From 5ac0c78f96190d94762a02cbc6b7474a0b05c12f Mon Sep 17 00:00:00 2001 From: Kuan Fan <31664961+kuanfandevops@users.noreply.github.com> Date: Tue, 6 Oct 2020 11:08:26 -0700 Subject: [PATCH] Update pathfinder to be a parameter (#346) --- .jenkins/.pipeline/lib/config.js | 7 ++++--- .jenkins/.pipeline/lib/deploy.js | 2 +- .jenkins/README.md | 3 +++ .pipeline/lib/config.js | 21 ++++++++++--------- .pipeline/lib/deploy.js | 7 ++++--- frontend/Caddyfile | 2 -- .../backup-container-2.0.0/README.md | 4 ++-- .../backup-container-2.0.0/docs/ExampleLog.md | 2 +- openshift/templates/config/configmap.yaml | 20 +++++++++++------- .../templates/keycloak/keycloak-secret.yaml | 2 +- openshift/templates/minio/README.md | 6 +++--- openshift/templates/minio/minio-dc.yaml | 8 +++++-- openshift/templates/nagios/nagios-dc.yaml | 8 +++++-- openshift/templates/nsp/README.MD | 10 ++++----- openshift/templates/nsp/nsp-env.yaml | 14 ++++++++----- openshift/templates/nsp/nsp-tools.yaml | 12 +++++------ openshift/templates/nsp/quickstart-nsp.yaml | 10 ++++++--- .../python-backend/python-backend-dc.yaml | 12 +++++++---- openshift/templates/rabbitmq/README.md | 1 + .../rabbitmq/rabbitmq-web-route.yaml | 6 +++++- .../templates/schemaspy/schemaspy-dc.yaml | 6 +++++- 21 files changed, 100 insertions(+), 63 deletions(-) delete mode 100644 frontend/Caddyfile diff --git a/.jenkins/.pipeline/lib/config.js b/.jenkins/.pipeline/lib/config.js index 0ad57e7f2..c1832b5ac 100644 --- a/.jenkins/.pipeline/lib/config.js +++ b/.jenkins/.pipeline/lib/config.js @@ -3,11 +3,12 @@ const options= require('@bcgov/pipeline-cli').Util.parseArguments() const changeId = options.pr //aka pull-request const version = '1.0.0' const name = 'jenkins' +const ocpName = 'pathfinder' const phases = { - build: {namespace:'tbiwaq-tools' , name: `${name}`, phase: 'build' , changeId:changeId, suffix: `-build-${changeId}` , instance: `${name}-build-${changeId}` , version:`${version}-${changeId}`, tag:`build-${version}-${changeId}`}, - dev: {namespace:'tbiwaq-tools' , name: `${name}`, phase: 'dev' , changeId:changeId, suffix: `-dev-${changeId}` , instance: `${name}-dev-${changeId}` , version:`${version}-${changeId}`, tag:`dev-${version}-${changeId}`}, - prod: {namespace:'tbiwaq-tools' , name: `${name}`, phase: 'prod' , changeId:changeId, suffix: `-prod` , instance: `${name}-prod` , version:`${version}`, tag:`prod-${version}`}, + build: {namespace:'tbiwaq-tools' , name: `${name}`, phase: 'build' , changeId:changeId, suffix: `-build-${changeId}` , instance: `${name}-build-${changeId}` , version:`${version}-${changeId}`, tag:`build-${version}-${changeId}`, ocpName: `${ocpName}`}, + dev: {namespace:'tbiwaq-tools' , name: `${name}`, phase: 'dev' , changeId:changeId, suffix: `-dev-${changeId}` , instance: `${name}-dev-${changeId}` , version:`${version}-${changeId}`, tag:`dev-${version}-${changeId}`, ocpName: `${ocpName}`}, + prod: {namespace:'tbiwaq-tools' , name: `${name}`, phase: 'prod' , changeId:changeId, suffix: `-prod` , instance: `${name}-prod` , version:`${version}`, tag:`prod-${version}`, ocpName: `${ocpName}`}, }; // This callback forces the node process to exit as failure. diff --git a/.jenkins/.pipeline/lib/deploy.js b/.jenkins/.pipeline/lib/deploy.js index 600f48427..076f8db1f 100755 --- a/.jenkins/.pipeline/lib/deploy.js +++ b/.jenkins/.pipeline/lib/deploy.js @@ -18,7 +18,7 @@ module.exports = (settings)=>{ 'SUFFIX': phases[phase].suffix, 'VERSION': phases[phase].tag, 'ENV_NAME': phases[phase].phase, - 'ROUTE_HOST': `${phases[phase].name}${phases[phase].suffix}-${phases[phase].namespace}.pathfinder.gov.bc.ca` + 'ROUTE_HOST': `${phases[phase].name}${phases[phase].suffix}-${phases[phase].namespace}.