Skip to content
Snippets Groups Projects
Commit fc0ff54f authored by Marc Burnie [AWS]'s avatar Marc Burnie [AWS]
Browse files

Merge branch 'master' into master-dev-merge

parents 6a872bb3 49c59f54
No related branches found
No related tags found
2 merge requests!229Merge branch 'dependency-upgrade' into 'master',!195Use MongoPropertiesReader from os-core-lib-aws and add maxIdelTimeMS setting
Hide whitespace changes
Inline Side-by-side
Showing
with 137 additions and 121 deletions
.gitlab-ci.yml
+ 37
19
View file @ fc0ff54f
...@@ -13,20 +13,30 @@ variables: ...@@ -13,20 +13,30 @@ variables:
IBM_BUILD_SUBDIR: provider/partition-ibm IBM_BUILD_SUBDIR: provider/partition-ibm
IBM_INT_TEST_SUBDIR: testing/partition-test-ibm IBM_INT_TEST_SUBDIR: testing/partition-test-ibm
# --- osdu gcp specific variables ---
OSDU_GCP_ENABLE_BOOTSTRAP: "true" OSDU_GCP_ENABLE_BOOTSTRAP: "true"
OSDU_GCP_SERVICE: partition OSDU_GCP_SERVICE: partition
OSDU_GCP_VENDOR: gcp OSDU_GCP_VENDOR: gcp
OSDU_GCP_APPLICATION_NAME: os-partition OSDU_GCP_HELM_CONFIG_SERVICE_VARS: >
MAVEN_PROJECTS: "-pl partition-core,provider/partition-gcp" --set data.partitionAdminAccounts=$OSDU_GCP_PARTITION_ADMIN_ACCOUNTS
OSDU_GCP_TEST_SUBDIR: testing/$OSDU_GCP_SERVICE-test-$OSDU_GCP_VENDOR --set data.projectId=$OSDU_GCP_PROJECT
OSDU_GCP_HELM_PACKAGE_CHARTS: "devops/gcp/deploy devops/gcp/configmap" --set data.googleAudiences=$GOOGLE_AUDIENCE
OSDU_GCP_HELM_NAMESPACE: default --set data.logLevel=INFO
OSDU_GCP_HELM_CONFIG_SERVICE_VARS: "--set data.partition_admin_accounts=$OSDU_GCP_PARTITION_ADMIN_ACCOUNTS --set data.project_id=$OSDU_GCP_PROJECT --set data.google_audiences=$GOOGLE_AUDIENCE --set data.log_level=INFO --set data.key_ring=$OSDU_GCP_PARTITION_KEY_RING --set data.kms_key=$OSDU_GCP_PARTITION_KMS_KEY --set data.data_partition_id=$OSDU_GCP_TENANT" --set data.dataPartitionId=$OSDU_GCP_TENANT
OSDU_GCP_HELM_CONFIG_SERVICE_VARS_DEV2: "--set data.partition_admin_accounts=$OSDU_GCP_PARTITION_ADMIN_ACCOUNTS_DEV2 --set data.project_id=$OSDU_GCP_PROJECT --set data.google_audiences=$GOOGLE_AUDIENCE --set data.log_level=INFO --set data.key_ring=$OSDU_GCP_PARTITION_KEY_RING --set data.kms_key=$OSDU_GCP_PARTITION_KMS_KEY --set data.data_partition_id=$OSDU_GCP_TENANT" OSDU_GCP_HELM_DEPLOYMENT_SERVICE_VARS: >
OSDU_GCP_HELM_DEPLOYMENT_SERVICE_VARS: "--set data.image=$CI_REGISTRY_IMAGE/osdu-gcp:$CI_COMMIT_SHORT_SHA --set data.bootstrap_image=$CI_REGISTRY_IMAGE/osdu-gcp-bootstrap-partition:$CI_COMMIT_SHORT_SHA --set data.serviceAccountName=$OSDU_GCP_SERVICE-k8s --set data.bootstrapServiceAccountName=$OSDU_GCP_SERVICE-k8s" --set data.image=$CI_REGISTRY_IMAGE/osdu-gcp-$OSDU_GCP_SERVICE:$CI_COMMIT_SHORT_SHA
--set data.bootstrapImage=$CI_REGISTRY_IMAGE/osdu-gcp-bootstrap-$OSDU_GCP_SERVICE:$CI_COMMIT_SHORT_SHA
--set data.serviceAccountName=$OSDU_GCP_SERVICE-k8s
--set data.bootstrapServiceAccountName=$OSDU_GCP_SERVICE-k8s
OSDU_GCP_HELM_CONFIG_SERVICE_VARS_DEV2: >
--set data.partitionAdminAccounts=$OSDU_GCP_PARTITION_ADMIN_ACCOUNTS_DEV2
--set data.projectId=$OSDU_GCP_PROJECT
--set data.googleAudiences=$GOOGLE_AUDIENCE
--set data.logLevel=INFO
--set data.dataPartitionId=$OSDU_GCP_TENANT
# FIXME add value below to DEV2 pipeline # FIXME add value below to DEV2 pipeline
OSDU_GCP_HELM_DEPLOYMENT_SERVICE_VARS_DEV2: "--set data.bootstrap_image=$CI_REGISTRY_IMAGE/osdu-gcp-bootstrap-partition:$CI_COMMIT_SHORT_SHA --set data.bootstrapServiceAccountName=$OSDU_GCP_BOOTSTRAP_SERVICE_ACCOUNT" OSDU_GCP_HELM_DEPLOYMENT_SERVICE_VARS_DEV2: >
--set data.bootstrapImage=$CI_REGISTRY_IMAGE/osdu-gcp-bootstrap-$OSDU_GCP_SERVICE:$CI_COMMIT_SHORT_SHA
--set data.bootstrapServiceAccountName=$OSDU_GCP_BOOTSTRAP_SERVICE_ACCOUNT
OSDU_GCP_HELM_CONFIG_SERVICE: partition-config OSDU_GCP_HELM_CONFIG_SERVICE: partition-config
OSDU_GCP_HELM_DEPLOYMENT_SERVICE: partition-deploy OSDU_GCP_HELM_DEPLOYMENT_SERVICE: partition-deploy
...@@ -62,30 +72,38 @@ include: ...@@ -62,30 +72,38 @@ include:
file: "publishing/pages.yml" file: "publishing/pages.yml"
osdu-gcp-deploy-deployment: osdu-gcp-deploy-deployment:
variables: needs:
OSDU_GCP_BOOTSTRAP_SERVICE: partition-bootstrap - osdu-gcp-containerize-gitlab
needs: ["osdu-gcp-containerize-gitlab", "osdu-gcp-containerize-bootstrap-gitlab", "osdu-gcp-deploy-configmap"] - osdu-gcp-containerize-bootstrap-gitlab
- osdu-gcp-deploy-configmap
after_script: after_script:
- echo ----- Verify Bootstrap ----- - echo ----- Verify Bootstrap -----
- kubectl rollout status deployment.v1.apps/$OSDU_GCP_BOOTSTRAP_SERVICE -n $OSDU_GCP_HELM_NAMESPACE --timeout=900s - kubectl rollout status deployment.v1.apps/$OSDU_GCP_SERVICE-bootstrap -n $OSDU_GCP_HELM_NAMESPACE --timeout=900s
