From 3d55225841ff65464eb77a1ec2e3a6ea8d8c9f04 Mon Sep 17 00:00:00 2001
From: "Oleksandr Kosse (EPAM)" <oleksandr_kosse@epam.com>
Date: Tue, 3 Jan 2023 16:38:27 +0000
Subject: [PATCH] [GONRG-5946] Merge all helms
---
NOTICE | 114 +++------
devops/gcp/configmap/Chart.yaml | 24 --
devops/gcp/configmap/README.md | 78 -------
devops/gcp/configmap/values.yaml | 17 --
devops/gcp/configmap_opa/Chart.yaml | 24 --
devops/gcp/configmap_opa/README.md | 67 ------
devops/gcp/configmap_opa/values.yaml | 15 --
devops/gcp/deploy/Chart.yaml | 2 +-
devops/gcp/deploy/README.md | 78 +++++--
.../templates/opa-configmap.yaml | 5 +-
.../templates/opa-deployment.yaml} | 24 +-
.../templates/opa-env-configmap.yaml | 4 +-
.../templates/opa-service-account.yaml} | 2 +-
.../templates/opa-service.yaml} | 6 +-
.../templates/opa-virtual-service.yaml} | 8 +-
.../templates/policy-configmap-bootstrap.yaml | 0
.../templates/policy-configmap.yaml | 2 +-
....yaml => policy-deployment-bootstrap.yaml} | 0
...deployment.yaml => policy-deployment.yaml} | 0
...count.yaml => policy-service-account.yaml} | 0
.../{service.yaml => policy-service.yaml} | 0
...rvice.yaml => policy-virtual-service.yaml} | 0
devops/gcp/deploy/values.yaml | 33 ++-
devops/gcp/opa/Chart.yaml | 21 --
devops/gcp/opa/README.md | 69 ------
devops/gcp/opa/values.yaml | 26 ---
devops/gcp/pipeline/override-stages.yml | 221 +-----------------
27 files changed, 141 insertions(+), 699 deletions(-)
delete mode 100644 devops/gcp/configmap/Chart.yaml
delete mode 100644 devops/gcp/configmap/README.md
delete mode 100644 devops/gcp/configmap/values.yaml
delete mode 100644 devops/gcp/configmap_opa/Chart.yaml
delete mode 100644 devops/gcp/configmap_opa/README.md
delete mode 100644 devops/gcp/configmap_opa/values.yaml
rename devops/gcp/{configmap_opa => deploy}/templates/opa-configmap.yaml (95%)
rename devops/gcp/{opa/templates/deployment.yaml => deploy/templates/opa-deployment.yaml} (76%)
rename devops/gcp/{configmap_opa => deploy}/templates/opa-env-configmap.yaml (71%)
rename devops/gcp/{opa/templates/service-account.yaml => deploy/templates/opa-service-account.yaml} (72%)
rename devops/gcp/{opa/templates/service.yaml => deploy/templates/opa-service.yaml} (62%)
rename devops/gcp/{opa/templates/virtual-service.yaml => deploy/templates/opa-virtual-service.yaml} (69%)
rename devops/gcp/{configmap => deploy}/templates/policy-configmap-bootstrap.yaml (100%)
rename devops/gcp/{configmap => deploy}/templates/policy-configmap.yaml (90%)
rename devops/gcp/deploy/templates/{deployment-bootstrap.yaml => policy-deployment-bootstrap.yaml} (100%)
rename devops/gcp/deploy/templates/{deployment.yaml => policy-deployment.yaml} (100%)
rename devops/gcp/deploy/templates/{service-account.yaml => policy-service-account.yaml} (100%)
rename devops/gcp/deploy/templates/{service.yaml => policy-service.yaml} (100%)
rename devops/gcp/deploy/templates/{virtual-service.yaml => policy-virtual-service.yaml} (100%)
delete mode 100644 devops/gcp/opa/Chart.yaml
delete mode 100644 devops/gcp/opa/README.md
delete mode 100644 devops/gcp/opa/values.yaml
diff --git a/NOTICE b/NOTICE
index 18a8bce8..2a750498 100644
--- a/NOTICE
+++ b/NOTICE
@@ -8,6 +8,7 @@ Apache-2.0
========================================================================
The following software have components provided under the terms of this license:
+- asgiref (from https://github.com/django/asgiref/)
- boto3 (from https://github.com/boto/boto3)
- botocore (from https://github.com/boto/botocore)
- coverage (from https://github.com/nedbat/coveragepy)
@@ -17,101 +18,63 @@ The following software have components provided under the terms of this license:
- google-api-core (from https://github.com/googleapis/python-api-core)
- google-auth (from https://github.com/GoogleCloudPlatform/google-auth-library-python, https://github.com/googleapis/google-auth-library-python)
- google-cloud-core (from https://github.com/googleapis/python-cloud-core)
-- google-cloud-storage (from https://github.com/GoogleCloudPlatform/google-cloud-python, https://github.com/googleapis/python-storage)
+- google-cloud-storage (from https://github.com/googleapis/python-storage)
- google-crc32c (from https://github.com/googleapis/python-crc32c)
- google-resumable-media (from https://github.com/googleapis/google-resumable-media-python)
- googleapis-common-protos (from https://github.com/googleapis/python-api-common-protos)
-- importlib-metadata
-- packaging (from https://github.com/pypa/packaging, https://pypi.org/project/packaging/22.0/)
+- packaging (from https://pypi.org/project/packaging/22.0/)
- pytest-asyncio (from https://github.com/pytest-dev/pytest-asyncio)
- pytest-dependency (from https://github.com/RKrahl/pytest-dependency)
- python-dateutil (from https://github.com/dateutil/dateutil)
- python-multipart (from http://github.com/andrew-d/python-multipart)
- requests (from http://python-requests.org, https://requests.readthedocs.io)
- responses (from https://github.com/getsentry/responses)
-- rfc3986 (from https://rfc3986.readthedocs.org)
- rsa (from https://stuvel.eu/rsa)
- s3transfer (from https://github.com/boto/s3transfer)
- sniffio (from https://github.com/python-trio/sniffio)
- tenacity (from https://github.com/jd/tenacity)
-- toposort (from https://bitbucket.org/ericvsmith/toposort, https://pypi.org/project/toposort/1.7/)
-- types-cryptography (from https://github.com/python/typeshed)
-- types-toml (from https://github.com/python/typeshed)
-- urllib3 (from https://urllib3.readthedocs.io/)
========================================================================
BSD-2-Clause
========================================================================
The following software have components provided under the terms of this license:
-- mock (from http://mock.readthedocs.org/en/latest/, https://github.com/testing-cabal/mock)
-- oauthlib (from https://github.com/idan/oauthlib, https://github.com/oauthlib/oauthlib)
-- packaging (from https://github.com/pypa/packaging, https://pypi.org/project/packaging/22.0/)
-- protobuf (from https://developers.google.com/protocol-buffers/)
-- pyasn1 (from http://sourceforge.net/projects/pyasn1/, https://github.com/etingof/pyasn1)
-- pyasn1-modules (from http://sourceforge.net/projects/pyasn1/, https://github.com/etingof/pyasn1-modules)
+- oauthlib (from https://github.com/oauthlib/oauthlib)
+- packaging (from https://pypi.org/project/packaging/22.0/)
+- pyasn1 (from https://github.com/etingof/pyasn1)
+- pyasn1-modules (from https://github.com/etingof/pyasn1-modules)
========================================================================
BSD-3-Clause
========================================================================
The following software have components provided under the terms of this license:
-- Flask (from https://palletsprojects.com/p/flask)
- Jinja2 (from http://jinja.pocoo.org/, https://palletsprojects.com/p/jinja/)
- MarkupSafe (from https://palletsprojects.com/p/markupsafe/)
-- Werkzeug (from https://palletsprojects.com/p/werkzeug/)
- asgiref (from https://github.com/django/asgiref/)
-- click (from http://github.com/mitsuhiko/click, https://palletsprojects.com/p/click/)
+- click (from https://palletsprojects.com/p/click/)
- cryptography (from https://github.com/pyca/cryptography)
-- httpcore (from https://github.com/encode/httpcore)
-- httpx (from https://github.com/encode/httpx, https://pypi.org/project/httpx/0.23.1/)
-- idna (from https://github.com/kjd/idna, https://pypi.org/project/idna/3.4/)
-- isodate (from http://cheeseshop.python.org/pypi/isodate)
-- itsdangerous (from http://github.com/mitsuhiko/itsdangerous, https://palletsprojects.com/p/itsdangerous/)
+- idna (from https://pypi.org/project/idna/3.4/)
+- isodate (from https://github.com/gweis/isodate/)
- jinja2
-- mock (from https://github.com/testing-cabal/mock)
-- oauthlib (from https://github.com/idan/oauthlib, https://github.com/oauthlib/oauthlib)
+- oauthlib (from https://github.com/oauthlib/oauthlib)
- packaging (from https://pypi.org/project/packaging/22.0/)
- protobuf (from https://developers.google.com/protocol-buffers/)
- pycparser (from https://github.com/eliben/pycparser)
-- pyparsing (from http://pyparsing.wikispaces.com/)
-- pyrsistent (from http://github.com/tobgu/pyrsistent/, https://github.com/tobgu/pyrsistent/)
+- pyrsistent (from https://github.com/tobgu/pyrsistent/)
- python-dateutil (from https://github.com/dateutil/dateutil)
- sniffio (from https://github.com/python-trio/sniffio)
-- starlette (from https://github.com/encode/starlette, https://pypi.org/project/starlette/0.21.0/, https://pypi.org/project/starlette/0.22.0/, https://pypi.org/project/starlette/0.23.0/, https://pypi.org/project/starlette/0.23.1/)
-- uvicorn (from https://github.com/tomchristie/uvicorn, https://pypi.org/project/uvicorn/0.18.3/, https://pypi.org/project/uvicorn/0.19.0/, https://pypi.org/project/uvicorn/0.20.0/, https://www.uvicorn.org/)
-
-========================================================================
-CC-BY-2.5
-========================================================================
-- Werkzeug (from https://palletsprojects.com/p/werkzeug/)
-
-========================================================================
-CC-BY-3.0
-========================================================================
-- Werkzeug (from https://palletsprojects.com/p/werkzeug/)
-
-========================================================================
-CC0-1.0
-========================================================================
-- ecdsa (from http://github.com/tlsfuzzer/python-ecdsa)
-
-========================================================================
-GPL-3.0-only
-========================================================================
-- rfc3986 (from https://rfc3986.readthedocs.org)
+- starlette (from https://pypi.org/project/starlette/0.22.0/, https://pypi.org/project/starlette/0.23.1/)
+- uvicorn (from https://github.com/tomchristie/uvicorn, https://pypi.org/project/uvicorn/0.20.0/, https://www.uvicorn.org/)
========================================================================
ISC
========================================================================
The following software have components provided under the terms of this license:
-- Flask (from https://palletsprojects.com/p/flask)
- Jinja2 (from http://jinja.pocoo.org/, https://palletsprojects.com/p/jinja/)
- MarkupSafe (from https://palletsprojects.com/p/markupsafe/)
-- Werkzeug (from https://palletsprojects.com/p/werkzeug/)
-- click (from http://github.com/mitsuhiko/click, https://palletsprojects.com/p/click/)
-- itsdangerous (from http://github.com/mitsuhiko/itsdangerous, https://palletsprojects.com/p/itsdangerous/)
+- click (from https://palletsprojects.com/p/click/)
- jinja2
- requests-oauthlib (from https://github.com/requests/requests-oauthlib)
@@ -129,11 +92,6 @@ The following software have components provided under the terms of this license:
- chardet (from https://github.com/chardet/chardet)
-========================================================================
-LGPL-3.0-only
-========================================================================
-- chardet (from https://github.com/chardet/chardet)
-
========================================================================
LGPL-3.0-or-later
========================================================================
@@ -146,60 +104,48 @@ MIT
========================================================================
The following software have components provided under the terms of this license:
-- Flask (from https://palletsprojects.com/p/flask)
- PyJWT (from http://github.com/jpadilla/pyjwt, https://github.com/jpadilla/pyjwt)
-- PyYAML (from http://pyyaml.org/wiki/PyYAML)
-- anyio (from https://pypi.org/project/anyio/3.3.0/, https://pypi.org/project/anyio/3.6.1/, https://pypi.org/project/anyio/3.6.2/)
+- anyio (from https://pypi.org/project/anyio/3.3.0/, https://pypi.org/project/anyio/3.6.2/)
- attrs (from https://attrs.readthedocs.io/, https://www.attrs.org/)
- azure-common (from https://github.com/Azure/azure-sdk-for-python)
- azure-core (from https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/core/azure-core)
-- azure-identity (from https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/identity/azure-identity, https://github.com/Azure/azure-sdk-for-python/tree/master/sdk/identity/azure-identity)
-- azure-keyvault-secrets (from https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/keyvault/azure-keyvault-secrets, https://github.com/Azure/azure-sdk-for-python/tree/master/sdk/keyvault/azure-keyvault-secrets)
+- azure-identity (from https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/identity/azure-identity)
+- azure-keyvault-secrets (from https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/keyvault/azure-keyvault-secrets)
- azure-storage-blob (from https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/storage/azure-storage-blob)
- botocore (from https://github.com/boto/botocore)
- cachetools (from https://github.com/tkem/cachetools/)
- cffi
- coloredlogs (from https://coloredlogs.readthedocs.io)
- coverage (from https://github.com/nedbat/coveragepy)
-- ecdsa (from http://github.com/tlsfuzzer/python-ecdsa)
-- exceptiongroup (from https://pypi.org/project/exceptiongroup/1.0.0/, https://pypi.org/project/exceptiongroup/1.0.0rc9/, https://pypi.org/project/exceptiongroup/1.0.1/, https://pypi.org/project/exceptiongroup/1.0.4/)
-- fastapi (from https://pypi.org/project/fastapi/0.85.0/, https://pypi.org/project/fastapi/0.85.1/, https://pypi.org/project/fastapi/0.85.2/, https://pypi.org/project/fastapi/0.86.0/, https://pypi.org/project/fastapi/0.88.0/)
+- exceptiongroup (from https://pypi.org/project/exceptiongroup/1.0.1/, https://pypi.org/project/exceptiongroup/1.1.0/)
+- fastapi (from https://pypi.org/project/fastapi/0.86.0/, https://pypi.org/project/fastapi/0.88.0/)
- h11
- humanfriendly (from https://humanfriendly.readthedocs.io)
- iniconfig (from http://github.com/RonnyPfannschmidt/iniconfig)
- jmespath (from https://github.com/jmespath/jmespath.py)
- jsonschema
- msal (from https://github.com/AzureAD/microsoft-authentication-library-for-python)
-- msal-extensions (from https://pypi.org/project/msal-extensions/0.1.3/, https://pypi.org/project/msal-extensions/1.0.0/)
+- msal-extensions (from https://pypi.org/project/msal-extensions/1.0.0/)
- msrest (from https://github.com/Azure/msrest-for-python)
- munch (from http://github.com/Infinidat/munch)
- pluggy
- py (from https://py.readthedocs.io/)
- pydantic (from https://github.com/pydantic/pydantic, https://github.com/samuelcolvin/pydantic)
-- pyparsing (from http://pyparsing.wikispaces.com/)
-- pyrsistent (from http://github.com/tobgu/pyrsistent/, https://github.com/tobgu/pyrsistent/)
+- pyrsistent (from https://github.com/tobgu/pyrsistent/)
- pytest (from http://pytest.org, https://docs.pytest.org/en/latest/)
- pytest-cov (from https://github.com/pytest-dev/pytest-cov)
-- pytest-httpx (from https://colin-b.github.io/pytest_httpx/)
- pytest-mock (from https://github.com/pytest-dev/pytest-mock/)
- pytest-order (from https://github.com/pytest-dev/pytest-order)
-- python-jose (from http://github.com/mpdavis/python-jose)
- pytz (from http://pythonhosted.org/pytz)
- requests (from http://python-requests.org, https://requests.readthedocs.io)
-- six (from http://pypi.python.org/pypi/six/, https://github.com/benjaminp/six)
+- six (from https://github.com/benjaminp/six)
- sniffio (from https://github.com/python-trio/sniffio)
-- starlette (from https://github.com/encode/starlette, https://pypi.org/project/starlette/0.21.0/, https://pypi.org/project/starlette/0.22.0/, https://pypi.org/project/starlette/0.23.0/, https://pypi.org/project/starlette/0.23.1/)
+- starlette (from https://pypi.org/project/starlette/0.22.0/, https://pypi.org/project/starlette/0.23.1/)
- starlette-context (from https://github.com/tomwojcik/starlette-context)
-- toml (from https://github.com/uiri/toml)
- tomli (from https://pypi.org/project/tomli/1.2.2/, https://pypi.org/project/tomli/2.0.0/, https://pypi.org/project/tomli/2.0.1/)
- urllib3 (from https://urllib3.readthedocs.io/)
- uuid7 (from https://github.com/stevesimmons/uuid7)
-========================================================================
-MIT-CMU
-========================================================================
-- pyparsing (from http://pyparsing.wikispaces.com/)
-
========================================================================
MPL-2.0
========================================================================
@@ -221,20 +167,12 @@ Python-2.0
The following software have components provided under the terms of this license:
- cryptography (from https://github.com/pyca/cryptography)
-- exceptiongroup (from https://pypi.org/project/exceptiongroup/1.0.0/, https://pypi.org/project/exceptiongroup/1.0.0rc9/, https://pypi.org/project/exceptiongroup/1.0.1/, https://pypi.org/project/exceptiongroup/1.0.4/)
-- fastapi (from https://pypi.org/project/fastapi/0.85.0/, https://pypi.org/project/fastapi/0.85.1/, https://pypi.org/project/fastapi/0.85.2/, https://pypi.org/project/fastapi/0.86.0/, https://pypi.org/project/fastapi/0.88.0/)
+- exceptiongroup (from https://pypi.org/project/exceptiongroup/1.0.1/, https://pypi.org/project/exceptiongroup/1.1.0/)
- portalocker (from https://github.com/WoLpH/portalocker)
- protobuf (from https://developers.google.com/protocol-buffers/)
-- pytest-mock (from https://github.com/pytest-dev/pytest-mock/)
-- sniffio (from https://github.com/python-trio/sniffio)
-- typing-extensions (from https://pypi.org/project/typing-extensions/4.2.0/, https://pypi.org/project/typing-extensions/4.4.0/)
+- typing-extensions (from https://pypi.org/project/typing-extensions/4.4.0/)
- urllib3 (from https://urllib3.readthedocs.io/)
-========================================================================
-libgd-2018
-========================================================================
-- pytz (from http://pythonhosted.org/pytz)
-
========================================================================
mit-old-style-no-advert
========================================================================
diff --git a/devops/gcp/configmap/Chart.yaml b/devops/gcp/configmap/Chart.yaml
deleted file mode 100644
index dd1e7b12..00000000
--- a/devops/gcp/configmap/Chart.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
-apiVersion: v2
-name: gcp-policy-configmap
-description: A Helm chart for Kubernetes
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
-appVersion: "1.16.0"
diff --git a/devops/gcp/configmap/README.md b/devops/gcp/configmap/README.md
deleted file mode 100644
index ee7988b3..00000000
--- a/devops/gcp/configmap/README.md
+++ /dev/null
@@ -1,78 +0,0 @@
-<!--- Configmap -->
-
-# Configmap helm chart
-
-## Introduction
-
-This chart bootstraps a configmap deployment on a [Kubernetes](https://kubernetes.io) cluster using [Helm](https://helm.sh) package manager.
-
-## Prerequisites
-
-The code was tested on **Kubernetes cluster** (v1.21.11) with **Istio** (1.12.6)
-> It is possible to use other versions, but it hasn't been tested
-
-### Operation system
-
-The code works in Debian-based Linux (Debian 10 and Ubuntu 20.04) and Windows WSL 2. Also, it works but is not guaranteed in Google Cloud Shell. All other operating systems, including macOS, are not verified and supported.
-
-### Packages
-
-Packages are only needed for installation from a local computer.
-
-- **HELM** (version: v3.7.1 or higher) [helm](https://helm.sh/docs/intro/install/)
-- **Kubectl** (version: v1.21.0 or higher) [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl)
-
-## Installation
-
-First you need to set variables in **values.yaml** file using any code editor. Some of the values are prefilled, but you need to specify some values as well. You can find more information about them below.
-
-### Common variables
-
-| Name | Description | Type | Default |Required |
-|------|-------------|------|---------|---------|
-**logLevel** | logging level | string | INFO | yes
-**opaHost** | OPA host | string | "http://opa" | yes
-**entitlementsHost** | Entitlements host | string | "http://entitlements" | yes
-**entitlementsBasePath** | Entitlements path | string | "/api/entitlements/v2/groups" | yes
-**legalHost** | Legal host | string | "http://legal" | yes
-**bucketName** | bucket name | string | - | yes
-**useBundles** | use bundle or not | string | "yes" | yes
-
-### On-prem variables
-
-| Name | Description | Type | Default |Required |
-|------|-------------|------|---------|---------|
-**minioHost** | minio host | string | http://minio:9000 | yes
-
-### Config variables
-
-| Name | Description | Type | Default |Required |
-|------|-------------|------|---------|---------|
-**configmap** | configmap to be used | string | policy-config | yes
-**appName** | name of the app | string | policy | yes
-
-### Bootstrap variables
-
-| Name | Description | Type | Default |Required |
-|------|-------------|------|---------|---------|
-**dataPartitionId** | ID of data partition | string | - | yes
-**dataPartitionIdList** | list of secondary data partition ids in case of multipartition | string | - | no
-**onPremEnabled** | whether on-prem is enabled | boolean | false | yes
-
-### Install the helm chart
-
-Run this command from within this directory:
-
-```console
-helm install gcp-policy-configmap .
-```
-
-## Uninstalling the Chart
-
-To uninstall the helm deployment:
-
-```console
-helm uninstall gcp-policy-configmap
-```
-
-[Move-to-Top](#configmap-helm-chart)
diff --git a/devops/gcp/configmap/values.yaml b/devops/gcp/configmap/values.yaml
deleted file mode 100644
index da6951c0..00000000
--- a/devops/gcp/configmap/values.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-data:
- logLevel: "ERROR"
- opaHost: "http://opa"
- entitlementsHost: "http://entitlements"
- entitlementsBasePath: "/api/entitlements/v2/groups"
- legalHost: "http://legal"
- bucketName: ""
- useBundles: "yes"
- dataPartitionId: ""
- dataPartitionIdList: []
- #on-prem only
- minioHost: "http://minio:9000"
-
-conf:
- configmap: "policy-config"
- appName: "policy"
- onPremEnabled: false
diff --git a/devops/gcp/configmap_opa/Chart.yaml b/devops/gcp/configmap_opa/Chart.yaml
deleted file mode 100644
index f6890611..00000000
--- a/devops/gcp/configmap_opa/Chart.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
-apiVersion: v2
-name: gcp-opa-configmap
-description: A Helm chart for Kubernetes
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
-appVersion: "1.16.0"
diff --git a/devops/gcp/configmap_opa/README.md b/devops/gcp/configmap_opa/README.md
deleted file mode 100644
index d933e830..00000000
--- a/devops/gcp/configmap_opa/README.md
+++ /dev/null
@@ -1,67 +0,0 @@
-<!--- Configmap -->
-
-# Configmap helm chart
-
-## Introduction
-
-This chart bootstraps a configmap deployment on a [Kubernetes](https://kubernetes.io) cluster using [Helm](https://helm.sh) package manager.
-
-## Prerequisites
-
-The code was tested on **Kubernetes cluster** (v1.21.11) with **Istio** (1.12.6)
-> It is possible to use other versions, but it hasn't been tested
-
-### Operation system
-
-The code works in Debian-based Linux (Debian 10 and Ubuntu 20.04) and Windows WSL 2. Also, it works but is not guaranteed in Google Cloud Shell. All other operating systems, including macOS, are not verified and supported.
-
-### Packages
-
-Packages are only needed for installation from a local computer.
-
-- **HELM** (version: v3.7.1 or higher) [helm](https://helm.sh/docs/intro/install/)
-- **Kubectl** (version: v1.21.0 or higher) [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl)
-
-## Installation
-
-First you need to set variables in **values.yaml** file using any code editor. Some of the values are prefilled, but you need to specify some values as well. You can find more information about them below.
-
-### Common variables
-
-| Name | Description | Type | Default |Required |
-|------|-------------|------|---------|---------|
-**bucketName** | bucket name | string | - | yes
-**scopes** | scope of OPA | string | "https://www.googleapis.com/auth/devstorage.read_only" | yes
-**entitlementsHost** | Entitlements host | string | "http://entitlements" | yes
-**legalHost** | Legal host | string | "http://legal" | yes
-
-### Config variables
-
-| Name | Description | Type | Default |Required |
-|------|-------------|------|---------|---------|
-**configmap** | configmap to be used | string | opa-config | yes
-**envConfig** | configmap with env vars | string | opa-env-config | yes
-**appName** | name of the app | string | opa | yes
-**dataPartitionId** | data partition id | string | - | yes
-**dataPartitionIdList** | list of secondary data partition ids in case of multipartition | string | - | no
-**onPremEnabled** | whether on-prem is enabled | boolean | false | yes
-**minDelaySeconds** | min delay for bundle download | num | 6 | yes
-**maxDelaySeconds** | max delay for bundle download | num | 12 | yes
-
-### Install the helm chart
-
-Run this command from within this directory:
-
-```console
-helm install gcp-opa-configmap .
-```
-
-## Uninstalling the Chart
-
-To uninstall the helm deployment:
-
-```console
-helm uninstall gcp-opa-configmap
-```
-
-[Move-to-Top](#configmap-helm-chart)
diff --git a/devops/gcp/configmap_opa/values.yaml b/devops/gcp/configmap_opa/values.yaml
deleted file mode 100644
index 8b36523d..00000000
--- a/devops/gcp/configmap_opa/values.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-data:
- bucketName: ""
- scopes: "https://www.googleapis.com/auth/devstorage.read_only"
- legalHost: "http://legal"
- entitlementsHost: "http://entitlements"
- dataPartitionId: ""
- dataPartitionIdList: []
-
-conf:
- configmap: "opa-config"
- envConfig: "opa-env-config"
- appName: "opa"
- minDelaySeconds: 6
- maxDelaySeconds: 12
- onPremEnabled: false
diff --git a/devops/gcp/deploy/Chart.yaml b/devops/gcp/deploy/Chart.yaml
index 24970e50..e48b4c0c 100644
--- a/devops/gcp/deploy/Chart.yaml
+++ b/devops/gcp/deploy/Chart.yaml
@@ -21,4 +21,4 @@ version: 0.1.0
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
-appVersion: "1.16.0"
+appVersion: "1.18.0"
diff --git a/devops/gcp/deploy/README.md b/devops/gcp/deploy/README.md
index 216981f2..2ac7a322 100644
--- a/devops/gcp/deploy/README.md
+++ b/devops/gcp/deploy/README.md
@@ -1,14 +1,14 @@
<!--- Deploy -->
-# Deploy helm chart
+# GC Policy service
## Introduction
-This chart bootstraps a deployment on a [Kubernetes](https://kubernetes.io) cluster using [Helm](https://helm.sh) package manager.
+This chart deploys policy service on a [Kubernetes](https://kubernetes.io) cluster using [Helm](https://helm.sh) package manager.
## Prerequisites
-The code was tested on **Kubernetes cluster** (v1.21.11) with **Istio** (1.12.6)
+The code was tested on **Kubernetes cluster** (v1.23.12) with **Istio** (1.15)
> It is possible to use other versions, but it hasn't been tested
@@ -21,7 +21,7 @@ The code works in Debian-based Linux (Debian 10 and Ubuntu 20.04) and Windows WS
Packages are only needed for installation from a local computer.
- **HELM** (version: v3.7.1 or higher) [helm](https://helm.sh/docs/intro/install/)
-- **Kubectl** (version: v1.21.0 or higher) [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl)
+- **Kubectl** (version: v1.23.12 or higher) [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl)
## Installation
@@ -31,33 +31,69 @@ First you need to set variables in **values.yaml** file using any code editor. S
| Name | Description | Type | Default |Required |
|------|-------------|------|---------|---------|
-**image** | your image name | string | - | yes
-**requestsCpu** | amount of requests CPU | string | 0.1 | yes
-**requestsMemory** | amount of requests memory| string | 128M | yes
-**limitsCpu** | CPU limit | string | 1 | yes
-**limitsMemory** | memory limit | string | 1G | yes
-**serviceAccountName** | name of your service account | string | - | yes
-**imagePullPolicy** | when to pull image | string | IfNotPresent | yes
+**data.logLevel** | logging level | string | INFO | yes
+**data.image** | policy image name | string | - | yes
+**data.requestsCpu** | amount of requests CPU | string | 50m | yes
+**data.requestsMemory** | amount of requests memory| string | 128M | yes
+**data.limitsCpu** | CPU limit | string | 1 | yes
+**data.limitsMemory** | memory limit | string | 1G | yes
+**data.serviceAccountName** | name of your service account | string | - | yes
+**data.imagePullPolicy** | when to pull image | string | IfNotPresent | yes
+**data.bucketName** | bucket name | string | - | yes
+**data.scopes** | scope of OPA | string | "https://www.googleapis.com/auth/devstorage.read_only" | yes
+**data.entitlementsHost** | Entitlements host | string | "http://entitlements" | yes
+**data.entitlementsBasePath** | Entitlements path | string | "/api/entitlements/v2/groups" | yes
+**data.useBundles** | use bundle or not | string | "yes" | yes
+**data.legalHost** | Legal host | string | "http://legal" | yes
+
+### On-prem variables
+
+| Name | Description | Type | Default |Required |
+|------|-------------|------|---------|---------|
+**conf.onPremEnabled** | whether on-prem is enabled | boolean | false | yes
+**data.minioHost** | minio host | string | http://minio:9000 | yes
+**conf.minioSecretName** | secret name for the app | string | "policy-minio-secret" | yes
### Config variables
| Name | Description | Type | Default |Required |
|------|-------------|------|---------|---------|
-**appName** | name of the app | string | policy | yes
-**configmap** | configmap to be used | string | policy-config | yes
-**domain** | your domain | string | - | yes
-**minioSecretName** | secret name for the app | string | "policy-minio-secret" | yes
-**bootstrapSecretName** | secret name for the bootstrap | string | "minio-bootstrap-secret" | yes
+**conf.appName** | name of the app | string | policy | yes
+**conf.configmap** | configmap to be used | string | policy-config | yes
+**conf.domain** | your domain | string | - | yes
+**conf.bootstrapSecretName** | secret name for the bootstrap | string | "minio-bootstrap-secret" | yes
+**data.dataPartitionId** | data partition id | string | - | yes
+**data.dataPartitionIdList** | list of secondary data partition ids in case of multipartition | string | - | no
+**conf.minDelaySeconds** | min delay for bundle download | num | 6 | yes
+**conf.maxDelaySeconds** | max delay for bundle download | num | 12 | yes
### Bootstrap variables
| Name | Description | Type | Default |Required |
|------|-------------|------|---------|---------|
-**dataPartitionId** | ID of data partition | string | - | yes
-**onPremEnabled** | whether on-prem is enabled | boolean | false | yes
-**bootstrapImage** | image for bootstrap deployment | string | - | yes
-**bootstrapServiceAccountName** | service account for bootstrap deployment | string | - | yes
+**data.bootstrapImage** | image for bootstrap deployment | string | - | yes
+**data.bootstrapServiceAccountName** | service account for bootstrap deployment | string | - | yes
+
+### OPA variables
+
+| Name | Description | Type | Default |Required |
+|------|-------------|------|---------|---------|
+**opa.conf.configmap** | configmap to be used | string | opa-config | yes
+**opa.conf.envConfig** | configmap with env vars | string | opa-env-config | yes
+**opa.conf.appName** | name of the app | string | opa | yes
+**opa.data.serviceAccountName** | name of your service account | string | opa-k8s | yes
+**opa.data.image** | image name | string | - | yes
+
+### ISTIO variables
+| Name | Description | Type | Default |Required |
+|------|-------------|------|---------|---------|
+**istio.proxyCPU** | CPU request for Envoy sidecars | string | 10m | yes
+**istio.proxyCPULimit** | CPU limit for Envoy sidecars | string | 500m | yes
+**istio.proxyMemory** | memory request for Envoy sidecars | string | 32Mi | yes
+**istio.proxyMemoryLimit** | memory limit for Envoy sidecars | string | 512Mi | yes
+**istio.bootstrapProxyCPU** | CPU request for Envoy sidecars | string | 10m | yes
+**istio.bootstrapProxyCPULimit** | CPU limit for Envoy sidecars | string | 100m | yes
### Install the helm chart
@@ -75,4 +111,4 @@ To uninstall the helm deployment:
helm uninstall gcp-policy-deploy
```
-[Move-to-Top](#deploy-helm-chart)
+[Move-to-Top](#gc-policy-service)
diff --git a/devops/gcp/configmap_opa/templates/opa-configmap.yaml b/devops/gcp/deploy/templates/opa-configmap.yaml
similarity index 95%
rename from devops/gcp/configmap_opa/templates/opa-configmap.yaml
rename to devops/gcp/deploy/templates/opa-configmap.yaml
index 872d7721..304893f4 100644
--- a/devops/gcp/configmap_opa/templates/opa-configmap.yaml
+++ b/devops/gcp/deploy/templates/opa-configmap.yaml
@@ -2,8 +2,8 @@ apiVersion: v1
kind: ConfigMap
metadata:
labels:
- app: "{{ .Values.conf.appName }}"
- name: "{{ .Values.conf.configmap }}"
+ app: "{{ .Values.opa.conf.appName }}"
+ name: "{{ .Values.opa.conf.configmap }}"
namespace: "{{ .Release.Namespace }}"
data:
{{- if not .Values.conf.onPremEnabled }}
@@ -56,4 +56,3 @@ data:
resource: 'bundle-{{ . }}.tar.gz'
{{- end }}
{{- end }}
-
diff --git a/devops/gcp/opa/templates/deployment.yaml b/devops/gcp/deploy/templates/opa-deployment.yaml
similarity index 76%
rename from devops/gcp/opa/templates/deployment.yaml
rename to devops/gcp/deploy/templates/opa-deployment.yaml
index 31cb34f7..04be2882 100644
--- a/devops/gcp/opa/templates/deployment.yaml
+++ b/devops/gcp/deploy/templates/opa-deployment.yaml
@@ -1,9 +1,9 @@
apiVersion: apps/v1
kind: Deployment
metadata:
- name: "{{ .Values.conf.appName }}"
+ name: "{{ .Values.opa.conf.appName }}"
labels:
- app: "{{ .Values.conf.appName }}"
+ app: "{{ .Values.opa.conf.appName }}"
namespace: "{{ .Release.Namespace }}"
spec:
replicas: 1
@@ -11,22 +11,22 @@ spec:
type: Recreate
selector:
matchLabels:
- app: "{{ .Values.conf.appName }}"
+ app: "{{ .Values.opa.conf.appName }}"
template:
metadata:
labels:
- app: "{{ .Values.conf.appName }}"
+ app: "{{ .Values.opa.conf.appName }}"
annotations:
rollme: {{ randAlphaNum 5 | quote }}
sidecar.istio.io/proxyCPU: {{ .Values.istio.proxyCPU | quote }}
sidecar.istio.io/proxyMemory: {{ .Values.istio.proxyMemory | quote }}
sidecar.istio.io/proxyCPULimit: {{ .Values.istio.proxyCPULimit | quote }}
sidecar.istio.io/proxyMemoryLimit: {{ .Values.istio.proxyMemoryLimit | quote }}
- name: "{{ .Values.conf.appName }}"
+ name: "{{ .Values.opa.conf.appName }}"
spec:
containers:
- - name: "{{ .Values.conf.appName }}"
- image: "{{ .Values.data.image }}"
+ - name: "{{ .Values.opa.conf.appName }}"
+ image: "{{ .Values.opa.data.image }}"
imagePullPolicy: "{{ .Values.data.imagePullPolicy }}"
ports:
- containerPort: 8181
@@ -44,10 +44,10 @@ spec:
memory: "{{ .Values.data.limitsMemory }}"
volumeMounts:
- mountPath: /config
- name: "{{ .Values.conf.configmap }}"
+ name: "{{ .Values.opa.conf.configmap }}"
envFrom:
- configMapRef:
- name: "{{ .Values.conf.envConfig }}"
+ name: "{{ .Values.opa.conf.envConfig }}"
{{- if .Values.conf.onPremEnabled }}
env:
- name: AWS_ACCESS_KEY_ID
@@ -67,7 +67,7 @@ spec:
key: AWS_REGION
{{- end }}
volumes:
- - name: "{{ .Values.conf.configmap }}"
+ - name: "{{ .Values.opa.conf.configmap }}"
configMap:
- name: "{{ .Values.conf.configmap }}"
- serviceAccountName: "{{ .Values.data.serviceAccountName }}"
+ name: "{{ .Values.opa.conf.configmap }}"
+ serviceAccountName: "{{ .Values.opa.data.serviceAccountName }}"
diff --git a/devops/gcp/configmap_opa/templates/opa-env-configmap.yaml b/devops/gcp/deploy/templates/opa-env-configmap.yaml
similarity index 71%
rename from devops/gcp/configmap_opa/templates/opa-env-configmap.yaml
rename to devops/gcp/deploy/templates/opa-env-configmap.yaml
index 50f54952..9e00acf4 100644
--- a/devops/gcp/configmap_opa/templates/opa-env-configmap.yaml
+++ b/devops/gcp/deploy/templates/opa-env-configmap.yaml
@@ -2,8 +2,8 @@ apiVersion: v1
kind: ConfigMap
metadata:
labels:
- app: "{{ .Values.conf.appName }}"
- name: "{{ .Values.conf.envConfig }}"
+ app: "{{ .Values.opa.conf.appName }}"
+ name: "{{ .Values.opa.conf.envConfig }}"
namespace: "{{ .Release.Namespace }}"
data:
LEGAL_BASE_URL: "{{ .Values.data.legalHost }}"
diff --git a/devops/gcp/opa/templates/service-account.yaml b/devops/gcp/deploy/templates/opa-service-account.yaml
similarity index 72%
rename from devops/gcp/opa/templates/service-account.yaml
rename to devops/gcp/deploy/templates/opa-service-account.yaml
index 25fd74ef..3a26b041 100644
--- a/devops/gcp/opa/templates/service-account.yaml
+++ b/devops/gcp/deploy/templates/opa-service-account.yaml
@@ -2,6 +2,6 @@
apiVersion: v1
kind: ServiceAccount
metadata:
- name: "{{ .Values.data.serviceAccountName }}"
+ name: "{{ .Values.opa.data.serviceAccountName }}"
namespace: "{{ .Release.Namespace }}"
{{- end }}
diff --git a/devops/gcp/opa/templates/service.yaml b/devops/gcp/deploy/templates/opa-service.yaml
similarity index 62%
rename from devops/gcp/opa/templates/service.yaml
rename to devops/gcp/deploy/templates/opa-service.yaml
index bcd7ce28..501bc80a 100644
--- a/devops/gcp/opa/templates/service.yaml
+++ b/devops/gcp/deploy/templates/opa-service.yaml
@@ -1,9 +1,9 @@
kind: Service
apiVersion: v1
metadata:
- name: "{{ .Values.conf.appName }}"
+ name: "{{ .Values.opa.conf.appName }}"
labels:
- app: "{{ .Values.conf.appName }}"
+ app: "{{ .Values.opa.conf.appName }}"
namespace: "{{ .Release.Namespace }}"
spec:
type: ClusterIP
@@ -13,4 +13,4 @@ spec:
targetPort: 8181
name: http
selector:
- app: "{{ .Values.conf.appName }}"
+ app: "{{ .Values.opa.conf.appName }}"
diff --git a/devops/gcp/opa/templates/virtual-service.yaml b/devops/gcp/deploy/templates/opa-virtual-service.yaml
similarity index 69%
rename from devops/gcp/opa/templates/virtual-service.yaml
rename to devops/gcp/deploy/templates/opa-virtual-service.yaml
index d8b0696f..cdbc4db1 100644
--- a/devops/gcp/opa/templates/virtual-service.yaml
+++ b/devops/gcp/deploy/templates/opa-virtual-service.yaml
@@ -1,12 +1,14 @@
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
- name: "{{ .Values.conf.appName }}"
+ name: "{{ .Values.opa.conf.appName }}"
namespace: "{{ .Release.Namespace }}"
spec:
hosts:
- {{- if .Values.conf.domain }}
+ {{- if and .Values.conf.domain .Values.conf.onPremEnabled }}
- {{ printf "osdu.%s" .Values.conf.domain | quote }}
+ {{- else if .Values.conf.domain }}
+ - {{ .Values.conf.domain | quote }}
{{- else }}
- "*"
{{- end }}
@@ -28,6 +30,6 @@ spec:
prefix: "/v1/status"
route:
- destination:
- host: "{{ .Values.conf.appName }}.{{ .Release.Namespace }}.svc.cluster.local"
+ host: "{{ .Values.opa.conf.appName }}.{{ .Release.Namespace }}.svc.cluster.local"
port:
number: 80
diff --git a/devops/gcp/configmap/templates/policy-configmap-bootstrap.yaml b/devops/gcp/deploy/templates/policy-configmap-bootstrap.yaml
similarity index 100%
rename from devops/gcp/configmap/templates/policy-configmap-bootstrap.yaml
rename to devops/gcp/deploy/templates/policy-configmap-bootstrap.yaml
diff --git a/devops/gcp/configmap/templates/policy-configmap.yaml b/devops/gcp/deploy/templates/policy-configmap.yaml
similarity index 90%
rename from devops/gcp/configmap/templates/policy-configmap.yaml
rename to devops/gcp/deploy/templates/policy-configmap.yaml
index d5dae9b5..c25fc197 100644
--- a/devops/gcp/configmap/templates/policy-configmap.yaml
+++ b/devops/gcp/deploy/templates/policy-configmap.yaml
@@ -7,7 +7,7 @@ metadata:
namespace: "{{ .Release.Namespace }}"
data:
LOG_LEVEL: "{{ .Values.data.logLevel }}"
- OPA_URL: "{{ .Values.data.opaHost }}"
+ OPA_URL: {{ printf "http://%s" .Values.opa.conf.appName | quote }}
ENTITLEMENTS_BASE_URL: "{{ .Values.data.entitlementsHost }}"
ENTITLEMENTS_BASE_PATH: "{{ .Values.data.entitlementsBasePath }}"
LEGAL_BASE_URL: "{{ .Values.data.legalHost }}"
diff --git a/devops/gcp/deploy/templates/deployment-bootstrap.yaml b/devops/gcp/deploy/templates/policy-deployment-bootstrap.yaml
similarity index 100%
rename from devops/gcp/deploy/templates/deployment-bootstrap.yaml
rename to devops/gcp/deploy/templates/policy-deployment-bootstrap.yaml
diff --git a/devops/gcp/deploy/templates/deployment.yaml b/devops/gcp/deploy/templates/policy-deployment.yaml
similarity index 100%
rename from devops/gcp/deploy/templates/deployment.yaml
rename to devops/gcp/deploy/templates/policy-deployment.yaml
diff --git a/devops/gcp/deploy/templates/service-account.yaml b/devops/gcp/deploy/templates/policy-service-account.yaml
similarity index 100%
rename from devops/gcp/deploy/templates/service-account.yaml
rename to devops/gcp/deploy/templates/policy-service-account.yaml
diff --git a/devops/gcp/deploy/templates/service.yaml b/devops/gcp/deploy/templates/policy-service.yaml
similarity index 100%
rename from devops/gcp/deploy/templates/service.yaml
rename to devops/gcp/deploy/templates/policy-service.yaml
diff --git a/devops/gcp/deploy/templates/virtual-service.yaml b/devops/gcp/deploy/templates/policy-virtual-service.yaml
similarity index 100%
rename from devops/gcp/deploy/templates/virtual-service.yaml
rename to devops/gcp/deploy/templates/policy-virtual-service.yaml
diff --git a/devops/gcp/deploy/values.yaml b/devops/gcp/deploy/values.yaml
index c4b4416c..350e321c 100644
--- a/devops/gcp/deploy/values.yaml
+++ b/devops/gcp/deploy/values.yaml
@@ -1,5 +1,7 @@
+# Common values for all deployments
data:
- requestsCpu: "0.1"
+ # Deployment resources
+ requestsCpu: "50m"
requestsMemory: "128M"
limitsCpu: "1"
limitsMemory: "1G"
@@ -8,19 +10,42 @@ data:
image: ""
bootstrapImage: ""
bootstrapServiceAccountName: ""
+ # ConfigMap resources
+ logLevel: "ERROR"
+ entitlementsHost: "http://entitlements"
+ entitlementsBasePath: "/api/entitlements/v2/groups"
+ legalHost: "http://legal"
+ bucketName: ""
+ useBundles: "yes"
+ dataPartitionId: ""
+ dataPartitionIdList: []
+ scopes: "https://www.googleapis.com/auth/devstorage.read_only"
+ # on-prem only
+ minioHost: "http://minio:9000"
conf:
- configmap: "policy-config"
appName: "policy"
+ configmap: "policy-config"
domain: ""
minioSecretName: "policy-minio-secret"
bootstrapSecretName: "minio-bootstrap-secret"
onPremEnabled: false
+ minDelaySeconds: 6
+ maxDelaySeconds: 12
+
+opa:
+ data:
+ image: "openpolicyagent/opa:0.46.0-rootless"
+ serviceAccountName: "opa"
+ conf:
+ configmap: "opa-config"
+ envConfig: "opa-env-config"
+ appName: "opa"
istio:
- proxyCPU: "50m"
+ proxyCPU: "10m"
proxyCPULimit: "500m"
- proxyMemory: "64Mi"
+ proxyMemory: "32Mi"
proxyMemoryLimit: "512Mi"
bootstrapProxyCPU: "10m"
bootstrapProxyCPULimit: "100m"
diff --git a/devops/gcp/opa/Chart.yaml b/devops/gcp/opa/Chart.yaml
deleted file mode 100644
index 4c24a54b..00000000
--- a/devops/gcp/opa/Chart.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-name: gcp-opa-deploy
-description: A Helm chart for Kubernetes
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: 1.0.0
-
diff --git a/devops/gcp/opa/README.md b/devops/gcp/opa/README.md
deleted file mode 100644
index f2dde83b..00000000
--- a/devops/gcp/opa/README.md
+++ /dev/null
@@ -1,69 +0,0 @@
-<!--- Deploy -->
-
-# Deploy helm chart
-
-## Introduction
-
-This chart bootstraps a deployment on a [Kubernetes](https://kubernetes.io) cluster using [Helm](https://helm.sh) package manager.
-
-## Prerequisites
-
-The code was tested on **Kubernetes cluster** (v1.21.11) with **Istio** (1.12.6)
-
-> It is possible to use other versions, but it hasn't been tested
-
-### Operation system
-
-The code works in Debian-based Linux (Debian 10 and Ubuntu 20.04) and Windows WSL 2. Also, it works but is not guaranteed in Google Cloud Shell. All other operating systems, including macOS, are not verified and supported.
-
-### Packages
-
-Packages are only needed for installation from a local computer.
-
-- **HELM** (version: v3.7.1 or higher) [helm](https://helm.sh/docs/intro/install/)
-- **Kubectl** (version: v1.21.0 or higher) [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl)
-
-## Installation
-
-First you need to set variables in **values.yaml** file using any code editor. Some of the values are prefilled, but you need to specify some values as well. You can find more information about them below.
-
-### Common variables
-
-| Name | Description | Type | Default |Required |
-|------|-------------|------|---------|---------|
-**image** | your image name | string | - | yes
-**requestsCpu** | amount of requests CPU | string | 0.1 | yes
-**requestsMemory** | amount of requests memory| string | 128M | yes
-**limitsCpu** | CPU limit | string | 1 | yes
-**limitsMemory** | memory limit | string | 1G | yes
-**serviceAccountName** | name of your service account | string | opa-k8s | yes
-**imagePullPolicy** | when to pull image | string | IfNotPresent | yes
-
-### Config variables
-
-| Name | Description | Type | Default |Required |
-|------|-------------|------|---------|---------|
-**appName** | name of the app | string | opa | yes
-**configmap** | configmap to be used | string | opa-config | yes
-**domain** | your domain | string | - | yes
-**onPremEnabled** | whether on-prem is enabled | boolean | false | yes
-**envConfig** | configmap for opa deploy | string | opa-env-config | yes
-**minioSecretName** | secret for opa deploy | string | policy-minio-secret | yes
-
-### Install the helm chart
-
-Run this command from within this directory:
-
-```console
-helm install gcp-opa-deploy .
-```
-
-## Uninstalling the Chart
-
-To uninstall the helm deployment:
-
-```console
-helm uninstall gcp-opa-deploy
-```
-
-[Move-to-Top](#deploy-helm-chart)
diff --git a/devops/gcp/opa/values.yaml b/devops/gcp/opa/values.yaml
deleted file mode 100644
index e17bf794..00000000
--- a/devops/gcp/opa/values.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
-# Default values for policy.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-data:
- requestsCpu: "0.1"
- requestsMemory: "128M"
- limitsCpu: "1"
- limitsMemory: "1G"
- image: "openpolicyagent/opa:0.46.0-rootless"
- imagePullPolicy: "IfNotPresent"
- serviceAccountName: "opa"
-
-conf:
- appName: "opa"
- configmap: "opa-config"
- envConfig: "opa-env-config"
- domain: ""
- minioSecretName: "policy-minio-secret"
- onPremEnabled: false
-
-istio:
- proxyCPU: "50m"
- proxyCPULimit: "500m"
- proxyMemory: "64Mi"
- proxyMemoryLimit: "512Mi"
diff --git a/devops/gcp/pipeline/override-stages.yml b/devops/gcp/pipeline/override-stages.yml
index 5c961ad5..6ae93404 100644
--- a/devops/gcp/pipeline/override-stages.yml
+++ b/devops/gcp/pipeline/override-stages.yml
@@ -4,79 +4,11 @@ variables:
OSDU_GCP_SERVICE: policy
OSDU_GCP_VENDOR: gcp
OSDU_GCP_ENABLE_BOOTSTRAP: "true"
- OSDU_GCP_OPA_CONFIG_SERVICE: opa-config
- OSDU_GCP_OPA_SERVICE: opa
- OSDU_GCP_HELM_OPA_DIR: "devops/gcp/opa"
- OSDU_GCP_HELM_OPA_CONFIG_DIR: "devops/gcp/configmap_opa"
OSDU_GCP_INT_TEST_TYPE: python
OSDU_GCP_PYTHON_INT_TEST_SUBDIR: "app/tests/gcp"
OSDU_ANTHOS_PYTHON_INT_TEST_SUBDIR: "app/tests/anthos"
-
-osdu-gcp-helm-charts-master:
- script:
- - helm cm-push $OSDU_GCP_HELM_CONFIG_DIR ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/helm/stable --username gitlab-ci-token --password $CI_JOB_TOKEN
- - helm cm-push $OSDU_GCP_HELM_DEPLOYMENT_DIR ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/helm/stable --username gitlab-ci-token --password $CI_JOB_TOKEN
- - helm cm-push $OSDU_GCP_HELM_OPA_DIR ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/helm/stable --username gitlab-ci-token --password $CI_JOB_TOKEN
- - helm cm-push $OSDU_GCP_HELM_OPA_CONFIG_DIR ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/helm/stable --username gitlab-ci-token --password $CI_JOB_TOKEN
-
-osdu-gcp-helm-charts-release:
- script:
- - !reference [.define_version, script]
- - helm cm-push $OSDU_GCP_HELM_CONFIG_DIR ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/helm/stable --version $VERSION --username gitlab-ci-token --password $CI_JOB_TOKEN
- - helm cm-push $OSDU_GCP_HELM_DEPLOYMENT_DIR ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/helm/stable --version $VERSION --username gitlab-ci-token --password $CI_JOB_TOKEN
- - helm cm-push $OSDU_GCP_HELM_OPA_DIR ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/helm/stable --version $VERSION --username gitlab-ci-token --password $CI_JOB_TOKEN
- - helm cm-push $OSDU_GCP_HELM_OPA_CONFIG_DIR ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/helm/stable --version $VERSION --username gitlab-ci-token --password $CI_JOB_TOKEN
-
-osdu-gcp-deploy-configmap-opa:
- tags: ["osdu-small"]
- extends: .osdu-gcp-variables
- image: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine
- stage: deploy
- needs: ["osdu-gcp-containerize-gitlab"]
- script:
- - gcloud auth activate-service-account --key-file $OSDU_GCP_DEPLOY_FILE
- - !reference [.common_config, script]
- - helm upgrade $OSDU_GCP_OPA_CONFIG_SERVICE $OSDU_GCP_HELM_OPA_CONFIG_DIR
- --install
- --create-namespace
- --namespace=$OSDU_GCP_HELM_NAMESPACE
- --wait
- --history-max=3
- --set data.bucketName=$OSDU_GCP_POLICY_BUCKET
- --set data.dataPartitionId=$DATA_PARTITION_ID
- rules:
- - if: '$OSDU_GCP == "1" && $CI_COMMIT_BRANCH =~ /^release/'
- when: never
- - if: '$OSDU_GCP == "1" && $CI_COMMIT_TAG'
- when: never
- - if: '$OSDU_GCP == "1"'
- when: on_success
-
-osdu-gcp-deploy-opa:
- tags: ["osdu-small"]
- image: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine
- stage: deploy
- cache: {}
- extends: .osdu-gcp-variables
- needs: ["osdu-gcp-deploy-configmap-opa"]
- script:
