Test merge #233

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open

adskyiproger wants to merge 41 commits into opencrvs:develop from adskyiproger:develop

.github/TEMPLATES/secret-mapping-opencrvs-deps.yml

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -33,12 +33,15 @@ kibana-users-secret:
  
      - KIBANA_USERNAME

      - KIBANA_PASSWORD

    # Traefik static SSL certificate

    # backward compatible with existing implementation,

    # See: https://documentation.opencrvs.org/v1.8/setup/3.-installation/3.3-set-up-a-server-hosted-environment/3.3.5-setup-dns-a-records/4.3.2.3-static-tls-certificates

    traefik-cert:

      type: tls

      namespace: traefik

      data:

        - TRAEFIK_CERT: cert

        - TRAEFIK_KEY: key

        - SSL_CRT: cert

        - SSL_KEY: key

    # If backup is configured then workflow will use GitHub secrets for current environment

    # If restore is configured then workflow will fetch secrets from source environment (usually production)

.github/workflows/deploy-dependencies.yml

-Original file line number
+Diff line change
@@ Expand Up / @@ -9,7 +9,7 @@ on: @@
             default: "dev"
             type: choice
             options:
-              - ""
+              - swarm-to-k8s
     jobs:
       approve:
         environment: ${{ inputs.environment }}
@@ Expand Down @@

.github/workflows/deploy-opencrvs.yml

-Original file line number
+Diff line change
@@ Expand Up / @@ -19,13 +19,18 @@ on: @@
             description: "Tag of the countryconfig image"
             required: true
             default: "v1.9.1"
+          data-seed-enabled:
+            description: "Enable data seeding during deployment"
+            required: false
+            default: "true"
+            type: boolean
           environment:
             description: "Target environment"
             required: true
             default: "dev"
             type: choice
             options:
-              - ""
+              - swarm-to-k8s
     jobs:
       approve:
@@ Expand Down Expand Up / @@ -140,6 +145,7 @@ jobs: @@
                 --set countryconfig.image.tag="$COUNTRYCONFIG_IMAGE_TAG" \
                 --set countryconfig.image.name="$COUNTRYCONFIG_IMAGE_NAME" \
                 --set data_seed.env.ACTIVATE_USERS="${{ vars.ACTIVATE_USERS || 'false' }}" \
+                --set data_seed.enabled="${{ inputs.data-seed-enabled }}" \
                 --set hostname=${{ vars.DOMAIN }} 2>&1 ; STATUS=$?;
                 kill $STERN_PID 2>/dev/null || true
                 exit $STATUS
@@ Expand Down @@

.github/workflows/github-to-k8s-sync-env.yml

-Original file line number
+Diff line change
@@ Expand Up / @@ -10,7 +10,7 @@ on: @@
             default: "development"
             type: choice
             options:
-              - development
+              - swarm-to-k8s
           namespace_template:
             description: "Secrets mapping template"
             default: "opencrvs"
@@ Expand Down @@

.github/workflows/k8s-reindex.yml

-Original file line number
+Diff line change
@@ Expand Up / @@ -9,7 +9,7 @@ on: @@
             default: "dev"
             type: choice
             options:
-              - ""
+              - swarm-to-k8s
       workflow_call:
         inputs:
           environment:
@@ Expand Down @@

.github/workflows/k8s-reset-data.yml

-Original file line number
+Diff line change
@@ Expand Up / @@ -9,7 +9,7 @@ on: @@
             default: "dev"
             type: choice
             options:
-              - ""
+              - swarm-to-k8s
       workflow_call:
         inputs:
           environment:
@@ Expand Down @@

.github/workflows/k8s-seed-data.yml

-Original file line number
+Diff line change
@@ Expand Up / @@ -9,7 +9,7 @@ on: @@
             default: "dev"
             type: choice
             options:
-              - ""
+              - swarm-to-k8s
       workflow_call:
         inputs:
           environment:
@@ Expand Down @@

.github/workflows/provision.yml

-Original file line number
+Diff line change
@@ Expand Up / @@ -9,7 +9,7 @@ on: @@
             default: 'dev'
             type: choice
             options:
-              - ""
+              - swarm-to-k8s
           tags:
             description: 'Tags to apply to the provisioned resources'
             required: true
@@ Expand Down Expand Up / @@ -93,5 +93,6 @@ jobs: @@
               # Add --verbose to get more output
               options: |-
                 --inventory inventory/${{ inputs.environment }}.yml
+                --verbose
                 ${{ inputs.tags != 'all' && format('--tags={0}', inputs.tags) || '' }}
                 --extra-vars ""${{ steps.ansible-variables.outputs.EXTRA_VARS }}""

.github/workflows/reset-2fa.yml

-Original file line number
+Diff line change
@@ Expand Up / @@ -13,7 +13,7 @@ on: @@
             default:
             required: true
             options:
-              - ""
+              - swarm-to-k8s
     jobs:
       approve:
@@ Expand Down @@

environments/swarm-to-k8s/dependencies/values.yaml

-Original file line number
+Diff line change
@@ -0,0 +1,41 @@
+    storage_type: host_path
+    environment_type: production
+    minio:
+      use_default_credentials: false
+    elasticsearch:
+      use_default_credentials: false
+    mongodb:
+      use_default_credentials: false
+    postgres:
+      use_default_credentials: false
+    redis:
+      auth_mode: acl
+    monitoring:
+      enabled: true
+    elastalert:
+      env:
+        HTTP_POST2_ALERT_URL: http://countryconfig.opencrvs-swarm-to-k8s.svc.cluster.local:3040/email
+    # Backup configuration
+    backup:
+      enabled: false
+      schedule: "0 1 * * *"
+      backup_server_secret: backup-server-ssh-credentials
+      backup_server_dir: /home/backup/swarm-to-k8s
+    # Restore configuration
+    restore:
+      enabled: false
+      schedule: "0 0 * * *"
+      backup_server_secret: backup-server-ssh-credentials
+      backup_server_dir: /home/backup/
+      backup_encryption_secret: restore-encryption-secret

environments/swarm-to-k8s/mosip-api/values.yaml

Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		ingress:
		ssl_enabled: true

environments/swarm-to-k8s/opencrvs-services/values.yaml

-Original file line number
+Diff line change
@@ -0,0 +1,58 @@
+    ########################################################################################
+    # Initial configuration file for OpenCRVS installation
+    ########################################################################################
+    # Some properties are not defined in this file and should be provided as key/value at
+    # installation time:
+    # - hostname: valid DNS name for opencrvs
+    # - countryconfig.image.name: Countryconfig image repository
+    # - countryconfig.image.tag: Countryconfig image tag
+    environment_type: production
+    hpa:
+      enabled: false
+    env:
+      APN_SERVICE_URL: "http://apm-server.opencrvs-deps-swarm-to-k8s.svc.cluster.local:8200"
+      QA_ENV: true
+    influxdb:
+      host: influxdb-0.influxdb.opencrvs-deps-swarm-to-k8s.svc.cluster.local
+    elasticsearch:
+      auth_mode: auto
+      host: elasticsearch.opencrvs-deps-swarm-to-k8s.svc.cluster.local
+    minio:
+      auth_mode: use_secret
+      host: minio-0.minio.opencrvs-deps-swarm-to-k8s.svc.cluster.local
+    mongodb:
+      auth_mode: auto
+      host: mongodb-0.mongodb.opencrvs-deps-swarm-to-k8s.svc.cluster.local
+    redis:
+      auth_mode: use_secret
+      host: redis-0.redis.opencrvs-deps-swarm-to-k8s.svc.cluster.local
+    postgres:
+      auth_mode: auto
+      host: postgres-0.postgres.opencrvs-deps-swarm-to-k8s.svc.cluster.local
+    imagePullSecrets:
+      # Default value for credentials created while yarn environment:init
+      - name: dockerhub-credentials
+    countryconfig:
+      env:
+        OPENID_PROVIDER_CLAIMS: name,family_name,given_name,middle_name,birthdate,address
+        OPENID_PROVIDER_CLIENT_ID: mock-client_id
+        ESIGNET_REDIRECT_URL: https://esignet-mock.swarm-to-k8s.opencrvs.dev/authorize
+        MOSIP_API_USERINFO_URL: https://mosip-api.swarm-to-k8s.opencrvs.dev/esignet/get-oidp-user-info
+      secrets:
+        smtp-config:
+          - ALERT_EMAIL
+          - SENDER_EMAIL_ADDRESS
+          - SMTP_HOST
+          - SMTP_PASSWORD
+          - SMTP_PORT
+          - SMTP_SECURE
+          - SMTP_USERNAME

environments/swarm-to-k8s/traefik/values.yaml

-Original file line number
+Diff line change
@@ -0,0 +1,86 @@
+    # Overwriting https://github.com/traefik/traefik-helm-chart/blob/master/traefik/values.yaml
+    namespaceOverride: "traefik"
+    logs:
+      general:
+        # "TRACE", "DEBUG", "INFO", "WARN", "ERROR", "FATAL", "PANIC"
+        level: "INFO"
+        # format: "common" # For local environment
+        format: "json" # For server environment
+      access:
+        # -- To enable access logs
+        enabled: true
+        format: "json"
+    ingressRoute:
+      dashboard:
+        enabled: false
+    # Be explicit that we only use CRDs, not ingress/gw support
+    providers:
+      kubernetesCRD:
+        enabled: true
+      kubernetesIngress:
+        enabled: false
+      kubernetesGateway:
+        enabled: false
+    service:
+      enabled: true
+      single: false
+      type: NodePort
+    ports:
+      web:
+        port: 8000
+        hostPort: 80
+        protocol: TCP
+        nodePort: 30080
+        http:
+          redirections:
+            entryPoint:
+              to: websecure
+              scheme: https
+              permanent: true
+      websecure:
+        port: 8443
+        hostPort: 443
+        protocol: TCP
+        nodePort: 30443
+        http:
+          tls:
+            enabled: true
+            certResolver: letsencrypt
+    # 👇 Adjust this section if needed
+    certificatesResolvers:
+      letsencrypt:
+        acme:
+          tlsChallenge: false
+          httpChallenge:
+            entryPoint: web
+          # 👇 Provide admin email address
+          email: admin@opencrvs.org
+          # Storage for certificates:
+          storage: /certificates/acme.json
+          # NOTE: Sometimes Let's Encrypt hit production SSL certificate issuing limits
+          #       If you are having issues, switch to staging
+          # Staging server
+          # caServer: https://acme-staging-v02.api.letsencrypt.org/directory
+          # Production server
+          caServer: https://acme-v02.api.letsencrypt.org/directory
+    deployment:
+      hostNetwork: true
+      additionalVolumes:
+        - name: acme
+          hostPath:
+            path: /data/traefik
+    additionalVolumeMounts:
+        - name: acme
+          mountPath: /certificates
+    nodeSelector:
+      traefik-role: ingress

infrastructure/environments/swarm-to-k8s.ts

-Original file line number
+Diff line change
@@ -0,0 +1,64 @@
+    import * as path from 'path';
+    import kleur from 'kleur'
+    import { error, info, log, success, warn } from './logger'
+    import { updateWorkflowEnvironments } from './update-workflows';
+    import { generateInventory, copyChartsValues, extractAndModifyUsers, extractWorkerNodes, extractBackupNode, dockerManagerFirst, readYamlFile } from './templates'
+    (async () => {
+        const environment_type = process.env.ENVIRONMENT_TYPE || 'production';
+        const environment = process.env.ENVIRONMENT || '';
+        if (!environment) {
+            error('\n', 'Environment variable ENVIRONMENT is not set. Exiting.');
+            process.exit(1);
+        }
+        log('\n');
+        log(kleur.bold().underline(`Environment: ${environment} Migrating Swarm configurations to Kubernetes`))
+        const old_inventory_path = process.env.OLD_INVENTORY_PATH || '';
+        if (!old_inventory_path) {
+            error('\n', 'Environment variable OLD_INVENTORY_PATH is not set. Exiting.');
+            log('\n', 'Old inventory path is required to read existing Swarm configurations.');
+            process.exit(1);
+        }
+        const ansible_inventory = path.join(old_inventory_path, environment + '.yml');
+        const data = readYamlFile(ansible_inventory) as any;
+        log(`  ✓ Loaded old inventory file: ${ansible_inventory}`);
+        const master = dockerManagerFirst(data) || ''
+        log(`  ✓ Kubernetes API Host (Docker Manager): ${master}`);
+        const users = extractAndModifyUsers(data);
+        // console.log(users.forEach((u: any) => console.log(u.name)));
+        let worker_nodes: string[] = [];
+        worker_nodes = extractWorkerNodes(data);
+        log(`  ✓ Worker nodes: ${worker_nodes.join(', ')}`);
+        let backup_host = '';
+        backup_host = extractBackupNode(data);
+        log(`  ✓ Backup host: ${backup_host}`);
+        generateInventory(
+            environment,
+            {
+                worker_nodes: worker_nodes,
+                users: users,
+                backup_host: backup_host,
+                kube_api_host: master
+            }
+        )
+        copyChartsValues(
+            environment,
+            {
+                env: environment,
+                environment_type: environment_type,
+                // FIXME: In general that should be environment_type,
+                // Hardcode like this blocks us from being generic:
+                // https://github.com/opencrvs/opencrvs-core/issues/11171
+                is_qa_env: environment !== 'production' ? "true" : "false",
+                backup_enabled: environment === 'production' ? "true" : "false",
+                restore_enabled: environment === 'staging' ? "true" : "false",
+                restore_environment_name: environment === 'staging' ? "production" : ""
+            }
+        )
+        await updateWorkflowEnvironments();
+    })();

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Test merge #233

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Uh oh!

Test merge #233

Are you sure you want to change the base?

Uh oh!

Test merge #233

Uh oh!

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Uh oh!