diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 00000000..202d6a44 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,8 @@ +# Set the default behavior, in case people don't have core.autocrlf set. +* text=auto + +# Declare files that will always have LF line endings on checkout. +manage text eol=lf +*.sh text eol=lf +*.md text eol=lf +*.json text eol=lf \ No newline at end of file diff --git a/.gitignore b/.gitignore index 379c95c2..44870f48 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,8 @@ +*_DeploymentConfig.json +*_BuildConfig.json +*.local.* +*.overrides.param + # Django db.sqlite3 staticfiles/ diff --git a/jenkins/build-and-deploy-to-dev-Jenkinsfile b/jenkins/build-and-deploy-to-dev-Jenkinsfile new file mode 100644 index 00000000..b0fad3f4 --- /dev/null +++ b/jenkins/build-and-deploy-to-dev-Jenkinsfile @@ -0,0 +1,29 @@ +// Edit your app's name below +def APP_NAME = 'edivorce-django' + +// Edit your environment TAG names below +def TAG_NAMES = ['dev', 'test', 'prod'] + +// You shouldn't have to edit these if you're following the conventions +def BUILD_CONFIG = APP_NAME +def IMAGESTREAM_NAME = APP_NAME + +node { + properties([[$class: 'BuildDiscarderProperty', strategy: [$class: 'LogRotator', artifactDaysToKeepStr: '', artifactNumToKeepStr: '', daysToKeepStr: '', numToKeepStr: '10']]]) + + stage('build ' + BUILD_CONFIG) { + echo "Building: " + BUILD_CONFIG + openshiftBuild bldCfg: BUILD_CONFIG, showBuildLogs: 'true' + + // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. + // Tag the images for deployment based on the image's hash + IMAGE_HASH = sh ( + script: """oc get istag ${IMAGESTREAM_NAME}:latest -o template --template=\"{{.image.dockerImageReference}}\"|awk -F \":\" \'{print \$3}\'""", + returnStdout: true).trim() + echo ">> IMAGE_HASH: ${IMAGE_HASH}" + } + + stage('deploy-' + TAG_NAMES[0]) { + openshiftTag destStream: IMAGESTREAM_NAME, verbose: 'true', destTag: TAG_NAMES[0], srcStream: IMAGESTREAM_NAME, srcTag: "${IMAGE_HASH}" + } +} \ No newline at end of file diff --git a/jenkins/build-and-deploy-to-dev-Jenkinsfile.pipeline.param b/jenkins/build-and-deploy-to-dev-Jenkinsfile.pipeline.param new file mode 100644 index 00000000..45a64e7f --- /dev/null +++ b/jenkins/build-and-deploy-to-dev-Jenkinsfile.pipeline.param @@ -0,0 +1,11 @@ +#========================================================= +# OpenShift Jenkins pipeline template parameters for: +# Jenkinsfile: ./jenkins/build-and-deploy-to-dev-Jenkinsfile +# Template File: https://raw.githubusercontent.com/BCDevOps/openshift-tools/master/provisioning/pipeline/resources/pipeline-build.json +#========================================================= +NAME=build-and-deploy-to-dev +# GITHUB_WEBHOOK_SECRET=[a-zA-Z0-9]{40} +SOURCE_REPOSITORY_URL=https://github.com/bcgov/eDivorce.git +SOURCE_REPOSITORY_REF=master +CONTEXT_DIR=jenkins +JENKINSFILE_PATH=build-and-deploy-to-dev-Jenkinsfile diff --git a/jenkins/deploy-to-prod-Jenkinsfile b/jenkins/deploy-to-prod-Jenkinsfile new file mode 100644 index 00000000..f4d6be3e --- /dev/null +++ b/jenkins/deploy-to-prod-Jenkinsfile @@ -0,0 +1,17 @@ +// This Jenkins file uses a brute force method to promote the application images from TEST to PROD. +// In other words all of the images that are currently deployed in TEST will be tagged for deployment to PROD. + +// Define these in the order they should be deployed. +def APP_NAMES = ['postgresql', 'nginx-proxy', 'weasyprint', 'edivorce-django'] +def SOURCE_TAG = 'test' +def DESTINATION_TAG = 'prod' + +node { + properties([[$class: 'BuildDiscarderProperty', strategy: [$class: 'LogRotator', artifactDaysToKeepStr: '', artifactNumToKeepStr: '', daysToKeepStr: '', numToKeepStr: '10']]]) + + APP_NAMES.each { appName -> + stage('Deploying ' + appName + ' to ' + DESTINATION_TAG) { + openshiftTag destStream: appName, verbose: 'true', destTag: DESTINATION_TAG, srcStream: appName, srcTag: SOURCE_TAG + } + } +} \ No newline at end of file diff --git a/jenkins/deploy-to-prod-Jenkinsfile.pipeline.param b/jenkins/deploy-to-prod-Jenkinsfile.pipeline.param new file mode 100644 index 00000000..bc3091e7 --- /dev/null +++ b/jenkins/deploy-to-prod-Jenkinsfile.pipeline.param @@ -0,0 +1,11 @@ +#========================================================= +# OpenShift Jenkins pipeline template parameters for: +# Jenkinsfile: ./jenkins/deploy-to-prod-Jenkinsfile +# Template File: https://raw.githubusercontent.com/BCDevOps/openshift-tools/master/provisioning/pipeline/resources/pipeline-build.json +#========================================================= +NAME=deploy-to-prod +# GITHUB_WEBHOOK_SECRET=[a-zA-Z0-9]{40} +SOURCE_REPOSITORY_URL=https://github.com/bcgov/eDivorce.git +SOURCE_REPOSITORY_REF=master +CONTEXT_DIR=jenkins +JENKINSFILE_PATH=deploy-to-prod-Jenkinsfile diff --git a/jenkins/deploy-to-test-Jenkinsfile b/jenkins/deploy-to-test-Jenkinsfile new file mode 100644 index 00000000..d22cf702 --- /dev/null +++ b/jenkins/deploy-to-test-Jenkinsfile @@ -0,0 +1,17 @@ +// This Jenkins file uses a brute force method to promote the application images from DEV to TEST. +// In other words all of the images that are currently deployed in DEV will be tagged for deployment to TEST. + +// Define these in the order they should be deployed. +def APP_NAMES = ['postgresql', 'nginx-proxy', 'weasyprint', 'edivorce-django'] +def SOURCE_TAG = 'dev' +def DESTINATION_TAG = 'test' + +node { + properties([[$class: 'BuildDiscarderProperty', strategy: [$class: 'LogRotator', artifactDaysToKeepStr: '', artifactNumToKeepStr: '', daysToKeepStr: '', numToKeepStr: '10']]]) + + APP_NAMES.each { appName -> + stage('Deploying ' + appName + ' to ' + DESTINATION_TAG) { + openshiftTag destStream: appName, verbose: 'true', destTag: DESTINATION_TAG, srcStream: appName, srcTag: SOURCE_TAG + } + } +} \ No newline at end of file diff --git a/jenkins/deploy-to-test-Jenkinsfile.pipeline.param b/jenkins/deploy-to-test-Jenkinsfile.pipeline.param new file mode 100644 index 00000000..f8e26c7c --- /dev/null +++ b/jenkins/deploy-to-test-Jenkinsfile.pipeline.param @@ -0,0 +1,11 @@ +#========================================================= +# OpenShift Jenkins pipeline template parameters for: +# Jenkinsfile: ./jenkins/deploy-to-test-Jenkinsfile +# Template File: https://raw.githubusercontent.com/BCDevOps/openshift-tools/master/provisioning/pipeline/resources/pipeline-build.json +#========================================================= +NAME=deploy-to-test +# GITHUB_WEBHOOK_SECRET=[a-zA-Z0-9]{40} +SOURCE_REPOSITORY_URL=https://github.com/bcgov/eDivorce.git +SOURCE_REPOSITORY_REF=master +CONTEXT_DIR=jenkins +JENKINSFILE_PATH=deploy-to-test-Jenkinsfile diff --git a/openshift/MINISHIFT.md b/openshift/MINISHIFT.md deleted file mode 100644 index e664419f..00000000 --- a/openshift/MINISHIFT.md +++ /dev/null @@ -1,88 +0,0 @@ -# A Quickstart Guide to Setting Up eDivorce on MiniShift - -These instructions assume you have 2 EMPTY projects created in MiniShift: - -- jag-csb-edivorce-tools (BUILD) -- jag-csb-edivorce-dev (DEV) - -For Minishift deployments we won't bother setting up Jenkins or NGINX. - - -## Uploading Templates into OpenShift - -1. Clone the project from Github, and then ```cd``` into the openshift/templates directory. - -2. Log into the OpenShift console to get your command line token. Then log into OpenShift from the command line. - -3. Upload the templates into OpenShift with the following commands - - Tools templates - ``` - oc create -f edivorce-build-template.yaml -n jag-csb-edivorce-tools - ``` - - Main eDivorce environment template - ``` - oc create -f edivorce-environment-template.yaml -n jag-csb-edivorce-dev - ``` - - -## Setting up the Tools Project - - -### Process the templates in the 'tools' project - -#### These can be processed from the commandline -``` -oc project jag-csb-edivorce-tools - -oc process edivorce-build | oc create -f - -``` - -You can monitor the process of the build in the OpenShift console on Minishift. You'll need to wait for it to finish before you can start the next step. - -## Setting up Dev - -Tag the builds in the tools project so they can be deployed to dev -``` -oc project jag-csb-edivorce-tools -``` - -Give the dev project access to Docker images stored in the tools project -``` -oc project jag-csb-edivorce-dev -oc policy add-role-to-user system:image-puller system:serviceaccount:jag-csb-edivorce-dev:default -n jag-csb-edivorce-tools -oc policy add-role-to-user edit system:serviceaccount:jag-csb-edivorce-tools:default -n jag-csb-edivorce-dev -``` - -Deploy the Django app and the Postgresql DB (Read the section about "Important Configuration Options" above!) -``` -oc process edivorce -v ENVIRONMENT_TYPE=minishift,PROXY_NETWORK=0.0.0.0/0 | oc create -f - -``` - -Edit the yaml for the edivorce-django deployment config through the web console - -Find: - - kind: ImageStreamTag - name: 'edivorce-django:deploy-to-dev' - - -Change to: - - kind: ImageStreamTag - name: 'edivorce-django:latest' - -Deploy Weasyprint -``` -oc deploy weasyprint --latest -``` - -## Create a Route - -Using the web console, create a new route called "minishift" in the jag-csb-edivorce-dev project. The only thing you need to change is the name. Otherwise just use default settings. - -## Log into eDivorce - -You should be able to find your route in the edivorce-django deployment of the jag-csb-edivorce-dev project. When you are prompted for a username and password you can use the password 'dovorce' with any username you choose. - diff --git a/openshift/README.md b/openshift/README.md index 3939f493..8b4758f0 100644 --- a/openshift/README.md +++ b/openshift/README.md @@ -1,66 +1,91 @@ # A Quickstart Guide to Setting Up eDivorce on OpenShift -There are three deployment environments set up for different purposes within OpenShift. They are available at the URLs below. +## Before you get started +This project uses the scripts found in [openshift-developer-tools](https://github.com/BCDevOps/openshift-developer-tools) to setup and maintain OpenShift environments (both local and hosted). Refer to the [OpenShift Scripts](https://github.com/BCDevOps/openshift-developer-tools/blob/master/bin/README.md) documentation for details. -| Environment | URL | Justice URL | -| ----------- | ----- | ----------- | -| DEV | https://edivorce-dev.pathfinder.gov.bc.ca | https://justice.gov.bc.ca/divorce-dev | -| TEST | https://edivorce-test.pathfinder.gov.bc.ca | https://justice.gov.bc.ca/divorce-test | -| PROD | https://edivorce-prod.pathfinder.gov.bc.ca | https://justice.gov.bc.ca/divorce | +These instructions assume: +* You have Git, Docker, and the OpenShift CLI installed on your system, and they are functioning correctly. The recommended approach is to use either [Homebrew](https://brew.sh/) (MAC) or [Chocolatey](https://chocolatey.org/) (Windows) to install the required packages. +* You have followed the [OpenShift Scripts](https://github.com/BCDevOps/openshift-developer-tools/blob/master/bin/README.md) environment setup instructions to install and configure the scripts for use on your system. +* You have forked and cloned a local working copy of the project source code. +* You are using a reasonable shell. A "reasonable shell" is obvious on Linux and Mac, and is assumed to be the git-bash shell on Windows. +* You are working from the top level `./openshift` directory for the project. -These instructions assume you have 4 EMPTY projects created in OpenShift: +Good to have: +* A moderate to advanced knowledge of OpenShift. There are two good PDFs available from Red Hat and O'Reilly on [OpenShift for Developers](https://www.openshift.com/promotions/for-developers.html) and [DevOps with OpenShift](https://www.openshift.com/promotions/devops-with-openshift.html). -- jag-csb-edivorce-tools (BUILD) -- jag-csb-edivorce-dev (DEV) -- jag-csb-edivorce-test (TEST) -- jag-csb-edivorce-prod (PROD) +For the commands mentioned in these instructions, you can use the `-h` parameter for usage help and options information. -## How to Access OpenShift for eDivorce +### Working with OpenShift -### Web UI -- Login to https://console.pathfinder.gov.bc.ca:8443; you'll be prompted for GitHub authorization. You must be part of the BCDevOps Github organization, and you must have