Commit eff7d3a9 authored by Sherman Yang's avatar Sherman Yang
Browse files

Merge branch 'aks' into 'master'

Port latest Delfi updates to OSDU

See merge request !4
parents 86cbfcb3 5a09ed6b
Pipeline #10965 passed with stages
in 7 minutes and 34 seconds
FROM openjdk:8-jdk-alpine
ARG ENTITLEMENT_URL
ARG client-id
ENV ENTITLEMENT_URL=$ENTITLEMENT_URL
ENV client-id=$client-id
EXPOSE 8080
COPY /target/crs-catalog-aks-1.0.0.jar /app.jar
COPY provider/crs-catalog-azure/crs-catalog-aks/target/crs-catalog-aks-1.0.0.jar /app.jar
ENTRYPOINT ["java","-jar","/app.jar"]
# Pipeline Support Commands
```bash
AZURE_SERVICE="crs-catalog-service"
REPO_BRANCH="master"
TAG="latest"
PARTIAL=${REPO_BRANCH/\//-}
BRANCH=${PARTIAL/./-}
echo "--set image.branch=$BRANCH --set image.tag=$TAG"
# Install the Service
helm upgrade -i osdu-gitlab-$AZURE_SERVICE chart --set image.branch=$BRANCH --set image.tag=$TAG
pod=$(kubectl get pod |grep $AZURE_SERVICE | tail -1 | awk '{print $1}')
status=$(kubectl wait --for=condition=Ready pod/$pod --timeout=60s)
if [[ "$status" != *"met"* ]]; then echo "POD didn't start correctly" ; exit 1 ; fi
```
apiVersion: v2
name: crs-catalog-service
appVersion: "latest"
description: Helm Chart for installing crs-catalog-service service.
version: 0.1.0
type: application
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Release.Name }}
namespace: osdu
spec:
replicas: {{ .Values.global.replicaCount }}
selector:
matchLabels:
app: {{ .Chart.Name }}
template:
metadata:
labels:
app: {{ .Chart.Name }}
aadpodidbinding: osdu-identity
spec:
volumes:
- name: azure-keyvault
csi:
driver: secrets-store.csi.k8s.io
readOnly: true
volumeAttributes:
secretProviderClass: azure-keyvault
- name: shared-data
emptyDir: {}
imagePullSecrets:
- name: {{ .Values.image.imagePullSecrets }}
initContainers:
- name: "init-crs-catalog"
image: "{{ .Values.catalog.repository }}:{{ .Values.catalog.tag }}"
imagePullPolicy: {{ .Values.catalog.pullPolicy }}
volumeMounts:
- name: shared-data
mountPath: /mnt/crs_catalogs
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.app.repository }}:{{ .Values.app.tag }}"
imagePullPolicy: {{ .Values.app.pullPolicy }}
ports:
- containerPort: 80
readinessProbe:
httpGet:
path: /api/crs/catalog/_ah/readiness_check
port: 80
volumeMounts:
- name: azure-keyvault
mountPath: "/mnt/azure-keyvault"
readOnly: true
- name: shared-data
mountPath: /mnt/crs_catalogs
env:
- name: spring_application_name
value: crs-catalog-service
- name: server.servlet.contextPath
value: /api/crs/catalog/
- name: server_port
value: "80"
- name: ACCEPT_HTTP # TEMPORARY UNTIL HTTPS
value: "true"
- name: KEYVAULT_URI
valueFrom:
configMapKeyRef:
name: osdu-svc-properties
key: ENV_KEYVAULT
- name: AZURE_TENANT_ID
valueFrom:
configMapKeyRef:
name: osdu-svc-properties
key: ENV_TENANT_ID
- name: client-id
valueFrom:
secretKeyRef:
name: clientid
key: clientid
- name: AZURE_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: clientpassword
key: clientpassword
- name: aad_client_id
valueFrom:
secretKeyRef:
name: appid
key: appid
- name: appinsights_key
valueFrom:
secretKeyRef:
name: appinsights
key: appinsights
- name: ENTITLEMENT_URL
value: http://entitlements-azure/entitlements/v1
- name: azure_istioauth_enabled
value: "true"
apiVersion: v1
kind: Service
metadata:
name: {{ .Chart.Name }}
namespace: osdu
spec:
type: ClusterIP
ports:
- protocol: TCP
port: 80
targetPort: 80
selector:
app: {{ .Chart.Name }}
global:
replicaCount: 1
image:
imagePullSecrets: acr
app:
repository: community.opengroup.org:5555/osdu/platform/ref-and-helper/crs-catalog-app
branch: master
tag: latest
pullPolicy: Always
catalog:
repository: community.opengroup.org:5555/osdu/platform/ref-and-helper/crs-catalogs
tag: v2
pullPolicy: Always
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
# Copyright 2017-2019, Schlumberger
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
appVersion: "1.0"
description: A Helm chart for Kubernetes
name: crs-catalog-aks
version: 0.1.0
Copyright 2017-2019, Schlumberger
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range $host := .Values.ingress.hosts }}
{{- range $.Values.ingress.paths }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host }}{{ . }}
{{- end }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "crs-catalog-aks.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get svc -w {{ include "crs-catalog-aks.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "crs-catalog-aks.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "crs-catalog-aks.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl port-forward $POD_NAME 8080:80
{{- end }}
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "crs-catalog-aks.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "crs-catalog-aks.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "crs-catalog-aks.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
# Copyright 2017-2019, Schlumberger
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apps/v1
kind: Deployment
metadata:
name: "crs-catalog-aks"
namespace: {{ .Values.namespace }}
labels:
app: "crs-catalog-aks"
version: v2
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
app: "crs-catalog-aks"
version: v2
template:
metadata:
labels:
app: "crs-catalog-aks"
version: v2
spec:
volumes:
- name: shared-data
emptyDir: {}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
volumeMounts:
- name: shared-data
mountPath: /mnt/crs_catalogs
ports:
- name: http
containerPort: {{ .Values.service.http.targetPort }}
- name: https
containerPort: {{ .Values.service.https.targetPort }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
env:
- name: ENTITLEMENT_URL
value: "{{.Values.service.entitlement.url}}"
- name: client-id
value: "{{.Values.service.client.url}}"
initContainers:
- name: "init-crs-catalog"
image: "{{ .Values.catalogs.repository }}:{{ .Values.catalogs.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
volumeMounts:
- name: shared-data
mountPath: /mnt/crs_catalogs
imagePullSecrets:
- name: {{ .Values.image.imagePullSecrets }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
# Copyright 2017-2019, Schlumberger
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "crs-catalog-aks.fullname" . -}}
{{- $ingressPaths := .Values.ingress.paths -}}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: {{ $fullName }}
namespace: {{ .Values.namespace }}
labels:
app.kubernetes.io/name: {{ include "crs-catalog-aks.name" . }}
helm.sh/chart: {{ include "crs-catalog-aks.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ . | quote }}
http:
paths:
{{- range $ingressPaths }}
- path: {{ . }}
backend:
serviceName: {{ $fullName }}
servicePort: http
{{- end }}
{{- end }}
{{- end }}
# Copyright 2017-2019, Schlumberger
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: Service
metadata:
name: "crs-catalog-aks"
namespace: {{ .Values.namespace }}
labels:
name: "crs-catalog-aks"
labels:
app: crs-catalog-aks
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.http.port }}
targetPort: {{ .Values.service.http.targetPort }}
name: http
- port: {{ .Values.service.https.port }}
targetPort: {{ .Values.service.https.targetPort }}
name: https
selector:
app: crs-catalog-aks
# Copyright 2017-2019, Schlumberger
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "crs-catalog-aks.fullname" . }}-test-connection"
namespace: {{ .Values.namespace }}
labels:
app.kubernetes.io/name: {{ include "crs-catalog-aks.name" . }}
helm.sh/chart: {{ include "crs-catalog-aks.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
annotations:
"helm.sh/hook": test-success
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "crs-catalog-aks.fullname" . }}:{{ .Values.service.port }}']
restartPolicy: Never
# Copyright 2017-2019, Schlumberger
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Default values for crs-catalog-aks.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
namespace: default
replicaCount: 1
image:
repository: delfi.azurecr.io/crs-catalog-aks
tag: v2
pullPolicy: Always
imagePullSecrets: acr
catalogs:
repository: delfi.azurecr.io/crs-catalogs
tag: v2
pullPolicy: Always
imagePullSecrets: acr
nameOverride: ""
fullnameOverride: ""
service:
type: NodePort
http:
port: 80
targetPort: 8080
https:
port: 443
targetPort: 8443
entitlement:
url: ENTITLEMENT_URL
client:
url: client-id
ingress:
enabled: false
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
paths: []
hosts:
- chart-example.local
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
# Maven package Java project Web App to Linux on Azure
# Build your Java project and deploy it to Azure as a Linux web app
# Add steps that analyze code, save build artifacts, deploy, and more:
# https://docs.microsoft.com/azure/devops/pipelines/languages/java
# Required Group Variables - `Service Pipeline Variables`
# VM_IMAGE_NAME -- Agent VM image name
# AZURE_SUBSCRIPTION - ${{env_name}} -- Azure Resource Manager service connection created during pipeline creation
# Required Group Variables - `Service Pipeline Variables - {env_name}`
# AZURE_AD_APP_RESOURCE_ID
# AZURE_AD_OTHER_APP_RESOURCE_ID
# AZURE_AD_TENANT_ID -- Azure Subscription Id
# DOMAIN
# ENTITLEMENT_URL -- end with '/'
# ENVIRONMENT_NAME