From 4b889911c87c8e61de8c6a17eb88ce9bbdaef0d1 Mon Sep 17 00:00:00 2001 From: Derek Roberts Date: Mon, 10 Feb 2025 11:50:02 -0800 Subject: [PATCH] chore(ci): restore templates --- backend/openshift.deploy.yml | 217 ++++++++++++++++++++++++++++++++++ frontend/openshift.deploy.yml | 169 ++++++++++++++++++++++++++ 2 files changed, 386 insertions(+) create mode 100644 backend/openshift.deploy.yml create mode 100644 frontend/openshift.deploy.yml diff --git a/backend/openshift.deploy.yml b/backend/openshift.deploy.yml new file mode 100644 index 00000000..4e489f85 --- /dev/null +++ b/backend/openshift.deploy.yml @@ -0,0 +1,217 @@ +apiVersion: template.openshift.io/v1 +kind: Template +parameters: + - name: NAME + description: Module name + value: nr-results-exam + - name: COMPONENT + description: Component name + value: backend + - name: ZONE + description: Deployment zone, e.g. pr-### or prod + required: true + - name: TAG + description: Image tag; e.g. PR number, latest or prod + required: true + - name: DOMAIN + value: apps.silver.devops.gov.bc.ca + - name: CPU_REQUEST + value: "25m" + - name: MEMORY_REQUEST + value: "50Mi" + - name: CPU_LIMIT + value: "75m" + - name: MEMORY_LIMIT + value: "150Mi" + - name: CPU_REQUEST_INIT + value: "125m" + - name: MEMORY_REQUEST_INIT + value: "100Mi" + - name: CPU_LIMIT_INIT + value: "250m" + - name: MEMORY_LIMIT_INIT + value: "250Mi" + - name: MIN_REPLICAS + description: The minimum amount of replicas for the horizontal pod autoscaler. + value: "3" + - name: MAX_REPLICAS + description: The maximum amount of replicas for the horizontal pod autoscaler. + value: "5" + - name: REGISTRY + description: Container registry to import from (internal is image-registry.openshift-image-registry.svc:5000) + value: ghcr.io + - name: ORG + description: Organization name, e.g. bcgov + value: bcgov + - name: CHES_TOKEN_URL + value: "https://test.loginproxy.gov.bc.ca/auth/realms/comsvcauth/protocol/openid-connect/token" + - name: CHES_CLIENT_ID + value: "09C5071A-ACE9B6FACF6" + - name: CHES_CLIENT_SECRET + required: true + - name: VITE_QUESTIONS_API_KEY + description: Dummy param to satisfy workflow + - name: S3_ACCESSKEY + description: Access key for S3 + value: nr-fsa-tst + - name: S3_ENDPOINT + description: Endpoint for S3 + value: nrs.objectstore.gov.bc.ca + - name: S3_BUCKETNAME + description: Bucket name for S3 + value: tivpth + - name: S3_SECRETKEY + description: Secret key for S3 + required: true + - name: RANDOM_EXPRESSION + description: Random expression to make sure deployments update + from: "[a-zA-Z0-9]{32}" + generate: expression +objects: + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-from-openshift-ingress + labels: + template: openshift-test + spec: + podSelector: {} + ingress: + - from: + - namespaceSelector: + matchLabels: + network.openshift.io/policy-group: ingress + policyTypes: + - Ingress + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-same-namespace + labels: + template: network-security-policy + spec: + podSelector: {} + ingress: + - from: + - podSelector: {} + policyTypes: + - Ingress + - kind: Deployment + apiVersion: apps/v1 + metadata: + labels: + app: "${NAME}-${ZONE}" + name: "${NAME}-${ZONE}-${COMPONENT}" + spec: + replicas: 