Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CSL-139: Add kube files for html-pdf-converter and hof-rds-api compon… #64

Merged
merged 8 commits into from
Feb 12, 2025
Merged

CSL-139: Add kube files for html-pdf-converter and hof-rds-api compon… #64

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
5ea0d55
CSL-139: Add kube files for html-pdf-converter and hof-rds-api compon…
adityababumallisettiHO Feb 10, 2025
a697ec7
Merge branch 'master' into CSL-139
adityababumallisettiHO Feb 10, 2025
7e35930
CSL-139: PR requested Changes
adityababumallisettiHO Feb 11, 2025
6d81c43
CSL-139: Add replicas in production for backend microservices
adityababumallisettiHO Feb 11, 2025
2b21c3d
CSL-139: Add html-pdf-converter, data services to the deploy scripts
adityababumallisettiHO Feb 11, 2025
8feb208
CSL-139: Add missing html-pdf and hof-rds-api to Branch Env
adityababumallisettiHO Feb 11, 2025
b7eb599
CSL-139: Fix Pipeline issue while deploying hof-rds-api
adityababumallisettiHO Feb 11, 2025
06dd630
Merge branch 'master' into CSL-139
adityababumallisettiHO Feb 12, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 1 addition & 23 deletions .drone.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,29 +53,6 @@ sonar_scanner: &sonar_scanner
commands:
- sonar-scanner -Dproject.settings=./sonar-project.properties

ui_integration_tests: &ui_integration_tests
<<: *node_image
environment:
NOTIFY_STUB: true
commands:
- yarn run test:ui-integration

accessibility_tests: &accessibility_tests
pull: if-not-exists
image: buildkite/puppeteer:8.0.0@sha256:b6cebc17bfa8e7a7abfc3ab14d6f2ddbdf42b9e81b8ad786c6693385665998d5
environment:
NOTIFY_STUB: true
ENVIRONMENT: DRONE
volumes:
- name: dockersock
path: /root/.dockersock
commands:
- yarn run test:accessibility

acceptance_tests: &acceptance_tests
pull: if-not-exists
image: mcr.microsoft.com/playwright:v1.12.3-focal

steps:
- name: clone_repos
pull: if-not-exists
Expand Down Expand Up @@ -292,6 +269,7 @@ steps:
event: push
depends_on:
- get_pr_branch
- deploy_to_uat

# Deploy to Staging environment
- name: deploy_to_stg
Expand Down
1 change: 0 additions & 1 deletion .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ coverage
.env
output/
*.iml
anchore-reports
.nyc_output
.vscode
.vscode-server
Expand Down
2 changes: 1 addition & 1 deletion Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ FROM node:20.18.0-alpine3.20@sha256:d504f23acdda979406cf3bdbff0dff7933e5c4ec183d
USER root

# Update the package index and upgrade all installed packages to their latest versions
RUN apk update && apk upgrade
RUN apk update && apk upgrade --no-cache

# Setup nodejs group & nodejs user
RUN addgroup --system nodejs --gid 998 && \
Expand Down
5 changes: 3 additions & 2 deletions bin/deploy.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ export INGRESS_INTERNAL_ANNOTATIONS=$HOF_CONFIG/ingress-internal-annotations.yam
export INGRESS_EXTERNAL_ANNOTATIONS=$HOF_CONFIG/ingress-external-annotations.yaml
export CONFIGMAP_VALUES=$HOF_CONFIG/configmap-values.yaml
export NGINX_SETTINGS=$HOF_CONFIG/nginx-settings.yaml
export DATA_SERVICE_INTERNAL_ANNOTATIONS=$HOF_CONFIG/data-service-internal-annotations.yaml
adityababumallisettiHO marked this conversation as resolved.
Show resolved Hide resolved
export FILEVAULT_NGINX_SETTINGS=$HOF_CONFIG/filevault-nginx-settings.yaml
export FILEVAULT_INGRESS_EXTERNAL_ANNOTATIONS=$HOF_CONFIG/filevault-ingress-external-annotations.yaml

Expand All @@ -14,8 +15,8 @@ if [[ $1 == 'tear_down' ]]; then
export KUBE_NAMESPACE=$BRANCH_ENV
export DRONE_SOURCE_BRANCH=$(cat /root/.dockersock/branch_name.txt)

$kd --delete -f kube/configmaps/configmap.yml
$kd --delete -f kube/redis -f kube/app -f kube/file-vault
$kd --delete -f kube/configmaps/configmap.yml -f kube/hof-rds-api
$kd --delete -f kube/redis -f kube/html-pdf -f kube/app -f kube/file-vault -f kube/file-vault
adityababumallisettiHO marked this conversation as resolved.
Show resolved Hide resolved
echo "Torn Down Branch - $APP_NAME-$DRONE_SOURCE_BRANCH.internal.branch.sas-notprod.homeoffice.gov.uk"
exit 0
fi
Expand Down
106 changes: 83 additions & 23 deletions kube/app/deployment.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,11 +14,6 @@ metadata:
name: {{ .APP_NAME }}
{{ end }}
spec:
{{ if eq .KUBE_NAMESPACE .PROD_ENV }}
replicas: 2
{{ else }}
replicas: 1
{{ end }}
adityababumallisettiHO marked this conversation as resolved.
Show resolved Hide resolved
selector:
matchLabels:
{{ if eq .KUBE_NAMESPACE .BRANCH_ENV }}
Expand Down Expand Up @@ -48,6 +43,7 @@ spec:
ports:
- containerPort: 8080
envFrom:
- configMapRef:
adityababumallisettiHO marked this conversation as resolved.
Show resolved Hide resolved
- configMapRef:
{{ if eq .KUBE_NAMESPACE .BRANCH_ENV }}
name: {{ .APP_NAME }}-configmap-{{ .DRONE_SOURCE_BRANCH }}
Expand All @@ -68,13 +64,34 @@ spec:
{{ else }}
value: redis
{{ end }}
- name: SESSION_SECRET
valueFrom:
secretKeyRef:
name: session-secret
key: session-secret
# - name: NOTIFY_KEY
# valueFrom:
# secretKeyRef:
# name: notify-key
# key: notify-key
- name: USE_MOCKS
value: "false"
- name: PDF_CONVERTER_URL
{{ if eq .KUBE_NAMESPACE .BRANCH_ENV }}
value: https://html-pdf-converter-{{ .DRONE_SOURCE_BRANCH }}:10443/convert
{{ else }}
value: https://html-pdf-converter:10443/convert
{{ end }}
- name: FILE_VAULT_URL
{{ if eq .KUBE_NAMESPACE .PROD_ENV }}
value: https://fv-{{ .APP_NAME }}.sas.homeoffice.gov.uk/file
{{ else if eq .KUBE_NAMESPACE .STG_ENV }}
value: https://fv-{{ .APP_NAME }}.stg.sas.homeoffice.gov.uk/file
{{ else if eq .KUBE_NAMESPACE .UAT_ENV }}
value: https://fv-{{ .APP_NAME }}.uat.sas-notprod.homeoffice.gov.uk/file
{{ else if eq .KUBE_NAMESPACE .BRANCH_ENV }}
value: https://fv-{{ .DRONE_SOURCE_BRANCH }}.branch.sas-notprod.homeoffice.gov.uk/file
{{ end }}
- name: FILE_VAULT_CLIENT_SECRET
valueFrom:
secretKeyRef:
Expand All @@ -95,21 +112,62 @@ spec:
secretKeyRef:
name: file-vault-user
key: password
- name: SESSION_SECRET
{{ if or (eq .KUBE_NAMESPACE .BRANCH_ENV) (eq .KUBE_NAMESPACE .UAT_ENV) (eq .KUBE_NAMESPACE .STG_ENV)}}
- name: ALLOW_SKIP
value: "true"
- name: SKIP_EMAIL
value: "[email protected]"
{{ end }}
adityababumallisettiHO marked this conversation as resolved.
Show resolved Hide resolved
{{ if eq .KUBE_NAMESPACE .BRANCH_ENV }}
- name: DATASERVICE_SERVICE_HOST
value: dataservice-{{ .DRONE_SOURCE_BRANCH }}
- name: DATASERVICE_SERVICE_PORT_HTTPS
value: "10443"
{{ end }}
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: session-secret
key: session-secret
- name: FILE_VAULT_URL
{{ if eq .KUBE_NAMESPACE .PROD_ENV }}
value: https://fv-{{ .APP_NAME }}.sas.homeoffice.gov.uk/file
{{ else if eq .KUBE_NAMESPACE .UAT_ENV }}
value: https://fv-{{ .APP_NAME }}.uat.sas-notprod.homeoffice.gov.uk/file
{{ else if eq .KUBE_NAMESPACE .STG_ENV }}
value: https://fv-{{ .APP_NAME }}.stg.sas.homeoffice.gov.uk/file
{{ else if eq .KUBE_NAMESPACE .BRANCH_ENV }}
value: https://fv-{{ .DRONE_SOURCE_BRANCH }}.branch.sas-notprod.homeoffice.gov.uk/file
{{ end }}
{{ if or (eq .KUBE_NAMESPACE .BRANCH_ENV) (eq .KUBE_NAMESPACE .UAT_ENV) }}
name: {{ .APP_NAME }}-s3-bucket
{{ else if eq .KUBE_NAMESPACE .STG_ENV }}
name: {{ .APP_NAME }}-s3-bucket-stg
{{ else }}
name: {{ .APP_NAME }}-s3-bucket-prod
{{ end }}
key: access_key_id
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
{{ if or (eq .KUBE_NAMESPACE .BRANCH_ENV) (eq .KUBE_NAMESPACE .UAT_ENV) }}
name: {{ .APP_NAME }}-s3-bucket
{{ else if eq .KUBE_NAMESPACE .STG_ENV }}
name: {{ .APP_NAME }}-s3-bucket-stg
{{ else }}
name: {{ .APP_NAME }}-s3-bucket-prod
{{ end }}
key: secret_access_key
- name: AWS_KMS_KEY_ID
valueFrom:
secretKeyRef:
{{ if or (eq .KUBE_NAMESPACE .BRANCH_ENV) (eq .KUBE_NAMESPACE .UAT_ENV) }}
name: {{ .APP_NAME }}-s3-bucket
{{ else if eq .KUBE_NAMESPACE .STG_ENV }}
name: {{ .APP_NAME }}-s3-bucket-stg
{{ else }}
name: {{ .APP_NAME }}-s3-bucket-prod
{{ end }}
key: kms_key_id
- name: AWS_BUCKET
valueFrom:
secretKeyRef:
{{ if or (eq .KUBE_NAMESPACE .BRANCH_ENV) (eq .KUBE_NAMESPACE .UAT_ENV) }}
name: {{ .APP_NAME }}-s3-bucket
{{ else if eq .KUBE_NAMESPACE .STG_ENV }}
name: {{ .APP_NAME }}-s3-bucket-stg
{{ else }}
name: {{ .APP_NAME }}-s3-bucket-prod
{{ end }}
key: name
adityababumallisettiHO marked this conversation as resolved.
Show resolved Hide resolved
{{ if not (eq .KUBE_NAMESPACE .BRANCH_ENV) }}
livenessProbe:
httpGet:
Expand All @@ -126,11 +184,11 @@ spec:
{{ end }}
resources:
requests:
memory: 30Mi
cpu: 30m
memory: 256Mi
cpu: 100m
limits:
cpu: 250m
memory: 512Mi
cpu: 600m
volumeMounts:
- mountPath: /public
name: public
Expand All @@ -140,20 +198,22 @@ spec:
image: quay.io/ukhomeofficedigital/nginx-proxy-govuk@sha256:4470064d0b1d20ae08c5fd85551576cb687f342a22d6cb456fda9b2c4ce8c8df
resources:
requests:
memory: 10Mi
cpu: 10m
memory: 20Mi
cpu: 20m
limits:
memory: 256Mi
cpu: 300m
env:
{{ file .NGINX_SETTINGS | indent 12 }}
ports:
- containerPort: 10080
- containerPort: 10443
volumeMounts:
- mountPath: /public
name: public
securityContext:
runAsNonRoot: true

volumes:
- name: public
emptyDir: {}
36 changes: 31 additions & 5 deletions kube/file-vault/file-vault-deployment.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ spec:
{{ else if eq .KUBE_NAMESPACE .BRANCH_ENV }}
value: https://fv-{{ .DRONE_SOURCE_BRANCH }}.branch.sas-notprod.homeoffice.gov.uk
- name: DEBUG
value: "*"
value: "true"
adityababumallisettiHO marked this conversation as resolved.
Show resolved Hide resolved
{{ end }}
- name: PORT
value: "3000"
Expand All @@ -75,22 +75,46 @@ spec:
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: s3-bucket
{{ if or (eq .KUBE_NAMESPACE .BRANCH_ENV) (eq .KUBE_NAMESPACE .UAT_ENV) }}
name: {{ .APP_NAME }}-s3-bucket
{{ else if eq .KUBE_NAMESPACE .STG_ENV }}
name: {{ .APP_NAME }}-s3-bucket-stg
{{ else }}
name: {{ .APP_NAME }}-s3-bucket-prod
{{ end }}
adityababumallisettiHO marked this conversation as resolved.
Show resolved Hide resolved
key: access_key_id
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: s3-bucket
{{ if or (eq .KUBE_NAMESPACE .BRANCH_ENV) (eq .KUBE_NAMESPACE .UAT_ENV) }}
name: {{ .APP_NAME }}-s3-bucket
{{ else if eq .KUBE_NAMESPACE .STG_ENV }}
name: {{ .APP_NAME }}-s3-bucket-stg
{{ else }}
name: {{ .APP_NAME }}-s3-bucket-prod
{{ end }}
key: secret_access_key
- name: AWS_KMS_KEY_ID
valueFrom:
secretKeyRef:
name: s3-bucket
{{ if or (eq .KUBE_NAMESPACE .BRANCH_ENV) (eq .KUBE_NAMESPACE .UAT_ENV) }}
name: {{ .APP_NAME }}-s3-bucket
{{ else if eq .KUBE_NAMESPACE .STG_ENV }}
name: {{ .APP_NAME }}-s3-bucket-stg
{{ else }}
name: {{ .APP_NAME }}-s3-bucket-prod
{{ end }}
key: kms_key_id
- name: AWS_BUCKET
valueFrom:
secretKeyRef:
name: s3-bucket
{{ if or (eq .KUBE_NAMESPACE .BRANCH_ENV) (eq .KUBE_NAMESPACE .UAT_ENV) }}
name: {{ .APP_NAME }}-s3-bucket
{{ else if eq .KUBE_NAMESPACE .STG_ENV }}
name: {{ .APP_NAME }}-s3-bucket-stg
{{ else }}
name: {{ .APP_NAME }}-s3-bucket-prod
{{ end }}
key: name
- name: AWS_PASSWORD
valueFrom:
Expand All @@ -115,6 +139,8 @@ spec:
limits:
memory: 1024Mi
cpu: 200m
requests:
memory: 512Mi
envFrom:
- configMapRef:
{{ if eq .KUBE_NAMESPACE .BRANCH_ENV }}
Expand Down
Loading