From 26372c7ea1c28fcb0b78f8d81a073b322ad05700 Mon Sep 17 00:00:00 2001 From: Derek Roberts Date: Fri, 13 Dec 2024 08:26:35 -0800 Subject: [PATCH] ci: template consistency (#233) Co-authored-by: Fergus MacConnell --- .github/workflows/.deploy.yml | 10 +- backend/openshift.deploy.yml | 354 +++++++++++++++++----------------- common/openshift.init.yml | 33 ++-- database/openshift.deploy.yml | 99 +++++----- frontend/openshift.deploy.yml | 49 ++--- minio/openshift.deploy.yml | 83 ++++---- 6 files changed, 301 insertions(+), 327 deletions(-) diff --git a/.github/workflows/.deploy.yml b/.github/workflows/.deploy.yml index 8b86dc323..ad6b3c355 100644 --- a/.github/workflows/.deploy.yml +++ b/.github/workflows/.deploy.yml @@ -34,7 +34,7 @@ jobs: file: common/openshift.init.yml overwrite: true parameters: - -p NAME_SUFFIX=${{ inputs.target }} + -p ZONE=${{ inputs.target }} -p POSTGRESQL_PASSWORD=${{ secrets.POSTGRES_PASSWORD }} -p POSTGRESQL_USER=${{ secrets.POSTGRES_USER }} -p FDW_DATABASE_PASSWORD=${{ secrets.FDW_DATABASE_PASSWORD }} @@ -70,7 +70,7 @@ jobs: oc_version: "4.14.37" file: minio/openshift.deploy.yml parameters: - -p NAME_SUFFIX=${{ inputs.target }} + -p ZONE=${{ inputs.target }} -p IMAGE_TAG=${{ inputs.tag }} # ${{ inputs.environment && '' || '-p MINIO_DATA_DIR=/tmp/data' }} # ${{ inputs.environment && '' || '-p DEST_PVC_SIZE=1Mi' }} @@ -94,7 +94,7 @@ jobs: -p IMAGE_STREAM_NAMESPACE=${{ vars.OC_NAMESPACE }} -p IMAGE_STREAM_NAME=crunchy-postgres-gis -p IMAGE_TAG=${{ inputs.tag }} - -p NAME_SUFFIX=${{ inputs.target }} + -p ZONE=${{ inputs.target }} -p STORAGE_CLASS=netapp-file-standard -p REQUEST_CPU=200m -p LIMIT_CPU=500m @@ -115,7 +115,7 @@ jobs: oc_version: "4.14.37" file: backend/openshift.deploy.yml parameters: - -p NAME_SUFFIX=${{ inputs.target }} + -p ZONE=${{ inputs.target }} -p IMAGE_TAG=${{ inputs.tag }} -p E_LICENSING_URL=${{ vars.E_LICENSING_URL }} -p DB_REPLICATE=${{ vars.DB_REPLICATE }} @@ -160,6 +160,6 @@ jobs: oc_version: "4.14.37" file: frontend/openshift.deploy.yml parameters: - -p NAME_SUFFIX=${{ inputs.target }} + -p ZONE=${{ inputs.target }} -p IMAGE_TAG=${{ inputs.tag }} \ No newline at end of file diff --git a/backend/openshift.deploy.yml b/backend/openshift.deploy.yml index 066c540ba..58a5276e1 100644 --- a/backend/openshift.deploy.yml +++ b/backend/openshift.deploy.yml @@ -1,94 +1,92 @@ kind: Template apiVersion: template.openshift.io/v1 parameters: -- name: NAME_SUFFIX - displayName: Name Suffix - description: A suffix appended to all objects - required: true -- name: IMAGE_TAG - required: true -- name: HOST - required: false - value: '' -- name: CPU_REQUEST - required: false - value: 25m -- name: CPU_LIMIT - required: false - value: 100m -- name: MEMORY_REQUEST - required: false - value: 150Mi -- name: MEMORY_LIMIT - required: false - value: 450Mi -- name: PSQL_IMAGE - description: A psql client image (a PostgreSQL image will suffice) - required: true - value: image-registry.openshift-image-registry.svc:5000/26e83e-tools/crunchy-postgres-gis:centos7-12.4-3.0-4.5.0 -- name: E_LICENSING_URL - required: true -- name: DB_REPLICATE - required: true -- name: DJANGO_DEBUG - required: true -- name: ENABLE_ADDITIONAL_DOCUMENTS - required: true -- name: S3_PRIVATE_BUCKET - required: true -- name: S3_PRIVATE_HOST - required: true -- name: S3_WELL_EXPORT_BUCKET - required: true -- name: SSO_AUDIENCE - required: true -- name: SSO_AUTH_HOST - required: true -- name: SSO_CLIENT - required: true -- name: SSO_IDP_HINT - required: true -- name: SSO_PORT - required: true -- name: SSO_PUBKEY - required: true -- name: SSO_REALM - required: true -- name: SSO_TEST_AUDIENCE - required: true -- name: SSO_TEST_CLIENT - required: true -- name: GDAL_LIBRARY_PATH - required: true -- name: GEOS_LIBRARY_PATH - required: true -- name: S3_AQUIFER_BUCKET - required: true -- name: S3_REGISTRANT_BUCKET - required: true -- name: S3_PRIVATE_ROOT_BUCKET - required: true -- name: S3_PRIVATE_AQUIFER_BUCKET - required: true -- name: S3_PRIVATE_REGISTRANT_BUCKET - required: true -- name: S3_PRIVATE_WELL_BUCKET - required: true -- name: ENABLE_AQUIFERS_SEARCH - required: true -- name: EMAIL_NOTIFICATION_RECIPIENT - required: true -- name: GEOCODER_ADDRESS_API_BASE - required: true + - name: REPO + description: Repository name + value: nr-gwells + - name: COMPONENT + description: Component name + value: backend + - name: ZONE + description: Deployment zone, e.g. pr-### or prod + required: true + - name: TAG + required: true + - name: CPU_REQUEST + required: false + value: 25m + - name: CPU_LIMIT + required: false + value: 100m + - name: MEMORY_REQUEST + required: false + value: 150Mi + - name: MEMORY_LIMIT + required: false + value: 450Mi + - name: E_LICENSING_URL + required: true + - name: DB_REPLICATE + required: true + - name: DJANGO_DEBUG + required: true + - name: ENABLE_ADDITIONAL_DOCUMENTS + required: true + - name: S3_PRIVATE_BUCKET + required: true + - name: S3_PRIVATE_HOST + required: true + - name: S3_WELL_EXPORT_BUCKET + required: true + - name: SSO_AUDIENCE + required: true + - name: SSO_AUTH_HOST + required: true + - name: SSO_CLIENT + required: true + - name: SSO_IDP_HINT + required: true + - name: SSO_PORT + required: true + - name: SSO_PUBKEY + required: true + - name: SSO_REALM + required: true + - name: SSO_TEST_AUDIENCE + required: true + - name: SSO_TEST_CLIENT + required: true + - name: GDAL_LIBRARY_PATH + required: true + - name: GEOS_LIBRARY_PATH + required: true + - name: S3_AQUIFER_BUCKET + required: true + - name: S3_REGISTRANT_BUCKET + required: true + - name: S3_PRIVATE_ROOT_BUCKET + required: true + - name: S3_PRIVATE_AQUIFER_BUCKET + required: true + - name: S3_PRIVATE_REGISTRANT_BUCKET + required: true + - name: S3_PRIVATE_WELL_BUCKET + required: true + - name: ENABLE_AQUIFERS_SEARCH + required: true + - name: EMAIL_NOTIFICATION_RECIPIENT + required: true + - name: GEOCODER_ADDRESS_API_BASE + required: true objects: - kind: ConfigMap apiVersion: v1 metadata: creationTimestamp: - name: gwells-global-config-${NAME_SUFFIX} + name: ${REPO}-${ZONE}-global-config labels: - appver: gwells-${NAME_SUFFIX} - app: nr-gwells-${NAME_SUFFIX} + appver: ${REPO}-${ZONE} + app: ${REPO}-${ZONE} data: DB_REPLICATE: ${DB_REPLICATE} DJANGO_DEBUG: ${DJANGO_DEBUG} @@ -120,11 +118,10 @@ objects: - kind: Deployment apiVersion: apps/v1 metadata: - name: gwells-${NAME_SUFFIX}-backend + name: ${REPO}-${ZONE}-${COMPONENT} creationTimestamp: labels: - app: nr-gwells-${NAME_SUFFIX} - appver: gwells-${NAME_SUFFIX}-backend + app: ${REPO}-${ZONE}-${COMPONENT} annotations: description: Defines how to deploy the application server spec: @@ -138,49 +135,48 @@ objects: # command: # - "/usr/bin/container-entrypoint" # - "/opt/app-root/src/scripts/pre-deploy.sh" - # containerName: gwells-app-${NAME_SUFFIX}-backend + # containerName: ${REPO}-${ZONE}-${COMPONENT}-app # env: # - name: PGDATABASE # valueFrom: # secretKeyRef: - # name: gwells-pg12-${NAME_SUFFIX}-backend + # name: ${REPO}-${ZONE}-${COMPONENT}-pg12 # key: database-name # - name: PGUSER # valueFrom: # secretKeyRef: - # name: gwells-pg12-${NAME_SUFFIX}-backend + # name: ${REPO}-${ZONE}-${COMPONENT}-pg12 # key: database-user # - name: PGPASSWORD # valueFrom: # secretKeyRef: - # name: gwells-pg12-${NAME_SUFFIX}-backend + # name: ${REPO}-${ZONE}-${COMPONENT}-pg12 # key: database-password # - name: PGHOST - # value: gwells-pg12-${NAME_SUFFIX}-backend + # value: ${REPO}-${ZONE}-${COMPONENT}-pg12 resources: {} activeDeadlineSeconds: 21600 replicas: 1 test: false selector: - name: gwells-${NAME_SUFFIX}-backend + name: ${REPO}-${ZONE}-${COMPONENT} matchLabels: - deployment: gwells-${NAME_SUFFIX}-backend + deployment: ${REPO}-${ZONE}-${COMPONENT} template: metadata: - name: gwells-${NAME_SUFFIX}-backend + name: ${REPO}-${ZONE}-${COMPONENT} creationTimestamp: labels: - name: gwells-${NAME_SUFFIX}-backend - appver: gwells-${NAME_SUFFIX}-backend - deployment: gwells-${NAME_SUFFIX}-backend + name: ${REPO}-${ZONE}-${COMPONENT} + deployment: ${REPO}-${ZONE}-${COMPONENT} spec: volumes: - name: staticfiles emptyDir: sizeLimit: 250Mi containers: - - name: gwells-app-${NAME_SUFFIX}-backend - image: 