diff --git a/.github/workflows/deploy-to-openshift-backend-dev.yml b/.github/workflows/deploy-to-openshift-backend-dev.yml index 7bb137a2..c1785521 100644 --- a/.github/workflows/deploy-to-openshift-backend-dev.yml +++ b/.github/workflows/deploy-to-openshift-backend-dev.yml @@ -9,7 +9,7 @@ env: # 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace. OPENSHIFT_NAMESPACE: ${{ secrets.CCOF_NAMESPACE_NO_ENV }}-dev - # SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }} + SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }} # 🖊️ EDIT to change the image registry settings. # Registries such as GHCR, Quay.io, and Docker Hub are supported. @@ -155,6 +155,9 @@ jobs: oc process -f tools/openshift/backend.dc.yaml -p APP_NAME=${{ env.APP_NAME }} -p REPO_NAME=${{ env.REPO_NAME }} -p BRANCH=${{ env.BRANCH }} -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p TAG=${{ env.TAG }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} -p HOST_ROUTE=${{ env.HOST_ROUTE }}\ | oc apply -f - + # Process update-configmap + curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap.sh | bash /dev/stdin dev ${{ env.APP_NAME }} ${{ env.NAMESPACE }} ${{ env.SPLUNK_TOKEN }} + # Start rollout (if necessary) and follow it oc rollout latest dc/${{ env.APP_NAME }}-${{ env.APP_NAME_BACKEND }} 2> /dev/null \ || true && echo "Rollout in progress" diff --git a/.github/workflows/deploy-to-openshift-backend-prod.yml b/.github/workflows/deploy-to-openshift-backend-prod.yml index b9b8d33f..2e7e5694 100644 --- a/.github/workflows/deploy-to-openshift-backend-prod.yml +++ b/.github/workflows/deploy-to-openshift-backend-prod.yml @@ -9,7 +9,7 @@ env: # 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace. OPENSHIFT_NAMESPACE: ${{ secrets.CCOF_NAMESPACE_NO_ENV }}-prod - # SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }} + SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }} # 🖊️ EDIT to change the image registry settings. # Registries such as GHCR, Quay.io, and Docker Hub are supported. @@ -126,6 +126,9 @@ jobs: oc process -f tools/openshift/backend.dc.yaml -p APP_NAME=${{ env.APP_NAME }} -p REPO_NAME=${{ env.REPO_NAME }} -p BRANCH=${{ env.BRANCH }} -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p TAG=${{ steps.get-latest-tag.outputs.tag }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} -p HOST_ROUTE=${{ env.HOST_ROUTE }}\ | oc apply -f - + # Process update-configmap + curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap.sh | bash /dev/stdin prod ${{ env.APP_NAME }} ${{ env.NAMESPACE }} ${{ env.SPLUNK_TOKEN }} + # Start rollout (if necessary) and follow it oc rollout latest dc/${{ env.APP_NAME }}-${{ env.APP_NAME_BACKEND }} 2> /dev/null \ || true && echo "Rollout in progress" diff --git a/.github/workflows/deploy-to-openshift-backend-test.yml b/.github/workflows/deploy-to-openshift-backend-test.yml index 94eac760..def27ddd 100644 --- a/.github/workflows/deploy-to-openshift-backend-test.yml +++ b/.github/workflows/deploy-to-openshift-backend-test.yml @@ -9,7 +9,7 @@ env: # 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace. OPENSHIFT_NAMESPACE: ${{ secrets.CCOF_NAMESPACE_NO_ENV }}-test - # SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }} + SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }} # 🖊️ EDIT to change the image registry settings. # Registries such as GHCR, Quay.io, and Docker Hub are supported. @@ -123,6 +123,9 @@ jobs: oc process -f tools/openshift/backend.dc.yaml -p APP_NAME=${{ env.APP_NAME }} -p REPO_NAME=${{ env.REPO_NAME }} -p BRANCH=${{ env.BRANCH }} -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p TAG=${{ steps.get-latest-tag.outputs.tag }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} -p HOST_ROUTE=${{ env.HOST_ROUTE }}\ | oc apply -f - + # Process update-configmap + curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap.sh | bash /dev/stdin test ${{ env.APP_NAME }} ${{ env.NAMESPACE }} ${{ env.SPLUNK_TOKEN }} + # Start rollout (if necessary) and follow it oc rollout latest dc/${{ env.APP_NAME }}-${{ env.APP_NAME_BACKEND }}} 2> /dev/null \ || true && echo "Rollout in progress" diff --git a/tools/config/update-configmap.sh b/tools/config/update-configmap.sh new file mode 100644 index 00000000..09053840 --- /dev/null +++ b/tools/config/update-configmap.sh @@ -0,0 +1,46 @@ +envValue=$1 +APP_NAME=$2 +OPENSHIFT_NAMESPACE=$3 +SPLUNK_TOKEN=$4 + +SPLUNK_URL="gww.splunk.educ.gov.bc.ca" +FLB_CONFIG="[SERVICE] + Flush 1 + Daemon Off + Log_Level debug + HTTP_Server On + HTTP_Listen 0.0.0.0 + Parsers_File parsers.conf +[INPUT] + Name tail + Path /mnt/log/* + Parser docker + Mem_Buf_Limit 20MB +[FILTER] + Name record_modifier + Match * + Record hostname \${HOSTNAME} +[OUTPUT] + Name stdout + Match * +[OUTPUT] + Name splunk + Match * + Host $SPLUNK_URL + Port 443 + TLS On + TLS.Verify Off + Message_Key $APP_NAME + Splunk_Token $SPLUNK_TOKEN +" +PARSER_CONFIG=" +[PARSER] + Name docker + Format json +" + +echo Creating config map $APP_NAME-flb-sc-config-map +oc create -n $OPENSHIFT_NAMESPACE-$envValue configmap $APP_NAME-flb-sc-config-map \ +--from-literal=fluent-bit.conf="$FLB_CONFIG" \ +--from-literal=parsers.conf="$PARSER_CONFIG" \ +--dry-run -o yaml | oc apply -f - diff --git a/tools/openshift/backend.dc.yaml b/tools/openshift/backend.dc.yaml index 14020f72..3317538c 100644 --- a/tools/openshift/backend.dc.yaml +++ b/tools/openshift/backend.dc.yaml @@ -78,12 +78,53 @@ objects: limits: cpu: "${MAX_CPU}" memory: "${MAX_MEM}" + - image: artifacts.developer.gov.bc.ca/docker-remote/fluent/fluent-bit:1.5.7 + name: "${APP_NAME}-fluent-bit-sidecar" + imagePullPolicy: Always + imagePullSecrets: + - name: artifactory-creds + volumeMounts: + - name: log-storage + mountPath: /mnt/log + - name: flb-sc-config-volume + mountPath: /fluent-bit/etc/ + readinessProbe: + tcpSocket: + port: 2020 + initialDelaySeconds: 10 + periodSeconds: 30 + timeoutSeconds: 5 + failureThreshold: 5 + successThreshold: 1 + livenessProbe: + httpGet: + path: / + port: 2020 + initialDelaySeconds: 10 + periodSeconds: 30 + timeoutSeconds: 5 + failureThreshold: 5 + successThreshold: 1 + ports: + - containerPort: 2020 + protocol: TCP + name: metrics + resources: + requests: + cpu: "5m" + memory: "32Mi" + limits: + cpu: "15m" + memory: "64Mi" volumes: - name: log-storage emptyDir: {} - name: tls-certs secret: secretName: ccof-backend-cert + - name: flb-sc-config-volume + configMap: + name: "${APP_NAME}-flb-sc-config-map" test: false triggers: - type: ConfigChange