Skip to content

Commit

Permalink
Created overlays/prod (not all cronjob resources).
Browse files Browse the repository at this point in the history
  • Loading branch information
@ropable
ropable committed Oct 17, 2023
1 parent 9324add commit 188feb1
Show file tree
Hide file tree
Showing 11 changed files with 291 additions and 0 deletions.
9 changes: 9 additions & 0 deletions kustomize/overlays/prod/clusterip_patch.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
apiVersion: v1
kind: Service
metadata:
name: itassets-clusterip
spec:
type: ClusterIP
selector:
app: itassets
variant: prod
12 changes: 12 additions & 0 deletions kustomize/overlays/prod/cronjobs/ascender-csv-upload/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../template
nameSuffix: -ascender-csv-upload
patches:
- target:
group: batch
version: v1
kind: CronJob
name: itassets-cronjob
path: patch.yaml
6 changes: 6 additions & 0 deletions kustomize/overlays/prod/cronjobs/ascender-csv-upload/patch.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
- op: replace
path: /spec/schedule
value: "* * * * *"
- op: replace
path: /spec/jobTemplate/spec/template/spec/containers/0/args
value: ["manage.py", "department_users_upload_ascender_sftp", "--help"]
12 changes: 12 additions & 0 deletions kustomize/overlays/prod/cronjobs/deptusers-audit-email/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../template
nameSuffix: -deptusers-audit-email
patches:
- target:
group: batch
version: v1
kind: CronJob
name: itassets-cronjob
path: patch.yaml
6 changes: 6 additions & 0 deletions kustomize/overlays/prod/cronjobs/deptusers-audit-email/patch.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
- op: replace
path: /spec/schedule
value: "* * * * *"
- op: replace
path: /spec/jobTemplate/spec/template/spec/containers/0/args
value: ["manage.py", "--help"]
53 changes: 53 additions & 0 deletions kustomize/overlays/prod/deployment_patch.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: itassets-deployment
spec:
selector:
matchLabels:
app: itassets-prod
variant: uat
template:
metadata:
labels:
app: itassets-prod
spec:
containers:
- name: itassets
imagePullPolicy: IfNotPresent
env:
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: itassets-env-uat
key: DATABASE_URL
- name: SECRET_KEY
valueFrom:
secretKeyRef:
name: itassets-env-uat
key: SECRET_KEY
- name: ADMIN_EMAILS
valueFrom:
secretKeyRef:
name: itassets-env-uat
key: ADMIN_EMAILS
- name: EMAIL_HOST
valueFrom:
secretKeyRef:
name: itassets-env-uat
key: EMAIL_HOST
- name: AZURE_ACCOUNT_NAME
valueFrom:
secretKeyRef:
name: itassets-env-uat
key: AZURE_ACCOUNT_NAME
- name: AZURE_ACCOUNT_KEY
valueFrom:
secretKeyRef:
name: itassets-env-uat
key: AZURE_ACCOUNT_KEY
- name: AZURE_CONTAINER
valueFrom:
secretKeyRef:
name: itassets-env-uat
key: AZURE_CONTAINER
17 changes: 17 additions & 0 deletions kustomize/overlays/prod/ingress.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: itassets-ingress
spec:
ingressClassName: nginx
rules:
- host: itassets.dbca.wa.gov.au
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: itassets-clusterip-prod
port:
number: 8080
25 changes: 25 additions & 0 deletions kustomize/overlays/prod/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
nameSuffix: -prod
secretGenerator:
- name: itassets-env
type: Opaque
envs:
- .env
resources:
- ../../base
- ingress.yaml
- cronjobs/ascender-csv-upload
