Skip to content

Commit

Permalink
HOSTSD-305 Configure PROD (#114)
Browse files Browse the repository at this point in the history
  • Loading branch information
@Fosol
Fosol authored Mar 13, 2024
1 parent 57bdcad commit f11670c
Show file tree
Hide file tree
Showing 20 changed files with 652 additions and 24 deletions.
2 changes: 2 additions & 0 deletions devops/kustomize/base/api/network-policy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,8 @@ spec:
- to:
- ipBlock:
cidr: 10.99.8.2/32
- ipBlock:
cidr: 10.99.8.9/32
ports:
- port: 5432
protocol: TCP
Expand Down
2 changes: 1 addition & 1 deletion devops/kustomize/base/database/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

resources:
# - statefulset.yaml
- statefulset.yaml
- network-policy.yaml
2 changes: 2 additions & 0 deletions devops/kustomize/base/database/network-policy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@ spec:
- to:
- ipBlock:
cidr: 10.99.8.2/32
- ipBlock:
cidr: 10.99.8.9/32
ports:
- port: 5432
protocol: TCP
Expand Down
149 changes: 149 additions & 0 deletions devops/kustomize/base/jobs/data-service.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,149 @@
kind: Job
apiVersion: batch/v1
metadata:
name: data-service
generateName: data-service-
namespace: default
labels:
managed-by: kustomize
name: data-service
DataClass: Low
part-of: hsb
version: 1.0.0
created-by: jeremy.foster
component: service
spec:
parallelism: 1
completions: 1
backoffLimit: 6
# selector:
# matchLabels:
# controller-uid: 3670f1e1-3414-4009-829f-bf4a4fdbbca7
template:
metadata:
creationTimestamp: null
labels:
managed-by: kustomize
name: data-service
DataClass: Low
part-of: hsb
version: 1.0.0
created-by: jeremy.foster
component: service
spec:
containers:
- name: data-service
image: >-
image-registry.apps.emerald.devops.gov.bc.ca/e89443-tools/data-service:dev
env:
# - name: Service__Actions__0
# value: clean-organizations
- name: Logging__LogLevel__HSB
value: Debug
- name: HTTP_PROXY
value: "http://swpxkam.gov.bc.ca:8080"
- name: HTTPS_PROXY
value: "http://swpxkam.gov.bc.ca:8080"
- name: NO_PROXY
value: >-
.cluster.local,.svc,10.91.0.0/16,172.30.0.0/16,127.0.0.1,localhost,.gov.bc.ca,api
- name: Keycloak__Authority
valueFrom:
configMapKeyRef:
name: keycloak
key: KEYCLOAK_AUTHORITY
- name: Keycloak__Audience
valueFrom:
configMapKeyRef:
name: keycloak
key: KEYCLOAK_AUDIENCE
- name: Keycloak__Issuer
valueFrom:
configMapKeyRef:
name: keycloak
key: KEYCLOAK_ISSUER
- name: Keycloak__Secret
valueFrom:
secretKeyRef:
name: keycloak
key: KEYCLOAK_CLIENT_SECRET
- name: Service__ApiUrl
valueFrom:
configMapKeyRef:
name: data-service
key: API_URL
- name: ServiceNow__ApiUrl
valueFrom:
secretKeyRef:
name: service-now
key: URL
- name: ServiceNow__Instance
valueFrom:
secretKeyRef:
name: service-now
key: INSTANCE
- name: ServiceNow__Username
valueFrom:
secretKeyRef:
name: service-now
key: USERNAME
- name: ServiceNow__Password
valueFrom:
secretKeyRef:
name: service-now
key: PASSWORD
- name: CHES__AuthUrl
valueFrom:
configMapKeyRef:
name: ches
key: AUTH_URL
- name: CHES__HostUri
valueFrom:
configMapKeyRef:
name: ches
key: HOST_URI
- name: CHES__From
valueFrom:
configMapKeyRef:
name: ches
key: FROM
- name: CHES__OverrideTo
valueFrom:
configMapKeyRef:
name: ches
key: TO
- name: CHES__EmailEnabled
valueFrom:
configMapKeyRef:
name: ches
key: EMAIL_ENABLED
- name: CHES__EmailAuthorized
valueFrom:
configMapKeyRef:
name: ches
key: EMAIL_AUTHORIZED
- name: CHES__Username
valueFrom:
secretKeyRef:
name: ches
key: USERNAME
- name: CHES__Password
valueFrom:
secretKeyRef:
name: ches
key: PASSWORD
resources:
limits:
cpu: 100m
memory: 1Gi
requests:
cpu: 50m
memory: 120Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: Always
restartPolicy: OnFailure
terminationGracePeriodSeconds: 30
dnsPolicy: ClusterFirst
securityContext: {}
schedulerName: default-scheduler
6 changes: 6 additions & 0 deletions devops/kustomize/base/jobs/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

resources:
- data-service.yaml
16 changes: 16 additions & 0 deletions devops/kustomize/overlays/dev/jobs/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: e89443-dev

