From 9751700648df5b5d3364417c3661123c186b7da9 Mon Sep 17 00:00:00 2001 From: Mulder Date: Fri, 9 Feb 2024 08:46:55 -0800 Subject: [PATCH] DBC22-1560, DBC22-1563, DBC22-1561:Move to Gold --- .github/workflows/createTag.yml | 34 ++ .github/workflows/dev.yml | 162 ++++-- .github/workflows/image-caching.yml | 36 -- .github/workflows/prod.yml | 137 ++--- .github/workflows/sonarcloud.yml | 2 +- .github/workflows/test.yml | 221 ++++++-- .github/workflows/test_manual.yml | 190 +++++++ .github/workflows/trivyscans.yml | 81 +++ .github/workflows/uat.yml | 139 ++--- .github/workflows/zapscan.yml | 14 +- README.md | 28 + compose/caching/Dockerfile | 2 +- compose/caching/entrypoint | 4 +- compose/redis/Dockerfile | 1 + infrastructure/README.md | 32 +- infrastructure/_django/README.md | 38 +- .../_django/templates/django-deployment.yaml | 39 +- .../_django/templates/django-hpa.yaml | 22 + .../_django/templates/django-imageStream.yaml | 6 - .../_django/templates/django-route.yaml | 29 +- infrastructure/_django/values.yaml | 31 +- infrastructure/_image-caching/README.md | 32 +- .../templates/caching-deployment.yaml | 27 +- .../_image-caching/templates/caching-hpa.yaml | 22 + .../templates/caching-imageStream.yaml | 6 - .../templates/caching-route.yaml | 4 +- infrastructure/_image-caching/values.yaml | 32 +- infrastructure/_redis/README.md | 28 +- .../_redis/templates/redis-deployment.yaml | 24 +- .../_redis/templates/redis-imageStream.yaml | 11 - infrastructure/_redis/values.yaml | 17 +- infrastructure/_static/README.md | 32 +- .../_static/templates/static-deployment.yaml | 28 +- .../_static/templates/static-hpa.yaml | 22 + .../_static/templates/static-imageStream.yaml | 6 - infrastructure/_static/values.yaml | 26 +- infrastructure/_tasks/README.md | 39 +- .../_tasks/templates/tasks-deployment.yaml | 39 +- infrastructure/_tasks/values.yaml | 23 +- .../crunchy-postgres/values-dev.yaml | 2 +- .../crunchy-postgres/values-prod.yaml | 4 +- .../crunchy-postgres/values-test.yaml | 2 +- .../crunchy-postgres/values-uat.yaml | 6 +- infrastructure/crunchy-tools/.helmignore | 23 - infrastructure/crunchy-tools/Chart.yaml | 24 - infrastructure/crunchy-tools/README.md | 80 --- .../crunchy-tools/templates/_helpers.tpl | 62 --- .../templates/deployer/deployerRole.yaml | 217 -------- .../deployer/deployerRoleBinding.yaml | 18 - .../deployer/deployerServiceAccount.yaml | 11 - .../templates/linter/linterRole.yaml | 497 ------------------ .../templates/linter/linterRoleBinding.yaml | 17 - .../linter/linterServiceAccount.yaml | 10 - .../templates/networking/networkPolicy.yaml | 23 - .../networking/podNetworkPolicy.yaml | 16 - .../templates/networking/route.yaml | 21 - .../provisioner/provisionerRole.yaml | 237 --------- .../provisioner/provisionerRoleBinding.yaml | 19 - .../provisionerServiceAccount.yaml | 11 - infrastructure/crunchy-tools/values.yaml | 31 -- .../init/templates/init-django-configmap.yaml | 35 +- .../init/templates/init-django-secret.yaml | 6 +- .../init-image-caching-configmap.yaml | 7 + .../init/templates/init-static-configmap.yaml | 17 +- .../init/templates/init-static-secret.yaml | 4 +- infrastructure/init/values-uat.yaml | 2 +- infrastructure/main/charts/django-0.1.0.tgz | Bin 3224 -> 3466 bytes .../main/charts/image-caching-0.1.0.tgz | Bin 2737 -> 2928 bytes infrastructure/main/charts/redis-0.1.0.tgz | Bin 2252 -> 2213 bytes infrastructure/main/charts/static-0.1.0.tgz | Bin 2542 -> 2947 bytes infrastructure/main/charts/tasks-0.1.0.tgz | Bin 2520 -> 2509 bytes infrastructure/main/values-dev.yaml | 134 +++-- infrastructure/main/values-prod.yaml | 124 +++-- infrastructure/main/values-test.yaml | 135 +++-- infrastructure/main/values-uat.yaml | 127 +++-- infrastructure/main/values.yaml | 121 +++-- .../django/templates/django-deployment.yaml | 118 ----- .../django/templates/django-imageStream.yaml | 12 - .../charts/django/templates/django-pvc.yaml | 18 - .../charts/django/templates/django-route.yaml | 23 - .../django/templates/django-service.yaml | 23 - .../templates/caching-deployment.yaml | 59 --- .../templates/caching-imageStream.yaml | 12 - .../templates/caching-route.yaml | 22 - .../templates/caching-service.yaml | 23 - .../redis/templates/redis-deployment.yaml | 58 -- .../redis/templates/redis-imageStream.yaml | 18 - .../charts/redis/templates/redis-service.yaml | 23 - .../static/templates/static-deployment.yaml | 54 -- .../static/templates/static-imageStream.yaml | 12 - .../charts/static/templates/static-route.yaml | 23 - .../static/templates/static-service.yaml | 22 - .../tasks/templates/tasks-deployment.yaml | 110 ---- 93 files changed, 1576 insertions(+), 2763 deletions(-) create mode 100644 .github/workflows/createTag.yml delete mode 100644 .github/workflows/image-caching.yml create mode 100644 .github/workflows/test_manual.yml create mode 100644 .github/workflows/trivyscans.yml create mode 100644 compose/redis/Dockerfile create mode 100644 infrastructure/_django/templates/django-hpa.yaml delete mode 100644 infrastructure/_django/templates/django-imageStream.yaml create mode 100644 infrastructure/_image-caching/templates/caching-hpa.yaml delete mode 100644 infrastructure/_image-caching/templates/caching-imageStream.yaml delete mode 100644 infrastructure/_redis/templates/redis-imageStream.yaml create mode 100644 infrastructure/_static/templates/static-hpa.yaml delete mode 100644 infrastructure/_static/templates/static-imageStream.yaml delete mode 100644 infrastructure/crunchy-tools/.helmignore delete mode 100644 infrastructure/crunchy-tools/Chart.yaml delete mode 100644 infrastructure/crunchy-tools/README.md delete mode 100644 infrastructure/crunchy-tools/templates/_helpers.tpl delete mode 100644 infrastructure/crunchy-tools/templates/deployer/deployerRole.yaml delete mode 100644 infrastructure/crunchy-tools/templates/deployer/deployerRoleBinding.yaml delete mode 100644 infrastructure/crunchy-tools/templates/deployer/deployerServiceAccount.yaml delete mode 100644 infrastructure/crunchy-tools/templates/linter/linterRole.yaml delete mode 100644 infrastructure/crunchy-tools/templates/linter/linterRoleBinding.yaml delete mode 100644 infrastructure/crunchy-tools/templates/linter/linterServiceAccount.yaml delete mode 100644 infrastructure/crunchy-tools/templates/networking/networkPolicy.yaml delete mode 100644 infrastructure/crunchy-tools/templates/networking/podNetworkPolicy.yaml delete mode 100644 infrastructure/crunchy-tools/templates/networking/route.yaml delete mode 100644 infrastructure/crunchy-tools/templates/provisioner/provisionerRole.yaml delete mode 100644 infrastructure/crunchy-tools/templates/provisioner/provisionerRoleBinding.yaml delete mode 100644 infrastructure/crunchy-tools/templates/provisioner/provisionerServiceAccount.yaml delete mode 100644 infrastructure/crunchy-tools/values.yaml create mode 100644 infrastructure/init/templates/init-image-caching-configmap.yaml delete mode 100644 infrastructure/main/yaml/main/charts/django/templates/django-deployment.yaml delete mode 100644 infrastructure/main/yaml/main/charts/django/templates/django-imageStream.yaml delete mode 100644 infrastructure/main/yaml/main/charts/django/templates/django-pvc.yaml delete mode 100644 infrastructure/main/yaml/main/charts/django/templates/django-route.yaml delete mode 100644 infrastructure/main/yaml/main/charts/django/templates/django-service.yaml delete mode 100644 infrastructure/main/yaml/main/charts/image-caching/templates/caching-deployment.yaml delete mode 100644 infrastructure/main/yaml/main/charts/image-caching/templates/caching-imageStream.yaml delete mode 100644 infrastructure/main/yaml/main/charts/image-caching/templates/caching-route.yaml delete mode 100644 infrastructure/main/yaml/main/charts/image-caching/templates/caching-service.yaml delete mode 100644 infrastructure/main/yaml/main/charts/redis/templates/redis-deployment.yaml delete mode 100644 infrastructure/main/yaml/main/charts/redis/templates/redis-imageStream.yaml delete mode 100644 infrastructure/main/yaml/main/charts/redis/templates/redis-service.yaml delete mode 100644 infrastructure/main/yaml/main/charts/static/templates/static-deployment.yaml delete mode 100644 infrastructure/main/yaml/main/charts/static/templates/static-imageStream.yaml delete mode 100644 infrastructure/main/yaml/main/charts/static/templates/static-route.yaml delete mode 100644 infrastructure/main/yaml/main/charts/static/templates/static-service.yaml delete mode 100644 infrastructure/main/yaml/main/charts/tasks/templates/tasks-deployment.yaml diff --git a/.github/workflows/createTag.yml b/.github/workflows/createTag.yml new file mode 100644 index 000000000..69cef8b2d --- /dev/null +++ b/.github/workflows/createTag.yml @@ -0,0 +1,34 @@ +name: 2a. Create Tag + +on: + workflow_dispatch: + inputs: + tag: + type: string + description: Tag Version (incl. prefix; e.g. v1.2.3) + required: true + message: + type: string + description: Tag Message (e.g. Story Number) + required: true + +jobs: + tagging: + if: startsWith(github.ref, 'refs/heads/') == true + runs-on: ubuntu-latest + timeout-minutes: 5 + permissions: + contents: write + + + steps: + - uses: actions/checkout@v4 + + - name: Create a tag + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + git config commit.gpgsign false + + git tag -a ${{ github.event.inputs.tag }} -m "${{ github.event.inputs.message }}" + git push origin ${{ github.event.inputs.tag }} \ No newline at end of file diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml index 0fc4695d1..edf7c551d 100644 --- a/.github/workflows/dev.yml +++ b/.github/workflows/dev.yml @@ -1,75 +1,159 @@ -name: Deploy main to dev +name: 1. Build & Deploy to Dev +#Will automatically run on a push to main, but can also be run manually on: push: branches: [ "main" ] workflow_dispatch: +env: + IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} + REGISTRY_USER: ${{ github.actor }} + REGISTRY_PASSWORD: ${{ github.token }} + + jobs: build-static: runs-on: ubuntu-latest - name: Build & Deploy Docker Static images + name: Build & Push Docker Static Image environment: name: dev - url: https://dev-drivebc.apps.silver.devops.gov.bc.ca - steps: - - name: checkout code - uses: actions/checkout@v3 + - name: Checkout Code + uses: actions/checkout@v4 - - name: build static - uses: redhat-actions/buildah-build@v2 + - name: Build Static + id: build_image + uses: redhat-actions/buildah-build@v2.9 with: context: . layers: true - image: dev-static - tags: latest ${{ github.sha }} + image: drivebc-static + tags: latest latest-dev ${{ github.sha }} labels: | - app=dev-drivebc + app=drivebc containerfiles: ./compose/frontend/StaticBuild build-args: | - API_HOST=${{ vars.API_HOST }} - BASE_MAP=${{ vars.BASE_MAP }} - MAP_STYLE=${{ vars.MAP_STYLE }} - HIGHWAY_LAYER=${{ vars.HIGHWAY_LAYER }} - OPEN511_LAYER=${{ vars.OPEN511_LAYER }} - REPLAY_THE_DAY=${{ vars.REPLAY_THE_DAY }} - ROUTE_PLANNER=${{ vars.ROUTE_PLANNER }} - ROUTE_PLANNER_KEY=${{ vars.ROUTE_PLANNER_KEY }} - GEOCODER_HOST=${{ vars.GEOCODER_HOST }} - GEOCODER_API_AUTH_KEY=${{ vars.GEOCODER_API_AUTH_KEY }} DEBUG_BUILD=true - - name: push to registry + + - name: Push to Github Packages uses: redhat-actions/push-to-registry@v2.7 with: - image: dev-static - registry: ${{ secrets.REGISTRY }} - username: ${{ secrets.BUILDER_USERNAME }} - password: ${{ secrets.BUILDER_TOKEN }} + image: ${{ steps.build_image.outputs.image }} + tags: ${{ steps.build_image.outputs.tags }} + registry: ${{ env.IMAGE_REGISTRY }} + username: ${{ env.REGISTRY_USER }} + password: ${{ env.REGISTRY_PASSWORD }} + build-backend: runs-on: ubuntu-latest - name: Build & Deploy Docker Backend images + name: Build & Push Docker Backend Image environment: dev steps: - - name: checkout code - uses: actions/checkout@v3 - - name: build backend - uses: redhat-actions/buildah-build@v2 + - name: Checkout Code + uses: actions/checkout@v4 + + - name: Build Backend + id: build_image + uses: redhat-actions/buildah-build@v2.9 with: - image: dev-django - tags: latest ${{ github.sha }} + image: drivebc-django + tags: latest latest-dev ${{ github.sha }} labels: | - app=dev-drivebc + app=drivebc containerfiles: ./compose/backend/Dockerfile build-args: DEBUG_BUILD=true - - name: push to registry + + - name: Push to Github Packages + uses: redhat-actions/push-to-registry@v2.7 + with: + image: ${{ steps.build_image.outputs.image }} + tags: ${{ steps.build_image.outputs.tags }} + registry: ${{ env.IMAGE_REGISTRY }} + username: ${{ env.REGISTRY_USER }} + password: ${{ env.REGISTRY_PASSWORD }} + + + build-image-caching: + runs-on: ubuntu-latest + name: Build & Push Docker Image-Caching Image + environment: dev + + steps: + - name: Checkout Code + uses: actions/checkout@v4 + + - name: Build Image Caching + id: build_image + uses: redhat-actions/buildah-build@v2.9 + with: + image: drivebc-image-caching + tags: latest latest-dev ${{ github.sha }} + labels: | + app=drivebc + containerfiles: ./compose/caching/Dockerfile + + - name: Push to Github Packages uses: redhat-actions/push-to-registry@v2.7 with: - image: dev-django - registry: ${{ secrets.REGISTRY }} - username: ${{ secrets.BUILDER_USERNAME }} - password: ${{ secrets.BUILDER_TOKEN }} + image: ${{ steps.build_image.outputs.image }} + tags: ${{ steps.build_image.outputs.tags }} + registry: ${{ env.IMAGE_REGISTRY }} + username: ${{ env.REGISTRY_USER }} + password: ${{ env.REGISTRY_PASSWORD }} + + build-redis: + runs-on: ubuntu-latest + name: Build & Push Docker Redis Image + environment: dev + + steps: + - name: Checkout Code + uses: actions/checkout@v4 + + - name: Build Redis + id: build_image + uses: redhat-actions/buildah-build@v2.9 + with: + image: drivebc-redis + tags: latest latest-dev ${{ github.sha }} + labels: | + app=drivebc + containerfiles: ./compose/redis/Dockerfile + + - name: Push to Github Packages + uses: redhat-actions/push-to-registry@v2.7 + with: + image: ${{ steps.build_image.outputs.image }} + tags: ${{ steps.build_image.outputs.tags }} + registry: ${{ env.IMAGE_REGISTRY }} + username: ${{ env.REGISTRY_USER }} + password: ${{ env.REGISTRY_PASSWORD }} + + versionUpdate: + needs: [build-static, build-backend, build-redis, build-image-caching] + runs-on: ubuntu-latest + name: Deploy Latest Images + environment: + name: dev + url: https://dev-drivebc.apps.gold.devops.gov.bc.ca + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Authenticate and set context + uses: redhat-actions/oc-login@v1 + with: + openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }} + openshift_token: ${{ secrets.OPENSHIFT_TOKEN }} + namespace: ${{ env.OPENSHIFT_NAMESPACE }} + insecure_skip_tls_verify: true + + - name: Helm upgrade on OpenShift Environment + run: | + helm dependency update ./infrastructure/main + helm upgrade dev-drivebc -f ./infrastructure/main/values-dev.yaml ./infrastructure/main --set django.image.tag="${{ github.sha }}" --set image-caching.image.tag="${{ github.sha }}" --set redis.image.tag="${{ github.sha }}" --set static.image.tag="${{ github.sha }}" --set tasks.image.tag="${{ github.sha }}" diff --git a/.github/workflows/image-caching.yml b/.github/workflows/image-caching.yml deleted file mode 100644 index 026a42ba9..000000000 --- a/.github/workflows/image-caching.yml +++ /dev/null @@ -1,36 +0,0 @@ -#To handle a scenario where you may run two instances in one OpenShift namespace -#we require a CACHING_IMAGE_NAME environment variable set in GitHub for each environment -name: Build & Deploy Image Caching Image - -on: - workflow_dispatch: - inputs: - environment: - type: environment - -jobs: - - build: - runs-on: ubuntu-latest - name: Build & Deploy Docker images - environment: - name: ${{ inputs.environment }} - steps: - - name: checkout code - uses: actions/checkout@v3 - - - name: build image caching - uses: redhat-actions/buildah-build@v2 - with: - image: ${{ vars.CACHING_IMAGE_NAME }} - tags: latest ${{ github.sha }} - labels: | - app=drivebc - containerfiles: ./compose/caching/Dockerfile - - name: push to registry - uses: redhat-actions/push-to-registry@v2.7 - with: - image: ${{ vars.CACHING_IMAGE_NAME }} - registry: ${{ secrets.REGISTRY }} - username: ${{ secrets.BUILDER_USERNAME }} - password: ${{ secrets.BUILDER_TOKEN }} diff --git a/.github/workflows/prod.yml b/.github/workflows/prod.yml index f25698e47..6d3c9e34f 100644 --- a/.github/workflows/prod.yml +++ b/.github/workflows/prod.yml @@ -1,73 +1,92 @@ -name: Deploy main to prod +name: 4. Promote from UAT to Prod -on: - workflow_dispatch: +on: + workflow_dispatch: #Make sure you select a tag and not a branch if using manually + release: + types: [published] +env: + IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} + REGISTRY_USER: ${{ github.actor }} + REGISTRY_PASSWORD: ${{ github.token }} -jobs: +permissions: + packages: write - build-static: +jobs: + deploy-pre: runs-on: ubuntu-latest - name: Build & Deploy Docker Static images - environment: prod + name: Create Tag Variable (remove V) + timeout-minutes: 1 + outputs: + tag: ${{ steps.vars.outputs.tag }} steps: - - name: checkout code - uses: actions/checkout@v3 + - name: Remove v from version for the docker tag + id: vars + run: | + vtag=${{ github.ref_name }} + echo "tag=${vtag//v}" >> $GITHUB_OUTPUT - - name: build static - uses: redhat-actions/buildah-build@v2 +#This job adds 'latest-prod' docker tags to the existing image so it's always clear which image is current for a particular environment + addDockerTag: + needs: [deploy-pre] + runs-on: ubuntu-latest + name: Add latest-prod Tag + steps: + - name: Add latest-prod tag to django image + uses: shrink/actions-docker-registry-tag@v3 + with: + registry: ghcr.io + repository: bcgov/drivebc-django + target: ${{ needs.deploy-pre.outputs.tag }} + tags: | + latest-prod + - name: Add latest-prod tag to static image + uses: shrink/actions-docker-registry-tag@v3 with: - context: . - layers: true - image: prod-static - tags: latest ${{ github.sha }} - labels: | - app=prod-drivebc - containerfiles: ./compose/frontend/StaticBuild - build-args: | - API_HOST=${{ vars.API_HOST }} - BASE_MAP=${{ vars.BASE_MAP }} - MAP_STYLE=${{ vars.MAP_STYLE }} - HIGHWAY_LAYER=${{ vars.HIGHWAY_LAYER }} - OPEN511_LAYER=${{ vars.OPEN511_LAYER }} - REPLAY_THE_DAY=${{ vars.REPLAY_THE_DAY }} - ROUTE_PLANNER=${{ vars.ROUTE_PLANNER }} - ROUTE_PLANNER_KEY=${{ vars.ROUTE_PLANNER_KEY }} - GEOCODER_HOST=${{ vars.GEOCODER_HOST }} - GEOCODER_API_AUTH_KEY=${{ vars.GEOCODER_API_AUTH_KEY }} - DEBUG_BUILD=false - - name: push to registry - uses: redhat-actions/push-to-registry@v2.7 + registry: ghcr.io + repository: bcgov/drivebc-static + target: ${{ needs.deploy-pre.outputs.tag }} + tags: | + latest-prod + - name: Add latest-prod tag to image-caching image + uses: shrink/actions-docker-registry-tag@v3 with: - image: prod-static - registry: ${{ secrets.REGISTRY }} - username: ${{ secrets.BUILDER_USERNAME }} - password: ${{ secrets.BUILDER_TOKEN }} + registry: ghcr.io + repository: bcgov/drivebc-image-caching + target: ${{ needs.deploy-pre.outputs.tag }} + tags: | + latest-prod + - name: Add latest-uat tag to redis image + uses: shrink/actions-docker-registry-tag@v3 + with: + registry: ghcr.io + repository: bcgov/drivebc-redis + target: ${{ needs.deploy-pre.outputs.tag }} + tags: | + latest-prod - build-backend: + deploy: + needs: [deploy-pre] runs-on: ubuntu-latest - name: Build & Deploy Docker backend images - environment: prod - + name: Promote Images to OpenShift + environment: + name: prod + url: https://beta.drivebc.ca/ steps: - - name: checkout code - uses: actions/checkout@v3 - - - name: build backend - uses: redhat-actions/buildah-build@v2 - with: - image: prod-django - tags: latest ${{ github.sha }} - labels: | - app=prod-drivebc - containerfiles: ./compose/backend/Dockerfile - build-args: - DEBUG_BUILD=false - - name: push to registry - uses: redhat-actions/push-to-registry@v2.7 + - name: Checkout Code + uses: actions/checkout@v4 + + - name: Authenticate and set context + uses: redhat-actions/oc-login@v1 with: - image: prod-django - registry: ${{ secrets.REGISTRY }} - username: ${{ secrets.BUILDER_USERNAME }} - password: ${{ secrets.BUILDER_TOKEN }} + openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }} + openshift_token: ${{ secrets.OPENSHIFT_TOKEN }} + namespace: ${{ env.OPENSHIFT_NAMESPACE }} + insecure_skip_tls_verify: true + + - name: Helm upgrade on OpenShift Environment + run: | + helm dependency update ./infrastructure/main + helm upgrade prod-drivebc -f ./infrastructure/main/values-prod.yaml ./infrastructure/main --set django.image.tag="${{ needs.deploy-pre.outputs.tag }}" --set image-caching.image.tag="${{ needs.deploy-pre.outputs.tag }}" --set redis.image.tag="${{ needs.deploy-pre.outputs.tag }}" --set static.image.tag="${{ needs.deploy-pre.outputs.tag }}" --set tasks.image.tag="${{ needs.deploy-pre.outputs.tag }}" \ No newline at end of file diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index fe9f5b02e..19ace535f 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -13,7 +13,7 @@ jobs: name: SonarCloud runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - name: SonarCloud Scan diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index e8f987af0..45c4446b0 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,74 +1,211 @@ -name: Deploy main to test +name: 2. Create Tag & Build/Deploy to Test on: - # push: - # branches: [ "main" ] workflow_dispatch: + inputs: + tag: + type: string + description: Tag Version (incl. prefix; e.g. v1.2.3) + required: true + message: + type: string + description: Tag Message (e.g. Story Number) + required: true + +env: + IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} + REGISTRY_USER: ${{ github.actor }} + REGISTRY_PASSWORD: ${{ github.token }} jobs: + tag: + if: startsWith(github.ref, 'refs/heads/') == true + name: Create Tag + runs-on: ubuntu-latest + timeout-minutes: 5 + permissions: + contents: write + + steps: + - uses: actions/checkout@v4 + + - name: Create Tag + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + git config commit.gpgsign false + + git tag -a ${{ github.event.inputs.tag }} -m "${{ github.event.inputs.message }}" + git push origin ${{ github.event.inputs.tag }} + + build-pre: + needs: [tag] + name: Create Tag Variable (remove V) + runs-on: ubuntu-latest + timeout-minutes: 1 + outputs: + tag: ${{ steps.vars.outputs.tag }} + + steps: + - name: Remove v from version for the docker tag + id: vars + run: | + vtag=${{ github.event.inputs.tag }} + echo "tag=${vtag//v}" >> $GITHUB_OUTPUT build-static: + needs: [build-pre] runs-on: ubuntu-latest - name: Build & Deploy Docker Static images - environment: test + name: Build & Push Docker Static Image + environment: + name: test steps: - - name: checkout code - uses: actions/checkout@v3 + - name: Checkout Code + uses: actions/checkout@v4 + with: + ref: ${{ github.ref_name }} - - name: build static - uses: redhat-actions/buildah-build@v2 + - name: Build Static + id: build_image + uses: redhat-actions/buildah-build@v2.9 with: context: . layers: true - image: test-static - tags: latest ${{ github.sha }} + image: drivebc-static + tags: latest latest-test ${{ github.sha }} ${{ needs.build-pre.outputs.tag }} labels: | - app=test-drivebc + app=drivebc containerfiles: ./compose/frontend/StaticBuild