- cronjobs/deptusers-audit-email
labels:
- includeSelectors: true
pairs:
app: itassets
variant: prod
images:
- name: ghcr.io/dbca-wa/it-assets
newTag: 2.4.4
patches:
- path: clusterip_patch.yaml
- path: deployment_patch.yaml
- path: pdb_patch.yaml
9 changes: 9 additions & 0 deletions kustomize/overlays/prod/pdb_patch.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: itassets-pdb
spec:
selector:
matchLabels:
app: itassets
variant: prod
138 changes: 138 additions & 0 deletions kustomize/template/cronjob.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,138 @@
apiVersion: batch/v1
kind: CronJob
metadata:
name: itassets-cronjob
spec:
schedule: ""
concurrencyPolicy: Forbid
jobTemplate:
spec:
parallelism: 1
activeDeadlineSeconds: 300
template:
spec:
restartPolicy: Never
containers:
- name: itassets-cronjob
image: ghcr.io/dbca-wa/it-assets
command: ["python"]
args: ["--version"]
env:
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: itassets-env-prod
key: DATABASE_URL
- name: EMAIL_HOST
valueFrom:
secretKeyRef:
name: itassets-env-prod
key: EMAIL_HOST
- name: ADMIN_EMAILS
valueFrom:
secretKeyRef:
name: itassets-env-prod
key: ADMIN_EMAILS
- name: AZURE_CONNECTION_STRING
valueFrom:
secretKeyRef:
name: itassets-env-prod
key: AZURE_CONNECTION_STRING
- name: MS_GRAPH_API_CLIENT_ID
valueFrom:
secretKeyRef:
name: itassets-env-prod
key: MS_GRAPH_API_CLIENT_ID
- name: MS_GRAPH_API_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: itassets-env-prod
key: MS_GRAPH_API_CLIENT_SECRET
- name: FOREIGN_DB_HOST
valueFrom:
secretKeyRef:
name: itassets-env-prod
key: FOREIGN_DB_HOST
- name: FOREIGN_DB_PORT
valueFrom:
secretKeyRef:
name: itassets-env-prod
key: FOREIGN_DB_PORT
- name: FOREIGN_DB_NAME
valueFrom:
secretKeyRef:
name: itassets-env-prod
key: FOREIGN_DB_NAME
- name: FOREIGN_DB_USERNAME
valueFrom:
secretKeyRef:
name: itassets-env-prod
key: FOREIGN_DB_USERNAME
- name: FOREIGN_DB_PASSWORD
valueFrom:
secretKeyRef:
name: itassets-env-prod
key: FOREIGN_DB_PASSWORD
- name: FOREIGN_SCHEMA
valueFrom:
secretKeyRef:
name: itassets-env-prod
key: FOREIGN_SCHEMA
- name: FOREIGN_SERVER
valueFrom:
secretKeyRef:
name: itassets-env-prod
key: FOREIGN_SERVER
- name: FOREIGN_TABLE
valueFrom:
secretKeyRef:
name: itassets-env-prod
key: FOREIGN_TABLE
- name: FOREIGN_TABLE_CC_MANAGER
valueFrom:
secretKeyRef:
name: itassets-env-prod
key: FOREIGN_TABLE_CC_MANAGER
- name: FRESHSERVICE_ENDPOINT
valueFrom:
secretKeyRef:
name: itassets-env-prod
key: FRESHSERVICE_ENDPOINT
- name: FRESHSERVICE_API_KEY
valueFrom:
secretKeyRef:
name: itassets-env-prod
key: FRESHSERVICE_API_KEY
- name: ASCENDER_SFTP_HOSTNAME
valueFrom:
secretKeyRef:
name: itassets-env-prod
key: ASCENDER_SFTP_HOSTNAME
- name: ASCENDER_SFTP_PORT
valueFrom:
secretKeyRef:
name: itassets-env-prod
key: ASCENDER_SFTP_PORT
- name: ASCENDER_SFTP_USERNAME
valueFrom:
secretKeyRef:
name: itassets-env-prod
key: ASCENDER_SFTP_USERNAME
- name: ASCENDER_SFTP_PASSWORD
valueFrom:
secretKeyRef:
name: itassets-env-prod
key: ASCENDER_SFTP_PASSWORD
- name: ASCENDER_SFTP_DIRECTORY
valueFrom:
secretKeyRef:
name: itassets-env-prod
key: ASCENDER_SFTP_DIRECTORY
securityContext:
runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: false
4 changes: 4 additions & 0 deletions kustomize/template/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- cronjob.yaml

0 comments on commit 188feb1

Please sign in to comment.