Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SPS-250 Creates Helm Chart for registration-service #2

Merged
merged 75 commits into from
Nov 25, 2024
Merged

SPS-250 Creates Helm Chart for registration-service #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
75 commits
Select commit Hold shift + click to select a range
04aab0c
SPS-250 Adds basic Drone file
Oct 17, 2024
fbc5526
SPS-250 Ensures Drone runs off of a push
Oct 17, 2024
e0b01dd
SPS-250 Changes file extension for Drone YML
Oct 17, 2024
7bc50b2
SPS-250 Removes older Drone file with invalid extension
Oct 17, 2024
c9767b7
SPS-250 Sets Helm image to Alpine image from Docker Hub
Oct 17, 2024
994913d
SPS-250 Sets Helm image to ukhomeoffice Quay Helm image
Oct 17, 2024
5af0331
SPS-250 Breaks up build steps and prints Kube versions
Oct 17, 2024
fcf41cc
SPS-250 Passes robot token to Helm
Oct 17, 2024
869d188
SPS-250 Passes KUBE_SERVER env variable to Helm
Oct 17, 2024
3ba9558
SPS-250 Validates how Drone shows secrets
Oct 17, 2024
fe5da04
SPS-250 Validates how Drone shows secrets
Oct 17, 2024
818c975
SPS-250 Validates how Drone shows secrets
Oct 17, 2024
ea0a4a4
SPS-250 Validates how Drone shows secrets
Oct 17, 2024
21d5a76
SPS-250 Validates how Drone shows secrets
Oct 17, 2024
8a7d292
SPS-250 Passes kube variables to Helm
Oct 17, 2024
cabcb0b
SPS-250 Validates how Drone shows secrets
Oct 17, 2024
618e761
SPS-250 Validates how Drone shows secrets
Oct 17, 2024
85925b5
SPS-250 Explicitly switch k8s context
Oct 17, 2024
b25da13
SPS-250 Prefixes env variables
Oct 17, 2024
a07eebe
SPS-250 Prefixes env variables
Oct 17, 2024
e112516
SPS-250 Switches to pod listing
Oct 17, 2024
b6ae267
SPS-250 Bumps Helm version
Oct 17, 2024
6add5e8
SPS-250 Passes kube context to Helm
Oct 17, 2024
010c010
SPS-250 Passes kube context to kubectl command
Oct 17, 2024
3b7b044
SPS-250 Fixes buildstep context name
Oct 17, 2024
7010332
SPS-250 Adds template for Deployment
Oct 17, 2024
cdc77f1
SPS-250 Removes unnecessary templates
Oct 17, 2024
2534978
SPS-250 Adds simple Dockerfile for registration service
Oct 18, 2024
7c1a415
SPS-250 Changes tag logic
Oct 18, 2024
476b7ff
SPS-250 Tests Docker pushes with personal credentials
Oct 18, 2024
b57cd35
Revert "SPS-250 Tests Docker pushes with personal credentials"
Oct 18, 2024
2578d42
SPS-250 Adds step for publishing Helm chart
Oct 18, 2024
4af4475
SPS-250 Adds basic Helm chart
Oct 18, 2024
a13bf51
SPS-254 Adds Helm values file for tactical database and updates README
Oct 22, 2024
ed9a898
Added liquibase config
chriswhunter89 Oct 21, 2024
d546f9c
Delete UserConfig.java
chriswhunter89 Oct 21, 2024
73137d3
Fix application.properties to use env vars
Oct 22, 2024
a76e08e
Remove UserConfig - no longer needed
Oct 22, 2024
b291292
Fix indentation
chriswhunter89 Oct 22, 2024
37aa45e
Fixed dependency injection
chriswhunter89 Oct 22, 2024
949a02d
Added authorname to changesets
chriswhunter89 Oct 22, 2024
e8e9c46
Add unique constraint on email field
chriswhunter89 Oct 22, 2024
9d60470
Adds local context to populate-users changeset and set's current cont…
chriswhunter89 Oct 23, 2024
9fcf918
Setup local springboot profile
chriswhunter89 Oct 23, 2024
5e42535
Add application-local.properties config
chriswhunter89 Oct 23, 2024
4f02b2c
Fixed formatting issue
Oct 23, 2024
b498aa9
Fixed typo
Oct 23, 2024
6fd708f
SPS-250 Adds simple values file for the dev environment
Oct 23, 2024
ae1c2a8
SPS-250 Adds simple values file for the dev environment
Oct 23, 2024
bc0d62b
SPS-250 Adds template for serviceaccount
Oct 23, 2024
2f65fea
SPS-250 Removes duplicate Chart
Oct 23, 2024
43f4492
SPS-250 Configures deployment to run image
Oct 23, 2024
c74b301
SPS-250 Sets author full name in the change logs
Oct 24, 2024
6bdc661
SPS-250 Changes env names for DB connectivity
Oct 24, 2024
165f566
SPS-250 Changes env names for DB connectivity
Oct 24, 2024
1a40fe9
SPS-250 Passed persistence nv variables through to deployment
Oct 24, 2024
7f9b65e
SPS-250 Takes Dockerfile from other branch
Oct 24, 2024
b5d6b8d
SPS-250 Removes .DS_Store files
Oct 24, 2024
ce9291b
SPS-250 Adds .DS_Store to gitignore
Oct 24, 2024
d6f11dc
SPS-250 Removes Helm step which is not ready
Oct 24, 2024
dd1a992
SPS-250 Fixes error with incorrect profile being set
Oct 24, 2024
ae087a6
SPS-250 Removes profile hardcoding
Oct 24, 2024
ac99908
SPS-250 Hardcodes profile to dsa-re-dev
Oct 24, 2024
9822f9b
SPS-250 Enables management probes
Oct 24, 2024
ce19417
SPS-250 Adds actuator libraries and bumps Java version to 21
Oct 24, 2024
fa04205
SPS-250 Configures probes to use actuator endpoints
Oct 24, 2024
bc90605
SPS-250 Configures probes
Oct 24, 2024
b76acf8
SPS-250 Adds Dynatrace feature flag to Deployment
Oct 24, 2024
be124f9
SPS-250 Separates serice port from container port
Oct 24, 2024
05c9284
SPS-230 Adds Dockerfile for tools image
Oct 28, 2024
3bd7ac0
Modified registerNewUser function to throw error to simulate problem …
chriswhunter89 Nov 4, 2024
fceb39e
Update table name in users.java
chriswhunter89 Nov 4, 2024
324286c
Merge branch 'main' into SPS-250-helm-deployment
Nov 20, 2024
abd2a7b
SPS-250 Removes deliberate exception added for testing
Nov 22, 2024
85cf0a7
SPS-250 Ensure ip specific egress for network policy
Nov 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Binary file removed .DS_Store
View file
Open in desktop
Binary file not shown.
3 changes: 3 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,3 +22,6 @@
# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
hs_err_pid*
replay_pid*

