Merge remote-tracking branch 'origin/master' into master-dev-merge

.gitlab-ci.yml

@@ -19,6 +19,9 @@ variables:
   IBM_HELM_CONFIG_PATH: devops/ibm/ibm-notification-config
   IBM_HELM_DEPLOY_PATH: devops/ibm/ibm-notification-deploy
 
+  # FIXME remove when all services are migrated to a single helm
+  OSDU_GCP_ENABLE_HELM_CONFIG: "false"
+
 include:
   - project: "osdu/platform/ci-cd-pipelines"
     file: "standard-setup.yml"

devops/gcp/configmap/Chart.yaml

-apiVersion: v2
-name: gcp-notification-configmap
-description: A Helm chart for Kubernetes
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
-appVersion: "1.16.0"

devops/gcp/configmap/README.md

-<!--- Configmap -->
-
-# Configmap helm chart
-
-## Introduction
-
-This chart bootstraps a configmap deployment on a [Kubernetes](https://kubernetes.io) cluster using [Helm](https://helm.sh) package manager.
-
-## Prerequisites
-
-The code was tested on **Kubernetes cluster** (v1.21.11) with **Istio** (1.12.6)
-> It is possible to use other versions, but it hasn't been tested
-
-### Operation system
-
-The code works in Debian-based Linux (Debian 10 and Ubuntu 20.04) and Windows WSL 2. Also, it works but is not guaranteed in Google Cloud Shell. All other operating systems, including macOS, are not verified and supported.
-
-### Packages
-
-Packages are only needed for installation from a local computer.
-
-- **HELM** (version: v3.7.1 or higher) [helm](https://helm.sh/docs/intro/install/)
-- **Kubectl** (version: v1.21.0 or higher) [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl)
-## Installation
-This Helm chart should be installed before [deploy Helm Chart](../deploy)
-First you need to set variables in **values.yaml** file using any code editor. Some of the values are prefilled, but you need to specify some values as well. You can find more information about them below.
-
-### Common variables
-
-| Name | Description | Type | Default |Required |
-|------|-------------|------|---------|---------|
-**logLevel** | logging level | string | INFO | yes
-**springProfilesActive** | active spring profile | string | gcp | yes
-
-### Google Cloud variables
-
-| Name | Description | Type | Default |Required |
-|------|-------------|------|---------|---------|
-**entitlementsHost** | entitlements service host address | string | `http://entitlements` | yes
-**registerHost** | register service host address | string | `http://register` | yes
-**partitionHost** | partition service host address | string | `http://partition` | yes
-**googleAudiences** | your Google Cloud client ID | string | - | yes
-
-> googleAudiences: If you are connected to Google Cloud console with `gcloud auth application-default login --no-browser` from your terminal, you can get your client_id using the command:
-
-```console
-cat ~/.config/gcloud/application_default_credentials.json | grep client_id
-```
-
-### Config variables
-
-| Name | Description | Type | Default |Required |
-|------|-------------|------|---------|---------|
-**configmap** | configmap name | string | notification-config | yes
-**appName** | name of the app | string | notification | yes
-**onPremEnabled** | whether on-prem is enabled | boolean | false | yes
-
-### Install the helm chart
-
-Run this command from within this directory:
-
-```bash
-helm install gcp-notification-configmap .
-```
-
-## Uninstalling the Chart
-
-To uninstall the helm deployment:
-
-```bash
-helm uninstall gcp-notification-configmap
-```
-
-[Move-to-Top](#configmap-helm-chart)

devops/gcp/configmap/templates/configmap.yaml

-apiVersion: v1
-kind: ConfigMap
-metadata:
-  labels:
-    app: "{{ .Values.conf.appName }}"
-  name: "{{ .Values.conf.configmap }}"
-  namespace: "{{ .Release.Namespace }}"
-data:
-  LOG_LEVEL: "{{ .Values.data.logLevel }}"
-  SPRING_PROFILES_ACTIVE: "{{ .Values.data.springProfilesActive }}"
-  ENTITLEMENTS_HOST: "{{ .Values.data.entitlementsHost }}"
-  REGISTER_HOST: "{{ .Values.data.registerHost }}"
-  PARTITION_HOST: "{{ .Values.data.partitionHost }}"
-  {{- if not .Values.conf.onPremEnabled }}
-  GOOGLE_AUDIENCES: "{{ .Values.data.googleAudiences }}"
-  {{- end }}

devops/gcp/configmap/values.yaml

-data:
-  # common
-  logLevel: "ERROR"
-  springProfilesActive: "gcp"
-  entitlementsHost: "http://entitlements"
-  registerHost: "http://register"
-  partitionHost: "http://partition"
-  # gcp
-  googleAudiences: ""
-conf:
-  configmap: "notification-config"
-  appName: "notification"
-  onPremEnabled: false

devops/gcp/deploy/README.md

@@ -27,29 +27,39 @@ Packages are only needed for installation from a local computer.
 Before installing deploy Helm chart you need to install [configmap Helm chart](../configmap).
 First you need to set variables in **values.yaml** file using any code editor. Some of the values are prefilled, but you need to specify some values as well. You can find more information about them below.
 
-### Common variables
+### Configmap variables
 
 | Name | Description | Type | Default |Required |
 |------|-------------|------|---------|---------|
-**image** | your image name | string | - | yes
-**requestsCpu** | amount of requested CPU | string | 0.1 | yes
-**requestsMemory** | amount of requested memory| string | 256M | yes
-**limitsCpu** | CPU limit | string | 1 | yes
-**limitsMemory** | memory limit | string | 1G | yes
-**serviceAccountName** | name of your service account | string | notification | yes
-**imagePullPolicy** | when to pull image | string | IfNotPresent | yes
+**logLevel** | logging level | string | INFO | yes
+**springProfilesActive** | active spring profile | string | gcp | yes
+**entitlementsHost** | entitlements service host address | string | `http://entitlements` | yes
+**registerHost** | register service host address | string | `http://register` | yes
+**partitionHost** | partition service host address | string | `http://partition` | yes
+**googleAudiences** | Client ID of Google Cloud Credentials, ex `123-abc123.apps.googleusercontent.com` | string | - | yes
+
+### Deployment variables
+
+| Name | Description | Type | Default |Required |
+|------|-------------|------|---------|---------|
+**requestsCpu** | amount of requested CPU | string | `0.1` | yes
+**requestsMemory** | amount of requested memory| string | `256M` | yes
+**limitsCpu** | CPU limit | string | `1` | yes
+**limitsMemory** | memory limit | string | `1.5G` | yes
+**serviceAccountName** | name of your service account | string | `notification` | yes
+**imagePullPolicy** | when to pull image | string | `IfNotPresent` | yes
 **image** | service image | string | - | yes
 
 ### Config variables
 
 | Name | Description | Type | Default |Required |
 |------|-------------|------|---------|---------|
-**domain** | your domain | string | - | yes
-**appName** | name of the app | string | `notification` | yes
+**appName** | Service name | string | `notification` | yes
 **configmap** | configmap to be used | string | `notification-config` | yes
-**onPremEnabled** | whether on-prem is enabled | boolean | false | yes
 **rabbitmqSecretName** | secret for rabbitmq | string | `rabbitmq-secret` | yes
-**openidSecretName** | secret for openid client | string | `notification-keycloak-secret` | yes
+**openidSecretName** | secret for openid | string | `notification-keycloak-secret` | yes
+**onPremEnabled** | whether on-prem is enabled | boolean | false | yes
+**domain** | your domain, ex `example.com` | string | - | yes
 
 ### Install the helm chart
 
@@ -67,4 +77,6 @@ To uninstall the helm deployment:
 helm uninstall gcp-notification-deploy
 ```
 
+> Do not forget to delete all k8s secrets and PVCs accociated with the Service.
+
 [Move-to-Top](#deploy-helm-chart)

devops/gcp/deploy/templates/configmap.yaml

+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    app: {{ .Values.conf.appName | quote}}
+  name: {{ .Values.conf.configmap  | quote}}
+  namespace: {{ .Release.Namespace  | quote}}
+data:
+  LOG_LEVEL: {{ .Values.data.logLevel  | quote}}
+  SPRING_PROFILES_ACTIVE: {{ .Values.data.springProfilesActive  | quote}}
+  ENTITLEMENTS_HOST: {{ .Values.data.entitlementsHost  | quote}}
+  REGISTER_HOST: {{ .Values.data.registerHost  | quote}}
+  PARTITION_HOST: {{ .Values.data.partitionHost  | quote}}
+  {{- if not .Values.conf.onPremEnabled }}
+  GOOGLE_AUDIENCES: {{ .Values.data.googleAudiences  | quote}}
+  {{- end }}

devops/gcp/deploy/templates/deployment.yaml

@@ -2,33 +2,37 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   labels:
-    app: "{{ .Values.conf.appName }}"
-  name: "{{ .Values.conf.appName }}"
-  namespace: "{{ .Release.Namespace }}"
+    app: {{ .Values.conf.appName  | quote}}
+  name: {{ .Values.conf.appName  | quote}}
+  namespace: {{ .Release.Namespace  | quote}}
 spec:
   selector:
     matchLabels:
-      app: "{{ .Values.conf.appName }}"
+      app: {{ .Values.conf.appName  | quote}}
   replicas: 1
   template:
     metadata:
       labels:
-        app: "{{ .Values.conf.appName }}"
+        app: {{ .Values.conf.appName  | quote}}
       annotations:
         rollme: {{ randAlphaNum 5 | quote }}
+        sidecar.istio.io/proxyCPU: {{ .Values.istio.proxyCPU | quote }}
+        sidecar.istio.io/proxyMemory: {{ .Values.istio.proxyMemory | quote }}
+        sidecar.istio.io/proxyCPULimit: {{ .Values.istio.proxyCPULimit | quote }}
+        sidecar.istio.io/proxyMemoryLimit: {{ .Values.istio.proxyMemoryLimit | quote }}
     spec:
       containers:
-        - name: "{{ .Values.conf.appName }}"
-          image: "{{ .Values.data.image }}"
-          imagePullPolicy: "{{ .Values.data.imagePullPolicy }}"
+        - name: {{ .Values.conf.appName  | quote}}
+          image: {{ .Values.data.image  | quote}}
+          imagePullPolicy: {{ .Values.data.imagePullPolicy  | quote}}
           envFrom:
           - configMapRef:
-              name: "{{ .Values.conf.configmap }}"
+              name: {{ .Values.conf.configmap  | quote}}
           {{- if .Values.conf.onPremEnabled }}
           - secretRef:
-              name: "{{ .Values.conf.rabbitmqSecretName }}"
+              name: {{ .Values.conf.rabbitmqSecretName  | quote}}
           - secretRef:
-              name: "{{ .Values.conf.openidSecretName }}"
+              name: {{ .Values.conf.openidSecretName  | quote}}
           {{- end }}
           securityContext:
             allowPrivilegeEscalation: false
@@ -37,9 +41,9 @@ spec:
             - containerPort: 8080
           resources:
             requests:
-              cpu: "{{ .Values.data.requestsCpu }}"
-              memory: "{{ .Values.data.requestsMemory }}"
+              cpu: {{ .Values.data.requestsCpu  | quote}}
+              memory: {{ .Values.data.requestsMemory  | quote}}
             limits:
-              cpu: "{{ .Values.data.limitsCpu }}"
-              memory: "{{ .Values.data.limitsMemory }}"
-      serviceAccountName: "{{ .Values.data.serviceAccountName }}"
+              cpu: {{ .Values.data.limitsCpu  | quote}}
+              memory: {{ .Values.data.limitsMemory  | quote}}
+      serviceAccountName: {{ .Values.data.serviceAccountName  | quote}}

devops/gcp/deploy/templates/service-account.yaml

@@ -2,6 +2,6 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: "{{ .Values.data.serviceAccountName }}"
-  namespace: "{{ .Release.Namespace }}"
+  name: {{ .Values.data.serviceAccountName  | quote}}
+  namespace: {{ .Release.Namespace  | quote}}
 {{- end }}

devops/gcp/deploy/templates/service.yaml

 apiVersion: v1
 kind: Service
 metadata:
-  name: "{{ .Values.conf.appName }}"
+  name: {{ .Values.conf.appName  | quote}}
   annotations:
   {{- if not .Values.conf.onPremEnabled }}
     cloud.google.com/neg: '{"ingress": true}'
   {{- end }}
-  namespace: "{{ .Release.Namespace }}"
+  namespace: {{ .Release.Namespace  | quote}}
   labels:
-    app: "{{ .Values.conf.appName }}"
-    service: "{{ .Values.conf.appName }}"
+    app: {{ .Values.conf.appName  | quote}}
 spec:
   ports:
     - protocol: TCP
@@ -17,4 +16,4 @@ spec:
       targetPort: 8080
       name: http
   selector:
-    app: "{{ .Values.conf.appName }}"
+    app: {{ .Values.conf.appName  | quote}}

devops/gcp/deploy/templates/virtual-service.yaml

 apiVersion: networking.istio.io/v1alpha3
 kind: VirtualService
 metadata:
-  name: "{{ .Values.conf.appName }}"
-  namespace: "{{ .Release.Namespace }}"
+  name: {{ .Values.conf.appName  | quote}}
+  namespace: {{ .Release.Namespace  | quote}}
 spec:
   hosts:
     {{- if and .Values.conf.domain .Values.conf.onPremEnabled }}
@@ -22,4 +22,4 @@ spec:
         - destination:
             port:
               number: 80
-            host: "{{ .Values.conf.appName }}.{{ .Release.Namespace }}.svc.cluster.local"
+            host: {{printf "%s.%s.svc.cluster.local" .Values.conf.appName .Release.Namespace | quote}}

devops/gcp/deploy/values.yaml

 data:
+  #Configmaps
+  logLevel: "ERROR"
+  springProfilesActive: "gcp"
+  entitlementsHost: "http://entitlements"
+  registerHost: "http://register"
+  partitionHost: "http://partition"
+  googleAudiences: ""
+  #Deployments
   requestsCpu: "0.1"
   requestsMemory: "256M"
   limitsCpu: "1"
@@ -14,3 +22,9 @@ conf:
   openidSecretName: "notification-keycloak-secret"
   onPremEnabled: false
   domain: ""
+
+istio:
+  proxyCPU: "50m"
+  proxyCPULimit: "500m"
+  proxyMemory: "64Mi"
+  proxyMemoryLimit: "512Mi"