route.openshift.io/v1
+kind: Route
+metadata:
+  name: {{ template "app.fullname" . }}-api
+  labels: {{ include "app.labels" . | nindent 4 }}
+{{ if .Values.route.iprestricted }}
+  annotations:
+    haproxy.router.openshift.io/ip_whitelist: {{ .Values.route.ipallowlist  }}
+{{ end }}
+spec:
+  to:
+    kind: Service
+    name: {{ template "app.fullname" . }}
+  port:
+    targetPort: 80-tcp
+  tls:
+    termination: edge
+    insecureEdgeTerminationPolicy: Redirect
+  wildcardPolicy: None
+  host: {{ .Values.route.host  }}
+  path: {{ .Values.route.apipath  }}

infrastructure/_django/values.yaml

@@ -1,5 +1,5 @@
-fullnameOverride: dev-django
-namespace: c59ecc-tools #enter the full namespace here to the deployment has the correct imagestream
+fullnameOverride: 
+namespace:  #enter the full namespace here to the deployment has the correct imagestream
 
 
 deployment:
@@ -18,7 +18,11 @@ deployment:
     djangoSecret: dev-drivebc-django
 
 route:
-  host: dev-drivebc-backend.apps.silver.devops.gov.bc.ca
+  host: drivebc.apps.silver.devops.gov.bc.ca
+  backendpath: /backend/ #must be surrounded by /
+  apipath: /api/ #must be surrounded by /
+  iprestricted: true #Set to true if you want to limit IP's the the addresses in the ipallowlist below
+  ipallowlist: 142.34.53.0/24 142.22.0.0/15 142.24.0.0/13 142.32.0.0/13 208.181.128.46/32 #The first 4 ranges are GOV IP's, the last one is for OXD external IP
 
 pvc:
   port: 3000

infrastructure/_image-caching/templates/caching-route.yaml

@@ -1,15 +1,44 @@
 apiVersion: route.openshift.io/v1
 kind: Route
 metadata:
-  name: {{ template "app.fullname" . }}
+  name: {{ template "app.fullname" . }}-webcam
   labels: {{ include "app.labels" . | nindent 4 }}
+{{ if .Values.route.iprestricted }}
+  annotations:
+    haproxy.router.openshift.io/ip_whitelist: {{ .Values.route.ipallowlist  }}
+{{ end }}
 spec:
   to:
     kind: Service
     name: {{ template "app.fullname" . }}
     weight: 100
   port:
     targetPort: nginx
+  tls:
+    termination: edge  
   host: {{ .Values.route.host  }}
+  path: {{ .Values.route.webcamPath  }}
+
+
+---
+
+apiVersion: route.openshift.io/v1
+kind: Route
+metadata:
+  name: {{ template "app.fullname" . }}-replaytheday
+  labels: {{ include "app.labels" . | nindent 4 }}
+{{ if .Values.route.iprestricted }}
+  annotations:
+    haproxy.router.openshift.io/ip_whitelist: {{ .Values.route.ipallowlist  }}
+{{ end }}
+spec:
+  to:
+    kind: Service
+    name: {{ template "app.fullname" . }}
+    weight: 100
+  port:
+    targetPort: nginx
   tls:
-    termination: edge  
+    termination: edge  
+  host: {{ .Values.route.host  }}
+  path: {{ .Values.route.replayTheDayPath  }}

infrastructure/_image-caching/values.yaml

@@ -16,4 +16,8 @@ deployment:
 
 route:
   host: 
+  iprestricted: true #Set to true if you want to limit IP's the the addresses in the ipallowlist below
+  ipallowlist: 142.34.53.0/24 142.22.0.0/15 142.24.0.0/13 142.32.0.0/13 208.181.128.46/32 #The first 4 ranges are GOV IP's, the last one is for OXD external IP
+  webcamPath:
+  replayTheDayPath:
 

infrastructure/_redis/templates/redis-imageStream.yaml

@@ -8,4 +8,4 @@ spec:
     - name: latest
       from:
         kind: DockerImage
-        name: redis
+        name: redis:7