${ocpName}.gov.bc.ca` } })) diff --git a/.jenkins/README.md b/.jenkins/README.md index f1d572cff..e338c2aba 100644 --- a/.jenkins/README.md +++ b/.jenkins/README.md @@ -12,6 +12,9 @@ Github Webhooks are only created during the PROD deployment. Windows users can just do the `cd` manually to the root folder of their repo and remove `$(git rev-parse --show-toplevel)/` from the commands below. +# Update OCP Name +Replace pathfinder with proper name in docker/contrib/jenkins/configuration/config.xml + # Build ``` ( cd "$(git rev-parse --show-toplevel)/.jenkins/.pipeline" && npm run build -- --pr=0 --dev-mode=true ) diff --git a/.pipeline/lib/config.js b/.pipeline/lib/config.js index e0dfb5fa7..e2d791429 100644 --- a/.pipeline/lib/config.js +++ b/.pipeline/lib/config.js @@ -3,45 +3,46 @@ const options= require('@bcgov/pipeline-cli').Util.parseArguments() const changeId = options.pr //aka pull-request const version = '1.0.0' const name = 'zeva' +const ocpName = 'pathfinder' const phases = { build: {namespace:'tbiwaq-tools' , transient:true, name: `${name}`, phase: 'build', changeId:`${changeId}`, suffix: `-build-${changeId}` , instance: `${name}-build-${changeId}`, - version:`${version}-${changeId}`, tag:`build-${version}-${changeId}`}, + version:`${version}-${changeId}`, tag:`build-${version}-${changeId}`, ocpName: `${ocpName}`}, dev: {namespace:'tbiwaq-dev', transient:true, name: `${name}`, ssoSuffix:'-dev', ssoName:'sso-dev', phase: 'dev' , changeId:`${changeId}`, suffix: `-dev-${changeId}`, instance: `${name}-dev-${changeId}` , version:`${version}-${changeId}`, tag:`dev-${version}-${changeId}`, - host: `zeva-dev-${changeId}.pathfinder.gov.bc.ca`, djangoDebug: 'True', + host: `zeva-dev-${changeId}.${ocpName}.gov.bc.ca`, djangoDebug: 'True', frontendCpuRequest: '100m', frontendCpuLimit: '700m', frontendMemoryRequest: '300M', frontendMemoryLimit: '4G', frontendReplicas: 1, - backendCpuRequest: '300m', backendCpuLimit: '400m', backendMemoryRequest: '1G', backendMemoryLimit: '2G', backendHealthCheckDelay: 30, backendHost: `zeva-backend-dev-${changeId}.pathfinder.gov.bc.ca`, backendReplicas: 1, + backendCpuRequest: '300m', backendCpuLimit: '600m', backendMemoryRequest: '1G', backendMemoryLimit: '2G', backendHealthCheckDelay: 30, backendHost: `zeva-backend-dev-${changeId}.${ocpName}.gov.bc.ca`, backendReplicas: 1, minioCpuRequest: '100m', minioCpuLimit: '200m', minioMemoryRequest: '200M', minioMemoryLimit: '500M', minioPvcSize: '1G', schemaspyCpuRequest: '50m', schemaspyCpuLimit: '200m', schemaspyMemoryRequest: '150M', schemaspyMemoryLimit: '300M', schemaspyHealthCheckDelay: 160, rabbitmqCpuRequest: '250m', rabbitmqCpuLimit: '700m', rabbitmqMemoryRequest: '500M', rabbitmqMemoryLimit: '1G', rabbitmqPvcSize: '1G', rabbitmqReplica: 1, rabbitmqPostStartSleep: 120, storageClass: 'netapp-block-standard', - patroniCpuRequest: '200m', patroniCpuLimit: '400m', patroniMemoryRequest: '250M', patroniMemoryLimit: '500M', patroniPvcSize: '2G', patroniReplica: 1, storageClass: 'netapp-block-standard'}, + patroniCpuRequest: '200m', patroniCpuLimit: '400m', patroniMemoryRequest: '250M', patroniMemoryLimit: '500M', patroniPvcSize: '2G', patroniReplica: 1, storageClass: 'netapp-block-standard', ocpName: `${ocpName}`}, test: {namespace:'tbiwaq-test', name: `${name}`, ssoSuffix:'-test', ssoName:'sso-test', phase: 'test' , changeId:`${changeId}`, suffix: `-test`, instance: `${name}-test`, version:`${version}`, tag:`test-${version}`, - host: 'zeva-test.pathfinder.gov.bc.ca', djangoDebug: 'False', + host: 'zeva-test.${ocpName}.gov.bc.ca', djangoDebug: 'False', frontendCpuRequest: '300m', frontendCpuLimit: '600m', frontendMemoryRequest: '500M', frontendMemoryLimit: '1G', frontendReplicas: 2, frontendMinReplicas: 2, frontendMaxReplicas: 5, - backendCpuRequest: '100m', backendCpuLimit: '500m', backendMemoryRequest: '500M', backendMemoryLimit: '700M', backendHealthCheckDelay: 30, backendReplicas: 1, backendMinReplicas: 2, backendMaxReplicas: 5, backendHost: `zeva-backend-test.pathfinder.gov.bc.ca`, + backendCpuRequest: '100m', backendCpuLimit: '500m', backendMemoryRequest: '500M', backendMemoryLimit: '700M', backendHealthCheckDelay: 30, backendReplicas: 1, backendMinReplicas: 2, backendMaxReplicas: 5, backendHost: `zeva-backend-test.${ocpName}.gov.bc.ca`, minioCpuRequest: '100m', minioCpuLimit: '300m', minioMemoryRequest: '500M', minioMemoryLimit: '700M', minioPvcSize: '5G', schemaspyCpuRequest: '20m', schemaspyCpuLimit: '200m', schemaspyMemoryRequest: '150M', schemaspyMemoryLimit: '300M', schemaspyHealthCheckDelay: 160, rabbitmqCpuRequest: '250m', rabbitmqCpuLimit: '700m', rabbitmqMemoryRequest: '500M', rabbitmqMemoryLimit: '700M', rabbitmqPvcSize: '1G', rabbitmqReplica: 2, rabbitmqPostStartSleep: 120, storageClass: 'netapp-block-standard', - patroniCpuRequest: '500m', patroniCpuLimit: '1000m', patroniMemoryRequest: '500M', patroniMemoryLimit: '1G', patroniPvcSize: '5G', patroniReplica: 2, storageClass: 'netapp-block-standard'}, + patroniCpuRequest: '500m', patroniCpuLimit: '1000m', patroniMemoryRequest: '500M', patroniMemoryLimit: '1G', patroniPvcSize: '5G', patroniReplica: 2, storageClass: 'netapp-block-standard', ocpName: `${ocpName}`}, prod: {namespace:'tbiwaq-prod', name: `${name}`, ssoSuffix:'', ssoName:'sso', phase: 'prod' , changeId:`${changeId}`, suffix: `-prod`, instance: `${name}-prod`, version:`${version}`, tag:`prod-${version}`, - host: 'zeroemissionvehicles.pathfinder.gov.bc.ca', djangoDebug: 'False', + host: 'zeroemissionvehicles.${ocpName}.gov.bc.ca', djangoDebug: 'False', frontendCpuRequest: '300m', frontendCpuLimit: '600m', frontendMemoryRequest: '1G', frontendMemoryLimit: '2G', frontendReplicas: 2, frontendMinReplicas: 2, frontendMaxReplicas: 5, - backendCpuRequest: '200m', backendCpuLimit: '700m', backendMemoryRequest: '1G', backendMemoryLimit: '2G', backendHealthCheckDelay: 30, backendReplicas: 1, backendMinReplicas: 2, backendMaxReplicas: 5, backendHost: `zeva-backend-prod.pathfinder.gov.bc.ca`, + backendCpuRequest: '200m', backendCpuLimit: '700m', backendMemoryRequest: '1G', backendMemoryLimit: '2G', backendHealthCheckDelay: 30, backendReplicas: 1, backendMinReplicas: 2, backendMaxReplicas: 5, backendHost: `zeva-backend-prod.${ocpName}.gov.bc.ca`, minioCpuRequest: '100m', minioCpuLimit: '300m', minioMemoryRequest: '500M', minioMemoryLimit: '700M', minioPvcSize: '10G', schemaspyCpuRequest: '50m', schemaspyCpuLimit: '400m', schemaspyMemoryRequest: '150M', schemaspyMemoryLimit: '300M', schemaspyHealthCheckDelay: 160, rabbitmqCpuRequest: '250m', rabbitmqCpuLimit: '700m', rabbitmqMemoryRequest: '500M', rabbitmqMemoryLimit: '1G', rabbitmqPvcSize: '5G', rabbitmqReplica: 3, rabbitmqPostStartSleep: 120, storageClass: 'netapp-block-standard', - patroniCpuRequest: '500m', patroniCpuLimit: '1000m', patroniMemoryRequest: '1G', patroniMemoryLimit: '2G', patroniPvcSize: '40G', patroniReplica: 3, storageClass: 'netapp-block-standard'}, + patroniCpuRequest: '500m', patroniCpuLimit: '1000m', patroniMemoryRequest: '1G', patroniMemoryLimit: '2G', patroniPvcSize: '40G', patroniReplica: 3, storageClass: 'netapp-block-standard', ocpName: `${ocpName}`}, }; diff --git a/.pipeline/lib/deploy.js b/.pipeline/lib/deploy.js index 45bd60d47..025529b88 100755 --- a/.pipeline/lib/deploy.js +++ b/.pipeline/lib/deploy.js @@ -11,7 +11,6 @@ module.exports = settings => { const oc = new OpenShiftClientX(Object.assign({namespace: phases[phase].namespace}, options)); //add Valid Redirect URIs for the pull request to keycloak - //for example: https://zeva-dev-79.pathfinder.gov.bc.ca/* if(phase === 'dev') { const kc = new KeyCloakClient(settings, oc); kc.addUris(); @@ -32,7 +31,8 @@ module.exports = settings => { 'BACKEND_HOST_NAME': phases[phase].backendHost, 'SSO_NAME': phases[phase].ssoName, 'KEYCLOAK_REALM': 'rzh2zkjq', - 'DJANGO_DEBUG': phases[phase].djangoDebug + 'DJANGO_DEBUG': phases[phase].djangoDebug, + 'OCP_NAME': phases[phase].ocpName } })) @@ -164,7 +164,8 @@ module.exports = settings => { 'CPU_LIMIT': phases[phase].schemaspyCpuLimit, 'MEMORY_REQUEST': phases[phase].schemaspyMemoryRequest, 'MEMORY_LIMIT': phases[phase].schemaspyMemoryLimit, - 'HEALTH_CHECK_DELAY': phases[phase].schemaspyHealthCheckDelay + 'HEALTH_CHECK_DELAY': phases[phase].schemaspyHealthCheckDelay, + 'OCP_NAME': phases[phase].ocpName } })) diff --git a/frontend/Caddyfile b/frontend/Caddyfile deleted file mode 100644 index fb5bbe3b9..000000000 --- a/frontend/Caddyfile +++ /dev/null @@ -1,2 +0,0 @@ -zeva-dev-147.pathfinder.gov.bc.ca -reverse_proxy / zeva-dev-147.pathfinder.gov.bc.ca:3000 \ No newline at end of file diff --git a/openshift/templates/backup-container-2.0.0/README.md b/openshift/templates/backup-container-2.0.0/README.md index d9332ab9c..eba2501ef 100644 --- a/openshift/templates/backup-container-2.0.0/README.md +++ b/openshift/templates/backup-container-2.0.0/README.md @@ -35,7 +35,7 @@ Following are the instructions for running the backups and a restore. ## Storage *Before we get too far into the the details, we're going to take a moment to discuss the most important part of the whole process - **The Storage**.* The backup container uses two volumes, one for storing the backups and the other for restore/verification testing. The deployment template separates them intentionally. -The following sections on storage discuss the recommendations and limitations of the storage classes created specifically for the BC Government's [PathFinder](https://console.pathfinder.gov.bc.ca:8443/) environment. +The following sections on storage discuss the recommendations and limitations of the storage classes created specifically for the BC Government's environment. ### Backup Storage Volume @@ -249,7 +249,7 @@ The [backup script](./docker/backup.sh) supports running manual or scheduled ver The Webhook integration feature is enabled by specifying the webhook URL, `WEBHOOK_URL`, in your configuration. It's recommended that you also provide values for `ENVIRONMENT_FRIENDLY_NAME` and `ENVIRONMENT_NAME`, so you can better identify the environment from which the messages originate and do things like produce links to the environment. -The Webhook integration feature was built with Rocket.Chat in mind and an integration script for Rocket.Chat can be found in [rocket.chat.integration.js](./scripts/rocket.chat.integration.js). This script was developed to support the BC OpenShift Pathfinder environment and will format the notifications from the backup script into Rocket.Chat messages (examples below). If you provide values for the environment name (`ENVIRONMENT_FRIENDLY_NAME` and `ENVIRONMENT_NAME`) hyperlinks will be added to the messages to link you to the pathfinder project console. +The Webhook integration feature was built with Rocket.Chat in mind and an integration script for Rocket.Chat can be found in [rocket.chat.integration.js](./scripts/rocket.chat.integration.js). This script was developed to support the BC OpenShift environment and will format the notifications from the backup script into Rocket.Chat