feat(configs): make configs available (#24)

.github/workflows/workflow_build_and_release_containers.yaml

@@ -18,7 +18,7 @@ jobs:
     runs-on: ubuntu-latest
     outputs:
       version: ${{ steps.date-version.outputs.version }}
-    steps: 
+    steps:
     - name: Checkout repo so we have local action file
       uses: actions/checkout@v4
     - name: Generate Date Version
@@ -48,10 +48,13 @@ jobs:
     needs: [build_docker, build_cnab, generate_date_version]
     runs-on: ubuntu-latest
     steps:
-      - name: Install octopus .NET tool
-        run: |
-          dotnet tool install --global Octopus.DotNet.Cli --version 9.1.7
-          dotnet octo --version
+      - name: Install Octopus CLI 🐙
+        uses: OctopusDeploy/install-octopus-cli-action@v3
+        with:
+          # Not pinning CLI version since we trust Octopus Deploy as one of our direct vendors and this ensures we
+          # keep up-to-date with Octopus Cloud changes
+          version: '*'
+
       - name: determine if we should create release and deploy
         id: should-create-release
         run: |
@@ -63,22 +66,26 @@ jobs:
 
       - name: Create Octo Release if main or deploy to sandbox label present
         # if: env.SHOULD_CREATE_RELEASE == 'true'
+        env:
+          OCTOPUS_URL: ${{ vars.OCTOPUS_CLOUD_URL }}
+          OCTOPUS_API_KEY: ${{ secrets.OCTOPUS_CLOUD_API_KEY }}
         run: |
           octoSpaceId="Default"
           octoProjectId="opserver"
 
-          dotnet octo create-release --project=$octoProjectId --space=$octoSpaceId --version=${{ needs.generate_date_version.outputs.version }} \
-            --server=${{ vars.OCTOPUS_CLOUD_URL }} --apiKey=${{ secrets.OCTOPUS_CLOUD_API_KEY }}
-          
-          
+          octopus release create -p $octoProjectId -s $octoSpaceId -v "${{ needs.generate_date_version.outputs.version }}"
+
+
       - name: Deploy via Octopus if main or deploy to ascn-dev if label present
         # if: env.SHOULD_CREATE_RELEASE == 'true'
+        env:
+          OCTOPUS_URL: ${{ vars.OCTOPUS_CLOUD_URL }}
+          OCTOPUS_API_KEY: ${{ secrets.OCTOPUS_CLOUD_API_KEY }}
         run: |
           octoSpaceId="Default"
           octoProjectId="opserver"
           environmentId="${{ github.ref_name == 'main' && 'test' || 'dev' }}"
           tenantId="${{ github.ref_name == 'main' && 'main' || 'ascn' }}"
 
-          dotnet octo deploy-release --project=$octoProjectId --space=$octoSpaceId --version=${{ needs.generate_date_version.outputs.version }} \
-            --server=${{ vars.OCTOPUS_CLOUD_URL }} --apiKey=${{ secrets.OCTOPUS_CLOUD_API_KEY }} --deployTo=$environmentId --tenant=$tenantId
-          
+          octopus release deploy -p $octoProjectId -s $octoSpaceId --version "${{ needs.generate_date_version.outputs.version }}" \
+          -e $environmentId --tenant $tenantId

charts/opserver/templates/deployment.yaml

@@ -35,6 +35,8 @@ spec:
         volumeMounts:
         - name: writable-tmp #need our own read-write enabled temp directory because aspnet spills large requests over to disk
           mountPath: /mnt/tmp
+        - name: opserver-config
+          mountPath: /app/Config
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         ports:
         - containerPort: {{ .Values.kestrel.endPoints.http.containerPort }}
@@ -53,10 +55,6 @@ spec:
           initialDelaySeconds: 10
           periodSeconds: 1
           successThreshold: 3
-        volumeMounts:
-        - name: writable-tmp
-          mountPath: /mnt/tmp
-
         env:
         - name: NODE_IP
           valueFrom:
@@ -134,10 +132,10 @@ spec:
         - name: Security__Scopes__1
           value: "groups"
         - name: Security__Scopes__2
-          value: "profile"          
+          value: "profile"
 {{- end }}
 
-      {{- if hasKey .Values.opserverSettings "sql" }}      
+      {{- if hasKey .Values.opserverSettings "sql" }}
         - name: SQL_STATUS_SERVERNAME
           valueFrom:
             secretKeyRef:
@@ -164,7 +162,7 @@ spec:
         {{- end }}
       {{- end }}
 
-      {{- if hasKey .Values.opserverSettings "exceptions" }}      
+      {{- if hasKey .Values.opserverSettings "exceptions" }}
         - name: SQL_EXCEPTIONAL_USERNAME
           valueFrom:
             secretKeyRef:
@@ -214,10 +212,10 @@ spec:
         - key: {{ .key }}
           operator: {{ .operator }}
           value: {{ .value | quote }}
-          effect: {{ .effect }}        
+          effect: {{ .effect }}
         {{- end }}
-      {{- end }}      
-     
+      {{- end }}
+
       restartPolicy: Always
       imagePullSecrets:
       - name: "{{ .Values.image.pullSecretName }}"
@@ -229,3 +227,6 @@ spec:
       volumes:
       - name: writable-tmp
         emptyDir: {}
+      - name: opserver-config
+        secret:
+          secretName: {{ .Values.configSecret.targetName }}

charts/opserver/templates/opserver-config-secret.yaml

@@ -0,0 +1,21 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: {{ .Values.configSecret.name }}
+spec:
+  refreshInterval: {{ .Values.configSecret.refreshInterval }}
+  secretStoreRef:
+    name: {{ .Values.configSecret.storeRefName }}
+    kind: ClusterSecretStore
+  target:
+    name: {{ .Values.configSecret.targetName }}
+  data:
+  - secretKey: ElasticSettings.json
+    remoteRef:
+      key: {{ .Values.configSecret.remoteRefs.ElasticSettings }}
+  - secretKey: RedisSettings.json
+    remoteRef:
+      key: {{ .Values.configSecret.remoteRefs.RedisSettings }}
+  - secretKey: SQLSettings.json
+    remoteRef:
+      key: {{ .Values.configSecret.remoteRefs.SQLSettings }}

charts/opserver/values.yaml

@@ -76,3 +76,13 @@ sqlExternalSecret:
     exceptionalPassword: db-Exceptions-Password
 
 nodeScheduling: {}
+
+configSecret:
+  name: opserver-config
+  refreshInterval: 5m
+  storeRefName: fakeopserversecretstore
+  targetName: opserver-config
+  remoteRefs:
+    ElasticSettings: opserver-elastic-config
+    RedisSettings: opserver-redis-config
+    SQLSettings: opserver-sql-config

cnab/app/app.ps1

@@ -1,4 +1,4 @@
-function Get-AppName() {  
+function Get-AppName() {
     $app = 'opserver'
     return $app
 }
@@ -7,7 +7,7 @@ function Is-SingleRegistry() {
     return $True
 }
 
-function Generate-Values($vars, $environment, $containerRegistryUrl, $releaseTag, $pullSecretName) {  
+function Generate-Values($vars, $environment, $containerRegistryUrl, $releaseTag, $pullSecretName) {
     Write-MajorStep "Generating Helm values"
     $values = @{
         tier                    = $environment
@@ -18,7 +18,7 @@ function Generate-Values($vars, $environment, $containerRegistryUrl, $releaseTag
         db                      = @{
             exceptionalDbName = $vars.exceptionalDbName;
         }
-        
+
         images                  = @{
             containerRegistry = "$containerRegistryUrl"
             opserver          = @{
@@ -49,7 +49,7 @@ function Generate-Values($vars, $environment, $containerRegistryUrl, $releaseTag
             agentHost = $vars.datadogAgentHost
             agentPort = $vars.datadogAgentPort
         }
-        
+
         kestrel                 = @{
             endPoints = @{
                 http = @{
@@ -80,6 +80,10 @@ function Generate-Values($vars, $environment, $containerRegistryUrl, $releaseTag
             storeRefName = $vars.secretStore
         }
 
+        configSecret       = @{
+            storeRefName = $vars.secretStore
+        }
+
         opserverExternalSecret  = @{
             storeRefName = $vars.secretStore
         }
@@ -88,10 +92,10 @@ function Generate-Values($vars, $environment, $containerRegistryUrl, $releaseTag
 
         adminRolebindingGroupId = $vars.adminRolebindingGroupId
     }
-    
+
     # Helm expects a YAML file but YAML is also a superset of JSON, so we can use ConvertTo-Json here
     $valuesFileContent = $values | ConvertTo-Json -Depth 100
     Write-MinorStep "Populated Helm values:"
     Write-MinorStep $valuesFileContent
     return $valuesFileContent
-}
+}