From 52390b6908042f408487a3c1e38e644dbe9f3e62 Mon Sep 17 00:00:00 2001 From: OMPRAKASH MISHRA Date: Tue, 31 Oct 2023 18:29:31 -0700 Subject: [PATCH 1/2] chore(helm): consolidate values files into one --- .github/workflows/.deploy.yml | 8 + .github/workflows/pr-open.yml | 3 +- charts/quickstart-openshift/Chart.lock | 10 +- charts/quickstart-openshift/Chart.yaml | 6 +- charts/quickstart-openshift/values-pr.yaml | 429 --------------------- 5 files changed, 18 insertions(+), 438 deletions(-) delete mode 100644 charts/quickstart-openshift/values-pr.yaml diff --git a/.github/workflows/.deploy.yml b/.github/workflows/.deploy.yml index 6c96ad075..79f391d98 100644 --- a/.github/workflows/.deploy.yml +++ b/.github/workflows/.deploy.yml @@ -24,6 +24,11 @@ on: description: 'frontend Tag, could be tag or sha' required: true type: string + autoscaling: + description: 'Autoscaling enabled or not for the deployments' + required: false + type: boolean + default: true target: description: 'PR number, test or prod.' @@ -59,6 +64,7 @@ jobs: working-directory: ${{ inputs.directory }} shell: bash run: | + # Login to OpenShift (NOTE: project command is a safeguard) oc login --token=${{ secrets.oc_token }} --server=${{ vars.oc_server }} oc project ${{ vars.oc_namespace }} @@ -78,6 +84,8 @@ jobs: --set-string backend.initContainers[0].tag="${{ inputs.migrations_tag }}" \ --set-string frontend.containers[0].tag="${{ inputs.frontend_tag }}" \ --set-string global.secrets.databasePassword=${{ secrets.DB_PASSWORD }} \ + --set backend.autoscaling.enabled=${{ inputs.autoscaling }} \ + --set frontend.autoscaling.enabled=${{ inputs.autoscaling }} \ --install --wait --atomic ${{ github.event.repository.name }}-${{ inputs.target }} \ --timeout ${{ inputs.timeout-minutes }}m \ --values ${{ inputs.values }} . diff --git a/.github/workflows/pr-open.yml b/.github/workflows/pr-open.yml index d71d60a6a..a6fea4cb1 100644 --- a/.github/workflows/pr-open.yml +++ b/.github/workflows/pr-open.yml @@ -96,4 +96,5 @@ jobs: migrations_tag: ${{ needs.builds.outputs.migrations_tag }} frontend_tag: ${{ needs.builds.outputs.frontend_tag }} target: ${{ github.event.number }} - values: values-pr.yaml + values: values.yaml + autoscaling: false diff --git a/charts/quickstart-openshift/Chart.lock b/charts/quickstart-openshift/Chart.lock index 8b9c0590c..d64c79275 100644 --- a/charts/quickstart-openshift/Chart.lock +++ b/charts/quickstart-openshift/Chart.lock @@ -1,15 +1,15 @@ dependencies: - name: component repository: https://bcgov.github.io/helm-service - version: 0.0.13 + version: 0.0.15 - name: component repository: https://bcgov.github.io/helm-service - version: 0.0.13 + version: 0.0.15 - name: postgresql repository: https://charts.bitnami.com/bitnami version: 13.1.5 - name: component repository: https://bcgov.github.io/helm-service - version: 0.0.13 -digest: sha256:8e1d9672f32629d18ec3a17bcc447c8ee9531d9ae9147db8dfd86f3f876af563 -generated: "2023-10-26T02:03:54.085557072Z" + version: 0.0.15 +digest: sha256:471a90305798e31c3ff09fba0e9fb90cb302a97854ee635e93e3c57f7bee9464 +generated: "2023-10-31T18:29:18.1228354-07:00" diff --git a/charts/quickstart-openshift/Chart.yaml b/charts/quickstart-openshift/Chart.yaml index 03b01f650..125b9f11f 100644 --- a/charts/quickstart-openshift/Chart.yaml +++ b/charts/quickstart-openshift/Chart.yaml @@ -27,13 +27,13 @@ appVersion: "1.16.0" dependencies: - name: component condition: backend.enabled - version: 0.0.13 + version: 0.0.15 repository: https://bcgov.github.io/helm-service alias: backend - name: component condition: frontend.enabled - version: 0.0.13 + version: 0.0.15 repository: https://bcgov.github.io/helm-service alias: frontend @@ -46,6 +46,6 @@ dependencies: - name: component condition: backup.enabled - version: 0.0.13 + version: 0.0.15 repository: https://bcgov.github.io/helm-service alias: backup diff --git a/charts/quickstart-openshift/values-pr.yaml b/charts/quickstart-openshift/values-pr.yaml