From 92e1be16e2f2221096039e53423de71bdd7e1c95 Mon Sep 17 00:00:00 2001 From: Shawn Turple Date: Thu, 29 Feb 2024 16:51:44 -0800 Subject: [PATCH] DESCW-2005 implementing mongodb updates, and additional updates --- helm/README.md | 6 +-- helm/deployments/openshift/notify-build.yaml | 48 +++++++++++++++++++ helm/platform-specific/openshift.yaml | 35 +------------- helm/templates/cronjob.yaml | 2 +- helm/templates/deployment-app.yaml | 6 +-- helm/templates/deployment-cron.yaml | 6 +-- .../network-policy-redis-ingress.yaml | 1 + helm/templates/pvc.yaml | 2 + helm/values.yaml | 15 +++--- 9 files changed, 70 insertions(+), 51 deletions(-) create mode 100644 helm/deployments/openshift/notify-build.yaml diff --git a/helm/README.md b/helm/README.md index a7271266f..11d2b044b 100644 --- a/helm/README.md +++ b/helm/README.md @@ -29,9 +29,9 @@ To restore from a backup: 2. Find the `RELEASE_NAME` of the app you want to restore to. This should match the name of the PersistentVolumeClaim that contains the database backups, for example if your PVC is called `example-notifybc-dev-notify-bc-cronjob-mongodb-backup`, the `RELEASE_NAME` should be `example-notifybc-dev`. 3. Determine the `BACKUP_DATE`, the date of the backup you want to restore from. For example if you want to restore from a backup created on January 25th, 2024, the `BACKUP_DATE` should be `20240125`. - Depending on the backup schedule there may be multiple backups performed per day in which case the latest backup from the given `BACKUP_DATE` will be used. -4. From the root of this project, run the command: +4. From the root of this project, run the following command: ```bash - oc process -f helm/deployments/openshift/backup-restore.yaml -p RELEASE_NAME="{RELEASE_NAME}" -p BACKUP_DATE="{BACKUP_DATE}" | oc apply -f - + oc process -f helm/deployments/openshift/backup-restore.yaml -p RELEASE_NAME="example-notifybc-dev" -p BACKUP_DATE="20240125" | oc apply -f - ``` - (replacing `{RELEASE_NAME}` and `{BACKUP_DATE}` with the values found earlier) to run the database restore job. + (replacing the example values `example-notifybc-dev` and `20240125` with the values found earlier) to run the database restore job. 5. A Job and a Pod will be created to perform the restore process which can be monitored in OpenShift. Both will be cleaned up automatically a few minutes after the process is complete. diff --git a/helm/deployments/openshift/notify-build.yaml b/helm/deployments/openshift/notify-build.yaml new file mode 100644 index 000000000..e40c935a4 --- /dev/null +++ b/helm/deployments/openshift/notify-build.yaml @@ -0,0 +1,48 @@ +# ImageStream api-run +apiVersion: image.openshift.io/v1 +kind: ImageStream +metadata: + annotations: + description: Image for the notify application + labels: + role: app + name: notify-bc + +--- +# BuildConfig api-run +apiVersion: build.openshift.io/v1 +kind: BuildConfig +metadata: + annotations: + description: Image Build for notify bc application + labels: + role: app + name: notify-bc +spec: + failedBuildsHistoryLimit: 1 + successfulBuildsHistoryLimit: 2 + strategy: + dockerStrategy: + from: + kind: DockerImage + name: node:20.9.0-slim + incremental: false + type: Docker + source: + contextDir: ./ + git: + ref: main + uri: https://github.com/bcgov/NotifyBC.git + type: Git + output: + to: + kind: ImageStreamTag + name: notify-bc:latest + resources: + limits: + cpu: "2" + memory: 2Gi + requests: + cpu: "1.5" + memory: 1.5Gi + runPolicy: Serial \ No newline at end of file diff --git a/helm/platform-specific/openshift.yaml b/helm/platform-specific/openshift.yaml index ee4c6a967..f77ebd569 100644 --- a/helm/platform-specific/openshift.yaml +++ b/helm/platform-specific/openshift.yaml @@ -1,36 +1,3 @@ service: smtp: - type: ClusterIP -mongodb: - podSecurityContext: - enabled: false - containerSecurityContext: - enabled: true - runAsUser: 1004000000 - runAsNonRoot: true - arbiter: - podSecurityContext: - enabled: false - containerSecurityContext: - enabled: true - runAsUser: 1004000000 - runAsNonRoot: true -redis: - master: - podSecurityContext: - enabled: false - containerSecurityContext: - enabled: true - runAsUser: 1004000000 - replica: - podSecurityContext: - enabled: false - containerSecurityContext: - enabled: true - runAsUser: 1004000000 - sentinel: - podSecurityContext: - enabled: false - containerSecurityContext: - enabled: true - runAsUser: 1004000000 + type: ClusterIP \ No newline at end of file diff --git a/helm/templates/cronjob.yaml b/helm/templates/cronjob.yaml index 43358815f..992662976 100644 --- a/helm/templates/cronjob.yaml +++ b/helm/templates/cronjob.yaml @@ -5,7 +5,7 @@ metadata: name: {{ include "NotifyBC.fullname" . }}-mongodb-backup labels: {{- include "NotifyBC.labels" . | nindent 4}} spec: - concurrencyPolicy: Forbid + concurrencyPolicy: Replace schedule: '{{ .Values.cronJob.schedule }}' jobTemplate: spec: diff --git a/helm/templates/deployment-app.yaml b/helm/templates/deployment-app.yaml index 2d1ca5888..b8a006dd3 100644 --- a/helm/templates/deployment-app.yaml +++ b/helm/templates/deployment-app.yaml @@ -41,14 +41,14 @@ spec: -headless {{- end }} - name: MONGODB_USER - value: {{ .Values.mongodb.auth.username }} + value: {{ .Values.mongodb.auth.usernames | first }} - name: MONGODB_PASSWORD valueFrom: secretKeyRef: name: {{ .Release.Name }}-mongodb - key: mongodb-password + key: mongodb-passwords - name: MONGODB_DATABASE - value: {{ .Values.mongodb.auth.database }} + value: {{ .Values.mongodb.auth.databases | first }} - name: MONGODB_ADMIN_PASSWORD valueFrom: secretKeyRef: diff --git a/helm/templates/deployment-cron.yaml b/helm/templates/deployment-cron.yaml index 944d6cf72..6f162d026 100644 --- a/helm/templates/deployment-cron.yaml +++ b/helm/templates/deployment-cron.yaml @@ -41,14 +41,14 @@ spec: -headless {{- end }} - name: MONGODB_USER - value: {{ .Values.mongodb.auth.username }} + value: {{ .Values.mongodb.auth.usernames | first }} - name: MONGODB_PASSWORD valueFrom: secretKeyRef: name: {{ .Release.Name }}-mongodb - key: mongodb-password + key: mongodb-passwords - name: MONGODB_DATABASE - value: {{ .Values.mongodb.auth.database }} + value: {{ .Values.mongodb.auth.databases | first }} - name: MONGODB_ADMIN_PASSWORD valueFrom: secretKeyRef: diff --git a/helm/templates/network-policy-redis-ingress.yaml b/helm/templates/network-policy-redis-ingress.yaml index 316c4cba5..5af255ae5 100644 --- a/helm/templates/network-policy-redis-ingress.yaml +++ b/helm/templates/network-policy-redis-ingress.yaml @@ -19,5 +19,6 @@ spec: - podSelector: matchLabels: app.kubernetes.io/name: {{ include "NotifyBC.name" . }}-app + app.kubernetes.io/instance: {{ .Release.Name }} policyTypes: - Ingress diff --git a/helm/templates/pvc.yaml b/helm/templates/pvc.yaml index 040d8f366..d5e86e305 100644 --- a/helm/templates/pvc.yaml +++ b/helm/templates/pvc.yaml @@ -2,6 +2,8 @@ kind: PersistentVolumeClaim apiVersion: v1 metadata: + annotations: + "helm.sh/resource-policy": keep name: {{ include "NotifyBC.fullname" . }}-cronjob-mongodb-backup labels: {{- include "NotifyBC.labels" . | nindent 4}} spec: diff --git a/helm/values.yaml b/helm/values.yaml index 8d8879947..8835024b2 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -86,9 +86,12 @@ affinity: {} mongodb: architecture: replicaset + replicaCount: 3 auth: - username: notify-bc - database: notify-bc + usernames: + - notify-bc + databases: + - notify-bc password: '' persistence: size: 1Gi @@ -97,11 +100,9 @@ mongodb: containerSecurityContext: enabled: false arbiter: - podSecurityContext: - enabled: false - containerSecurityContext: - enabled: false - + enabled: false + readinessProbe: + timeoutSeconds: 10 configMap: config.local.js: |- module.exports = {};