From cb193ae855e8ea8f85815f003a1a897847b4c2d4 Mon Sep 17 00:00:00 2001
From: "Yauheni Rykhter (EPAM)" <yauheni_rykhter@epam.com>
Date: Wed, 6 Mar 2024 09:41:45 +0000
Subject: [PATCH] GONRG-8954: cim schema
---
.gitlab-ci.yml | 6 +-
.../bootstrap-osdu-module/Dockerfile | 21 ++++
.../core-plus/bootstrap-osdu-module/README.md | 28 +++++
.../bootstrap-osdu-module/bootstrap_schema.sh | 102 ++++++++++++++++
.../bootstrap-osdu-module/validate-env.sh | 24 ++++
devops/core-plus/deploy/.helmignore | 23 ++++
devops/core-plus/deploy/Chart.yaml | 24 ++++
devops/core-plus/deploy/README.md | 110 +++++++++++++++++
.../core-plus/deploy/templates/_helpers.tpl | 62 ++++++++++
.../deploy/templates/configmap-bootstrap.yaml | 13 ++
.../core-plus/deploy/templates/configmap.yaml | 16 +++
.../templates/deployment-bootstrap.yaml | 41 +++++++
.../deploy/templates/deployment.yaml | 58 +++++++++
.../deploy/templates/service-account.yaml | 5 +
.../core-plus/deploy/templates/service.yaml | 15 +++
.../deploy/templates/virtual-service.yaml | 25 ++++
devops/core-plus/deploy/values.yaml | 42 +++++++
devops/core-plus/pipeline/override-stages.yml | 114 +++---------------
18 files changed, 632 insertions(+), 97 deletions(-)
create mode 100644 devops/core-plus/bootstrap-osdu-module/Dockerfile
create mode 100644 devops/core-plus/bootstrap-osdu-module/README.md
create mode 100644 devops/core-plus/bootstrap-osdu-module/bootstrap_schema.sh
create mode 100644 devops/core-plus/bootstrap-osdu-module/validate-env.sh
create mode 100644 devops/core-plus/deploy/.helmignore
create mode 100644 devops/core-plus/deploy/Chart.yaml
create mode 100644 devops/core-plus/deploy/README.md
create mode 100644 devops/core-plus/deploy/templates/_helpers.tpl
create mode 100644 devops/core-plus/deploy/templates/configmap-bootstrap.yaml
create mode 100644 devops/core-plus/deploy/templates/configmap.yaml
create mode 100644 devops/core-plus/deploy/templates/deployment-bootstrap.yaml
create mode 100644 devops/core-plus/deploy/templates/deployment.yaml
create mode 100644 devops/core-plus/deploy/templates/service-account.yaml
create mode 100644 devops/core-plus/deploy/templates/service.yaml
create mode 100644 devops/core-plus/deploy/templates/virtual-service.yaml
create mode 100644 devops/core-plus/deploy/values.yaml
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index afb004526..d1d2ef19e 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -80,13 +80,17 @@ include:
- project: "osdu/platform/ci-cd-pipelines"
file: "cloud-providers/gc-global.yml"
+ - project: "osdu/platform/ci-cd-pipelines"
+ file: "cloud-providers/core-global.yml"
+
- local: "devops/gc/pipeline/override-stages.yml"
+ - local: "devops/core-plus/pipeline/override-stages.yml"
- local: "/devops/azure/gitlab-bootstrap.yml"
- local: "/devops/azure/override-stages.yml"
+
- local: "/devops/aws/bootstrap.yaml"
- local: "/devops/ibm/bootstrap.yaml"
- - local: "/devops/core-plus/pipeline/override-stages.yml"
.maven:
image: maven:3.9.3-eclipse-temurin-17
diff --git a/devops/core-plus/bootstrap-osdu-module/Dockerfile b/devops/core-plus/bootstrap-osdu-module/Dockerfile
new file mode 100644
index 000000000..1f7ac918e
--- /dev/null
+++ b/devops/core-plus/bootstrap-osdu-module/Dockerfile
@@ -0,0 +1,21 @@
+FROM google/cloud-sdk:alpine
+
+WORKDIR /opt
+ENV PIP_BREAK_SYSTEM_PACKAGES 1
+
+COPY ./devops/core-plus/bootstrap-osdu-module/*.sh ./
+COPY ./deployments ./
+
+RUN apk update && apk add jq bash py3-pip
+RUN pip3 install --upgrade pip && \
+ pip3 install -r ./scripts/requirements.txt && \
+ pip3 install -r ./scripts/gc-deployment-requirements.txt && \
+ pip3 install -r ./scripts/schema-cleaner/requirements.txt
+RUN chmod +x /opt/bootstrap_schema.sh
+RUN addgroup -g 10001 -S nonroot \
+ && adduser -h /opt -G nonroot -S -u 10001 nonroot
+RUN chown -R 10001:10001 /opt
+
+USER 10001:10001
+
+CMD ["/bin/bash", "-c", "/opt/bootstrap_schema.sh && sleep 365d"]
diff --git a/devops/core-plus/bootstrap-osdu-module/README.md b/devops/core-plus/bootstrap-osdu-module/README.md
new file mode 100644
index 000000000..a0eec8b53
--- /dev/null
+++ b/devops/core-plus/bootstrap-osdu-module/README.md
@@ -0,0 +1,28 @@
+# Verification
+
+Schema service bootstrap is based on python bootstrap scripts at Schema service repository -> `https://community.opengroup.org/osdu/platform/system/schema-service/-/tree/master/deployments/scripts`.
+
+Boostrap scripts contain python script which executes clean-up in Datastore to prevent incorrect bootstrap for Schema service.
+
+After bootstrap script execution, you can go to **Google Cloud console** and look at logs under `Kubernetes Engine -> Workloads -> schema-bootstrap deployment`.
+
+Successful execution will lead to similar output:
+
+> Note: output might be different due to changes in python3 bootstrap scripts.
+
+```
+The kind osdu:wks:work-product-component--WellboreTrajectory:1.0.0 was registered successfully.
+Try POST for id: osdu:wks:work-product-component--WellboreTrajectory:1.1.0
+The kind osdu:wks:work-product-component--WellboreTrajectory:1.1.0 was registered successfully.
+Try POST for id: osdu:wks:reference-data--WellboreTrajectoryType:1.0.0
+The kind osdu:wks:reference-data--WellboreTrajectoryType:1.0.0 was registered successfully.
+Try POST for id: osdu:wks:reference-data--WordFormatType:1.0.0
+The kind osdu:wks:reference-data--WordFormatType:1.0.0 was registered successfully.
+Try POST for id: osdu:wks:work-product--WorkProduct:1.0.0
+The kind osdu:wks:work-product--WorkProduct:1.0.0 was registered successfully.
+This update took 156.52 seconds.
+All 216 schemas registered, updated or left unchanged because of status PUBLISHED.
+```
+
+Additionally new **Datastore Entities** should be created:
+Go to `Datastore -> Entitites -> Namespace (dataecosystem) -> Kind (schema)`, this kind should be populated with schema records.
diff --git a/devops/core-plus/bootstrap-osdu-module/bootstrap_schema.sh b/devops/core-plus/bootstrap-osdu-module/bootstrap_schema.sh
new file mode 100644
index 000000000..85cf0df17
--- /dev/null
+++ b/devops/core-plus/bootstrap-osdu-module/bootstrap_schema.sh
@@ -0,0 +1,102 @@
+#!/usr/bin/env bash
+#
+# Script that bootstraps schema service using Python scripts, that make requests to schema service
+# Contains logic for both Reference and Google Cloud version
+#
+# Expected environment variables:
+# (both environments):
+# - DATA_PARTITION
+# - SCHEMA_URL
+# - ENTITLEMENTS_HOST
+# (for Google Cloud):
+# - AUDIENCES
+# (for Reference):
+# - OPENID_PROVIDER_URL
+# - OPENID_PROVIDER_CLIENT_ID
+# - OPENID_PROVIDER_CLIENT_SECRET
+# (with datastore cleanup)
+# - SCHEMA_BUCKET
+# - DATASTORE_NAMESPACE
+# - DATASTORE_KIND
+# - ENABLE_CLEANUP
+#
+
+set -e
+
+source ./validate-env.sh "DATA_PARTITION"
+source ./validate-env.sh "SCHEMA_URL"
+source ./validate-env.sh "ENTITLEMENTS_HOST"
+source ./validate-env.sh "ENABLE_CLEANUP"
+
+bootstrap_schema_gettoken_onprem() {
+
+ ID_TOKEN="$(curl --location --request POST "${OPENID_PROVIDER_URL}/protocol/openid-connect/token" \
+ --header "Content-Type: application/x-www-form-urlencoded" \
+ --data-urlencode "grant_type=client_credentials" \
+ --data-urlencode "scope=openid" \
+ --data-urlencode "client_id=${OPENID_PROVIDER_CLIENT_ID}" \
+ --data-urlencode "client_secret=${OPENID_PROVIDER_CLIENT_SECRET}" | jq -r ".id_token")"
+
+ export BEARER_TOKEN="Bearer ${ID_TOKEN}"
+}
+
+bootstrap_schema_gettoken_gc() {
+
+ BEARER_TOKEN=$(gcloud auth print-identity-token)
+
+ export BEARER_TOKEN
+}
+
+bootstrap_schema_prechek_env() {
+
+ status_code=$(curl --retry 1 --location -globoff --request GET "${ENTITLEMENTS_HOST}/api/entitlements/v2/groups" \
+ --write-out "%{http_code}" --silent --output "/dev/null" \
+ --header 'Content-Type: application/json' \
+ --header "data-partition-id: ${DATA_PARTITION}" \
+ --header "Authorization: ${BEARER_TOKEN}")
+
+ if [ "$status_code" == 200 ]
+ then
+ echo "$status_code: Entitlements provisioning completed successfully!"
