Skip to content

Commit

Permalink
chore(ci): Update resourcing and add network policies for successful …
Browse files Browse the repository at this point in the history 
…deploy. (#81)

Co-authored-by: Fergus MacConnell WLRS:EX <[email protected]>
  • Loading branch information
@PaulGarewal @fergmac
PaulGarewal and fergmac authored Oct 17, 2024
1 parent 0d2179d commit 7f11ad7
Show file tree
Hide file tree
Showing 5 changed files with 67 additions and 35 deletions.
11 changes: 9 additions & 2 deletions .github/workflows/.deploy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,10 @@ jobs:
-p DJANGO_SECRET_KEY=${{ secrets.DJANGO_SECRET_KEY }}
-p E_LICENSING_AUTH_USERNAME=${{ secrets.E_LICENSING_AUTH_USERNAME }}
-p E_LICENSING_AUTH_PASSWORD=${{ secrets.E_LICENSING_AUTH_PASSWORD }}
-p PG_MODE=${{ vars.PG_MODE }}
-p PG_PRIMARY_PASSWORD=${{ secrets.PG_PRIMARY_PASSWORD }}
-p PG_PRIMARY_USER=${{ secrets.PG_PRIMARY_USER }}
-p PG_ROOT_PASSWORD=${{ secrets.PG_ROOT_PASSWORD }}
# -p S3_PUBLIC_ACCESS_KEY=${{ secrets.S3_PUBLIC_ACCESS_KEY }}
# -p S3_PUBLIC_SECRET_KEY=${{ secrets.S3_PUBLIC_SECRET_KEY }}
# -p S3_HOST=${{ secrets.S3_HOST }}
Expand All @@ -62,14 +66,15 @@ jobs:
oc_server: ${{ vars.OC_SERVER }}
oc_token: ${{ secrets.OC_TOKEN }}
oc_version: "4.14.37"
file: database/postgresql.dc.yml
file: database/openshift.deploy.yml
overwrite: true
parameters:
-p DATABASE_SERVICE_NAME=gwells-pg12-dev-${{ github.event.number }}
-p IMAGE_STREAM_NAMESPACE=${{ vars.OC_NAMESPACE }}
-p IMAGE_STREAM_NAME=crunchy-postgres-gis
-p IMAGE_TAG=${{ github.event.number }}
-p NAME_SUFFIX=-dev-${{ github.event.number }}
-p VOLUME_CAPACITY=1Gi
-p VOLUME_CAPACITY=512Mi
-p STORAGE_CLASS=netapp-file-standard
-p REQUEST_CPU=200m
-p REQUEST_MEMORY=512Mi
Expand All @@ -92,6 +97,7 @@ jobs:
file: backend/openshift.deploy.yml
parameters:
-p NAME_SUFFIX=-dev-${{ github.event.number }}
-p IMAGE_TAG=${{ github.event.number }}
-p ENV_NAME=dev
-p E_LICENSING_URL=${{ vars.E_LICENSING_URL }}
-p DB_REPLICATE=${{ vars.DB_REPLICATE }}
Expand Down Expand Up @@ -137,5 +143,6 @@ jobs:
file: frontend/openshift.deploy.yml
parameters:
-p NAME_SUFFIX=-dev-${{ github.event.number }}
-p IMAGE_TAG=${{ github.event.number }}
-p ENV_NAME=dev

