From bf70830ab506e5759c77addb07fa27ec9e225203 Mon Sep 17 00:00:00 2001
From: Kuan Fan <31664961+kuanfandevops@users.noreply.github.com>
Date: Wed, 23 Oct 2024 15:59:18 -0700
Subject: [PATCH] cleanup templates and pipelines (#2333)
---
backend/.s2i/bin/assemble | 129 -----------------
backend/.s2i/environment | 1 -
frontend/.s2i/bin/assemble | 130 -----------------
openshift/templates/backend/backend-bc.yaml | 84 -----------
openshift/templates/knp/1-base.yaml | 30 ----
openshift/templates/knp/2-apps.yaml | 59 --------
openshift/templates/knp/3-spilo.yaml | 86 -----------
openshift/templates/knp/README.md | 13 --
openshift/templates/knp/Zeva-Git-Model.drawio | 1 -
openshift/templates/knp/knp-diagram.drawio | 134 ------------------
openshift/templates/knp/knp-quick-start.yaml | 60 --------
11 files changed, 727 deletions(-)
delete mode 100755 backend/.s2i/bin/assemble
delete mode 100644 backend/.s2i/environment
delete mode 100755 frontend/.s2i/bin/assemble
delete mode 100644 openshift/templates/backend/backend-bc.yaml
delete mode 100644 openshift/templates/knp/1-base.yaml
delete mode 100644 openshift/templates/knp/2-apps.yaml
delete mode 100644 openshift/templates/knp/3-spilo.yaml
delete mode 100644 openshift/templates/knp/README.md
delete mode 100644 openshift/templates/knp/Zeva-Git-Model.drawio
delete mode 100644 openshift/templates/knp/knp-diagram.drawio
delete mode 100644 openshift/templates/knp/knp-quick-start.yaml
diff --git a/backend/.s2i/bin/assemble b/backend/.s2i/bin/assemble
deleted file mode 100755
index ae8d905f8..000000000
--- a/backend/.s2i/bin/assemble
+++ /dev/null
@@ -1,129 +0,0 @@
-#!/bin/bash
-
-function is_django_installed() {
- python -c "import django" &>/dev/null
-}
-
-function should_collectstatic() {
- is_django_installed && [[ -z "$DISABLE_COLLECTSTATIC" ]]
-}
-
-function virtualenv_bin() {
- # New versions of Python (>3.6) should use venv module
- # from stdlib instead of virtualenv package
- python3.9 -m venv $1
-}
-
-# Install pipenv or micropipenv to the separate virtualenv to isolate it
-# from system Python packages and packages in the main
-# virtualenv. Executable is simlinked into ~/.local/bin
-# to be accessible. This approach is inspired by pipsi
-# (pip script installer).
-function install_tool() {
- echo "---> Installing $1 packaging tool ..."
- VENV_DIR=$HOME/.local/venvs/$1
- virtualenv_bin "$VENV_DIR"
- # First, try to install the tool without --isolated which means that if you
- # have your own PyPI mirror, it will take it from there. If this try fails, try it
- # again with --isolated which ignores external pip settings (env vars, config file)
- # and installs the tool from PyPI (needs internet connetion).
- # $1$2 combines package name with [extras] or version specifier if is defined as $2```
- if ! $VENV_DIR/bin/pip install -U $1$2; then
- echo "WARNING: Installation of $1 failed, trying again from official PyPI with pip --isolated install"
- $VENV_DIR/bin/pip install --isolated -U $1$2 # Combines package name with [extras] or version specifier if is defined as $2```
- fi
- mkdir -p $HOME/.local/bin
- ln -s $VENV_DIR/bin/$1 $HOME/.local/bin/$1
-}
-
-set -e
-
-# First of all, check that we don't have disallowed combination of ENVs
-if [[ ! -z "$ENABLE_PIPENV" && ! -z "$ENABLE_MICROPIPENV" ]]; then
- echo "ERROR: Pipenv and micropipenv cannot be enabled at the same time!"
- # podman/buildah does not relay this exit code but it will be fixed hopefuly
- # https://github.com/containers/buildah/issues/2305
- exit 3
-fi
-
-shopt -s dotglob
-echo "---> Installing application source ..."
-mv /tmp/src/* "$HOME"
-
-# set permissions for any installed artifacts
-fix-permissions /opt/app-root -P
-
-
-if [[ ! -z "$UPGRADE_PIP_TO_LATEST" ]]; then
- echo "---> Upgrading pip, setuptools and wheel to latest version ..."