1 + selector: + matchLabels: + deployment: "${NAME}-${ZONE}-${COMPONENT}" + strategy: + type: RollingUpdate + template: + metadata: + labels: + app: "${NAME}-${ZONE}" + deployment: "${NAME}-${ZONE}-${COMPONENT}" + spec: + containers: + - image: ${REGISTRY}/${ORG}/${NAME}/${COMPONENT}:${TAG} + imagePullPolicy: Always + name: "${NAME}" + env: + - name: CHES_CLIENT_ID + value: ${CHES_CLIENT_ID} + - name: CHES_CLIENT_SECRET + value: ${CHES_CLIENT_SECRET} + - name: CHES_TOKEN_URL + value: ${CHES_TOKEN_URL} + - name: S3_ACCESSKEY + value: ${S3_ACCESSKEY} + - name: S3_BUCKETNAME + value: ${S3_BUCKETNAME} + - name: S3_ENDPOINT + value: ${S3_ENDPOINT} + - name: S3_SECRETKEY + value: ${S3_SECRETKEY} + - name: RANDOM_EXPRESSION + value: ${RANDOM_EXPRESSION} + ports: + - containerPort: 5000 + protocol: TCP + resources: + requests: + cpu: "${CPU_REQUEST}" + memory: "${MEMORY_REQUEST}" + limits: + cpu: "${CPU_LIMIT}" + memory: "${MEMORY_LIMIT}" + readinessProbe: + httpGet: + path: /health + port: 5000 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 2 + timeoutSeconds: 2 + successThreshold: 1 + failureThreshold: 30 + livenessProbe: + successThreshold: 1 + failureThreshold: 3 + httpGet: + path: /health + port: 5000 + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 30 + timeoutSeconds: 5 + - apiVersion: v1 + kind: Service + metadata: + labels: + app: "${NAME}-${ZONE}" + name: "${NAME}-${ZONE}-${COMPONENT}" + spec: + ports: + - name: 5000-tcp + protocol: TCP + port: 80 + targetPort: 5000 + selector: + deployment: "${NAME}-${ZONE}-${COMPONENT}" + - apiVersion: route.openshift.io/v1 + kind: Route + metadata: + labels: + app: "${NAME}-${ZONE}" + name: "${NAME}-${ZONE}-${COMPONENT}" + spec: + host: "${NAME}-${ZONE}-${COMPONENT}.${DOMAIN}" + port: + targetPort: 5000-tcp + to: + kind: Service + name: "${NAME}-${ZONE}-${COMPONENT}" + weight: 100 + tls: + termination: edge + insecureEdgeTerminationPolicy: Redirect + - apiVersion: autoscaling/v2 + kind: HorizontalPodAutoscaler + metadata: + name: "${NAME}-${ZONE}-${COMPONENT}" + spec: + scaleTargetRef: + apiVersion: apps.openshift.io/v1 + kind: Deployment + name: "${NAME}-${ZONE}-${COMPONENT}" + minReplicas: "${{MIN_REPLICAS}}" + maxReplicas: "${{MAX_REPLICAS}}" + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 100 diff --git a/frontend/openshift.deploy.yml b/frontend/openshift.deploy.yml new file mode 100644 index 00000000..87d5f4d0 --- /dev/null +++ b/frontend/openshift.deploy.yml @@ -0,0 +1,169 @@ +apiVersion: template.openshift.io/v1 +kind: Template +parameters: + - name: NAME + description: Module name + value: nr-results-exam + - name: COMPONENT + description: Component name + value: frontend + - name: ZONE + description: Deployment zone, e.g. pr-### or prod + required: true + - name: TAG + description: Image tag; e.g. PR number, latest or prod + required: true + - name: DOMAIN + value: apps.silver.devops.gov.bc.ca + - name: CPU_REQUEST + value: "25m" + - name: MEMORY_REQUEST + value: "50Mi" + - name: CPU_LIMIT + value: "75m" + - name: MEMORY_LIMIT + value: "150Mi" + - name: MIN_REPLICAS + description: The minimum amount of replicas for the horizontal pod autoscaler. + value: "3" + - name: MAX_REPLICAS + description: The maximum amount