build-args: | - API_HOST=${{ vars.API_HOST }} - BASE_MAP=${{ vars.BASE_MAP }} - MAP_STYLE=${{ vars.MAP_STYLE }} - HIGHWAY_LAYER=${{ vars.HIGHWAY_LAYER }} - OPEN511_LAYER=${{ vars.OPEN511_LAYER }} - REPLAY_THE_DAY=${{ vars.REPLAY_THE_DAY }} - ROUTE_PLANNER=${{ vars.ROUTE_PLANNER }} - ROUTE_PLANNER_KEY=${{ vars.ROUTE_PLANNER_KEY }} - GEOCODER_HOST=${{ vars.GEOCODER_HOST }} - GEOCODER_API_AUTH_KEY=${{ vars.GEOCODER_API_AUTH_KEY }} - DEBUG_BUILD=true - - name: push to registry + DEBUG_BUILD=false + + - name: Push to Github Packages uses: redhat-actions/push-to-registry@v2.7 with: - image: test-static - registry: ${{ secrets.REGISTRY }} - username: ${{ secrets.BUILDER_USERNAME }} - password: ${{ secrets.BUILDER_TOKEN }} - + image: ${{ steps.build_image.outputs.image }} + tags: ${{ steps.build_image.outputs.tags }} + registry: ${{ env.IMAGE_REGISTRY }} + username: ${{ env.REGISTRY_USER }} + password: ${{ env.REGISTRY_PASSWORD }} + + build-backend: + needs: [build-pre] runs-on: ubuntu-latest - name: Build & Deploy Docker Backend images + name: Build & Push Docker Backend Image environment: test steps: - - name: checkout code - uses: actions/checkout@v3 + - name: Checkout Code + uses: actions/checkout@v4 + with: + ref: ${{ github.ref_name }} - - name: build backend - uses: redhat-actions/buildah-build@v2 + - name: Build Backend + id: build_image + uses: redhat-actions/buildah-build@v2.9 with: - image: test-django - tags: latest ${{ github.sha }} + image: drivebc-django + tags: latest latest-test ${{ github.sha }} ${{ needs.build-pre.outputs.tag }} labels: | - app=test-drivebc + app=drivebc containerfiles: ./compose/backend/Dockerfile build-args: DEBUG_BUILD=true - - name: push to registry + + - name: Push to Github Packages + uses: redhat-actions/push-to-registry@v2.7 + with: + image: ${{ steps.build_image.outputs.image }} + tags: ${{ steps.build_image.outputs.tags }} + registry: ${{ env.IMAGE_REGISTRY }} + username: ${{ env.REGISTRY_USER }} + password: ${{ env.REGISTRY_PASSWORD }} + + + build-image-caching: + needs: [build-pre] + runs-on: ubuntu-latest + name: Build & Push Docker Image-Caching Image + environment: test + + steps: + - name: Checkout Code + uses: actions/checkout@v4 + with: + ref: ${{ github.ref_name }} + + - name: Build Image Caching + id: build_image + uses: redhat-actions/buildah-build@v2.9 + with: + image: drivebc-image-caching + tags: latest latest-test ${{ github.sha }} ${{ needs.build-pre.outputs.tag }} + labels: | + app=drivebc + containerfiles: ./compose/caching/Dockerfile + + - name: Push to Github Packages + uses: redhat-actions/push-to-registry@v2.7 + with: + image: ${{ steps.build_image.outputs.image }} + tags: ${{ steps.build_image.outputs.tags }} + registry: ${{ env.IMAGE_REGISTRY }} + username: ${{ env.REGISTRY_USER }} + password: ${{ env.REGISTRY_PASSWORD }} + + build-redis: + needs: [build-pre] + runs-on: ubuntu-latest + name: Build & Push Docker Redis Image + environment: test + steps: + - name: Checkout Code + uses: actions/checkout@v4 + + - name: Build Redis + id: build_image + uses: redhat-actions/buildah-build@v2.9 + with: + image: drivebc-redis + tags: latest latest-test ${{ github.sha }} ${{ needs.build-pre.outputs.tag }} + labels: | + app=drivebc + containerfiles: ./compose/redis/Dockerfile + + - name: Push to Github Packages uses: redhat-actions/push-to-registry@v2.7 with: - image: test-django - registry: ${{ secrets.REGISTRY }} - username: ${{ secrets.BUILDER_USERNAME }} - password: ${{ secrets.BUILDER_TOKEN }} + image: ${{ steps.build_image.outputs.image }} + tags: ${{ steps.build_image.outputs.tags }} + registry: ${{ env.IMAGE_REGISTRY }} + username: ${{ env.REGISTRY_USER }} + password: ${{ env.REGISTRY_PASSWORD }} + + + versionUpdate: + needs: [build-pre, build-static, build-backend, build-image-caching, build-redis] + runs-on: ubuntu-latest + name: Deploy Latest Images + environment: + name: test + url: https://test-drivebc.apps.gold.devops.gov.bc.ca + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + ref: ${{ github.ref_name }} + + - name: Authenticate and set context + uses: redhat-actions/oc-login@v1 + with: + openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }} + openshift_token: ${{ secrets.OPENSHIFT_TOKEN }} + namespace: ${{ env.OPENSHIFT_NAMESPACE }} + insecure_skip_tls_verify: true + + - name: Helm upgrade on OpenShift Environment + run: | + helm dependency update ./infrastructure/main + helm upgrade test-drivebc -f ./infrastructure/main/values-test.yaml ./infrastructure/main --set django.image.tag="${{ needs.build-pre.outputs.tag }}" --set image-caching.image.tag="${{ needs.build-pre.outputs.tag }}" --set redis.image.tag="${{ needs.build-pre.outputs.tag }}" --set static.image.tag="${{ needs.build-pre.outputs.tag }}" --set tasks.image.tag="${{ needs.build-pre.outputs.tag }}" \ No newline at end of file diff --git a/.github/workflows/test_manual.yml b/.github/workflows/test_manual.yml new file mode 100644 index 000000000..a33365d83 --- /dev/null +++ b/.github/workflows/test_manual.yml @@ -0,0 +1,190 @@ +#This will build, push to github packages (with the version tag) and then deploy to OpenShift +#This flow requires you to select a tag when you run it, otherwise it will fail. +name: 2b. Build & Deploy to Test + +on: + workflow_dispatch: + +env: + IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} + REGISTRY_USER: ${{ github.actor }} + REGISTRY_PASSWORD: ${{ github.token }} + +jobs: + branchCheck: #may not be needed if we only have it setup to run automatically + runs-on: ubuntu-latest + steps: + - name: Fail on branches + run: exit 1 + if: ${{ !startsWith(github.ref, 'refs/tags/') }} + + build-pre: + needs: [branchCheck] + runs-on: ubuntu-latest + timeout-minutes: 1 + outputs: + tag: ${{ steps.vars.outputs.tag }} + + steps: + - name: Remove v from version for the docker tag + id: vars + run: | + vtag=${{ github.ref_name }} + echo "tag=${vtag//v}" >> $GITHUB_OUTPUT + + build-static: + needs: [build-pre] + runs-on: ubuntu-latest + name: Build & Push Docker Static Image + environment: + name: test + + steps: + - name: Checkout Code + uses: actions/checkout@v4 + with: + ref: ${{ github.ref_name }} + + - name: Build Static + id: build_image + uses: redhat-actions/buildah-build@v2.9 + with: + context: . + layers: true + image: drivebc-static + tags: latest latest-test ${{ github.sha }} ${{ needs.build-pre.outputs.tag }} + labels: | + app=drivebc + containerfiles: ./compose/frontend/StaticBuild + build-args: | + DEBUG_BUILD=true + + - name: Push to Github Packages + uses: redhat-actions/push-to-registry@v2.7 + with: + image: ${{ steps.build_image.outputs.image }} + tags: ${{ steps.build_image.outputs.tags }} + registry: ${{ env.IMAGE_REGISTRY }} + username: ${{ env.REGISTRY_USER }} + password: ${{ env.REGISTRY_PASSWORD }} + + + build-backend: + needs: [build-pre] + runs-on: ubuntu-latest + name: Build & Push Docker Backend Image + environment: test + + steps: + - name: Checkout Code + uses: actions/checkout@v4 + with: + ref: ${{ github.ref_name }} + + - name: Build Backend + id: build_image + uses: redhat-actions/buildah-build@v2.9 + with: + image: drivebc-django + tags: latest latest-test ${{ github.sha }} ${{ needs.build-pre.outputs.tag }} + labels: | + app=drivebc + containerfiles: ./compose/backend/Dockerfile + build-args: + DEBUG_BUILD=true + + - name: Push to Github Packages + uses: redhat-actions/push-to-registry@v2.7 + with: + image: ${{ steps.build_image.outputs.image }} + tags: ${{ steps.build_image.outputs.tags }} + registry: ${{ env.IMAGE_REGISTRY }} + username: ${{ env.REGISTRY_USER }} + password: ${{ env.REGISTRY_PASSWORD }} + + + build-image-caching: + needs: [build-pre] + runs-on: ubuntu-latest + name: Build & Push Docker Image-Caching Image + environment: test + + steps: + - name: Checkout Code + uses: actions/checkout@v4 + with: + ref: ${{ github.ref_name }} + + - name: Build Image Caching + id: build_image + uses: redhat-actions/buildah-build@v2.9 + with: + image: drivebc-image-caching + tags: latest latest-test ${{ github.sha }} ${{ needs.build-pre.outputs.tag }} + labels: | + app=drivebc + containerfiles: ./compose/caching/Dockerfile + + - name: Push to Github Packages + uses: redhat-actions/push-to-registry@v2.7 + with: + image: ${{ steps.build_image.outputs.image }} + tags: ${{ steps.build_image.outputs.tags }} + registry: ${{ env.IMAGE_REGISTRY }} + username: ${{ env.REGISTRY_USER }} + password: ${{ env.REGISTRY_PASSWORD }} + + build-redis: + needs: [build-pre] + runs-on: ubuntu-latest + name: Build & Push Docker Redis Image + environment: test + steps: + - name: Checkout Code + uses: actions/checkout@v4 + + - name: Build Image Caching + id: build_image + uses: redhat-actions/buildah-build@v2.9 + with: + image: drivebc-image-caching + tags: latest latest-test ${{ github.sha }} + labels: | + app=drivebc + containerfiles: ./compose/redis/Dockerfile + + - name: Push to Github Packages + uses: redhat-actions/push-to-registry@v2.7 + with: + image: ${{ steps.build_image.outputs.image }} + tags: ${{ steps.build_image.outputs.tags }} + registry: ${{ env.IMAGE_REGISTRY }} + username: ${{ env.REGISTRY_USER }} + password: ${{ env.REGISTRY_PASSWORD }} + + + versionUpdate: + needs: [build-static, build-backend, build-image-caching, build-redis] + runs-on: ubuntu-latest + name: Deploy Latest Images + environment: + name: test + url: https://test-drivebc.apps.gold.devops.gov.bc.ca + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + ref: ${{ github.ref_name }} + + - name: Authenticate and set context + uses: redhat-actions/oc-login@v1 + with: + openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }} + openshift_token: ${{ secrets.OPENSHIFT_TOKEN }} + namespace: ${{ env.OPENSHIFT_NAMESPACE }} + insecure_skip_tls_verify: true + + - name: Helm upgrade on OpenShift Environment + run: | + helm dependency update ./infrastructure/main + helm upgrade test-drivebc -f ./infrastructure/main/values-test.yaml ./infrastructure/main --set django.image.tag="${{ needs.build-pre.outputs.tag }}" --set image-caching.image.tag="${{ needs.build-pre.outputs.tag }}" --set redis.image.tag="${{ needs.build-pre.outputs.tag }}" --set static.image.tag="${{ needs.build-pre.outputs.tag }}" --set tasks.image.tag="${{ needs.build-pre.outputs.tag }}" diff --git a/.github/workflows/trivyscans.yml b/.github/workflows/trivyscans.yml new file mode 100644 index 000000000..4bc558093 --- /dev/null +++ b/.github/workflows/trivyscans.yml @@ -0,0 +1,81 @@ +name: Weekly Trivy Image Scans + +on: + schedule: + # Runs every week at 02:00 Sunday Morning. + - cron: '0 2 * * 0' + workflow_dispatch: + +permissions: + packages: read + security-events: write + +jobs: + imagescan-static: + name: Scan latest-prod Static Image + runs-on: ubuntu-latest + steps: + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: 'ghcr.io/bcgov/drivebc-static:latest-prod' + format: 'sarif' + output: 'trivy-results.sarif' + severity: 'CRITICAL,HIGH' + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: 'trivy-results.sarif' + + imagescan-django: + name: Scan latest-prod django Image + runs-on: ubuntu-latest + steps: + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: 'ghcr.io/bcgov/drivebc-django:latest-prod' + format: 'sarif' + output: 'trivy-results.sarif' + severity: 'CRITICAL,HIGH' + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: 'trivy-results.sarif' + + imagescan-image-caching: + name: Scan latest-prod image-caching Image + runs-on: ubuntu-latest + steps: + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: 'ghcr.io/bcgov/drivebc-image-caching:latest-prod' + format: 'sarif' + output: 'trivy-results.sarif' + severity: 'CRITICAL,HIGH' + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: 'trivy-results.sarif' + + imagescan-redis: + name: Scan Redis Image from dockerhub + runs-on: ubuntu-latest + steps: + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: 'ghcr.io/bcgov/drivebc-redis:latest-prod' + format: 'sarif' + output: 'trivy-results.sarif' + severity: 'CRITICAL,HIGH' + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: 'trivy-results.sarif' + diff --git a/.github/workflows/uat.yml b/.github/workflows/uat.yml index 6fed1a0b2..41af2af11 100644 --- a/.github/workflows/uat.yml +++ b/.github/workflows/uat.yml @@ -1,73 +1,94 @@ -name: Deploy main to uat +name: 3. Promote from Test to UAT -on: - workflow_dispatch: +on: + workflow_dispatch: #Make sure you select a tag and not the branch +env: + IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} + REGISTRY_USER: ${{ github.actor }} + REGISTRY_PASSWORD: ${{ github.token }} +permissions: + packages: write + jobs: - - build-static: + deploy-pre: runs-on: ubuntu-latest - name: Build & Deploy Docker Static images - environment: uat + name: Create Tag Variable (remove V) + timeout-minutes: 1 + outputs: + tag: ${{ steps.vars.outputs.tag }} steps: - - name: checkout code - uses: actions/checkout@v3 + - name: Fail on branches + run: exit 1 + if: ${{ !startsWith(github.ref, 'refs/tags/') }} + + - name: Remove v from version for the docker tag + id: vars + run: | + vtag=${{ github.ref_name }} + echo "tag=${vtag//v}" >> $GITHUB_OUTPUT - - name: build static - uses: redhat-actions/buildah-build@v2 +#This job adds 'latest-uat' docker tags to the existing image so it's always clear which image is current for a particular environment + addDockerTag: + needs: [deploy-pre] + runs-on: ubuntu-latest + name: Add latest-uat Tag + steps: + - name: Add latest-uat tag to django image + uses: shrink/actions-docker-registry-tag@v3 + with: + registry: ghcr.io + repository: bcgov/drivebc-django + target: ${{ needs.deploy-pre.outputs.tag }} + tags: | + latest-uat + - name: Add latest-uat tag to static image + uses: shrink/actions-docker-registry-tag@v3 + with: + registry: ghcr.io + repository: bcgov/drivebc-static + target: ${{ needs.deploy-pre.outputs.tag }} + tags: | + latest-uat + - name: Add latest-uat tag to image-caching image + uses: shrink/actions-docker-registry-tag@v3 with: - context: . - layers: true - image: uat-static - tags: latest ${{ github.sha }} - labels: | - app=uat-drivebc - containerfiles: ./compose/frontend/StaticBuild - build-args: | - API_HOST=${{ vars.API_HOST }} - BASE_MAP=${{ vars.BASE_MAP }} - MAP_STYLE=${{ vars.MAP_STYLE }} - HIGHWAY_LAYER=${{ vars.HIGHWAY_LAYER }} - OPEN511_LAYER=${{ vars.OPEN511_LAYER }} - REPLAY_THE_DAY=${{ vars.REPLAY_THE_DAY }} - ROUTE_PLANNER=${{ vars.ROUTE_PLANNER }} - ROUTE_PLANNER_KEY=${{ vars.ROUTE_PLANNER_KEY }} - GEOCODER_HOST=${{ vars.GEOCODER_HOST }} - GEOCODER_API_AUTH_KEY=${{ vars.GEOCODER_API_AUTH_KEY }} - DEBUG_BUILD=false - - name: push to registry - uses: redhat-actions/push-to-registry@v2.7 + registry: ghcr.io + repository: bcgov/drivebc-image-caching + target: ${{ needs.deploy-pre.outputs.tag }} + tags: | + latest-uat + - name: Add latest-uat tag to redis image + uses: shrink/actions-docker-registry-tag@v3 with: - image: uat-static - registry: ${{ secrets.REGISTRY }} - username: ${{ secrets.BUILDER_USERNAME }} - password: ${{ secrets.BUILDER_TOKEN }} + registry: ghcr.io + repository: bcgov/drivebc-redis + target: ${{ needs.deploy-pre.outputs.tag }} + tags: | + latest-uat - build-backend: + deploy: + needs: [deploy-pre] runs-on: ubuntu-latest - name: Build & Deploy Docker backend images - environment: uat - + name: Promote Images to OpenShift + environment: + name: uat + url: https://uat-drivebc.apps.gold.devops.gov.bc.ca/ steps: - - name: checkout code - uses: actions/checkout@v3 - - - name: build backend - uses: redhat-actions/buildah-build@v2 - with: - image: uat-django - tags: latest ${{ github.sha }} - labels: | - app=uat-drivebc - containerfiles: ./compose/backend/Dockerfile - build-args: - DEBUG_BUILD=false - - name: push to registry - uses: redhat-actions/push-to-registry@v2.7 + - name: Checkout Code + uses: actions/checkout@v4 + + - name: Authenticate and set context + uses: redhat-actions/oc-login@v1 with: - image: uat-django - registry: ${{ secrets.REGISTRY }} - username: ${{ secrets.BUILDER_USERNAME }} - password: ${{ secrets.BUILDER_TOKEN }} + openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }} + openshift_token: ${{ secrets.OPENSHIFT_TOKEN }} + namespace: ${{ env.OPENSHIFT_NAMESPACE }} + insecure_skip_tls_verify: true + + - name: Helm upgrade on OpenShift Environment + run: | + helm dependency update ./infrastructure/main + helm upgrade uat-drivebc -f ./infrastructure/main/values-uat.yaml ./infrastructure/main --set django.image.tag="${{ needs.deploy-pre.outputs.tag }}" --set image-caching.image.tag="${{ needs.deploy-pre.outputs.tag }}" --set redis.image.tag="${{ needs.deploy-pre.outputs.tag }}" --set static.image.tag="${{ needs.deploy-pre.outputs.tag }}" --set tasks.image.tag="${{ needs.deploy-pre.outputs.tag }}" \ No newline at end of file diff --git a/.github/workflows/zapscan.yml b/.github/workflows/zapscan.yml index 697e866c8..81b322eeb 100644 --- a/.github/workflows/zapscan.yml +++ b/.github/workflows/zapscan.yml @@ -1,5 +1,9 @@ -name: OWASP ZAP Full Scan -on: workflow_dispatch +name: Weekly OWASP ZAP Full Scan on Test +on: + schedule: + # Runs every week at 01:00 Sunday Morning. + - cron: '0 1 * * 0' + workflow_dispatch: permissions: contents: read @@ -11,7 +15,7 @@ jobs: name: Scan ZAP Test Site steps: - name: ZAP Scan - uses: zaproxy/action-full-scan@v0.7.0 + uses: zaproxy/action-full-scan@v0.9.0 with: - target: "https://dev-drivebc.apps.silver.devops.gov.bc.ca/" -# rules_file_name: ".zap/rules.tsv" + target: "https://test-drivebc.apps.gold.devops.gov.bc.ca/" +# rules_file_name: ".zap/rules.tsv" \ No newline at end of file diff --git a/README.md b/README.md index 596b0b4df..9a5be238c 100644 --- a/README.md +++ b/README.md @@ -89,3 +89,31 @@ See the [Backend README](src/backend/README.md) for details on setting up and bu ### Frontend setup See the [Frontend README](src/frontend/README.md) for details on setting up and building the frontend. + +## Release Pipeline +This release pipeline is designed to ensure that +### Dev +- Push to Main will automatically trigger a build and release to the dev environment +- You can push to dev from a branch, by running the `1. Build & Deploy to Dev` workflow and selecting your branch + +### Test +- When you are ready to release to the Test environment, run the `2. Create Tag & Build/Deploy to Test` workflow. + - It will force you to give a tag number which should be in the format `project year.sprint.version`. Project inception was 2023 which was 0, so a tag would be `1.26.0` for the first release of Sprint 26 in 2024. + - It will also ask for a message you want to give the tag +- This workflow will then create the tag and automatically release it to the Test environment. It is based on the code from Main branch +- There are also two workflows `2a. Create Tag` and `2b. Build & Deploy to Test` if you want to create a tag and deploy individually. + +### UAT +- When you are ready to promote from Test to UAT, run the `3. Promote from Test to UAT` workflow. When you run it, you will want to select the Tag that you want to promote to UAT (don't select a branch as it will fail). +- The images that get pushed to UAT will be the exact same as the ones that were in Test, so the only difference should be environment variables set in the config-maps and secrets. + +### Prod +- When you are ready to promote from UAT to Prod, we need to create a new Release in Github. + - Go to the main page https://github.com/bcgov/DriveBC.ca + - Click Releases + - Click `Create a new Release` + - Choose the tag you would like to release + - For Previous Tag, select the tag that is currently in production + - Click `Generate Release Notes` which will create the release name and add a URL for a changelog + - Click Publish Release + - This will automatically trigger the `4. Promote from UAT to Prod` workflow which will promote the UAT images to Prod diff --git a/compose/caching/Dockerfile b/compose/caching/Dockerfile index b5717393c..6d3fd0758 100644 --- a/compose/caching/Dockerfile +++ b/compose/caching/Dockerfile @@ -1,4 +1,4 @@ -FROM nginx:1.24 +FROM nginx:stable-alpine #COPY ./src/caching/nginx.conf /etc/nginx/nginx.conf diff --git a/compose/caching/entrypoint b/compose/caching/entrypoint index 96491fe43..d9075f195 100644 --- a/compose/caching/entrypoint +++ b/compose/caching/entrypoint @@ -1,6 +1,6 @@ -#!/bin/bash +#!/bin/sh -echo "Updating the proxy_pass in the nginx config based on the DRIVEBC_IMAGE_API_BASE_URL variable in the django configmap" +echo "Updating the proxy_pass in the nginx config based on the DRIVEBC_IMAGE_API_BASE_URL variable in the configmap" # Display the value echo "The value of DRIVEBC_IMAGE_API_BASE_URL in the configmap is" ${DRIVEBC_IMAGE_API_BASE_URL} diff --git a/compose/redis/Dockerfile b/compose/redis/Dockerfile new file mode 100644 index 000000000..5f97f5d2f --- /dev/null +++ b/compose/redis/Dockerfile @@ -0,0 +1 @@ +FROM redis:7-alpine \ No newline at end of file diff --git a/infrastructure/README.md b/infrastructure/README.md index 36d551460..993ee45f0 100644 --- a/infrastructure/README.md +++ b/infrastructure/README.md @@ -1,11 +1,11 @@ # DriveBC Infrastructure -The new DriveBC site has a number of components that work together to serve the website. This infrastructure folder contains all the components required to build the infrastructure to support the site. Following the steps in the Deployments Steps section should quickly setup your environment from scratch. +The new DriveBC site has a number of components that work together to serve the website. This infrastructure folder contains all the components required to build the infrastructure to support the site. Following the steps in the Deployments Steps section should quickly setup your namespace from scratch. Here are the components that are in this folder: - Init - - Sets up the Secrets and ConfigMaps prior to building the other components -- CrunchDB Postgres + - Creates the blank Secrets and ConfigMaps prior to building the other components +- CrunchyDB Postgres - Based off: https://github.com/bcgov/crunchy-postgres/ with a few changes to support our environment. - Django - Tasks @@ -16,17 +16,17 @@ Here are the components that are in this folder: ## Deployment Steps ### New Environment Follow these steps to setup a brand new environment. -1. Download the Drivebc.ca repository to your PC -1. Navigate to the infrastructure folder in command line +1. Clone the Drivebc.ca repository to your PC +1. Navigate to the infrastructure folder in the command line 1. Login to OpenShift using the command line oc utility 1. Select the project you would like to deploy to using `oc project NAMESPACE` 1. `helm install ENV-drivebc-init -f .\init\values-ENV.yaml .\init` - 1. NOTE: Do not install this again as it will overwrite all values. May need to find a better way to handle this in the future. -1. Set the values in the `ENV-drivebc-django` ConfigMap and Secret (In the future `ENV-drivebc-static` ConfigMap and Secret too) -1. `helm install ENV-drivebc-crunchy-postgres -f .\crunchy-postgres\values-ENV.yaml .\crunchy-postgres` -1. `helm install ENV-drivebc -f .\main\values-ENV.yaml .