Azure devops test

Kubernetes-prod/Kubernetes-manifest/azure-board.yaml

@@ -0,0 +1,128 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: azure-board-processor
+  namespace: prod-knowhow
+  labels:
+    app: azure-board-processor
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: azure-board-processor
+  template:
+    metadata:
+      labels:
+        app: azure-board-processor
+    spec:
+      # initContainers:
+      # # - name: init-mongodb
+      # #   image: busybox:1.28
+      # #   command: ['sh', '-c', "until nslookup mongodb.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; do echo waiting for mongodb; sleep 2; done"]
+      # - name: init-customapi
+      #   image: busybox:1.28
+      #   command: ['sh', '-c', "until nslookup customapi.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; do echo waiting for customapi; sleep 2; done"]
+      containers:
+      - name: azure-board-processor
+        image: speedtools.azurecr.io/knowhow-azure-board-processor:9.4.0
+        imagePullPolicy: Always
+        env:
+            - name: spring.data.mongodb.uri
+              valueFrom:
+                secretKeyRef:
+                  name: prod-knhdbconnectionstring
+                  key: prod-knhdbconnectionstring
+            - name: spring.data.mongodb.host
+              valueFrom:
+                secretKeyRef:
+                  name: prod-knhdbhost
+                  key: prod-knhdbhost
+
+            - name: aesEncryptionKey
+              valueFrom:
+                secretKeyRef:
+                  name: knowhowaesencryptionkeynew
+                  key: knowhowaesencryptionkeynew
+            - name: auth.secret
+              valueFrom:
+                secretKeyRef:
+                  name: knowhow-auth-secret
+                  key: knowhow-auth-secret
+            - name: spring.data.mongodb.username
+              valueFrom:
+                secretKeyRef:
+                  name: prod-knhdbusername
+                  key: prod-knhdbusername
+            - name: spring.data.mongodb.password
+              valueFrom:
+                secretKeyRef:
+                  name: prod-knhdbpassword
+                  key: prod-knhdbpassword
+            - name: mongock.migration-scan-package
+              value: com.publicissapient.kpidashboard.apis.mongock.installation
+            # Adding cron expressions
+            - name: azure.cron
+              value: "0 0 */12 * * *"
+        resources:
+          requests:
+            memory: "250Mi"
+            cpu: "0.2"
+          limits:
+            memory: "1Gi"
+            cpu: "0.5"
+        ports:
+          - containerPort: 50017
+        readinessProbe:
+          tcpSocket:
+            port: 50017
+          initialDelaySeconds: 40   # Wait for 40 seconds before starting probes
+          periodSeconds: 30          # Check every 30 seconds
+        livenessProbe:
+          tcpSocket:
+            port: 50017
+          initialDelaySeconds: 40
+          periodSeconds: 30
+        envFrom:
+        - configMapRef:
+            name: knowhow-config
+        volumeMounts:
+            - name: knowhow-secrets-store
+              mountPath: "/mnt/prod-secrets-store"
+              readOnly: true
+            - name: azure-board-processor-log-volume
+              mountPath: /app/logs
+      - name: promtail
+        image: grafana/promtail:2.9.2
+        args: 
+          - -config.file=/etc/promtail/config/promtail.yaml
+        volumeMounts:
+          - name: azure-board-processor-log-volume
+            mountPath: /app/logs
+          - name: promtail-config
+            mountPath: /etc/promtail/config
+      volumes:
+        - name: knowhow-secrets-store
+          csi:
+            driver: secrets-store.csi.k8s.io
+            readOnly: true
+            volumeAttributes:
+              secretProviderClass: "prod-secretproviderclass"
+        - name: azure-board-processor-log-volume
+          emptyDir: {}
+        - name: promtail-config
+          configMap:
+            name: promtail-config
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: azure-board-processor
+  namespace: prod-knowhow
+spec:
+  selector:
+    app: azure-board-processor
+  ports:
+    - protocol: TCP
+      port: 50017
+      targetPort: 50017

Kubernetes-prod/Kubernetes-manifest/azure-keyvault.yaml

@@ -0,0 +1,197 @@
+# This is a SecretProviderClass example using user-assigned identity to access your key vault. The secretObjects section is used to create Kubernetes secrets from the  mounted Azure Key Vault secrets.
+apiVersion: secrets-store.csi.x-k8s.io/v1
+kind: SecretProviderClass
+metadata:
+  name: prod-secretproviderclass
+  namespace: prod-knowhow
+spec:
+  provider: azure
+  parameters:
+    usePodIdentity: "false"
+    useVMManagedIdentity:   "true"                                                         # Set to true for  using managed identity
+    userAssignedIdentityID: "98718c79-7f75-4fcf-8dbd-1b919dd63ca4"  # Set the   clientID of the user-assigned managed identity to use, from the previous step
+    keyvaultName: mpgsseunspdkv01                                                                  # Set to the name of your key vault
+    objects:  |
+      array:
+        - |
+          objectName: prod-knhdbusername
+          objectType: secret
+          objectVersion: ""
+        - |
+          objectName: prod-knhdbpassword
+          objectType: secret
+          objectVersion: ""
+        - |
+          objectName: prod-knhdbhost
+          objectType: secret
+          objectVersion: ""
+        - |
+          objectName: prod-knhdbconnectionstring
+          objectType: secret
+          objectVersion: ""
+        - |
+          objectName: prod-test-knhdbconnectionstring
+          objectType: secret
+          objectVersion: ""
+        - |
+          objectName: prod-rabbitpass
+          objectType: secret
+          objectVersion: ""
+        - |
+          objectName: prod-debbieuser
+          objectType: secret
+          objectVersion: ""
+        - |
+          objectName: prod-debbiepassword
+          objectType: secret
+          objectVersion: ""
+        - |
+          objectName: prod-repo-tool-api-key
+          objectType: secret
+          objectVersion: ""
+        - |
+          objectName: prod-debbie-secret-key
+          objectType: secret
+          objectVersion: ""
+        - |
+          objectName: prod-debbie-internal-key
+          objectType: secret
+          objectVersion: ""
+        - |
+          objectName: prod-debbie-db-url
+          objectType: secret
+          objectVersion: ""
+        - |
+          objectName: tenginequerypass
+          objectType: secret
+          objectVersion: ""
+        - |
+          objectName: knowhowaesencryptionkeynew
+          objectType: secret
+          objectVersion: ""
+        - |
+          objectName: knowhow-auth-secret
+          objectType: secret
+          objectVersion: ""
+        - |
+          objectName: debbietengineauthtoken
+          objectType: secret
+          objectVersion: ""
+        - |
+          objectName: debbiemailhostpass
+          objectType: secret
+          objectVersion: ""
+        - |
+          objectName: exposed-api-key
+          objectType: secret
+          objectVersion: ""
+        - |
+          objectName: auth-resourceapikeys
+          objectType: secret
+          objectVersion: ""
+        - |
+          objectName: scan-status-apis-token-debbie
+          objectType: secret
+          objectVersion: ""
+    tenantId: "d52c9ea1-7c21-47b1-82a3-33a74b1f74b8"                 # The tenant ID of the key vault
+  secretObjects:                                    #https://secrets-store-csi-driver.sigs.k8s.io/topics/sync-as-kubernetes-secret
+  - secretName: prod-knhdbusername
+    type: Opaque
+    data:
+    - objectName: prod-knhdbusername                           # This refers to the name of the secret as it is stored in Azure Key Vault
+      key: prod-knhdbusername                                               # This is the key name under which the value of the Azure Key Vault secret will be stored in the  Kubernetes secret. The key names (clientId and clientToken) must match (case sensitivity) exactly what the wiz Helm chart is expecting.
