From 2454c2b52f9718ced48afcf169e3de5b3d270fc9 Mon Sep 17 00:00:00 2001 From: Areeb Ahmed <135235925+areebahmeddd@users.noreply.github.com> Date: Fri, 21 Feb 2025 23:58:38 +0300 Subject: [PATCH 1/2] minor changes --- .gitignore | 28 +++++++++++++++------------- README.md | 2 +- 2 files changed, 16 insertions(+), 14 deletions(-) diff --git a/.gitignore b/.gitignore index 5451854..766016c 100644 --- a/.gitignore +++ b/.gitignore @@ -1,25 +1,29 @@ +# System files **/*/service_images.json **/*.pyc +._* # OSX leaves these everywhere on SMB shares +.DS_Store # OSX trash -# OSX leaves these everywhere on SMB shares -._* -terraform-aws-modules -# OSX trash -.DS_Store +# Terraform files +.history +*.terraform +*.tfstate +.terraform.lock.hcl -# Files generated by JetBrains IDEs, e.g. IntelliJ IDEA +# IDE files +## JetBrains (e.g. IntelliJ IDEA) .idea/ *.iml -# Vscode files +## Visual Studio Code .vscode -# Emacs save files +## Emacs save files *~ \#*\# .\#* -# Vim-related files +## Vim-related files [._]*.s[a-w][a-z] [._]s[a-w][a-z] *.un~ @@ -30,7 +34,5 @@ Session.vim **/charts/*.tgz *Chart.lock -.history -*.terraform -*.tfstate -.terraform.lock.hcl +# Terraform AWS modules +terraform-aws-modules diff --git a/README.md b/README.md index e9baa22..274d540 100644 --- a/README.md +++ b/README.md @@ -1 +1 @@ -# Care Deployment Config Template +# Care Deployment Configuration Templates From 5f5c1aefd634a7e6e664d5fccaebd23cf6058fba Mon Sep 17 00:00:00 2001 From: Areeb Ahmed <135235925+areebahmeddd@users.noreply.github.com> Date: Sat, 22 Feb 2025 12:18:46 +0300 Subject: [PATCH 2/2] update yaml files --- ClusterIssuer/cluster-issuer.yaml | 7 ++- certificate/certificate.yml | 7 ++- configmaps/care-configmap.yaml | 12 ++-- configmaps/care-fe-production.yaml | 19 ++++--- configmaps/nginx.yaml | 85 +++++++++++++++-------------- deployments/care-backend.yaml | 63 ++++++++++----------- deployments/care-celery-beat.yaml | 58 ++++++++++---------- deployments/care-celery-worker.yaml | 58 ++++++++++---------- deployments/care-fe.yaml | 19 ++++--- deployments/metabase.yaml | 16 +++--- deployments/nginx.yaml | 15 ++--- deployments/redis.yaml | 6 +- helm/scripts.sh | 16 +++--- hpa/care-backend.yaml | 3 +- hpa/care-celery-hpa.yaml | 3 +- hpa/care-fe.yaml | 3 +- hpa/nginx.yaml | 3 +- ingress/care.yaml | 60 ++++++++++---------- secrets/care-secrets.yaml | 73 +++++++++++++------------ secrets/metabase.yaml | 8 ++- services/care-fe.yaml | 3 +- services/care.yaml | 1 + services/metabase.yaml | 5 +- services/nginx.yaml | 1 + services/redis.yaml | 3 +- 25 files changed, 293 insertions(+), 254 deletions(-) diff --git a/ClusterIssuer/cluster-issuer.yaml b/ClusterIssuer/cluster-issuer.yaml index 5136b0b..7cde74a 100644 --- a/ClusterIssuer/cluster-issuer.yaml +++ b/ClusterIssuer/cluster-issuer.yaml @@ -2,13 +2,14 @@ apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: name: letsencrypt-production + spec: acme: email: 'email.id@example.in' - server: https://acme-v02.api.letsencrypt.org/directory + server: 'https://acme-v02.api.letsencrypt.org/directory' privateKeySecretRef: name: letsencrypt-production solvers: - - http01: - ingress: + - http01: + ingress: class: nginx diff --git a/certificate/certificate.yml b/certificate/certificate.yml index 22ebde1..37ff1ba 100644 --- a/certificate/certificate.yml +++ b/certificate/certificate.yml @@ -3,12 +3,13 @@ kind: Certificate metadata: name: care-tls namespace: default + spec: secretName: care-tls issuerRef: name: letsencrypt-production kind: ClusterIssuer dnsNames: - - care.demo.example.in - - careapi.demo.example.in - - metabase.demo.example.in + - care.demo.example.in + - careapi.demo.example.in + - metabase.demo.example.in diff --git a/configmaps/care-configmap.yaml b/configmaps/care-configmap.yaml index b8f1a85..5806b6c 100644 --- a/configmaps/care-configmap.yaml +++ b/configmaps/care-configmap.yaml @@ -4,20 +4,22 @@ metadata: name: care-production labels: app: care - env: staging + env: production namespace: default + data: POSTGRES_DB: 'care' POSTGRES_USER: 'postgres' POSTGRES_HOST: '' POSTGRES_PORT: '5432' + POSTGRES_PASSWORD: '' DJANGO_SETTINGS_MODULE: 'config.settings.production' DJANGO_SECURE_SSL_REDIRECT: 'False' USE_S3: 'False' AWS_STORAGE_BUCKET_NAME: 'care-patient-data-private-bucket' CSRF_TRUSTED_ORIGINS: '["http://care-django-production", "https://care.demo.example.in", "https://careapi.demo.example.in"]' DJANGO_ALLOWED_HOSTS: '["care-django-production", "care.demo.example.in", "careapi.demo.example.in"]' - RATE_LIMIT: "5/10m" - MAINTENANCE_MODE: "0" - CLOUD_PROVIDER: "GCP" - CLOUD_REGION: "asia-south1" + RATE_LIMIT: '5/10m' + MAINTENANCE_MODE: '0' + CLOUD_PROVIDER: 'GCP' + CLOUD_REGION: 'asia-south1' diff --git a/configmaps/care-fe-production.yaml b/configmaps/care-fe-production.yaml index 1900ce3..57eafff 100644 --- a/configmaps/care-fe-production.yaml +++ b/configmaps/care-fe-production.yaml @@ -6,25 +6,26 @@ metadata: app: care-fe-production env: production namespace: default + data: config.json: | { "dashboard_url": "https://metabase.demo.example.in", - "github_url": "https://github.com/coronasafe", - "coronasafe_url": "https://coronasafe.network?ref=care", + "github_url": "https://github.com/ohcnetwork", + "coronasafe_url": "https://ohc.network/care", "site_url": "care.demo.example.in", "analytics_server_url": "", "header_logo": { - "light":"https://cdn.coronasafe.network/header_logo.png", - "dark":"https://cdn.coronasafe.network/header_logo.png" + "light": "https://cdn.ohc.network/header_logo.png", + "dark": "https://cdn.ohc.network/header_logo.png" }, "main_logo": { - "light":"https://cdn.coronasafe.network/10bedicu_logo.png", - "dark":"https://cdn.coronasafe.network/10bedicu_logo.png" + "light": "https://cdn.ohc.network/10bedicu_logo.png", + "dark": "https://cdn.ohc.network/10bedicu_logo.png" }, "state_logo": { - "light":"https://cdn.coronasafe.network/10bedicu_logo.png", - "dark":"https://cdn.coronasafe.network/10bedicu_logo.png" + "light": "https://cdn.ohc.network/10bedicu_logo.png", + "dark": "https://cdn.ohc.network/10bedicu_logo.png" }, "gmaps_api_key": "", "gov_data_api_key": "", @@ -37,4 +38,4 @@ data: "sample_format_asset_import": "https://spreadsheets.google.com/feeds/download/spreadsheets/Export?key=11JaEhNHdyCHth4YQs_44YaRlP77Rrqe81VSEfg1glko&exportFormat=xlsx", "sample_format_external_result_import": "https://docs.google.com/spreadsheets/d/17VfgryA6OYSYgtQZeXU9mp7kNvLySeEawvnLBO_1nuE/export?format=csv&id=17VfgryA6OYSYgtQZeXU9mp7kNvLySeEawvnLBO_1nuE", "enable_abdm": true - } \ No newline at end of file + } diff --git a/configmaps/nginx.yaml b/configmaps/nginx.yaml index 567c1ba..cf1c07b 100644 --- a/configmaps/nginx.yaml +++ b/configmaps/nginx.yaml @@ -2,40 +2,42 @@ apiVersion: v1 kind: ConfigMap metadata: name: nginx-conf-production + data: nginx.conf: | user nginx; - worker_processes 1; - error_log /dev/stdout; + worker_processes 1; + error_log /dev/stdout; + events { - worker_connections 10240; + worker_connections 10240; } - http { - access_log /dev/stdout; + http { + access_log /dev/stdout; server { listen 80; server_name careapi.demo.example.in; client_max_body_size 50M; - # Hack to enforce SSL. - if ($http_x_forwarded_proto != "https") { - return 301 https://$host$request_uri; - } - # add_header Access-Control-Allow-Origin "*"; + # if ($http_x_forwarded_proto != "https") { + # return 301 https://$host$request_uri; + # } + add_header X-XSS-Protection "1; mode=block"; add_header X-Frame-Options "SAMEORIGIN"; add_header X-Content-Type-Options nosniff; add_header Referrer-Policy "no-referrer, strict-origin-when-cross-origin"; - add_header Feature-Policy "geolocation 'self' "; + add_header Feature-Policy "geolocation 'self'"; + add_header Access-Control-Allow-Origin "'https://*.example.in https://*.ohc.network' always"; + add_header Powered-By "Open HealthCare Network (ohc.network)"; - add_header Support-Email "info@coronasafe.network"; - add_header Source-Code "github.com/coronasafe"; + add_header Support-Email "info@ohc.network"; + add_header Source-Code "github.com/ohcnetwork"; add_header Licence-Type "MIT"; - - add_header Volunteer "volunteers.coronasafe.network"; - add_header Collaborate-On "slack.coronasafe.in"; + add_header Volunteer "volunteers.ohc.network"; + add_header Collaborate-On "slack.ohc.network"; access_log /dev/stdout; error_log /dev/stdout; @@ -51,24 +53,25 @@ data: server { listen 80; server_name care.demo.example.in; - # Hack to enforce SSL. client_max_body_size 50M; - if ($http_x_forwarded_proto != "https") { - return 301 https://$host$request_uri; - } + + # if ($http_x_forwarded_proto != "https") { + # return 301 https://$host$request_uri; + # } + add_header X-XSS-Protection "1; mode=block"; add_header X-Frame-Options "SAMEORIGIN"; add_header X-Content-Type-Options nosniff; add_header Referrer-Policy "no-referrer, strict-origin-when-cross-origin"; - add_header Feature-Policy "geolocation 'self' "; + add_header Feature-Policy "geolocation 'self'"; + add_header Access-Control-Allow-Origin "'https://*.example.in https://*.ohc.network' always"; + add_header Powered-By "Open HealthCare Network (ohc.network)"; - add_header Support-Email "info@coronasafe.network"; - add_header Source-Code "github.com/coronasafe"; + add_header Support-Email "info@ohc.network"; + add_header Source-Code "github.com/ohcnetwork"; add_header Licence-Type "MIT"; - - add_header Volunteer "volunteers.coronasafe.network"; - add_header Collaborate-On "slack.coronasafe.in"; - add_header Access-Control-Allow-Origin "'https://*.example.in https://*.coronasafe.network' always"; + add_header Volunteer "volunteers.ohc.network"; + add_header Collaborate-On "slack.ohc.network"; access_log /dev/stdout; error_log /dev/stdout; @@ -84,31 +87,32 @@ data: proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_redirect off; - proxy_pass http://care-fe-staging-production; + proxy_pass http://care-fe-staging-production:80; } } server { listen 80; - server_name metabase.demo.example.in ; - # Hack to enforce SSL. + server_name metabase.demo.example.in; client_max_body_size 50M; - if ($http_x_forwarded_proto != "https") { - return 301 https://$host$request_uri; - } + + # if ($http_x_forwarded_proto != "https") { + # return 301 https://$host$request_uri; + # } + add_header X-XSS-Protection "1; mode=block"; add_header X-Frame-Options "SAMEORIGIN"; add_header X-Content-Type-Options nosniff; add_header Referrer-Policy "no-referrer, strict-origin-when-cross-origin"; - add_header Feature-Policy "geolocation 'self' "; + add_header Feature-Policy "geolocation 'self'"; + add_header Access-Control-Allow-Origin "'https://*.example.in https://*.ohc.network' always"; + add_header Powered-By "Open HealthCare Network (ohc.network)"; - add_header Support-Email "info@coronasafe.network"; - add_header Source-Code "github.com/coronasafe"; + add_header Support-Email "info@ohc.network"; + add_header Source-Code "github.com/ohcnetwork"; add_header Licence-Type "MIT"; - - add_header Volunteer "volunteers.coronasafe.network"; - add_header Collaborate-On "slack.coronasafe.in"; - add_header Access-Control-Allow-Origin "'https://*.example.in https://*.coronasafe.network' always"; + add_header Volunteer "volunteers.ohc.network"; + add_header Collaborate-On "slack.ohc.network"; access_log /dev/stdout; error_log /dev/stdout; @@ -121,4 +125,3 @@ data: } } } - diff --git a/deployments/care-backend.yaml b/deployments/care-backend.yaml index bbbe094..b72c27c 100644 --- a/deployments/care-backend.yaml +++ b/deployments/care-backend.yaml @@ -2,7 +2,12 @@ apiVersion: apps/v1 kind: Deployment metadata: name: care-django-production + spec: + selector: + matchLabels: + app: care-django-production + template: metadata: labels: @@ -11,24 +16,17 @@ spec: env: production namespace: default spec: -# imagePullSecrets: -# - name: githubreg + # imagePullSecrets: + # - name: githubreg containers: - name: care - image: ghcr.io/coronasafe/care:production-latest + image: ghcr.io/ohcnetwork/care:production-latest imagePullPolicy: Always - # resources: - # requests: - # memory: "200Mi" - # cpu: "200m" - # limits: - # memory: "300Mi" - # cpu: "200m" - command: - - /app/start-ecs.sh + command: ["/bin/bash", "-c", "--"] + args: ["/app/start.sh"] ports: - - containerPort: 9000 - name: django + - name: django + containerPort: 9000 protocol: TCP envFrom: - configMapRef: @@ -40,20 +38,23 @@ spec: value: "20200331015742" - name: deployment-version value: "_BUILD_NUMBER_" - volumeMounts: - - name: newrelic-ini - mountPath: /etc/newrelic.ini - subPath: newrelic.ini - readOnly: true - volumes: - - name: newrelic-ini - secret: - secretName: care-production - defaultMode: 0444 - items: - - key: NEWRELIC_INI - path: newrelic.ini - selector: - matchLabels: - app: care-django-production - + # resources: + # requests: + # memory: "200Mi" + # cpu: "200m" + # limits: + # memory: "300Mi" + # cpu: "200m" + # volumeMounts: + # - name: newrelic-ini + # mountPath: /etc/newrelic.ini + # subPath: newrelic.ini + # readOnly: true + # volumes: + # - name: newrelic-ini + # secret: + # secretName: care-production + # defaultMode: 0444 + # items: + # - key: NEWRELIC_INI + # path: newrelic.ini diff --git a/deployments/care-celery-beat.yaml b/deployments/care-celery-beat.yaml index 992f11a..0cd746c 100644 --- a/deployments/care-celery-beat.yaml +++ b/deployments/care-celery-beat.yaml @@ -2,7 +2,12 @@ apiVersion: apps/v1 kind: Deployment metadata: name: care-production-celery-beat + spec: + selector: + matchLabels: + app: care-production-celery-beat + template: metadata: labels: @@ -11,21 +16,14 @@ spec: env: production namespace: default spec: -# imagePullSecrets: -# - name: githubreg + # imagePullSecrets: + # - name: githubreg containers: - name: care - image: ghcr.io/coronasafe/care:production-latest + image: ghcr.io/ohcnetwork/care:production-latest imagePullPolicy: Always - # resources: - # requests: - # memory: "200Mi" - # cpu: "100m" - # limits: - # memory: "300Mi" - # cpu: "100m" - command: [ "/bin/bash", "-c", "--" ] - args: [ "/app/celery_beat.sh" ] + command: ["/bin/bash", "-c", "--"] + args: ["/app/celery_beat.sh"] envFrom: - configMapRef: name: care-production @@ -36,19 +34,23 @@ spec: value: "20200331015742" - name: deployment-version value: "_BUILD_NUMBER_" - volumeMounts: - - name: newrelic-ini - mountPath: /etc/newrelic.ini - subPath: newrelic.ini - readOnly: true - volumes: - - name: newrelic-ini - secret: - secretName: care-production - defaultMode: 0444 - items: - - key: NEWRELIC_INI - path: newrelic.ini - selector: - matchLabels: - app: care-production-celery-beat + # resources: + # requests: + # memory: "200Mi" + # cpu: "100m" + # limits: + # memory: "300Mi" + # cpu: "100m" + # volumeMounts: + # - name: newrelic-ini + # mountPath: /etc/newrelic.ini + # subPath: newrelic.ini + # readOnly: true + # volumes: + # - name: newrelic-ini + # secret: + # secretName: care-production + # defaultMode: 0444 + # items: + # - key: NEWRELIC_INI + # path: newrelic.ini diff --git a/deployments/care-celery-worker.yaml b/deployments/care-celery-worker.yaml index 4baa2cb..1bc98d2 100644 --- a/deployments/care-celery-worker.yaml +++ b/deployments/care-celery-worker.yaml @@ -2,7 +2,12 @@ apiVersion: apps/v1 kind: Deployment metadata: name: care-production-celery-worker + spec: + selector: + matchLabels: + app: care-production-celery-worker + template: metadata: labels: @@ -11,21 +16,14 @@ spec: env: production namespace: default spec: -# imagePullSecrets: -# - name: githubreg + # imagePullSecrets: + # - name: githubreg containers: - name: care - image: ghcr.io/coronasafe/care:production-latest + image: ghcr.io/ohcnetwork/care:production-latest imagePullPolicy: Always - # resources: - # requests: - # memory: "500Mi" - # cpu: "200m" - # limits: - # memory: "1Gi" - # cpu: "200m" - command: [ "/bin/bash", "-c", "--" ] - args: [ "/app/celery_worker.sh" ] + command: ["/bin/bash", "-c", "--"] + args: ["/app/celery_worker.sh"] envFrom: - configMapRef: name: care-production @@ -36,19 +34,23 @@ spec: value: "20200331015742" - name: deployment-version value: "_BUILD_NUMBER_" - volumeMounts: - - name: newrelic-ini - mountPath: /etc/newrelic.ini - subPath: newrelic.ini - readOnly: true - volumes: - - name: newrelic-ini - secret: - secretName: care-production - defaultMode: 0444 - items: - - key: NEWRELIC_INI - path: newrelic.ini - selector: - matchLabels: - app: care-production-celery-worker \ No newline at end of file + # resources: + # requests: + # memory: "500Mi" + # cpu: "200m" + # limits: + # memory: "1Gi" + # cpu: "200m" + # volumeMounts: + # - name: newrelic-ini + # mountPath: /etc/newrelic.ini + # subPath: newrelic.ini + # readOnly: true + # volumes: + # - name: newrelic-ini + # secret: + # secretName: care-production + # defaultMode: 0444 + # items: + # - key: NEWRELIC_INI + # path: newrelic.ini diff --git a/deployments/care-fe.yaml b/deployments/care-fe.yaml index 8b9cc7b..6f6fc63 100644 --- a/deployments/care-fe.yaml +++ b/deployments/care-fe.yaml @@ -2,7 +2,12 @@ apiVersion: apps/v1 kind: Deployment metadata: name: care-fe-production-deployment + spec: + selector: + matchLabels: + app: care-fe-production + template: metadata: labels: @@ -10,16 +15,15 @@ spec: spec: containers: - name: care-fe - image: ghcr.io/coronasafe/care_fe:production-latest + image: ghcr.io/ohcnetwork/care_fe:production-latest imagePullPolicy: Always env: - name: deployment-version value: "_BUILD_NUMBER_" ports: - - containerPort: 80 - name: care-fe-prod + - name: care-fe-prod + containerPort: 80 protocol: TCP - # resources: # requests: # memory: "200Mi" @@ -28,9 +32,9 @@ spec: # memory: "300Mi" # cpu: "100m" volumeMounts: - - mountPath: /usr/share/nginx/html/config.json + - name: care-fe-production + mountPath: /usr/share/nginx/html/config.json subPath: config.json - name: care-fe-production volumes: - name: care-fe-production configMap: @@ -38,6 +42,3 @@ spec: items: - key: config.json path: config.json - selector: - matchLabels: - app: care-fe-production \ No newline at end of file diff --git a/deployments/metabase.yaml b/deployments/metabase.yaml index 250d6e0..dff8435 100644 --- a/deployments/metabase.yaml +++ b/deployments/metabase.yaml @@ -2,7 +2,12 @@ apiVersion: apps/v1 kind: Deployment metadata: name: metabase-production-deployment + spec: + selector: + matchLabels: + app: metabase + template: metadata: labels: @@ -22,12 +27,9 @@ spec: # memory: "4Gi" # cpu: "1" ports: - - containerPort: 3000 - name: metabase + - name: metabase + containerPort: 3000 protocol: TCP envFrom: - - secretRef: - name: metabase-production-secrets - selector: - matchLabels: - app: metabase \ No newline at end of file + - secretRef: + name: metabase-production-secrets diff --git a/deployments/nginx.yaml b/deployments/nginx.yaml index 7f63813..50588cc 100644 --- a/deployments/nginx.yaml +++ b/deployments/nginx.yaml @@ -2,7 +2,12 @@ apiVersion: apps/v1 kind: Deployment metadata: name: care-nginx-production + spec: + selector: + matchLabels: + app: care-nginx-production + template: metadata: labels: @@ -10,7 +15,7 @@ spec: spec: containers: - name: nginx - image: nginx:1.21 + image: nginx:1.26 # resources: # requests: # cpu: "100m" @@ -18,13 +23,12 @@ spec: # limits: # cpu: "100m" # memory: "400Mi" - ports: - containerPort: 80 volumeMounts: - - mountPath: /etc/nginx/nginx.conf + - name: nginx-conf-production + mountPath: /etc/nginx/nginx.conf subPath: nginx.conf - name: nginx-conf-production volumes: - name: nginx-conf-production configMap: @@ -32,6 +36,3 @@ spec: items: - key: nginx.conf path: nginx.conf - selector: - matchLabels: - app: care-nginx-production \ No newline at end of file diff --git a/deployments/redis.yaml b/deployments/redis.yaml index 1004198..b68d80e 100644 --- a/deployments/redis.yaml +++ b/deployments/redis.yaml @@ -4,11 +4,13 @@ metadata: name: redis-cache-production labels: app: redis-cache-production + spec: selector: matchLabels: app: redis-cache-production replicas: 1 + template: metadata: labels: @@ -16,7 +18,7 @@ spec: spec: containers: - name: redis - image: redis/redis-stack-server:6.2.6-v11 + image: redis/redis-stack-server:6.2.6-v17 # resources: # requests: # cpu: "100m" @@ -25,4 +27,4 @@ spec: # cpu: "100m" # memory: "400Mi" ports: - - containerPort: 6379 \ No newline at end of file + - containerPort: 6379 diff --git a/helm/scripts.sh b/helm/scripts.sh index 56f3ec5..db347e5 100644 --- a/helm/scripts.sh +++ b/helm/scripts.sh @@ -1,14 +1,16 @@ - +# Install or upgrade the ingress-nginx controller helm upgrade --install ingress-nginx ingress-nginx \ - --repo https://kubernetes.github.io/ingress-nginx \ - --namespace ingress-nginx --create-namespace \ - --set controller.service.loadBalancerIP=34.100.159.155 + --repo https://kubernetes.github.io/ingress-nginx \ + --namespace ingress-nginx --create-namespace \ + --set controller.service.loadBalancerIP=34.100.159.155 +# Add the Jetstack repository for cert-manager helm repo add jetstack https://charts.jetstack.io helm repo update -helm install \ - cert-manager jetstack/cert-manager \ + +# Install or upgrade cert-manager with the specified version +helm upgrade --install cert-manager jetstack/cert-manager \ --namespace cert-manager \ --create-namespace \ - --version v1.8.0 \ + --version v1.12.0 \ --set installCRDs=true diff --git a/hpa/care-backend.yaml b/hpa/care-backend.yaml index a1f69a6..448bcde 100644 --- a/hpa/care-backend.yaml +++ b/hpa/care-backend.yaml @@ -6,6 +6,7 @@ metadata: application: care-django environment: production namespace: default + spec: scaleTargetRef: apiVersion: apps/v1 @@ -13,4 +14,4 @@ spec: name: care-django-production minReplicas: 1 maxReplicas: 2 - targetCPUUtilizationPercentage: 90 \ No newline at end of file + targetCPUUtilizationPercentage: 90 diff --git a/hpa/care-celery-hpa.yaml b/hpa/care-celery-hpa.yaml index 53fc177..e6b9c76 100644 --- a/hpa/care-celery-hpa.yaml +++ b/hpa/care-celery-hpa.yaml @@ -6,6 +6,7 @@ metadata: application: care-production-celery-worker environment: production namespace: default + spec: scaleTargetRef: apiVersion: apps/v1 @@ -13,4 +14,4 @@ spec: name: care-production-celery-worker minReplicas: 1 maxReplicas: 1 - targetCPUUtilizationPercentage: 90 \ No newline at end of file + targetCPUUtilizationPercentage: 90 diff --git a/hpa/care-fe.yaml b/hpa/care-fe.yaml index e9d4571..d523bf8 100644 --- a/hpa/care-fe.yaml +++ b/hpa/care-fe.yaml @@ -2,6 +2,7 @@ apiVersion: autoscaling/v1 kind: HorizontalPodAutoscaler metadata: name: care-fe-production-autoscaler + spec: scaleTargetRef: apiVersion: apps/v1 @@ -9,4 +10,4 @@ spec: name: care-fe-production-deployment minReplicas: 1 maxReplicas: 2 - targetCPUUtilizationPercentage: 90 \ No newline at end of file + targetCPUUtilizationPercentage: 90 diff --git a/hpa/nginx.yaml b/hpa/nginx.yaml index 6d1b8d6..2bea079 100644 --- a/hpa/nginx.yaml +++ b/hpa/nginx.yaml @@ -6,9 +6,10 @@ metadata: application: care-nginx-production environment: production namespace: default + spec: scaleTargetRef: - apiVersion: apps/v1beta1 + apiVersion: apps/v1 kind: Deployment name: care-nginx-production minReplicas: 1 diff --git a/ingress/care.yaml b/ingress/care.yaml index 8377a6f..078f4b1 100644 --- a/ingress/care.yaml +++ b/ingress/care.yaml @@ -4,44 +4,48 @@ metadata: name: care-ingress namespace: default annotations: - kubernetes.io/ingress.class: nginx - ingress.kubernetes.io/ssl-redirect: "true" cert-manager.io/cluster-issuer: letsencrypt-production + nginx.ingress.kubernetes.io/ssl-redirect: "false" + spec: + ingressClassName: nginx tls: - - hosts: - - care.demo.example.in - - careapi.demo.example.in - - metabase.demo.example.in - secretName: care-tls + - hosts: + - care.demo.example.in + - careapi.demo.example.in + - metabase.demo.example.in + secretName: care-tls + rules: - host: care.demo.example.in http: paths: - - path: / - pathType: Prefix - backend: - service: - name: care-nginx-production - port: - number: 80 + - path: / + pathType: Prefix + backend: + service: + name: care-nginx-production + port: + number: 80 + - host: careapi.demo.example.in http: paths: - - path: / - pathType: Prefix - backend: - service: - name: care-nginx-production - port: - number: 80 + - path: / + pathType: Prefix + backend: + service: + name: care-nginx-production + port: + number: 80 + - host: metabase.demo.example.in http: paths: - - path: / - pathType: Prefix - backend: - service: - name: care-nginx-production - port: - number: 80 + - path: / + pathType: Prefix + backend: + service: + name: care-nginx-production + port: + number: 80 diff --git a/secrets/care-secrets.yaml b/secrets/care-secrets.yaml index 928748e..c223f4c 100644 --- a/secrets/care-secrets.yaml +++ b/secrets/care-secrets.yaml @@ -6,41 +6,44 @@ metadata: app: care env: production namespace: default + type: Opaque + stringData: - DJANGO_SECRET_KEY: "" - AWS_ACCESS_KEY_ID: "" - AWS_SECRET_ACCESS_KEY: "" - POSTGRES_PASSWORD: "" - CELERY_BROKER_URL: "redis://:@redis-cache-production:6379/0" - REDIS_URL: "redis://:@redis-cache-production:6379/0" - DJANGO_ADMIN_URL: "adminurl" - DATABASE_URL: "" - CURRENT_DOMAIN: "https://care.demo.example.in" - EMAIL_HOST: "" - EMAIL_USER: "" - EMAIL_PASSWORD: "" - SENTRY_DSN: "" - SENTRY_ENVIRONMENT: "prod" - SNS_ACCESS_KEY: "" - SNS_SECRET_KEY: "" - FILE_UPLOAD_BUCKET: "care-patient-data-private-bucket" - FILE_UPLOAD_KEY: "" - FILE_UPLOAD_SECRET: "" - AUDIT_LOG_ENABLED: "1" - GOOGLE_RECAPTCHA_SITE_KEY: "" - GOOGLE_RECAPTCHA_SECRET_KEY: "" - VAPID_PUBLIC_KEY: "" - VAPID_PRIVATE_KEY: "" - FACILITY_S3_BUCKET: "care-facility-public-bucket" - FACILITY_S3_KEY: "" - FACILITY_S3_SECRET: "" - FACILITY_S3_BUCKET_ENDPOINT: "https://storage.cloud.google.com/care-facility-public-bucket" - FACILITY_S3_STATIC_PREFIX: "https://storage.cloud.google.com/care-facility-public-bucket" + DJANGO_SECRET_KEY: '123' + AWS_ACCESS_KEY_ID: '' + AWS_SECRET_ACCESS_KEY: '' + POSTGRES_PASSWORD: '' + CELERY_BROKER_URL: 'redis://:@redis-cache-production:6379/0' + REDIS_URL: 'redis://:@redis-cache-production:6379/0' + DJANGO_ADMIN_URL: 'adminurl' + DATABASE_URL: '' + CURRENT_DOMAIN: 'https://care.demo.example.in' + EMAIL_HOST: '' + EMAIL_USER: '' + EMAIL_PASSWORD: '' + SENTRY_DSN: '' + SENTRY_ENVIRONMENT: 'prod' + SNS_ACCESS_KEY: '123' + SNS_SECRET_KEY: '123' + FILE_UPLOAD_BUCKET: 'care-patient-data-private-bucket' + FILE_UPLOAD_KEY: '' + FILE_UPLOAD_SECRET: '' + AUDIT_LOG_ENABLED: '1' + GOOGLE_RECAPTCHA_SITE_KEY: '' + GOOGLE_RECAPTCHA_SECRET_KEY: '' + VAPID_PUBLIC_KEY: '' + VAPID_PRIVATE_KEY: '' + FACILITY_S3_BUCKET: 'care-facility-public-bucket' + FACILITY_S3_KEY: '' + FACILITY_S3_SECRET: '' + FACILITY_S3_BUCKET_ENDPOINT: 'https://storage.googleapis.com/care-facility-public-bucket' + FACILITY_S3_STATIC_PREFIX: 'https://storage.googleapis.com/care-facility-public-bucket' + # ABDM related configs - ABDM_URL: "https://dev.abdm.gov.in" - HEALTH_SERVICE_API_URL: "https://healthidsbx.abdm.gov.in/api" - X_CM_ID: "sbx" - ABDM_CLIENT_ID: "" - ABDM_CLIENT_SECRET: "" - ENABLE_ABDM: "True" + ABDM_URL: 'https://dev.abdm.gov.in' + HEALTH_SERVICE_API_URL: 'https://healthidsbx.abdm.gov.in/api' + X_CM_ID: 'sbx' + ABDM_CLIENT_ID: '' + ABDM_CLIENT_SECRET: '' + ENABLE_ABDM: 'True' diff --git a/secrets/metabase.yaml b/secrets/metabase.yaml index b9525b1..ab440ce 100644 --- a/secrets/metabase.yaml +++ b/secrets/metabase.yaml @@ -5,13 +5,15 @@ metadata: labels: app: metabase env: production + type: Opaque + stringData: MB_DB_TYPE: 'postgres' MB_DB_DBNAME: 'metabase' - MB_DB_PORT: '5432' MB_DB_USER: 'postgres' - MB_DB_PASS: '' MB_DB_HOST: '' + MB_DB_PORT: '5432' + MB_DB_PASS: '' MB_ENCRYPTION_SECRET_KEY: '' - MB_SITE_NAME: 'care-demo' \ No newline at end of file + MB_SITE_NAME: 'care-demo' diff --git a/services/care-fe.yaml b/services/care-fe.yaml index e1a6f68..33dbc77 100644 --- a/services/care-fe.yaml +++ b/services/care-fe.yaml @@ -2,10 +2,11 @@ apiVersion: v1 kind: Service metadata: name: care-fe-staging-production + spec: selector: app: care-fe-production ports: - protocol: TCP port: 80 - targetPort: 80 \ No newline at end of file + targetPort: 80 diff --git a/services/care.yaml b/services/care.yaml index f81f46c..c12b260 100644 --- a/services/care.yaml +++ b/services/care.yaml @@ -6,6 +6,7 @@ metadata: app: care-django-production env: production namespace: default + spec: ports: - port: 9000 diff --git a/services/metabase.yaml b/services/metabase.yaml index 73e0649..910ec14 100644 --- a/services/metabase.yaml +++ b/services/metabase.yaml @@ -4,7 +4,8 @@ metadata: name: metabase labels: app: metabase - env: staging + env: production + spec: ports: - port: 3000 @@ -12,4 +13,4 @@ spec: protocol: TCP type: ClusterIP selector: - app: metabase \ No newline at end of file + app: metabase diff --git a/services/nginx.yaml b/services/nginx.yaml index 36327ef..dc16e8f 100644 --- a/services/nginx.yaml +++ b/services/nginx.yaml @@ -6,6 +6,7 @@ metadata: app: care-nginx-production env: production namespace: default + spec: type: NodePort ports: diff --git a/services/redis.yaml b/services/redis.yaml index 045f12b..b67edb2 100644 --- a/services/redis.yaml +++ b/services/redis.yaml @@ -6,10 +6,11 @@ metadata: app: redis-cache-production env: production namespace: default + spec: ports: - port: 6379 targetPort: 6379 protocol: TCP selector: - app: redis-cache-production \ No newline at end of file + app: redis-cache-production