add event stream config notes, add to deployment

Signed-off-by: Jason Sherman <[email protected]>
usingtechnology · Sep 3, 2024 · 3c83278 · 3c83278
1 parent e228db2
commit 3c83278
Show file tree

Hide file tree

Showing 6 changed files with 146 additions and 3 deletions.
diff --git a/.github/actions/deploy-to-environment/action.yaml b/.github/actions/deploy-to-environment/action.yaml
@@ -90,6 +90,15 @@ runs:
       run: |
         oc process --namespace ${{ inputs.namespace_prefix }}-${{ inputs.namespace_environment }} -f openshift/app.cm.yaml -p NAMESPACE=${{ inputs.namespace_prefix }}-${{ inputs.namespace_environment }} -p APP_NAME=${{ inputs.acronym }} -p JOB_NAME=${{ inputs.job_name }} -p SERVER_HOST=${{ inputs.server_host }} -o yaml | oc apply --namespace ${{ inputs.namespace_prefix }}-${{ inputs.namespace_environment }} -f -
 
+    - name: Deploy event stream ConfigMaps
+      shell: bash
+      run: |
+        if [[ "${{ inputs.job_name }}" == pr-* ]]; then
+          oc process --namespace ${{ inputs.namespace_prefix }}-${{ inputs.namespace_environment }} -f openshift/ess.cm.yaml -p APP_NAME=${{ inputs.acronym }} -p JOB_NAME=${{ inputs.job_name }} -p SOURCE=${{ inputs.job_name }} -o yaml | oc apply --namespace ${{ inputs.namespace_prefix }}-${{ inputs.namespace_environment }} -f -
+        else
+          oc process --namespace ${{ inputs.namespace_prefix }}-${{ inputs.namespace_environment }} -f openshift/ess.cm.yaml -p APP_NAME=${{ inputs.acronym }} -p JOB_NAME=${{ inputs.job_name }} -p SOURCE=${{ inputs.acronym }} -o yaml | oc apply --namespace ${{ inputs.namespace_prefix }}-${{ inputs.namespace_environment }} -f -
+        fi
+
     - name: Deploy App
       shell: bash
       run: |

diff --git a/event-stream-service/charts/event-stream-service/README b/event-stream-service/charts/event-stream-service/README
diff --git a/event-stream-service/charts/event-stream-service/README.md b/event-stream-service/charts/event-stream-service/README.md
@@ -0,0 +1,55 @@
+# Event Stream Service Installation
+
+This current documentation will be very simple and make assumptions:
+
+- you are installing on BC Gov Openshift.
+- you have installed `oc` command line tools on your workstation that work on BC Gov Openshift.
+- you know how to get your Openshift token for running your `oc` command line tools.
+- you have installed [helm](https://helm.sh) on your workstation.
+- you have a basic understanding of helm and values files overrides.
+- you have access/permissions in your Openshift namespace to run `helm` and `oc` commands.
+
+**September 3, 2024** - we are using the `a191b5` namespaces to host the proof of concepts. These spaces have minimal resources (we can request more as we learn about the requirements).
+
+## Basic Instructions
+
+1. get your Openshift token
+2. use oc login to your namespace
+3. navigate to the <repo>/event-stream-service
+4. run the `helm` install / upgrade command
+
+```
+oc login --token=sha256~yk5BCjn0syJV0qXEyPk12s09v-RIdmTeLVdQmQrQEBc --server=https://api.silver.devops.gov.bc.ca:6443
+helm upgrade --install event-stream-service ./charts/event-stream-service -f ./charts/event-stream-service/values.yaml
+helm uninstall event-stream-service
+oc delete pvc -l 'app.kubernetes.io/instance=event-stream-service'
+```
+
+To set up a CHEFS instance to use this installation of Event Stream Service, you will need to know the server name and you will need the generated secret for the `chefs` account.
+
+Find the `ess-nginx-route` and note the location. The Event Stream Service server will the host (so no `https://` and no path).
+Find the `ess-nats-auth` and copy the value for `chefs_pwd`.
+
+### To remove
+
+1. get your Openshift token
+2. use oc login to your namespace
+3. run the `helm` uninstall command
+4. if permanently deleting, then run the `oc delete pvc` command to remove the persistent storage
+
+```
+oc login --token=sha256~yk5BCjn0syJV0qXEyPk12s09v-RIdmTeLVdQmQrQEBc --server=https://api.silver.devops.gov.bc.ca:6443
+helm uninstall event-stream-service
+oc delete pvc -l 'app.kubernetes.io/instance=event-stream-service'
+```
+
+## Future
+
+We will need to create different param override (values) files for each instance. Each namespace and instance will have different resource allocation that we need to tune.
+You can specify the '--values'/'-f' flag multiple times. The priority will be given to the last (right-most) file specified.
+
+```
+helm upgrade --install event-stream-service ./charts/event-stream-service -f ./charts/event-stream-service/values.yaml -f ./charts/event-stream-service/values-prod.yaml
+```
+
+This would apply our default values file (`values.yaml`) with any overrides found in `values-prod.yaml` taking priority.
diff --git a/openshift/README.md b/openshift/README.md
@@ -157,6 +157,20 @@ oc create -n $NAMESPACE secret generic $APP_NAME-encryption-keys \
   --from-literal=proxy=$proxy_key
 ```
 
+We need to store a password for Event Stream Service client. Since the server(s) will change along with the password, we will store the server and credentials in a secret per environment (DEV, TEST, PROD). Pull requests can use the same as DEV.
+
+```sh
+
+export ess_servers=<comma separated list of event stream servers>
+export ess_password=<chefs password from event stream service>
+
+oc create -n $NAMESPACE secret generic $APP_NAME-event-stream-service \
+  --type=Opaque \
+  --from-literal=servers=$ess_servers \
+  --from-literal=username=chefs \
+  --from-literal=password=$ess_password
+```
+
 ## Deployment
 
 This application is currently designed as a single application pod deployment. It will host a static frontend containing all of the Vue.js resources and assets, and a Node.js backend which serves the API that the frontend requires. We are currently leveraging Openshift Routes with path based filtering to forward incoming traffic to the right deployment service.

diff --git a/openshift/app.dc.yaml b/openshift/app.dc.yaml
@@ -233,6 +233,21 @@ objects:
                     secretKeyRef:
                       key: mailapitoken
                       name: "chefs-${JOB_NAME}-secret"
+                - name: EVENTSTREAMSERVICE_SERVERS
+                  valueFrom:
+                    secretKeyRef:
+                      key: servers
+                      name: "${APP_NAME}-event-stream-service"
+                - name: EVENTSTREAMSERVICE_USERNAME
+                  valueFrom:
+                    secretKeyRef:
+                      key: username
+                      name: "${APP_NAME}-event-stream-service"
+                - name: EVENTSTREAMSERVICE_PASSWORD
+                  valueFrom:
+                    secretKeyRef:
+                      key: password
+                      name: "${APP_NAME}-event-stream-service"
                 # - name: SERVER_LOGFILE
                 #   value: "/var/log/app.log"
               envFrom:
@@ -250,6 +265,8 @@ objects:
                     name: "${APP_NAME}-oidc-config"
                 - configMapRef:
                     name: "${APP_NAME}-custombcaddressformiocomponent-config"
+                - configMapRef:
+                    name: "${APP_NAME}-${JOB_NAME}-event-stream-config"
           restartPolicy: Always
           terminationGracePeriodSeconds: 30
           volumes:

diff --git a/openshift/ess.cm.yaml b/openshift/ess.cm.yaml
@@ -0,0 +1,51 @@
+---
+apiVersion: template.openshift.io/v1
+kind: Template
+labels:
+  app.kubernetes.io/component: app
+  app.kubernetes.io/instance: "${APP_NAME}-${JOB_NAME}"
+  app.kubernetes.io/managed-by: github
+  app.kubernetes.io/name: nodejs
+  app.kubernetes.io/part-of: "${APP_NAME}-${JOB_NAME}"
+  app: "${APP_NAME}-${JOB_NAME}"
+  template: "chefs-app-event-stream-service-template"
+metadata:
+  name: "chefs-app-event-stream-service"
+objects:
+  - apiVersion: v1
+    kind: ConfigMap
+    metadata:
+      name: "${APP_NAME}-${JOB_NAME}-event-stream-service"
+    data:
+      FEATURES_EVENTSTREAMSERVICE: ${FEATURE}
+      EVENTSTREAMSERVICE_STREAMNAME: ${STREAMNAME}
+      EVENTSTREAMSERVICE_SOURCE: ${SOURCE}
+      EVENTSTREAMSERVICE_DOMAIN: ${DOMAIN}
+parameters:
+  - name: APP_NAME
+    description: Application name
+    displayName: Application name
+    required: true
+  - name: JOB_NAME
+    description: Job identifier (i.e. 'pr-5' OR 'master')
+    displayName: Job Branch Name
+    required: true
+  - name: FEATURE
+    description: Enable Event Stream Service Feature
+    displayName: Enable feature
+    required: true
+    value: true
+  - name: STREAMNAME
+    description: Name of the CHEFS Event Stream
+    displayName: CHEFS Event Stream name
+    required: true
+    value: CHEFS
+  - name: DOMAIN
+    description: Domain of the CHEFS Event Stream
+    displayName: CHEFS Event Stream domain
+    required: true
+    value: forms
+  - name: SOURCE
+    description: Source of CHEFS Event Stream
+    displayName: CHEFS Event Stream source
+    required: true