diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml index 3ba7d1b20..0fc4695d1 100644 --- a/.github/workflows/dev.yml +++ b/.github/workflows/dev.yml @@ -9,7 +9,10 @@ jobs: build-static: runs-on: ubuntu-latest name: Build & Deploy Docker Static images - environment: dev + environment: + name: dev + url: https://dev-drivebc.apps.silver.devops.gov.bc.ca + steps: - name: checkout code @@ -20,10 +23,10 @@ jobs: with: context: . layers: true - image: static + image: dev-static tags: latest ${{ github.sha }} labels: | - app=drivebc + app=dev-drivebc containerfiles: ./compose/frontend/StaticBuild build-args: | API_HOST=${{ vars.API_HOST }} @@ -40,7 +43,7 @@ jobs: - name: push to registry uses: redhat-actions/push-to-registry@v2.7 with: - image: static + image: dev-static registry: ${{ secrets.REGISTRY }} username: ${{ secrets.BUILDER_USERNAME }} password: ${{ secrets.BUILDER_TOKEN }} @@ -56,17 +59,17 @@ jobs: - name: build backend uses: redhat-actions/buildah-build@v2 with: - image: django + image: dev-django tags: latest ${{ github.sha }} labels: | - app=drivebc + app=dev-drivebc containerfiles: ./compose/backend/Dockerfile build-args: DEBUG_BUILD=true - name: push to registry uses: redhat-actions/push-to-registry@v2.7 with: - image: django + image: dev-django registry: ${{ secrets.REGISTRY }} username: ${{ secrets.BUILDER_USERNAME }} password: ${{ secrets.BUILDER_TOKEN }} diff --git a/.github/workflows/prod.yml b/.github/workflows/prod.yml new file mode 100644 index 000000000..f25698e47 --- /dev/null +++ b/.github/workflows/prod.yml @@ -0,0 +1,73 @@ +name: Deploy main to prod + +on: + workflow_dispatch: + + +jobs: + + build-static: + runs-on: ubuntu-latest + name: Build & Deploy Docker Static images + environment: prod + + steps: + - name: checkout code + uses: actions/checkout@v3 + + - name: build static + uses: redhat-actions/buildah-build@v2 + with: + context: . + layers: true + image: prod-static + tags: latest ${{ github.sha }} + labels: | + app=prod-drivebc + containerfiles: ./compose/frontend/StaticBuild + build-args: | + API_HOST=${{ vars.API_HOST }} + BASE_MAP=${{ vars.BASE_MAP }} + MAP_STYLE=${{ vars.MAP_STYLE }} + HIGHWAY_LAYER=${{ vars.HIGHWAY_LAYER }} + OPEN511_LAYER=${{ vars.OPEN511_LAYER }} + REPLAY_THE_DAY=${{ vars.REPLAY_THE_DAY }} + ROUTE_PLANNER=${{ vars.ROUTE_PLANNER }} + ROUTE_PLANNER_KEY=${{ vars.ROUTE_PLANNER_KEY }} + GEOCODER_HOST=${{ vars.GEOCODER_HOST }} + GEOCODER_API_AUTH_KEY=${{ vars.GEOCODER_API_AUTH_KEY }} + DEBUG_BUILD=false + - name: push to registry + uses: redhat-actions/push-to-registry@v2.7 + with: + image: prod-static + registry: ${{ secrets.REGISTRY }} + username: ${{ secrets.BUILDER_USERNAME }} + password: ${{ secrets.BUILDER_TOKEN }} + + build-backend: + runs-on: ubuntu-latest + name: Build & Deploy Docker backend images + environment: prod + + steps: + - name: checkout code + uses: actions/checkout@v3 + + - name: build backend + uses: redhat-actions/buildah-build@v2 + with: + image: prod-django + tags: latest ${{ github.sha }} + labels: | + app=prod-drivebc + containerfiles: ./compose/backend/Dockerfile + build-args: + DEBUG_BUILD=false + - name: push to registry + uses: redhat-actions/push-to-registry@v2.7 + with: + image: prod-django + registry: ${{ secrets.REGISTRY }} + username: ${{ secrets.BUILDER_USERNAME }} + password: ${{ secrets.BUILDER_TOKEN }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 929fa335e..e8f987af0 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -21,10 +21,10 @@ jobs: with: context: . layers: true - image: static + image: test-static tags: latest ${{ github.sha }} labels: | - app=drivebc + app=test-drivebc containerfiles: ./compose/frontend/StaticBuild build-args: | API_HOST=${{ vars.API_HOST }} @@ -41,7 +41,7 @@ jobs: - name: push