From f5239aa8ae7a0f551f1f0bde691af742571a08cb Mon Sep 17 00:00:00 2001
From: Kuan Fan <31664961+kuanfandevops@users.noreply.github.com>
Date: Fri, 13 Aug 2021 14:08:06 -0700
Subject: [PATCH] Update configmap and add staging config (#1776)

---
 .pipeline/lib/config.js                       |   6 +-
 ...low-postgresql-staging-accept-backend.yaml |  42 +++++
 .../templates/postgresql-staging/Readme.md    |   6 +
 .../postgresql-staging/postgresql-dc.yaml     | 153 ++++++++++++++++++
 .../postgresql-staging-secret.yaml            |  20 +++
 5 files changed, 224 insertions(+), 3 deletions(-)
 create mode 100644 openshift-v4/templates/knp/knp-test-allow-postgresql-staging-accept-backend.yaml
 create mode 100644 openshift-v4/templates/postgresql-staging/Readme.md
 create mode 100644 openshift-v4/templates/postgresql-staging/postgresql-dc.yaml
 create mode 100644 openshift-v4/templates/postgresql-staging/postgresql-staging-secret.yaml

diff --git a/.pipeline/lib/config.js b/.pipeline/lib/config.js
index 4343ee175..d23706fe6 100644
--- a/.pipeline/lib/config.js
+++ b/.pipeline/lib/config.js
@@ -68,9 +68,9 @@ const phases = {
   prod: {namespace:'0ab226-prod'    , name: `${name}`, phase: 'prod'  , changeId:changeId, suffix: `-prod`  , 
         instance: `${name}-prod`  , version:`${version}`, tag:`prod-${version}`,
         frontendCpuRequest: '200m', frontendCpuLimit: '700m', frontendMemoryRequest: '300M', frontendMemoryLimit: '4G', frontendReplicas: 2,
-            frontendKeycloakAuthority: 'https://oidc.gov.bc.ca/auth/realms/tfrs', frontendKeycloakClientId: 'tfrs', frontendKeycloakCallbackUrl: `https://tfrs-frontend-prod.${ocpName}.gov.bc.ca/authCallback`,
-            frontendKeycloakLogoutUrl: `https://logon7.gov.bc.ca/clp-cgi/logoff.cgi?returl=https://tfrs-frontend-prod.${ocpName}.gov.bc.ca`, 
-            frontendHost: `tfrs-frontend-prod.${ocpName}.gov.bc.ca`,
+            frontendKeycloakAuthority: 'https://oidc.gov.bc.ca/auth/realms/tfrs', frontendKeycloakClientId: 'tfrs', frontendKeycloakCallbackUrl: 'https://lowcarbonfuels.gov.bc.ca/authCallback',
+            frontendKeycloakLogoutUrl: 'https://logon7.gov.bc.ca/clp-cgi/logoff.cgi?returl=https://lowcarbonfuels.gov.bc.ca&retnow=1', 
+            frontendHost: 'lowcarbonfuels.gov.bc.ca',
             frontendCpuRequest: '200m', frontendCpuLimit: '500m', frontendMemoryRequest: '250Mi', frontendMemoryLimit: '500Mi',
         backendCpuRequest: '300m', backendCpuLimit: '600m', backendMemoryRequest: '1Gi', backendMemoryLimit: '2Gi', backendHealthCheckDelay: 30, 
             backendHost: `tfrs-backend-prod.${ocpName}.gov.bc.ca`, backendReplicas: 2,
diff --git a/openshift-v4/templates/knp/knp-test-allow-postgresql-staging-accept-backend.yaml b/openshift-v4/templates/knp/knp-test-allow-postgresql-staging-accept-backend.yaml
new file mode 100644
index 000000000..c74e88e9b
--- /dev/null
+++ b/openshift-v4/templates/knp/knp-test-allow-postgresql-staging-accept-backend.yaml
@@ -0,0 +1,42 @@
+---
+apiVersion: template.openshift.io/v1
+kind: Template
+labels:
+  template: tfrs-network-policy
+metadata:
+  name: tfrs-network-policy
+objects:
+  - apiVersion: networking.k8s.io/v1
+    kind: NetworkPolicy
+    metadata:
+      name: allow-postgresql-staging-accepts-backend
+    spec:
+      ## Allow minio to accept communication from nagios
+      podSelector:
+        matchLabels:
+          name: postgresql10
+      ingress:
+        - from:
+            - podSelector:
+                matchLabels:
+                  name: tfrs-backend-test
+          ports:
+            - protocol: TCP
+              port: 5432           
+  - apiVersion: networking.k8s.io/v1
+    kind: NetworkPolicy
+    metadata:
+      name: allow-postgresql-staging-accepts-backendmid
+    spec:
+      ## Allow patroni to accept communications from backend mid lifecycle pod
+      podSelector:
+        matchLabels:
+          name: postgresql10
+      ingress:
+        - from:
+            - podSelector:
+                matchLabels:
+                  openshift.io/deployer-pod.type: hook-mid
+          ports:
+            - protocol: TCP
+              port: 5432              
\ No newline at end of file
diff --git a/openshift-v4/templates/postgresql-staging/Readme.md b/openshift-v4/templates/postgresql-staging/Readme.md
new file mode 100644
index 000000000..643c8bfa7
--- /dev/null
+++ b/openshift-v4/templates/postgresql-staging/Readme.md
@@ -0,0 +1,6 @@
+The instructions here are to create postgresql staging database and deploy on Test  
+
+1. Create staging secrets
+
+2. Deploy staging database, pvcs and services.
+
diff --git a/openshift-v4/templates/postgresql-staging/postgresql-dc.yaml b/openshift-v4/templates/postgresql-staging/postgresql-dc.yaml
new file mode 100644
index 000000000..8bacf88ec
--- /dev/null
+++ b/openshift-v4/templates/postgresql-staging/postgresql-dc.yaml
@@ -0,0 +1,153 @@
+---
+kind: Template
+apiVersion: v1
+labels:
+  template: tfrs-postgresql-persistent-template
+metadata:
+  name: postgresql-dc
+  creationTimestamp:
+objects:
+- kind: Service
+  apiVersion: v1
+  metadata:
+    name: postgresql
+    annotations:
+      template.openshift.io/expose-uri: postgres://{.spec.clusterIP}:{.spec.ports[?(.name=="postgresql")].port}
+  spec:
+    ports:
+    - name: postgresql
+      protocol: TCP
+      port: 5432
+      targetPort: 5432
+    selector:
+      name: postgresql10
+    type: ClusterIP
+    sessionAffinity: None
+  status:
+    loadBalancer: {}
+- apiVersion: v1
+  kind: PersistentVolumeClaim
+  metadata:
+    name: postgresql10
+    annotations:
+      volume.beta.kubernetes.io/storage-class: netapp-block-standard
+      template.openshift.io.bcgov/create: 'true'
+  spec:
+    accessModes:
+    - ReadWriteOnce
+    resources:
+      requests:
+        storage: 2Gi
+- apiVersion: v1
+  kind: PersistentVolumeClaim
+  metadata:
+    name: postgresql10-backup
+    annotations:
+      volume.beta.kubernetes.io/storage-class: netapp-file-standard
+      template.openshift.io.bcgov/create: 'true'
+  spec:
+    accessModes:
+    - ReadWriteMany
+    resources:
+      requests:
+        storage: 2Gi        
+- kind: DeploymentConfig
+  apiVersion: v1
+  metadata:
+    annotations:
+      template.alpha.openshift.io/wait-for-ready: 'true'
+    name: postgresql10
+  spec:
+    replicas: 1
+    strategy:
+      type: Recreate
+    triggers:
+    - type: ImageChange
+      imageChangeParams:
+        automatic: true
+        containerNames:
+        - postgresql10
+        from:
+          kind: ImageStreamTag
+          namespace: openshift
+          name: postgresql:10
+    - type: ConfigChange
+    test: false
+    selector:
+      name: postgresql10
+    template:
+      metadata:
+        creationTimestamp:
+        labels:
+          name: postgresql10
+      spec:
+        volumes:
+        - name: postgresql-data
+          persistentVolumeClaim:
+            claimName: postgresql10
+        - name: postgresql-backup
+          persistentVolumeClaim:
+            claimName: postgresql10-backup
+        containers:
+        - name: postgresql10
+          image: " "
+          ports:
+          - containerPort: 5432
+            protocol: TCP
+          env:
+          - name: POSTGRESQL_DATABASE
+            value: tfrs
+          - name: POSTGRESQL_USER
+            valueFrom:
+              secretKeyRef:
+                name: tfrs-postgresql-staging
+                key: app-db-username
+          - name: POSTGRESQL_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: tfrs-postgresql-staging
+                key: app-db-password
+          resources:
+            request:
+              cpu: 300m
+              memory: 500Mi
+            limits:
+              cpu: 500m
+              memory: 1Gi
+          volumeMounts:
+          - name: postgresql-data
+            mountPath: "/var/lib/pgsql/data"
+          - name: postgresql-backup
+            mountPath: "/postgresql-backup"  
+          livenessProbe:
+            tcpSocket:
+              port: 5432
+            initialDelaySeconds: 30
+            timeoutSeconds: 1
+            periodSeconds: 10
+            successThreshold: 1
+            failureThreshold: 3
+          readinessProbe:
+            exec:
+              command:
+              - "/bin/sh"
+              - "-i"
+              - "-c"
+              - psql -h 127.0.0.1 -U $POSTGRESQL_USER -q -d tfrs -c 'SELECT 1'
+            initialDelaySeconds: 5
+            timeoutSeconds: 1
+            periodSeconds: 10
+            successThreshold: 1
+            failureThreshold: 3
+          terminationMessagePath: "/dev/termination-log"
+          terminationMessagePolicy: File
+          imagePullPolicy: IfNotPresent
+          securityContext:
+            capabilities: {}
+            privileged: false
+        restartPolicy: Always
+        terminationGracePeriodSeconds: 30
+        dnsPolicy: ClusterFirst
+        securityContext: {}
+        schedulerName: default-scheduler
+  status: {}
diff --git a/openshift-v4/templates/postgresql-staging/postgresql-staging-secret.yaml b/openshift-v4/templates/postgresql-staging/postgresql-staging-secret.yaml
new file mode 100644
index 000000000..f7444e3ca
--- /dev/null
+++ b/openshift-v4/templates/postgresql-staging/postgresql-staging-secret.yaml
@@ -0,0 +1,20 @@
+apiVersion: template.openshift.io/v1
+kind: Template
+metadata:
+  annotations:
+    description: |-
+      postgresql10 staging database
+objects:
+# move ServiceAccount and Role to here, otherwise image pulled may fail because ServiceAccount hasn't been created
+- apiVersion: v1
+  kind: Secret
+  metadata:
+    name: tfrs-postgresql-staging
+  stringData:
+    replication-username: <from prod>
+    replication-password: <from prod>
+    superuser-username: <from prod>
+    superuser-password: <from prod>
+    app-db-name: <from prod>
+    app-db-username: <from prod>
+    app-db-password: <from prod>
\ No newline at end of file