diff --git a/.github/workflows/publish-image-maintenance.yml b/.github/workflows/publish-image-maintenance.yml new file mode 100644 index 00000000..e9a5a442 --- /dev/null +++ b/.github/workflows/publish-image-maintenance.yml @@ -0,0 +1,55 @@ +name: Create and publish Keycloak maintenance page + +on: workflow_dispatch + +env: + GITHUB_REGISTRY: ghcr.io + IMAGE_NAME: bcgov/sso-maintenance + +jobs: + build-and-push-image: + runs-on: ubuntu-20.04 + permissions: + contents: read + packages: write + + steps: + - uses: actions/checkout@v3 + + - name: Log in to the GitHub Container registry + uses: docker/login-action@v2 + with: + registry: ${{ env.GITHUB_REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v4 + with: + images: ${{ env.GITHUB_REGISTRY }}/${{ env.IMAGE_NAME }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-mt-cache + key: ${{ runner.os }}-buildx-mt-${{ github.sha }} + restore-keys: ${{ runner.os }}-buildx-mt- + + - name: Build and push Docker image + uses: docker/build-push-action@v3 + with: + context: docker/maintenance-page + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=local,src=/tmp/.buildx-mt-cache + cache-to: type=local,dest=/tmp/.buildx-mt-cache-new + + - name: Move cache + run: | + rm -rf /tmp/.buildx-mt-cache + mv /tmp/.buildx-mt-cache-new /tmp/.buildx-mt-cache diff --git a/docker/maintenance-page/Dockerfile b/docker/maintenance-page/Dockerfile new file mode 100644 index 00000000..6db6e8df --- /dev/null +++ b/docker/maintenance-page/Dockerfile @@ -0,0 +1,6 @@ +FROM nginx:alpine + +COPY static /usr/share/nginx/html +COPY nginx.conf /etc/nginx/conf.d/default.conf + +EXPOSE 8080 diff --git a/docker/maintenance-page/README.md b/docker/maintenance-page/README.md new file mode 100644 index 00000000..fb7d2493 --- /dev/null +++ b/docker/maintenance-page/README.md @@ -0,0 +1,2 @@ +## Keycloak Maintenance Page App +Maintenance Page app to display when Keycloak service is offline. diff --git a/docker/maintenance-page/nginx.conf b/docker/maintenance-page/nginx.conf new file mode 100755 index 00000000..12c597a2 --- /dev/null +++ b/docker/maintenance-page/nginx.conf @@ -0,0 +1,25 @@ +server { + listen 8080; + server_name localhost; + + add_header cross-origin-embedder-policy "require-corp"; + add_header cross-origin-opener-policy "same-origin"; + add_header cross-origin-resource-policy "same-origin"; + add_header x-dns-prefetch-control "off"; + add_header expect-ct "max-age=0"; + add_header x-frame-options "SAMEORIGIN"; + add_header strict-transport-security "max-age=15552000; includeSubDomains"; + add_header x-download-options "noopen"; + add_header x-content-type-options "nosniff"; + add_header origin-agent-cluster "?1"; + add_header x-permitted-cross-domain-policies "none"; + add_header referrer-policy "strict-origin"; + add_header x-xss-protection "0"; + add_header permissions-policy "midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()"; + + location / { + root /usr/share/nginx/html; + index index.html index.htm; + try_files $uri $uri.html $uri/index.html /index.html; + } +} diff --git a/docker/maintenance-page/static/img/logo-banner.svg b/docker/maintenance-page/static/img/logo-banner.svg new file mode 100644 index 00000000..c2e08ad7 --- /dev/null +++ b/docker/maintenance-page/static/img/logo-banner.svg @@ -0,0 +1,85 @@ + + + + +17_gov3_bc_logo + + + + + + + + diff --git a/docker/maintenance-page/static/index.html b/docker/maintenance-page/static/index.html new file mode 100644 index 00000000..528a5b35 --- /dev/null +++ b/docker/maintenance-page/static/index.html @@ -0,0 +1,32 @@ + + + + + + + SSO Keycloak + + +
+ +
 
+
+
+

We’ll be back soon

+
+

+ Sorry for the inconvenience but we’re performing some maintenance at the moment. We’ll be back + online shortly. +