- POD=$(kubectl get pod --sort-by=.metadata.creationTimestamp -n $OSDU_GCP_HELM_NAMESPACE | grep $OSDU_GCP_BOOTSTRAP_SERVICE | tail -1 | awk '{print $1}') - POD=$(kubectl get pod --sort-by=.metadata.creationTimestamp -n $OSDU_GCP_HELM_NAMESPACE | grep $OSDU_GCP_SERVICE-bootstrap | tail -1 | awk '{print $1}')
- STATUS=$(kubectl wait -n $OSDU_GCP_HELM_NAMESPACE --for=condition=Ready pod/$POD --timeout=300s) - STATUS=$(kubectl wait -n $OSDU_GCP_HELM_NAMESPACE --for=condition=Ready pod/$POD --timeout=300s)
- echo $STATUS - echo $STATUS
- if [[ "$STATUS" != *"met"* ]]; then echo "POD didn't start correctly" ; exit 1 ; fi - if [[ "$STATUS" != *"met"* ]]; then echo "POD didn't start correctly" ; exit 1 ; fi
osdu-gcp-dev2-deploy-deployment: osdu-gcp-dev2-deploy-deployment:
variables: variables:
OSDU_GCP_BOOTSTRAP_SERVICE: partition-bootstrap
OSDU_GCP_BOOTSTRAP_SERVICE_ACCOUNT: workload-gke-bootstrap-sa OSDU_GCP_BOOTSTRAP_SERVICE_ACCOUNT: workload-gke-bootstrap-sa
needs: ["osdu-gcp-containerize-gitlab", "osdu-gcp-containerize-bootstrap-gitlab", "osdu-gcp-dev2-deploy-configmap"] needs:
- osdu-gcp-containerize-gitlab
- osdu-gcp-containerize-bootstrap-gitlab
- osdu-gcp-dev2-deploy-configmap
after_script: after_script:
- echo ----- Verify Bootstrap ----- - echo ----- Verify Bootstrap -----
- kubectl rollout status deployment.v1.apps/$OSDU_GCP_BOOTSTRAP_SERVICE -n $OSDU_GCP_HELM_NAMESPACE --timeout=900s - kubectl rollout status deployment.v1.apps/$OSDU_GCP_SERVICE-bootstrap -n $OSDU_GCP_HELM_NAMESPACE --timeout=900s
- POD=$(kubectl get pod --sort-by=.metadata.creationTimestamp -n $OSDU_GCP_HELM_NAMESPACE | grep $OSDU_GCP_BOOTSTRAP_SERVICE | tail -1 | awk '{print $1}') - POD=$(kubectl get pod --sort-by=.metadata.creationTimestamp -n $OSDU_GCP_HELM_NAMESPACE | grep $OSDU_GCP_SERVICE-bootstrap | tail -1 | awk '{print $1}')
- STATUS=$(kubectl wait -n $OSDU_GCP_HELM_NAMESPACE --for=condition=Ready pod/$POD --timeout=300s) - STATUS=$(kubectl wait -n $OSDU_GCP_HELM_NAMESPACE --for=condition=Ready pod/$POD --timeout=300s)
- echo $STATUS - echo $STATUS
- if [[ "$STATUS" != *"met"* ]]; then echo "POD didn't start correctly" ; exit 1 ; fi - if [[ "$STATUS" != *"met"* ]]; then echo "POD didn't start correctly" ; exit 1 ; fi
osdu-gcp-anthos-deploy-deployment:
needs:
- osdu-gcp-containerize-gitlab
- osdu-gcp-containerize-bootstrap-gitlab
- osdu-gcp-anthos-deploy-configmap
osdu-gcp-test: osdu-gcp-test:
variables: variables:
......