\main` -1. Now that all components are installed you need to go to GitHub actions and run `Build & Deploy Image Caching Image` & `Deploy main to ENV` and then all the pods should start-up. If any issues confirm the configmaps are updated. -1. If you want to quickly get the cameras and events on a fresh db, run `python manage.py populate_webcams` and `python manage.py populate_events` in the terminal of the tasks pod + 1. NOTE: Do not install this again as it will overwrite all values. +1. Set the values in the `ENV-drivebc-django` & `ENV-drivebc-static` ConfigMap and Secrets (they both have ) as well as the `ENV-drivebc-image-caching` ConfigMap too. +1. `helm install ENV-drivebc-crunchy-postgres -f .\crunchy-postgres\values-ENV.yaml .\crunchy-postgres` to install CrunchyDB. NOTE: Check the values files to confirm the namespace is correct for monitoring. +1. Once the datbase is running go to the terminal of the primary replica and go to `psql`, then enter `ALTER DATABASE "ENV-drivebc" OWNER TO "ENV-drivebc";` +1. `helm install ENV-drivebc -f .\main\values-ENV.yaml .\main` to install the entire environment. +1. If you want to quickly get the cameras and events on a fresh db, login to the tasks pod and go to terminal where you will run these commands `python manage.py populate_webcams` and `python manage.py populate_events` and `python manage.py populate_ferries` ### Upgrades @@ -54,12 +54,4 @@ If you want to see what the YAML files that HELM will generate look like prior t If you need to uninstall the Helm Charts follow these steps: 1. `helm uninstall ENV-drivebc` 1. `helm uninstall ENV-drivebc-crunchy-postgres` -1. `helm uninstall ENV-drivebc-init` - - - -# to-do -- Build a Make file to speed up this process even more -- Once we know what versioning looks like, integrate that change. Will probably need to use another repo such as GitHub, Artifactory, or imagestream on Tools namespace -- Build a HELM chart for Postgres Monitoring -- Add liveness checks to the pods +1. `helm uninstall ENV-drivebc-init` \ No newline at end of file diff --git a/infrastructure/_django/README.md b/infrastructure/_django/README.md index 06d5bb65b..cf97ca3bf 100644 --- a/infrastructure/_django/README.md +++ b/infrastructure/_django/README.md @@ -1,4 +1,4 @@ -# Django chart +# Django Chart A chart to provision a Django instance @@ -6,27 +6,31 @@ A chart to provision a Django instance ### Django Options -| Parameter | Description | Default | -| ------------------ | ---------------------------------- | ------------------ | -| `fullnameOverride `| Instance Name if other than default| `` | -| `djangoImage` | Image Source (if not imageStream) | | -| `CPU Request` | CPU Request Amount | `50` | -| `CPU Limit` | CPU Limit Amount | `250` | -| `Memory Request` | Memory Requests Amount | `128` | -| `Memory Limit` | Memory Limit Amount | `256` | -| `Replicas` | Replicas | `1` | -| `Postgres Secret` | The pguser secret name | | -| `Django Config Map`| The name of the Django Config Map | | -| `Namespace` | To support the image registry | | -| `PVC Size` | What size should the PVC be | `1Gi` | -| `Host` | What hostname do you want | | +| Parameter | Description | Default | +| ------------------ | ----------------------------------- | -------------------------------------- | +| `fullnameOverride` | Instance Name if other than default | `django` | +| `nameOverride` | Instance Name if other than default | `django` | +| `replicaCount` | Amount of replicas to run | `1` | +| `repository` | Image Source | `ghcr.io/bcgov/drivebc-django` | +| `tag` | Image Tag | `latest` | +| `CPU Request` | CPU Request Amount | `50` | +| `CPU Limit` | CPU Limit Amount | `1000` | +| `Memory Request` | Memory Requests Amount | `250` | +| `Memory Limit` | Memory Limit Amount | `350` | +| `postgresSecret` | The pguser secret name | `drivebc-pguser-drivebc` | +| `djangoConfigMap` | The name of the Django Config Map | `drivebc-django` | +| `djangoSecret` | The name of the Django Secret | `drivebc-django` | +| `route host` | What hostname do you want | `drivebc.apps.silver.devops.gov.bc.ca` | +| `iprestricted` | Should it be IP Restricted? | `false` | +| `ipallowlist` | What IP's are allowed to connect? | | +| `port` | What port for the pvc? | `3000` | +| `storage` | Size of storage you need | `1Gi` | ## Components ### OpenShift -- ImageStream - PVC - Service - Route - Deployment -### Other + diff --git a/infrastructure/_django/templates/django-deployment.yaml b/infrastructure/_django/templates/django-deployment.yaml index 20dc89570..96b28d215 100644 --- a/infrastructure/_django/templates/django-deployment.yaml +++ b/infrastructure/_django/templates/django-deployment.yaml @@ -1,14 +1,14 @@ +{{- $deploymentTag := .Values.image.tag | default .Chart.AppVersion -}} +{{- $deploymentTime := now | date "2006-01-02 15:04:05.000000" -}} + apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "app.fullname" . }} labels: {{ include "app.labels" . | nindent 4 }} - annotations: - image.openshift.io/triggers: >- - [{"from":{"kind":"ImageStreamTag","name":"{{ template "app.fullname" . }}:latest","namespace":"{{ .Values.namespace }}"},"fieldPath":"spec.template.spec.containers[?(@.name==\"{{ template "app.fullname" . }}\")].image","pause":"false"}] spec: - replicas: {{ .Values.deployment.replicas }} + replicas: {{ .Values.replicaCount }} selector: matchLabels: {{ include "app.selectorLabels" . | nindent 6 }} @@ -30,9 +30,18 @@ spec: cpu: {{ .Values.deployment.resources.requests.cpu }} memory: {{ .Values.deployment.resources.requests.memory }} name: {{ include "app.fullname" . }} + securityContext: + seccompProfile: + type: RuntimeDefault + runAsNonRoot: true + allowPrivilegeEscalation: false command: - /start.sh env: + - name: DEPLOYMENT_TAG + value: {{ $deploymentTag | quote }} + - name: DEPLOYMENT_TIME + value: {{ $deploymentTime | quote }} - name: DB_HOST valueFrom: secretKeyRef: @@ -73,16 +82,11 @@ spec: secretKeyRef: name: {{ .Values.deployment.env.postgresSecret }} key: dbname - - name: DRIVEBC_ROUTE_PLANNER_API_AUTH_KEY - valueFrom: - secretKeyRef: - name: {{ .Values.deployment.env.djangoSecret }} - key: DRIVEBC_ROUTE_PLANNER_API_AUTH_KEY - - name: SECRET_KEY - valueFrom: - secretKeyRef: - name: {{ .Values.deployment.env.djangoSecret }} - key: SECRET_KEY + envFrom: + - configMapRef: + name: {{ .Values.deployment.env.djangoConfigMap }} + - secretRef: + name: {{ .Values.deployment.env.djangoSecret }} ports: - containerPort: 8080 protocol: TCP @@ -91,15 +95,12 @@ spec: - name: django-media-volume mountPath: /app/media terminationMessagePolicy: File - envFrom: - - configMapRef: - name: {{ .Values.deployment.env.djangoConfigMap }} image: >- - image-registry.openshift-image-registry.svc:5000/{{ .Values.namespace }}/{{ template "app.fullname" . }} + {{ .Values.image.repository }}:{{ .Values.image.tag }} affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 + - weight: 100 podAffinityTerm: topologyKey: "app.kubernetes.io/instance" labelSelector: diff --git a/infrastructure/_django/templates/django-hpa.yaml b/infrastructure/_django/templates/django-hpa.yaml new file mode 100644 index 000000000..c41a6cff0 --- /dev/null +++ b/infrastructure/_django/templates/django-hpa.yaml @@ -0,0 +1,22 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "app.fullname" . }} + labels: + {{- include "app.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "app.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} +{{- end }} \ No newline at end of file diff --git a/infrastructure/_django/templates/django-imageStream.yaml b/infrastructure/_django/templates/django-imageStream.yaml deleted file mode 100644 index 8c6a24ae6..000000000 --- a/infrastructure/_django/templates/django-imageStream.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: image.openshift.io/v1 -kind: ImageStream -metadata: - name: {{ template "app.fullname" . }} - labels: {{ include "app.labels" . | nindent 4 }} - diff --git a/infrastructure/_django/templates/django-route.yaml b/infrastructure/_django/templates/django-route.yaml index 8fd03a210..98e9aae70 100644 --- a/infrastructure/_django/templates/django-route.yaml +++ b/infrastructure/_django/templates/django-route.yaml @@ -3,7 +3,7 @@ kind: Route metadata: name: {{ template "app.fullname" . }}-backend labels: {{ include "app.labels" . | nindent 4 }} -{{ if .Values.route.iprestricted }} +{{ if .Values.route.iprestrictedAdminPages }} annotations: haproxy.router.openshift.io/ip_whitelist: {{ .Values.route.ipallowlist }} {{ end }} @@ -20,36 +20,13 @@ spec: host: {{ .Values.route.host }} path: /drivebc-cms/ ---- -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - name: {{ template "app.fullname" . }}-api - labels: {{ include "app.labels" . | nindent 4 }} -{{ if .Values.route.iprestricted }} - annotations: - haproxy.router.openshift.io/ip_whitelist: {{ .Values.route.ipallowlist }} -{{ end }} -spec: - to: - kind: Service - name: {{ template "app.fullname" . }} - port: - targetPort: 80-tcp - tls: - termination: edge - insecureEdgeTerminationPolicy: Redirect - wildcardPolicy: None - host: {{ .Values.route.host }} - path: /api/ - --- apiVersion: route.openshift.io/v1 kind: Route metadata: name: {{ template "app.fullname" . }}-backend-static labels: {{ include "app.labels" . | nindent 4 }} -{{ if .Values.route.iprestricted }} +{{ if .Values.route.iprestrictedAdminPages }} annotations: haproxy.router.openshift.io/ip_whitelist: {{ .Values.route.ipallowlist }} {{ end }} @@ -96,7 +73,7 @@ kind: Route metadata: name: {{ template "app.fullname" . }}-admin labels: {{ include "app.labels" . | nindent 4 }} -{{ if .Values.route.iprestricted }} +{{ if .Values.route.iprestrictedAdminPages }} annotations: haproxy.router.openshift.io/ip_whitelist: {{ .Values.route.ipallowlist }} {{ end }} diff --git a/infrastructure/_django/values.yaml b/infrastructure/_django/values.yaml index b39888484..224a8a66c 100644 --- a/infrastructure/_django/values.yaml +++ b/infrastructure/_django/values.yaml @@ -1,25 +1,34 @@ -fullnameOverride: -namespace: #enter the full namespace here to the deployment has the correct imagestream +fullnameOverride: django +nameOverride: django +replicaCount: 1 + +image: + repository: ghcr.io/bcgov/drivebc-django + tag: latest deployment: - image: #by default use the image from the ImageStream - replicas: 1 resources: requests: cpu: 50m - memory: 256Mi + memory: 250Mi limits: - cpu: 150m - memory: 512Mi + cpu: 1000m + memory: 350Mi env: - postgresSecret: dev-drivebc-pguser-dev-drivebc - djangoConfigMap: dev-drivebc-django - djangoSecret: dev-drivebc-django + postgresSecret: drivebc-pguser-drivebc + djangoConfigMap: drivebc-django + djangoSecret: drivebc-django + +autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 2 + targetCPUUtilizationPercentage: 75 route: host: drivebc.apps.silver.devops.gov.bc.ca - iprestricted: true #Set to true if you want to limit IP's the the addresses in the ipallowlist below + iprestricted: false #Set to true if you want to limit IP's the the addresses in the ipallowlist below ipallowlist: 142.34.53.0/24 142.22.0.0/15 142.24.0.0/13 142.32.0.0/13 208.181.128.46/32 #The first 4 ranges are GOV IP's, the last one is for OXD external IP pvc: diff --git a/infrastructure/_image-caching/README.md b/infrastructure/_image-caching/README.md index 0b93ef0ff..628383bee 100644 --- a/infrastructure/_image-caching/README.md +++ b/infrastructure/_image-caching/README.md @@ -1,28 +1,30 @@ -# Static chart +# Image Caching Chart A chart to provision an nginx image caching instance ## Configuration -### Static Options +### Image Caching Options -| Parameter | Description | Default | -| ------------------ | ---------------------------------- | ------------------ | -| `fullnameOverride `| Instance Name if other than default| | -| `CPU Request` | CPU Request Amount | `50` | -| `CPU Limit` | CPU Limit Amount | `150` | -| `Memory Request` | Memory Requests Amount | `64` | -| `Memory Limit` | Memory Limit Amount | `128` | -| `Replicas` | Replicas | `2` | -| `Namespace` | To support the image registry | | +| Parameter | Description | Default | +| ----------------------- | ----------------------------------- | -------------------------------------- | +| `fullnameOverride` | Instance Name if other than default | `image-caching` | +| `nameOverride` | Instance Name if other than default | `image-caching` | +| `replicaCount` | Amount of replicas to run | `1` | +| `repository` | Image Source | `ghcr.io/bcgov/drivebc-image-caching` | +| `tag` | Image Tag | `latest` | +| `CPU Request` | CPU Request Amount | `50` | +| `CPU Limit` | CPU Limit Amount | `250` | +| `Memory Request` | Memory Requests Amount | `50` | +| `Memory Limit` | Memory Limit Amount | `100` | +| `imagecachingConfigMap` | Config Map for Image caching | `drivebc-image-caching` | +| `route host` | What hostname do you want | `drivebc.apps.silver.devops.gov.bc.ca` | +| `iprestricted` | Should it be IP Restricted? | `false` | +| `ipallowlist` | What IP's are allowed to connect? | | ## Components ### OpenShift -- ImageStream - Service - Route - Deployment - -### Other -- When deploying via helm the name should match what is in the GitHub Repo under CACHING_IMAGE_NAME for that enironment diff --git a/infrastructure/_image-caching/templates/caching-deployment.yaml b/infrastructure/_image-caching/templates/caching-deployment.yaml index 15e4290eb..656fb7f89 100644 --- a/infrastructure/_image-caching/templates/caching-deployment.yaml +++ b/infrastructure/_image-caching/templates/caching-deployment.yaml @@ -1,13 +1,13 @@ +{{- $deploymentTag := .Values.image.tag | default .Chart.AppVersion -}} +{{- $deploymentTime := now | date "2006-01-02 15:04:05.000000" -}} + apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "app.fullname" . }} labels: {{ include "app.labels" . | nindent 4 }} - annotations: - image.openshift.io/triggers: >- - [{"from":{"kind":"ImageStreamTag","name":"{{ template "app.fullname" . }}:latest","namespace":"{{ .Values.namespace }}"},"fieldPath":"spec.template.spec.containers[?(@.name==\"{{ template "app.fullname" . }}\")].image","pause":"false"}] spec: - replicas: {{ .Values.deployment.replicas }} + replicas: {{ .Values.replicaCount }} selector: matchLabels: {{ include "app.selectorLabels" . | nindent 6 }} @@ -25,22 +25,27 @@ spec: cpu: {{ .Values.deployment.resources.requests.cpu }} memory: {{ .Values.deployment.resources.requests.memory }} env: - - name: DRIVEBC_IMAGE_API_BASE_URL - valueFrom: - configMapKeyRef: - name: {{ .Values.environment }}-drivebc-django - key: DRIVEBC_IMAGE_API_BASE_URL + - name: DEPLOYMENT_TAG + value: {{ $deploymentTag | quote }} + - name: DEPLOYMENT_TIME + value: {{ $deploymentTime | quote }} + envFrom: + - configMapRef: + name: {{ .Values.deployment.env.imagecachingConfigMap }} name: {{ include "app.fullname" . }} ports: - containerPort: 8080 protocol: TCP imagePullPolicy: IfNotPresent image: >- - image-registry.openshift-image-registry.svc:5000/{{ .Values.namespace }}/{{ template "app.fullname" . }} + {{ .Values.image.repository }}:{{ .Values.image.tag }} + securityContext: + runAsNonRoot: true + allowPrivilegeEscalation: false affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 + - weight: 100 podAffinityTerm: topologyKey: "app.kubernetes.io/instance" labelSelector: diff --git a/infrastructure/_image-caching/templates/caching-hpa.yaml b/infrastructure/_image-caching/templates/caching-hpa.yaml new file mode 100644 index 000000000..c41a6cff0 --- /dev/null +++ b/infrastructure/_image-caching/templates/caching-hpa.yaml @@ -0,0 +1,22 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "app.fullname" . }} + labels: + {{- include "app.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "app.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} +{{- end }} \ No newline at end of file diff --git a/infrastructure/_image-caching/templates/caching-imageStream.yaml b/infrastructure/_image-caching/templates/caching-imageStream.yaml deleted file mode 100644 index 8c6a24ae6..000000000 --- a/infrastructure/_image-caching/templates/caching-imageStream.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: image.openshift.io/v1 -kind: ImageStream -metadata: - name: {{ template "app.fullname" . }} - labels: {{ include "app.labels" . | nindent 4 }} - diff --git a/infrastructure/_image-caching/templates/caching-route.yaml b/infrastructure/_image-caching/templates/caching-route.yaml index 7ed65f8f4..0952af5d6 100644 --- a/infrastructure/_image-caching/templates/caching-route.yaml +++ b/infrastructure/_image-caching/templates/caching-route.yaml @@ -17,7 +17,7 @@ spec: tls: termination: edge host: {{ .Values.route.host }} - path: {{ .Values.route.webcamPath }} + path: /webcam/ --- @@ -41,4 +41,4 @@ spec: tls: termination: edge host: {{ .Values.route.host }} - path: {{ .Values.route.replayTheDayPath }} \ No newline at end of file + path: /ReplayTheDay/ \ No newline at end of file diff --git a/infrastructure/_image-caching/values.yaml b/infrastructure/_image-caching/values.yaml index 92cce7b1f..4aef88025 100644 --- a/infrastructure/_image-caching/values.yaml +++ b/infrastructure/_image-caching/values.yaml @@ -1,23 +1,31 @@ -fullnameOverride: -namespace: #enter the full namespace here to the deployment has the correct imagestream -environment: #enter the environment this is being deployed too. Needed to set the configmap reference +fullnameOverride: image-caching +nameOverride: image-caching +replicaCount: 1 + +image: + repository: ghcr.io/bcgov/drivebc-image-caching + tag: latest deployment: - image: #by default use the image from the ImageStream - replicas: 1 resources: requests: cpu: 50m - memory: 64Mi + memory: 50Mi limits: - cpu: 150m - memory: 128Mi + cpu: 250m + memory: 100Mi + env: + imagecachingConfigMap: drivebc-image-caching + +autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 2 + targetCPUUtilizationPercentage: 75 route: - host: - iprestricted: true #Set to true if you want to limit IP's the the addresses in the ipallowlist below + host: drivebc.apps.silver.devops.gov.bc.ca + iprestricted: false #Set to true if you want to limit IP's the the addresses in the ipallowlist below ipallowlist: 142.34.53.0/24 142.22.0.0/15 142.24.0.0/13 142.32.0.0/13 208.181.128.46/32 #The first 4 ranges are GOV IP's, the last one is for OXD external IP - webcamPath: - replayTheDayPath: diff --git a/infrastructure/_redis/README.md b/infrastructure/_redis/README.md index 8a575278a..3122e2d81 100644 --- a/infrastructure/_redis/README.md +++ b/infrastructure/_redis/README.md @@ -1,28 +1,30 @@ # Redis chart -A chart to provision a Django instance +A chart to provision a Redis instance ## Configuration ### Redis Options -| Parameter | Description | Default | -| ------------------ | ---------------------------------- | ------------------ | -| `fullnameOverride `| Instance Name if other than default| `django` | -| `CPU Request` | CPU Request Amount | `50` | -| `CPU Limit` | CPU Limit Amount | `150` | -| `Memory Request` | Memory Requests Amount | `64` | -| `Memory Limit` | Memory Limit Amount | `128` | -| `Replicas` | Replicas | `1` | -| `Namespace` | To support the image registry | | +| Parameter | Description | Default | +| ------------------- | ----------------------------------- | ------- | +| `fullnameOverride ` | Instance Name if other than default | `redis` | +| `nameOverride ` | Instance Name if other than default | `redis` | +| `replicaCount` | Replicas | `1` | +| `repository` | Image Source | `redis` | +| `tag` | Image Tag | `7` | +| `CPU Request` | CPU Request Amount | `50` | +| `CPU Limit` | CPU Limit Amount | `100` | +| `Memory Request` | Memory Requests Amount | `50` | +| `Memory Limit` | Memory Limit Amount | `100` | + ## Components ### OpenShift -- ImageStream - Service - Deployment -### Other -- Need to make sure we add the correct labels +### Notes +- Keep replicas set to 1, as more replicas can cause issues with the huey job queue diff --git a/infrastructure/_redis/templates/redis-deployment.yaml b/infrastructure/_redis/templates/redis-deployment.yaml index a0bb16738..74c185f7a 100644 --- a/infrastructure/_redis/templates/redis-deployment.yaml +++ b/infrastructure/_redis/templates/redis-deployment.yaml @@ -1,17 +1,18 @@ +{{- $deploymentTag := .Values.image.tag | default .Chart.AppVersion -}} +{{- $deploymentTime := now | date "2006-01-02 15:04:05.000000" -}} + apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "app.fullname" . }} labels: {{ include "app.labels" . | nindent 4 }} - annotations: - image.openshift.io/triggers: >- - [{"from":{"kind":"ImageStreamTag","name":"{{ template "app.fullname" . }}:latest","namespace":"{{ .Values.namespace }}"},"fieldPath":"spec.template.spec.containers[?(@.name==\"{{ template "app.fullname" . }}\")].image","pause":"false"}] - spec: replicas: {{ .Values.deployment.replicas }} selector: matchLabels: {{ include "app.selectorLabels" . | nindent 6 }} + strategy: + type: Recreate template: metadata: labels: @@ -35,12 +36,21 @@ spec: volumeMounts: - name: redis-1 mountPath: /data - image: >- - image-registry.openshift-image-registry.svc:5000/{{ .Values.namespace }}/{{ template "app.fullname" . }} + image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + env: + - name: DEPLOYMENT_TAG + value: {{ $deploymentTag | quote }} + - name: DEPLOYMENT_TIME + value: {{ $deploymentTime | quote }} + securityContext: + seccompProfile: + type: RuntimeDefault + runAsNonRoot: true + allowPrivilegeEscalation: false affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 + - weight: 100 podAffinityTerm: topologyKey: "app.kubernetes.io/instance" labelSelector: diff --git a/infrastructure/_redis/templates/redis-imageStream.yaml b/infrastructure/_redis/templates/redis-imageStream.yaml deleted file mode 100644 index 77f5aba12..000000000 --- a/infrastructure/_redis/templates/redis-imageStream.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: image.openshift.io/v1 -kind: ImageStream -metadata: - name: {{ template "app.fullname" . }} - labels: {{ include "app.labels" . | nindent 4 }} -spec: - tags: - - name: latest - from: - kind: DockerImage - name: redis:7 \ No newline at end of file diff --git a/infrastructure/_redis/values.yaml b/infrastructure/_redis/values.yaml index 4dfa1212e..b89653855 100644 --- a/infrastructure/_redis/values.yaml +++ b/infrastructure/_redis/values.yaml @@ -1,14 +1,17 @@ -fullnameOverride: -namespace: c59ecc-tools #enter the full namespace here to the deployment has the correct imagestream +fullnameOverride: redis +nameOverride: redis +replicaCount: 1 + +image: + repository: ghcr.io/bcgov/drivebc-redis + tag: latest deployment: - image: #by default use the image from the ImageStream - replicas: 1 resources: requests: cpu: 50m - memory: 64Mi + memory: 50Mi limits: - cpu: 150m - memory: 128Mi + cpu: 100m + memory: 100Mi diff --git a/infrastructure/_static/README.md b/infrastructure/_static/README.md index f256b3218..6f85f02e1 100644 --- a/infrastructure/_static/README.md +++ b/infrastructure/_static/README.md @@ -1,27 +1,33 @@ # Static chart -A chart to provision a static nginix instance +A chart to provision a static frontend instance ## Configuration ### Static Options -| Parameter | Description | Default | -| ------------------ | ---------------------------------- | ------------------ | -| `fullnameOverride `| Instance Name if other than default| | -| `CPU Request` | CPU Request Amount | `50` | -| `CPU Limit` | CPU Limit Amount | `150` | -| `Memory Request` | Memory Requests Amount | `64` | -| `Memory Limit` | Memory Limit Amount | `128` | -| `Replicas` | Replicas | `2` | -| `Namespace` | To support the image registry | | +| Parameter | Description | Default | +| ------------------ | ----------------------------------- | -------------------------------------- | +| `fullnameOverride` | Instance Name if other than default | `static` | +| `nameOverride` | Instance Name if other than default | `static` | +| `replicaCount` | Amount of replicas to run | `1` | +| `repository` | Image Source | `ghcr.io/bcgov/drivebc-static` | +| `tag` | Image Tag | `latest` | +| `CPU Request` | CPU Request Amount | `50` | +| `CPU Limit` | CPU Limit Amount | `250` | +| `Memory Request` | Memory Requests Amount | `50` | +| `Memory Limit` | Memory Limit Amount | `100` | +| `staticConfigMap` | Config Map for static | `drivebc-static` | +| `staticSecret` | Secret for static | `drivebc-static` | +| `route host` | What hostname do you want | `drivebc.apps.silver.devops.gov.bc.ca` | +| `iprestricted` | Should it be IP Restricted? | `false` | +| `ipallowlist` | What IP's are allowed to connect? | | ## Components ### OpenShift -- ImageStream -- Service (aka frontend) -- Route (to frontend) +- Service +- Route - Deployment ### Other diff --git a/infrastructure/_static/templates/static-deployment.yaml b/infrastructure/_static/templates/static-deployment.yaml index 30b259214..1d718bb32 100644 --- a/infrastructure/_static/templates/static-deployment.yaml +++ b/infrastructure/_static/templates/static-deployment.yaml @@ -1,14 +1,13 @@ +{{- $deploymentTag := .Values.image.tag | default .Chart.AppVersion -}} +{{- $deploymentTime := now | date "2006-01-02 15:04:05.000000" -}} + apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "app.fullname" . }} labels: {{ include "app.labels" . | nindent 4 }} - annotations: - image.openshift.io/triggers: >- - [{"from":{"kind":"ImageStreamTag","name":"{{ template "app.fullname" . }}:latest","namespace":"{{ .Values.namespace }}"},"fieldPath":"spec.template.spec.containers[?(@.name==\"{{ template "app.fullname" . }}\")].image","pause":"false"}] - spec: - replicas: {{ .Values.deployment.replicas }} + replicas: {{ .Values.replicaCount }} selector: matchLabels: {{ include "app.selectorLabels" . | nindent 6 }} @@ -31,11 +30,26 @@ spec: protocol: TCP imagePullPolicy: IfNotPresent image: >- - image-registry.openshift-image-registry.svc:5000/{{ .Values.namespace }}/{{ template "app.fullname" . }} + {{ .Values.image.repository }}:{{ .Values.image.tag }} + env: + - name: DEPLOYMENT_TAG + value: {{ $deploymentTag | quote }} + - name: DEPLOYMENT_TIME + value: {{ $deploymentTime | quote }} + envFrom: + - configMapRef: + name: {{ .Values.deployment.env.staticConfigMap }} + - secretRef: + name: {{ .Values.deployment.env.staticSecret }} + securityContext: + seccompProfile: + type: RuntimeDefault + runAsNonRoot: true + allowPrivilegeEscalation: false affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 + - weight: 100 podAffinityTerm: topologyKey: "app.kubernetes.io/instance" labelSelector: diff --git a/infrastructure/_static/templates/static-hpa.yaml b/infrastructure/_static/templates/static-hpa.yaml new file mode 100644 index 000000000..c41a6cff0 --- /dev/null +++ b/infrastructure/_static/templates/static-hpa.yaml @@ -0,0 +1,22 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "app.fullname" . }} + labels: + {{- include "app.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "app.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} +{{- end }} \ No newline at end of file diff --git a/infrastructure/_static/templates/static-imageStream.yaml b/infrastructure/_static/templates/static-imageStream.yaml deleted file mode 100644 index 8c6a24ae6..000000000 --- a/infrastructure/_static/templates/static-imageStream.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: image.openshift.io/v1 -kind: ImageStream -metadata: - name: {{ template "app.fullname" . }} - labels: {{ include "app.labels" . | nindent 4 }} - diff --git a/infrastructure/_static/values.yaml b/infrastructure/_static/values.yaml index c3118b3a0..8eaea9209 100644 --- a/infrastructure/_static/values.yaml +++ b/infrastructure/_static/values.yaml @@ -1,17 +1,29 @@ -fullnameOverride: -namespace: c59ecc-tools #enter the full namespace here to the deployment has the correct imagestream +fullnameOverride: static +nameOverride: static +replicaCount: 1 + +image: + repository: ghcr.io/bcgov/drivebc-static + tag: latest-prod deployment: - image: #by default use the image from the ImageStream - replicas: 2 resources: requests: cpu: 50m - memory: 64Mi + memory: 50Mi limits: - cpu: 150m - memory: 128Mi + cpu: 250m + memory: 100Mi + env: + staticConfigMap: drivebc-static + staticSecret: drivebc-static + +autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 2 + targetCPUUtilizationPercentage: 75 route: host: drivebc.apps.silver.devops.gov.bc.ca diff --git a/infrastructure/_tasks/README.md b/infrastructure/_tasks/README.md index 29bb5c7bf..b1e9a34ab 100644 --- a/infrastructure/_tasks/README.md +++ b/infrastructure/_tasks/README.md @@ -1,31 +1,30 @@ -# tasks chart +# Django Chart -A chart to provision a Django instance +A chart to provision a tasks which is an instance of django that runs Huey to run a number of scheduled tasks ## Configuration -### tasks Options - -| Parameter | Description | Default | -| ------------------ | ---------------------------------- | ------------------ | -| `fullnameOverride `| Instance Name if other than default| `django` | -| `djangoImage` | Image Source (if not imageStream) | | -| `CPU Request` | CPU Request Amount | `50` | -| `CPU Limit` | CPU Limit Amount | `250` | -| `Memory Request` | Memory Requests Amount | `128` | -| `Memory Limit` | Memory Limit Amount | `256` | -| `Replicas` | Replicas | `1` | -| `Postgres Secret` | The pguser secret name | `drivebc-pguser-drivebc`| -| `Django Config Map`| The name of the Django Config Map | | -| `Namespace` | To support the image registry | | +### Django Options +| Parameter | Description | Default | +| ------------------- | ----------------------------------- | ------------------------------ | +| `fullnameOverride ` | Instance Name if other than default | `django` | +| `nameOverride ` | Instance Name if other than default | `django` | +| `replicaCount` | Amount of replicas to run | `1` | +| `repository` | Image Source | `ghcr.io/bcgov/drivebc-django` | +| `tag` | Image Tag | `latest` | +| `CPU Request` | CPU Request Amount | `75` | +| `CPU Limit` | CPU Limit Amount | `250` | +| `Memory Request` | Memory Requests Amount | `150` | +| `Memory Limit` | Memory Limit Amount | `200` | +| `postgresSecret` | The pguser secret name | `drivebc-pguser-drivebc` | +| `djangoConfigMap` | The name of the Django Config Map | `drivebc-django` | +| `djangoSecret` | The name of the Django Secret | `drivebc-django` | ## Components ### OpenShift -- ImageStream (Uses the Django Image) - Deployment -### Other -- Need to make sure we add the correct labels -- See if we can automatically make the config map. Prob want to make it blank in initial deploy (can set settings in OpenShift itself). \ No newline at end of file +### Notes +- It is recommend to only run one replica of tasks since they can't communicate with each other currently, and redis is also ephemeral at this time. diff --git a/infrastructure/_tasks/templates/tasks-deployment.yaml b/infrastructure/_tasks/templates/tasks-deployment.yaml index d4b868f5a..28c9277df 100644 --- a/infrastructure/_tasks/templates/tasks-deployment.yaml +++ b/infrastructure/_tasks/templates/tasks-deployment.yaml @@ -1,16 +1,18 @@ +{{- $deploymentTag := .Values.image.tag | default .Chart.AppVersion -}} +{{- $deploymentTime := now | date "2006-01-02 15:04:05.000000" -}} + apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "app.fullname" . }} labels: {{ include "app.labels" . | nindent 4 }} - annotations: - image.openshift.io/triggers: >- - [{"from":{"kind":"ImageStreamTag","name":"{{ .Values.deployment.djangoImageName }}:latest","namespace":"{{ .Values.namespace }}"},"fieldPath":"spec.template.spec.containers[?(@.name==\"{{ template "app.fullname" . }}\")].image","pause":"false"}] spec: - replicas: {{ .Values.deployment.replicas }} + replicas: {{ .Values.replicaCount }} selector: matchLabels: {{ include "app.selectorLabels" . | nindent 6 }} + strategy: + type: Recreate template: metadata: labels: @@ -28,6 +30,10 @@ spec: command: - /start_tasks.sh env: + - name: DEPLOYMENT_TAG + value: {{ $deploymentTag | quote }} + - name: DEPLOYMENT_TIME + value: {{ $deploymentTime | quote }} - name: DB_HOST valueFrom: secretKeyRef: @@ -68,26 +74,23 @@ spec: secretKeyRef: name: {{ .Values.deployment.env.postgresSecret }} key: dbname - - name: SECRET_KEY - valueFrom: - secretKeyRef: - name: {{ .Values.deployment.env.djangoSecret }} - key: SECRET_KEY - - name: DRIVEBC_ROUTE_PLANNER_API_AUTH_KEY - valueFrom: - secretKeyRef: - name: {{ .Values.deployment.env.djangoSecret }} - key: DRIVEBC_ROUTE_PLANNER_API_AUTH_KEY + envFrom: + - configMapRef: + name: {{ .Values.deployment.env.djangoConfigMap }} + - secretRef: + name: {{ .Values.deployment.env.djangoSecret }} ports: - containerPort: 8080 protocol: TCP imagePullPolicy: IfNotPresent terminationMessagePolicy: File - envFrom: - - configMapRef: - name: {{ .Values.deployment.env.djangoConfigMap }} image: >- - image-registry.openshift-image-registry.svc:5000/{{ .Values.namespace }}/{{ .Values.deployment.djangoImageName }} + {{ .Values.image.repository }}:{{ .Values.image.tag }} + securityContext: + seccompProfile: + type: RuntimeDefault + runAsNonRoot: true + allowPrivilegeEscalation: false affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: diff --git a/infrastructure/_tasks/values.yaml b/infrastructure/_tasks/values.yaml index 7d8c6f4e7..3282c6d18 100644 --- a/infrastructure/_tasks/values.yaml +++ b/infrastructure/_tasks/values.yaml @@ -1,19 +1,22 @@ fullnameOverride: tasks -namespace: #enter the full namespace here to the deployment has the correct imagestream +nameOverride: tasks +replicaCount: 1 + +image: + repository: ghcr.io/bcgov/drivebc-django + tag: latest deployment: - djangoImageName: #by default use the image from the ImageStream - replicas: 1 resources: requests: - cpu: 50m - memory: 256Mi + cpu: 75m + memory: 150Mi limits: - cpu: 150m - memory: 512Mi + cpu: 250m + memory: 200Mi env: - postgresSecret: dev-drivebc-pguser-dev-drivebc - djangoConfigMap: dev-drivebc-django - djangoSecret: dev-drivebc-django + postgresSecret: drivebc-pguser-drivebc + djangoConfigMap: drivebc-django + djangoSecret: drivebc-django diff --git a/infrastructure/crunchy-postgres/values-dev.yaml b/infrastructure/crunchy-postgres/values-dev.yaml index 6fcce3b17..67de8182e 100644 --- a/infrastructure/crunchy-postgres/values-dev.yaml +++ b/infrastructure/crunchy-postgres/values-dev.yaml @@ -78,7 +78,7 @@ proxy: # Postgres Cluster resource values: pgmonitor: enabled: true #Can be true or false - namespace: c59ecc #The high level namespace of your project without the -tools -dev, etc part. + namespace: a781ec #The high level namespace of your project without the -tools -dev, etc part. exporter: image: # it's not necessary to specify an image as the images specified in the Crunchy Postgres Operator will be pulled by default requests: diff --git a/infrastructure/crunchy-postgres/values-prod.yaml b/infrastructure/crunchy-postgres/values-prod.yaml index a23def7bd..76bddf78b 100644 --- a/infrastructure/crunchy-postgres/values-prod.yaml +++ b/infrastructure/crunchy-postgres/values-prod.yaml @@ -9,7 +9,7 @@ instances: name: ha # high availability replicas: 3 dataVolumeClaimSpec: - storage: 6Gi + storage: 5Gi storageClassName: netapp-block-standard requests: cpu: 250m @@ -78,7 +78,7 @@ proxy: # Postgres Cluster resource values: pgmonitor: enabled: true #Can be true or false - namespace: c59ecc #The high level namespace of your project without the -tools -dev, etc part. + namespace: a781ec #The high level namespace of your project without the -tools -dev, etc part. exporter: image: # it's not necessary to specify an image as the images specified in the Crunchy Postgres Operator will be pulled by default requests: diff --git a/infrastructure/crunchy-postgres/values-test.yaml b/infrastructure/crunchy-postgres/values-test.yaml index 366507558..fe279facf 100644 --- a/infrastructure/crunchy-postgres/values-test.yaml +++ b/infrastructure/crunchy-postgres/values-test.yaml @@ -78,7 +78,7 @@ proxy: # Postgres Cluster resource values: pgmonitor: enabled: true #Can be true or false - namespace: c59ecc #The high level namespace of your project without the -tools -dev, etc part. + namespace: a781ec #The high level namespace of your project without the -tools -dev, etc part. exporter: image: # it's not necessary to specify an image as the images specified in the Crunchy Postgres Operator will be pulled by default requests: diff --git a/infrastructure/crunchy-postgres/values-uat.yaml b/infrastructure/crunchy-postgres/values-uat.yaml index 1aa5aaf8c..0d1aab7be 100644 --- a/infrastructure/crunchy-postgres/values-uat.yaml +++ b/infrastructure/crunchy-postgres/values-uat.yaml @@ -9,7 +9,7 @@ instances: name: ha # high availability replicas: 2 dataVolumeClaimSpec: - storage: 6Gi + storage: 5Gi storageClassName: netapp-block-standard requests: cpu: 250m @@ -37,7 +37,7 @@ pgBackRest: incremental: 15,45 * * * * #set this to every 30 min to reduce chance of WAL log issues volume: accessModes: "ReadWriteOnce" - storage: 6Gi + storage: 5Gi storageClassName: netapp-file-backup repoHost: requests: @@ -78,7 +78,7 @@ proxy: # Postgres Cluster resource values: pgmonitor: enabled: true #Can be true or false - namespace: c59ecc #The high level namespace of your project without the -tools -dev, etc part. + namespace: a781ec #The high level namespace of your project without the -tools -dev, etc part. exporter: image: # it's not necessary to specify an image as the images specified in the Crunchy Postgres Operator will be pulled by default requests: diff --git a/infrastructure/crunchy-tools/.helmignore b/infrastructure/crunchy-tools/.helmignore deleted file mode 100644 index 0e8a0eb36..000000000 --- a/infrastructure/crunchy-tools/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/infrastructure/crunchy-tools/Chart.yaml b/infrastructure/crunchy-tools/Chart.yaml deleted file mode 100644 index fb0e3cfc2..000000000 --- a/infrastructure/crunchy-tools/Chart.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v2 -name: crunchy-postgres-tools -description: A Helm chart for Kubernetes - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.3.0 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -# It is recommended to use it with quotes. -appVersion: "0.1.0" diff --git a/infrastructure/crunchy-tools/README.md b/infrastructure/crunchy-tools/README.md deleted file mode 100644 index efc8191f5..000000000 --- a/infrastructure/crunchy-tools/README.md +++ /dev/null @@ -1,80 +0,0 @@ -# Crunchy Postgres Tools chart - -A chart to provision service accounts and networking templates to our namespaces. - -This chart is meant to be deployed in all namespaces while using the `provisioner.namespace` value to conditionally deploy services in the correct namespaces. - -## Included templates: - -### Service accounts: - -#### Deployer - -A service account to be used to login to OpenShift and deploy your application in CI. This is deployed in all namespaces except for the tools/provisioner namespace. - -| Parameter | Description | Default | -| --------------------------------- | ----------------------------------- | ------- | -| `deployer.serviceAccount.enabled` | Enable the deployer service account | `true` | - ---- - -#### Provisioner - -A service account which is deployed to the tools namespace but the roles and rolebindings are deployed to all namespaces, giving the service account permissions to provision tools to all of the namespaces from the tools namespace. - -| Parameter | Description | Default | -| -------------------------------- | ----------------------------------------- | ------- | -| `deployer.provisioner.enabled` | Enable the provisioner service account | `true` | -| `deployer.provisioner.namespace` | The namespace the provisioner will run in | `true` | - ---- - -#### Linter - -A service account deployed to the /tools namespace and used to login to OpenShift and verify Helm templates. - -| Parameter | Description | Default | -| ------------------------- | --------------------------------- | ------- | -| `deployer.linter.enabled` | Enable the linter service account | `true` | - ---- - -### Networking - -#### Namespace ingress network policy - -Network policy to allow traffic from outside the namespace (like the internet) to access our pods - -| Parameter | Description | Default | -| ---------------------------------- | --------------------------------- | ------- | -| `networking.networkPolicy.enabled` | Enable the ingress network policy | `true` | - ---- - -#### Pod ingress network policy - -Pod network policy to allow pods to accept traffic from other pods in this namespace - -| Parameter | Description | Default | -| ------------------------------------- | ------------------------------------- | ------- | -| `networking.podNetworkPolicy.enabled` | Enable the pod ingress network policy | `true` | - ---- - -#### Route - -OpenShift route whitch allows you to host your application at a public URL. - -| Parameter | Description | Default | -| -------------------------- | -------------------------- | ------- | -| `networking.route.enabled` | Enable the OpenShift route | `true` | -| `networking.route.host` | The OpenShift route host | | - ---- - -## Name overrides - -| Parameter | Description | Default | -| ------------------ | ------------------------------------------ | ------------------------ | -| `fullnameOverride` | Override release name | `crunchy-postgres-tools` | -| `deploymentName` | The name of your dev/test/prod deployments | `crunchy-postgres` | diff --git a/infrastructure/crunchy-tools/templates/_helpers.tpl b/infrastructure/crunchy-tools/templates/_helpers.tpl deleted file mode 100644 index 012711fdc..000000000 --- a/infrastructure/crunchy-tools/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "crunchy-postgres-tools.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "crunchy-postgres-tools.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "crunchy-postgres-tools.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "crunchy-postgres-tools.labels" -}} -helm.sh/chart: {{ include "crunchy-postgres-tools.chart" . }} -{{ include "crunchy-postgres-tools.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "crunchy-postgres-tools.selectorLabels" -}} -app.kubernetes.io/name: {{ include "crunchy-postgres-tools.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "crunchy-postgres-tools.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "crunchy-postgres-tools.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/infrastructure/crunchy-tools/templates/deployer/deployerRole.yaml b/infrastructure/crunchy-tools/templates/deployer/deployerRole.yaml deleted file mode 100644 index 4acd4289c..000000000 --- a/infrastructure/crunchy-tools/templates/deployer/deployerRole.yaml +++ /dev/null @@ -1,217 +0,0 @@ -{{ if and .Values.deployer.serviceAccount.enabled (ne .Release.Namespace .Values.provisioner.namespace) }} - -apiVersion: authorization.openshift.io/v1 -kind: Role -metadata: - labels: -{{ include "crunchy-postgres-tools.labels" . | indent 4}} - annotations: - openshift.io/description: A user who can deploy applications - openshift.io/reconcile-protect: "false" - name: {{ or .Values.deploymentName .Release.Name }}-deployer -rules: - - apiGroups: - - image.openshift.io - resources: - - imagestreamimages - - imagestreammappings - - imagestreams - - imagestreamtags - verbs: - - get - - list - - watch - - update - - apiGroups: - - image.openshift.io - resources: - - imagestreamtags - verbs: - - delete - - apiGroups: - - project.openshift.io - - "" - attributeRestrictions: null - resources: - - projects - verbs: - - get - - apiGroups: - - "" - attributeRestrictions: null - resources: - - replicationcontrollers - - persistentvolumeclaims - - services - - secrets - - configmaps - - endpoints - - pods - - pods/exec - verbs: - - watch - - list - - get - - create - - update - - patch - - delete - - deletecollection - - apiGroups: - - "" - attributeRestrictions: null - resources: - - pods/status - - pods/log - verbs: - - watch - - list - - get - - apiGroups: - - apps.openshift.io - attributeRestrictions: null - resources: - - deploymentconfigs - verbs: - - get - - create - - update - - patch - - apiGroups: - - apps - attributeRestrictions: null - resources: - - statefulsets - verbs: - - get - - create - - delete - - update - - patch - - apiGroups: - - route.openshift.io - attributeRestrictions: null - resources: - - routes - verbs: - - list - - get - - create - - update - - patch - - delete - - apiGroups: - - template.openshift.io - attributeRestrictions: null - resources: - - processedtemplates - verbs: - - create - - apiGroups: - - route.openshift.io - - "" - attributeRestrictions: null - resources: - - routes/custom-host - verbs: - - create - - apiGroups: - - batch - attributeRestrictions: null - resources: - - jobs - - cronjobs - verbs: - - get - - create - - update - - patch - - delete - - watch - - list - - apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - get - - create - - update - - patch - - delete - - apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - get - - list - - create - - update - - patch - - delete - - apiGroups: - - "rbac.authorization.k8s.io" - - "authorization.openshift.io" - resources: - - roles - - rolebindings - verbs: - - get - - list - - create - - update - - patch - - delete - - apiGroups: - - extensions - - apps - resources: - - deployments - - replicasets - verbs: - - get - - list - - create - - update - - patch - - delete - - apiGroups: - - networking.k8s.io - resources: - - networkpolicies - verbs: - - get - - list - - create - - update - - patch - - delete - - apiGroups: - - "" - resources: - - events - verbs: - - list - - apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - create - - update - - patch - - delete - - apiGroups: - - postgres-operator.crunchydata.com - resources: - - postgresclusters - verbs: - - get - - create - - update - - patch - - delete -{{ end }} diff --git a/infrastructure/crunchy-tools/templates/deployer/deployerRoleBinding.yaml b/infrastructure/crunchy-tools/templates/deployer/deployerRoleBinding.yaml deleted file mode 100644 index b5d26099f..000000000 --- a/infrastructure/crunchy-tools/templates/deployer/deployerRoleBinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{ if and .Values.deployer.serviceAccount.enabled (ne .Release.Namespace .Values.provisioner.namespace) }} - -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ or .Values.deploymentName .Release.Name }}-deployer - labels: -{{ include "crunchy-postgres-tools.labels" . | indent 4}} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ or .Values.deploymentName .Release.Name }}-deployer -subjects: - - kind: ServiceAccount - name: {{ or .Values.deploymentName .Release.Name }}-deployer - namespace: {{ .Release.namespace }} - -{{ end }} diff --git a/infrastructure/crunchy-tools/templates/deployer/deployerServiceAccount.yaml b/infrastructure/crunchy-tools/templates/deployer/deployerServiceAccount.yaml deleted file mode 100644 index b2df66067..000000000 --- a/infrastructure/crunchy-tools/templates/deployer/deployerServiceAccount.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{ if and .Values.deployer.serviceAccount.enabled (ne .Release.Namespace .Values.provisioner.namespace) }} - -kind: ServiceAccount -apiVersion: v1 -metadata: - name: {{ or .Values.deploymentName .Release.Name }}-deployer - labels: -{{ include "crunchy-postgres-tools.labels" . | indent 4}} - namespace: {{ .Release.namespace }} - -{{ end }} diff --git a/infrastructure/crunchy-tools/templates/linter/linterRole.yaml b/infrastructure/crunchy-tools/templates/linter/linterRole.yaml deleted file mode 100644 index 480e2c27d..000000000 --- a/infrastructure/crunchy-tools/templates/linter/linterRole.yaml +++ /dev/null @@ -1,497 +0,0 @@ -{{- if and (.Values.linter.serviceAccount.enabled) (eq .Release.Namespace .Values.provisioner.namespace) }} - -apiVersion: authorization.openshift.io/v1 -kind: Role -metadata: - labels: {{ include "crunchy-postgres-tools.labels" . | nindent 4}} - annotations: - openshift.io/description: A user who can view but not edit any resources within - the project. They can not view secrets or membership. - openshift.io/reconcile-protect: "false" - name: {{ .Release.Name }}-linter -rules: -- apiGroups: - - "" - attributeRestrictions: null - resources: - - configmaps - - endpoints - - persistentvolumeclaims - - projects - - pods - - replicationcontrollers - - replicationcontrollers/scale - - serviceaccounts - - services - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - attributeRestrictions: null - resources: - - bindings - - events - - limitranges - - namespaces/status - - pods/log - - pods/status - - replicationcontrollers/status - - resourcequotas - - resourcequotas/status - verbs: - - get - - list - - watch -- apiGroups: - - "" - attributeRestrictions: null - resources: - - namespaces - verbs: - - get - - list - - watch -- apiGroups: - - apps - attributeRestrictions: null - resources: - - daemonsets - - deployments - - deployments/scale - - replicasets - - replicasets/scale - - statefulsets - verbs: - - get - - list - - watch -- apiGroups: - - autoscaling - attributeRestrictions: null - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch -- apiGroups: - - batch - attributeRestrictions: null - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch -- apiGroups: - - extensions - attributeRestrictions: null - resources: - - daemonsets - - deployments - - deployments/scale - - ingresses - - replicasets - - replicasets/scale - - replicationcontrollers/scale - verbs: - - get - - list - - watch -- apiGroups: - - policy - attributeRestrictions: null - resources: - - poddisruptionbudgets - verbs: - - get - - list - - watch -- apiGroups: - - apps - attributeRestrictions: null - resources: - - statefulsets/scale - verbs: - - get -- apiGroups: - - apps - attributeRestrictions: null - resources: - - statefulsets/scale - verbs: - - list -- apiGroups: - - apps - attributeRestrictions: null - resources: - - statefulsets/scale - verbs: - - watch -- apiGroups: - - extensions - attributeRestrictions: null - resources: - - networkpolicies - verbs: - - get -- apiGroups: - - extensions - attributeRestrictions: null - resources: - - networkpolicies - verbs: - - list -- apiGroups: - - extensions - attributeRestrictions: null - resources: - - networkpolicies - verbs: - - watch -- apiGroups: - - networking.k8s.io - attributeRestrictions: null - resources: - - networkpolicies - verbs: - - get -- apiGroups: - - networking.k8s.io - attributeRestrictions: null - resources: - - networkpolicies - verbs: - - list -- apiGroups: - - networking.k8s.io - attributeRestrictions: null - resources: - - networkpolicies - verbs: - - watch -- apiGroups: - - "" - attributeRestrictions: null - resources: - - configmaps - - endpoints - - persistentvolumeclaims - - pods - - replicationcontrollers - - serviceaccounts - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - attributeRestrictions: null - resources: - - bindings - - events - - limitranges - - namespaces - - namespaces/status - - pods/log - - pods/status - - replicationcontrollers/status - - resourcequotas - - resourcequotas/status - verbs: - - get - - list - - watch -- apiGroups: - - batch - attributeRestrictions: null - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch -- apiGroups: - - extensions - attributeRestrictions: null - resources: - - deployments - - deployments/scale - - replicasets - - replicasets/scale - verbs: - - get - - list - - watch -- apiGroups: - - extensions - attributeRestrictions: null - resources: - - daemonsets - verbs: - - get - - list - - watch -- apiGroups: - - apps - attributeRestrictions: null - resources: - - deployments - - deployments/scale - - statefulsets - verbs: - - get - - list - - watch -- apiGroups: - - build.openshift.io - - "" - attributeRestrictions: null - resources: - - buildconfigs - - buildconfigs/webhooks - - builds - verbs: - - get - - list - - watch -- apiGroups: - - build.openshift.io - - "" - attributeRestrictions: null - resources: - - builds/log - verbs: - - get - - list - - watch -- apiGroups: - - build.openshift.io - attributeRestrictions: null - resources: - - jenkins - verbs: - - view -- apiGroups: - - apps.openshift.io - - "" - attributeRestrictions: null - resources: - - deploymentconfigs - - deploymentconfigs/scale - verbs: - - get - - list - - watch -- apiGroups: - - apps.openshift.io - - "" - attributeRestrictions: null - resources: - - deploymentconfigs/log - - deploymentconfigs/status - verbs: - - get - - list - - watch -- apiGroups: - - image.openshift.io - - "" - attributeRestrictions: null - resources: - - imagestreamimages - - imagestreammappings - - imagestreams - - imagestreamtags - verbs: - - get - - list - - watch -- apiGroups: - - image.openshift.io - - "" - attributeRestrictions: null - resources: - - imagestreams/status - verbs: - - get - - list - - watch -- apiGroups: - - project.openshift.io - - "" - attributeRestrictions: null - resources: - - projects - verbs: - - get -- apiGroups: - - quota.openshift.io - - "" - attributeRestrictions: null - resources: - - appliedclusterresourcequotas - verbs: - - get - - list - - watch -- apiGroups: - - route.openshift.io - - "" - attributeRestrictions: null - resources: - - routes - verbs: - - get - - list - - watch -- apiGroups: - - route.openshift.io - - "" - attributeRestrictions: null - resources: - - routes/status - verbs: - - get - - list - - watch -- apiGroups: - - template.openshift.io - - "" - attributeRestrictions: null - resources: - - processedtemplates - - templateconfigs - - templateinstances - - templates - verbs: - - get - - list - - watch -- apiGroups: - - build.openshift.io - - "" - attributeRestrictions: null - resources: - - buildlogs - verbs: - - get - - list - - watch -- apiGroups: - - "" - attributeRestrictions: null - resources: - - resourcequotausages - verbs: - - get - - list - - watch -- apiGroups: - - "" - attributeRestrictions: null - resources: - - projects - verbs: - - watch -- apiGroups: - - "" - attributeRestrictions: null - resources: - - projects - verbs: - - list -- apiGroups: - - apps - attributeRestrictions: null - resources: - - replicasets - verbs: - - get -- apiGroups: - - apps - attributeRestrictions: null - resources: - - replicasets - verbs: - - list -- apiGroups: - - apps - attributeRestrictions: null - resources: - - replicasets - verbs: - - watch -- apiGroups: - - apps - attributeRestrictions: null - resources: - - replicasets/scale - verbs: - - get -- apiGroups: - - apps - attributeRestrictions: null - resources: - - replicasets/scale - verbs: - - list -- apiGroups: - - apps - attributeRestrictions: null - resources: - - replicasets/scale - verbs: - - watch -- apiGroups: - - apps - attributeRestrictions: null - resources: - - daemonsets - verbs: - - get -- apiGroups: - - apps - attributeRestrictions: null - resources: - - daemonsets - verbs: - - list -- apiGroups: - - apps - attributeRestrictions: null - resources: - - daemonsets - verbs: - - watch -- apiGroups: - - authorization.openshift.io - - rbac.authorization.k8s.io - attributeRestrictions: null - resources: - - rolebindings - - roles - verbs: - - get - - patch -- apiGroups: - - networking.k8s.io - resources: - - networkpolicies - verbs: - - get -- apiGroups: - - postgres-operator.crunchydata.com - resources: - - postgresclusters - verbs: - - get - - list - -{{ end }} \ No newline at end of file diff --git a/infrastructure/crunchy-tools/templates/linter/linterRoleBinding.yaml b/infrastructure/crunchy-tools/templates/linter/linterRoleBinding.yaml deleted file mode 100644 index ebb16624d..000000000 --- a/infrastructure/crunchy-tools/templates/linter/linterRoleBinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.linter.serviceAccount.enabled (eq .Release.Namespace .Values.provisioner.namespace) }} - -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ .Release.Name }}-linter - labels: {{ include "crunchy-postgres-tools.labels" . | nindent 4}} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ .Release.Name }}-linter -subjects: - - kind: ServiceAccount - name: {{ .Release.Name }}-linter - namespace: {{ .Values.linter.namespace }} - -{{ end }} diff --git a/infrastructure/crunchy-tools/templates/linter/linterServiceAccount.yaml b/infrastructure/crunchy-tools/templates/linter/linterServiceAccount.yaml deleted file mode 100644 index cc1d53ec5..000000000 --- a/infrastructure/crunchy-tools/templates/linter/linterServiceAccount.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if and .Values.linter.serviceAccount.enabled (eq .Release.Namespace .Values.provisioner.namespace)}} - -kind: ServiceAccount -apiVersion: v1 -metadata: - name: {{ .Release.Name }}-linter - labels: {{ include "crunchy-postgres-tools.labels" . | nindent 4}} - namespace: {{ .Values.linter.namespace }} - -{{ end }} diff --git a/infrastructure/crunchy-tools/templates/networking/networkPolicy.yaml b/infrastructure/crunchy-tools/templates/networking/networkPolicy.yaml deleted file mode 100644 index 56b5d77c1..000000000 --- a/infrastructure/crunchy-tools/templates/networking/networkPolicy.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if and .Values.networking.networkPolicy.enabled (ne .Release.Namespace .Values.provisioner.namespace) }} - -kind: NetworkPolicy -apiVersion: networking.k8s.io/v1 -metadata: - name: {{ or .Values.deploymentName .Release.Name }}-allow-route-ingress - labels: -{{ include "crunchy-postgres-tools.labels" . | indent 4}} -spec: - # This policy allows any pod with a route & service combination - # to accept traffic from the OpenShift router pods. This is - # required for things outside of OpenShift (like the Internet) - # to reach your pods. - ingress: - - from: - - namespaceSelector: - matchLabels: - network.openshift.io/policy-group: ingress - podSelector: {} - policyTypes: - - Ingress - -{{- end }} diff --git a/infrastructure/crunchy-tools/templates/networking/podNetworkPolicy.yaml b/infrastructure/crunchy-tools/templates/networking/podNetworkPolicy.yaml deleted file mode 100644 index b706a96c0..000000000 --- a/infrastructure/crunchy-tools/templates/networking/podNetworkPolicy.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if and .Values.networking.podNetworkPolicy.enabled (ne .Release.Namespace .Values.provisioner.namespace) }} - -kind: NetworkPolicy -apiVersion: networking.k8s.io/v1 -metadata: - name: {{ or .Values.deploymentName .Release.Name }}-allow-same-namespace - labels: -{{ include "crunchy-postgres-tools.labels" . | indent 4}} -spec: - # This policy allows pods to accept traffic from other pods in this namespace - ingress: - - from: - - podSelector: {} - podSelector: {} - -{{ end }} diff --git a/infrastructure/crunchy-tools/templates/networking/route.yaml b/infrastructure/crunchy-tools/templates/networking/route.yaml deleted file mode 100644 index 55cc81f35..000000000 --- a/infrastructure/crunchy-tools/templates/networking/route.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and .Values.networking.route.enabled (ne .Release.Namespace .Values.provisioner.namespace) }} - -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - name: {{ template "crunchy-postgres-tools.fullname" . }} - labels: -{{ include "crunchy-postgres-tools.labels" . | indent 4}} -spec: - host: {{ .Values.networking.route.host }} - port: - targetPort: {{ template "crunchy-postgres-tools.fullname" . }} - tls: - termination: edge - insecureEdgeTerminationPolicy: Redirect - to: - kind: Service - name: {{ template "crunchy-postgres-tools.fullname" . }} - weight: 100 - -{{ end }} diff --git a/infrastructure/crunchy-tools/templates/provisioner/provisionerRole.yaml b/infrastructure/crunchy-tools/templates/provisioner/provisionerRole.yaml deleted file mode 100644 index fa677b65f..000000000 --- a/infrastructure/crunchy-tools/templates/provisioner/provisionerRole.yaml +++ /dev/null @@ -1,237 +0,0 @@ -{{ if .Values.provisioner.serviceAccount.enabled }} - -apiVersion: authorization.openshift.io/v1 -kind: Role -metadata: - labels: {{ include "crunchy-postgres-tools.labels" . | nindent 4}} - annotations: - openshift.io/description: A user who can deploy applications - openshift.io/reconcile-protect: "false" - name: {{ .Release.Name }}-provisioner -rules: - - apiGroups: - - image.openshift.io - resources: - - imagestreamimages - - imagestreammappings - - imagestreams - - imagestreamtags - verbs: - - get - - list - - watch - - update - - apiGroups: - - image.openshift.io - resources: - - imagestreamtags - verbs: - - delete - - apiGroups: - - project.openshift.io - - "" - attributeRestrictions: null - resources: - - projects - verbs: - - get - - apiGroups: - - "" - attributeRestrictions: null - resources: - - replicationcontrollers - - persistentvolumeclaims - - services - - secrets - - configmaps - - endpoints - - pods - - pods/exec - verbs: - - watch - - list - - get - - create - - update - - patch - - delete - - deletecollection - - apiGroups: - - "" - attributeRestrictions: null - resources: - - pods/status - - pods/log - verbs: - - watch - - list - - get - - apiGroups: - - apps.openshift.io - attributeRestrictions: null - resources: - - deploymentconfigs - verbs: - - get - - create - - update - - patch - - apiGroups: - - apps - attributeRestrictions: null - resources: - - statefulsets - verbs: - - get - - create - - delete - - update - - patch - - apiGroups: - - route.openshift.io - attributeRestrictions: null - resources: - - routes - verbs: - - list - - get - - create - - update - - patch - - delete - - apiGroups: - - template.openshift.io - attributeRestrictions: null - resources: - - processedtemplates - - templates - verbs: - - create - - patch - - apiGroups: - - route.openshift.io - attributeRestrictions: null - resources: - - routes - verbs: - - get - - create - - update - - patch - - apiGroups: - - route.openshift.io - - "" - attributeRestrictions: null - resources: - - routes/custom-host - verbs: - - create - - apiGroups: - - batch - attributeRestrictions: null - resources: - - jobs - - cronjobs - verbs: - - get - - create - - update - - patch - - delete - - watch - - list - - apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - get - - create - - update - - patch - - delete - - apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - get - - list - - create - - update - - patch - - delete - - apiGroups: - - "rbac.authorization.k8s.io" - - "authorization.openshift.io" - resources: - - roles - - rolebindings - verbs: - - get - - list - - create - - update - - patch - - delete - - apiGroups: - - extensions - - apps - resources: - - deployments - - replicasets - verbs: - - get - - list - - create - - update - - patch - - delete - - apiGroups: - - networking.k8s.io - resources: - - networkpolicies - verbs: - - get - - list - - create - - update - - patch - - delete - - apiGroups: - - "" - resources: - - events - verbs: - - list - - apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - create - - update - - patch - - delete - - apiGroups: - - artifactory.devops.gov.bc.ca - resources: - - artifactoryserviceaccounts - verbs: - - get - - list - - apiGroups: - - postgres-operator.crunchydata.com - resources: - - postgresclusters - verbs: - - get - - list - - create - - update - - patch - - delete - -{{ end }} diff --git a/infrastructure/crunchy-tools/templates/provisioner/provisionerRoleBinding.yaml b/infrastructure/crunchy-tools/templates/provisioner/provisionerRoleBinding.yaml deleted file mode 100644 index f89476fff..000000000 --- a/infrastructure/crunchy-tools/templates/provisioner/provisionerRoleBinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{ if .Values.provisioner.serviceAccount.enabled }} - -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ .Release.Name }}-provisioner - labels: -{{ include "crunchy-postgres-tools.labels" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ .Release.Name }}-provisioner -subjects: - - kind: ServiceAccount - name: {{ .Release.Name }}-provisioner - namespace: {{ .Values.provisioner.namespace }} - - -{{ end }} diff --git a/infrastructure/crunchy-tools/templates/provisioner/provisionerServiceAccount.yaml b/infrastructure/crunchy-tools/templates/provisioner/provisionerServiceAccount.yaml deleted file mode 100644 index fe04e79cc..000000000 --- a/infrastructure/crunchy-tools/templates/provisioner/provisionerServiceAccount.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if and .Values.provisioner.serviceAccount.enabled (eq .Release.Namespace .Values.provisioner.namespace) }} - -kind: ServiceAccount -apiVersion: v1 -metadata: - name: {{ .Release.Name }}-provisioner - labels: -{{ include "crunchy-postgres-tools.labels" . | indent 4 }} - namespace: {{ .Values.provisioner.namespace }} - -{{ end }} diff --git a/infrastructure/crunchy-tools/values.yaml b/infrastructure/crunchy-tools/values.yaml deleted file mode 100644 index b52ae49a8..000000000 --- a/infrastructure/crunchy-tools/values.yaml +++ /dev/null @@ -1,31 +0,0 @@ -fullnameOverride: dbc-crunchy-postgres-tools -deploymentName: dbc-crunchy-postgres - -deployer: - serviceAccount: - enabled: true - -# Enable the provisioner service account which is used to deploy services to our other namespaces (dev/test/prod) -# The tools namespace needs to be passed in so we know which namespace to install the service account in and the rolebindings get proper permissions -provisioner: - namespace: c59ecc-tools - serviceAccount: - enabled: true - -# Service account with fairly low permissions for the linter -linter: - serviceAccount: - enabled: true - -networking: - # Network policy to allow traffic from outside the namespace (like the internet) - networkPolicy: - enabled: true - # Pod network policy to allow pods to accept traffic from other pods in this namespace - podNetworkPolicy: - enabled: true - # Enable OpenShift route whitch allows you to host your application at a public URL - route: - enabled: true - host: # eg: crunchy-postgres.apps.silver.devops.gov.bc.ca - diff --git a/infrastructure/init/templates/init-django-configmap.yaml b/infrastructure/init/templates/init-django-configmap.yaml index 32a0b2f96..e30008b31 100644 --- a/infrastructure/init/templates/init-django-configmap.yaml +++ b/infrastructure/init/templates/init-django-configmap.yaml @@ -4,20 +4,21 @@ metadata: name: {{ template "app.fullname" . }}-django labels: {{ include "app.labels" . | nindent 4 }} data: - REDIS_PORT: - DJANGO_SESSION_COOKIE_SECURE: - DRIVEBC_IMAGE_PROXY_URL: - REDIS_HOST: - DJANGO_ALLOWED_HOSTS: - GUNICORN_CMD_ARGS: - DRIVEBC_OPEN_511_API_BASE_URL: - DJANGO_SECURE_SSL_REDIRECT: - DEBUG: - DJANGO_SUPERUSER_USERNAME: - DRIVEBC_WEBCAM_API_BASE_URL: - DJANGO_CSRF_COOKIE_SECURE: - DJANGO_CORS_ORIGIN_WHITELIST: - DRIVEBC_ROUTE_PLANNER_API_BASE_URL: - DRIVEBC_IMAGE_API_BASE_URL: - DJANGO_SUPERUSER_EMAIL: - DRIVEBC_INLAND_FERRY_API_BASE_URL: \ No newline at end of file + REDIS_PORT: '' + DJANGO_SESSION_COOKIE_SECURE: '' + DRIVEBC_IMAGE_PROXY_URL: '' + DRIVEBC_INLAND_FERRY_API_BASE_URL: '' + REDIS_HOST: '' + DJANGO_ALLOWED_HOSTS: '' + GUNICORN_CMD_ARGS: '' + DRIVEBC_OPEN_511_API_BASE_URL: '' + DJANGO_SECURE_SSL_REDIRECT: '' + DEBUG: '' + DJANGO_SUPERUSER_USERNAME: '' + DRIVEBC_WEBCAM_API_BASE_URL: '' + DJANGO_CSRF_COOKIE_SECURE: '' + DJANGO_CORS_ORIGIN_WHITELIST: '' + DRIVEBC_ROUTE_PLANNER_API_BASE_URL: '' + DRIVEBC_IMAGE_API_BASE_URL: '' + DJANGO_SUPERUSER_EMAIL: '' + DRIVEBC_DIT_API_BASE_URL: '' \ No newline at end of file diff --git a/infrastructure/init/templates/init-django-secret.yaml b/infrastructure/init/templates/init-django-secret.yaml index 2338e07c8..d78529a08 100644 --- a/infrastructure/init/templates/init-django-secret.yaml +++ b/infrastructure/init/templates/init-django-secret.yaml @@ -4,6 +4,8 @@ metadata: name: {{ template "app.fullname" . }}-django labels: {{ include "app.labels" . | nindent 4 }} data: - SECRET_KEY: - DRIVEBC_ROUTE_PLANNER_API_AUTH_KEY: + BCEID_CLIENT_ID: '' + BCEID_SECRET: '' + DRIVEBC_ROUTE_PLANNER_API_AUTH_KEY: '' + SECRET_KEY: '' type: Opaque \ No newline at end of file diff --git a/infrastructure/init/templates/init-image-caching-configmap.yaml b/infrastructure/init/templates/init-image-caching-configmap.yaml new file mode 100644 index 000000000..36b6b9a71 --- /dev/null +++ b/infrastructure/init/templates/init-image-caching-configmap.yaml @@ -0,0 +1,7 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: {{ template "app.fullname" . }}-image-caching + labels: {{ include "app.labels" . | nindent 4 }} +data: + DRIVEBC_IMAGE_API_BASE_URL: '' \ No newline at end of file diff --git a/infrastructure/init/templates/init-static-configmap.yaml b/infrastructure/init/templates/init-static-configmap.yaml index 832cccbff..9152604d3 100644 --- a/infrastructure/init/templates/init-static-configmap.yaml +++ b/infrastructure/init/templates/init-static-configmap.yaml @@ -4,11 +4,12 @@ metadata: name: {{ template "app.fullname" . }}-static labels: {{ include "app.labels" . | nindent 4 }} data: - API_HOST: - BASE_MAP: - GEOCODER_HOST: - HIGHWAY_LAYER: - MAP_STYLE: - OPEN511_LAYER: - REPLAY_THE_DAY: - ROUTE_PLANNER: \ No newline at end of file + REACT_APP_HIGHWAY_LAYER: '' + REACT_APP_API_HOST: '' + REACT_APP_BASE_MAP: '' + REACT_APP_MAP_STYLE: '' + REACT_APP_REPLAY_THE_DAY: '' + REACT_APP_GEOCODER_HOST: '' + REACT_APP_ROUTE_PLANNER: '' + REACT_APP_OPEN511_LAYER: '' + ENVIRONMENT: '' \ No newline at end of file diff --git a/infrastructure/init/templates/init-static-secret.yaml b/infrastructure/init/templates/init-static-secret.yaml index 738251c5f..19bca6241 100644 --- a/infrastructure/init/templates/init-static-secret.yaml +++ b/infrastructure/init/templates/init-static-secret.yaml @@ -4,6 +4,6 @@ metadata: name: {{ template "app.fullname" . }}-static labels: {{ include "app.labels" . | nindent 4 }} data: - GEOCODER_API_AUTH_KEY: - ROUTE_PLANNER_KEY: + GEOCODER_API_AUTH_KEY: '' + ROUTE_PLANNER_KEY: '' type: Opaque \ No newline at end of file diff --git a/infrastructure/init/values-uat.yaml b/infrastructure/init/values-uat.yaml index c061dbd86..0c3e5483c 100644 --- a/infrastructure/init/values-uat.yaml +++ b/infrastructure/init/values-uat.yaml @@ -1,4 +1,4 @@ fullnameOverride: uat-drivebc #By default it will use the name you assign the helm chart. Since we are running #this separatly from the main Helm Chart with all dependencies we set this value to match. -networkPolicyRequired: false #Set to yes if you need the allow traffic between pods and internet ingress setup \ No newline at end of file +networkPolicyRequired: true #Set to yes if you need the allow traffic between pods and internet ingress setup \ No newline at end of file diff --git a/infrastructure/main/charts/django-0.1.0.tgz b/infrastructure/main/charts/django-0.1.0.tgz index eb4fda7e6c6253c05e0787c9b5a4ab9a08582d00..9f985b7b2e91f2fd3a1f3118bd32a751b8d87c30 100644 GIT binary patch delta 3439 zcmV-#4UqDf8HyW_Jb!z0+qRSWTQm9&d(L&P%~cfjvNM{w>$tX?dRp5W%SrD3iXd`D zp&$-0BuiH9spS8NZ{a$OowcqPJb6f3hxAzR(FF?yuNq?jw;+gx|xT?&3CxyiH z4GKv)>%**FBXOKRx=zb+Yd%U(&{&zOL--xT2s}MoV8R9bk&IC=R48kVMA!#ApK59z zV;@KyhtwmwZ*8^+_G|OKE4HNiKO03s zLH%5V>$TOj^?#Z`qtr({VX6-;T}2}jV831i5Eyew6&Le91XE8qlsCs-z-LWg&>4=s zMg|B#k)RJDQ7DxL;$s~0d4x=*kR(rphtfRh=f4w_DtiR*;-n8fH_DzPj11a#&po5I zGNci$_Gr28a-UAt2iYub9&@PzfpUnRK-Gtg{y0b^ihoA>XxmzzjyRjp;EcpY(EsbibAv!}NE(rLYHIj#0fr@PwX z^`Yasu6~k=3nS*%D_Z|PmbldZD~w{Jip_UZ3}Y11QSoCf1sm*t`=HaR*#Dlp^Z%Zv z+}<`{)N3a$Th42KYFk3}KJNv7=k=L8J7FB%uPw z#(xs$8jkbE`W5B11n#u0U>@vu%ugB(lgWhMz+PhyGGNGj^IJb@0*?d|g+OvFdfl4C z-w6rngrcuqO+&gTIj)xD3B}O2#=uxD^o>!QQVBnf z=SCXG=R@6=vH)a^-cL@wb~*upArhI&&41%e5z1uhA)7j?;F^XZj1dy4DV0DB`5C>d zrJF6xB?;3>F3{?-oeOSlgRP{l4SM$Q?}qyRe{DaoB|39KSSZe=m6Gk8)4EXmU;<-7 znVP`f53=!t+^aydcpoy=*8Q$b!P3ZTl}W=IJ*sAO)45_>g=CE3+7UKwO2b>_r++MN z`#TNI;7%n~Wr5ozD1R8BFB964O~=bjs5u76x{QzjK*9xl?opjMXXE$#o( z`fn>5g*X2BLE(n=|Df0FRo4Flx9jfK|EDO%(iek$MFMT|GxKf&J4cZK?yAc`N$+wC zRt7}v;=%Z}?yD{5UfXr|8*Z!NwxQMQyWPIqbF8#d710yENJr^tq&aKVYk%)4^ZRg| z!>-pNRKzEW7#}=Wqihma7f`E9kSgu6#)Y{_x&ua;k4%RLmLR>-XOV3hXlcbugo5q5U{S<7*TL!i)02AsiqIejRmnjl}oLyaJJWL`i18qP# z%h!m|r=($<6^#IN{6M8brhnd;cSj+iQNP>*z|(c-D=pyi$e9k-r9iPrP&H4Gl}hZN zqm7e=5iHrc9Fk-EI$oSWiGZwRNrNq+*yhWCmJ%8dA~EazxkTo0R+G7UiCR5CX8xd; z2&(2soGH9f72YIz9*^RI;1e3+65}>$e3>vsBRsa|rXsV19m;dgE`K>!MPj5VCTlPd zbVfrA@I-nfBsOzxk`?8~9*-iz{0b2bXzKMqIdWQlQKW^6hE_DkCxbsP{`c(U{OaA+ z;j1b~Car4ZSFy2WS7j5})3cN9;8Nr9ZUFr2yWcN{S1SSjCU{j#(@_(s{=oSqPFB1w zO_CKe4cW|DOr@=wt$(__$9W&(V9XQdp=eCGRBKrnTwHz!EW})_XW{km#1`%9KOA{JpNXRkBOAmT=*O0|9!J@{Oh~(!!>5@8z9~vYhW8j z;P}_?hkRtS6?8SUPi40(R#UZ!rpms@GEt3`@6Q3hnqh5QtADOjqwo<2CNKZeed$)w z#)2#E@vsk9M}zW96YC6;FdXoZdhmOS_e}fz%M@(oAL|n7{sW?> zeQ1(6Zko2`MhZnlnQ>pvP)bc)O4x5S#3jo6@ZXI^93{cpIIh^7)6(oOz1MMGNz7z2 zp^U0|iN~1xhks1b!{s+xusA^>&_7NDWx>#!qMwA61*ZYydG*N+dWmt#%6%JfjWn1l zvpu)Sg+`g8yF#(7T8hU!9!c+d* z!TyS}F8?!)$)lYH*tGxOcK56MKiyVmm;ZT+QrTB1ZGS>L=>~L~h%Du0iZ;zzJ4?^} z&ISFT&2Kp1{$big`(dkdH5=l|g>;6Yal3>~p1&~Iugq?EvG}aaF6kG`876o@@Vl@v zU$UxYVV2rty~>;S>v|P!vRL-#sqDYoU19$_-JSh^iefF_U{%6) z(duhc`BZ85+=>&=Ln+U=kA=m%MB={{RN)z6^ZGU?#qwi0C1a)McUu21ZGYD3zd0iI zNETp&{&%~*gNpv|yRDu6KS?R8xE*sIBa>4)QGaH`J>P!2)Gt591T@CPdymZjG*h5k z7VfE~uzU>h(2pn^kN`6Wi7>{M@i#I9FeS0zH*?!rEb>R=ch^&@(4I6b@9d?Rio=N+ zIoX+j+(;?jFME;c8G?!nxyeYHgM_w^^_{W|MnieA!IHbfrNlrV&<|2nl$p&JJn;j( zDu0?}NrOxDsX))Tw%0WDJtF+<-8p9lh&>IuBn4faB?e-fvB-|EdXa3_YxP>A(O6tA zzU*9TNIk^fZc6==rj%WH?8ttVNtLJI9)C{lX42EoBr}|5B0b$yBHDKB%+fz;GNmh> z8QJF7cGn)gtn>e+9ot8V05-+{y;isC|9^Mfo&WzNr5fT_H2cXT{_?(FwwqR%27v6! zO|h}JXhe$bqos{L%Ip=MD?ug`>SZS3C`_cX2L>u<_a1VDuKS&45mNnkrWi)lY}7qI zj*a@iU)BHi{(ftx|4&h#!+7=JyB$uw_8hLJRDXg@ zVxy-Zrx=D1gnVqbODPL}27w__bcSXHE!7j|YX}Sjvs}ZEvA_wvK_9NEn!>;R9#x1%#BLQ?EJ4!*@f)1!^Ga-Gw(tL-47P^_mk<)wF*s6ZM)i{vew6PhK?* zn&#iULe5yT1W<a`dDr~ADjg7QSd>G6rC zA{P8F<9ayMN9}x?PJ;hcuQ@a6aUYxC*2Tb7|1VDtkIzn=$o~>JHs$|XohAKu-QE80 zla%LhY-RwMQ~f$rI!rGwDXy2$8MW7&vS!(F3eZiTYrSC;8YCj!EYx*5$bSp-)d;C; z?_fX#iBO>^_7m^mxcIol@&SudD|_=`L%Gvv8cPLMReoYC(@>)sRqxl0;0{hR*_i7% zbOKyWQGl8fmfxPZgOOFa(Kg(S7ExGnd;v7&dkh(xLvun2_$0sjpr?dL*uvP1TAMH| zqDc=RjdB2|5eX26W(Q|&Z+{rw_c4J{1&t!Xs0zTMxgx=RM8e2^j$k{X9SvT?rQK^9 zWdKTbnE+Rz>ABlTtw8f9jc7rYMPusLBC%uRx?3Q!XwK~U{}MxYuvjNoBD;f8dn9gI2;K(lyS(sFY(MX+CQNKYl&Tbxxit3UKm#ca`34u3$7GBo8&)R}!X zjldj}ETg$!P0MHsUhYAYotCU}vke-P12L(QLOtJ3i856Nm(PpuJFF7gyFlHs$Ofr;LQ=}zu7%m{o5o<&9CzLDgEEq_HA}$S9WDrc4d9} R{{R30|Njn7OW*)f006e?$G-po delta 3195 zcmV->421KF8<-i8Jb!I-+ct=wmtq!C5QvYp|~wRLPii6>`UBRNhxcQ-af zt|(kcfCqqbbawjNI{-+EqNK=qbK+E+i6y)(7K>c~yI3grldzDt4#q?%XG-Ge(bosp zb=}==*L=FJTm5v~d+wulcc-(rx7+Tzdym|9r`z3q1nxJWWq$!usfc*wesN#b!95Tl z3B5oeDQ6x`IyI6cMbdTJj#~>*`hq6PWbMN%jAHP$w7`f9c%2SWFjOdOjKt`Hm8Y7T zCg=f4l8E|5x2;X)(SGl7Z@@yP{}U3WD8JDHutxve-JRX4{_nNB8~wiz7^P99HTP_S zLeKy`s2fd|34ig?1K2{QP=FdE=&DeZ!59UC;-)CTB;wN;nSwEqCd=nSps#?&Bt)qM zlDJ;e|7LZ)dJSy32V27_1UMpTq#%`OP?#bZ2_Bo|u}%&$OaKDS;vzk0+oa^F@KGA9 zI{jCQQsqeiKS@2bzFHCU~mQ5Hsdd*RnMn zk|ffRG@77r0-W$fIw7ApL*Ma<;eR6Z^iW@6;DHh;!qxzlnOU8nBbf3Ot_d@FhDC7P z`!_qw`hPzO0)bMZ1j_8ZB_xXYbws6tAx8Y#_EThf(C&7e?XI)4?YON@*Caa~$93FR zd&j1_HnnZ5cJfrmeeSfMx1Dz9xzpWkZFgYnT#F_ZQb894VIfK&0^#M^g(35qAt@qK z0cQwQntki+zYhW5D-?`GaNN@jOeVfzU&4j*V1L_nU7eDO3nQTIm$d#9?poRUuP{y` zqENOj#~39jq@$9rwH2&c|2uoz?aKPU<8ID>_X9UKt*78BuN}yvjNRgky*VRYfGGJJkEtZSCn@cxYY{_^I><}e5LUq z9e<7JduTKpkRwADnD08J2|N%;6ap!F(VNi}{z^$iM-&5n)HI|!_1ass9he46ccaH4 zVTeA_TZ`l|mJY6V#3PDPU{?;a#9?6fHY(xqaB8@5cskH^DGNa+=s$7lwc`;8jF8BT zZ$4*=P$shzvdN}Geu}8A`d$&i(#&d= z$;=u(t7djHS+TVuGQ?=*44XQo>8*~Z%x?QVGtJ=E9Dej6tnu#+Xk0cvPp5bsbAM)u zl&grer5TlDjABQQTZVEEZf<}wKT3o70XbQZ^Mw*4^c5GsW(b|KxMbtoFRV{fsGGej z^wgoeRTz;sH%r>w!e1#@xG>;FJTYM;#GpBxT2#5{3{Xs{zlb4c*&rLl8m3jp+FVYB zwV11nvP$o)pqw(P2=j5C?m4xxM1S9L{a@JsZANo;O8;`B@ZDB@AE2HXOpEYNmi zH)}%}X38oc(sw(57O;yJ=|p8-HG-WH6qS zu<@*6sPh_YDEEvasI0y*c5S2bre|$n`0%0e;aS5R9(qKL8(u>n4V)akV^Y~>h(iAM zpO62`H2>w7-`A1xd*jI;jv0I7StHRWmxk9Ekw{|W!ykG{(zv~OOSnX2NrCfn$XJ{& zPZ@t>qWrO4stVJ0{pvlNxqsaZZ9bSBZCPZDbv@t3r*-l?>ja<}wuT9h(iqD~n^1N{ zHe(DZY1(SDN&wo#p;94J7pCkWA~g2OH2{2_ce-?uUX*pypqS`6f~u~G94hXHqT3{0 zJ(C$G$F_C+B!vRbt=JH*1`F{l2Ns42_g36eh z(9#=$a^$#NFmv!!85#_c`xJDX|RdzF3 zLdt`@vvU-S`l5KkBOXp)Yk_X8cK$S~4UK6vm^bU@q-cqWSB8)HrsjD&AYRQdkaITzP9aCW+whr?!ch9~Dh5ug6rO4Mr@j z3OW8+{9;Z-9tlt^O^Rn7S@vX+12*f3 z!&$T0oZlqAkpz*1ZlveIOAkrty-H2C?lh&IT7M%z4_<(>qlul*?;=Wt_jMylKZ7Kh z>1^3&DfhOQ1uIt~S4ZA8Yl0x2pf0-QA7<=U!k7dPHfxkf1nN34rS{G8m>b z3MdO9A^tlOqIBxDEjS-j2{KKLo`M`>6n{Y&@u9t9rYw900wbd61kFxa$|o$)7#N0T zTZYGpz!80q0bElxhJShDz!{6C=9y+Vtloz=%dD>$RtjyiWATki63$Dt|U9 zE@)VE%b;WF@Gu)v#66>IGp{s$YM~+tdf0yxKN_eHWvVvW!|Y$ z3GLOw`^l?YIL^mzo?Fooa5Xl+jX+rbNb(l0u9nhyWfjfbqF?1BGbtFD+beiXN5FXY zg9-Mc{fVx$k}(GDLGKOp?S)r?wv-3^CV*@SSFd*51xn}9{z_x2u4XNYynj_l4cg9f zycX?=jo>d4d<*k=avAblxN3KvuSHuTxIp_cf(^C1tI_tecQaR|7X9Ka%}UVJE@f?o zwwDEZ-yv zgH~Jch7$pw{hr0$c$=+ral#ogCG8S-mLMC9=}6UU&2nrE=(MI;f9B6g^>^bjGT+MY h>M~?{9r>}&1smAF27Z3{zW@LL|NrHDz-$0e003~GPp<#~ diff --git a/infrastructure/main/charts/image-caching-0.1.0.tgz b/infrastructure/main/charts/image-caching-0.1.0.tgz index 9625a009b954b22d3c41237efad0d20994c261f2..68e5d3f3c2ec648516834a8975c7d09438d6ff85 100644 GIT binary patch delta 2897 zcmV-X3$FCB74R02Jb!C*+cq+vIivru=UnI7Tt!h2%Nfnwbv(AO^|X#PwwvC4iXn1I zq9Fkm0A;Io?zi6nASsfPB0CSKozr$2i+Jpd*j?-bq$!E8>k~hwEb1M_L@0Mb(&X7E z1kdxl@n~fJdY;$*>-7%~p7lrjD~!Pk+h8Cdj2C;+gl+wA#Y` zNq}VZH3~^No4|bFkSwbnJ-6?APJq%EG*hPO5PrZU1z#@{2)TeC^BD?;3Z=tHiW6w8 zCr2$ZoB+wPg!)9IaOO?yUt0YCduZDKoFqBQPwfD<*nfZ2@3-uK)bEdW_Wu+R=1HP0 z_k4~*(4cL>9e?M&ogGJ@vF#(CGc|#}ZZcyg9S1;Q#wAr;EG7`ezHlk;&HRYZdx4;H zocY}rJ^)3c2_!_JR2o-+S;7}7GF2dyJQqGn^Q51D%TcQG5x~##3G91m`J7^EsPB7c z)V3uwrR@oWH8c8NF$LMY7;Ts>cs=4Qq|q74Ca^)4j(Y z-H=jtVf81C?f_D9yKEU)g@_2%(e&q^6;0^x#*0o-_{fx2GaT%j*T8dSbslr6DxO@D zWzv;2nWJz6obyb&5udv=-}Q+eO*4T~3F<4&S4a|x@ca@LC~mj}8p49-a6_1BGungG z>E9%%7=O+GBnSjbi4rI?4KyQ3!fz5P70fW;Xac?+)=T|X8NQG1|0zp`W5{N+f{`|FJ^IOAG zLZkxD5U4a^>-^uxfVT<-BMF>NwFbYmA$}of`hS0gX=aSC_a??9Lm^$2eRL?;;{OK+ z!?yn)5B3js{{Jc9?ymQuXCcUt#y$+QQ+Dn;+4kZzP1~RdJuto?OB))p*4>Wt3t9qZg3@HP91>>elUyQ5o?>m|Y9$USCV_Pw z#>Zh`TwqKkd_7wjZ5+S4)MF`&KxXKF<93|W5CkSjWT7{oGeszq#SYoDQ3W?NNnnPM zOUbAd&)C}(R&MF~3!rtHaVDHV|huIWQQ_d`taububx8O3yBz0xnGk=^< z;O-76^OHPi3gi|Po1GF9^c5FB6$st>aw+6Htg=tjsi(cI>{M?atL*XaZq1x~_$}uO zR|HelwN;piUhvCul+Imx z^M1#9OIa|1;|h1jNl}r2C}J|6%8bg@+YX@CmY^`&Rf|h1mvj$|vH+P*CV%uC9p}qT zwn)mf*%jKU=e`Ar((;RpF(t~6trw^=&h3tI$;G%pTS``!=P9BDrnyuA3 z#K`9V5$hcTp4c+CkpK`s&dFj3M z+WcmMEAI1T0#`@VdZ%G?nkUJWC)8g|;52;2)l{G~UaK{50{`qbQGeGIU_I}$fTo3= ztn_Qo+>%P7p9`uMN1Q3VRW12M&JN`(&Mr7t%R1B&Op#_P=$s}P;feG~LTu^Z)P~Bz zBn&B|YEi?U@!*gtdbrx76^0=Sfx&SuD2p!r7=t{aEIN%CubNM8(a#OB`rIzuAdO;W zDsoL`HOYe96^izv1AkCF;|Y%zKjLCy7sL9!)Lwg{ai^C}S6+v8ZoQ$!&0D=@j9MG8eDra^w)+3T8@KB}2fO;u(?F}PP%BxxMY+02L~8r8<(S@lP;SqD;DY|H zeP=S|!C^53#iqU579ZW%&=?*cxnVQZuT1TH8FJR{E_KK14u2CK5l|Xs{F;xhE3-DH zoK-LNZ<@6nQ_eyqs9$QP3-*NdqS#-Q&ZyjP)Vz}w#?SI)lRa8!crc5ucGOVsBy$ub z!dmY}#@~Nx0q@=cd_c0ggHI0I{J%L^`p5{dt^V(=)c+5LqruMqKLylXqJ7sqLndPy zDpPQ)((eo1`F|mqclQQoK1n|;0oNm!(aADcKeH^nB4Lax<77(D7?Vu!+l8GXnnKa+ z%}q=d+QZ0tLSNuto?n(sl!d@5z9>GahmN9f*oqt53KG!X+v=30z-v9IO+r{i*{z{k z#YBZ7rL1tm7(}QYYI*v*B9d+{6NQYZcmh59R(c&r|9{u*cH7mL&$Jj!;d-HB49H@) zB>q@S;=;U}s~C^TqW7g8(+-{lw#9#GSMf*f0Jg+`Z@)im$N%wYm;XHpH12;^{=M>D zPhM!R7v;Lv`N6URSNDMR%G}zDoMpFil$6=~K39T-A@$1=-BFTDrSsI4;{9W4=%YVt z64SJQH-E+?rKTwN32AJ#|M94O|I<4d?(F|5;5kf*(uN^Haj>r*ZenCG%V`o&7C}b* zw{@Xl*kR~WQ&I?!GWctsHyw!hHYM!{DQO9}l zUp?M2WYl)ag-1@1Mi z?s|ZYJ&zw{25MT@?MryqCC8_Q!oXbIp?@K86{7$Z6IR``xQFY8abCYyuIn{)J{zt2 z#fJv1!_?e`;9+%PLa!f@v&Q?n?r+4umR4~D+L&}-ET~IU=iZ0{t{?E-!F5SXk+qVS zw5~|>K6c^Sez&kqI7{nj`ZHYE%K+C6EVYhOpX+Gtdk<0KlGaZ&r7hMhEz_})l7FE! zcn~p5>&)J3Xp43a%?`Pi;v?lMP_{*@XuVf7y$-#H%eD3j!nM|+d4MyLnNJH&8=i4V zYtzbGN6S=bOyQ=r=6{KaGVSL6X~37?W;En_$k!j&rChbrSwn}HG0&3#sDc^7=@c%i zVc*qhnR@|SwOG=s%4pZCa+$A6h)O_v3Bg{#_BmtdtMAOH2g1FrX_`QkW}G2Y(#D|k v4B2H&L)CG*%N)0B%bB2m)sFzbbZFke4tB7E&kFww00960JRya^06+i$l)uJw delta 2705 zcmV;C3U2lA7O@qOJb(Rf2*L`B((G- zu_uu#NjdS7>~9}PO0xWQ&V6Mq=2!G&emy=u@_mw_8HuqIkRYKf?j9vXD0fP-^w}o_ z&-1+DU|_zU=PiD{-v0ix-e9l4zd!5^y!~fhZ+AG{e+J&CB!6NZ6jBlK%=_rM78myi z0g}@LQwT94MXI2XXi%6Yhy>3}@l+Q_C4a>L0*&^PKJ;u+@yQX&;_hWb2cd-M8V$AGsA1tTe(o@)Yca2$~A zoT$XFwu?+J6Fere?XUOyhCiScjr%Vc=dXC>FqQ*Zic}sE8tZ3r@#@3K_D{{MIE+;E_P05J)|XHbztU zt$!dXjVOlN$26q7?beTIColt)o<^@j+mnE3l`naQ4ae24IHH(_Rs$JTX^o6AMPH7m zh8xFcBi&aUC7EOJmD_HeMj$XnB1^snoGC(?EInjXM-|-AG=(v0gA)RgKxVddEq5!! z+~6>cYKAVF?V53GJ3NZ(shnZ@v!UMq`hW2o+n}>%gvH`sST5PYHLY{C?@eGXC{qzQ zU&ziE(pkV}=Y5}}w(j@B5p3+N7MU`h(YtDPw>&GhS4zg1uH9kNr?I_@>uIvv{w_l^ zxVKg=Kyd!*fOF-1m`w33QTjvQfE+4NO~HYiBhTHez06lofh+4ds+cMOc9IbkB*ECHj&2f1Uj=YdSM8 z`op8b4fcO`I9SO4^u2+%yS4vM0e{W>56N@co%GtRx0HoG9M@alZe^%QNE9(Hc71NE zKl|}2xDBCTu~JvnIr1*9GOgLq_h+$LE{*O^x6MwJcU5UxHW8EMxpr&O8RmA>CEVlbHqNQBIdy!a; z{#YVwJgdn>Hd&yrQ)-0ci_rqdiBlW=;Z2$i|-dnF?q&+3Z5;k z6v~9oE0TYQ(+iAN^k`_HY9Y=15j;F}LO~}u4m#nlgvERninlm@EPutT?ewy`t03oM zX%9QI!+OrO^K{@Hc#Cx9f-4^I)Q8KX^Jb$_1LsAWp7WFjQy)&FGp^1BN~4_@IySXp zqq-w7rc#ONOqX^R8ssGK_dL(*uG4niM`(QwB#J1bYTDpJ&cj2d=;3mUUN}Z51ct|j zpe!B*35G>VS$rBZUVm4g++t9ei-_jf4%{G(6IJHtn%fXolU<@%K5B~RJmvB9JAD$I z^{$q)IMArF(YzXM!YY;8gm-v?^Sqt$^|RUkP5vL9+0YMm05{$L^#|UP|2NqBe@_BU z|8Iq(HS-4Nvf@wW4sJ8IpBpyGzqxw&$P2+u`QM(mc>lk@JAc^T|33*d<=^i08u`D_ zjUOWU9eY9ZVG2O^oMk;Nfz6w*wLxP-a=~w>c8Hi?6wR-05~|SNX*FD(3jgdHtRkXH z1l8e(;^jn^J7wa?Ry|rF!pwE?j5DY`#}cn1B1UC>MHW+bYi6xI3WXx0jM!%x7{&-N zyB}OylCG}&_pKjsv z!Y2DK?Q#7m4`7r3zt`JcwEx4s?fvhQz})-4T9MaE>Zu(4T3a@ACmpNhV3sIps=8(Z zWo6>Tl3Qy;%Ivd|OF^QD2302IC@rKyu_812J_*XfAAeN`&da}>V46{rbNPgGY?S}u zVDbH*x4(V=_av|b=R|42kf1o&t%sWg8H@{>hLpvSli)3hQM&Ec4qPTwf-G_)ryvtd zQ;1VOwn;C_;ujz=C5lea_z#VG!a|LKVQicc_%at5(OV4RhN=Yq^py**Svob(y>d$w zRpH&<6Mr`gKj|DBVK3XRtMxVN;4tF_Td`EQ-t(^CjrMz*QFT2VQP-_Q zYS8vpy+$LKM*YS@=t; zzAeU@dmIWDqJX2rqi;{oUY6IUXNRv&%;RjO$04gOVt-$TZVOx3!WOnL2mcKK01E&A L+?J?%06YKyPXTE< diff --git a/infrastructure/main/charts/redis-0.1.0.tgz b/infrastructure/main/charts/redis-0.1.0.tgz index 70a0416240db113e532b26666982b6751a9be320..50cacfcfd9d4825628a683817b915538b23265bb 100644 GIT binary patch delta 2176 zcmV-`2!Hp?5v383Jb(Xh+qf0)&jS2EytzBzt~<+eVmq6G{SYL<7PLu?IP0*VYFc`h z*ixiQQck`2_O}ltC0Um3CcSHuJHW3%W%0}7hmU+;6^Rj5-Lr&9?Jr5nUVH}%f*=_7 z`}P?GLGu~(h9@t2{lRe18}^2S;}=2i=(uaUeR=oy(&kwu^RVZnuZPO|I6IlwOxh^ml5?<#slpHlGkCPNfVDFQsml=+L zWErC&F;l(8CfDcQ_JIm=`oAD7NA|u1@C&)6C%GcR9GX)Rm|9{cRaj&8O{gYnrp#M)n_xIgb zE$`xUMtB4|K`?p`Vs3w1Kkv7^SKVKJX?gee9f)vFIYOIcnQun6p;PN3In&^~VDj4V z@!vVeQa2{B0xfeM!tmJsr0FD|&*^7qciK=gLmt`R=FI>+lSniIsa7#|YYCrn!swi0 zWMT~q-G6U+|37?NBeD3M|BGFk6j6e&}303gpY-y!& zemyZ`DUU&A82;q9yvsRAWJpvYw@`3RC|5;xuh-=NM+S4uWiW|kq4B6fjwqt6?+uToG-0pV~n#0O? zT1G;I_Fvl2e&7CeIwjIna0gQD1L=ATlnJubS4r0*AHn@SP#&^8+T4&|thm{!kYT8W ze1B6g^y}B9*xzZDeb`Pj?PH~?R#e(j(v-q z-~s=Ce9|8_{Qq#!A0GVwQ;@av>*Ky9v41i7rFplZy{}0OtEL;M>0M>P>Wrv!9$eg+ zxyEv~kAh&>33{F22zrB2&>sZ@-$|=b5p&_!kx4aZJiHIgP zysy-#yv0oi>U0STrQOyzR+*#~aLOa(8v1sQ@$+S7W6~Zsxs*;#OUiyImMSekk$-=r zM2Cs9231D#uz_5o8J29dBpTyo!NiqWZZNd2$);6>2+DQqa;YzZp+`eNdIQed_A7(jJpx0C;e~;wi zhHo?4N=v^AVmbS_f~@%LhPm6zY=3Jz&q$jC01ug3)j}g3I}}&|`_pD)V}vyGU0e=Q|MWyit{`%$zaN$q2gU!f!3VAx3A` z*3}9lve8z*F?$W!AYbgkb$&5^^Y%Yi7uUD%Z%_ZxglFq(7DB_;)D2B> zt=*hxZSZ8%LDXrNv)GX0{y=im1FrRZzyIGI|0x#-f1`r%L-pUmQM3L#3=Z|5r=gAS zKUJ(%$G&Yk8%<=4dfN%@bUqHS8P?HZW?CuNC^=!b(tjA4uyjagELR%k zj>zq6qO|_w)2`nQIsNxdW>2lT{0?h8sQ<(M*7u*I!9o9@f?mRyXrmJfv;cPn;4VQ9 zvz)Ss@)$A_ek3s}zvaDz+k`4md1mz#RDz5_%*4!jEz0AcL89^M3xtg5q}EP&WH@k) zt<#4ejpL@DF@ig)6My*APd>cmYzczfsRk5eD1lLqe#`UEC+{a(NHk1}+SR+W2}D$? zmgmP*ciqEnqUHIs|H`g=R82|Twf|QQYQeiThBFd=%rh|Yk7{|Ze07(Z$BcY551raK zA!*$5Uj5I^dq*S{xq{2{3xgt);sb`d<@q#1(k&)Q@uB7U3x5@g2)nlHyi{9{eKF22{+~jxPo=dYk8+d?OF@tQy0`#w~J9_Oltzf>Ah$Nkm7P|GQD>WAXY2k^ zj?r}M`^XelaDQ2B4{SY^&Ozt|CFq3ks{FNrsnwZj!KlH+f&Mj&>R;BUlYE7)DfMH{{=U$N-?d5)EeQ` z=I=Wh4T9+=qc=3AdRiM&HST5OWE5CVj?tAXmDEA4V0p7q?PS+PRLrS^su+C{)CQvR zpVg@}6CAl#PMzLn$R`P%>z3D9$K{=ka;O`5Ewpi39e9nHRTWE6XqCD5GY|!-aqm@E zNI1A}qEx9Im2<>8K}d33!Ur*fPdS<_{<+Q6fev(_10Coa)Bghi0RR8bEM=zvE&u>- C0#ls; delta 2216 zcmV;Z2v_%|5zG;gJb!I(+c@&?YXSZa^H=^0?Di^IP8_={pm!G}1uoca8zi~ji`_*- zOJkW0MXDs_)|ccy`+=k+%TIN>+a|Ywr$8M(%y2m5Z#Y9rVoFu_ctWHOXC!A&z5zv1 z6b<@)`x`~k@^91|44?G+hx^0fpx2LvPom!b!G81vqHm$hGJlmy6Zs_i!(%N^?oUFb zpl?wsDtHXjeUB7HQ;fo17SIrPM-@5zPYEkgeJcmB4gZJH3jPld`#bzU1dU6^407L0QA(O( z3>}MPRgeT@NPiB0#3Tu{5KO@ya*Y!71i`RD(+?&n5wx&PDHcr3a^xB&MA@oDNQsFC znv)EbmPqoBXa3Fm#vKn_dklM{8KgKSCDTwUv?6R1jHSqJ@zfMADoFqmt*22j^juMi zQYNUZR8#&?qSAE{ASuci4x_v-=a>sQi($}zMO_`EIe%Sd=&j-C?LRjxkG+h)n;iZ% z<^>}fRrlQlS%Ff8y7+3YU<>~DhX=hS{P%~w{T==vf^KfQPdnbrPX*zrMV0|Ih_S=1 z4GTNo)9&3}$Gf=+3@j-}@JUgGrl$`+hgul&)c$QsM!{o=L?e)96ytzq@S!A(jwz-l*08FF9q(W02Cxj;3}fb@ zV1x-V?nH?kTY-z4@t7h@6%dII`j|R@MiqQNnpta{yuL7fDbGL^nEViSywfpAWJpwH zw?uGFC|6a4Wb3GgkCZVOp>bv@5CvrJKQ~&pc7Mz*3)699&}FyX7;a;Sds&^SxupNM z+Q%>MzpyPm8$&oL;kmPtV{UX^sQqFE3rV>iga4fhzEl2^G&k;-Y_&~)FKxlr${NU2 zajjWZySmk0alIHBA=|jZwohw$m*>+qxBI&a&EeJ_c;?{s|KfxH&i{Rw5_vATQ&MeG z(tov9T27GVp_+89<}uvd0ObiQ)5Qse)rgCY3K=F^$e$~LVSBq&^E+y?58G(it{a?& zRCJpx;^t-z&nK^=YD&_5Ifay6l2ZBU>k%`%iKhQ9`NME=W-Z_)!lzVVIze(blBgiDh7&wqTY zUF>hsJhn*CRezh{IHvZY=kgx7yYug!`8IesBYNV;z6lM&T6}0r)nSNI{qnc(|8Ch| zy!dsS8o&BK{1)1|`_KHsL@s{pj|o%g-~DD>l93%RWp)zspo+|t1L?;vH zs+xRfyZ4^2+@KO$Po@^z-ZD0&T7MkE3=-Ubl;_nb0L{D&O$94+Y)cKGbrTiznhdU4 zgoVD#sbWn_`Cm;o58PzsN>b=}!=xyoQF=~w=6FvjuKTK>m7MmARIIuGsFIDG^=hs^ z;Z_|*O@)vvGYaNQcP32OF*q3hxU6p>g%*imFwHqyf&PvA41f$6;hJVxXYoX61 zD(lzg9obr;iK+_WC-5`SgBvT?O21QXfpC!ED@F6%=df0@xbmWxHFwy;2J99)|| z6PYdAc5c_lKDNIat&jic{N(%!0pPa#--F>w{5RO&-TyoYwd21vfz~`4T)1(4sBo}3 z>NUw~?AG4cMQJsjP3YGGcNM{kbeBRXZ*=liBSJf7#KMGhZAHuwXxkd7-K8`2mO`z-~GW3{|`ZXa7MJjgaR$V zZ2|Z=K@OvmvXt@+3V)JZlMGeZ@%G?yLKUd8us8)ZLB=3sV&sBs%Cl!6kr7R&2nErT zRz2aVk-#yt*E{gN$uj6COyMKd6ZpR$LU_a33yt~jsq7hQv zUB5lPfRswr@xqMiuKRJ5=y>7i-?Hm|nyN|Gwf{F2YRbDUfqx^CT$crmDMQuqo`&jU zVSYyB+WhF;mV~5P$9wu8!}pd*DoO>XCohc_g%s~G(H$?ODUxo*B*puV7fw|oQtbY3 zJr+CspT9ghdG#{P({D1y7X0^y!-FOK_XdYM{67fo!MWK1?!l_#b-bhM?Me%CrcSAQ z-GY<%gl7Wk9Dm&O+%u@*W15xH0@~Hp0^itA#+0eNg)<^ajvD1W>Ar=N`Ilv@Ir+Sk zdwg7JF=B%if_0Vm>eLc@weom+bqlA}%)!33&@l)-u^+<_UcZpu!c}U`bhTF7tK+kO z!nwOJyQ=5cs)HkYleESNSBKGx$VIU~)12z7IY(2sNq?vn+gmT!iGAg6^jZqv!eX6T zC;S$!2K~=yTZw2X+=%_0!baQu=bN=XukN_7S{&!iz4t~kV%I8LiG5vPwzX_~De42T z^<`3hWmk9FIH3FRsX|X)2##DU2b?zr@(YuBcf4RR-wx&xd9d&DY6sCZLivyL?#IAE*98NfJzfhgYNO1NbN02!k#=l_`dIt z1_S%+`+oD+?>+aQ^ajJxus7eQEmqO~*7M$jgIxa?gk`8clL6SF|Gh!)u&Mvg4|{w4e+-B+#*F5^UZ9jT zEH${@+T7Z1Nq@9TeJnDr$IvrPG$ApL+bsZzsZdl4xg0}052Qy$cNWBA(G4YC;4J7A zhyXN+$H0h2r8}tbZC0Xi zHu;+ZJ%300kA$H_rBDIowt=REF>%GH(lA3Nt{k1RaSXjd-#Z+5!$Z&S_6PQ{-}ija z@Aii7Y2cm?UDtl`)c0R_y%#;N*MH#+M%}|cJiVMFL{usb1CWHrsDMa>Z(qN$Y<_K7 zVnk^W9Dyq9x?cbL1n^p;3IO1 z+AESV4W7#-UKu>z8y8p9eF@wetHJ{q9oj!>a*;(5y@rF%0TjrPhxTvtWEeb_NHhW| zsec&1wS-?X!e~S>G@+(t-D|ggLPx+3(1whehk_XfBvS}VBv=bv-HaoOEOchW+BXcX z`I}P(U(S|R8YizVOkc`lP$>pqdF|F&1QHn%mCG#%+L?NV@CJKRa?On+6F{%W}&|KsipTjR47gu~*UJ1M!rC9f;3 z_hvAal2OC6YvN$E4cEq- zj`n}e|GS1x6^MU&Qn0N2T>WHXw9$Z|RvBq*9^nHKS@p~P=553{oAB_E>=cJXZh}rN}Im)Ch-9@k6dPjLU zhLaL^yOp3OA<@JpJEa;Go4Dyfoi0JHwCftjN|SU8obnL4NhHh|$RB+>gkMoCrWUU7IO87ml)y zx3iX#7tqMF3$XciO=dN_QeyJlST9I3D0!)%$k6YI#dTjtv{pN~7mLN{Pi3;ivzg7! zE@6Eu7my0MHlt3pbQ59x^nVNgh2P{il|qX^urXX7PwFqN%1<)JCW6smIfk?7mCzH3 z%4%Mt;~4(gSw&qFfU_P|Nytogy!PH$m&UBB5==EGCz+Ge$q%pp^YZl7<=e}nZ<~{{ zRZJ_shDobO2D{Lny*#}eUTOo(O^A^%{v}1SX@! z2b8TteF}P4$!g+O7-W*_<+0!zuXO{v!XOYyI*}rx4A)4z!+`UQYntGRb0ZDi%=nRd zCHT1zx~hy-VCzN`Nf(r1jHfCfjJOkth%i-lCQ(E=)yo2fO`aED#g<8^}kW8oW zt$BP|Sp6d2thoUf|;wl`v+9^~0C0U>(G1lI0W&FbjR`C8kz(*7-_VD1a z&Hmf7#0T;KyMOGzKO8pf|Hw4$?f)Y{-6Xm-7b$Wzr;)Y=*RuR_ZeD&&<)srzlQi(~ z<4Q25XXT$9i}eHR+%6K%g|=p zDN=6JI6MtwysWwuiT*i;RAOMA-xXzHKxA0FdnGvjNl(cCzhRsGS8l65hzHnV|NWug zJpUgZ4)^u{M}d|5pQW)c4b`KY`_jDDE1Ml>`k*RfZnA%{sjNx4yWw*wNfgnbuxH0C zQ`%%FYkwvC`&7;cfBeuj*MD!0ETOjS_3$)y>i=l4cK_2K?e+gL;3-UqHY%b(3vfFC zuI9*LmQfZ`9z#lkcO*vTwOdc&a!wVfEVb$hYL1LS%*4zUA1RN&28oPlxR%^-Jv+8Fhiai{oxUfGnp5SOk0Wiwf%ZTnbupF5J?i$D66{CEu2&znXDgM)Oxua z2s_}`km;-eY-;?-UbdqlGi~0po5C%e<$t09do71XAoLt1=sDr#Es9&1I*Cs2GMnit z2`7%vK&F19p&)aV*!vA4Dlb8ptsyhMvNqG+E()t;@+0ACiQp_DF~Wr{TW%c<(+_=A zFl~_0B%U@AI5L+c{t%Neb)O~NO=!oHAK}~`>rV>=wYEZlo5&3PyGX4f^8-z2#ebC} zW81b8v1IypqT|TCboUZ!6S{@fHnox1J!g}ntWBsS^T7$3o#x+tHjN|msTG=if|n$< z-vQ)?ZH>&fy|tZ;J323BlOLpSCGintY=y}do+`chX->3lvR6_=QGKehiOdJT1)1h# z>gBa^Hgl1&5U7S3!r27Q%O2m<$zIsw_?@d$kSVKd)0NrSPfLhIckJ(OVh4hA4D>g) z*B#;3c%0ljC8^-ZwQ`Q>b&C9AP9xoJb*f~yQxrKnD@Q^35Mx|_U$NUB_OORNd5Yw_$RU)Vsly`6%xKFrzkmUR30ZeM&QnqrxyiA zK#GFVn3%QRd=>4N=6eqgD*c}mR-*b$2H+0;?+^ML`ad3w_WFMxkd}-Y&3!pXDQSWc zbgU+;g2Wg>Jb(HN#&K5*!4w=I*C;{H5X>@Y=D`dlf);it!GeiJj$FfxDBBeaDKXYS zbCRLb5=q|i%zw+dQO5%}9>KwM0STt0WEx6^7KI&xREpd-Pfc@DVFHk74ULLm;F?O5 zGDc;wn)c5nDqS}L;-ZXT6y|k1$6Uxo1V_W~sOw`ir+@1U`de1?2ghbf$CIMeXy?y_ z(h($*&T$$Cq$pIND4U}U5}b=d1(}!!(>REU<++eXBsA8TM4)Afa44MX5q)O2ZVHxN`e6oe}hhgWzx&j1GgaHyGOH zU=V~s*njJfTx;lBhi>YiZVkfYpnu#C`h(+Oc+@)_z`=z%4pb@)Ly&}LsDMa>f4qEU z$$Vl-Vnk^W9Dyq9H(vhd1n^p;$P@dwX&C~a zNhBJ9G`koFw1A&W!e~k{F`=dGneuVRDtoMpyQpUAdw+amE2;%HKANp5wh*08m=f~Fh%3c z5+Dl5(tqxhZta*`5~gV*&~>-n2yW+u_mVnOOH6;X)JI>x|A%eS*$Bd63C^9A+~S7T zmEI2~u#lAN6#TDL_bcVEVRQR_$Whz%_kY?EY<*dyGF4h*zN-DY)md?~7?~p5`GxJA z*5_U4r!8*xca@sKtqpig;N}0>2miJI%XCWQx!{gSwTnnMT2VPemIrFqvy?}0a|4ve ztV~uJ3aTAf2Ng1mwUFOd2!r-EPK=FX+TAwZ7 z5&fR_f5ZQ~j_xut|M;Zv4*!2RI2y0{|8YMY@BROMK)e29QkCAk-|^m1ou>rThDNjtUIIPwX&V{xmqdNPtsb3%pcHR5k2!G--HH1jXtog${C_m-~a95-|h0Rzy9GaGJfzM{eKu(-u)+j zVImhl@>9YT`fqW?L|!GE)z%W5Zy|*iv0xEg zJUeR-TD3SU89Nh<#)}9}(-%UYNmSNatxarOiB@-4Vn&sgi=}Ppt_`Sp9F4*-?CsM2 z-g{U<10+o;r+U$nLLri;T+^qUBZhHIQA$isN=bP(iD#IUjPmR>lDD#aYrbQu`$QIw=B67TJ4?X<#g;udAt43wz*ljT|ZFomy zv?|-BT)(v2{N2E=_>V4q=SK&CcisODhU@kJaevg`$A9+$?f7p?ptXz!S1RuJ6%Ov} z!k-&<>A$_s_(b=CcYodgg`?4${vU;-qrLv$2ekFyee)gqe{KeUiRO1xDY!Ptz+0L|aMhYpe7jB7MWs4TCuVz%EyA5jvcQyXy1zJr+T?%T_4|mPCvDS2( zMPO4RQ4!;0Se2Jt*M|$w#L*Q#O=O1JMb3v|Xd`FcgjX76PJcOZZ#FQ=svRj;7?%>C zCmCKWr_?d@IVMzMY~$xE%95DKq#k=AIPQ({?+|v`f8~zqC-DGx#ebu4{r>OhaJ0Yw zyBAn_|J4}##!%h6xo^yCyJ*mLrVo}Cf^GJ1YsG+a_sHNvniM>)?b$O{DvfeWHS9x* zQp4YVCR*u#Fn>dqQ(Ij4^n2W?|3|}(_h0+^|NX!LoDpqQM1dCIP5@lZki)d3ETKGu zg2Zn~hAQZI2XHZ?3RGEG^#nCT#vo&2>WVy+XHP&PBbv?;3ZiGNeqwCG0dUN0*Z~g< zi7CCt1g@x_!5#19erHpDB4`espeILei|` zJ^r6r_lig=N(HAU&kYrY6hGMzDxe9HUbRSypE_PJSFuR2_v;FyD*Zoy{`BO#=Rux) zjy>+m|9{5gb^kvI5BKjs?*$HEVo!j3vC#24-qY&wf)>V`&Z&FeP(ADho>5M(p{@m+ z1qViZcuKQUTE%vK4dR#f?YJ_%w{S)z$x)+RR)25dWckE=vpBq*|b#1?pQ8s{#t$TG#4e` z!YW*j!pnD~{g&obUoKZPeY=oawEgXP9op~QB~XjtTUhN=+mPSF<w{SVwN^FJpMSbhjlI?}4Jz?vKa(#DHPujVmdjV~g zCq^#>N3NCAo0kRh$&9AD<8@cduH8B?hlk`1fjZKDWJYX#1|Dj$+TFgyuh5(0`s;E+ Xd)UJsz6kt300960iNU2C05|{uGy(dC diff --git a/infrastructure/main/charts/tasks-0.1.0.tgz b/infrastructure/main/charts/tasks-0.1.0.tgz index ff9fa1bfe6106039dcd6ad099cbe71d1c9077e1d..b4948b5c99adac1c2dd2940046c02e204d82e676 100644 GIT binary patch delta 2475 zcmV;c2~_sj6U`HlJb!O*<2KUY*8=<<=J7towR>k-PGYApa0jGu+6HYBBTl!tS1~P( zB{mePl9aQ)r1#kmBqdpv?RfXPe-Gh{IHJfOe>3C^XGm$H?o{_QAyWHGlCl>cpaek> z433WMZx95{-=H@*e$hMX5Bj}9Z_qz{5%dlY4+k$G_z+~8C4X0%$QQw%9;+$b7g9(@ zU!zo1@F6S?Jd$PAW8nAvz>83Yl4jagoxqRCQV7j*fw_?IQ$9noeKp{N#eIfOU~rB6k77RF-HjU-**EbK(T z5grTER+D%LjA&HafJB%vu}qQc0!fKnhN$e5dHy{|rOQWvFw2K<+)vBr6jM8FuOD1c zSIKBfn>`Nt!A6&Zpy+~pQMAs4(y>G}!BC&?Z^to0e_p)LxOCY4BYzd1-L` z*KT8}JAV^+1TAwO!r;*UOVdd{pVK$c?zEud=3&B5>@Ce6kHR^RS_ZCI)AF+o-zhAgj^Y>3W%j&^4+f8(lOUG zOy`wCn{K;O+|CAXrFEuONdIry5C8u56I+u)OP*fSc0{gH6~NUwPsfB>=tXqwPIw3Z08KyHnr((%2QXj`@aay;nD20 zjDLg(?Z396ecS%;Y)Yi5;Etr)Mbf=3SSH9)UnO13dKEzLP5ZurE!wyUI>YFi~X@4-Z@VJi_m}(6}M+CQeE?i81QTmJX_1Iun!& z8g3$#Dw`BS>`_`%*3NboE@Nsc${D@CgMT^YN)sO9I`1{Ja-`qV|2Ox4``lSYWA7s; z*t7p19~|`?`~P4N96ay;AEQ`LznbnF5*wFax_2Ae`98SS^Xhcv*nBcIxIKMq-Mz1p)vJ2LRYJV#=m?C?#y?;E^WyCC=Jw{~ zho-FdILWeXxR&}3y$|;M;_U5ksSWh@0DpJ;xT&2)`Tf{xEw+j&qU5cl$}H z;^V8y%@5aSlP{FMSvn_^$*)(}qtBImMwGf2GTNj6FI$Y!cej@(JKWl5Kt7roust&{ z`tHl2k9@I(SI0yy?yz<{tABl*8YjM+q&kJ%e+GWLz{a;W1C-7x5*rJXmwy|48#IT_ zq|hQ1YzQ}}WnKr=03#jX@@& z6RzpW<{L9NI7cZl8s(DmcoHTU<&5(9Jm#XRK6`^B)U|KZ}!fBXbl zO6_X<0AuXC|LqTsHtv6qj-JndK1O*7W1=-mu0RWLO91W@AzBXd%&n6ld43PbUyjsal>NQ{8nxPKcK0&;BL5 z?x(6s;;#K$Rj38;)&OTDyvs8%+lOj-uY7f%nV%WCGe0`DPeRhT<-Pj1>GzsQDslzq zqcg)Ilj1iFb$`qAX@sO(bdut?mgg^2C?f2B!pq(*#o7P$*~#eQ%uk~aGR7YJKRgVY z_rJZtp!aP5AEUg4kqtM&p6a%|mUmKIUTI;1#sziPTkZ=GxKC)9098OZlo0}mdGUP% z=!9q!L@D?&$EAUgx#`UFbcWJ2R4%x|X!S|SOJjW|mVeHrbqubqB6elJJ+mzzVN4`R zQKPH{6pt`keWSJ+Z`4}31MFQ541Q;`z}DJ#ZsqW&8~3tPc!cv(llC5m&Ozt|rO_s@ zj@=(&>XbZvivP5M?IeGX`1LdIX{p(h)ERGESb+rxuxc`)b zR`@^Dl-6iCd|SB_-QpkggC_=X_!sWfxh}#ZtXHb7qnP=9d;Gcx75K^wXMJ&5!CUw+gTmI#{LQX@`#|x zeGWOAJMtBDWvN2otawLpMQN zVf>b*-7OR~PDdxWgplyRXnPxxb80`$u|Xe_Fe$uIm`jOVv!#s`L1ILe-D#K-fLVem pN+iO7X!li)$>DwYyn?Cc@?4(FbNPbGe*ypi|NnL+=_vp-004?)@6rGO delta 2486 zcmV;n2}$PvFZejq8yvTWDs?Ka!u!l0E!a(F(^ldUfywx__U8nP$nQBH~H+caPN+ z?kg!Iqwi5j%9#(dU58{@_1g7zysi_X3II$HQh%AD1boY zZKMx7_Eqv+1Srh_`u(>Yr7B+mf-Lu8znhltDW+V^eSg^9@10Uxnb4FrDR$P7?CY1;-K zS@ShvVSmec(Yd>8IX5?LZIYBBxFpLw-P473t;txcXM;&?$KbuU3rpR@z%3||vjBRp z%ukw*@+hJoz-_xwf*}jdZ~dkjJQ7G00;xvPerOKAJoj48Ndy8D zB(l(3z?mYH$s$5BbyUGMO%j-(c4Q$C31s0$H)^+Z%ryaS|PZZTJEuY^o6+4zM`pW5eb%2QXj{au9SaBCJjz5cp?alyTG|2v!FY08;p zQf^|>wiaAYF-bi+?HJB|xVZt!f+P=@1@ej!mm4J}7$`1&C;+|sbSdOJtg;W&sL8G> zJM}2-j>s*xnkML3x$=ePVuDj0k^;?3x9RW zuvgF!#<((j24&!F!hVlu$mEnpN?U;vG>%b7AO6}dgYlnkT%8)Y{*9~ocYU{(AY72x zed!wRd{O{jv>WIW5{i$nm~M z#j=P({`9wJe>ddce*3e#MU_9h&wqdMj27INZl+@x*LNe5NObRhX*n9%U(SHmOIWr; zq3Y626?#sI3Z~X&RVmMQFTVJKy#lrrrG%|d9g|fp5AkV(yedc_bASE%wdw{c z-g%l57B*yRLr1${b!nC!Pfiz2^^S|wdO>IzIDT{a{rTvkDWuuc`cCk4MTdIk>(u!z z&W9MSX|9R3MnA}A-g0`sPRF`j;oOHTp75LnDB4pl)kYBp=fkf+gp7;LBD@>*hhM4) zxkRy^@xl4%;vd8Q=qqJkPk)`m(dftX;qjNsd`6_a<|5pp|F2t&<2RRQho}87mHBX@ z!M1#X<2PR;`=kERuzzv+w*Suu<-WcN`%&IE@mI~9;mP~{o1@F&`MZn$<=}_Iv$Ov2 z@^El+dHC+)`!83nPvcv!9L;d1y@=ZeTqqx2cVBm#<7I*?9`MA6i+`g*z0pL(gFHzF zJfXqdhm+`xtARjiQkF$Wg(9WQny!kpQ(D4RRLv``vE0vnes@+&keZ86Z(a8CCO|tQijvnWBfQE&3B- zghF6=oD0h0Q82|YPk$(jPh!Ta>i!1|a&wMcr)|SE(s-(hW1ISf3CqDQP^?aM#WSAp zc>Y$;MR)T~iQ6PJ`NwEE_og$cUQO>In-q0>jw2VtA(A2K|5`TvIiL|9kGiIZNii znIY9oL52bn%Ft^$-tp*iq_{v0QtVy7KN>+ug={%qOjXA|tPm~7oBT_3?4zoh#vSv2 zRUv1rQv;lk;D0L5AfgG%mh-}s*O`7y$d!Jm)Vy&)KGRC&^-`?