Add dev, add ingress rules for stage/prod

ministryofjustice · Feb 16, 2022 · bdc9c28 · bdc9c28
1 parent faa9f09
commit bdc9c28
Show file tree

Hide file tree

Showing 7 changed files with 182 additions and 0 deletions.
diff --git a/deploy/development/deployment.yaml b/deploy/development/deployment.yaml
@@ -0,0 +1,109 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: prison-visits-public
+  labels:
+    app: prison-visits-public
+  annotations:
+    kubernetes.io/change-cause: "<to be filled in deploy job command>"
+spec:
+  replicas: 4
+  revisionHistoryLimit: 1
+  minReadySeconds: 10
+  strategy:
+    rollingUpdate:
+      maxSurge: 100%
+      maxUnavailable: 50%
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app: prison-visits-public
+  template:
+    metadata:
+      labels:
+        app: prison-visits-public
+    spec:
+      containers:
+      - name: prison-visits-public
+        image: 754256621582.dkr.ecr.eu-west-2.amazonaws.com/prison-visits-booking/prison-visits-public:latest
+        imagePullPolicy: Always
+        command: ['sh', '-c', "bundle exec puma -p 3000 -C ./config/puma_prod.rb --pidfile /tmp/server.pid"]
+        ports:
+        - containerPort: 3000
+        livenessProbe:
+          httpGet:
+            path: /ping
+            port: 3000
+          initialDelaySeconds: 10
+          periodSeconds: 60
+        readinessProbe:
+          httpGet:
+            path: /ping
+            port: 3000
+          initialDelaySeconds: 10
+          periodSeconds: 60
+        resources:
+          limits:
+            memory: "500Mi"
+            cpu: "50m"
+          requests:
+            memory: "125Mi"
+            cpu: "15m"
+        env:
+        - name: SECRET_KEY_BASE
+          valueFrom:
+            secretKeyRef:
+              name: prison-visits-public-secrets
+              key: secret_key_base
+        - name: RAILS_ENV
+          value: "production"
+        - name: RAILS_SERVE_STATIC_FILES
+          value: "true"
+        - name: KUBERNETES_DEPLOYMENT
+          value: "true"
+        - name:  PRISON_VISITS_API
+          value: "https://prison-visits-booking-staff-dev.apps.live-1.cloud-platform.service.justice.gov.uk/"
+        - name: EMAIL_DOMAIN
+          value: "email-dev.pvb.dsd.io"
+        - name: STAFF_SERVICE_URL
+          value: "https://prison-visits-booking-staff-dev.apps.live-1.cloud-platform.service.justice.gov.uk"
+        - name: SERVICE_URL
+          value: "https://prison-visits-public-dev.apps.live-1.cloud-platform.service.justice.gov.uk"
+        - name: SENTRY_DSN
+          valueFrom:
+            secretKeyRef:
+              name: prison-visits-public-secrets
+              key: sentry_dsn
+        - name: SENTRY_JS_DSN
+          valueFrom:
+            secretKeyRef:
+              name: prison-visits-public-secrets
+              key: sentry_js_dsn
+        - name: GA_TRACKING_ID
+          valueFrom:
+            secretKeyRef:
+              name: prison-visits-public-secrets
+              key: ga_tracking_id
+        - name: WEB_CONCURRENCY
+          valueFrom:
+            secretKeyRef:
+              name: prison-visits-public-secrets
+              key: rails_web_concurrency
+      - name: prison-visits-public-metrics
+        image: 754256621582.dkr.ecr.eu-west-2.amazonaws.com/prison-visits-booking/prison-visits-public:latest
+        imagePullPolicy: Always
+        command: ['sh', '-c', "bundle exec prometheus_exporter"]
+        ports:
+        - containerPort: 9394
+        livenessProbe:
+          httpGet:
+            path: /metrics
+            port: 9394
+          initialDelaySeconds: 10
+          periodSeconds: 60
+        readinessProbe:
+          httpGet:
+            path: /metrics
+            port: 9394
+          initialDelaySeconds: 10
+          periodSeconds: 60
diff --git a/deploy/development/ingress.yaml b/deploy/development/ingress.yaml
@@ -0,0 +1,21 @@
+apiVersion: networking.k8s.io/v1beta1
+kind: Ingress
+metadata:
+  name: prison-visits-public
+  namespace: prison-visits-booking-dev
+  annotations:
+    external-dns.alpha.kubernetes.io/set-identifier: prison-visits-public-prison-visits-booking-dev-green
+    external-dns.alpha.kubernetes.io/aws-weight: "100"
+    kubernetes.io/ingress.class: "nginx"
+spec:
+  tls:
+  - hosts:
+    - prison-visits-public-dev.apps.live-1.cloud-platform.service.justice.gov.uk
+  rules:
+  - host: prison-visits-public-dev.apps.live-1.cloud-platform.service.justice.gov.uk
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: prison-visits-public
+          servicePort: 3000
diff --git a/deploy/development/network-policy.yaml b/deploy/development/network-policy.yaml
@@ -0,0 +1,16 @@
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: allow-prometheus-scraping-pvb-public
+  namespace: prison-visits-booking-dev
+spec:
+  podSelector:
+    matchLabels:
+      app: prison-visits-public
+  policyTypes:
+  - Ingress
+  ingress:
+  - from:
+    - namespaceSelector:
+        matchLabels:
+          component: monitoring
diff --git a/deploy/development/service-monitor.yaml b/deploy/development/service-monitor.yaml
@@ -0,0 +1,15 @@
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: prison-visits-public
+  namespace: prison-visits-booking-dev
+spec:
+  selector:
+    matchLabels:
+      app: prison-visits-public
+  namespaceSelector:
+    matchNames:
+    - prison-visits-booking-dev
+  endpoints:
+  - port: metrics
+    interval: 15s
diff --git a/deploy/development/service.yaml b/deploy/development/service.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: prison-visits-public
+  namespace: prison-visits-booking-dev
+  labels:
+    app: prison-visits-public
+spec:
+  ports:
+  - port: 3000
+    name: http
+    targetPort: 3000
+  - port: 9394
+    name: metrics
+    targetPort: 9394
+  selector:
+    app: prison-visits-public
diff --git a/deploy/production/ingress.yaml b/deploy/production/ingress.yaml
@@ -6,6 +6,8 @@ metadata:
   annotations:
     kubernetes.io/ingress.class: "nginx"
     nginx.ingress.kubernetes.io/temporal-redirect: https://www.gov.uk/prison-visits
+    external-dns.alpha.kubernetes.io/set-identifier: prison-visits-public-prison-visits-booking-production-blue
+    external-dns.alpha.kubernetes.io/aws-weight: "100"
 spec:
   tls:
   - hosts:

diff --git a/deploy/staging/ingress.yaml b/deploy/staging/ingress.yaml
@@ -4,6 +4,8 @@ metadata:
   name: prison-visits-public
   namespace: prison-visits-booking-staging
   annotations:
+    external-dns.alpha.kubernetes.io/set-identifier: prison-visits-public-prison-visits-booking-staging-blue
+    external-dns.alpha.kubernetes.io/aws-weight: "100"
     kubernetes.io/ingress.class: "nginx"
 spec:
   tls: