Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

EMSEDT-186: Data Validation #58

Closed
wants to merge 8 commits into from
Closed

EMSEDT-186: Data Validation #58

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
2271f8c
update to docker file and removing some debugging elements from screen
vmanawat Feb 20, 2025
7fbe9eb
updating dockerfile and resource limits
vmanawat Feb 20, 2025
f8ca46b
updating db yaml
vmanawat Feb 20, 2025
c855a5d
fixing all yaml files
vmanawat Feb 20, 2025
0679cd4
keycloak vars
vmanawat Feb 20, 2025
5f15a05
commenting lock service
vmanawat Feb 20, 2025
88e4264
uncommenting lock service + update to caddy file
vmanawat Feb 20, 2025
e7ffd3a
revert caddy file
vmanawat Feb 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions backend/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,8 +37,8 @@ COPY --from=build /app/dist ./dist

# Ports, health check and non-root user
EXPOSE 3000
HEALTHCHECK --interval=30s --timeout=3s CMD curl -f http://localhost/:3000/api || exit 1
HEALTHCHECK --interval=30s --timeout=3s CMD curl -f http://localhost/:3000 || exit 1
USER nonroot

# Start up command with 50MB of heap size, each application needs to determine what is the best value. DONT use default as it is 4GB.
CMD ["--max-old-space-size=50", "/app/dist/main"]
CMD ["--max-old-space-size=360", "/app/dist/main"]
25 changes: 16 additions & 9 deletions charts/app/templates/backend/templates/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,10 @@ spec:
labels:
{{- include "backend.labels" . | nindent 8 }}
spec:
volumes:
- name: obs-temp-files
persistentVolumeClaim:
claimName: {{ .Release.Name }}-obs-temp-files-pvc
{{- if .Values.backend.podSecurityContext }}
securityContext:
{{- toYaml .Values.backend.podSecurityContext | nindent 12 }}
Expand All @@ -34,12 +38,12 @@ spec:
imagePullPolicy: {{ default "Always" .Values.backend.imagePullPolicy }}
envFrom:
- secretRef:
name: {{.Release.Name}}
name: {{.Release.Name}}-flyway
env:
- name: FLYWAY_BASELINE_ON_MIGRATE
value: "true"
- name: FLYWAY_DEFAULT_SCHEMA
value: "USERS"
value: "enmods"
- name: FLYWAY_CONNECT_RETRIES
value: "10"
resources:
Expand All @@ -59,7 +63,7 @@ spec:
imagePullPolicy: {{ default "Always" .Values.backend.imagePullPolicy }}
envFrom:
- secretRef:
name: {{.Release.Name}}
name: {{.Release.Name}}-backend
env:
- name: LOG_LEVEL
value: info
Expand All @@ -69,7 +73,7 @@ spec:
protocol: TCP
readinessProbe:
httpGet:
path: /api/health
path: /api
port: http
scheme: HTTP
initialDelaySeconds: 5
Expand All @@ -81,19 +85,22 @@ spec:
successThreshold: 1
failureThreshold: 3
httpGet:
path: /api/health
path: /api
port: 3000
scheme: HTTP
initialDelaySeconds: 15
periodSeconds: 30
timeoutSeconds: 5
resources: # this is optional
limits:
cpu: 250m
memory: 250Mi
cpu: 300m
memory: 400Mi
requests:
cpu: 100m
memory: 150Mi
memory: 200Mi
volumeMounts:
- name: obs-temp-files
mountPath: /app/src/tempObsFiles
{{- with .Values.backend.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
Expand All @@ -117,4 +124,4 @@ spec:
- {{ .Release.Name }}
topologyKey: "kubernetes.io/hostname"

{{- end }}
{{- end }}
19 changes: 18 additions & 1 deletion charts/app/templates/frontend/templates/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,23 @@ spec:
value: "http://{{ .Release.Name }}-backend"
- name: LOG_LEVEL
value: "info"
- name: NODE_TLS_REJECT_UNAUTHORIZED
value: "0"
- name: KEYCLOAK_URL
valueFrom:
secretKeyRef:
name: react-app
key: keycloak-url
- name: KEYCLOAK_REALM
valueFrom:
secretKeyRef:
name: react-app
key: keycloak-realm
- name: KEYCLOAK_CLIENT_ID
valueFrom:
secretKeyRef:
name: react-app
key: keycloak-client-id
ports:
- name: http
containerPort: 3000
Expand Down Expand Up @@ -87,4 +104,4 @@ spec:
- {{ .Release.Name }}
topologyKey: "kubernetes.io/hostname"

{{- end }}
{{- end }}
173 changes: 155 additions & 18 deletions charts/app/templates/secret.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,41 +1,178 @@
{{- if and .Values.global.secrets .Values.global.secrets.enabled}}
{{- $databaseUser := .Values.global.secrets.databaseUser| default "quickstart" }}
{{- $databaseUser := .Values.global.secrets.databaseUser| default "postgres" }}
{{- $databaseSchema := .Values.global.secrets.databaseSchema| default "enmods" }}
{{- $databasePassword := .Values.global.secrets.databasePassword | default (randAlphaNum 10) }}
{{- $secretObj := (lookup "v1" "Secret" .Release.Namespace .Release.Name ) | default dict }}
{{- $secretObj := (lookup "v1" "Secret" .Release.Namespace "nr-enmods-dar") | default dict }}
{{- $secretData := (get $secretObj "data") | default dict }}
# set below to existing secret data or generate a random one when not exists
{{- $databasePassword = (get $secretData "databasePassword") | default ($databasePassword | b64enc) }}
{{- $databaseName := .Values.global.secrets.databaseName| default "quickstart" }}
{{- $databasePassword = (get $secretData "databasePassword" | default ($databasePassword | b64enc)) }}
{{- $databaseName := .Values.global.secrets.databaseName| default "postgres" }}
{{- $host := printf "%s-%s:5432" .Release.Name .Values.global.databaseAlias }}
{{- $hostWithoutPort := printf "%s-%s" .Release.Name .Values.global.databaseAlias }}
{{- $databaseURL := printf "postgresql://%s:%s@%s/%s?connection_limit=100&pool_limit=50" $databaseUser (b64dec $databasePassword) $host $databaseName }}
{{- $databaseJDBCURL := printf "jdbc:postgresql://%s:%s@%s/%s" $databaseUser (b64dec $databasePassword) $host $databaseName }}
{{- $databaseJDBCURLNoCreds := printf "jdbc:postgresql://%s/%s" $host $databaseName }}
{{- $databasePort := (get $secretData "databasePort") | default "5432" }}

#-- backend
{{- $prismaLogging := (get $secretData "prismaLogging" | b64dec | default "") }}
{{- $keycloakClientId := (get $secretData "keycloakClientId" | b64dec | default "") }}
{{- $jwksUri := (get $secretData "jwksUri" | b64dec | default "") }}
{{- $jwtIssuer := (get $secretData "jwtIssuer" | b64dec | default "") }}
{{- $usersApiBaseUrl := (get $secretData "usersApiBaseUrl" | b64dec | default "") }}
{{- $cssEnvironment := (get $secretData "cssEnvironment" | b64dec | default "") }}
{{- $integrationId := (get $secretData "integrationId" | b64dec | default "") }}
{{- $usersApiTokenUrl := (get $secretData "usersApiTokenUrl" | b64dec | default "") }}
{{- $usersApiClientId := (get $secretData "usersApiClientId" | b64dec | default "") }}
{{- $usersApiClientSecret := (get $secretData "usersApiClientSecret" | b64dec | default "") }}
{{- $aqiBaseUrl := (get $secretData "aqiBaseUrl" | b64dec | default "") }}
{{- $aqiAccessToken := (get $secretData "aqiAccessToken" | b64dec | default "") }}
{{- $chesTokenUrl := (get $secretData "chesTokenUrl" | b64dec | default "") }}
{{- $chesEmailUrl := (get $secretData "chesEmailUrl" | b64dec | default "") }}
{{- $chesClientId := (get $secretData "chesClientId" | b64dec | default "") }}
{{- $chesClientSecret := (get $secretData "chesClientSecret" | b64dec | default "") }}
{{- $webappUrl := (get $secretData "webappUrl" | b64dec | default "") }}
{{- $ftpPath := (get $secretData "ftpPath" | b64dec | default "") }}
{{- $ftpHost := (get $secretData "ftpHost" | b64dec | default "") }}
{{- $ftpPort := (get $secretData "ftpPort" | b64dec | default "") }}
{{- $ftpUser := (get $secretData "ftpUser" | b64dec | default "") }}
{{- $ftpPassword := (get $secretData "ftpPassword" | b64dec | default "") }}
{{- $databaseServiceName := (get $secretData "databaseServiceName" | b64dec | default "") }}
{{- $objectstoreAccessKey := (get $secretData "objectstoreAccessKey" | b64dec | default "") }}
{{- $objectstoreUrl := (get $secretData "objectstoreUrl" | b64dec | default "") }}
{{- $objectstoreBucket := (get $secretData "objectstoreBucket" | b64dec | default "") }}
{{- $objectstoreBucketName := (get $secretData "objectstoreBucketName" | b64dec | default "") }}
{{- $objectstoreSecretKey := (get $secretData "objectstoreSecretKey" | b64dec | default "") }}
{{- $comsUri := (get $secretData "comsUri" | b64dec | default "") }}
{{- $comsBucketId := (get $secretData "comsBucketId" | b64dec | default "") }}


#-- frontend

{{- $apiName := (get $secretData "apiName" | b64dec | default "") }}
{{- $baseUrl := (get $secretData "baseUrl" | b64dec | default "") }}
{{- $reactAppApiUrl := .Values.global.secrets.reactAppApiUrl| default "/api" }}
{{- $reactAppKeycloakUrl := (get $secretData "reactAppKeycloakUrl" | b64dec | default "") }}
# {{- $reactAppKeycloakUrl2 := (get $secretData "reactAppKeycloakUrl2" | b64dec | default "") }}
{{- $reactAppKeycloakRealm := (get $secretData "reactAppKeycloakRealm" | b64dec | default "") }}
{{- $reactAppKeycloakClientId := (get $secretData "reactAppKeycloakClientId" | b64dec | default "") }}
# {{- $reactAppKeycloakUser := (get $secretData "reactAppKeycloakUser" | b64dec | default "") }}
# {{- $reactAppKeycloakPassword := (get $secretData "reactAppKeycloakPassword" | b64dec | default "") }}
#-- backup
{{- $backupDir := (get $secretData "backupDir" | b64dec | default "") }}
{{- $backupStrategy := (get $secretData "backupStrategy" | b64dec | default "") }}
{{- $numBackups := (get $secretData "numBackups" | b64dec | default "") }}
{{- $dailyBackups := (get $secretData "dailyBackups" | b64dec | default "") }}
{{- $weeklyBackups := (get $secretData "weeklyBackups" | b64dec | default "") }}
{{- $monthlyBackups := (get $secretData "monthlyBackups" | b64dec | default "") }}


---
apiVersion: v1
kind: Secret
metadata:
name: {{ .Release.Name }}
name: {{ .Release.Name }}-backend
labels: {{- include "labels" . | nindent 4 }}
{{- if .Values.global.secrets.persist }}
annotations:
helm.sh/resource-policy: keep
{{- end }}
data:
databasePassword: {{ $databasePassword | quote }}
postgres-password: {{ $databasePassword | quote }}
password: {{ $databasePassword | quote }}
databaseUser: {{ $databaseUser | b64enc | quote }}
databaseName: {{ $databaseName | b64enc | quote }}
databaseURL: {{ $databaseURL | b64enc | quote }}
databaseJDBCURL: {{ $databaseJDBCURL | b64enc | quote }}
databaseJDBCURLNoCreds: {{ $databaseJDBCURLNoCreds | b64enc | quote }}
FLYWAY_URL: {{ $databaseJDBCURLNoCreds | b64enc | quote }}
FLYWAY_USER: {{ $databaseUser | b64enc | quote }}
FLYWAY_PASSWORD: {{ $databasePassword | quote }}
# BACKEND Secrets
POSTGRES_PASSWORD: {{ $databasePassword | quote }}
POSTGRES_USER: {{ $databaseUser | b64enc | quote }}
POSTGRES_USER: {{ $databaseUser | b64enc | quote }}
POSTGRES_DATABASE: {{ $databaseName | b64enc | quote }}
POSTGRES_HOST: {{ $hostWithoutPort | b64enc | quote }}
POSTGRESQL_URL: {{ $databaseURL | b64enc | quote }}
POSTGRES_PORT: {{ $databasePort | b64enc | quote }}
POSTGRES_SCHEMA: {{ $databaseSchema | b64enc | quote }}
PRISMA_LOGGING: {{ $prismaLogging | b64enc | quote }}
KEYCLOAK_CLIENT_ID: {{ $keycloakClientId | b64enc | quote }}
JWKS_URI: {{ $jwksUri | b64enc | quote }}
JWT_ISSUER: {{ $jwtIssuer | b64enc | quote }}
USERS_API_BASE_URL: {{ $usersApiBaseUrl | b64enc | quote }}
CSS_ENVIRONMENT: {{ $cssEnvironment | b64enc | quote }}
INTEGRATION_ID: {{ $integrationId | b64enc | quote }}
USERS_API_TOKEN_URL: {{ $usersApiTokenUrl | b64enc | quote }}
USERS_API_CLIENT_ID: {{ $usersApiClientId | b64enc | quote }}
USERS_API_CLIENT_SECRET: {{ $usersApiClientSecret | b64enc | quote }}
AQI_BASE_URL: {{ $aqiBaseUrl | b64enc | quote }}
AQI_ACCESS_TOKEN: {{ $aqiAccessToken | b64enc | quote }}
CHES_TOKEN_URL: {{ $chesTokenUrl | b64enc | quote }}
CHES_EMAIL_URL: {{ $chesEmailUrl | b64enc | quote }}
CHES_CLIENT_ID: {{ $chesClientId | b64enc | quote }}
CHES_CLIENT_SECRET: {{ $chesClientSecret | b64enc | quote }}
WEBAPP_URL: {{ $webappUrl | b64enc | quote }}
FTP_PATH: {{ $ftpPath | b64enc | quote }}
FTP_HOST: {{ $ftpHost | b64enc | quote }}
FTP_PORT: {{ $ftpPort | b64enc | quote }}
FTP_USER: {{ $ftpUser | b64enc | quote }}
FTP_PASSWORD: {{ $ftpPassword | b64enc | quote }}
# BACKUP Secrets - unsure if needed
BACKUP_DIR: {{ $backupDir | b64enc | quote }}
BACKUP_STRATEGY: {{ $backupStrategy | b64enc | quote }}
NUM_BACKUPS: {{ $numBackups | b64enc | quote }}
DAILY_BACKUPS: {{ $dailyBackups | b64enc | quote }}
WEEKLY_BACKUPS: {{ $weeklyBackups | b64enc | quote }}
MONTHLY_BACKUPS: {{ $monthlyBackups | b64enc | quote }}
DATABASE_SERVICE_NAME: {{ $databaseServiceName | b64enc | quote }}
OBJECTSTORE_ACCESS_KEY: {{ $objectstoreAccessKey | b64enc | quote }}
OBJECTSTORE_URL: {{ $objectstoreUrl | b64enc | quote }}
OBJECTSTORE_BUCKET: {{ $objectstoreBucket | b64enc | quote }}
OBJECTSTORE_BUCKET_NAME: {{ $objectstoreBucketName | b64enc | quote }}
OBJECTSTORE_SECRET_KEY: {{ $objectstoreSecretKey | b64enc | quote }}
COMS_URI: {{ $comsUri | b64enc | quote }}
COMS_BUCKET_ID: {{ $comsBucketId | b64enc | quote }}

---
apiVersion: v1
kind: Secret
metadata:
name: {{ .Release.Name }}-frontend
labels: {{- include "labels" . | nindent 4 }}
{{- if .Values.global.secrets.persist }}
annotations:
helm.sh/resource-policy: keep
{{- end }}
data:
# FRONTEND Secrets
PORT: {{ .Values.global.secrets.port | b64enc }}
REACT_APP_API_URL: {{ .Values.global.secrets.reactAppApiUrl | b64enc | quote }}
REACT_APP_KEYCLOAK_URL: {{ $reactAppKeycloakUrl | b64enc | quote }}
REACT_APP_KEYCLOAK_URL_2: {{ $reactAppKeycloakUrl2 | b64enc | quote }}
REACT_APP_KEYCLOAK_REALM: {{ $reactAppKeycloakRealm | b64enc | quote }}
REACT_APP_KEYCLOAK_CLIENT_ID: {{ $reactAppKeycloakClientId | b64enc | quote }}
REACT_APP_KEYCLOAK_USER: {{ $reactAppKeycloakUser | b64enc | quote }}
REACT_APP_KEYCLOAK_PASSWORD: {{ $reactAppKeycloakPassword | b64enc | quote }}

---
apiVersion: v1
kind: Secret
metadata:
name: {{ .Release.Name }}-flyway
labels: {{- include "labels" . | nindent 4 }}
{{- if .Values.global.secrets.persist }}
annotations:
helm.sh/resource-policy: keep
{{- end }}
data:
# FLYWAY Secrets
FLYWAY_URL: {{ $databaseJDBCURLNoCreds | b64enc | quote }}
FLYWAY_USER: {{ $databaseUser | b64enc | quote }}
FLYWAY_PASSWORD: {{ $databasePassword | quote }}

---
apiVersion: v1
kind: Secret
metadata:
name: {{ .Release.Name }}-database
labels: {{- include "labels" . | nindent 4 }}
{{- if .Values.global.secrets.persist }}
annotations:
helm.sh/resource-policy: keep
{{- end }}
data:
postgres-password: {{ $databasePassword | quote }}
password: {{ $databasePassword | quote }}

{{- end }}
{{- end }}
Loading
Loading