- if ! pip install -U pip setuptools wheel; then
- echo "WARNING: Installation of the latest pip, setuptools and wheel failed, trying again from official PyPI with pip --isolated install"
- pip install --isolated -U pip setuptools wheel
- fi
-fi
-
-if [[ ! -z "$ENABLE_PIPENV" ]]; then
- if [[ ! -z "$PIN_PIPENV_VERSION" ]]; then
- # Add == as a prefix to pipenv version, if defined
- PIN_PIPENV_VERSION="==$PIN_PIPENV_VERSION"
- fi
- install_tool "pipenv" "$PIN_PIPENV_VERSION"
- echo "---> Installing dependencies via pipenv ..."
- if [[ -f Pipfile ]]; then
- pipenv install --deploy
- elif [[ -f requirements.txt ]]; then
- pipenv install -r requirements.txt
- fi
- # pipenv check
-elif [[ ! -z "$ENABLE_MICROPIPENV" ]]; then
- install_tool "micropipenv" "[toml]"
- echo "---> Installing dependencies via micropipenv ..."
- # micropipenv detects Pipfile.lock and requirements.txt in this order
- micropipenv install --deploy
-elif [[ -f requirements.txt ]]; then
- if [[ -z "${ARTIFACTORY_USER}" ]]; then
- echo "---> Installing dependencies from external repo ..."
- pip install -r requirements.txt
- else
- echo "---> Installing dependencies from artifactory ..."
- # pip install -i https://$ARTIFACTORY_USER:$ARTIFACTORY_PASSWORD@artifacts.developer.gov.bc.ca/artifactory/api/pypi/pypi-remote/simple -r requirements.txt
- pip install -r requirements.txt
- fi
-fi
-
-if [[ -f setup.py && -z "$DISABLE_SETUP_PY_PROCESSING" ]]; then
- echo "---> Installing application ..."
- pip install .
-fi
-
-if should_collectstatic; then
- (
- echo "---> Collecting Django static files ..."
-
- APP_HOME=$(readlink -f "${APP_HOME:-.}")
- # Change the working directory to APP_HOME
- PYTHONPATH="$(pwd)${PYTHONPATH:+:$PYTHONPATH}"
- cd "$APP_HOME"
-
- # Look for 'manage.py' in the current directory
- manage_file=./manage.py
-
- if [[ ! -f "$manage_file" ]]; then
- echo "WARNING: seems that you're using Django, but we could not find a 'manage.py' file."
- echo "'manage.py collectstatic' ignored."
- exit
- fi
-
- if ! python $manage_file collectstatic --dry-run --noinput &> /dev/null; then
- echo "WARNING: could not run 'manage.py collectstatic'. To debug, run:"
- echo " $ python $manage_file collectstatic --noinput"
- echo "Ignore this warning if you're not serving static files with Django."
- exit
- fi
-
- python $manage_file collectstatic --noinput
- )
-fi
-
-# set permissions for any installed artifacts
-fix-permissions /opt/app-root -P
\ No newline at end of file
diff --git a/backend/.s2i/environment b/backend/.s2i/environment
deleted file mode 100644
index 18f3b0467..000000000
--- a/backend/.s2i/environment
+++ /dev/null
@@ -1 +0,0 @@
-DISABLE_MIGRATE=1
diff --git a/frontend/.s2i/bin/assemble b/frontend/.s2i/bin/assemble
deleted file mode 100755
index 19faefa24..000000000
--- a/frontend/.s2i/bin/assemble
+++ /dev/null
@@ -1,130 +0,0 @@
-sh-5.1$ cat assemble
-#!/bin/bash
-
-# Prevent running assemble in builders different than official STI image.
-# The official nodejs:8-onbuild already run npm install and use different
-# application folder.
-[ -d "/usr/src/app" ] && exit 0
-
-set -e
-
-# FIXME: Linking of global modules is disabled for now as it causes npm failures
-# under RHEL7
-# Global modules good to have
-# npmgl=$(grep "^\s*[^#\s]" ../etc/npm_global_module_list | sort -u)
-# Available global modules; only match top-level npm packages
-#global_modules=$(npm ls -g 2> /dev/null | perl -ne 'print "$1\n" if /^\S+\s(\S+)\@[\d\.-]+/' | sort -u)
-# List all modules in common
-#module_list=$(/usr/bin/comm -12 <(echo "${global_modules}") | tr '\n' ' ')
-# Link the modules
-#npm link $module_list
-
-safeLogging () {
- if [[ $1 =~ http[s]?://.*@.*$ ]]; then
- echo $1 | sed 's/^.*@/redacted@/'
- else
- echo $1
- fi
-}
-
-shopt -s dotglob
-if [ -d /tmp/artifacts ] && [ "$(ls /tmp/artifacts/ 2>/dev/null)" ]; then
- echo "---> Restoring previous build artifacts ..."
- mv -T --verbose /tmp/artifacts/node_modules "${HOME}/node_modules"
-fi
-
-echo "---> Installing application source ..."
-mv /tmp/src/* ./
-
-# Fix source directory permissions
-fix-permissions ./
-
-if [ ! -z $HTTP_PROXY ]; then
- echo "---> Setting npm http proxy to" $(safeLogging $HTTP_PROXY)
- npm config set proxy $HTTP_PROXY
-fi
-
-if [ ! -z $http_proxy ]; then
- echo "---> Setting npm http proxy to" $(safeLogging $http_proxy)
- npm config set proxy $http_proxy
-fi
-
-if [ ! -z $HTTPS_PROXY ]; then
- echo "---> Setting npm https proxy to" $(safeLogging $HTTPS_PROXY)
- npm config set https-proxy $HTTPS_PROXY
-fi
-
-if [ ! -z $https_proxy ]; then
- echo "---> Setting npm https proxy to" $(safeLogging $https_proxy)
- npm config set https-proxy $https_proxy
-fi
-
-# Change the npm registry mirror if provided
-if [ -n "$NPM_MIRROR" ]; then
- npm config set registry $NPM_MIRROR
-fi
-
-# Set the DEV_MODE to false by default.
-if [ -z "$DEV_MODE" ]; then
- export DEV_MODE=false
-fi
-
-# If NODE_ENV is not set by the user, then NODE_ENV is determined by whether
-# the container is run in development mode.
-if [ -z "$NODE_ENV" ]; then
- if [ "$DEV_MODE" == true ]; then
- export NODE_ENV=development
- else
- export NODE_ENV=production
- fi
-fi
-
-if [ "$NODE_ENV" != "production" ]; then
-
- echo "---> Building your Node application from source"
- npm install
-
-else
-
- echo "---> Have to set DEV_MODE and NODE_ENV to empty otherwise the deployment can not be started"
- echo "---> It'll have error like can not resolve source-map-loader..."
- export DEV_MODE=""
- export NODE_ENV=""
-
- if [[ -z "${ARTIFACTORY_USER}" ]]; then
- echo "---> Installing all dependencies from external repo"
- else
- echo "---> Installing all dependencies from Artifactory"
- npm config set registry https://artifacts.developer.gov.bc.ca/artifactory/api/npm/npm-remote/
- curl -u $ARTIFACTORY_USER:$ARTIFACTORY_PASSWORD https://artifacts.developer.gov.bc.ca/artifactory/api/npm/auth >> ~/.npmrc
- fi
-
- echo "---> Installing all dependencies"
- NODE_ENV=development npm install
-
- #do not fail when there is no build script
- echo "---> Building in production mode"
- npm run build --if-present
-
- echo "---> Pruning the development dependencies"
- npm prune
-
- NPM_TMP=$(npm config get tmp)
- if ! mountpoint $NPM_TMP; then
- echo "---> Cleaning the $NPM_TMP/npm-*"
- rm -rf $NPM_TMP/npm-*
- fi
-
- # Clear the npm's cache and tmp directories only if they are not a docker volumes
- NPM_CACHE=$(npm config get cache)
- if ! mountpoint $NPM_CACHE; then
- echo "---> Cleaning the npm cache $NPM_CACHE"
- #As of npm@5 even the 'npm cache clean --force' does not fully remove the cache directory
- # instead of $NPM_CACHE* use $NPM_CACHE/*.
- # We do not want to delete .npmrc file.
