From bad85134f6c51436375ded644ea7775e5c82a2c6 Mon Sep 17 00:00:00 2001 From: cditcher Date: Thu, 28 Nov 2024 14:43:59 -0800 Subject: [PATCH 01/48] Adding certificate and url endpoints --- .../build-n-deploy-frontend-to-ocp-dev.yml | 1 + .../workflows/deploy-frontend-to-ocp-prod.yml | 6 +- .../workflows/deploy-frontend-to-ocp-test.yml | 4 +- tools/openshift/frontend-dc.yaml | 64 +++++++++++++++++++ 4 files changed, 72 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-n-deploy-frontend-to-ocp-dev.yml b/.github/workflows/build-n-deploy-frontend-to-ocp-dev.yml index 8cf4f5e8..502b15dd 100644 --- a/.github/workflows/build-n-deploy-frontend-to-ocp-dev.yml +++ b/.github/workflows/build-n-deploy-frontend-to-ocp-dev.yml @@ -162,6 +162,7 @@ jobs: oc process -f tools/openshift/frontend-dc.yaml -p REPO_NAME=educ-grad-admin \ -p HOST_ROUTE=educ-grad-admin-bbe4c3-dev.apps.silver.devops.gov.bc.ca -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ -p APP_NAME=educ-grad-admin -p TAG=latest -p MIN_REPLICAS=2 -p MAX_REPLICAS=3 -p MIN_CPU=50m -p MAX_CPU=100m \ + -p BASE_URL=${{ env.TARGET_ENV }}.grad.gov.bc.ca -p ENVIRONMENT=${{ env.TARGET_ENV }} -p CERTIFICATE=${{ secrets.CERTIFICATE }} -p CA_CERT=${{ secrets.CA_CERT }} -p PRIVATE_KEY=${{ secrets.PRIVATE_KEY }} \ -p MIN_MEM=200Mi -p MAX_MEM=250Mi | oc apply -n bbe4c3-dev -f - # Start rollout (if necessary) and follow it diff --git a/.github/workflows/deploy-frontend-to-ocp-prod.yml b/.github/workflows/deploy-frontend-to-ocp-prod.yml index dd46dbf5..ad176701 100644 --- a/.github/workflows/deploy-frontend-to-ocp-prod.yml +++ b/.github/workflows/deploy-frontend-to-ocp-prod.yml @@ -82,8 +82,10 @@ jobs: # Process and apply deployment template oc process -f tools/openshift/frontend-dc.yaml -p REPO_NAME=educ-grad-admin \ - -p HOST_ROUTE=grad.gov.bc.ca -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ - -p APP_NAME=educ-grad-admin -p TAG=${{ steps.get-latest-tag.outputs.tag }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} | oc apply -f - + -p HOST_ROUTE=educ-grad-admin-bbe4c3-prod.apps.silver.devops.gov.bc.ca -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ + -p APP_NAME=educ-grad-admin -p TAG=${{ steps.get-latest-tag.outputs.tag }} \ + -p BASE_URL=grad.gov.bc.ca -p ENVIRONMENT=${{ env.TARGET_ENV }} -p CERTIFICATE=${{ secrets.CERTIFICATE }} -p CA_CERT=${{ secrets.CA_CERT }} -p PRIVATE_KEY=${{ secrets.PRIVATE_KEY }} \ + -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} | oc apply -f - # Start rollout (if necessary) and follow it oc rollout latest dc/${{ env.IMAGE_NAME }}-dc 2> /dev/null \ diff --git a/.github/workflows/deploy-frontend-to-ocp-test.yml b/.github/workflows/deploy-frontend-to-ocp-test.yml index 9b6ba9f4..2c0a0b0b 100644 --- a/.github/workflows/deploy-frontend-to-ocp-test.yml +++ b/.github/workflows/deploy-frontend-to-ocp-test.yml @@ -83,7 +83,9 @@ jobs: # Process and apply deployment template oc process -f tools/openshift/frontend-dc.yaml -p REPO_NAME=educ-grad-admin \ -p HOST_ROUTE=educ-grad-admin-bbe4c3-test.apps.silver.devops.gov.bc.ca -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ - -p APP_NAME=educ-grad-admin -p TAG=${{ steps.get-latest-tag.outputs.tag }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} | oc apply -n bbe4c3-test -f - + -p APP_NAME=educ-grad-admin -p TAG=${{ steps.get-latest-tag.outputs.tag }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \ + -p BASE_URL=${{ env.TARGET_ENV }}.grad.gov.bc.ca -p ENVIRONMENT=${{ env.TARGET_ENV }} -p CERTIFICATE=${{ secrets.CERTIFICATE }} -p CA_CERT=${{ secrets.CA_CERT }} -p PRIVATE_KEY=${{ secrets.PRIVATE_KEY }} \ + -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} | oc apply -n bbe4c3-test -f - # Start rollout (if necessary) and follow it oc rollout latest dc/${{ env.IMAGE_NAME }}-dc 2> /dev/null \ diff --git a/tools/openshift/frontend-dc.yaml b/tools/openshift/frontend-dc.yaml index e107ab19..3ec7452c 100644 --- a/tools/openshift/frontend-dc.yaml +++ b/tools/openshift/frontend-dc.yaml @@ -100,6 +100,55 @@ objects: selector: app: "${APP_NAME}" deploymentconfig: "${APP_NAME}-frontend-dc" +# route for .grad.gov.bc.ca +- apiVersion: v1 + kind: Route + metadata: + annotations: + openshift.io/host.generated: 'true' + labels: + app: "${APP_NAME}" + name: "${APP_NAME}-frontend-${ENVIRONMENT}" + spec: + host: "${BASE_URL}" + to: + kind: Service + name: "${APP_NAME}-frontend" + weight: 100 + wildcardPolicy: None + port: + targetPort: 2015-tcp + tls: + caCertificate: "${CA_CERT}" + certificate: "${CERTIFICATE}" + insecureEdgeTerminationPolicy: Redirect + key: "${PRIVATE_KEY}" + termination: edge +# route for backend .grad.gov.bc.ca/api +- apiVersion: v1 + kind: Route + metadata: + annotations: + openshift.io/host.generated: 'true' + labels: + app: "${APP_NAME}" + name: "${APP_NAME}-backend-${ENVIRONMENT}" + spec: + host: "${BASE_URL}" + path: "/api" + to: + kind: Service + name: "${APP_NAME}-backend" + weight: 100 + wildcardPolicy: None + port: + targetPort: 8080-tcp + tls: + caCertificate: "${CA_CERT}" + certificate: "${CERTIFICATE}" + insecureEdgeTerminationPolicy: Redirect + key: "${PRIVATE_KEY}" + termination: edge - apiVersion: v1 kind: Route metadata: @@ -179,3 +228,18 @@ parameters: - name: MAX_MEM description: The maximum amount of memory required: true +- name: ENVIRONMENT + description: dev, test, prod + required: true +- name: CA_CERT + description: The CA Certificate + required: true +- name: CERTIFICATE + description: The Certificate + required: true +- name: PRIVATE_KEY + description: The private key + required: true +- name: BASE_URL + description: Base url. Example dev.grad.gov.bc.ca. Not prepended with https:// + required: true From 63db672badbbe6b9a66c081f74d027c6576b3867 Mon Sep 17 00:00:00 2001 From: cditcher Date: Thu, 28 Nov 2024 15:29:47 -0800 Subject: [PATCH 02/48] Updated certs with quotes --- .github/workflows/build-n-deploy-frontend-to-ocp-dev.yml | 2 +- .github/workflows/deploy-frontend-to-ocp-prod.yml | 2 +- .github/workflows/deploy-frontend-to-ocp-test.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-n-deploy-frontend-to-ocp-dev.yml b/.github/workflows/build-n-deploy-frontend-to-ocp-dev.yml index 502b15dd..00651e05 100644 --- a/.github/workflows/build-n-deploy-frontend-to-ocp-dev.yml +++ b/.github/workflows/build-n-deploy-frontend-to-ocp-dev.yml @@ -162,7 +162,7 @@ jobs: oc process -f tools/openshift/frontend-dc.yaml -p REPO_NAME=educ-grad-admin \ -p HOST_ROUTE=educ-grad-admin-bbe4c3-dev.apps.silver.devops.gov.bc.ca -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ -p APP_NAME=educ-grad-admin -p TAG=latest -p MIN_REPLICAS=2 -p MAX_REPLICAS=3 -p MIN_CPU=50m -p MAX_CPU=100m \ - -p BASE_URL=${{ env.TARGET_ENV }}.grad.gov.bc.ca -p ENVIRONMENT=${{ env.TARGET_ENV }} -p CERTIFICATE=${{ secrets.CERTIFICATE }} -p CA_CERT=${{ secrets.CA_CERT }} -p PRIVATE_KEY=${{ secrets.PRIVATE_KEY }} \ + -p BASE_URL=${{ env.TARGET_ENV }}.grad.gov.bc.ca -p ENVIRONMENT=${{ env.TARGET_ENV }} -p CERTIFICATE="${{ secrets.CERTIFICATE }}" -p CA_CERT="${{ secrets.CA_CERT }}" -p PRIVATE_KEY="${{ secrets.PRIVATE_KEY }}" \ -p MIN_MEM=200Mi -p MAX_MEM=250Mi | oc apply -n bbe4c3-dev -f - # Start rollout (if necessary) and follow it diff --git a/.github/workflows/deploy-frontend-to-ocp-prod.yml b/.github/workflows/deploy-frontend-to-ocp-prod.yml index ad176701..edaf66a8 100644 --- a/.github/workflows/deploy-frontend-to-ocp-prod.yml +++ b/.github/workflows/deploy-frontend-to-ocp-prod.yml @@ -84,7 +84,7 @@ jobs: oc process -f tools/openshift/frontend-dc.yaml -p REPO_NAME=educ-grad-admin \ -p HOST_ROUTE=educ-grad-admin-bbe4c3-prod.apps.silver.devops.gov.bc.ca -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ -p APP_NAME=educ-grad-admin -p TAG=${{ steps.get-latest-tag.outputs.tag }} \ - -p BASE_URL=grad.gov.bc.ca -p ENVIRONMENT=${{ env.TARGET_ENV }} -p CERTIFICATE=${{ secrets.CERTIFICATE }} -p CA_CERT=${{ secrets.CA_CERT }} -p PRIVATE_KEY=${{ secrets.PRIVATE_KEY }} \ + -p BASE_URL=grad.gov.bc.ca -p ENVIRONMENT=${{ env.TARGET_ENV }} -p CERTIFICATE="${{ secrets.CERTIFICATE }}" -p CA_CERT="${{ secrets.CA_CERT }}" -p PRIVATE_KEY="${{ secrets.PRIVATE_KEY }}" \ -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} | oc apply -f - # Start rollout (if necessary) and follow it diff --git a/.github/workflows/deploy-frontend-to-ocp-test.yml b/.github/workflows/deploy-frontend-to-ocp-test.yml index 2c0a0b0b..19b4df3a 100644 --- a/.github/workflows/deploy-frontend-to-ocp-test.yml +++ b/.github/workflows/deploy-frontend-to-ocp-test.yml @@ -84,7 +84,7 @@ jobs: oc process -f tools/openshift/frontend-dc.yaml -p REPO_NAME=educ-grad-admin \ -p HOST_ROUTE=educ-grad-admin-bbe4c3-test.apps.silver.devops.gov.bc.ca -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ -p APP_NAME=educ-grad-admin -p TAG=${{ steps.get-latest-tag.outputs.tag }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \ - -p BASE_URL=${{ env.TARGET_ENV }}.grad.gov.bc.ca -p ENVIRONMENT=${{ env.TARGET_ENV }} -p CERTIFICATE=${{ secrets.CERTIFICATE }} -p CA_CERT=${{ secrets.CA_CERT }} -p PRIVATE_KEY=${{ secrets.PRIVATE_KEY }} \ + -p BASE_URL=${{ env.TARGET_ENV }}.grad.gov.bc.ca -p ENVIRONMENT=${{ env.TARGET_ENV }} -p CERTIFICATE="${{ secrets.CERTIFICATE }}" -p CA_CERT="${{ secrets.CA_CERT }}" -p PRIVATE_KEY="${{ secrets.PRIVATE_KEY }}" \ -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} | oc apply -n bbe4c3-test -f - # Start rollout (if necessary) and follow it From 409f60d1e25f26194267aab5a67f1a7d10ad5a37 Mon Sep 17 00:00:00 2001 From: cditcher Date: Fri, 29 Nov 2024 08:41:04 -0800 Subject: [PATCH 03/48] Updated frontend to deployment --- tools/openshift/frontend-dc.yaml | 92 +++++++++++++++----------------- 1 file changed, 44 insertions(+), 48 deletions(-) diff --git a/tools/openshift/frontend-dc.yaml b/tools/openshift/frontend-dc.yaml index 3ec7452c..05c5ed6d 100644 --- a/tools/openshift/frontend-dc.yaml +++ b/tools/openshift/frontend-dc.yaml @@ -6,71 +6,71 @@ labels: metadata: name: "${REPO_NAME}-frontend" objects: -- apiVersion: v1 - kind: DeploymentConfig +- apiVersion: apps/v1 + kind: Deployment metadata: - annotations: - openshift.io/generated-by: OpenShiftNewApp + name: "${APP_NAME}-frontend" labels: - app: "${APP_NAME}" + app: "${APP_NAME}-frontend" app.kubernetes.io/part-of: GRAD-ADMIN app.openshift.io/runtime: js - name: "${APP_NAME}-frontend-dc" spec: replicas: ${{MIN_REPLICAS}} selector: - app: "${APP_NAME}" - deploymentconfig: "${APP_NAME}-frontend-dc" + matchLabels: + app: "${APP_NAME}-frontend" strategy: - resources: {} - type: Rolling + type: RollingUpdate + rollingUpdate: + maxUnavailable: 25% + maxSurge: 25% template: metadata: annotations: openshift.io/generated-by: OpenShiftNewApp - creationTimestamp: labels: - app: "${APP_NAME}" - deploymentconfig: "${APP_NAME}-frontend-dc" + app: "${APP_NAME}-frontend" spec: containers: - - image: image-registry.openshift-image-registry.svc:5000/${NAMESPACE}/${REPO_NAME}-frontend:${TAG} + - name: "${APP_NAME}-frontend" + image: image-registry.openshift-image-registry.svc:5000/${NAMESPACE}/${REPO_NAME}-frontend:${TAG} imagePullPolicy: Always - volumeMounts: - - name: tls-certs - mountPath: "/etc/tls-certs" - readOnly: true - - name: config-env - mountPath: "/var/www/html/js/config" + ports: + - containerPort: 2015 + protocol: TCP + resources: + requests: + cpu: "${MIN_CPU}" + memory: "${MIN_MEM}" + limits: + cpu: "${MAX_CPU}" + memory: "${MAX_MEM}" livenessProbe: - failureThreshold: 3 httpGet: path: "/" port: 2015 scheme: HTTP - periodSeconds: 10 + initialDelaySeconds: 300 + periodSeconds: 30 + timeoutSeconds: 5 + failureThreshold: 5 successThreshold: 1 - timeoutSeconds: 1 - name: "${APP_NAME}-frontend" - ports: - - containerPort: 2015 - protocol: TCP readinessProbe: - failureThreshold: 3 httpGet: path: "/" port: 2015 scheme: HTTP + initialDelaySeconds: 30 periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 20 successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: "${MIN_CPU}" - memory: "${MIN_MEM}" - limits: - cpu: "${MAX_CPU}" - memory: "${MAX_MEM}" + volumeMounts: + - name: tls-certs + mountPath: "/etc/tls-certs" + readOnly: true + - name: config-env + mountPath: "/var/www/html/js/config" volumes: - name: tls-certs secret: @@ -79,17 +79,14 @@ objects: configMap: name: ${APP_NAME}-frontend-config-map test: false - triggers: - - type: ConfigChange - apiVersion: v1 kind: Service metadata: annotations: openshift.io/generated-by: OpenShiftNewApp service.alpha.openshift.io/serving-cert-secret-name: "${APP_NAME}-frontend-cert" - creationTimestamp: labels: - app: "${APP_NAME}" + app: "${APP_NAME}-frontend" name: "${APP_NAME}-frontend" spec: ports: @@ -98,8 +95,7 @@ objects: protocol: TCP targetPort: 2015 selector: - app: "${APP_NAME}" - deploymentconfig: "${APP_NAME}-frontend-dc" + app: "${APP_NAME}-frontend" # route for .grad.gov.bc.ca - apiVersion: v1 kind: Route @@ -107,7 +103,7 @@ objects: annotations: openshift.io/host.generated: 'true' labels: - app: "${APP_NAME}" + app: "${APP_NAME}-frontend" name: "${APP_NAME}-frontend-${ENVIRONMENT}" spec: host: "${BASE_URL}" @@ -131,7 +127,7 @@ objects: annotations: openshift.io/host.generated: 'true' labels: - app: "${APP_NAME}" + app: "${APP_NAME}-backend" name: "${APP_NAME}-backend-${ENVIRONMENT}" spec: host: "${BASE_URL}" @@ -155,7 +151,7 @@ objects: annotations: openshift.io/host.generated: 'true' labels: - app: "${APP_NAME}" + app: "${APP_NAME}-frontend" name: "${APP_NAME}-frontend" spec: host: "${HOST_ROUTE}" @@ -175,9 +171,9 @@ objects: name: "${APP_NAME}-frontend-cpu-autoscaler" spec: scaleTargetRef: - apiVersion: apps.openshift.io/v1 - kind: DeploymentConfig - name: "${APP_NAME}-frontend-dc" + apiVersion: apps/v1 + kind: Deployment + name: "${APP_NAME}-frontend" subresource: scale minReplicas: ${{MIN_REPLICAS}} maxReplicas: ${{MAX_REPLICAS}} From c85b0d9130c498f1a963fb71e2f30eefcb5f62f0 Mon Sep 17 00:00:00 2001 From: cditcher Date: Fri, 29 Nov 2024 08:54:30 -0800 Subject: [PATCH 04/48] Updated backend to Deployment --- tools/openshift/backend-dc.yaml | 42 ++++++++++++++++----------------- 1 file changed, 20 insertions(+), 22 deletions(-) diff --git a/tools/openshift/backend-dc.yaml b/tools/openshift/backend-dc.yaml index ad045287..90d378c9 100644 --- a/tools/openshift/backend-dc.yaml +++ b/tools/openshift/backend-dc.yaml @@ -4,42 +4,38 @@ kind: Template labels: template: "${REPO_NAME}-backend-template" metadata: - name: "${REPO_NAME}-backend-dc" + name: "${REPO_NAME}-backend" objects: - - apiVersion: v1 - kind: DeploymentConfig + - apiVersion: apps/v1 + kind: Deployment metadata: labels: app: "${REPO_NAME}-backend" app.kubernetes.io/part-of: GRAD-ADMIN app.openshift.io/runtime: nodejs - name: "${REPO_NAME}-backend-dc" + name: "${REPO_NAME}-backend" spec: replicas: ${{MIN_REPLICAS}} - revisionHistoryLimit: 1 - triggers: [] selector: - app: "${REPO_NAME}-backend" - deploymentConfig: "${REPO_NAME}-backend-dc" + matchLabels: + app: "${REPO_NAME}-backend" strategy: - resources: {} - type: Rolling + type: RollingUpdate + rollingUpdate: + maxUnavailable: 25% + maxSurge: 25% template: metadata: labels: app: "${REPO_NAME}-backend" - deploymentConfig: "${REPO_NAME}-backend-dc" spec: containers: - - image: image-registry.openshift-image-registry.svc:5000/${IS_NAMESPACE}/${REPO_NAME}-backend:${TAG_NAME} + - name: "${REPO_NAME}-backend" + image: image-registry.openshift-image-registry.svc:5000/${IS_NAMESPACE}/${REPO_NAME}-backend:${TAG_NAME} imagePullPolicy: Always - name: "${REPO_NAME}-backend" ports: - containerPort: ${{CONTAINER_PORT}} protocol: TCP - volumeMounts: - - name: log-storage - mountPath: /logs envFrom: - configMapRef: name: educ-grad-admin-backend-config-map @@ -50,8 +46,11 @@ objects: limits: cpu: "${MAX_CPU}" memory: "${MAX_MEM}" - - image: artifacts.developer.gov.bc.ca/docker-remote/fluent/fluent-bit:1.5.7 - name: "${REPO_NAME}-fluent-bit-sidecar" + volumeMounts: + - name: log-storage + mountPath: /logs + - name: "${REPO_NAME}-fluent-bit-sidecar" + image: artifacts.developer.gov.bc.ca/docker-remote/fluent/fluent-bit:1.5.7 imagePullPolicy: Always imagePullSecrets: - name: artifactory-creds @@ -108,7 +107,6 @@ objects: protocol: TCP selector: app: "${REPO_NAME}-backend" - deploymentconfig: "${REPO_NAME}-backend-dc" - apiVersion: v1 kind: Route metadata: @@ -136,9 +134,9 @@ objects: name: "${REPO_NAME}-backend-cpu-autoscaler" spec: scaleTargetRef: - apiVersion: apps.openshift.io/v1 - kind: DeploymentConfig - name: "${REPO_NAME}-backend-dc" + apiVersion: apps/v1 + kind: Deployment + name: "${REPO_NAME}-backend" subresource: scale minReplicas: ${{MIN_REPLICAS}} maxReplicas: ${{MAX_REPLICAS}} From 84f037f936f1f07da4a41d115fddec9d8ae9e1a2 Mon Sep 17 00:00:00 2001 From: cditcher Date: Fri, 29 Nov 2024 09:34:30 -0800 Subject: [PATCH 05/48] Updated vue 3 actions --- ...build-n-deploy-backend-to-ocp-dev-vue3.yml | 2 +- ...uild-n-deploy-frontend-to-ocp-dev-vue3.yml | 1 + tools/openshift/frontend-dc.yaml | 94 +++++++++---------- 3 files changed, 49 insertions(+), 48 deletions(-) diff --git a/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml b/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml index dffa271c..b2f61e1c 100644 --- a/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml +++ b/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml @@ -21,7 +21,7 @@ env: APP_NAME: "educ-grad-admin" REPO_NAME: "educ-grad-admin" - BRANCH: "vue3" + BRANCH: "GRAD2-3119" APP_NAME_BACKEND: "educ-grad-admin-backend" NAMESPACE: ${{secrets.GRAD_NAMESPACE_NO_ENV}} NAMESPACE_TOOLS: ${{secrets.GRAD_NAMESPACE_NO_ENV}}-tools diff --git a/.github/workflows/build-n-deploy-frontend-to-ocp-dev-vue3.yml b/.github/workflows/build-n-deploy-frontend-to-ocp-dev-vue3.yml index 1dcbd3d3..ba829550 100644 --- a/.github/workflows/build-n-deploy-frontend-to-ocp-dev-vue3.yml +++ b/.github/workflows/build-n-deploy-frontend-to-ocp-dev-vue3.yml @@ -162,6 +162,7 @@ jobs: oc process -f tools/openshift/frontend-dc.yaml -p REPO_NAME=educ-grad-admin \ -p HOST_ROUTE=educ-grad-admin-${{secrets.GRAD_NAMESPACE_NO_ENV}}-dev.apps.silver.devops.gov.bc.ca -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ -p APP_NAME=educ-grad-admin -p TAG=latest -p MIN_REPLICAS=2 -p MAX_REPLICAS=3 -p MIN_CPU=50m -p MAX_CPU=100m \ + -p BASE_URL=${{ env.TARGET_ENV }}.grad.gov.bc.ca -p ENVIRONMENT=${{ env.TARGET_ENV }} -p CERTIFICATE="${{ secrets.CERTIFICATE }}" -p CA_CERT="${{ secrets.CA_CERT }}" -p PRIVATE_KEY="${{ secrets.PRIVATE_KEY }}" \ -p MIN_MEM=200Mi -p MAX_MEM=250Mi | oc apply -n ${{secrets.GRAD_NAMESPACE_NO_ENV}}-dev -f - # Start rollout (if necessary) and follow it diff --git a/tools/openshift/frontend-dc.yaml b/tools/openshift/frontend-dc.yaml index 05c5ed6d..04aa66a8 100644 --- a/tools/openshift/frontend-dc.yaml +++ b/tools/openshift/frontend-dc.yaml @@ -97,54 +97,54 @@ objects: selector: app: "${APP_NAME}-frontend" # route for .grad.gov.bc.ca -- apiVersion: v1 - kind: Route - metadata: - annotations: - openshift.io/host.generated: 'true' - labels: - app: "${APP_NAME}-frontend" - name: "${APP_NAME}-frontend-${ENVIRONMENT}" - spec: - host: "${BASE_URL}" - to: - kind: Service - name: "${APP_NAME}-frontend" - weight: 100 - wildcardPolicy: None - port: - targetPort: 2015-tcp - tls: - caCertificate: "${CA_CERT}" - certificate: "${CERTIFICATE}" - insecureEdgeTerminationPolicy: Redirect - key: "${PRIVATE_KEY}" - termination: edge +#- apiVersion: v1 +# kind: Route +# metadata: +# annotations: +# openshift.io/host.generated: 'true' +# labels: +# app: "${APP_NAME}-frontend" +# name: "${APP_NAME}-frontend-${ENVIRONMENT}" +# spec: +# host: "${BASE_URL}" +# to: +# kind: Service +# name: "${APP_NAME}-frontend" +# weight: 100 + # wildcardPolicy: None + # port: + # targetPort: 2015-tcp + # tls: + # caCertificate: "${CA_CERT}" + # certificate: "${CERTIFICATE}" + # insecureEdgeTerminationPolicy: Redirect + # key: "${PRIVATE_KEY}" + # termination: edge # route for backend .grad.gov.bc.ca/api -- apiVersion: v1 - kind: Route - metadata: - annotations: - openshift.io/host.generated: 'true' - labels: - app: "${APP_NAME}-backend" - name: "${APP_NAME}-backend-${ENVIRONMENT}" - spec: - host: "${BASE_URL}" - path: "/api" - to: - kind: Service - name: "${APP_NAME}-backend" - weight: 100 - wildcardPolicy: None - port: - targetPort: 8080-tcp - tls: - caCertificate: "${CA_CERT}" - certificate: "${CERTIFICATE}" - insecureEdgeTerminationPolicy: Redirect - key: "${PRIVATE_KEY}" - termination: edge +#- apiVersion: v1 +# kind: Route +# metadata: +# annotations: +# openshift.io/host.generated: 'true' +# labels: +# app: "${APP_NAME}-backend" +# name: "${APP_NAME}-backend-${ENVIRONMENT}" +# spec: +# host: "${BASE_URL}" +# path: "/api" +# to: +# kind: Service +# name: "${APP_NAME}-backend" +# weight: 100 +# wildcardPolicy: None +# port: +# targetPort: 8080-tcp +# tls: +# caCertificate: "${CA_CERT}" +# certificate: "${CERTIFICATE}" +# insecureEdgeTerminationPolicy: Redirect +# key: "${PRIVATE_KEY}" +# termination: edge - apiVersion: v1 kind: Route metadata: From 497704959c0aad0cccbc8bdd0b86ec6cd71a66d1 Mon Sep 17 00:00:00 2001 From: cditcher Date: Fri, 29 Nov 2024 09:45:37 -0800 Subject: [PATCH 06/48] Updated backend deployment script to support deployment --- .../workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml b/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml index b2f61e1c..265bdfec 100644 --- a/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml +++ b/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml @@ -147,7 +147,7 @@ jobs: oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }} oc project ${{ env.OPENSHIFT_NAMESPACE }} # Cancel any rollouts in progress - oc rollout cancel dc/${{ env.IMAGE_NAME }}-dc 2> /dev/null \ + oc rollout cancel deployment/${{ env.IMAGE_NAME }} 2> /dev/null \ || true && echo "No rollout in progress" oc project ${{ env.OPENSHIFT_NAMESPACE }} @@ -161,12 +161,12 @@ jobs: oc process -f tools/openshift/backend-dc.yaml -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p REPO_NAME=educ-grad-admin -p