to registry uses: redhat-actions/push-to-registry@v2.7 with: - image: static + image: test-static registry: ${{ secrets.REGISTRY }} username: ${{ secrets.BUILDER_USERNAME }} password: ${{ secrets.BUILDER_TOKEN }} @@ -58,17 +58,17 @@ jobs: - name: build backend uses: redhat-actions/buildah-build@v2 with: - image: django + image: test-django tags: latest ${{ github.sha }} labels: | - app=drivebc + app=test-drivebc containerfiles: ./compose/backend/Dockerfile build-args: DEBUG_BUILD=true - name: push to registry uses: redhat-actions/push-to-registry@v2.7 with: - image: django + image: test-django registry: ${{ secrets.REGISTRY }} username: ${{ secrets.BUILDER_USERNAME }} password: ${{ secrets.BUILDER_TOKEN }} diff --git a/.github/workflows/uat.yml b/.github/workflows/uat.yml index 25f62fa16..6fed1a0b2 100644 --- a/.github/workflows/uat.yml +++ b/.github/workflows/uat.yml @@ -1,8 +1,9 @@ -name: Deploy to UAT +name: Deploy main to uat on: workflow_dispatch: + jobs: build-static: diff --git a/.github/workflows/zapscan.yml b/.github/workflows/zapscan.yml index fae98913c..697e866c8 100644 --- a/.github/workflows/zapscan.yml +++ b/.github/workflows/zapscan.yml @@ -13,5 +13,5 @@ jobs: - name: ZAP Scan uses: zaproxy/action-full-scan@v0.7.0 with: - target: "https://drivebc-frontend-c59ecc-dev.apps.silver.devops.gov.bc.ca/" + target: "https://dev-drivebc.apps.silver.devops.gov.bc.ca/" # rules_file_name: ".zap/rules.tsv" diff --git a/infrastructure/_django/templates/django-route.yaml b/infrastructure/_django/templates/django-route.yaml index ada3d8bca..3da22ec65 100644 --- a/infrastructure/_django/templates/django-route.yaml +++ b/infrastructure/_django/templates/django-route.yaml @@ -3,6 +3,10 @@ kind: Route metadata: name: {{ template "app.fullname" . }}-backend labels: {{ include "app.labels" . | nindent 4 }} +{{ if .Values.route.iprestricted }} + annotations: + haproxy.router.openshift.io/ip_whitelist: {{ .Values.route.ipallowlist }} +{{ end }} spec: to: kind: Service @@ -13,4 +17,28 @@ spec: termination: edge insecureEdgeTerminationPolicy: Redirect wildcardPolicy: None - host: {{ .Values.route.host }} \ No newline at end of file + host: {{ .Values.route.host }} + path: {{ .Values.route.backendpath }} + +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ template "app.fullname" . }}-api + labels: {{ include "app.labels" . | nindent 4 }} +{{ if .Values.route.iprestricted }} + annotations: + haproxy.router.openshift.io/ip_whitelist: {{ .Values.route.ipallowlist }} +{{ end }} +spec: + to: + kind: Service + name: {{ template "app.fullname" . }} + port: + targetPort: 80-tcp + tls: + termination: edge + insecureEdgeTerminationPolicy: Redirect + wildcardPolicy: None + host: {{ .Values.route.host }} + path: {{ .Values.route.apipath }} \ No newline at end of file diff --git a/infrastructure/_django/values.yaml b/infrastructure/_django/values.yaml index f02fd6bda..812e66243 100644 --- a/infrastructure/_django/values.yaml +++ b/infrastructure/_django/values.yaml @@ -1,5 +1,5 @@ -fullnameOverride: dev-django -namespace: c59ecc-tools #enter the full namespace here to the deployment has the correct imagestream +fullnameOverride: +namespace: #enter the full namespace here to the deployment has the correct imagestream deployment: @@ -18,7 +18,11 @@ deployment: djangoSecret: dev-drivebc-django route: - host: dev-drivebc-backend.apps.silver.devops.gov.bc.ca + host: drivebc.apps.silver.devops.gov.bc.ca + backendpath: /backend/ #must be surrounded by / + apipath: /api/ #must be surrounded by / + iprestricted: true #Set to true if you want to limit IP's the the addresses in the ipallowlist below + ipallowlist: 142.34.53.0/24 142.22.0.0/15 142.24.0.0/13 142.32.0.0/13 208.181.128.46/32 #The first 4 ranges are GOV IP's, the last one is for OXD external IP pvc: port: 3000 diff --git a/infrastructure/_image-caching/templates/caching-route.yaml b/infrastructure/_image-caching/templates/caching-route.yaml index ca2f59844..7ed65f8f4 100644 --- a/infrastructure/_image-caching/templates/caching-route.yaml +++ b/infrastructure/_image-caching/templates/caching-route.yaml @@ -1,8 +1,12 @@ apiVersion: route.openshift.io/v1 kind: Route metadata: - name: {{ template "app.fullname" . }} + name: {{ template "app.fullname" . }}-webcam labels: {{ include "app.labels" . | nindent 4 }} +{{ if .Values.route.iprestricted }} + annotations: + haproxy.router.openshift.io/ip_whitelist: {{ .Values.route.ipallowlist }} +{{ end }} spec: to: kind: Service @@ -10,6 +14,31 @@ spec: weight: 100 port: targetPort: nginx + tls: + termination: edge host: {{ .Values.route.host }} + path: {{ .Values.route.webcamPath }} + + +--- + +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ template "app.fullname" . }}-replaytheday + labels: {{ include "app.labels" . | nindent 4 }} +{{ if .Values.route.iprestricted }} + annotations: + haproxy.router.openshift.io/ip_whitelist: {{ .Values.route.ipallowlist }} +{{ end }} +spec: + to: + kind: Service + name: {{ template "app.fullname" . }} + weight: 100 + port: + targetPort: nginx tls: - termination: edge \ No newline at end of file + termination: edge + host: {{ .Values.route.host }} + path: {{ .Values.route.replayTheDayPath }} \ No newline at end of file diff --git a/infrastructure/_image-caching/values.yaml b/infrastructure/_image-caching/values.yaml index 838a50f14..92cce7b1f 100644 --- a/infrastructure/_image-caching/values.yaml +++ b/infrastructure/_image-caching/values.yaml @@ -16,4 +16,8 @@ deployment: route: host: + iprestricted: true #Set to true if you want to limit IP's the the addresses in the ipallowlist below + ipallowlist: 142.34.53.0/24 142.22.0.0/15 142.24.0.0/13 142.32.0.0/13 208.181.128.46/32 #The first 4 ranges are GOV IP's, the last one is for OXD external IP + webcamPath: + replayTheDayPath: diff --git a/infrastructure/_redis/templates/redis-imageStream.yaml b/infrastructure/_redis/templates/redis-imageStream.yaml index 7eeb60bc0..77f5aba12 100644 --- a/infrastructure/_redis/templates/redis-imageStream.yaml +++ b/infrastructure/_redis/templates/redis-imageStream.yaml @@ -8,4 +8,4 @@ spec: - name: latest from: kind: DockerImage - name: redis \ No newline at end of file + name: redis:7 \ No newline at end of file diff --git a/infrastructure/_static/templates/static-route.yaml b/infrastructure/_static/templates/static-route.yaml index e7b6697a6..49ade9b55 100644 --- a/infrastructure/_static/templates/static-route.yaml +++ b/infrastructure/_static/templates/static-route.yaml @@ -3,6 +3,10 @@ kind: Route metadata: name: {{ template "app.fullname" . }}-frontend labels: {{ include "app.labels" . | nindent 4 }} +{{ if .Values.route.iprestricted }} + annotations: + haproxy.router.openshift.io/ip_whitelist: {{ .Values.route.ipallowlist }} +{{ end }} spec: host: {{ .Values.route.host }} to: diff --git a/infrastructure/_static/values.yaml b/infrastructure/_static/values.yaml index 2bc08e9de..c3118b3a0 100644 --- a/infrastructure/_static/values.yaml +++ b/infrastructure/_static/values.yaml @@ -14,4 +14,6 @@ deployment: memory: 128Mi route: - host: dev-drivebc-frontend.apps.silver.devops.gov.bc.ca + host: drivebc.apps.silver.devops.gov.bc.ca + iprestricted: true #Set to true if you want to limit IP's the the addresses in the ipallowlist below + ipallowlist: 142.34.53.0/24 142.22.0.0/15 142.24.0.0/13 142.32.0.0/13 208.181.128.46/32 #The first 4 ranges are GOV IP's, the last one is for OXD external IP diff --git a/infrastructure/_tasks/values.yaml b/infrastructure/_tasks/values.yaml index c1d723bf6..7d8c6f4e7 100644 --- a/infrastructure/_tasks/values.yaml +++ b/infrastructure/_tasks/values.yaml @@ -1,9 +1,9 @@ -fullnameOverride: dev-tasks -namespace: c59ecc-tools #enter the full namespace here to the deployment has the correct imagestream +fullnameOverride: tasks +namespace: #enter the full namespace here to the deployment has the correct imagestream deployment: - djangoImageName: dev-django #by default use the image from the ImageStream + djangoImageName: #by default use the image from the ImageStream replicas: 1 resources: requests: diff --git a/infrastructure/charts/init/values-dev.yaml b/infrastructure/charts/init/values-dev.yaml new file mode 100644 index 000000000..7c5742e5b --- /dev/null +++ b/infrastructure/charts/init/values-dev.yaml @@ -0,0 +1,4 @@ +fullnameOverride: dev-drivebc #By default it will use the name you assign the helm chart. Since we are running +#this separatly from the main Helm Chart with all dependencies we set this value to match. + +networkPolicyRequired: false #Set to true if you need the allow traffic between pods and internet ingress setup \ No newline at end of file diff --git a/infrastructure/charts/init/values-prod.yaml b/infrastructure/charts/init/values-prod.yaml new file mode 100644 index 000000000..2051626ab --- /dev/null +++ b/infrastructure/charts/init/values-prod.yaml @@ -0,0 +1,4 @@ +fullnameOverride: prod-drivebc #By default it will use the name you assign the helm chart. Since we are running +#this separatly from the main Helm Chart with all dependencies we set this value to match. + +networkPolicyRequired: false #Set to true if you need the allow traffic between pods and internet ingress setup. Get's used when doing the init. \ No newline at end of file diff --git a/infrastructure/charts/init/values-test.yaml b/infrastructure/charts/init/values-test.yaml new file mode 100644 index 000000000..104813da4 --- /dev/null +++ b/infrastructure/charts/init/values-test.yaml @@ -0,0 +1,4 @@ +fullnameOverride: test-drivebc #By default it will use the name you assign the helm chart. Since we are running +#this separatly from the main Helm Chart with all dependencies we set this value to match. + +networkPolicyRequired: false #Set to true if you need the allow traffic between pods and internet ingress setup \ No newline at end of file diff --git a/infrastructure/charts/init/values-uat.yaml b/infrastructure/charts/init/values-uat.yaml new file mode 100644 index 000000000..8eae8e607 --- /dev/null +++ b/infrastructure/charts/init/values-uat.yaml @@ -0,0 +1,4 @@ +fullnameOverride: uat-drivebc #By default it will use the name you assign the helm chart. Since we are running +#this separatly from the main Helm Chart with all dependencies we set this value to match. + +networkPolicyRequired: false #Set to true if you need the allow traffic between pods and internet ingress setup \ No newline at end of file diff --git a/infrastructure/crunchy-postgres/values-dev.yaml b/infrastructure/crunchy-postgres/values-dev.yaml index 4c760c1cc..5b2a9b3c2 100644 --- a/infrastructure/crunchy-postgres/values-dev.yaml +++ b/infrastructure/crunchy-postgres/values-dev.yaml @@ -34,7 +34,7 @@ pgBackRest: repos: schedules: full: 0 8 * * * - incremental: 0,30 * * * * #set this to every 30 min to reduce chance of WAL log issues + incremental: 15,45 * * * * #set this to every 30 min to reduce chance of WAL log issues volume: accessModes: "ReadWriteOnce" storage: 2Gi diff --git a/infrastructure/crunchy-postgres/values-prod.yaml b/infrastructure/crunchy-postgres/values-prod.yaml index 43afd56f0..461af5a30 100644 --- a/infrastructure/crunchy-postgres/values-prod.yaml +++ b/infrastructure/crunchy-postgres/values-prod.yaml @@ -34,7 +34,7 @@ pgBackRest: repos: schedules: full: 0 8 * * * - incremental: 0,15,30,45 * * * * #set this to every 15 