diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml index 56c0e02e8..8c6b8f550 100644 --- a/.github/workflows/deployment.yml +++ b/.github/workflows/deployment.yml @@ -249,7 +249,7 @@ jobs: - name: ZAP Scan uses: zaproxy/action-baseline@v0.12.0 with: - target: "https://wps-pr-${{ github.event.number }}.apps.silver.devops.gov.bc.ca" + target: "https://wps-pr-${{ github.event.number }}-e1e498-dev.apps.silver.devops.gov.bc.ca" rules_file_name: ".zap/rules.tsv" # Do not return failure on warnings - TODO: this has to be resolved! cmd_options: "-I" diff --git a/openshift/scripts/common/envars b/openshift/scripts/common/envars index 48877f69a..b0e2504f2 100644 --- a/openshift/scripts/common/envars +++ b/openshift/scripts/common/envars @@ -6,7 +6,7 @@ PROJ_DEV="${PROJ_DEV:-e1e498-dev}" PROJ_PROD="${PROJ_PROD:-e1e498-prod}" TAG_PROD="${TAG_PROD:-prod}" PATH_BC="${PATH_BC:-$(dirname ${0})/../templates/build.bc.yaml}" -PATH_DC="${PATH_DC:-$(dirname ${0})/../templates/deploy.dc.yaml}" +PATH_DEPLOY="${PATH_DEPLOY:-$(dirname ${0})/../templates/deploy.yaml}" PATH_NATS="${PATH_NATS:-$(dirname ${0})/../templates/nats.yaml}" PATH_NATS_SERVER_CONFIG="${PATH_NATS_SERVER_CONFIG:-$(dirname ${0})/../templates/nats_server.yaml}" TEMPLATE_PATH="${TEMPLATE_PATH:-$(dirname ${0})/../templates}" diff --git a/openshift/scripts/oc_deploy.sh b/openshift/scripts/oc_deploy.sh index 43d838d15..27eba2992 100755 --- a/openshift/scripts/oc_deploy.sh +++ b/openshift/scripts/oc_deploy.sh @@ -31,7 +31,7 @@ OBJ_NAME="${APP_NAME}-${SUFFIX}" # Process a template (mostly variable substition) # -OC_PROCESS="oc -n ${PROJ_TARGET} process -f ${PATH_DC} \ +OC_PROCESS="oc -n ${PROJ_TARGET} process -f ${PATH_DEPLOY} \ -p SUFFIX=${SUFFIX} \ -p PROJECT_NAMESPACE=${PROJ_TARGET} \ -p POSTGRES_USER=wps-crunchydb-${SUFFIX} \ @@ -55,48 +55,15 @@ OC_PROCESS="oc -n ${PROJ_TARGET} process -f ${PATH_DC} \ OC_APPLY="oc -n ${PROJ_TARGET} apply -f -" [ "${APPLY}" ] || OC_APPLY="${OC_APPLY} --dry-run=client" -# Cancel all previous deployments -# -OC_CANCEL_ALL_PREV_DEPLOY="oc -n ${PROJ_TARGET} rollout cancel dc/${OBJ_NAME} || true" - -# Deploy and follow the progress -# -OC_DEPLOY="oc -n ${PROJ_TARGET} rollout latest dc/${OBJ_NAME}" -OC_LOG="oc -n ${PROJ_TARGET} logs -f --pod-running-timeout=2m dc/${OBJ_NAME}" -if [ ! "${APPLY}" ]; then - OC_CANCEL_ALL_PREV_DEPLOY="" - OC_DEPLOY="${OC_DEPLOY} --dry-run=client || true" # in case there is no previous rollout - OC_LOG="" -fi +# Run the OC_PROCESS command +eval ${OC_PROCESS} -# Execute commands -# -eval "${OC_PROCESS}" +# Run OC_PROCESS and pipe it to OC_APPLY eval "${OC_PROCESS} | ${OC_APPLY}" -if [ "${APPLY}" ]; then - echo "canceling previous deployments..." - eval "${OC_CANCEL_ALL_PREV_DEPLOY}" - count=1 - timeout=10 - # Check previous deployment statuses before moving onto new deploying - while [ $count -le $timeout ]; do - sleep 1 - PENDINGS="$(oc -n ${PROJ_TARGET} rollout history dc/${OBJ_NAME} | awk '{print $2}' | grep -c Pending || true)" - RUNNINGS="$(oc -n ${PROJ_TARGET} rollout history dc/${OBJ_NAME} | awk '{print $2}' | grep -c Running || true)" - if [ "${PENDINGS}" == 0 ] && [ "${RUNNINGS}" == 0 ]; then - # No pending or running replica controllers so exit the while loop - break 2 - fi - count=$(( $count + 1 )) - done - if [ $count -gt $timeout ]; then - echo "\n*** timeout for canceling deployment ***\n" - exit 1 - fi -fi -eval "${OC_DEPLOY}" -eval "${OC_LOG}" + +# Wait for rollout to finish +oc -n ${PROJ_TARGET} rollout status deployment/${OBJ_NAME} # Provide oc command instruction # -display_helper "${OC_PROCESS} | ${OC_APPLY}" $OC_CANCEL_ALL_PREV_DEPLOY $OC_DEPLOY $OC_LOG +display_helper "${OC_PROCESS} | ${OC_APPLY}" diff --git a/openshift/templates/deploy.dc.yaml b/openshift/templates/deploy.yaml similarity index 95% rename from openshift/templates/deploy.dc.yaml rename to openshift/templates/deploy.yaml index a2c3c80a7..323b540ae 100644 --- a/openshift/templates/deploy.dc.yaml +++ b/openshift/templates/deploy.yaml @@ -77,19 +77,40 @@ parameters: description: "Number of gunicorn workers" value: "4" objects: - - apiVersion: v1 - kind: DeploymentConfig + - apiVersion: apps/v1 + kind: Deployment metadata: labels: app: ${APP_NAME}-${SUFFIX} name: ${APP_NAME}-${SUFFIX} + annotations: + # These annotations trigger a new rollout if either the web or api images change + image.openshift.io/triggers: |- + [ + { + "from": { + "kind": "ImageStreamTag", + "name": "${APP_NAME}-web-${SUFFIX}:${SUFFIX}", + "namespace": "${PROJ_TOOLS}" + }, + "fieldPath": "spec.template.spec.containers[0].image" + }, + { + "from": { + "kind": "ImageStreamTag", + "name": "${APP_NAME}-api-${SUFFIX}:${SUFFIX}", + "namespace": "${PROJ_TOOLS}" + }, + "fieldPath": "spec.template.spec.containers[1].image" + } + ] spec: replicas: ${{REPLICAS}} selector: - name: ${APP_NAME}-${SUFFIX} + matchLabels: + name: ${APP_NAME}-${SUFFIX} strategy: - type: Rolling - triggers: [] + type: RollingUpdate template: metadata: labels: @@ -429,8 +450,8 @@ objects: name: vpa-recommender-${SUFFIX} spec: targetRef: - apiVersion: "apps.openshift.io/v1" - kind: DeploymentConfig + apiVersion: "apps/v1" + kind: Deployment name: ${APP_NAME}-${SUFFIX} updatePolicy: updateMode: "Off" diff --git a/openshift/templates/redis.dc.yaml b/openshift/templates/redis.dc.yaml deleted file mode 100644 index 5cd979eac..000000000 --- a/openshift/templates/redis.dc.yaml +++ /dev/null @@ -1,295 +0,0 @@ -kind: DeploymentConfig -apiVersion: apps.openshift.io/v1 -metadata: - annotations: - template.alpha.openshift.io/wait-for-ready: 'true' - resourceVersion: '3697714227' - name: wps-redis - uid: 993faf9d-08fc-47cb-994f-4cb2055da786 - creationTimestamp: '2021-06-18T18:50:06Z' - generation: 19 - managedFields: - - manager: Mozilla - operation: Update - apiVersion: apps.openshift.io/v1 - time: '2021-07-26T22:59:42Z' - fieldsType: FieldsV1 - fieldsV1: - 'f:spec': - 'f:template': - 'f:spec': - 'f:containers': - 'k:{"name":"redis"}': - 'f:resources': - 'f:limits': - 'f:memory': {} - 'f:requests': - .: {} - 'f:memory': {} - - manager: openshift-controller-manager - operation: Update - apiVersion: apps.openshift.io/v1 - time: '2022-06-06T18:15:22Z' - fieldsType: FieldsV1 - fieldsV1: - 'f:metadata': - 'f:annotations': - .: {} - 'f:template.alpha.openshift.io/wait-for-ready': {} - 'f:labels': - .: {} - 'f:template': {} - 'f:template.openshift.io/template-instance-owner': {} - 'f:spec': - 'f:replicas': {} - 'f:selector': - .: {} - 'f:name': {} - 'f:strategy': - 'f:activeDeadlineSeconds': {} - 'f:recreateParams': - .: {} - 'f:timeoutSeconds': {} - 'f:type': {} - 'f:template': - .: {} - 'f:metadata': - .: {} - 'f:creationTimestamp': {} - 'f:labels': - .: {} - 'f:name': {} - 'f:spec': - .: {} - 'f:containers': - .: {} - 'k:{"name":"redis"}': - 'f:image': {} - 'f:volumeMounts': - .: {} - 'k:{"mountPath":"/var/lib/redis/data"}': - .: {} - 'f:mountPath': {} - 'f:name': {} - 'f:terminationMessagePolicy': {} - .: {} - 'f:resources': - .: {} - 'f:limits': - .: {} - 'f:memory': {} - 'f:livenessProbe': - .: {} - 'f:failureThreshold': {} - 'f:initialDelaySeconds': {} - 'f:periodSeconds': {} - 'f:successThreshold': {} - 'f:tcpSocket': - .: {} - 'f:port': {} - 'f:timeoutSeconds': {} - 'f:env': - .: {} - 'k:{"name":"REDIS_PASSWORD"}': - .: {} - 'f:name': {} - 'f:valueFrom': - .: {} - 'f:secretKeyRef': {} - 'f:readinessProbe': - .: {} - 'f:exec': - .: {} - 'f:command': {} - 'f:failureThreshold': {} - 'f:initialDelaySeconds': {} - 'f:periodSeconds': {} - 'f:successThreshold': {} - 'f:timeoutSeconds': {} - 'f:securityContext': - .: {} - 'f:capabilities': {} - 'f:privileged': {} - 'f:terminationMessagePath': {} - 'f:imagePullPolicy': {} - 'f:ports': - .: {} - 'k:{"containerPort":6379,"protocol":"TCP"}': - .: {} - 'f:containerPort': {} - 'f:protocol': {} - 'f:name': {} - 'f:dnsPolicy': {} - 'f:restartPolicy': {} - 'f:schedulerName': {} - 'f:securityContext': {} - 'f:terminationGracePeriodSeconds': {} - 'f:volumes': - .: {} - 'k:{"name":"wps-redis-data"}': - .: {} - 'f:emptyDir': {} - 'f:name': {} - 'f:triggers': {} - 'f:status': - 'f:conditions': - .: {} - 'k:{"type":"Available"}': - .: {} - 'f:type': {} - 'k:{"type":"Progressing"}': - .: {} - 'f:type': {} - 'f:details': - .: {} - 'f:message': {} - - manager: openshift-controller-manager - operation: Update - apiVersion: apps.openshift.io/v1 - time: '2022-06-07T11:55:02Z' - fieldsType: FieldsV1 - fieldsV1: - 'f:status': - 'f:updatedReplicas': {} - 'f:readyReplicas': {} - 'f:conditions': - 'k:{"type":"Available"}': - 'f:lastTransitionTime': {} - 'f:lastUpdateTime': {} - 'f:message': {} - 'f:status': {} - 'k:{"type":"Progressing"}': - 'f:lastTransitionTime': {} - 'f:lastUpdateTime': {} - 'f:message': {} - 'f:reason': {} - 'f:status': {} - 'f:details': - 'f:causes': {} - 'f:replicas': {} - 'f:availableReplicas': {} - 'f:observedGeneration': {} - 'f:unavailableReplicas': {} - 'f:latestVersion': {} - subresource: status - namespace: e1e498-prod - labels: - template: redis-ephemeral-template - template.openshift.io/template-instance-owner: 31445217-3081-42d2-88f6-97ef32b19ff1 -spec: - strategy: - type: Recreate - recreateParams: - timeoutSeconds: 600 - resources: {} - activeDeadlineSeconds: 21600 - triggers: - - type: ImageChange - imageChangeParams: - automatic: true - containerNames: - - redis - from: - kind: ImageStreamTag - namespace: openshift - name: 'redis:5-el8' - lastTriggeredImage: >- - image-registry.openshift-image-registry.svc:5000/openshift/redis@sha256:0b6f2072bb6ef3d182cd7fbd534bb00d838d23e17c0f0b3e7b3fd6b7ac1901cc - - type: ConfigChange - replicas: 1 - revisionHistoryLimit: 10 - test: false - selector: - name: wps-redis - template: - metadata: - creationTimestamp: null - labels: - name: wps-redis - spec: - volumes: - - name: wps-redis-data - emptyDir: {} - containers: - - resources: - limits: - memory: 8Gi - requests: - memory: 512Mi - readinessProbe: - exec: - command: - - /bin/sh - - '-i' - - '-c' - - >- - test "$(redis-cli -h 127.0.0.1 -a $REDIS_PASSWORD ping)" == - "PONG" - initialDelaySeconds: 5 - timeoutSeconds: 1 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 3 - terminationMessagePath: /dev/termination-log - name: redis - livenessProbe: - tcpSocket: - port: 6379 - initialDelaySeconds: 30 - timeoutSeconds: 1 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 3 - env: - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: wps-redis - key: database-password - securityContext: - capabilities: {} - privileged: false - ports: - - containerPort: 6379 - protocol: TCP - imagePullPolicy: IfNotPresent - volumeMounts: - - name: wps-redis-data - mountPath: /var/lib/redis/data - terminationMessagePolicy: File - image: >- - image-registry.openshift-image-registry.svc:5000/openshift/redis@sha256:0b6f2072bb6ef3d182cd7fbd534bb00d838d23e17c0f0b3e7b3fd6b7ac1901cc - restartPolicy: Always - terminationGracePeriodSeconds: 30 - dnsPolicy: ClusterFirst - securityContext: {} - schedulerName: default-scheduler -status: - observedGeneration: 19 - details: - message: image change - causes: - - type: ImageChange - imageTrigger: - from: - kind: DockerImage - name: >- - image-registry.openshift-image-registry.svc:5000/openshift/redis@sha256:0b6f2072bb6ef3d182cd7fbd534bb00d838d23e17c0f0b3e7b3fd6b7ac1901cc - availableReplicas: 1 - unavailableReplicas: 0 - latestVersion: 16 - updatedReplicas: 1 - conditions: - - type: Available - status: 'True' - lastUpdateTime: '2022-06-07T11:55:02Z' - lastTransitionTime: '2022-06-07T11:55:02Z' - message: Deployment config has minimum availability. - - type: Progressing - status: 'True' - lastUpdateTime: '2022-06-07T11:55:08Z' - lastTransitionTime: '2022-06-07T11:54:41Z' - reason: NewReplicationControllerAvailable - message: replication controller "wps-redis-16" successfully rolled out - replicas: 1 - readyReplicas: 1 diff --git a/openshift/templates/redis.yaml b/openshift/templates/redis.yaml new file mode 100644 index 000000000..1aff5de47 --- /dev/null +++ b/openshift/templates/redis.yaml @@ -0,0 +1,97 @@ +kind: Deployment +apiVersion: apps/v1 +metadata: + annotations: + template.alpha.openshift.io/wait-for-ready: "true" + image.openshift.io/triggers: |- + [ + { + "from": { + "kind": "ImageStreamTag", + "name": "redis:6-el9", + "namespace": openshift + }, + "fieldPath": "spec.template.spec.containers[0].image" + } + ] + resourceVersion: "3697714227" + name: wps-redis + uid: 993faf9d-08fc-47cb-994f-4cb2055da786 + creationTimestamp: "2021-06-18T18:50:06Z" + generation: 19 + labels: + template: redis-ephemeral-template + template.openshift.io/template-instance-owner: 31445217-3081-42d2-88f6-97ef32b19ff1 +spec: + replicas: 1 + selector: + matchLabels: + name: wps-redis + strategy: + type: Recreate + resources: {} + activeDeadlineSeconds: 21600 + template: + metadata: + labels: + name: wps-redis + spec: + automountServiceAccountToken: false + volumes: + - name: wps-redis-data + emptyDir: {} + containers: + - name: redis + image: >- + image-registry.openshift-image-registry.svc:5000/openshift/redis@sha256:e12fc5970148659b3f3ac9d80799beb36138d559830f36ac2319e6ff606cefc3 + ports: + - containerPort: 6379 + protocol: TCP + env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: wps-redis + key: database-password + resources: + limits: + memory: 2Gi + ephemeral-storage: "1Gi" + cpu: 75m + requests: + memory: 512Mi + ephemeral-storage: "512Mi" + cpu: 25m + volumeMounts: + - name: wps-redis-data + mountPath: /var/lib/redis/data + readinessProbe: + exec: + command: + - /bin/sh + - "-i" + - "-c" + - >- + test "$(redis-cli -h 127.0.0.1 -a $REDIS_PASSWORD ping)" == "PONG" + initialDelaySeconds: 5 + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + livenessProbe: + tcpSocket: + port: 6379 + initialDelaySeconds: 30 + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + securityContext: + capabilities: {} + privileged: false + imagePullPolicy: IfNotPresent + restartPolicy: Always + terminationGracePeriodSeconds: 30 + dnsPolicy: ClusterFirst + securityContext: {} + schedulerName: default-scheduler