DONT MERGE: testing migration

.github/workflows/deploy-dependencies.yml

@@ -9,7 +9,11 @@ on:
         default: "dev"
         type: choice
         options:
-          - ""
+          - development
+          - production
+          - qa
+          - staging
+          - swarm-to-k8s
 jobs:
   approve:
     environment: ${{ inputs.environment }}

.github/workflows/deploy-opencrvs.yml

@@ -32,7 +32,11 @@ on:
         default: "dev"
         type: choice
         options:
-          - ""
+          - development
+          - production
+          - qa
+          - staging
+          - swarm-to-k8s
 
 jobs:
   approve:

.github/workflows/github-to-k8s-sync-env.yml

@@ -11,6 +11,10 @@ on:
         type: choice
         options:
           - development
+          - production
+          - qa
+          - staging
+          - swarm-to-k8s
       namespace_template:
         description: "Secrets mapping template"
         default: "opencrvs"

.github/workflows/k8s-reindex.yml

@@ -9,7 +9,11 @@ on:
         default: "dev"
         type: choice
         options:
-          - ""
+          - development
+          - production
+          - qa
+          - staging
+          - swarm-to-k8s
   workflow_call:
     inputs:
       environment:

.github/workflows/k8s-reset-data.yml

@@ -9,7 +9,11 @@ on:
         default: "dev"
         type: choice
         options:
-          - ""
+          - development
+          - production
+          - qa
+          - staging
+          - swarm-to-k8s
   workflow_call:
     inputs:
       environment:

.github/workflows/k8s-seed-data.yml

@@ -9,7 +9,11 @@ on:
         default: "dev"
         type: choice
         options:
-          - ""
+          - development
+          - production
+          - qa
+          - staging
+          - swarm-to-k8s
   workflow_call:
     inputs:
       environment:

.github/workflows/provision.yml

@@ -9,7 +9,11 @@ on:
         default: 'dev'
         type: choice
         options:
-          - ""
+          - swarm-to-k8s
+          - staging
+          - qa
+          - production
+          - development
       tags:
         description: 'Tags to apply to the provisioned resources'
         required: true

.github/workflows/reset-2fa.yml

@@ -13,7 +13,11 @@ on:
         default: 
         required: true
         options:
-          - ""
+          - swarm-to-k8s
+          - staging
+          - qa
+          - production
+          - development
 
 jobs:
   approve:

environments/development/dependencies/values.yaml

@@ -0,0 +1,41 @@
+storage_type: host_path
+
+environment_type: production
+
+minio:
+  use_default_credentials: false
+
+elasticsearch:
+  use_default_credentials: false
+
+mongodb:
+  use_default_credentials: false
+
+postgres:
+  use_default_credentials: false
+
+redis:
+  auth_mode: acl
+
+monitoring:
+  enabled: true
+
+elastalert:
+  env:
+    HTTP_POST2_ALERT_URL: http://countryconfig.opencrvs-development.svc.cluster.local:3040/email
+
+# Backup configuration
+backup:
+  enabled: false
+  schedule: "0 1 * * *"
+  backup_server_secret: backup-server-ssh-credentials
+  backup_server_dir: /home/backup/development
+
+
+# Restore configuration
+restore:
+  enabled: false
+  schedule: "0 0 * * *"
+  backup_server_secret: backup-server-ssh-credentials
+  backup_server_dir: /home/backup/
+  backup_encryption_secret: restore-encryption-secret

environments/development/mosip-api/values.yaml

@@ -0,0 +1,2 @@
+ingress:
+  ssl_enabled: true

environments/development/opencrvs-services/values.yaml

@@ -0,0 +1,53 @@
+########################################################################################
+# Initial configuration file for OpenCRVS installation
+########################################################################################
+# Some properties are not defined in this file and should be provided as key/value at
+# installation time:
+# - hostname: valid DNS name for opencrvs
+# - countryconfig.image.name: Countryconfig image repository
+# - countryconfig.image.tag: Countryconfig image tag
+environment_type: production
+
+hpa:
+  enabled: false
+
+env:
+  APN_SERVICE_URL: "http://apm-server.opencrvs-deps-development.svc.cluster.local:8200"
+  QA_ENV: true
+influxdb:
+  host: influxdb-0.influxdb.opencrvs-deps-development.svc.cluster.local
+elasticsearch:
+  auth_mode: auto
+  host: elasticsearch.opencrvs-deps-development.svc.cluster.local
+
+
+minio:
+  auth_mode: use_secret
+  host: minio-0.minio.opencrvs-deps-development.svc.cluster.local
+
+mongodb:
+  auth_mode: auto
+  host: mongodb-0.mongodb.opencrvs-deps-development.svc.cluster.local
+
+redis:
+  auth_mode: use_secret
+  host: redis-0.redis.opencrvs-deps-development.svc.cluster.local
+
+postgres:
+  auth_mode: auto
+  host: postgres-0.postgres.opencrvs-deps-development.svc.cluster.local
+
+imagePullSecrets:
+  # Default value for credentials created while yarn environment:init
+  - name: dockerhub-credentials
+
+countryconfig:
+  secrets:
+    smtp-config:
+      - ALERT_EMAIL
+      - SENDER_EMAIL_ADDRESS
+      - SMTP_HOST
+      - SMTP_PASSWORD
+      - SMTP_PORT
+      - SMTP_SECURE
+      - SMTP_USERNAME

