Commit c8dc5d29 authored by Sherman Yang's avatar Sherman Yang
Browse files

sync up with latest Delfi changes

parent 35461632
Pipeline #10438 passed with stages
in 6 minutes and 55 seconds
FROM openjdk:8-jdk-alpine
ARG ENTITLEMENT_URL
ARG client-id
ENV ENTITLEMENT_URL=$ENTITLEMENT_URL
ENV client-id=$client-id
EXPOSE 8080
COPY /target/crs-catalog-aks-1.0.0.jar /app.jar
COPY provider/crs-catalog-azure/crs-catalog-aks/target/crs-catalog-aks-1.0.0.jar /app.jar
ENTRYPOINT ["java","-jar","/app.jar"]
......@@ -24,23 +24,23 @@ spec:
- name: shared-data
emptyDir: {}
imagePullSecrets:
- name: {{ .Values.catalogs.imagePullSecrets }}
- name: {{ .Values.image.imagePullSecrets }}
initContainers:
- name: "init-crs-catalog"
image: "{{ .Values.catalogs.repository }}:{{ .Values.catalogs.tag }}"
imagePullPolicy: {{ .Values.catalogs.pullPolicy }}
image: "{{ .Values.catalog.repository }}:{{ .Values.catalog.tag }}"
imagePullPolicy: {{ .Values.catalog.pullPolicy }}
volumeMounts:
- name: shared-data
mountPath: /mnt/crs_catalogs
containers:
- name: {{ .Chart.Name }}
image: {{ .Values.image.repository }}/{{ .Chart.Name }}-{{ .Values.image.branch }}:{{ .Values.image.tag | default .Chart.AppVersion }}
imagePullPolicy: Always
image: "{{ .Values.app.repository }}:{{ .Values.app.tag }}"
imagePullPolicy: {{ .Values.app.pullPolicy }}
ports:
- containerPort: 80
readinessProbe:
httpGet:
path: /api/crs/catalog/swagger-ui.html
path: /api/crs/catalog/_ah/readiness_check
port: 80
volumeMounts:
- name: azure-keyvault
......@@ -52,7 +52,7 @@ spec:
- name: spring_application_name
value: crs-catalog-service
- name: server.servlet.contextPath
value: /api/crs/catalog/v2/
value: /api/crs/catalog/
- name: server_port
value: "80"
- name: ACCEPT_HTTP # TEMPORARY UNTIL HTTPS
......@@ -82,10 +82,6 @@ spec:
secretKeyRef:
name: appid
key: appid
- name: azure_activedirectory_session_stateless
value: "true"
- name: azure_activedirectory_AppIdUri
value: "api://$(aad_client_id)"
- name: appinsights_key
valueFrom:
secretKeyRef:
......
......@@ -2,13 +2,16 @@ global:
replicaCount: 1
image:
repository: community.opengroup.org:5555/osdu/platform/ref/crs-catalog-service
branch: master
imagePullSecrets: acr
app:
repository: delfi.azurecr.io/crs-catalog-app
tag: latest
pullPolicy: Always
catalogs:
catalog:
repository: delfi.azurecr.io/crs-catalogs
tag: v2
pullPolicy: Always
imagePullSecrets: acr
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
# Copyright 2017-2019, Schlumberger
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
appVersion: "1.0"
description: A Helm chart for Kubernetes
name: crs-catalog-aks
version: 0.1.0
Copyright 2017-2019, Schlumberger
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range $host := .Values.ingress.hosts }}
{{- range $.Values.ingress.paths }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host }}{{ . }}
{{- end }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "crs-catalog-aks.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get svc -w {{ include "crs-catalog-aks.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "crs-catalog-aks.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "crs-catalog-aks.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl port-forward $POD_NAME 8080:80
{{- end }}
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "crs-catalog-aks.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "crs-catalog-aks.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "crs-catalog-aks.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
# Copyright 2017-2019, Schlumberger
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apps/v1
kind: Deployment
metadata:
name: "crs-catalog-aks"
namespace: {{ .Values.namespace }}
labels:
app: "crs-catalog-aks"
version: v2
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
app: "crs-catalog-aks"
version: v2
template:
metadata:
labels:
app: "crs-catalog-aks"
version: v2
spec:
volumes:
- name: shared-data
emptyDir: {}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
volumeMounts:
- name: shared-data
mountPath: /mnt/crs_catalogs
ports:
- name: http
containerPort: {{ .Values.service.http.targetPort }}
- name: https
containerPort: {{ .Values.service.https.targetPort }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
env:
- name: ENTITLEMENT_URL
value: "{{.Values.service.entitlement.url}}"
- name: client-id
value: "{{.Values.service.client.url}}"
initContainers:
- name: "init-crs-catalog"
image: "{{ .Values.catalogs.repository }}:{{ .Values.catalogs.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
volumeMounts:
- name: shared-data
mountPath: /mnt/crs_catalogs
imagePullSecrets:
- name: {{ .Values.image.imagePullSecrets }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
# Copyright 2017-2019, Schlumberger
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "crs-catalog-aks.fullname" . -}}