- rm -rf "${NPM_CACHE:?}/"
- fi
-fi
-
-# Fix source directory permissions
-fix-permissions ./
\ No newline at end of file
diff --git a/openshift/templates/backend/backend-bc.yaml b/openshift/templates/backend/backend-bc.yaml
deleted file mode 100644
index 280c4f925..000000000
--- a/openshift/templates/backend/backend-bc.yaml
+++ /dev/null
@@ -1,84 +0,0 @@
-apiVersion: template.openshift.io/v1
-kind: Template
-metadata:
- creationTimestamp: null
- name: zeva-backend-bc
-parameters:
- - name: NAME
- displayName:
- description: the module name entered when run yo bcdk:pipeline, which is zeva
- required: true
- - name: SUFFIX
- displayName:
- description: sample is -pr-0
- required: true
- - name: VERSION
- displayName:
- description: image tag name for output
- required: true
- - name: GIT_URL
- displayName:
- description: zeva repo
- required: true
- - name: GIT_REF
- displayName:
- description: zeva branch name of the pr
- required: true
-objects:
- - apiVersion: build.openshift.io/v1
- kind: BuildConfig
- metadata:
- annotations:
- description: Defines how to build the application
- creationTimestamp: null
- name: ${NAME}-backend${SUFFIX}
- labels:
- shared: "true"
- spec:
- nodeSelector: null
- output:
- to:
- kind: ImageStreamTag
- name: ${NAME}-backend:${VERSION}
- postCommit: {}
- resources:
- limits:
- cpu: 1000m
- memory: 2Gi
- requests:
- cpu: 500m
- memory: 1Gi
- runPolicy: SerialLatestOnly
- source:
- contextDir: backend
- git:
- ref: ${GIT_REF}
- uri: ${GIT_URL}
- type: Git
- strategy:
- sourceStrategy:
- env:
- - name: ARTIFACTORY_USER
- valueFrom:
- secretKeyRef:
- name: artifacts-zeva-artifactory-service-account-xgchey
- key: username
- - name: ARTIFACTORY_PASSWORD
- valueFrom:
- secretKeyRef:
- name: artifacts-zeva-artifactory-service-account-xgchey
- key: password
- from:
- kind: ImageStreamTag
- name: python-39:1-74
- pullSecret:
- name: zeva-image-pull-secret
- forcePull: true
- noCache: true
- type: Source
- triggers:
- - imageChange: {}
- type: ImageChange
- - type: ConfigChange
- status:
- lastVersion: 0
\ No newline at end of file
diff --git a/openshift/templates/knp/1-base.yaml b/openshift/templates/knp/1-base.yaml
deleted file mode 100644
index 804b11a91..000000000
--- a/openshift/templates/knp/1-base.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
----
-apiVersion: template.openshift.io/v1
-kind: Template
-labels:
- template: zeva-network-policy
-metadata:
- name: zeva-network-policy
-parameters:
- - name: ENVIRONMENT
- displayName: null
- description: such as dev, test or prod
- required: true
-objects:
- - apiVersion: networking.k8s.io/v1
- kind: NetworkPolicy
- metadata:
- name: allow-from-openshift-ingress
- spec:
- # This policy allows any pod with a route & service combination
- # to accept traffic from the OpenShift router pods. This is
- # required for things outside of OpenShift (like the Internet)
- # to reach your pods.
- ingress:
- - from:
- - namespaceSelector:
- matchLabels:
- network.openshift.io/policy-group: ingress
- podSelector: {}
- policyTypes:
- - Ingress
diff --git a/openshift/templates/knp/2-apps.yaml b/openshift/templates/knp/2-apps.yaml
deleted file mode 100644
index 890ba059f..000000000
--- a/openshift/templates/knp/2-apps.yaml
+++ /dev/null
@@ -1,59 +0,0 @@
----
-apiVersion: template.openshift.io/v1
-kind: Template
-labels:
- template: zeva-network-policy
-metadata:
- name: zeva-network-policy
-parameters:
- - name: SUFFIX
- displayName: null
- description: such as -dev or -dev-1513
- required: true
- - name: ENVIRONMENT
- displayName: null
- description: such as dev, test or prod
- required: true
-objects:
- - apiVersion: networking.k8s.io/v1
- kind: NetworkPolicy
- metadata:
