diff --git a/.github/workflows/deploy-to.openshift-dev.yml b/.github/workflows/deploy-to.openshift-dev.yml index e8aa5e4..ca89e88 100644 --- a/.github/workflows/deploy-to.openshift-dev.yml +++ b/.github/workflows/deploy-to.openshift-dev.yml @@ -1,7 +1,7 @@ name: Build & Deploy to DEV env: - # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context. + # EDIT your repository secrets to log into your OpenShift cluster and set up the context. # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values. # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} @@ -13,13 +13,13 @@ env: DB_USER: ${{ secrets.DB_USER }} SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }} - # 🖊️ EDIT to change the image registry settings. + # EDIT to change the image registry settings. # Registries such as GHCR, Quay.io, and Docker Hub are supported. IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} IMAGE_REGISTRY_USER: ${{ github.actor }} IMAGE_REGISTRY_PASSWORD: ${{ github.token }} - # 🖊️ EDIT to specify custom tags for the container image, or default tags will be generated below. + # EDIT to specify custom tags for the container image, or default tags will be generated below. IMAGE_TAGS: "" SPRING_BOOT_IMAGE_NAME: digitalid-api-master @@ -28,7 +28,7 @@ env: APP_NAME: 'digitalid-api' REPO_NAME: "educ-digitalid-api" - BRANCH: "master" + BRANCH: ${{ github.ref_name }} APP_NAME_FULL: "digitalid-api-master" NAMESPACE: ${{ secrets.COMMON_NAMESPACE_NO_ENV }} COMMON_NAMESPACE: ${{ secrets.COMMON_NAMESPACE_NO_ENV }} @@ -78,18 +78,18 @@ jobs: core.error(`Secret "${name}" is not set`); return true; } - core.info(`✔️ Secret "${name}" is set`); + core.info(`Secret "${name}" is set`); return false; }); if (missingSecrets.length > 0) { - core.setFailed(`❌ At least one required secret is not set in the repository. \n` + + core.setFailed(`At least one required secret is not set in the repository. \n` + "You can add it using:\n" + "GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" + "GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" + "Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example"); } else { - core.info(`✅ All the required secrets are set`); + core.info(`All the required secrets are set`); } - name: Check out repository uses: actions/checkout@v4 @@ -142,27 +142,50 @@ jobs: - name: Deploy API run: | set -eu + # Login to OpenShift and select project oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }} oc project ${{ env.OPENSHIFT_NAMESPACE_DEV }} + # Cancel any rollouts in progress - oc rollout cancel dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ - || true && echo "No rollout in progress" - - oc tag ${{ steps.push-image.outputs.registry-path }} ${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ env.TAG }} - + oc rollout cancel deployment/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ + || true && echo "No rollout in progress" + + oc tag ${{ steps.push-image.outputs.registry-path }} \ + ${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ env.TAG }} + # Process and apply deployment template - oc process -f tools/openshift/api.dc.yaml -p APP_NAME=${{ env.APP_NAME }} -p REPO_NAME=${{ env.REPO_NAME }} -p BRANCH=${{ env.BRANCH }} -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE_DEV }} -p TAG=${{ env.TAG }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS_DEV }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS_DEV }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} \ - | oc apply -f - - - curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/master/tools/config/update-configmap.sh | bash /dev/stdin dev ${{ env.APP_NAME }} ${{ env.NAMESPACE }} ${{ env.COMMON_NAMESPACE }} ${{ env.DB_JDBC_CONNECT_STRING }} ${{ env.DB_PWD }} ${{ env.DB_USER }} ${{ env.SPLUNK_TOKEN }} - + oc process -f tools/openshift/api.deployment.yaml \ + -p APP_NAME=${{ env.APP_NAME }} \ + -p REPO_NAME=${{ env.REPO_NAME }} \ + -p BRANCH=${{ env.BRANCH }} \ + -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE_DEV }} \ + -p TAG=${{ env.TAG }} \ + -p MIN_REPLICAS=${{ env.MIN_REPLICAS_DEV }} \ + -p MAX_REPLICAS=${{ env.MAX_REPLICAS_DEV }} \ + -p MIN_CPU=${{ env.MIN_CPU }} \ + -p MAX_CPU=${{ env.MAX_CPU }} \ + -p MIN_MEM=${{ env.MIN_MEM }} \ + -p MAX_MEM=${{ env.MAX_MEM }} \ + | oc apply -f - + + curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap.sh | bash /dev/stdin dev \ + ${{ env.APP_NAME }} \ + ${{ env.NAMESPACE }} \ + ${{ env.DB_JDBC_CONNECT_STRING }} \ + ${{ env.DB_PWD }} \ + ${{ env.DB_USER }} \ + ${{ env.SPLUNK_TOKEN }} \ + ${{ env.BRANCH }} + # Start rollout (if necessary) and follow it - oc rollout latest dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ - || true && echo "Rollout in progress" - oc logs -f dc/${{ env.SPRING_BOOT_IMAGE_NAME }} + oc rollout restart deployment/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ + || true && echo "Rollout in progress" + + oc logs -f deployment/${{ env.SPRING_BOOT_IMAGE_NAME }} + # Get status, returns 0 if rollout is successful - oc rollout status dc/${{ env.SPRING_BOOT_IMAGE_NAME }} + oc rollout status deployment/${{ env.SPRING_BOOT_IMAGE_NAME }} - name: ZAP Scan uses: zaproxy/action-api-scan@v0.8.0 with: diff --git a/.github/workflows/deploy-to.openshift-prod.yml b/.github/workflows/deploy-to.openshift-prod.yml index 2a8afef..7fef3f2 100644 --- a/.github/workflows/deploy-to.openshift-prod.yml +++ b/.github/workflows/deploy-to.openshift-prod.yml @@ -1,7 +1,7 @@ name: Deploy to PROD env: - # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context. + # EDIT your repository secrets to log into your OpenShift cluster and set up the context. # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values. # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions # Added this comment @@ -14,7 +14,7 @@ env: DB_USER: ${{ secrets.DB_USER }} SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }} - # 🖊️ EDIT to change the image registry settings. + # EDIT to change the image registry settings. # Registries such as GHCR, Quay.io, and Docker Hub are supported. IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} IMAGE_REGISTRY_USER: ${{ github.actor }} @@ -24,7 +24,7 @@ env: APP_NAME: 'digitalid-api' REPO_NAME: "educ-digitalid-api" - BRANCH: "master" + BRANCH: ${{ github.ref_name }} NAMESPACE: ${{ secrets.COMMON_NAMESPACE_NO_ENV }} COMMON_NAMESPACE: ${{ secrets.COMMON_NAMESPACE_NO_ENV }} TAG: "latest" @@ -74,19 +74,19 @@ jobs: core.error(`Secret "${name}" is not set`); return true; } - core.info(`✔️ Secret "${name}" is set`); + core.info(`Secret "${name}" is set`); return false; }); if (missingSecrets.length > 0) { - core.setFailed(`❌ At least one required secret is not set in the repository. \n` + + core.setFailed(`At least one required secret is not set in the repository. \n` + "You can add it using:\n" + "GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" + "GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" + "Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example"); } else { - core.info(`✅ All the required secrets are set`); + core.info(`All the required secrets are set`); } - name: Check out repository @@ -107,24 +107,50 @@ jobs: - name: Deploy run: | set -eux + # Login to OpenShift and select project oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }} oc project ${{ env.OPENSHIFT_NAMESPACE }} + # Cancel any rollouts in progress - oc rollout cancel dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ - || true && echo "No rollout in progress" - - oc tag ${{ env.NAMESPACE }}-dev/${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ steps.get-latest-tag.outputs.tag }} ${{ env.NAMESPACE }}-prod/${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ steps.get-latest-tag.outputs.tag }} - + oc rollout cancel deployment/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ + || true && echo "No rollout in progress" + + oc tag \ + ${{ env.NAMESPACE }}-dev/${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ steps.get-latest-tag.outputs.tag }} \ + ${{ env.NAMESPACE }}-prod/${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ steps.get-latest-tag.outputs.tag }} + # Process and apply deployment template - oc process -f tools/openshift/api.dc.yaml -p APP_NAME=${{ env.APP_NAME }} -p REPO_NAME=${{ env.REPO_NAME }} -p BRANCH=${{ env.BRANCH }} -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p TAG=${{ steps.get-latest-tag.outputs.tag }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} \ - | oc apply -f - - - curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ steps.get-latest-tag.outputs.tag }}/tools/config/update-configmap.sh | bash /dev/stdin ${{ env.TARGET_ENV }} ${{ env.APP_NAME }} ${{ env.NAMESPACE }} ${{ env.COMMON_NAMESPACE }} ${{ env.DB_JDBC_CONNECT_STRING }} ${{ env.DB_PWD }} ${{ env.DB_USER }} ${{ env.SPLUNK_TOKEN }} - + oc process -f tools/openshift/api.deployment.yaml \ + -p APP_NAME=${{ env.APP_NAME }} \ + -p REPO_NAME=${{ env.REPO_NAME }} \ + -p BRANCH=${{ env.BRANCH }} \ + -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ + -p TAG=${{ steps.get-latest-tag.outputs.tag }} \ + -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \ + -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \ + -p MIN_CPU=${{ env.MIN_CPU }} \ + -p MAX_CPU=${{ env.MAX_CPU }} \ + -p MIN_MEM=${{ env.MIN_MEM }} \ + -p MAX_MEM=${{ env.MAX_MEM }} \ + | oc apply -f - + + curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ steps.get-latest-tag.outputs.tag }}/tools/config/update-configmap.sh \ + | bash /dev/stdin \ + ${{ env.TARGET_ENV }} \ + ${{ env.APP_NAME }} \ + ${{ env.NAMESPACE }} \ + ${{ env.DB_JDBC_CONNECT_STRING }} \ + ${{ env.DB_PWD }} \ + ${{ env.DB_USER }} \ + ${{ env.SPLUNK_TOKEN }} \ + ${{ env.BRANCH }} + # Start rollout (if necessary) and follow it - oc rollout latest dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ - || true && echo "Rollout in progress" - oc logs -f dc/${{ env.SPRING_BOOT_IMAGE_NAME }} + oc rollout restart deployment/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ + || true && echo "Rollout in progress" + + oc logs -f deployment/${{ env.SPRING_BOOT_IMAGE_NAME }} + # Get status, returns 0 if rollout is successful - oc rollout status dc/${{ env.SPRING_BOOT_IMAGE_NAME }} + oc rollout status deployment/${{ env.SPRING_BOOT_IMAGE_NAME }} diff --git a/.github/workflows/deploy-to.openshift-test.yml b/.github/workflows/deploy-to.openshift-test.yml index 0780076..e5b1b55 100644 --- a/.github/workflows/deploy-to.openshift-test.yml +++ b/.github/workflows/deploy-to.openshift-test.yml @@ -1,7 +1,7 @@ name: Build & Deploy to TEST env: - # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context. + # EDIT your repository secrets to log into your OpenShift cluster and set up the context. # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values. # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} @@ -13,13 +13,13 @@ env: DB_USER: ${{ secrets.DB_USER }} SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }} - # 🖊️ EDIT to change the image registry settings. + # EDIT to change the image registry settings. # Registries such as GHCR, Quay.io, and Docker Hub are supported. IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} IMAGE_REGISTRY_USER: ${{ github.actor }} IMAGE_REGISTRY_PASSWORD: ${{ github.token }} - # 🖊️ EDIT to specify custom tags for the container image, or default tags will be generated below. + # EDIT to specify custom tags for the container image, or default tags will be generated below. IMAGE_TAGS: "" SPRING_BOOT_IMAGE_NAME: digitalid-api-master @@ -28,7 +28,7 @@ env: APP_NAME: 'digitalid-api' REPO_NAME: "educ-digitalid-api" - BRANCH: "master" + BRANCH: ${{ github.ref_name }} APP_NAME_FULL: "digitalid-api-master" NAMESPACE: ${{ secrets.COMMON_NAMESPACE_NO_ENV }} COMMON_NAMESPACE: ${{ secrets.COMMON_NAMESPACE_NO_ENV }} @@ -84,19 +84,19 @@ jobs: core.error(`Secret "${name}" is not set`); return true; } - core.info(`✔️ Secret "${name}" is set`); + core.info(`Secret "${name}" is set`); return false; }); if (missingSecrets.length > 0) { - core.setFailed(`❌ At least one required secret is not set in the repository. \n` + + core.setFailed(`At least one required secret is not set in the repository. \n` + "You can add it using:\n" + "GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" + "GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" + "Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example"); } else { - core.info(`✅ All the required secrets are set`); + core.info(`All the required secrets are set`); } - name: Check out repository @@ -110,27 +110,52 @@ jobs: - name: Deploy API run: | set -eu + # Login to OpenShift and select project oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }} oc project ${{ env.OPENSHIFT_NAMESPACE_TEST }} + # Cancel any rollouts in progress - oc rollout cancel dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ - || true && echo "No rollout in progress" + oc rollout cancel deployment/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ + || true && echo "No rollout in progress" - oc tag ${{ env.NAMESPACE }}-dev/${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ env.TAG }} ${{ env.NAMESPACE }}-test/${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ env.TAG }} + oc tag \ + ${{ env.NAMESPACE }}-dev/${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ env.TAG }} \ + ${{ env.NAMESPACE }}-test/${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ env.TAG }} # Process and apply deployment template - oc process -f tools/openshift/api.dc.yaml -p APP_NAME=${{ env.APP_NAME }} -p REPO_NAME=${{ env.REPO_NAME }} -p BRANCH=${{ env.BRANCH }} -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE_TEST }} -p TAG=${{ env.TAG }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS_TEST }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS_TEST }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} \ - | oc apply -f - - - curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/master/tools/config/update-configmap.sh | bash /dev/stdin test ${{ env.APP_NAME }} ${{ env.NAMESPACE }} ${{ env.COMMON_NAMESPACE }} ${{ env.DB_JDBC_CONNECT_STRING }} ${{ env.DB_PWD }} ${{ env.DB_USER }} ${{ env.SPLUNK_TOKEN }} + oc process -f tools/openshift/api.deployment.yaml \ + -p APP_NAME=${{ env.APP_NAME }} \ + -p REPO_NAME=${{ env.REPO_NAME }} \ + -p BRANCH=${{ env.BRANCH }} \ + -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE_TEST }} \ + -p TAG=${{ env.TAG }} \ + -p MIN_REPLICAS=${{ env.MIN_REPLICAS_TEST }} \ + -p MAX_REPLICAS=${{ env.MAX_REPLICAS_TEST }} \ + -p MIN_CPU=${{ env.MIN_CPU }} \ + -p MAX_CPU=${{ env.MAX_CPU }} \ + -p MIN_MEM=${{ env.MIN_MEM }} \ + -p MAX_MEM=${{ env.MAX_MEM }} \ + | oc apply -f - + + curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap.sh \ + | bash /dev/stdin test \ + ${{ env.APP_NAME }} \ + ${{ env.NAMESPACE }} \ + ${{ env.DB_JDBC_CONNECT_STRING }} \ + ${{ env.DB_PWD }} \ + ${{ env.DB_USER }} \ + ${{ env.SPLUNK_TOKEN }} \ + ${{ env.BRANCH }} # Start rollout (if necessary) and follow it - oc rollout latest dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ - || true && echo "Rollout in progress" - oc logs -f dc/${{ env.SPRING_BOOT_IMAGE_NAME }} + oc rollout restart deployment/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ + || true && echo "Rollout in progress" + + oc logs -f deployment/${{ env.SPRING_BOOT_IMAGE_NAME }} # Get status, returns 0 if rollout is successful - oc rollout status dc/${{ env.SPRING_BOOT_IMAGE_NAME }} + + oc rollout status deployment/${{ env.SPRING_BOOT_IMAGE_NAME }} - name: ZAP Scan uses: zaproxy/action-api-scan@v0.8.0 diff --git a/tools/config/update-configmap.sh b/tools/config/update-configmap.sh index 2c91b23..c0f5618 100644 --- a/tools/config/update-configmap.sh +++ b/tools/config/update-configmap.sh @@ -1,15 +1,15 @@ envValue=$1 APP_NAME=$2 OPENSHIFT_NAMESPACE=$3 -COMMON_NAMESPACE=$4 -DB_JDBC_CONNECT_STRING=$5 -DB_PWD=$6 -DB_USER=$7 -SPLUNK_TOKEN=$8 +DB_JDBC_CONNECT_STRING=$4 +DB_PWD=$5 +DB_USER=$6 +SPLUNK_TOKEN=$7 +BRANCH=$8 TZVALUE="America/Vancouver" SOAM_KC_REALM_ID="master" -SOAM_KC=soam-$envValue.apps.silver.devops.gov.bc.ca +SOAM_KC="soam-$envValue.apps.silver.devops.gov.bc.ca" SOAM_KC_LOAD_USER_ADMIN=$(oc -n "$OPENSHIFT_NAMESPACE"-"$envValue" -o json get secret sso-admin-"${envValue}" | sed -n 's/.*"username": "\(.*\)"/\1/p' | base64 --decode) SOAM_KC_LOAD_USER_PASS=$(oc -n "$OPENSHIFT_NAMESPACE"-"$envValue" -o json get secret sso-admin-"${envValue}" | sed -n 's/.*"password": "\(.*\)",/\1/p' | base64 --decode) @@ -94,14 +94,38 @@ PARSER_CONFIG=" Format json " echo + echo Creating config map "$APP_NAME"-config-map -oc create -n "$OPENSHIFT_NAMESPACE"-"$envValue" configmap "$APP_NAME"-config-map --from-literal=TZ="$TZVALUE" --from-literal=TOKEN_ISSUER_URL="https://$SOAM_KC/auth/realms/$SOAM_KC_REALM_ID" --from-literal=NATS_URL="$NATS_URL" --from-literal=NATS_CLUSTER="$NATS_CLUSTER" --from-literal=JDBC_URL="$DB_JDBC_CONNECT_STRING" --from-literal=ORACLE_USERNAME="$DB_USER" --from-literal=ORACLE_PASSWORD="$DB_PWD" --from-literal=SPRING_SECURITY_LOG_LEVEL=INFO --from-literal=SPRING_WEB_LOG_LEVEL=INFO --from-literal=APP_LOG_LEVEL=INFO --from-literal=SPRING_BOOT_AUTOCONFIG_LOG_LEVEL=INFO --from-literal=SPRING_SHOW_REQUEST_DETAILS=false --from-literal=HIBERNATE_STATISTICS=false --from-literal=NATS_MAX_RECONNECT=60 --from-literal=PURGE_RECORDS_EVENT_AFTER_DAYS=365 --from-literal=SCHEDULED_JOBS_PURGE_OLD_EVENT_RECORDS_CRON="@midnight" --dry-run -o yaml | oc apply -f - +oc create -n "$OPENSHIFT_NAMESPACE-$envValue" configmap "$APP_NAME-config-map" \ + --from-literal=TZ="$TZVALUE" \ + --from-literal=TOKEN_ISSUER_URL="https://$SOAM_KC/auth/realms/$SOAM_KC_REALM_ID" \ + --from-literal=NATS_URL="$NATS_URL" \ + --from-literal=NATS_CLUSTER="$NATS_CLUSTER" \ + --from-literal=JDBC_URL="$DB_JDBC_CONNECT_STRING" \ + --from-literal=ORACLE_USERNAME="$DB_USER" \ + --from-literal=ORACLE_PASSWORD="$DB_PWD" \ + --from-literal=SPRING_SECURITY_LOG_LEVEL=INFO \ + --from-literal=SPRING_WEB_LOG_LEVEL=INFO \ + --from-literal=APP_LOG_LEVEL=INFO \ + --from-literal=SPRING_BOOT_AUTOCONFIG_LOG_LEVEL=INFO \ + --from-literal=SPRING_SHOW_REQUEST_DETAILS=false \ + --from-literal=HIBERNATE_STATISTICS=false \ + --from-literal=NATS_MAX_RECONNECT=60 \ + --from-literal=PURGE_RECORDS_EVENT_AFTER_DAYS=365 \ + --from-literal=SCHEDULED_JOBS_PURGE_OLD_EVENT_RECORDS_CRON="@midnight" \ + --dry-run -o yaml | oc apply -f - echo -echo Setting environment variables for "$APP_NAME"-$SOAM_KC_REALM_ID application -oc -n "$OPENSHIFT_NAMESPACE"-"$envValue" set env --from=configmap/"$APP_NAME"-config-map dc/"$APP_NAME"-$SOAM_KC_REALM_ID -echo Creating config map "$APP_NAME"-flb-sc-config-map -oc create -n "$OPENSHIFT_NAMESPACE"-"$envValue" configmap "$APP_NAME"-flb-sc-config-map --from-literal=fluent-bit.conf="$FLB_CONFIG" --from-literal=parsers.conf="$PARSER_CONFIG" --dry-run -o yaml | oc apply -f - +echo Setting environment variables for "$APP_NAME-$BRANCH" application +oc -n "$OPENSHIFT_NAMESPACE"-"$envValue" set env \ + --from="configmap/$APP_NAME-config-map" "deployment/$APP_NAME-$BRANCH" + +echo Creating config map "$APP_NAME-flb-sc-config-map" +oc create -n "$OPENSHIFT_NAMESPACE-$envValue" configmap "$APP_NAME"-flb-sc-config-map \ + --from-literal="fluent-bit.conf=$FLB_CONFIG" \ + --from-literal="parsers.conf=$PARSER_CONFIG" \ + --dry-run -o yaml | oc apply -f - echo Removing un-needed config entries -oc -n "$OPENSHIFT_NAMESPACE"-"$envValue" set env dc/"$APP_NAME"-$SOAM_KC_REALM_ID KEYCLOAK_PUBLIC_KEY- +oc -n "$OPENSHIFT_NAMESPACE-$envValue" set env \ + "deployment/$APP_NAME-$SOAM_KC_REALM_ID" KEYCLOAK_PUBLIC_KEY- diff --git a/tools/openshift/api.dc.yaml b/tools/openshift/api.deployment.yaml similarity index 93% rename from tools/openshift/api.dc.yaml rename to tools/openshift/api.deployment.yaml index 4ebcc2c..862dd37 100644 --- a/tools/openshift/api.dc.yaml +++ b/tools/openshift/api.deployment.yaml @@ -4,10 +4,10 @@ kind: Template labels: template: "${REPO_NAME}-template" metadata: - name: "${REPO_NAME}-${BRANCH}-dc" + name: "${REPO_NAME}-${BRANCH}-deployment" objects: -- apiVersion: v1 - kind: DeploymentConfig +- apiVersion: apps/v1 + kind: Deployment metadata: labels: app: "${APP_NAME}-${BRANCH}" @@ -15,11 +15,13 @@ objects: spec: replicas: ${{MIN_REPLICAS}} selector: - app: "${APP_NAME}-${BRANCH}" - deploymentConfig: "${APP_NAME}-${BRANCH}" + matchLabels: + app: "${APP_NAME}-${BRANCH}" strategy: - resources: {} - type: Rolling + type: RollingUpdate + rollingUpdate: + maxUnavailable: 25% + maxSurge: 25% template: metadata: annotations: @@ -29,7 +31,6 @@ objects: prometheus.io/scrape: 'true' labels: app: "${APP_NAME}-${BRANCH}" - deploymentConfig: "${APP_NAME}-${BRANCH}" spec: containers: - image: image-registry.openshift-image-registry.svc:5000/${NAMESPACE}/${REPO_NAME}-${BRANCH}:${TAG} @@ -131,15 +132,14 @@ objects: protocol: TCP selector: app: "${APP_NAME}-${BRANCH}" - deploymentconfig: "${APP_NAME}-${BRANCH}" - apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: "${APP_NAME}-${BRANCH}-cpu-autoscaler" spec: scaleTargetRef: - apiVersion: apps.openshift.io/v1 - kind: DeploymentConfig + apiVersion: apps/v1 + kind: Deployment name: "${APP_NAME}-${BRANCH}" subresource: scale minReplicas: ${{MIN_REPLICAS}}