diff --git a/.github/workflows/deploy-to-openshift-backend-prod.yml b/.github/workflows/deploy-to-openshift-backend-prod.yml index 5a6d4297..78682e43 100644 --- a/.github/workflows/deploy-to-openshift-backend-prod.yml +++ b/.github/workflows/deploy-to-openshift-backend-prod.yml @@ -111,7 +111,7 @@ jobs: oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }} oc project ${{ env.OPENSHIFT_NAMESPACE }} # Cancel any rollouts in progress - oc rollout cancel dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \ + oc rollout cancel deployment/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \ || true && echo "No rollout in progress" # Create tag for PROD env from DEV env image @@ -121,7 +121,7 @@ jobs: # Process and apply deployment template oc process \ - -f tools/openshift/backend.dc.yaml \ + -f tools/openshift/backend.deployment.yaml \ -p APP_NAME=${{ env.APP_NAME }} \ -p REPO_NAME=${{ env.REPO_NAME }} \ -p BRANCH=${{ env.BRANCH }} \ @@ -153,8 +153,8 @@ jobs: ${{ secrets.D365_API_PREFIX }} # Start rollout (if necessary) and follow it - oc rollout latest dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \ + oc rollout latest deployment/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \ || true && echo "Rollout in progress" # Get status, returns 0 if rollout is successful - oc rollout status dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} + oc rollout status deployment/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} diff --git a/.github/workflows/deploy-to-openshift-backend-qa.yml b/.github/workflows/deploy-to-openshift-backend-qa.yml index 58cb9a33..17b80455 100644 --- a/.github/workflows/deploy-to-openshift-backend-qa.yml +++ b/.github/workflows/deploy-to-openshift-backend-qa.yml @@ -111,12 +111,12 @@ jobs: oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }} oc project ${{ env.OPENSHIFT_NAMESPACE }} # Cancel any rollouts in progress - oc rollout cancel dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \ + oc rollout cancel deployment/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \ || true && echo "No rollout in progress" # Process and apply deployment template oc process \ - -f tools/openshift/backend-no-fb.dc.yaml \ + -f tools/openshift/backend-no-fb.deployment.yaml \ -p APP_NAME=${{ env.APP_NAME }} \ -p REPO_NAME=${{ env.REPO_NAME }} \ -p BRANCH=${{ env.BRANCH }} \ @@ -148,11 +148,11 @@ jobs: ${{ secrets.D365_API_PREFIX }} # Start rollout (if necessary) and follow it - oc rollout latest dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \ + oc rollout latest deployment/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \ || true && echo "Rollout in progress" # Get status, returns 0 if rollout is successful - oc rollout status dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} + oc rollout status deployment/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} - name: ZAP Scan uses: zaproxy/action-full-scan@v0.8.0 diff --git a/.github/workflows/deploy-to-openshift-backend-uat.yml b/.github/workflows/deploy-to-openshift-backend-uat.yml index 2f9140d6..1a68d334 100644 --- a/.github/workflows/deploy-to-openshift-backend-uat.yml +++ b/.github/workflows/deploy-to-openshift-backend-uat.yml @@ -111,7 +111,7 @@ jobs: oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }} oc project ${{ env.OPENSHIFT_NAMESPACE }} # Cancel any rollouts in progress - oc rollout cancel dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \ + oc rollout cancel deployment/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \ || true && echo "No rollout in progress" # Create tag for TEST env from DEV env image @@ -121,7 +121,7 @@ jobs: # Process and apply deployment template oc process \ - -f tools/openshift/backend.dc.yaml \ + -f tools/openshift/backend.deployment.yaml \ -p APP_NAME=${{ env.APP_NAME }} \ -p REPO_NAME=${{ env.REPO_NAME }} \ -p BRANCH=${{ env.BRANCH }} \ @@ -153,11 +153,11 @@ jobs: ${{ secrets.D365_API_PREFIX }} # Start rollout (if necessary) and follow it - oc rollout latest dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }}} 2> /dev/null \ + oc rollout latest deployment/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }}} 2> /dev/null \ || true && echo "Rollout in progress" # Get status, returns 0 if rollout is successful - oc rollout status dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} + oc rollout status deployment/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} - name: ZAP Scan uses: zaproxy/action-full-scan@v0.8.0 diff --git a/.github/workflows/deploy-to-openshift-frontend-prod.yml b/.github/workflows/deploy-to-openshift-frontend-prod.yml index 24a10576..15787831 100644 --- a/.github/workflows/deploy-to-openshift-frontend-prod.yml +++ b/.github/workflows/deploy-to-openshift-frontend-prod.yml @@ -116,7 +116,7 @@ jobs: oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }} oc project ${{ env.OPENSHIFT_NAMESPACE }} # Cancel any rollouts in progress - oc rollout cancel dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \ + oc rollout cancel deployment/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \ || true && echo "No rollout in progress" # Create tag for PROD env from DEV env image @@ -126,7 +126,7 @@ jobs: # Process and apply deployment template oc process \ - -f tools/openshift/frontend.dc.yaml \ + -f tools/openshift/frontend.deployment.yaml \ -p APP_NAME=${{ env.APP_NAME }} \ -p REPO_NAME=${{ env.REPO_NAME }} \ -p BRANCH=${{ env.BRANCH }} \ @@ -149,8 +149,8 @@ jobs: | oc apply -f - # Start rollout (if necessary) and follow it - oc rollout latest dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \ + oc rollout latest deployment/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \ || true && echo "Rollout in progress" # Get status, returns 0 if rollout is successful - oc rollout status dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} + oc rollout status deployment/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} diff --git a/.github/workflows/deploy-to-openshift-frontend-qa.yml b/.github/workflows/deploy-to-openshift-frontend-qa.yml index 1cf043ca..10572762 100644 --- a/.github/workflows/deploy-to-openshift-frontend-qa.yml +++ b/.github/workflows/deploy-to-openshift-frontend-qa.yml @@ -114,12 +114,12 @@ jobs: oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }} oc project ${{ env.OPENSHIFT_NAMESPACE }} # Cancel any rollouts in progress - oc rollout cancel dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \ + oc rollout cancel deployment/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \ || true && echo "No rollout in progress" # Process and apply deployment template oc process \ - -f tools/openshift/frontend.dc.yaml \ + -f tools/openshift/frontend.deployment.yaml \ -p APP_NAME=${{ env.APP_NAME }} \ -p REPO_NAME=${{ env.REPO_NAME }} \ -p BRANCH=${{ env.BRANCH }} \ @@ -142,11 +142,11 @@ jobs: | oc apply -f - # Start rollout (if necessary) and follow it - oc rollout latest dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \ + oc rollout latest deployment/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \ || true && echo "Rollout in progress" # Get status, returns 0 if rollout is successful - oc rollout status dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} + oc rollout status deployment/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} - name: ZAP Scan uses: zaproxy/action-full-scan@v0.8.0 diff --git a/.github/workflows/deploy-to-openshift-frontend-uat.yml b/.github/workflows/deploy-to-openshift-frontend-uat.yml index 462d3403..b6085dd1 100644 --- a/.github/workflows/deploy-to-openshift-frontend-uat.yml +++ b/.github/workflows/deploy-to-openshift-frontend-uat.yml @@ -116,7 +116,7 @@ jobs: oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }} oc project ${{ env.OPENSHIFT_NAMESPACE }} # Cancel any rollouts in progress - oc rollout cancel dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \ + oc rollout cancel deployment/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \ || true && echo "No rollout in progress" # Create tag for TEST env from DEV env image @@ -126,7 +126,7 @@ jobs: # Process and apply deployment template oc process \ - -f tools/openshift/frontend.dc.yaml \ + -f tools/openshift/frontend.deployment.yaml \ -p APP_NAME=${{ env.APP_NAME }} \ -p REPO_NAME=${{ env.REPO_NAME }} \ -p BRANCH=${{ env.BRANCH }} \ @@ -149,11 +149,11 @@ jobs: | oc apply -f - # Start rollout (if necessary) and follow it - oc rollout latest dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \ + oc rollout latest deployment/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \ || true && echo "Rollout in progress" # Get status, returns 0 if rollout is successful - oc rollout status dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} + oc rollout status deployment/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} - name: ZAP Scan uses: zaproxy/action-full-scan@v0.8.0 diff --git a/tools/openshift/backend.no-fb.deployment.yaml b/tools/openshift/backend.no-fb.deployment.yaml new file mode 100644 index 00000000..6b4fafc1 --- /dev/null +++ b/tools/openshift/backend.no-fb.deployment.yaml @@ -0,0 +1,190 @@ +--- +apiVersion: template.openshift.io/v1 +kind: Template +metadata: + name: "${REPO_NAME}-backend-deployment" + labels: + template: "${REPO_NAME}-template" +objects: +- apiVersion: apps/v1 + kind: Deployment + metadata: + annotations: + openshift.io/generated-by: OpenShiftNewApp + labels: + app: "${APP_NAME}-${BRANCH}" + branch: "${BRANCH}" + name: "${APP_NAME}-backend-${APP_ENVIRONMENT}" + spec: + replicas: ${{MIN_REPLICAS}} + selector: + matchLabels: + app: "${APP_NAME}-${BRANCH}" + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 25% + maxSurge: 25% + template: + metadata: + annotations: + openshift.io/generated-by: OpenShiftNewApp + labels: + app: "${APP_NAME}-${BRANCH}" + spec: + containers: + - image: image-registry.openshift-image-registry.svc:5000/${NAMESPACE}/${REPO_NAME}-backend-${BRANCH}:${TAG} + imagePullPolicy: Always + volumeMounts: + - name: tls-certs + mountPath: "/etc/tls-certs" + readOnly: true + - name: log-storage + mountPath: /logs + livenessProbe: + initialDelaySeconds: 20 + failureThreshold: 5 + httpGet: + path: "/api/health" + port: 8080 + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: "${APP_NAME}-backend-${APP_ENVIRONMENT}" + ports: + - containerPort: 8080 + protocol: TCP + - containerPort: 443 + protocol: TCP + envFrom: + - configMapRef: + name: ccof-backend-${APP_ENVIRONMENT}-config-map + readinessProbe: + initialDelaySeconds: 10 + failureThreshold: 5 + httpGet: + path: "/api/health" + port: 8080 + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: + requests: + cpu: "${MIN_CPU}" + memory: "${MIN_MEM}" + limits: + cpu: "${MAX_CPU}" + memory: "${MAX_MEM}" + volumes: + - name: log-storage + emptyDir: {} + - name: tls-certs + secret: + secretName: ccof-backend-cert + test: false +- apiVersion: v1 + kind: Service + metadata: + annotations: + service.alpha.openshift.io/serving-cert-secret-name: "ccof-backend-cert" + openshift.io/generated-by: OpenShiftNewApp + labels: + app: "${APP_NAME}-${BRANCH}" + name: "${APP_NAME}-backend-${APP_ENVIRONMENT}" + spec: + ports: + - name: 8080-tcp + port: 8080 + protocol: TCP + targetPort: 8080 + - name: 443-https + port: 443 + protocol: TCP + targetPort: 443 + selector: + app: "${APP_NAME}-${BRANCH}" +- apiVersion: v1 + kind: Route + metadata: + annotations: + haproxy.router.openshift.io/rate-limit-connections: 'true' + haproxy.router.openshift.io/rate-limit-connections.concurrent-tcp: '10' + haproxy.router.openshift.io/rate-limit-connections.rate-http: '50' + haproxy.router.openshift.io/timeout: 120s + openshift.io/host.generated: 'true' + labels: + app: "${APP_NAME}-${BRANCH}" + name: "${APP_NAME}-backend-${APP_ENVIRONMENT}" + spec: + host: "${HOST_ROUTE}" + path: /api + port: + targetPort: 8080-tcp + tls: + insecureEdgeTerminationPolicy: Redirect + termination: edge + to: + kind: Service + name: "${APP_NAME}-backend-${APP_ENVIRONMENT}" + weight: 100 + wildcardPolicy: None +- apiVersion: autoscaling/v2 + kind: HorizontalPodAutoscaler + metadata: + name: "${APP_NAME}-backend-${APP_ENVIRONMENT}-cpu-autoscaler" + spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: "${APP_NAME}-backend-${APP_ENVIRONMENT}" + minReplicas: ${{MIN_REPLICAS}} + maxReplicas: ${{MAX_REPLICAS}} + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 90 +parameters: +- name: REPO_NAME + description: Application repository name + required: true +- name: BRANCH + description: Job identifier (i.e. 'pr-5' OR 'master') + required: true +- name: NAMESPACE + description: Target namespace reference (i.e. 'k8vopl-dev') + required: true +- name: APP_NAME + description: Application name + required: true +- name: HOST_ROUTE + description: The host the route will use to expose service outside cluster + required: true +- name: TAG + description: The identifying tag for this specific deployment + required: true +- name: MIN_REPLICAS + description: The minimum amount of replicas + required: true +- name: MAX_REPLICAS + description: The maximum amount of replicas + required: true +- name: MIN_CPU + description: The minimum amount of cpu + required: true +- name: MAX_CPU + description: The maximum amount of cpu + required: true +- name: MIN_MEM + description: The minimum amount of memory + required: true +- name: MAX_MEM + description: The maximum amount of memory + required: true +- name: APP_ENVIRONMENT + description: The environment being created ('dev', 'qa', 'uat', 'prod') + required: true