(i!~S=AkM}#o3kOI`W!Pd%6Y3CRl)SQPn-4YJaQIAx$ofLEE|#@Z4M(le+R2 z21Jk)6^g|wdJD&kn`Ntu?4pxBd|YYKuniWnsRlb+E$GIrzox$d-4JqGq@@D7G{r>=sn z)xlxPbAPr*gD~Fju5h{x`vXm>8ZRiSx=o-4c6U9lg*~-fi8Y3AVYyDO1HXmw&hG22 zur-D&*pD%6xb1C*9Tr>W;~K@V+D6}4G`DM2Tfh#A%ol8$HP#dtQv`c6sL0{$A#($^ zd56fpjxB6qq}D3olw@NITfft>(r5bwJ1dik+J8*A;AIq0yP8#|BxR?Mz}i3KLeh*g zWJ+4^ah@R?=`^S1wCh*A;MqHgvMz#Ye6G9IPpS$OZJfI44DC&hlw2XmTn9G@Bn+3X zr<~9|3$F?IRG*M0B=a> AfdBvi diff --git a/infrastructure/main/values-dev.yaml b/infrastructure/main/values-dev.yaml index 1d37c3f4d..898b0f434 100644 --- a/infrastructure/main/values-dev.yaml +++ b/infrastructure/main/values-dev.yaml @@ -1,104 +1,122 @@ -# See https://helm.sh/docs/chart_template_guide/subcharts_and_globals/#global-chart-values -global: - licensePlate: c59ecc - namespace: dev - nameOverride: dev-drivebc fullnameOverride: dev-drivebc - django: fullnameOverride: dev-django - namespace: c59ecc-dev #The namespace you are running the application on. This is used to pull from the ImageStream + nameOverride: dev-django + replicaCount: 1 + image: + repository: ghcr.io/bcgov/drivebc-django + tag: latest-dev deployment: - replicas: 1 resources: requests: - cpu: 50m - memory: 256Mi + cpu: 20m + memory: 250Mi limits: - cpu: 150m - memory: 512Mi + cpu: 500m + memory: 350Mi env: - postgresSecret: dev-drivebc-pguser-dev-drivebc #By default this should be correct for Dev - djangoConfigMap: dev-drivebc-django #By default this should be correct for Dev - djangoSecret: dev-drivebc-django #By default this should be correct for dev + postgresSecret: dev-drivebc-pguser-dev-drivebc + djangoConfigMap: dev-drivebc-django + djangoSecret: dev-drivebc-django + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 2 + targetCPUUtilizationPercentage: 75 route: - host: dev-drivebc.apps.silver.devops.gov.bc.ca - iprestricted: false #Set to true if you want to limit IP's the the addresses in the ipallowlist below - ipallowlist: + host: dev-drivebc.apps.gold.devops.gov.bc.ca + iprestricted: false #Set to true if you want to limit IP's the the addresses in the ipallowlist pvc: port: 3000 storage: 1Gi - tasks: fullnameOverride: dev-tasks - namespace: c59ecc-dev #enter the full namespace here to the deployment has the correct imagestream + nameOverride: dev-tasks + replicaCount: 1 + image: + repository: ghcr.io/bcgov/drivebc-django + tag: latest-dev deployment: - djangoImageName: dev-django #Since it needs to use the django imagestream. - replicas: 1 resources: requests: - cpu: 50m - memory: 256Mi + cpu: 20m + memory: 150Mi limits: - cpu: 150m - memory: 512Mi + cpu: 250m + memory: 200Mi env: - postgresSecret: dev-drivebc-pguser-dev-drivebc #By default this should be correct for Dev - djangoConfigMap: dev-drivebc-django #By default this should be correct for Dev - djangoSecret: dev-drivebc-django #By default this should be correct for dev + postgresSecret: dev-drivebc-pguser-dev-drivebc + djangoConfigMap: dev-drivebc-django + djangoSecret: dev-drivebc-django image-caching: fullnameOverride: dev-image-caching - namespace: c59ecc-dev #enter the full namespace here to the deployment has the correct imagestream - environment: dev #enter the environment this is being deployed too. Needed to set the configmap reference + nameOverride: dev-image-caching + replicaCount: 1 + image: + repository: ghcr.io/bcgov/drivebc-image-caching + tag: latest-dev deployment: - replicas: 1 resources: requests: - cpu: 50m - memory: 64Mi + cpu: 20m + memory: 50Mi limits: - cpu: 150m - memory: 128Mi + cpu: 250m + memory: 100Mi + env: + imagecachingConfigMap: dev-drivebc-image-caching + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 2 + targetCPUUtilizationPercentage: 75 route: - host: dev-drivebc.apps.silver.devops.gov.bc.ca - iprestricted: false #Set to true if you want to limit IP's the the addresses in the ipallowlist below - ipallowlist: - webcamPath: /webcam/ - replayTheDayPath: /ReplayTheDay/ - + host: dev-drivebc.apps.gold.devops.gov.bc.ca + iprestricted: false #Set to true if you want to limit IP's the the addresses in the ipallowlist redis: fullnameOverride: dev-redis - namespace: c59ecc-dev #enter the full namespace here to the deployment has the correct imagestream + nameOverride: dev-redis + replicaCount: 1 + image: + repository: ghcr.io/bcgov/drivebc-redis + tag: latest-dev deployment: - replicas: 1 resources: requests: - cpu: 50m - memory: 64Mi + cpu: 20m + memory: 50Mi limits: - cpu: 150m - memory: 128Mi + cpu: 100m + memory: 100Mi static: fullnameOverride: dev-static - namespace: c59ecc-dev #enter the full namespace here to the deployment has the correct imagestream - + nameOverride: dev-static + replicaCount: 1 + image: + repository: ghcr.io/bcgov/drivebc-static + tag: latest-dev deployment: - replicas: 1 resources: requests: - cpu: 50m - memory: 64Mi + cpu: 20m + memory: 50Mi limits: cpu: 150m - memory: 128Mi - + memory: 100Mi + env: + staticConfigMap: dev-drivebc-static + staticSecret: dev-drivebc-static + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 2 + targetCPUUtilizationPercentage: 75 route: - host: dev-drivebc.apps.silver.devops.gov.bc.ca - iprestricted: false #Set to true if you want to limit IP's the the addresses in the ipallowlist below - ipallowlist: + host: dev-drivebc.apps.gold.devops.gov.bc.ca + iprestricted: false #Set to true if you want to limit IP's the the addresses in the ipallowlist diff --git a/infrastructure/main/values-prod.yaml b/infrastructure/main/values-prod.yaml index 204871826..1be5fb923 100644 --- a/infrastructure/main/values-prod.yaml +++ b/infrastructure/main/values-prod.yaml @@ -1,101 +1,123 @@ -# See https://helm.sh/docs/chart_template_guide/subcharts_and_globals/#global-chart-values nameOverride: prod-drivebc fullnameOverride: prod-drivebc - django: fullnameOverride: prod-django - namespace: c59ecc-prod #The namespace you are running the application on. This is used to pull from the ImageStream + nameOverride: prod-django + replicaCount: 3 + image: + repository: ghcr.io/bcgov/drivebc-django + tag: latest-prod deployment: - replicas: 3 resources: requests: cpu: 50m - memory: 256Mi + memory: 250Mi limits: - cpu: 150m - memory: 512Mi + cpu: 1000m + memory: 350Mi env: - postgresSecret: prod-drivebc-pguser-prod-drivebc #By default this should be correct for Prod - djangoConfigMap: prod-drivebc-django #By default this should be correct for Prod - djangoSecret: prod-drivebc-django #By default this should be correct for Prod + postgresSecret: prod-drivebc-pguser-prod-drivebc + djangoConfigMap: prod-drivebc-django + djangoSecret: prod-drivebc-django + autoscaling: + enabled: true + minReplicas: 3 + maxReplicas: 10 + targetCPUUtilizationPercentage: 75 route: - host: prod-drivebc.apps.silver.devops.gov.bc.ca - iprestricted: true #Set to true if you want to limit IP's the the addresses in the ipallowlist below - ipallowlist: 142.34.53.0/24 142.22.0.0/15 142.24.0.0/13 142.32.0.0/13 208.181.128.46/32 #The first 4 ranges are GOV IP's, the last one is for OXD external IP + host: prod-drivebc.apps.gold.devops.gov.bc.ca + iprestricted: true #Set to true if you want to limit IP's that can access publicly available pages to the the addresses in the ipallowlist + iprestrictedAdminPages: true #Set to true if you want to limit IP's that can access backend admin pages pvc: port: 3000 storage: 1Gi - tasks: fullnameOverride: prod-tasks - namespace: c59ecc-prod #enter the full namespace here to the deployment has the correct imagestream + nameOverride: prod-tasks + replicaCount: 1 + image: + repository: ghcr.io/bcgov/drivebc-django + tag: latest-prod deployment: - djangoImageName: prod-django #Since it needs to use the django imagestream. - replicas: 1 resources: requests: - cpu: 50m - memory: 256Mi + cpu: 75m + memory: 150Mi limits: - cpu: 150m - memory: 512Mi + cpu: 250m + memory: 200Mi env: - postgresSecret: prod-drivebc-pguser-prod-drivebc #By default this should be correct for Prod - djangoConfigMap: prod-drivebc-django #By default this should be correct for Prod - djangoSecret: prod-drivebc-django #By default this should be correct for Prod + postgresSecret: prod-drivebc-pguser-prod-drivebc + djangoConfigMap: prod-drivebc-django + djangoSecret: prod-drivebc-django image-caching: fullnameOverride: prod-image-caching - namespace: c59ecc-prod #enter the full namespace here to the deployment has the correct imagestream - environment: prod #enter the environment this is being deployed too. Needed to set the configmap reference + nameOverride: prod-image-caching + replicaCount: 3 + image: + repository: ghcr.io/bcgov/drivebc-image-caching + tag: latest-prod deployment: - replicas: 3 resources: requests: cpu: 50m - memory: 64Mi + memory: 50Mi limits: - cpu: 150m - memory: 128Mi + cpu: 250m + memory: 100Mi + env: + imagecachingConfigMap: prod-drivebc-image-caching + autoscaling: + enabled: true + minReplicas: 3 + maxReplicas: 10 + targetCPUUtilizationPercentage: 75 route: - host: prod-drivebc.apps.silver.devops.gov.bc.ca - iprestricted: true #Set to true if you want to limit IP's the the addresses in the ipallowlist below - ipallowlist: 142.34.53.0/24 142.22.0.0/15 142.24.0.0/13 142.32.0.0/13 208.181.128.46/32 #The first 4 ranges are GOV IP's, the last one is for OXD external IP - webcamPath: /webcam/ - replayTheDayPath: /ReplayTheDay/ - - + host: prod-drivebc.apps.gold.devops.gov.bc.ca + iprestricted: true #Set to true if you want to limit IP's the the addresses in the ipallowlist redis: fullnameOverride: prod-redis - namespace: c59ecc-prod #enter the full namespace here to the deployment has the correct imagestream + nameOverride: prod-redis + replicaCount: 1 + image: + repository: ghcr.io/bcgov/drivebc-redis + tag: latest-prod deployment: - replicas: 1 resources: requests: cpu: 50m - memory: 64Mi + memory: 50Mi limits: - cpu: 150m - memory: 128Mi + cpu: 100m + memory: 100Mi static: fullnameOverride: prod-static - namespace: c59ecc-prod #enter the full namespace here to the deployment has the correct imagestream - + nameOverride: prod-static + replicaCount: 3 + image: + repository: ghcr.io/bcgov/drivebc-static + tag: latest-prod deployment: - replicas: 3 resources: requests: cpu: 50m - memory: 64Mi + memory: 50Mi limits: cpu: 150m - memory: 128Mi - + memory: 100Mi + env: + staticConfigMap: prod-drivebc-static + staticSecret: prod-drivebc-static + autoscaling: + enabled: true + minReplicas: 3 + maxReplicas: 10 + targetCPUUtilizationPercentage: 75 route: - host: prod-drivebc.apps.silver.devops.gov.bc.ca - iprestricted: true #Set to true if you want to limit IP's the the addresses in the ipallowlist below - ipallowlist: 142.34.53.0/24 142.22.0.0/15 142.24.0.0/13 142.32.0.0/13 208.181.128.46/32 #The first 4 ranges are GOV IP's, the last one is for OXD external IP + host: prod-drivebc.apps.gold.devops.gov.bc.ca + iprestricted: true #Set to true if you want to limit IP's the the addresses in the ipallowlist diff --git a/infrastructure/main/values-test.yaml b/infrastructure/main/values-test.yaml index e5486633d..64537bcb8 100644 --- a/infrastructure/main/values-test.yaml +++ b/infrastructure/main/values-test.yaml @@ -1,104 +1,123 @@ -# See https://helm.sh/docs/chart_template_guide/subcharts_and_globals/#global-chart-values -global: - licensePlate: c59ecc - namespace: dev - nameOverride: test-drivebc fullnameOverride: test-drivebc - django: fullnameOverride: test-django - namespace: c59ecc-dev #The namespace you are running the application on. This is used to pull from the ImageStream + nameOverride: test-django + replicaCount: 1 + image: + repository: ghcr.io/bcgov/drivebc-django + tag: latest-test deployment: - replicas: 1 resources: requests: - cpu: 50m - memory: 256Mi + cpu: 20m + memory: 250Mi limits: - cpu: 150m - memory: 512Mi + cpu: 500m + memory: 350Mi env: - postgresSecret: test-drivebc-pguser-test-drivebc #By default this should be correct for Dev - djangoConfigMap: test-drivebc-django #By default this should be correct for Dev - djangoSecret: test-drivebc-django #By default this should be correct for dev + postgresSecret: test-drivebc-pguser-test-drivebc + djangoConfigMap: test-drivebc-django + djangoSecret: test-drivebc-django + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 2 + targetCPUUtilizationPercentage: 75 route: - host: test-drivebc.apps.silver.devops.gov.bc.ca - iprestricted: false #Set to true if you want to limit IP's the the addresses in the ipallowlist below - ipallowlist: + host: test-drivebc.apps.gold.devops.gov.bc.ca + iprestricted: false #Set to true if you want to limit IP's that can access publicly available pages to the the addresses in the ipallowlist + iprestrictedAdminPages: false #Set to true if you want to limit IP's that can access backend admin pages pvc: port: 3000 storage: 1Gi - tasks: fullnameOverride: test-tasks - namespace: c59ecc-dev #enter the full namespace here to the deployment has the correct imagestream + nameOverride: test-tasks + replicaCount: 1 + image: + repository: ghcr.io/bcgov/drivebc-django + tag: latest-test deployment: - djangoImageName: test-django #Since it needs to use the django imagestream. - replicas: 1 resources: requests: - cpu: 50m - memory: 256Mi + cpu: 20m + memory: 150Mi limits: - cpu: 150m - memory: 512Mi + cpu: 250m + memory: 200Mi env: - postgresSecret: test-drivebc-pguser-test-drivebc #By default this should be correct for Dev - djangoConfigMap: test-drivebc-django #By default this should be correct for Dev - djangoSecret: test-drivebc-django #By default this should be correct for dev + postgresSecret: test-drivebc-pguser-test-drivebc + djangoConfigMap: test-drivebc-django + djangoSecret: test-drivebc-django image-caching: fullnameOverride: test-image-caching - namespace: c59ecc-dev #enter the full namespace here to the deployment has the correct imagestream - environment: test #enter the environment this is being deployed too. Needed to set the configmap reference + nameOverride: test-image-caching + replicaCount: 1 + image: + repository: ghcr.io/bcgov/drivebc-image-caching + tag: latest-test deployment: - replicas: 1 resources: requests: - cpu: 50m - memory: 64Mi + cpu: 20m + memory: 50Mi limits: - cpu: 150m - memory: 128Mi + cpu: 250m + memory: 100Mi + env: + imagecachingConfigMap: test-drivebc-image-caching + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 2 + targetCPUUtilizationPercentage: 75 route: - host: test-drivebc.apps.silver.devops.gov.bc.ca - iprestricted: false #Set to true if you want to limit IP's the the addresses in the ipallowlist below - ipallowlist: - webcamPath: /webcam/ - replayTheDayPath: /ReplayTheDay/ - + host: test-drivebc.apps.gold.devops.gov.bc.ca + iprestricted: false #Set to true if you want to limit IP's the the addresses in the ipallowlist redis: fullnameOverride: test-redis - namespace: c59ecc-dev #enter the full namespace here to the deployment has the correct imagestream + nameOverride: test-redis + replicaCount: 1 + image: + repository: ghcr.io/bcgov/drivebc-redis + tag: latest-test deployment: - replicas: 1 resources: requests: - cpu: 50m - memory: 64Mi + cpu: 20m + memory: 50Mi limits: - cpu: 150m - memory: 128Mi + cpu: 100m + memory: 100Mi static: fullnameOverride: test-static - namespace: c59ecc-dev #enter the full namespace here to the deployment has the correct imagestream - + nameOverride: test-static + replicaCount: 1 + image: + repository: ghcr.io/bcgov/drivebc-static + tag: latest-test deployment: - replicas: 1 resources: requests: - cpu: 50m - memory: 64Mi + cpu: 20m + memory: 50Mi limits: cpu: 150m - memory: 128Mi - + memory: 100Mi + env: + staticConfigMap: test-drivebc-static + staticSecret: test-drivebc-static + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 2 + targetCPUUtilizationPercentage: 75 route: - host: test-drivebc.apps.silver.devops.gov.bc.ca - iprestricted: false #Set to true if you want to limit IP's the the addresses in the ipallowlist below - ipallowlist: + host: test-drivebc.apps.gold.devops.gov.bc.ca + iprestricted: false #Set to true if you want to limit IP's the the addresses in the ipallowlist diff --git a/infrastructure/main/values-uat.yaml b/infrastructure/main/values-uat.yaml index 4df46e62d..fe4ad729c 100644 --- a/infrastructure/main/values-uat.yaml +++ b/infrastructure/main/values-uat.yaml @@ -1,104 +1,123 @@ -# See https://helm.sh/docs/chart_template_guide/subcharts_and_globals/#global-chart-values -global: - licensePlate: c59ecc - namespace: test - nameOverride: uat-drivebc fullnameOverride: uat-drivebc - django: fullnameOverride: uat-django - namespace: c59ecc-test #The namespace you are running the application on. This is used to pull from the ImageStream + nameOverride: uat-django + replicaCount: 3 + image: + repository: ghcr.io/bcgov/drivebc-django + tag: latest-uat deployment: - replicas: 2 resources: requests: cpu: 50m - memory: 256Mi + memory: 250Mi limits: - cpu: 150m - memory: 512Mi + cpu: 1000m + memory: 350Mi env: - postgresSecret: uat-drivebc-pguser-uat-drivebc #By default this should be correct for Dev - djangoConfigMap: uat-drivebc-django #By default this should be correct for Dev - djangoSecret: uat-drivebc-django #By default this should be correct for dev + postgresSecret: uat-drivebc-pguser-uat-drivebc + djangoConfigMap: uat-drivebc-django + djangoSecret: uat-drivebc-django + autoscaling: + enabled: true + minReplicas: 3 + maxReplicas: 5 + targetCPUUtilizationPercentage: 75 route: - host: uat-drivebc.apps.silver.devops.gov.bc.ca - iprestricted: true #Set to true if you want to limit IP's the the addresses in the ipallowlist below - ipallowlist: 142.34.53.0/24 142.22.0.0/15 142.24.0.0/13 142.32.0.0/13 208.181.128.46/32 #The first 4 ranges are GOV IP's, the last one is for OXD external IP + host: uat-drivebc.apps.gold.devops.gov.bc.ca + iprestricted: true #Set to true if you want to limit IP's that can access publicly available pages to the the addresses in the ipallowlist + iprestrictedAdminPages: true #Set to true if you want to limit IP's that can access backend admin pages pvc: port: 3000 storage: 1Gi - tasks: fullnameOverride: uat-tasks - namespace: c59ecc-test #enter the full namespace here to the deployment has the correct imagestream + nameOverride: uat-tasks + replicaCount: 1 + image: + repository: ghcr.io/bcgov/drivebc-django + tag: latest-uat deployment: - djangoImageName: uat-django #Since it needs to use the django imagestream. - replicas: 1 resources: requests: - cpu: 50m - memory: 256Mi + cpu: 75m + memory: 150Mi limits: - cpu: 150m - memory: 512Mi + cpu: 250m + memory: 200Mi env: - postgresSecret: uat-drivebc-pguser-uat-drivebc #By default this should be correct for Dev - djangoConfigMap: uat-drivebc-django #By default this should be correct for Dev - djangoSecret: uat-drivebc-django #By default this should be correct for dev + postgresSecret: uat-drivebc-pguser-uat-drivebc + djangoConfigMap: uat-drivebc-django + djangoSecret: uat-drivebc-django image-caching: fullnameOverride: uat-image-caching - namespace: c59ecc-test #enter the full namespace here to the deployment has the correct imagestream - environment: uat #enter the environment this is being deployed too. Needed to set the configmap reference + nameOverride: uat-image-caching + replicaCount: 3 + image: + repository: ghcr.io/bcgov/drivebc-image-caching + tag: latest-uat deployment: - replicas: 2 resources: requests: cpu: 50m - memory: 64Mi + memory: 50Mi limits: - cpu: 150m - memory: 128Mi + cpu: 250m + memory: 100Mi + env: + imagecachingConfigMap: uat-drivebc-image-caching + autoscaling: + enabled: true + minReplicas: 3 + maxReplicas: 5 + targetCPUUtilizationPercentage: 75 route: - host: uat-drivebc.apps.silver.devops.gov.bc.ca - iprestricted: true #Set to true if you want to limit IP's the the addresses in the ipallowlist below - ipallowlist: 142.34.53.0/24 142.22.0.0/15 142.24.0.0/13 142.32.0.0/13 208.181.128.46/32 #The first 4 ranges are GOV IP's, the last one is for OXD external IP - webcamPath: /webcam/ - replayTheDayPath: /ReplayTheDay/ - + host: uat-drivebc.apps.gold.devops.gov.bc.ca + iprestricted: true #Set to true if you want to limit IP's the the addresses in the ipallowlist redis: fullnameOverride: uat-redis - namespace: c59ecc-test #enter the full namespace here to the deployment has the correct imagestream + nameOverride: uat-redis + replicaCount: 1 + image: + repository: ghcr.io/bcgov/drivebc-redis + tag: latest-uat deployment: - replicas: 1 resources: requests: cpu: 50m - memory: 64Mi + memory: 50Mi limits: - cpu: 150m - memory: 128Mi + cpu: 100m + memory: 100Mi static: fullnameOverride: uat-static - namespace: c59ecc-test #enter the full namespace here to the deployment has the correct imagestream - + nameOverride: uat-static + replicaCount: 3 + image: + repository: ghcr.io/bcgov/drivebc-static + tag: latest-uat deployment: - replicas: 2 resources: requests: cpu: 50m - memory: 64Mi + memory: 50Mi limits: cpu: 150m - memory: 128Mi - + memory: 100Mi + env: + staticConfigMap: uat-drivebc-static + staticSecret: uat-drivebc-static + autoscaling: + enabled: true + minReplicas: 3 + maxReplicas: 5 + targetCPUUtilizationPercentage: 75 route: - host: uat-drivebc.apps.silver.devops.gov.bc.ca - iprestricted: true #Set to true if you want to limit IP's the the addresses in the ipallowlist below - ipallowlist: 142.34.53.0/24 142.22.0.0/15 142.24.0.0/13 142.32.0.0/13 208.181.128.46/32 #The first 4 ranges are GOV IP's, the last one is for OXD external IP + host: uat-drivebc.apps.gold.devops.gov.bc.ca + iprestricted: true #Set to true if you want to limit IP's the the addresses in the ipallowlist diff --git a/infrastructure/main/values.yaml b/infrastructure/main/values.yaml index f07b4a684..a90a887f5 100644 --- a/infrastructure/main/values.yaml +++ b/infrastructure/main/values.yaml @@ -1,100 +1,121 @@ -# See https://helm.sh/docs/chart_template_guide/subcharts_and_globals/#global-chart-values -global: - licensePlate: c59ecc - namespace: tools - nameOverride: drivebc fullnameOverride: drivebc - django: fullnameOverride: django - namespace: c59ecc-tools #The namespace you are running the application on. This is used to pull from the ImageStream + nameOverride: django + replicaCount: 1 + image: + repository: ghcr.io/bcgov/drivebc-django + tag: latest deployment: - replicas: 1 resources: requests: cpu: 50m - memory: 256Mi + memory: 250Mi limits: - cpu: 150m - memory: 512Mi + cpu: 500m + memory: 350Mi env: - postgresSecret: drivebc-pguser-drivebc #By default this should be correct for Dev - djangoConfigMap: drivebc-django #By default this should be correct for Dev - djangoSecret: drivebc-django #By default this should be correct for dev + postgresSecret: drivebc-pguser-drivebc + djangoConfigMap: drivebc-django + djangoSecret: drivebc-django + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 2 + targetCPUUtilizationPercentage: 75 route: - host: drivebc.apps.silver.devops.gov.bc.ca - govonly: true #Set to true so limited access is limited to gov IP's only. False for public access + host: drivebc.apps.gold.devops.gov.bc.ca + iprestricted: false #Set to true if you want to limit IP's the the addresses in the ipallowlist pvc: port: 3000 storage: 1Gi - tasks: fullnameOverride: tasks - namespace: c59ecc-tools #enter the full namespace here to the deployment has the correct imagestream + nameOverride: tasks + replicaCount: 1 + image: + repository: ghcr.io/bcgov/drivebc-django + tag: latest deployment: - djangoImageName: django #Since it needs to use the django imagestream. - replicas: 1 resources: requests: - cpu: 50m - memory: 256Mi + cpu: 75m + memory: 150Mi limits: - cpu: 150m - memory: 512Mi + cpu: 250m + memory: 200Mi env: - postgresSecret: drivebc-pguser-drivebc #By default this should be correct for Dev - djangoConfigMap: drivebc-django #By default this should be correct for Dev - djangoSecret: drivebc-django #By default this should be correct for dev + postgresSecret: drivebc-pguser-drivebc + djangoConfigMap: drivebc-django + djangoSecret: drivebc-django image-caching: fullnameOverride: image-caching - namespace: c59ecc-tools #enter the full namespace here to the deployment has the correct imagestream - environment: dev #enter the environment this is being deployed too. Needed to set the configmap reference + nameOverride: image-caching + replicaCount: 1 + image: + repository: ghcr.io/bcgov/drivebc-image-caching + tag: latest deployment: - replicas: 1 resources: requests: cpu: 50m - memory: 64Mi + memory: 50Mi limits: - cpu: 150m - memory: 128Mi + cpu: 250m + memory: 100Mi + env: + imagecachingConfigMap: drivebc-image-caching + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 2 + targetCPUUtilizationPercentage: 75 route: - host: drivebc.apps.silver.devops.gov.bc.ca - govonly: true #Set to true so limited access is limited to gov IP's only. False for public access - webcamPath: /webcam/ - replayTheDayPath: /ReplayTheDay/ + host: drivebc.apps.gold.devops.gov.bc.ca + iprestricted: false #Set to true if you want to limit IP's the the addresses in the ipallowlist redis: fullnameOverride: redis - namespace: c59ecc-tools #enter the full namespace here to the deployment has the correct imagestream + nameOverride: redis + replicaCount: 1 + image: + repository: ghcr.io/bcgov/drivebc-redis + tag: latest deployment: - replicas: 1 resources: requests: cpu: 50m - memory: 64Mi + memory: 50Mi limits: - cpu: 150m - memory: 128Mi + cpu: 100m + memory: 100Mi static: fullnameOverride: static - namespace: c59ecc-tools #enter the full namespace here to the deployment has the correct imagestream - + nameOverride: static + replicaCount: 1 + image: + repository: ghcr.io/bcgov/drivebc-static + tag: latest deployment: - replicas: 2 resources: requests: cpu: 50m - memory: 64Mi + memory: 50Mi limits: cpu: 150m - memory: 128Mi - + memory: 100Mi + env: + staticConfigMap: drivebc-static + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 2 + targetCPUUtilizationPercentage: 75 route: - host: drivebc.apps.silver.devops.gov.bc.ca - govonly: true #Set to true so limited access is limited to gov IP's only. False for public access + host: drivebc.apps.gold.devops.gov.bc.ca + iprestricted: false #Set to true if you want to limit IP's the the addresses in the ipallowlist diff --git a/infrastructure/main/yaml/main/charts/django/templates/django-deployment.yaml b/infrastructure/main/yaml/main/charts/django/templates/django-deployment.yaml deleted file mode 100644 index 75ef59d5b..000000000 --- a/infrastructure/main/yaml/main/charts/django/templates/django-deployment.yaml +++ /dev/null @@ -1,118 +0,0 @@ ---- -# Source: main/charts/django/templates/django-deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: dev-django - labels: - helm.sh/chart: django-0.1.0 - app.kubernetes.io/name: django - app.kubernetes.io/instance: drivebc-dev - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm - annotations: - image.openshift.io/triggers: >- - [{"from":{"kind":"ImageStreamTag","name":"dev-django:latest","namespace":"c59ecc-tools"},"fieldPath":"spec.template.spec.containers[?(@.name==\"dev-django\")].image","pause":"false"}] - -spec: - replicas: 1 - selector: - matchLabels: - - app.kubernetes.io/name: django - app.kubernetes.io/instance: drivebc-dev - template: - metadata: - labels: - - app.kubernetes.io/name: django - app.kubernetes.io/instance: drivebc-dev - spec: - volumes: - - name: django-media-volume - persistentVolumeClaim: - claimName: dev-django - containers: - - resources: - limits: - cpu: 150m - memory: 512Mi - requests: - cpu: 50m - memory: 256Mi - name: dev-django - command: - - /start.sh - env: - - name: DB_HOST - valueFrom: - secretKeyRef: - name: dev-drivebc-pguser-dev-drivebc - key: host - - name: DB_PORT - valueFrom: - secretKeyRef: - name: dev-drivebc-pguser-dev-drivebc - key: port - - name: DB_USER - valueFrom: - secretKeyRef: - name: dev-drivebc-pguser-dev-drivebc - key: user - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - name: dev-drivebc-pguser-dev-drivebc - key: user - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: dev-drivebc-pguser-dev-drivebc - key: password - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: dev-drivebc-pguser-dev-drivebc - key: password - - name: DB_NAME - valueFrom: - secretKeyRef: - name: dev-drivebc-pguser-dev-drivebc - key: dbname - - name: POSTGRES_DB - valueFrom: - secretKeyRef: - name: dev-drivebc-pguser-dev-drivebc - key: dbname - - name: DRIVEBC_ROUTE_PLANNER_API_AUTH_KEY - valueFrom: - secretKeyRef: - name: dev-drivebc-django - key: DRIVEBC_ROUTE_PLANNER_API_AUTH_KEY - - name: SECRET_KEY - valueFrom: - secretKeyRef: - name: dev-drivebc-django - key: SECRET_KEY - ports: - - containerPort: 8080 - protocol: TCP - imagePullPolicy: IfNotPresent - volumeMounts: - - name: django-media-volume - mountPath: /app/media - terminationMessagePolicy: File - envFrom: - - configMapRef: - name: dev-drivebc-django - image: >- - image-registry.openshift-image-registry.svc:5000/c59ecc-tools/dev-django - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: - topologyKey: "app.kubernetes.io/instance" - labelSelector: - matchLabels: - app.kubernetes.io/name: django diff --git a/infrastructure/main/yaml/main/charts/django/templates/django-imageStream.yaml b/infrastructure/main/yaml/main/charts/django/templates/django-imageStream.yaml deleted file mode 100644 index de976b0c1..000000000 --- a/infrastructure/main/yaml/main/charts/django/templates/django-imageStream.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -# Source: main/charts/django/templates/django-imageStream.yaml -apiVersion: image.openshift.io/v1 -kind: ImageStream -metadata: - name: dev-django - labels: - helm.sh/chart: django-0.1.0 - app.kubernetes.io/name: django - app.kubernetes.io/instance: drivebc-dev - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm diff --git a/infrastructure/main/yaml/main/charts/django/templates/django-pvc.yaml b/infrastructure/main/yaml/main/charts/django/templates/django-pvc.yaml deleted file mode 100644 index f50278cb7..000000000 --- a/infrastructure/main/yaml/main/charts/django/templates/django-pvc.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- -# Source: main/charts/django/templates/django-pvc.yaml -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: dev-django - labels: - helm.sh/chart: django-0.1.0 - app.kubernetes.io/name: django - app.kubernetes.io/instance: drivebc-dev - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/infrastructure/main/yaml/main/charts/django/templates/django-route.yaml b/infrastructure/main/yaml/main/charts/django/templates/django-route.yaml deleted file mode 100644 index 9ba8d2ad6..000000000 --- a/infrastructure/main/yaml/main/charts/django/templates/django-route.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Source: main/charts/django/templates/django-route.yaml -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - name: dev-django-backend - labels: - helm.sh/chart: django-0.1.0 - app.kubernetes.io/name: django - app.kubernetes.io/instance: drivebc-dev - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm -spec: - to: - kind: Service - name: dev-django - port: - targetPort: 80-tcp - tls: - termination: edge - insecureEdgeTerminationPolicy: Redirect - wildcardPolicy: None - host: dev-drivebc-backend.apps.silver.devops.gov.bc.ca diff --git a/infrastructure/main/yaml/main/charts/django/templates/django-service.yaml b/infrastructure/main/yaml/main/charts/django/templates/django-service.yaml deleted file mode 100644 index bed1781a5..000000000 --- a/infrastructure/main/yaml/main/charts/django/templates/django-service.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Source: main/charts/django/templates/django-service.yaml -apiVersion: v1 -kind: Service -metadata: - name: dev-django - labels: - helm.sh/chart: django-0.1.0 - app.kubernetes.io/name: django - app.kubernetes.io/instance: drivebc-dev - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm -spec: - ports: - - name: 80-tcp - port: 80 - targetPort: 8000 - protocol: TCP - internalTrafficPolicy: Cluster - selector: - - app.kubernetes.io/name: django - app.kubernetes.io/instance: drivebc-dev diff --git a/infrastructure/main/yaml/main/charts/image-caching/templates/caching-deployment.yaml b/infrastructure/main/yaml/main/charts/image-caching/templates/caching-deployment.yaml deleted file mode 100644 index c8a5112ec..000000000 --- a/infrastructure/main/yaml/main/charts/image-caching/templates/caching-deployment.yaml +++ /dev/null @@ -1,59 +0,0 @@ ---- -# Source: main/charts/image-caching/templates/caching-deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: dev-image-caching - labels: - helm.sh/chart: image-caching-0.1.0 - app.kubernetes.io/name: image-caching - app.kubernetes.io/instance: drivebc-dev - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm - annotations: - image.openshift.io/triggers: >- - [{"from":{"kind":"ImageStreamTag","name":"dev-image-caching:latest","namespace":"c59ecc-tools"},"fieldPath":"spec.template.spec.containers[?(@.name==\"dev-image-caching\")].image","pause":"false"}] -spec: - replicas: 1 - selector: - matchLabels: - - app.kubernetes.io/name: image-caching - app.kubernetes.io/instance: drivebc-dev - template: - metadata: - labels: - - app.kubernetes.io/name: image-caching - app.kubernetes.io/instance: drivebc-dev - spec: - containers: - - resources: - limits: - cpu: 150m - memory: 128Mi - requests: - cpu: 50m - memory: 64Mi - env: - - name: DRIVEBC_IMAGE_API_BASE_URL - valueFrom: - configMapKeyRef: - name: dev-drivebc-django - key: DRIVEBC_IMAGE_API_BASE_URL - name: dev-image-caching - ports: - - containerPort: 8080 - protocol: TCP - imagePullPolicy: IfNotPresent - image: >- - image-registry.openshift-image-registry.svc:5000/c59ecc-tools/dev-image-caching - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: - topologyKey: "app.kubernetes.io/instance" - labelSelector: - matchLabels: - app.kubernetes.io/name: image-caching diff --git a/infrastructure/main/yaml/main/charts/image-caching/templates/caching-imageStream.yaml b/infrastructure/main/yaml/main/charts/image-caching/templates/caching-imageStream.yaml deleted file mode 100644 index 451df6c2c..000000000 --- a/infrastructure/main/yaml/main/charts/image-caching/templates/caching-imageStream.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -# Source: main/charts/image-caching/templates/caching-imageStream.yaml -apiVersion: image.openshift.io/v1 -kind: ImageStream -metadata: - name: dev-image-caching - labels: - helm.sh/chart: image-caching-0.1.0 - app.kubernetes.io/name: image-caching - app.kubernetes.io/instance: drivebc-dev - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm diff --git a/infrastructure/main/yaml/main/charts/image-caching/templates/caching-route.yaml b/infrastructure/main/yaml/main/charts/image-caching/templates/caching-route.yaml deleted file mode 100644 index 405710fb8..000000000 --- a/infrastructure/main/yaml/main/charts/image-caching/templates/caching-route.yaml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Source: main/charts/image-caching/templates/caching-route.yaml -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - name: dev-image-caching - labels: - helm.sh/chart: image-caching-0.1.0 - app.kubernetes.io/name: image-caching - app.kubernetes.io/instance: drivebc-dev - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm -spec: - to: - kind: Service - name: dev-image-caching - weight: 100 - port: - targetPort: nginx - host: dev-drivebc-image-caching.apps.silver.devops.gov.bc.ca - tls: - termination: edge diff --git a/infrastructure/main/yaml/main/charts/image-caching/templates/caching-service.yaml b/infrastructure/main/yaml/main/charts/image-caching/templates/caching-service.yaml deleted file mode 100644 index d2a5bc947..000000000 --- a/infrastructure/main/yaml/main/charts/image-caching/templates/caching-service.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Source: main/charts/image-caching/templates/caching-service.yaml -apiVersion: v1 -kind: Service -metadata: - name: dev-image-caching - labels: - helm.sh/chart: image-caching-0.1.0 - app.kubernetes.io/name: image-caching - app.kubernetes.io/instance: drivebc-dev - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm -spec: - ports: - - port: 80 - targetPort: 8080 - protocol: TCP - name: nginx - internalTrafficPolicy: Cluster - selector: - - app.kubernetes.io/name: image-caching - app.kubernetes.io/instance: drivebc-dev diff --git a/infrastructure/main/yaml/main/charts/redis/templates/redis-deployment.yaml b/infrastructure/main/yaml/main/charts/redis/templates/redis-deployment.yaml deleted file mode 100644 index 92ed15a76..000000000 --- a/infrastructure/main/yaml/main/charts/redis/templates/redis-deployment.yaml +++ /dev/null @@ -1,58 +0,0 @@ ---- -# Source: main/charts/redis/templates/redis-deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: dev-redis - labels: - helm.sh/chart: redis-0.1.0 - app.kubernetes.io/name: redis - app.kubernetes.io/instance: drivebc-dev - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm - annotations: - image.openshift.io/triggers: >- - [{"from":{"kind":"ImageStreamTag","name":"dev-redis:latest","namespace":"c59ecc-tools"},"fieldPath":"spec.template.spec.containers[?(@.name==\"dev-redis\")].image","pause":"false"}] - -spec: - replicas: 1 - selector: - matchLabels: - - app.kubernetes.io/name: redis - app.kubernetes.io/instance: drivebc-dev - template: - metadata: - labels: - app.kubernetes.io/name: redis - app.kubernetes.io/instance: drivebc-dev - spec: - volumes: - - name: redis-1 - containers: - - resources: - limits: - cpu: 150m - memory: 128Mi - requests: - cpu: 50m - memory: 64Mi - name: dev-redis - ports: - - containerPort: 6379 - protocol: TCP - imagePullPolicy: IfNotPresent - volumeMounts: - - name: redis-1 - mountPath: /data - image: >- - image-registry.openshift-image-registry.svc:5000/c59ecc-tools/dev-redis - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: - topologyKey: "app.kubernetes.io/instance" - labelSelector: - matchLabels: - app.kubernetes.io/name: redis diff --git a/infrastructure/main/yaml/main/charts/redis/templates/redis-imageStream.yaml b/infrastructure/main/yaml/main/charts/redis/templates/redis-imageStream.yaml deleted file mode 100644 index 46b909b0e..000000000 --- a/infrastructure/main/yaml/main/charts/redis/templates/redis-imageStream.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- -# Source: main/charts/redis/templates/redis-imageStream.yaml -apiVersion: image.openshift.io/v1 -kind: ImageStream -metadata: - name: dev-redis - labels: - helm.sh/chart: redis-0.1.0 - app.kubernetes.io/name: redis - app.kubernetes.io/instance: drivebc-dev - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm -spec: - tags: - - name: latest - from: - kind: DockerImage - name: redis diff --git a/infrastructure/main/yaml/main/charts/redis/templates/redis-service.yaml b/infrastructure/main/yaml/main/charts/redis/templates/redis-service.yaml deleted file mode 100644 index 78aeeb3e8..000000000 --- a/infrastructure/main/yaml/main/charts/redis/templates/redis-service.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Source: main/charts/redis/templates/redis-service.yaml -apiVersion: v1 -kind: Service -metadata: - name: dev-redis - labels: - helm.sh/chart: redis-0.1.0 - app.kubernetes.io/name: redis - app.kubernetes.io/instance: drivebc-dev - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm -spec: - ports: - - port: 6379 - targetPort: 6379 - protocol: TCP - name: 6379-tcp - internalTrafficPolicy: Cluster - selector: - - app.kubernetes.io/name: redis - app.kubernetes.io/instance: drivebc-dev diff --git a/infrastructure/main/yaml/main/charts/static/templates/static-deployment.yaml b/infrastructure/main/yaml/main/charts/static/templates/static-deployment.yaml deleted file mode 100644 index 1c6120107..000000000 --- a/infrastructure/main/yaml/main/charts/static/templates/static-deployment.yaml +++ /dev/null @@ -1,54 +0,0 @@ ---- -# Source: main/charts/static/templates/static-deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: dev-static - labels: - helm.sh/chart: static-0.1.0 - app.kubernetes.io/name: static - app.kubernetes.io/instance: drivebc-dev - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm - annotations: - image.openshift.io/triggers: >- - [{"from":{"kind":"ImageStreamTag","name":"dev-static:latest","namespace":"c59ecc-tools"},"fieldPath":"spec.template.spec.containers[?(@.name==\"dev-static\")].image","pause":"false"}] - -spec: - replicas: 2 - selector: - matchLabels: - - app.kubernetes.io/name: static - app.kubernetes.io/instance: drivebc-dev - template: - metadata: - labels: - - app.kubernetes.io/name: static - app.kubernetes.io/instance: drivebc-dev - spec: - containers: - - resources: - limits: - cpu: 150m - memory: 128Mi - requests: - cpu: 50m - memory: 64Mi - name: dev-static - ports: - - containerPort: 8080 - protocol: TCP - imagePullPolicy: IfNotPresent - image: >- - image-registry.openshift-image-registry.svc:5000/c59ecc-tools/dev-static - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: - topologyKey: "app.kubernetes.io/instance" - labelSelector: - matchLabels: - app.kubernetes.io/name: static diff --git a/infrastructure/main/yaml/main/charts/static/templates/static-imageStream.yaml b/infrastructure/main/yaml/main/charts/static/templates/static-imageStream.yaml deleted file mode 100644 index 461e03dbc..000000000 --- a/infrastructure/main/yaml/main/charts/static/templates/static-imageStream.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -# Source: main/charts/static/templates/static-imageStream.yaml -apiVersion: image.openshift.io/v1 -kind: ImageStream -metadata: - name: dev-static - labels: - helm.sh/chart: static-0.1.0 - app.kubernetes.io/name: static - app.kubernetes.io/instance: drivebc-dev - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm diff --git a/infrastructure/main/yaml/main/charts/static/templates/static-route.yaml b/infrastructure/main/yaml/main/charts/static/templates/static-route.yaml deleted file mode 100644 index 4fe886ba1..000000000 --- a/infrastructure/main/yaml/main/charts/static/templates/static-route.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Source: main/charts/static/templates/static-route.yaml -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - name: dev-static-frontend - labels: - helm.sh/chart: static-0.1.0 - app.kubernetes.io/name: static - app.kubernetes.io/instance: drivebc-dev - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm -spec: - host: dev-drivebc-frontend.apps.silver.devops.gov.bc.ca - to: - kind: Service - name: dev-static-frontend - port: - targetPort: 3000 - tls: - termination: edge - insecureEdgeTerminationPolicy: Redirect - wildcardPolicy: None diff --git a/infrastructure/main/yaml/main/charts/static/templates/static-service.yaml b/infrastructure/main/yaml/main/charts/static/templates/static-service.yaml deleted file mode 100644 index 783fa5f71..000000000 --- a/infrastructure/main/yaml/main/charts/static/templates/static-service.yaml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Source: main/charts/static/templates/static-service.yaml -apiVersion: v1 -kind: Service -metadata: - name: dev-static-frontend - labels: - helm.sh/chart: static-0.1.0 - app.kubernetes.io/name: static - app.kubernetes.io/instance: drivebc-dev - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm -spec: - ports: - - port: 80 - targetPort: 3000 - protocol: TCP - internalTrafficPolicy: Cluster - selector: - - app.kubernetes.io/name: static - app.kubernetes.io/instance: drivebc-dev diff --git a/infrastructure/main/yaml/main/charts/tasks/templates/tasks-deployment.yaml b/infrastructure/main/yaml/main/charts/tasks/templates/tasks-deployment.yaml deleted file mode 100644 index 7ee90eef2..000000000 --- a/infrastructure/main/yaml/main/charts/tasks/templates/tasks-deployment.yaml +++ /dev/null @@ -1,110 +0,0 @@ ---- -# Source: main/charts/tasks/templates/tasks-deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: dev-tasks - labels: - helm.sh/chart: tasks-0.1.0 - app.kubernetes.io/name: tasks - app.kubernetes.io/instance: drivebc-dev - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm - annotations: - image.openshift.io/triggers: >- - [{"from":{"kind":"ImageStreamTag","name":"dev-django:latest","namespace":"c59ecc-tools"},"fieldPath":"spec.template.spec.containers[?(@.name==\"dev-django\")].image","pause":"false"}] -spec: - replicas: 1 - selector: - matchLabels: - - app.kubernetes.io/name: tasks - app.kubernetes.io/instance: drivebc-dev - template: - metadata: - labels: - - app.kubernetes.io/name: tasks - app.kubernetes.io/instance: drivebc-dev - spec: - containers: - - resources: - limits: - cpu: 150m - memory: 512Mi - requests: - cpu: 50m - memory: 256Mi - name: dev-tasks - command: - - /start_tasks.sh - env: - - name: DB_HOST - valueFrom: - secretKeyRef: - name: dev-drivebc-pguser-dev-drivebc - key: host - - name: DB_PORT - valueFrom: - secretKeyRef: - name: dev-drivebc-pguser-dev-drivebc - key: port - - name: DB_USER - valueFrom: - secretKeyRef: - name: dev-drivebc-pguser-dev-drivebc - key: user - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - name: dev-drivebc-pguser-dev-drivebc - key: user - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: dev-drivebc-pguser-dev-drivebc - key: password - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: dev-drivebc-pguser-dev-drivebc - key: password - - name: DB_NAME - valueFrom: - secretKeyRef: - name: dev-drivebc-pguser-dev-drivebc - key: dbname - - name: POSTGRES_DB - valueFrom: - secretKeyRef: - name: dev-drivebc-pguser-dev-drivebc - key: dbname - - name: SECRET_KEY - valueFrom: - secretKeyRef: - name: dev-drivebc-django - key: SECRET_KEY - - name: DRIVEBC_ROUTE_PLANNER_API_AUTH_KEY - valueFrom: - secretKeyRef: - name: dev-drivebc-django - key: DRIVEBC_ROUTE_PLANNER_API_AUTH_KEY - ports: - - containerPort: 8080 - protocol: TCP - imagePullPolicy: IfNotPresent - terminationMessagePolicy: File - envFrom: - - configMapRef: - name: dev-drivebc-django - image: >- - image-registry.openshift-image-registry.svc:5000/c59ecc-tools/dev-django - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: - topologyKey: "app.kubernetes.io/instance" - labelSelector: - matchLabels: - app.kubernetes.io/name: tasks