resources:
- ../../../base/jobs

patches:
- target:
kind: Job
name: data-service
patch: |-
- op: replace
path: /spec/template/spec/containers/0/image
value: image-registry.apps.emerald.devops.gov.bc.ca/e89443-tools/data-service:dev
16 changes: 16 additions & 0 deletions devops/kustomize/overlays/dev/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,22 @@ patches:
- op: replace
path: /data/CSS_AUTHORITY
value: https://loginproxy.gov.bc.ca
- target:
kind: ConfigMap
name: ches
patch: |-
- op: replace
path: /data/AUTH_URL
value: https://dev.loginproxy.gov.bc.ca/auth/realms/comsvcauth/protocol/openid-connect/token
- op: replace
path: /data/HOST_URI
value: https://ches-dev.api.gov.bc.ca/api/v1
- op: replace
path: /data/FROM
value: (DEV) Hosting Service Dashboard <[email protected]>
- op: replace
path: /data/TO
value: [email protected]
- target:
kind: ConfigMap
name: dashboard
Expand Down
78 changes: 78 additions & 0 deletions devops/kustomize/overlays/prod/api/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: e89443-prod

resources:
- ../../secrets/prod
- ../../../base/api
- ../../../base/config

patches:
- target:
kind: ConfigMap
name: keycloak
patch: |-
- op: replace
path: /data/KEYCLOAK_DEBUG
value: "false"
- op: replace
path: /data/KEYCLOAK_AUTHORITY
value: https://loginproxy.gov.bc.ca/auth/realms/standard
- op: replace
path: /data/KEYCLOAK_AUDIENCE
value: hsb-dashboard-5128
- op: replace
path: /data/KEYCLOAK_ISSUER
value: hsb-dashboard-5128
- target:
kind: ConfigMap
name: css
patch: |-
- op: replace
path: /data/CSS_ENVIRONMENT
value: prod
- op: replace
path: /data/CSS_API_URL
value: https://api.loginproxy.gov.bc.ca
- op: replace
path: /data/CSS_AUTHORITY
value: https://loginproxy.gov.bc.ca
- target:
kind: Route
name: api
patch: |-
- op: replace
path: /spec/host
value: api-hsb.apps.emerald.devops.gov.bc.ca
# - target:
# kind: Route
# name: api-tls
# patch: |-
# - op: replace
# path: /spec/host
# value: api.hsb.gov.bc.ca

- target:
kind: DeploymentConfig
name: api
patch: |-
- op: replace
path: /spec/replicas
value: 3
- op: replace
path: /spec/template/spec/containers/0/resources/requests/cpu
value: 50m
- op: replace
path: /spec/template/spec/containers/0/resources/requests/memory
value: 500Mi
- op: replace
path: /spec/template/spec/containers/0/resources/limits/cpu
value: 100m
- op: replace
path: /spec/template/spec/containers/0/resources/limits/memory
value: 1500Mi
- op: replace
path: /spec/triggers/1/imageChangeParams/from/name
value: api:prod
85 changes: 85 additions & 0 deletions devops/kustomize/overlays/prod/app/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,85 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: e89443-prod

resources:
- ../../secrets/prod
- ../../../base/app
- ../../../base/config

patches:
- target:
kind: ConfigMap
name: keycloak
patch: |-
- op: replace
path: /data/KEYCLOAK_DEBUG
value: "false"
- op: replace
path: /data/KEYCLOAK_AUTHORITY
value: https://loginproxy.gov.bc.ca/auth/realms/standard
- op: replace
path: /data/KEYCLOAK_AUDIENCE
value: hsb-dashboard-5128
- op: replace
path: /data/KEYCLOAK_ISSUER
value: hsb-dashboard-5128
- target:
kind: ConfigMap
name: css
patch: |-
- op: replace
path: /data/CSS_ENVIRONMENT
value: prod
- op: replace
path: /data/CSS_API_URL
value: https://api.loginproxy.gov.bc.ca
- op: replace
path: /data/CSS_AUTHORITY
value: https://loginproxy.gov.bc.ca
- target:
kind: ConfigMap
name: dashboard
patch: |-
- op: replace
path: /data/NEXTAUTH_URL
value: https://hsb.apps.emerald.devops.gov.bc.ca
- target:
kind: Route
name: dashboard
patch: |-
- op: replace
path: /spec/host
value: hsb.apps.emerald.devops.gov.bc.ca
# - target:
# kind: Route
# name: dashboard-tls
# patch: |-
# - op: replace
# path: /spec/host
# value: hsb.gov.bc.ca

- target:
kind: DeploymentConfig
name: dashboard
patch: |-
- op: replace
path: /spec/replicas
value: 3
- op: replace
path: /spec/template/spec/containers/0/resources/requests/cpu
value: 50m
- op: replace
path: /spec/template/spec/containers/0/resources/requests/memory
value: 100Mi
- op: replace
path: /spec/template/spec/containers/0/resources/limits/cpu
value: 100m
- op: replace
path: /spec/template/spec/containers/0/resources/limits/memory
value: 250Mi
- op: replace
path: /spec/triggers/1/imageChangeParams/from/name
value: dashboard:prod
Loading

0 comments on commit f11670c

Please sign in to comment.