devops/gcp/configmap/templates/partition-bootstrap-configmap.yml
+ 10
10
View file @ fc0ff54f
...@@ -2,18 +2,18 @@ apiVersion: v1 ...@@ -2,18 +2,18 @@ apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
labels: labels:
app: "{{ .Values.conf.bootstrap_name }}" app: "{{ .Values.conf.appName }}-bootstrap"
name: "{{ .Values.conf.bootstrap_configmap }}" name: "{{ .Values.conf.configmap }}-bootstrap"
namespace: "{{ .Release.Namespace }}" namespace: "{{ .Release.Namespace }}"
data: data:
PARTITION_NAME: "{{ .Values.data.partition_name }}.{{ .Release.Namespace }}.svc.cluster.local" PARTITION_NAME: "{{ .Values.data.partitionName }}.{{ .Release.Namespace }}.svc.cluster.local"
PROJECT_ID: "{{ .Values.data.project_id }}" PROJECT_ID: "{{ .Values.data.projectId }}"
DATA_PARTITION_ID: "{{ .Values.data.data_partition_id }}" DATA_PARTITION_ID: "{{ .Values.data.dataPartitionId }}"
{{- if .Values.conf.on_prem_enabled }} {{- if .Values.conf.onPremEnabled }}
DOMAIN: "{{ .Values.data.domain }}" DOMAIN: "{{- default (printf "%s.%s" ((index (lookup "v1" "Service" .Values.data.istioNamespace "istio-ingressgateway").status.loadBalancer.ingress 0).ip) "nip.io") .Values.data.domain -}}"
ENVIRONMENT: "{{ .Values.data.environment }}" ENVIRONMENT: "{{ .Values.data.environment }}"
CLIENT_ID: "{{ .Values.data.client_id }}" CLIENT_ID: "{{ .Values.data.clientId }}"
{{- else }} {{- else }}
AUDIENCES: "{{ .Values.data.google_audiences }}" AUDIENCES: "{{ .Values.data.googleAudiences }}"
DATAFIER_SA: "{{ .Values.data.datafier_sa }}" DATAFIER_SA: "{{ .Values.data.datafierSa }}"
{{- end }} {{- end }}
devops/gcp/configmap/templates/partition-variables.yml
+ 9
10
View file @ fc0ff54f
...@@ -2,18 +2,17 @@ apiVersion: v1 ...@@ -2,18 +2,17 @@ apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
labels: labels:
app: "{{ .Values.conf.app_name }}" app: "{{ .Values.conf.appName }}"
name: "{{ .Values.conf.configmap }}" name: "{{ .Values.conf.configmap }}"
namespace: "{{ .Release.Namespace }}" namespace: "{{ .Release.Namespace }}"
data: data:
LOG_LEVEL: "{{ .Values.data.log_level }}" LOG_LEVEL: "{{ .Values.data.logLevel }}"
SPRING_PROFILES_ACTIVE: "{{ .Values.data.spring_profiles_active }}" SPRING_PROFILES_ACTIVE: "{{ .Values.data.springProfilesActive }}"
{{- if .Values.conf.on_prem_enabled }} {{- if .Values.conf.onPremEnabled }}
PARTITION_PROPERTY_KIND: "{{ .Values.data.partition_property_kind }}" PARTITION_NAMESPACE: "{{ .Values.data.partitionNamespace }}"
PARTITION_NAMESPACE: "{{ .Values.data.partition_namespace }}"
{{- else }} {{- else }}
GOOGLE_CLOUD_PROJECT: "{{ .Values.data.project_id }}" GOOGLE_CLOUD_PROJECT: "{{ .Values.data.projectId }}"
PARTITION_ADMIN_ACCOUNTS: "{{ .Values.data.partition_admin_accounts }}" PARTITION_ADMIN_ACCOUNTS: "{{ .Values.data.partitionAdminAccounts }}"
GOOGLE_AUDIENCES: "{{ .Values.data.google_audiences }}" GOOGLE_AUDIENCES: "{{ .Values.data.googleAudiences }}"
SERVICE_ACCOUNT_TAIL: "{{ .Values.data.service_account_tail }}" SERVICE_ACCOUNT_TAIL: "{{ .Values.data.serviceAccountTail }}"
{{- end }} {{- end }}
devops/gcp/configmap/values.yaml
+ 15
17
View file @ fc0ff54f
data: data:
project_id: "" projectId: ""
partition_admin_accounts: "" partitionAdminAccounts: ""
google_audiences: "" googleAudiences: ""
log_level: "INFO" logLevel: "INFO"
service_account_tail: ".iam.gserviceaccount.com" serviceAccountTail: ".iam.gserviceaccount.com"