environments/development/traefik/values.yaml

@@ -0,0 +1,85 @@
+# Overwriting https://github.com/traefik/traefik-helm-chart/blob/master/traefik/values.yaml
+namespaceOverride: "traefik"
+logs:
+  general:
+    # "TRACE", "DEBUG", "INFO", "WARN", "ERROR", "FATAL", "PANIC"
+    level: "INFO"
+    # format: "common" # For local environment
+    format: "json" # For server environment
+  access:
+    # -- To enable access logs
+    enabled: true
+    format: "json"
+
+ingressRoute:
+  dashboard:
+    enabled: false
+
+# Be explicit that we only use CRDs, not ingress/gw support
+providers: 
+  kubernetesCRD:
+    enabled: true
+  kubernetesIngress:
+    enabled: false
+  kubernetesGateway:
+    enabled: false
+
+service:
+  enabled: true
+  single: false
+  type: NodePort
+
+ports:
+  web:
+    port: 8000
+    hostPort: 80
+    protocol: TCP
+    nodePort: 30080
+    http:
+      redirections:
+        entryPoint:
+          to: websecure
+          scheme: https
+          permanent: true
+
+  websecure:
+    port: 8443
+    hostPort: 443
+    protocol: TCP
+    nodePort: 30443
+    http:
+      tls:
+        enabled: true
+        certResolver: letsencrypt
+
+# 👇 Adjust this section if needed
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      tlsChallenge: false
+      httpChallenge:
+        entryPoint: web
+      # 👇 Provide admin email address
+      email: admin@opencrvs.org
+      # Storage for certificates:
+      storage: /certificates/acme.json
+      # NOTE: Sometimes Let's Encrypt hit production SSL certificate issuing limits
+      #       If you are having issues, switch to staging
+      # Staging server
+      # caServer: https://acme-staging-v02.api.letsencrypt.org/directory
+      # Production server
+      caServer: https://acme-v02.api.letsencrypt.org/directory
+
+deployment:
+  hostNetwork: true
+  additionalVolumes:
+    - name: acme
+      hostPath:
+        path: /data/traefik
+
+additionalVolumeMounts:
+    - name: acme
+      mountPath: /certificates
+
+nodeSelector:
+  traefik-role: ingress

environments/production/dependencies/values.yaml

@@ -0,0 +1,41 @@
+storage_type: host_path
+
+environment_type: production
+
+minio:
+  use_default_credentials: false
+
+elasticsearch:
+  use_default_credentials: false
+
+mongodb:
+  use_default_credentials: false
+
+postgres:
+  use_default_credentials: false
+
+redis:
+  auth_mode: acl
+
+monitoring:
+  enabled: true
+
+elastalert:
+  env:
+    HTTP_POST2_ALERT_URL: http://countryconfig.opencrvs-production.svc.cluster.local:3040/email
+
+# Backup configuration
+backup:
+  enabled: true
+  schedule: "0 1 * * *"
+  backup_server_secret: backup-server-ssh-credentials
+  backup_server_dir: /home/backup/production
+
+
+# Restore configuration
+restore:
+  enabled: false
+  schedule: "0 0 * * *"
+  backup_server_secret: backup-server-ssh-credentials
+  backup_server_dir: /home/backup/
+  backup_encryption_secret: restore-encryption-secret

environments/production/mosip-api/values.yaml

@@ -0,0 +1,2 @@
+ingress:
+  ssl_enabled: true

environments/production/opencrvs-services/values.yaml

@@ -0,0 +1,53 @@
+########################################################################################
+# Initial configuration file for OpenCRVS installation
+########################################################################################
+# Some properties are not defined in this file and should be provided as key/value at
+# installation time:
+# - hostname: valid DNS name for opencrvs
+# - countryconfig.image.name: Countryconfig image repository
+# - countryconfig.image.tag: Countryconfig image tag
+environment_type: production
+
+hpa:
+  enabled: false
+
+env:
+  APN_SERVICE_URL: "http://apm-server.opencrvs-deps-production.svc.cluster.local:8200"
+  QA_ENV: false
+influxdb:
+  host: influxdb-0.influxdb.opencrvs-deps-production.svc.cluster.local
+elasticsearch:
+  auth_mode: auto
+  host: elasticsearch.opencrvs-deps-production.svc.cluster.local
+
+
+minio:
+  auth_mode: use_secret
+  host: minio-0.minio.opencrvs-deps-production.svc.cluster.local
+
+mongodb:
+  auth_mode: auto
+  host: mongodb-0.mongodb.opencrvs-deps-production.svc.cluster.local
+
+redis:
+  auth_mode: use_secret
+  host: redis-0.redis.opencrvs-deps-production.svc.cluster.local
+
+postgres:
+  auth_mode: auto
+  host: postgres-0.postgres.opencrvs-deps-production.svc.cluster.local
+
+imagePullSecrets:
+  # Default value for credentials created while yarn environment:init
+  - name: dockerhub-credentials
+
+countryconfig:
+  secrets:
+    smtp-config:
+      - ALERT_EMAIL
+      - SENDER_EMAIL_ADDRESS
+      - SMTP_HOST
+      - SMTP_PASSWORD
+      - SMTP_PORT
+      - SMTP_SECURE
+      - SMTP_USERNAME