DeploymentConfig to Deployment (#3935)

- Convert all DeploymentConfigs to Deployments
- Changes deploy bash script
   - Several of the commands previously used don't work with deployments
   - bash script is far more simple now and I believe functions similarly. Major change being rollouts now happen due to 
      image changes or config changes
- Adds triggers to deployments. Now whenever the api or web image changes, it will trigger a new rollout
- Redis DC also converted to Deployment, still needs to be manually deployed
- Also changes ZAP check to the correct URL
- Closes #3873

.github/workflows/deployment.yml

@@ -249,7 +249,7 @@ jobs:
       - name: ZAP Scan
         uses: zaproxy/action-baseline@v0.12.0
         with:
-          target: "https://wps-pr-${{ github.event.number }}.apps.silver.devops.gov.bc.ca"
+          target: "https://wps-pr-${{ github.event.number }}-e1e498-dev.apps.silver.devops.gov.bc.ca"
           rules_file_name: ".zap/rules.tsv"
           # Do not return failure on warnings - TODO: this has to be resolved!
           cmd_options: "-I"

openshift/scripts/common/envars

@@ -6,7 +6,7 @@ PROJ_DEV="${PROJ_DEV:-e1e498-dev}"
 PROJ_PROD="${PROJ_PROD:-e1e498-prod}"
 TAG_PROD="${TAG_PROD:-prod}"
 PATH_BC="${PATH_BC:-$(dirname ${0})/../templates/build.bc.yaml}"
-PATH_DC="${PATH_DC:-$(dirname ${0})/../templates/deploy.dc.yaml}"
+PATH_DEPLOY="${PATH_DEPLOY:-$(dirname ${0})/../templates/deploy.yaml}"
 PATH_NATS="${PATH_NATS:-$(dirname ${0})/../templates/nats.yaml}"
 PATH_NATS_SERVER_CONFIG="${PATH_NATS_SERVER_CONFIG:-$(dirname ${0})/../templates/nats_server.yaml}"
 TEMPLATE_PATH="${TEMPLATE_PATH:-$(dirname ${0})/../templates}"

openshift/scripts/oc_deploy.sh

@@ -31,7 +31,7 @@ OBJ_NAME="${APP_NAME}-${SUFFIX}"
 
 # Process a template (mostly variable substition)
 #
-OC_PROCESS="oc -n ${PROJ_TARGET} process -f ${PATH_DC} \
+OC_PROCESS="oc -n ${PROJ_TARGET} process -f ${PATH_DEPLOY} \
  -p SUFFIX=${SUFFIX} \
  -p PROJECT_NAMESPACE=${PROJ_TARGET} \
  -p POSTGRES_USER=wps-crunchydb-${SUFFIX} \
@@ -55,48 +55,15 @@ OC_PROCESS="oc -n ${PROJ_TARGET} process -f ${PATH_DC} \
 OC_APPLY="oc -n ${PROJ_TARGET} apply -f -"
 [ "${APPLY}" ] || OC_APPLY="${OC_APPLY} --dry-run=client"
 
-# Cancel all previous deployments
-#
-OC_CANCEL_ALL_PREV_DEPLOY="oc -n ${PROJ_TARGET} rollout cancel dc/${OBJ_NAME} || true"
-
-# Deploy and follow the progress
-#
-OC_DEPLOY="oc -n ${PROJ_TARGET} rollout latest dc/${OBJ_NAME}"
-OC_LOG="oc -n ${PROJ_TARGET} logs -f --pod-running-timeout=2m dc/${OBJ_NAME}"
-if [ ! "${APPLY}" ]; then
-  OC_CANCEL_ALL_PREV_DEPLOY=""
-  OC_DEPLOY="${OC_DEPLOY} --dry-run=client || true" # in case there is no previous rollout
-  OC_LOG=""
-fi
+# Run the OC_PROCESS command
+eval ${OC_PROCESS}
 
-# Execute commands
-#
-eval "${OC_PROCESS}"
+# Run OC_PROCESS and pipe it to OC_APPLY
 eval "${OC_PROCESS} | ${OC_APPLY}"
-if [ "${APPLY}" ]; then
-  echo "canceling previous deployments..."
-  eval "${OC_CANCEL_ALL_PREV_DEPLOY}"
-  count=1
-  timeout=10
-  # Check previous deployment statuses before moving onto new deploying
-  while [ $count -le $timeout ]; do
-    sleep 1
-    PENDINGS="$(oc -n ${PROJ_TARGET} rollout history dc/${OBJ_NAME} | awk '{print $2}' | grep -c Pending || true)"
-    RUNNINGS="$(oc -n ${PROJ_TARGET} rollout history dc/${OBJ_NAME} | awk '{print $2}' | grep -c Running || true)"
-    if [ "${PENDINGS}" == 0 ] && [ "${RUNNINGS}" == 0 ]; then
-      # No pending or running replica controllers so exit the while loop
-      break 2
-    fi
-    count=$(( $count + 1 ))
-  done
-  if [ $count -gt $timeout ]; then
-    echo "\n*** timeout for canceling deployment ***\n"
-    exit 1
-  fi
-fi
-eval "${OC_DEPLOY}"
-eval "${OC_LOG}"
+
+# Wait for rollout to finish
+oc -n ${PROJ_TARGET} rollout status deployment/${OBJ_NAME}
 
 # Provide oc command instruction
 #
-display_helper "${OC_PROCESS} | ${OC_APPLY}" $OC_CANCEL_ALL_PREV_DEPLOY $OC_DEPLOY $OC_LOG
+display_helper "${OC_PROCESS} | ${OC_APPLY}"

openshift/templates/deploy.dc.yaml → openshift/templates/deploy.yaml

@@ -77,19 +77,40 @@ parameters:
     description: "Number of gunicorn workers"
     value: "4"
 objects:
-  - apiVersion: v1
-    kind: DeploymentConfig
+  - apiVersion: apps/v1
+    kind: Deployment
     metadata:
       labels:
         app: ${APP_NAME}-${SUFFIX}
       name: ${APP_NAME}-${SUFFIX}
+      annotations:
+        # These annotations trigger a new rollout if either the web or api images change
+        image.openshift.io/triggers: |-
+          [
+            {
+              "from": {
+                "kind": "ImageStreamTag",
+                "name": "${APP_NAME}-web-${SUFFIX}:${SUFFIX}",
+                "namespace": "${PROJ_TOOLS}"
+              },
+              "fieldPath": "spec.template.spec.containers[0].image"
+            },
+            {
+              "from": {
+                "kind": "ImageStreamTag",
+                "name": "${APP_NAME}-api-${SUFFIX}:${SUFFIX}",
+                "namespace": "${PROJ_TOOLS}"
+              },
+              "fieldPath": "spec.template.spec.containers[1].image"
+            }
+          ]
     spec:
       replicas: ${{REPLICAS}}
       selector:
-        name: ${APP_NAME}-${SUFFIX}
+        matchLabels:
+          name: ${APP_NAME}-${SUFFIX}
       strategy:
-        type: Rolling
-      triggers: []
+        type: RollingUpdate
       template:
         metadata:
           labels:
@@ -429,8 +450,8 @@ objects:
       name: vpa-recommender-${SUFFIX}
     spec:
       targetRef:
-        apiVersion: "apps.openshift.io/v1"
-        kind: DeploymentConfig
+        apiVersion: "apps/v1"
+        kind: Deployment
         name: ${APP_NAME}-${SUFFIX}
       updatePolicy:
         updateMode: "Off"