'ghcr.io/bcgov/nr-gwells/backend:${IMAGE_TAG}' + - name: ${REPO}-${ZONE}-${COMPONENT}-app + image: 'ghcr.io/bcgov/${REPO}/${COMPONENT}:${TAG}' volumeMounts: - name: staticfiles mountPath: /app/staticfiles @@ -189,237 +185,237 @@ objects: protocol: TCP env: - name: DATABASE_SERVICE_NAME - value: gwells-${NAME_SUFFIX}-database + value: ${REPO}-${ZONE}-database - name: DATABASE_NAME valueFrom: secretKeyRef: - name: gwells-${NAME_SUFFIX}-database + name: ${REPO}-${ZONE}-database key: database-name - name: DATABASE_USER valueFrom: secretKeyRef: - name: gwells-${NAME_SUFFIX}-database + name: ${REPO}-${ZONE}-database key: database-user - name: DATABASE_PASSWORD valueFrom: secretKeyRef: - name: gwells-${NAME_SUFFIX}-database + name: ${REPO}-${ZONE}-database key: database-password - name: DATABASE_SCHEMA value: public - name: APP_MODULE value: wsgi:application - name: APP_HOME - value: backend + value: ${COMPONENT} - name: APP_CONFIG - value: "/opt/app-root/src/backend/gunicorn.ocp4.cfg" + value: "/opt/app-root/src/${COMPONENT}/gunicorn.ocp4.cfg" - name: DJANGO_SECRET_KEY valueFrom: secretKeyRef: - name: gwells-django-${NAME_SUFFIX} + name: ${REPO}-django-${ZONE} key: secret_key - name: DJANGO_ADMIN_URL valueFrom: secretKeyRef: - name: gwells-django-${NAME_SUFFIX} + name: ${REPO}-django-${ZONE} key: admin_url - name: DJANGO_ADMIN_USER valueFrom: secretKeyRef: - name: gwells-django-${NAME_SUFFIX} + name: ${REPO}-django-${ZONE} key: admin_user - name: DJANGO_ADMIN_PASSWORD valueFrom: secretKeyRef: - name: gwells-django-${NAME_SUFFIX} + name: ${REPO}-django-${ZONE} key: admin_password - name: E_LICENSING_AUTH_PASSWORD valueFrom: secretKeyRef: - name: gwells-e-licensing-${NAME_SUFFIX} + name: ${REPO}-e-licensing-${ZONE} key: E_LICENSING_AUTH_PASSWORD - name: E_LICENSING_AUTH_USERNAME valueFrom: secretKeyRef: - name: gwells-e-licensing-${NAME_SUFFIX} + name: ${REPO}-e-licensing-${ZONE} key: E_LICENSING_AUTH_USERNAME - name: E_LICENSING_URL valueFrom: configMapKeyRef: - name: gwells-global-config-${NAME_SUFFIX} + name: ${REPO}-${ZONE}-global-config key: E_LICENSING_URL - name: DJANGO_DEBUG valueFrom: configMapKeyRef: key: DJANGO_DEBUG - name: gwells-global-config-${NAME_SUFFIX} + name: ${REPO}-${ZONE}-global-config - name: GDAL_LIBRARY_PATH valueFrom: configMapKeyRef: key: GDAL_LIBRARY_PATH - name: gwells-global-config-${NAME_SUFFIX} + name: ${REPO}-${ZONE}-global-config - name: GEOS_LIBRARY_PATH valueFrom: configMapKeyRef: key: GEOS_LIBRARY_PATH - name: gwells-global-config-${NAME_SUFFIX} + name: ${REPO}-${ZONE}-global-config - name: S3_AQUIFER_BUCKET valueFrom: configMapKeyRef: key: S3_AQUIFER_BUCKET - name: gwells-global-config-${NAME_SUFFIX} + name: ${REPO}-${ZONE}-global-config - name: S3_REGISTRANT_BUCKET valueFrom: configMapKeyRef: key: S3_REGISTRANT_BUCKET - name: gwells-global-config-${NAME_SUFFIX} + name: ${REPO}-${ZONE}-global-config - name: S3_PRIVATE_ROOT_BUCKET valueFrom: configMapKeyRef: key: S3_PRIVATE_ROOT_BUCKET - name: gwells-global-config-${NAME_SUFFIX} + name: ${REPO}-${ZONE}-global-config - name: S3_PRIVATE_AQUIFER_BUCKET valueFrom: configMapKeyRef: key: S3_PRIVATE_AQUIFER_BUCKET - name: gwells-global-config-${NAME_SUFFIX} + name: ${REPO}-${ZONE}-global-config - name: S3_PRIVATE_REGISTRANT_BUCKET valueFrom: configMapKeyRef: key: S3_PRIVATE_REGISTRANT_BUCKET - name: gwells-global-config-${NAME_SUFFIX} + name: ${REPO}-${ZONE}-global-config - name: S3_PRIVATE_WELL_BUCKET valueFrom: configMapKeyRef: key: S3_PRIVATE_WELL_BUCKET - name: gwells-global-config-${NAME_SUFFIX} + name: ${REPO}-${ZONE}-global-config - name: SSO_CLIENT valueFrom: configMapKeyRef: key: SSO_CLIENT - name: gwells-global-config-${NAME_SUFFIX} + name: ${REPO}-${ZONE}-global-config - name: SSO_PUBKEY valueFrom: configMapKeyRef: key: SSO_PUBKEY - name: gwells-global-config-${NAME_SUFFIX} + name: ${REPO}-${ZONE}-global-config - name: SSO_AUTH_HOST valueFrom: configMapKeyRef: key: SSO_AUTH_HOST - name: gwells-global-config-${NAME_SUFFIX} + name: ${REPO}-${ZONE}-global-config - name: SSO_AUDIENCE valueFrom: configMapKeyRef: key: SSO_AUDIENCE - name: gwells-global-config-${NAME_SUFFIX} + name: ${REPO}-${ZONE}-global-config - name: SSO_REALM valueFrom: configMapKeyRef: key: SSO_REALM - name: gwells-global-config-${NAME_SUFFIX} + name: ${REPO}-${ZONE}-global-config - name: SSO_PORT valueFrom: configMapKeyRef: key: SSO_PORT - name: gwells-global-config-${NAME_SUFFIX} + name: ${REPO}-${ZONE}-global-config - name: SSO_TEST_CLIENT valueFrom: configMapKeyRef: key: SSO_TEST_CLIENT - name: gwells-global-config-${NAME_SUFFIX} + name: ${REPO}-${ZONE}-global-config - name: SSO_TEST_AUDIENCE valueFrom: configMapKeyRef: key: SSO_TEST_AUDIENCE - name: gwells-global-config-${NAME_SUFFIX} + name: ${REPO}-${ZONE}-global-config - name: ENABLE_ADDITIONAL_DOCUMENTS valueFrom: configMapKeyRef: key: ENABLE_ADDITIONAL_DOCUMENTS - name: gwells-global-config-${NAME_SUFFIX} + name: ${REPO}-${ZONE}-global-config - name: ENABLE_AQUIFERS_SEARCH valueFrom: configMapKeyRef: key: ENABLE_AQUIFERS_SEARCH - name: gwells-global-config-${NAME_SUFFIX} + name: ${REPO}-${ZONE}-global-config - name: APP_CONTEXT_ROOT - value: gwells + value: ${REPO} - name: SESSION_COOKIE_SECURE - value: 'True' + value: 'true' - name: CSRF_COOKIE_SECURE - value: 'True' + value: 'true' - name: DB_REPLICATE valueFrom: configMapKeyRef: key: DB_REPLICATE - name: gwells-global-config-${NAME_SUFFIX} + name: ${REPO}-${ZONE}-global-config # - name: MINIO_ACCESS_KEY # valueFrom: # secretKeyRef: - # name: minio-access-parameters-${NAME_SUFFIX} + # name: minio-access-parameters-${ZONE} # key: MINIO_ACCESS_KEY # - name: MINIO_SECRET_KEY # valueFrom: # secretKeyRef: - # name: minio-access-parameters-${NAME_SUFFIX} + # name: minio-access-parameters-${ZONE} # key: MINIO_SECRET_KEY # - name: S3_PUBLIC_ACCESS_KEY # valueFrom: # secretKeyRef: - # name: minio-access-parameters-${NAME_SUFFIX} + # name: minio-access-parameters-${ZONE} # key: S3_PUBLIC_ACCESS_KEY # - name: S3_PUBLIC_SECRET_KEY # valueFrom: # secretKeyRef: - # name: minio-access-parameters-${NAME_SUFFIX} + # name: minio-access-parameters-${ZONE} # key: S3_PUBLIC_SECRET_KEY # - name: S3_HOST # valueFrom: # secretKeyRef: - # name: minio-access-parameters-${NAME_SUFFIX} + # name: minio-access-parameters-${ZONE} # key: S3_HOST # - name: S3_ROOT_BUCKET # valueFrom: # secretKeyRef: - # name: minio-access-parameters-${NAME_SUFFIX} + # name: minio-access-parameters-${ZONE} # key: S3_ROOT_BUCKET - name: S3_PRIVATE_HOST valueFrom: configMapKeyRef: key: S3_PRIVATE_HOST - name: gwells-global-config-${NAME_SUFFIX} + name: ${REPO}-${ZONE}-global-config - name: S3_WELL_EXPORT_BUCKET valueFrom: configMapKeyRef: key: S3_WELL_EXPORT_BUCKET - name: gwells-global-config-${NAME_SUFFIX} + name: ${REPO}-${ZONE}-global-config - name: S3_PRIVATE_BUCKET valueFrom: configMapKeyRef: key: S3_PRIVATE_BUCKET - name: gwells-global-config-${NAME_SUFFIX} + name: ${REPO}-${ZONE}-global-config - name: SSO_IDP_HINT valueFrom: configMapKeyRef: key: SSO_IDP_HINT - name: gwells-global-config-${NAME_SUFFIX} + name: ${REPO}-${ZONE}-global-config - name: WEB_CONCURRENCY value: '4' - name: GUNICORN_WORKERS value: '4' - name: ENFORCE_ENV_VARIABLES - value: 'False' + value: 'false' - name: EMAIL_NOTIFICATION_RECIPIENT valueFrom: configMapKeyRef: key: EMAIL_NOTIFICATION_RECIPIENT - name: gwells-global-config-${NAME_SUFFIX} + name: ${REPO}-${ZONE}-global-config - name: GEOCODER_ADDRESS_API_BASE valueFrom: configMapKeyRef: key: GEOCODER_ADDRESS_API_BASE - name: gwells-global-config-${NAME_SUFFIX} + name: ${REPO}-${ZONE}-global-config resources: limits: cpu: "${CPU_LIMIT}" @@ -460,57 +456,51 @@ objects: metadata: creationTimestamp: labels: - app: nr-gwells-${NAME_SUFFIX} - appver: gwells-${NAME_SUFFIX}-backend - name: gwells-${NAME_SUFFIX}-backend + app: ${REPO}-${ZONE} + appver: ${REPO}-${ZONE}-${COMPONENT} + name: ${REPO}-${ZONE}-${COMPONENT} spec: maxReplicas: 5 minReplicas: 1 scaleTargetRef: apiVersion: v1 kind: Deployment - name: gwells-${NAME_SUFFIX}-backend + name: ${REPO}-${ZONE}-${COMPONENT} targetCPUUtilizationPercentage: 90 - kind: Service apiVersion: v1 metadata: - name: nr-gwells-${NAME_SUFFIX}-backend + name: ${REPO}-${ZONE}-${COMPONENT} creationTimestamp: labels: - app: nr-gwells-${NAME_SUFFIX} - appver: gwells-${NAME_SUFFIX}-backend - annotations: - description: Exposes and load balances the application pods + app: ${REPO}-${ZONE}-${COMPONENT} spec: ports: - name: web protocol: TCP - port: 8000 - targetPort: 8000 + port: 8080 + targetPort: 8080 selector: - name: nr-gwells-${NAME_SUFFIX}-backend + name: ${REPO}-${ZONE}-${COMPONENT} type: ClusterIP sessionAffinity: None -# - kind: Route -# apiVersion: v1 -# metadata: -# name: nr-gwells-${NAME_SUFFIX}-backend -# creationTimestamp: -# labels: -# frontend: 'true' -# app: nr-gwells-${NAME_SUFFIX} -# appver: gwells-${NAME_SUFFIX}-backend -# annotations: {} -# spec: -# host: nr-gwells-${NAME_SUFFIX}-backend.apps.silver.devops.gov.bc.ca -# path: "/gwells" -# to: -# kind: Service -# name: nr-gwells-${NAME_SUFFIX}-backend -# weight: 100 -# port: -# targetPort: web -# tls: -# insecureEdgeTerminationPolicy: Redirect -# termination: edge -# wildcardPolicy: None +- kind: Route + apiVersion: v1 + metadata: + name: ${REPO}-${ZONE}-${COMPONENT} + labels: + frontend: 'true' + app: ${REPO}-${ZONE}-${COMPONENT} + spec: + host: ${REPO}-${ZONE}-${COMPONENT}.apps.silver.devops.gov.bc.ca + path: "/gwells" + to: + kind: Service + name: ${REPO}-${ZONE}-${COMPONENT} + weight: 100 + port: + targetPort: web + tls: + insecureEdgeTerminationPolicy: Redirect + termination: edge + wildcardPolicy: None diff --git a/common/openshift.init.yml b/common/openshift.init.yml index 725b9ac5b..efa303940 100644 --- a/common/openshift.init.yml +++ b/common/openshift.init.yml @@ -1,9 +1,11 @@ apiVersion: template.openshift.io/v1 kind: Template parameters: - - description: A suffix appended to all objects - displayName: Name Suffix - name: NAME_SUFFIX + - name: REPO + description: Repository name + value: ${REPO} + - name: ZONE + description: Deployment zone, e.g. pr-### or prod required: true - description: The name of the OpenShift Service exposed for the database. displayName: Database Service Name @@ -60,9 +62,9 @@ objects: - apiVersion: v1 kind: Secret metadata: - name: gwells-${NAME_SUFFIX}-database + name: ${REPO}-${ZONE}-database labels: - app: nr-gwells-${NAME_SUFFIX} + app: ${REPO}-${ZONE} stringData: database-name: ${POSTGRESQL_DATABASE} database-password: ${POSTGRESQL_PASSWORD} @@ -74,10 +76,9 @@ objects: - apiVersion: v1 kind: Secret metadata: - name: gwells-minio-${NAME_SUFFIX} + name: ${REPO}-${ZONE}-minio labels: - app: nr-gwells-${NAME_SUFFIX} - creationTimestamp: + app: ${REPO}-${ZONE} stringData: MINIO_ACCESS_KEY: ${MINIO_ACCESS_KEY} MINIO_SECRET_KEY: ${MINIO_SECRET_KEY} @@ -88,10 +89,9 @@ objects: - apiVersion: v1 kind: Secret metadata: - creationTimestamp: - name: gwells-django-${NAME_SUFFIX} + name: ${REPO}-${ZONE}-django labels: - app: nr-gwells-${NAME_SUFFIX} + app: ${REPO}-${ZONE} stringData: admin_password: ${DJANGO_ADMIN_PASSWORD} admin_url: ${DJANGO_ADMIN_URL} @@ -100,10 +100,9 @@ objects: - apiVersion: v1 kind: Secret metadata: - creationTimestamp: - name: gwells-e-licensing-${NAME_SUFFIX} + name: ${REPO}-${ZONE}-e-licensing labels: - app: nr-gwells-${NAME_SUFFIX} + app: ${REPO}-${ZONE} stringData: E_LICENSING_AUTH_PASSWORD: ${E_LICENSING_AUTH_PASSWORD} E_LICENSING_AUTH_USERNAME: ${E_LICENSING_AUTH_USERNAME} @@ -111,9 +110,9 @@ objects: kind: Secret metadata: creationTimestamp: - name: crunchy-db-credentials-${NAME_SUFFIX} + name: ${REPO}-${ZONE}-crunchy-db-credentials labels: - app: nr-gwells-${NAME_SUFFIX} + app: ${REPO}-${ZONE} stringData: PG_MODE: ${PG_MODE} PG_PRIMARY_PASSWORD: ${PG_PRIMARY_PASSWORD} @@ -138,7 +137,7 @@ objects: metadata: name: allow-same-namespace labels: - template: nr-gwells-backend-network-security-policy + template: ${REPO}-backend-network-security-policy spec: policyTypes: - Ingress diff --git a/database/openshift.deploy.yml b/database/openshift.deploy.yml index 95d89d6aa..998c728ed 100644 --- a/database/openshift.deploy.yml +++ b/database/openshift.deploy.yml @@ -1,23 +1,17 @@ -apiVersion: v1 kind: Template -labels: - template: postgresql-persistent-template -metadata: - creationTimestamp: null - name: gwells-postgresql-dc +apiVersion: template.openshift.io/v1 parameters: - - description: The OpenShift ImageStream name. - displayName: IMAGE_STREAM_NAME - name: IMAGE_STREAM_NAME - value: crunchy-postgres-gis - - description: The OpenShift Namespace where the ImageStream resides. - displayName: Namespace - name: IMAGE_STREAM_NAMESPACE - value: 26e83e-tools - - description: The image registry for the container image or ImageStream. - displayName: Image Registry - name: IMAGE_REGISTRY - value: image-registry.openshift-image-registry.svc:5000 + - name: REPO + description: Repository name + value: nr-gwells + - name: COMPONENT + description: Component name + value: database + - name: ZONE + description: Deployment zone, e.g. pr-### or prod + required: true + - name: TAG + required: true - description: Volume space available for data, e.g. 512Mi, 2Gi. displayName: Volume Capacity name: VOLUME_CAPACITY @@ -47,10 +41,6 @@ parameters: name: IMAGE_STREAM_VERSION required: true value: centos7-12.4-3.0-4.5.0 - - name: NAME_SUFFIX - required: true - - name: IMAGE_TAG - required: true - description: Storage class for PVCs. displayName: Storage class for PVCs. name: STORAGE_CLASS @@ -117,18 +107,18 @@ objects: kind: ConfigMap metadata: labels: - app: nr-gwells-${NAME_SUFFIX} - name: gwells-${NAME_SUFFIX}-database-setupcfg - appver: gwells-${NAME_SUFFIX}-database - name: gwells-${NAME_SUFFIX}-database-setupcfg + app: ${REPO}-${ZONE} + name: ${REPO}-${ZONE}-${COMPONENT}-setupcfg + appver: ${REPO}-${ZONE}-${COMPONENT} + name: ${REPO}-${ZONE}-${COMPONENT}-setupcfg - apiVersion: v1 kind: Service metadata: labels: - app: nr-gwells-${NAME_SUFFIX} + app: ${REPO}-${ZONE} annotations: template.openshift.io/expose-uri: postgres://{.spec.clusterIP}:{.spec.ports[?(.name=="postgresql")].port} - name: gwells-${NAME_SUFFIX}-database + name: ${REPO}-${ZONE}-${COMPONENT} spec: ports: - name: postgresql @@ -137,7 +127,7 @@ objects: protocol: TCP targetPort: 5432 selector: - deployment: gwells-${NAME_SUFFIX}-database + deployment: ${REPO}-${ZONE}-${COMPONENT} sessionAffinity: None type: ClusterIP status: @@ -145,9 +135,9 @@ objects: - apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: gwells-${NAME_SUFFIX}-database + name: ${REPO}-${ZONE}-${COMPONENT} labels: - app: nr-gwells-${NAME_SUFFIX} + app: ${REPO}-${ZONE} annotations: template.openshift.io.bcgov/create: "true" spec: @@ -162,22 +152,22 @@ objects: metadata: annotations: template.alpha.openshift.io/wait-for-ready: "true" - name: gwells-${NAME_SUFFIX}-database + name: ${REPO}-${ZONE}-${COMPONENT} labels: - app: nr-gwells-${NAME_SUFFIX} + app: ${REPO}-${ZONE} spec: replicas: 1 selector: matchLabels: - deployment: gwells-${NAME_SUFFIX}-database + deployment: ${REPO}-${ZONE}-${COMPONENT} strategy: type: Recreate template: metadata: labels: - name: gwells-${NAME_SUFFIX}-database - appver: gwells-${NAME_SUFFIX} - deployment: gwells-${NAME_SUFFIX}-database + name: ${REPO}-${ZONE}-${COMPONENT} + appver: ${REPO}-${ZONE} + deployment: ${REPO}-${ZONE}-${COMPONENT} spec: containers: - capabilities: {} @@ -187,7 +177,7 @@ objects: - name: CONTAINER_NAME value: postgresql - name: PG_PRIMARY_HOST - value: gwells-${NAME_SUFFIX}-database + value: ${REPO}-${ZONE}-${COMPONENT} - name: PGDATA_PATH_OVERRIDE value: userdata - name: PGHOST @@ -196,38 +186,38 @@ objects: valueFrom: secretKeyRef: key: database-name - name: gwells-${NAME_SUFFIX}-database + name: ${REPO}-${ZONE}-${COMPONENT} - name: PG_PASSWORD valueFrom: secretKeyRef: key: database-password - name: gwells-${NAME_SUFFIX}-database + name: ${REPO}-${ZONE}-${COMPONENT} - name: PG_USER valueFrom: secretKeyRef: key: database-user - name: gwells-${NAME_SUFFIX}-database + name: ${REPO}-${ZONE}-${COMPONENT} - name: PG_MODE valueFrom: secretKeyRef: key: PG_MODE - name: crunchy-db-credentials-${NAME_SUFFIX} + name: ${REPO}-${ZONE}-crunchy-db-credentials - name: PG_PRIMARY_PASSWORD valueFrom: secretKeyRef: key: PG_PRIMARY_PASSWORD - name: crunchy-db-credentials-${NAME_SUFFIX} + name: ${REPO}-${ZONE}-crunchy-db-credentials - name: PG_PRIMARY_USER valueFrom: secretKeyRef: key: PG_PRIMARY_USER - name: crunchy-db-credentials-${NAME_SUFFIX} + name: ${REPO}-${ZONE}-crunchy-db-credentials - name: PG_ROOT_PASSWORD valueFrom: secretKeyRef: key: PG_ROOT_PASSWORD - name: crunchy-db-credentials-${NAME_SUFFIX} - image: "ghcr.io/bcgov/nr-gwells/database:${IMAGE_TAG}" + name: ${REPO}-${ZONE}-crunchy-db-credentials + image: "ghcr.io/bcgov/${REPO}/${COMPONENT}:${TAG}" imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -268,20 +258,19 @@ objects: terminationMessagePath: /dev/termination-log volumeMounts: - mountPath: /pgdata - name: gwells-${NAME_SUFFIX}-database-data + name: ${REPO}-${ZONE}-${COMPONENT}-data - mountPath: /var/run/postgresql - name: gwells-${NAME_SUFFIX}-database-run + name: ${REPO}-${ZONE}-${COMPONENT}-run - mountPath: /pgconf - name: gwells-${NAME_SUFFIX}-database-setupcfg + name: ${REPO}-${ZONE}-${COMPONENT}-setupcfg dnsPolicy: ClusterFirst restartPolicy: Always volumes: - - name: gwells-${NAME_SUFFIX}-database-data + - name: ${REPO}-${ZONE}-${COMPONENT}-data persistentVolumeClaim: - claimName: gwells-${NAME_SUFFIX}-database - - name: gwells-${NAME_SUFFIX}-database-run + claimName: ${REPO}-${ZONE}-${COMPONENT} + - name: ${REPO}-${ZONE}-${COMPONENT}-run emptyDir: {} - configMap: - name: gwells-${NAME_SUFFIX}-database-setupcfg - name: gwells-${NAME_SUFFIX}-database-setupcfg - status: {} + name: ${REPO}-${ZONE}-${COMPONENT}-setupcfg + name: ${REPO}-${ZONE}-${COMPONENT}-setupcfg diff --git a/frontend/openshift.deploy.yml b/frontend/openshift.deploy.yml index 6001c6b0f..e24e0c7ae 100644 --- a/frontend/openshift.deploy.yml +++ b/frontend/openshift.deploy.yml @@ -1,19 +1,24 @@ apiVersion: template.openshift.io/v1 kind: Template parameters: - - name: NAME_SUFFIX - displayName: Name Suffix - description: A suffix appended to all objects + - name: REPO + description: Repository name + value: nr-gwells + - name: COMPONENT + description: Component name + value: frontend + - name: ZONE + description: Deployment zone, e.g. pr-### or prod required: true - - name: IMAGE_TAG + - name: TAG required: true objects: - kind: Service apiVersion: v1 metadata: labels: - app: nr-gwells-${NAME_SUFFIX} - name: nr-gwells-${NAME_SUFFIX}-frontend + app: ${REPO}-${ZONE} + name: ${REPO}-${ZONE}-${COMPONENT} spec: type: ClusterIP ports: @@ -22,30 +27,30 @@ objects: protocol: TCP name: 3000-tcp selector: - service: nr-gwells-${NAME_SUFFIX}-frontend + service: ${REPO}-${ZONE}-${COMPONENT} - kind: Deployment apiVersion: apps/v1 metadata: labels: - app: nr-gwells-${NAME_SUFFIX} - deployment: gwells-${NAME_SUFFIX}-frontend - name: gwells-${NAME_SUFFIX}-frontend + app: ${REPO}-${ZONE} + deployment: ${REPO}-${ZONE}-${COMPONENT} + name: ${REPO}-${ZONE}-${COMPONENT} spec: strategy: type: Recreate selector: matchLabels: - deployment: gwells-${NAME_SUFFIX}-frontend + deployment: ${REPO}-${ZONE}-${COMPONENT} template: metadata: labels: - app: nr-gwells-${NAME_SUFFIX} - deployment: gwells-${NAME_SUFFIX}-frontend - service: nr-gwells-${NAME_SUFFIX}-frontend + app: ${REPO}-${ZONE} + deployment: ${REPO}-${ZONE}-${COMPONENT} + service: ${REPO}-${ZONE}-${COMPONENT} spec: containers: - - name: gwells-${NAME_SUFFIX}-frontend - image: ghcr.io/bcgov/nr-gwells/frontend:${IMAGE_TAG} + - name: ${REPO}-${ZONE}-${COMPONENT} + image: ghcr.io/bcgov/${REPO}/${COMPONENT}:${TAG} securityContext: capabilities: add: ["NET_BIND_SERVICE"] @@ -54,9 +59,9 @@ objects: - name: LOG_LEVEL value: info - name: VUE_APP_AXIOS_BASE_URL - value: http://gwells-${NAME_SUFFIX}-frontend/gwells/api/v2/ + value: http://${REPO}-${ZONE}-${COMPONENT}/gwells/api/v2/ - name: BACKEND_URL - value: http://gwells-${NAME_SUFFIX}-frontend + value: http://${REPO}-${ZONE}-${COMPONENT} ports: - name: container-port containerPort: 3000 @@ -93,15 +98,15 @@ objects: apiVersion: route.openshift.io/v1 metadata: labels: - app: nr-gwells-${NAME_SUFFIX} - name: nr-gwells-${NAME_SUFFIX}-frontend + app: ${REPO}-${ZONE} + name: ${REPO}-${ZONE}-${COMPONENT} spec: - host: nr-gwells-${NAME_SUFFIX}-frontend.apps.silver.devops.gov.bc.ca + host: ${REPO}-${ZONE}-${COMPONENT}.apps.silver.devops.gov.bc.ca port: targetPort: 3000-tcp to: kind: Service - name: nr-gwells-${NAME_SUFFIX}-frontend + name: ${REPO}-${ZONE}-${COMPONENT} weight: 100 tls: termination: edge diff --git a/minio/openshift.deploy.yml b/minio/openshift.deploy.yml index 6451e1205..610e5a2a9 100644 --- a/minio/openshift.deploy.yml +++ b/minio/openshift.deploy.yml @@ -1,48 +1,39 @@ -apiVersion: template.openshift.io/v1 kind: Template -metadata: - annotations: - description: "Minio deployment" - labels: - app: "gwells-${NAME_SUFFIX}" - template: "gwells-minio-template-${NAME_SUFFIX}" - name: "gwells-minio-${NAME_SUFFIX}" +apiVersion: template.openshift.io/v1 parameters: - - name: "NAME_SUFFIX" + - name: REPO + description: Repository name + value: nr-gwells + - name: COMPONENT + description: Component name + value: minio + - name: ZONE + description: Deployment zone, e.g. pr-### or prod required: true - - name: "SRC_NAMESPACE" - displayName: "Namespace containing the deployment source" - value: "26e83e-tools" - - name: "SRC_IMAGE" - displayName: "Name of source image" - value: "gwells-minio" - - name: "SRC_TAG" - displayName: "Tag of source image" - value: "latest" - - name: "DEST_PVC_SIZE" + - name: TAG + required: true + - name: DEST_PVC_SIZE displayName: "PVC size" value: "1Gi" - - name: "DEST_PVC_CLASS" + - name: DEST_PVC_CLASS displayName: "PVC class" value: "netapp-file-standard" - - name: "DEST_PVC_ACCESS" + - name: DEST_PVC_ACCESS displayName: "PVC access mode" value: "ReadWriteMany" - - name: "IMAGE_TAG" - required: true objects: - apiVersion: v1 kind: PersistentVolumeClaim metadata: finalizers: - - kubernetes.io/pvc-protection - name: "gwells-minio-${NAME_SUFFIX}" + - kubernetes.io/pvc-protection + name: ${REPO}-${ZONE}-${COMPONENT} labels: - app: "nr-gwells-${NAME_SUFFIX}" - name: gwells-minio-${NAME_SUFFIX} + app: ${REPO}-${ZONE} + name: ${REPO}-${ZONE}-${COMPONENT} spec: accessModes: - - ${DEST_PVC_ACCESS} + - ${DEST_PVC_ACCESS} resources: requests: storage: ${DEST_PVC_SIZE} @@ -51,14 +42,14 @@ objects: kind: Deployment metadata: labels: - app: "nr-gwells-${NAME_SUFFIX}" - name: "gwells-minio-${NAME_SUFFIX}" - name: "gwells-minio-${NAME_SUFFIX}" + app: ${REPO}-${ZONE} + name: ${REPO}-${ZONE}-${COMPONENT} + name: ${REPO}-${ZONE}-${COMPONENT} spec: replicas: 1 selector: matchLabels: - app: "nr-gwells-${NAME_SUFFIX}" + app: ${REPO}-${ZONE} strategy: activeDeadlineSeconds: 3000 recreateParams: @@ -67,25 +58,25 @@ objects: template: metadata: labels: - app: "nr-gwells-${NAME_SUFFIX}" - name: gwells-minio-${NAME_SUFFIX} - service: gwells-minio-${NAME_SUFFIX} + app: ${REPO}-${ZONE} + name: ${REPO}-${ZONE}-${COMPONENT} + service: ${REPO}-${ZONE}-${COMPONENT} spec: containers: - env: - name: MINIO_ACCESS_KEY valueFrom: secretKeyRef: - name: gwells-minio-${NAME_SUFFIX} + name: ${REPO}-${ZONE}-${COMPONENT} key: MINIO_ACCESS_KEY - name: MINIO_SECRET_KEY valueFrom: secretKeyRef: - name: gwells-minio-${NAME_SUFFIX} + name: ${REPO}-${ZONE}-${COMPONENT} key: MINIO_SECRET_KEY - name: MINIO_DATA_DIR value: /opt/minio/s3/data - image: ghcr.io/bcgov/nr-gwells/minio:${IMAGE_TAG} + image: ghcr.io/bcgov/${REPO}/${COMPONENT}:${TAG} securityContext: capabilities: add: ["NET_BIND_SERVICE"] @@ -100,7 +91,7 @@ objects: # successThreshold: 1 # failureThreshold: 30 # imagePullPolicy: Always - name: "gwells-minio-${NAME_SUFFIX}" + name: ${REPO}-${ZONE}-${COMPONENT} command: - '/bin/sh' - '-c' @@ -124,19 +115,19 @@ objects: volumes: - name: minio-vol persistentVolumeClaim: - claimName: "gwells-minio-${NAME_SUFFIX}" + claimName: ${REPO}-${ZONE}-${COMPONENT} - apiVersion: v1 kind: Service metadata: labels: - app: nr-gwells-${NAME_SUFFIX} - name: gwells-minio-${NAME_SUFFIX} - name: gwells-minio-${NAME_SUFFIX} + app: ${REPO}-${ZONE} + name: ${REPO}-${ZONE}-${COMPONENT} + name: ${REPO}-${ZONE}-${COMPONENT} spec: selector: - app: nr-gwells-${NAME_SUFFIX} - name: gwells-minio-${NAME_SUFFIX} - service: gwells-minio-${NAME_SUFFIX} + app: ${REPO}-${ZONE} + name: ${REPO}-${ZONE}-${COMPONENT} + service: ${REPO}-${ZONE}-${COMPONENT} ports: - name: 9000-tcp port: 9000