access to the eDivorce projects. +When working with openshift, commands are typically issued against the `server-project` pair to which you are currently connected. Therefore, when you are working with multiple servers (local, and remote for instance) you should always be aware of your current context so you don't inadvertently issue a command against the wrong server and project. Although you can login to more than one server at a time it's always a good idea to completely logout of one server before working on another. -### Command-line (```oc```) tools -- Download OpenShift [command line tools](https://github.com/openshift/origin/releases/download/v1.2.1/openshift-origin-client-tools-v1.2.1-5e723f6-mac.zip), unzip, and add ```oc``` to your PATH. -- Copy command line login string from https://console.pathfinder.gov.bc.ca:8443/console/command-line. It will look like ```oc login https://console.pathfinder.gov.bc.ca:8443 --token=xtyz123xtyz123xtyz123xtyz123``` -- Paste the login string into a terminal session. You are no authenticated against OpenShift and will be able to execute ```oc``` commands. ```oc -h``` provides a summary of available commands. +The automation tools provided by `openshift-developer-tools` hide some of these details from you, in that they perform project context switching automatically. However, what they don't do is provide server context switching. They assume you are aware of your server context and you have logged into the correct server. + +Some useful commands to help you determine your current context: +* `oc whoami -c` - Lists your current server and user context. +* `oc project` - Lists your current project context. +* `oc project [NAME]` - Switch to a different project context. +* `oc projects` - Lists the projects available to you on the current server. + +## Setting up a local OpenShift environment + +If you are NOT setting up a local OpenShift environment you can skip over this section, otherwise read on. + +Setting up a local OpenShift environment is not much different than setting up a hosted environment, there are just a few extra steps and then you can follow the same instructions in either case. + +The following procedure uses the `oc cluster up` approach to provision a OpenShift Cluster directly in Docker, but you could just as easily use MiniShift which can be installed using your preferred package manager (`Chocolatey` or `Homebrew`). + +### Change into the top level openshift folder +``` +cd //openshift +``` + +### Provision a local OpenShift Cluster +``` +oc-cluster-up.sh +``` +This will start your local OpenShift cluster using persistence so your configuration is preserved across restarts. + +*To cleanly shutdown your local cluster use `oc-cluster-down.sh`.* + +**Login** to your local OpenShift instance on the command line and the Web Console, using `developer` as both the username and password. To login to the cluster from the command line, you can get a login token from the Web Console: Login to the console. From the **?** dropdown select **Command Line Tools**. Click on the **Copy To Clipboard** icon next to the `oc login` line. + +### Create a local set of OpenShift projects +``` +generateLocalProjects.sh +``` +**This command will only work on a local server context. It will fail if you are logged into a remote server.** This will generate four OpenShift projects; tools, dev, test, and prod. The tools project is used for builds and DevOps activities, and dev, test, and prod are a set of deployment environments. +If you need (or want) to reset your local environments you can run `generateLocalProjects.sh -D` to delete all of the OpenShift projects. -## Uploading Templates into OpenShift +### Finish Up -1. Clone the project from Github, and then ```cd``` into the openshift/templates directory. +You now have a local OpenShift cluster with a set of projects that mirror what you would have in the hosted **Pathfinder** environment. -2. Log into the OpenShift console to get your command line token. Then log into OpenShift from the command line. +You can now configure these project exactly as you would your hosted environment with one minor difference. You will need to fix the routes **after** you have run your deployment configurations. -3. Upload the templates into OpenShift with the following commands +Run the following script to create the default routes for your local environment: +``` +updateRoutes.sh +``` - Tools templates - ``` - oc create -f ../jenkins/jenkins-pipeline-persistent-template.json -n jag-csb-edivorce-tools - oc create -f edivorce-build-template.yaml -n jag-csb-edivorce-tools - oc create -f nginx-build-template.yaml -n jag-csb-edivorce-tools - oc create -f ../jenkins/pipeline.yaml -n jag-csb-edivorce-tools - ``` +### Local Override Options - Main eDivorce environment template - ``` - oc create -f edivorce-environment-template.yaml -n jag-csb-edivorce-dev - oc create -f edivorce-environment-template.yaml -n jag-csb-edivorce-test - oc create -f edivorce-environment-template.yaml -n jag-csb-edivorce-prod - ``` +When running locally your can override your build and deployment parameters by generating a set of local parameters. + +To generate a set of local params, run; +``` +genParams.sh -l +``` +Local param files are ignored by Git, so you cannot accidentally commit them to the repository. - NGINX proxy template - ``` - oc create -f nginx-environment-template.yaml -n jag-csb-edivorce-dev - oc create -f nginx-environment-template.yaml -n jag-csb-edivorce-test - oc create -f nginx-environment-template.yaml -n jag-csb-edivorce-prod - ``` +This allows you to do things like redirect your builds to use a different repository and/or branch. -## Setting up the Tools Project +To apply local settings while deploying your build and deployment configurations use the `-l` option with `genBuilds.sh` and `genDepls.sh`. -### Install Docker on your computer +## 0. Build and publish the S2I image: -### Build the S2I image: +*TODO: Add this process to the build configurations...* ```docker build -t s2i-nginx git://github.com/BCDevOps/s2i-nginx``` @@ -76,189 +101,127 @@ docker push docker-registry.pathfinder.gov.bc.ca/jag-csb-edivorce-tools/s2i-ngin (your docker token is the same as your OpenShift login token) -### Process the templates in the 'tools' project - -#### These can be processed from the commandline +## 1. Change into the top level openshift folder ``` -oc project jag-csb-edivorce-tools - -oc process jenkins-pipeline-persistent | oc create -f - -oc process edivorce-build | oc create -f - -oc process nginx-build | oc create -f - +cd //openshift ``` -#### For some reason the edivorce-build-pipeline template can't be processed from the command line like the other templates - -1. Log into the web console ang go to the :"eDivorce App (tools)" project - -2. Select "Add to Project" from the web interface +## 2. Initialize the projects - add permissions and storage +``` +initOSProjects.sh +``` +This will initialize the projects with permissions that allow images from one project (tools) to be deployed into another project (dev, test, prod). For production environments will also ensure the persistent storage services exist. -3. On the Browse Catalog tab, type "edivorce-build-pipeline" into the filter field. Select the template. +## 3. Generate the Build and Images in the "tools" project; Deploy Jenkins +``` +genBuilds.sh +``` +This will generate and deploy the build configurations into the `tools` project. Follow the instructions written to the command line. -4. Create +If the project contains any Jenkins pipelines a Jenkins instance will be deployed into the `tools` project automatically once the first pipeline is deployed by the scripts. OpenShift will automatically wire the Jenkins pipelines to Jenkins projects within Jenkins. -5. Delete the extra services that OpenShift automatically created when you processed the edivorce-build-template. We are using perisistent storage for Jenkins. These are ephemeral. +Use `-h` to get advanced usage information. Use the `-l` option to apply any local settings you have configured; when working with a local cluster you should always use the `-l` option. - ``` - oc project jag-csb-edivorce-tools +### Updating Build and Image Configurations +If you are adding build and image configurations you can re-run this script. You will encounter errors for any of the resources that already exist, but you can safely ignore these errors and allow the script to continue. - oc delete svc jenkins-pipeline-svc - oc delete deploymentconfig jenkins-pipeline-svc - oc delete route jenkins-pipeline-svc - ``` +If you are updating build and image configurations use the `-u` option. -### Add the webhook to GitHub +If you are adding and updating build and image configurations, run the script **without** the `-u` option first to create the new resources and then again **with** the `-u` option to update the existing configurations. -1. Log into the web console ang go to the :"eDivorce App (tools)" project +## 4. Generate the Deployment Configurations and Deploy the Components +``` +genDepls.sh -e +``` +This will generate and deploy the deployment configurations into the selected project; `dev`, `test`, or `prod`. Follow the instructions written to the command line. -2. Select Builds => Pipelines => build-and-deploy-to-dev => Configuration +Use `-h` to get advanced usage information. Use the `-l` option to apply any local settings you have configured; when working with a local cluster you should always use the `-l` option. -3. Copy the GitHub wookhook URL +### Important Configuration Settings -4. Go to the repository settings in Github, and add the webhook url under "Webhooks" +#### Mandatory Settings: - - Payload URL = The URL you copied from OpenShift - - Content type = application/json - - Secret = Leave Blank - - Just push the event - - Active +PROXY_NETWORK -## Setting up Dev/Test/Prod Projects +While running `genDepls.sh` you will be prompted for the network address of the upstream proxy. This is used to ensure that requests come from the Justice Proxy only. You will need to enter the address in IPV4 CIDR notation e.g. 10.10.15.10/16. The actual value you need to enter cannot be stored on Github because this would violate BC Government Github policies. The PROXY_NETWORK setting is currently the same for all 3 environments (dev, test, and prod) -### Important Configuration Options +SITEMINDER_WHITE_LIST -#### Mandatory Settings: +While running `genDepls.sh` you will be prompted for a list of IP addresses that make up the white-list of hosts allowed to access the service. -PROXY_NETWORK +The list must be provided as a space delimited list of IP addresses. -Network of upstream proxy. This is used to ensure that requests come from -the Justice Proxy only. It should be entered in IPV4 CIDR notation -e.g. 10.10.15.10/16. The actual value you need to enter cannot be stored on Github -because this would violate BC Government Github policies. The PROXY_NETWORK -setting is currently the same for all 3 environments (dev, test & prod) +The actual values cannot be stored on Github because this would violate BC Government Github policies. The addresses are different for each environment (dev, test, and prod). -#### Optional Settings you will probably want to set: +#### Other Settings: BASICAUTH_ENABLED -Turns on simple basic authentication for test and dev environments. -This is recommended since these environments are accessible to the general public. -Set it to "True" (no quotes) to enable it. Default = False +Turns on simple basic authentication for test and dev environments. This setting is set to "True" in the dev and test environments only. BASICAUTH_USERNAME / BASICAUTH_PASSWORD -Username will default to divorce, and password will default to a random 16 digit string -unless you override these settings +Both the Username and Password will be randomly generated and can later be found by a project administrator in the Secrets section of the related OpenShift project. -### Setting up Dev +### Updating Deployment Configurations -Tag the builds in the tools project so they can be deployed to dev -``` -oc project jag-csb-edivorce-tools -oc tag edivorce-django:latest edivorce-django:deploy-to-dev -oc tag nginx-proxy:latest nginx-proxy:deploy-to-dev -``` +If you are adding deployment configurations you can re-run this script. You will encounter errors for any of the resources that already exist, but you can safely ignore these errors and allow the script to continue. -Give the dev project access to Docker images stored in the tools project -``` -oc project jag-csb-edivorce-dev -oc policy add-role-to-user system:image-puller system:serviceaccount:jag-csb-edivorce-dev:default -n jag-csb-edivorce-tools -oc policy add-role-to-user edit system:serviceaccount:jag-csb-edivorce-tools:default -n jag-csb-edivorce-dev -``` +If you are updating deployment configurations use the `-u` option. -Deploy the Django app and the Postgresql DB (Read the section about "Important Configuration Options" above!) -``` -oc process edivorce -v ENVIRONMENT_TYPE=dev,PROXY_NETWORK=123.45.67.89/0,BASICAUTH_ENABLED=True | oc create -f - -``` +If you are adding and updating deployment configurations, run the script **without** the `-u` option first to create the new resources and then again **with** the `-u` option to update the existing configurations. -Deploy the NGINX proxy -``` -oc process nginx -v ENVIRONMENT_TYPE=dev | oc create -f - -``` +**_Note;_** -Deploy Weasyprint -``` -oc deploy weasyprint --latest -``` +**Some settings on some resources are immutable. To replace these resources you will need to delete and recreate the associated resource(s).** -Give the Jenkins build pipeline access to the dev project -``` -oc policy add-role-to-user edit system:serviceaccount:jag-csb-edivorce-tools:jenkins -n jag-csb-edivorce-dev -``` +**Updating the deployment configurations can affect (overwrite) auto-generated secretes such as the database username and password.** +**Care must be taken with resources containing credentials or other auto-generated resources. You must ensure such resources are replaced using the same values._** -### Setting up Test +## 5. Add Build Pipeline Webhook(s) to GitHub -Tag the builds in the tools project so they can be deployed to test -``` -oc project jag-csb-edivorce-tools -oc tag edivorce-django:latest edivorce-django:deploy-to-test -oc tag nginx-proxy:latest nginx-proxy:deploy-to-test -``` +1. Log into the web console ang go to the :"eDivorce App (tools)" project -Give the test project access to Docker images stored in the tools project -``` -oc project jag-csb-edivorce-test -oc policy add-role-to-user system:image-puller system:serviceaccount:jag-csb-edivorce-test:default -n jag-csb-edivorce-tools -oc policy add-role-to-user edit system:serviceaccount:jag-csb-edivorce-tools:default -n jag-csb-edivorce-test -``` +2. Select Builds => Pipelines => build-and-deploy-to-dev => Configuration -Deploy the Django app and the Postgresql DB (Read the section about "Important Configuration Options" above!) -``` -oc process edivorce -v ENVIRONMENT_TYPE=test,PROXY_NETWORK=123.45.67.89/0,BASICAUTH_ENABLED=True | oc create -f - -``` +3. Copy the GitHub wookhook URL -Deploy the NGINX proxy -``` -oc process nginx -v ENVIRONMENT_TYPE=test | oc create -f - -``` +4. Go to the repository settings in Github, and add the webhook url under "Webhooks" -Deploy Weasyprint -``` -oc deploy weasyprint --latest -``` + - Payload URL = The URL you copied from OpenShift + - Content type = application/json + - Secret = Leave Blank + - Just push the event + - Active -Give the Jenkins build pipeline access to the test project -``` -oc policy add-role-to-user edit system:serviceaccount:jag-csb-edivorce-tools:jenkins -n jag-csb-edivorce-test -``` +# eDivorce Deployment Environments -### Setting up Prod +There are three deployment environments set up for different purposes within OpenShift. They are available at the URLs below. -Tag the builds in the tools project so they can be deployed to prod -``` -oc project jag-csb-edivorce-tools -oc tag edivorce-django:latest edivorce-django:deploy-to-prod -oc tag nginx-proxy:latest nginx-proxy:deploy-to-prod -``` +| Environment | URL | Justice URL | +| ----------- | ----- | ----------- | +| DEV | https://edivorce-dev.pathfinder.gov.bc.ca | https://justice.gov.bc.ca/divorce-dev | +| TEST | https://edivorce-test.pathfinder.gov.bc.ca | https://justice.gov.bc.ca/divorce-test | +| PROD | https://edivorce-prod.pathfinder.gov.bc.ca | https://justice.gov.bc.ca/divorce | -Give the prod project access to Docker images stored in the tools project -``` -oc project jag-csb-edivorce-prod -oc policy add-role-to-user system:image-puller system:serviceaccount:jag-csb-edivorce-prod:default -n jag-csb-edivorce-tools -oc policy add-role-to-user edit system:serviceaccount:jag-csb-edivorce-tools:default -n jag-csb-edivorce-prod -``` +These instructions assume you have 4 EMPTY projects created in OpenShift: -Deploy the Django app and the Postgresql DB (Read the section about "Important Configuration Options" above!) -``` -oc process edivorce -v ENVIRONMENT_TYPE=prod,PROXY_NETWORK=123.45.67.89/0 | oc create -f - -``` +- jag-csb-edivorce-tools (BUILD) +- jag-csb-edivorce-dev (DEV) +- jag-csb-edivorce-test (TEST) +- jag-csb-edivorce-prod (PROD) -Deploy the NGINX proxy -``` -oc process nginx -v ENVIRONMENT_TYPE=prod | oc create -f - -``` +# How to Access OpenShift for eDivorce -Deploy weasyprint -``` -oc deploy weasyprint --latest -``` +## Web UI +- Login to https://console.pathfinder.gov.bc.ca:8443; you'll be prompted for GitHub authorization. You must be part of the BCDevOps Github organization, and you must have access to the eDivorce projects. -Give the Jenkins build pipeline access to the prod project -``` -oc policy add-role-to-user edit system:serviceaccount:jag-csb-edivorce-tools:jenkins -n jag-csb-edivorce-prod -``` +## Command-line (```oc```) tools +- Copy command line login string from https://console.pathfinder.gov.bc.ca:8443/console/command-line. It will look like ```oc login https://console.pathfinder.gov.bc.ca:8443 --token=xtyz123xtyz123xtyz123xtyz123``` +- Paste the login string into a terminal session. You are no authenticated against OpenShift and will be able to execute ```oc``` commands. ```oc -h``` provides a summary of available commands. +# Tips ## Data management operations @@ -305,8 +268,7 @@ You can look at the combined stdout and stderr of a given pod with this command: This can be useful to observe the correct functioning of your application. - -## Debugging Tips +## Debugging If you are getting an "Internal Server Error" message on the test or prod environments, follow the steps below to enter debug mode. diff --git a/openshift/edivorce-django-build.param b/openshift/edivorce-django-build.param new file mode 100644 index 00000000..3b93c841 --- /dev/null +++ b/openshift/edivorce-django-build.param @@ -0,0 +1,14 @@ +#========================================================= +# OpenShift template parameters for: +# Component: . +# Template File: templates/edivorce-django/edivorce-django-build.yaml +#========================================================= +NAME=edivorce-django +GIT_REPO_URL=https://github.com/bcgov/eDivorce.git +GIT_REF=master +SOURCE_CONTEXT_DIR= +SOURCE_IMAGE_KIND=ImageStreamTag +SOURCE_IMAGE_NAMESPACE=openshift +SOURCE_IMAGE_NAME=python +SOURCE_IMAGE_TAG=3.5 +PIP_INDEX_URL= diff --git a/openshift/edivorce-django-deploy.dev.param b/openshift/edivorce-django-deploy.dev.param new file mode 100644 index 00000000..7246e55b --- /dev/null +++ b/openshift/edivorce-django-deploy.dev.param @@ -0,0 +1,17 @@ +#========================================================= +# OpenShift template parameters for: +# Component: . +# Template File: templates/edivorce-django/edivorce-django-deploy.yaml +#========================================================= +# NAME=edivorce-django +# DATABASE_SERVICE_NAME=postgresql +# DATABASE_ENGINE=postgresql +# DATABASE_NAME=default +# APP_CONFIG=gunicorn_config.py +# #DJANGO_SECRET_KEY=[\w]{50} +# IMAGE_NAMESPACE=jag-csb-edivorce-tools +TAG_NAME=dev +BASICAUTH_ENABLED=True +# BASICAUTH_USERNAME=divorce +# BASICAUTH_PASSWORD=[a-zA-Z0-9]{16} +# MEMORY_LIMIT=512Mi diff --git a/openshift/edivorce-django-deploy.overrides.sh b/openshift/edivorce-django-deploy.overrides.sh new file mode 100644 index 00000000..1f0eb8d1 --- /dev/null +++ b/openshift/edivorce-django-deploy.overrides.sh @@ -0,0 +1,32 @@ +# ================================================================= +# Special Deployment Parameters needed for Application Deployment +# ----------------------------------------------------------------- +# The results need to be encoded as OpenShift template +# parameters for use with oc process. +# ================================================================= + +generateUsername() { + # Generate a random username and Base64 encode the result ... + _userName=USER_$( cat /dev/urandom | LC_CTYPE=C tr -dc 'a-zA-Z0-9' | fold -w 4 | head -n 1 ) + _userName=$(echo -n "${_userName}"|base64) + echo ${_userName} +} + +generatePassword() { + # Generate a random password and Base64 encode the result ... + _password=$( cat /dev/urandom | LC_CTYPE=C tr -dc 'a-zA-Z0-9_' | fold -w 16 | head -n 1 ) + _password=$(echo -n "${_password}"|base64) + echo ${_password} +} + +_userName=$(generateUsername) +_password=$(generatePassword) + +read -r -p $'\n\033[1;33mEnter the network of the upstream proxy (in CIDR notation; for example 0.0.0.0/0); defaults to 0.0.0.0/0:\033[0m\n' PROXY_NETWORK +if [ -z "${PROXY_NETWORK}" ]; then + PROXY_NETWORK="0.0.0.0/0" +fi + +SPECIALDEPLOYPARMS="-p PROXY_NETWORK=${PROXY_NETWORK} -p BASICAUTH_USERNAME=${_userName} -p BASICAUTH_PASSWORD=${_password}" +echo ${SPECIALDEPLOYPARMS} + diff --git a/openshift/edivorce-django-deploy.param b/openshift/edivorce-django-deploy.param new file mode 100644 index 00000000..3c1bf117 --- /dev/null +++ b/openshift/edivorce-django-deploy.param @@ -0,0 +1,17 @@ +#========================================================= +# OpenShift template parameters for: +# Component: . +# Template File: templates/edivorce-django/edivorce-django-deploy.yaml +#========================================================= +NAME=edivorce-django +DATABASE_SERVICE_NAME=postgresql +DATABASE_ENGINE=postgresql +DATABASE_NAME=default +APP_CONFIG=gunicorn_config.py +# DJANGO_SECRET_KEY=[\w]{50} +IMAGE_NAMESPACE=jag-csb-edivorce-tools +TAG_NAME=dev +BASICAUTH_ENABLED=False +BASICAUTH_USERNAME=divorce +BASICAUTH_PASSWORD=[a-zA-Z0-9]{16} +MEMORY_LIMIT=512Mi diff --git a/openshift/edivorce-django-deploy.prod.param b/openshift/edivorce-django-deploy.prod.param new file mode 100644 index 00000000..566027c1 --- /dev/null +++ b/openshift/edivorce-django-deploy.prod.param @@ -0,0 +1,17 @@ +#========================================================= +# OpenShift template parameters for: +# Component: . +# Template File: templates/edivorce-django/edivorce-django-deploy.yaml +#========================================================= +# NAME=edivorce-django +# DATABASE_SERVICE_NAME=postgresql +# DATABASE_ENGINE=postgresql +# DATABASE_NAME=default +# APP_CONFIG=gunicorn_config.py +# #DJANGO_SECRET_KEY=[\w]{50} +# IMAGE_NAMESPACE=jag-csb-edivorce-tools +TAG_NAME=prod +BASICAUTH_ENABLED=False +# BASICAUTH_USERNAME=divorce +# BASICAUTH_PASSWORD=[a-zA-Z0-9]{16} +# MEMORY_LIMIT=512Mi diff --git a/openshift/edivorce-django-deploy.test.param b/openshift/edivorce-django-deploy.test.param new file mode 100644 index 00000000..70660272 --- /dev/null +++ b/openshift/edivorce-django-deploy.test.param @@ -0,0 +1,17 @@ +#========================================================= +# OpenShift template parameters for: +# Component: . +# Template File: templates/edivorce-django/edivorce-django-deploy.yaml +#========================================================= +# NAME=edivorce-django +# DATABASE_SERVICE_NAME=postgresql +# DATABASE_ENGINE=postgresql +# DATABASE_NAME=default +# APP_CONFIG=gunicorn_config.py +# #DJANGO_SECRET_KEY=[\w]{50} +# IMAGE_NAMESPACE=jag-csb-edivorce-tools +TAG_NAME=test +BASICAUTH_ENABLED=True +# BASICAUTH_USERNAME=divorce +# BASICAUTH_PASSWORD=[a-zA-Z0-9]{16} +# MEMORY_LIMIT=512Mi diff --git a/openshift/jenkins/build-and-deploy-to-dev b/openshift/jenkins/build-and-deploy-to-dev deleted file mode 100644 index 0e4f27bd..00000000 --- a/openshift/jenkins/build-and-deploy-to-dev +++ /dev/null @@ -1,14 +0,0 @@ -node('master') { - -properties([[$class: 'BuildDiscarderProperty', strategy: [$class: 'LogRotator', artifactDaysToKeepStr: '', artifactNumToKeepStr: '', daysToKeepStr: '', numToKeepStr: '10']]]) - -stage 'buildInTools' -openshiftBuild(namespace: 'jag-csb-edivorce-tools', buildConfig: 'edivorce-django', showBuildLogs: 'true') - -stage 'deployInDev' -openshiftTag(namespace: 'jag-csb-edivorce-tools', sourceStream: 'edivorce-django', sourceTag: 'latest', destinationNamespace: 'jag-csb-edivorce-tools', destinationStream: 'edivorce-django', destinationTag: 'deploy-to-dev') -openshiftDeploy(namespace: 'jag-csb-edivorce-dev', deploymentConfig: 'edivorce-django') -openshiftScale(namespace: 'jag-csb-edivorce-dev', deploymentConfig: 'edivorce-django',replicaCount: '1') - -} - diff --git a/openshift/jenkins/deploy-to-prod b/openshift/jenkins/deploy-to-prod deleted file mode 100644 index a15875c6..00000000 --- a/openshift/jenkins/deploy-to-prod +++ /dev/null @@ -1,10 +0,0 @@ -node('master') { - -properties([[$class: 'BuildDiscarderProperty', strategy: [$class: 'LogRotator', artifactDaysToKeepStr: '', artifactNumToKeepStr: '', daysToKeepStr: '', numToKeepStr: '10']]]) - -stage 'deployInProd' -openshiftTag(namespace: 'jag-csb-edivorce-tools', sourceStream: 'edivorce-django', sourceTag: 'latest', destinationNamespace: 'jag-csb-edivorce-tools', destinationStream: 'edivorce-django', destinationTag: 'deploy-to-prod') -openshiftDeploy(namespace: 'jag-csb-edivorce-prod', deploymentConfig: 'edivorce-django') -openshiftScale(namespace: 'jag-csb-edivorce-prod', deploymentConfig: 'edivorce-django',replicaCount: '2') -} - diff --git a/openshift/jenkins/deploy-to-test b/openshift/jenkins/deploy-to-test deleted file mode 100644 index b75dc347..00000000 --- a/openshift/jenkins/deploy-to-test +++ /dev/null @@ -1,11 +0,0 @@ -node('master') { - -properties([[$class: 'BuildDiscarderProperty', strategy: [$class: 'LogRotator', artifactDaysToKeepStr: '', artifactNumToKeepStr: '', daysToKeepStr: '', numToKeepStr: '10']]]) - -stage 'deployInTest' -openshiftTag(namespace: 'jag-csb-edivorce-tools', sourceStream: 'edivorce-django', sourceTag: 'latest', destinationNamespace: 'jag-csb-edivorce-tools', destinationStream: 'edivorce-django', destinationTag: 'deploy-to-test') -openshiftDeploy(namespace: 'jag-csb-edivorce-test', deploymentConfig: 'edivorce-django') -openshiftScale(namespace: 'jag-csb-edivorce-test', deploymentConfig: 'edivorce-django',replicaCount: '1') - -} - diff --git a/openshift/jenkins/jenkins-pipeline-persistent-template.json b/openshift/jenkins/jenkins-pipeline-persistent-template.json deleted file mode 100644 index 3661b4bc..00000000 --- a/openshift/jenkins/jenkins-pipeline-persistent-template.json +++ /dev/null @@ -1,295 +0,0 @@ -{ - "kind": "Template", - "apiVersion": "v1", - "metadata": { - "name": "jenkins-pipeline-persistent", - "creationTimestamp": null, - "annotations": { - "description": "Jenkins service, with persistent storage.\nYou must have persistent volumes available in your cluster to use this template.", - "iconClass": "icon-jenkins", - "tags": "instant-app,jenkins" - } - }, - "message": "A Jenkins service has been created in your project. The username/password are admin/${JENKINS_PASSWORD}. The tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.", - "objects": [ - { - "kind": "Route", - "apiVersion": "v1", - "metadata": { - "name": "${JENKINS_SERVICE_NAME}", - "creationTimestamp": null - }, - "spec": { - "host" : "edivorce-jenkins.pathfinder.gov.bc.ca", - "to": { - "kind": "Service", - "name": "${JENKINS_SERVICE_NAME}" - }, - "tls": { - "termination": "edge", - "insecureEdgeTerminationPolicy": "Redirect" - } - } - }, - { - "kind": "PersistentVolumeClaim", - "apiVersion": "v1", - "metadata": { - "name": "${JENKINS_SERVICE_NAME}" - }, - "spec": { - "accessModes": [ - "ReadWriteOnce" - ], - "resources": { - "requests": { - "storage": "${VOLUME_CAPACITY}" - } - } - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${JENKINS_SERVICE_NAME}", - "creationTimestamp": null - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "jenkins" - ], - "from": { - "kind": "ImageStreamTag", - "name": "${JENKINS_IMAGE_STREAM_TAG}", - "namespace": "${NAMESPACE}" - }, - "lastTriggeredImage": "" - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "name": "${JENKINS_SERVICE_NAME}" - }, - "template": { - "metadata": { - "creationTimestamp": null, - "labels": { - "name": "${JENKINS_SERVICE_NAME}" - } - }, - "spec": { - "serviceAccountName": "${JENKINS_SERVICE_NAME}", - "containers": [ - { - "name": "jenkins", - "image": " ", - "readinessProbe": { - "timeoutSeconds": 3, - "initialDelaySeconds": 3, - "httpGet": { - "path": "/login", - "port": 8080 - } - }, - "livenessProbe": { - "timeoutSeconds": 3, - "initialDelaySeconds": 120, - "httpGet": { - "path": "/login", - "port": 8080 - } - }, - "env": [ - { - "name": "JENKINS_PASSWORD", - "value": "${JENKINS_PASSWORD}" - }, - { - "name": "KUBERNETES_MASTER", - "value": "https://kubernetes.default:443" - }, - { - "name": "KUBERNETES_TRUST_CERTIFICATES", - "value": "true" - }, - { - "name": "JNLP_SERVICE_NAME", - "value": "${JNLP_SERVICE_NAME}" - } - ], - "resources": { - "limits": { - "memory": "${MEMORY_LIMIT}" - } - }, - "volumeMounts": [ - { - "name": "${JENKINS_SERVICE_NAME}-data", - "mountPath": "/var/lib/jenkins" - } - ], - "terminationMessagePath": "/dev/termination-log", - "imagePullPolicy": "IfNotPresent", - "capabilities": {}, - "securityContext": { - "capabilities": {}, - "privileged": false - } - } - ], - "volumes": [ - { - "name": "${JENKINS_SERVICE_NAME}-data", - "persistentVolumeClaim": { - "claimName": "${JENKINS_SERVICE_NAME}" - } - } - ], - "restartPolicy": "Always", - "dnsPolicy": "ClusterFirst" - } - } - } - }, - { - "kind": "ServiceAccount", - "apiVersion": "v1", - "metadata": { - "name": "${JENKINS_SERVICE_NAME}" - } - }, - { - "kind": "RoleBinding", - "apiVersion": "v1", - "metadata": { - "name": "${JENKINS_SERVICE_NAME}_edit" - }, - "groupNames": null, - "subjects": [ - { - "kind": "ServiceAccount", - "name": "${JENKINS_SERVICE_NAME}" - } - ], - "roleRef": { - "name": "edit" - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "metadata": { - "name": "${JNLP_SERVICE_NAME}" - }, - "spec": { - "ports": [ - { - "name": "agent", - "protocol": "TCP", - "port": 50000, - "targetPort": 50000, - "nodePort": 0 - } - ], - "selector": { - "name": "${JENKINS_SERVICE_NAME}" - }, - "portalIP": "", - "type": "ClusterIP", - "sessionAffinity": "None" - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "metadata": { - "name": "${JENKINS_SERVICE_NAME}", - "annotations": { - "service.alpha.openshift.io/dependencies": "[{\"name\": \"${JNLP_SERVICE_NAME}\", \"namespace\": \"\", \"kind\": \"Service\"}]", - "service.openshift.io/infrastructure": "true" - }, - "creationTimestamp": null - }, - "spec": { - "ports": [ - { - "name": "web", - "protocol": "TCP", - "port": 80, - "targetPort": 8080, - "nodePort": 0 - } - ], - "selector": { - "name": "${JENKINS_SERVICE_NAME}" - }, - "portalIP": "", - "type": "ClusterIP", - "sessionAffinity": "None" - } - } - ], - "parameters": [ - { - "name": "JENKINS_SERVICE_NAME", - "displayName": "Jenkins Service Name", - "description": "The name of the OpenShift Service exposed for the Jenkins container.", - "value": "jenkins" - }, - { - "name": "JNLP_SERVICE_NAME", - "displayName": "Jenkins JNLP Service Name", - "description": "The name of the service used for master/slave communication.", - "value": "jenkins-jnlp" - }, - { - "name": "JENKINS_PASSWORD", - "displayName": "Jenkins Password", - "description": "Password for the Jenkins 'admin' user.", - "generate": "expression", - "from": "[a-zA-Z0-9]{16}", - "required": true - }, - { - "name": "MEMORY_LIMIT", - "displayName": "Memory Limit", - "description": "Maximum amount of memory the container can use.", - "value": "512Mi" - }, - { - "name": "VOLUME_CAPACITY", - "displayName": "Volume Capacity", - "description": "Volume space available for data, e.g. 512Mi, 2Gi.", - "value": "1Gi", - "required": true - }, - { - "name": "NAMESPACE", - "displayName": "Jenkins ImageStream Namespace", - "description": "The OpenShift Namespace where the Jenkins ImageStream resides.", - "value": "openshift" - }, - { - "name": "JENKINS_IMAGE_STREAM_TAG", - "displayName": "Jenkins ImageStreamTag", - "description": "Name of the ImageStreamTag to be used for the Jenkins image.", - "value": "jenkins:latest" - } - ], - "labels": { - "template": "jenkins-persistent-template" - } -} \ No newline at end of file diff --git a/openshift/jenkins/pipeline.yaml b/openshift/jenkins/pipeline.yaml deleted file mode 100644 index e0b03bc8..00000000 --- a/openshift/jenkins/pipeline.yaml +++ /dev/null @@ -1,111 +0,0 @@ ---- -kind: Template -apiVersion: v1 -metadata: - name: edivorce-build-pipeline -labels: - template: edivorce-build-pipeline -objects: -- kind: BuildConfig - apiVersion: v1 - metadata: - name: build-and-deploy-to-dev - labels: - name: build-and-deploy-to-dev - annotations: - pipeline.alpha.openshift.io/uses: '[{"name": "", "namespace": "", "kind": "DeploymentConfig"}]' - spec: - triggers: - - - type: GitHub - github: - secret: ${GITHUB_WEBHOOK_SECRET} - - - type: Generic - generic: - secret: ${GITHUB_WEBHOOK_SECRET} - runPolicy: Serial - source: - type: Git - git: - uri: 'https://github.com/bcgov/eDivorce' - ref: master - contextDir: openshift/jenkins - strategy: - type: JenkinsPipeline - jenkinsPipelineStrategy: - jenkinsfilePath: build-and-deploy-to-dev - output: - resources: - postCommit: -- kind: BuildConfig - apiVersion: v1 - metadata: - name: deploy-to-prod - labels: - name: deploy-to-prod - annotations: - pipeline.alpha.openshift.io/uses: '[{"name": "", "namespace": "", "kind": "DeploymentConfig"}]' - spec: - triggers: - - - type: GitHub - github: - secret: ${GITHUB_WEBHOOK_SECRET} - - - type: Generic - generic: - secret: ${GITHUB_WEBHOOK_SECRET} - runPolicy: Serial - source: - type: Git - git: - uri: 'https://github.com/bcgov/eDivorce' - ref: master - contextDir: openshift/jenkins - strategy: - type: JenkinsPipeline - jenkinsPipelineStrategy: - jenkinsfilePath: deploy-to-prod - output: - resources: - postCommit: -- kind: BuildConfig - apiVersion: v1 - metadata: - name: deploy-to-test - labels: - name: deploy-to-test - annotations: - pipeline.alpha.openshift.io/uses: '[{"name": "", "namespace": "", "kind": "DeploymentConfig"}]' - spec: - triggers: - - - type: GitHub - github: - secret: ${GITHUB_WEBHOOK_SECRET} - - - type: Generic - generic: - secret: ${GITHUB_WEBHOOK_SECRET} - runPolicy: Serial - source: - type: Git - git: - uri: 'https://github.com/bcgov/eDivorce' - ref: master - contextDir: openshift/jenkins - strategy: - type: JenkinsPipeline - jenkinsPipelineStrategy: - jenkinsfilePath: deploy-to-test - output: - resources: - postCommit: -parameters: -- name: GITHUB_WEBHOOK_SECRET - displayName: GitHub Webhook Secret - description: A secret string used to configure the GitHub webhook. - generate: expression - from: "[a-zA-Z0-9]{40}" - diff --git a/openshift/nginx-proxy-build.param b/openshift/nginx-proxy-build.param new file mode 100644 index 00000000..a84d8e6d --- /dev/null +++ b/openshift/nginx-proxy-build.param @@ -0,0 +1,13 @@ +#========================================================= +# OpenShift template parameters for: +# Component: . +# Template File: templates/nginx-proxy/nginx-proxy-build.yaml +#========================================================= +NAME=nginx-proxy +GIT_REPO_URL=https://github.com/bcgov/eDivorce.git +GIT_REF=master +SOURCE_CONTEXT_DIR=/openshift/templates/nginx-proxy +SOURCE_IMAGE_KIND=ImageStreamTag +SOURCE_IMAGE_NAME=s2i-nginx +SOURCE_IMAGE_TAG=latest +NGINX_PROXY_URL=http://edivorce-django:8080/ diff --git a/openshift/nginx-proxy-deploy.dev.param b/openshift/nginx-proxy-deploy.dev.param new file mode 100644 index 00000000..1a63f14d --- /dev/null +++ b/openshift/nginx-proxy-deploy.dev.param @@ -0,0 +1,11 @@ +#========================================================= +# OpenShift template parameters for: +# Component: . +# Template File: templates/nginx-proxy/nginx-proxy-deploy.yaml +#========================================================= +# NAME=nginx-proxy +# IMAGE_NAMESPACE=jag-csb-edivorce-tools +TAG_NAME=dev +APPLICATION_DOMAIN=edivorce-dev.pathfinder.gov.bc.ca +SITEMINDER_APPLICATION_DOMAIN=edivorce-dev.pathfinder.bcgov +# SITEMINDER_WHITE_LIST= diff --git a/openshift/nginx-proxy-deploy.overrides.sh b/openshift/nginx-proxy-deploy.overrides.sh new file mode 100644 index 00000000..c733f285 --- /dev/null +++ b/openshift/nginx-proxy-deploy.overrides.sh @@ -0,0 +1,17 @@ +# ================================================================================================================ +# Special Deployment Parameters needed for injecting a user supplied white-list into the deployment configuration +# ---------------------------------------------------------------------------------------------------------------- +# The results need to be encoded as OpenShift template parameters for use with oc process. +# ================================================================================================================ + +# Define the name of the override param file. +_overrideParamFile=$(basename ${0%.