From be53695edbb9fde6ec7843eb5a29bb8e255d3a34 Mon Sep 17 00:00:00 2001
From: "Ihor Anikeiev [EPAM / GCP]" <ihor_anikeiev@epam.com>
Date: Tue, 7 Jan 2025 17:09:12 +0000
Subject: [PATCH] [GONRG-10655] Remove BM values, fix helm template, fix
application properties
---
devops/gc/deploy/README.md | 119 +++++++++---------
devops/gc/deploy/templates/configmap.yaml | 5 -
devops/gc/deploy/templates/deployment.yaml | 10 --
.../gc/deploy/templates/service-account.yaml | 7 --
devops/gc/deploy/templates/service.yaml | 6 +-
.../gc/deploy/templates/virtual-service.yaml | 4 +-
devops/gc/deploy/values.yaml | 5 -
.../resources/application-anthos.properties | 7 --
.../main/resources/application-gcp.properties | 7 --
.../src/main/resources/application.properties | 10 ++
10 files changed, 70 insertions(+), 110 deletions(-)
diff --git a/devops/gc/deploy/README.md b/devops/gc/deploy/README.md
index e579739b2..96e921c15 100644
--- a/devops/gc/deploy/README.md
+++ b/devops/gc/deploy/README.md
@@ -28,86 +28,81 @@ First you need to set variables in **values.yaml** file using any code editor. S
### Global variables
-| Name | Description | Type | Default |Required |
-|------|-------------|------|---------|---------|
-**global.domain** | your domain for the external endpoint, ex `example.com` | string | - | yes
-**global.onPremEnabled** | whether on-prem is enabled | boolean | `false` | yes
-**global.limitsEnabled** | whether CPU and memory limits are enabled | boolean | `true` | yes
-**global.logLevel** | severity of logging level | string | `ERROR` | yes
-**global.tier** | Only PROD must be used to enable autoscaling | string | - | no
-**global.autoscaling** | enables horizontal pod autoscaling, when tier=PROD | boolean | `true` | yes
+| Name | Description | Type | Default | Required |
+|--------------------------|---------------------------------------------------------|---------|---------|----------|
+| **global.domain** | your domain for the external endpoint, ex `example.com` | string | - | yes |
+| **global.limitsEnabled** | whether CPU and memory limits are enabled | boolean | `true` | yes |
+| **global.logLevel** | severity of logging level | string | `ERROR` | yes |
+| **global.tier** | Only PROD must be used to enable autoscaling | string | - | no |
+| **global.autoscaling** | enables horizontal pod autoscaling, when tier=PROD | boolean | `true` | yes |
### Configmap variables
-| Name | Description | Type | Default |Required |
-|------|-------------|------|---------|---------|
-**data.logLevel** | logging severity level for this service only | string | - | yes, only if differs from the `global.logLevel`
-**data.defaultDataCountry** | Data storage region | string | `US` | yes
-**data.storageServiceAccountEmail** | Storage service account email, used during OQM events processing | string | `storage@service.local` | yes
-**data.entitlementsHost** | Entitlements service host address | string | `http://entitlements` | yes
-**data.partitionHost** | Partition service host address | string | `http://partition` | yes
-**data.crsConverterHost** | CRS Converter service host address | string | `http://crs-conversion` | yes
-**data.legalHost** | Legal service host address | string | `http://legal` | yes
-**data.opaEndpoint** | OPA host address | string | `http://opa` | yes
-**data.redisStorageHost** | The host for redis instance. If empty (by default), helm installs an internal redis instance | string | - | yes
-**data.redisStoragePort** | The port for redis instance | digit | `6379` | yes
+| Name | Description | Type | Default | Required |
+|-------------------------------------|----------------------------------------------------------------------------------------------|--------|-------------------------|-------------------------------------------------|
+| **data.logLevel** | logging severity level for this service only | string | - | yes, only if differs from the `global.logLevel` |
+| **data.defaultDataCountry** | Data storage region | string | `US` | yes |
+| **data.storageServiceAccountEmail** | Storage service account email, used during OQM events processing | string | `storage@service.local` | yes |
+| **data.entitlementsHost** | Entitlements service host address | string | `http://entitlements` | yes |
+| **data.partitionHost** | Partition service host address | string | `http://partition` | yes |
+| **data.crsConverterHost** | CRS Converter service host address | string | `http://crs-conversion` | yes |
+| **data.legalHost** | Legal service host address | string | `http://legal` | yes |
+| **data.opaEndpoint** | OPA host address | string | `http://opa` | yes |
+| **data.redisStorageHost** | The host for redis instance. If empty (by default), helm installs an internal redis instance | string | - | yes |
+| **data.redisStoragePort** | The port for redis instance | digit | `6379` | yes |
### Deployment variables
-| Name | Description | Type | Default |Required |
-|------|-------------|------|---------|---------|
-**data.requestsCpu** | amount of requested CPU | string | `10m` | yes
-**data.requestsMemory** | amount of requested memory| string | `650Mi` | yes
-**data.limitsCpu** | CPU limit | string | `1` | only if `global.limitsEnabled` is true
-**data.limitsMemory** | memory limit | string | `3G` | only if `global.limitsEnabled` is true
-**data.image** | path to the image in a registry | string | - | yes
-**data.imagePullPolicy** | when to pull the image | string | `IfNotPresent` | yes
-**data.serviceAccountName** | name of kubernetes service account | string | `storage` | yes
-**data.redisImage** | service image | string | `redis:7` | yes
+| Name | Description | Type | Default | Required |
+|-----------------------------|------------------------------------|--------|----------------|----------------------------------------|
+| **data.requestsCpu** | amount of requested CPU | string | `10m` | yes |
+| **data.requestsMemory** | amount of requested memory | string | `650Mi` | yes |
+| **data.limitsCpu** | CPU limit | string | `1` | only if `global.limitsEnabled` is true |
+| **data.limitsMemory** | memory limit | string | `3G` | only if `global.limitsEnabled` is true |
+| **data.image** | path to the image in a registry | string | - | yes |
+| **data.imagePullPolicy** | when to pull the image | string | `IfNotPresent` | yes |
+| **data.serviceAccountName** | name of kubernetes service account | string | `storage` | yes |
+| **data.redisImage** | service image | string | `redis:7` | yes |
### Configuration variables
-| Name | Description | Type | Default |Required |
-|------|-------------|------|---------|---------|
-**conf.appName** | Service name | string | `storage` | yes
-**conf.keycloakSecretName** | secret for keycloak | string | `storage-keycloak-secret` | yes
-**conf.minioSecretName** | secret for minio | string | `storage-minio-secret` | yes
-**conf.postgresSecretName** | secret for postgres | string | `storage-postgres-secret` | yes
-**conf.rabbitmqSecretName** | secret for rabbitmq | string | `rabbitmq-secret` | yes
-**conf.storageRedisSecretName** | secret for redis that contains redis password with REDIS_PASSWORD key | string | `storage-redis-secret` | yes
-**conf.replicas** | Number of replicas | integer | `3` | yes
+| Name | Description | Type | Default | Required |
+|---------------------------------|-----------------------------------------------------------------------|---------|------------------------|----------|
+| **conf.appName** | Service name | string | `storage` | yes |
+| **conf.storageRedisSecretName** | secret for redis that contains redis password with REDIS_PASSWORD key | string | `storage-redis-secret` | yes |
+| **conf.replicas** | Number of replicas | integer | `3` | yes |
### Istio variables
-| Name | Description | Type | Default |Required |
-|------|-------------|------|---------|---------|
-**istio.proxyCPU** | CPU request for Envoy sidecars | string | `10m` | yes
-**istio.proxyCPULimit** | CPU limit for Envoy sidecars | string | `200m` | yes
-**istio.proxyMemory** | memory request for Envoy sidecars | string | `100Mi` | yes
-**istio.proxyMemoryLimit** | memory limit for Envoy sidecars | string | `256Mi` | yes
+| Name | Description | Type | Default | Required |
+|----------------------------|-----------------------------------|--------|---------|----------|
+| **istio.proxyCPU** | CPU request for Envoy sidecars | string | `10m` | yes |
+| **istio.proxyCPULimit** | CPU limit for Envoy sidecars | string | `200m` | yes |
+| **istio.proxyMemory** | memory request for Envoy sidecars | string | `100Mi` | yes |
+| **istio.proxyMemoryLimit** | memory limit for Envoy sidecars | string | `256Mi` | yes |
### Horizontal Pod Autoscaling (HPA) variables (works only if tier=PROD and autoscaling=true)
-| Name | Description | Type | Default |Required |
-|------|-------------|------|---------|---------|
-**hpa.minReplicas** | minimum number of replicas | integer | `10` | only if `global.autoscaling` is true and `global.tier` is PROD
-**hpa.maxReplicas** | maximum number of replicas | integer | `20` | only if `global.autoscaling` is true and `global.tier` is PROD
-**hpa.targetType** | type of measurements: AverageValue or Value | string | `AverageValue` | only if `global.autoscaling` is true and `global.tier` is PROD
-**hpa.targetValue** | threshold value to trigger the scaling up | integer | `40` | only if `global.autoscaling` is true and `global.tier` is PROD
-**hpa.behaviorScaleUpStabilizationWindowSeconds** | time to start implementing the scale up when it is triggered | integer | `10` | only if `global.autoscaling` is true and `global.tier` is PROD
-**hpa.behaviorScaleUpPoliciesValue** | the maximum number of new replicas to create (in percents from current state)| integer | `50` | only if `global.autoscaling` is true and `global.tier` is PROD
-**hpa.behaviorScaleUpPoliciesPeriodSeconds** | pause for every new scale up decision | integer | `15` | only if `global.autoscaling` is true and `global.tier` is PROD
-**hpa.behaviorScaleDownStabilizationWindowSeconds** | time to start implementing the scale down when it is triggered | integer | `60` | only if `global.autoscaling` is true and `global.tier` is PROD
-**hpa.behaviorScaleDownPoliciesValue** | the maximum number of replicas to destroy (in percents from current state) | integer | `25` | only if `global.autoscaling` is true and `global.tier` is PROD
-**hpa.behaviorScaleDownPoliciesPeriodSeconds** | pause for every new scale down decision | integer | `60` | only if `global.autoscaling` is true and `global.tier` is PROD
+| Name | Description | Type | Default | Required |
+|-----------------------------------------------------|-------------------------------------------------------------------------------|---------|----------------|----------------------------------------------------------------|
+| **hpa.minReplicas** | minimum number of replicas | integer | `10` | only if `global.autoscaling` is true and `global.tier` is PROD |
+| **hpa.maxReplicas** | maximum number of replicas | integer | `20` | only if `global.autoscaling` is true and `global.tier` is PROD |
+| **hpa.targetType** | type of measurements: AverageValue or Value | string | `AverageValue` | only if `global.autoscaling` is true and `global.tier` is PROD |
+| **hpa.targetValue** | threshold value to trigger the scaling up | integer | `40` | only if `global.autoscaling` is true and `global.tier` is PROD |
+| **hpa.behaviorScaleUpStabilizationWindowSeconds** | time to start implementing the scale up when it is triggered | integer | `10` | only if `global.autoscaling` is true and `global.tier` is PROD |
+| **hpa.behaviorScaleUpPoliciesValue** | the maximum number of new replicas to create (in percents from current state) | integer | `50` | only if `global.autoscaling` is true and `global.tier` is PROD |
+| **hpa.behaviorScaleUpPoliciesPeriodSeconds** | pause for every new scale up decision | integer | `15` | only if `global.autoscaling` is true and `global.tier` is PROD |
+| **hpa.behaviorScaleDownStabilizationWindowSeconds** | time to start implementing the scale down when it is triggered | integer | `60` | only if `global.autoscaling` is true and `global.tier` is PROD |
+| **hpa.behaviorScaleDownPoliciesValue** | the maximum number of replicas to destroy (in percents from current state) | integer | `25` | only if `global.autoscaling` is true and `global.tier` is PROD |
+| **hpa.behaviorScaleDownPoliciesPeriodSeconds** | pause for every new scale down decision | integer | `60` | only if `global.autoscaling` is true and `global.tier` is PROD |
### Limits variables
-| Name | Description | Type | Default |Required |
-|------|-------------|------|---------|---------|
-**limits.maxTokens** | maximum number of requests per fillInterval | integer | `25` | only if `global.autoscaling` is true and `global.tier` is PROD
-**limits.tokensPerFill** | number of new tokens allowed every fillInterval | integer | `25` | only if `global.autoscaling` is true and `global.tier` is PROD
-**limits.fillInterval** | time interval | string | `1s` | only if `global.autoscaling` is true and `global.tier` is PROD
+| Name | Description | Type | Default | Required |
+|--------------------------|-------------------------------------------------|---------|---------|----------------------------------------------------------------|
+| **limits.maxTokens** | maximum number of requests per fillInterval | integer | `25` | only if `global.autoscaling` is true and `global.tier` is PROD |
+| **limits.tokensPerFill** | number of new tokens allowed every fillInterval | integer | `25` | only if `global.autoscaling` is true and `global.tier` is PROD |
+| **limits.fillInterval** | time interval | string | `1s` | only if `global.autoscaling` is true and `global.tier` is PROD |
## Install the Helm chart
diff --git a/devops/gc/deploy/templates/configmap.yaml b/devops/gc/deploy/templates/configmap.yaml
index 0806ef9b6..5cc8c20d1 100644
--- a/devops/gc/deploy/templates/configmap.yaml
+++ b/devops/gc/deploy/templates/configmap.yaml
@@ -13,11 +13,6 @@ data:
LOG_LEVEL: {{ .Values.data.logLevel | default .Values.global.logLevel | quote }}
PARTITION_HOST: {{ .Values.data.partitionHost | quote }}
STORAGE_SERVICE_ACCOUNT_EMAIL: {{ .Values.data.storageServiceAccountEmail | quote }}
- {{- if .Values.global.onPremEnabled }}
- SPRING_PROFILES_ACTIVE: "anthos"
- {{- else }}
- SPRING_PROFILES_ACTIVE: "gcp"
- {{- end }}
OPA_ENDPOINT: {{ .Values.data.opaEndpoint | quote }}
{{- if .Values.data.redisStorageHost }}
REDIS_GROUP_HOST: {{ .Values.data.redisStorageHost | quote }}
diff --git a/devops/gc/deploy/templates/deployment.yaml b/devops/gc/deploy/templates/deployment.yaml
index 8fa8b0365..350ce9f49 100644
--- a/devops/gc/deploy/templates/deployment.yaml
+++ b/devops/gc/deploy/templates/deployment.yaml
@@ -41,16 +41,6 @@ spec:
envFrom:
- configMapRef:
name: {{ printf "%s-config" .Values.conf.appName | quote }}
- {{- if .Values.global.onPremEnabled }}
- - secretRef:
- name: {{ .Values.conf.keycloakSecretName | quote }}
- - secretRef:
- name: {{ .Values.conf.minioSecretName | quote }}
- - secretRef:
- name: {{ .Values.conf.postgresSecretName | quote }}
- - secretRef:
- name: {{ .Values.conf.rabbitmqSecretName | quote }}
- {{- end }}
securityContext:
allowPrivilegeEscalation: false
runAsNonRoot: true
diff --git a/devops/gc/deploy/templates/service-account.yaml b/devops/gc/deploy/templates/service-account.yaml
index eec72f128..e69de29bb 100644
--- a/devops/gc/deploy/templates/service-account.yaml
+++ b/devops/gc/deploy/templates/service-account.yaml
@@ -1,7 +0,0 @@
-{{- if .Values.global.onPremEnabled }}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: {{ .Values.data.serviceAccountName | quote }}
- namespace: {{ .Release.Namespace | quote }}
-{{- end }}
diff --git a/devops/gc/deploy/templates/service.yaml b/devops/gc/deploy/templates/service.yaml
index f985dd5f7..ccb734a2a 100644
--- a/devops/gc/deploy/templates/service.yaml
+++ b/devops/gc/deploy/templates/service.yaml
@@ -1,12 +1,10 @@
apiVersion: v1
kind: Service
metadata:
- {{- if not .Values.global.onPremEnabled }}
- annotations:
- cloud.google.com/neg: '{"ingress": true}'
- {{- end }}
name: {{ .Values.conf.appName | quote }}
namespace: {{ .Release.Namespace | quote }}
+ annotations:
+ cloud.google.com/neg: '{"ingress": true}'
spec:
ports:
- protocol: TCP
diff --git a/devops/gc/deploy/templates/virtual-service.yaml b/devops/gc/deploy/templates/virtual-service.yaml
index 45aa2ca4d..883572566 100644
--- a/devops/gc/deploy/templates/virtual-service.yaml
+++ b/devops/gc/deploy/templates/virtual-service.yaml
@@ -5,9 +5,7 @@ metadata:
namespace: {{ .Release.Namespace | quote }}
spec:
hosts:
- {{- if and .Values.global.domain .Values.global.onPremEnabled }}
- - {{ printf "osdu.%s" .Values.global.domain | quote }}
- {{- else if .Values.global.domain }}
+ {{- if .Values.global.domain }}
- {{ .Values.global.domain | quote }}
{{- else }}
- "*"
diff --git a/devops/gc/deploy/values.yaml b/devops/gc/deploy/values.yaml
index e21084b51..953249158 100644
--- a/devops/gc/deploy/values.yaml
+++ b/devops/gc/deploy/values.yaml
@@ -4,7 +4,6 @@
global:
domain: ""
- onPremEnabled: false
limitsEnabled: true
logLevel: "ERROR"
tier: ""
@@ -35,10 +34,6 @@ data:
conf:
appName: "storage"
- keycloakSecretName: "storage-keycloak-secret"
- minioSecretName: "storage-minio-secret"
- postgresSecretName: "storage-postgres-secret"
- rabbitmqSecretName: "rabbitmq-secret"
replicas: 3
storageRedisSecretName: "storage-redis-secret"
diff --git a/provider/storage-gc/src/main/resources/application-anthos.properties b/provider/storage-gc/src/main/resources/application-anthos.properties
index dd027d9ff..e69de29bb 100644
--- a/provider/storage-gc/src/main/resources/application-anthos.properties
+++ b/provider/storage-gc/src/main/resources/application-anthos.properties
@@ -1,7 +0,0 @@
-partition-auth-enabled=false
-service.token.provider=OPENID
-obmDriver=minio
-osmDriver=postgres
-oqmDriver=rabbitmq
-rabbitmq-retry-delay=10000
-rabbitmq-retry-limit=5
diff --git a/provider/storage-gc/src/main/resources/application-gcp.properties b/provider/storage-gc/src/main/resources/application-gcp.properties
index f665a9628..e69de29bb 100644
--- a/provider/storage-gc/src/main/resources/application-gcp.properties
+++ b/provider/storage-gc/src/main/resources/application-gcp.properties
@@ -1,7 +0,0 @@
-osmDriver=datastore
-obmDriver=gcs
-oqmDriver=pubsub
-service.token.provider=GCP
-partition-auth-enabled=true
-datastore-beta-enabled=false
-dead-lettering-required=true
diff --git a/provider/storage-gc/src/main/resources/application.properties b/provider/storage-gc/src/main/resources/application.properties
index bfac3eefe..8306f6947 100644
--- a/provider/storage-gc/src/main/resources/application.properties
+++ b/provider/storage-gc/src/main/resources/application.properties
@@ -61,3 +61,13 @@ management.health.probes.enabled=true
featureFlag.strategy=systemPartition
featureFlag.opa.enabled=false
SYSTEM_PARTITION_ID=system
+
+# GCP specific properties
+osmDriver=datastore
+obmDriver=gcs
+oqmDriver=pubsub
+service.token.provider=GCP
+partition-auth-enabled=true
+datastore-beta-enabled=false
+dead-lettering-required=true
+
--
GitLab