Update

- Added ISTIO charts
- Upated charts to reflect stage
- Minor fixes

.gitignore

@@ -3,4 +3,5 @@
 /tmp
 rit-tst-1.yaml
 /Kubernetes/__pycache__
-/Kubernetes/deploy-kube.sh
+/Kubernetes/deploy-kube.sh
+/Kubernetes/Components/TIM/values.yaml

Docker/Chat+Backoffice/byk.env

@@ -1,7 +1,7 @@
       - security.allowlist.jwt=byk-public-ruuter,byk-private-ruuter,byk-dmapper,byk-widget,byk-customer-service,byk-resql
       - spring.datasource.url=jdbc:postgresql://tim-postgresql:5432/tim
       - spring.datasource.username=tim
-      - spring.datasource.password=123
+      - spring.datasource.password=t9n5Kmm7vP9
       - security.oauth2.client.client-id=tara_client_id
       - security.oauth2.client.client-secret=tara_client_secret
       - security.oauth2.client.registered-redirect-uri=https://tim.byk.buerokratt.ee/authenticate

Docker/Chat+Backoffice/docker-compose.yml

@@ -19,7 +19,7 @@ services:
       context: .
       network: host
     environment:
-      - ruuter.cors.allowedOrigins=http://test.buerokratt.ee:3000
+      - ruuter.cors.allowedOrigins=http://stage.buerokratt.ee:3000
     volumes:
       - ./private.DSL:/DSL
     ports:
@@ -87,7 +87,7 @@ services:
 #    command: ["postgres", "-c", "ssl=on", "-c", "ssl_cert_file=/etc/tls/tls.crt", "-c", "ssl_key_file=/etc/tls/tls.key"]
     environment:
       - POSTGRES_USER=tim
-      - POSTGRES_PASSWORD=123
+      - POSTGRES_PASSWORD=t9n5Kmm7vP9
       - POSTGRES_DB=tim
     volumes:
 #      - ./tim-db/cert.crt:/etc/tls/tls.crt
@@ -104,7 +104,7 @@ services:
 #    command: ["postgres", "-c", "ssl=on", "-c", "ssl_cert_file=/etc/tls/tls.crt", "-c", "ssl_key_file=/etc/tls/tls.key"]
     environment:
       - POSTGRES_USER=byk
-      - POSTGRES_PASSWORD=01234
+      - POSTGRES_PASSWORD=PASSWORD
       - POSTGRES_DB=byk
     volumes:
 #      - ./users-db/cert.crt:/etc/tls/tls.crt

Kubernetes/Components/Bot/values.yaml

@@ -15,7 +15,7 @@ securityContext: {}
   # runAsNonRoot: true
   # runAsUser: 1000
 
-domain: test.buerokratt.ee # Domain name
+domain: stage.buerokratt.ee # Domain name
 
 ingress:
   certIssuerName: letsencrypt-prod # Change this if your certIssuerName has set up different

Kubernetes/Components/DataMapper/templates/istio-setup-byk-dmapper.yaml

@@ -0,0 +1,39 @@
+apiVersion: networking.istio.io/v1beta1
+kind: DestinationRule
+metadata:
+  name: "{{ .Values.release_name }}"
+spec:
+  host: "{{ .Values.release_name }}"
+  subsets:
+  - name: "{{ .Values.release_name }}"
+    labels:
+      app: "{{ .Values.release_name }}"
+---
+apiVersion: networking.istio.io/v1beta1
+kind: VirtualService
+metadata:
+  name: "{{ .Values.release_name }}"
+spec:
+  hosts:
+  - "{{ .Values.release_name }}"
+  http:
+  - name: allow
+    match:
+    - sourceLabels:
+        app: component-byk-ruuter
+    - sourceLabels:
+        app: component-byk-ruuter-private
+    route:
+    - destination:
+        host: "{{ .Values.release_name }}"
+        subset: "{{ .Values.release_name }}"
+  - name: reject
+    route:
+    - destination:
+        host: "{{ .Values.release_name }}"
+        subset: "{{ .Values.release_name }}"
+    fault:
+      abort:
+        percentage:
+          value: 100.0
+        httpStatus: 403

Kubernetes/Components/DataMapper/values.yaml

@@ -16,7 +16,7 @@ securityContext: {}
   # runAsNonRoot: true
   # runAsUser: 1000
 
-domain: test.buerokratt.ee # Domain name
+domain: stage.buerokratt.ee # Domain name
 
 ingress:
   certIssuerName: letsencrypt-prod # Change this if your certIssuerName has set up different

Kubernetes/Components/Databases/values.yaml

@@ -15,7 +15,7 @@ securityContext: {}
   # runAsNonRoot: true
   # runAsUser: 1000
 