16 changes: 9 additions & 7 deletions backend/openshift.deploy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,23 +5,25 @@ parameters:
displayName: Name Suffix
description: A suffix appended to all objects
required: true
- name: IMAGE_TAG
required: true
- name: ENV_NAME
required: true
- name: HOST
required: false
value: ''
- name: CPU_REQUEST
required: false
value: 100m
value: 50m
- name: CPU_LIMIT
required: false
value: 500m
value: 100m
- name: MEMORY_REQUEST
required: false
value: 1Gi
value: 512Mi
- name: MEMORY_LIMIT
required: false
value: 2Gi
value: 1Gi
- name: PSQL_IMAGE
description: A psql client image (a PostgreSQL image will suffice)
required: true
Expand Down Expand Up @@ -171,7 +173,7 @@ objects:
# value: gwells-pg12${NAME_SUFFIX}-backend
resources: {}
activeDeadlineSeconds: 21600
replicas: 2
replicas: 1
test: false
selector:
name: gwells${NAME_SUFFIX}-backend
Expand All @@ -192,7 +194,7 @@ objects:
sizeLimit: 250Mi
containers:
- name: gwells-app${NAME_SUFFIX}-backend
image: 'ghcr.io/bcgov/nr-gwells/backend:69'
image: 'ghcr.io/bcgov/nr-gwells/backend:${IMAGE_TAG}'
volumeMounts:
- name: staticfiles
mountPath: /app/staticfiles
Expand Down Expand Up @@ -476,7 +478,7 @@ objects:
name: gwells${NAME_SUFFIX}-backend
spec:
maxReplicas: 5
minReplicas: 2
minReplicas: 1
scaleTargetRef:
apiVersion: v1
kind: Deployment
Expand Down
20 changes: 19 additions & 1 deletion common/openshift.init.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,14 @@ parameters:
required: true
- name: E_LICENSING_AUTH_PASSWORD
required: true
- name: PG_MODE
required: true
- name: PG_PRIMARY_PASSWORD
required: true
- name: PG_PRIMARY_USER
required: true
- name: PG_ROOT_PASSWORD
required: true
# - name: MINIO_ACCESS_KEY
# required: true
# - name: MINIO_SECRET_KEY
Expand Down Expand Up @@ -91,6 +99,16 @@ objects:
stringData:
E_LICENSING_AUTH_PASSWORD: ${E_LICENSING_AUTH_PASSWORD}
E_LICENSING_AUTH_USERNAME: ${E_LICENSING_AUTH_USERNAME}
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp:
name: crunchy-db-credentials
stringData:
PG_MODE: ${PG_MODE}
PG_PRIMARY_PASSWORD: ${PG_PRIMARY_PASSWORD}
PG_PRIMARY_USER: ${PG_PRIMARY_USER}
PG_ROOT_PASSWORD: ${PG_ROOT_PASSWORD}
- apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
Expand All @@ -113,4 +131,4 @@ objects:
template: nr-gwells-backend-network-security-policy
spec:
policyTypes:
- Ingress
- Ingress
8 changes: 5 additions & 3 deletions database/postgresql.dc.yml → database/openshift.deploy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,12 +27,12 @@ parameters:
displayName: Volume Capacity
name: VOLUME_CAPACITY
required: true
value: 1Gi
value: 512Mi
- description: Request for CPU resources measured in cpu units, e.g. 200m
displayName: CPU resource request
name: REQUEST_CPU
required: false
value: 100m
value: 20m
- description: Request for memory resources measured in bytes, e.g. 512Mi, 1Gi.
displayName: Memory resource request
name: REQUEST_MEMORY
Expand All @@ -55,6 +55,8 @@ parameters:
value: centos7-12.4-3.0-4.5.0
- name: NAME_SUFFIX
required: true
- name: IMAGE_TAG
required: true
- description: Storage class for PVCs.
displayName: Storage class for PVCs.
name: STORAGE_CLASS
Expand Down Expand Up @@ -225,7 +227,7 @@ objects:
secretKeyRef:
key: PG_ROOT_PASSWORD
name: crunchy-db-credentials
image: "ghcr.io/bcgov/nr-gwells/database:76"
image: "ghcr.io/bcgov/nr-gwells/database:${IMAGE_TAG}"
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
Expand Down
47 changes: 25 additions & 22 deletions frontend/openshift.deploy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@ parameters:
displayName: Name Suffix
description: A suffix appended to all objects
required: true
- name: IMAGE_TAG
required: true
- name: ENV_NAME
required: true
objects:
Expand Down Expand Up @@ -46,7 +48,7 @@ objects:
containers:
- name: gwells${NAME_SUFFIX}-frontend
# image: ghcr.io/bcgov/gwells/frontend:${NAME_SUFFIX}-frontend
image: ghcr.io/bcgov/nr-gwells/frontend:69
image: ghcr.io/bcgov/nr-gwells/frontend:${IMAGE_TAG}
securityContext:
capabilities:
add: ["NET_BIND_SERVICE"]
Expand All @@ -61,33 +63,34 @@ objects:
ports:
- name: container-port
containerPort: 3000
protocol: TCP
# command: ["caddy", "run", "--config", "/etc/caddy/Caddyfile"]
readinessProbe:
httpGet:
path: /health
port: 3001
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 2
timeoutSeconds: 2
successThreshold: 1
failureThreshold: 30
livenessProbe:
successThreshold: 1
failureThreshold: 3
httpGet:
path: /health
port: 3001
scheme: HTTP
initialDelaySeconds: 15
periodSeconds: 30
timeoutSeconds: 5
# readinessProbe:
# httpGet:
# path: /health
# port: 3001
# scheme: HTTP
# initialDelaySeconds: 5
# periodSeconds: 2
# timeoutSeconds: 2
# successThreshold: 1
# failureThreshold: 30
# livenessProbe:
# successThreshold: 1
# failureThreshold: 3
# httpGet:
# path: /health
# port: 3001
# scheme: HTTP
# initialDelaySeconds: 15
# periodSeconds: 30
# timeoutSeconds: 5
resources: # this is optional
limits:
cpu: 150m
memory: 250Mi
requests:
cpu: 50m
cpu: 20m
memory: 175Mi
- kind: Route
apiVersion: route.openshift.io/v1
Expand Down

0 comments on commit 7f11ad7

Please sign in to comment.