diff --git a/devops/core-plus/bootstrap/Dockerfile b/devops/core-plus/bootstrap/Dockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..04260282021984229d6f9fe2097915d00f0afb82
--- /dev/null
+++ b/devops/core-plus/bootstrap/Dockerfile
@@ -0,0 +1,14 @@
+FROM alpine
+WORKDIR /opt
+COPY ./devops/core-plus/bootstrap/ /opt/
+
+RUN apk update && apk add \
+ bash \
+ curl \
+ jq \
+ && chmod 775 bootstrap_partition.sh
+RUN addgroup -g 10001 -S nonroot \
+ && adduser -h /opt -G nonroot -S -u 10001 nonroot
+RUN chown -R 10001:10001 /opt
+USER 10001:10001
+CMD ["/bin/bash", "-c", "./bootstrap_partition.sh && sleep 365d"]
diff --git a/devops/core-plus/bootstrap/README.md b/devops/core-plus/bootstrap/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..9ccee11b41965c5236d5dacba7d817ac33f5bcb6
--- /dev/null
+++ b/devops/core-plus/bootstrap/README.md
@@ -0,0 +1,44 @@
+# Partition Bootstrapping Script
+
+## Overview
+
+This folder contains a set of Bash scripts designed to bootstrap and configure data partitions. These scripts are used to initialize the necessary settings and properties for system and additional data partitions in a given environment.
+
+## Key Environment Variables
+
+| Environment Variable | Description |
+| --------------------------- | ------------------------------------------------ |
+| `PARTITION_HOST` | Host for the partition API. |
+| `DATA_PARTITION_ID` | Identifier for the data partition. |
+| `BUCKET_PREFIX` | Prefix for bucket names used in the partition. |
+| `PARTITION_SUFFIX` | Suffix used for partition-specific properties. |
+| `SERVICE_ACCOUNT` | Service account |
+| `MINIO_ENDPOINT` | Endpoint for the MinIO service. |
+| `MINIO_EXTERNAL_ENDPOINT` | External endpoint for accessing MinIO. |
+| `MINIO_IGNORE_CERT_CHECK` | Flag to ignore SSL certificate checks for MinIO. |
+| `MINIO_UI_ENDPOINT` | Endpoint for the MinIO user interface. |
+| `INDEXER_AUGMENTER_ENABLED` | Flag to enable or disable the index augmenter. |
+
+## Scripts
+
+1. **bootstrap_partition.sh**
+2. **data_core.sh**
+3. **helpers.sh**
+
+### bootstrap_partition.sh
+
+This script is responsible for bootstrapping a data partition. It performs the following tasks:
+
+- Sources helper functions from `helpers.sh` and core data functions from `data_core.sh`.
+- Defines the `bootstrap_partition` function to bootstrap a partition by making HTTP POST and PATCH requests to a specified URL.
+- Exports environment variables needed for system and additional partitions.
+- Calls the `bootstrap_partition` function with appropriate data for system and additional partitions.
+- Creates a temporary file to signal that the bootstrap process is complete.
+
+### data_core.sh
+
+This script contains functions to generate JSON data for core system and additional partitions. These functions output JSON structures with various properties required for the partitions.
+
+### helpers.sh
+
+This script provides utility functions to support the bootstrapping process.
\ No newline at end of file
diff --git a/devops/core-plus/bootstrap/bootstrap_partition.sh b/devops/core-plus/bootstrap/bootstrap_partition.sh
new file mode 100644
index 0000000000000000000000000000000000000000..2df85929a1dfe19bb1eb5edf618caca3ab6e68e0
--- /dev/null
+++ b/devops/core-plus/bootstrap/bootstrap_partition.sh
@@ -0,0 +1,46 @@
+#!/usr/bin/env bash
+
+set -ex
+
+source ./helpers.sh
+source ./data_core.sh
+
+DATA_PARTITION_URL="http://${PARTITION_HOST}/api/partition/v1/partitions/${DATA_PARTITION_ID}"
+
+bootstrap_partition() {
+
+ local DATA_PARTITION_ID=$1
+ local BOOTSTRAP_DATA=$2
+ local PARTITION_URL=$3
+
+ echo "Bootstrapping partition: $DATA_PARTITION_ID"
+ echo "$BOOTSTRAP_DATA" | jq
+
+ status_code=$(curl -X POST \
+ --url "$PARTITION_URL" --write-out "%{http_code}" --silent --output "/dev/null" \
+ -H "Content-Type: application/json" \
+ --data-raw "$BOOTSTRAP_DATA")
+
+ # shellcheck disable=SC2002
+ if [[ "${status_code}" == 201 ]]; then
+ echo "Partition bootstrap finished successfully!"
+ elif [[ "${status_code}" == 409 ]]; then
+
+ patch_status_code=$(curl -X PATCH \
+ --url "$PARTITION_URL" --write-out "%{http_code}" --silent --output "/dev/null" \
+ -H "Content-Type: application/json" \
+ --data-raw "$BOOTSTRAP_DATA")
+
+ echo "Partition was patched because partition $DATA_PARTITION_ID already has properties! Status code: ${patch_status_code}"
+ else
+ echo "Exiting with status code: ${status_code}"
+ exit 1
+ fi
+}
+
+# Bootstrap additional partition
+export DATA_PARTITION_ID_VALUE="${DATA_PARTITION_ID}"
+additional_partition_data=$(merge "core_system_partition_data" "core_additional_partition_data")
+bootstrap_partition "${DATA_PARTITION_ID}" "$additional_partition_data" "${DATA_PARTITION_URL}"
+
+touch /tmp/bootstrap_ready
diff --git a/devops/core-plus/bootstrap/data_core.sh b/devops/core-plus/bootstrap/data_core.sh
new file mode 100644
index 0000000000000000000000000000000000000000..397f40b3d49ae72f0881aa5447d669e17f8a92be
--- /dev/null
+++ b/devops/core-plus/bootstrap/data_core.sh
@@ -0,0 +1,199 @@
+#!/usr/bin/env bash
+
+# FIXME (GONRG-7695): Move elastic properties to additional partition when resolved
+# FIXME (GONRG-7696): Move rabbitmq properties to additional partition when resolved
+core_system_partition_data() {
+ DATA_PARTITION_ID_UPPER="${DATA_PARTITION_ID_VALUE^^}"
+ cat <<EOF
+{
+ "properties": {
+ "projectId": {
+ "sensitive": false,
+ "value": "${BUCKET_PREFIX}"
+ },
+ "serviceAccount": {
+ "sensitive": false,
+ "value": "${SERVICE_ACCOUNT}"
+ },
+ "complianceRuleSet": {
+ "sensitive": false,
+ "value": "shared"
+ },
+ "dataPartitionId": {
+ "sensitive": false,
+ "value": "${DATA_PARTITION_ID_VALUE}"
+ },
+ "name": {
+ "sensitive": false,
+ "value": "${DATA_PARTITION_ID_VALUE}"
+ },
+ "bucket": {
+ "sensitive": false,
+ "value": "${BUCKET_PREFIX}-${DATA_PARTITION_ID_VALUE}-records"
+ },
+ "crmAccountID": {
+ "sensitive": false,
+ "value": "[${DATA_PARTITION_ID_VALUE},${DATA_PARTITION_ID_VALUE}]"
+ },
+ "osm.postgres.datasource.url": {
+ "sensitive": true,
+ "value": "POSTGRES_DATASOURCE_URL${PARTITION_SUFFIX}"
+ },
+ "osm.postgres.datasource.username": {
+ "sensitive": true,
+ "value": "POSTGRES_DB_USERNAME${PARTITION_SUFFIX}"
+ },
+ "osm.postgres.datasource.password": {
+ "sensitive": true,
+ "value": "POSTGRES_DB_PASSWORD${PARTITION_SUFFIX}"
+ },
+ "obm.minio.endpoint": {
+ "sensitive": false,
+ "value": "${MINIO_ENDPOINT}"
+ },
+ "obm.minio.accessKey": {
+ "sensitive": true,
+ "value": "MINIO_ACCESS_KEY"
+ },
+ "obm.minio.secretKey": {
+ "sensitive": true,
+ "value": "MINIO_SECRET_KEY"
+ },
+ "obm.minio.ignoreCertCheck": {
+ "sensitive": false,
+ "value": "${MINIO_IGNORE_CERT_CHECK}"
+ },
+ "obm.minio.ui.endpoint": {
+ "sensitive": false,
+ "value": "${MINIO_UI_ENDPOINT}"
+ },
+ "kubernetes-secret-name": {
+ "sensitive": false,
+ "value": "eds-${DATA_PARTITION_ID_VALUE}"
+ },
+ "oqm.rabbitmq.amqp.host": {
+ "sensitive": false,
+ "value": "rabbitmq"
+ },
+ "oqm.rabbitmq.amqp.port": {
+ "sensitive": false,
+ "value": "5672"
+ },
+ "oqm.rabbitmq.amqp.path": {
+ "sensitive": false,
+ "value": ""
+ },
+ "oqm.rabbitmq.amqp.username": {
+ "sensitive": true,
+ "value": "RABBITMQ_ADMIN_USERNAME"
+ },
+ "oqm.rabbitmq.amqp.password": {
+ "sensitive": true,
+ "value": "RABBITMQ_ADMIN_PASSWORD"
+ },
+ "oqm.rabbitmq.admin.schema": {
+ "sensitive": false,
+ "value": "http"
+ },
+ "oqm.rabbitmq.admin.host": {
+ "sensitive": false,
+ "value": "rabbitmq"
+ },
+ "oqm.rabbitmq.admin.port": {
+ "sensitive": false,
+ "value": "15672"
+ },
+ "oqm.rabbitmq.admin.path": {
+ "sensitive": false,
+ "value": "/api"
+ },
+ "oqm.rabbitmq.admin.username": {
+ "sensitive": true,
+ "value": "RABBITMQ_ADMIN_USERNAME"
+ },
+ "oqm.rabbitmq.admin.password": {
+ "sensitive": true,
+ "value": "RABBITMQ_ADMIN_PASSWORD"
+ },
+ "elasticsearch.host": {
+ "sensitive": true,
+ "value": "ELASTIC_HOST${PARTITION_SUFFIX}"
+ },
+ "elasticsearch.port": {
+ "sensitive": true,
+ "value": "ELASTIC_PORT${PARTITION_SUFFIX}"
+ },
+ "elasticsearch.user": {
+ "sensitive": true,
+ "value": "ELASTIC_USER${PARTITION_SUFFIX}"
+ },
+ "elasticsearch.password": {
+ "sensitive": true,
+ "value": "ELASTIC_PASS${PARTITION_SUFFIX}"
+ },
+ "index-augmenter-enabled": {
+ "sensitive": false,
+ "value": "${INDEXER_AUGMENTER_ENABLED}"
+ },
+ "policy-service-enabled": {
+ "sensitive": false,
+ "value": "false"
+ },
+ "obm.minio.external.endpoint": {
+ "sensitive": false,
+ "value": "${MINIO_EXTERNAL_ENDPOINT}"
+ },
+ "entitlements.datasource.url": {
+ "sensitive": true,
+ "value": "ENT_PG_URL${PARTITION_SUFFIX}"
+ },
+ "entitlements.datasource.username": {
+ "sensitive": true,
+ "value": "ENT_PG_USER${PARTITION_SUFFIX}"
+ },
+ "entitlements.datasource.password": {
+ "sensitive": true,
+ "value": "ENT_PG_PASS${PARTITION_SUFFIX}"
+ },
+ "entitlements.datasource.schema": {
+ "sensitive": true,
+ "value": "ENT_PG_SCHEMA_${DATA_PARTITION_ID_UPPER}"
+ },
+ "system.schema.bucket.name": {
+ "sensitive": false,
+ "value": "${BUCKET_PREFIX}-${DATA_PARTITION_ID_VALUE}-system-schema"
+ },
+ "schema.bucket.name": {
+ "sensitive": false,
+ "value": "${BUCKET_PREFIX}-${DATA_PARTITION_ID_VALUE}-schema"
+ }
+ }
+}
+EOF
+}
+
+core_additional_partition_data() {
+ DATA_PARTITION_ID_UPPER="${DATA_PARTITION_ID_VALUE^^}"
+ cat <<EOF
+{
+ "properties": {
+ "index-augmenter-enabled": {
+ "sensitive": false,
+ "value": "${INDEXER_AUGMENTER_ENABLED}"
+ },
+ "policy-service-enabled": {
+ "sensitive": false,
+ "value": "false"
+ },
+ "obm.minio.external.endpoint": {
+ "sensitive": false,
+ "value": "${MINIO_EXTERNAL_ENDPOINT}"
+ },
+ "wellbore-dms-bucket": {
+ "sensitive": false,
+ "value": "${BUCKET_PREFIX}-logstore-osdu"
+ }
+ }
+}
+EOF
+}
diff --git a/devops/core-plus/bootstrap/helpers.sh b/devops/core-plus/bootstrap/helpers.sh
new file mode 100644
index 0000000000000000000000000000000000000000..8aa2a0fa870a3a1b3c8f826437d904523c7cb6b4
--- /dev/null
+++ b/devops/core-plus/bootstrap/helpers.sh
@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+
+merge() {
+ local system_data_function_name="$1"
+ local additional_data_function_name="$2"
+ local json1
+ local json2
+
+ json1="$($system_data_function_name)"
+ json2="$($additional_data_function_name)"
+
+ jq -n --argjson json1 "$json1" --argjson json2 "$json2" \
+ '$json1.properties + $json2.properties | { properties: . }'
+}
+
diff --git a/devops/core-plus/deploy/README.md b/devops/core-plus/deploy/README.md
index da07701b02c29f03714a4ac0e7438a8e965de7bf..47615149867277973cb699fd8e35a5704820bf5e 100644
--- a/devops/core-plus/deploy/README.md
+++ b/devops/core-plus/deploy/README.md
@@ -99,33 +99,32 @@ First you need to set variables in **values.yaml** file using any code editor. S
**global.domain** | your domain | string | - | yes
**global.useHttps** | defines whether to use HTTPS instead of HTTP for external minio s3 endpoint connection | boolean | true | yes
**global.limitsEnabled** | whether CPU and memory limits are enabled | boolean | true | yes
+**global.dataPartitionId** | data partition id | string | - | yes
### Configmap variables
| Name | Description | Type | Default |Required |
|------|-------------|------|---------|---------|
**data.logLevel** | logging level | string | INFO | yes
-**data.partitionHost** | partition host | string | partition | yes
-**data.partitionNamespace** | datastore namespace where partition will store the data | string | partition | yes
-**data.dataPartitionId** | data partition id | string | - | yes
+**data.partitionSuffix** | suffix for partition secret values | string | _SYSTEM | yes
**data.datafierSa** | datafier service account | string | datafier | yes
**data.bucketPrefix** | minio bucket name prefix | string | refi | only in case of Reference installation when _onPremEnabled_ is set to "_true_"
**data.minioExternalEndpoint** | api url for external minio, if external minio is configured - this value will be set for MINIO_ENDPOINT and MINIO_EXTERNAL_ENDPOINT in bootstrap configmap | string | - | no
**data.minioIgnoreCertCheck** | whether minio should ignore TLS certs validity check, set to true if external minio is protected by self-signed certificates | string | false | no
-**data.indexerAugmenterEnabled** | enable indexer Augmenter | string | false | no
**data.minioUIEndpoint** | UI endpoint for gathering minio versions | string | `http://minio:9001` | yes
+**data.indexerAugmenterEnabled** | enable indexer Augmenter | string | false | no
### Deployment variables
| Name | Description | Type | Default |Required |
|------|-------------|------|---------|---------|
-**data.requestsCpu** | amount of requests CPU | string | 10m | yes
-**data.requestsMemory** | amount of requests memory | string | 400Mi | yes
+**data.requestsCpu** | amount of requests CPU | string | 5m | yes
+**data.requestsMemory** | amount of requests memory | string | 350Mi | yes
**data.limitsCpu** | CPU limit | string | 500m | only if `global.limitsEnabled` is true
**data.limitsMemory** | memory limit | string | 1G | only if `global.limitsEnabled` is true
**data.serviceAccountName** | name of your service account | string | partition | yes
-**data.image** | path to the image in a registry | string | - | yes
**data.imagePullPolicy** | when to pull the image | string | IfNotPresent | yes
+**data.image** | path to the image in a registry | string | - | yes
**data.bootstrapImage** | name of the bootstrap image | string | - | yes
### Configuration variables
@@ -142,14 +141,13 @@ First you need to set variables in **values.yaml** file using any code editor. S
| Name | Description | Type | Default |Required |
|------|-------------|------|---------|---------|
-**istio.proxyCPU** | CPU request for Envoy sidecars | string | 10m | yes
+**istio.proxyCPU** | CPU request for Envoy sidecars | string | 5m | yes
**istio.proxyCPULimit** | CPU limit for Envoy sidecars | string | 500m | yes
-**istio.proxyMemory** | memory request for Envoy sidecars | string | 100Mi | yes
+**istio.proxyMemory** | memory request for Envoy sidecars | string | 64Mi | yes
**istio.proxyMemoryLimit** | memory limit for Envoy sidecars | string | 512Mi | yes
-**istio.bootstrapProxyCPU** | CPU request for Envoy sidecars | string | 10m | yes
+**istio.bootstrapProxyCPU** | CPU request for Envoy sidecars | string | 5m | yes
**istio.bootstrapProxyCPULimit** | CPU limit for Envoy sidecars | string | 100m | yes
**istio.sidecarInject** | whether Istio sidecar will be injected. Setting to "false" reduces security, because disables authorization policy. | boolean | true | yes
-**istio.partitionEditors** | list of users who can edit partitions. If it is empty, the service allows all external GET requests and POST/PUT/PATCH for bootstrap k8s service account. It accepts gc accounts only | list | - | no
### Install the helm chart
diff --git a/devops/core-plus/deploy/templates/authorization-policy.yaml b/devops/core-plus/deploy/templates/authorization-policy.yaml
index 89bfe32a3e302e94b1b0ade4385a3db22118b817..4a0d8c32f8d14712e57d501125ce448ef4689baf 100644
--- a/devops/core-plus/deploy/templates/authorization-policy.yaml
+++ b/devops/core-plus/deploy/templates/authorization-policy.yaml
@@ -9,6 +9,14 @@ spec:
app: {{ .Values.conf.appName | quote }}
action: ALLOW
rules:
+ - from:
+ - source:
+ principals:
+ - cluster.local/ns/{{ $.Release.Namespace }}/sa/{{ printf "%s-bootstrap" .Values.data.serviceAccountName }}
+ to:
+ - operation:
+ paths:
+ - /api/partition/v1/*
- to:
- operation:
methods:
@@ -26,7 +34,7 @@ spec:
- /api/partition/v1/*
when:
- key: request.auth.claims[iss]
- values:
+ values:
- https://keycloak.{{ .Values.global.domain }}/realms/{{ .Values.auth.realm }}
- http://keycloak.{{ .Values.global.domain }}/realms/{{ .Values.auth.realm }}
- http://keycloak/realms/{{ .Values.auth.realm }}
diff --git a/devops/core-plus/deploy/templates/configmap-bootstrap.yaml b/devops/core-plus/deploy/templates/configmap-bootstrap.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..1fbdafcebe87039d90090d28ec8bd6ae84b79867
--- /dev/null
+++ b/devops/core-plus/deploy/templates/configmap-bootstrap.yaml
@@ -0,0 +1,24 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ labels:
+ app: "{{ .Values.conf.appName }}-bootstrap"
+ name: "{{ .Values.conf.configmap }}-bootstrap"
+ namespace: "{{ .Release.Namespace }}"
+data:
+ PARTITION_HOST: "partition"
+ INDEXER_AUGMENTER_ENABLED: {{ .Values.data.indexerAugmenterEnabled | quote }}
+ PARTITION_SUFFIX: {{ .Values.data.partitionSuffix | quote }}
+ DATA_PARTITION_ID: {{ .Values.global.dataPartitionId | quote }}
+ ENVIRONMENT: "anthos"
+ SERVICE_ACCOUNT: {{ printf "%s@service.local" .Values.data.datafierSa | quote }}
+ DOMAIN: "{{ .Values.global.domain }}"
+ BUCKET_PREFIX: {{ .Values.data.bucketPrefix | quote }}
+ MINIO_ENDPOINT: {{ default "http://minio:9000" .Values.data.minioExternalEndpoint | quote }}
+ MINIO_UI_ENDPOINT: {{ .Values.data.minioUIEndpoint | quote }}
+ {{- if .Values.global.useHttps }}
+ MINIO_EXTERNAL_ENDPOINT: {{ default (printf "https://s3.%s" .Values.global.domain) .Values.data.minioExternalEndpoint | quote }}
+ {{- else }}
+ MINIO_EXTERNAL_ENDPOINT: {{ default (printf "http://s3.%s" .Values.global.domain) .Values.data.minioExternalEndpoint | quote }}
+ {{- end }}
+ MINIO_IGNORE_CERT_CHECK: {{ .Values.data.minioIgnoreCertCheck | quote }}
diff --git a/devops/core-plus/deploy/templates/deploy-bootstrap.yaml b/devops/core-plus/deploy/templates/deploy-bootstrap.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..c3710a6a24ea5e1ed70a776096bee8b44774fa65
--- /dev/null
+++ b/devops/core-plus/deploy/templates/deploy-bootstrap.yaml
@@ -0,0 +1,41 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ printf "%s-bootstrap" .Values.conf.appName | quote }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ type: bootstrap
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: {{ printf "%s-bootstrap" .Values.conf.appName | quote }}
+ template:
+ metadata:
+ labels:
+ app: {{ printf "%s-bootstrap" .Values.conf.appName | quote }}
+ sidecar.istio.io/inject: {{ .Values.istio.sidecarInject | quote }}
+ annotations:
+ rollme: {{ randAlphaNum 5 | quote }}
+ sidecar.istio.io/proxyCPU: {{ .Values.istio.bootstrapProxyCPU | quote }}
+ sidecar.istio.io/proxyMemory: {{ .Values.istio.proxyMemory | quote }}
+ sidecar.istio.io/proxyCPULimit: {{ .Values.istio.bootstrapProxyCPULimit | quote }}
+ sidecar.istio.io/proxyMemoryLimit: {{ .Values.istio.proxyMemoryLimit | quote }}
+ spec:
+ containers:
+ - image: {{ .Values.data.bootstrapImage | quote }}
+ imagePullPolicy: {{ .Values.data.imagePullPolicy | quote }}
+ name: {{ printf "%s-bootstrap" .Values.conf.appName | quote }}
+ readinessProbe:
+ exec:
+ command:
+ - cat
+ - /tmp/bootstrap_ready
+ envFrom:
+ - configMapRef:
+ name: {{ printf "%s-bootstrap" .Values.conf.configmap | quote }}
+ securityContext:
+ allowPrivilegeEscalation: false
+ runAsNonRoot: true
+ restartPolicy: Always
+ serviceAccountName: {{ printf "%s-bootstrap" .Values.data.serviceAccountName | quote }}
diff --git a/devops/core-plus/deploy/templates/service-account.yaml b/devops/core-plus/deploy/templates/service-account.yaml
index 3df3488af53132feab774393efdac29a6f6315ee..be014205906774c5166f8e6855ea0416ddb07315 100644
--- a/devops/core-plus/deploy/templates/service-account.yaml
+++ b/devops/core-plus/deploy/templates/service-account.yaml
@@ -3,3 +3,9 @@ kind: ServiceAccount
metadata:
name: {{ .Values.data.serviceAccountName | quote }}
namespace: {{ .Release.Namespace | quote }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ printf "%s-bootstrap" .Values.data.serviceAccountName | quote }}
+ namespace: {{ .Release.Namespace | quote }}
diff --git a/devops/core-plus/deploy/values.yaml b/devops/core-plus/deploy/values.yaml
index 736d68040f86fb7c14de7db1d505317490a9dcb6..d7af376ee95be38bdaf4d626300ded74083debd6 100644
--- a/devops/core-plus/deploy/values.yaml
+++ b/devops/core-plus/deploy/values.yaml
@@ -2,11 +2,19 @@ global:
domain: ""
useHttps: true
limitsEnabled: true
+ dataPartitionId: ""
data:
# configmaps
logLevel: "ERROR"
# deployments
+ partitionSuffix: "_SYSTEM"
+ datafierSa: "datafier"
+ bucketPrefix: "refi"
+ minioExternalEndpoint: "" # use only if external minio is configured
+ minioIgnoreCertCheck: "false"
+ minioUIEndpoint: "http://minio:9001"
+ indexerAugmenterEnabled: "false"
requestsCpu: "5m"
requestsMemory: "350Mi"
limitsCpu: "500m"
@@ -14,6 +22,7 @@ data:
serviceAccountName: "partition"
imagePullPolicy: "IfNotPresent"
image: ""
+ bootstrapImage: ""
conf:
appName: "partition"
@@ -30,4 +39,6 @@ istio:
proxyCPULimit: "500m"
proxyMemory: "64Mi"
proxyMemoryLimit: "512Mi"
+ bootstrapProxyCPU: "5m"
+ bootstrapProxyCPULimit: "100m"
sidecarInject: "true"
diff --git a/devops/core-plus/pipeline/override-stages.yml b/devops/core-plus/pipeline/override-stages.yml
index dbe7257f6933ca2718f9bb031f64ad527860a2ea..52b196c1027537022b970c8b41f8dc1ddae31223 100644
--- a/devops/core-plus/pipeline/override-stages.yml
+++ b/devops/core-plus/pipeline/override-stages.yml
@@ -1,5 +1,13 @@
variables:
CORE_SERVICE: partition
+ CORE_ENABLE_BOOTSTRAP: "true"
+ CORE_BUILD_BOOTSTRAP_PATH: "devops/core-plus/bootstrap/Dockerfile"
+
+core-containerize-bootstrap-gitlab:
+ tags: ["osdu-medium"]
+ variables:
+ CORE_IMAGE_BOOTSTRAP_NAME: "core-plus-bootstrap-partition"
+
core-containerize-gitlab:
stage: containerize
diff --git a/partition-core-plus/build/Dockerfile b/partition-core-plus/build/Dockerfile
index 4956fbdf97cdc3a0d9279f6a9ea0f7f474266bfa..fa910bc7f2af3a0a220bdf6d8782d024be689afe 100644
--- a/partition-core-plus/build/Dockerfile
+++ b/partition-core-plus/build/Dockerfile
@@ -19,6 +19,5 @@ CMD java -Djava.security.egd=file:/dev/./urandom \
-Dserver.port=${PORT} \
-Dlog4j.formatMsgNoLookups=true \
-Dloader.path=plugins/ \
- -Dloader.debug=true \
-Dloader.main=org.opengroup.osdu.partition.coreplus.PartitionApplication \
-jar /app/partition-${PROVIDER_NAME}.jar