messages (examples below). If you provide values for the environment name (`ENVIRONMENT_FRIENDLY_NAME` and `ENVIRONMENT_NAME`) hyperlinks will be added to the messages to link you to the project console. Sample Message: diff --git a/openshift/templates/backup-container-2.0.0/docs/ExampleLog.md b/openshift/templates/backup-container-2.0.0/docs/ExampleLog.md index 70676d077..c769467f1 100644 --- a/openshift/templates/backup-container-2.0.0/docs/ExampleLog.md +++ b/openshift/templates/backup-container-2.0.0/docs/ExampleLog.md @@ -26,7 +26,7 @@ Settings: - mongo=identity-kit-db-bc/identity_kit_db - FTP server: not configured -- Webhook Endpoint: https://chat.pathfinder.gov.bc.ca/hooks/*** +- Webhook Endpoint: https://chat.[ocp name].gov.bc.ca/hooks/*** - Environment Friendly Name: Verifiable Organizations Network (mongo-test) - Environment Name (Id): devex-von-test diff --git a/openshift/templates/config/configmap.yaml b/openshift/templates/config/configmap.yaml index 05a2e017c..9865925ca 100644 --- a/openshift/templates/config/configmap.yaml +++ b/openshift/templates/config/configmap.yaml @@ -42,6 +42,10 @@ parameters: displayName: django debug value description: django debug value required: true + - name: OCP_NAME + displayName: Openshift cluster name + description: Openshift cluster name + required: true objects: - apiVersion: v1 kind: ConfigMap @@ -58,19 +62,19 @@ objects: email_sending_enabled: 'False' env_name: ${ENV_NAME} keycloak_audience: zeva - keycloak_authority: https://${SSO_NAME}.pathfinder.gov.bc.ca/auth/realms/${KEYCLOAK_REALM} - keycloak_certs_url: https://${SSO_NAME}.pathfinder.gov.bc.ca/auth/realms/${KEYCLOAK_REALM}/protocol/openid-connect/certs + keycloak_authority: https://${SSO_NAME}.${OCP_NAME}.gov.bc.ca/auth/realms/${KEYCLOAK_REALM} + keycloak_certs_url: https://${SSO_NAME}.${OCP_NAME}.gov.bc.ca/auth/realms/${KEYCLOAK_REALM}/protocol/openid-connect/certs keycloak_client_id: zeva - keycloak_issuer: https://${SSO_NAME}.pathfinder.gov.bc.ca/auth/realms/${KEYCLOAK_REALM} + keycloak_issuer: https://${SSO_NAME}.${OCP_NAME}.gov.bc.ca/auth/realms/${KEYCLOAK_REALM} keycloak_logout_redirect_url: https://logontest.gov.bc.ca/clp-cgi/logoff.cgi?returl=https%3A%2F%2F${HOST_NAME}%2F keycloak_realm_name: ${KEYCLOAK_REALM} - keycloak_realm_url: https://${SSO_NAME}.pathfinder.gov.bc.ca/auth/realms/${KEYCLOAK_REALM} - keycloak_realm: https://${SSO_NAME}.pathfinder.gov.bc.ca/auth/realms/${KEYCLOAK_REALM} - keycloak_sa_baseurl: https://${SSO_NAME}.pathfinder.gov.bc.ca + keycloak_realm_url: https://${SSO_NAME}.${OCP_NAME}.gov.bc.ca/auth/realms/${KEYCLOAK_REALM} + keycloak_realm: https://${SSO_NAME}.${OCP_NAME}.gov.bc.ca/auth/realms/${KEYCLOAK_REALM} + keycloak_sa_baseurl: https://${SSO_NAME}.${OCP_NAME}.gov.bc.ca keycloak_sa_client_id: zeva-django-sa keycloak_sa_realm: ${KEYCLOAK_REALM} - keycloak_url: https://${SSO_NAME}.pathfinder.gov.bc.ca/auth - minio_endpoint: zeva-minio-${ENV_NAME}.pathfinder.gov.bc.ca + keycloak_url: https://${SSO_NAME}.${OCP_NAME}.gov.bc.ca/auth + minio_endpoint: zeva-minio-${ENV_NAME}.${OCP_NAME}.gov.bc.ca postgresql_service_host: patroni-master${SUFFIX}.tbiwaq-${ENV_NAME}.svc.cluster.local postgresql_service_port: '5432' rabbitmq_enabled: 'False' diff --git a/openshift/templates/keycloak/keycloak-secret.yaml b/openshift/templates/keycloak/keycloak-secret.yaml index 44d21c3f0..c1185a9ae 100644 --- a/openshift/templates/keycloak/keycloak-secret.yaml +++ b/openshift/templates/keycloak/keycloak-secret.yaml @@ -20,7 +20,7 @@ parameters: description: required: true - name: host - description: host is sso host name, such as sso-dev.pathfinder.gov.bc.ca,sso-test.pathfinder.gov.bc.ca and sso.pathfinder.gov.bc.ca + description: host is sso host name, such as sso-dev.