- name: allow-backend-accepts-${ENVIRONMENT}
- spec:
- ## Allow backend to accept communication from frontend
- ## Allow backend to accept communication from schemaspy
- podSelector:
- matchLabels:
- app.kubernetes.io/instance: zeva-backend${SUFFIX}
- ingress:
- - from:
- - podSelector:
- matchLabels:
- app.kubernetes.io/instance: zeva-frontend${SUFFIX}
- ports:
- - protocol: TCP
- port: 8080
- - from:
- - podSelector:
- matchLabels:
- name: schemaspy-public-${ENVIRONMENT}
- ports:
- - protocol: TCP
- port: 8080
- - apiVersion: networking.k8s.io/v1
- kind: NetworkPolicy
- metadata:
- name: allow-minio-accepts-backend
- spec:
- ## Allow minio to accept communication from backend
- podSelector:
- matchLabels:
- app: zeva-minio-${ENVIRONMENT}
- ingress:
- - from:
- - podSelector:
- matchLabels:
- app.kubernetes.io/instance: zeva-backend${SUFFIX}
- ports:
- - protocol: TCP
- port: 9000
diff --git a/openshift/templates/knp/3-spilo.yaml b/openshift/templates/knp/3-spilo.yaml
deleted file mode 100644
index 5c6910915..000000000
--- a/openshift/templates/knp/3-spilo.yaml
+++ /dev/null
@@ -1,86 +0,0 @@
----
-apiVersion: template.openshift.io/v1
-kind: Template
-labels:
- template: zeva-spilo-network-policy
-metadata:
- name: zeva-spilo-network-policy
-parameters:
- - name: SUFFIX
- displayName: null
- description: such as -dev or -dev-1513
- required: true
- - name: ENVIRONMENT
- displayName: null
- description: such as dev, test or prod
- required: true
-objects:
- - apiVersion: networking.k8s.io/v1
- kind: NetworkPolicy
- metadata:
- name: allow-zeva-spilo-accepts-${ENVIRONMENT}
- spec:
- ## Allow zeva-spilo to accept communications from backend
- ## Allow zeva-spilo to accept communications from backend-mid
- ## Allow zeva-spilo to accept communications from schema-public
- ## Allow zeva-spilo to accept communications from schema-audit
- ## Allow zeva-spilo to accept communications from backup-container
- ## Allow zeva-spilo to accept communications from backup cronjob
- ## Allow zeva-spilo to accept communications from metabase from cthub
- podSelector:
- matchLabels:
- app.kubernetes.io/instance: zeva-spilo${SUFFIX}
- ingress:
- - from:
- - podSelector:
- matchLabels:
- app.kubernetes.io/instance: zeva-backend${SUFFIX}
- ports:
- - protocol: TCP
- port: 5432
- - from:
- - podSelector:
- matchLabels:
- openshift.io/deployer-pod.type: hook-mid
- ports:
- - protocol: TCP
- port: 5432
- - from:
- - podSelector:
- matchLabels:
- name: zeva-schema-spy-public-${ENVIRONMENT}
- ports:
- - protocol: TCP
- port: 5432
- - from:
- - podSelector:
- matchLabels:
- name: zeva-schema-spy-audit-${ENVIRONMENT}
- ports:
- - protocol: TCP
- port: 5432
- - from:
- - podSelector:
- matchLabels:
- name: patroni-backup
- ports:
- - protocol: TCP
- port: 5432
- - from:
- - podSelector:
- matchLabels:
- cronjob: zeva-db-backup
- ports:
- - protocol: TCP
- port: 5432
- - from:
- - namespaceSelector:
- matchLabels:
- name: 30b186
- environment: ${ENVIRONMENT}
- - podSelector:
- matchLabels:
- app: metabase
- ports:
- - protocol: TCP
- port: 5432
diff --git a/openshift/templates/knp/README.md b/openshift/templates/knp/README.md
deleted file mode 100644
index dd97e45ef..000000000
--- a/openshift/templates/knp/README.md
+++ /dev/null
@@ -1,13 +0,0 @@
-# Quick Start allow all network policies
-
-## knp-quick-start.yaml
-It has the following three policies, these policies will open all communications. Typically they can be applied at the early stage of the project during the development phase.
-* deny-by-default
-* allow-from-openshift-ingress
-* allow-all-internal
-
-# Application Network Security Policies
-Applying the following policies allows Zeva applications communicated properly under security rules.