deleted file mode 100644 index e2d678389..000000000 --- a/charts/quickstart-openshift/values-pr.yaml +++ /dev/null @@ -1,429 +0,0 @@ -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. -global: - repository: ~ # the repository where the images are stored. - registry: ghcr.io # the registry where the images are stored. override during runtime for other registry at global level or individual level. - secrets: - enabled: true - databasePassword: ~ - databaseUser: ~ - databaseName: ~ - domain: "apps.silver.devops.gov.bc.ca" # it is required, apps.silver.devops.gov.bc.ca for silver cluster - openshiftImageRegistry: "image-registry.openshift-image-registry.svc:5000" - databaseAlias: bitnami-pg # this is the alias for bitnami postgres, change it based on db type(crunchy,patroni...) and alias used in the chart. - -backend: - enabled: true - deployment: # can be either a statefulSet or a deployment not both - enabled: true - - containers: - - name: backend - registry: '{{ .Values.global.registry }}' - repository: '{{ .Values.global.repository }}' # example, it includes registry and repository - image: backend # the exact component name, be it backend, api-1 etc... - tag: prod # the tag of the image, it can be latest, 1.0.0 etc..., or the sha256 hash - env: - fromGlobalSecret: - - name: POSTGRES_PASSWORD - key: password - - name: POSTGRES_USER - key: databaseUser - - name: POSTGRES_DATABASE - key: databaseName - - fromValues: - - name: POSTGRES_HOST - value: '{{ .Release.Name }}-{{.Values.global.databaseAlias}}' # this is interpolated, it will be replaced with the actual value, pg is the alias for crunchy. - #- name: POSTGRES_HOST - # value: '{{ .Release.Name }}-bitnami-pg-pool' # this is interpolated, it will be replaced with the actual value, pg is the alias for crunchy. - - ports: - - name: http - containerPort: 3000 - protocol: TCP - resources: # this is optional - limits: - cpu: 250m - memory: 250Mi - requests: - cpu: 100m - memory: 150Mi - readinessProbe: - httpGet: - path: /api - port: 3000 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 2 - timeoutSeconds: 2 - successThreshold: 1 - failureThreshold: 30 - livenessProbe: - successThreshold: 1 - failureThreshold: 3 - httpGet: - path: /api - port: 3000 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 30 - timeoutSeconds: 5 - initContainers: - - name: database-migrations - registry: '{{ .Values.global.registry }}' # example, it includes registry - repository: '{{ .Values.global.repository }}' # example, it includes registry and repository - image: migrations - tag: prod - env: - fromGlobalSecret: - - name: FLYWAY_PASSWORD - key: databasePassword - - name: FLYWAY_URL - key: databaseJDBCURLNoCreds - - name: FLYWAY_USER - key: databaseUser - fromValues: - - name: FLYWAY_BASELINE_ON_MIGRATE - value: "true" - - name: FLYWAY_DEFAULT_SCHEMA - value: "USERS" - - resources: - limits: - cpu: 500m - memory: 250Mi - requests: - cpu: 200m - memory: 150Mi - autoscaling: - enabled: true - minReplicas: 1 - maxReplicas: 1 - targetCPUUtilizationPercentage: 80 # this percentage from request cpu - vault: - enabled: false - entrypoint: ~ # the entrypoint for vault, this is the override of container command. - role: ~ #licenseplate-prod or licenseplate-nonprod - secretPaths: # the paths where secrets live. dev/api-1, dev/api-2, test/api-1 etc... - - dev/api-1 - - dev/api-2 - - test/api-1 - - test/api-2 - - prod/api-1 - - prod/api-2 - resources: - limits: - cpu: 50m - memory: 50Mi - requests: - cpu: 20m - memory: 25Mi - service: - enabled: true - type: ClusterIP - ports: - - name: http - port: 80 - targetPort: 3000 # the container port where the application is listening on - protocol: TCP - nodeSelector: { } - tolerations: [ ] - affinity: { } - -frontend: - enabled: true - deployment: # can be either a statefulSet or a deployment not both - enabled: true - configmap: - enabled: true - data: # below is just for