Skip to content

Commit

Permalink
Configure Environments for backend and Changes
Browse files Browse the repository at this point in the history
Add environment variables
Update Helm charts and OCP templates
  • Loading branch information
TimCsaky committed May 21, 2024
1 parent 39dbec7 commit c5e8623
Show file tree
Hide file tree
Showing 8 changed files with 73 additions and 8 deletions.
8 changes: 7 additions & 1 deletion .github/environments/values.dev.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,17 @@ config:
FRONTEND_APIPATH: api/v1
FRONTEND_COMS_APIPATH: https://coms-dev.api.gov.bc.ca/api/v1
FRONTEND_EXCLUDE_METADATA: geodrive.common.encoding,geodrive.windows.attr,geodrive.windows.secdesc,s3b-last-modified
FRONTEND_NOTIFICATION_BANNER : This is the DEV environment of BCBox. Uploaded files may not persist and may be deleted from the COMS database as we continue development. Please do not upload personal or private information. Thank you for your understanding as we work to improve BCBox
FRONTEND_NOTIFICATION_BANNER: This is the DEV environment of BCBox. Uploaded files may not persist and may be deleted from the COMS database as we continue development. Please do not upload personal or private information. Thank you for your understanding as we work to improve BCBox
FRONTEND_OIDC_AUTHORITY: https://dev.loginproxy.gov.bc.ca/auth/realms/standard
FRONTEND_OIDC_CLIENTID: bc-box-4555
SERVER_APIPATH: /api/v1
SERVER_BODYLIMIT: 30mb
SERVER_CHES_APIPATH: https://ches-dev.api.gov.bc.ca/api/v1
SERVER_CHES_TOKENURL: https://dev.loginproxy.gov.bc.ca/auth/realms/comsvcauth/protocol/openid-connect/token
SERVER_CHES_FROM: DoNotReply.BCBox@gov.bc.ca
# SERVER_LOGFILE: ~
SERVER_LOGLEVEL: http
SERVER_OIDC_AUTHORITY: https://dev.loginproxy.gov.bc.ca/auth/realms/standard
SERVER_OIDC_IDENTITYKEY: idir_user_guid,bceid_user_guid,github_id
SERVER_OIDC_PUBLICKEY: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuy7zfh2ZgpDV5mH/aXyLDTddZK81rGakJcTy4KvCNOkDDxt1KAhW02lmbCo8YhHCOzjNZBp1+Vi6QiMRgBqAe2GTPZYEiV70aXfROGZe3Nvwcjbtki6HoyRte3SpqLJEIPL2F+hjJkw1UPGnjPTWZkEx9p74b9i3BjuE8RnjJ0Sza2MWw83zoQUZEJRGiopSL0yuVej6t2LO2btVdVf7QuZfPt9ehkcQYlPKpVvJA+pfeqPAdnNt7OjEIeYxinjurZr8Z04hz8UhkRefcWlSbFzFQYmL7O7iArjW0bsSvq8yNUd5r0KCOQkFduwZy26yTzTxj8OLFT91fEmbBBl4rQIDAQAB
SERVER_PORT: "8080"
6 changes: 6 additions & 0 deletions .github/environments/values.prod.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,12 @@ config:
FRONTEND_OIDC_CLIENTID: bc-box-4555
SERVER_APIPATH: /api/v1
SERVER_BODYLIMIT: 30mb
SERVER_CHES_APIPATH: https://ches.api.gov.bc.ca/api/v1
SERVER_CHES_TOKENURL: https://loginproxy.gov.bc.ca/auth/realms/comsvcauth/protocol/openid-connect/token
SERVER_CHES_FROM: DoNotReply.BCBox@gov.bc.ca
# SERVER_LOGFILE: ~
SERVER_LOGLEVEL: http
