diff --git a/backend/Dockerfile b/backend/Dockerfile index 7ad650e8..a04f7ebb 100644 --- a/backend/Dockerfile +++ b/backend/Dockerfile @@ -9,8 +9,7 @@ COPY .mvn/ ./.mvn COPY InstallCert.java . # Build -RUN ./mvnw package -Pnative -DskipTests -Dskip.unit.tests=true -Dspring-boot.run.profiles=prod && \ - javac InstallCert.java +RUN ./mvnw package -Pnative -DskipTests -Dskip.unit.tests=true -Dspring-boot.run.profiles=prod ### Deployer FROM eclipse-temurin:17.0.12_7-jdk-jammy AS deploy diff --git a/backend/dockerfile-entrypoint.sh b/backend/dockerfile-entrypoint.sh index 808f7f1c..7f12c54f 100755 --- a/backend/dockerfile-entrypoint.sh +++ b/backend/dockerfile-entrypoint.sh @@ -1,9 +1,5 @@ #!/bin/sh -java -cp /app/artifacts/ InstallCert --quiet "${DATABASE_HOST}:${DATABASE_PORT}" -keytool -exportcert -alias "${DATABASE_HOST}-1" -keystore jssecacerts -storepass changeit -file oracle.cer -keytool -importcert -alias orakey -noprompt -cacerts -storepass changeit -file oracle.cer - java \ -Djava.security.egd=file:/dev/./urandom \ ${JAVA_OPTS} \ diff --git a/backend/openshift.deploy.yml b/backend/openshift.deploy.yml index 469dc056..2a56251c 100644 --- a/backend/openshift.deploy.yml +++ b/backend/openshift.deploy.yml @@ -85,7 +85,23 @@ parameters: description: Random expression to make sure deployments update from: "[a-zA-Z0-9]{32}" generate: expression + - name: CERT_PVC_SIZE + description: The amount of storage the cert PVC should have + value: 25Mi objects: + - kind: PersistentVolumeClaim + apiVersion: v1 + metadata: + labels: + app: ${NAME}-${ZONE} + name: ${NAME}-${ZONE}-${COMPONENT} + spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: ${CERT_PVC_SIZE} + storageClassName: netapp-file-standard - apiVersion: apps/v1 kind: Deployment metadata: @@ -105,6 +121,30 @@ objects: app: "${NAME}-${ZONE}" deployment: "${NAME}-${ZONE}-${COMPONENT}" spec: + initContainers: + - name: ${NAME}-${ZONE}-init + image: ${REGISTRY}/bcgov/nr-forest-client-commons/certextractor:0.2.12 + imagePullPolicy: Always + env: + - name: ORACLEDB_HOST + value: ${DATABASE_HOST} + - name: ORACLEDB_SECRET + valueFrom: + secretKeyRef: + name: ${NAME}-${ZONE}-${COMPONENT} + key: oracle-secret + - name: ORACLEDB_PORT + value: ${DATABASE_PORT} + volumeMounts: + - name: ${NAME}-${ZONE}-certs + mountPath: /cert + resources: + limits: + cpu: ${CPU_LIMIT} + memory: ${MEMORY_LIMIT} + requests: + cpu: ${CPU_REQUEST} + memory: ${MEMORY_REQUEST} containers: - name: ${NAME}-${ZONE} image: ${REGISTRY}/${ORG}/${NAME}/${COMPONENT}:${TAG} @@ -112,6 +152,8 @@ objects: volumeMounts: - name: ${NAME}-${ZONE}-fluentbit-logs mountPath: /logs + - name: ${NAME}-${ZONE}-certs + mountPath: /cert env: - name: JAVA_OPTS value: "-Xms256m" @@ -156,8 +198,13 @@ objects: secretKeyRef: name: ${NAME}-${ZONE}-${COMPONENT} key: oracle-password + - name: ORACLEDB_SECRET + valueFrom: + secretKeyRef: + name: ${NAME}-${ZONE}-${COMPONENT} + key: oracle-secret - name: ORACLEDB_KEYSTORE - value: ${ORACLEDB_KEYSTORE} + value: /cert/jssecacerts - name: POSTGRES_HOST value: ${NAME}-${ZONE}-database - name: POSTGRES_DB @@ -208,6 +255,9 @@ objects: - name: ${NAME}-${ZONE}-fluentbit-logs persistentVolumeClaim: claimName: ${NAME}-${ZONE}-fluentbit-logs + - name: ${NAME}-${ZONE}-certs + persistentVolumeClaim: + claimName: ${NAME}-${ZONE}-${COMPONENT} - apiVersion: v1 kind: Service metadata: diff --git a/common/openshift.init.yml b/common/openshift.init.yml index a5885821..2ee14de5 100644 --- a/common/openshift.init.yml +++ b/common/openshift.init.yml @@ -25,6 +25,9 @@ parameters: - name: ORACLE_DB_PASSWORD description: Oracle database password for API required: true + - name: ORACLEDB_SECRET + description: Oracle database keystore secret/password + value: changeit - name: PG_DATABASE description: Postgres database name value: database @@ -56,7 +59,9 @@ objects: stringData: oracle-user: ${ORACLE_DB_USER} oracle-password: ${ORACLE_DB_PASSWORD} + oracle-secret: ${ORACLEDB_SECRET} forest-client-api-key: ${FORESTCLIENTAPI_KEY} + - apiVersion: v1 kind: Secret metadata: