OpenShift config

.env.example

@@ -0,0 +1,23 @@
+#Based on constants.py file
+SMTP_SERVER=apps.smtp.gov.bc.ca
+#(DEBUG is synonymous with ADMIN, and gets report/error emails)
+DEBUG_IDIR=jsmith
+DEBUG_EMAIL=[email protected]
+EMAIL_SENDLIST=[email protected],[email protected],[email protected]
+#(Email Sendlist alternative format for Outlook:)
+EMAIL_SENDLIST=smith, john FLNR:EX <[email protected]>; smith, jane IIT:EX <[email protected]>
+EMAIL_OMITLIST=[email protected],[email protected]
+
+POSTGRES_USER=database_user
+POSTGRES_PASSWORD=database_password
+POSTGRES_HOST=localhost
+
+LDAP_USER=AD username
+LDAP_PASSWORD=AD password
+
+#(On Windows machines:)
+GRAPH_FILE_PATH=graph.png
+GOLD_STAR_FILE_PATH=send-usage-emails/gold-star.png
+#(On Linux machines:)
+#GRAPH_FILE_PATH=/tmp/graph.png
+#GOLD_STAR_FILE_PATH=gold-star.png

README.md

@@ -1,25 +1,49 @@
 # H-Drive-Email
 
-## Deploying New Code
+## Purpose
+
+
+
+## Run Locally
+To run locally
+1. Ensure you have docker installed
+1. Create a local `.env` file (can use `.env.example` as a starting point. It's based on `constants.py`)
+1. Run `docker build --no-cache -t h-drive-email .`
+1. Once built, you can start it using `docker run --env-file .env -p 8501:8501 h-drive-email`
+1. Go to `localhost:8501`
+
+## Initial Setup in OpenShift
+To quickly get you started in a new namespace, follow these steps. 
+1. In the OpenShift Folder there is a `full_config.yaml` file
+1. Replace the two instances of `<NAMESPACE>` with the namespace you are installing this on (ie `abc123-dev`)
+1. In OpenShift, click the `+` button on the top bar
+1. Copy and Paste the YAML file into the page
+1. Click `Create` which will automatically create all the required components for the application to function:
+    1. Deployment
+    1. Service
+    1. Route
+    1. Network Policy
+    1. ImageStream
+1. Follow the `Github Action Setup` steps below and trigger the workflow. This should then automatically cause the container to start. Since we are using an ImageStream with Auto Redeploy's configured in the Deployment, anytime you trigger the workflow it will automatically redeploy the application.
+
+#### To Note:
+- Route is configured to require being on a BC Gov Network
+- The Environment Variables in OpenShift are in the Deployment.
+- The application will automatically restart with the latest image from the last build.yml run
+
+## GitHub Action Setup
 The build.yml github action will build the Dockerfile and push it to the OpenShift ImageStream you have configured. The Deployment in OpenShift is configured to update when there is a new image available so it will restart.
-Before you can run the workflow, ensure you have these variables and secrets configured:
+Before you can run the workflow, ensure you have these variables and secrets configured in the Repo:
 - `OPENSHIFT_IMAGESTREAM_URL` variable
-    - Looks like `image-registry.apps.silver.devops.gov.bc.ca/NAMESPACE/` (including -dev, test, prod or tools)
+    - Looks like: `image-registry.apps.silver.devops.gov.bc.ca/NAMESPACE/` (including -dev, test, prod or tools)
 - `OPENSHIFT_IMAGESTREAM_USERNAME` secret
     - You can use the Pipeline user
 - `OPENSHIFT_IMAGESTREAM_TOKEN` secret
     - You can use the Pipeline Token (From pipeline-token-xxxxxxxx)
 
-## OpenShift Components
-- Deployment
-- Service
-- Route
-- Network Policies to allow inbound traffic
-- Configmap
-- ImageStream (autogenerated on first push from Github
-
 
 ## License
+```
 Copyright 2025 Province of British Columbia
 
 Licensed under the Apache License, Version 2.0 (the "License");
@@ -33,4 +57,4 @@ distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
-
+```

openshift/full_config.yaml

@@ -0,0 +1,143 @@
+# To deploy
+# 1. Replace the two instances of <NAMESPACE> with the namespace you are deploying this too (ie abc123-dev)
+# 2. In OpenShift go to the namespace and click the + in the top bar to add a YAML file. Copy and paste this entire file and click create.
+# 3. Run the Github action to deploy the image to the ImageStream which should automatically cause the app to start.
+
+kind: ImageStream
+apiVersion: image.openshift.io/v1
+metadata:
+  name: h-drive-email
+  labels:
+    app: h-drive-email
+spec:
+  lookupPolicy:
+    local: false
+
+---
+
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  annotations:
+    image.openshift.io/triggers: '[{"from":{"kind":"ImageStreamTag","name":"h-drive-email:latest","namespace":"<NAMESPACE>"},"fieldPath":"spec.template.spec.containers[?(@.name==\"container\")].image","pause":"false"}]'
+  name: h-drive-email
+  labels:
+    app: h-drive-email
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: h-drive-email
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        app: h-drive-email
+    spec:
+      containers:
+        - name: container
+          image: 'image-registry.openshift-image-registry.svc:5000/<NAMESPACE>/h-drive-email@latest'
+          ports:
+            - containerPort: 8501
+              protocol: TCP
+          env:
+            - name: POSTGRES_PASSWORD
+              value: database_password
+            - name: LDAP_USER
+              value: AD username
+            - name: EMAIL_SENDLIST
+              value: '[email protected],[email protected],[email protected]'
+            - name: EMAIL_OMITLIST
+              value: '[email protected],[email protected]'
+            - name: SMTP_SERVER
+              value: apps.smtp.gov.bc.ca
+            - name: POSTGRES_HOST
+              value: localhost
+            - name: DEBUG_IDIR
+              value: jsmith
+            - name: DEBUG_EMAIL
+              value: [email protected]
+            - name: POSTGRES_USER
+              value: database_user
+            - name: LDAP_PASSWORD
+              value: AD password
+            - name: GRAPH_FILE_PATH
+              value: /tmp/graph.png
+            - name: GOLD_STAR_FILE_PATH
+              value: gold-star.png
+          resources:
+            requests:
+              cpu: 5m
+              memory: 128Mi
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: File
+          imagePullPolicy: IfNotPresent
+      restartPolicy: Always
+      terminationGracePeriodSeconds: 30
+      dnsPolicy: ClusterFirst
+      securityContext: {}
+      schedulerName: default-scheduler
+  strategy:
+    type: Recreate
+  revisionHistoryLimit: 10
+  progressDeadlineSeconds: 600
+
+---
+
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: h-drive-email
+  labels:
+    app: h-drive-email
+spec:
+  podSelector:
+    matchLabels:
+      app: h-drive-email
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              network.openshift.io/policy-group: ingress
+  policyTypes:
+    - Ingress
+
+---
+
+kind: Service
+apiVersion: v1
+metadata:
+  name: h-drive-email
+  labels:
+    app: h-drive-email
+spec:
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8501
+  selector:
+    app: h-drive-email
+
+---
+
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: h-drive-email
+  annotations:
+    haproxy.router.openshift.io/ip_whitelist: 142.34.53.0/24 142.22.0.0/15 142.24.0.0/13 142.32.0.0/13
+  labels:
+    app: h-drive-email
+spec:
+  host: 
+  path: /
+  to:
+    kind: Service
+    name: h-drive-email
+    weight: 100
+  port:
+    targetPort: 8501
+  tls:
+    termination: edge
+    insecureEdgeTerminationPolicy: Redirect
+  wildcardPolicy: None