-domain: test.buerokratt.ee # Domain name
+domain: stage.buerokratt.ee # Domain name
 releaseName: "component-databases"
 
 ingress:
@@ -27,7 +27,7 @@ tim-postgresql:
   auth:
     postgresPassword: postgres
     username: tim
-    password: "123" # Change password accordingly, make sure that ths passord you set here, will be used inside values.yaml under component TIM values.yaml
+    password: "t9n5Kmm7vP9" # Change password accordingly, make sure that ths passord you set here, will be used inside values.yaml under component TIM values.yaml
     database: tim
   statefulset:
     enabled: true
@@ -41,7 +41,7 @@ users-db:
   auth:
     postgresPassword: postgres
     username: byk
-    password: "01234" # Change password accordingly, make sure that ths passord you set here, will be used inside values.yaml in components and modules, where necessary.
+    password: "PASSWORD" # Change password accordingly, make sure that ths passord you set here, will be used inside values.yaml in components and modules, where necessary.
     database: byk
   statefulset:
     enabled: true

Kubernetes/Components/Notification-server/templates/ingress-notification-server.yml

@@ -12,7 +12,7 @@ metadata:
     nginx.ingress.kubernetes.io/cors-allow-origin: "*"
     nginx.ingress.kubernetes.io/cors-allow-methods: "GET, POST, PUT, DELETE, OPTIONS"
     nginx.ingress.kubernetes.io/cors-allow-headers: "Origin, X-Requested-With, Content-Type, Cache-Control, Connection, Accept"
-    cert-manager.io/cluster-issuer: letsencrypt-prod-issuer
+    cert-manager.io/cluster-issuer: letsencrypt-prod
   labels:
     name: "{{ .Values.release_name }}-ingress"
 spec:

Kubernetes/Components/Notification-server/templates/istio-setup-notification-server.yaml

@@ -0,0 +1,39 @@
+apiVersion: networking.istio.io/v1beta1
+kind: DestinationRule
+metadata:
+  name: "{{ .Values.release_name }}"
+spec:
+  host: "{{ .Values.release_name }}"
+  subsets:
+  - name: "{{ .Values.release_name }}"
+    labels:
+      app: "{{ .Values.release_name }}"
+---
+apiVersion: networking.istio.io/v1beta1
+kind: VirtualService
+metadata:
+  name: "{{ .Values.release_name }}"
+spec:
+  hosts:
+  - "{{ .Values.release_name }}"
+  http:
+  - name: allow
+    match:
+    - sourceLabels:
+        app: component-byk-ruuter
+    - sourceLabels:
+        app: component-byk-ruuter-private
+    route:
+    - destination:
+        host: "{{ .Values.release_name }}"
+        subset: "{{ .Values.release_name }}"
+  - name: reject
+    route:
+    - destination:
+        host: "{{ .Values.release_name }}"
+        subset: "{{ .Values.release_name }}"
+    fault:
+      abort:
+        percentage:
+          value: 100.0
+        httpStatus: 403

Kubernetes/Components/Notification-server/values.yaml

@@ -15,8 +15,8 @@ securityContext: {}
   # runAsNonRoot: true
   # runAsUser: 1000
 
-domain: test.buerokratt.ee # Domain name
-secretname: ruuter.test.buerokratt.ee1904prod # Cert name value, change this as suited to environment
+domain: stage.buerokratt.ee # Domain name
+secretname: ruuter.stage.buerokratt.ee3004prod # Cert name value, change this as suited to environment
 
 ingress:
   certIssuerName: letsencrypt-prod # Change this if your certIssuerName has set up different

Kubernetes/Components/OpenSearch/values.yaml

@@ -15,7 +15,7 @@ securityContext: {}
   # runAsNonRoot: true
   # runAsUser: 1000
 
-domain: test.buerokratt.ee # Domain name
+domain: stage.buerokratt.ee # Domain name
 
 ingress:
   certIssuerName: letsencrypt-prod # Change this if your certIssuerName has set up different

Kubernetes/Components/Private-Ruuter/templates/configmap-tomcat-urls-env.yaml

@@ -15,7 +15,7 @@ data:
     ANALYTICS_TIM=http://component-byk-tim:8085
     ANALYTICS_DMAPPER=http://component-byk-dmapper:3000
     ANALYTICS_RUUTER=http://component-byk-ruuter-private:8080
-    ANALYTICS_RESQL=http://component-byk-resql:8082
+    ANALYTICS_RESQL=http://component-byk-resql:8082/analytics
     TRAINING_TIM=http://component-byk-tim:8085
     TRAINING_DMAPPER=http://component-byk-dmapper-v1:3000
     TRAINING_RUUTER=http://component-byk-ruuter-private:8080/training
@@ -28,4 +28,4 @@ data:
     SERVICE_RESQL=http://component-byk-resql:8082/services
     SERVICE_TRAINING_RESQL=http://component-byk-resql:8082/services/training
     TRAINING_OPENSEARCH=http://component-opensearch-node:9200
-    DOMAIN=test.buerokratt.ee
+    DOMAIN=stage.buerokratt.ee