+ else
+ echo "$status_code: Entitlements provisioning is in progress or failed!"
+ exit 1
+ fi
+}
+
+bootstrap_schema_deploy_shared_schemas() {
+ python3 ./scripts/DeploySharedSchemas.py -e -u "${SCHEMA_URL}"/api/schema-service/v1/schemas/system
+}
+
+if [ "${ONPREM_ENABLED}" == "true" ]
+then
+ source ./validate-env.sh "OPENID_PROVIDER_URL"
+ source ./validate-env.sh "OPENID_PROVIDER_CLIENT_ID"
+ source ./validate-env.sh "OPENID_PROVIDER_CLIENT_SECRET"
+
+ # Get credentials for onprem
+ bootstrap_schema_gettoken_onprem
+
+else
+ if [ "${ENABLE_CLEANUP}" == "true" ]
+ then
+ source ./validate-env.sh "SCHEMA_BUCKET"
+ source ./validate-env.sh "DATASTORE_NAMESPACE"
+ source ./validate-env.sh "DATASTORE_KIND"
+ echo "Started schema cleanup"
+ python3 ./scripts/schema-cleaner/main.py -u "${SCHEMA_URL}"/api/schema-service/v1/schemas/system
+ echo "Finished schema cleanup"
+ fi
+
+ # Get credentials for Google Cloud
+ bootstrap_schema_gettoken_gc
+
+fi
+
+# Precheck entitlements
+bootstrap_schema_prechek_env
+
+# Deploy shared schemas
+bootstrap_schema_deploy_shared_schemas
+
+touch /tmp/bootstrap_ready
diff --git a/devops/core-plus/bootstrap-osdu-module/validate-env.sh b/devops/core-plus/bootstrap-osdu-module/validate-env.sh
new file mode 100644
index 000000000..5649203a1
--- /dev/null
+++ b/devops/core-plus/bootstrap-osdu-module/validate-env.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+# Copyright 2020 Google LLC
+# Copyright 2017-2019, Schlumberger
+# Copyright 2022 EPAM
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ENV_VAR_NAME=$1
+
+if [ "${!ENV_VAR_NAME}" = "" ]
+then
+ echo "Missing environment variable '$ENV_VAR_NAME'. Please provide all variables and try again"
+ exit 1
+fi
diff --git a/devops/core-plus/deploy/.helmignore b/devops/core-plus/deploy/.helmignore
new file mode 100644
index 000000000..0e8a0eb36
--- /dev/null
+++ b/devops/core-plus/deploy/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/devops/core-plus/deploy/Chart.yaml b/devops/core-plus/deploy/Chart.yaml
new file mode 100644
index 000000000..3fdac5817
--- /dev/null
+++ b/devops/core-plus/deploy/Chart.yaml
@@ -0,0 +1,24 @@
+apiVersion: v2
+name: core-plus-schema-deploy
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.19.0"
diff --git a/devops/core-plus/deploy/README.md b/devops/core-plus/deploy/README.md
new file mode 100644
index 000000000..066ca0f33
--- /dev/null
+++ b/devops/core-plus/deploy/README.md
@@ -0,0 +1,110 @@
+<!--- Deploy --->
+
+# Deploy helm chart
+
+## Introduction
+
+This chart installs a deployment on a [Kubernetes](https://kubernetes.io) cluster using [Helm](https://helm.sh) package manager.
+
+## Prerequisites
+
+The code was tested on **Kubernetes cluster** (v1.21.11) with **Istio** (1.12.6)
+> It is possible to use other versions, but it hasn't been tested
+
+### Operation system
+
+The code works in Debian-based Linux (Debian 10 and Ubuntu 20.04) and Windows WSL 2. Also, it works but is not guaranteed in Google Cloud Shell. All other operating systems, including macOS, are not verified and supported.
+
+### Packages
+
+Packages are only needed for installation from a local computer.
+
+* **HELM** (version: v3.7.1 or higher) [helm](https://helm.sh/docs/intro/install/)
+* **Kubectl** (version: v1.21.0 or higher) [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl)
+
+## Installation
+
+First you need to set variables in **values.yaml** file using any code editor. Some of the values are prefilled, but you need to specify some values as well. You can find more information about them below.
+
+### Global variables
+
+| Name | Description | Type | Default |Required |
+|------|-------------|------|---------|---------|
+**global.domain** | your domain for the external endpoint, ex `example.com` | string | - | yes
+**global.limitsEnabled** | whether CPU and memory limits are enabled | boolean | true | yes
+
+### Configmap variables
+
+| Name | Description | Type | Default |Required |
+|------|-------------|------|---------|---------|
+**data.entitlementsHost** | entitlements host | string | "http://entitlements" | yes
+**data.javaOptions** | java options | string | "-Xms512M -Xmx1024M -XX:+UseG1GC -XX:+UseStringDeduplication -XX:InitiatingHeapOccupancyPercent=45" | yes
+**data.logLevel** | logging level | string | INFO | yes
+**data.partitionHost** | partition host | string | "http://partition" | yes
+**data.schemaTopicName** | topic for schema changes events | string | "schema-changed" | yes
+
+### Deployment variables
+
+| Name | Description | Type | Default |Required |
+|------|-------------|------|---------|---------|
+**data.requestsCpu** | amount of requested CPU | string | 220m | yes
+**data.requestsMemory** | amount of requested memory| string | 1.7G | yes
+**data.limitsCpu** | CPU limit | string | 1 | only if `global.limitsEnabled` is true
+**data.limitsMemory** | memory limit | string | 1.5G | only if `global.limitsEnabled` is true
+**data.bootstrapImage** | bootstrap image | string | - | yes
+**data.bootstrapServiceAccountName** | bootstrap service account name | string | - | yes
+**data.image** | service image | string | - | yes
+**data.imagePullPolicy** | when to pull image | string | IfNotPresent | yes
+**data.serviceAccountName** | name of your service account | string | schema | yes
+
+### Configuration variables
+
+| Name | Description | Type | Default |Required |
+|------|-------------|------|---------|---------|
+**conf.appName** | name of the app | string | `schema` | yes
+**conf.bootstrapSecretName** | secret for bootstrap | string | `datafier-secret` | yes
+**conf.configmap** | configmap to be used | string | `schema-config` | yes
+**conf.minioSecretName** | secret for minio | string | `schema-minio-secret` | yes
+**conf.postgresSecretName** | secret for postgres | string | `schema-postgres-secret` | yes
+**conf.rabbitmqSecretName** | secret for rabbitmq | string | `rabbitmq-secret` | yes
+
+<!-- ### Datastore cleanup and bootstrap schemas variables
+
+> Datastore cleanup is used for cleaning Datastore Schema Entities if they are not present in Schema bucket
+
+| Name | Description | Type | Default |Required |
+|------|-------------|------|---------|---------|
+**data.datastoreKind** | Datastore Kind for Schema | string | "system_schema_osm" | yes
+**data.datastoreNamespace** | Datastore Namespace for Schema | string | "dataecosystem" | yes
+**data.enableCleanup** | whether cleanup is enabled | boolean | false | yes
+**data.schemaBucket** | name of the bucket with schemas | string | - | yes
+**data.schemaHost** | schema host | string | "http://schema" | yes -->
+
+### Istio variables
+
+| Name | Description | Type | Default |Required |
+|------|-------------|------|---------|---------|
+**istio.proxyCPU** | CPU request for Envoy sidecars | string | `90m` | yes
+**istio.proxyCPULimit** | CPU limit for Envoy sidecars | string | `500m` | yes
+**istio.proxyMemory** | memory request for Envoy sidecars | string | `100Mi` | yes
+**istio.proxyMemoryLimit** | memory limit for Envoy sidecars | string | `512Mi` | yes
+**istio.bootstrapProxyCPU** | CPU request for Envoy sidecars | string | `10m` | yes
+**istio.bootstrapProxyCPULimit** | CPU limit for Envoy sidecars | string | `100m` | yes
+
+### Install the helm chart
+
+Run this command from within this directory:
+
+```console
+helm install core-plus-schema-deploy .
+```
+
+## Uninstalling the Chart
+
+To uninstall the helm deployment:
+
+```console
+helm uninstall core-plus-schema-deploy
+```
+
+[Move-to-Top](#deploy-helm-chart)
diff --git a/devops/core-plus/deploy/templates/_helpers.tpl b/devops/core-plus/deploy/templates/_helpers.tpl
new file mode 100644
index 000000000..7292128ac
--- /dev/null
+++ b/devops/core-plus/deploy/templates/_helpers.tpl
@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "deploy.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "deploy.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "deploy.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "deploy.labels" -}}
+helm.sh/chart: {{ include "deploy.chart" . }}
+{{ include "deploy.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "deploy.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "deploy.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "deploy.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "deploy.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
diff --git a/devops/core-plus/deploy/templates/configmap-bootstrap.yaml b/devops/core-plus/deploy/templates/configmap-bootstrap.yaml
new file mode 100644
index 000000000..1053267c2
--- /dev/null
+++ b/devops/core-plus/deploy/templates/configmap-bootstrap.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ labels:
+ app: {{ printf "%s-bootstrap" .Values.conf.appName | quote }}
+ name: {{ printf "%s-bootstrap" .Values.conf.configmap | quote }}
+ namespace: {{ .Release.Namespace | quote }}
+data:
+ DATA_PARTITION: {{ .Values.global.dataPartitionId | quote }}
+ ONPREM_ENABLED: "true"
+ ENABLE_CLEANUP: {{ .Values.data.enableCleanup | quote }}
+ SCHEMA_URL: {{ .Values.data.schemaHost | quote }}
+ ENTITLEMENTS_HOST: {{ .Values.data.entitlementsHost | quote }}
diff --git a/devops/core-plus/deploy/templates/configmap.yaml b/devops/core-plus/deploy/templates/configmap.yaml
new file mode 100644
index 000000000..78d925d35
--- /dev/null
+++ b/devops/core-plus/deploy/templates/configmap.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ labels:
+ app: {{ .Values.conf.appName | quote }}
+ name: {{ .Values.conf.configmap | quote }}
+ namespace: {{ .Release.Namespace | quote }}
+data:
+ SHARED_TENANT_NAME: {{ .Values.global.dataPartitionId | quote }}
+ LOG_LEVEL: {{ .Values.data.logLevel | quote }}
+ ENTITLEMENTS_HOST: {{ .Values.data.entitlementsHost | quote }}
+ SCHEMA_CHANGED_TOPIC_NAME: {{ .Values.data.schemaTopicName | quote }}
+ SCHEMA_CHANGED_MESSAGING_ENABLED: {{ .Values.data.schemaChangedMessagingEnabled | quote }}
+ PARTITION_HOST: {{ .Values.data.partitionHost | quote }}
+ SPRING_PROFILES_ACTIVE: "anthos"
+ _JAVA_OPTIONS: {{ .Values.data.javaOptions | quote }}
diff --git a/devops/core-plus/deploy/templates/deployment-bootstrap.yaml b/devops/core-plus/deploy/templates/deployment-bootstrap.yaml
new file mode 100644
index 000000000..9a8b4a7ea
--- /dev/null
+++ b/devops/core-plus/deploy/templates/deployment-bootstrap.yaml
@@ -0,0 +1,41 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ app: {{ printf "%s-bootstrap" .Values.conf.appName | quote }}
+ name: {{ printf "%s-bootstrap" .Values.conf.appName | quote }}
+ namespace: {{ .Release.Namespace | quote }}
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: {{ printf "%s-bootstrap" .Values.conf.appName | quote }}
+ template:
+ metadata:
+ labels:
+ app: {{ printf "%s-bootstrap" .Values.conf.appName | quote }}
+ annotations:
+ rollme: {{ randAlphaNum 5 | quote }}
+ sidecar.istio.io/proxyCPU: {{ .Values.istio.bootstrapProxyCPU | quote }}
+ sidecar.istio.io/proxyMemory: {{ .Values.istio.proxyMemory | quote }}
+ sidecar.istio.io/proxyCPULimit: {{ .Values.istio.bootstrapProxyCPULimit | quote }}
+ sidecar.istio.io/proxyMemoryLimit: {{ .Values.istio.proxyMemoryLimit | quote }}
+ spec:
+ containers:
+ - name: {{ printf "%s-bootstrap" .Values.conf.appName | quote }}
+ image: {{ .Values.data.bootstrapImage | quote }}
+ imagePullPolicy: {{ .Values.data.imagePullPolicy | quote }}
+ envFrom:
+ - configMapRef:
+ name: {{ printf "%s-bootstrap" .Values.conf.configmap | quote }}
+ - secretRef:
+ name: {{ .Values.conf.bootstrapSecretName | quote }}
+ readinessProbe:
+ exec:
+ command:
+ - cat
+ - /tmp/bootstrap_ready
+ securityContext:
+ allowPrivilegeEscalation: false
+ runAsNonRoot: true
+ serviceAccountName: {{ .Values.data.bootstrapServiceAccountName | quote }}
diff --git a/devops/core-plus/deploy/templates/deployment.yaml b/devops/core-plus/deploy/templates/deployment.yaml
new file mode 100644
index 000000000..63cd9c043
--- /dev/null
+++ b/devops/core-plus/deploy/templates/deployment.yaml
@@ -0,0 +1,58 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ app: {{ .Values.conf.appName | quote }}
+ name: {{ .Values.conf.appName | quote }}
+ namespace: {{ .Release.Namespace | quote }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ .Values.conf.appName | quote }}
+ replicas: {{ .Values.conf.replicas }}
+ template:
+ metadata:
+ labels:
+ app: {{ .Values.conf.appName | quote }}
+ annotations:
+ rollme: {{ randAlphaNum 5 | quote }}
+ sidecar.istio.io/proxyCPU: {{ .Values.istio.proxyCPU | quote }}
+ sidecar.istio.io/proxyMemory: {{ .Values.istio.proxyMemory | quote }}
+ sidecar.istio.io/proxyCPULimit: {{ .Values.istio.proxyCPULimit | quote }}
+ sidecar.istio.io/proxyMemoryLimit: {{ .Values.istio.proxyMemoryLimit | quote }}
+ spec:
+ containers:
+ - name: {{ .Values.conf.appName | quote }}
+ image: {{ .Values.data.image | quote }}
+ imagePullPolicy: {{ .Values.data.imagePullPolicy | quote }}
+ envFrom:
+ - configMapRef:
+ name: {{ .Values.conf.configmap | quote }}
+ - secretRef:
+ name: {{ .Values.conf.minioSecretName | quote }}
+ - secretRef:
+ name: {{ .Values.conf.postgresSecretName | quote }}
+ - secretRef:
+ name: {{ .Values.conf.rabbitmqSecretName | quote }}
+ securityContext:
+ allowPrivilegeEscalation: false
+ runAsNonRoot: true
+ ports:
+ - containerPort: 8080
+ livenessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: /api/schema-service/v1/liveness_check
+ port: 8080
+ initialDelaySeconds: 120
+ periodSeconds: 10
+ resources:
+ requests:
+ cpu: {{ .Values.data.requestsCpu | quote }}
+ memory: {{ .Values.data.requestsMemory | quote }}
+ {{- if .Values.global.limitsEnabled }}
+ limits:
+ cpu: {{ .Values.data.limitsCpu | quote }}
+ memory: {{ .Values.data.limitsMemory | quote }}
+ {{- end }}
+ serviceAccountName: {{ .Values.data.serviceAccountName | quote }}
diff --git a/devops/core-plus/deploy/templates/service-account.yaml b/devops/core-plus/deploy/templates/service-account.yaml
new file mode 100644
index 000000000..3df3488af
--- /dev/null
+++ b/devops/core-plus/deploy/templates/service-account.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ .Values.data.serviceAccountName | quote }}
+ namespace: {{ .Release.Namespace | quote }}
diff --git a/devops/core-plus/deploy/templates/service.yaml b/devops/core-plus/deploy/templates/service.yaml
new file mode 100644
index 000000000..18a2eeae6
--- /dev/null
+++ b/devops/core-plus/deploy/templates/service.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Values.conf.appName | quote }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ .Values.conf.appName | quote }}
+spec:
+ ports:
+ - protocol: TCP
+ port: 80
+ targetPort: 8080
+ name: http
+ selector:
+ app: {{ .Values.conf.appName | quote }}
diff --git a/devops/core-plus/deploy/templates/virtual-service.yaml b/devops/core-plus/deploy/templates/virtual-service.yaml
new file mode 100644
index 000000000..bd529c21d
--- /dev/null
+++ b/devops/core-plus/deploy/templates/virtual-service.yaml
@@ -0,0 +1,25 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+ name: {{ .Values.conf.appName | quote }}
+ namespace: {{ .Release.Namespace | quote }}
+spec:
+ hosts:
+ {{- if and .Values.global.domain .Values.global.onPremEnabled }}
+ - {{ printf "osdu.%s" .Values.global.domain | quote }}
+ {{- else if .Values.global.domain }}
+ - {{ .Values.global.domain | quote }}
+ {{- else }}
+ - "*"
+ {{- end }}
+ gateways:
+ - service-gateway
+ http:
+ - match:
+ - uri:
+ prefix: "/api/schema-service"
+ route:
+ - destination:
+ port:
+ number: 80
+ host: "{{ .Values.conf.appName }}.{{ .Release.Namespace }}.svc.cluster.local"
diff --git a/devops/core-plus/deploy/values.yaml b/devops/core-plus/deploy/values.yaml
new file mode 100644
index 000000000..89fb4b13b
--- /dev/null
+++ b/devops/core-plus/deploy/values.yaml
@@ -0,0 +1,42 @@
+global:
+ domain: ""
+ limitsEnabled: true
+ dataPartitionId: ""
+
+data:
+ #Configmaps
+ entitlementsHost: "http://entitlements"
+ javaOptions: "-Xms512M -Xmx1024M -XX:+UseG1GC -XX:+UseStringDeduplication -XX:InitiatingHeapOccupancyPercent=45"
+ logLevel: "ERROR"
+ partitionHost: "http://partition"
+ schemaTopicName: "schema-changed"
+ schemaChangedMessagingEnabled: true
+ enableCleanup: false
+ schemaHost: "http://schema"
+ #Deployments
+ requestsCpu: "220m"
+ requestsMemory: "1.7G"
+ limitsCpu: "1"
+ limitsMemory: "2.5G"
+ bootstrapImage: ""
+ bootstrapServiceAccountName: ""
+ image: ""
+ imagePullPolicy: "IfNotPresent"
+ serviceAccountName: "schema"
+
+conf:
+ appName: "schema"
+ bootstrapSecretName: "datafier-secret"
+ configmap: "schema-config"
+ minioSecretName: "schema-minio-secret"
+ postgresSecretName: "schema-postgres-secret"
+ rabbitmqSecretName: "rabbitmq-secret"
+ replicas: 1
+
+istio:
+ proxyCPU: "90m"
+ proxyCPULimit: "500m"
+ proxyMemory: "100Mi"
+ proxyMemoryLimit: "512Mi"
+ bootstrapProxyCPU: "10m"
+ bootstrapProxyCPULimit: "100m"
diff --git a/devops/core-plus/pipeline/override-stages.yml b/devops/core-plus/pipeline/override-stages.yml
index ba185aec1..62aabb929 100644
--- a/devops/core-plus/pipeline/override-stages.yml
+++ b/devops/core-plus/pipeline/override-stages.yml
@@ -1,101 +1,23 @@
-gc-containerize-gitlab:core-plus:
- stage: containerize
- needs:
- - "compile-and-unit-test"
- - "download_plugins"
- tags: ["osdu-small"]
- image: docker:19.03
- cache: {}
- variables:
- BUILD_ARGS: "--build-arg PORT=$GC_PORT"
- BUILD_PATH: "schema-core-plus/cloudbuild/Dockerfile"
- IMAGE_NAME: "schema-core-plus"
- script:
- - !reference [.gc_set_image_name, script]
- - docker build $EXTRA_TAG -f $BUILD_PATH $BUILD_ARGS .
- - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
- - docker push $CI_REGISTRY_IMAGE/$IMAGE_NAME
- rules:
- - if: "$CI_COMMIT_BRANCH =~ /^release/"
- when: never
- - if: "$CI_COMMIT_TAG"
- when: never
- - if: "$PROTECTED == '1'"
- when: on_success
-
-gc-helm-charts-gitlab:core-plus:
- stage: containerize
- tags: ["osdu-small"]
- needs: ["gc-containerize-gitlab:core-plus"]
- image:
- name: alpine/helm:3.11.2
- entrypoint: [""]
- variables:
- IMAGE_NAME: "schema-core-plus"
- before_script:
- - helm registry login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
- - !reference [.gc_set_image_name, script]
- - !reference [.gc_substitute_image_in_helm, script]
- script:
- - !reference [.gc_define_app_version, script]
- - helm package $GC_HELM_DEPLOYMENT_DIR -u --version $GC_HELM_PACKAGE_VERSION-$HELM_TAG --app-version $APP_VERSION
- - helm push $GC_HELM_PACKAGE_NAME-$GC_HELM_PACKAGE_VERSION-$HELM_TAG.tgz oci://$CI_REGISTRY_IMAGE/core-plus-helm
- rules:
- - if: "$CI_COMMIT_BRANCH =~ /^release/"
- when: never
- - if: "$CI_COMMIT_TAG"
- when: never
- - if: "$PROTECTED == '1'"
- when: on_success
+variables:
+ CORE_BUILD_BOOTSTRAP_PATH: "devops/core-plus/bootstrap-osdu-module/Dockerfile"
+ CORE_BUILD_PATH: "schema-core-plus/cloudbuild/Dockerfile"
+ CORE_HELM_PACKAGE_NAME: core-plus-schema-deploy
+ CORE_ENABLE_BOOTSTRAP: "true"
+ CORE_SERVICE: schema
+ CORE_HELM_TIMEOUT: "--timeout 15m"
-gc-baremetal-deploy:
- environment:
- name: GC_Baremetal
- extends: .gc-baremetal-variables
- id_tokens:
- GITLAB_OIDC_TOKEN:
- aud: https://iam.googleapis.com/projects/${GC_PROJECT_NUMBER}/locations/global/workloadIdentityPools/${GC_POOL_ID}/providers/${GC_PROVIDER_ID}
- tags: ["osdu-small"]
- image: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine
- stage: deploy
- needs:
- - "gc-containerize-gitlab:core-plus"
- - "gc-helm-charts-gitlab:core-plus"
- retry: 1
+core-test:
variables:
- IMAGE_NAME: "schema-core-plus"
- GC_SA_EMAIL: $GC_SA_GKE_EMAIL
+ CORE_TEST_SUBDIR: testing/schema-test-core
+ HOST: https://osdu.core-dev.gcp.gnrg-osdu.projects.epam.com
+ PRIVATE_TENANT1: osdu
+ PRIVATE_TENANT2: osdu
+ SHARED_TENANT: osdu
+ VENDOR: anthos
script:
- - !reference [.gc_obtain_credentials, script]
- - !reference [.gc_set_image_name, script]
- - !reference [.gc_common_config, script]
- - >
- helm upgrade $GC_SERVICE-deploy oci://$CI_REGISTRY_IMAGE/core-plus-helm/$GC_HELM_PACKAGE_NAME
- --version $GC_HELM_PACKAGE_VERSION-$HELM_TAG
- --install
- --create-namespace
- --namespace=$GC_HELM_NAMESPACE
- --wait
- --history-max=3
- --set global.onPremEnabled=true
- --set global.domain=$GC_DOMAIN
- --set data.serviceAccountName=$GC_SERVICE
- --set data.bootstrapServiceAccountName=$GC_BOOTSTRAP_SA
- --set data.logLevel=INFO
- --set data.springProfilesActive=$GC_SPRING_PROFILES_ACTIVE
- --set global.dataPartitionId=$GC_TENANT
- - !reference [.gc_verify_deploy, script]
- - !reference [.gc_verify_bootstrap, script]
- rules:
- - if: "$CI_COMMIT_BRANCH =~ /^release/"
- when: never
- - if: "$CI_COMMIT_TAG"
- when: never
- - if: "$PROTECTED == '1'"
- when: on_success
+ - $MAVEN_BUILD . test-results.log verify -q -f $CORE_TEST_SUBDIR/pom.xml
-gc-baremetal-test:
+core-containerize-bootstrap-gitlab:
variables:
- GC_TEST_SUBDIR: testing/schema-test-core
- script:
- - $MAVEN_BUILD . test-results.log verify -q -f $GC_TEST_SUBDIR/pom.xml
+ IMAGE_BOOTSTRAP_NAME: "core-plus-bootstrap-schema"
+ tags: ["osdu-medium"]
--
GitLab