Feature/ab#26676 redis deployment spec

database/unity-database.yaml

@@ -11,14 +11,14 @@ message: |-
   For more information about using this template, including OpenShift considerations, see the project readme.md and wiki documents.
 metadata:
   name: unity-database
-  # This template uses a separate parameter .env file to override the default values defined in this section. 
+  # This template uses a separate parameter .env file to override the default values defined in this section.
   # Use command: oc process -f .\database\unity-database.yaml --param-file=.env | oc create -f -
   labels:
     template: unity-database
   annotations:
     description: |-
       PostgreSQL database service with persistent storage.
-      NOTE: Scaling to more than one replica is not supported. 
+      NOTE: Scaling to more than one replica is not supported.
     iconClass: icon-postgresql
     openshift.io/display-name: PostgreSQL
     openshift.io/documentation-url: https://docs.okd.io/latest/using_images/db_images/postgresql.html
@@ -44,6 +44,12 @@ parameters:
   name: DATABASE_SERVICE_NAME
   required: true
   value: unity-data-postgres
+- description: The host exposed for the database.
+  displayName: Database Service Host
+  name: DATABASE_HOST
+  required: true
+  from: 'develop-crunchy-postgres-primary[a-zA-Z0-9]{6}-dev.svc'
+  generate: expression
 - description: The port exposed for the database.
   displayName: Database Service Port
   name: DATABASE_PORT
@@ -122,7 +128,7 @@ parameters:
   value: 1024Mi
 # Template objects to instantiate the database.
 objects:
-# Secrets 
+# Secrets
 - apiVersion: v1
   kind: Secret
   metadata:
@@ -136,7 +142,7 @@ objects:
       app.kubernetes.io/component: ${DATABASE_SERVICE_NAME}
       app.kubernetes.io/instance: ${DATABASE_SERVICE_NAME}-1
       app.kubernetes.io/name: ${DATABASE_SERVICE_NAME}
-      app.kubernetes.io/part-of: ${APPLICATION_GROUP}    
+      app.kubernetes.io/part-of: ${APPLICATION_GROUP}
   stringData:
     UNITY_POSTGRES_DB: ${POSTGRESQL_DATABASE}
     UNITY_POSTGRES_PASSWORD: ${POSTGRESQL_PASSWORD}
@@ -154,7 +160,7 @@ objects:
       app.kubernetes.io/name: ${DATABASE_SERVICE_NAME}
       app.kubernetes.io/part-of: ${APPLICATION_GROUP}
   data:
-    UNITY_DB_HOST: ${DATABASE_SERVICE_NAME}
+    UNITY_DB_HOST: ${DATABASE_HOST}
     UNITY_DB_PORT: ${DATABASE_PORT}
     UNITY_TENANT_DB: ${UNITY_TENANT_DB}
 # Service
@@ -169,7 +175,7 @@ objects:
       app.kubernetes.io/component: ${DATABASE_SERVICE_NAME}
       app.kubernetes.io/instance: ${DATABASE_SERVICE_NAME}-1
       app.kubernetes.io/name: ${DATABASE_SERVICE_NAME}
-      app.kubernetes.io/part-of: ${APPLICATION_GROUP}    
+      app.kubernetes.io/part-of: ${APPLICATION_GROUP}
   spec:
     ports:
     - name: ${DATABASE_SERVICE_NAME}
@@ -316,4 +322,3 @@ objects:
             claimName: unity-data-backup
     strategy:
       type: Recreate
-

openshift/Readme.md

@@ -4,49 +4,49 @@
 
 You can create the required templates using the web OpenShift console or the oc CLI.
 ```
+# Delete build templates
+oc delete templates --all
+
+# Create build templates
 oc create -f $repository\database\unity-backup-cronjob.yaml
 oc create -f $repository\database\unity-database.yaml
+oc create -f $repository\openshift\unity-imagestream.yaml
+oc create -f $repository\openshift\unity-applicantportal-web.yaml
 oc create -f $repository\openshift\unity-grantmanager-dbmigrator-job.yaml
-oc create -f $repository\openshift\unity-grantmanager-imagestream.yaml
 oc create -f $repository\openshift\unity-grantmanager-web.yaml
 oc create -f $repository\openshift\unity-networkpolicy.yaml
 oc create -f $repository\openshift\unity-rabbitmq.yaml
 oc create -f $repository\openshift\unity-s3-object-storage.yaml
 oc create -f $repository\openshift\unity-app-data-web.json
+oc create -f $repository\openshift\unity-chefs-data-web.json
 oc create -f $repository\openshift\unity-metabase.yaml
 ```
 
 ## Step 2: Create .env paramater files
 
 As a best practice, store copies of these files in a secure location.
 ```
-"S3.env"
 "database.env"
 "dbmigrator-job.env"
 "grantmanager-web.env"
+"S3-storage.env"
 "metabase.env"
 "rabbitmq.env"
 ```
 Use oc get templates to find all available parameters of a project template.
 ```
-
 oc get templates
 
-NAME                             DESCRIPTION                                                                        PARAMETERS     OBJECTS
-unity-app-data-build             An example Nginx HTTP server and a reverse proxy (nginx) application that ser...   9 (all set)    1
-unity-app-data-web               An example Nginx HTTP server and a reverse proxy (nginx) application that ser...   11 (1 blank)   3
-unity-grantmanager-buildconfig   Template for building a DotNet application on OpenShift.                           14 (all set)   1
-unity-grantmanager-imagestream   Template for tracking of changes in the application image.                         2 (all set)    1
-unity-networkpolicy              Template for communications rules in OpenShift.                                    2 (all set)    3
-
 NAME                                DESCRIPTION                                                                        PARAMETERS         OBJECTS
 unity-app-data-web                  An example Nginx HTTP server and a reverse proxy (nginx) application that ser...   11 (1 blank)       3
+unity-applicantportal-web           Template for running a DotNet web application on OpenShift.                        17 (1 generated)   5
 unity-backup-cronjob                Template for running a recurring backup script in OpenShift.                       16 (1 generated)   1
-unity-database                      PostgreSQL database service, with persistent storage....                           17 (1 generated)   6
-unity-grantmanager-dbmigrator-job   Template for running a dotnet console application once in OpenShift.               9 (1 generated)    1
-unity-grantmanager-imagestream      Template for tracking of changes in the application image.                         2 (all set)        1
-unity-grantmanager-web              Template for running a DotNet web application on OpenShift.                        41 (1 blank)       6
-unity-metabase                      Template for running a DotNet web application on OpenShift.                        15 (1 generated)   4
+unity-chefs-data-web                An example Nginx HTTP server and a reverse proxy (nginx) application that ser...   4 (all set)        1
+unity-database                      PostgreSQL database service with persistent storage....                            18 (1 generated)   6
+unity-grantmanager-dbmigrator-job   Template for running a dotnet console application once in OpenShift.               12 (1 generated)   1
+unity-grantmanager-web              Template for running a DotNet web application on OpenShift.                        42 (1 blank)       6
+unity-imagestream                   Template for tracking of changes in the application image.                         2 (all set)        1
+unity-metabase                      Template for running a DotNet web application on OpenShift.                        19 (1 generated)   4
 unity-networkpolicy                 Template for communications rules in OpenShift.                                    2 (all set)        3
 unity-rabbitmq                      Template for running RabbitMQ message queue application on OpenShift.              12 (all set)       4
 unity-s3-object-storage             Template for S3 connection information in OpenShift.                               9 (2 generated)    2
@@ -66,7 +66,7 @@ oc policy add-role-to-group system:image-puller system:serviceaccounts:${project
 
 # Create Database objects from templates with parameters
 oc process unity-database --param-file=${params}-database.env | oc create -f -
-oc wait dc/${release}-unity-data-postgres --for condition=available --timeout=120s
+helm upgrade --install ${release}-hippo-ha .  -f  $repository\database\crunchy-postgres\values.yaml -f ${params}-pgo-custom-values.yaml
 oc process unity-backup-cronjob --param-file=${params}-database.env | oc create -f -
 
 # Create DbMigraitor objects from templates with parameters
@@ -82,14 +82,14 @@ oc process unity-s3-object-storage --param-file=${params}-S3.env | oc create -f
 oc process unity-grantmanager-imagestream -p APPLICATION_GROUP=${release}-unity-grantmanager -p APPLICATION_NAME=${release}-unity-grantmanager | oc create -f -
 oc import-image ${release}-unity-grantmanager:$tag --confirm --from=image-registry.openshift-image-registry.svc:5000/${tools}/${release}-unity-grantmanager-build:$tag
 oc process unity-grantmanager-web --param-file=${params}-grantmanager-web.env | oc create -f -
-oc wait dc/${release}-unity-grantmanager-web --for condition=available=true --timeout=120s 
+oc wait dc/${release}-unity-grantmanager-web --for condition=available=true --timeout=120s
 
 # Create RabbitMQ objects from templates with parameters
 oc process unity-rabbitmq --param-file=${project}-rabbitmq.env | oc create -f -
 oc wait dc/${namespace}unity-rabbitmq --for condition=available
 
 # Deployment for app-data-web
-oc process unity-app-data-web -p IMAGEPULL_NAMESPACE=${tools} -p IMAGESTREAM_NAME=${namespace}-unity-app-data-build -p IMAGESTREAM_TAG=latest | oc create -f - 
+oc process unity-app-data-web -p IMAGEPULL_NAMESPACE=${tools} -p IMAGESTREAM_NAME=${namespace}-unity-app-data-build -p IMAGESTREAM_TAG=latest | oc create -f -
 
 # Deployment for reporting
 oc process unity-metabase --param-file=${project}-metabase.env | oc create -f -

openshift/unity-app-data-web.json

@@ -52,6 +52,7 @@
           "app.kubernetes.io/part-of": "${APPLICATION_GROUP}"
         },
         "annotations": {
+          "haproxy.router.openshift.io/hsts_header": "max-age=31536000;includeSubDomains;preload",
           "template.openshift.io/expose-uri": "http://{.spec.host}{.spec.path}"
         }
       },
@@ -64,7 +65,7 @@
         "tls": {
           "termination": "edge",
           "insecureEdgeTerminationPolicy": "Redirect"
-        }        
+        }
       }
     },
     {
@@ -74,11 +75,11 @@
         "name": "${APPLICATION_NAME}",
         "labels": {
           "app.openshift.io/runtime": "nginx",
-          "app.kubernetes.io/part-of": "${APPLICATION_GROUP}" 
+          "app.kubernetes.io/part-of": "${APPLICATION_GROUP}"
         },
         "annotations": {
           "description": "Defines how to deploy the application server",
-          "template.alpha.openshift.io/wait-for-ready": "true", 
+          "template.alpha.openshift.io/wait-for-ready": "true",
           "image.openshift.io/triggers": "[{\"from\":{\"kind\":\"ImageStreamTag\",\"name\":\"${IMAGESTREAM_NAME}:${IMAGESTREAM_TAG}\",\"namespace\":\"${IMAGEPULL_NAMESPACE}\"},\"fieldPath\":\"spec.template.spec.containers[?(@.name==\\\"${APPLICATION_NAME}\\\")].image\",\"pause\":\"true\"}]"
         }
       },

openshift/unity-applicantportal-web.yaml

@@ -2,11 +2,11 @@
 kind: Template
 message: |-
   A new application been created in your project: unity-applicantportal-web
-  For more information about using this template, including OpenShift considerations, 
+  For more information about using this template, including OpenShift considerations,
   see template usage guide found in the project readme.md and wiki documents.
 metadata:
   name: unity-applicantportal-web
-  # This template uses a separate parameter .env file to override the default values defined in this section. 
+  # This template uses a separate parameter .env file to override the default values defined in this section.
   # oc process -f .\openshift\unity-applicantportal-web.yaml --param-file=namespace.env | oc create -f -
   labels:
     template: unity-applicantportal-web
@@ -68,10 +68,10 @@ parameters:
   name: IMAGEPULL_NAMESPACE
   from: '[a-zA-Z0-9]{5}-tools'
   generate: expression
-- description: The ImageStream Name 
+- description: The ImageStream Name
   displayName: Registry imagestream name
   name: IMAGESTREAM_NAME
-  value: unity-applicantportal-build 
+  value: unity-applicantportal-build
 - description: The version of the image to use, e.g. v1.0.0, v0.1.0, latest the ImageStream tag.
   displayName: Application Version
   name: IMAGESTREAM_TAG
@@ -105,8 +105,8 @@ parameters:
 # Template objects to instantiate the project application.
 objects:
 # Configmap
-- apiVersion: v1 
-  kind: ConfigMap 
+- apiVersion: v1
+  kind: ConfigMap
   metadata:
     name: ${APPLICATION_NAME}
     labels:
@@ -147,6 +147,11 @@ objects:
   metadata:
     annotations:
       description: Route for application's http service.
+      haproxy.router.openshift.io/balance: roundrobin
+      haproxy.router.openshift.io/hsts_header: max-age=31536000;includeSubDomains;preload
+      haproxy.router.openshift.io/ip_whitelist: 142.22.0.0/15 142.24.0.0/13 142.32.0.0/14 142.36.0.0/16
+      router.openshift.io/cookie-same-site: Strict
+      router.openshift.io/cookie_name: haproxy-uap
     name: ${APPLICATION_NAME}
     labels:
       app: ${APPLICATION_NAME}
@@ -167,6 +172,29 @@ objects:
       termination: edge
       insecureEdgeTerminationPolicy: Redirect
     wildcardPolicy: None
+    httpHeaders:
+      actions:
+        response:
+          - name: X-Frame-Options
+            action:
+              type: Set
+              set:
+                value: SAMEORIGIN
+          - name: X-Content-Type-Options
+            action:
+              type: Set
+              set:
+                value: no-sniff
+          - name: Referrer-Policy
+            action:
+              type: Set
+              set:
+                value: strict-origin-when-cross-origin
+          - name: Content-Security-Policy
+            action:
+              type: Set
+              set:
+                value: object-src 'none'; frame-ancestors 'none'
 # Persistent storage for the application logfiles.
 - apiVersion: v1
   kind: PersistentVolumeClaim

openshift/unity-chefs-data-web.json

@@ -26,6 +26,8 @@
           "app.kubernetes.io/part-of": "${APPLICATION_GROUP}"
         },
         "annotations": {
+          "haproxy.router.openshift.io/hsts_header": "max-age=31536000;includeSubDomains;preload",
+          "haproxy.router.openshift.io/ip_whitelist": "142.22.0.0/15 142.24.0.0/13 142.32.0.0/14 142.36.0.0/16",
           "template.openshift.io/expose-uri": "http://{.spec.host}{.spec.path}"
         }
       },
@@ -35,10 +37,53 @@
           "kind": "Service",
           "name": "${APPLICATION_SERVICE}"
         },
-        "tls": {
+        "httpHeaders": {
+          "actions": {
+              "request": null,
+              "response": [
+                  {
+                      "action": {
+                          "set": {
+                              "value": "SAMEORIGIN"
+                          },
+                          "type": "Set"
+                      },
+                      "name": "X-Frame-Options"
+                  },
+                  {
+                      "action": {
+                          "set": {
+                              "value": "no-sniff"
+                          },
+                          "type": "Set"
+                      },
+                      "name": "X-Content-Type-Options"
+                  },
+                  {
+                      "action": {
+                          "set": {
+                              "value": "strict-origin-when-cross-origin"
+                          },
+                          "type": "Set"
+                      },
+                      "name": "Referrer-Policy"
+                  },
+                  {
+                      "action": {
+                          "set": {
+                              "value": "object-src 'none'; frame-ancestors 'none'"
+                          },
+                          "type": "Set"
+                      },
+                      "name": "Content-Security-Policy"
+                  }
+              ]
+          }
+      },
+      "tls": {
           "termination": "edge",
           "insecureEdgeTerminationPolicy": "Redirect"
-        }        
+        }
       }
     }
   ],