-* 1-base.yaml
-* 2-apps.yaml
-* 3-spilo.yaml
diff --git a/openshift/templates/knp/Zeva-Git-Model.drawio b/openshift/templates/knp/Zeva-Git-Model.drawio
deleted file mode 100644
index c3717357e..000000000
--- a/openshift/templates/knp/Zeva-Git-Model.drawio
+++ /dev/null
@@ -1 +0,0 @@
-7V1bl5vIEf41Osk+jA7d3B89Y2eTEzvxWduJvS85jMRIxIzQIsYzzq9PIy6CrtII3bpaoBdbtIBBdev6vqpuRubd48uvabCcf0imYTzixvRlZL4dce5xT/ybD/wsBizTLwZmaTQththm4FP0v7AcNMrRp2garlonZkkSZ9GyPThJFotwkrXGgjRNntunPSRx+68ug1kIBj5NghiO/juaZvPyZ9nGZvyvYTSbV3+ZGeU3j0F1cjmwmgfT5LkxZL4bmXdpkmTFp8eXuzDOZVfJpbjuL1u+rR8sDRdZlwsmYXq79Cz372n2n48u//D9/fsfN8wsHy77Wf3icCoEUB4maTZPZskiiN9tRm/T5GkxDfPbGuJoc877JFmKQSYG/xtm2c9Sm8FTloihefYYl9+GL1H2tfH5W36rsV0evX0p77w++FkdLLL059fmQeOq/HBz2fqouq74ffmP2iq3cmiVPKWT8DVhWaUBBukszF470a31K/wiTB5D8UTiwjSMgyz60X6SoLTQWX3eRoniQ6nHfXRaPuaPIH4q/9Qdg2qOY+FDuTqf51EWfloG69/+LLy4raxgtSwc6yF6yZVeSvRHmGbhy+syhRKoLmCeXVxThgXTKr3keeNkbjk0b/hXNXZ6odlXR+juCG5XR/BIHcGh1OlGj98a3+zS6UaN31pa1EenjcnrMJ2Wl35MIvGMm5Bg+kYrJNhM8vXiycrLJNOon+MIa3Fh2OSahU3T1i1selBoSEpBKjSb6SY0/zrXdI5LVfq8Oy6ZlHNN9ZhNR3ijmSPI0cPyiB2h+g0NoT0tV1kaBo/ifkJxYbAKb9jYdMcGkKUQRNYWmrgy+R7eJXGSipFFssgF/RDFsTQUxNFsIQ4nQnChGL/NxRoJzPem/OIxmk7jbVpqO+Ip9GKYUoByoF6YhSjGPJtiOFBMkkazaCHu9hAG2VMa3nx/ChY9Vgo32kqp05GmUjiiFDltOZ1STBhibjULMbahW4iBYDiYTnMmKBIS48aXL1/YOHvJemzJteVWloyEF0dpdLFf10kcCdGtwr6rhbfVYiEBRq1aSOHypaWlXeGyeSxcPk6nCKjVjwtsO4LjUs8Z3tUROjuC2RWfmVvMQJEjkGJuY+wwt6HXG2N8HkIwv8nHMI2E0PI57uTK9roq+1gwvo0klOoGniUFgTOThCYC8/UjCTWLpyaE+RqShLoJDTGr6yT0arjpEpccyknIRBC8biShzJZ7CFpU6wgQwQ+TJJQClA/1opYkNCGMHxpJaDptZ/ENRClKSULTgSFGN5LQcXQLMRAlD40krPOdypJtqBOlbJQJK8tDJAml2dhFatdq1eIDtcDospi+yVsvN2KdBqv5Wi6srRZMYLsTQiiuhjRsRBrV2LHo0/Db2nBkMReJKkCf8E4O33GnM+PYyoxaanTi3GtWy3zKbujT+eMp71G9fUgW2c1qjRxE0mowvnwR/631ZtwHk++ztTZvJoVH5aeks/s/c8vLz+LiOQ1u+ZvPtvHL5t7i0yz/P3jI3S7X1L3I6qpHEj+xeKriJGhwwmTeB/dhLE1enZ05DcXvCu7X98t/0TKX+1oT9u3IfvuaM5eNx+XFo7rdt2m1r3jSVte/McaG4/otK+HHmXF1SvLwsArPY1YI0teNbjakmY4ZSPrxWhQ5eUy1OJAaGzN7bIxhbO3P1Ab1YEI9YICGn00PNM3wFX1SHyinT6yuje0WKYdvIY3tSPZBW8zSL7pAmC6ii9NrsoS59kiz2ILgct048FoildQYAgLV2i4E5h+C1TpF7K3tGoYcQSpjJrNdCMVFBOk33coc2RccqAVfqRYg8h6Pxz1Wgcx40wfxKs51JD8mcbBaRZMu6V598Epd/2vj87fGZ7wqNzpheljOXbvTQwvXqCJ6xpTnr9pB9+Zn5MVIm7lREUFjI7BZYb/K6IDyLx1+sXlXAyUt/1aP2cwBLahm2uYROeiS54A26RL1S/OErki+sEUyT0CQPLIAm9QTLK6dJ0Akrx+7KufNnFxqEHkPgV0FeuDUybNLEsc1iMldm2YL/yaLychSbgTe0LKr+kUXiMr7z65K/Tv0scWBwFw/dtXTzXYdWK3tO7vqA1yP0HpqTReCwt6TqxYgapAAopRcdWBnds/JVRnd0MdwiAlhBD+IXN2d7R2C9kenyxCr6Wt3hrhlPy1VBKtMDtXL+/cnWOXZ0FLcAeeQbvh2YbSS07UCUFgyFYRxkCK7dgSr3CBCnwbSAPML9YSuYN4hLTU4CJjXjmDVDsw7tIvEj/aEXVXkE/qB2zVlcUi3AK0e89Wkkna9pYyFTKTLQakXuNfS8x5+wDv6gUuaGVWPqa8fODK2oPcDyAmwMfOGxcxgm6UqZWbcC9jNHBTbLGT3CLW2izZ9D67oaSHWq5TUcmn2VNNgXuy6P5q7pWdQ0bx4AZt+gyUl9NEFbQgfWNGTPrbA0rN+RU85q8M2H1VquxXvPOSip+URFz09WHnufdGzbh+sXQFZ11O/PkqNGiAqHFjVkzyIexBkwhDevyUl1dy1Oz3c8iotqoqna0iWcHjF05HnuDNXPD2kFHbl9bYJyz7SQNXgFw9pCdet4sm1Y0c82heDXZgndEbyWza0UeQJCJLXreJpyukHPRoi3er80jyha9Li0c4JCC+ABDza2j/TzRN8yAsUnNYYVhv6A4i4rRur5UNqIJunYb7l43OQP/pjKLyvx2wN5MwsZFdZtTpBMOl1ltgmrK57kXuk+ZKP7EWONAISv01Mu1kCVqMHFp1Ah0D9Hiuy6HTt5N4jOnXt5PZIF6P6SCc3AlVoo5N2dVkfYuDedyw5IB5Rb5fmw+o4tNxdlD7yHpaub4zSP7b4xKQ+qIfKbxboTOqD2dCSzerMpL6PgH3t2+Owd5coDZR1mXXg/XEOkk8rjZXMoGk2p0/EmMG7RktSnFg/p9YtchpGGLR7fGA9chrEF6R9XPsmOQ8h/BRbL6wrD65LzjWIgYSYr7EYMrA2OY8Rb7zMDAirB9Ymp0EcPwWovrw+uXr+2pkllnmaPp1yvmwMh3fKeTI+PzOoZsaFLwRXi2SqWv7hNqoIylQPelHdcvRQhqHd+r1vjdAPzDBkzruGpa3S6lqILydZurCElOK1a12UG7boMSq79rPv4w1dG9pLc6TzBqSlXbf2RVBB0sAbkIq59oUg7C3TisWGlswHVwiqwRpdbkPTia5DZO7aVl76OF1kRmrNSEaqVyWIPsRwiDqHVwmiDzAcotg780+ama9MfXEDkZti8+VAboMrBfnUu8QzjpaT+10KsuUyhI9QYWpLQRyWkwdWCtIgkEOACKN4PzeKryex3bki12vjhBwit29ycDlIjCguB/HrevF9bLTrgvESUJDhGY4sGde+HKQBntm2+9uwykEaTITXKvUeYamaNDpMnVtMQVFYqh60VQ7SDajKm/drAFRNmlbyS3UH3tUdCnukcwfIP9w5urmDvIu/Du4AGYPPz8motVC5x/O16cnztUc9X5tIL7puS+4dWwZb5JVN8xR4/xLfsVIbTIcYzXG1qkL7rhz+Dkb78mvXuaEa7Zto1z0sT/YnVjpA5kisVEu02ki1Rrd2Bllq1Mv/mQ1TJTa2rF4XCWQlUO9fxWxkedkwGhnsztOVTYuwbSQRQ3IKyuDC9Qsu2CtlLLvPwYXzNobQILggXX6aLWc1WVto2O51ii0X8vyPZQeDcZ8Gi8m8vyYsJ+bUb35gNqweiKgfBqvwRoSTdVeUE+eyvxfqcWbFp37riEvb3FnIitd6RbYiLcFWv173OcglZvJAX9HrQ1vvanfdQ6pM4qgoD3kFgH3oeyHkHaQsxW+FYM61bLKHfTq8s33SNmtXD6pxc4Nl6JYpOjTY/VJ9oTPeL4yRzhcQvK/ZAkvL184XkNKUvjzWNFjN13+XndrIj05IVBk5Qg2csrqISPgoi3dkaErOcLkw564gqZa45+Qa0Q4FIS+a/fjbiJuMW17hWQ3i4OZmxJ3gMZfTmjYQJ5Q0j/lmxBFeYfXHk5Bg/uCL6WhbR8RG5Gy305xaI/IG+Njb2GvxN1Ui10xPpxJkw9m34Y/jxHYCSQmTGLdnUPRdAQiJcjZRcWST2Y9pMiWXlS35uQaSgtXez+EqI5eU5WtoVUOtL/LOO+aWCT9VKsaxLXM128JCjgHkeIMjuyxCke1gPNtmXttsw0y/tax0BwNaY/Dd2++fDX90J0S37ROthhDlEiFqyRGwKyFqSoSoKbeSnZkQ5afYarKHhtid+aQ1RFPqYK1XKuxtiNWLPKqpXzEzzw2Yal8NcR/akdgQpSUyB79lxDIkQ5Qt+tyGiOybSWSILaM6xCpPaIh75KO0hujI/QVyIOtsiEwyRMX78nJkJ9KrIe5hiCXQvnxDrEAwmSFChHedmveYmokNUV6ud/jUzCRDVA1WkL1jr4a4V0TcsrpVkSHKYOXQdVMWlwzRV22IsMb++7t/5YWXX//2Wfz7IZmGMTBNPQpp5ZMfVX+Qtoeoc+ZmDydDDOl8RDGyke4/l+FiNY8ecsP5R/AYrnKprPqrFSbtQoSx9wxz7wO0Ig7TJMmabiV+1bywe/Pd/wE=