partition_property_kind: "" # FIXME GONRG-4910
partition_namespace: "" partitionNamespace: ""
spring_profiles_active: "gcp" springProfilesActive: "gcp"
# bootstrap common # bootstrap common
partition_name: "partition" partitionName: "partition"
data_partition_id: "" dataPartitionId: ""
datafier_sa: "datafier" datafierSa: "datafier"
# bootstrap variables onprem # bootstrap variables onprem
domain: "" domain: ""
istioNamespace: "istio-ingress"
environment: "" environment: ""
client_id: "" clientId: "datafier"
conf: conf:
configmap: "partition-config" configmap: "partition-config"
app_name: "partition" appName: "partition"
# bootstrap common onPremEnabled: false
bootstrap_name: "partition-bootstrap"
bootstrap_configmap: "partition-bootstrap-configmap"
on_prem_enabled: false
devops/gcp/deploy/templates/partition-authorization-policy.yml
+ 1
1
View file @ fc0ff54f
{{- if .Values.conf.on_prem_enabled }} {{- if .Values.conf.onPremEnabled }}
{{- range $key, $spec := .Values.authorizations }} {{- range $key, $spec := .Values.authorizations }}
apiVersion: security.istio.io/v1beta1 apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy kind: AuthorizationPolicy
......
devops/gcp/deploy/templates/partition-bootstrap-deployment.yml
+ 8
8
View file @ fc0ff54f
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: "{{ .Values.conf.bootstrap_name }}" name: "{{ .Values.conf.appName }}-bootstrap"
namespace: "{{ .Release.Namespace }}" namespace: "{{ .Release.Namespace }}"
spec: spec:
replicas: 1 replicas: 1
selector: selector:
matchLabels: matchLabels:
app: "{{ .Values.conf.bootstrap_name }}" app: "{{ .Values.conf.appName }}-bootstrap"
template: template:
metadata: metadata:
labels: labels:
app: "{{ .Values.conf.bootstrap_name }}" app: "{{ .Values.conf.appName }}-bootstrap"
annotations: annotations:
rollme: {{ randAlphaNum 5 | quote }} rollme: {{ randAlphaNum 5 | quote }}
spec: spec:
containers: containers:
- image: "{{ .Values.data.bootstrap_image }}" - image: "{{ .Values.data.bootstrapImage }}"
name: "{{ .Values.conf.bootstrap_name }}" name: "{{ .Values.conf.appName }}-bootstrap"
readinessProbe: readinessProbe:
exec: exec:
command: command:
...@@ -25,10 +25,10 @@ spec: ...@@ -25,10 +25,10 @@ spec:
- /tmp/bootstrap_ready - /tmp/bootstrap_ready
envFrom: envFrom:
- configMapRef: - configMapRef:
name: "{{ .Values.conf.bootstrap_configmap }}" name: "{{ .Values.conf.configmap }}-bootstrap"
resources: resources:
limits: limits:
cpu: "{{ .Values.data.bootstrap_limits_cpu }}" cpu: "{{ .Values.data.bootstrapLimitsCpu }}"
memory: "{{ .Values.data.bootstrap_limits_memory }}" memory: "{{ .Values.data.bootstrapLimitsMemory }}"
restartPolicy: Always restartPolicy: Always
serviceAccountName: "{{ .Values.data.bootstrapServiceAccountName }}" serviceAccountName: "{{ .Values.data.bootstrapServiceAccountName }}"
devops/gcp/deploy/templates/partition-deploy.yml
+ 9
9
View file @ fc0ff54f
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: "{{ .Values.conf.app_name }}" name: "{{ .Values.conf.appName }}"
namespace: "{{ .Release.Namespace }}" namespace: "{{ .Release.Namespace }}"
spec: spec:
replicas: 1 replicas: 1
selector: selector:
matchLabels: matchLabels:
app: "{{ .Values.conf.app_name }}" app: "{{ .Values.conf.appName }}"
template: template:
metadata: metadata:
labels: labels:
app: "{{ .Values.conf.app_name }}" app: "{{ .Values.conf.appName }}"
