Skip to content

Commit

Permalink
chore(ci): restore templates
Browse files Browse the repository at this point in the history
  • Loading branch information
@DerekRoberts
DerekRoberts committed Feb 10, 2025
1 parent 1a6bfd1 commit 4b88991
Show file tree
Hide file tree
Showing 2 changed files with 386 additions and 0 deletions.
217 changes: 217 additions & 0 deletions backend/openshift.deploy.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,217 @@
apiVersion: template.openshift.io/v1
kind: Template
parameters:
- name: NAME
description: Module name
value: nr-results-exam
- name: COMPONENT
description: Component name
value: backend
- name: ZONE
description: Deployment zone, e.g. pr-### or prod
required: true
- name: TAG
description: Image tag; e.g. PR number, latest or prod
required: true
- name: DOMAIN
value: apps.silver.devops.gov.bc.ca
- name: CPU_REQUEST
value: "25m"
- name: MEMORY_REQUEST
value: "50Mi"
- name: CPU_LIMIT
value: "75m"
- name: MEMORY_LIMIT
value: "150Mi"
- name: CPU_REQUEST_INIT
value: "125m"
- name: MEMORY_REQUEST_INIT
value: "100Mi"
- name: CPU_LIMIT_INIT
value: "250m"
- name: MEMORY_LIMIT_INIT
value: "250Mi"
- name: MIN_REPLICAS
description: The minimum amount of replicas for the horizontal pod autoscaler.
value: "3"
- name: MAX_REPLICAS
description: The maximum amount of replicas for the horizontal pod autoscaler.
value: "5"
- name: REGISTRY
description: Container registry to import from (internal is image-registry.openshift-image-registry.svc:5000)
value: ghcr.io
- name: ORG
description: Organization name, e.g. bcgov
value: bcgov
- name: CHES_TOKEN_URL
value: "https://test.loginproxy.gov.bc.ca/auth/realms/comsvcauth/protocol/openid-connect/token"
- name: CHES_CLIENT_ID
value: "09C5071A-ACE9B6FACF6"
- name: CHES_CLIENT_SECRET
required: true
- name: VITE_QUESTIONS_API_KEY
description: Dummy param to satisfy workflow
- name: S3_ACCESSKEY
description: Access key for S3
value: nr-fsa-tst
- name: S3_ENDPOINT
description: Endpoint for S3
value: nrs.objectstore.gov.bc.ca
- name: S3_BUCKETNAME
description: Bucket name for S3
value: tivpth
- name: S3_SECRETKEY
description: Secret key for S3
required: true
- name: RANDOM_EXPRESSION
description: Random expression to make sure deployments update
from: "[a-zA-Z0-9]{32}"
generate: expression
objects:
- apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-from-openshift-ingress
labels:
template: openshift-test
spec:
podSelector: {}
ingress:
- from:
- namespaceSelector:
matchLabels:
network.openshift.io/policy-group: ingress
policyTypes:
- Ingress
- apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-same-namespace
labels:
template: network-security-policy
spec:
podSelector: {}
ingress:
- from:
- podSelector: {}
policyTypes:
- Ingress
- kind: Deployment
apiVersion: apps/v1
metadata:
labels:
app: "${NAME}-${ZONE}"
name: "${NAME}-${ZONE}-${COMPONENT}"
spec:
replicas: 1
selector:
matchLabels:
deployment: "${NAME}-${ZONE}-${COMPONENT}"
strategy:
type: RollingUpdate
template:
metadata:
labels:
app: "${NAME}-${ZONE}"
deployment: "${NAME}-${ZONE}-${COMPONENT}"
spec:
containers:
- image: ${REGISTRY}/${ORG}/${NAME}/${COMPONENT}:${TAG}
imagePullPolicy: Always
name: "${NAME}"
env:
- name: CHES_CLIENT_ID
value: ${CHES_CLIENT_ID}
- name: CHES_CLIENT_SECRET
value: ${CHES_CLIENT_SECRET}
- name: CHES_TOKEN_URL
value: ${CHES_TOKEN_URL}
- name: S3_ACCESSKEY
value: ${S3_ACCESSKEY}
- name: S3_BUCKETNAME
value: ${S3_BUCKETNAME}
- name: S3_ENDPOINT
value: ${S3_ENDPOINT}
- name: S3_SECRETKEY
value: ${S3_SECRETKEY}
- name: RANDOM_EXPRESSION
value: ${RANDOM_EXPRESSION}
ports:
- containerPort: 5000
protocol: TCP
resources:
requests:
cpu: "${CPU_REQUEST}"
memory: "${MEMORY_REQUEST}"
limits:
cpu: "${CPU_LIMIT}"
memory: "${MEMORY_LIMIT}"
readinessProbe:
httpGet:
path: /health
port: 5000
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 2
timeoutSeconds: 2
successThreshold: 1
failureThreshold: 30
livenessProbe:
successThreshold: 1
failureThreshold: 3
httpGet:
path: /health
port: 5000
scheme: HTTP
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 5
- apiVersion: v1
kind: Service
metadata:
labels:
app: "${NAME}-${ZONE}"
name: "${NAME}-${ZONE}-${COMPONENT}"
spec:
ports:
- name: 5000-tcp
protocol: TCP
port: 80
targetPort: 5000
selector:
deployment: "${NAME}-${ZONE}-${COMPONENT}"
- apiVersion: route.openshift.io/v1
kind: Route
metadata:
labels:
app: "${NAME}-${ZONE}"
name: "${NAME}-${ZONE}-${COMPONENT}"
spec:
host: "${NAME}-${ZONE}-${COMPONENT}.${DOMAIN}"
port:
targetPort: 5000-tcp
to:
kind: Service
name: "${NAME}-${ZONE}-${COMPONENT}"
weight: 100
tls:
termination: edge
insecureEdgeTerminationPolicy: Redirect
- apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: "${NAME}-${ZONE}-${COMPONENT}"
spec:
scaleTargetRef:
apiVersion: apps.openshift.io/v1
kind: Deployment
name: "${NAME}-${ZONE}-${COMPONENT}"
minReplicas: "${{MIN_REPLICAS}}"
maxReplicas: "${{MAX_REPLICAS}}"
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 100
169 changes: 169 additions & 0 deletions frontend/openshift.deploy.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,169 @@
apiVersion: template.openshift.io/v1
kind: Template
parameters:
- name: NAME
description: Module name
value: nr-results-exam
- name: COMPONENT
description: Component name
value: frontend
- name: ZONE
description: Deployment zone, e.g. pr-### or prod
required: true
- name: TAG
description: Image tag; e.g. PR number, latest or prod
required: true
- name: DOMAIN
value: apps.silver.devops.gov.bc.ca
- name: CPU_REQUEST
value: "25m"
- name: MEMORY_REQUEST
value: "50Mi"
- name: CPU_LIMIT
value: "75m"
- name: MEMORY_LIMIT
value: "150Mi"
- name: MIN_REPLICAS
description: The minimum amount of replicas for the horizontal pod autoscaler.
value: "3"
- name: MAX_REPLICAS
description: The maximum amount of replicas for the horizontal pod autoscaler.
value: "5"
- name: REGISTRY
description: Container registry to import from (internal is image-registry.openshift-image-registry.svc:5000)
value: ghcr.io
- name: ORG
description: Organization name, e.g. bcgov
value: bcgov
- name: LOG_LEVEL
description: Caddy logging level DEBUG, INFO, WARN, ERROR, PANIC, and FATAL (https://github.com/caddyserver/caddy/blob/master/logging.go)
value: "info"
- name: VITE_USER_POOLS_WEB_CLIENT_ID
- name: VITE_QUESTIONS_API_KEY
- name: VITE_ZONE
value: DEV
- name: S3_SECRETKEY
description: Dummy param to satisfy workflow
- name: RANDOM_EXPRESSION
description: Random expression to make sure deployments update
from: "[a-zA-Z0-9]{32}"
generate: expression
objects:
- kind: Deployment
apiVersion: apps/v1
metadata:
labels:
app: "${NAME}-${ZONE}"
name: "${NAME}-${ZONE}-${COMPONENT}"
spec:
replicas: 1
selector:
matchLabels:
deployment: "${NAME}-${ZONE}-${COMPONENT}"
strategy:
type: RollingUpdate
template:
metadata:
labels:
app: "${NAME}-${ZONE}"
deployment: "${NAME}-${ZONE}-${COMPONENT}"
spec:
containers:
- image: ${REGISTRY}/${ORG}/${NAME}/${COMPONENT}:${TAG}
securityContext:
capabilities:
add: ["NET_BIND_SERVICE"]
imagePullPolicy: Always
name: ${NAME}
env:
- name: LOG_LEVEL
value: "${LOG_LEVEL}"
- name: VITE_BACKEND_URL
value: "https://${NAME}-${ZONE}-backend.${DOMAIN}:443"
- name: VITE_USER_POOLS_WEB_CLIENT_ID
value: "${VITE_USER_POOLS_WEB_CLIENT_ID}"
- name: VITE_QUESTIONS_API_KEY
value: "${VITE_QUESTIONS_API_KEY}"
- name: VITE_ZONE
value: "${ZONE}"
- name: RANDOM_EXPRESSION
value: ${RANDOM_EXPRESSION}
ports:
- containerPort: 3000
protocol: TCP
resources:
requests:
cpu: "${CPU_REQUEST}"
memory: "${MEMORY_REQUEST}"
limits:
cpu: "${CPU_LIMIT}"
memory: "${MEMORY_LIMIT}"
readinessProbe:
httpGet:
path: /
port: 3000
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 2
timeoutSeconds: 2
successThreshold: 1
failureThreshold: 30
livenessProbe:
successThreshold: 1
failureThreshold: 3
httpGet:
path: /
port: 3000
scheme: HTTP
initialDelaySeconds: 15
periodSeconds: 30
timeoutSeconds: 5
- apiVersion: v1
kind: Service
metadata:
labels:
app: "${NAME}-${ZONE}"
name: "${NAME}-${ZONE}-${COMPONENT}"
spec:
ports:
- name: 3000-tcp
protocol: TCP
port: 80
targetPort: 3000
selector:
deployment: "${NAME}-${ZONE}-${COMPONENT}"
- apiVersion: route.openshift.io/v1
kind: Route
metadata:
labels:
app: "${NAME}-${ZONE}"
name: "${NAME}-${ZONE}-${COMPONENT}"
spec:
host: "${NAME}-${ZONE}-${COMPONENT}.${DOMAIN}"
port:
targetPort: 3000-tcp
to:
kind: Service
name: "${NAME}-${ZONE}-${COMPONENT}"
weight: 100
tls:
termination: edge
insecureEdgeTerminationPolicy: Redirect
- apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: "${NAME}-${ZONE}-${COMPONENT}"
spec:
scaleTargetRef:
apiVersion: apps.openshift.io/v1
kind: Deployment
name: "${NAME}-${ZONE}-${COMPONENT}"
minReplicas: "${{MIN_REPLICAS}}"
maxReplicas: "${{MAX_REPLICAS}}"
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 100

0 comments on commit 4b88991

Please sign in to comment.