Skip to content

Commit

Permalink
feat: tls support for API route
Browse files Browse the repository at this point in the history
  • Loading branch information
@trev-dev
trev-dev committed Jul 15, 2024
1 parent e7910d6 commit a763008
Show file tree
Hide file tree
Showing 2 changed files with 208 additions and 1 deletion.
5 changes: 4 additions & 1 deletion .github/workflows/deploy-to-openshift-backend-prod.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,7 @@ jobs:
oc tag ${{ env.NAMESPACE }}-dev/${{ env.REPO_NAME }}-${{ env.APP_NAME_BACKEND }}:${{ steps.get-latest-tag.outputs.tag }} ${{ env.NAMESPACE }}-prod/${{ env.REPO_NAME }}-${{ env.APP_NAME_BACKEND }}:${{ steps.get-latest-tag.outputs.tag }}
# Process and apply deployment template
oc process -f tools/openshift/backend.dc.yaml \
oc process -f tools/openshift/backend-tls.dc.yaml \
-p APP_NAME=${{ env.APP_NAME }} \
-p REPO_NAME=${{ env.REPO_NAME }} \
-p BRANCH=${{ env.BRANCH }} \
Expand All @@ -133,6 +133,9 @@ jobs:
-p MIN_MEM=${{ env.MIN_MEM }} \
-p MAX_MEM=${{ env.MAX_MEM }} \
-p HOST_ROUTE=${{ secrets.HOST_ROUTE }} \
-p CA_CERT='${{ secrets.CA_CERT }}' \
-p CERTIFICATE='${{ secrets.CERTIFICATE }}' \
-p PRIVATE_KEY='${{ secrets.PRIVATE_KEY }}' \
-p ENVIRONMENT=${{ env.APP_ENVIRONMENT }} \
| oc apply -f -
Expand Down
204 changes: 204 additions & 0 deletions tools/openshift/backend-tls.dc.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,204 @@
---
apiVersion: template.openshift.io/v1
kind: Template
labels:
template: '${REPO_NAME}-template'
metadata:
name: '${REPO_NAME}-backend-dc'
objects:
- apiVersion: v1
kind: DeploymentConfig
metadata:
annotations:
openshift.io/generated-by: OpenShiftNewApp
creationTimestamp:
labels:
app: '${APP_NAME}-${BRANCH}'
branch: '${BRANCH}'
name: '${APP_NAME}-backend-${ENVIRONMENT}'
spec:
replicas: ${{MIN_REPLICAS}}
selector:
app: '${APP_NAME}-${BRANCH}'
deploymentconfig: '${APP_NAME}-backend-${ENVIRONMENT}'
strategy:
resources: {}
type: Rolling
template:
metadata:
annotations:
openshift.io/generated-by: OpenShiftNewApp
creationTimestamp:
labels:
app: '${APP_NAME}-${BRANCH}'
deploymentconfig: '${APP_NAME}-backend-${ENVIRONMENT}'
spec:
containers:
- image: image-registry.openshift-image-registry.svc:5000/${NAMESPACE}/${REPO_NAME}-backend:${TAG}
imagePullPolicy: Always
volumeMounts:
- name: tls-certs
mountPath: '/etc/tls-certs'
readOnly: true
- name: log-storage
mountPath: /logs
livenessProbe:
initialDelaySeconds: 20
failureThreshold: 5
httpGet:
path: '/api/health'
port: 8080
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
name: '${APP_NAME}-backend-${ENVIRONMENT}'
ports:
- containerPort: 8080
protocol: TCP
- containerPort: 443
protocol: TCP
envFrom:
- configMapRef:
name: ofm-backend-${ENVIRONMENT}-config-map
readinessProbe:
initialDelaySeconds: 10
failureThreshold: 5
httpGet:
path: '/api/health'
port: 8080
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
resources:
requests:
cpu: '${MIN_CPU}'
memory: '${MIN_MEM}'
limits:
cpu: '${MAX_CPU}'
memory: '${MAX_MEM}'
volumes:
- name: log-storage
emptyDir: {}
- name: tls-certs
secret:
secretName: ofm-backend-cert
test: false
triggers:
- type: ConfigChange
- apiVersion: v1
kind: Service
metadata:
annotations:
service.alpha.openshift.io/serving-cert-secret-name: 'ofm-backend-cert'
openshift.io/generated-by: OpenShiftNewApp
creationTimestamp:
labels:
app: '${APP_NAME}-${BRANCH}'
name: '${APP_NAME}-backend-${ENVIRONMENT}'
spec:
ports:
- name: 8080-tcp
port: 8080
protocol: TCP
targetPort: 8080
- name: 443-https
port: 443
protocol: TCP
targetPort: 443
selector:
app: '${APP_NAME}-${BRANCH}'
deploymentconfig: '${APP_NAME}-backend-${ENVIRONMENT}'
- apiVersion: v1
kind: Route
metadata:
name: '${APP_NAME}-backend-${ENVIRONMENT}'
labels:
app: '${APP_NAME}-${BRANCH}'
annotations:
openshift.io/host.generated: 'true'
spec:
host: '${HOST_ROUTE}'
path: /api
port:
targetPort: 8080-tcp
tls:
caCertificate: "${CA_CERT}"
certificate: "${CERTIFICATE}"
key: "${PRIVATE_KEY}"
insecureEdgeTerminationPolicy: Redirect
termination: edge
to:
kind: Service
name: '${APP_NAME}-backend-${ENVIRONMENT}'
weight: 100
wildcardPolicy: None
- apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: '${APP_NAME}-backend-${ENVIRONMENT}-cpu-autoscaler'
spec:
scaleTargetRef:
apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
name: '${APP_NAME}-backend-${ENVIRONMENT}'
subresource: scale
minReplicas: ${{MIN_REPLICAS}}
maxReplicas: ${{MAX_REPLICAS}}
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 90
parameters:
- name: REPO_NAME
description: Application repository name
required: true
- name: BRANCH
description: Job identifier (i.e. 'pr-5' OR 'master')
required: true
- name: NAMESPACE
description: Target namespace reference (i.e. 'k8vopl-dev')
required: true
- name: ENVIRONMENT
description: The environment being created ('dev', 'test', 'uat', 'prod')
required: true
- name: APP_NAME
description: Application name
required: true
- name: HOST_ROUTE
description: The host the route will use to expose service outside cluster
required: true
- name: TAG
description: The identifying tag for this specific deployment
required: true
- name: MIN_REPLICAS
description: The minimum amount of replicas
required: true
- name: MAX_REPLICAS
description: The maximum amount of replicas
required: true
- name: MIN_CPU
description: The minimum amount of cpu
required: true
- name: MAX_CPU
description: The maximum amount of cpu
required: true
- name: MIN_MEM
description: The minimum amount of memory
required: true
- name: MAX_MEM
description: The maximum amount of memory
required: true
- name: CA_CERT
description: The CA Certificate
required: true
- name: CERTIFICATE
description: The Certificate
required: true
- name: PRIVATE_KEY
description: The private key
required: true

0 comments on commit a763008

Please sign in to comment.