SERVER_OIDC_AUTHORITY: https://loginproxy.gov.bc.ca/auth/realms/standard
SERVER_OIDC_IDENTITYKEY: idir_user_guid,bceid_user_guid
SERVER_OIDC_PUBLICKEY: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmHiuPKOkpkq4GXN1ktr23rJtDl6Vdu/Y37ZAd3PnQ8/IDfAODvy1Y81aAUZicKe9egolv+OTRANN3yOg+TAbRhkeXLE5p/473EK0aQ0NazTCuWo6Am3oDQ7Yt8x0pw56/qcLtkTuXNyo5EnVV2Z2BzCnnaL31JOhyitolku0DNT6GDoRBmT4o2ItqEVHk5nM25cf1t2zbwI2790W6if1B2qVRkxxivS8tbH7nYC61Is3XCPockKptkH22cm2ZQJmtYd5sZKuXaGsvtyzHmn8/l0Kd1xnHmUu4JNuQ67YiNZGu3hOkrF0Js3BzAk1Qm4kvYRaxbJFCs/qokLZ4Z0W9wIDAQAB
SERVER_PORT: "8080"
6 changes: 6 additions & 0 deletions .github/environments/values.test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,12 @@ config:
FRONTEND_OIDC_CLIENTID: bc-box-4555
SERVER_APIPATH: /api/v1
SERVER_BODYLIMIT: 30mb
SERVER_CHES_APIPATH: https://ches-test.api.gov.bc.ca/api/v1
SERVER_CHES_TOKENURL: https://test.loginproxy.gov.bc.ca/auth/realms/comsvcauth/protocol/openid-connect/token
SERVER_CHES_FROM: DoNotReply.BCBox@gov.bc.ca
# SERVER_LOGFILE: ~
SERVER_LOGLEVEL: http
SERVER_OIDC_AUTHORITY: https://test.loginproxy.gov.bc.ca/auth/realms/standard
SERVER_OIDC_IDENTITYKEY: idir_user_guid,bceid_user_guid
SERVER_OIDC_PUBLICKEY: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiFdv9GA83uHuy8Eu9yiZHGGF9j6J8t7FkbcpaN81GDjwbjsIJ0OJO9dKRAx6BAtTC4ubJTBJMPvQER5ikOhIeBi4o25fg61jpgsU6oRZHkCXc9gX6mrjMjbsPaf3/bjjYxP5jicBDJQeD1oRa24+tiGggoQ7k6gDEN+cRYqqNpzC/GQbkUPk8YsgroncEgu8ChMh/3ERsLV2zorchMANUq76max16mHrhtWIQxrb/STpSt4JuSlUzzBV/dcXjJe5gywZHe0jAutFhNqjHzHdgyaC4RAd3eYQo+Kl/JOgy2AZrnx+CiPmvOJKe9tAW4k4H087ng8aVE40v4HW/FEbnwIDAQAB
SERVER_PORT: "8080"
14 changes: 14 additions & 0 deletions app/config/custom-environment-variables.json
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,22 @@
"server": {
"apiPath": "SERVER_APIPATH",
"bodyLimit": "SERVER_BODYLIMIT",
"ches": {
"apiPath": "SERVER_CHES_APIPATH",
"clientId": "SERVER_CHES_CLIENTID",
"clientSecret": "SERVER_CHES_CLIENTSECRET",
"tokenUrl": "SERVER_CHES_TOKENURL",
"from": "SERVER_CHES_FROM"
},
"logFile": "SERVER_LOGFILE",
"logLevel": "SERVER_LOGLEVEL",
"oidc": {
"authority": "SERVER_OIDC_AUTHORITY",
"clientId": "SERVER_OIDC_CLIENTID",
"clientSecret": "SERVER_OIDC_CLIENTSECRET",
"identityKey": "SERVER_OIDC_IDENTITYKEY",
"publicKey": "SERVER_OIDC_PUBLICKEY"
},
"port": "SERVER_PORT"
}
}
2 changes: 1 addition & 1 deletion charts/bcbox/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ name: bcbox
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.0.14
version: 0.0.15
kubeVersion: ">= 1.13.0"
description: A frontend UI for managing access control to S3 Objects
# A chart can be either an 'application' or a 'library' chart.
Expand Down
4 changes: 2 additions & 2 deletions charts/bcbox/README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# bcbox

![Version: 0.0.14](https://img.shields.io/badge/Version-0.0.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.7.0](https://img.shields.io/badge/AppVersion-0.7.0-informational?style=flat-square)
![Version: 0.0.15](https://img.shields.io/badge/Version-0.0.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.7.0](https://img.shields.io/badge/AppVersion-0.7.0-informational?style=flat-square)

A frontend UI for managing access control to S3 Objects

Expand Down Expand Up @@ -29,7 +29,7 @@ Kubernetes: `>= 1.13.0`
| autoscaling.maxReplicas | int | `16` | |
| autoscaling.minReplicas | int | `2` | |
| autoscaling.targetCPUUtilizationPercentage | int | `80` | |
| config.configMap | object | `{"FRONTEND_APIPATH":"api/v1","FRONTEND_COMS_APIPATH":null,"FRONTEND_OIDC_AUTHORITY":null,"FRONTEND_OIDC_CLIENTID":null,"SERVER_APIPATH":"/api/v1","SERVER_BODYLIMIT":"30mb","SERVER_LOGLEVEL":"http","SERVER_PORT":"8080"}` | These values will be wholesale added to the configmap as is; refer to the bcbox documentation for what each of these values mean and whether you need them defined. Ensure that all values are represented explicitly as strings, as non-string values will not translate over as expected into container environment variables. For configuration keys named `*_ENABLED`, either leave them commented/undefined, or set them to string value "true". |
| config.configMap | object | `{"FRONTEND_APIPATH":"api/v1","FRONTEND_COMS_APIPATH":null,"FRONTEND_OIDC_AUTHORITY":null,"FRONTEND_OIDC_CLIENTID":null,"SERVER_APIPATH":"/api/v1","SERVER_BODYLIMIT":"30mb","SERVER_CHES_APIPATH":null,"SERVER_CHES_FROM":null,"SERVER_CHES_TOKENURL":null,"SERVER_LOGLEVEL":"http","SERVER_OIDC_AUTHORITY":null,"SERVER_OIDC_IDENTITYKEY":null,"SERVER_OIDC_PUBLICKEY":null,"SERVER_PORT":"8080"}` | These values will be wholesale added to the configmap as is; refer to the bcbox documentation for what each of these values mean and whether you need them defined. Ensure that all values are represented explicitly as strings, as non-string values will not translate over as expected into container environment variables. For configuration keys named `*_ENABLED`, either leave them commented/undefined, or set them to string value "true". |
| config.enabled | bool | `false` | Set to true if you want to let Helm manage and overwrite your configmaps. |
| config.releaseScoped | bool | `false` | This should be set to true if and only if you require configmaps and secrets to be release scoped. In the event you want all instances in the same namespace to share a similar configuration, this should be set to false |
| failurePolicy | string | `"Retry"` | DeploymentConfig pre-hook failure behavior |
Expand Down
20 changes: 20 additions & 0 deletions charts/bcbox/templates/deploymentconfig.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,26 @@ spec:
env:
- name: NODE_ENV
value: production
- name: SERVER_CHES_CLIENTID
valueFrom:
secretKeyRef:
key: username
name: {{ include "bcbox.configname" . }}-ches-service-account
- name: SERVER_CHES_CLIENTSECRET
valueFrom:
secretKeyRef:
key: password
name: {{ include "bcbox.configname" . }}-ches-service-account
- name: SERVER_OIDC_CLIENTID
valueFrom:
secretKeyRef:
key: username
name: {{ include "bcbox.configname" . }}-keycloak
- name: SERVER_OIDC_CLIENTSECRET
valueFrom:
secretKeyRef:
key: password
name: {{ include "bcbox.configname" . }}-keycloak
envFrom:
- configMapRef:
name: {{ include "bcbox.configname" . }}-config
Expand Down
21 changes: 17 additions & 4 deletions charts/bcbox/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -27,11 +27,13 @@ failurePolicy: Retry
podAnnotations: {}

# -- Privilege and access control settings
podSecurityContext: {}
podSecurityContext:
{}
# fsGroup: 2000

# -- Privilege and access control settings
securityContext: {}
securityContext:
{}
# capabilities:
# drop:
# - ALL
Expand Down Expand Up @@ -89,7 +91,8 @@ route:
# -- Specifies whether a route should be created
enabled: true
# -- Annotations to add to the route
annotations: {}
annotations:
{}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
host: chart-example.local
Expand Down Expand Up @@ -140,7 +143,17 @@ config:
FRONTEND_OIDC_CLIENTID: ~
SERVER_APIPATH: "/api/v1"
SERVER_BODYLIMIT: "30mb"
# SERVER_STATICFILES: ~

SERVER_CHES_APIPATH: ~
SERVER_CHES_TOKENURL: ~
SERVER_CHES_FROM: ~

# SERVER_LOGFILE: ~
SERVER_LOGLEVEL: "http"

SERVER_OIDC_AUTHORITY: ~
SERVER_OIDC_IDENTITYKEY: ~
SERVER_OIDC_PUBLICKEY: ~

SERVER_PORT: "8080"
# SERVER_STATICFILES: ~

0 comments on commit c5e8623

Please sign in to comment.