HOST_ROUTE=educ-grad-admin-${{secrets.GRAD_NAMESPACE_NO_ENV}}-dev.apps.silver.devops.gov.bc.ca -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} | oc apply -n ${{secrets.GRAD_NAMESPACE_NO_ENV}}-dev -f - # Start rollout (if necessary) and follow it - oc rollout latest dc/${{ env.IMAGE_NAME }}-dc 2> /dev/null \ + oc rollout restart deployment/${{ env.IMAGE_NAME }} 2> /dev/null \ || true && echo "Rollout in progress" - oc logs -f dc/${{ env.IMAGE_NAME }}-dc + oc logs -f deployment/${{ env.IMAGE_NAME }} # Get status, returns 0 if rollout is successful - oc rollout status dc/${{ env.IMAGE_NAME }}-dc + oc rollout status deployment/${{ env.IMAGE_NAME }} - name: ZAP Scan uses: zaproxy/action-full-scan@v0.10.0 From e101a72b74122d5bc699d7cf0c631ef1e40d6702 Mon Sep 17 00:00:00 2001 From: cditcher Date: Fri, 29 Nov 2024 09:58:02 -0800 Subject: [PATCH 07/48] Updated gha for frontend vue3 --- .../build-n-deploy-backend-to-ocp-dev-vue3.yml | 4 +--- .../build-n-deploy-frontend-to-ocp-dev-vue3.yml | 12 ++++++------ 2 files changed, 7 insertions(+), 9 deletions(-) diff --git a/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml b/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml index 265bdfec..d27a1bcc 100644 --- a/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml +++ b/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml @@ -161,10 +161,8 @@ jobs: oc process -f tools/openshift/backend-dc.yaml -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p REPO_NAME=educ-grad-admin -p HOST_ROUTE=educ-grad-admin-${{secrets.GRAD_NAMESPACE_NO_ENV}}-dev.apps.silver.devops.gov.bc.ca -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} | oc apply -n ${{secrets.GRAD_NAMESPACE_NO_ENV}}-dev -f - # Start rollout (if necessary) and follow it - oc rollout restart deployment/${{ env.IMAGE_NAME }} 2> /dev/null \ - || true && echo "Rollout in progress" + oc rollout restart deployment/${{ env.IMAGE_NAME }} - oc logs -f deployment/${{ env.IMAGE_NAME }} # Get status, returns 0 if rollout is successful oc rollout status deployment/${{ env.IMAGE_NAME }} diff --git a/.github/workflows/build-n-deploy-frontend-to-ocp-dev-vue3.yml b/.github/workflows/build-n-deploy-frontend-to-ocp-dev-vue3.yml index ba829550..f1bd3527 100644 --- a/.github/workflows/build-n-deploy-frontend-to-ocp-dev-vue3.yml +++ b/.github/workflows/build-n-deploy-frontend-to-ocp-dev-vue3.yml @@ -21,7 +21,7 @@ env: APP_NAME: "educ-grad-admin" REPO_NAME: "educ-grad-admin" - BRANCH: "main" + BRANCH: "GRAD2-3119" APP_NAME_FRONTEND: "educ-grad-admin-frontend" NAMESPACE: ${{secrets.GRAD_NAMESPACE_NO_ENV}} NAMESPACE_TOOLS: ${{secrets.GRAD_NAMESPACE_NO_ENV}}-tools @@ -155,7 +155,7 @@ jobs: oc project ${{ env.OPENSHIFT_NAMESPACE }} # Cancel any rollouts in progress - oc rollout cancel dc/${{ env.IMAGE_NAME }}-dc 2> /dev/null \ + oc rollout cancel deployment/${{ env.IMAGE_NAME }} 2> /dev/null \ || true && echo "No rollout in progress" # Process and apply deployment template @@ -166,11 +166,11 @@ jobs: -p MIN_MEM=200Mi -p MAX_MEM=250Mi | oc apply -n ${{secrets.GRAD_NAMESPACE_NO_ENV}}-dev -f - # Start rollout (if necessary) and follow it - oc rollout latest dc/${{ env.IMAGE_NAME }}-dc 2> /dev/null \ - || true && echo "Rollout in progress" - oc logs -f dc/${{ env.IMAGE_NAME }}-dc + oc rollout restart deployment/${{ env.IMAGE_NAME }} + # Get status, returns 0 if rollout is successful - oc rollout status dc/${{ env.IMAGE_NAME }}-dc + oc rollout status deployment/${{ env.IMAGE_NAME }} + - name: ZAP Scan uses: zaproxy/action-full-scan@v0.10.0 with: From cd702c67c32a091746ae02f089d459beb5a88714 Mon Sep 17 00:00:00 2001 From: cditcher Date: Fri, 29 Nov 2024 10:50:41 -0800 Subject: [PATCH 08/48] Added envFrom --- tools/openshift/backend-dc.yaml | 2 +- tools/openshift/frontend-dc.yaml | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/tools/openshift/backend-dc.yaml b/tools/openshift/backend-dc.yaml index 90d378c9..0defbe0e 100644 --- a/tools/openshift/backend-dc.yaml +++ b/tools/openshift/backend-dc.yaml @@ -38,7 +38,7 @@ objects: protocol: TCP envFrom: - configMapRef: - name: educ-grad-admin-backend-config-map + name: "${REPO_NAME}-backend-config-map" resources: requests: cpu: "${MIN_CPU}" diff --git a/tools/openshift/frontend-dc.yaml b/tools/openshift/frontend-dc.yaml index 04aa66a8..ff2c87f9 100644 --- a/tools/openshift/frontend-dc.yaml +++ b/tools/openshift/frontend-dc.yaml @@ -38,6 +38,9 @@ objects: ports: - containerPort: 2015 protocol: TCP + envFrom: + - configMapRef: + name: "${APP_NAME}-frontend-config-map" resources: requests: cpu: "${MIN_CPU}" From f1f0c271e4cc190ad918f59b7e0c4cfc6cda437b Mon Sep 17 00:00:00 2001 From: cditcher Date: Fri, 29 Nov 2024 11:01:27 -0800 Subject: [PATCH 09/48] updated envFrom --- tools/openshift/backend-dc.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/openshift/backend-dc.yaml b/tools/openshift/backend-dc.yaml index 0defbe0e..90d378c9 100644 --- a/tools/openshift/backend-dc.yaml +++ b/tools/openshift/backend-dc.yaml @@ -38,7 +38,7 @@ objects: protocol: TCP envFrom: - configMapRef: - name: "${REPO_NAME}-backend-config-map" + name: educ-grad-admin-backend-config-map resources: requests: cpu: "${MIN_CPU}" From 34cf72392f741f7c96520825a66d8cee8b06b986 Mon Sep 17 00:00:00 2001 From: cditcher Date: Fri, 29 Nov 2024 11:13:18 -0800 Subject: [PATCH 10/48] Updated indentations in yaml --- tools/openshift/backend-dc.yaml | 2 +- tools/openshift/frontend-dc.yaml | 458 +++++++++++++++---------------- 2 files changed, 230 insertions(+), 230 deletions(-) diff --git a/tools/openshift/backend-dc.yaml b/tools/openshift/backend-dc.yaml index 90d378c9..b7f5f2c3 100644 --- a/tools/openshift/backend-dc.yaml +++ b/tools/openshift/backend-dc.yaml @@ -38,7 +38,7 @@ objects: protocol: TCP envFrom: - configMapRef: - name: educ-grad-admin-backend-config-map + name: "${APP_NAME}-backend-config-map" resources: requests: cpu: "${MIN_CPU}" diff --git a/tools/openshift/frontend-dc.yaml b/tools/openshift/frontend-dc.yaml index ff2c87f9..608999cd 100644 --- a/tools/openshift/frontend-dc.yaml +++ b/tools/openshift/frontend-dc.yaml @@ -6,239 +6,239 @@ labels: metadata: name: "${REPO_NAME}-frontend" objects: -- apiVersion: apps/v1 - kind: Deployment - metadata: - name: "${APP_NAME}-frontend" - labels: - app: "${APP_NAME}-frontend" - app.kubernetes.io/part-of: GRAD-ADMIN - app.openshift.io/runtime: js - spec: - replicas: ${{MIN_REPLICAS}} - selector: - matchLabels: + - apiVersion: apps/v1 + kind: Deployment + metadata: + name: "${APP_NAME}-frontend" + labels: app: "${APP_NAME}-frontend" - strategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 25% - maxSurge: 25% - template: - metadata: - annotations: - openshift.io/generated-by: OpenShiftNewApp - labels: + app.kubernetes.io/part-of: GRAD-ADMIN + app.openshift.io/runtime: js + spec: + replicas: ${{MIN_REPLICAS}} + selector: + matchLabels: app: "${APP_NAME}-frontend" - spec: - containers: - - name: "${APP_NAME}-frontend" - image: image-registry.openshift-image-registry.svc:5000/${NAMESPACE}/${REPO_NAME}-frontend:${TAG} - imagePullPolicy: Always - ports: - - containerPort: 2015 - protocol: TCP - envFrom: - - configMapRef: - name: "${APP_NAME}-frontend-config-map" - resources: - requests: - cpu: "${MIN_CPU}" - memory: "${MIN_MEM}" - limits: - cpu: "${MAX_CPU}" - memory: "${MAX_MEM}" - livenessProbe: - httpGet: - path: "/" - port: 2015 - scheme: HTTP - initialDelaySeconds: 300 - periodSeconds: 30 - timeoutSeconds: 5 - failureThreshold: 5 - successThreshold: 1 - readinessProbe: - httpGet: - path: "/" - port: 2015 - scheme: HTTP - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 20 - successThreshold: 1 - volumeMounts: + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 25% + maxSurge: 25% + template: + metadata: + annotations: + openshift.io/generated-by: OpenShiftNewApp + labels: + app: "${APP_NAME}-frontend" + spec: + containers: + - name: "${APP_NAME}-frontend" + image: image-registry.openshift-image-registry.svc:5000/${NAMESPACE}/${REPO_NAME}-frontend:${TAG} + imagePullPolicy: Always + ports: + - containerPort: 2015 + protocol: TCP + envFrom: + - configMapRef: + name: "${APP_NAME}-frontend-config-map" + resources: + requests: + cpu: "${MIN_CPU}" + memory: "${MIN_MEM}" + limits: + cpu: "${MAX_CPU}" + memory: "${MAX_MEM}" + livenessProbe: + httpGet: + path: "/" + port: 2015 + scheme: HTTP + initialDelaySeconds: 300 + periodSeconds: 30 + timeoutSeconds: 5 + failureThreshold: 5 + successThreshold: 1 + readinessProbe: + httpGet: + path: "/" + port: 2015 + scheme: HTTP + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 20 + successThreshold: 1 + volumeMounts: + - name: tls-certs + mountPath: "/etc/tls-certs" + readOnly: true + - name: config-env + mountPath: "/var/www/html/js/config" + volumes: - name: tls-certs - mountPath: "/etc/tls-certs" - readOnly: true + secret: + secretName: "${APP_NAME}-frontend-cert" - name: config-env - mountPath: "/var/www/html/js/config" - volumes: - - name: tls-certs - secret: - secretName: "${APP_NAME}-frontend-cert" - - name: config-env - configMap: - name: ${APP_NAME}-frontend-config-map - test: false -- apiVersion: v1 - kind: Service - metadata: - annotations: - openshift.io/generated-by: OpenShiftNewApp - service.alpha.openshift.io/serving-cert-secret-name: "${APP_NAME}-frontend-cert" - labels: - app: "${APP_NAME}-frontend" - name: "${APP_NAME}-frontend" - spec: - ports: - - name: 2015-tcp - port: 2015 - protocol: TCP - targetPort: 2015 - selector: - app: "${APP_NAME}-frontend" -# route for .grad.gov.bc.ca -#- apiVersion: v1 -# kind: Route -# metadata: -# annotations: -# openshift.io/host.generated: 'true' -# labels: -# app: "${APP_NAME}-frontend" -# name: "${APP_NAME}-frontend-${ENVIRONMENT}" -# spec: -# host: "${BASE_URL}" -# to: -# kind: Service -# name: "${APP_NAME}-frontend" -# weight: 100 - # wildcardPolicy: None - # port: - # targetPort: 2015-tcp - # tls: - # caCertificate: "${CA_CERT}" - # certificate: "${CERTIFICATE}" - # insecureEdgeTerminationPolicy: Redirect - # key: "${PRIVATE_KEY}" - # termination: edge -# route for backend .grad.gov.bc.ca/api -#- apiVersion: v1 -# kind: Route -# metadata: -# annotations: -# openshift.io/host.generated: 'true' -# labels: -# app: "${APP_NAME}-backend" -# name: "${APP_NAME}-backend-${ENVIRONMENT}" -# spec: -# host: "${BASE_URL}" -# path: "/api" -# to: -# kind: Service -# name: "${APP_NAME}-backend" -# weight: 100 -# wildcardPolicy: None -# port: -# targetPort: 8080-tcp -# tls: -# caCertificate: "${CA_CERT}" -# certificate: "${CERTIFICATE}" -# insecureEdgeTerminationPolicy: Redirect -# key: "${PRIVATE_KEY}" -# termination: edge -- apiVersion: v1 - kind: Route - metadata: - annotations: - openshift.io/host.generated: 'true' - labels: - app: "${APP_NAME}-frontend" - name: "${APP_NAME}-frontend" - spec: - host: "${HOST_ROUTE}" - port: - targetPort: 2015-tcp - tls: - insecureEdgeTerminationPolicy: Redirect - termination: edge - to: - kind: Service + configMap: + name: ${APP_NAME}-frontend-config-map + test: false + - apiVersion: v1 + kind: Service + metadata: + annotations: + openshift.io/generated-by: OpenShiftNewApp + service.alpha.openshift.io/serving-cert-secret-name: "${APP_NAME}-frontend-cert" + labels: + app: "${APP_NAME}-frontend" name: "${APP_NAME}-frontend" - weight: 100 - wildcardPolicy: None -- apiVersion: autoscaling/v2 - kind: HorizontalPodAutoscaler - metadata: - name: "${APP_NAME}-frontend-cpu-autoscaler" - spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment + spec: + ports: + - name: 2015-tcp + port: 2015 + protocol: TCP + targetPort: 2015 + selector: + app: "${APP_NAME}-frontend" + # route for .grad.gov.bc.ca + #- apiVersion: v1 + # kind: Route + # metadata: + # annotations: + # openshift.io/host.generated: 'true' + # labels: + # app: "${APP_NAME}-frontend" + # name: "${APP_NAME}-frontend-${ENVIRONMENT}" + # spec: + # host: "${BASE_URL}" + # to: + # kind: Service + # name: "${APP_NAME}-frontend" + # weight: 100 + # wildcardPolicy: None + # port: + # targetPort: 2015-tcp + # tls: + # caCertificate: "${CA_CERT}" + # certificate: "${CERTIFICATE}" + # insecureEdgeTerminationPolicy: Redirect + # key: "${PRIVATE_KEY}" + # termination: edge + # route for backend .grad.gov.bc.ca/api + #- apiVersion: v1 + # kind: Route + # metadata: + # annotations: + # openshift.io/host.generated: 'true' + # labels: + # app: "${APP_NAME}-backend" + # name: "${APP_NAME}-backend-${ENVIRONMENT}" + # spec: + # host: "${BASE_URL}" + # path: "/api" + # to: + # kind: Service + # name: "${APP_NAME}-backend" + # weight: 100 + # wildcardPolicy: None + # port: + # targetPort: 8080-tcp + # tls: + # caCertificate: "${CA_CERT}" + # certificate: "${CERTIFICATE}" + # insecureEdgeTerminationPolicy: Redirect + # key: "${PRIVATE_KEY}" + # termination: edge + - apiVersion: v1 + kind: Route + metadata: + annotations: + openshift.io/host.generated: 'true' + labels: + app: "${APP_NAME}-frontend" name: "${APP_NAME}-frontend" - subresource: scale - minReplicas: ${{MIN_REPLICAS}} - maxReplicas: ${{MAX_REPLICAS}} - metrics: - - type: Resource - resource: - name: cpu - target: - averageUtilization: 150 - type: Utilization - - type: Resource - resource: - name: memory - target: - averageUtilization: 100 - type: Utilization + spec: + host: "${HOST_ROUTE}" + port: + targetPort: 2015-tcp + tls: + insecureEdgeTerminationPolicy: Redirect + termination: edge + to: + kind: Service + name: "${APP_NAME}-frontend" + weight: 100 + wildcardPolicy: None + - apiVersion: autoscaling/v2 + kind: HorizontalPodAutoscaler + metadata: + name: "${APP_NAME}-frontend-cpu-autoscaler" + spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: "${APP_NAME}-frontend" + subresource: scale + minReplicas: ${{MIN_REPLICAS}} + maxReplicas: ${{MAX_REPLICAS}} + metrics: + - type: Resource + resource: + name: cpu + target: + averageUtilization: 150 + type: Utilization + - type: Resource + resource: + name: memory + target: + averageUtilization: 100 + type: Utilization parameters: -- name: REPO_NAME - description: Application repository name - required: true -- name: NAMESPACE - description: Target namespace reference (i.e. 'k8vopl-dev') - required: true -- name: APP_NAME - description: Application name - required: true -- name: HOST_ROUTE - description: The host the route will use to expose service outside cluster - required: true -- name: TAG - description: The identifying tag for this specific deployment - required: true -- name: MIN_REPLICAS - description: The minimum amount of replicas - required: true -- name: MAX_REPLICAS - description: The maximum amount of replicas - required: true -- name: MIN_CPU - description: The minimum amount of cpu - required: true -- name: MAX_CPU - description: The maximum amount of cpu - required: true -- name: MIN_MEM - description: The minimum amount of memory - required: true -- name: MAX_MEM - description: The maximum amount of memory - required: true -- name: ENVIRONMENT - description: dev, test, prod - required: true -- name: CA_CERT - description: The CA Certificate - required: true -- name: CERTIFICATE - description: The Certificate - required: true -- name: PRIVATE_KEY - description: The private key - required: true -- name: BASE_URL - description: Base url. Example dev.grad.gov.bc.ca. Not prepended with https:// - required: true + - name: REPO_NAME + description: Application repository name + required: true + - name: NAMESPACE + description: Target namespace reference (i.e. 'k8vopl-dev') + required: true + - name: APP_NAME + description: Application name + required: true + - name: HOST_ROUTE + description: The host the route will use to expose service outside cluster + required: true + - name: TAG + description: The identifying tag for this specific deployment + required: true + - name: MIN_REPLICAS + description: The minimum amount of replicas + required: true + - name: MAX_REPLICAS + description: The maximum amount of replicas + required: true + - name: MIN_CPU + description: The minimum amount of cpu + required: true + - name: MAX_CPU + description: The maximum amount of cpu + required: true + - name: MIN_MEM + description: The minimum amount of memory + required: true + - name: MAX_MEM + description: The maximum amount of memory + required: true + - name: ENVIRONMENT + description: dev, test, prod + required: true + - name: CA_CERT + description: The CA Certificate + required: true + - name: CERTIFICATE + description: The Certificate + required: true + - name: PRIVATE_KEY + description: The private key + required: true + - name: BASE_URL + description: Base url. Example dev.grad.gov.bc.ca. Not prepended with https:// + required: true From c7bde44eda145eace3f7b00bfcbd6a0b91ff4bc2 Mon Sep 17 00:00:00 2001 From: cditcher Date: Fri, 29 Nov 2024 11:18:41 -0800 Subject: [PATCH 11/48] Minor change --- tools/openshift/backend-dc.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/openshift/backend-dc.yaml b/tools/openshift/backend-dc.yaml index b7f5f2c3..0defbe0e 100644 --- a/tools/openshift/backend-dc.yaml +++ b/tools/openshift/backend-dc.yaml @@ -38,7 +38,7 @@ objects: protocol: TCP envFrom: - configMapRef: - name: "${APP_NAME}-backend-config-map" + name: "${REPO_NAME}-backend-config-map" resources: requests: cpu: "${MIN_CPU}" From 0c5b6565dbe5651a58e0a85a327fdf83f83a44b1 Mon Sep 17 00:00:00 2001 From: cditcher Date: Fri, 29 Nov 2024 12:54:31 -0800 Subject: [PATCH 12/48] Updated dev actions to use deployment --- .../workflows/build-n-deploy-backend-to-ocp-dev.yml | 8 +++----- .../workflows/build-n-deploy-frontend-to-ocp-dev.yml | 10 +++++----- 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/.github/workflows/build-n-deploy-backend-to-ocp-dev.yml b/.github/workflows/build-n-deploy-backend-to-ocp-dev.yml index cff9a032..d52a9c4b 100644 --- a/.github/workflows/build-n-deploy-backend-to-ocp-dev.yml +++ b/.github/workflows/build-n-deploy-backend-to-ocp-dev.yml @@ -147,7 +147,7 @@ jobs: oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }} oc project ${{ env.OPENSHIFT_NAMESPACE }} # Cancel any rollouts in progress - oc rollout cancel dc/${{ env.IMAGE_NAME }}-dc 2> /dev/null \ + oc rollout cancel deployment/${{ env.IMAGE_NAME }} 2> /dev/null \ || true && echo "No rollout in progress" oc project ${{ env.OPENSHIFT_NAMESPACE }} @@ -161,12 +161,10 @@ jobs: oc process -f tools/openshift/backend-dc.yaml -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p REPO_NAME=educ-grad-admin -p HOST_ROUTE=educ-grad-admin-bbe4c3-dev.apps.silver.devops.gov.bc.ca -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} | oc apply -n bbe4c3-dev -f - # Start rollout (if necessary) and follow it - oc rollout latest dc/${{ env.IMAGE_NAME }}-dc 2> /dev/null \ - || true && echo "Rollout in progress" + oc rollout restart deployment/${{ env.IMAGE_NAME }} - oc logs -f dc/${{ env.IMAGE_NAME }}-dc # Get status, returns 0 if rollout is successful - oc rollout status dc/${{ env.IMAGE_NAME }}-dc + oc rollout status deployment/${{ env.IMAGE_NAME }} - name: ZAP Scan uses: zaproxy/action-full-scan@v0.10.0 diff --git a/.github/workflows/build-n-deploy-frontend-to-ocp-dev.yml b/.github/workflows/build-n-deploy-frontend-to-ocp-dev.yml index 00651e05..2b15abf1 100644 --- a/.github/workflows/build-n-deploy-frontend-to-ocp-dev.yml +++ b/.github/workflows/build-n-deploy-frontend-to-ocp-dev.yml @@ -155,7 +155,7 @@ jobs: oc project ${{ env.OPENSHIFT_NAMESPACE }} # Cancel any rollouts in progress - oc rollout cancel dc/${{ env.IMAGE_NAME }}-dc 2> /dev/null \ + oc rollout cancel deployment/${{ env.IMAGE_NAME }} 2> /dev/null \ || true && echo "No rollout in progress" # Process and apply deployment template @@ -166,11 +166,11 @@ jobs: -p MIN_MEM=200Mi -p MAX_MEM=250Mi | oc apply -n bbe4c3-dev -f - # Start rollout (if necessary) and follow it - oc rollout latest dc/${{ env.IMAGE_NAME }}-dc 2> /dev/null \ - || true && echo "Rollout in progress" - oc logs -f dc/${{ env.IMAGE_NAME }}-dc + oc rollout restart deployment/${{ env.IMAGE_NAME }} + # Get status, returns 0 if rollout is successful - oc rollout status dc/${{ env.IMAGE_NAME }}-dc + oc rollout status deployment/${{ env.IMAGE_NAME }} + - name: ZAP Scan uses: zaproxy/action-full-scan@v0.10.0 with: From addd305b8cc9d75d9619fd1446c6dd0b2fb0f801 Mon Sep 17 00:00:00 2001 From: cditcher Date: Mon, 2 Dec 2024 08:20:31 -0800 Subject: [PATCH 13/48] Updated frontend to use IAC for configmap --- ...uild-n-deploy-frontend-to-ocp-dev-vue3.yml | 11 ++++-- tools/openshift/update-configmap-frontend.sh | 34 +++++++++++++++++++ 2 files changed, 43 insertions(+), 2 deletions(-) create mode 100644 tools/openshift/update-configmap-frontend.sh diff --git a/.github/workflows/build-n-deploy-frontend-to-ocp-dev-vue3.yml b/.github/workflows/build-n-deploy-frontend-to-ocp-dev-vue3.yml index f1bd3527..9d377768 100644 --- a/.github/workflows/build-n-deploy-frontend-to-ocp-dev-vue3.yml +++ b/.github/workflows/build-n-deploy-frontend-to-ocp-dev-vue3.yml @@ -30,7 +30,7 @@ env: TARGET_ENV: "dev" # SITE_URL should have no scheme or port. It will be prepended with https:// - HOST_ROUTE: ${{ secrets.SITE_URL }} + HOST_ROUTE: educ-grad-admin-${{secrets.GRAD_NAMESPACE_NO_ENV}}-dev.apps.silver.devops.gov.bc.ca on: workflow_dispatch: @@ -158,13 +158,20 @@ jobs: oc rollout cancel deployment/${{ env.IMAGE_NAME }} 2> /dev/null \ || true && echo "No rollout in progress" - # Process and apply deployment template + # Process template oc process -f tools/openshift/frontend-dc.yaml -p REPO_NAME=educ-grad-admin \ -p HOST_ROUTE=educ-grad-admin-${{secrets.GRAD_NAMESPACE_NO_ENV}}-dev.apps.silver.devops.gov.bc.ca -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ -p APP_NAME=educ-grad-admin -p TAG=latest -p MIN_REPLICAS=2 -p MAX_REPLICAS=3 -p MIN_CPU=50m -p MAX_CPU=100m \ -p BASE_URL=${{ env.TARGET_ENV }}.grad.gov.bc.ca -p ENVIRONMENT=${{ env.TARGET_ENV }} -p CERTIFICATE="${{ secrets.CERTIFICATE }}" -p CA_CERT="${{ secrets.CA_CERT }}" -p PRIVATE_KEY="${{ secrets.PRIVATE_KEY }}" \ -p MIN_MEM=200Mi -p MAX_MEM=250Mi | oc apply -n ${{secrets.GRAD_NAMESPACE_NO_ENV}}-dev -f - + # UPDATE Configmaps + curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap-frontend.sh \ + | bash /dev/stdin \ + dev \ + ${{ env.REPO_NAME }} \ + ${{ env.GRAD_NAMESPACE }} + # Start rollout (if necessary) and follow it oc rollout restart deployment/${{ env.IMAGE_NAME }} diff --git a/tools/openshift/update-configmap-frontend.sh b/tools/openshift/update-configmap-frontend.sh new file mode 100644 index 00000000..eddc7196 --- /dev/null +++ b/tools/openshift/update-configmap-frontend.sh @@ -0,0 +1,34 @@ +########################################################### +#ENV VARS +########################################################### +envValue=$1 +APP_NAME=$2 +GRAD_NAMESPACE=$3 +HOST_ROUTE=$4 + +########################################################### +#Setup for config-maps +########################################################### +echo Creating config map "$APP_NAME"-config-map +oc create -n "$GRAD_NAMESPACE"-"$envValue" configmap "$APP_NAME"-config-map \ + --from-literal=EDUC_HELLO="Hello world" \ + --from-literal=VUE_APP_TRAX_API_HOST="http://educ-grad-trax-api.$GRAD_NAMESPACE.svc.cluster.local:8080" \ + --from-literal=VUE_APP_BATCH_GRADUATION_API_HOST="http://educ-grad-batch-graduation-api.$GRAD_NAMESPACE.svc.cluster.local:8080" \ + --from-literal=VUE_APP_EDUC_GRAD_VERSION="v1.7.0" \ + --from-literal=VUE_APP_STUDENT_GRADUATION_API_HOST="http://educ-grad-student-graduation-api.$GRAD_NAMESPACE.svc.cluster.local:8080" \ + --from-literal=TZ="America/Vancouver" \ + --from-literal=VUE_APP_GRADUATION_API_HOST="http://educ-grad-graduation-api.$GRAD_NAMESPACE.svc.cluster.local:8080" \ + --from-literal=VUE_APP_KEYCLOAK_AUTH_HOST="https://soam-dev.apps.silver.devops.gov.bc.ca" \ + --from-literal=EDUC_GRAD_ENV="DEV" \ + --from-literal=HOST_ROUTE="$HOST_ROUTE" \ + --from-literal=VUE_APP_ASSESSMENT_API_HOST="http://educ-grad-assessment-api.$GRAD_NAMESPACE.svc.cluster.local:8080" \ + --from-literal=config.js="var config=(function(){return{VUE_APP_BASE_URL=\"https://dev.grad.gov.bc.ca\"};})();" \ + --from-literal=VUE_APP_BASE_URL="$HOST_ROUTE" \ + --from-literal=EDUC_GRAD_VERSION="v1.7.0" \ + --from-literal=VUE_APP_COURSE_API_HOST="http://educ-grad-course-api.$GRAD_NAMESPACE.svc.cluster.local:8080" \ + --from-literal=VUE_APP_STUDENTS_API_HOST="http://educ-grad-student-api.$GRAD_NAMESPACE.svc.cluster.local:8080" \ + --from-literal=VUE_APP_GRADUATION_REPORT_API_HOST="http://educ-grad-graduation-report-api.$GRAD_NAMESPACE.svc.cluster.local:8080" \ + --from-literal=VUE_APP_GRAD_REPORT_API_HOST="http://educ-grad-report-api.$GRAD_NAMESPACE.svc.cluster.local:8080" \ + --from-literal=VUE_APP_PROGRAM_API_HOST="http://educ-grad-program-api.$GRAD_NAMESPACE.svc.cluster.local:8080" \ + --dry-run=client -o yaml | oc apply -f - + From 11a42c289f494dac8c200030565eb9a50e3c5edc Mon Sep 17 00:00:00 2001 From: cditcher Date: Mon, 2 Dec 2024 08:22:06 -0800 Subject: [PATCH 14/48] Minor syntax fix --- .github/workflows/build-n-deploy-frontend-to-ocp-dev-vue3.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-n-deploy-frontend-to-ocp-dev-vue3.yml b/.github/workflows/build-n-deploy-frontend-to-ocp-dev-vue3.yml index 9d377768..5e59f08f 100644 --- a/.github/workflows/build-n-deploy-frontend-to-ocp-dev-vue3.yml +++ b/.github/workflows/build-n-deploy-frontend-to-ocp-dev-vue3.yml @@ -170,7 +170,8 @@ jobs: | bash /dev/stdin \ dev \ ${{ env.REPO_NAME }} \ - ${{ env.GRAD_NAMESPACE }} + ${{ env.GRAD_NAMESPACE }} \ + ${{ env.HOST_ROUTE }} # Start rollout (if necessary) and follow it oc rollout restart deployment/${{ env.IMAGE_NAME }} From 9fdcda1ebe8edb8995522d185fa3e084939d98fe Mon Sep 17 00:00:00 2001 From: cditcher Date: Mon, 2 Dec 2024 09:36:34 -0800 Subject: [PATCH 15/48] Removing volume mounts and configmap refs from frontend --- tools/openshift/frontend-dc.yaml | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/tools/openshift/frontend-dc.yaml b/tools/openshift/frontend-dc.yaml index 608999cd..af9e359d 100644 --- a/tools/openshift/frontend-dc.yaml +++ b/tools/openshift/frontend-dc.yaml @@ -38,9 +38,9 @@ objects: ports: - containerPort: 2015 protocol: TCP - envFrom: - - configMapRef: - name: "${APP_NAME}-frontend-config-map" + #envFrom: + #- configMapRef: + #name: "${APP_NAME}-frontend-config-map" resources: requests: cpu: "${MIN_CPU}" @@ -68,19 +68,19 @@ objects: timeoutSeconds: 5 failureThreshold: 20 successThreshold: 1 - volumeMounts: - - name: tls-certs - mountPath: "/etc/tls-certs" - readOnly: true - - name: config-env - mountPath: "/var/www/html/js/config" - volumes: - - name: tls-certs - secret: - secretName: "${APP_NAME}-frontend-cert" - - name: config-env - configMap: - name: ${APP_NAME}-frontend-config-map + #volumeMounts: + #- name: tls-certs + #mountPath: "/etc/tls-certs" + #readOnly: true + #- name: config-env + #mountPath: "/var/www/html/js/config" + #volumes: + #- name: tls-certs + #secret: + #secretName: "${APP_NAME}-frontend-cert" + #- name: config-env + #configMap: + #name: ${APP_NAME}-frontend-config-map test: false - apiVersion: v1 kind: Service From 3cb1393852717929dc076ce2de9d37f0bf7ac01e Mon Sep 17 00:00:00 2001 From: cditcher Date: Mon, 2 Dec 2024 09:37:17 -0800 Subject: [PATCH 16/48] Removed configmap update from deployment --- .../build-n-deploy-frontend-to-ocp-dev-vue3.yml | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/.github/workflows/build-n-deploy-frontend-to-ocp-dev-vue3.yml b/.github/workflows/build-n-deploy-frontend-to-ocp-dev-vue3.yml index 5e59f08f..c2435008 100644 --- a/.github/workflows/build-n-deploy-frontend-to-ocp-dev-vue3.yml +++ b/.github/workflows/build-n-deploy-frontend-to-ocp-dev-vue3.yml @@ -159,19 +159,11 @@ jobs: || true && echo "No rollout in progress" # Process template - oc process -f tools/openshift/frontend-dc.yaml -p REPO_NAME=educ-grad-admin \ - -p HOST_ROUTE=educ-grad-admin-${{secrets.GRAD_NAMESPACE_NO_ENV}}-dev.apps.silver.devops.gov.bc.ca -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ + oc process -f tools/openshift/frontend-dc.yaml -p REPO_NAME=${{ env.REPO_NAME }} \ + -p HOST_ROUTE=${{ env.HOST_ROUTE }} -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ -p APP_NAME=educ-grad-admin -p TAG=latest -p MIN_REPLICAS=2 -p MAX_REPLICAS=3 -p MIN_CPU=50m -p MAX_CPU=100m \ -p BASE_URL=${{ env.TARGET_ENV }}.grad.gov.bc.ca -p ENVIRONMENT=${{ env.TARGET_ENV }} -p CERTIFICATE="${{ secrets.CERTIFICATE }}" -p CA_CERT="${{ secrets.CA_CERT }}" -p PRIVATE_KEY="${{ secrets.PRIVATE_KEY }}" \ -p MIN_MEM=200Mi -p MAX_MEM=250Mi | oc apply -n ${{secrets.GRAD_NAMESPACE_NO_ENV}}-dev -f - - - # UPDATE Configmaps - curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap-frontend.sh \ - | bash /dev/stdin \ - dev \ - ${{ env.REPO_NAME }} \ - ${{ env.GRAD_NAMESPACE }} \ - ${{ env.HOST_ROUTE }} # Start rollout (if necessary) and follow it oc rollout restart deployment/${{ env.IMAGE_NAME }} From aa6bc59b1e76ea4b5f3c4d6306ffeca1dff3028d Mon Sep 17 00:00:00 2001 From: cditcher Date: Mon, 2 Dec 2024 09:51:25 -0800 Subject: [PATCH 17/48] Added a backend configmap --- tools/openshift/update-configmap-backend.sh | 90 +++++++++++++++++++++ 1 file changed, 90 insertions(+) create mode 100644 tools/openshift/update-configmap-backend.sh diff --git a/tools/openshift/update-configmap-backend.sh b/tools/openshift/update-configmap-backend.sh new file mode 100644 index 00000000..156f7900 --- /dev/null +++ b/tools/openshift/update-configmap-backend.sh @@ -0,0 +1,90 @@ +########################################################### +#ENV VARS +########################################################### +envValue=$1 +APP_NAME=$2 +GRAD_NAMESPACE=$3 +COMMON_NAMESPACE=$4 +BUSINESS_NAMESPACE=$5 +SPLUNK_TOKEN=$6 +APP_LOG_LEVEL=$7 +STUDENT_ADMIN_URL_ROOT=$8 + +SPLUNK_URL="gww.splunk.educ.gov.bc.ca" +FLB_CONFIG="[SERVICE] + Flush 1 + Daemon Off + Log_Level info + HTTP_Server On + HTTP_Listen 0.0.0.0 + Parsers_File parsers.conf +[INPUT] + Name tail + Path /mnt/log/* + Exclude_Path *.gz,*.zip + Parser docker + Mem_Buf_Limit 20MB + Buffer_Max_Size 1MB +[FILTER] + Name record_modifier + Match * + Record hostname \${HOSTNAME} +[OUTPUT] + Name stdout + Match absolutely_nothing_bud + Log_Level off +[OUTPUT] + Name splunk + Match * + Host $SPLUNK_URL + Port 443 + TLS On + TLS.Verify Off + Message_Key $APP_NAME + Splunk_Token $SPLUNK_TOKEN +" +PARSER_CONFIG=" +[PARSER] + Name docker + Format json +" +########################################################### +#Setup for config-maps +########################################################### +echo Creating config map "$APP_NAME"-config-map +oc create -n "$GRAD_NAMESPACE"-"$envValue" configmap "$APP_NAME"-config-map \ + --from-literal=APP_LOG_LEVEL="$APP_LOG_LEVEL" \ + --from-literal=BASELINE_ON_MIGRATE="true" \ + --from-literal=CRON_SCHEDULED_PURGE_OLD_RECORDS="0 0 0 * * *" \ + --from-literal=RECORDS_STALE_IN_DAYS="365" \ + --from-literal=CRON_SCHEDULED_GRAD_TO_TRAX_EVENTS="0 0/5 * * * *" \ + --from-literal=CRON_SCHEDULED_GRAD_TO_TRAX_EVENTS_LOCK_AT_LEAST_FOR="PT1M" \ + --from-literal=CRON_SCHEDULED_GRAD_TO_TRAX_EVENTS_LOCK_AT_MOST_FOR="PT5M" \ + --from-literal=CRON_SCHEDULED_GRAD_TO_TRAX_EVENTS_THRESHOLD="1000" \ + --from-literal=CRON_SCHEDULED_TRAX_TO_GRAD_EVENTS="0 0/5 * * * *" \ + --from-literal=CRON_SCHEDULED_TRAX_TO_GRAD_EVENTS_LOCK_AT_LEAST_FOR="PT1M" \ + --from-literal=CRON_SCHEDULED_TRAX_TO_GRAD_EVENTS_LOCK_AT_MOST_FOR="PT5M" \ + --from-literal=CRON_SCHEDULED_TRAX_TO_GRAD_EVENTS_THRESHOLD="1000" \ + --from-literal=CRON_SCHEDULED_TRIGGER_TRAX_UPDATES="0 0/20 * * * *" \ + --from-literal=CRON_SCHEDULED_TRIGGER_TRAX_UPDATES_LOCK_AT_LEAST_FOR="PT1M" \ + --from-literal=CRON_SCHEDULED_TRIGGER_TRAX_UPDATES_LOCK_AT_MOST_FOR="PT20M" \ + --from-literal=CRON_SCHEDULED_TRIGGER_TRAX_UPDATES_THRESHOLD="4000" \ + --from-literal=ENABLE_FLYWAY="true" \ + --from-literal=ENABLE_TRAX_UPDATE="true" \ + --from-literal=KEYCLOAK_TOKEN_URL="https://soam-$envValue.apps.silver.devops.gov.bc.ca/" \ + --from-literal=INSTITUTE_API_URL_ROOT="http://institute-api-master.$COMMON_NAMESPACE-$envValue.svc.cluster.local:8080/" \ + --from-literal=MAX_RETRY_ATTEMPTS="3" \ + --from-literal=SCHOOL_CACHE_EXPIRY_IN_MINS="240" \ + --from-literal=STUDENT_ADMIN_URL_ROOT="$STUDENT_ADMIN_URL_ROOT" \ + --from-literal=CONNECTION_TIMEOUT='30000' \ + --from-literal=MAXIMUM_POOL_SIZE='15' \ + --from-literal=MIN_IDLE='15' \ + --from-literal=IDLE_TIMEOUT='600000' \ + --from-literal=MAX_LIFETIME='1500000' \ + --dry-run=client -o yaml | oc apply -f - + +echo Creating config map "$APP_NAME"-flb-sc-config-map +oc create -n "$GRAD_NAMESPACE"-"$envValue" configmap "$APP_NAME"-flb-sc-config-map \ + --from-literal=fluent-bit.conf="$FLB_CONFIG" \ + --from-literal=parsers.conf="$PARSER_CONFIG" \ + --dry-run=client -o yaml | oc apply -f - From 81b342ca4d5eae76f462a55e0964e095301f3f33 Mon Sep 17 00:00:00 2001 From: cditcher Date: Mon, 2 Dec 2024 09:51:44 -0800 Subject: [PATCH 18/48] Removed frontend configmap --- tools/openshift/update-configmap-frontend.sh | 34 -------------------- 1 file changed, 34 deletions(-) delete mode 100644 tools/openshift/update-configmap-frontend.sh diff --git a/tools/openshift/update-configmap-frontend.sh b/tools/openshift/update-configmap-frontend.sh deleted file mode 100644 index eddc7196..00000000 --- a/tools/openshift/update-configmap-frontend.sh +++ /dev/null @@ -1,34 +0,0 @@ -########################################################### -#ENV VARS -########################################################### -envValue=$1 -APP_NAME=$2 -GRAD_NAMESPACE=$3 -HOST_ROUTE=$4 - -########################################################### -#Setup for config-maps -########################################################### -echo Creating config map "$APP_NAME"-config-map -oc create -n "$GRAD_NAMESPACE"-"$envValue" configmap "$APP_NAME"-config-map \ - --from-literal=EDUC_HELLO="Hello world" \ - --from-literal=VUE_APP_TRAX_API_HOST="http://educ-grad-trax-api.$GRAD_NAMESPACE.svc.cluster.local:8080" \ - --from-literal=VUE_APP_BATCH_GRADUATION_API_HOST="http://educ-grad-batch-graduation-api.$GRAD_NAMESPACE.svc.cluster.local:8080" \ - --from-literal=VUE_APP_EDUC_GRAD_VERSION="v1.7.0" \ - --from-literal=VUE_APP_STUDENT_GRADUATION_API_HOST="http://educ-grad-student-graduation-api.$GRAD_NAMESPACE.svc.cluster.local:8080" \ - --from-literal=TZ="America/Vancouver" \ - --from-literal=VUE_APP_GRADUATION_API_HOST="http://educ-grad-graduation-api.$GRAD_NAMESPACE.svc.cluster.local:8080" \ - --from-literal=VUE_APP_KEYCLOAK_AUTH_HOST="https://soam-dev.apps.silver.devops.gov.bc.ca" \ - --from-literal=EDUC_GRAD_ENV="DEV" \ - --from-literal=HOST_ROUTE="$HOST_ROUTE" \ - --from-literal=VUE_APP_ASSESSMENT_API_HOST="http://educ-grad-assessment-api.$GRAD_NAMESPACE.svc.cluster.local:8080" \ - --from-literal=config.js="var config=(function(){return{VUE_APP_BASE_URL=\"https://dev.grad.gov.bc.ca\"};})();" \ - --from-literal=VUE_APP_BASE_URL="$HOST_ROUTE" \ - --from-literal=EDUC_GRAD_VERSION="v1.7.0" \ - --from-literal=VUE_APP_COURSE_API_HOST="http://educ-grad-course-api.$GRAD_NAMESPACE.svc.cluster.local:8080" \ - --from-literal=VUE_APP_STUDENTS_API_HOST="http://educ-grad-student-api.$GRAD_NAMESPACE.svc.cluster.local:8080" \ - --from-literal=VUE_APP_GRADUATION_REPORT_API_HOST="http://educ-grad-graduation-report-api.$GRAD_NAMESPACE.svc.cluster.local:8080" \ - --from-literal=VUE_APP_GRAD_REPORT_API_HOST="http://educ-grad-report-api.$GRAD_NAMESPACE.svc.cluster.local:8080" \ - --from-literal=VUE_APP_PROGRAM_API_HOST="http://educ-grad-program-api.$GRAD_NAMESPACE.svc.cluster.local:8080" \ - --dry-run=client -o yaml | oc apply -f - - From 1ae64df3741322af31e4488ee470570a92301d60 Mon Sep 17 00:00:00 2001 From: cditcher Date: Mon, 2 Dec 2024 09:54:08 -0800 Subject: [PATCH 19/48] Revert "Removing volume mounts and configmap refs from frontend" This reverts commit 9fdcda1ebe8edb8995522d185fa3e084939d98fe. --- tools/openshift/frontend-dc.yaml | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/tools/openshift/frontend-dc.yaml b/tools/openshift/frontend-dc.yaml index af9e359d..608999cd 100644 --- a/tools/openshift/frontend-dc.yaml +++ b/tools/openshift/frontend-dc.yaml @@ -38,9 +38,9 @@ objects: ports: - containerPort: 2015 protocol: TCP - #envFrom: - #- configMapRef: - #name: "${APP_NAME}-frontend-config-map" + envFrom: + - configMapRef: + name: "${APP_NAME}-frontend-config-map" resources: requests: cpu: "${MIN_CPU}" @@ -68,19 +68,19 @@ objects: timeoutSeconds: 5 failureThreshold: 20 successThreshold: 1 - #volumeMounts: - #- name: tls-certs - #mountPath: "/etc/tls-certs" - #readOnly: true - #- name: config-env - #mountPath: "/var/www/html/js/config" - #volumes: - #- name: tls-certs - #secret: - #secretName: "${APP_NAME}-frontend-cert" - #- name: config-env - #configMap: - #name: ${APP_NAME}-frontend-config-map + volumeMounts: + - name: tls-certs + mountPath: "/etc/tls-certs" + readOnly: true + - name: config-env + mountPath: "/var/www/html/js/config" + volumes: + - name: tls-certs + secret: + secretName: "${APP_NAME}-frontend-cert" + - name: config-env + configMap: + name: ${APP_NAME}-frontend-config-map test: false - apiVersion: v1 kind: Service From 669a10b2c703b1aada96d2c2fb3d1a5b111b8a2c Mon Sep 17 00:00:00 2001 From: cditcher Date: Mon, 2 Dec 2024 10:00:12 -0800 Subject: [PATCH 20/48] Revert "Revert "Removing volume mounts and configmap refs from frontend"" This reverts commit 1ae64df3741322af31e4488ee470570a92301d60. --- tools/openshift/frontend-dc.yaml | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/tools/openshift/frontend-dc.yaml b/tools/openshift/frontend-dc.yaml index 608999cd..af9e359d 100644 --- a/tools/openshift/frontend-dc.yaml +++ b/tools/openshift/frontend-dc.yaml @@ -38,9 +38,9 @@ objects: ports: - containerPort: 2015 protocol: TCP - envFrom: - - configMapRef: - name: "${APP_NAME}-frontend-config-map" + #envFrom: + #- configMapRef: + #name: "${APP_NAME}-frontend-config-map" resources: requests: cpu: "${MIN_CPU}" @@ -68,19 +68,19 @@ objects: timeoutSeconds: 5 failureThreshold: 20 successThreshold: 1 - volumeMounts: - - name: tls-certs - mountPath: "/etc/tls-certs" - readOnly: true - - name: config-env - mountPath: "/var/www/html/js/config" - volumes: - - name: tls-certs - secret: - secretName: "${APP_NAME}-frontend-cert" - - name: config-env - configMap: - name: ${APP_NAME}-frontend-config-map + #volumeMounts: + #- name: tls-certs + #mountPath: "/etc/tls-certs" + #readOnly: true + #- name: config-env + #mountPath: "/var/www/html/js/config" + #volumes: + #- name: tls-certs + #secret: + #secretName: "${APP_NAME}-frontend-cert" + #- name: config-env + #configMap: + #name: ${APP_NAME}-frontend-config-map test: false - apiVersion: v1 kind: Service From 3ae08ae8ac51b8ed5093b437b432bba16a739141 Mon Sep 17 00:00:00 2001 From: cditcher Date: Mon, 2 Dec 2024 10:01:54 -0800 Subject: [PATCH 21/48] Cleanup --- tools/openshift/frontend-dc.yaml | 62 ++++++++++++-------------------- 1 file changed, 23 insertions(+), 39 deletions(-) diff --git a/tools/openshift/frontend-dc.yaml b/tools/openshift/frontend-dc.yaml index af9e359d..2b8acbdf 100644 --- a/tools/openshift/frontend-dc.yaml +++ b/tools/openshift/frontend-dc.yaml @@ -38,9 +38,6 @@ objects: ports: - containerPort: 2015 protocol: TCP - #envFrom: - #- configMapRef: - #name: "${APP_NAME}-frontend-config-map" resources: requests: cpu: "${MIN_CPU}" @@ -68,19 +65,6 @@ objects: timeoutSeconds: 5 failureThreshold: 20 successThreshold: 1 - #volumeMounts: - #- name: tls-certs - #mountPath: "/etc/tls-certs" - #readOnly: true - #- name: config-env - #mountPath: "/var/www/html/js/config" - #volumes: - #- name: tls-certs - #secret: - #secretName: "${APP_NAME}-frontend-cert" - #- name: config-env - #configMap: - #name: ${APP_NAME}-frontend-config-map test: false - apiVersion: v1 kind: Service @@ -100,29 +84,29 @@ objects: selector: app: "${APP_NAME}-frontend" # route for .grad.gov.bc.ca - #- apiVersion: v1 - # kind: Route - # metadata: - # annotations: - # openshift.io/host.generated: 'true' - # labels: - # app: "${APP_NAME}-frontend" - # name: "${APP_NAME}-frontend-${ENVIRONMENT}" - # spec: - # host: "${BASE_URL}" - # to: - # kind: Service - # name: "${APP_NAME}-frontend" - # weight: 100 - # wildcardPolicy: None - # port: - # targetPort: 2015-tcp - # tls: - # caCertificate: "${CA_CERT}" - # certificate: "${CERTIFICATE}" - # insecureEdgeTerminationPolicy: Redirect - # key: "${PRIVATE_KEY}" - # termination: edge + - apiVersion: v1 + kind: Route + metadata: + annotations: + openshift.io/host.generated: 'true' + labels: + app: "${APP_NAME}-frontend" + name: "${APP_NAME}-frontend-${ENVIRONMENT}" + spec: + host: "${BASE_URL}" + to: + kind: Service + name: "${APP_NAME}-frontend" + weight: 100 + wildcardPolicy: None + port: + targetPort: 2015-tcp + tls: + caCertificate: "${CA_CERT}" + certificate: "${CERTIFICATE}" + insecureEdgeTerminationPolicy: Redirect + key: "${PRIVATE_KEY}" + termination: edge # route for backend .grad.gov.bc.ca/api #- apiVersion: v1 # kind: Route From 85f6feef3990592368a3eda9a7320bbd71e38422 Mon Sep 17 00:00:00 2001 From: cditcher Date: Mon, 2 Dec 2024 11:03:51 -0800 Subject: [PATCH 22/48] Syncing with dev deployment --- ...uild-n-deploy-frontend-to-ocp-dev-vue3.yml | 13 +++++----- .../build-n-deploy-frontend-to-ocp-dev.yml | 24 +++++++++---------- 2 files changed, 17 insertions(+), 20 deletions(-) diff --git a/.github/workflows/build-n-deploy-frontend-to-ocp-dev-vue3.yml b/.github/workflows/build-n-deploy-frontend-to-ocp-dev-vue3.yml index c2435008..39e808db 100644 --- a/.github/workflows/build-n-deploy-frontend-to-ocp-dev-vue3.yml +++ b/.github/workflows/build-n-deploy-frontend-to-ocp-dev-vue3.yml @@ -31,6 +31,8 @@ env: # SITE_URL should have no scheme or port. It will be prepended with https:// HOST_ROUTE: educ-grad-admin-${{secrets.GRAD_NAMESPACE_NO_ENV}}-dev.apps.silver.devops.gov.bc.ca + MIN_MEM: "200Mi" + MAX_MEM: "250Mi" on: workflow_dispatch: @@ -42,10 +44,6 @@ jobs: runs-on: ubuntu-22.04 environment: dev-vue3 - outputs: - ROUTE: ${{ steps.deploy-and-expose.outputs.route }} - SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }} - steps: - name: Check for required secrets uses: actions/github-script@v4 @@ -153,7 +151,7 @@ jobs: # Login to OpenShift and select project oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }} oc project ${{ env.OPENSHIFT_NAMESPACE }} - + # Cancel any rollouts in progress oc rollout cancel deployment/${{ env.IMAGE_NAME }} 2> /dev/null \ || true && echo "No rollout in progress" @@ -163,7 +161,7 @@ jobs: -p HOST_ROUTE=${{ env.HOST_ROUTE }} -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ -p APP_NAME=educ-grad-admin -p TAG=latest -p MIN_REPLICAS=2 -p MAX_REPLICAS=3 -p MIN_CPU=50m -p MAX_CPU=100m \ -p BASE_URL=${{ env.TARGET_ENV }}.grad.gov.bc.ca -p ENVIRONMENT=${{ env.TARGET_ENV }} -p CERTIFICATE="${{ secrets.CERTIFICATE }}" -p CA_CERT="${{ secrets.CA_CERT }}" -p PRIVATE_KEY="${{ secrets.PRIVATE_KEY }}" \ - -p MIN_MEM=200Mi -p MAX_MEM=250Mi | oc apply -n ${{secrets.GRAD_NAMESPACE_NO_ENV}}-dev -f - + -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} | oc apply -n ${{ env.OPENSHIFT_NAMESPACE }} -f - # Start rollout (if necessary) and follow it oc rollout restart deployment/${{ env.IMAGE_NAME }} @@ -174,4 +172,5 @@ jobs: - name: ZAP Scan uses: zaproxy/action-full-scan@v0.10.0 with: - target: "https://educ-grad-admin-${{secrets.GRAD_NAMESPACE_NO_ENV}}-dev.apps.silver.devops.gov.bc.ca" + target: 'https://educ-grad-admin-${{ env.OPENSHIFT_NAMESPACE }}.apps.silver.devops.gov.bc.ca' + diff --git a/.github/workflows/build-n-deploy-frontend-to-ocp-dev.yml b/.github/workflows/build-n-deploy-frontend-to-ocp-dev.yml index 2b15abf1..abd67aaf 100644 --- a/.github/workflows/build-n-deploy-frontend-to-ocp-dev.yml +++ b/.github/workflows/build-n-deploy-frontend-to-ocp-dev.yml @@ -19,7 +19,7 @@ env: DOCKER_ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca/docker-remote ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca - APP_NAME: 'educ-grad-admin' + APP_NAME: "educ-grad-admin" REPO_NAME: "educ-grad-admin" BRANCH: "main" APP_NAME_FRONTEND: "educ-grad-admin-frontend" @@ -29,8 +29,10 @@ env: TAG: "latest" TARGET_ENV: "dev" - # SITE_URL should have no scheme or port. It will be prepended with https:// - HOST_ROUTE: ${{ secrets.SITE_URL }} + # HOST_ROUTE should have no scheme or port. It will be prepended with https:// + HOST_ROUTE: "dev.grad.gov.bc.ca" + MIN_MEM: "200Mi" + MAX_MEM: "250Mi" on: workflow_dispatch: @@ -42,10 +44,6 @@ jobs: runs-on: ubuntu-22.04 environment: dev - outputs: - ROUTE: ${{ steps.deploy-and-expose.outputs.route }} - SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }} - steps: - name: Check for required secrets uses: actions/github-script@v4 @@ -157,13 +155,13 @@ jobs: # Cancel any rollouts in progress oc rollout cancel deployment/${{ env.IMAGE_NAME }} 2> /dev/null \ || true && echo "No rollout in progress" - - # Process and apply deployment template - oc process -f tools/openshift/frontend-dc.yaml -p REPO_NAME=educ-grad-admin \ - -p HOST_ROUTE=educ-grad-admin-bbe4c3-dev.apps.silver.devops.gov.bc.ca -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ + + # Process template + oc process -f tools/openshift/frontend-dc.yaml -p REPO_NAME=${{ env.REPO_NAME }} \ + -p HOST_ROUTE=${{ env.HOST_ROUTE }} -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ -p APP_NAME=educ-grad-admin -p TAG=latest -p MIN_REPLICAS=2 -p MAX_REPLICAS=3 -p MIN_CPU=50m -p MAX_CPU=100m \ -p BASE_URL=${{ env.TARGET_ENV }}.grad.gov.bc.ca -p ENVIRONMENT=${{ env.TARGET_ENV }} -p CERTIFICATE="${{ secrets.CERTIFICATE }}" -p CA_CERT="${{ secrets.CA_CERT }}" -p PRIVATE_KEY="${{ secrets.PRIVATE_KEY }}" \ - -p MIN_MEM=200Mi -p MAX_MEM=250Mi | oc apply -n bbe4c3-dev -f - + -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} | oc apply -n ${{ env.OPENSHIFT_NAMESPACE }} -f - # Start rollout (if necessary) and follow it oc rollout restart deployment/${{ env.IMAGE_NAME }} @@ -174,5 +172,5 @@ jobs: - name: ZAP Scan uses: zaproxy/action-full-scan@v0.10.0 with: - target: 'https://educ-grad-admin-bbe4c3-dev.apps.silver.devops.gov.bc.ca' + target: 'https://educ-grad-admin-${{ env.OPENSHIFT_NAMESPACE }}.apps.silver.devops.gov.bc.ca' From 7f07f398c9b771a8aa9df1577655f87ef8393860 Mon Sep 17 00:00:00 2001 From: cditcher Date: Mon, 2 Dec 2024 11:12:12 -0800 Subject: [PATCH 23/48] Moved backend route to backend-dc.yaml --- tools/openshift/backend-dc.yaml | 25 +++++++++++++++++++++++++ tools/openshift/frontend-dc.yaml | 25 ------------------------- 2 files changed, 25 insertions(+), 25 deletions(-) diff --git a/tools/openshift/backend-dc.yaml b/tools/openshift/backend-dc.yaml index 0defbe0e..496760cf 100644 --- a/tools/openshift/backend-dc.yaml +++ b/tools/openshift/backend-dc.yaml @@ -107,6 +107,31 @@ objects: protocol: TCP selector: app: "${REPO_NAME}-backend" + # route for backend .grad.gov.bc.ca/api + - apiVersion: v1 + kind: Route + metadata: + annotations: + openshift.io/host.generated: 'true' + labels: + app: "${APP_NAME}-backend" + name: "${APP_NAME}-backend-${ENVIRONMENT}" + spec: + host: "${BASE_URL}" + path: "/api" + to: + kind: Service + name: "${APP_NAME}-backend" + weight: 100 + wildcardPolicy: None + port: + targetPort: 8080-tcp + tls: + caCertificate: "${CA_CERT}" + certificate: "${CERTIFICATE}" + insecureEdgeTerminationPolicy: Redirect + key: "${PRIVATE_KEY}" + termination: edge - apiVersion: v1 kind: Route metadata: diff --git a/tools/openshift/frontend-dc.yaml b/tools/openshift/frontend-dc.yaml index 2b8acbdf..f97bcf8a 100644 --- a/tools/openshift/frontend-dc.yaml +++ b/tools/openshift/frontend-dc.yaml @@ -107,31 +107,6 @@ objects: insecureEdgeTerminationPolicy: Redirect key: "${PRIVATE_KEY}" termination: edge - # route for backend .grad.gov.bc.ca/api - #- apiVersion: v1 - # kind: Route - # metadata: - # annotations: - # openshift.io/host.generated: 'true' - # labels: - # app: "${APP_NAME}-backend" - # name: "${APP_NAME}-backend-${ENVIRONMENT}" - # spec: - # host: "${BASE_URL}" - # path: "/api" - # to: - # kind: Service - # name: "${APP_NAME}-backend" - # weight: 100 - # wildcardPolicy: None - # port: - # targetPort: 8080-tcp - # tls: - # caCertificate: "${CA_CERT}" - # certificate: "${CERTIFICATE}" - # insecureEdgeTerminationPolicy: Redirect - # key: "${PRIVATE_KEY}" - # termination: edge - apiVersion: v1 kind: Route metadata: From e6638c100d0f9b5226b50045d0b88c3b1c99b66a Mon Sep 17 00:00:00 2001 From: cditcher Date: Mon, 2 Dec 2024 11:30:03 -0800 Subject: [PATCH 24/48] Testing changes to backend-dc.yaml --- ...build-n-deploy-backend-to-ocp-dev-vue3.yml | 27 +++++++++++++------ tools/openshift/backend-dc.yaml | 15 +++++++++++ 2 files changed, 34 insertions(+), 8 deletions(-) diff --git a/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml b/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml index d27a1bcc..384f0e03 100644 --- a/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml +++ b/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml @@ -37,7 +37,7 @@ env: MAX_REPLICAS: "1" # SITE_URL should have no scheme or port. It will be prepended with https:// - HOST_ROUTE: ${{ secrets.SITE_URL }} + HOST_ROUTE: "educ-grad-admin-${{secrets.GRAD_NAMESPACE_NO_ENV}}-dev.apps.silver.devops.gov.bc.ca" on: workflow_dispatch: @@ -49,10 +49,6 @@ jobs: runs-on: ubuntu-22.04 environment: dev-vue3 - outputs: - ROUTE: ${{ steps.deploy-and-expose.outputs.route }} - SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }} - steps: - name: Check for required secrets uses: actions/github-script@v4 @@ -157,8 +153,23 @@ jobs: oc tag ${{ steps.push-image-backend.outputs.registry-path }} ${{ env.REPO_NAME }}-backend:${{ env.TAG }} - # Process and apply deployment template - oc process -f tools/openshift/backend-dc.yaml -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p REPO_NAME=educ-grad-admin -p HOST_ROUTE=educ-grad-admin-${{secrets.GRAD_NAMESPACE_NO_ENV}}-dev.apps.silver.devops.gov.bc.ca -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} | oc apply -n ${{secrets.GRAD_NAMESPACE_NO_ENV}}-dev -f - + # Process template + oc process -f tools/openshift/backend-dc.yaml \ + -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ + -p REPO_NAME=educ-grad-admin \ + -p HOST_ROUTE=${{ env.HOST_ROUTE }} \ + -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \ + -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \ + -p MIN_CPU=${{ env.MIN_CPU }} \ + -p MAX_CPU=${{ env.MAX_CPU }} \ + -p MIN_MEM=${{ env.MIN_MEM }} \ + -p MAX_MEM=${{ env.MAX_MEM }} \ + -p BASE_URL=${{ env.TARGET_ENV }}.grad.gov.bc.ca \ + -p ENVIRONMENT=${{ env.TARGET_ENV }} \ + -p CERTIFICATE="${{ secrets.CERTIFICATE }}" \ + -p CA_CERT="${{ secrets.CA_CERT }}" \ + -p PRIVATE_KEY="${{ secrets.PRIVATE_KEY }}" \ + | oc apply -n ${{ env.OPENSHIFT_NAMESPACE }} -f - # Start rollout (if necessary) and follow it oc rollout restart deployment/${{ env.IMAGE_NAME }} @@ -169,4 +180,4 @@ jobs: - name: ZAP Scan uses: zaproxy/action-full-scan@v0.10.0 with: - target: "https://educ-grad-admin-${{secrets.GRAD_NAMESPACE_NO_ENV}}-dev.apps.silver.devops.gov.bc.ca" + target: 'https://educ-grad-admin-${{ env.OPENSHIFT_NAMESPACE }}.apps.silver.devops.gov.bc.ca' diff --git a/tools/openshift/backend-dc.yaml b/tools/openshift/backend-dc.yaml index 496760cf..b973fde9 100644 --- a/tools/openshift/backend-dc.yaml +++ b/tools/openshift/backend-dc.yaml @@ -218,3 +218,18 @@ parameters: - name: MAX_MEM description: The maximum amount of memory required: true + - name: ENVIRONMENT + description: dev, test, prod + required: true + - name: CA_CERT + description: The CA Certificate + required: true + - name: CERTIFICATE + description: The Certificate + required: true + - name: PRIVATE_KEY + description: The private key + required: true + - name: BASE_URL + description: Base url. Example dev.grad.gov.bc.ca. Not prepended with https:// + required: true From 68ec28102eda1f2b3553700726f9e1db6a363297 Mon Sep 17 00:00:00 2001 From: cditcher Date: Mon, 2 Dec 2024 11:34:19 -0800 Subject: [PATCH 25/48] Fixing syntax --- tools/openshift/backend-dc.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/openshift/backend-dc.yaml b/tools/openshift/backend-dc.yaml index b973fde9..1bc2a6b0 100644 --- a/tools/openshift/backend-dc.yaml +++ b/tools/openshift/backend-dc.yaml @@ -114,14 +114,14 @@ objects: annotations: openshift.io/host.generated: 'true' labels: - app: "${APP_NAME}-backend" - name: "${APP_NAME}-backend-${ENVIRONMENT}" + app: "${REPO_NAME}-backend" + name: "${REPO_NAME}-backend-${ENVIRONMENT}" spec: host: "${BASE_URL}" path: "/api" to: kind: Service - name: "${APP_NAME}-backend" + name: "${REPO_NAME}-backend" weight: 100 wildcardPolicy: None port: From 10fee53a502b3168a101912fcedb8475be0080f7 Mon Sep 17 00:00:00 2001 From: cditcher Date: Mon, 2 Dec 2024 13:35:51 -0800 Subject: [PATCH 26/48] Updated backend GH Actions deployments --- .../build-n-deploy-backend-to-ocp-dev.yml | 32 +++++++++----- .../workflows/deploy-backend-to-ocp-prod.yml | 34 +++++++++------ .../workflows/deploy-backend-to-ocp-test.yml | 42 +++++++++++-------- tools/openshift/backend-dc.yaml | 2 +- 4 files changed, 68 insertions(+), 42 deletions(-) diff --git a/.github/workflows/build-n-deploy-backend-to-ocp-dev.yml b/.github/workflows/build-n-deploy-backend-to-ocp-dev.yml index d52a9c4b..3748f15b 100644 --- a/.github/workflows/build-n-deploy-backend-to-ocp-dev.yml +++ b/.github/workflows/build-n-deploy-backend-to-ocp-dev.yml @@ -19,7 +19,6 @@ env: DOCKER_ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca/docker-remote ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca - APP_NAME: 'educ-grad-admin' REPO_NAME: "educ-grad-admin" BRANCH: "main" APP_NAME_BACKEND: "educ-grad-admin-backend" @@ -37,7 +36,7 @@ env: MAX_REPLICAS: "2" # SITE_URL should have no scheme or port. It will be prepended with https:// - HOST_ROUTE: ${{ secrets.SITE_URL }} + HOST_ROUTE: "educ-grad-admin-bbe4c3-dev.apps.silver.devops.gov.bc.ca" on: workflow_dispatch: @@ -49,10 +48,6 @@ jobs: runs-on: ubuntu-22.04 environment: dev - outputs: - ROUTE: ${{ steps.deploy-and-expose.outputs.route }} - SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }} - steps: - name: Check for required secrets uses: actions/github-script@v4 @@ -149,16 +144,31 @@ jobs: # Cancel any rollouts in progress oc rollout cancel deployment/${{ env.IMAGE_NAME }} 2> /dev/null \ || true && echo "No rollout in progress" - + oc project ${{ env.OPENSHIFT_NAMESPACE }} # Create the image stream if it doesn't exist oc create imagestream ${{ env.REPO_NAME }}-backend 2> /dev/null || true && echo "Backend image stream in place" oc tag ${{ steps.push-image-backend.outputs.registry-path }} ${{ env.REPO_NAME }}-backend:${{ env.TAG }} - - # Process and apply deployment template - oc process -f tools/openshift/backend-dc.yaml -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p REPO_NAME=educ-grad-admin -p HOST_ROUTE=educ-grad-admin-bbe4c3-dev.apps.silver.devops.gov.bc.ca -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} | oc apply -n bbe4c3-dev -f - + + # Process template + oc process -f tools/openshift/backend-dc.yaml \ + -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ + -p REPO_NAME=${{ env.REPO_NAME }} \ + -p HOST_ROUTE=${{ env.HOST_ROUTE }} \ + -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \ + -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \ + -p MIN_CPU=${{ env.MIN_CPU }} \ + -p MAX_CPU=${{ env.MAX_CPU }} \ + -p MIN_MEM=${{ env.MIN_MEM }} \ + -p MAX_MEM=${{ env.MAX_MEM }} \ + -p BASE_URL=${{ env.TARGET_ENV }}.grad.gov.bc.ca \ + -p ENVIRONMENT=${{ env.TARGET_ENV }} \ + -p CERTIFICATE="${{ secrets.CERTIFICATE }}" \ + -p CA_CERT="${{ secrets.CA_CERT }}" \ + -p PRIVATE_KEY="${{ secrets.PRIVATE_KEY }}" \ + | oc apply -n ${{ env.OPENSHIFT_NAMESPACE }} -f - # Start rollout (if necessary) and follow it oc rollout restart deployment/${{ env.IMAGE_NAME }} @@ -169,4 +179,4 @@ jobs: - name: ZAP Scan uses: zaproxy/action-full-scan@v0.10.0 with: - target: 'https://educ-grad-admin-bbe4c3-dev.apps.silver.devops.gov.bc.ca' + target: 'https://educ-grad-admin-${{ env.OPENSHIFT_NAMESPACE }}.apps.silver.devops.gov.bc.ca' diff --git a/.github/workflows/deploy-backend-to-ocp-prod.yml b/.github/workflows/deploy-backend-to-ocp-prod.yml index 76e871fd..28ca6ef9 100644 --- a/.github/workflows/deploy-backend-to-ocp-prod.yml +++ b/.github/workflows/deploy-backend-to-ocp-prod.yml @@ -20,11 +20,9 @@ env: ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca APP_NAME: "educ-grad-admin" - REPO_NAME: "educ-grad-admin" BRANCH: "main" APP_NAME_BACKEND: "educ-grad-admin-backend" NAMESPACE: bbe4c3 - APP_DOMAIN: ${{ secrets.APP_DOMAIN }} NAMESPACE_TOOLS: bbe4c3-tools COMMON_NAMESPACE: 75e61b TAG: "latest" @@ -38,7 +36,7 @@ env: MAX_REPLICAS: "5" # SITE_URL should have no scheme or port. It will be prepended with https:// - HOST_ROUTE: ${{ secrets.SITE_URL }} + HOST_ROUTE: "educ-grad-admin-bbe4c3-prod.apps.silver.devops.gov.bc.ca" on: workflow_dispatch: @@ -50,10 +48,6 @@ jobs: runs-on: ubuntu-22.04 environment: prod - outputs: - ROUTE: ${{ steps.deploy-and-expose.outputs.route }} - SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }} - steps: - name: Check out repository uses: actions/checkout@v2 @@ -76,18 +70,32 @@ jobs: oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }} oc project ${{ env.OPENSHIFT_NAMESPACE }} # Cancel any rollouts in progress - oc rollout cancel dc/${{ env.IMAGE_NAME }}-dc 2> /dev/null \ + oc rollout cancel deployment/${{ env.IMAGE_NAME }} 2> /dev/null \ || true && echo "No rollout in progress" oc tag ${{ env.NAMESPACE }}-dev/${{ env.APP_NAME_BACKEND }}:${{ steps.get-latest-tag.outputs.tag }} ${{ env.NAMESPACE }}-prod/${{ env.APP_NAME_BACKEND }}:${{ steps.get-latest-tag.outputs.tag }} - # Process and apply deployment template - oc process -f tools/openshift/backend-dc.yaml -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p REPO_NAME=${{ env.REPO_NAME }} -p TAG_NAME=${{ steps.get-latest-tag.outputs.tag }} -p HOST_ROUTE=${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}.${{ env.APP_DOMAIN }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} | oc apply -f - + # Process template + oc process -f tools/openshift/backend-dc.yaml \ + -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ + -p TAG_NAME=${{ steps.get-latest-tag.outputs.tag }} \ + -p REPO_NAME=${{ env.APP_NAME }} \ + -p HOST_ROUTE=${{ env.HOST_ROUTE }} \ + -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \ + -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \ + -p MIN_CPU=${{ env.MIN_CPU }} \ + -p MAX_CPU=${{ env.MAX_CPU }} \ + -p MIN_MEM=${{ env.MIN_MEM }} \ + -p MAX_MEM=${{ env.MAX_MEM }} \ + -p BASE_URL=grad.gov.bc.ca \ + -p ENVIRONMENT=${{ env.TARGET_ENV }} \ + -p CERTIFICATE="${{ secrets.CERTIFICATE }}" \ + -p CA_CERT="${{ secrets.CA_CERT }}" \ + -p PRIVATE_KEY="${{ secrets.PRIVATE_KEY }}" \ + | oc apply -n ${{ env.OPENSHIFT_NAMESPACE }} -f - # Start rollout (if necessary) and follow it - oc rollout latest dc/${{ env.IMAGE_NAME }}-dc 2> /dev/null \ - || true && echo "Rollout in progress" + oc rollout restart deployment/${{ env.IMAGE_NAME }} - oc logs -f dc/${{ env.IMAGE_NAME }}-dc # Get status, returns 0 if rollout is successful oc rollout status dc/${{ env.IMAGE_NAME }}-dc diff --git a/.github/workflows/deploy-backend-to-ocp-test.yml b/.github/workflows/deploy-backend-to-ocp-test.yml index beb7bd85..5c9c4aad 100644 --- a/.github/workflows/deploy-backend-to-ocp-test.yml +++ b/.github/workflows/deploy-backend-to-ocp-test.yml @@ -20,19 +20,14 @@ env: ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca APP_NAME: "educ-grad-admin" - REPO_NAME: "educ-grad-admin" BRANCH: "main" APP_NAME_BACKEND: "educ-grad-admin-backend" NAMESPACE: bbe4c3 - APP_DOMAIN: ${{ secrets.APP_DOMAIN }} NAMESPACE_TOOLS: bbe4c3-tools COMMON_NAMESPACE: 75e61b TAG: "latest" TARGET_ENV: "test" - # SITE_URL should have no scheme or port. It will be prepended with https:// - HOST_ROUTE: ${{ secrets.SITE_URL }} - MIN_CPU: "50m" MAX_CPU: "100m" MIN_MEM: "200Mi" @@ -40,6 +35,9 @@ env: MIN_REPLICAS: "3" MAX_REPLICAS: "5" + # SITE_URL should have no scheme or port. It will be prepended with https:// + HOST_ROUTE: "educ-grad-admin-bbe4c3-test.apps.silver.devops.gov.bc.ca" + on: workflow_dispatch: @@ -50,10 +48,6 @@ jobs: runs-on: ubuntu-22.04 environment: test - outputs: - ROUTE: ${{ steps.deploy-and-expose.outputs.route }} - SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }} - steps: - name: Check out repository uses: actions/checkout@v2 @@ -76,23 +70,37 @@ jobs: oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }} oc project ${{ env.OPENSHIFT_NAMESPACE }} # Cancel any rollouts in progress - oc rollout cancel dc/${{ env.IMAGE_NAME }}-dc 2> /dev/null \ + oc rollout cancel deployment/${{ env.IMAGE_NAME }} 2> /dev/null \ || true && echo "No rollout in progress" oc tag ${{ env.NAMESPACE }}-dev/${{ env.APP_NAME_BACKEND }}:${{ steps.get-latest-tag.outputs.tag }} ${{ env.NAMESPACE }}-test/${{ env.APP_NAME_BACKEND }}:${{ steps.get-latest-tag.outputs.tag }} - # Process and apply deployment template - oc process -f tools/openshift/backend-dc.yaml -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p REPO_NAME=${{ env.REPO_NAME }} -p TAG_NAME=${{ steps.get-latest-tag.outputs.tag }} -p HOST_ROUTE=${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}.${{ env.APP_DOMAIN }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} | oc apply -f - + # Process template + oc process -f tools/openshift/backend-dc.yaml \ + -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ + -p TAG_NAME=${{ steps.get-latest-tag.outputs.tag }} \ + -p REPO_NAME=${{ env.APP_NAME }} \ + -p HOST_ROUTE=${{ env.HOST_ROUTE }} \ + -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \ + -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \ + -p MIN_CPU=${{ env.MIN_CPU }} \ + -p MAX_CPU=${{ env.MAX_CPU }} \ + -p MIN_MEM=${{ env.MIN_MEM }} \ + -p MAX_MEM=${{ env.MAX_MEM }} \ + -p BASE_URL=${{ env.TARGET_ENV }}.grad.gov.bc.ca \ + -p ENVIRONMENT=${{ env.TARGET_ENV }} \ + -p CERTIFICATE="${{ secrets.CERTIFICATE }}" \ + -p CA_CERT="${{ secrets.CA_CERT }}" \ + -p PRIVATE_KEY="${{ secrets.PRIVATE_KEY }}" \ + | oc apply -n ${{ env.OPENSHIFT_NAMESPACE }} -f - # Start rollout (if necessary) and follow it - oc rollout latest dc/${{ env.IMAGE_NAME }}-dc 2> /dev/null \ - || true && echo "Rollout in progress" + oc rollout restart deployment/${{ env.IMAGE_NAME }} - oc logs -f dc/${{ env.IMAGE_NAME }}-dc # Get status, returns 0 if rollout is successful - oc rollout status dc/${{ env.IMAGE_NAME }}-dc + oc rollout status deployment/${{ env.IMAGE_NAME }} - name: ZAP Scan uses: zaproxy/action-full-scan@v0.10.0 with: - target: "https://educ-grad-admin-bbe4c3-test.apps.silver.devops.gov.bc.ca" + target: 'https://educ-grad-admin-${{ env.OPENSHIFT_NAMESPACE }}.apps.silver.devops.gov.bc.ca' diff --git a/tools/openshift/backend-dc.yaml b/tools/openshift/backend-dc.yaml index 1bc2a6b0..f045f45f 100644 --- a/tools/openshift/backend-dc.yaml +++ b/tools/openshift/backend-dc.yaml @@ -142,7 +142,7 @@ objects: haproxy.router.openshift.io/timeout: 600s spec: host: "${HOST_ROUTE}" - path: ${HOST_PATH} + path: "${HOST_PATH}" port: targetPort: ${CONTAINER_PORT}-tcp tls: From fadc8b4cc2501189959d8656bd316136e3a023a3 Mon Sep 17 00:00:00 2001 From: cditcher Date: Mon, 2 Dec 2024 14:30:14 -0800 Subject: [PATCH 27/48] Removed redundant variables for frontend dev --- .../build-n-deploy-frontend-to-ocp-dev.yml | 45 ++++++++++++------- tools/openshift/frontend-dc.yaml | 9 ++-- 2 files changed, 33 insertions(+), 21 deletions(-) diff --git a/.github/workflows/build-n-deploy-frontend-to-ocp-dev.yml b/.github/workflows/build-n-deploy-frontend-to-ocp-dev.yml index abd67aaf..54936e2e 100644 --- a/.github/workflows/build-n-deploy-frontend-to-ocp-dev.yml +++ b/.github/workflows/build-n-deploy-frontend-to-ocp-dev.yml @@ -15,24 +15,27 @@ env: IMAGE_REGISTRY_USER: ${{ github.actor }} IMAGE_REGISTRY_PASSWORD: ${{ github.token }} - IMAGE_NAME: educ-grad-admin-frontend DOCKER_ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca/docker-remote ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca APP_NAME: "educ-grad-admin" - REPO_NAME: "educ-grad-admin" - BRANCH: "main" APP_NAME_FRONTEND: "educ-grad-admin-frontend" + BRANCH: "main" NAMESPACE: bbe4c3 NAMESPACE_TOOLS: bbe4c3-tools COMMON_NAMESPACE: 75e61b TAG: "latest" TARGET_ENV: "dev" - # HOST_ROUTE should have no scheme or port. It will be prepended with https:// - HOST_ROUTE: "dev.grad.gov.bc.ca" + MIN_CPU: "50m" + MAX_CPU: "100m" MIN_MEM: "200Mi" MAX_MEM: "250Mi" + MIN_REPLICAS: "3" + MAX_REPLICAS: "5" + + # SITE_URL should have no scheme or port. It will be prepended with https:// + HOST_ROUTE: "educ-grad-admin-bbe4c3-dev.apps.silver.devops.gov.bc.ca" on: workflow_dispatch: @@ -140,8 +143,8 @@ jobs: oc project ${{ env.OPENSHIFT_NAMESPACE }} # Create the image stream if it doesn't exist - oc create imagestream ${{ env.REPO_NAME }}-frontend 2> /dev/null || true && echo "Frontend image stream in place" - oc tag ${{ steps.push-image-frontend.outputs.registry-path }} ${{ env.REPO_NAME }}-frontend:${{ env.TAG }} + oc create imagestream ${{ env.APP_NAME }}-frontend 2> /dev/null || true && echo "Frontend image stream in place" + oc tag ${{ steps.push-image-frontend.outputs.registry-path }} ${{ env.APP_NAME }}-frontend:${{ env.TAG }} # https://github.com/redhat-actions/oc-login#readme - uses: actions/checkout@v2 @@ -153,21 +156,33 @@ jobs: oc project ${{ env.OPENSHIFT_NAMESPACE }} # Cancel any rollouts in progress - oc rollout cancel deployment/${{ env.IMAGE_NAME }} 2> /dev/null \ + oc rollout cancel deployment/${{ env.APP_NAME_FRONTEND }} 2> /dev/null \ || true && echo "No rollout in progress" # Process template - oc process -f tools/openshift/frontend-dc.yaml -p REPO_NAME=${{ env.REPO_NAME }} \ - -p HOST_ROUTE=${{ env.HOST_ROUTE }} -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ - -p APP_NAME=educ-grad-admin -p TAG=latest -p MIN_REPLICAS=2 -p MAX_REPLICAS=3 -p MIN_CPU=50m -p MAX_CPU=100m \ - -p BASE_URL=${{ env.TARGET_ENV }}.grad.gov.bc.ca -p ENVIRONMENT=${{ env.TARGET_ENV }} -p CERTIFICATE="${{ secrets.CERTIFICATE }}" -p CA_CERT="${{ secrets.CA_CERT }}" -p PRIVATE_KEY="${{ secrets.PRIVATE_KEY }}" \ - -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} | oc apply -n ${{ env.OPENSHIFT_NAMESPACE }} -f - + oc process -f tools/openshift/frontend-dc.yaml \ + -p HOST_ROUTE=${{ env.HOST_ROUTE }} \ + -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ + -p APP_NAME=${{ env.APP_NAME }} \ + -p TAG=${{ env.TAG }} \ + -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \ + -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \ + -p MIN_CPU=${{ env.MIN_CPU }} \ + -p MAX_CPU=${{ env.MAX_CPU }} \ + -p BASE_URL=${{ env.TARGET_ENV }}.grad.gov.bc.ca \ + -p ENVIRONMENT=${{ env.TARGET_ENV }} \ + -p CERTIFICATE="${{ secrets.CERTIFICATE }}" \ + -p CA_CERT="${{ secrets.CA_CERT }}" \ + -p PRIVATE_KEY="${{ secrets.PRIVATE_KEY }}" \ + -p MIN_MEM=${{ env.MIN_MEM }} \ + -p MAX_MEM=${{ env.MAX_MEM }} \ + | oc apply -n ${{ env.OPENSHIFT_NAMESPACE }} -f - # Start rollout (if necessary) and follow it - oc rollout restart deployment/${{ env.IMAGE_NAME }} + oc rollout restart deployment/${{ env.APP_NAME_FRONTEND }} # Get status, returns 0 if rollout is successful - oc rollout status deployment/${{ env.IMAGE_NAME }} + oc rollout status deployment/${{ env.APP_NAME_FRONTEND }} - name: ZAP Scan uses: zaproxy/action-full-scan@v0.10.0 diff --git a/tools/openshift/frontend-dc.yaml b/tools/openshift/frontend-dc.yaml index f97bcf8a..cfcf5a5b 100644 --- a/tools/openshift/frontend-dc.yaml +++ b/tools/openshift/frontend-dc.yaml @@ -2,9 +2,9 @@ apiVersion: template.openshift.io/v1 kind: Template labels: - template: "${REPO_NAME}-template" + template: "${APP_NAME}-template" metadata: - name: "${REPO_NAME}-frontend" + name: "${APP_NAME}-frontend" objects: - apiVersion: apps/v1 kind: Deployment @@ -33,7 +33,7 @@ objects: spec: containers: - name: "${APP_NAME}-frontend" - image: image-registry.openshift-image-registry.svc:5000/${NAMESPACE}/${REPO_NAME}-frontend:${TAG} + image: image-registry.openshift-image-registry.svc:5000/${NAMESPACE}/${APP_NAME}-frontend:${TAG} imagePullPolicy: Always ports: - containerPort: 2015 @@ -153,9 +153,6 @@ objects: averageUtilization: 100 type: Utilization parameters: - - name: REPO_NAME - description: Application repository name - required: true - name: NAMESPACE description: Target namespace reference (i.e. 'k8vopl-dev') required: true From 598051a710a6d4a497d25636b4af44dff26b275c Mon Sep 17 00:00:00 2001 From: cditcher Date: Mon, 2 Dec 2024 14:34:55 -0800 Subject: [PATCH 28/48] Removed redundant variables for frontend dev --- ...uild-n-deploy-frontend-to-ocp-dev-vue3.yml | 44 ++++++++++++------- 1 file changed, 29 insertions(+), 15 deletions(-) diff --git a/.github/workflows/build-n-deploy-frontend-to-ocp-dev-vue3.yml b/.github/workflows/build-n-deploy-frontend-to-ocp-dev-vue3.yml index 39e808db..1e13197b 100644 --- a/.github/workflows/build-n-deploy-frontend-to-ocp-dev-vue3.yml +++ b/.github/workflows/build-n-deploy-frontend-to-ocp-dev-vue3.yml @@ -15,13 +15,10 @@ env: IMAGE_REGISTRY_USER: ${{ github.actor }} IMAGE_REGISTRY_PASSWORD: ${{ github.token }} - IMAGE_NAME: educ-grad-admin-frontend DOCKER_ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca/docker-remote ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca APP_NAME: "educ-grad-admin" - REPO_NAME: "educ-grad-admin" - BRANCH: "GRAD2-3119" APP_NAME_FRONTEND: "educ-grad-admin-frontend" NAMESPACE: ${{secrets.GRAD_NAMESPACE_NO_ENV}} NAMESPACE_TOOLS: ${{secrets.GRAD_NAMESPACE_NO_ENV}}-tools @@ -29,10 +26,15 @@ env: TAG: "latest" TARGET_ENV: "dev" - # SITE_URL should have no scheme or port. It will be prepended with https:// - HOST_ROUTE: educ-grad-admin-${{secrets.GRAD_NAMESPACE_NO_ENV}}-dev.apps.silver.devops.gov.bc.ca + MIN_CPU: "50m" + MAX_CPU: "100m" MIN_MEM: "200Mi" MAX_MEM: "250Mi" + MIN_REPLICAS: "3" + MAX_REPLICAS: "5" + + # SITE_URL should have no scheme or port. It will be prepended with https:// + HOST_ROUTE: "educ-grad-admin-${{secrets.GRAD_NAMESPACE_NO_ENV}}-dev.apps.silver.devops.gov.bc.ca" on: workflow_dispatch: @@ -140,8 +142,8 @@ jobs: oc project ${{ env.OPENSHIFT_NAMESPACE }} # Create the image stream if it doesn't exist - oc create imagestream ${{ env.REPO_NAME }}-frontend 2> /dev/null || true && echo "Frontend image stream in place" - oc tag ${{ steps.push-image-frontend.outputs.registry-path }} ${{ env.REPO_NAME }}-frontend:${{ env.TAG }} + oc create imagestream ${{ env.APP_NAME }}-frontend 2> /dev/null || true && echo "Frontend image stream in place" + oc tag ${{ steps.push-image-frontend.outputs.registry-path }} ${{ env.APP_NAME }}-frontend:${{ env.TAG }} # https://github.com/redhat-actions/oc-login#readme - uses: actions/checkout@v2 @@ -153,21 +155,33 @@ jobs: oc project ${{ env.OPENSHIFT_NAMESPACE }} # Cancel any rollouts in progress - oc rollout cancel deployment/${{ env.IMAGE_NAME }} 2> /dev/null \ + oc rollout cancel deployment/${{ env.APP_NAME_FRONTEND }} 2> /dev/null \ || true && echo "No rollout in progress" # Process template - oc process -f tools/openshift/frontend-dc.yaml -p REPO_NAME=${{ env.REPO_NAME }} \ - -p HOST_ROUTE=${{ env.HOST_ROUTE }} -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ - -p APP_NAME=educ-grad-admin -p TAG=latest -p MIN_REPLICAS=2 -p MAX_REPLICAS=3 -p MIN_CPU=50m -p MAX_CPU=100m \ - -p BASE_URL=${{ env.TARGET_ENV }}.grad.gov.bc.ca -p ENVIRONMENT=${{ env.TARGET_ENV }} -p CERTIFICATE="${{ secrets.CERTIFICATE }}" -p CA_CERT="${{ secrets.CA_CERT }}" -p PRIVATE_KEY="${{ secrets.PRIVATE_KEY }}" \ - -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} | oc apply -n ${{ env.OPENSHIFT_NAMESPACE }} -f - + oc process -f tools/openshift/frontend-dc.yaml \ + -p HOST_ROUTE=${{ env.HOST_ROUTE }} \ + -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ + -p APP_NAME=${{ env.APP_NAME }} \ + -p TAG=${{ env.TAG }} \ + -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \ + -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \ + -p MIN_CPU=${{ env.MIN_CPU }} \ + -p MAX_CPU=${{ env.MAX_CPU }} \ + -p BASE_URL=${{ env.TARGET_ENV }}.grad.gov.bc.ca \ + -p ENVIRONMENT=${{ env.TARGET_ENV }} \ + -p CERTIFICATE="${{ secrets.CERTIFICATE }}" \ + -p CA_CERT="${{ secrets.CA_CERT }}" \ + -p PRIVATE_KEY="${{ secrets.PRIVATE_KEY }}" \ + -p MIN_MEM=${{ env.MIN_MEM }} \ + -p MAX_MEM=${{ env.MAX_MEM }} \ + | oc apply -n ${{ env.OPENSHIFT_NAMESPACE }} -f - # Start rollout (if necessary) and follow it - oc rollout restart deployment/${{ env.IMAGE_NAME }} + oc rollout restart deployment/${{ env.APP_NAME_FRONTEND }} # Get status, returns 0 if rollout is successful - oc rollout status deployment/${{ env.IMAGE_NAME }} + oc rollout status deployment/${{ env.APP_NAME_FRONTEND }} - name: ZAP Scan uses: zaproxy/action-full-scan@v0.10.0 From 26cf1811e94b23dd193248aa15ef49bec965a6df Mon Sep 17 00:00:00 2001 From: cditcher Date: Mon, 2 Dec 2024 14:40:20 -0800 Subject: [PATCH 29/48] Updated HPA --- .github/workflows/build-n-deploy-frontend-to-ocp-dev-vue3.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-n-deploy-frontend-to-ocp-dev-vue3.yml b/.github/workflows/build-n-deploy-frontend-to-ocp-dev-vue3.yml index 1e13197b..34d36af0 100644 --- a/.github/workflows/build-n-deploy-frontend-to-ocp-dev-vue3.yml +++ b/.github/workflows/build-n-deploy-frontend-to-ocp-dev-vue3.yml @@ -30,8 +30,8 @@ env: MAX_CPU: "100m" MIN_MEM: "200Mi" MAX_MEM: "250Mi" - MIN_REPLICAS: "3" - MAX_REPLICAS: "5" + MIN_REPLICAS: "1" + MAX_REPLICAS: "2" # SITE_URL should have no scheme or port. It will be prepended with https:// HOST_ROUTE: "educ-grad-admin-${{secrets.GRAD_NAMESPACE_NO_ENV}}-dev.apps.silver.devops.gov.bc.ca" From 4b4369fa5883f8fd34d34822a29481913b425bb6 Mon Sep 17 00:00:00 2001 From: cditcher Date: Mon, 2 Dec 2024 15:22:34 -0800 Subject: [PATCH 30/48] Updated test and prod frontend deployments --- .../workflows/deploy-frontend-to-ocp-prod.yml | 52 ++++++++++--------- .../workflows/deploy-frontend-to-ocp-test.yml | 50 ++++++++++-------- 2 files changed, 55 insertions(+), 47 deletions(-) diff --git a/.github/workflows/deploy-frontend-to-ocp-prod.yml b/.github/workflows/deploy-frontend-to-ocp-prod.yml index edaf66a8..0cf72fcb 100644 --- a/.github/workflows/deploy-frontend-to-ocp-prod.yml +++ b/.github/workflows/deploy-frontend-to-ocp-prod.yml @@ -15,19 +15,15 @@ env: IMAGE_REGISTRY_USER: ${{ github.actor }} IMAGE_REGISTRY_PASSWORD: ${{ github.token }} - IMAGE_NAME: educ-grad-admin-frontend DOCKER_ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca/docker-remote ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca APP_NAME: "educ-grad-admin" - REPO_NAME: "educ-grad-admin" - BRANCH: "main" APP_NAME_FRONTEND: "educ-grad-admin-frontend" NAMESPACE: bbe4c3 NAMESPACE_TOOLS: bbe4c3-tools COMMON_NAMESPACE: 75e61b - TAG: "latest" - TARGET_ENV: "prod" + TARGET_ENV: "test" MIN_CPU: "50m" MAX_CPU: "100m" @@ -37,7 +33,7 @@ env: MAX_REPLICAS: "5" # SITE_URL should have no scheme or port. It will be prepended with https:// - HOST_ROUTE: ${{ secrets.SITE_URL }} + HOST_ROUTE: "educ-grad-admin-bbe4c3-prod.apps.silver.devops.gov.bc.ca" on: workflow_dispatch: @@ -49,10 +45,6 @@ jobs: runs-on: ubuntu-22.04 environment: prod - outputs: - ROUTE: ${{ steps.deploy-and-expose.outputs.route }} - SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }} - steps: - name: Check out repository uses: actions/checkout@v2 @@ -74,23 +66,35 @@ jobs: # Login to OpenShift and select project oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }} oc project ${{ env.OPENSHIFT_NAMESPACE }} + # Cancel any rollouts in progress - oc rollout cancel dc/${{ env.IMAGE_NAME }}-dc 2> /dev/null \ + oc rollout cancel deployment/${{ env.APP_NAME_FRONTEND }} 2> /dev/null \ || true && echo "No rollout in progress" - oc tag ${{ env.NAMESPACE }}-dev/${{ env.REPO_NAME }}-frontend:${{ steps.get-latest-tag.outputs.tag }} ${{ env.NAMESPACE }}-prod/${{ env.REPO_NAME }}-frontend:${{ steps.get-latest-tag.outputs.tag }} - - # Process and apply deployment template - oc process -f tools/openshift/frontend-dc.yaml -p REPO_NAME=educ-grad-admin \ - -p HOST_ROUTE=educ-grad-admin-bbe4c3-prod.apps.silver.devops.gov.bc.ca -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ - -p APP_NAME=educ-grad-admin -p TAG=${{ steps.get-latest-tag.outputs.tag }} \ - -p BASE_URL=grad.gov.bc.ca -p ENVIRONMENT=${{ env.TARGET_ENV }} -p CERTIFICATE="${{ secrets.CERTIFICATE }}" -p CA_CERT="${{ secrets.CA_CERT }}" -p PRIVATE_KEY="${{ secrets.PRIVATE_KEY }}" \ - -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} | oc apply -f - - + oc tag ${{ env.NAMESPACE }}-dev/${{ env.REPO_NAME }}-frontend:${{ steps.get-latest-tag.outputs.tag }} ${{ env.NAMESPACE }}-test/${{ env.REPO_NAME }}-frontend:${{ steps.get-latest-tag.outputs.tag }} + + # Process template + oc process -f tools/openshift/frontend-dc.yaml \ + -p HOST_ROUTE=${{ env.HOST_ROUTE }} \ + -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ + -p APP_NAME=${{ env.APP_NAME }} \ + -p TAG=${{ steps.get-latest-tag.outputs.tag }} \ + -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \ + -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \ + -p MIN_CPU=${{ env.MIN_CPU }} \ + -p MAX_CPU=${{ env.MAX_CPU }} \ + -p BASE_URL=${{ env.TARGET_ENV }}.grad.gov.bc.ca \ + -p ENVIRONMENT=${{ env.TARGET_ENV }} \ + -p CERTIFICATE="${{ secrets.CERTIFICATE }}" \ + -p CA_CERT="${{ secrets.CA_CERT }}" \ + -p PRIVATE_KEY="${{ secrets.PRIVATE_KEY }}" \ + -p MIN_MEM=${{ env.MIN_MEM }} \ + -p MAX_MEM=${{ env.MAX_MEM }} \ + | oc apply -n ${{ env.OPENSHIFT_NAMESPACE }} -f - + # Start rollout (if necessary) and follow it - oc rollout latest dc/${{ env.IMAGE_NAME }}-dc 2> /dev/null \ - || true && echo "Rollout in progress" + oc rollout restart deployment/${{ env.APP_NAME_FRONTEND }} - oc logs -f dc/${{ env.IMAGE_NAME }}-dc # Get status, returns 0 if rollout is successful - oc rollout status dc/${{ env.IMAGE_NAME }}-dc + oc rollout status deployment/${{ env.APP_NAME_FRONTEND }} + diff --git a/.github/workflows/deploy-frontend-to-ocp-test.yml b/.github/workflows/deploy-frontend-to-ocp-test.yml index 19b4df3a..c773d4ab 100644 --- a/.github/workflows/deploy-frontend-to-ocp-test.yml +++ b/.github/workflows/deploy-frontend-to-ocp-test.yml @@ -15,18 +15,14 @@ env: IMAGE_REGISTRY_USER: ${{ github.actor }} IMAGE_REGISTRY_PASSWORD: ${{ github.token }} - IMAGE_NAME: educ-grad-admin-frontend DOCKER_ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca/docker-remote ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca APP_NAME: "educ-grad-admin" - REPO_NAME: "educ-grad-admin" - BRANCH: "main" APP_NAME_FRONTEND: "educ-grad-admin-frontend" NAMESPACE: bbe4c3 NAMESPACE_TOOLS: bbe4c3-tools COMMON_NAMESPACE: 75e61b - TAG: "latest" TARGET_ENV: "test" MIN_CPU: "50m" @@ -37,7 +33,7 @@ env: MAX_REPLICAS: "5" # SITE_URL should have no scheme or port. It will be prepended with https:// - HOST_ROUTE: ${{ secrets.SITE_URL }} + HOST_ROUTE: "educ-grad-admin-bbe4c3-test.apps.silver.devops.gov.bc.ca" on: workflow_dispatch: @@ -49,10 +45,6 @@ jobs: runs-on: ubuntu-22.04 environment: test - outputs: - ROUTE: ${{ steps.deploy-and-expose.outputs.route }} - SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }} - steps: - name: Check out repository uses: actions/checkout@v2 @@ -74,28 +66,40 @@ jobs: # Login to OpenShift and select project oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }} oc project ${{ env.OPENSHIFT_NAMESPACE }} + # Cancel any rollouts in progress - oc rollout cancel dc/${{ env.IMAGE_NAME }}-dc 2> /dev/null \ + oc rollout cancel deployment/${{ env.APP_NAME_FRONTEND }} 2> /dev/null \ || true && echo "No rollout in progress" oc tag ${{ env.NAMESPACE }}-dev/${{ env.REPO_NAME }}-frontend:${{ steps.get-latest-tag.outputs.tag }} ${{ env.NAMESPACE }}-test/${{ env.REPO_NAME }}-frontend:${{ steps.get-latest-tag.outputs.tag }} - - # Process and apply deployment template - oc process -f tools/openshift/frontend-dc.yaml -p REPO_NAME=educ-grad-admin \ - -p HOST_ROUTE=educ-grad-admin-bbe4c3-test.apps.silver.devops.gov.bc.ca -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ - -p APP_NAME=educ-grad-admin -p TAG=${{ steps.get-latest-tag.outputs.tag }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \ - -p BASE_URL=${{ env.TARGET_ENV }}.grad.gov.bc.ca -p ENVIRONMENT=${{ env.TARGET_ENV }} -p CERTIFICATE="${{ secrets.CERTIFICATE }}" -p CA_CERT="${{ secrets.CA_CERT }}" -p PRIVATE_KEY="${{ secrets.PRIVATE_KEY }}" \ - -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} | oc apply -n bbe4c3-test -f - - + + # Process template + oc process -f tools/openshift/frontend-dc.yaml \ + -p HOST_ROUTE=${{ env.HOST_ROUTE }} \ + -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ + -p APP_NAME=${{ env.APP_NAME }} \ + -p TAG=${{ steps.get-latest-tag.outputs.tag }} \ + -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \ + -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \ + -p MIN_CPU=${{ env.MIN_CPU }} \ + -p MAX_CPU=${{ env.MAX_CPU }} \ + -p BASE_URL=${{ env.TARGET_ENV }}.grad.gov.bc.ca \ + -p ENVIRONMENT=${{ env.TARGET_ENV }} \ + -p CERTIFICATE="${{ secrets.CERTIFICATE }}" \ + -p CA_CERT="${{ secrets.CA_CERT }}" \ + -p PRIVATE_KEY="${{ secrets.PRIVATE_KEY }}" \ + -p MIN_MEM=${{ env.MIN_MEM }} \ + -p MAX_MEM=${{ env.MAX_MEM }} \ + | oc apply -n ${{ env.OPENSHIFT_NAMESPACE }} -f - + # Start rollout (if necessary) and follow it - oc rollout latest dc/${{ env.IMAGE_NAME }}-dc 2> /dev/null \ - || true && echo "Rollout in progress" + oc rollout restart deployment/${{ env.APP_NAME_FRONTEND }} - oc logs -f dc/${{ env.IMAGE_NAME }}-dc # Get status, returns 0 if rollout is successful - oc rollout status dc/${{ env.IMAGE_NAME }}-dc + oc rollout status deployment/${{ env.APP_NAME_FRONTEND }} - name: ZAP Scan uses: zaproxy/action-full-scan@v0.10.0 with: - target: "https://educ-grad-admin-bbe4c3-test.apps.silver.devops.gov.bc.ca" + target: 'https://educ-grad-admin-${{ env.OPENSHIFT_NAMESPACE }}.apps.silver.devops.gov.bc.ca' + From 4bcab353101a09694c7417d3ea0eac2e1bf0ec14 Mon Sep 17 00:00:00 2001 From: cditcher Date: Mon, 2 Dec 2024 15:24:00 -0800 Subject: [PATCH 31/48] Target env prod --- .github/workflows/deploy-frontend-to-ocp-prod.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-frontend-to-ocp-prod.yml b/.github/workflows/deploy-frontend-to-ocp-prod.yml index 0cf72fcb..f541a2bb 100644 --- a/.github/workflows/deploy-frontend-to-ocp-prod.yml +++ b/.github/workflows/deploy-frontend-to-ocp-prod.yml @@ -23,7 +23,7 @@ env: NAMESPACE: bbe4c3 NAMESPACE_TOOLS: bbe4c3-tools COMMON_NAMESPACE: 75e61b - TARGET_ENV: "test" + TARGET_ENV: "prod" MIN_CPU: "50m" MAX_CPU: "100m" From 30ba72efe40a3671420ed82a21fef61471295e66 Mon Sep 17 00:00:00 2001 From: cditcher Date: Mon, 2 Dec 2024 15:25:22 -0800 Subject: [PATCH 32/48] Target env prod --- .github/workflows/deploy-frontend-to-ocp-prod.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-frontend-to-ocp-prod.yml b/.github/workflows/deploy-frontend-to-ocp-prod.yml index f541a2bb..d19fe6bd 100644 --- a/.github/workflows/deploy-frontend-to-ocp-prod.yml +++ b/.github/workflows/deploy-frontend-to-ocp-prod.yml @@ -71,7 +71,7 @@ jobs: oc rollout cancel deployment/${{ env.APP_NAME_FRONTEND }} 2> /dev/null \ || true && echo "No rollout in progress" - oc tag ${{ env.NAMESPACE }}-dev/${{ env.REPO_NAME }}-frontend:${{ steps.get-latest-tag.outputs.tag }} ${{ env.NAMESPACE }}-test/${{ env.REPO_NAME }}-frontend:${{ steps.get-latest-tag.outputs.tag }} + oc tag ${{ env.NAMESPACE }}-dev/${{ env.REPO_NAME }}-frontend:${{ steps.get-latest-tag.outputs.tag }} ${{ env.NAMESPACE }}-prod/${{ env.REPO_NAME }}-frontend:${{ steps.get-latest-tag.outputs.tag }} # Process template oc process -f tools/openshift/frontend-dc.yaml \ From 937842912eace2170b64f6d21740d21da4dcb0c2 Mon Sep 17 00:00:00 2001 From: cditcher Date: Mon, 2 Dec 2024 15:26:33 -0800 Subject: [PATCH 33/48] grad.gov.bc.ca --- .github/workflows/deploy-frontend-to-ocp-prod.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-frontend-to-ocp-prod.yml b/.github/workflows/deploy-frontend-to-ocp-prod.yml index d19fe6bd..0eda9550 100644 --- a/.github/workflows/deploy-frontend-to-ocp-prod.yml +++ b/.github/workflows/deploy-frontend-to-ocp-prod.yml @@ -83,7 +83,7 @@ jobs: -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \ -p MIN_CPU=${{ env.MIN_CPU }} \ -p MAX_CPU=${{ env.MAX_CPU }} \ - -p BASE_URL=${{ env.TARGET_ENV }}.grad.gov.bc.ca \ + -p BASE_URL=grad.gov.bc.ca \ -p ENVIRONMENT=${{ env.TARGET_ENV }} \ -p CERTIFICATE="${{ secrets.CERTIFICATE }}" \ -p CA_CERT="${{ secrets.CA_CERT }}" \ From c3cdb31ff6f9851813ab807f7319566a979145bc Mon Sep 17 00:00:00 2001 From: cditcher Date: Mon, 2 Dec 2024 15:35:12 -0800 Subject: [PATCH 34/48] Cleaning up backend dc and vue 3 deploy --- ...build-n-deploy-backend-to-ocp-dev-vue3.yml | 14 +++--- tools/openshift/backend-dc.yaml | 48 +++++++++---------- 2 files changed, 30 insertions(+), 32 deletions(-) diff --git a/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml b/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml index 384f0e03..a16b2026 100644 --- a/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml +++ b/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml @@ -15,12 +15,10 @@ env: IMAGE_REGISTRY_USER: ${{ github.actor }} IMAGE_REGISTRY_PASSWORD: ${{ github.token }} - IMAGE_NAME: educ-grad-admin-backend DOCKER_ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca/docker-remote ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca APP_NAME: "educ-grad-admin" - REPO_NAME: "educ-grad-admin" BRANCH: "GRAD2-3119" APP_NAME_BACKEND: "educ-grad-admin-backend" NAMESPACE: ${{secrets.GRAD_NAMESPACE_NO_ENV}} @@ -143,20 +141,20 @@ jobs: oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }} oc project ${{ env.OPENSHIFT_NAMESPACE }} # Cancel any rollouts in progress - oc rollout cancel deployment/${{ env.IMAGE_NAME }} 2> /dev/null \ + oc rollout cancel deployment/${{ env.APP_NAME_BACKEND }} 2> /dev/null \ || true && echo "No rollout in progress" oc project ${{ env.OPENSHIFT_NAMESPACE }} # Create the image stream if it doesn't exist - oc create imagestream ${{ env.REPO_NAME }}-backend 2> /dev/null || true && echo "Backend image stream in place" + oc create imagestream ${{ env.APP_NAME_BACKEND}} 2> /dev/null || true && echo "Backend image stream in place" - oc tag ${{ steps.push-image-backend.outputs.registry-path }} ${{ env.REPO_NAME }}-backend:${{ env.TAG }} + oc tag ${{ steps.push-image-backend.outputs.registry-path }} ${{ env.APP_NAME_BACKEND }}:${{ env.TAG }} # Process template oc process -f tools/openshift/backend-dc.yaml \ -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ - -p REPO_NAME=educ-grad-admin \ + -p APP_NAME=${{ env.APP_NAME }} \ -p HOST_ROUTE=${{ env.HOST_ROUTE }} \ -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \ -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \ @@ -172,10 +170,10 @@ jobs: | oc apply -n ${{ env.OPENSHIFT_NAMESPACE }} -f - # Start rollout (if necessary) and follow it - oc rollout restart deployment/${{ env.IMAGE_NAME }} + oc rollout restart deployment/${{ env.APP_NAME_BACKEND }} # Get status, returns 0 if rollout is successful - oc rollout status deployment/${{ env.IMAGE_NAME }} + oc rollout status deployment/${{ env.APP_NAME_BACKEND }} - name: ZAP Scan uses: zaproxy/action-full-scan@v0.10.0 diff --git a/tools/openshift/backend-dc.yaml b/tools/openshift/backend-dc.yaml index f045f45f..c8e64e4d 100644 --- a/tools/openshift/backend-dc.yaml +++ b/tools/openshift/backend-dc.yaml @@ -2,23 +2,23 @@ apiVersion: template.openshift.io/v1 kind: Template labels: - template: "${REPO_NAME}-backend-template" + template: "${APP_NAME}-backend-template" metadata: - name: "${REPO_NAME}-backend" + name: "${APP_NAME}-backend" objects: - apiVersion: apps/v1 kind: Deployment metadata: labels: - app: "${REPO_NAME}-backend" + app: "${APP_NAME}-backend" app.kubernetes.io/part-of: GRAD-ADMIN app.openshift.io/runtime: nodejs - name: "${REPO_NAME}-backend" + name: "${APP_NAME}-backend" spec: replicas: ${{MIN_REPLICAS}} selector: matchLabels: - app: "${REPO_NAME}-backend" + app: "${APP_NAME}-backend" strategy: type: RollingUpdate rollingUpdate: @@ -27,18 +27,18 @@ objects: template: metadata: labels: - app: "${REPO_NAME}-backend" + app: "${APP_NAME}-backend" spec: containers: - - name: "${REPO_NAME}-backend" - image: image-registry.openshift-image-registry.svc:5000/${IS_NAMESPACE}/${REPO_NAME}-backend:${TAG_NAME} + - name: "${APP_NAME}-backend" + image: image-registry.openshift-image-registry.svc:5000/${IS_NAMESPACE}/${APP_NAME}-backend:${TAG_NAME} imagePullPolicy: Always ports: - containerPort: ${{CONTAINER_PORT}} protocol: TCP envFrom: - configMapRef: - name: "${REPO_NAME}-backend-config-map" + name: "${APP_NAME}-backend-config-map" resources: requests: cpu: "${MIN_CPU}" @@ -49,7 +49,7 @@ objects: volumeMounts: - name: log-storage mountPath: /logs - - name: "${REPO_NAME}-fluent-bit-sidecar" + - name: "${APP_NAME}-fluent-bit-sidecar" image: artifacts.developer.gov.bc.ca/docker-remote/fluent/fluent-bit:1.5.7 imagePullPolicy: Always imagePullSecrets: @@ -92,21 +92,21 @@ objects: emptyDir: { } - name: flb-sc-config-volume configMap: - name: "${REPO_NAME}-flb-sc-config-map" + name: "${APP_NAME}-flb-sc-config-map" test: false - apiVersion: v1 kind: Service metadata: labels: - app: "${REPO_NAME}-backend" - name: "${REPO_NAME}-backend" + app: "${APP_NAME}-backend" + name: "${APP_NAME}-backend" spec: ports: - name: ${CONTAINER_PORT}-tcp port: ${{CONTAINER_PORT}} protocol: TCP selector: - app: "${REPO_NAME}-backend" + app: "${APP_NAME}-backend" # route for backend .grad.gov.bc.ca/api - apiVersion: v1 kind: Route @@ -114,14 +114,14 @@ objects: annotations: openshift.io/host.generated: 'true' labels: - app: "${REPO_NAME}-backend" - name: "${REPO_NAME}-backend-${ENVIRONMENT}" + app: "${APP_NAME}-backend" + name: "${APP_NAME}-backend-${ENVIRONMENT}" spec: host: "${BASE_URL}" path: "/api" to: kind: Service - name: "${REPO_NAME}-backend" + name: "${APP_NAME}-backend" weight: 100 wildcardPolicy: None port: @@ -136,8 +136,8 @@ objects: kind: Route metadata: labels: - app: "${REPO_NAME}-backend" - name: "${REPO_NAME}-backend" + app: "${APP_NAME}-backend" + name: "${APP_NAME}-backend" annotations: haproxy.router.openshift.io/timeout: 600s spec: @@ -150,18 +150,18 @@ objects: termination: edge to: kind: Service - name: "${REPO_NAME}-backend" + name: "${APP_NAME}-backend" weight: 100 wildcardPolicy: None - apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: - name: "${REPO_NAME}-backend-cpu-autoscaler" + name: "${APP_NAME}-backend-cpu-autoscaler" spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment - name: "${REPO_NAME}-backend" + name: "${APP_NAME}-backend" subresource: scale minReplicas: ${{MIN_REPLICAS}} maxReplicas: ${{MAX_REPLICAS}} @@ -179,8 +179,8 @@ objects: averageUtilization: 100 type: Utilization parameters: - - name: REPO_NAME - description: Application repository name + - name: APP_NAME + description: Application name required: true - name: IS_NAMESPACE description: The namespace where the imagestream lives From 9c607635c9bc2f998db67d7b64e28db36a5c851e Mon Sep 17 00:00:00 2001 From: cditcher Date: Mon, 2 Dec 2024 15:50:28 -0800 Subject: [PATCH 35/48] Removing vars not used --- .github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml b/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml index a16b2026..4370a10a 100644 --- a/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml +++ b/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml @@ -19,11 +19,7 @@ env: ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca APP_NAME: "educ-grad-admin" - BRANCH: "GRAD2-3119" APP_NAME_BACKEND: "educ-grad-admin-backend" - NAMESPACE: ${{secrets.GRAD_NAMESPACE_NO_ENV}} - NAMESPACE_TOOLS: ${{secrets.GRAD_NAMESPACE_NO_ENV}}-tools - COMMON_NAMESPACE: ${{secrets.COMMON_NAMESPACE_NO_ENV}} TAG: "latest" TARGET_ENV: "dev" From 9a7a1f2854d136e61223071262fd6a69a2d032c2 Mon Sep 17 00:00:00 2001 From: cditcher Date: Mon, 2 Dec 2024 16:02:50 -0800 Subject: [PATCH 36/48] Final cleanup for backend actions --- .../build-n-deploy-backend-to-ocp-dev.yml | 19 +++++++------------ .../workflows/deploy-backend-to-ocp-prod.yml | 14 ++++---------- .../workflows/deploy-backend-to-ocp-test.yml | 14 ++++---------- 3 files changed, 15 insertions(+), 32 deletions(-) diff --git a/.github/workflows/build-n-deploy-backend-to-ocp-dev.yml b/.github/workflows/build-n-deploy-backend-to-ocp-dev.yml index 3748f15b..2676d8b8 100644 --- a/.github/workflows/build-n-deploy-backend-to-ocp-dev.yml +++ b/.github/workflows/build-n-deploy-backend-to-ocp-dev.yml @@ -15,16 +15,11 @@ env: IMAGE_REGISTRY_USER: ${{ github.actor }} IMAGE_REGISTRY_PASSWORD: ${{ github.token }} - IMAGE_NAME: educ-grad-admin-backend DOCKER_ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca/docker-remote ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca - REPO_NAME: "educ-grad-admin" - BRANCH: "main" + APP_NAME: "educ-grad-admin" APP_NAME_BACKEND: "educ-grad-admin-backend" - NAMESPACE: bbe4c3 - NAMESPACE_TOOLS: bbe4c3-tools - COMMON_NAMESPACE: 75e61b TAG: "latest" TARGET_ENV: "dev" @@ -142,20 +137,20 @@ jobs: oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }} oc project ${{ env.OPENSHIFT_NAMESPACE }} # Cancel any rollouts in progress - oc rollout cancel deployment/${{ env.IMAGE_NAME }} 2> /dev/null \ + oc rollout cancel deployment/${{ env.APP_NAME_BACKEND }} 2> /dev/null \ || true && echo "No rollout in progress" oc project ${{ env.OPENSHIFT_NAMESPACE }} # Create the image stream if it doesn't exist - oc create imagestream ${{ env.REPO_NAME }}-backend 2> /dev/null || true && echo "Backend image stream in place" + oc create imagestream ${{ env.APP_NAME_BACKEND}} 2> /dev/null || true && echo "Backend image stream in place" - oc tag ${{ steps.push-image-backend.outputs.registry-path }} ${{ env.REPO_NAME }}-backend:${{ env.TAG }} + oc tag ${{ steps.push-image-backend.outputs.registry-path }} ${{ env.APP_NAME_BACKEND }}:${{ env.TAG }} # Process template oc process -f tools/openshift/backend-dc.yaml \ -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ - -p REPO_NAME=${{ env.REPO_NAME }} \ + -p APP_NAME=${{ env.APP_NAME }} \ -p HOST_ROUTE=${{ env.HOST_ROUTE }} \ -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \ -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \ @@ -171,10 +166,10 @@ jobs: | oc apply -n ${{ env.OPENSHIFT_NAMESPACE }} -f - # Start rollout (if necessary) and follow it - oc rollout restart deployment/${{ env.IMAGE_NAME }} + oc rollout restart deployment/${{ env.APP_NAME_BACKEND }} # Get status, returns 0 if rollout is successful - oc rollout status deployment/${{ env.IMAGE_NAME }} + oc rollout status deployment/${{ env.APP_NAME_BACKEND }} - name: ZAP Scan uses: zaproxy/action-full-scan@v0.10.0 diff --git a/.github/workflows/deploy-backend-to-ocp-prod.yml b/.github/workflows/deploy-backend-to-ocp-prod.yml index 28ca6ef9..ee05a747 100644 --- a/.github/workflows/deploy-backend-to-ocp-prod.yml +++ b/.github/workflows/deploy-backend-to-ocp-prod.yml @@ -15,17 +15,11 @@ env: IMAGE_REGISTRY_USER: ${{ github.actor }} IMAGE_REGISTRY_PASSWORD: ${{ github.token }} - IMAGE_NAME: educ-grad-admin-backend DOCKER_ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca/docker-remote ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca APP_NAME: "educ-grad-admin" - BRANCH: "main" APP_NAME_BACKEND: "educ-grad-admin-backend" - NAMESPACE: bbe4c3 - NAMESPACE_TOOLS: bbe4c3-tools - COMMON_NAMESPACE: 75e61b - TAG: "latest" TARGET_ENV: "prod" MIN_CPU: "50m" @@ -70,7 +64,7 @@ jobs: oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }} oc project ${{ env.OPENSHIFT_NAMESPACE }} # Cancel any rollouts in progress - oc rollout cancel deployment/${{ env.IMAGE_NAME }} 2> /dev/null \ + oc rollout cancel deployment/${{ env.APP_NAME_BACKEND }} 2> /dev/null \ || true && echo "No rollout in progress" oc tag ${{ env.NAMESPACE }}-dev/${{ env.APP_NAME_BACKEND }}:${{ steps.get-latest-tag.outputs.tag }} ${{ env.NAMESPACE }}-prod/${{ env.APP_NAME_BACKEND }}:${{ steps.get-latest-tag.outputs.tag }} @@ -79,7 +73,7 @@ jobs: oc process -f tools/openshift/backend-dc.yaml \ -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ -p TAG_NAME=${{ steps.get-latest-tag.outputs.tag }} \ - -p REPO_NAME=${{ env.APP_NAME }} \ + -p APP_NAME=${{ env.APP_NAME }} \ -p HOST_ROUTE=${{ env.HOST_ROUTE }} \ -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \ -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \ @@ -95,7 +89,7 @@ jobs: | oc apply -n ${{ env.OPENSHIFT_NAMESPACE }} -f - # Start rollout (if necessary) and follow it - oc rollout restart deployment/${{ env.IMAGE_NAME }} + oc rollout restart deployment/${{ env.APP_NAME_BACKEND }} # Get status, returns 0 if rollout is successful - oc rollout status dc/${{ env.IMAGE_NAME }}-dc + oc rollout status deployment/${{ env.APP_NAME_BACKEND }} \ No newline at end of file diff --git a/.github/workflows/deploy-backend-to-ocp-test.yml b/.github/workflows/deploy-backend-to-ocp-test.yml index 5c9c4aad..790a8708 100644 --- a/.github/workflows/deploy-backend-to-ocp-test.yml +++ b/.github/workflows/deploy-backend-to-ocp-test.yml @@ -15,17 +15,11 @@ env: IMAGE_REGISTRY_USER: ${{ github.actor }} IMAGE_REGISTRY_PASSWORD: ${{ github.token }} - IMAGE_NAME: educ-grad-admin-backend DOCKER_ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca/docker-remote ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca APP_NAME: "educ-grad-admin" - BRANCH: "main" APP_NAME_BACKEND: "educ-grad-admin-backend" - NAMESPACE: bbe4c3 - NAMESPACE_TOOLS: bbe4c3-tools - COMMON_NAMESPACE: 75e61b - TAG: "latest" TARGET_ENV: "test" MIN_CPU: "50m" @@ -70,7 +64,7 @@ jobs: oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }} oc project ${{ env.OPENSHIFT_NAMESPACE }} # Cancel any rollouts in progress - oc rollout cancel deployment/${{ env.IMAGE_NAME }} 2> /dev/null \ + oc rollout cancel deployment/${{ env.APP_NAME_BACKEND }} 2> /dev/null \ || true && echo "No rollout in progress" oc tag ${{ env.NAMESPACE }}-dev/${{ env.APP_NAME_BACKEND }}:${{ steps.get-latest-tag.outputs.tag }} ${{ env.NAMESPACE }}-test/${{ env.APP_NAME_BACKEND }}:${{ steps.get-latest-tag.outputs.tag }} @@ -79,7 +73,7 @@ jobs: oc process -f tools/openshift/backend-dc.yaml \ -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ -p TAG_NAME=${{ steps.get-latest-tag.outputs.tag }} \ - -p REPO_NAME=${{ env.APP_NAME }} \ + -p APP_NAME=${{ env.APP_NAME }} \ -p HOST_ROUTE=${{ env.HOST_ROUTE }} \ -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \ -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \ @@ -95,10 +89,10 @@ jobs: | oc apply -n ${{ env.OPENSHIFT_NAMESPACE }} -f - # Start rollout (if necessary) and follow it - oc rollout restart deployment/${{ env.IMAGE_NAME }} + oc rollout restart deployment/${{ env.APP_NAME_BACKEND }} # Get status, returns 0 if rollout is successful - oc rollout status deployment/${{ env.IMAGE_NAME }} + oc rollout status deployment/${{ env.APP_NAME_BACKEND }} - name: ZAP Scan uses: zaproxy/action-full-scan@v0.10.0 From f53d1765104f314153d93af57c40baa285e6e59a Mon Sep 17 00:00:00 2001 From: cditcher Date: Tue, 3 Dec 2024 14:20:57 -0800 Subject: [PATCH 37/48] Added config map --- ...build-n-deploy-backend-to-ocp-dev-vue3.yml | 22 ++++- tools/openshift/update-configmap-backend.sh | 84 ++++++++++--------- 2 files changed, 66 insertions(+), 40 deletions(-) diff --git a/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml b/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml index 4370a10a..b5ed9bb8 100644 --- a/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml +++ b/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml @@ -22,6 +22,7 @@ env: APP_NAME_BACKEND: "educ-grad-admin-backend" TAG: "latest" TARGET_ENV: "dev" + BRANCH: "GRAD2-3119" MIN_CPU: "50m" MAX_CPU: "100m" @@ -140,8 +141,6 @@ jobs: oc rollout cancel deployment/${{ env.APP_NAME_BACKEND }} 2> /dev/null \ || true && echo "No rollout in progress" - oc project ${{ env.OPENSHIFT_NAMESPACE }} - # Create the image stream if it doesn't exist oc create imagestream ${{ env.APP_NAME_BACKEND}} 2> /dev/null || true && echo "Backend image stream in place" @@ -164,6 +163,25 @@ jobs: -p CA_CERT="${{ secrets.CA_CERT }}" \ -p PRIVATE_KEY="${{ secrets.PRIVATE_KEY }}" \ | oc apply -n ${{ env.OPENSHIFT_NAMESPACE }} -f - + + # update configmap + curl -s https://raw.githubusercontent.com/bcgov/${{ env.APP_NAME }}/refs/heads/${{ env.BRANCH }}/tools/openshift/update-configmap-backend.sh | bash /dev/stdin \ + dev \ + ${{ env.APP_NAME }} \ + ${{ env.OPENSHIFT_NAMESPACE }} \ + ${{ env.TARGET_ENV }}.grad.gov.bc.ca \ + ${{ secrets.SOAM_PUBLIC_KEY }} \ + ${{ secrets.SOAM_CLIENT_ID }} \ + ${{ secrets.SOAM_CLIENT_SECRET }} \ + ${{ secrets.SITEMINDER_LOGOUT_ENDPOINT }} \ + ${{ secrets.UI_PUBLIC_KEY }} \ + ${{ secrets.UI_PRIVATE_KEY }} \ + ${{ secrets.REDIS_PASSWORD }} \ + ${{ secrets.SPLUNK_TOKEN }} + + + + # Start rollout (if necessary) and follow it oc rollout restart deployment/${{ env.APP_NAME_BACKEND }} diff --git a/tools/openshift/update-configmap-backend.sh b/tools/openshift/update-configmap-backend.sh index 156f7900..929b3551 100644 --- a/tools/openshift/update-configmap-backend.sh +++ b/tools/openshift/update-configmap-backend.sh @@ -1,14 +1,18 @@ ########################################################### #ENV VARS ########################################################### -envValue=$1 +ENV=$1 APP_NAME=$2 -GRAD_NAMESPACE=$3 -COMMON_NAMESPACE=$4 -BUSINESS_NAMESPACE=$5 -SPLUNK_TOKEN=$6 -APP_LOG_LEVEL=$7 -STUDENT_ADMIN_URL_ROOT=$8 +OPENSHIFT_NAMESPACE=$3 +BASE_URL=$4 +SOAM_PUBLIC_KEY=$5 +SOAM_CLIENT_ID=$6 +SOAM_CLIENT_SECRET=$7 +SITEMINDER_LOGOUT_ENDPOINT=$8 +UI_PUBLIC_KEY=$9 +UI_PRIVATE_KEY=$10 +REDIS_PASSWORD=$11 +SPLUNK_TOKEN=$12 SPLUNK_URL="gww.splunk.educ.gov.bc.ca" FLB_CONFIG="[SERVICE] @@ -51,40 +55,44 @@ PARSER_CONFIG=" ########################################################### #Setup for config-maps ########################################################### -echo Creating config map "$APP_NAME"-config-map -oc create -n "$GRAD_NAMESPACE"-"$envValue" configmap "$APP_NAME"-config-map \ - --from-literal=APP_LOG_LEVEL="$APP_LOG_LEVEL" \ - --from-literal=BASELINE_ON_MIGRATE="true" \ - --from-literal=CRON_SCHEDULED_PURGE_OLD_RECORDS="0 0 0 * * *" \ - --from-literal=RECORDS_STALE_IN_DAYS="365" \ - --from-literal=CRON_SCHEDULED_GRAD_TO_TRAX_EVENTS="0 0/5 * * * *" \ - --from-literal=CRON_SCHEDULED_GRAD_TO_TRAX_EVENTS_LOCK_AT_LEAST_FOR="PT1M" \ - --from-literal=CRON_SCHEDULED_GRAD_TO_TRAX_EVENTS_LOCK_AT_MOST_FOR="PT5M" \ - --from-literal=CRON_SCHEDULED_GRAD_TO_TRAX_EVENTS_THRESHOLD="1000" \ - --from-literal=CRON_SCHEDULED_TRAX_TO_GRAD_EVENTS="0 0/5 * * * *" \ - --from-literal=CRON_SCHEDULED_TRAX_TO_GRAD_EVENTS_LOCK_AT_LEAST_FOR="PT1M" \ - --from-literal=CRON_SCHEDULED_TRAX_TO_GRAD_EVENTS_LOCK_AT_MOST_FOR="PT5M" \ - --from-literal=CRON_SCHEDULED_TRAX_TO_GRAD_EVENTS_THRESHOLD="1000" \ - --from-literal=CRON_SCHEDULED_TRIGGER_TRAX_UPDATES="0 0/20 * * * *" \ - --from-literal=CRON_SCHEDULED_TRIGGER_TRAX_UPDATES_LOCK_AT_LEAST_FOR="PT1M" \ - --from-literal=CRON_SCHEDULED_TRIGGER_TRAX_UPDATES_LOCK_AT_MOST_FOR="PT20M" \ - --from-literal=CRON_SCHEDULED_TRIGGER_TRAX_UPDATES_THRESHOLD="4000" \ - --from-literal=ENABLE_FLYWAY="true" \ - --from-literal=ENABLE_TRAX_UPDATE="true" \ - --from-literal=KEYCLOAK_TOKEN_URL="https://soam-$envValue.apps.silver.devops.gov.bc.ca/" \ - --from-literal=INSTITUTE_API_URL_ROOT="http://institute-api-master.$COMMON_NAMESPACE-$envValue.svc.cluster.local:8080/" \ - --from-literal=MAX_RETRY_ATTEMPTS="3" \ - --from-literal=SCHOOL_CACHE_EXPIRY_IN_MINS="240" \ - --from-literal=STUDENT_ADMIN_URL_ROOT="$STUDENT_ADMIN_URL_ROOT" \ - --from-literal=CONNECTION_TIMEOUT='30000' \ - --from-literal=MAXIMUM_POOL_SIZE='15' \ - --from-literal=MIN_IDLE='15' \ - --from-literal=IDLE_TIMEOUT='600000' \ - --from-literal=MAX_LIFETIME='1500000' \ +echo Creating config map "$APP_NAME"-backend-config-map +oc create -n "$OPENSHIFT_NAMESPACE" configmap "$APP_NAME"-backend-config-map \ + --from-literal=NODE_ENV=openshift \ + --from-literal=LOG_LEVEL=info \ + --from-literal=SERVER_FRONTEND="https://$BASE_URL" \ + --from-literal=SOAM_PUBLIC_KEY=$SOAM_PUBLIC_KEY \ + --from-literal=SOAM_CLIENT_ID=$SOAM_CLIENT_ID \ + --from-literal=SOAM_CLIENT_SECRET=$SOAM_CLIENT_SECRET \ + --from-literal=SOAM_URL="https://soam-$ENV.apps.silver.devops.gov.bc.ca" \ + --from-literal=SOAM_DISCOVERY="https://soam-$ENV.apps.silver.devops.gov.bc.ca/auth/realms/master/.well-known/openid-configuration" \ + --from-literal=IDIR_IDP_HINT=keycloak_bcdevexchange_idir \ + --from-literal=SITEMINDER_LOGOUT_ENDPOINT=$SITEMINDER_LOGOUT_ENDPOINT \ + --from-literal=ISSUER=GRAD_ADMIN_APPLICATION \ + --from-literal=SESSION_MAX_AGE='1800000' \ + --from-literal=TOKEN_EXPIRES_IN='1800000' \ + --from-literal=UI_PUBLIC_KEY=$UI_PUBLIC_KEY \ + --from-literal=UI_PRIVATE_KEY=$UI_PRIVATE_KEY \ + --from-literal=GRAD_ROLE_ADMIN=GRAD_SYSTEM_COORDINATOR \ + --from-literal=GRAD_PROGRAM_AREA_BA=GRAD_PROGRAM_AREA_BA \ + --from-literal=GRAD_ROLE_INFO_OFFICER=GRAD_INFO_OFFICER \ + --from-literal=REDIS_HOST=redis \ + --from-literal=REDIS_PORT=6379 \ + --from-literal=REDIS_PASSWORD=$REDIS_PASSWORD \ + --from-literal=BATCH_API_URL="http://educ-grad-batch-graduation-api.77c02f-$ENV.svc.cluster.local:8080/api/v1" \ + --from-literal=STUDENT_GRADUATION_API_URL="http://educ-grad-student-graduation-api.77c02f-$ENV.svc.cluster.local:8080/api/v1" \ + --from-literal=GRADUATION_API_URL="http://educ-grad-graduation-api.77c02f-$ENV.svc.cluster.local:8080/api/v1" \ + --from-literal=COURSE_API_URL="http://educ-grad-course-api.77c02f-$ENV.svc.cluster.local:8080/api/v1" \ + --from-literal=GRAD_STUDENT_API_URL="http://educ-grad-student-api.77c02f-$ENV.svc.cluster.local:8080/api/v1" \ + --from-literal=PROGRAM_API_URL="http://educ-grad-program-api.77c02f-$ENV.svc.cluster.local:8080/api/v1" \ + --from-literal=DISTRIBUTION_API_URL="http://educ-grad-distribution-api.e8a97a-$ENV.svc.cluster.local:8080/api/v1" \ + --from-literal=ASSESSMENT_API_URL="http://educ-grad-assessment-api.77c02f-$ENV.svc.cluster.local:8080/api/v1" \ + --from-literal=GRADUATION_REPORT_API_URL="http://educ-grad-graduation-report-api.77c02f-$ENV.svc.cluster.local:8080/api/v1" \ + --from-literal=GRAD_REPORT_API_URL="http://educ-grad-report-api.77c02f-$ENV.svc.cluster.local:8080/api/v1" \ + --from-literal=GRAD_TRAX_API_URL="http://educ-grad-trax-api.77c02f-$ENV.svc.cluster.local:8080/api/v1" \ --dry-run=client -o yaml | oc apply -f - echo Creating config map "$APP_NAME"-flb-sc-config-map -oc create -n "$GRAD_NAMESPACE"-"$envValue" configmap "$APP_NAME"-flb-sc-config-map \ +oc create -n "$OPENSHIFT_NAMESPACE" configmap "$APP_NAME"-flb-sc-config-map \ --from-literal=fluent-bit.conf="$FLB_CONFIG" \ --from-literal=parsers.conf="$PARSER_CONFIG" \ --dry-run=client -o yaml | oc apply -f - From 0c7e7491c40af3494d2652da22d58255001b84ff Mon Sep 17 00:00:00 2001 From: cditcher Date: Tue, 3 Dec 2024 14:31:08 -0800 Subject: [PATCH 38/48] Updated quotes --- tools/openshift/update-configmap-backend.sh | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/tools/openshift/update-configmap-backend.sh b/tools/openshift/update-configmap-backend.sh index 929b3551..19692341 100644 --- a/tools/openshift/update-configmap-backend.sh +++ b/tools/openshift/update-configmap-backend.sh @@ -10,9 +10,9 @@ SOAM_CLIENT_ID=$6 SOAM_CLIENT_SECRET=$7 SITEMINDER_LOGOUT_ENDPOINT=$8 UI_PUBLIC_KEY=$9 -UI_PRIVATE_KEY=$10 -REDIS_PASSWORD=$11 -SPLUNK_TOKEN=$12 +UI_PRIVATE_KEY=${10} +REDIS_PASSWORD=${11} +SPLUNK_TOKEN=${12} SPLUNK_URL="gww.splunk.educ.gov.bc.ca" FLB_CONFIG="[SERVICE] @@ -60,24 +60,24 @@ oc create -n "$OPENSHIFT_NAMESPACE" configmap "$APP_NAME"-backend-config-map \ --from-literal=NODE_ENV=openshift \ --from-literal=LOG_LEVEL=info \ --from-literal=SERVER_FRONTEND="https://$BASE_URL" \ - --from-literal=SOAM_PUBLIC_KEY=$SOAM_PUBLIC_KEY \ - --from-literal=SOAM_CLIENT_ID=$SOAM_CLIENT_ID \ - --from-literal=SOAM_CLIENT_SECRET=$SOAM_CLIENT_SECRET \ + --from-literal=SOAM_PUBLIC_KEY="$SOAM_PUBLIC_KEY" \ + --from-literal=SOAM_CLIENT_ID="$SOAM_CLIENT_ID" \ + --from-literal=SOAM_CLIENT_SECRET="$SOAM_CLIENT_SECRET" \ --from-literal=SOAM_URL="https://soam-$ENV.apps.silver.devops.gov.bc.ca" \ --from-literal=SOAM_DISCOVERY="https://soam-$ENV.apps.silver.devops.gov.bc.ca/auth/realms/master/.well-known/openid-configuration" \ --from-literal=IDIR_IDP_HINT=keycloak_bcdevexchange_idir \ - --from-literal=SITEMINDER_LOGOUT_ENDPOINT=$SITEMINDER_LOGOUT_ENDPOINT \ + --from-literal=SITEMINDER_LOGOUT_ENDPOINT="$SITEMINDER_LOGOUT_ENDPOINT" \ --from-literal=ISSUER=GRAD_ADMIN_APPLICATION \ --from-literal=SESSION_MAX_AGE='1800000' \ --from-literal=TOKEN_EXPIRES_IN='1800000' \ - --from-literal=UI_PUBLIC_KEY=$UI_PUBLIC_KEY \ - --from-literal=UI_PRIVATE_KEY=$UI_PRIVATE_KEY \ + --from-literal=UI_PUBLIC_KEY="$UI_PUBLIC_KEY" \ + --from-literal=UI_PRIVATE_KEY="$UI_PRIVATE_KEY" \ --from-literal=GRAD_ROLE_ADMIN=GRAD_SYSTEM_COORDINATOR \ --from-literal=GRAD_PROGRAM_AREA_BA=GRAD_PROGRAM_AREA_BA \ --from-literal=GRAD_ROLE_INFO_OFFICER=GRAD_INFO_OFFICER \ --from-literal=REDIS_HOST=redis \ --from-literal=REDIS_PORT=6379 \ - --from-literal=REDIS_PASSWORD=$REDIS_PASSWORD \ + --from-literal=REDIS_PASSWORD="$REDIS_PASSWORD" \ --from-literal=BATCH_API_URL="http://educ-grad-batch-graduation-api.77c02f-$ENV.svc.cluster.local:8080/api/v1" \ --from-literal=STUDENT_GRADUATION_API_URL="http://educ-grad-student-graduation-api.77c02f-$ENV.svc.cluster.local:8080/api/v1" \ --from-literal=GRADUATION_API_URL="http://educ-grad-graduation-api.77c02f-$ENV.svc.cluster.local:8080/api/v1" \ From c5ce536d175ce4ff35cebd78ef4ed49ddce4f24a Mon Sep 17 00:00:00 2001 From: cditcher Date: Tue, 3 Dec 2024 15:13:56 -0800 Subject: [PATCH 39/48] Updated update-configmap-backend.sh --- ...build-n-deploy-backend-to-ocp-dev-vue3.yml | 7 +- tools/openshift/update-configmap-backend.sh | 114 ++++++++++++------ 2 files changed, 77 insertions(+), 44 deletions(-) diff --git a/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml b/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml index b5ed9bb8..d07dcfc3 100644 --- a/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml +++ b/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml @@ -177,12 +177,9 @@ jobs: ${{ secrets.UI_PUBLIC_KEY }} \ ${{ secrets.UI_PRIVATE_KEY }} \ ${{ secrets.REDIS_PASSWORD }} \ - ${{ secrets.SPLUNK_TOKEN }} + ${{ secrets.SPLUNK_TOKEN }} \ + ${{ secrets.COMMON_NAMESPACE }} - - - - # Start rollout (if necessary) and follow it oc rollout restart deployment/${{ env.APP_NAME_BACKEND }} diff --git a/tools/openshift/update-configmap-backend.sh b/tools/openshift/update-configmap-backend.sh index 19692341..37596a85 100644 --- a/tools/openshift/update-configmap-backend.sh +++ b/tools/openshift/update-configmap-backend.sh @@ -13,7 +13,82 @@ UI_PUBLIC_KEY=$9 UI_PRIVATE_KEY=${10} REDIS_PASSWORD=${11} SPLUNK_TOKEN=${12} +COMMON_NAMESPACE=${13} +SOAM_KC_REALM_ID="master" +SOAM_KC=soam-$ENV.apps.silver.devops.gov.bc.ca +SOAM_KC_LOAD_USER_ADMIN=$(oc -n $COMMON_NAMESPACE-$ENV -o json get secret sso-admin-${ENV} | sed -n 's/.