\ No newline at end of file
diff --git a/openshift/templates/knp/knp-diagram.drawio b/openshift/templates/knp/knp-diagram.drawio
deleted file mode 100644
index 9b032b9b6..000000000
--- a/openshift/templates/knp/knp-diagram.drawio
+++ /dev/null
@@ -1,134 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/openshift/templates/knp/knp-quick-start.yaml b/openshift/templates/knp/knp-quick-start.yaml
deleted file mode 100644
index e7a97a6b3..000000000
--- a/openshift/templates/knp/knp-quick-start.yaml
+++ /dev/null
@@ -1,60 +0,0 @@
----
-apiVersion: template.openshift.io/v1
-kind: Template
-labels:
- template: zeva-network-policy
-metadata:
- name: zeva-network-policy
-parameters:
- - name: ENVIRONMENT
- displayName: null
- description: such as dev, test or prod
- required: true
- - name: NAMESPACE_PREFIX
- displayName: null
- description: the namespace prefix
- required: true
-objects:
- - kind: NetworkPolicy
- apiVersion: networking.k8s.io/v1
- metadata:
- name: deny-by-default
- spec:
- # The default posture for a security first namespace is to
- # deny all traffic. If not added this rule will be added
- # by Platform Services during environment cut-over.
- podSelector: {}
- ingress: []
- - apiVersion: networking.k8s.io/v1
- kind: NetworkPolicy
- metadata:
- name: allow-from-openshift-ingress
- spec:
- # This policy allows any pod with a route & service combination
- # to accept traffic from the OpenShift router pods. This is
- # required for things outside of OpenShift (like the Internet)
- # to reach your pods.
- ingress:
- - from:
- - namespaceSelector:
- matchLabels:
- network.openshift.io/policy-group: ingress
- podSelector: {}
- policyTypes:
- - Ingress
- - apiVersion: networking.k8s.io/v1
- kind: NetworkPolicy
- metadata:
- name: allow-all-internal
- spec:
- # Allow all pods within the current namespace to communicate
- # to one another.
- ingress:
- - from:
- - namespaceSelector:
- matchLabels:
- environment: ${ENVIRONMENT}
- name: ${NAMESPACE_PREFIX}
- podSelector: {}
- policyTypes:
- - Ingress
\ No newline at end of file