*}).param + +# Ask the user to supply the list of IP addresses ... +read -r -p $'\n\033[1;33mEnter the white list of trusted IP addresses that should be allowed to access the SiteMinder route (as a space delimited list of IP addresses):\033[0m\n' SITEMINDER_WHITE_LIST + +# Write the results into a param file, since you can't pass space delimited parameters on the command line using -p or --param +echo "SITEMINDER_WHITE_LIST=${SITEMINDER_WHITE_LIST}" > ${_overrideParamFile} + +SPECIALDEPLOYPARMS="--param-file=${_overrideParamFile}" +echo ${SPECIALDEPLOYPARMS} \ No newline at end of file diff --git a/openshift/nginx-proxy-deploy.param b/openshift/nginx-proxy-deploy.param new file mode 100644 index 00000000..28f958a3 --- /dev/null +++ b/openshift/nginx-proxy-deploy.param @@ -0,0 +1,11 @@ +#========================================================= +# OpenShift template parameters for: +# Component: . +# Template File: templates/nginx-proxy/nginx-proxy-deploy.yaml +#========================================================= +NAME=nginx-proxy +IMAGE_NAMESPACE=jag-csb-edivorce-tools +TAG_NAME=dev +APPLICATION_DOMAIN=edivorce-dev.pathfinder.gov.bc.ca +SITEMINDER_APPLICATION_DOMAIN=edivorce-dev.pathfinder.bcgov +SITEMINDER_WHITE_LIST= diff --git a/openshift/nginx-proxy-deploy.prod.param b/openshift/nginx-proxy-deploy.prod.param new file mode 100644 index 00000000..e14c0050 --- /dev/null +++ b/openshift/nginx-proxy-deploy.prod.param @@ -0,0 +1,11 @@ +#========================================================= +# OpenShift template parameters for: +# Component: . +# Template File: templates/nginx-proxy/nginx-proxy-deploy.yaml +#========================================================= +# NAME=nginx-proxy +# IMAGE_NAMESPACE=jag-csb-edivorce-tools +TAG_NAME=prod +APPLICATION_DOMAIN=edivorce-prod.pathfinder.gov.bc.ca +SITEMINDER_APPLICATION_DOMAIN=edivorce-prod.pathfinder.bcgov +# SITEMINDER_WHITE_LIST= diff --git a/openshift/nginx-proxy-deploy.test.param b/openshift/nginx-proxy-deploy.test.param new file mode 100644 index 00000000..6f4548bd --- /dev/null +++ b/openshift/nginx-proxy-deploy.test.param @@ -0,0 +1,11 @@ +#========================================================= +# OpenShift template parameters for: +# Component: . +# Template File: templates/nginx-proxy/nginx-proxy-deploy.yaml +#========================================================= +# NAME=nginx-proxy +# IMAGE_NAMESPACE=jag-csb-edivorce-tools +TAG_NAME=test +APPLICATION_DOMAIN=edivorce-test.pathfinder.gov.bc.ca +SITEMINDER_APPLICATION_DOMAIN=edivorce-test.pathfinder.bcgov +# SITEMINDER_WHITE_LIST= diff --git a/openshift/postgresql-build.param b/openshift/postgresql-build.param new file mode 100644 index 00000000..7b14be84 --- /dev/null +++ b/openshift/postgresql-build.param @@ -0,0 +1,10 @@ +#========================================================= +# OpenShift template parameters for: +# Component: . +# Template File: templates/postgresql/postgresql-build.yaml +#========================================================= +NAME=postgresql +OUTPUT_IMAGE_TAG=latest +SOURCE_IMAGE_KIND=DockerImage +SOURCE_IMAGE_NAME=registry.access.redhat.com/rhscl/postgresql-95-rhel7 +SOURCE_IMAGE_TAG=9.5 diff --git a/openshift/postgresql-deploy.dev.param b/openshift/postgresql-deploy.dev.param new file mode 100644 index 00000000..54f936ea --- /dev/null +++ b/openshift/postgresql-deploy.dev.param @@ -0,0 +1,16 @@ +#========================================================= +# OpenShift template parameters for: +# Component: . +# Template File: templates/postgresql/postgresql-deploy.yaml +#========================================================= +# NAME=postgresql +# IMAGE_NAMESPACE=jag-csb-edivorce-tools +# SOURCE_IMAGE_NAME=postgresql +TAG_NAME=dev +# POSTGRESQL_DATABASE_NAME=default +# POSTGRESQL_USER=[a-zA-Z_][a-zA-Z0-9_]{10} +# POSTGRESQL_PASSWORD=[a-zA-Z0-9_~!@#$%^&*()-=<>,.?;:|]{16} +# POSTGRESQL_ADMIN_PASSWORD=[a-zA-Z0-9_~!@#$%^&*()-=<>,.?;:|]{16} +# MOUNT_PATH=/var/lib/pgsql/data +# PERSISTENT_VOLUME_SIZE=1Gi +# MEMORY_LIMIT=512Mi diff --git a/openshift/postgresql-deploy.overrides.sh b/openshift/postgresql-deploy.overrides.sh new file mode 100644 index 00000000..1bcfb11c --- /dev/null +++ b/openshift/postgresql-deploy.overrides.sh @@ -0,0 +1,28 @@ +# ====================================================== +# Special Deployment Parameters needed for DB Deployment +# ------------------------------------------------------ +# The results need to be encoded as OpenShift template +# parameters for use with oc process. +# ====================================================== + +generateUsername() { + # Generate a random username and Base64 encode the result ... + _userName=USER_$( cat /dev/urandom | LC_CTYPE=C tr -dc 'a-zA-Z0-9' | fold -w 4 | head -n 1 ) + _userName=$(echo -n "${_userName}"|base64) + echo ${_userName} +} + +generatePassword() { + # Generate a random password and Base64 encode the result ... + _password=$( cat /dev/urandom | LC_CTYPE=C tr -dc 'a-zA-Z0-9_' | fold -w 16 | head -n 1 ) + _password=$(echo -n "${_password}"|base64) + echo ${_password} +} + +_userName=$(generateUsername) +_password=$(generatePassword) +_adminPassword=$(generatePassword) + +SPECIALDEPLOYPARMS="-p POSTGRESQL_USER=${_userName} -p POSTGRESQL_PASSWORD=${_password} -p POSTGRESQL_ADMIN_PASSWORD=${_adminPassword}" +echo ${SPECIALDEPLOYPARMS} + diff --git a/openshift/postgresql-deploy.param b/openshift/postgresql-deploy.param new file mode 100644 index 00000000..869eb883 --- /dev/null +++ b/openshift/postgresql-deploy.param @@ -0,0 +1,16 @@ +#========================================================= +# OpenShift template parameters for: +# Component: . +# Template File: templates/postgresql/postgresql-deploy.yaml +#========================================================= +NAME=postgresql +IMAGE_NAMESPACE=jag-csb-edivorce-tools +SOURCE_IMAGE_NAME=postgresql +TAG_NAME=dev +POSTGRESQL_DATABASE_NAME=default +POSTGRESQL_USER=[a-zA-Z_][a-zA-Z0-9_]{10} +POSTGRESQL_PASSWORD=[a-zA-Z0-9_~!@#$%^&*()-=<>,.?;:|]{16} +POSTGRESQL_ADMIN_PASSWORD=[a-zA-Z0-9_~!@#$%^&*()-=<>,.?;:|]{16} +MOUNT_PATH=/var/lib/pgsql/data +PERSISTENT_VOLUME_SIZE=1Gi +MEMORY_LIMIT=512Mi diff --git a/openshift/postgresql-deploy.prod.param b/openshift/postgresql-deploy.prod.param new file mode 100644 index 00000000..7056de7f --- /dev/null +++ b/openshift/postgresql-deploy.prod.param @@ -0,0 +1,16 @@ +#========================================================= +# OpenShift template parameters for: +# Component: . +# Template File: templates/postgresql/postgresql-deploy.yaml +#========================================================= +# NAME=postgresql +# IMAGE_NAMESPACE=jag-csb-edivorce-tools +# SOURCE_IMAGE_NAME=postgresql +TAG_NAME=prod +# POSTGRESQL_DATABASE_NAME=default +# POSTGRESQL_USER=[a-zA-Z_][a-zA-Z0-9_]{10} +# POSTGRESQL_PASSWORD=[a-zA-Z0-9_~!@#$%^&*()-=<>,.?;:|]{16} +# POSTGRESQL_ADMIN_PASSWORD=[a-zA-Z0-9_~!@#$%^&*()-=<>,.?;:|]{16} +# MOUNT_PATH=/var/lib/pgsql/data +# PERSISTENT_VOLUME_SIZE=1Gi +# MEMORY_LIMIT=512Mi diff --git a/openshift/postgresql-deploy.test.param b/openshift/postgresql-deploy.test.param new file mode 100644 index 00000000..61d3ae7d --- /dev/null +++ b/openshift/postgresql-deploy.test.param @@ -0,0 +1,16 @@ +#========================================================= +# OpenShift template parameters for: +# Component: . +# Template File: templates/postgresql/postgresql-deploy.yaml +#========================================================= +# NAME=postgresql +# IMAGE_NAMESPACE=jag-csb-edivorce-tools +# SOURCE_IMAGE_NAME=postgresql +TAG_NAME=test +# POSTGRESQL_DATABASE_NAME=default +# POSTGRESQL_USER=[a-zA-Z_][a-zA-Z0-9_]{10} +# POSTGRESQL_PASSWORD=[a-zA-Z0-9_~!@#$%^&*()-=<>,.?;:|]{16} +# POSTGRESQL_ADMIN_PASSWORD=[a-zA-Z0-9_~!@#$%^&*()-=<>,.?;:|]{16} +# MOUNT_PATH=/var/lib/pgsql/data +# PERSISTENT_VOLUME_SIZE=1Gi +# MEMORY_LIMIT=512Mi diff --git a/openshift/settings.sh b/openshift/settings.sh new file mode 100644 index 00000000..19c6ec24 --- /dev/null +++ b/openshift/settings.sh @@ -0,0 +1,25 @@ +export PROJECT_NAMESPACE=${PROJECT_NAMESPACE:-jag-csb-edivorce} +export GIT_URI=${GIT_URI:-"https://github.com/bcgov/eDivorce.git"} +export GIT_REF=${GIT_REF:-"master"} + +# The project components +# - They are all contained under the main OpenShift folder. +export components="." + +# The templates that should not have their GIT referances(uri and ref) over-ridden +# Templates NOT in this list will have they GIT referances over-ridden +# with the values of GIT_URI and GIT_REF +export -a skip_git_overrides="schema-spy-build.json" + +# The templates that should not have their GIT referances(uri and ref) over-ridden +# Templates NOT in this list will have they GIT referances over-ridden with the values of GIT_URI and GIT_REF +export skip_git_overrides="" + +# The builds to be triggered after buildconfigs created (not auto-triggered) +export builds="" + +# The images to be tagged after build +export images="nginx-proxy weasyprint edivorce-django postgresql" + +# The routes for the project +export routes="nginx-proxy" diff --git a/openshift/templates/edivorce-build-template.yaml b/openshift/templates/edivorce-django/edivorce-django-build.yaml similarity index 56% rename from openshift/templates/edivorce-build-template.yaml rename to openshift/templates/edivorce-django/edivorce-django-build.yaml index 5a1cae43..3ed5551d 100644 --- a/openshift/templates/edivorce-build-template.yaml +++ b/openshift/templates/edivorce-django/edivorce-django-build.yaml @@ -2,40 +2,36 @@ kind: Template apiVersion: v1 metadata: - name: edivorce-build + name: ${NAME}-build-template annotations: - description: An example Django application with a PostgreSQL database + description: A Django application with a PostgreSQL database tags: edivorce,python,django,postgresql iconClass: icon-python labels: - template: edivorce-build-template + template: ${NAME}-build-template objects: - kind: ImageStream apiVersion: v1 metadata: name: "${NAME}" - annotations: - description: Keeps track of changes in the application image - kind: BuildConfig apiVersion: v1 metadata: name: "${NAME}" - annotations: - description: Defines how to build the application spec: source: type: Git git: - uri: "${SOURCE_REPOSITORY_URL}" - ref: "${SOURCE_REPOSITORY_REF}" - contextDir: "${CONTEXT_DIR}" + uri: "${GIT_REPO_URL}" + ref: "${GIT_REF}" + contextDir: "${SOURCE_CONTEXT_DIR}" strategy: type: Source sourceStrategy: from: - kind: ImageStreamTag - namespace: "${NAMESPACE}" - name: python:3.5 + kind: ${SOURCE_IMAGE_KIND} + namespace: "${SOURCE_IMAGE_NAMESPACE}" + name: ${SOURCE_IMAGE_NAME}:${SOURCE_IMAGE_TAG} env: - name: PIP_INDEX_URL value: "${PIP_INDEX_URL}" @@ -46,9 +42,6 @@ objects: triggers: - type: ImageChange - type: ConfigChange - - type: GitHub - github: - secret: "${GITHUB_WEBHOOK_SECRET}" postCommit: script: "./manage.py test" parameters: @@ -57,32 +50,37 @@ parameters: description: The name assigned to all of the frontend objects defined in this template. required: true value: edivorce-django -- name: NAMESPACE - displayName: Namespace - required: true - description: The OpenShift Namespace where the ImageStream resides. - value: openshift -- name: SOURCE_REPOSITORY_URL +- name: GIT_REPO_URL displayName: Git Repository URL - required: true description: The URL of the repository with your application source code. + required: true value: https://github.com/bcgov/eDivorce -- name: SOURCE_REPOSITORY_REF +- name: GIT_REF displayName: Git Reference description: Set this to a branch name, tag or other ref of your repository if you are not using the default branch. -- name: CONTEXT_DIR +- name: SOURCE_CONTEXT_DIR displayName: Context Directory description: Set this to the relative path to your project if it is not in the root of your repository. -- name: GITHUB_WEBHOOK_SECRET - displayName: GitHub Webhook Secret - description: A secret string used to configure the GitHub webhook. - generate: expression - from: "[a-zA-Z0-9]{40}" -- name: DJANGO_SECRET_KEY - displayName: Django Secret Key - description: Set this to a long random string. - generate: expression - from: "[\\w]{50}" +- name: SOURCE_IMAGE_KIND + displayName: Source Image Kind + description: The 'kind' (type) of the source image; typically ImageStreamTag, or DockerImage. + required: true + value: ImageStreamTag +- name: SOURCE_IMAGE_NAMESPACE + displayName: Source Image Namespace + description: The namespace where the source image resides. + required: true + value: openshift +- name: SOURCE_IMAGE_NAME + displayName: Source Image Name + description: The name of the source image. + required: true + value: python +- name: SOURCE_IMAGE_TAG + displayName: Source Image Tag + description: The tag of the source image. + required: true + value: "3.5" - name: PIP_INDEX_URL displayName: Custom PyPi Index URL description: The custom PyPi index URL diff --git a/openshift/templates/edivorce-django/edivorce-django-deploy.yaml b/openshift/templates/edivorce-django/edivorce-django-deploy.yaml new file mode 100644 index 00000000..9d3c7945 --- /dev/null +++ b/openshift/templates/edivorce-django/edivorce-django-deploy.yaml @@ -0,0 +1,192 @@ +--- +kind: Template +apiVersion: v1 +metadata: + name: edivorce + annotations: + description: An example Django application with a PostgreSQL database + tags: edivorce,python,django,postgresql + iconClass: icon-python +labels: + template: edivorce-environment-template +objects: +- kind: Service + apiVersion: v1 + metadata: + name: "${NAME}" + annotations: + description: Exposes and load balances the application pods + spec: + ports: + - name: web + port: 8080 + targetPort: 8080 + selector: + name: "${NAME}" +- kind: DeploymentConfig + apiVersion: v1 + metadata: + name: "${NAME}" + annotations: + description: Defines how to deploy the application server + spec: + strategy: + type: Rolling + triggers: + - type: ImageChange + imageChangeParams: + automatic: true + containerNames: + - edivorce-django + from: + kind: ImageStreamTag + namespace: "${IMAGE_NAMESPACE}" + name: "${NAME}:${TAG_NAME}" + - type: ConfigChange + replicas: 1 + selector: + name: "${NAME}" + template: + metadata: + name: "${NAME}" + labels: + name: "${NAME}" + spec: + containers: + - name: edivorce-django + image: " " + ports: + - containerPort: 8080 + readinessProbe: + timeoutSeconds: 3 + initialDelaySeconds: 3 + httpGet: + path: "/health" + port: 8080 + livenessProbe: + timeoutSeconds: 3 + initialDelaySeconds: 30 + httpGet: + path: "/health" + port: 8080 + env: + - name: DATABASE_SERVICE_NAME + value: "${DATABASE_SERVICE_NAME}" + - name: DATABASE_ENGINE + value: "${DATABASE_ENGINE}" + - name: DATABASE_NAME + value: "${DATABASE_NAME}" + - name: DATABASE_USER + valueFrom: + secretKeyRef: + key: database-user + name: postgresql + - name: DATABASE_PASSWORD + valueFrom: + secretKeyRef: + key: database-password + name: postgresql + - name: APP_CONFIG + value: "${APP_CONFIG}" + - name: DJANGO_SECRET_KEY + value: "${DJANGO_SECRET_KEY}" + - name: ENVIRONMENT_TYPE + value: "${TAG_NAME}" + - name: PROXY_NETWORK + value: "${PROXY_NETWORK}" + - name: BASICAUTH_ENABLED + value: "${BASICAUTH_ENABLED}" + - name: BASICAUTH_USERNAME + valueFrom: + secretKeyRef: + key: basic-auth-username + name: ${NAME} + - name: BASICAUTH_PASSWORD + valueFrom: + secretKeyRef: + key: basic-auth-password + name: ${NAME} + resources: + limits: + memory: "${MEMORY_LIMIT}" +- kind: Secret + apiVersion: v1 + metadata: + name: "${NAME}" + labels: + app: "${NAME}" + data: + basic-auth-password: "${BASICAUTH_PASSWORD}" + basic-auth-username: "${BASICAUTH_USERNAME}" + type: Opaque +- kind: HorizontalPodAutoscaler + apiVersion: autoscaling/v1 + metadata: + name: "${NAME}" + labels: + app: "${NAME}" + spec: + scaleTargetRef: + kind: DeploymentConfig + name: "${NAME}" + minReplicas: 1 + maxReplicas: 4 +parameters: +- name: NAME + displayName: Name + description: The name assigned to all of the frontend objects defined in this template. + required: true + value: edivorce-django +- name: DATABASE_SERVICE_NAME + displayName: Database Service Name + required: true + value: postgresql +- name: DATABASE_ENGINE + displayName: Database Engine + description: 'Database engine: postgresql, mysql or sqlite (default).' + required: true + value: postgresql +- name: DATABASE_NAME + displayName: Database Name + required: true + value: default +- name: APP_CONFIG + displayName: Application Configuration File Path + description: Relative path to Gunicorn configuration file (optional). + value: gunicorn_config.py +- name: DJANGO_SECRET_KEY + displayName: Django Secret Key + description: Set this to a long random string. + generate: expression + from: "[\\w]{50}" +- name: IMAGE_NAMESPACE + displayName: Namespace containing application images. + required: true + value: jag-csb-edivorce-tools +- name: TAG_NAME + displayName: Environment TAG name + description: The TAG name for this environment, e.g., dev, test, prod, or minishift. + required: true + value: dev +- name: PROXY_NETWORK + displayName: Network of upstream proxy (CIDR notation 0.0.0.0/0) + required: true +- name: BASICAUTH_ENABLED + displayName: Enable basic auth (recommended for Dev and Test environments) + required: true + value: "False" +- name: BASICAUTH_USERNAME + displayName: Basic Auth Username + description: Basic Auth Username. Needs to be basee64 encoded. + required: true + value: divorce +- name: BASICAUTH_PASSWORD + displayName: Basic Auth Password + description: Basic Auth Password. Needs to be basee64 encoded. + generate: expression + from: "[a-zA-Z0-9]{16}" +- name: MEMORY_LIMIT + displayName: Memory Limit + required: true + description: Maximum amount of memory the Django container can use. + value: 512Mi diff --git a/openshift/templates/edivorce-environment-template.yaml b/openshift/templates/edivorce-environment-template.yaml deleted file mode 100644 index 0e0c47e1..00000000 --- a/openshift/templates/edivorce-environment-template.yaml +++ /dev/null @@ -1,353 +0,0 @@ ---- -kind: Template -apiVersion: v1 -metadata: - name: edivorce - annotations: - description: An example Django application with a PostgreSQL database - tags: edivorce,python,django,postgresql - iconClass: icon-python -labels: - template: edivorce-environment-template -objects: -- kind: Service - apiVersion: v1 - metadata: - name: "${NAME}" - annotations: - description: Exposes and load balances the application pods - spec: - ports: - - name: web - port: 8080 - targetPort: 8080 - selector: - name: "${NAME}" -- kind: DeploymentConfig - apiVersion: v1 - metadata: - name: "${NAME}" - annotations: - description: Defines how to deploy the application server - spec: - strategy: - type: Rolling - triggers: - - type: ImageChange - imageChangeParams: - automatic: true - containerNames: - - edivorce-django - from: - kind: ImageStreamTag - namespace: "${APP_IMAGE_NAMESPACE}" - name: "${APP_IMAGE_NAME}:deploy-to-${ENVIRONMENT_TYPE}" - - type: ConfigChange - replicas: 1 - selector: - name: "${NAME}" - template: - metadata: - name: "${NAME}" - labels: - name: "${NAME}" - spec: - containers: - - name: edivorce-django - image: " " - ports: - - containerPort: 8080 - readinessProbe: - timeoutSeconds: 3 - initialDelaySeconds: 3 - httpGet: - path: "/health" - port: 8080 - livenessProbe: - timeoutSeconds: 3 - initialDelaySeconds: 30 - httpGet: - path: "/health" - port: 8080 - env: - - name: DATABASE_SERVICE_NAME - value: "${DATABASE_SERVICE_NAME}" - - name: DATABASE_ENGINE - value: "${DATABASE_ENGINE}" - - name: DATABASE_NAME - value: "${DATABASE_NAME}" - - name: DATABASE_USER - value: "${DATABASE_USER}" - - name: DATABASE_PASSWORD - value: "${DATABASE_PASSWORD}" - - name: APP_CONFIG - value: "${APP_CONFIG}" - - name: DJANGO_SECRET_KEY - value: "${DJANGO_SECRET_KEY}" - - name: ENVIRONMENT_TYPE - value: "${ENVIRONMENT_TYPE}" - - name: PROXY_NETWORK - value: "${PROXY_NETWORK}" - - name: BASICAUTH_ENABLED - value: "${BASICAUTH_ENABLED}" - - name: BASICAUTH_USERNAME - value: "${BASICAUTH_USERNAME}" - - name: BASICAUTH_PASSWORD - value: "${BASICAUTH_PASSWORD}" - resources: - limits: - memory: "${MEMORY_LIMIT}" -- kind: PersistentVolumeClaim - apiVersion: v1 - metadata: - name: "${DATABASE_SERVICE_NAME}" - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: "${VOLUME_CAPACITY}" -- kind: Service - apiVersion: v1 - metadata: - name: "${DATABASE_SERVICE_NAME}" - annotations: - description: Exposes the database server - spec: - ports: - - name: postgresql - port: 5432 - targetPort: 5432 - selector: - name: "${DATABASE_SERVICE_NAME}" -- kind: DeploymentConfig - apiVersion: v1 - metadata: - name: "${DATABASE_SERVICE_NAME}" - annotations: - description: Defines how to deploy the database - spec: - strategy: - type: Recreate - triggers: - - type: ImageChange - imageChangeParams: - automatic: true - containerNames: - - postgresql - from: - kind: ImageStreamTag - namespace: "${NAMESPACE}" - name: postgresql:9.5 - - type: ConfigChange - replicas: 1 - selector: - name: "${DATABASE_SERVICE_NAME}" - template: - metadata: - name: "${DATABASE_SERVICE_NAME}" - labels: - name: "${DATABASE_SERVICE_NAME}" - spec: - volumes: - - name: "${DATABASE_SERVICE_NAME}-data" - persistentVolumeClaim: - claimName: "${DATABASE_SERVICE_NAME}" - containers: - - name: postgresql - image: " " - ports: - - containerPort: 5432 - env: - - name: POSTGRESQL_USER - value: "${DATABASE_USER}" - - name: POSTGRESQL_PASSWORD - value: "${DATABASE_PASSWORD}" - - name: POSTGRESQL_DATABASE - value: "${DATABASE_NAME}" - volumeMounts: - - name: "${DATABASE_SERVICE_NAME}-data" - mountPath: "/var/lib/pgsql/data" - readinessProbe: - timeoutSeconds: 1 - initialDelaySeconds: 5 - exec: - command: - - "/bin/sh" - - "-i" - - "-c" - - psql -h 127.0.0.1 -U ${POSTGRESQL_USER} -q -d ${POSTGRESQL_DATABASE} -c 'SELECT 1' - livenessProbe: - timeoutSeconds: 1 - initialDelaySeconds: 30 - tcpSocket: - port: 5432 - resources: - limits: - memory: "${MEMORY_POSTGRESQL_LIMIT}" -- kind: ImageStream - apiVersion: v1 - metadata: - name: weasyprint - labels: - name: weasyprint - spec: - tags: - - name: latest - annotations: - openshift.io/imported-from: aquavitae/weasyprint - from: - kind: DockerImage - name: aquavitae/weasyprint -- kind: Service - apiVersion: v1 - metadata: - name: weasyprint - labels: - name: weasyprint - spec: - ports: - - name: 5001-tcp - protocol: TCP - port: 5001 - targetPort: 5001 - selector: - name: weasyprint -- kind: DeploymentConfig - apiVersion: v1 - metadata: - name: weasyprint - labels: - app: weasyprint - annotations: - description: Weasyprint microservice using aquavitae/weasyprint - spec: - strategy: - type: Rolling - triggers: - - type: ImageChange - imageChangeParams: - automatic: true - containerNames: - - weasyprint - from: - kind: ImageStreamTag - namespace: aquavitae - name: 'weasyprint:latest' - - type: ConfigChange - replicas: 1 - selector: - name: weasyprint - template: - metadata: - name: weasyprint - labels: - name: weasyprint - annotations: - openshift.io/container.weasyprint.image.entrypoint: '["/bin/sh","-c","gunicorn --bind 0.0.0.0:5001 wsgi:app"]' - spec: - containers: - - name: weasyprint - image: 'aquavitae/weasyprint' - ports: - - containerPort: 5001 - protocol: TCP - resources: - limits: - cpu: '2' - memory: 1Gi - requests: - cpu: 250m - memory: 512Mi - livenessProbe: - httpGet: - path: /health - port: 5001 - scheme: HTTP - initialDelaySeconds: 120 - timeoutSeconds: 30 - periodSeconds: 60 - successThreshold: 1 - failureThreshold: 5 -parameters: -- name: NAME - displayName: Name - description: The name assigned to all of the frontend objects defined in this template. - required: true - value: edivorce-django -- name: NAMESPACE - displayName: Namespace - required: true - description: The OpenShift Namespace where the ImageStream resides. - value: openshift -- name: MEMORY_LIMIT - displayName: Memory Limit - required: true - description: Maximum amount of memory the Django container can use. - value: 512Mi -- name: MEMORY_POSTGRESQL_LIMIT - displayName: Memory Limit (PostgreSQL) - required: true - description: Maximum amount of memory the PostgreSQL container can use. - value: 512Mi -- name: VOLUME_CAPACITY - displayName: Volume Capacity - description: Volume space available for data, e.g. 512Mi, 2Gi - value: 1Gi - required: true -- name: DATABASE_SERVICE_NAME - displayName: Database Service Name - required: true - value: postgresql -- name: DATABASE_ENGINE - displayName: Database Engine - required: true - description: 'Database engine: postgresql, mysql or sqlite (default).' - value: postgresql -- name: DATABASE_NAME - displayName: Database Name - required: true - value: default -- name: DATABASE_USER - displayName: Database Username - required: true - value: django -- name: DATABASE_PASSWORD - displayName: Database User Password - generate: expression - from: "[a-zA-Z0-9]{16}" -- name: APP_CONFIG - displayName: Application Configuration File Path - value: gunicorn_config.py - description: Relative path to Gunicorn configuration file (optional). -- name: DJANGO_SECRET_KEY - displayName: Django Secret Key - description: Set this to a long random string. - generate: expression - from: "[\\w]{50}" -- name: APP_IMAGE_NAME - displayName: Application image name. - value: edivorce-django - required": true -- name: APP_IMAGE_NAMESPACE - displayName: Namespace containing application images. - value: jag-csb-edivorce-tools - required: true -- name: ENVIRONMENT_TYPE - displayName: Type of environnment (dev,test,prod or minishift). - required: true -- name: PROXY_NETWORK - displayName: Network of upstream proxy (CIDR notation 0.0.0.0/0) - required: true -- name: BASICAUTH_ENABLED - displayName: Enable basic auth (recommended for Dev and Test environments) - value: "False" - required: true -- name: BASICAUTH_USERNAME - displayName: Username for basic auth - value: divorce - required: true -- name: BASICAUTH_PASSWORD - displayName: Password for basic auth - generate: expression - from: "[a-zA-Z0-9]{16}" diff --git a/openshift/nginx-proxy/conf.d/server.conf b/openshift/templates/nginx-proxy/conf.d/server.conf similarity index 100% rename from openshift/nginx-proxy/conf.d/server.conf rename to openshift/templates/nginx-proxy/conf.d/server.conf diff --git a/openshift/templates/nginx-build-template.yaml b/openshift/templates/nginx-proxy/nginx-proxy-build.yaml similarity index 52% rename from openshift/templates/nginx-build-template.yaml rename to openshift/templates/nginx-proxy/nginx-proxy-build.yaml index cbfe0621..8cf58f47 100644 --- a/openshift/templates/nginx-build-template.yaml +++ b/openshift/templates/nginx-proxy/nginx-proxy-build.yaml @@ -2,8 +2,7 @@ kind: Template apiVersion: v1 metadata: - name: nginx-build - creationTimestamp: + name: ${NAME}-build objects: - kind: ImageStream apiVersion: v1 @@ -13,17 +12,10 @@ objects: apiVersion: v1 metadata: name: "${NAME}" - creationTimestamp: labels: app: "${NAME}" spec: triggers: - - type: GitHub - github: - secret: "${GITHUB_WEBHOOK_SECRET}" - - type: Generic - generic: - secret: "${GENERIC_WEBHOOK_SECRET}" - type: ConfigChange - type: ImageChange imageChange: {} @@ -31,15 +23,15 @@ objects: source: type: Git git: - ref: "${SOURCE_REPOSITORY_REF}" - uri: "${SOURCE_REPOSITORY_URL}" - contextDir: "${SOURCE_REPOSITORY_CONTEXT_DIR}" + ref: "${GIT_REF}" + uri: "${GIT_REPO_URL}" + contextDir: "${SOURCE_CONTEXT_DIR}" strategy: type: Source sourceStrategy: from: - kind: ImageStreamTag - name: "${BUILDER_IMAGESTREAM_TAG}" + kind: "${SOURCE_IMAGE_KIND}" + name: "${SOURCE_IMAGE_NAME}:${SOURCE_IMAGE_TAG}" env: - name: NGINX_PROXY_URL value: "${NGINX_PROXY_URL}" @@ -47,44 +39,41 @@ objects: to: kind: ImageStreamTag name: "${NAME}:latest" - resources: {} - postCommit: {} - status: - lastVersion: 0 parameters: - name: NAME displayName: Name description: The name assigned to all of the frontend objects defined in this template. required: true value: nginx-proxy -- name: BUILDER_IMAGESTREAM_TAG - displayName: Builder ImageStreamTag - description: The image stream tag (e.g. rproxy:latest) of the S2I image that should be used to build the application. - value: s2i-nginx:latest -- name: SOURCE_REPOSITORY_URL +- name: GIT_REPO_URL displayName: Git Repository URL description: The URL of the repository with your nginx configuration code. value: https://github.com/bcgov/eDivorce required: true -- name: SOURCE_REPOSITORY_CONTEXT_DIR - displayName: Git sub-directory - description: The folder in the Git repo that contains the config.d directory. - value: /openshift/nginx-proxy -- name: SOURCE_REPOSITORY_REF +- name: GIT_REF displayName: Git Reference description: Set this to a branch name, tag or other ref of your repository if you are not using the default branch. -- name: GITHUB_WEBHOOK_SECRET - displayName: GitHub Webhook Secret - description: A secret string used to configure the GitHub webhook. - generate: expression - from: "[a-zA-Z0-9]{40}" -- name: GENERIC_WEBHOOK_SECRET - displayName: Generic Webhook Secret - description: A secret string used to configure the Generic webhook. - generate: expression - from: "[a-zA-Z0-9]{40}" +- name: SOURCE_CONTEXT_DIR + displayName: Source Context Directory + description: The folder in the Git repo that contains the config.d directory. + value: /openshift/templates/nginx-proxy +- name: SOURCE_IMAGE_KIND + displayName: Source Image Kind + description: The 'kind' (type) of the source image; typically ImageStreamTag, or DockerImage. + required: true + value: ImageStreamTag +- name: SOURCE_IMAGE_NAME + displayName: Source Image Name + description: The name of the source image. + required: true + value: s2i-nginx +- name: SOURCE_IMAGE_TAG + displayName: Source Image Tag + description: The tag of the source image. + required: true + value: latest - name: NGINX_PROXY_URL displayName: NGinx Proxy URL description: The URL you want NGinx to proxy to, e.g., http://:port/ - value: http://edivorce-django:8080/ required: true + value: http://edivorce-django:8080/ diff --git a/openshift/templates/nginx-environment-template.yaml b/openshift/templates/nginx-proxy/nginx-proxy-deploy.yaml similarity index 59% rename from openshift/templates/nginx-environment-template.yaml rename to openshift/templates/nginx-proxy/nginx-proxy-deploy.yaml index c197035f..b1e10dbe 100644 --- a/openshift/templates/nginx-environment-template.yaml +++ b/openshift/templates/nginx-proxy/nginx-proxy-deploy.yaml @@ -2,15 +2,14 @@ kind: Template apiVersion: v1 metadata: - name: nginx + name: ${NAME}-deployment-template labels: - template: nginx-environment-template + template: ${NAME}-deployment-template objects: - kind: DeploymentConfig apiVersion: v1 metadata: name: "${NAME}" - creationTimestamp: labels: app: "${NAME}" spec: @@ -32,8 +31,8 @@ objects: - "${NAME}" from: kind: ImageStreamTag - namespace: "${APP_IMAGE_NAMESPACE}" - name: "${APP_IMAGE_NAME}:deploy-to-${ENVIRONMENT_TYPE}" + namespace: "${IMAGE_NAMESPACE}" + name: "${NAME}:${TAG_NAME}" replicas: 1 test: false selector: @@ -71,7 +70,6 @@ objects: apiVersion: v1 metadata: name: "${NAME}" - creationTimestamp: labels: app: "${NAME}" spec: @@ -95,7 +93,7 @@ objects: annotations: openshift.io/host.generated: 'true' spec: - host: "edivorce-${ENVIRONMENT_TYPE}.pathfinder.gov.bc.ca" + host: "${APPLICATION_DOMAIN}" to: kind: Service name: "${NAME}" @@ -105,22 +103,61 @@ objects: tls: termination: edge insecureEdgeTerminationPolicy: Redirect +- kind: Route + apiVersion: v1 + metadata: + name: "${NAME}-siteminder-route" + labels: + app: "${NAME}-siteminder-route" + annotations: + haproxy.router.openshift.io/ip_whitelist: "${SITEMINDER_WHITE_LIST}" + spec: + host: "${SITEMINDER_APPLICATION_DOMAIN}" + port: + targetPort: 8080-tcp + to: + kind: Service + name: "${NAME}" + weight: 100 +- kind: HorizontalPodAutoscaler + apiVersion: autoscaling/v1 + metadata: + name: "${NAME}" + labels: + app: "${NAME}" + spec: + scaleTargetRef: + kind: DeploymentConfig + name: "${NAME}" + minReplicas: 1 + maxReplicas: 4 parameters: - name: NAME displayName: Name description: The name assigned to all of the frontend objects defined in this template. required: true value: nginx-proxy -- name: APP_IMAGE_NAME - displayName: Application image name. - description: Application image name. - value: nginx-proxy - required: true -- name: APP_IMAGE_NAMESPACE - displayName: Namespace containing application images. +- name: IMAGE_NAMESPACE + displayName: Image Namespace description: Namespace containing application images. + required: true value: "jag-csb-edivorce-tools" +- name: TAG_NAME + displayName: Environment TAG name + description: The TAG name for this environment, e.g., dev, test, prod. + required: true + value: "dev" +- name: APPLICATION_DOMAIN + displayName: Application Hostname + description: The exposed hostname that will route to the Django service, if left blank a value will be defaulted. + required: true + value: "edivorce-dev.pathfinder.gov.bc.ca" +- name: SITEMINDER_APPLICATION_DOMAIN + displayName: SiteMinder Application Domain + description: The endpoint used for SiteMinder routed access to the application. required: true -- name: ENVIRONMENT_TYPE - displayName: Type of environnment (dev,test or prod). - required: true \ No newline at end of file + value: "edivorce-dev.pathfinder.bcgov" +- name: SITEMINDER_WHITE_LIST + displayName: SiteMinder Whitelist + description: The whitelist containing all of the trusted siteminder IPs. + required: false \ No newline at end of file diff --git a/openshift/templates/postgresql/postgresql-build.yaml b/openshift/templates/postgresql/postgresql-build.yaml new file mode 100644 index 00000000..3d8b7697 --- /dev/null +++ b/openshift/templates/postgresql/postgresql-build.yaml @@ -0,0 +1,45 @@ +--- +kind: Template +apiVersion: v1 +metadata: + name: "${NAME}-imagestream-template" +objects: +- kind: ImageStream + apiVersion: v1 + metadata: + name: "${NAME}" + spec: + tags: + - name: "${OUTPUT_IMAGE_TAG}" + annotations: + from: + kind: "${SOURCE_IMAGE_KIND}" + name: "${SOURCE_IMAGE_NAME}:${SOURCE_IMAGE_TAG}" + importPolicy: + scheduled: true +parameters: +- name: NAME + displayName: Name + description: The name assigned to all of the frontend objects defined in this template. You should keep this as default unless your know what your doing. + required: true + value: postgresql +- name: OUTPUT_IMAGE_TAG + displayName: Output Image Tag + description: The tag given to the built image. + required: true + value: latest +- name: SOURCE_IMAGE_KIND + displayName: Source Image Kind + description: The 'kind' (type) of the source image; typically ImageStreamTag, or DockerImage. + required: true + value: DockerImage +- name: SOURCE_IMAGE_NAME + displayName: Source Image Name + description: The name of the source image. + required: true + value: registry.access.redhat.com/rhscl/postgresql-95-rhel7 +- name: SOURCE_IMAGE_TAG + displayName: Source Image Tag + description: The tag of the source image. + required: true + value: '9.5' diff --git a/openshift/templates/postgresql/postgresql-deploy.yaml b/openshift/templates/postgresql/postgresql-deploy.yaml new file mode 100644 index 00000000..2d70d296 --- /dev/null +++ b/openshift/templates/postgresql/postgresql-deploy.yaml @@ -0,0 +1,213 @@ +--- +kind: Template +apiVersion: v1 +metadata: + annotations: + description: Deployment template for a postgresql server with persistent storage. + tags: "${NAME}" + name: "${NAME}-persistent-template" +objects: +- kind: DeploymentConfig + apiVersion: v1 + metadata: + name: "${NAME}" + generation: 1 + labels: + app: "${NAME}-persistent" + template: "${NAME}-persistent-template" + spec: + strategy: + type: Recreate + recreateParams: + timeoutSeconds: 600 + resources: {} + activeDeadlineSeconds: 21600 + triggers: + - type: ImageChange + imageChangeParams: + automatic: true + containerNames: + - "${NAME}" + from: + kind: ImageStreamTag + namespace: "${IMAGE_NAMESPACE}" + name: "${SOURCE_IMAGE_NAME}:${TAG_NAME}" + - type: ConfigChange + replicas: 1 + test: false + selector: + name: "${NAME}" + template: + metadata: + labels: + name: "${NAME}" + spec: + volumes: + - name: "${NAME}-data" + persistentVolumeClaim: + claimName: "${NAME}" + containers: + - name: "${NAME}" + image: " " + ports: + - containerPort: 5432 + protocol: TCP + env: + - name: POSTGRESQL_USER + valueFrom: + secretKeyRef: + name: "${NAME}" + key: database-user + - name: POSTGRESQL_PASSWORD + valueFrom: + secretKeyRef: + name: "${NAME}" + key: database-password + - name: POSTGRESQL_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: "${NAME}" + key: admin-password + - name: POSTGRESQL_DATABASE + value: "${POSTGRESQL_DATABASE_NAME}" + resources: + limits: + memory: "${MEMORY_LIMIT}" + volumeMounts: + - name: "${NAME}-data" + mountPath: "${MOUNT_PATH}" + livenessProbe: + tcpSocket: + port: 5432 + initialDelaySeconds: 30 + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + exec: + command: + - "/bin/sh" + - "-i" + - "-c" + - psql -h 127.0.0.1 -U $POSTGRESQL_USER -q -d $POSTGRESQL_DATABASE -c 'SELECT 1' + initialDelaySeconds: 5 + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + terminationMessagePath: "/dev/termination-log" + terminationMessagePolicy: File + imagePullPolicy: IfNotPresent + securityContext: + capabilities: {} + privileged: false + restartPolicy: Always + terminationGracePeriodSeconds: 30 + dnsPolicy: ClusterFirst + securityContext: {} + schedulerName: default-scheduler +- kind: PersistentVolumeClaim + apiVersion: v1 + metadata: + name: "${NAME}" + labels: + app: "${NAME}-persistent" + template: "${NAME}-persistent-template" + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: "${PERSISTENT_VOLUME_SIZE}" +- kind: Secret + apiVersion: v1 + metadata: + name: "${NAME}" + labels: + app: "${NAME}" + data: + admin-password: "${POSTGRESQL_ADMIN_PASSWORD}" + database-password: "${POSTGRESQL_PASSWORD}" + database-user: "${POSTGRESQL_USER}" + type: Opaque +- kind: Service + apiVersion: v1 + metadata: + name: "${NAME}" + labels: + app: "${NAME}-persistent" + template: "${NAME}-persistent-template" + annotations: + template.openshift.io/expose-uri: postgres://{.spec.clusterIP}:{.spec.ports[?(.name=="postgresql")].port} + spec: + ports: + - name: postgresql + protocol: TCP + port: 5432 + targetPort: 5432 + selector: + name: "${NAME}" + type: ClusterIP + sessionAffinity: None +parameters: +- name: NAME + displayName: Name + description: The name assigned to all of the OpenShift resources associated to the PostgreSQL instance. + required: true + value: postgresql +- name: IMAGE_NAMESPACE + displayName: Image Namespace + description: The namespace of the OpenShift project containing the imagestream for the application. + required: true + value: jag-csb-edivorce-tools +- name: SOURCE_IMAGE_NAME + displayName: Source Image Name + description: The name of the image to use for this resource. + required: true + value: postgresql +- name: TAG_NAME + displayName: Environment TAG name + description: The TAG name for this environment, e.g., dev, test, prod + required: true + value: dev +- name: POSTGRESQL_DATABASE_NAME + displayName: PostgreSQL Database Name + description: The name of the PostgreSQL database. + required: true + generate: expression + from: "[a-zA-Z_][a-zA-Z0-9_]{10}" + value: default +- name: POSTGRESQL_USER + displayName: PostgreSQL Connection Username + description: Username for PostgreSQL user that will be used for accessing the database. Needs to be basee64 encoded. + required: true + generate: expression + from: "[a-zA-Z_][a-zA-Z0-9_]{10}" +- name: POSTGRESQL_PASSWORD + displayName: PostgreSQL Connection Password + description: Password for the PostgreSQL connection user. Needs to be basee64 encoded. + required: true + generate: expression + from: "[a-zA-Z0-9_~!@#$%^&*()-=<>,.?;:|]{16}" +- name: POSTGRESQL_ADMIN_PASSWORD + displayName: PostgreSQL Admin Password + description: Password for the 'postgres' PostgreSQL administrative account. Needs to be basee64 encoded. + required: true + generate: expression + from: "[a-zA-Z0-9_~!@#$%^&*()-=<>,.?;:|]{16}" +- name: MOUNT_PATH + displayName: Mount Path + description: The path to mount the persistent volume. + required: true + value: "/var/lib/pgsql/data" +- name: PERSISTENT_VOLUME_SIZE + displayName: Persistent Volume Size + description: The size of the persistent volume , e.g. 512Mi, 1Gi, 2Gi. + required: true + value: 1Gi +- name: MEMORY_LIMIT + displayName: Memory Limit + description: Maximum amount of memory the container can use. + required: true + value: 512Mi diff --git a/openshift/templates/weasyprint/weasyprint-build.yaml b/openshift/templates/weasyprint/weasyprint-build.yaml new file mode 100644 index 00000000..c1ea5721 --- /dev/null +++ b/openshift/templates/weasyprint/weasyprint-build.yaml @@ -0,0 +1,45 @@ +--- +kind: Template +apiVersion: v1 +metadata: + name: "${NAME}-imagestream-template" +objects: +- kind: ImageStream + apiVersion: v1 + metadata: + name: "${NAME}" + spec: + tags: + - name: "${OUTPUT_IMAGE_TAG}" + annotations: + from: + kind: "${SOURCE_IMAGE_KIND}" + name: "${SOURCE_IMAGE_NAME}:${SOURCE_IMAGE_TAG}" + importPolicy: + scheduled: true +parameters: +- name: NAME + displayName: Name + description: The name assigned to all of the frontend objects defined in this template. You should keep this as default unless your know what your doing. + required: true + value: weasyprint +- name: OUTPUT_IMAGE_TAG + displayName: Output Image Tag + description: The tag given to the built image. + required: true + value: latest +- name: SOURCE_IMAGE_KIND + displayName: Source Image Kind + description: The 'kind' (type) of the source image; typically ImageStreamTag, or DockerImage. + required: true + value: DockerImage +- name: SOURCE_IMAGE_NAME + displayName: Source Image Name + description: The name of the source image. + required: true + value: aquavitae/weasyprint +- name: SOURCE_IMAGE_TAG + displayName: Source Image Tag + description: The tag of the source image. + required: true + value: 'latest' diff --git a/openshift/templates/weasyprint/weasyprint-deploy.yaml b/openshift/templates/weasyprint/weasyprint-deploy.yaml new file mode 100644 index 00000000..193002a2 --- /dev/null +++ b/openshift/templates/weasyprint/weasyprint-deploy.yaml @@ -0,0 +1,117 @@ +--- +kind: Template +apiVersion: v1 +metadata: + name: "${NAME}-deployment-template" +objects: +- kind: Service + apiVersion: v1 + metadata: + name: "${NAME}" + annotations: + description: Exposes and load balances the application pods. + spec: + ports: + - name: 5001-tcp + port: 5001 + targetPort: 5001 + selector: + name: "${NAME}" +- kind: DeploymentConfig + apiVersion: v1 + metadata: + name: "${NAME}" + annotations: + description: Defines how to deploy the application server. + spec: + strategy: + type: Rolling + triggers: + - type: ImageChange + imageChangeParams: + automatic: true + containerNames: + - "${NAME}" + from: + kind: ImageStreamTag + namespace: "${IMAGE_NAMESPACE}" + name: "${SOURCE_IMAGE_NAME}:${TAG_NAME}" + - type: ConfigChange + replicas: 1 + selector: + name: "${NAME}" + template: + metadata: + name: "${NAME}" + labels: + name: "${NAME}" + spec: + containers: + - name: "${NAME}" + image: " " + ports: + - containerPort: 5001 + protocol: TCP + readinessProbe: + timeoutSeconds: 3 + initialDelaySeconds: 3 + httpGet: + path: "/health" + port: 5001 + livenessProbe: + timeoutSeconds: 30 + initialDelaySeconds: 120 + periodSeconds: 60 + httpGet: + path: "/health" + port: 5001 + resources: + requests: + cpu: "${CPU_REQUEST}" + memory: "${MEMORY_REQUEST}" + limits: + cpu: "${CPU_LIMIT}" + memory: "${MEMORY_LIMIT}" +parameters: +- name: NAME + displayName: Name + description: The name assigned to all of the OpenShift resources associated to the + server instance. + required: true + value: weasyprint +- name: SOURCE_IMAGE_NAME + displayName: Source Image Name + description: The name of the image to use for this resource. + required: true + value: weasyprint +- name: IMAGE_NAMESPACE + displayName: Image Namespace + required: true + description: The namespace of the OpenShift project containing the imagestream for + the application. + value: jag-csb-edivorce-tools +- name: TAG_NAME + displayName: Environment TAG name + description: The TAG name for this environment, e.g., dev, test, prod + required: true + value: dev +- name: CPU_LIMIT + displayName: Resources CPU Limit + description: The resources CPU limit (in cores) for this build. + required: true + value: '2' +- name: MEMORY_LIMIT + displayName: Resources Memory Limit + description: The resources Memory limit (in Mi, Gi, etc) for this build. + required: true + value: 1Gi +- name: CPU_REQUEST + displayName: Resources CPU Request + description: The resources CPU request (in cores) for this build. + required: true + value: 250m +- name: MEMORY_REQUEST + displayName: Resources Memory Request + description: The resources Memory request (in Mi, Gi, etc) for this build. + required: true + value: 512Mi diff --git a/openshift/weasyprint-build.param b/openshift/weasyprint-build.param new file mode 100644 index 00000000..9922045b --- /dev/null +++ b/openshift/weasyprint-build.param @@ -0,0 +1,10 @@ +#========================================================= +# OpenShift template parameters for: +# Component: . +# Template File: templates/weasyprint/weasyprint-build.yaml +#========================================================= +NAME=weasyprint +OUTPUT_IMAGE_TAG=latest +SOURCE_IMAGE_KIND=DockerImage +SOURCE_IMAGE_NAME=aquavitae/weasyprint +SOURCE_IMAGE_TAG=latest diff --git a/openshift/weasyprint-deploy.dev.param b/openshift/weasyprint-deploy.dev.param new file mode 100644 index 00000000..e77b2101 --- /dev/null +++ b/openshift/weasyprint-deploy.dev.param @@ -0,0 +1,13 @@ +#========================================================= +# OpenShift template parameters for: +# Component: . +# Template File: templates/weasyprint/weasyprint-deploy.yaml +#========================================================= +# NAME=weasyprint +# SOURCE_IMAGE_NAME=weasyprint +# IMAGE_NAMESPACE=jag-csb-edivorce-tools +TAG_NAME=dev +# CPU_LIMIT=2 +# MEMORY_LIMIT=1Gi +# CPU_REQUEST=250m +# MEMORY_REQUEST=512Mi diff --git a/openshift/weasyprint-deploy.param b/openshift/weasyprint-deploy.param new file mode 100644 index 00000000..2f55ae7b --- /dev/null +++ b/openshift/weasyprint-deploy.param @@ -0,0 +1,13 @@ +#========================================================= +# OpenShift template parameters for: +# Component: . +# Template File: templates/weasyprint/weasyprint-deploy.yaml +#========================================================= +NAME=weasyprint +SOURCE_IMAGE_NAME=weasyprint +IMAGE_NAMESPACE=jag-csb-edivorce-tools +TAG_NAME=dev +CPU_LIMIT=2 +MEMORY_LIMIT=1Gi +CPU_REQUEST=250m +MEMORY_REQUEST=512Mi diff --git a/openshift/weasyprint-deploy.prod.param b/openshift/weasyprint-deploy.prod.param new file mode 100644 index 00000000..6ff74ad6 --- /dev/null +++ b/openshift/weasyprint-deploy.prod.param @@ -0,0 +1,13 @@ +#========================================================= +# OpenShift template parameters for: +# Component: . +# Template File: templates/weasyprint/weasyprint-deploy.yaml +#========================================================= +# NAME=weasyprint +# SOURCE_IMAGE_NAME=weasyprint +# IMAGE_NAMESPACE=jag-csb-edivorce-tools +TAG_NAME=prod +# CPU_LIMIT=2 +# MEMORY_LIMIT=1Gi +# CPU_REQUEST=250m +# MEMORY_REQUEST=512Mi diff --git a/openshift/weasyprint-deploy.test.param b/openshift/weasyprint-deploy.test.param new file mode 100644 index 00000000..49add40f --- /dev/null +++ b/openshift/weasyprint-deploy.test.param @@ -0,0 +1,13 @@ +#========================================================= +# OpenShift template parameters for: +# Component: . +# Template File: templates/weasyprint/weasyprint-deploy.yaml +#========================================================= +# NAME=weasyprint +# SOURCE_IMAGE_NAME=weasyprint +# IMAGE_NAMESPACE=jag-csb-edivorce-tools +TAG_NAME=test +# CPU_LIMIT=2 +# MEMORY_LIMIT=1Gi +# CPU_REQUEST=250m +# MEMORY_REQUEST=512Mi