feat!: major change to deploy, adhere to QSOS, use HELM , move away f…

…rom DC(Deprecated Already.)
bcgov · Oct 4, 2024 · 3ec8e62 · 3ec8e62
1 parent 9b147de
commit 3ec8e62
Show file tree

Hide file tree

Showing 22 changed files with 780 additions and 68 deletions.
diff --git a/.github/workflows/merge.yml b/.github/workflows/merge.yml
@@ -25,33 +25,21 @@ jobs:
         id: pr
         uses: bcgov-nr/[email protected]
 
-  deploys:
-    name: TEST Deployments
-    needs: [vars]
-    environment: test
-    runs-on: ubuntu-22.04
-    strategy:
-      matrix:
-        name: [frontend, rctool]
-        include:
-          - name: frontend
-            file: frontend/openshift.nginx.deploy.yml
-          - name: rctool
-            file: frontend/openshift.deploy.yml
-    steps:
-      - uses: bcgov-nr/[email protected]
-        with:
-          file: ${{ matrix.file }}
-          oc_namespace: ${{ secrets.OC_NAMESPACE }}
-          oc_server: ${{ vars.OC_SERVER }}
-          oc_token: ${{ secrets.OC_TOKEN }}
-          overwrite: true
-          parameters:
-            -p ZONE=test -p PROMOTE=${{ github.repository }}/${{ matrix.name }}:${{ needs.vars.outputs.pr }} -p MAX_REPLICAS=3
+  deploy-test:
+    name: Deploy (test)
+    uses: bcgov/quickstart-openshift-helpers/.github/workflows/[email protected]
+    secrets:
+      oc_namespace: ${{ secrets.OC_NAMESPACE }}
+      oc_token: ${{ secrets.OC_TOKEN }}
+    with:
+      environment: test
+      params: --set global.autoscaling=true --set rctool.pdb.enabled=true --set frontend.pdb.enabled=true
+
+
 
   zap_scan:
     runs-on: ubuntu-22.04
-    needs: [deploys, vars]
+    needs: [deploy-test, vars]
     name: Penetration Tests
     env:
       URL: ${{ github.event.repository.name }}-test-frontend.apps.silver.devops.gov.bc.ca
@@ -66,7 +54,7 @@ jobs:
           target: https://${{ env.URL }}
   promotions:
     name: Promote Images
-    needs: [deploys, vars]
+    needs: [deploy-test, vars]
     permissions:
       packages: write
     runs-on: ubuntu-22.04

diff --git a/.github/workflows/pr-close.yml b/.github/workflows/pr-close.yml
@@ -17,5 +17,5 @@ jobs:
       oc_namespace: ${{ secrets.OC_NAMESPACE }}
       oc_token: ${{ secrets.OC_TOKEN }}
     with:
-      cleanup: label
+      cleanup: helm
       packages: frontend rctool
diff --git a/.github/workflows/pr-open.yml b/.github/workflows/pr-open.yml
@@ -34,29 +34,19 @@ jobs:
           token: ${{ secrets.GITHUB_TOKEN }}
           triggers: ('frontend/')
 
+  # https://github.com/bcgov/quickstart-openshift-helpers
   deploys:
     name: Deploys
-    needs: [builds]
-    runs-on: ubuntu-22.04
-    strategy:
-      matrix:
-        name: [frontend, rctool]
-        include:
-          - name: frontend
-            file: frontend/openshift.nginx.deploy.yml
-          - name: rctool
-            file: frontend/openshift.deploy.yml
-    steps:
-      - uses: bcgov-nr/[email protected]
-        with:
-          file: ${{ matrix.file }}
-          oc_namespace: ${{ secrets.OC_NAMESPACE }}
-          oc_server: ${{ vars.OC_SERVER }}
-          oc_token: ${{ secrets.OC_TOKEN }}
-          overwrite: true
-          parameters:
-            -p ZONE=${{ github.event.number }}
-            -p PROMOTE=${{ github.repository }}/${{ matrix.name }}:${{ github.event.number }}
+    needs: [ builds ]
+    uses: bcgov/quickstart-openshift-helpers/.github/workflows/[email protected]
+    secrets:
+      oc_namespace: ${{ secrets.OC_NAMESPACE }}
+      oc_token: ${{ secrets.OC_TOKEN }}
+    with:
+      triggers: ('frontend/')
+      params: --set global.secrets.persist=false
+      oc_server: ${{ vars.OC_SERVER }}
+
 
   results:
     name: PR Results

diff --git a/.github/workflows/prod.yml b/.github/workflows/prod.yml
@@ -10,27 +10,15 @@ concurrency:
 
 jobs:
   deploys:
-    name: PROD Deployments
-    environment: prod
-    runs-on: ubuntu-22.04
-    strategy:
-      matrix:
-        name: [frontend, rctool]
-        include:
-          - name: frontend
-            file: frontend/openshift.nginx.deploy.yml
-          - name: rctool
-            file: frontend/openshift.deploy.yml
-    steps:
-      - uses: bcgov-nr/[email protected]
-        with:
-          file: ${{ matrix.file }}
-          oc_namespace: ${{ secrets.OC_NAMESPACE }}
-          oc_server: ${{ vars.OC_SERVER }}
-          oc_token: ${{ secrets.OC_TOKEN }}
-          overwrite: true
-          parameters:
-            -p ZONE=prod -p PROMOTE=${{ github.repository }}/${{ matrix.name }}:test -p MAX_REPLICAS=3
+    name: Deploy (test)
+    uses: bcgov/quickstart-openshift-helpers/.github/workflows/[email protected]
+    secrets:
+      oc_namespace: ${{ secrets.OC_NAMESPACE }}
+      oc_token: ${{ secrets.OC_TOKEN }}
+    with:
+      environment: prod
+      tag: test
+      params: --set global.autoscaling=true --set rctool.pdb.enabled=true --set frontend.pdb.enabled=true
 
   promotions:
     name: Promote Images

diff --git a/charts/app/.helmignore b/charts/app/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/app/Chart.lock b/charts/app/Chart.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: postgresql
+  repository: https://charts.bitnami.com/bitnami
+  version: 15.5.36
+digest: sha256:2a03d437947bc841ae70d07e6b84735b6cc4651a7a31804afa188cf75131669a
+generated: "2024-10-03T22:49:27.151720296Z"
diff --git a/charts/app/Chart.yaml b/charts/app/Chart.yaml
@@ -0,0 +1,31 @@
+apiVersion: v2
+name: nr-hydrometric-rating-curve
+description: A Helm chart for Kubernetes deployment.
+icon: https://www.nicepng.com/png/detail/521-5211827_bc-icon-british-columbia-government-logo.png
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"
+
+maintainers:
+  - name: Om Mishra
+    email: [email protected]
+  - name: Derek Roberts
+    email: [email protected]
diff --git a/charts/app/templates/_helpers.tpl b/charts/app/templates/_helpers.tpl
@@ -0,0 +1,47 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s" .Release.Name  | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "name.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "labels" -}}
+helm.sh/chart: {{ include "name.chart" . }}
+{{ include "selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "selectorLabels" -}}
+app.kubernetes.io/name: {{ include "fullname" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
diff --git a/charts/app/templates/frontend/templates/_helpers.tpl b/charts/app/templates/frontend/templates/_helpers.tpl
@@ -0,0 +1,43 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "frontend.name" -}}
+{{- printf "frontend" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "frontend.fullname" -}}
+{{- $componentName := include "frontend.name" .  }}
+{{- if .Values.frontend.fullnameOverride }}
+{{- .Values.frontend.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $componentName | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+
+
+{{/*
+Common labels
+*/}}
+{{- define "frontend.labels" -}}
+{{ include "frontend.selectorLabels" . }}
+{{- if .Values.global.tag }}
+app.kubernetes.io/image-version: {{ .Values.global.tag | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+app.kubernetes.io/short-name: {{ include "frontend.name" . }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "frontend.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "frontend.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+
diff --git a/charts/app/templates/frontend/templates/deployment.yaml b/charts/app/templates/frontend/templates/deployment.yaml
@@ -0,0 +1,87 @@
+{{- if .Values.frontend.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "frontend.fullname" . }}
+  labels:
+    {{- include "frontend.labels" . | nindent 4 }}
+spec:
+  strategy:
+    type: {{ .Values.frontend.deploymentStrategy }}
+  {{- if not .Values.frontend.autoscaling.enabled }}
+  replicas: {{ .Values.frontend.replicaCount }}
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- include "frontend.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      annotations:
+        rollme: {{ randAlphaNum 5 | quote }}
+      labels:
+        {{- include "frontend.labels" . | nindent 8 }}
+    spec:
+      {{- if .Values.frontend.podSecurityContext }}
+      securityContext:
+        {{- toYaml .Values.frontend.podSecurityContext | nindent 12 }}
+      {{- end }}
+      containers:
+        - name: {{ include "frontend.fullname" . }}
+          securityContext:
+            capabilities:
+              add: [ "NET_BIND_SERVICE" ]
+          image: "{{.Values.global.registry}}/{{.Values.global.repository}}/nginx:{{ .Values.global.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ default "Always" .Values.frontend.imagePullPolicy }}
+          env:
+            - name: BACKEND_URL
+              value: "http://{{ .Release.Name }}-rctool"
+            - name: LOG_LEVEL
+              value: "info"
+          ports:
+            - name: http
+              containerPort: 3000
+              protocol: TCP
+          readinessProbe:
+            httpGet:
+              path: /rctool
+              port: 3000
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            timeoutSeconds: 2
+            successThreshold: 1
+            failureThreshold: 30
+          #-- the liveness probe for the container. it is optional and is an object. for default values check this link: https://github.com/bcgov/helm-service/blob/main/charts/component/templates/deployment.yaml#L324-L328
+          livenessProbe:
+            successThreshold: 1
+            failureThreshold: 3
+            httpGet:
+              path: /rctool
+              port: 3000
+              scheme: HTTP
+            initialDelaySeconds: 15
+            periodSeconds: 30
+            timeoutSeconds: 5
+          resources:
+            limits:
+              cpu: 50m
+              memory: 60Mi
+            requests:
+              cpu: 10m
+              memory: 20Mi
+      affinity:
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            - labelSelector:
+                matchExpressions:
+                  - key: app.kubernetes.io/name
+                    operator: In
+                    values:
+                      - {{ include "frontend.fullname" . }}
+                  - key: app.kubernetes.io/instance
+                    operator: In
+                    values:
+                      - {{ .Release.Name }}
+              topologyKey: "kubernetes.io/hostname"
+
+{{- end }}