Commit e0445476 authored by Sumra Zafar's avatar Sumra Zafar Committed by Vincent Rondot
Browse files

Azure Compliance with lower SLB Env

parent be0dcb73
......@@ -58,7 +58,8 @@
WELLBORE_URL: https://${AZURE_DNS_NAME}/api/os-wellbore-ddms
LEGAL_TAG: "opendes-public-usa-dataset-7643990"
DATA_PARTITION_ID: opendes
PROJECT_NAME: os-wellbore-ddms
CLOUD_PROVIDER: az
# JOBS
# --------------------------------------------------------------------------------
......@@ -109,11 +110,12 @@ azure_deploy:
- az login --service-principal -u $AZURE_PRINCIPAL_ID -p $AZURE_PRINCIPAL_SECRET --tenant $AZURE_TENANT_ID
- az aks get-credentials -g $AZURE_UNIQUE-rg -n $AZURE_UNIQUE-aks
script:
- az acr login -n $AZURE_REGISTRY
# Install Service
- helm upgrade -i osdu-gitlab-$CI_PROJECT_NAME devops/azure/chart --set image.repository=${AZURE_REGISTRY}.azurecr.io --set image.branch=$BRANCH --set image.tag=$TAG
- helm upgrade -i $PROJECT_NAME devops/azure/chart --set image.repository=${AZURE_REGISTRY}.azurecr.io/$BRANCH --set image.tag=$TAG
# Increasing to 900s as rolling updates are happening and each service is expected to have minimum 2 containers.
- kubectl rollout status deployment.v1.apps/osdu-gitlab-$CI_PROJECT_NAME -n osdu --timeout=900s
- pod=$(kubectl get pod -n osdu|grep $CI_PROJECT_NAME |tail -1 |awk '{print $1}')
- kubectl rollout status deployment.v1.apps/$PROJECT_NAME -n osdu --timeout=900s
- pod=$(kubectl get pod -n osdu|grep $PROJECT_NAME |tail -1 |awk '{print $1}')
- status=$(kubectl wait -n osdu --for=condition=Ready pod/$pod --timeout=300s)
- if [[ "$status" != *"met"* ]]; then echo "POD didn't start correctly" ; exit 1 ; fi
only:
......@@ -139,7 +141,7 @@ azure_test_py:
- pip install -r requirements_dev.txt
- svctoken=$(python devops/scripts/azure_jwt_client.py)
- cd $AZURE_TEST_SUBDIR
- python ./gen_postman_env.py --token ${svctoken} --base_url ${WELLBORE_URL} --cloud_provider ${VENDOR} --acl_domain ${DOMAIN} --legal_tag ${LEGAL_TAG} --data_partition ${DATA_PARTITION_ID}
- python ./gen_postman_env.py --token ${svctoken} --base_url ${WELLBORE_URL} --cloud_provider ${CLOUD_PROVIDER} --acl_domain ${DOMAIN} --legal_tag ${LEGAL_TAG} --data_partition ${DATA_PARTITION_ID}
- pytest ./functional --environment="./generated/postman_environment.json" --insecure --timeout-request=15000 --filter-tag=basic
only:
variables:
......
......@@ -13,7 +13,7 @@
# limitations under the License.
apiVersion: v2
name: wellbore-domain-services
name: wdms
description: OSDU Wellbore DDMS Service
appVersion: "latest"
# A chart can be either an 'application' or a 'library' chart.
......@@ -29,4 +29,4 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
version: 0.1.0
\ No newline at end of file
{{/*
Common Annotations
*/}}
{{- define "os-wellbore-ddms.commonAnnotations" -}}
build-number: {{ .Values.annotations.buildNumber | quote }}
build-origin: {{ .Values.annotations.buildOrigin | quote }}
commit-branch: {{ .Values.annotations.commitBranch | quote }}
commit-id: {{ .Values.annotations.commitId | quote }}
{{- end}}
{{/*
Common Labels
*/}}
{{- define "os-wellbore-ddms.commonLabels" -}}
......
......@@ -11,27 +11,30 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: wellbore-jwt-authz
namespace: osdu
annotations:
{{ include "os-wellbore-ddms.commonAnnotations" . | indent 4}}
labels:
{{ include "os-wellbore-ddms.commonLabels" . | indent 4}}
name: {{ .Values.authorizationPolicy.name }}{{ include "os-wellbore-ddms.name-suffix" . }}
{{ include "os-wellbore-ddms.namespace" . | indent 2}}
spec:
selector:
matchLabels:
app: osdu-gitlab-wellbore-domain-services
action: DENY
rules:
- from:
- source:
notRequestPrincipals: ["*"]
to:
- operation:
notPaths: ["/","*/index.html",
"*/v2/api-docs",
"*/swagger","*/swagger-resources","*/swagger-ui.html",
"*/actuator/health", "*/health",
"*/configuration/ui","*/configuration/security",
"/api/os-wellbore-ddms/swagger-resources/*",
"/api/os-wellbore-ddms/*",
"/api/os-wellbore-ddms/webjars/*"]
- from:
- source:
notRequestPrincipals:
- '*'
to:
- operation:
notPaths:
- {{ include "os-wellbore-ddms.prefix" . }}/
- {{ include "os-wellbore-ddms.prefix" . }}/ddms/v2/about
- {{ include "os-wellbore-ddms.prefix" . }}/docs
- {{ include "os-wellbore-ddms.prefix" . }}/openapi.json
selector:
matchLabels:
{{ include "os-wellbore-ddms.commonLabels" . | indent 6}}
......@@ -25,6 +25,8 @@ data:
AZ_LOGGER_LEVEL: {{ .Values.configMap.data.loggerLevel }}
kind: ConfigMap
metadata:
annotations:
{{ include "os-wellbore-ddms.commonAnnotations" . | indent 4}}
labels:
{{ include "os-wellbore-ddms.commonLabels" . | indent 4}}
name: {{ .Values.configMap.name }}{{ $nameSuffix }}
......