min to reduce chance of WAL log issues + incremental: 15,45 * * * * #set this to every 30 min to reduce chance of WAL log issues volume: accessModes: "ReadWriteOnce" storage: 2Gi diff --git a/infrastructure/crunchy-postgres/values-test.yaml b/infrastructure/crunchy-postgres/values-test.yaml index f031a520f..9a912cf07 100644 --- a/infrastructure/crunchy-postgres/values-test.yaml +++ b/infrastructure/crunchy-postgres/values-test.yaml @@ -12,10 +12,10 @@ instances: storage: 2Gi storageClassName: netapp-block-standard requests: - cpu: 100m + cpu: 250m memory: 256Mi limits: - cpu: 250m + cpu: 500m memory: 512Mi replicaCertCopy: requests: @@ -34,7 +34,7 @@ pgBackRest: repos: schedules: full: 0 8 * * * - incremental: 0,30 * * * * #set this to every 30 min to reduce chance of WAL log issues + incremental: 15,45 * * * * #set this to every 30 min to reduce chance of WAL log issues volume: accessModes: "ReadWriteOnce" storage: 2Gi diff --git a/infrastructure/crunchy-postgres/values-uat.yaml b/infrastructure/crunchy-postgres/values-uat.yaml index 449740305..d1899c342 100644 --- a/infrastructure/crunchy-postgres/values-uat.yaml +++ b/infrastructure/crunchy-postgres/values-uat.yaml @@ -7,7 +7,7 @@ postGISVersion: '3.3' instances: name: ha # high availability - replicas: 3 + replicas: 2 dataVolumeClaimSpec: storage: 2Gi storageClassName: netapp-block-standard @@ -34,7 +34,7 @@ pgBackRest: repos: schedules: full: 0 8 * * * - incremental: 0,30 * * * * #set this to every 30 min to reduce chance of WAL log issues + incremental: 15,45 * * * * #set this to every 30 min to reduce chance of WAL log issues volume: accessModes: "ReadWriteOnce" storage: 2Gi diff --git a/infrastructure/init/values-prod.yaml b/infrastructure/init/values-prod.yaml index b08341c91..ac99dc8cc 100644 --- a/infrastructure/init/values-prod.yaml +++ b/infrastructure/init/values-prod.yaml @@ -1,4 +1,4 @@ fullnameOverride: prod-drivebc #By default it will use the name you assign the helm chart. Since we are running #this separatly from the main Helm Chart with all dependencies we set this value to match. -networkPolicyRequired: false #Set to yes if you need the allow traffic between pods and internet ingress setup \ No newline at end of file +networkPolicyRequired: true #Set to true if you need the allow traffic between pods and internet ingress setup \ No newline at end of file diff --git a/infrastructure/init/values-uat.yaml b/infrastructure/init/values-uat.yaml index 264b902b2..c061dbd86 100644 --- a/infrastructure/init/values-uat.yaml +++ b/infrastructure/init/values-uat.yaml @@ -1,2 +1,4 @@ -fullnameOverride: drivebc #By default it will use the name you assign the helm chart. Since we are running -#this separatly from the main Helm Chart with all dependencies we set this value to match. \ No newline at end of file +fullnameOverride: uat-drivebc #By default it will use the name you assign the helm chart. Since we are running +#this separatly from the main Helm Chart with all dependencies we set this value to match. + +networkPolicyRequired: false #Set to yes if you need the allow traffic between pods and internet ingress setup \ No newline at end of file diff --git a/infrastructure/main/charts/django-0.1.0.tgz b/infrastructure/main/charts/django-0.1.0.tgz index 43fe7a2e3..097dcc2a6 100644 Binary files a/infrastructure/main/charts/django-0.1.0.tgz and b/infrastructure/main/charts/django-0.1.0.tgz differ diff --git a/infrastructure/main/charts/image-caching-0.1.0.tgz b/infrastructure/main/charts/image-caching-0.1.0.tgz index 02075236a..153b54d85 100644 Binary files a/infrastructure/main/charts/image-caching-0.1.0.tgz and b/infrastructure/main/charts/image-caching-0.1.0.tgz differ diff --git a/infrastructure/main/charts/redis-0.1.0.tgz b/infrastructure/main/charts/redis-0.1.0.tgz