Kubernetes/Components/Private-Ruuter/templates/deployment-byk-ruuter-private.yaml

@@ -88,12 +88,12 @@ spec:
           livenessProbe:
             tcpSocket:
               port: 8080
-            initialDelaySeconds: 21
+            initialDelaySeconds: 25
             periodSeconds: 10
           readinessProbe:
             tcpSocket:
               port: 8080
-            initialDelaySeconds: 22
+            initialDelaySeconds: 23
             periodSeconds: 10
 
       volumes:

Kubernetes/Components/Private-Ruuter/templates/ingress-private-ruuter.yaml

@@ -5,12 +5,12 @@ metadata:
   annotations:
     kubernetes.io/ingress.class: "nginx"
     nginx.ingress.kubernetes.io/enable-cors: "true"
-#    nginx.ingress.kubernetes.io/cors-allow-methods: "POST, GET, OPTIONS"
-#    nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For"
-    nginx.ingress.kubernetes.io/cors-allow-origin: "https://admin.test.buerokratt.ee, https://test.buerokratt.ee, https://tim.test.buerokratt.ee, https://admin.dev.buerokratt.ee, https://ruuter.test.buerokratt.ee/, https://ruuter.test.buerokratt.ee/v1/private/"
+    nginx.ingress.kubernetes.io/cors-allow-methods: "POST, GET, OPTIONS"
+    nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For"
+    nginx.ingress.kubernetes.io/cors-allow-origin: "https://admin.stage.buerokratt.ee, https://stage.buerokratt.ee, https://tim.stage.buerokratt.ee, https://admin.dev.buerokratt.ee, https://ruuter.stage.buerokratt.ee/, https://ruuter.stage.buerokratt.ee/v2/private/, https://ruuter.stage.buerokratt.ee/v2/public"
 #    nginx.ingress.kubernetes.io/session-cookie-domain: "buerokratt.ee"
 #    nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
-#    nginx.ingress.kubernetes.io/additional-response-headers: "Access-Control-Allow-Headers: Content-Type"
+    nginx.ingress.kubernetes.io/additional-response-headers: "Access-Control-Allow-Headers: Content-Type"
     nginx.ingress.kubernetes.io/cors-allow-headers: "content-type"
  #   nginx.ingress.kubernetes.io/proxy-set-header: "Content-Type: application/json"
     nginx.ingress.kubernetes.io/cors-expose-headers: "X-B3-TraceId"

Kubernetes/Components/Private-Ruuter/templates/istio-setup-byk-ruuter-private.yaml

@@ -0,0 +1,37 @@
+apiVersion: networking.istio.io/v1beta1
+kind: DestinationRule
+metadata:
+  name: "{{ .Values.release_name }}"
+spec:
+  host: "{{ .Values.release_name }}"
+  subsets:
+  - name: "{{ .Values.release_name }}"
+    labels:
+      app: "{{ .Values.release_name }}"
+---
+apiVersion: networking.istio.io/v1beta1
+kind: VirtualService
+metadata:
+  name: "{{ .Values.release_name }}"
+spec:
+  hosts:
+  - "{{ .Values.release_name }}"
+  http:
+  - name: allow
+    match:
+    - sourceLabels:
+        app: "{{ .Values.release_name }}"
+    route:
+    - destination:
+        host: "{{ .Values.release_name }}"
+        subset: "{{ .Values.release_name }}"
+  - name: reject
+    route:
+    - destination:
+        host: "{{ .Values.release_name }}"
+        subset: "{{ .Values.release_name }}"
+    fault:
+      abort:
+        percentage:
+          value: 100.0
+        httpStatus: 403

Kubernetes/Components/Private-Ruuter/values.yaml

@@ -15,8 +15,8 @@ securityContext: {}
   # runAsNonRoot: true
   # runAsUser: 1000
 
-domain: test.buerokratt.ee # Domain name
-secretname: ruuter.test.buerokratt.ee1904prod # Cert name value, change this as suited to environment
+domain: stage.buerokratt.ee # Domain name
+secretname: ruuter.stage.buerokratt.ee3004prod # Cert name value, change this as suited to environment
 
 ingress:
   certIssuerName: letsencrypt-prod # Change this if your certIssuerName has set up different
@@ -35,7 +35,7 @@ images:
   analytics:
     registry: "ghcr.io"
     repository: "buerokratt/buerokratt-dsl"
-    tag: "analytics-module-pre-alpha-1.4.7" # Images (tags) are up to date, currently no changes needed
+    tag: "analytics-module-pre-alpha-1.4.9" # Images (tags) are up to date, currently no changes needed
   services:
     registry: "ghcr.io"
     repository: "buerokratt/buerokratt-dsl"
@@ -49,5 +49,5 @@ env:
   LOG_LEVEL_TIMING: "INFO"
   APPLICATION_LOGGING_DISPLAY_REQUEST_CONTENT: "true"
   APPLICATION_LOGGING_DISPLAY_RESPONSE_CONTENT: "true"
-  APPLICATION_CORS_ALLOWED_ORIGINS: https://admin.test.buerokratt.ee # Change the domain name, leave subdomain and subpath same
+  APPLICATION_CORS_ALLOWED_ORIGINS: https://admin.stage.buerokratt.ee, https://stage.buerokratt.ee, https://tim.stage.buerokratt.ee, https://ruuter.stage.buerokratt.ee # Change the domain name, leave subdomain and subpath same
   APPLICATION_OPENSEARCH_CONFIGURATION_URL: http://component-opensearch-node:9200

Kubernetes/Components/Resql/templates/deployment-byk-resql.yaml

@@ -89,7 +89,7 @@ spec:
             httpGet:
               path: /datasources
               port: 8082
-            initialDelaySeconds: 68
+            initialDelaySeconds: 70
             periodSeconds: 10
 
       volumes:

Kubernetes/Components/Resql/templates/istio-setup-byk-resql.yaml

@@ -0,0 +1,39 @@
+apiVersion: networking.istio.io/v1beta1
+kind: DestinationRule
+metadata:
+  name: "{{ .Values.release_name }}"
+spec:
+  host: "{{ .Values.release_name }}"
+  subsets:
+  - name: "{{ .Values.release_name }}"
+    labels:
+      app: "{{ .Values.release_name }}"
+---
+apiVersion: networking.istio.io/v1beta1
+kind: VirtualService
+metadata:
+  name: "{{ .Values.release_name }}"
+spec:
+  hosts:
+  - "{{ .Values.release_name }}"
+  http:
+  - name: allow
+    match:
+    - sourceLabels:
+        app: component-byk-ruuter
+    - sourceLabels:
+        app: component-byk-ruuter-private
+    route:
+    - destination:
+        host: "{{ .Values.release_name }}"
+        subset: "{{ .Values.release_name }}"
+  - name: reject
+    route:
+    - destination:
+        host: "{{ .Values.release_name }}"
+        subset: "{{ .Values.release_name }}"
+    fault:
+      abort:
+        percentage:
+          value: 100.0
+        httpStatus: 403

Kubernetes/Components/Resql/values.yaml

@@ -15,7 +15,7 @@ securityContext: {}
   # runAsNonRoot: true
   # runAsUser: 1000
 
-domain: test.buerokratt.ee # Domain name
+domain: stage.buerokratt.ee # Domain name
 
 #ingress:
 #  tlsConfigMapName: byk-tls-configmap
@@ -52,5 +52,5 @@ env:
   SQLMS_DATASOURCES_0_NAME: "byk"
   SQLMS_DATASOURCES_0_JDBCURL: "jdbc:postgresql://component-databases-users-db:5432/byk"
   SQLMS_DATASOURCES_0_USERNAME: "byk"
-  SQLMS_DATASOURCES_0_PASSWORD: "01234" # Change password accordingly
+  SQLMS_DATASOURCES_0_PASSWORD: "PASSWORD" # Change password accordingly
   LOGGING_LEVEL_ORG_SPRINGFRAMEWORK_BOOT: "DEBUG"

Kubernetes/Components/Ruuter/templates/configmap-tomcat-urls-env.yaml

@@ -5,9 +5,9 @@ metadata:
 data:
   constants.ini: |
     CHATBOT_RUUTER_PUBLIC=http://component-byk-ruuter:8080/backoffice
-    CHATBOT_RUUTER_PRIVATE=http://component-byk-ruuter-private:8080
+    CHATBOT_RUUTER_PRIVATE=http://component-byk-ruuter-private:8080 
     CHATBOT_RUUTER=http://component-byk-ruuter:8080
-    CHATBOT_RESQL=http://component-byk-resql:8082
+    CHATBOT_RESQL=http://component-byk-resql:8082/backoffice
     CHATBOT_DMAPPER=http://component-byk-dmapper:3000
     CHATBOT_TIM=http://component-byk-tim:8085
     CHATBOT_OPENSEARCH=http://component-opensearch-node:9200
@@ -25,5 +25,5 @@ data:
     SERVICE_DMAPPER=http://component-byk-dmapper:3000
     SERVICE_RUUTER=http://component-byk-ruuter-private:8080
     SERVICE_RESQL=http://component-byk-resql:8082
-    DOMAIN=test.buerokratt.ee
+    DOMAIN=stage.buerokratt.ee