[ocp name].gov.bc.ca,sso-test.[ocp name].gov.bc.ca and sso.[ocp name].gov.bc.ca required: true objects: - apiVersion: v1 diff --git a/openshift/templates/minio/README.md b/openshift/templates/minio/README.md index 2e6dc682a..b886cdbb3 100644 --- a/openshift/templates/minio/README.md +++ b/openshift/templates/minio/README.md @@ -7,16 +7,16 @@ ### One minio instance serve all PRs on Dev oc process -f ./minio-dc.yaml \ -NAME=zeva SUFFIX=-dev \ +NAME=zeva SUFFIX=-dev OCP_NAME=pathfinder\ | oc create -f - -n tbiwaq-dev #### Test and Prod Minio setup oc process -f ./minio-dc.yaml \ -NAME=zeva SUFFIX=-test \ +NAME=zeva SUFFIX=-test OCP_NAME=pathfinder \ | oc create -f - -n tbiwaq-test oc process -f ./minio-dc.yaml \ -NAME=zeva SUFFIX=-prod \ +NAME=zeva SUFFIX=-prod OCP_NAME=pathfinder\ | oc create -f - -n tbiwaq-prod \ No newline at end of file diff --git a/openshift/templates/minio/minio-dc.yaml b/openshift/templates/minio/minio-dc.yaml index 4aa606e30..a2446f288 100644 --- a/openshift/templates/minio/minio-dc.yaml +++ b/openshift/templates/minio/minio-dc.yaml @@ -52,7 +52,11 @@ parameters: from: "[a-zA-Z0-9]{16}" generate: expression required: true -objects: + - name: OCP_NAME + displayName: Openshift Name + description: Openshift Name + required: true +Objects: - apiVersion: v1 kind: Secret metadata: @@ -106,7 +110,7 @@ objects: env: ${ENV_NAME} name: ${NAME}-minio${SUFFIX} spec: - host: ${NAME}-minio${SUFFIX}.pathfinder.gov.bc.ca + host: ${NAME}-minio${SUFFIX}.${OCP_NAME}.gov.bc.ca port: targetPort: 9000-tcp tls: diff --git a/openshift/templates/nagios/nagios-dc.yaml b/openshift/templates/nagios/nagios-dc.yaml index 5e0e7cf1d..a80e561fb 100644 --- a/openshift/templates/nagios/nagios-dc.yaml +++ b/openshift/templates/nagios/nagios-dc.yaml @@ -35,6 +35,10 @@ parameters: displayName: Memory upper limit description: Memory upper limit required: true + - name: OCP_NAME + displayName: Openshift Name + description: Openshift Name + required: true objects: - apiVersion: v1 kind: PersistentVolumeClaim @@ -89,7 +93,7 @@ objects: app: nagios name: nagios spec: - host: nagios-${NAME}-${ENV_NAME}.pathfinder.gov.bc.ca + host: nagios-${NAME}-${ENV_NAME}.${OCP_NAME}.gov.bc.ca path: / port: targetPort: 8080-tcp @@ -156,7 +160,7 @@ objects: name: ${NAME}-${ENV_NAME}-rabbitmq-cluster-secret key: password - name: MINIO_ENDPOINT - value: docs-mem-${NAME}-${ENV_NAME}.pathfinder.gov.bc.ca:443 + value: docs-mem-${NAME}-${ENV_NAME}.${OCP_NAME}.gov.bc.ca:443 - name: MINIO_USE_SSL value: "true" - name: MINIO_ACCESS_KEY diff --git a/openshift/templates/nsp/README.MD b/openshift/templates/nsp/README.MD index 528b4702a..028fc66c5 100644 --- a/openshift/templates/nsp/README.MD +++ b/openshift/templates/nsp/README.MD @@ -7,11 +7,11 @@ ### Apply to name spaces before anything else -* oc process -f ./nsp-tools.yaml | oc create -f - -n tbiwaq-tools -* oc process -f ./quickstart-nsp.yaml | oc create -f - -n tbiwaq-tools -* oc process -f ./quickstart-nsp.yaml | oc create -f - -n tbiwaq-dev -* oc process -f ./quickstart-nsp.yaml | oc create -f - -n tbiwaq-test -* oc process -f ./quickstart-nsp.yaml | oc create -f - -n tbiwaq-prod +* oc process -f ./nsp-tools.yaml OCP_NAME=pathfinder | oc create -f - -n tbiwaq-tools +* oc process -f ./quickstart-nsp.yaml ENV_NAME=tools OCP_NAME=pathfinder | oc create -f - -n tbiwaq-tools +* oc process -f ./quickstart-nsp.yaml ENV_NAME=dev OCP_NAME=pathfinder | oc create -f - -n tbiwaq-dev +* oc process -f ./quickstart-nsp.yaml ENV_NAME=test OCP_NAME=pathfinder | oc create -f - -n tbiwaq-test +* oc process -f ./quickstart-nsp.yaml ENV_NAME=prod