infrastructure/_static/templates/static-route.yaml

@@ -3,6 +3,10 @@ kind: Route
 metadata:
   name: {{ template "app.fullname" . }}-frontend
   labels: {{ include "app.labels" . | nindent 4 }}
+{{ if .Values.route.iprestricted }}
+  annotations:
+    haproxy.router.openshift.io/ip_whitelist: {{ .Values.route.ipallowlist  }}
+{{ end }}
 spec:
   host: {{ .Values.route.host  }} 
   to:

infrastructure/_static/values.yaml

@@ -14,4 +14,6 @@ deployment:
       memory: 128Mi
 
 route:
-  host: dev-drivebc-frontend.apps.silver.devops.gov.bc.ca
+  host: drivebc.apps.silver.devops.gov.bc.ca
+  iprestricted: true #Set to true if you want to limit IP's the the addresses in the ipallowlist below
+  ipallowlist: 142.34.53.0/24 142.22.0.0/15 142.24.0.0/13 142.32.0.0/13 208.181.128.46/32 #The first 4 ranges are GOV IP's, the last one is for OXD external IP

infrastructure/_tasks/values.yaml

@@ -1,9 +1,9 @@
-fullnameOverride: dev-tasks
-namespace: c59ecc-tools #enter the full namespace here to the deployment has the correct imagestream
+fullnameOverride: tasks
+namespace:  #enter the full namespace here to the deployment has the correct imagestream
 
 
 deployment:
-  djangoImageName: dev-django #by default use the image from the ImageStream
+  djangoImageName:  #by default use the image from the ImageStream
   replicas: 1
   resources:
     requests:

infrastructure/charts/init/values-dev.yaml

@@ -0,0 +1,4 @@
+fullnameOverride: dev-drivebc #By default it will use the name you assign the helm chart. Since we are running
+#this separatly from the main Helm Chart with all dependencies we set this value to match.
+
+networkPolicyRequired: false  #Set to true if you need the allow traffic between pods and internet ingress setup

infrastructure/charts/init/values-prod.yaml

@@ -0,0 +1,4 @@
+fullnameOverride: prod-drivebc #By default it will use the name you assign the helm chart. Since we are running
+#this separatly from the main Helm Chart with all dependencies we set this value to match.
+
+networkPolicyRequired: false  #Set to true if you need the allow traffic between pods and internet ingress setup. Get's used when doing the init.

infrastructure/charts/init/values-test.yaml

@@ -0,0 +1,4 @@
+fullnameOverride: test-drivebc #By default it will use the name you assign the helm chart. Since we are running
+#this separatly from the main Helm Chart with all dependencies we set this value to match.
+
+networkPolicyRequired: false  #Set to true if you need the allow traffic between pods and internet ingress setup

infrastructure/charts/init/values-uat.yaml

@@ -0,0 +1,4 @@
+fullnameOverride: uat-drivebc #By default it will use the name you assign the helm chart. Since we are running
+#this separatly from the main Helm Chart with all dependencies we set this value to match.
+
+networkPolicyRequired: false  #Set to true if you need the allow traffic between pods and internet ingress setup

infrastructure/crunchy-postgres/values-dev.yaml

@@ -34,7 +34,7 @@ pgBackRest:
   repos:
     schedules:
       full: 0 8 * * *
-      incremental: 0,30 * * * * #set this to every 30 min to reduce chance of WAL log issues
+      incremental: 15,45 * * * * #set this to every 30 min to reduce chance of WAL log issues
     volume:
       accessModes: "ReadWriteOnce"
       storage: 2Gi

infrastructure/crunchy-postgres/values-prod.yaml

@@ -34,7 +34,7 @@ pgBackRest:
   repos:
     schedules:
       full: 0 8 * * *
-      incremental: 0,15,30,45 * * * * #set this to every 15 min to reduce chance of WAL log issues
+      incremental: 15,45 * * * * #set this to every 30 min to reduce chance of WAL log issues
     volume:
       accessModes: "ReadWriteOnce"
       storage: 2Gi