Remove serverblock from prod_values

bcgov · Oct 2, 2024 · 8f6cfdf · 8f6cfdf
1 parent fa5ecae
commit 8f6cfdf
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 142 deletions.
diff --git a/.github/workflows/build_midas_probe-gold.yaml b/.github/workflows/build_midas_probe-gold.yaml
@@ -4,7 +4,7 @@ on:
   push:
     branches:
       - 'develop'
-    paths: [midas-probe/openshift]
+    paths: [infra/midas-probe/openshift]
   workflow_dispatch:
     inputs:
       environment:
@@ -53,7 +53,7 @@ jobs:
         run: |
           oc project f088b1-${{ github.event.inputs.Environment }}
           echo installing midas-probe helm chart...
-          helm upgrade --install --values ./midas-probe/values.yaml --set licensePlate=f088b1 environment=${{ github.event.inputs.Environment }} midas-probe midas-probe
+          helm upgrade --install --values ./midas-probe/values.yaml --set environment=${{ github.event.inputs.Environment }} midas-probe midas-probe
 
   build-midas-goldDR:
     name: Build Midas Probe-GOLD
@@ -90,5 +90,5 @@ jobs:
         run: |
           oc project f088b1-${{ github.event.inputs.Environment }}
           echo installing midas-probe helm chart...
-          helm upgrade --install --values ./midas-probe/values.yaml --set licensePlate=f088b1 environment=${{ github.event.inputs.Environment }} midas-probe midas-probe
+          helm upgrade --install --values ./midas-probe/values.yaml --set environment=${{ github.event.inputs.Environment }} midas-probe midas-probe
   
diff --git a/deploy/prod_values.yaml b/deploy/prod_values.yaml
@@ -18,140 +18,6 @@ redis:
 
 nginx:
   replicaCount: 3
-  serverBlock: |-
-    server {
-      listen 8080;
-      server_name localhost *.gov.bc.ca;
-
-      location / {
-        proxy_pass http://prod-frontend:8080/;
-      }
-
-      location ^~ /api/ {
-        proxy_pass http://prod-webapi:8080/api/;
-      }
-
-      location ^~ /api/v1/ {
-        proxy_pass http://prod-webapi:8080/api/;
-      }
-
-      location ^~ /api/v1/PLRHL7 {
-        proxy_pass http://prod-webapi:8080/api/PLRHL7;
-        proxy_set_header  X-SSL-CERT $ssl_client_escaped_cert;
-      }
-      location  ^~ /midas/ {
-        proxy_pass http://midas-probe:80/midas/;
-      }
-
-      # Deny all attempts to access hidden files such as .htaccess or .htpasswd
-      location ~ /\. {
-        deny all;
-      }
-
-      # required for metrics exporter
-      location /status {
-        stub_status on;
-        access_log   off;
-        allow 127.0.0.1;
-        deny all;
-      }
-    }
-
-    server {
-      listen 8443 ssl;
-      server_name localhost *.gov.bc.ca;
-      ssl_certificate certs/tls.crt;
-      ssl_certificate_key certs/tls.key;
-      ssl_verify_client optional_no_ca;
-      ssl_protocols TLSv1.2 TLSv1.3;
-      ssl_client_certificate certs/plr/trusted-ca-certs.pem;
-
-      set $CSP_style  "style-src    'self' 'unsafe-inline' *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css";
-      set $CSP_font   "font-src     'self' data: *.googleapis.com *.gstatic.com";
-      set $CSP_frame  "frame-ancestors 'self'  *.oidc.gov.bc.ca oidc.gov.bc.ca";
-      set $CSP_SCRIPT "script-src 'self' 'unsafe-inline' https://code.jquery.com/jquery-3.6.0.min.js";
-      set $CSP        "default-src  'self' 'unsafe-inline' *.hlth.gov.bc.ca ; ${CSP_style} ; ${CSP_font} ; ${CSP_SCRIPT} ; ${CSP_frame}";
-
-      add_header Content-Security-Policy $CSP;
-      add_header X-Frame-Options "ALLOW-FROM dev.oidc.gov.bc.ca oidc.gov.bc.ca" always;
-      add_header X-XSS-Protection "1; mode=block" always;
-      add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" always;
-      add_header X-Content-Type-Options "nosniff" always;
-      add_header Referrer-Policy "no-referrer-when-downgrade";
-
-      location / {
-        proxy_pass http://prod-frontend:8080/;
-      }
-
-      location ^~ /api/ {
-        proxy_pass http://prod-webapi:8080/api/;
-      }
-
-      location ^~ /api/v1/ {
-        proxy_pass http://prod-webapi:8080/api/;
-      }
-
-      location ^~ /api/v1/PLRHL7 {
-        proxy_pass http://prod-webapi:8080/api/PLRHL7;
-        proxy_set_header  X-SSL-CERT $ssl_client_escaped_cert;
-      }
-      location  ^~ /midas/ {
-        proxy_pass http://midas-probe:80/midas/;
-      }
-
-      # Deny all attempts to access hidden files such as .htaccess or .htpasswd
-      location ~ /\. {
-        deny all;
-      }
-
-      # required for metrics exporter
-      location /status {
-        stub_status on;
-        access_log   off;
-        allow 127.0.0.1;
-        deny all;
-      }
-    }
-
-    server {
-      listen 8543 ssl;
-      server_name localhost *.gov.bc.ca;
-      ssl_certificate certs/tls.crt;
-      ssl_certificate_key certs/tls.key;
-      ssl_verify_client optional_no_ca;
-      ssl_protocols TLSv1.2 TLSv1.3;
-      ssl_client_certificate certs/plr/trusted-ca-certs.pem;
-
-      set $CSP_style  "style-src    'self' 'unsafe-inline' *.googleapis.com *.gstatic.com; ";
-      set $CSP_font   "font-src     'self' data: *.googleapis.com *.gstatic.com; ";
-      set $CSP_frame  "frame-ancestors 'self'  *.oidc.gov.bc.ca oidc.gov.bc.ca";
-      set $CSP        "default-src  'self' ; ${CSP_style} ${CSP_font} ${CSP_frame}";
-
-      add_header Content-Security-Policy $CSP;
-      add_header X-Frame-Options "ALLOW-FROM dev.oidc.gov.bc.ca oidc.gov.bc.ca" always;
-      add_header X-XSS-Protection "1; mode=block" always;
-      add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" always;
-      add_header X-Content-Type-Options "nosniff" always;
-      add_header Referrer-Policy "no-referrer-when-downgrade";
-
-      location ^~ /api/v1/PLRHL7 {
-        proxy_pass http://prod-plr-intake:8080/api/PLRHL7;
-        proxy_set_header  X-SSL-CERT $ssl_client_escaped_cert;
-      }
-
-      # Deny all attempts to access hidden files such as .htaccess or .htpasswd
-      location ~ /\. {
-        deny all;
-      }
-
-      # required for metrics exporter
-      location /status {
-        stub_status on;
-        access_log   off;
-        allow 127.0.0.1;
-        deny all;
-      }
-    }
   fluentbit:
     enabled: true
 

diff --git a/infra/endorsement_reminder/templates/cronjobs.yaml b/infra/endorsement_reminder/templates/cronjobs.yaml
@@ -1,7 +1,6 @@
-{{ $release := .Release.Name }}
 {{ $ocEnv := regexFind "([^-]*$)" .Release.Namespace }}
 {{ $domain := .Values.global.vanityURL }}
-{{ $isPR := hasPrefix "pr-" .Release.Name }}
+{{ $env := .Values.env }}
 ## Derived release name
 {{ $isProd := contains "prod" $ocEnv }}
 #
@@ -88,7 +87,7 @@ spec:
                 value: >-
                   Host=$(DB_HOST);Port=5432;Database=$(POSTGRESQL_DATABASE);Username=$(POSTGRESQL_USER);Password=$(POSTGRESQL_PASSWORD)
               - name: ApplicationUrl
-                value: "https://{{ if $isProd }}{{else}}{{ $release }}.{{end}}{{ $domain }}"
+                value: "https://{{ if $isProd }}{{else}}{{ $env }}.{{end}}{{ $domain }}"
             resources: 
               {{- toYaml .Values.resources | nindent 12 }}
           restartPolicy: Never
diff --git a/infra/midas-probe/openshift/helm/midas-probe/values.yaml b/infra/midas-probe/openshift/helm/midas-probe/values.yaml
@@ -3,11 +3,10 @@ licensePlate: f088b1
 imageStreamTag: latest
 replicas: 1
 dockerhost: image-registry.openshift-image-registry.svc:5000
-environment: "prod"
+environment: "dev"
 cpuLimit: "100m"
 memoryLimit: "150Mi"
 cpuRequests: "50m"
 memoryRequests: "50Mi"
 cluster: "GOLD"
-notouch: "200"
 gslb_host: "healthprovideridentityportal.gov.bc.ca.glb.gov.bc.ca"