of replicas for the horizontal pod autoscaler. + value: "5" + - name: REGISTRY + description: Container registry to import from (internal is image-registry.openshift-image-registry.svc:5000) + value: ghcr.io + - name: ORG + description: Organization name, e.g. bcgov + value: bcgov + - name: LOG_LEVEL + description: Caddy logging level DEBUG, INFO, WARN, ERROR, PANIC, and FATAL (https://github.com/caddyserver/caddy/blob/master/logging.go) + value: "info" + - name: VITE_USER_POOLS_WEB_CLIENT_ID + - name: VITE_QUESTIONS_API_KEY + - name: VITE_ZONE + value: DEV + - name: S3_SECRETKEY + description: Dummy param to satisfy workflow + - name: RANDOM_EXPRESSION + description: Random expression to make sure deployments update + from: "[a-zA-Z0-9]{32}" + generate: expression +objects: + - kind: Deployment + apiVersion: apps/v1 + metadata: + labels: + app: "${NAME}-${ZONE}" + name: "${NAME}-${ZONE}-${COMPONENT}" + spec: + replicas: 1 + selector: + matchLabels: + deployment: "${NAME}-${ZONE}-${COMPONENT}" + strategy: + type: RollingUpdate + template: + metadata: + labels: + app: "${NAME}-${ZONE}" + deployment: "${NAME}-${ZONE}-${COMPONENT}" + spec: + containers: + - image: ${REGISTRY}/${ORG}/${NAME}/${COMPONENT}:${TAG} + securityContext: + capabilities: + add: ["NET_BIND_SERVICE"] + imagePullPolicy: Always + name: ${NAME} + env: + - name: LOG_LEVEL + value: "${LOG_LEVEL}" + - name: VITE_BACKEND_URL + value: "https://${NAME}-${ZONE}-backend.${DOMAIN}:443" + - name: VITE_USER_POOLS_WEB_CLIENT_ID + value: "${VITE_USER_POOLS_WEB_CLIENT_ID}" + - name: VITE_QUESTIONS_API_KEY + value: "${VITE_QUESTIONS_API_KEY}" + - name: VITE_ZONE + value: "${ZONE}" + - name: RANDOM_EXPRESSION + value: ${RANDOM_EXPRESSION} + ports: + - containerPort: 3000 + protocol: TCP + resources: + requests: + cpu: "${CPU_REQUEST}" + memory: "${MEMORY_REQUEST}" + limits: + cpu: "${CPU_LIMIT}" + memory: "${MEMORY_LIMIT}" + readinessProbe: + httpGet: + path: / + port: 3000 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 2 + timeoutSeconds: 2 + successThreshold: 1 + failureThreshold: 30 + livenessProbe: + successThreshold: 1 + failureThreshold: 3 + httpGet: + path: / + port: 3000 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 30 + timeoutSeconds: 5 + - apiVersion: v1 + kind: Service + metadata: + labels: + app: "${NAME}-${ZONE}" + name: "${NAME}-${ZONE}-${COMPONENT}" + spec: + ports: + - name: 3000-tcp + protocol: TCP + port: 80 + targetPort: 3000 + selector: + deployment: "${NAME}-${ZONE}-${COMPONENT}" + - apiVersion: route.openshift.io/v1 + kind: Route + metadata: + labels: + app: "${NAME}-${ZONE}" + name: "${NAME}-${ZONE}-${COMPONENT}" + spec: + host: "${NAME}-${ZONE}-${COMPONENT}.${DOMAIN}" + port: + targetPort: 3000-tcp + to: + kind: Service + name: "${NAME}-${ZONE}-${COMPONENT}" + weight: 100 + tls: + termination: edge + insecureEdgeTerminationPolicy: Redirect + - apiVersion: autoscaling/v2 + kind: HorizontalPodAutoscaler + metadata: + name: "${NAME}-${ZONE}-${COMPONENT}" + spec: + scaleTargetRef: + apiVersion: apps.openshift.io/v1 + kind: Deployment + name: "${NAME}-${ZONE}-${COMPONENT}" + minReplicas: "${{MIN_REPLICAS}}" + maxReplicas: "${{MAX_REPLICAS}}" + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 100