+
+
+ + diff --git a/docker/maintenance-page/static/style.css b/docker/maintenance-page/static/style.css new file mode 100644 index 00000000..1c466076 --- /dev/null +++ b/docker/maintenance-page/static/style.css @@ -0,0 +1,78 @@ +article { + display: block; + text-align: left; + width: 650px; + margin: 0 auto; + padding-top: 150px; +} +body { + text-align: center; + font: 20px Helvetica, sans-serif; + color: #333; +} + +body h1 { + font-size: 50px; +} + +header { + background-color: #036; + border-bottom: 2px solid #fcba19; + padding: 0 65px 0 65px; + color: #fff; + display: flex; + height: 65px; + top: 0; + position: fixed; + width: 100%; +} + +header h1 { + font-family: ‘Noto Sans’, Verdana, Arial, sans-serif; + font-weight: normal; /* 400 */ + margin: 5px 5px 0 18px; + visibility: hidden; +} + +header .banner { + display: flex; + justify-content: flex-start; + align-items: center; + margin: 0 10px 0 0; + /* border-style: dotted; + border-width: 1px; + border-color: lightgrey; */ +} + +header .other { + display: flex; + flex-grow: 1; + /* border-style: dotted; + border-width: 1px; + border-color: lightgrey; */ +} + +:focus { + outline: 4px solid #3b99fc; + outline-offset: 1px; +} + +/* + These are sample media queries only. Media queries are quite subjective + but, in general, should be made for the three different classes of screen + size: phone, tablet, full. +*/ + +@media screen and (min-width: 600px) and (max-width: 899px) { + header h1 { + font-size: calc(7px + 2.2vw); + visibility: visible; + } +} + +@media screen and (min-width: 900px) { + header h1 { + font-size: 20px; + visibility: visible; + } +} diff --git a/helm/patroni/values-c6af30-dev-sso-patroni.yaml b/helm/patroni/values-c6af30-dev-sso-patroni.yaml deleted file mode 100644 index 06371c80..00000000 --- a/helm/patroni/values-c6af30-dev-sso-patroni.yaml +++ /dev/null @@ -1,37 +0,0 @@ -replicaCount: 3 - -image: - # https://github.com/zalando/spilo/releases/tag/2.1-p1 - # RH SSO JDBC is enable to connect to PostgreSQL 14 - repository: registry.opensource.zalan.do/acid/spilo-13 - pullPolicy: Always - tag: 2.1-p1 - -project: sso-keycloak -nameOverride: sso-patroni -fullnameOverride: sso-patroni - -auth: - existingSecret: sso-patroni - -appdb: - create: true - dbname: ssokeycloak - -env: - ALLOW_NOSSL: "true" - -resources: {} -persistentVolume: - storageClass: netapp-block-standard - size: 10Gi - -# As per https://patroni.readthedocs.io/en/latest/kubernetes.html#use-configmaps -# "in some cases, for instance, when running on OpenShift, there is no alternative to using ConfigMaps." -kubernetes: - dcs: - enable: true - configmaps: - enable: true -walE: - enable: false diff --git a/helm/patroni/values-c6af30-prod-sso-patroni.yaml b/helm/patroni/values-c6af30-prod-sso-patroni.yaml deleted file mode 100644 index e817820e..00000000 --- a/helm/patroni/values-c6af30-prod-sso-patroni.yaml +++ /dev/null @@ -1,37 +0,0 @@ -replicaCount: 3 - -image: - # https://github.com/zalando/spilo/releases/tag/2.1-p1 - # RH SSO JDBC is enable to connect to PostgreSQL 14 - repository: registry.opensource.zalan.do/acid/spilo-13 - pullPolicy: Always - tag: 2.1-p1 - -project: sso-keycloak -nameOverride: sso-patroni -fullnameOverride: sso-patroni - -auth: - existingSecret: sso-patroni - -appdb: - create: true - dbname: ssokeycloak - -env: - ALLOW_NOSSL: "true" - -resources: {} -persistentVolume: - storageClass: netapp-block-standard - size: 2Gi - -# As per https://patroni.readthedocs.io/en/latest/kubernetes.html#use-configmaps -# "in some cases, for instance, when running on OpenShift, there is no alternative to using ConfigMaps." -kubernetes: - dcs: - enable: true - configmaps: - enable: true -walE: - enable: false