chore: deploy with kustomize

Informasjonsforvaltning · Nov 27, 2024 · 0fd0742 · 0fd0742
1 parent cd343cf
commit 0fd0742
Show file tree

Hide file tree

Showing 13 changed files with 372 additions and 9 deletions.
diff --git a/.github/workflows/deploy-prod&demo.yaml b/.github/workflows/deploy-prod&demo.yaml
@@ -7,24 +7,35 @@ on:
   workflow_dispatch:
 
 jobs:
-  build-and-deploy-production:
+  build-user-api:
     name: Deploy to prod on merge to main branch
-    uses: Informasjonsforvaltning/workflows/.github/workflows/build-deploy-maven.yaml@main
+    uses: Informasjonsforvaltning/workflows/.github/workflows/build-push.yaml@main
     with:
       app_name: user-api
       java_version: '21'
       coverage_file_path: ./target/site/jacoco/jacoco.xml
       environment: prod
+    secrets:
+        GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+
+  deploy-prod:
+    name: Deploy to prod environment
+    needs: [ build-user-api ]
+    uses: Informasjonsforvaltning/workflows/.github/workflows/kustomize-deploy.yaml@main
+    with:
+      app_name: user-api
+      environment: prod
       cluster: digdir-fdk-prod
     secrets:
       GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       DIGDIR_FDK_AUTODEPLOY: ${{ secrets.DIGDIR_FDK_PROD_AUTODEPLOY }}
       SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
 
   deploy-to-demo:
-    needs: build-and-deploy-production
+    needs: deploy-prod
     name: Deploy to demo if prod-deploy is successful
-    uses: Informasjonsforvaltning/workflows/.github/workflows/deploy.yaml@main
+    uses: Informasjonsforvaltning/workflows/.github/workflows/kustomize-deploy.yaml@main
     with:
       app_name: user-api
       environment: demo

diff --git a/.github/workflows/deploy-staging.yaml b/.github/workflows/deploy-staging.yaml
@@ -7,18 +7,36 @@ on:
       - main
 
 jobs:
-  build-and-deploy-staging:
-    name: Call reusable workflow when pull request is created
-    if: github.event.pull_request.draft == false
-    uses: Informasjonsforvaltning/workflows/.github/workflows/build-deploy-maven.yaml@main
+  build-user-api:
+    name: Build when pull request is created
+    if: ${{ github.actor != 'dependabot[bot]' && github.event.pull_request.draft == false }}
+    uses: Informasjonsforvaltning/workflows/.github/workflows/build-push.yaml@main
     with:
       app_name: user-api
       java_version: '21'
       coverage_file_path: ./target/site/jacoco/jacoco.xml
       environment: staging
+    secrets:
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+
+  deploy-to-staging:
+    name: Deploy to staging environment
+    if: ${{ github.actor != 'dependabot[bot]' && github.event.pull_request.draft == false }}
+    needs: [ build-user-api ]
+    uses: Informasjonsforvaltning/workflows/.github/workflows/kustomize-deploy.yaml@main
+    with:
+      app_name: user-api
+      environment: staging
       cluster: digdir-fdk-dev
     secrets:
       GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       DIGDIR_FDK_AUTODEPLOY: ${{ secrets.DIGDIR_FDK_DEV_AUTODEPLOY }}
       SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
-      DEPENDABOT_SLACK_WEBHOOK_URL: ${{ secrets.DEPENDABOT_SLACK_WEBHOOK_URL }}
+
+  dependabot-build:
+    name: Build image on PR from dependabot
+    if: ${{ github.actor == 'dependabot[bot]' && github.event_name == 'pull_request' }}
+    uses: Informasjonsforvaltning/workflows/.github/workflows/build.yaml@main
+    with:
+      java_version: '21'
diff --git a/deploy/base/kustomization.yaml b/deploy/base/kustomization.yaml
@@ -0,0 +1,10 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - user-api-deployment.yaml
+  - user-api-service.yaml
+images:
+  - name: user-api
+    newName: ghcr.io/informasjonsforvaltning/user-api
+    newTag: $(GIT_COMMIT_SHA)
diff --git a/deploy/base/user-api-deployment.yaml b/deploy/base/user-api-deployment.yaml
@@ -0,0 +1,48 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    fdk.service: user-api
+  name: user-api
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      fdk.service: user-api
+  strategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        fdk.service: user-api
+    spec:
+      containers:
+        - name: user-api
+          image: user-api
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 8080
+          resources:
+            requests:
+              memory: "500Mi"
+              cpu: "10m"
+            limits:
+              memory: "500Mi"
+          livenessProbe:
+            httpGet:
+              path: /ping
+              port: 8080
+            initialDelaySeconds: 20
+            periodSeconds: 30
+            successThreshold: 1
+            failureThreshold: 5
+          readinessProbe:
+            httpGet:
+              path: /ready
+              port: 8080
+            initialDelaySeconds: 20
+            periodSeconds: 30
+            successThreshold: 1
+            failureThreshold: 5
+      restartPolicy: Always
diff --git a/deploy/base/user-api-service.yaml b/deploy/base/user-api-service.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    fdk.service: user-api
+  name: user-api
+spec:
+  type: NodePort
+  ports:
+  - name: "8080"
+    port: 8080
+    targetPort: 8080
+  selector:
+    fdk.service: user-api
diff --git a/deploy/demo/env.yaml b/deploy/demo/env.yaml
@@ -0,0 +1,73 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: user-api
+  labels:
+    app: user-api
+spec:
+  template:
+    spec:
+      containers:
+        - name: user-api
+          env:
+          - name: ALTINN_PROXY_HOST
+            valueFrom:
+              secretKeyRef:
+                name: commonurl-demo
+                key: ALTINN_PROXY_URL
+          - name: ORGNR_WHITELIST
+            valueFrom:
+              secretKeyRef:
+                name: user-api-demo
+                key: ORGNR_WHITELIST
+          - name: ORGFORM_WHITELIST
+            valueFrom:
+              secretKeyRef:
+                name: user-api-demo
+                key: ORGFORM_WHITELIST
+          - name: ADMIN_LIST
+            valueFrom:
+              secretKeyRef:
+                name: user-api-demo
+                key: ADMIN_LIST
+          - name: SSO_API_KEY
+            valueFrom:
+              secretKeyRef:
+                name: common-demo
+                key: SSO_API_KEY
+          - name: USER_API_KEY
+            valueFrom:
+              secretKeyRef:
+                name: common-demo
+                key: USER_API_KEY
+          - name: WRITE_GROUP_BRREG
+            valueFrom:
+              secretKeyRef:
+                name: user-api-demo
+                key: BRREG_OIDC_WRITE_GROUP
+          - name: ADMIN_GROUP_BRREG
+            valueFrom:
+              secretKeyRef:
+                name: user-api-demo
+                key: BRREG_OIDC_ADMIN_GROUP
+          - name: ADMIN_GROUP_SKATT
+            valueFrom:
+              secretKeyRef:
+                name: user-api-demo
+                key: SKATT_OIDC_ADMIN_GROUP
+          - name: WRITE_GROUP_SKATT
+            valueFrom:
+              secretKeyRef:
+                name: user-api-demo
+                key: SKATT_OIDC_WRITE_GROUP
+          - name: READ_GROUP_SKATT
+            valueFrom:
+              secretKeyRef:
+                name: user-api-demo
+                key: SKATT_OIDC_READ_GROUP
+          - name: TERMS_AND_CONDITIONS_HOST
+            valueFrom:
+              secretKeyRef:
+                name: commonurl-demo
+                key: FDK_TERMS_AND_CONDITIONS_BASE_URI
diff --git a/deploy/demo/kustomization.yaml b/deploy/demo/kustomization.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: demo
+resources:
+  - ../base
+
+patches:
+  - path: env.yaml
diff --git a/deploy/prod/env.yaml b/deploy/prod/env.yaml
@@ -0,0 +1,73 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: user-api
+  labels:
+    app: user-api
+spec:
+  template:
+    spec:
+      containers:
+        - name: user-api
+          env:
+          - name: ALTINN_PROXY_HOST
+            valueFrom:
+              secretKeyRef:
+                name: commonurl-prod
+                key: ALTINN_PROXY_URL
+          - name: ORGNR_WHITELIST
+            valueFrom:
+              secretKeyRef:
+                name: user-api-prod
+                key: ORGNR_WHITELIST
+          - name: ORGFORM_WHITELIST
+            valueFrom:
+              secretKeyRef:
+                name: user-api-prod
+                key: ORGFORM_WHITELIST
+          - name: ADMIN_LIST
+            valueFrom:
+              secretKeyRef:
+                name: user-api-prod
+                key: ADMIN_LIST
+          - name: SSO_API_KEY
+            valueFrom:
+              secretKeyRef:
+                name: common-prod
+                key: SSO_API_KEY
+          - name: USER_API_KEY
+            valueFrom:
+              secretKeyRef:
+                name: common-prod
+                key: USER_API_KEY
+          - name: WRITE_GROUP_BRREG
+            valueFrom:
+              secretKeyRef:
+                name: user-api-prod
+                key: BRREG_OIDC_WRITE_GROUP
+          - name: ADMIN_GROUP_BRREG
+            valueFrom:
+              secretKeyRef:
+                name: user-api-prod
+                key: BRREG_OIDC_ADMIN_GROUP
+          - name: ADMIN_GROUP_SKATT
+            valueFrom:
+              secretKeyRef:
+                name: user-api-prod
+                key: SKATT_OIDC_ADMIN_GROUP
+          - name: WRITE_GROUP_SKATT
+            valueFrom:
+              secretKeyRef:
+                name: user-api-prod
+                key: SKATT_OIDC_WRITE_GROUP
+          - name: READ_GROUP_SKATT
+            valueFrom:
+              secretKeyRef:
+                name: user-api-prod
+                key: SKATT_OIDC_READ_GROUP
+          - name: TERMS_AND_CONDITIONS_HOST
+            valueFrom:
+              secretKeyRef:
+                name: commonurl-prod
+                key: FDK_TERMS_AND_CONDITIONS_BASE_URI
diff --git a/deploy/prod/kustomization.yaml b/deploy/prod/kustomization.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: prod
+resources:
+  - ../base
+
+patches:
+  - path: env.yaml
diff --git a/deploy/staging/env.yaml b/deploy/staging/env.yaml
@@ -0,0 +1,73 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: user-api
+  labels:
+    app: user-api
+spec:
+  template:
+    spec:
+      containers:
+        - name: user-api
+          env:
+          - name: ALTINN_PROXY_HOST
+            valueFrom:
+              secretKeyRef:
+                name: commonurl-staging
+                key: ALTINN_PROXY_URL
+          - name: ORGNR_WHITELIST
+            valueFrom:
+              secretKeyRef:
+                name: user-api-staging
+                key: ORGNR_WHITELIST
+          - name: ORGFORM_WHITELIST
+            valueFrom:
+              secretKeyRef:
+                name: user-api-staging
+                key: ORGFORM_WHITELIST
+          - name: ADMIN_LIST
+            valueFrom:
+              secretKeyRef:
+                name: user-api-staging
+                key: ADMIN_LIST
+          - name: SSO_API_KEY
+            valueFrom:
+              secretKeyRef:
+                name: common-staging
+                key: SSO_API_KEY
+          - name: USER_API_KEY
+            valueFrom:
+              secretKeyRef:
+                name: common-staging
+                key: USER_API_KEY
+          - name: WRITE_GROUP_BRREG
+            valueFrom:
+              secretKeyRef:
+                name: user-api-staging
+                key: BRREG_OIDC_WRITE_GROUP
+          - name: ADMIN_GROUP_BRREG
+            valueFrom:
+              secretKeyRef:
+                name: user-api-staging
+                key: BRREG_OIDC_ADMIN_GROUP
+          - name: ADMIN_GROUP_SKATT
+            valueFrom:
+              secretKeyRef:
+                name: user-api-staging
+                key: SKATT_OIDC_ADMIN_GROUP
+          - name: WRITE_GROUP_SKATT
+            valueFrom:
+              secretKeyRef:
+                name: user-api-staging
+                key: SKATT_OIDC_WRITE_GROUP
+          - name: READ_GROUP_SKATT
+            valueFrom:
+              secretKeyRef:
+                name: user-api-staging
+                key: SKATT_OIDC_READ_GROUP
+          - name: TERMS_AND_CONDITIONS_HOST
+            valueFrom:
+              secretKeyRef:
+                name: commonurl-staging
+                key: FDK_TERMS_AND_CONDITIONS_BASE_URI