OCP_NAME=pathfinder | oc create -f - -n tbiwaq-prod ### Add role to users, check if the settings already exist before run the grant diff --git a/openshift/templates/nsp/nsp-env.yaml b/openshift/templates/nsp/nsp-env.yaml index 7a2ed0d3b..32203c021 100644 --- a/openshift/templates/nsp/nsp-env.yaml +++ b/openshift/templates/nsp/nsp-env.yaml @@ -11,9 +11,13 @@ parameters: displayName: Environment Name description: Environment Name required: true + - name: OCP_NAME + displayName: Openshift Name + description: Openshift Name + required: true objects: - kind: NetworkSecurityPolicy - apiVersion: secops.pathfinder.gov.bc.ca/v1alpha1 + apiVersion: secops.${OCP_NAME}.gov.bc.ca/v1alpha1 metadata: name: custom-interweb-to-frontend spec: @@ -26,7 +30,7 @@ objects: - role=frontend - env=${ENV_NAME} - kind: NetworkSecurityPolicy - apiVersion: secops.pathfinder.gov.bc.ca/v1alpha1 + apiVersion: secops.${OCP_NAME}.gov.bc.ca/v1alpha1 metadata: name: custom-frontend-to-backend spec: @@ -41,7 +45,7 @@ objects: - role=backend - env=${ENV_NAME} - kind: NetworkSecurityPolicy - apiVersion: secops.pathfinder.gov.bc.ca/v1alpha1 + apiVersion: secops.${OCP_NAME}.gov.bc.ca/v1alpha1 metadata: name: custom-backend-to-patroni spec: @@ -56,7 +60,7 @@ objects: - role=patroni - env=${ENV_NAME} - kind: NetworkSecurityPolicy - apiVersion: secops.pathfinder.gov.bc.ca/v1alpha1 + apiVersion: secops.${OCP_NAME}.gov.bc.ca/v1alpha1 metadata: name: custom-pods-to-ocp-api spec: @@ -69,7 +73,7 @@ objects: destination: - - int:network=internal-cluster-api-endpoint - kind: NetworkSecurityPolicy - apiVersion: secops.pathfinder.gov.bc.ca/v1alpha1 + apiVersion: secops.${OCP_NAME}.gov.bc.ca/v1alpha1 metadata: name: custom-backend-to-keycloak spec: diff --git a/openshift/templates/nsp/nsp-tools.yaml b/openshift/templates/nsp/nsp-tools.yaml index 121290cd7..5ab4a7c72 100644 --- a/openshift/templates/nsp/nsp-tools.yaml +++ b/openshift/templates/nsp/nsp-tools.yaml @@ -7,13 +7,13 @@ metadata: name: zeva-nsp creationTimestamp: parameters: - - name: ENV_NAME - displayName: Environment Name - description: Environment Name - required: true + - name: OCP_NAME + displayName: Openshift Name + description: Openshift Name + required: true objects: - kind: NetworkSecurityPolicy - apiVersion: secops.pathfinder.gov.bc.ca/v1alpha1 + apiVersion: secops.${OCP_NAME}.gov.bc.ca/v1alpha1 metadata: name: pods-to-external-network labels: @@ -28,7 +28,7 @@ objects: destination: - - ext:network=any - kind: NetworkSecurityPolicy - apiVersion: secops.pathfinder.gov.bc.ca/v1alpha1 + apiVersion: secops.${OCP_NAME}.gov.bc.ca/v1alpha1 metadata: name: pods-to-external-network labels: diff --git a/openshift/templates/nsp/quickstart-nsp.yaml b/openshift/templates/nsp/quickstart-nsp.yaml index f5f21cc85..672d1bfaa 100644 --- a/openshift/templates/nsp/quickstart-nsp.yaml +++ b/openshift/templates/nsp/quickstart-nsp.yaml @@ -11,9 +11,13 @@ parameters: displayName: Environment Name description: Environment Name required: true + - name: OCP_NAME + displayName: Openshift Name + description: Openshift Name + required: true objects: - kind: NetworkSecurityPolicy - apiVersion: secops.pathfinder.gov.bc.ca/v1alpha1 + apiVersion: secops.${OCP_NAME}.gov.bc.ca/v1alpha1 metadata: name: egress-internet spec: @@ -24,7 +28,7 @@ objects: destination: - - ext:network=any - kind: NetworkSecurityPolicy - apiVersion: secops.pathfinder.gov.bc.ca/v1alpha1 + apiVersion: secops.${OCP_NAME}.gov.bc.ca/v1alpha1 metadata: name: intra-namespace-comms spec: @@ -35,7 +39,7 @@ objects: destination: - - $namespace=tbiwaq-${ENV_NAME} - kind: NetworkSecurityPolicy - apiVersion: secops.pathfinder.gov.bc.ca/v1alpha1 + apiVersion: secops.