From 123a2d9088a6bd3de9e17e27415aacbc7eb9fd82 Mon Sep 17 00:00:00 2001
From: "Eldor Pulatov [EPAM/GCP]" <eldor_pulatov@epam.com>
Date: Wed, 30 Nov 2022 10:50:14 +0000
Subject: [PATCH] GONRG-5936-Merge-all-helms-search
---
.gitlab-ci.yml | 4 +-
devops/gcp/configmap/Chart.yaml | 24 ------
devops/gcp/configmap/README.md | 81 -------------------
devops/gcp/configmap/templates/configmap.yaml | 22 -----
devops/gcp/configmap/values.yaml | 24 ------
devops/gcp/deploy/README.md | 61 +++++++++-----
devops/gcp/deploy/templates/configmap.yaml | 22 +++++
devops/gcp/deploy/templates/deployment.yaml | 30 +++----
.../gcp/deploy/templates/service-account.yaml | 4 +-
devops/gcp/deploy/templates/service.yaml | 9 +--
.../gcp/deploy/templates/virtual-service.yaml | 6 +-
devops/gcp/deploy/values.yaml | 21 +++--
devops/gcp/pipeline/override-stages.yml | 2 +
13 files changed, 104 insertions(+), 206 deletions(-)
delete mode 100644 devops/gcp/configmap/Chart.yaml
delete mode 100644 devops/gcp/configmap/README.md
delete mode 100644 devops/gcp/configmap/templates/configmap.yaml
delete mode 100644 devops/gcp/configmap/values.yaml
create mode 100644 devops/gcp/deploy/templates/configmap.yaml
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 873a24ed1..54983b2d5 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -56,10 +56,10 @@ include:
- project: "osdu/platform/ci-cd-pipelines"
file: "cloud-providers/osdu-gcp-global.yml"
+ - local: "devops/gcp/pipeline/override-stages.yml"
+
- project: "osdu/platform/ci-cd-pipelines"
file: "publishing/pages.yml"
- - local: "devops/gcp/pipeline/override-stages.yml"
-
aws-test-java:
tags: ["aws-internal-test"]
diff --git a/devops/gcp/configmap/Chart.yaml b/devops/gcp/configmap/Chart.yaml
deleted file mode 100644
index 22e167d0a..000000000
--- a/devops/gcp/configmap/Chart.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
-apiVersion: v2
-name: gcp-search-configmap
-description: A Helm chart for Kubernetes
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
-appVersion: "1.16.0"
diff --git a/devops/gcp/configmap/README.md b/devops/gcp/configmap/README.md
deleted file mode 100644
index 6ee4b12dd..000000000
--- a/devops/gcp/configmap/README.md
+++ /dev/null
@@ -1,81 +0,0 @@
-<!--- Configmap -->
-
-# Configmap helm chart
-
-## Introduction
-
-This chart bootstraps a configmap deployment on a [Kubernetes](https://kubernetes.io) cluster using [Helm](https://helm.sh) package manager.
-
-## Prerequisites
-
-The code was tested on **Kubernetes cluster** (v1.21.11) with **Istio** (1.12.6)
-> It is possible to use other versions, but it hasn't been tested
-
-### Operation system
-
-The code works in Debian-based Linux (Debian 10 and Ubuntu 20.04) and Windows WSL 2. Also, it works but is not guaranteed in Google Cloud Shell. All other operating systems, including macOS, are not verified and supported.
-
-### Packages
-
-Packages are only needed for installation from a local computer.
-
-- **HELM** (version: v3.7.1 or higher) [helm](https://helm.sh/docs/intro/install/)
-- **Kubectl** (version: v1.21.0 or higher) [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl)
-
-## Installation
-This Helm chart should be installed before [deploy Helm Chart](../deploy)
-First you need to set variables in **values.yaml** file using any code editor. Some of the values are prefilled, but you need to specify some values as well. You can find more information about them below.
-
-### Common variables
-
-| Name | Description | Type | Default |Required |
-|------|-------------|------|---------|---------|
-**logLevel** | logging level | string | `INFO` | yes
-**springProfilesActive** | active spring profile | string | `gcp` | yes
-
-### GCP variables
-
-| Name | Description | Type | Default |Required |
-|------|-------------|------|---------|---------|
-**entitlementsHost** | entitlements service host address | string | `http://entitlements` | yes
-**indexerHost** | indexer service host address | string | `http://register` | yes
-**policyHost** | policy service host address | string | `http://policy` | yes
-**partitionHost** | partition service host address | string | `http://partition` | yes
-**redisGroupHost** | redis group host address | string | `redis-group-master` | yes
-**redisSearchHost** | redis search host address | string | `redis-search-master` | yes
-**policyId** | policeId from ex `${POLICY_HOST}/api/policy/v1/policies` | string | `search` | yes
-**securityHttpsCertificateTrust** | Elastic client connection uses TrustSelfSignedStrategy(), if it is `true` | bool | `true` | yes
-**servicePolicyEnabled** | Enables search service integration with policy service | bool | `false` | yes
-**googleAudiences** | your GCP client ID | string | - | yes
-
-> googleAudiences: If you are connected to GCP console with `gcloud auth application-default login --no-browser` from your terminal, you can get your client_id using the command:
-
-```console
-cat ~/.config/gcloud/application_default_credentials.json | grep client_id
-```
-
-### Config variables
-
-| Name | Description | Type | Default |Required |
-|------|-------------|------|---------|---------|
-**configmap** | configmap name | string | notification-config | yes
-**appName** | name of the app | string | notification | yes
-**onPremEnabled** | whether on-prem is enabled | boolean | false | yes
-
-### Install the helm chart
-
-Run this command from within this directory:
-
-```bash
-helm install gcp-search-configmap .
-```
-
-## Uninstalling the Chart
-
-To uninstall the helm deployment:
-
-```bash
-helm uninstall gcp-search-configmap
-```
-
-[Move-to-Top](#configmap-helm-chart)
diff --git a/devops/gcp/configmap/templates/configmap.yaml b/devops/gcp/configmap/templates/configmap.yaml
deleted file mode 100644
index 55592a4a7..000000000
--- a/devops/gcp/configmap/templates/configmap.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- labels:
- app: "{{ .Values.conf.appName }}"
- name: "{{ .Values.conf.configmap }}"
- namespace: "{{ .Release.Namespace }}"
-data:
- SPRING_PROFILES_ACTIVE: "{{ .Values.data.springProfilesActive }}"
- LOG_LEVEL: "{{ .Values.data.logLevel }}"
- REDIS_GROUP_HOST: "{{ .Values.data.redisGroupHost }}"
- REDIS_SEARCH_HOST: "{{ .Values.data.redisSearchHost }}"
- ENTITLEMENTS_HOST: "{{ .Values.data.entitlementsHost }}"
- SECURITY_HTTPS_CERTIFICATE_TRUST: "{{ .Values.data.securityHttpsCertificateTrust }}"
- PARTITION_HOST: "{{ .Values.data.partitionHost }}"
- POLICY_HOST: "{{ .Values.data.policyHost }}"
- POLICY_ID: "{{ .Values.data.policyId }}"
- INDEXER_BASE_HOST: "{{ .Values.data.indexerHost }}"
- SERVICE_POLICY_ENABLED: "{{ .Values.data.servicePolicyEnabled }}"
- {{- if not .Values.conf.onPremEnabled }}
- GOOGLE_AUDIENCES: "{{ .Values.data.googleAudiences }}"
- {{- end }}
diff --git a/devops/gcp/configmap/values.yaml b/devops/gcp/configmap/values.yaml
deleted file mode 100644
index 3c940172b..000000000
--- a/devops/gcp/configmap/values.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
-# Default values for search configmap.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-data:
- # common
- springProfilesActive: "gcp"
- logLevel: "ERROR"
- redisGroupHost: "redis-group-master"
- redisSearchHost: "redis-search-master"
- entitlementsHost: "http://entitlements"
- partitionHost: "http://partition"
- policyHost: "http://policy"
- indexerHost: "http://indexer"
- policyId: "osdu.instance.search"
- securityHttpsCertificateTrust: "true"
- servicePolicyEnabled: false
- # gcp
- googleAudiences: ""
-
-conf:
- configmap: "search-config"
- appName: "search"
- onPremEnabled: false
diff --git a/devops/gcp/deploy/README.md b/devops/gcp/deploy/README.md
index 54f388b75..5c3750921 100644
--- a/devops/gcp/deploy/README.md
+++ b/devops/gcp/deploy/README.md
@@ -24,33 +24,48 @@ Packages are only needed for installation from a local computer.
## Installation
-Before installing deploy Helm chart you need to install [configmap Helm chart](../configmap).
-First you need to set variables in **values.yaml** file using any code editor. Some of the values are prefilled, but you need to specify some values as well. You can find more information about them below.
-
-### Common variables
-
-| Name | Description | Type | Default |Required |
-|------|-------------|------|---------|---------|
-**image** | your image name | string | - | yes
-**requestsCpu** | amount of requested CPU | string | 0.1 | yes
-**requestsMemory** | amount of requested memory| string | 448M | yes
-**limitsCpu** | CPU limit | string | 1 | yes
-**limitsMemory** | memory limit | string | 1G | yes
-**serviceAccountName** | name of your service account | string | notification | yes
-**imagePullPolicy** | when to pull image | string | IfNotPresent | yes
+You need to set variables in **values.yaml** file using any code editor. Some of the values are prefilled, but you need to specify some values as well. You can find more information about them below.
+
+### Configmap variables
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|----------|
+**logLevel** | logging level | string | `ERROR` | yes
+**springProfilesActive** | active spring profile | string | `gcp` | yes
+**entitlementsHost** | Entitlements service host | string | `http://entitlements` | yes
+**indexerHost** | Indexer service host | string | `http://indexer` | yes
+**policyHost** | Policy service host | string | `http://policy` | yes
+**partitionHost** | Partition service host | string | `http://partition` | yes
+**redisGroupHost** | Redis group host | string | `redis-group-master` | yes
+**redisSearchHost** | Redis search host | string | `redis-search-master` | yes
+**policyId** | policy id from ex `${POLICY_HOST}/api/policy/v1/policies` | string | `search` | yes
+**securityHttpsCertificateTrust** | Elastic client connection uses TrustSelfSignedStrategy(), if it is `true` | bool | `true` | yes
+**servicePolicyEnabled** | Enables Search service integration with Policy service | bool | `false` | yes
+**googleAudiences** | Client ID of Google Cloud Credentials, ex `123-abc123.apps.googleusercontent.com` | string | - | yes
+
+### Deployment variables
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|----------|
+**requestsCpu** | amount of requested CPU | string | `0.1` | yes
+**requestsMemory** | amount of requested memory| string | `448M` | yes
+**limitsCpu** | CPU limit | string | `1` | yes
+**limitsMemory** | memory limit | string | `1G` | yes
+**serviceAccountName** | name of your service account | string | `search` | yes
+**imagePullPolicy** | when to pull image | string | `IfNotPresent` | yes
**image** | service image | string | - | yes
-### Config variables
+### Configuration variables
-| Name | Description | Type | Default |Required |
-|------|-------------|------|---------|---------|
-**domain** | your domain | string | - | yes
-**appName** | name of the app | string | `search` | yes
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|----------|
+**appName** | Service name | string | `search` | yes
**configmap** | configmap to be used | string | `search-config` | yes
-**onPremEnabled** | whether on-prem is enabled | boolean | false | yes
**elasticSecretName** | secret for elasticsearch | string | `search-elastic-secret` | yes
+**onPremEnabled** | whether on-prem is enabled | boolean | false | yes
+**domain** | your domain, ex `example.com` | string | - | yes
-### Install the helm chart
+## Install the Helm chart
Run this command from within this directory:
@@ -58,7 +73,7 @@ Run this command from within this directory:
helm install gcp-search-deploy .
```
-## Uninstalling the Chart
+## Uninstall the Helm chart
To uninstall the helm deployment:
@@ -66,4 +81,6 @@ To uninstall the helm deployment:
helm uninstall gcp-search-deploy
```
+> Do not forget to delete all k8s secrets and PVCs accociated with the Service.