+  - secretName: prod-knhdbpassword
+    type: Opaque
+    data:
+    - objectName: prod-knhdbpassword
+      key: prod-knhdbpassword
+  - secretName: prod-knhdbhost
+    type: Opaque
+    data:
+    - objectName: prod-knhdbhost
+      key: prod-knhdbhost
+  - secretName: prod-knhdbconnectionstring
+    type: Opaque
+    data:
+    - objectName: prod-knhdbconnectionstring                           # This refers to the name of the secret as it is stored in Azure Key Vault
+      key: prod-knhdbconnectionstring                                               # This is the key name under which the value of the Azure Key Vault secret will be stored in the  Kubernetes secret. The key names (clientId and clientToken) must match (case sensitivity) exactly what the wiz Helm chart is expecting.
+  - secretName: prod-test-knhdbconnectionstring
+    type: Opaque
+    data:
+    - objectName: prod-test-knhdbconnectionstring                           # This refers to the name of the secret as it is stored in Azure Key Vault
+      key: prod-test-knhdbconnectionstring
+  - secretName: prod-rabbitpass
+    type: Opaque
+    data:
+    - objectName: prod-rabbitpass
+      key: prod-rabbitpass
+  - secretName: prod-debbieuser
+    type: Opaque
+    data:
+    - objectName: prod-debbieuser
+      key: prod-debbieuser
+  - secretName: prod-debbiepassword
+    type: Opaque
+    data:
+    - objectName: prod-debbiepassword                           # This refers to the name of the secret as it is stored in Azure Key Vault
+      key: prod-debbiepassword                                               # This is the key name under which the value of the Azure Key Vault secret will be stored in the  Kubernetes secret. The key names (clientId and clientToken) must match (case sensitivity) exactly what the wiz Helm chart is expecting.
+  - secretName: prod-repo-tool-api-key
+    type: Opaque
+    data:
+    - objectName: prod-repo-tool-api-key
+      key: prod-repo-tool-api-key
+  - secretName: prod-debbie-secret-key
+    type: Opaque
+    data:
+    - objectName: prod-debbie-secret-key                           # This refers to the name of the secret as it is stored in Azure Key Vault
+      key: prod-debbie-secret-key                                               # This is the key name under which the value of the Azure Key Vault secret will be stored in the  Kubernetes secret. The key names (clientId and clientToken) must match (case sensitivity) exactly what the wiz Helm chart is expecting.
+  - secretName: prod-debbie-internal-key
+    type: Opaque
+    data:
+    - objectName: prod-debbie-internal-key
+      key: prod-debbie-internal-key
+  - secretName: prod-debbie-db-url
+    type: Opaque
+    data:
+    - objectName: prod-debbie-db-url
+      key: prod-debbie-db-url
+  - secretName: tenginequerypass
+    type: Opaque
+    data:
+    - objectName: tenginequerypass
+      key: tenginequerypass
+  - secretName: knowhowaesencryptionkeynew
+    type: Opaque
+    data:
+    - objectName: knowhowaesencryptionkeynew                           # This refers to the name of the secret as it is stored in Azure Key Vault
+      key: knowhowaesencryptionkeynew                                               # This is the key name under which the value of the Azure Key Vault secret will be stored in the  Kubernetes secret. The key names (clientId and clientToken) must match (case sensitivity) exactly what the wiz Helm chart is expecting.
+  - secretName: knowhow-auth-secret
+    type: Opaque
+    data:
+    - objectName: knowhow-auth-secret
+      key: knowhow-auth-secret
+  - secretName: debbietengineauthtoken
+    type: Opaque
+    data:
+    - objectName: debbietengineauthtoken
+      key: debbietengineauthtoken
+  - secretName: debbiemailhostpass
+    type: Opaque
+    data:
+    - objectName: debbiemailhostpass
+      key: debbiemailhostpass
+  - secretName: exposed-api-key
+    type: Opaque
+    data:
+    - objectName: exposed-api-key
+      key: exposed-api-key
+  - secretName: auth-resourceapikeys
+    type: Opaque
+    data:
+    - objectName: auth-resourceapikeys
+      key: auth-resourceapikeys
+  - secretName: scan-status-apis-token-debbie
+    type: Opaque
+    data:
+    - objectName: scan-status-apis-token-debbie
+      key: scan-status-apis-token-debbie