example. - config.js: |- - const envConfig = (() => { - return { - "VITE_DEPLOY_ENVIRONMENT":"{{ .Release.Name }}-{{ .Release.Namespace }}" - }; - })(); - config.prod.js: |- - const envConfig = (() => { - return { - "VITE_DEPLOY_ENVIRONMENT":"static" - }; - })(); - containers: - - name: frontend - registry: '{{ .Values.global.registry }}' # example, it includes registry - repository: '{{ .Values.global.repository }}' # example, it includes repository - image: frontend # the exact component name, be it backend, api-1 etc... - tag: prod # the tag of the image, it can be latest, 1.0.0 etc..., or the sha256 hash - securityContext: - capabilities: - add: [ "NET_BIND_SERVICE" ] - env: - fromValues: - - name: BACKEND_URL - value: "http://{{ .Release.Name }}-backend" - - name: LOG_LEVEL - value: "info" - fromLocalConfigmap: # just for example purpose. - - name: frontend-configmap - key: config.js - - name: frontend-prod-configmap - key: config.prod.js - ports: - - name: http - containerPort: 3000 - protocol: TCP - - name: http2 - containerPort: 3001 - protocol: TCP - resources: # this is optional - limits: - cpu: 100m - memory: 150Mi - requests: - cpu: 50m - memory: 50Mi - readinessProbe: - httpGet: - path: /health - port: 3001 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 2 - timeoutSeconds: 2 - successThreshold: 1 - failureThreshold: 30 - livenessProbe: - successThreshold: 1 - failureThreshold: 3 - httpGet: - path: /health - port: 3001 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 30 - timeoutSeconds: 5 - autoscaling: - enabled: true - minReplicas: 1 - maxReplicas: 1 - targetCPUUtilizationPercentage: 80 # this percentage from request cpu - service: - enabled: true - type: ClusterIP - ports: - - name: http - port: 80 - targetPort: 3000 # the container port where the application is listening on - protocol: TCP - route: - enabled: true - host: "{{ .Release.Name }}-frontend.{{ .Values.global.domain }}" - targetPort: http # look at line#164 refer to the name. - -crunchy: # enable it for TEST and PROD, for PR based pipelines simply use single postgres - enabled: false - - crunchyImage: artifacts.developer.gov.bc.ca/bcgov-docker-local/crunchy-postgres-gis:ubi8-15.2-3.3-0 - - postgresVersion: 15 - postGISVersion: '3.3' - imagePullPolicy: Always - instances: - name: ha # high availability - replicas: 1 # 2 or 3 for high availability in TEST and PROD. - metadata: - annotations: - prometheus.io/scrape: 'true' - prometheus.io/port: '9187' - dataVolumeClaimSpec: - storage: 120Mi - storageClassName: netapp-block-standard - requests: - cpu: 25m - memory: 256Mi - limits: - cpu: 100m - memory: 512Mi - replicaCertCopy: - requests: - cpu: 1m - memory: 32Mi - limits: - cpu: 50m - memory: 64Mi - - pgBackRest: - enabled: false - image: # it's not necessary to specify an image as the images specified in the Crunchy Postgres Operator will be pulled by default - retention: "1" # Ideally a larger number such as 30 backups/days - # If retention-full-type set to 'count' then the oldest backups will expire when the number of backups reach the number defined in retention - # If retention-full-type set to 'time' then the number defined in retention will take that many days worth of full backups before expiration - retentionFullType: count - repos: - schedules: - full: 0 8 * * * - incremental: 0 0,4,12,16,20 * * * - volume: - accessModes: "ReadWriteOnce" - storage: 64Mi - storageClassName: netapp-file-backup - repoHost: - requests: - cpu: 1m - memory: 64Mi - limits: - cpu: 50m - memory: 128Mi - sidecars: - requests: - cpu: 1m - memory: 64Mi - limits: - cpu: 50m - memory: 128Mi - - patroni: - postgresql: - pg_hba: "host all all 0.0.0.0/0 md5" - parameters: - shared_buffers: 16MB # default is 128MB; a good tuned default for shared_buffers is 25% of the memory allocated to the pod - wal_buffers: "64kB" # this can be set to -1 to automatically set as 1/32 of shared_buffers or 64kB, whichever