From d802934ff15bf677435cec5dda0576d7efb7aa2b Mon Sep 17 00:00:00 2001 From: Mulder Date: Mon, 6 Jan 2025 09:22:52 -0800 Subject: [PATCH] OpenShift config --- .env.example | 23 ++++++ README.md | 48 +++++++++---- openshift/full_config.yaml | 143 +++++++++++++++++++++++++++++++++++++ 3 files changed, 202 insertions(+), 12 deletions(-) create mode 100644 .env.example create mode 100644 openshift/full_config.yaml diff --git a/.env.example b/.env.example new file mode 100644 index 0000000..53163cc --- /dev/null +++ b/.env.example @@ -0,0 +1,23 @@ +#Based on constants.py file +SMTP_SERVER=apps.smtp.gov.bc.ca +#(DEBUG is synonymous with ADMIN, and gets report/error emails) +DEBUG_IDIR=jsmith +DEBUG_EMAIL=john.smith@gov.bc.ca +EMAIL_SENDLIST=recipient1@gov.bc.ca,recipient2@gov.bc.ca,recipient3@gov.bc.ca +#(Email Sendlist alternative format for Outlook:) +EMAIL_SENDLIST=smith, john FLNR:EX ; smith, jane IIT:EX +EMAIL_OMITLIST=do-not-send1@gov.bc.ca,do-not-send2@gov.bc.ca + +POSTGRES_USER=database_user +POSTGRES_PASSWORD=database_password +POSTGRES_HOST=localhost + +LDAP_USER=AD username +LDAP_PASSWORD=AD password + +#(On Windows machines:) +GRAPH_FILE_PATH=graph.png +GOLD_STAR_FILE_PATH=send-usage-emails/gold-star.png +#(On Linux machines:) +#GRAPH_FILE_PATH=/tmp/graph.png +#GOLD_STAR_FILE_PATH=gold-star.png \ No newline at end of file diff --git a/README.md b/README.md index 5894f24..4ab5035 100644 --- a/README.md +++ b/README.md @@ -1,25 +1,49 @@ # H-Drive-Email -## Deploying New Code +## Purpose + + + +## Run Locally +To run locally +1. Ensure you have docker installed +1. Create a local `.env` file (can use `.env.example` as a starting point. It's based on `constants.py`) +1. Run `docker build --no-cache -t h-drive-email .` +1. Once built, you can start it using `docker run --env-file .env -p 8501:8501 h-drive-email` +1. Go to `localhost:8501` + +## Initial Setup in OpenShift +To quickly get you started in a new namespace, follow these steps. +1. In the OpenShift Folder there is a `full_config.yaml` file +1. Replace the two instances of `` with the namespace you are installing this on (ie `abc123-dev`) +1. In OpenShift, click the `+` button on the top bar +1. Copy and Paste the YAML file into the page +1. Click `Create` which will automatically create all the required components for the application to function: + 1. Deployment + 1. Service + 1. Route + 1. Network Policy + 1. ImageStream +1. Follow the `Github Action Setup` steps below and trigger the workflow. This should then automatically cause the container to start. Since we are using an ImageStream with Auto Redeploy's configured in the Deployment, anytime you trigger the workflow it will automatically redeploy the application. + +#### To Note: +- Route is configured to require being on a BC Gov Network +- The Environment Variables in OpenShift are in the Deployment. +- The application will automatically restart with the latest image from the last build.yml run + +## GitHub Action Setup The build.yml github action will build the Dockerfile and push it to the OpenShift ImageStream you have configured. The Deployment in OpenShift is configured to update when there is a new image available so it will restart. -Before you can run the workflow, ensure you have these variables and secrets configured: +Before you can run the workflow, ensure you have these variables and secrets configured in the Repo: - `OPENSHIFT_IMAGESTREAM_URL` variable - - Looks like `image-registry.apps.silver.devops.gov.bc.ca/NAMESPACE/` (including -dev, test, prod or tools) + - Looks like: `image-registry.apps.silver.devops.gov.bc.ca/NAMESPACE/` (including -dev, test, prod or tools) - `OPENSHIFT_IMAGESTREAM_USERNAME` secret - You can use the Pipeline user - `OPENSHIFT_IMAGESTREAM_TOKEN` secret - You can use the Pipeline Token (From pipeline-token-xxxxxxxx) -## OpenShift Components -- Deployment -- Service -- Route -- Network Policies to allow inbound traffic -- Configmap -- ImageStream (autogenerated on first push from Github - ## License +``` Copyright 2025 Province of British Columbia Licensed under the Apache License, Version 2.0 (the "License"); @@ -33,4 +57,4 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - +``` \ No newline at end of file diff --git a/openshift/full_config.yaml b/openshift/full_config.yaml new file mode 100644 index 0000000..39786eb --- /dev/null +++ b/openshift/full_config.yaml @@ -0,0 +1,143 @@ +# To deploy +# 1. Replace the two instances of with the namespace you are deploying this too (ie abc123-dev) +# 2. In OpenShift go to the namespace and click the + in the top bar to add a YAML file. Copy and paste this entire file and click create. +# 3. Run the Github action to deploy the image to the ImageStream which should automatically cause the app to start. + +kind: ImageStream +apiVersion: image.openshift.io/v1 +metadata: + name: h-drive-email + labels: + app: h-drive-email +spec: + lookupPolicy: + local: false + +--- + +kind: Deployment +apiVersion: apps/v1 +metadata: + annotations: + image.openshift.io/triggers: '[{"from":{"kind":"ImageStreamTag","name":"h-drive-email:latest","namespace":""},"fieldPath":"spec.template.spec.containers[?(@.name==\"container\")].image","pause":"false"}]' + name: h-drive-email + labels: + app: h-drive-email +spec: + replicas: 1 + selector: + matchLabels: + app: h-drive-email + template: + metadata: + creationTimestamp: null + labels: + app: h-drive-email + spec: + containers: + - name: container + image: 'image-registry.openshift-image-registry.svc:5000//h-drive-email@latest' + ports: + - containerPort: 8501 + protocol: TCP + env: + - name: POSTGRES_PASSWORD + value: database_password + - name: LDAP_USER + value: AD username + - name: EMAIL_SENDLIST + value: 'recipient1@gov.bc.ca,recipient2@gov.bc.ca,recipient3@gov.bc.ca' + - name: EMAIL_OMITLIST + value: 'do-not-send1@gov.bc.ca,do-not-send2@gov.bc.ca' + - name: SMTP_SERVER + value: apps.smtp.gov.bc.ca + - name: POSTGRES_HOST + value: localhost + - name: DEBUG_IDIR + value: jsmith + - name: DEBUG_EMAIL + value: john.smith@gov.bc.ca + - name: POSTGRES_USER + value: database_user + - name: LDAP_PASSWORD + value: AD password + - name: GRAPH_FILE_PATH + value: /tmp/graph.png + - name: GOLD_STAR_FILE_PATH + value: gold-star.png + resources: + requests: + cpu: 5m + memory: 128Mi + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + imagePullPolicy: IfNotPresent + restartPolicy: Always + terminationGracePeriodSeconds: 30 + dnsPolicy: ClusterFirst + securityContext: {} + schedulerName: default-scheduler + strategy: + type: Recreate + revisionHistoryLimit: 10 + progressDeadlineSeconds: 600 + +--- + +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: h-drive-email + labels: + app: h-drive-email +spec: + podSelector: + matchLabels: + app: h-drive-email + ingress: + - from: + - namespaceSelector: + matchLabels: + network.openshift.io/policy-group: ingress + policyTypes: + - Ingress + +--- + +kind: Service +apiVersion: v1 +metadata: + name: h-drive-email + labels: + app: h-drive-email +spec: + ports: + - protocol: TCP + port: 80 + targetPort: 8501 + selector: + app: h-drive-email + +--- + +kind: Route +apiVersion: route.openshift.io/v1 +metadata: + name: h-drive-email + annotations: + haproxy.router.openshift.io/ip_whitelist: 142.34.53.0/24 142.22.0.0/15 142.24.0.0/13 142.32.0.0/13 + labels: + app: h-drive-email +spec: + host: + path: / + to: + kind: Service + name: h-drive-email + weight: 100 + port: + targetPort: 8501 + tls: + termination: edge + insecureEdgeTerminationPolicy: Redirect + wildcardPolicy: None \ No newline at end of file