+
[Move-to-Top](#deploy-helm-chart)
diff --git a/devops/gcp/deploy/templates/configmap.yaml b/devops/gcp/deploy/templates/configmap.yaml
new file mode 100644
index 000000000..cedc1f702
--- /dev/null
+++ b/devops/gcp/deploy/templates/configmap.yaml
@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ labels:
+ app: {{ .Values.conf.appName | quote }}
+ name: {{ .Values.conf.configmap | quote }}
+ namespace: {{ .Release.Namespace | quote }}
+data:
+ SPRING_PROFILES_ACTIVE: {{ .Values.data.springProfilesActive | quote }}
+ LOG_LEVEL: {{ .Values.data.logLevel | quote }}
+ REDIS_GROUP_HOST: {{ .Values.data.redisGroupHost | quote }}
+ REDIS_SEARCH_HOST: {{ .Values.data.redisSearchHost | quote }}
+ ENTITLEMENTS_HOST: {{ .Values.data.entitlementsHost | quote }}
+ SECURITY_HTTPS_CERTIFICATE_TRUST: {{ .Values.data.securityHttpsCertificateTrust | quote }}
+ PARTITION_HOST: {{ .Values.data.partitionHost | quote }}
+ POLICY_HOST: {{ .Values.data.policyHost | quote }}
+ POLICY_ID: {{ .Values.data.policyId | quote }}
+ INDEXER_BASE_HOST: {{ .Values.data.indexerHost | quote }}
+ SERVICE_POLICY_ENABLED: {{ .Values.data.servicePolicyEnabled | quote }}
+ {{- if not .Values.conf.onPremEnabled }}
+ GOOGLE_AUDIENCES: {{ .Values.data.googleAudiences | quote }}
+ {{- end }}
diff --git a/devops/gcp/deploy/templates/deployment.yaml b/devops/gcp/deploy/templates/deployment.yaml
index 5795bb214..2a78131fa 100644
--- a/devops/gcp/deploy/templates/deployment.yaml
+++ b/devops/gcp/deploy/templates/deployment.yaml
@@ -2,30 +2,30 @@ apiVersion: apps/v1
kind: Deployment
metadata:
labels:
- app: "{{ .Values.conf.appName }}"
- name: "{{ .Values.conf.appName }}"
- namespace: "{{ .Release.Namespace }}"
+ app: {{ .Values.conf.appName | quote }}
+ name: {{ .Values.conf.appName | quote }}
+ namespace: {{ .Release.Namespace | quote }}
spec:
selector:
matchLabels:
- app: "{{ .Values.conf.appName }}"
+ app: {{ .Values.conf.appName | quote }}
replicas: 1
template:
metadata:
labels:
- app: "{{ .Values.conf.appName }}"
+ app: {{ .Values.conf.appName | quote }}
annotations:
rollme: {{ randAlphaNum 5 | quote }}
spec:
containers:
- - name: "{{ .Values.conf.appName }}"
- image: "{{ .Values.data.image }}"
- imagePullPolicy: "{{ .Values.data.imagePullPolicy }}"
+ - name: {{ .Values.conf.appName | quote }}
+ image: {{ .Values.data.image | quote }}
+ imagePullPolicy: {{ .Values.data.imagePullPolicy | quote }}
envFrom:
- configMapRef:
- name: "{{ .Values.conf.configmap }}"
+ name: {{ .Values.conf.configmap | quote }}
- secretRef:
- name: "{{ .Values.conf.elasticSecretName }}"
+ name: {{ .Values.conf.elasticSecretName | quote }}
securityContext:
allowPrivilegeEscalation: false
runAsUser: 0
@@ -33,9 +33,9 @@ spec:
- containerPort: 8080
resources:
requests:
- cpu: "{{ .Values.data.requestsCpu }}"
- memory: "{{ .Values.data.requestsMemory }}"
+ cpu: {{ .Values.data.requestsCpu | quote }}
+ memory: {{ .Values.data.requestsMemory | quote }}
limits:
- cpu: "{{ .Values.data.limitsCpu }}"
- memory: "{{ .Values.data.limitsMemory }}"
- serviceAccountName: "{{ .Values.data.serviceAccountName }}"
+ cpu: {{ .Values.data.limitsCpu | quote }}
+ memory: {{ .Values.data.limitsMemory | quote }}
+ serviceAccountName: {{ .Values.data.serviceAccountName | quote }}
diff --git a/devops/gcp/deploy/templates/service-account.yaml b/devops/gcp/deploy/templates/service-account.yaml
index 25fd74efb..6934624ce 100644
--- a/devops/gcp/deploy/templates/service-account.yaml
+++ b/devops/gcp/deploy/templates/service-account.yaml
@@ -2,6 +2,6 @@
apiVersion: v1
kind: ServiceAccount
metadata:
- name: "{{ .Values.data.serviceAccountName }}"
- namespace: "{{ .Release.Namespace }}"
+ name: {{ .Values.data.serviceAccountName | quote }}
+ namespace: {{ .Release.Namespace | quote }}
{{- end }}
diff --git a/devops/gcp/deploy/templates/service.yaml b/devops/gcp/deploy/templates/service.yaml
index 49dc28423..9d19be308 100644
--- a/devops/gcp/deploy/templates/service.yaml
+++ b/devops/gcp/deploy/templates/service.yaml
@@ -1,15 +1,14 @@
apiVersion: v1
kind: Service
metadata:
- name: "{{ .Values.conf.appName }}"
+ name: {{ .Values.conf.appName | quote }}
annotations:
{{- if not .Values.conf.onPremEnabled }}
cloud.google.com/neg: '{"ingress": true}'
{{- end }}
- namespace: "{{ .Release.Namespace }}"
+ namespace: {{ .Release.Namespace | quote }}
labels:
- app: "{{ .Values.conf.appName }}"
- service: "{{ .Values.conf.appName }}"
+ app: {{ .Values.conf.appName | quote }}
spec:
ports:
- protocol: TCP
@@ -17,4 +16,4 @@ spec:
targetPort: 8080
name: http
selector:
- app: "{{ .Values.conf.appName }}"
+ app: {{ .Values.conf.appName | quote }}
diff --git a/devops/gcp/deploy/templates/virtual-service.yaml b/devops/gcp/deploy/templates/virtual-service.yaml
index c77a9b8ca..d08f868e9 100644
--- a/devops/gcp/deploy/templates/virtual-service.yaml
+++ b/devops/gcp/deploy/templates/virtual-service.yaml
@@ -1,8 +1,8 @@
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
- name: "{{ .Values.conf.appName }}"
- namespace: "{{ .Release.Namespace }}"
+ name: {{ .Values.conf.appName | quote }}
+ namespace: {{ .Release.Namespace | quote }}
spec:
hosts:
{{- if and .Values.conf.domain .Values.conf.onPremEnabled }}
@@ -22,4 +22,4 @@ spec:
- destination:
port:
number: 80
- host: "{{ .Values.conf.appName }}.{{ .Release.Namespace }}.svc.cluster.local"
+ host: {{ printf "%s.%s.svc.cluster.local" .Values.conf.appName .Release.Namespace | quote }}
diff --git a/devops/gcp/deploy/values.yaml b/devops/gcp/deploy/values.yaml
index 02b81d0c0..453a94533 100644
--- a/devops/gcp/deploy/values.yaml
+++ b/devops/gcp/deploy/values.yaml
@@ -1,8 +1,18 @@
-# Default values for search-deploy.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
data:
+ # Configmaps
+ springProfilesActive: "gcp"
+ logLevel: "ERROR"
+ redisGroupHost: "redis-group-master"
+ redisSearchHost: "redis-search-master"
+ entitlementsHost: "http://entitlements"
+ partitionHost: "http://partition"
+ policyHost: "http://policy"
+ indexerHost: "http://indexer"
+ policyId: "osdu.instance.search"
+ securityHttpsCertificateTrust: "true"
+ servicePolicyEnabled: false
+ googleAudiences: ""
+ # Deployments
requestsCpu: "0.1"
requestsMemory: "448M"
limitsCpu: "1"
@@ -10,10 +20,9 @@ data:
serviceAccountName: "search"
imagePullPolicy: "IfNotPresent"
image: ""
-
conf:
+ appName: "search"
configmap: "search-config"
elasticSecretName: "search-elastic-secret"
- appName: "search"
onPremEnabled: false
domain: ""
diff --git a/devops/gcp/pipeline/override-stages.yml b/devops/gcp/pipeline/override-stages.yml
index a9f105f67..65533dce5 100644
--- a/devops/gcp/pipeline/override-stages.yml
+++ b/devops/gcp/pipeline/override-stages.yml
@@ -2,6 +2,8 @@ variables:
OSDU_GCP_SERVICE: search
OSDU_GCP_VENDOR: gcp
OSDU_GCP_TESTING_DIR: "testing/integration-tests"
+ # FIXME remove when all services are migrated to a single helm
+ OSDU_GCP_ENABLE_HELM_CONFIG: "false"
osdu-gcp-anthos-test:
variables:
--
GitLab