- - gcloud auth activate-service-account --key-file $OSDU_GCP_DEPLOY_FILE
- - !reference [.common_config, script]
- - helm upgrade $OSDU_GCP_OPA_SERVICE $OSDU_GCP_HELM_OPA_DIR
- --install
- --create-namespace
- --namespace=$OSDU_GCP_HELM_NAMESPACE
- --wait
- --history-max=3
- --set data.serviceAccountName=$OSDU_GCP_OPA_SERVICE-k8s
- - !reference [.verify_deploy, script]
- rules:
- - if: '$OSDU_GCP == "1" && $CI_COMMIT_BRANCH =~ /^release/'
- when: never
- - if: '$OSDU_GCP == "1" && $CI_COMMIT_TAG'
- when: never
- - if: '$OSDU_GCP == "1"'
- when: on_success
+ # FIXME remove when all services are migrated to a single helm
+ OSDU_GCP_ENABLE_HELM_CONFIG: "false"
osdu-gcp-test-python:
image: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine
@@ -88,53 +20,6 @@ osdu-gcp-test-python:
LEGAL_BASE_URL: $HOST
PARTITION_BASE_URL: $HOST
-osdu-gcp-dev2-deploy-configmap-opa:
- tags: ["osdu-small"]
- extends: .osdu-gcp-dev2-variables
- image: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine
- stage: deploy
- needs: ["osdu-gcp-containerize-gitlab"]
- script:
- - gcloud auth activate-service-account --key-file $OSDU_GCP_DEV2_DEPLOY_FILE
- - !reference [.common_config, script]
- - helm upgrade $OSDU_GCP_OPA_CONFIG_SERVICE $OSDU_GCP_HELM_OPA_CONFIG_DIR
- --install
- --create-namespace
- --namespace=$OSDU_GCP_HELM_NAMESPACE
- --wait
- --history-max=3
- --set data.bucketName=$OSDU_GCP_POLICY_BUCKET
- --set data.dataPartitionId=$DATA_PARTITION_ID
- rules:
- - if: '$OSDU_GCP == "1" && $CI_COMMIT_BRANCH =~ /^release/'
- when: on_success
- - if: '$OSDU_GCP == "1" && $CI_COMMIT_TAG'
- when: on_success
-
-osdu-gcp-dev2-deploy-opa:
- tags: ["osdu-small"]
- image: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine
- stage: deploy
- cache: {}
- extends: .osdu-gcp-dev2-variables
- needs: ["osdu-gcp-dev2-deploy-configmap-opa"]
- script:
- - gcloud auth activate-service-account --key-file $OSDU_GCP_DEV2_DEPLOY_FILE
- - !reference [.common_config, script]
- - helm upgrade $OSDU_GCP_OPA_SERVICE $OSDU_GCP_HELM_OPA_DIR
- --install
- --create-namespace
- --namespace=$OSDU_GCP_HELM_NAMESPACE
- --wait
- --history-max=3
- --set data.serviceAccountName=$OSDU_GCP_OPA_SERVICE-k8s
- - !reference [.verify_deploy, script]
- rules:
- - if: '$OSDU_GCP == "1" && $CI_COMMIT_BRANCH =~ /^release/'
- when: on_success
- - if: '$OSDU_GCP == "1" && $CI_COMMIT_TAG'
- when: on_success
-
osdu-gcp-dev2-test-python:
image: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine
variables:
@@ -145,58 +30,6 @@ osdu-gcp-dev2-test-python:
LEGAL_BASE_URL: $HOST
PARTITION_BASE_URL: $HOST
-osdu-gcp-anthos-deploy-configmap-opa:
- tags: ["osdu-small"]
- extends: .osdu-gcp-anthos-variables
- image: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine
- stage: deploy
- needs: ["osdu-gcp-containerize-gitlab"]
- script:
- - gcloud auth activate-service-account --key-file $OSDU_GCP_ANTHOS_DEPLOY_FILE
- - !reference [.common_config, script]
- - helm upgrade $OSDU_GCP_OPA_CONFIG_SERVICE $OSDU_GCP_HELM_OPA_CONFIG_DIR
- --install
- --create-namespace
- --namespace=$OSDU_GCP_HELM_NAMESPACE
- --wait
- --history-max=3
- --set data.bucketName=$OSDU_GCP_POLICY_BUCKET
- --set data.dataPartitionId=$DATA_PARTITION_ID
- --set conf.onPremEnabled=true
- rules:
- - if: '$OSDU_GCP == "1" && $CI_COMMIT_BRANCH =~ /^release/'
- when: never
- - if: '$OSDU_GCP == "1" && $CI_COMMIT_TAG'
- when: never
- - if: '$OSDU_GCP == "1"'
- when: on_success
-
-osdu-gcp-anthos-deploy-opa:
- tags: ["osdu-small"]
- image: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine
- stage: deploy
- cache: {}
- extends: .osdu-gcp-anthos-variables
- needs: ["osdu-gcp-anthos-deploy-configmap-opa"]
- script:
- - gcloud auth activate-service-account --key-file $OSDU_GCP_ANTHOS_DEPLOY_FILE
- - !reference [.common_config, script]
- - helm upgrade $OSDU_GCP_OPA_SERVICE $OSDU_GCP_HELM_OPA_DIR
- --install
- --create-namespace
- --namespace=$OSDU_GCP_HELM_NAMESPACE
- --wait
- --history-max=3
- --set conf.onPremEnabled=true
- - !reference [.verify_deploy, script]
- rules:
- - if: '$OSDU_GCP == "1" && $CI_COMMIT_BRANCH =~ /^release/'
- when: never
- - if: '$OSDU_GCP == "1" && $CI_COMMIT_TAG'
- when: never
- - if: '$OSDU_GCP == "1"'
- when: on_success
-
osdu-gcp-anthos-test-python:
image: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine
variables:
@@ -209,53 +42,3 @@ osdu-gcp-anthos-test-python:
MINIO_ENDPOINT: $TEST_MINIO_URL
MINIO_ACCESS_KEY: $TEST_MINIO_ACCESS_KEY
MINIO_SECRET_KEY: $OSDU_GCP_TEST_MINIO_SECRET_KEY
-
-osdu-gcp-preship-deploy-configmap-opa:
- extends: .osdu-gcp-preship-variables
- tags: ["osdu-small"]
- image: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine
- stage: deploy_preship
- needs:
- - osdu-gcp-preship-deploy-configmap
- - osdu-gcp-preship-deploy-deployment
- script:
- - gcloud auth activate-service-account --key-file $OSDU_GCP_PRESHIP_DEPLOY_FILE
- - !reference [.common_config, script]
- - !reference [.define_version, script]
- - helm upgrade $OSDU_GCP_OPA_CONFIG_SERVICE $OSDU_GCP_HELM_OPA_CONFIG_DIR
- --install
- --create-namespace
- --namespace=$OSDU_GCP_HELM_NAMESPACE
- --wait
- --history-max=3
- --set data.bucketName=$OSDU_GCP_POLICY_BUCKET
- --set data.dataPartitionId=$DATA_PARTITION_ID
- rules:
- - if: '$OSDU_GCP == "1" && $CI_COMMIT_TAG'
- when: on_success
-
-osdu-gcp-preship-deploy-deployment-opa:
- extends: .osdu-gcp-preship-variables
- tags: ["osdu-small"]
- image: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine
- stage: deploy_preship
- needs:
- - osdu-gcp-preship-deploy-configmap
- - osdu-gcp-preship-deploy-configmap-opa
- script:
- - gcloud auth activate-service-account --key-file $OSDU_GCP_PRESHIP_DEPLOY_FILE
- - !reference [.common_config, script]
- - !reference [.define_version, script]
- - helm repo add $OSDU_GCP_SERVICE ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/helm/stable
- - helm upgrade $OSDU_GCP_OPA_SERVICE $OSDU_GCP_HELM_OPA_DIR
- --install
- --create-namespace
- --namespace=$OSDU_GCP_HELM_NAMESPACE
- --wait
- --history-max=3
- --set data.serviceAccountName=$OSDU_GCP_OPA_SERVICE-k8s
- - !reference [.verify_deploy, script]
- - !reference [.verify_bootstrap, script]
- rules:
- - if: '$OSDU_GCP == "1" && $CI_COMMIT_TAG'
- when: on_success
--
GitLab