index 0955588f8..92e387e6b 100644 Binary files a/infrastructure/main/charts/redis-0.1.0.tgz and b/infrastructure/main/charts/redis-0.1.0.tgz differ diff --git a/infrastructure/main/charts/static-0.1.0.tgz b/infrastructure/main/charts/static-0.1.0.tgz index 62a1f87c7..942b5031e 100644 Binary files a/infrastructure/main/charts/static-0.1.0.tgz and b/infrastructure/main/charts/static-0.1.0.tgz differ diff --git a/infrastructure/main/charts/tasks-0.1.0.tgz b/infrastructure/main/charts/tasks-0.1.0.tgz index 3e6433056..8695a872d 100644 Binary files a/infrastructure/main/charts/tasks-0.1.0.tgz and b/infrastructure/main/charts/tasks-0.1.0.tgz differ diff --git a/infrastructure/main/values-dev.yaml b/infrastructure/main/values-dev.yaml index 7ebaa28ec..ee511fa3e 100644 --- a/infrastructure/main/values-dev.yaml +++ b/infrastructure/main/values-dev.yaml @@ -24,7 +24,11 @@ django: djangoConfigMap: dev-drivebc-django #By default this should be correct for Dev djangoSecret: dev-drivebc-django #By default this should be correct for dev route: - host: dev-drivebc-backend.apps.silver.devops.gov.bc.ca + host: dev-drivebc.apps.silver.devops.gov.bc.ca + backendpath: /backend/ #must be surrounded by / + apipath: /api/ #must be surrounded by / + iprestricted: false #Set to true if you want to limit IP's the the addresses in the ipallowlist below + ipallowlist: pvc: port: 3000 storage: 1Gi @@ -62,7 +66,11 @@ image-caching: cpu: 150m memory: 128Mi route: - host: dev-drivebc-image-caching.apps.silver.devops.gov.bc.ca + host: dev-drivebc.apps.silver.devops.gov.bc.ca + iprestricted: false #Set to true if you want to limit IP's the the addresses in the ipallowlist below + ipallowlist: + webcamPath: /webcam/ + replayTheDayPath: /ReplayTheDay/ redis: @@ -93,4 +101,6 @@ static: memory: 128Mi route: - host: dev-drivebc-frontend.apps.silver.devops.gov.bc.ca + host: dev-drivebc.apps.silver.devops.gov.bc.ca + iprestricted: false #Set to true if you want to limit IP's the the addresses in the ipallowlist below + ipallowlist: diff --git a/infrastructure/main/values-prod.yaml b/infrastructure/main/values-prod.yaml index dbdefa83e..315679af1 100644 --- a/infrastructure/main/values-prod.yaml +++ b/infrastructure/main/values-prod.yaml @@ -1,8 +1,4 @@ # See https://helm.sh/docs/chart_template_guide/subcharts_and_globals/#global-chart-values -global: - licensePlate: c59ecc - namespace: prod - nameOverride: prod-drivebc fullnameOverride: prod-drivebc @@ -11,7 +7,7 @@ django: fullnameOverride: prod-django namespace: c59ecc-prod #The namespace you are running the application on. This is used to pull from the ImageStream deployment: - replicas: 1 + replicas: 2 resources: requests: cpu: 50m @@ -20,11 +16,15 @@ django: cpu: 150m memory: 512Mi env: - postgresSecret: prod-drivebc-pguser-prod-drivebc #By default this should be correct for Dev - djangoConfigMap: prod-drivebc-django #By default this should be correct for Dev - djangoSecret: prod-drivebc-django #By default this should be correct for dev + postgresSecret: prod-drivebc-pguser-prod-drivebc #By default this should be correct for Prod + djangoConfigMap: prod-drivebc-django #By default this should be correct for Prod + djangoSecret: prod-drivebc-django #By default this should be correct for Prod route: - host: prod-drivebc-backend.apps.silver.devops.gov.bc.ca + host: prod-drivebc.apps.silver.devops.gov.bc.ca + backendpath: /backend/ #must be surrounded by / + apipath: /api/ #must be surrounded by / + iprestricted: true #Set to true if you want to limit IP's the the addresses in the ipallowlist below + ipallowlist: 142.34.53.0/24 142.22.0.0/15 142.24.0.0/13 142.32.0.0/13 208.181.128.46/32 #The first 4 ranges are GOV IP's, the last one is for OXD external IP pvc: port: 3000 storage: 1Gi @@ -44,16 +44,16 @@ tasks: cpu: 150m memory: 512Mi env: - postgresSecret: prod-drivebc-pguser-prod-drivebc #By default this should be correct for Dev - djangoConfigMap: prod-drivebc-django #By default this should be correct for Dev - djangoSecret: prod-drivebc-django #By default this should be correct for dev + postgresSecret: prod-drivebc-pguser-prod-drivebc #By default this should be correct for Prod + djangoConfigMap: prod-drivebc-django #By default this should be correct for Prod + djangoSecret: prod-drivebc-django #By default this should be correct for Prod image-caching: fullnameOverride: prod-image-caching namespace: c59ecc-prod #enter the full namespace here to the deployment has the correct imagestream - environment: dev #enter the environment this is being deployed too. Needed to set the configmap reference + environment: prod #enter the environment this is being deployed too. Needed to set the configmap reference deployment: - replicas: 1 + replicas: 2 resources: requests: cpu: 50m @@ -62,7 +62,12 @@ image-caching: cpu: 150m memory: 128Mi route: - host: prod-drivebc-image-caching.apps.silver.devops.gov.bc.ca + host: prod-drivebc.apps.silver.devops.gov.bc.ca + iprestricted: true #Set to true if you want to limit IP's the the addresses in the ipallowlist below + ipallowlist: 142.34.53.0/24 142.22.0.0/15 142.24.0.0/13 142.32.0.0/13 208.181.128.46/32 #The first 4 ranges are GOV IP's, the last one is for OXD external IP + webcamPath: /webcam/ + replayTheDayPath: /ReplayTheDay/ + redis: @@ -93,4 +98,6 @@ static: memory: 128Mi route: - host: prod-drivebc-frontend.apps.silver.devops.gov.bc.ca + host: prod-drivebc.apps.silver.devops.gov.bc.ca + iprestricted: true #Set to true if you want to limit IP's the the addresses in the ipallowlist below + ipallowlist: 142.34.53.0/24 142.22.0.0/15 142.24.0.0/13 142.32.0.0/13 208.181.128.46/32 #The first 4 ranges are GOV IP's, the last one is for OXD external IP diff --git a/infrastructure/main/values-test.yaml b/infrastructure/main/values-test.yaml index cf2f66dc9..cc6ae52cc 100644 --- a/infrastructure/main/values-test.yaml +++ b/infrastructure/main/values-test.yaml @@ -24,7 +24,11 @@ django: djangoConfigMap: test-drivebc-django #By default this should be correct for Dev djangoSecret: test-drivebc-django #By default this should be correct for dev route: - host: test-drivebc-backend.apps.silver.devops.gov.bc.ca + host: test-drivebc.apps.silver.devops.gov.bc.ca + backendpath: /backend/ #must be surrounded by / + apipath: /api/ #must be surrounded by / + iprestricted: false #Set to true if you want to limit IP's the the addresses in the ipallowlist below + ipallowlist: pvc: port: 3000 storage: 1Gi @@ -51,7 +55,7 @@ tasks: image-caching: fullnameOverride: test-image-caching namespace: c59ecc-dev #enter the full namespace here to the deployment has the correct imagestream - environment: dev #enter the environment this is being deployed too. Needed to set the configmap reference + environment: test #enter the environment this is being deployed too. Needed to set the configmap reference deployment: replicas: 1 resources: @@ -62,12 +66,16 @@ image-caching: cpu: 150m memory: 128Mi route: - host: dev-drivebc-image-caching.apps.silver.devops.gov.bc.ca + host: test-drivebc.apps.silver.devops.gov.bc.ca + iprestricted: false #Set to true if you want to limit IP's the the addresses in the ipallowlist below + ipallowlist: + webcamPath: /webcam/ + replayTheDayPath: /ReplayTheDay/ redis: fullnameOverride: test-redis - namespace: c59ecc-tools #enter the full namespace here to the deployment has the correct imagestream + namespace: c59ecc-dev #enter the full namespace here to the deployment has the correct imagestream deployment: replicas: 1 resources: @@ -93,4 +101,6 @@ static: memory: 128Mi route: - host: test-drivebc-frontend.apps.silver.devops.gov.bc.ca + host: test-drivebc.apps.silver.devops.gov.bc.ca + iprestricted: false #Set to true if you want to limit IP's the the addresses in the ipallowlist below + ipallowlist: diff --git a/infrastructure/main/values-uat.yaml b/infrastructure/main/values-uat.yaml index fa20f98fc..3c08f58ed 100644 --- a/infrastructure/main/values-uat.yaml +++ b/infrastructure/main/values-uat.yaml @@ -24,7 +24,11 @@ django: djangoConfigMap: uat-drivebc-django #By default this should be correct for Dev djangoSecret: uat-drivebc-django #By default this should be correct for dev route: - host: uat-drivebc-backend.apps.silver.devops.gov.bc.ca + host: uat-drivebc.apps.silver.devops.gov.bc.ca + backendpath: /backend/ #must be surrounded by / + apipath: /api/ #must be surrounded by / + iprestricted: true #Set to true if you want to limit IP's the the addresses in the ipallowlist below + ipallowlist: 142.34.53.0/24 142.22.0.0/15 142.24.0.0/13 142.32.0.0/13 208.181.128.46/32 #The first 4 ranges are GOV IP's, the last one is for OXD external IP pvc: port: 3000 storage: 1Gi @@ -51,7 +55,7 @@ tasks: image-caching: fullnameOverride: uat-image-caching namespace: c59ecc-test #enter the full namespace here to the deployment has the correct imagestream - environment: dev #enter the environment this is being deployed too. Needed to set the configmap reference + environment: uat #enter the environment this is being deployed too. Needed to set the configmap reference deployment: replicas: 2 resources: @@ -62,7 +66,11 @@ image-caching: cpu: 150m memory: 128Mi route: - host: uat-drivebc-image-caching.apps.silver.devops.gov.bc.ca + host: uat-drivebc.apps.silver.devops.gov.bc.ca + iprestricted: true #Set to true if you want to limit IP's the the addresses in the ipallowlist below + ipallowlist: 142.34.53.0/24 142.22.0.0/15 142.24.0.0/13 142.32.0.0/13 208.181.128.46/32 #The first 4 ranges are GOV IP's, the last one is for OXD external IP + webcamPath: /webcam/ + replayTheDayPath: /ReplayTheDay/ redis: @@ -93,4 +101,6 @@ static: memory: 128Mi route: - host: uat-drivebc-frontend.apps.silver.devops.gov.bc.ca + host: uat-drivebc.apps.silver.devops.gov.bc.ca + iprestricted: true #Set to true if you want to limit IP's the the addresses in the ipallowlist below + ipallowlist: 142.34.53.0/24 142.22.0.0/15 142.24.0.0/13 142.32.0.0/13 208.181.128.46/32 #The first 4 ranges are GOV IP's, the last one is for OXD external IP diff --git a/infrastructure/main/values.yaml b/infrastructure/main/values.yaml index 6512d0a88..99d1ac1b9 100644 --- a/infrastructure/main/values.yaml +++ b/infrastructure/main/values.yaml @@ -24,7 +24,10 @@ django: djangoConfigMap: drivebc-django #By default this should be correct for Dev djangoSecret: drivebc-django #By default this should be correct for dev route: - host: drivebc-backend.apps.silver.devops.gov.bc.ca + host: drivebc.apps.silver.devops.gov.bc.ca + backendpath: /backend/ #must be surrounded by / + apipath: /api/ #must be surrounded by / + govonly: true #Set to true so limited access is limited to gov IP's only. False for public access pvc: port: 3000 storage: 1Gi @@ -62,8 +65,10 @@ image-caching: cpu: 150m memory: 128Mi route: - host: drivebc-image-caching.apps.silver.devops.gov.bc.ca - + host: drivebc.apps.silver.devops.gov.bc.ca + govonly: true #Set to true so limited access is limited to gov IP's only. False for public access + webcamPath: /webcam/ + replayTheDayPath: /ReplayTheDay/ redis: fullnameOverride: redis @@ -93,4 +98,5 @@ static: memory: 128Mi route: - host: drivebc-frontend.apps.silver.devops.gov.bc.ca + host: drivebc.apps.silver.devops.gov.bc.ca + govonly: true #Set to true so limited access is limited to gov IP's only. False for public access