From f7af42a3a3ff9fb872c668f03c10f922156b70ce Mon Sep 17 00:00:00 2001 From: Guy Lafleur Date: Thu, 21 Jan 2021 16:57:24 -0800 Subject: [PATCH] Remove helm chart * moving the helm charts to a separate repository * modified the gha to refer to the remote helm charts * updated the prod action so that it uses the correct image pull secrets --- .github/workflows/deploy_dev.yaml | 5 +- .github/workflows/deploy_prod.yaml | 9 +- helm-charts/.helmignore | 23 ------ helm-charts/Chart.yaml | 23 ------ helm-charts/templates/NOTES.txt | 21 ----- helm-charts/templates/_helpers.tpl | 71 ---------------- .../templates/smk-app-deploymentConfig.yaml | 82 ------------------- .../templates/smk-app-gwaroutes-nsp.yaml | 12 --- .../templates/smk-app-imagepullsecret.yaml | 11 --- helm-charts/templates/smk-app-route.yaml | 19 ----- helm-charts/templates/smk-app-service.yaml | 24 ------ helm-charts/templates/smk-app-web-nsp.yaml | 13 --- .../templates/tests/test-connection.yaml | 15 ---- helm-charts/values.yaml | 50 ----------- 14 files changed, 10 insertions(+), 368 deletions(-) delete mode 100644 helm-charts/.helmignore delete mode 100644 helm-charts/Chart.yaml delete mode 100644 helm-charts/templates/NOTES.txt delete mode 100644 helm-charts/templates/_helpers.tpl delete mode 100644 helm-charts/templates/smk-app-deploymentConfig.yaml delete mode 100644 helm-charts/templates/smk-app-gwaroutes-nsp.yaml delete mode 100644 helm-charts/templates/smk-app-imagepullsecret.yaml delete mode 100644 helm-charts/templates/smk-app-route.yaml delete mode 100644 helm-charts/templates/smk-app-service.yaml delete mode 100644 helm-charts/templates/smk-app-web-nsp.yaml delete mode 100644 helm-charts/templates/tests/test-connection.yaml delete mode 100644 helm-charts/values.yaml diff --git a/.github/workflows/deploy_dev.yaml b/.github/workflows/deploy_dev.yaml index 39d6788..f0e6544 100644 --- a/.github/workflows/deploy_dev.yaml +++ b/.github/workflows/deploy_dev.yaml @@ -133,8 +133,9 @@ jobs: # - helm chart creates the image pull secret # - tries to use it with the service account # - service account hasn't been granted access - - helm upgrade $REPONAME ./helm-charts --install \ + # helm upgrade $REPONAME ./helm-charts --install \ + helm repo add smk-helms https://bcgov.github.io/smk-helms/ + helm upgrade $REPONAME smk-helms/smk-app-deploy --install \ --set app_name=$REPONAME \ --set env=dev \ --set app_image_pull_secret_params.email=$EMAIL \ diff --git a/.github/workflows/deploy_prod.yaml b/.github/workflows/deploy_prod.yaml index 2863016..d77f9a7 100644 --- a/.github/workflows/deploy_prod.yaml +++ b/.github/workflows/deploy_prod.yaml @@ -146,12 +146,17 @@ jobs: DOCKER_VERSION_TAG=${{ steps.retrieveimagetag.outputs.DOCKER_VERSION_TAG }} IMAGE_REGISTRY=${{ steps.retrieveimagetag.outputs.IMAGE_REGISTRY }} REPONAME=${{ steps.retrieveimagetag.outputs.REPONAME }} + IMAGE_PULL_SECRET_NAME=${REPONAME}-image-pull-secret # extract deploy name from the template - helm upgrade $REPONAME ./helm-charts --install \ + #helm upgrade $REPONAME ./helm-charts --install \ + helm repo add smk-helms https://bcgov.github.io/smk-helms/ + helm upgrade $REPONAME smk-helms/smk-app-deploy --install \ --set app_name=$REPONAME \ --set env=prd \ - --set app_image_pull_secret_params.name=github-imagepull-secrets \ + --set app_image_pull_secret_params.email=$EMAIL \ + --set app_image_pull_secret_params.password=$GHCR_TOKEN \ + --set app_image_pull_secret_params.name=$IMAGE_PULL_SECRET_NAME \ --set app_image_pull_secret_params.imagetag=$DOCKER_VERSION_TAG \ --set app_image_pull_secret_params.registry=$IMAGE_REGISTRY diff --git a/helm-charts/.helmignore b/helm-charts/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/helm-charts/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/helm-charts/Chart.yaml b/helm-charts/Chart.yaml deleted file mode 100644 index fff9231..0000000 --- a/helm-charts/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v2 -name: helm-charts -description: A Helm chart for Kubernetes - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -appVersion: 1.16.0 diff --git a/helm-charts/templates/NOTES.txt b/helm-charts/templates/NOTES.txt deleted file mode 100644 index 857406d..0000000 --- a/helm-charts/templates/NOTES.txt +++ /dev/null @@ -1,21 +0,0 @@ -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "helm-charts.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "helm-charts.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "helm-charts.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "helm-charts.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80 -{{- end }} diff --git a/helm-charts/templates/_helpers.tpl b/helm-charts/templates/_helpers.tpl deleted file mode 100644 index c42e213..0000000 --- a/helm-charts/templates/_helpers.tpl +++ /dev/null @@ -1,71 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "helm-charts.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "helm-charts.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "helm-charts.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "helm-charts.labels" -}} -helm.sh/chart: {{ include "helm-charts.chart" . }} -{{ include "helm-charts.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "helm-charts.selectorLabels" -}} -app.kubernetes.io/name: {{ include "helm-charts.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "helm-charts.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "helm-charts.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* -create image pull secrets for backup image github access -*/}} -{{- define "helm-charts.app_image_pull_secret_params" }} -{{- with .Values.app_image_pull_secret_params }} -{{- printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}" .registry .username .password .email (printf "%s:%s" .username .password | b64enc) | b64enc }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/helm-charts/templates/smk-app-deploymentConfig.yaml b/helm-charts/templates/smk-app-deploymentConfig.yaml deleted file mode 100644 index 34edafa..0000000 --- a/helm-charts/templates/smk-app-deploymentConfig.yaml +++ /dev/null @@ -1,82 +0,0 @@ -kind: "DeploymentConfig" -apiVersion: apps.openshift.io/v1 -metadata: - annotations: - openshift.io/generated-by: OpenShiftNewApp - generation: 4 - labels: - app: {{ .Values.app_name }} - role: {{ .Values.web_role }} - name: {{ .Values.app_name }}-dc - env: {{ .Values.env }} - - name: {{ .Values.app_name }}-dc -spec: - replicas: 2 - revisionHistoryLimit: 10 - selector: - deploymentconfig: {{ .Values.app_name }}-dc - app: {{ .Values.app_name }} - env: {{ .Values.env }} - strategy: - activeDeadlineSeconds: 21600 - resources: {} - rollingParams: - intervalSeconds: 1 - maxSurge: 25% - maxUnavailable: 25% - timeoutSeconds: 600 - updatePeriodSeconds: 1 - type: Rolling - template: - metadata: - annotations: - openshift.io/generated-by: OpenShiftNewApp - labels: - role: {{ .Values.web_role }} - app: {{ .Values.app_name }} - env: {{ .Values.env }} - deploymentconfig: {{ .Values.app_name }}-dc - spec: - imagePullSecrets: - - name: {{ .Values.app_image_pull_secret_params.name }} - containers: - - image: "{{ .Values.app_image_pull_secret_params.registry }}:{{ .Values.app_image_pull_secret_params.imagetag }}" - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: / - port: {{ .Values.app_port }} - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 7 - - name: {{ .Values.app_name }} - ports: - - containerPort: {{ .Values.app_port }} - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: / - port: {{ .Values.app_port }} - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 7 - resources: {} - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: {} - terminationGracePeriodSeconds: 30 - test: false - triggers: - - type: ConfigChange \ No newline at end of file diff --git a/helm-charts/templates/smk-app-gwaroutes-nsp.yaml b/helm-charts/templates/smk-app-gwaroutes-nsp.yaml deleted file mode 100644 index 1cab964..0000000 --- a/helm-charts/templates/smk-app-gwaroutes-nsp.yaml +++ /dev/null @@ -1,12 +0,0 @@ -kind: NetworkSecurityPolicy -apiVersion: security.devops.gov.bc.ca/v1alpha1 -metadata: - name: {{ .Values.kong_config.aps_nsp_name }} -spec: - description: | - allow aps gateway to route traffic to your api - source: - - - $namespace={{ .Values.kong_config.kong_test_project_name }} - - - $namespace={{ .Values.kong_config.kong_prod_project_name }} - destination: - - - app={{ .Values.app_name }} diff --git a/helm-charts/templates/smk-app-imagepullsecret.yaml b/helm-charts/templates/smk-app-imagepullsecret.yaml deleted file mode 100644 index cd858b7..0000000 --- a/helm-charts/templates/smk-app-imagepullsecret.yaml +++ /dev/null @@ -1,11 +0,0 @@ -kind: Secret -apiVersion: v1 -type: kubernetes.io/dockerconfigjson -metadata: - name: {{ .Values.app_image_pull_secret_params.name }} - labels: - app: {{ .Values.app_name }} - env: {{ .Values.env }} - name: {{ .Values.app_image_pull_secret_params.name }} -data: - .dockerconfigjson: {{ template "helm-charts.app_image_pull_secret_params" . }} diff --git a/helm-charts/templates/smk-app-route.yaml b/helm-charts/templates/smk-app-route.yaml deleted file mode 100644 index 3bfcb67..0000000 --- a/helm-charts/templates/smk-app-route.yaml +++ /dev/null @@ -1,19 +0,0 @@ -kind: Route -apiVersion: route.openshift.io/v1 -metadata: - labels: - app: {{ .Values.app_name }} - env: {{ .Values.env }} - role: {{ .Values.web_role }} - name: {{ .Values.app_name }}-rt - name: {{ .Values.app_name }}-rt -spec: - port: - targetPort: {{ .Values.app_port }}-tcp - tls: - termination: edge - to: - kind: Service - name: {{ .Values.app_name }}-svc - weight: 100 - wildcardPolicy: None diff --git a/helm-charts/templates/smk-app-service.yaml b/helm-charts/templates/smk-app-service.yaml deleted file mode 100644 index 9973bc6..0000000 --- a/helm-charts/templates/smk-app-service.yaml +++ /dev/null @@ -1,24 +0,0 @@ -kind: "Service" -apiVersion: "v1" -metadata: - annotations: - openshift.io/generated-by: OpenShiftNewApp - labels: - app: {{ .Values.app_name }} - role: {{ .Values.web_role }} - deploymentconfig: {{ .Values.app_name }}-dc - service: {{ .Values.app_name }}-svc - env: {{ .Values.env }} - name: {{ .Values.app_name }}-svc -spec: - ports: - - name: {{ .Values.app_port }}-tcp - port: {{ .Values.app_port }} - protocol: TCP - targetPort: {{ .Values.app_port }} - selector: - deploymentconfig: {{ .Values.app_name }}-dc - role: {{ .Values.web_role }} - app: {{ .Values.app_name }} - env: {{ .Values.env }} - sessionAffinity: None \ No newline at end of file diff --git a/helm-charts/templates/smk-app-web-nsp.yaml b/helm-charts/templates/smk-app-web-nsp.yaml deleted file mode 100644 index 4a612aa..0000000 --- a/helm-charts/templates/smk-app-web-nsp.yaml +++ /dev/null @@ -1,13 +0,0 @@ -kind: NetworkSecurityPolicy -apiVersion: security.devops.gov.bc.ca/v1alpha1 -metadata: - name: {{ .Values.app_name }}-external-ingress -spec: - description: | - Allow the frontend (web) to receive connections from the Internet. - source: - - - ext:network=any - destination: - - - app={{ .Values.app_name }} - - role={{ .Values.web_role }} - - env={{ .Values.env }} \ No newline at end of file diff --git a/helm-charts/templates/tests/test-connection.yaml b/helm-charts/templates/tests/test-connection.yaml deleted file mode 100644 index 0528f4b..0000000 --- a/helm-charts/templates/tests/test-connection.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "helm-charts.fullname" . }}-test-connection" - labels: - {{- include "helm-charts.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test-success -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "helm-charts.fullname" . }}:{{ .Values.service.port }}'] - restartPolicy: Never diff --git a/helm-charts/values.yaml b/helm-charts/values.yaml deleted file mode 100644 index 7efc219..0000000 --- a/helm-charts/values.yaml +++ /dev/null @@ -1,50 +0,0 @@ -# Default values for helm-charts. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. -service: - type: ClusterIP - port: 80 - -ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: [] - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -# should get overridden with the specific smk app name -app_name: smkapp - -# label for role, used for building nsps -web_role: web -env: dev - -app_port: 8888 - -# Values that should be overriden: -# email, username, password, registry, imagetag -# these are my passwords, please don't share - -# Used by gha to pass the issue url to different gha jobs / stages -github_issues_configmap: - name: github-issues-configmap - issue_url: None - github_event_path: None - -kong_config: - kong_test_project_name: 264e6f-test - kong_prod_project_name: 264e6f-prod - aps_nsp_name: smk-apps - -app_image_pull_secret_params: - name: dummy-image-pull-secret-name - registry: path.to.a.github.docker.package.registry - imagetag: image.tag - email: email.associated.with.registry - password: password.used.to.access.registry