${OCP_NAME}.gov.bc.ca/v1alpha1 metadata: name: int-cluster-k8s-api-comms spec: diff --git a/openshift/templates/python-backend/python-backend-dc.yaml b/openshift/templates/python-backend/python-backend-dc.yaml index fdf9938b2..3da644b3f 100644 --- a/openshift/templates/python-backend/python-backend-dc.yaml +++ b/openshift/templates/python-backend/python-backend-dc.yaml @@ -38,6 +38,10 @@ parameters: displayName: Postgresql database password description: Postgresql database password required: true + - name: OCP_NAME + displayName: Openshift Name + description: Openshift Name + required: true objects: - apiVersion: v1 kind: Service @@ -96,13 +100,13 @@ objects: - name: DATABASE_URL value: "postgresql://${POSTGRESQL_USER}:${POSTGRESQL_PASSWORD}@postgresql.tbiwaq-${ENV_NAME}.svc.cluster.local/zeva" - name: KEYCLOAK_CERTS_URL - value: "https://sso${DASH_ENV_NAME}.pathfinder.gov.bc.ca/auth/realms/rzh2zkjq/protocol/openid-connect/certs" + value: "https://sso${DASH_ENV_NAME}.${OCP_NAME}.gov.bc.ca/auth/realms/rzh2zkjq/protocol/openid-connect/certs" - name: KEYCLOAK_REALM - value: "https://sso${DASH_ENV_NAME}.pathfinder.gov.bc.ca/auth/realms/rzh2zkjq" + value: "https://sso${DASH_ENV_NAME}.${OCP_NAME}.gov.bc.ca/auth/realms/rzh2zkjq" - name: KEYCLOAK_AUTHORITY - value: "https://sso${DASH_ENV_NAME}.pathfinder.gov.bc.ca/auth/realms/rzh2zkjq" + value: "https://sso${DASH_ENV_NAME}.${OCP_NAME}.gov.bc.ca/auth/realms/rzh2zkjq" - name: KEYCLOAK_ISSUER - value: "https://sso${DASH_ENV_NAME}.pathfinder.gov.bc.ca/auth/realms/rzh2zkjq" + value: "https://sso${DASH_ENV_NAME}.${OCP_NAME}.gov.bc.ca/auth/realms/rzh2zkjq" - name: KEYCLOAK_AUDIENCE value: 'rzh2zkjq' - name: KEYCLOAK_CLIENT_ID diff --git a/openshift/templates/rabbitmq/README.md b/openshift/templates/rabbitmq/README.md index 9e935c4e7..f4252a3be 100644 --- a/openshift/templates/rabbitmq/README.md +++ b/openshift/templates/rabbitmq/README.md @@ -18,4 +18,5 @@ oc process -f ./secret-template.yaml | oc create -f - -n [environment namespace] oc process -f ./rabbitmq-web-route.yaml NAME=zeva \ ENV_NAME=dev \ SUFFIX=-dev-133 \ +OCP_NAME=pathfinder \ | oc create -f - -n [environment namespace] diff --git a/openshift/templates/rabbitmq/rabbitmq-web-route.yaml b/openshift/templates/rabbitmq/rabbitmq-web-route.yaml index b93f8cadd..8c5db45e1 100644 --- a/openshift/templates/rabbitmq/rabbitmq-web-route.yaml +++ b/openshift/templates/rabbitmq/rabbitmq-web-route.yaml @@ -24,6 +24,10 @@ parameters: description: rabbitmq cluster name value: rabbitmq-cluster required: true +- name: OCP_NAME + displayName: openshift name + description: openshift name + required: true objects: - apiVersion: route.openshift.io/v1 kind: Route @@ -36,7 +40,7 @@ objects: env: ${ENV_NAME} name: ${NAME}-rabbitmq-web${SUFFIX} spec: - host: ${NAME}-rabbitmq-web${SUFFIX}.pathfinder.gov.bc.ca + host: ${NAME}-rabbitmq-web${SUFFIX}.${OCP_NAME}.gov.bc.ca port: targetPort: web tls: diff --git a/openshift/templates/schemaspy/schemaspy-dc.yaml b/openshift/templates/schemaspy/schemaspy-dc.yaml index f8f8bff20..e928163c9 100644 --- a/openshift/templates/schemaspy/schemaspy-dc.yaml +++ b/openshift/templates/schemaspy/schemaspy-dc.yaml @@ -39,6 +39,10 @@ parameters: displayName: description: readyness and liveness initial delay seconds required: true + - name: OCP_NAME + displayName: Openshift name + description: Openshift name + required: true objects: - kind: DeploymentConfig apiVersion: apps.openshift.io/v1 @@ -174,7 +178,7 @@ objects: name: schemaspy-public${SUFFIX} creationTimestamp: spec: - host: schemaspy-public${SUFFIX}.pathfinder.gov.bc.ca + host: schemaspy-public${SUFFIX}.${OCP_NAME}.gov.bc.ca to: kind: Service name: schemaspy-public${SUFFIX}