annotations: annotations:
rollme: {{ randAlphaNum 5 | quote }} rollme: {{ randAlphaNum 5 | quote }}
spec: spec:
containers: containers:
- image: "{{ .Values.data.image }}" - image: "{{ .Values.data.image }}"
imagePullPolicy: "{{ .Values.data.imagePullPolicy }}" imagePullPolicy: "{{ .Values.data.imagePullPolicy }}"
name: "{{ .Values.conf.app_name }}" name: "{{ .Values.conf.appName }}"
env: env:
- name: "ACCEPT_HTTP" - name: "ACCEPT_HTTP"
value: "true" value: "true"
envFrom: envFrom:
- configMapRef: - configMapRef:
name: "{{ .Values.conf.configmap }}" name: "{{ .Values.conf.configmap }}"
{{- if .Values.conf.on_prem_enabled }} {{- if .Values.conf.onPremEnabled }}
- secretRef: - secretRef:
name: "{{ .Values.conf.secret }}" name: "{{ .Values.conf.secret }}"
{{- end }} {{- end }}
...@@ -36,9 +36,9 @@ spec: ...@@ -36,9 +36,9 @@ spec:
- containerPort: 8080 - containerPort: 8080
resources: resources:
requests: requests:
cpu: "{{ .Values.data.requests_cpu }}" cpu: "{{ .Values.data.requestsCpu }}"
memory: "{{ .Values.data.requests_memory }}" memory: "{{ .Values.data.requestsMemory }}"
limits: limits:
cpu: "{{ .Values.data.limits_cpu }}" cpu: "{{ .Values.data.limitsCpu }}"
memory: "{{ .Values.data.limits_memory }}" memory: "{{ .Values.data.limitsMemory }}"
serviceAccountName: "{{ .Values.data.serviceAccountName }}" serviceAccountName: "{{ .Values.data.serviceAccountName }}"
devops/gcp/deploy/templates/partition-peer-authentication.yml
+ 1
1
View file @ fc0ff54f
{{- if .Values.conf.on_prem_enabled }} {{- if .Values.conf.onPremEnabled }}
apiVersion: security.istio.io/v1beta1 apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication kind: PeerAuthentication
metadata: metadata:
......
devops/gcp/deploy/templates/partition-service.yml
+ 2
2
View file @ fc0ff54f
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: "{{ .Values.conf.app_name }}" name: "{{ .Values.conf.appName }}"
namespace: "{{ .Release.Namespace }}" namespace: "{{ .Release.Namespace }}"
annotations: annotations:
cloud.google.com/neg: '{"ingress": true}' cloud.google.com/neg: '{"ingress": true}'
...@@ -12,4 +12,4 @@ spec: ...@@ -12,4 +12,4 @@ spec:
protocol: TCP protocol: TCP
name: http name: http
selector: selector:
app: "{{ .Values.conf.app_name }}" app: "{{ .Values.conf.appName }}"
devops/gcp/deploy/templates/partition-virtual-service.yml
+ 6
2
View file @ fc0ff54f
apiVersion: networking.istio.io/v1alpha3 apiVersion: networking.istio.io/v1alpha3
kind: VirtualService kind: VirtualService
metadata: metadata:
name: "{{ .Values.conf.app_name }}" name: "{{ .Values.conf.appName }}"
namespace: "{{ .Release.Namespace }}" namespace: "{{ .Release.Namespace }}"
spec: spec:
hosts: hosts:
{{- if .Values.conf.domain }}
- {{ printf "osdu.%s" .Values.conf.domain | quote }}
{{- else }}
- "*" - "*"
{{- end }}
gateways: gateways:
- service-gateway - service-gateway
http: http:
...@@ -16,4 +20,4 @@ spec: ...@@ -16,4 +20,4 @@ spec:
- destination: - destination:
port: port:
number: 80 number: 80
host: "{{ .Values.conf.app_name }}.{{ .Release.Namespace }}.svc.cluster.local" host: "{{ .Values.conf.appName }}.{{ .Release.Namespace }}.svc.cluster.local"
devops/gcp/deploy/templates/service-account.yml
+ 1
1
View file @ fc0ff54f
{{- if .Values.conf.on_prem_enabled }} {{- if .Values.conf.onPremEnabled }}
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
......