# MacOS files
.DS_Store
Binary file removed backend/.DS_Store
View file
Open in desktop
Binary file not shown.
61 changes: 61 additions & 0 deletions backend/registration-service/.drone.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
kind: pipeline
type: kubernetes
name: build-test

platform:
os: linux
arch: amd64

steps:

- name: docker
image: plugins/docker
settings:
dockerfile: backend/registration-service/Dockerfile
registry: quay.io
context: backend/registration-service
tags:
- latest
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note that this will likely change later, we probably don't want to be pushing to latest, or at the very least we want to push to a tag as well, whatever that might be.

repo: quay.io/ukhomeofficedigital/dsa-re-registration-service
username:
from_secret: ROBOT_QUAY_USER
password:
from_secret: ROBOT_QUAY_PASS

trigger:
event:
- push

# - name: debug-versions
# image: quay.io/ukhomeofficedigital/helm:3.15.4-build.1
# commands:
# - kubectl config set-cluster buildstep --server=$SHOWCASE_KUBE_SERVER
# - kubectl config set-credentials $SHOWCASE_KUBE_USER --token=$SHOWCASE_KUBE_TOKEN
# - kubectl config set-context buildstep --cluster=buildstep --user=$SHOWCASE_KUBE_USER --namespace=$SHOWCASE_KUBE_NAMESPACE
# - kubectl config use-context buildstep
# - helm version
# - kubectl --context=buildstep version
# - helm list --kube-context=buildstep
# - helm list --namespace=$SHOWCASE_KUBE_NAMESPACE --kube-apiserver=$SHOWCASE_KUBE_SERVER --kube-token=$SHOWCASE_KUBE_TOKEN
# environment:
# SHOWCASE_KUBE_USER:
# from_secret: KUBE_NAMESPACE_DEV
# SHOWCASE_KUBE_NAMESPACE:
# from_secret: KUBE_NAMESPACE_DEV
# SHOWCASE_KUBE_SERVER:
# from_secret: KUBE_SERVER_NOT_PROD
# SHOWCASE_KUBE_TOKEN:
# from_secret: KUBE_TOKEN_DEV

# - name: helm-test
# image: quay.io/ukhomeofficedigital/helm:v3.5.4
# commands:
# - helm version
# - kubectl version

# - name: helm-install
# image: quay.io/ukhomeofficedigital/helm:v3.5.4
# commands:
# - helm version
# - kubectl version

37 changes: 37 additions & 0 deletions backend/registration-service/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
# Stage 1 - Build Application

# Base image with JDK
FROM quay.io/ukhomeofficedigital/dsa-re-amazoncorretto:21.0.5-alpine3.20 AS builder

#Set working directory
WORKDIR /app

# Copy over maven wrapper files
COPY mvnw .
COPY mvnw.cmd .
COPY .mvn ./.mvn

# Ensure mvnw is executable
RUN chmod +x mvnw

# Copy over pom and application source code
COPY pom.xml .
COPY src ./src

# Compile code into jar
RUN ./mvnw clean install -Dskiptests

# Stage 2 - Run application
FROM quay.io/ukhomeofficedigital/dsa-re-amazoncorretto:21.0.5-alpine3.20

#Set working directory
WORKDIR /app

# Copy over jar from stage 1
COPY --from=builder app/target/registration-service-0.0.1-SNAPSHOT.jar app.jar

# Expose port
EXPOSE 8080

# Run Springboot app
ENTRYPOINT [ "java", "-jar", "app.jar" ]
6 changes: 5 additions & 1 deletion backend/registration-service/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@
<url/>
</scm>
<properties>
<java.version>19</java.version>
<java.version>21</java.version>
</properties>
<dependencies>
<dependency>
Expand All @@ -38,6 +38,10 @@
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
Expand Down
23 changes: 23 additions & 0 deletions backend/registration-service/registration-service-chart/.helmignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
5 changes: 5 additions & 0 deletions backend/registration-service/registration-service-chart/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
apiVersion: v2
name: registration-service
description: A Helm chart for deploying registration-service to Kubernetes
type: application
version: 0.1.0
62 changes: 62 additions & 0 deletions backend/registration-service/registration-service-chart/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "registration-service.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}

{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "registration-service.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}

{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "registration-service.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}

{{/*
Common labels
*/}}
{{- define "registration-service.labels" -}}
helm.sh/chart: {{ include "registration-service.chart" . }}
{{ include "registration-service.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}

{{/*
Selector labels
*/}}
{{- define "registration-service.selectorLabels" -}}
app.kubernetes.io/name: {{ include "registration-service.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

{{/*
Create the name of the service account to use
*/}}
{{- define "registration-service.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "registration-service.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
134 changes: 134 additions & 0 deletions backend/registration-service/registration-service-chart/templates/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,134 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "registration-service.fullname" . }}
labels:
{{- include "registration-service.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "registration-service.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "registration-service.labels" . | nindent 8 }}
{{- with .Values.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "registration-service.serviceAccountName" . }}
automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
securityContext:
fsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
{{- if((.Values.dynatrace).podRuntimeInjection).enabled }}
initContainers:
- name: install-oneagent
image: {{ (((.Values).dynatrace).podRuntimeInjection).image | default "quay.io/ukhomeofficedigital/alpine:v3.15" | quote }}
command:
- /bin/sh
args:
- -c
- ARCHIVE=$(mktemp) && time wget --no-check-certificate -O $ARCHIVE "$DT_API_URL/v1/deployment/installer/agent/unix/paas/latest?Api-Token=$DT_PAAS_TOKEN&$DT_ONEAGENT_OPTIONS" && time unzip -o -d /opt/dynatrace/oneagent $ARCHIVE && rm -f $ARCHIVE
env:
- name: DT_API_URL
valueFrom:
secretKeyRef:
name: registration-service-dynatrace-oneagent
key: api-url
- name: DT_PAAS_TOKEN
valueFrom:
secretKeyRef:
name: registration-service-dynatrace-oneagent
key: paas-installer-download-token
- name: DT_ONEAGENT_OPTIONS
value: flavor=multidistro&include=java
volumeMounts:
- mountPath: /opt/dynatrace/oneagent
name: {{ (((.Values).dynatrace).podRuntimeInjection).volumeName | default "oneagent" }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: "quay.io/ukhomeofficedigital/dsa-re-registration-service:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: 8080
livenessProbe:
httpGet:
path: /actuator/health/liveness
port: http
initialDelaySeconds: 30
periodSeconds: 30
readinessProbe:
httpGet:
path: /actuator/health/readiness
port: http
initialDelaySeconds: 60
periodSeconds: 30
resources:
{{- toYaml .Values.resources | nindent 12 }}
env:
- name: JAVA_OPTIONS
value: -Dspring.profiles.active={{ .Release.Namespace }}
- name: SHOWCASE_SERVICES_DB_ENDPOINT
valueFrom:
secretKeyRef:
name: {{ .Values.persistenceCredentialsSecretName }}
key: endpoint
- name: SHOWCASE_SERVICES_DB_PORT
valueFrom:
secretKeyRef:
name: {{ .Values.persistenceCredentialsSecretName }}
key: port
- name: SHOWCASE_SERVICES_DB_NAME
valueFrom:
secretKeyRef:
name: {{ .Values.persistenceCredentialsSecretName }}
key: default_db
- name: SHOWCASE_SERVICES_DB_USER
valueFrom:
secretKeyRef:
name: {{ .Values.persistenceCredentialsSecretName }}
key: username
- name: SHOWCASE_SERVICES_DB_PWD
valueFrom:
secretKeyRef:
name: {{ .Values.persistenceCredentialsSecretName }}
key: password
{{- if((.Values.dynatrace).podRuntimeInjection).enabled }}
- name: LD_PRELOAD
value: /opt/dynatrace/oneagent/agent/lib64/liboneagentproc.so
{{- end -}}
{{- if((.Values.dynatrace).podRuntimeInjection).enabled }}
volumeMounts:
- name: {{ (((.Values).dynatrace).podRuntimeInjection).volumeName | default "oneagent" }}
mountPath: /opt/dynatrace/oneagent
{{- end -}}
{{- if((.Values.dynatrace).podRuntimeInjection).enabled }}
volumes:
- name: {{ (((.Values).dynatrace).podRuntimeInjection).volumeName | default "oneagent" }}
emptyDir: {}
{{- end -}}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
29 changes: 29 additions & 0 deletions backend/registration-service/registration-service-chart/templates/networkpolicy.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ include "registration-service.fullname" . }}
labels:
{{- include "registration-service.labels" . | nindent 4 }}
spec:
ingress:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: {{ .Release.Namespace }}
egress:
- to:
{{- range .Values.namespaceToAllowEgress }}
- namespaceSelector:
matchLabels:
name: {{ . }}
{{- end }}
{{- range .Values.ipBlockToAllowEgress }}
- ipBlock:
cidr: {{ . }}
{{- end }}
podSelector:
matchLabels:
{{- include "registration-service.selectorLabels" . | nindent 6 }}
policyTypes:
- Ingress
- Egress
14 changes: 14 additions & 0 deletions backend/registration-service/registration-service-chart/templates/service.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "registration-service.fullname" . }}
labels:
{{- include "registration-service.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: http
protocol: TCP
selector:
{{- include "registration-service.selectorLabels" . | nindent 4 }}
Loading