{{- $ingressPaths := .Values.ingress.paths -}}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: {{ $fullName }}
namespace: {{ .Values.namespace }}
labels:
app.kubernetes.io/name: {{ include "crs-catalog-aks.name" . }}
helm.sh/chart: {{ include "crs-catalog-aks.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ . | quote }}
http:
paths:
{{- range $ingressPaths }}
- path: {{ . }}
backend:
serviceName: {{ $fullName }}
servicePort: http
{{- end }}
{{- end }}
{{- end }}
# Copyright 2017-2019, Schlumberger
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: Service
metadata:
name: "crs-catalog-aks"
namespace: {{ .Values.namespace }}
labels:
name: "crs-catalog-aks"
labels:
app: crs-catalog-aks
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.http.port }}
targetPort: {{ .Values.service.http.targetPort }}
name: http
- port: {{ .Values.service.https.port }}
targetPort: {{ .Values.service.https.targetPort }}
name: https
selector:
app: crs-catalog-aks
# Copyright 2017-2019, Schlumberger
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "crs-catalog-aks.fullname" . }}-test-connection"
namespace: {{ .Values.namespace }}
labels:
app.kubernetes.io/name: {{ include "crs-catalog-aks.name" . }}
helm.sh/chart: {{ include "crs-catalog-aks.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
annotations:
"helm.sh/hook": test-success
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "crs-catalog-aks.fullname" . }}:{{ .Values.service.port }}']
restartPolicy: Never
# Copyright 2017-2019, Schlumberger
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Default values for crs-catalog-aks.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
namespace: default
replicaCount: 1
image:
repository: delfi.azurecr.io/crs-catalog-aks
tag: v2
pullPolicy: Always
imagePullSecrets: acr
catalogs:
repository: delfi.azurecr.io/crs-catalogs
tag: v2
pullPolicy: Always
imagePullSecrets: acr
nameOverride: ""
fullnameOverride: ""
service:
type: NodePort
http:
port: 80
targetPort: 8080
https:
port: 443
targetPort: 8443
entitlement:
url: ENTITLEMENT_URL
client:
url: client-id
ingress:
enabled: false
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
paths: []
hosts:
- chart-example.local
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
# Maven package Java project Web App to Linux on Azure
# Build your Java project and deploy it to Azure as a Linux web app
# Add steps that analyze code, save build artifacts, deploy, and more:
# https://docs.microsoft.com/azure/devops/pipelines/languages/java
# Required Group Variables - `Service Pipeline Variables`
# VM_IMAGE_NAME -- Agent VM image name
# AZURE_SUBSCRIPTION - ${{env_name}} -- Azure Resource Manager service connection created during pipeline creation
# Required Group Variables - `Service Pipeline Variables - {env_name}`
# AZURE_AD_APP_RESOURCE_ID
# AZURE_AD_OTHER_APP_RESOURCE_ID
# AZURE_AD_TENANT_ID -- Azure Subscription Id
# DOMAIN
# ENTITLEMENT_URL -- end with '/'
# ENVIRONMENT_NAME
# EXPIRED_TOKEN
# INTEGRATION_TESTER
# MY_TENANT
# ENTITLEMENTS_WEBAPPNAME
trigger:
branches:
include:
- master
paths:
exclude:
- README.md
- OpenDES_Azure_Security.md
- .gitignore
- images/*
variables:
- group: 'AZURE_REGISTRY_DELFI'
- group: 'Azure Common Secrets'
- group: 'Azure - Common'
- group: 'Azure Service Release - crs-catalog'
- name: imageName
value: 'crs-catalog-aks'
stages:
- template: stages.yml
parameters:
environments:
- name: 'devint'
kubeconfig: 'devint-aks-kubeconfig'
- ${{ if eq(variables['Build.SourceBranchName'], 'master') }}:
- name: 'qa'
kubeconfig: 'qa-aks-kubeconfig'
- name: 'prod'
kubeconfig: 'prod-aks-kubeconfig'
parameters:
environments: []
stages:
- ${{ each environment in parameters.environments }}:
- stage: 'Build_${{ environment.name }}'
variables:
- group: 'Azure Target Env - ${{environment.name}}'
- group: 'Azure Target Env Secrets - ${{environment.name}}'
- name: tag
value: 'v2'
jobs:
- job: MavenPackageAndPublishArtifacts
displayName: Maven Package and Publish Artifacts
pool: $(AGENT_POOL)
steps:
- ${{ if eq(environment.name, 'devint') }}:
- bash: |
#!/bin/bash
set -e
pushd data
docker login -u $(dockerId) -p $(dockerPassword) $(dockerId).azurecr.io
docker build -t $(dockerId).azurecr.io/crs-catalogs:v2 .
docker push $(dockerId).azurecr.io/crs-catalogs:v2
popd
displayName: 'build and upload data catalog image'
- task: Maven@3
displayName: 'Maven: build'
inputs:
mavenPomFile: 'pom.xml'
goals: 'install'
publishJUnitResults: true
- bash: |
#!/bin/bash
set -e
pushd provider/crs-catalog-azure/crs-catalog-aks
docker login -u $(dockerId) -p $(dockerPassword) $(dockerId).azurecr.io
docker build -t $(dockerId).azurecr.io/$(imageName):$(tag) .
echo 'Image done.'
docker tag $(dockerId).azurecr.io/$(imageName):$(tag) $(dockerId).azurecr.io/$(imageName):latest
echo 'Added $(dockerId).azurecr.io/$(imageName):latest tag to $(dockerId).azurecr.io/$(imageName):$(tag)'
docker push $(dockerId).azurecr.io/$(imageName):$(tag)