*"username": "\(.*\)"/\1/p' | base64 --decode) +SOAM_KC_LOAD_USER_PASS=$(oc -n $COMMON_NAMESPACE-$ENV -o json get secret sso-admin-${ENV} | sed -n 's/.*"password": "\(.*\)",/\1/p' | base64 --decode) + +echo Fetching SOAM token +TKN=$(curl -s \ + -d "client_id=admin-cli" \ + -d "username=$SOAM_KC_LOAD_USER_ADMIN" \ + -d "password=$SOAM_KC_LOAD_USER_PASS" \ + -d "grant_type=password" \ + "https://$SOAM_KC/auth/realms/$SOAM_KC_REALM_ID/protocol/openid-connect/token" | jq -r '.access_token') + +echo Fetching public key from SOAM +fullKey=$(curl -sX GET "https://$SOAM_KC/auth/admin/realms/$SOAM_KC_REALM_ID/keys" \ + -H "Content-Type: application/json" \ + -H "Authorization: Bearer $TKN" \ + | jq -r '.keys | .[] | select(.algorithm == "RS256") | .publicKey') + +echo Fetching public key from SOAM +soamFullPublicKey="-----BEGIN PUBLIC KEY----- $fullKey -----END PUBLIC KEY-----" +newline=$'\n' +formattedPublicKey="${soamFullPublicKey:0:26}${newline}${soamFullPublicKey:27:64}${newline}${soamFullPublicKey:91:64}${newline}${soamFullPublicKey:155:64}${newline}${soamFullPublicKey:219:64}${newline}${soamFullPublicKey:283:64}${newline}${soamFullPublicKey:347:64}${newline}${soamFullPublicKey:411:9}${newline}${soamFullPublicKey:420}" + +echo Generating private and public keys +ssh-keygen -b 4096 -t rsa -f tempPenBackendkey -m pem -q -N "" +UI_PRIVATE_KEY_VAL="$(cat tempPenBackendkey)" +UI_PUBLIC_KEY_VAL="$(ssh-keygen -f tempPenBackendkey -e -m pem)" +echo Removing key files +rm tempPenBackendkey +rm tempPenBackendkey.pub + + +########################################################### +#Setup for config-maps +########################################################### +#### backend configmap +echo Creating config map "$APP_NAME"-backend-config-map +oc create -n "$OPENSHIFT_NAMESPACE" configmap "$APP_NAME"-backend-config-map \ + --from-literal=NODE_ENV=openshift \ + --from-literal=LOG_LEVEL=info \ + --from-literal=SERVER_FRONTEND="https://$BASE_URL" \ + --from-literal=SOAM_PUBLIC_KEY="$formattedPublicKey" \ + --from-literal=SOAM_CLIENT_ID="$SOAM_CLIENT_ID" \ + --from-literal=SOAM_CLIENT_SECRET="$SOAM_CLIENT_SECRET" \ + --from-literal=SOAM_URL="https://soam-$ENV.apps.silver.devops.gov.bc.ca" \ + --from-literal=SOAM_DISCOVERY="https://soam-$ENV.apps.silver.devops.gov.bc.ca/auth/realms/master/.well-known/openid-configuration" \ + --from-literal=IDIR_IDP_HINT=keycloak_bcdevexchange_idir \ + --from-literal=SITEMINDER_LOGOUT_ENDPOINT="$SITEMINDER_LOGOUT_ENDPOINT" \ + --from-literal=ISSUER=GRAD_ADMIN_APPLICATION \ + --from-literal=SESSION_MAX_AGE='1800000' \ + --from-literal=TOKEN_EXPIRES_IN='1800000' \ + --from-literal=UI_PUBLIC_KEY="$UI_PUBLIC_KEY_VAL" \ + --from-literal=UI_PRIVATE_KEY="$UI_PRIVATE_KEY_VAL" \ + --from-literal=GRAD_ROLE_ADMIN=GRAD_SYSTEM_COORDINATOR \ + --from-literal=GRAD_PROGRAM_AREA_BA=GRAD_PROGRAM_AREA_BA \ + --from-literal=GRAD_ROLE_INFO_OFFICER=GRAD_INFO_OFFICER \ + --from-literal=REDIS_HOST=redis \ + --from-literal=REDIS_PORT=6379 \ + --from-literal=REDIS_PASSWORD="$REDIS_PASSWORD" \ + --from-literal=BATCH_API_URL="http://educ-grad-batch-graduation-api.77c02f-$ENV.svc.cluster.local:8080/api/v1" \ + --from-literal=STUDENT_GRADUATION_API_URL="http://educ-grad-student-graduation-api.77c02f-$ENV.svc.cluster.local:8080/api/v1" \ + --from-literal=GRADUATION_API_URL="http://educ-grad-graduation-api.77c02f-$ENV.svc.cluster.local:8080/api/v1" \ + --from-literal=COURSE_API_URL="http://educ-grad-course-api.77c02f-$ENV.svc.cluster.local:8080/api/v1" \ + --from-literal=GRAD_STUDENT_API_URL="http://educ-grad-student-api.77c02f-$ENV.svc.cluster.local:8080/api/v1" \ + --from-literal=PROGRAM_API_URL="http://educ-grad-program-api.77c02f-$ENV.svc.cluster.local:8080/api/v1" \ + --from-literal=DISTRIBUTION_API_URL="http://educ-grad-distribution-api.e8a97a-$ENV.svc.cluster.local:8080/api/v1" \ + --from-literal=ASSESSMENT_API_URL="http://educ-grad-assessment-api.77c02f-$ENV.svc.cluster.local:8080/api/v1" \ + --from-literal=GRADUATION_REPORT_API_URL="http://educ-grad-graduation-report-api.77c02f-$ENV.svc.cluster.local:8080/api/v1" \ + --from-literal=GRAD_REPORT_API_URL="http://educ-grad-report-api.77c02f-$ENV.svc.cluster.local:8080/api/v1" \ + --from-literal=GRAD_TRAX_API_URL="http://educ-grad-trax-api.77c02f-$ENV.svc.cluster.local:8080/api/v1" \ + --dry-run=client -o yaml | oc apply -f - + +#### splunk SPLUNK_URL="gww.splunk.educ.gov.bc.ca" FLB_CONFIG="[SERVICE] Flush 1 @@ -52,45 +127,6 @@ PARSER_CONFIG=" Name docker Format json " -########################################################### -#Setup for config-maps -########################################################### -echo Creating config map "$APP_NAME"-backend-config-map -oc create -n "$OPENSHIFT_NAMESPACE" configmap "$APP_NAME"-backend-config-map \ - --from-literal=NODE_ENV=openshift \ - --from-literal=LOG_LEVEL=info \ - --from-literal=SERVER_FRONTEND="https://$BASE_URL" \ - --from-literal=SOAM_PUBLIC_KEY="$SOAM_PUBLIC_KEY" \ - --from-literal=SOAM_CLIENT_ID="$SOAM_CLIENT_ID" \ - --from-literal=SOAM_CLIENT_SECRET="$SOAM_CLIENT_SECRET" \ - --from-literal=SOAM_URL="https://soam-$ENV.apps.silver.devops.gov.bc.ca" \ - --from-literal=SOAM_DISCOVERY="https://soam-$ENV.apps.silver.devops.gov.bc.ca/auth/realms/master/.well-known/openid-configuration" \ - --from-literal=IDIR_IDP_HINT=keycloak_bcdevexchange_idir \ - --from-literal=SITEMINDER_LOGOUT_ENDPOINT="$SITEMINDER_LOGOUT_ENDPOINT" \ - --from-literal=ISSUER=GRAD_ADMIN_APPLICATION \ - --from-literal=SESSION_MAX_AGE='1800000' \ - --from-literal=TOKEN_EXPIRES_IN='1800000' \ - --from-literal=UI_PUBLIC_KEY="$UI_PUBLIC_KEY" \ - --from-literal=UI_PRIVATE_KEY="$UI_PRIVATE_KEY" \ - --from-literal=GRAD_ROLE_ADMIN=GRAD_SYSTEM_COORDINATOR \ - --from-literal=GRAD_PROGRAM_AREA_BA=GRAD_PROGRAM_AREA_BA \ - --from-literal=GRAD_ROLE_INFO_OFFICER=GRAD_INFO_OFFICER \ - --from-literal=REDIS_HOST=redis \ - --from-literal=REDIS_PORT=6379 \ - --from-literal=REDIS_PASSWORD="$REDIS_PASSWORD" \ - --from-literal=BATCH_API_URL="http://educ-grad-batch-graduation-api.77c02f-$ENV.svc.cluster.local:8080/api/v1" \ - --from-literal=STUDENT_GRADUATION_API_URL="http://educ-grad-student-graduation-api.77c02f-$ENV.svc.cluster.local:8080/api/v1" \ - --from-literal=GRADUATION_API_URL="http://educ-grad-graduation-api.77c02f-$ENV.svc.cluster.local:8080/api/v1" \ - --from-literal=COURSE_API_URL="http://educ-grad-course-api.77c02f-$ENV.svc.cluster.local:8080/api/v1" \ - --from-literal=GRAD_STUDENT_API_URL="http://educ-grad-student-api.77c02f-$ENV.svc.cluster.local:8080/api/v1" \ - --from-literal=PROGRAM_API_URL="http://educ-grad-program-api.77c02f-$ENV.svc.cluster.local:8080/api/v1" \ - --from-literal=DISTRIBUTION_API_URL="http://educ-grad-distribution-api.e8a97a-$ENV.svc.cluster.local:8080/api/v1" \ - --from-literal=ASSESSMENT_API_URL="http://educ-grad-assessment-api.77c02f-$ENV.svc.cluster.local:8080/api/v1" \ - --from-literal=GRADUATION_REPORT_API_URL="http://educ-grad-graduation-report-api.77c02f-$ENV.svc.cluster.local:8080/api/v1" \ - --from-literal=GRAD_REPORT_API_URL="http://educ-grad-report-api.77c02f-$ENV.svc.cluster.local:8080/api/v1" \ - --from-literal=GRAD_TRAX_API_URL="http://educ-grad-trax-api.77c02f-$ENV.svc.cluster.local:8080/api/v1" \ - --dry-run=client -o yaml | oc apply -f - - echo Creating config map "$APP_NAME"-flb-sc-config-map oc create -n "$OPENSHIFT_NAMESPACE" configmap "$APP_NAME"-flb-sc-config-map \ --from-literal=fluent-bit.conf="$FLB_CONFIG" \ From 89cccfc8bddf33512df9554b41c8a53621514bf1 Mon Sep 17 00:00:00 2001 From: cditcher Date: Wed, 4 Dec 2024 08:38:32 -0800 Subject: [PATCH 40/48] Adding more automation to script --- ...build-n-deploy-backend-to-ocp-dev-vue3.yml | 5 ---- tools/openshift/update-configmap-backend.sh | 30 ++++++++++++------- 2 files changed, 19 insertions(+), 16 deletions(-) diff --git a/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml b/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml index d07dcfc3..042d5e7c 100644 --- a/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml +++ b/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml @@ -170,12 +170,7 @@ jobs: ${{ env.APP_NAME }} \ ${{ env.OPENSHIFT_NAMESPACE }} \ ${{ env.TARGET_ENV }}.grad.gov.bc.ca \ - ${{ secrets.SOAM_PUBLIC_KEY }} \ - ${{ secrets.SOAM_CLIENT_ID }} \ ${{ secrets.SOAM_CLIENT_SECRET }} \ - ${{ secrets.SITEMINDER_LOGOUT_ENDPOINT }} \ - ${{ secrets.UI_PUBLIC_KEY }} \ - ${{ secrets.UI_PRIVATE_KEY }} \ ${{ secrets.REDIS_PASSWORD }} \ ${{ secrets.SPLUNK_TOKEN }} \ ${{ secrets.COMMON_NAMESPACE }} diff --git a/tools/openshift/update-configmap-backend.sh b/tools/openshift/update-configmap-backend.sh index 37596a85..c74a02a4 100644 --- a/tools/openshift/update-configmap-backend.sh +++ b/tools/openshift/update-configmap-backend.sh @@ -5,21 +5,29 @@ ENV=$1 APP_NAME=$2 OPENSHIFT_NAMESPACE=$3 BASE_URL=$4 -SOAM_PUBLIC_KEY=$5 -SOAM_CLIENT_ID=$6 -SOAM_CLIENT_SECRET=$7 -SITEMINDER_LOGOUT_ENDPOINT=$8 -UI_PUBLIC_KEY=$9 -UI_PRIVATE_KEY=${10} -REDIS_PASSWORD=${11} -SPLUNK_TOKEN=${12} -COMMON_NAMESPACE=${13} +#SOAM_PUBLIC_KEY=$5 +#SOAM_CLIENT_ID=$6 +SOAM_CLIENT_SECRET=$5 +#SITEMINDER_LOGOUT_ENDPOINT=$8 +#UI_PUBLIC_KEY=$9 +#UI_PRIVATE_KEY=${10} +REDIS_PASSWORD=$6 +SPLUNK_TOKEN=$7 +COMMON_NAMESPACE=$8 SOAM_KC_REALM_ID="master" SOAM_KC=soam-$ENV.apps.silver.devops.gov.bc.ca SOAM_KC_LOAD_USER_ADMIN=$(oc -n $COMMON_NAMESPACE-$ENV -o json get secret sso-admin-${ENV} | sed -n 's/.*"username": "\(.*\)"/\1/p' | base64 --decode) SOAM_KC_LOAD_USER_PASS=$(oc -n $COMMON_NAMESPACE-$ENV -o json get secret sso-admin-${ENV} | sed -n 's/.*"password": "\(.*\)",/\1/p' | base64 --decode) +siteMinderLogoutUrl="" +if [ "$ENV" != "prod" ] +then + siteMinderLogoutUrl="https://logontest7.gov.bc.ca/clp-cgi/logoff.cgi?retnow=1&returl=" +else + siteMinderLogoutUrl="https://logon7.gov.bc.ca/clp-cgi/logoff.cgi?retnow=1&returl=" +fi + echo Fetching SOAM token TKN=$(curl -s \ -d "client_id=admin-cli" \ @@ -58,12 +66,12 @@ oc create -n "$OPENSHIFT_NAMESPACE" configmap "$APP_NAME"-backend-config-map \ --from-literal=LOG_LEVEL=info \ --from-literal=SERVER_FRONTEND="https://$BASE_URL" \ --from-literal=SOAM_PUBLIC_KEY="$formattedPublicKey" \ - --from-literal=SOAM_CLIENT_ID="$SOAM_CLIENT_ID" \ + --from-literal=SOAM_CLIENT_ID="grad-admin-client" \ --from-literal=SOAM_CLIENT_SECRET="$SOAM_CLIENT_SECRET" \ --from-literal=SOAM_URL="https://soam-$ENV.apps.silver.devops.gov.bc.ca" \ --from-literal=SOAM_DISCOVERY="https://soam-$ENV.apps.silver.devops.gov.bc.ca/auth/realms/master/.well-known/openid-configuration" \ --from-literal=IDIR_IDP_HINT=keycloak_bcdevexchange_idir \ - --from-literal=SITEMINDER_LOGOUT_ENDPOINT="$SITEMINDER_LOGOUT_ENDPOINT" \ + --from-literal=SITEMINDER_LOGOUT_ENDPOINT="$siteMinderLogoutUrl" \ --from-literal=ISSUER=GRAD_ADMIN_APPLICATION \ --from-literal=SESSION_MAX_AGE='1800000' \ --from-literal=TOKEN_EXPIRES_IN='1800000' \ From 60e2877fd8f5728f3ffc045493bd600028e54adc Mon Sep 17 00:00:00 2001 From: cditcher Date: Wed, 4 Dec 2024 09:18:51 -0800 Subject: [PATCH 41/48] Think she's working now --- tools/openshift/update-configmap-backend.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tools/openshift/update-configmap-backend.sh b/tools/openshift/update-configmap-backend.sh index c74a02a4..e8baac9e 100644 --- a/tools/openshift/update-configmap-backend.sh +++ b/tools/openshift/update-configmap-backend.sh @@ -5,12 +5,7 @@ ENV=$1 APP_NAME=$2 OPENSHIFT_NAMESPACE=$3 BASE_URL=$4 -#SOAM_PUBLIC_KEY=$5 -#SOAM_CLIENT_ID=$6 SOAM_CLIENT_SECRET=$5 -#SITEMINDER_LOGOUT_ENDPOINT=$8 -#UI_PUBLIC_KEY=$9 -#UI_PRIVATE_KEY=${10} REDIS_PASSWORD=$6 SPLUNK_TOKEN=$7 COMMON_NAMESPACE=$8 @@ -20,6 +15,11 @@ SOAM_KC=soam-$ENV.apps.silver.devops.gov.bc.ca SOAM_KC_LOAD_USER_ADMIN=$(oc -n $COMMON_NAMESPACE-$ENV -o json get secret sso-admin-${ENV} | sed -n 's/.*"username": "\(.*\)"/\1/p' | base64 --decode) SOAM_KC_LOAD_USER_PASS=$(oc -n $COMMON_NAMESPACE-$ENV -o json get secret sso-admin-${ENV} | sed -n 's/.*"password": "\(.*\)",/\1/p' | base64 --decode) +nodeEnv="openshift" +if [ "$ENV" = "dev" ] +then + nodeEnv="local" +fi siteMinderLogoutUrl="" if [ "$ENV" != "prod" ] then @@ -62,7 +62,7 @@ rm tempPenBackendkey.pub #### backend configmap echo Creating config map "$APP_NAME"-backend-config-map oc create -n "$OPENSHIFT_NAMESPACE" configmap "$APP_NAME"-backend-config-map \ - --from-literal=NODE_ENV=openshift \ + --from-literal=NODE_ENV=$nodeEnv \ --from-literal=LOG_LEVEL=info \ --from-literal=SERVER_FRONTEND="https://$BASE_URL" \ --from-literal=SOAM_PUBLIC_KEY="$formattedPublicKey" \ From 6b50109bdd0b3db9660f1f6d239ad16590f943bb Mon Sep 17 00:00:00 2001 From: cditcher Date: Wed, 4 Dec 2024 11:28:25 -0800 Subject: [PATCH 42/48] Final cleanup --- .../workflows/build-n-deploy-backend-to-ocp-dev.yml | 13 ++++++++++++- .github/workflows/deploy-backend-to-ocp-prod.yml | 13 ++++++++++++- .github/workflows/deploy-backend-to-ocp-test.yml | 13 ++++++++++++- 3 files changed, 36 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-n-deploy-backend-to-ocp-dev.yml b/.github/workflows/build-n-deploy-backend-to-ocp-dev.yml index 2676d8b8..3791f782 100644 --- a/.github/workflows/build-n-deploy-backend-to-ocp-dev.yml +++ b/.github/workflows/build-n-deploy-backend-to-ocp-dev.yml @@ -164,7 +164,18 @@ jobs: -p CA_CERT="${{ secrets.CA_CERT }}" \ -p PRIVATE_KEY="${{ secrets.PRIVATE_KEY }}" \ | oc apply -n ${{ env.OPENSHIFT_NAMESPACE }} -f - - + + # update configmap + curl -s https://raw.githubusercontent.com/bcgov/${{ env.APP_NAME }}/refs/heads/main/tools/openshift/update-configmap-backend.sh | bash /dev/stdin \ + dev \ + ${{ env.APP_NAME }} \ + ${{ env.OPENSHIFT_NAMESPACE }} \ + ${{ env.TARGET_ENV }}.grad.gov.bc.ca \ + ${{ secrets.SOAM_CLIENT_SECRET }} \ + ${{ secrets.REDIS_PASSWORD }} \ + ${{ secrets.SPLUNK_TOKEN }} \ + ${{ secrets.COMMON_NAMESPACE }} + # Start rollout (if necessary) and follow it oc rollout restart deployment/${{ env.APP_NAME_BACKEND }} diff --git a/.github/workflows/deploy-backend-to-ocp-prod.yml b/.github/workflows/deploy-backend-to-ocp-prod.yml index ee05a747..8b2a5e4b 100644 --- a/.github/workflows/deploy-backend-to-ocp-prod.yml +++ b/.github/workflows/deploy-backend-to-ocp-prod.yml @@ -87,7 +87,18 @@ jobs: -p CA_CERT="${{ secrets.CA_CERT }}" \ -p PRIVATE_KEY="${{ secrets.PRIVATE_KEY }}" \ | oc apply -n ${{ env.OPENSHIFT_NAMESPACE }} -f - - + + # update configmap + curl -s https://raw.githubusercontent.com/bcgov/${{ env.APP_NAME }}/refs/heads/main/tools/openshift/update-configmap-backend.sh | bash /dev/stdin \ + dev \ + ${{ env.APP_NAME }} \ + ${{ env.OPENSHIFT_NAMESPACE }} \ + grad.gov.bc.ca \ + ${{ secrets.SOAM_CLIENT_SECRET }} \ + ${{ secrets.REDIS_PASSWORD }} \ + ${{ secrets.SPLUNK_TOKEN }} \ + ${{ secrets.COMMON_NAMESPACE }} + # Start rollout (if necessary) and follow it oc rollout restart deployment/${{ env.APP_NAME_BACKEND }} diff --git a/.github/workflows/deploy-backend-to-ocp-test.yml b/.github/workflows/deploy-backend-to-ocp-test.yml index 790a8708..a80d7e35 100644 --- a/.github/workflows/deploy-backend-to-ocp-test.yml +++ b/.github/workflows/deploy-backend-to-ocp-test.yml @@ -87,7 +87,18 @@ jobs: -p CA_CERT="${{ secrets.CA_CERT }}" \ -p PRIVATE_KEY="${{ secrets.PRIVATE_KEY }}" \ | oc apply -n ${{ env.OPENSHIFT_NAMESPACE }} -f - - + + # update configmap + curl -s https://raw.githubusercontent.com/bcgov/${{ env.APP_NAME }}/refs/heads/main/tools/openshift/update-configmap-backend.sh | bash /dev/stdin \ + dev \ + ${{ env.APP_NAME }} \ + ${{ env.OPENSHIFT_NAMESPACE }} \ + ${{ env.TARGET_ENV }}.grad.gov.bc.ca \ + ${{ secrets.SOAM_CLIENT_SECRET }} \ + ${{ secrets.REDIS_PASSWORD }} \ + ${{ secrets.SPLUNK_TOKEN }} \ + ${{ secrets.COMMON_NAMESPACE }} + # Start rollout (if necessary) and follow it oc rollout restart deployment/${{ env.APP_NAME_BACKEND }} From a416e87b14ec7f03892125e0df81e86818146d50 Mon Sep 17 00:00:00 2001 From: cditcher Date: Wed, 4 Dec 2024 11:33:49 -0800 Subject: [PATCH 43/48] Addressing conflicts --- .github/workflows/deploy-backend-to-ocp-test.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/deploy-backend-to-ocp-test.yml b/.github/workflows/deploy-backend-to-ocp-test.yml index a80d7e35..fb335156 100644 --- a/.github/workflows/deploy-backend-to-ocp-test.yml +++ b/.github/workflows/deploy-backend-to-ocp-test.yml @@ -22,10 +22,10 @@ env: APP_NAME_BACKEND: "educ-grad-admin-backend" TARGET_ENV: "test" - MIN_CPU: "50m" - MAX_CPU: "100m" - MIN_MEM: "200Mi" - MAX_MEM: "250Mi" + MIN_CPU: "60m" + MAX_CPU: "120m" + MIN_MEM: "250Mi" + MAX_MEM: "400Mi" MIN_REPLICAS: "3" MAX_REPLICAS: "5" From bae6ef00ca7c8c9e013097313d7585ea3b97616f Mon Sep 17 00:00:00 2001 From: cditcher Date: Wed, 4 Dec 2024 15:01:08 -0800 Subject: [PATCH 44/48] Sanitizing namespaces --- .github/workflows/build-n-deploy-backend-km.yml | 10 +++++----- .../build-n-deploy-backend-to-ocp-dev.yml | 6 ++---- .../build-n-deploy-backend-to-ocp-tools.yml | 10 +++++----- .github/workflows/build-n-deploy-frontend-km.yml | 14 +++++++------- .../build-n-deploy-frontend-to-ocp-dev.yml | 6 +++--- .../build-n-deploy-frontend-to-ocp-tools.yml | 14 +++++++------- .github/workflows/deploy-backend-to-ocp-prod.yml | 4 ++-- .github/workflows/deploy-backend-to-ocp-test.yml | 8 ++------ .github/workflows/deploy-frontend-to-ocp-prod.yml | 10 +++++----- .github/workflows/deploy-frontend-to-ocp-test.yml | 13 ++++--------- 10 files changed, 42 insertions(+), 53 deletions(-) diff --git a/.github/workflows/build-n-deploy-backend-km.yml b/.github/workflows/build-n-deploy-backend-km.yml index 67b8e352..64722f85 100644 --- a/.github/workflows/build-n-deploy-backend-km.yml +++ b/.github/workflows/build-n-deploy-backend-km.yml @@ -23,9 +23,9 @@ env: REPO_NAME: "educ-grad-admin" BRANCH: "develop/km" APP_NAME_BACKEND: "educ-grad-admin-backend" - NAMESPACE: bbe4c3 - NAMESPACE_TOOLS: bbe4c3-tools - COMMON_NAMESPACE: 75e61b + NAMESPACE: ${{ secrets.UI_NAMESPACE }} + NAMESPACE_TOOLS: ${{ secrets.UI_NAMESPACE }}-tools + COMMON_NAMESPACE: ${{ secrets.COMMON_NAMESPACE }} TAG: "latest" TARGET_ENV: "dev" @@ -158,7 +158,7 @@ jobs: oc tag ${{ steps.push-image-backend.outputs.registry-path }} ${{ env.REPO_NAME }}-backend:${{ env.TAG }} # Process and apply deployment template - oc process -f tools/openshift/backend-dc.yaml -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p REPO_NAME=educ-grad-admin -p HOST_ROUTE=educ-grad-admin-bbe4c3-dev.apps.silver.devops.gov.bc.ca -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} | oc apply -n bbe4c3-dev -f - + oc process -f tools/openshift/backend-dc.yaml -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p REPO_NAME=educ-grad-admin -p HOST_ROUTE=educ-grad-admin-${{ env.NAMESPACE }}-dev.apps.silver.devops.gov.bc.ca -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} | oc apply -n ${{ env.NAMESPACE }}-dev -f - # Start rollout (if necessary) and follow it oc rollout latest dc/${{ env.IMAGE_NAME }}-dc 2> /dev/null \ @@ -171,4 +171,4 @@ jobs: - name: ZAP Scan uses: zaproxy/action-full-scan@v0.3.0 with: - target: 'https://educ-grad-admin-bbe4c3-dev.apps.silver.devops.gov.bc.ca' + target: 'https://educ-grad-admin-${{ env.NAMESPACE }}-dev.apps.silver.devops.gov.bc.ca' diff --git a/.github/workflows/build-n-deploy-backend-to-ocp-dev.yml b/.github/workflows/build-n-deploy-backend-to-ocp-dev.yml index 89d3b20d..a8639789 100644 --- a/.github/workflows/build-n-deploy-backend-to-ocp-dev.yml +++ b/.github/workflows/build-n-deploy-backend-to-ocp-dev.yml @@ -7,7 +7,7 @@ env: OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} # 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace. - OPENSHIFT_NAMESPACE: bbe4c3-dev + OPENSHIFT_NAMESPACE: ${{ secrets.UI_NAMESPACE }}-dev # 🖊️ EDIT to change the image registry settings. # Registries such as GHCR, Quay.io, and Docker Hub are supported. @@ -31,7 +31,7 @@ env: MAX_REPLICAS: "2" # SITE_URL should have no scheme or port. It will be prepended with https:// - HOST_ROUTE: "educ-grad-admin-bbe4c3-dev.apps.silver.devops.gov.bc.ca" + HOST_ROUTE: "educ-grad-admin-${{ env.OPENSHIFT_NAMESPACE }}.apps.silver.devops.gov.bc.ca" on: workflow_dispatch: @@ -140,8 +140,6 @@ jobs: oc rollout cancel deployment/${{ env.APP_NAME_BACKEND }} 2> /dev/null \ || true && echo "No rollout in progress" - oc project ${{ env.OPENSHIFT_NAMESPACE }} - # Create the image stream if it doesn't exist oc create imagestream ${{ env.APP_NAME_BACKEND}} 2> /dev/null || true && echo "Backend image stream in place" diff --git a/.github/workflows/build-n-deploy-backend-to-ocp-tools.yml b/.github/workflows/build-n-deploy-backend-to-ocp-tools.yml index 0a5fb816..ab3e030f 100644 --- a/.github/workflows/build-n-deploy-backend-to-ocp-tools.yml +++ b/.github/workflows/build-n-deploy-backend-to-ocp-tools.yml @@ -23,9 +23,9 @@ env: REPO_NAME: "educ-grad-admin" BRANCH: "feature/caddy2" APP_NAME_BACKEND: "educ-grad-admin-backend" - NAMESPACE: bbe4c3 - NAMESPACE_TOOLS: bbe4c3-tools - COMMON_NAMESPACE: 75e61b + NAMESPACE: ${{ secrets.UI_NAMESPACE }} + NAMESPACE_TOOLS: ${{ secrets.UI_NAMESPACE }}-tools + COMMON_NAMESPACE: ${{ secrets.COMMON_NAMESPACE }} TAG: "tools" TARGET_ENV: "tools" @@ -162,7 +162,7 @@ jobs: oc project ${{ env.OPENSHIFT_NAMESPACE }} # Process and apply deployment template - oc process -f tools/openshift/backend-dc.yaml -p REPO_NAME=educ-grad-admin -p HOST_ROUTE=educ-grad-admin-bbe4c3-tools.apps.silver.devops.gov.bc.ca -p MIN_REPLICAS=${{ env.MIN_REPLICAS_DEV }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS_DEV }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} | oc apply -n bbe4c3-tools -f - + oc process -f tools/openshift/backend-dc.yaml -p REPO_NAME=educ-grad-admin -p HOST_ROUTE=educ-grad-admin-${{ env.NAMESPACE_TOOLS }}.apps.silver.devops.gov.bc.ca -p MIN_REPLICAS=${{ env.MIN_REPLICAS_DEV }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS_DEV }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} | oc apply -n ${{ env.NAMESPACE_TOOLS }} -f - # Start rollout (if necessary) and follow it oc rollout latest dc/${{ env.IMAGE_NAME }}-dc 2> /dev/null \ @@ -175,4 +175,4 @@ jobs: - name: ZAP Scan uses: zaproxy/action-full-scan@v0.3.0 with: - target: 'https://educ-grad-admin-bbe4c3-tools.apps.silver.devops.gov.bc.ca' + target: 'https://educ-grad-admin-${{ env.NAMESPACE_TOOLS }}.apps.silver.devops.gov.bc.ca' diff --git a/.github/workflows/build-n-deploy-frontend-km.yml b/.github/workflows/build-n-deploy-frontend-km.yml index 0459d1b1..3c03141c 100644 --- a/.github/workflows/build-n-deploy-frontend-km.yml +++ b/.github/workflows/build-n-deploy-frontend-km.yml @@ -7,7 +7,7 @@ env: OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} # 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace. - OPENSHIFT_NAMESPACE: bbe4c3-dev + OPENSHIFT_NAMESPACE: ${{ secrets.UI_NAMESPACE }}-dev # 🖊️ EDIT to change the image registry settings. # Registries such as GHCR, Quay.io, and Docker Hub are supported. @@ -23,9 +23,9 @@ env: REPO_NAME: "educ-grad-admin" BRANCH: "develop/km" APP_NAME_FRONTEND: "educ-grad-admin-frontend" - NAMESPACE: bbe4c3 - NAMESPACE_TOOLS: bbe4c3-tools - COMMON_NAMESPACE: 75e61b + NAMESPACE: ${{ secrets.UI_NAMESPACE }} + NAMESPACE_TOOLS: ${{ secrets.UI_NAMESPACE }}-tools + COMMON_NAMESPACE: ${{ secrets.COMMON_NAMESPACE }} TAG: "latest" TARGET_ENV: "dev" @@ -160,9 +160,9 @@ jobs: # Process and apply deployment template oc process -f tools/openshift/frontend-dc.yaml -p REPO_NAME=educ-grad-admin \ - -p HOST_ROUTE=educ-grad-admin-bbe4c3-dev.apps.silver.devops.gov.bc.ca -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ + -p HOST_ROUTE=educ-grad-admin-${{ env.OPENSHIFT_NAMESPACE }}.apps.silver.devops.gov.bc.ca -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ -p APP_NAME=educ-grad-admin -p TAG=latest -p MIN_REPLICAS=2 -p MAX_REPLICAS=3 -p MIN_CPU=50m -p MAX_CPU=100m \ - -p MIN_MEM=200Mi -p MAX_MEM=250Mi | oc apply -n bbe4c3-dev -f - + -p MIN_MEM=200Mi -p MAX_MEM=250Mi | oc apply -n ${{ env.OPENSHIFT_NAMESPACE }} -f - # Start rollout (if necessary) and follow it oc rollout latest dc/${{ env.IMAGE_NAME }}-dc 2> /dev/null \ @@ -173,4 +173,4 @@ jobs: - name: ZAP Scan uses: zaproxy/action-full-scan@v0.3.0 with: - target: 'https://educ-grad-admin-bbe4c3-dev.apps.silver.devops.gov.bc.ca' + target: 'https://educ-grad-admin-${{ env.OPENSHIFT_NAMESPACE }}.apps.silver.devops.gov.bc.ca' diff --git a/.github/workflows/build-n-deploy-frontend-to-ocp-dev.yml b/.github/workflows/build-n-deploy-frontend-to-ocp-dev.yml index 54936e2e..12de2023 100644 --- a/.github/workflows/build-n-deploy-frontend-to-ocp-dev.yml +++ b/.github/workflows/build-n-deploy-frontend-to-ocp-dev.yml @@ -21,9 +21,9 @@ env: APP_NAME: "educ-grad-admin" APP_NAME_FRONTEND: "educ-grad-admin-frontend" BRANCH: "main" - NAMESPACE: bbe4c3 - NAMESPACE_TOOLS: bbe4c3-tools - COMMON_NAMESPACE: 75e61b + NAMESPACE: ${{ secrets.UI_NAMESPACE }} + NAMESPACE_TOOLS: ${{ secrets.UI_NAMESPACE }}-tools + COMMON_NAMESPACE: ${{ secrets.COMMON_NAMESPACE }} TAG: "latest" TARGET_ENV: "dev" diff --git a/.github/workflows/build-n-deploy-frontend-to-ocp-tools.yml b/.github/workflows/build-n-deploy-frontend-to-ocp-tools.yml index ad55a89f..0e640fbc 100644 --- a/.github/workflows/build-n-deploy-frontend-to-ocp-tools.yml +++ b/.github/workflows/build-n-deploy-frontend-to-ocp-tools.yml @@ -7,7 +7,7 @@ env: OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} # 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace. - OPENSHIFT_NAMESPACE: bbe4c3-tools + OPENSHIFT_NAMESPACE: ${{ secrets.UI_NAMESPACE }}-tools # 🖊️ EDIT to change the image registry settings. # Registries such as GHCR, Quay.io, and Docker Hub are supported. @@ -23,9 +23,9 @@ env: REPO_NAME: "educ-grad-admin" BRANCH: "feature/caddy2" APP_NAME_FRONTEND: "educ-grad-admin-frontend" - NAMESPACE: bbe4c3 - NAMESPACE_TOOLS: bbe4c3-tools - COMMON_NAMESPACE: 75e61b + NAMESPACE: ${{ secrets.UI_NAMESPACE }} + NAMESPACE_TOOLS: ${{ secrets.UI_NAMESPACE }}-tools + COMMON_NAMESPACE: ${{ secrets.COMMON_NAMESPACE }} TAG: "tools" TARGET_ENV: "tools" @@ -162,9 +162,9 @@ jobs: # Process and apply deployment template oc process -f tools/openshift/frontend-static.dc.ocp4.yaml -p REPO_NAME=educ-grad-admin \ - -p HOST_ROUTE=educ-grad-admin-bbe4c3-tools.apps.silver.devops.gov.bc.ca -p NAMESPACE=${{ env.NAMESPACE_TOOLS }} \ + -p HOST_ROUTE=educ-grad-admin-${{ env.NAMESPACE_TOOLS }}.apps.silver.devops.gov.bc.ca -p NAMESPACE=${{ env.NAMESPACE_TOOLS }} \ -p APP_NAME=educ-grad-admin -p TAG=tools -p MIN_REPLICAS=2 -p MAX_REPLICAS=3 -p MIN_CPU=50m -p MAX_CPU=100m \ - -p MIN_MEM=200Mi -p MAX_MEM=250Mi | oc apply -n bbe4c3-tools -f - + -p MIN_MEM=200Mi -p MAX_MEM=250Mi | oc apply -n ${{ env.NAMESPACE_TOOLS }} -f - # Start rollout (if necessary) and follow it oc rollout latest dc/${{ env.IMAGE_NAME }}-dc 2> /dev/null \ @@ -175,5 +175,5 @@ jobs: - name: ZAP Scan uses: zaproxy/action-full-scan@v0.3.0 with: - target: 'https://educ-grad-admin-bbe4c3-tools.apps.silver.devops.gov.bc.ca' + target: 'https://educ-grad-admin-${{ env.NAMESPACE_TOOLS }}.apps.silver.devops.gov.bc.ca' diff --git a/.github/workflows/deploy-backend-to-ocp-prod.yml b/.github/workflows/deploy-backend-to-ocp-prod.yml index 83a8c5db..76f28600 100644 --- a/.github/workflows/deploy-backend-to-ocp-prod.yml +++ b/.github/workflows/deploy-backend-to-ocp-prod.yml @@ -7,7 +7,7 @@ env: OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} # 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace. - OPENSHIFT_NAMESPACE: bbe4c3-prod + OPENSHIFT_NAMESPACE: ${{ secrets.UI_NAMESPACE }}-prod # 🖊️ EDIT to change the image registry settings. # Registries such as GHCR, Quay.io, and Docker Hub are supported. @@ -30,7 +30,7 @@ env: MAX_REPLICAS: "5" # SITE_URL should have no scheme or port. It will be prepended with https:// - HOST_ROUTE: "educ-grad-admin-bbe4c3-prod.apps.silver.devops.gov.bc.ca" + HOST_ROUTE: "educ-grad-admin-${{ env.OPENSHIFT_NAMESPACE }}.apps.silver.devops.gov.bc.ca" on: workflow_dispatch: diff --git a/.github/workflows/deploy-backend-to-ocp-test.yml b/.github/workflows/deploy-backend-to-ocp-test.yml index fb335156..56415470 100644 --- a/.github/workflows/deploy-backend-to-ocp-test.yml +++ b/.github/workflows/deploy-backend-to-ocp-test.yml @@ -7,7 +7,7 @@ env: OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} # 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace. - OPENSHIFT_NAMESPACE: bbe4c3-test + OPENSHIFT_NAMESPACE: ${{ secrets.UI_NAMESPACE }}-test # 🖊️ EDIT to change the image registry settings. # Registries such as GHCR, Quay.io, and Docker Hub are supported. @@ -30,7 +30,7 @@ env: MAX_REPLICAS: "5" # SITE_URL should have no scheme or port. It will be prepended with https:// - HOST_ROUTE: "educ-grad-admin-bbe4c3-test.apps.silver.devops.gov.bc.ca" + HOST_ROUTE: "educ-grad-admin-${{ env.OPENSHIFT_NAMESPACE }}.apps.silver.devops.gov.bc.ca" on: workflow_dispatch: @@ -105,7 +105,3 @@ jobs: # Get status, returns 0 if rollout is successful oc rollout status deployment/${{ env.APP_NAME_BACKEND }} - - name: ZAP Scan - uses: zaproxy/action-full-scan@v0.10.0 - with: - target: 'https://educ-grad-admin-${{ env.OPENSHIFT_NAMESPACE }}.apps.silver.devops.gov.bc.ca' diff --git a/.github/workflows/deploy-frontend-to-ocp-prod.yml b/.github/workflows/deploy-frontend-to-ocp-prod.yml index 0eda9550..a912cc01 100644 --- a/.github/workflows/deploy-frontend-to-ocp-prod.yml +++ b/.github/workflows/deploy-frontend-to-ocp-prod.yml @@ -7,7 +7,7 @@ env: OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} # 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace. - OPENSHIFT_NAMESPACE: bbe4c3-prod + OPENSHIFT_NAMESPACE: ${{ secrets.UI_NAMESPACE }}-prod # 🖊️ EDIT to change the image registry settings. # Registries such as GHCR, Quay.io, and Docker Hub are supported. @@ -20,9 +20,9 @@ env: APP_NAME: "educ-grad-admin" APP_NAME_FRONTEND: "educ-grad-admin-frontend" - NAMESPACE: bbe4c3 - NAMESPACE_TOOLS: bbe4c3-tools - COMMON_NAMESPACE: 75e61b + NAMESPACE: ${{ secrets.UI_NAMESPACE }} + NAMESPACE_TOOLS: ${{ secrets.UI_NAMESPACE }}-tools + COMMON_NAMESPACE: ${{ secrets.COMMON_NAMESPACE }} TARGET_ENV: "prod" MIN_CPU: "50m" @@ -33,7 +33,7 @@ env: MAX_REPLICAS: "5" # SITE_URL should have no scheme or port. It will be prepended with https:// - HOST_ROUTE: "educ-grad-admin-bbe4c3-prod.apps.silver.devops.gov.bc.ca" + HOST_ROUTE: "educ-grad-admin-${{ env.OPENSHIFT_NAMESPACE }}.apps.silver.devops.gov.bc.ca" on: workflow_dispatch: diff --git a/.github/workflows/deploy-frontend-to-ocp-test.yml b/.github/workflows/deploy-frontend-to-ocp-test.yml index c773d4ab..652e4a56 100644 --- a/.github/workflows/deploy-frontend-to-ocp-test.yml +++ b/.github/workflows/deploy-frontend-to-ocp-test.yml @@ -7,7 +7,7 @@ env: OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} # 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace. - OPENSHIFT_NAMESPACE: bbe4c3-test + OPENSHIFT_NAMESPACE: ${{ secrets.UI_NAMESPACE }}-test # 🖊️ EDIT to change the image registry settings. # Registries such as GHCR, Quay.io, and Docker Hub are supported. @@ -20,9 +20,9 @@ env: APP_NAME: "educ-grad-admin" APP_NAME_FRONTEND: "educ-grad-admin-frontend" - NAMESPACE: bbe4c3 - NAMESPACE_TOOLS: bbe4c3-tools - COMMON_NAMESPACE: 75e61b + NAMESPACE: ${{ secrets.UI_NAMESPACE }} + NAMESPACE_TOOLS: ${{ secrets.UI_NAMESPACE }}-tools + COMMON_NAMESPACE: ${{ secrets.COMMON_NAMESPACE }} TARGET_ENV: "test" MIN_CPU: "50m" @@ -98,8 +98,3 @@ jobs: # Get status, returns 0 if rollout is successful oc rollout status deployment/${{ env.APP_NAME_FRONTEND }} - - name: ZAP Scan - uses: zaproxy/action-full-scan@v0.10.0 - with: - target: 'https://educ-grad-admin-${{ env.OPENSHIFT_NAMESPACE }}.apps.silver.devops.gov.bc.ca' - From 693c07f06398a70a22c76c0dab9b58a9e187d993 Mon Sep 17 00:00:00 2001 From: cditcher Date: Wed, 4 Dec 2024 15:02:50 -0800 Subject: [PATCH 45/48] Removed debug code --- backend/src/routes/auth.js | 2 -- 1 file changed, 2 deletions(-) diff --git a/backend/src/routes/auth.js b/backend/src/routes/auth.js index 0796ede0..6881f313 100644 --- a/backend/src/routes/auth.js +++ b/backend/src/routes/auth.js @@ -75,10 +75,8 @@ router.get("/logout", async (req, res, next) => { }else { let retUrl; if (req.query && req.query.sessionExpired) { - console.log("1") retUrl = encodeURIComponent(primaryURL + '/session-expired' + '&client_id=' + config.get('oidc:clientId')); } else { - console.log("2") retUrl = encodeURIComponent(primaryURL + '/logout' + '&client_id=' + config.get('oidc:clientId')); } res.redirect(config.get('siteMinder_logout_endpoint') + retUrl); From 4f472ef136b5cae5644e27d6cacc6fe2af190411 Mon Sep 17 00:00:00 2001 From: cditcher Date: Wed, 4 Dec 2024 15:16:06 -0800 Subject: [PATCH 46/48] More namespace sanitizing --- ...build-n-deploy-backend-to-ocp-dev-vue3.yml | 4 +++- .../build-n-deploy-backend-to-ocp-dev.yml | 4 +++- .../workflows/deploy-backend-to-ocp-prod.yml | 4 +++- .../workflows/deploy-backend-to-ocp-test.yml | 4 +++- tools/openshift/update-configmap-backend.sh | 24 ++++++++++--------- 5 files changed, 25 insertions(+), 15 deletions(-) diff --git a/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml b/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml index 042d5e7c..aff12dd6 100644 --- a/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml +++ b/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml @@ -173,7 +173,9 @@ jobs: ${{ secrets.SOAM_CLIENT_SECRET }} \ ${{ secrets.REDIS_PASSWORD }} \ ${{ secrets.SPLUNK_TOKEN }} \ - ${{ secrets.COMMON_NAMESPACE }} + ${{ secrets.COMMON_NAMESPACE }} \ + ${{ secrets.GRAD_NAMESPACE }} \ + ${{ secrets.GRAD_BUSINESS_NAMESPACE }} # Start rollout (if necessary) and follow it oc rollout restart deployment/${{ env.APP_NAME_BACKEND }} diff --git a/.github/workflows/build-n-deploy-backend-to-ocp-dev.yml b/.github/workflows/build-n-deploy-backend-to-ocp-dev.yml index a8639789..efb929fe 100644 --- a/.github/workflows/build-n-deploy-backend-to-ocp-dev.yml +++ b/.github/workflows/build-n-deploy-backend-to-ocp-dev.yml @@ -172,7 +172,9 @@ jobs: ${{ secrets.SOAM_CLIENT_SECRET }} \ ${{ secrets.REDIS_PASSWORD }} \ ${{ secrets.SPLUNK_TOKEN }} \ - ${{ secrets.COMMON_NAMESPACE }} + ${{ secrets.COMMON_NAMESPACE }} \ + ${{ secrets.GRAD_NAMESPACE }} \ + ${{ secrets.GRAD_BUSINESS_NAMESPACE }} # Start rollout (if necessary) and follow it oc rollout restart deployment/${{ env.APP_NAME_BACKEND }} diff --git a/.github/workflows/deploy-backend-to-ocp-prod.yml b/.github/workflows/deploy-backend-to-ocp-prod.yml index 76f28600..368e2b9b 100644 --- a/.github/workflows/deploy-backend-to-ocp-prod.yml +++ b/.github/workflows/deploy-backend-to-ocp-prod.yml @@ -97,7 +97,9 @@ jobs: ${{ secrets.SOAM_CLIENT_SECRET }} \ ${{ secrets.REDIS_PASSWORD }} \ ${{ secrets.SPLUNK_TOKEN }} \ - ${{ secrets.COMMON_NAMESPACE }} + ${{ secrets.COMMON_NAMESPACE }} \ + ${{ secrets.GRAD_NAMESPACE }} \ + ${{ secrets.GRAD_BUSINESS_NAMESPACE }} # Start rollout (if necessary) and follow it oc rollout restart deployment/${{ env.APP_NAME_BACKEND }} diff --git a/.github/workflows/deploy-backend-to-ocp-test.yml b/.github/workflows/deploy-backend-to-ocp-test.yml index 56415470..a202f8e0 100644 --- a/.github/workflows/deploy-backend-to-ocp-test.yml +++ b/.github/workflows/deploy-backend-to-ocp-test.yml @@ -97,7 +97,9 @@ jobs: ${{ secrets.SOAM_CLIENT_SECRET }} \ ${{ secrets.REDIS_PASSWORD }} \ ${{ secrets.SPLUNK_TOKEN }} \ - ${{ secrets.COMMON_NAMESPACE }} + ${{ secrets.COMMON_NAMESPACE }} \ + ${{ secrets.GRAD_NAMESPACE }} \ + ${{ secrets.GRAD_BUSINESS_NAMESPACE }} # Start rollout (if necessary) and follow it oc rollout restart deployment/${{ env.APP_NAME_BACKEND }} diff --git a/tools/openshift/update-configmap-backend.sh b/tools/openshift/update-configmap-backend.sh index e8baac9e..b9dc7afb 100644 --- a/tools/openshift/update-configmap-backend.sh +++ b/tools/openshift/update-configmap-backend.sh @@ -9,6 +9,8 @@ SOAM_CLIENT_SECRET=$5 REDIS_PASSWORD=$6 SPLUNK_TOKEN=$7 COMMON_NAMESPACE=$8 +GRAD_NAMESPACE=$9 +GRAD_BUSINESS_NAMESPACE=${10} SOAM_KC_REALM_ID="master" SOAM_KC=soam-$ENV.apps.silver.devops.gov.bc.ca @@ -83,17 +85,17 @@ oc create -n "$OPENSHIFT_NAMESPACE" configmap "$APP_NAME"-backend-config-map \ --from-literal=REDIS_HOST=redis \ --from-literal=REDIS_PORT=6379 \ --from-literal=REDIS_PASSWORD="$REDIS_PASSWORD" \ - --from-literal=BATCH_API_URL="http://educ-grad-batch-graduation-api.77c02f-$ENV.svc.cluster.local:8080/api/v1" \ - --from-literal=STUDENT_GRADUATION_API_URL="http://educ-grad-student-graduation-api.77c02f-$ENV.svc.cluster.local:8080/api/v1" \ - --from-literal=GRADUATION_API_URL="http://educ-grad-graduation-api.77c02f-$ENV.svc.cluster.local:8080/api/v1" \ - --from-literal=COURSE_API_URL="http://educ-grad-course-api.77c02f-$ENV.svc.cluster.local:8080/api/v1" \ - --from-literal=GRAD_STUDENT_API_URL="http://educ-grad-student-api.77c02f-$ENV.svc.cluster.local:8080/api/v1" \ - --from-literal=PROGRAM_API_URL="http://educ-grad-program-api.77c02f-$ENV.svc.cluster.local:8080/api/v1" \ - --from-literal=DISTRIBUTION_API_URL="http://educ-grad-distribution-api.e8a97a-$ENV.svc.cluster.local:8080/api/v1" \ - --from-literal=ASSESSMENT_API_URL="http://educ-grad-assessment-api.77c02f-$ENV.svc.cluster.local:8080/api/v1" \ - --from-literal=GRADUATION_REPORT_API_URL="http://educ-grad-graduation-report-api.77c02f-$ENV.svc.cluster.local:8080/api/v1" \ - --from-literal=GRAD_REPORT_API_URL="http://educ-grad-report-api.77c02f-$ENV.svc.cluster.local:8080/api/v1" \ - --from-literal=GRAD_TRAX_API_URL="http://educ-grad-trax-api.77c02f-$ENV.svc.cluster.local:8080/api/v1" \ + --from-literal=BATCH_API_URL="http://educ-grad-batch-graduation-api.$GRAD_NAMESPACE-$ENV.svc.cluster.local:8080/api/v1" \ + --from-literal=STUDENT_GRADUATION_API_URL="http://educ-grad-student-graduation-api.$GRAD_NAMESPACE-$ENV.svc.cluster.local:8080/api/v1" \ + --from-literal=GRADUATION_API_URL="http://educ-grad-graduation-api.$GRAD_NAMESPACE-$ENV.svc.cluster.local:8080/api/v1" \ + --from-literal=COURSE_API_URL="http://educ-grad-course-api.$GRAD_NAMESPACE-$ENV.svc.cluster.local:8080/api/v1" \ + --from-literal=GRAD_STUDENT_API_URL="http://educ-grad-student-api.$GRAD_NAMESPACE-$ENV.svc.cluster.local:8080/api/v1" \ + --from-literal=PROGRAM_API_URL="http://educ-grad-program-api.$GRAD_NAMESPACE-$ENV.svc.cluster.local:8080/api/v1" \ + --from-literal=DISTRIBUTION_API_URL="http://educ-grad-distribution-api.$GRAD_BUSINESS_NAMESPACE-$ENV.svc.cluster.local:8080/api/v1" \ + --from-literal=ASSESSMENT_API_URL="http://educ-grad-assessment-api.$GRAD_NAMESPACE-$ENV.svc.cluster.local:8080/api/v1" \ + --from-literal=GRADUATION_REPORT_API_URL="http://educ-grad-graduation-report-api.$GRAD_NAMESPACE-$ENV.svc.cluster.local:8080/api/v1" \ + --from-literal=GRAD_REPORT_API_URL="http://educ-grad-report-api.$GRAD_NAMESPACE-$ENV.svc.cluster.local:8080/api/v1" \ + --from-literal=GRAD_TRAX_API_URL="http://educ-grad-trax-api.$GRAD_NAMESPACE-$ENV.svc.cluster.local:8080/api/v1" \ --dry-run=client -o yaml | oc apply -f - #### splunk From dab39d7532e8be3315b8e9718c1f3687b599955f Mon Sep 17 00:00:00 2001 From: michaeltangbcgov <47677812+michaeltangbcgov@users.noreply.github.com> Date: Mon, 9 Dec 2024 08:12:14 -0800 Subject: [PATCH 47/48] added v2 trax to branch (#696) --- tools/openshift/update-configmap-backend.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/openshift/update-configmap-backend.sh b/tools/openshift/update-configmap-backend.sh index b9dc7afb..e09d1a05 100644 --- a/tools/openshift/update-configmap-backend.sh +++ b/tools/openshift/update-configmap-backend.sh @@ -96,6 +96,7 @@ oc create -n "$OPENSHIFT_NAMESPACE" configmap "$APP_NAME"-backend-config-map \ --from-literal=GRADUATION_REPORT_API_URL="http://educ-grad-graduation-report-api.$GRAD_NAMESPACE-$ENV.svc.cluster.local:8080/api/v1" \ --from-literal=GRAD_REPORT_API_URL="http://educ-grad-report-api.$GRAD_NAMESPACE-$ENV.svc.cluster.local:8080/api/v1" \ --from-literal=GRAD_TRAX_API_URL="http://educ-grad-trax-api.$GRAD_NAMESPACE-$ENV.svc.cluster.local:8080/api/v1" \ + --from-literal=GRAD_TRAX_API_URL_V2="http://educ-grad-trax-api.$GRAD_NAMESPACE-$ENV.svc.cluster.local:8080/api/v2" \ --dry-run=client -o yaml | oc apply -f - #### splunk From d2478848549e0ac7792b18b5316b323ecf8515ce Mon Sep 17 00:00:00 2001 From: cditcher Date: Thu, 12 Dec 2024 11:38:18 -0800 Subject: [PATCH 48/48] Updated env on deployment script to be env.TARGET_ENV --- .github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml | 2 +- .github/workflows/build-n-deploy-backend-to-ocp-dev.yml | 2 +- .github/workflows/deploy-backend-to-ocp-prod.yml | 2 +- .github/workflows/deploy-backend-to-ocp-test.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml b/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml index aff12dd6..897488f9 100644 --- a/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml +++ b/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml @@ -166,7 +166,7 @@ jobs: # update configmap curl -s https://raw.githubusercontent.com/bcgov/${{ env.APP_NAME }}/refs/heads/${{ env.BRANCH }}/tools/openshift/update-configmap-backend.sh | bash /dev/stdin \ - dev \ + ${{ env.TARGET_ENV }} \ ${{ env.APP_NAME }} \ ${{ env.OPENSHIFT_NAMESPACE }} \ ${{ env.TARGET_ENV }}.grad.gov.bc.ca \ diff --git a/.github/workflows/build-n-deploy-backend-to-ocp-dev.yml b/.github/workflows/build-n-deploy-backend-to-ocp-dev.yml index efb929fe..00447da8 100644 --- a/.github/workflows/build-n-deploy-backend-to-ocp-dev.yml +++ b/.github/workflows/build-n-deploy-backend-to-ocp-dev.yml @@ -165,7 +165,7 @@ jobs: # update configmap curl -s https://raw.githubusercontent.com/bcgov/${{ env.APP_NAME }}/refs/heads/main/tools/openshift/update-configmap-backend.sh | bash /dev/stdin \ - dev \ + ${{ env.TARGET_ENV }} \ ${{ env.APP_NAME }} \ ${{ env.OPENSHIFT_NAMESPACE }} \ ${{ env.TARGET_ENV }}.grad.gov.bc.ca \ diff --git a/.github/workflows/deploy-backend-to-ocp-prod.yml b/.github/workflows/deploy-backend-to-ocp-prod.yml index 368e2b9b..37ef3625 100644 --- a/.github/workflows/deploy-backend-to-ocp-prod.yml +++ b/.github/workflows/deploy-backend-to-ocp-prod.yml @@ -90,7 +90,7 @@ jobs: # update configmap curl -s https://raw.githubusercontent.com/bcgov/${{ env.APP_NAME }}/refs/heads/main/tools/openshift/update-configmap-backend.sh | bash /dev/stdin \ - dev \ + ${{ env.TARGET_ENV }} \ ${{ env.APP_NAME }} \ ${{ env.OPENSHIFT_NAMESPACE }} \ grad.gov.bc.ca \ diff --git a/.github/workflows/deploy-backend-to-ocp-test.yml b/.github/workflows/deploy-backend-to-ocp-test.yml index a202f8e0..9244da05 100644 --- a/.github/workflows/deploy-backend-to-ocp-test.yml +++ b/.github/workflows/deploy-backend-to-ocp-test.yml @@ -90,7 +90,7 @@ jobs: # update configmap curl -s https://raw.githubusercontent.com/bcgov/${{ env.APP_NAME }}/refs/heads/main/tools/openshift/update-configmap-backend.sh | bash /dev/stdin \ - dev \ + ${{ env.TARGET_ENV }} \ ${{ env.APP_NAME }} \ ${{ env.OPENSHIFT_NAMESPACE }} \ ${{ env.TARGET_ENV }}.grad.gov.bc.ca \