is larger - min_wal_size: 32MB - max_wal_size: 64MB # default is 1GB - max_slot_wal_keep_size: 128MB # default is -1, allowing unlimited wal growth when replicas fall behind - - proxy: - pgBouncer: - image: # it's not necessary to specify an image as the images specified in the Crunchy Postgres Operator will be pulled by default - replicas: 1 - requests: - cpu: 1m - memory: 64Mi - limits: - cpu: 50m - memory: 128Mi - - # Postgres Cluster resource values: - pgmonitor: - enabled: false - exporter: - image: # it's not necessary to specify an image as the images specified in the Crunchy Postgres Operator will be pulled by default - requests: - cpu: 1m - memory: 64Mi - limits: - cpu: 50m - memory: 128Mi - -bitnami-pg: - enabled: true - image: - registry: ghcr.io - repository: bcgov/nr-containers/bitnami/postgresql - tag: 15.4.0 - auth: - existingSecret: '{{ .Release.Name }}' - username: 'quickstart' - database: quickstart - shmVolume: - enabled: false - backup: - enabled: false - cronjob: - containerSecurityContext: { } - podSecurityContext: - enabled: false - storage: - size: 200Mi - primary: - persistence: - enabled: true - storageClass: netapp-file-standard - accessModes: - - ReadWriteOnce - size: 100Mi - containerSecurityContext: - enabled: false - podSecurityContext: - enabled: false - initdb: - scripts: # remove the below script, if POSTGIS is not required. - postgis.sh: | - #!/bin/sh - PGPASSWORD=$POSTGRES_PASSWORD psql -U postgres -d postgres -c "CREATE EXTENSION postgis;" - - resources: - requests: - cpu: 50m - memory: 150Mi - limits: - cpu: 150m - memory: 250Mi - -backup: - enabled: true - pvc: - enabled: true - size: 256Mi - storageClassName: netapp-file-standard - accessModes: ReadWriteOnce - cronjob: - enabled: true - volumes: - - name: "{{.Release.Name}}-backup" - persistentVolumeClaim: - claimName: "{{.Release.Name}}-backup" - restartPolicy: "Never" - schedule: "0 0 * * *" - concurrencyPolicy: "Replace" - failedJobsHistoryLimit: 7 - successfulJobsHistoryLimit: 30 - startingDeadlineSeconds: 3600 - containers: - - name: backup - registry: 'docker.io' - repository: 'bcgovimages' # example, it includes registry and repository - image: backup-container # the exact component name, be it backend, api-1 etc... - tag: latest # the tag of the image, it can be latest, 1.0.0 etc..., or the sha256 hash - command: - - "/bin/bash" - - "-c" - - "/backup.sh -1" - volumeMounts: - - mountPath: "/backups/" - name: "{{.Release.Name}}-backup" - env: - fromValues: - - name: BACKUP_DIR - value: "/backups/" - - name: BACKUP_STRATEGY - value: "rolling" - - name: NUM_BACKUPS - value: '5' - - name: DAILY_BACKUPS - value: '7' - - name: WEEKLY_BACKUPS - value: '4' - - name: MONTHLY_BACKUPS - value: '1' - - name: DATABASE_SERVICE_NAME # depends on which chart being used, adjust accordingly. - value: '{{.Release.Name}}-{{.Values.global.databaseAlias}}' - - name: DEFAULT_PORT - value: "5432" - fromGlobalSecret: - - name: DATABASE_PASSWORD - key: password - - name: POSTGRESQL_DATABASE - key: databaseName - - name: DATABASE_USER - key: databaseUser - resources: - limits: - cpu: 50m - memory: 256Mi - requests: - cpu: 20m - memory: 128Mi - From 46c4e6ee987d91a62f8e4b6e644693443ea1a6b6 Mon Sep 17 00:00:00 2001 From: OMPRAKASH MISHRA Date: Tue, 31 Oct 2023 18:54:15 -0700 Subject: [PATCH 2/2] fix env vars for backup container. --- charts/quickstart-openshift/values.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/charts/quickstart-openshift/values.yaml b/charts/quickstart-openshift/values.yaml index 99e90391b..e141c2cf4 100644 --- a/charts/quickstart-openshift/values.yaml +++ b/charts/quickstart-openshift/values.yaml @@ -409,10 +409,6 @@ backup: value: '{{.Release.Name}}-{{.Values.global.databaseAlias}}' - name: DEFAULT_PORT value: "5432" - - name: POSTGRESQL_DATABASE - value: "quickstart" - - name: DATABASE_USER - value: "quickstart" fromGlobalSecret: - name: DATABASE_PASSWORD key: password