devops/gcp/deploy/values.yaml
+ 11
13
View file @ fc0ff54f
data: data:
requests_cpu: "0.1" requestsCpu: "0.1"
requests_memory: "260M" requestsMemory: "260M"
limits_cpu: "1" limitsCpu: "1"
limits_memory: "1G" limitsMemory: "1G"
serviceAccountName: "partition" serviceAccountName: "partition"
imagePullPolicy: "IfNotPresent" imagePullPolicy: "IfNotPresent"
image: "" image: ""
# bootstrap common # bootstrap
bootstrap_limits_cpu: "0.1" bootstrapLimitsCpu: "0.1"
bootstrap_limits_memory: "200M" bootstrapLimitsMemory: "200M"
bootstrap_image: "" bootstrapImage: ""
bootstrapServiceAccountName: "" bootstrapServiceAccountName: ""
conf: conf:
configmap: "partition-config" configmap: "partition-config"
secret: "partition-postgres-secret" secret: "partition-postgres-secret"
app_name: "partition" appName: "partition"
# bootstrap common onPremEnabled: false
bootstrap_name: "partition-bootstrap" domain: ""
bootstrap_configmap: "partition-bootstrap-configmap"
on_prem_enabled: false
namespacePolicy: namespacePolicy:
mtlsMode: STRICT mtlsMode: STRICT
authorizations: authorizations:
......
provider/partition-gcp/bootstrap/bootstrap_partition.sh
+ 27
28
View file @ fc0ff54f
...@@ -4,42 +4,41 @@ set -ex ...@@ -4,42 +4,41 @@ set -ex
DATA_PARTITION_ID_UPPER=${DATA_PARTITION_ID^^} DATA_PARTITION_ID_UPPER=${DATA_PARTITION_ID^^}
generate_post_data() generate_post_data() {
{
cat <<EOF cat <<EOF
{ {
"properties": { "properties": {
"projectId": { "projectId": {
"sensitive": false, "sensitive": false,
"value": "${PROJECT_ID}" "value": "${PROJECT_ID}"
}, },
"serviceAccount": { "serviceAccount": {
"sensitive": false, "sensitive": false,
"value": "${SERVICEACCOUNT}" "value": "${SERVICEACCOUNT}"
}, },
"complianceRuleSet": { "complianceRuleSet": {
"sensitive": false, "sensitive": false,
"value": "shared" "value": "shared"
}, },
"dataPartitionId": { "dataPartitionId": {
"sensitive": false, "sensitive": false,
"value": "${DATA_PARTITION_ID}" "value": "${DATA_PARTITION_ID}"
}, },
"name": { "name": {
"sensitive": false, "sensitive": false,
"value": "${DATA_PARTITION_ID}" "value": "${DATA_PARTITION_ID}"
}, },
"policy-service-enabled": { "policy-service-enabled": {
"sensitive": false, "sensitive": false,
"value": "false" "value": "false"
}, },
"bucket": { "bucket": {
"sensitive": false, "sensitive": false,
"value": "${PROJECT_ID}-records" "value": "${PROJECT_ID}-records"
}, },
"crmAccountID": { "crmAccountID": {
"sensitive": false, "sensitive": false,
"value": "[${DATA_PARTITION_ID},${DATA_PARTITION_ID}]" "value": "[${DATA_PARTITION_ID},${DATA_PARTITION_ID}]"
}, },
"osm.postgres.datasource.url": { "osm.postgres.datasource.url": {
"sensitive": true, "sensitive": true,
...@@ -89,12 +88,11 @@ generate_post_data() ...@@ -89,12 +88,11 @@ generate_post_data()
"sensitive": true, "sensitive": true,
"value": "RABBITMQ_ADMIN_PASSWORD" "value": "RABBITMQ_ADMIN_PASSWORD"
}, },
"oqm.rabbitmq.admin.schema": {
"oqm.rabbitmq.admin.schema": {
"sensitive": false, "sensitive": false,
"value": "http" "value": "http"
}, },
"oqm.rabbitmq.admin.host": { "oqm.rabbitmq.admin.host": {
"sensitive": false, "sensitive": false,
"value": "rabbitmq" "value": "rabbitmq"
}, },
...@@ -135,9 +133,6 @@ generate_post_data() ...@@ -135,9 +133,6 @@ generate_post_data()
EOF EOF
} }
echo "sleep to prevent 500 response from the partition service, due to timeout of creation for Workload Identity"
sleep 20
if [ "$ENVIRONMENT" == "anthos" ] if [ "$ENVIRONMENT" == "anthos" ]
then then
...@@ -150,21 +145,25 @@ then ...@@ -150,21 +145,25 @@ then
if [ "$status_code" == 201 ] if [ "$status_code" == 201 ]
then then
echo "partition bootstrap was OK!" echo "Partition bootstrap finished successfully!"
elif [ "$status_code" == 409 ] elif [ "$status_code" == 409 ]
then then
curl -X PATCH \ curl -X PATCH \
--url "http://${PARTITION_NAME}/api/partition/v1/partitions/${DATA_PARTITION_ID}" --write-out "%{http_code}" --silent --output "/dev/null" \ --url "http://${PARTITION_NAME}/api/partition/v1/partitions/${DATA_PARTITION_ID}" --write-out "%{http_code}" --silent --output "/dev/null" \
-H "Content-Type: application/json" \ -H "Content-Type: application/json" \
--data-raw "$(generate_post_data)" --data-raw "$(generate_post_data)"
echo "partition was patched because datastore has already had some entities!" echo "Partition was patched because Postgres Database had already had entities!"
else else
exit 1 exit 1
fi fi
# FIXME "$ENVIRONMENT" == "gcp" or use another variable
elif [ "$ENVIRONMENT" == "" ] elif [ "$ENVIRONMENT" == "" ]
then then
echo "sleep to prevent 500 response from the Partition service, due to timeout of creation for Workload Identity"
sleep 20
IDENTITY_TOKEN=$(gcloud auth print-identity-token --audiences="${AUDIENCES}") IDENTITY_TOKEN=$(gcloud auth print-identity-token --audiences="${AUDIENCES}")
SERVICEACCOUNT=${DATAFIER_SA}@${PROJECT_ID}.iam.gserviceaccount.com SERVICEACCOUNT=${DATAFIER_SA}@${PROJECT_ID}.iam.gserviceaccount.com
...@@ -177,7 +176,7 @@ then ...@@ -177,7 +176,7 @@ then
if [ "$status_code" == 201 ] if [ "$status_code" == 201 ]
then then
echo "partition bootstrap was OK!" echo "Partition bootstrap finished successfully!"
elif [ "$status_code" == 409 ] elif [ "$status_code" == 409 ]
then then
curl -X PATCH \ curl -X PATCH \
...@@ -185,7 +184,7 @@ then ...@@ -185,7 +184,7 @@ then
-H "Authorization: Bearer ${IDENTITY_TOKEN}" \ -H "Authorization: Bearer ${IDENTITY_TOKEN}" \
-H "Content-Type: application/json" \ -H "Content-Type: application/json" \
--data-raw "$(generate_post_data)" --data-raw "$(generate_post_data)"
echo "partition was patched because datastore has already had some entities!" echo "Partition was patched because Datastore had already had entities!"
else else
exit 1 exit 1
fi fi
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment