Add one env file and radixconfig file for each env (#1150)

* Add one env file and radixconfig file for each env

* same oauth client id in frontend and oauth2

* remove old envconfig

* fix public port

* fix generate

* add pr test

* fix space

* fix space

.env.c2

@@ -0,0 +1,3 @@
+export AZURE_CLIENT_ID=8186a108-135d-478e-af97-e200cb238757
+export OAUTH2_REDIS_QA_HOSTNAME=radix-c2-qa.redis.cache.windows.net
+export OAUTH2_REDIS_PROD_HOSTNAME=radix-c2-prod.redis.cache.windows.net

.env.dev

@@ -0,0 +1,3 @@
+export AZURE_CLIENT_ID=5687b237-eda3-4ec3-a2a1-023e85a2bd84
+export OAUTH2_REDIS_QA_HOSTNAME=radix-dev-qa.redis.cache.windows.net
+export OAUTH2_REDIS_PROD_HOSTNAME=radix-dev-prod.redis.cache.windows.net

.env.platform

@@ -0,0 +1,3 @@
+export AZURE_CLIENT_ID=a593a59c-8f76-490e-937b-a90779039a90
+export OAUTH2_REDIS_QA_HOSTNAME=radix-platform-qa.redis.cache.windows.net
+export OAUTH2_REDIS_PROD_HOSTNAME=radix-platform-prod.redis.cache.windows.net

.env.playground

@@ -0,0 +1,3 @@
+export AZURE_CLIENT_ID=a593a59c-8f76-490e-937b-a90779039a90
+export OAUTH2_REDIS_QA_HOSTNAME=radix-playground-qa.redis.cache.windows.net
+export OAUTH2_REDIS_PROD_HOSTNAME=radix-playground-prod.redis.cache.windows.net

.github/workflows/radix-web-console-pr.yml

@@ -11,7 +11,7 @@ jobs:
     - uses: actions/checkout@v4
     - name: Build docker image
       env:
-        REF: ${{ github. sha }}
+        REF: ${{ github.sha }}
       run: docker build -t radix-web-console:${REF##*/} .
 
   test:
@@ -53,11 +53,27 @@ jobs:
   validate-radixconfig:
     name: Test RadixConfig
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        env:
+          - dev
+          - c2
+          - playground
+          - platform
     steps:
       - name: 'Fake TOKEN FOR RADIX CLI'
         run: echo "APP_SERVICE_ACCOUNT_TOKEN=dummy" >> $GITHUB_ENV
       - uses: actions/checkout@v4
       - name: 'Validate'
         uses: equinor/radix-github-actions@v1
         with:
-          args: validate radix-config --config-file radixconfig.yaml
+          args: validate radix-config --config-file radixconfig.${{matrix.env}}.yaml
+
+  verify-code-generation:
+    name: Verify Code Generation
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Verify Code Generation
+        run: |
+          make verify-generate

Makefile

@@ -71,3 +71,17 @@ run-mac-rebuild:
 down:
 	docker compose down
 
+.PHONY: radixconfigs
+radixconfigs: SHELL:=/bin/bash
+radixconfigs:
+	source .env.dev; envsubst < radixconfig.tpl.yaml > radixconfig.dev.yaml
+	source .env.c2; envsubst < radixconfig.tpl.yaml > radixconfig.c2.yaml
+	source .env.platform; envsubst < radixconfig.tpl.yaml > radixconfig.platform.yaml
+	source .env.playground; envsubst < radixconfig.tpl.yaml > radixconfig.playground.yaml
+
+.PHONY: generate
+generate: radixconfigs
+
+.PHONY: verify-generate
+verify-generate: generate
+	git diff --exit-code

docker-compose.yml

@@ -48,6 +48,8 @@ services:
       - radix
     ports:
       - "8080:8080"
+    depends_on:
+      - auth
 
   auth:
     image: quay.io/oauth2-proxy/oauth2-proxy:v7.7.1
@@ -70,7 +72,7 @@ services:
       - OAUTH2_PROXY_PROVIDER=oidc
       - OAUTH2_PROXY_REDIRECT_URL=http://localhost:8000/oauth2/callback
       - OAUTH2_PROXY_REDIS_CONNECTION_URL=redis://auth-state:6379
-      - OAUTH2_PROXY_SCOPE=openid profile offline_access ${API_RESOURCE_ID}/user.read email # offline_access scope needed to get refresh token: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow#successful-response-1
+      - OAUTH2_PROXY_SCOPE=openid profile offline_access 6dae42f8-4368-4678-94ff-3960e28e3630/user.read email # offline_access scope needed to get refresh token: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow#successful-response-1
       - OAUTH2_PROXY_SESSION_STORE_TYPE=redis
       - OAUTH2_PROXY_SKIP_PROVIDER_BUTTON=true
       - OAUTH2_PROXY_UPSTREAMS=http://proxy:8080

radixconfig.c2.yaml

@@ -0,0 +1,90 @@
+apiVersion: radix.equinor.com/v1
+kind: RadixApplication
+metadata:
+  name: radix-web-console
+spec:
+  build:
+    useBuildKit: true
+  environments:
+    - name: qa
+      build:
+        from: master
+    - name: prod
+      build:
+        from: release
+  components:
+    - name: web
+      readOnlyFileSystem: true
+      volumeMounts:
+        - name: tmp
+          path: /tmp
+          emptyDir:
+            sizeLimit: 1M
+        - name: nginxconfd
+          path: /etc/nginx/conf.d
+          emptyDir:
+            sizeLimit: 1M
+        - name: wwwconfig
+          path: /app/config
+          emptyDir:
+            sizeLimit: 1M
+      src: "."
+      ports:
+        - name: http
+          port: 8080
+      publicPort: http
+      runtime:
+        architecture: arm64
+      variables:
+        CLUSTER_EGRESS_IPS: undefined # Comma separated list of IPs of all Public IP Prefixes assigned to the ClusterType (production, playground, development)
+        CLUSTER_INGRESS_IPS: undefined # Comma separated list of IPs of all Public IP Prefixes assigned to the ClusterType (production, playground, development)
+        OAUTH2_AUTHORITY: "https://login.microsoftonline.com/3aa4a235-b6e2-48d5-9195-7fcf05b459b0"
+        SERVICENOW_PROXY_SCOPES: "1b4a22f1-d4a1-4b6a-81b2-fd936daf1786/Application.Read" # scopes must be seperated by comma
+        CLUSTER_OIDC_ISSUER_URL: ""
+        CMDB_CI_URL: "https://equinor.service-now.com/selfservice?id=form&table=cmdb_ci_business_app&sys_id={CIID}"
+        OAUTH2_CLIENT_ID: "8186a108-135d-478e-af97-e200cb238757"
+      authentication:
+        oauth2:
+          clientId: "8186a108-135d-478e-af97-e200cb238757"
+          scope: "openid profile offline_access 6dae42f8-4368-4678-94ff-3960e28e3630/user.read email"
+          setXAuthRequestHeaders: true
+          setAuthorizationHeader: true
+          sessionStoreType: redis
+          redisStore:
+            connectionUrl: rediss://radix-c2-qa.redis.cache.windows.net:6380
+      environmentConfig:
+        - environment: qa
+          resources:
+            requests:
+              cpu: "20m"
+              memory: "50Mi"
+            limits:
+              cpu: "50m"
+              memory: "50Mi"
+          horizontalScaling:
+            maxReplicas: 1
+            minReplicas: 0
+            triggers:
+              - name: cron
+                cron:
+                  timezone: Europe/Oslo
+                  start: 0 7 * * 1-5 # 07:00 Monday - Friday
+                  end: 0 17 * * 1-5 # 17:00 Monday - Friday
+                  desiredReplicas: 1
+        - environment: prod
+          replicas: 2
+          resources:
+            requests:
+              cpu: "50m"
+              memory: "50Mi"
+            limits:
+              cpu: "100m"
+              memory: "50Mi"
+        - environment: prod
+          resources:
+            requests:
+              cpu: "50m"
+              memory: "100Mi"
+            limits:
+              cpu: "100m"
+              memory: "100Mi"

radixconfig.dev.yaml

@@ -0,0 +1,90 @@
+apiVersion: radix.equinor.com/v1
+kind: RadixApplication
+metadata:
+  name: radix-web-console
+spec:
+  build:
+    useBuildKit: true
+  environments:
+    - name: qa
+      build:
+        from: master
+    - name: prod
+      build:
+        from: release
+  components:
+    - name: web
+      readOnlyFileSystem: true
+      volumeMounts:
+        - name: tmp
+          path: /tmp
+          emptyDir:
+            sizeLimit: 1M
+        - name: nginxconfd
+          path: /etc/nginx/conf.d
+          emptyDir:
+            sizeLimit: 1M
+        - name: wwwconfig
+          path: /app/config
+          emptyDir:
+            sizeLimit: 1M
+      src: "."
+      ports:
+        - name: http
+          port: 8080
+      publicPort: http
+      runtime:
+        architecture: arm64
+      variables:
+        CLUSTER_EGRESS_IPS: undefined # Comma separated list of IPs of all Public IP Prefixes assigned to the ClusterType (production, playground, development)
+        CLUSTER_INGRESS_IPS: undefined # Comma separated list of IPs of all Public IP Prefixes assigned to the ClusterType (production, playground, development)
+        OAUTH2_AUTHORITY: "https://login.microsoftonline.com/3aa4a235-b6e2-48d5-9195-7fcf05b459b0"
+        SERVICENOW_PROXY_SCOPES: "1b4a22f1-d4a1-4b6a-81b2-fd936daf1786/Application.Read" # scopes must be seperated by comma
+        CLUSTER_OIDC_ISSUER_URL: ""
+        CMDB_CI_URL: "https://equinor.service-now.com/selfservice?id=form&table=cmdb_ci_business_app&sys_id={CIID}"
+        OAUTH2_CLIENT_ID: "5687b237-eda3-4ec3-a2a1-023e85a2bd84"
+      authentication:
+        oauth2:
+          clientId: "5687b237-eda3-4ec3-a2a1-023e85a2bd84"
+          scope: "openid profile offline_access 6dae42f8-4368-4678-94ff-3960e28e3630/user.read email"
+          setXAuthRequestHeaders: true
+          setAuthorizationHeader: true
+          sessionStoreType: redis
+          redisStore:
+            connectionUrl: rediss://radix-dev-qa.redis.cache.windows.net:6380
+      environmentConfig:
+        - environment: qa
+          resources:
+            requests:
+              cpu: "20m"
+              memory: "50Mi"
+            limits:
+              cpu: "50m"
+              memory: "50Mi"
+          horizontalScaling:
+            maxReplicas: 1
+            minReplicas: 0
+            triggers:
+              - name: cron
+                cron:
+                  timezone: Europe/Oslo
+                  start: 0 7 * * 1-5 # 07:00 Monday - Friday
+                  end: 0 17 * * 1-5 # 17:00 Monday - Friday
+                  desiredReplicas: 1
+        - environment: prod
+          replicas: 2
+          resources:
+            requests:
+              cpu: "50m"
+              memory: "50Mi"
+            limits:
+              cpu: "100m"
+              memory: "50Mi"
+        - environment: prod
+          resources:
+            requests:
+              cpu: "50m"
+              memory: "100Mi"
+            limits:
+              cpu: "100m"
+              memory: "100Mi"