......@@ -16,9 +16,11 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
{{ include "os-wellbore-ddms.commonAnnotations" . | indent 4}}
labels:
{{ include "os-wellbore-ddms.commonLabels" . | indent 4}}
name: {{ .Values.deployment.name }}
name: {{ .Values.deployment.name }}{{ $nameSuffix }}
{{ include "os-wellbore-ddms.namespace" . | indent 2}}
spec:
replicas: {{ .Values.replicaCount }}
......@@ -27,6 +29,8 @@ spec:
{{ include "os-wellbore-ddms.commonLabels" . | indent 6}}
template:
metadata:
annotations:
{{ include "os-wellbore-ddms.commonAnnotations" . | indent 8}}
labels:
aadpodidbinding: "{{ .Values.labels.aadpodidbinding }}"
{{ include "os-wellbore-ddms.commonLabels" . | indent 8}}
......@@ -46,8 +50,8 @@ spec:
volumeAttributes:
secretProviderClass: "azure-keyvault"
containers:
- name: {{ .Values.deployment.name }}
image: {{ .Values.image.repository }}/{{ .Values.image.branch }}:{{ .Values.image.tag | default .Chart.AppVersion }}
- name: {{ .Values.deployment.name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
ports:
- containerPort: 8080
# This preStop hook has been added as a temporary workaround to minimize downtime during deployments until this limitation is addressed at the AGIC level
......
......@@ -13,9 +13,12 @@
# limitations under the License.
{{- if .Values.ingress.enabled -}}
{{$nameSuffix := include "os-wellbore-ddms.name-suffix" .}}
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
annotations:
{{ include "os-wellbore-ddms.commonAnnotations" . | indent 4}}
appgw.ingress.kubernetes.io/ssl-redirect: "true"
appgw.ingress.kubernetes.io/connection-draining: "true"
appgw.ingress.kubernetes.io/connection-draining-timeout: "30"
......@@ -27,14 +30,14 @@ metadata:
labels:
{{ include "os-wellbore-ddms.commonLabels" . | indent 4}}
name: {{ .Values.deployment.name }}
name: {{ .Values.deployment.name }}{{ $nameSuffix }}
{{ include "os-wellbore-ddms.namespace" . | indent 2}}
spec:
rules:
- http:
paths:
- backend:
serviceName: {{ .Values.deployment.name }}
serviceName: {{ .Values.deployment.name }}{{ $nameSuffix }}
servicePort: 80
path: {{ include "os-wellbore-ddms.prefix" . }}/*
{{ if .Values.ingress.hosts.host }}
......
......@@ -11,13 +11,14 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: Service
metadata:
annotations:
{{ include "os-wellbore-ddms.commonAnnotations" . | indent 4}}
labels:
{{ include "os-wellbore-ddms.commonLabels" . | indent 4}}
name: wellbore-domain-services
name: {{ .Values.deployment.name }}{{ include "os-wellbore-ddms.name-suffix" . }}
{{ include "os-wellbore-ddms.namespace" . | indent 2}}
spec:
ports:
......
......@@ -12,7 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
# Default values for osdu-gitlab-wellbore-domain-services.
# Default values for os-wellbore-ddms.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
......@@ -22,15 +22,21 @@ deployment:
secretName: central-logging
osduSvcProperties: osdu-svc-properties
keyvaultUrlPropertyName: ENV_KEYVAULT
name: osdu-gitlab-wellbore-domain-services
name: os-wellbore-ddms
replicaCount: 1
replicaCount: 2
annotations:
buildNumber: []
buildOrigin: AzureDevops build/#{Build.DefinitionName}#
commitBranch: []
commitId: []
image:
repository: community.opengroup.org:5555/osdu/platform/domain-data-mgmt-services/wellbore/wellbore-domain-services
branch: master
repository: community.opengroup.org:5555/osdu/platform/domain-data-mgmt-services/wellbore/wellbore-domain-services/wellbore-domain-services-master
# Overrides the image tag whose default is the chart appVersion.
tag: latest
tempDeployment:
enabled: false
......@@ -38,7 +44,7 @@ tempDeployment:
labels:
aadpodidbinding: osdu-identity
env: glab
env: gitlab
configMap:
data:
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment