adding helm and pipe

pagopa · Oct 25, 2023 · 3b25e50 · 3b25e50
1 parent 793e967
commit 3b25e50
Show file tree

Hide file tree

Showing 15 changed files with 813 additions and 0 deletions.
diff --git a/.github/workflows/build-deploy.yml b/.github/workflows/build-deploy.yml
@@ -0,0 +1,75 @@
+name: Manual build and deploy
+
+on:
+  workflow_dispatch:
+    inputs:
+      env:
+        description: 'Which environment to update.'
+        type: choice
+        required: true
+        default: dev
+        options:
+        - dev
+        - uat
+        - prod
+
+defaults:
+  run:
+    shell: bash
+
+permissions:
+  id-token: write   # This is required for requesting the JWT
+  contents: read    # This is required for actions/checkout
+
+jobs:
+  manual-build:
+    if: github.event_name == 'workflow_dispatch'
+    strategy:
+      matrix:
+        environment: ["${{ inputs.env }}"]
+
+    name: "manual-build"
+    runs-on: ubuntu-latest
+    environment: ${{ matrix.environment }}
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@67fbcbb121271f7775d2e7715933280b06314838
+        with:
+          role-to-assume: ${{ secrets.IAM_ROLE }}
+          aws-region: ${{ vars.AWS_REGION }}
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v2
+
+      - name: Build, tag, and push docker image to Amazon ECR
+        env:
+          REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+          REPOSITORY: ${{ vars.DOCKER_IMAGE_NAME}}
+          IMAGE_TAG: ${{ github.sha }}
+        run: |
+          docker build -t $REGISTRY/$REPOSITORY:$IMAGE_TAG .
+          docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG
+
+      - name: Update Kubernetes Config
+        run: |
+          aws eks --region ${{ vars.AWS_REGION }} update-kubeconfig --name pagopa-dev-atm-layer-eks
+
+      - name: Install Helm
+        run: |
+          curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
+          chmod 700 get_helm.sh
+          ./get_helm.sh
+          
+      - name: Upgrade Helm Chart
+        run: |
+          helm upgrade --install ${{ vars.DOCKER_IMAGE_NAME }} helm-chart/ \
+          --namespace pagopa \
+          -f helm-chart/environments/values-${{ inputs.env }}.yaml \
+          --set image.tag=${{ github.sha }} \
+          --set image.repository=${{ steps.login-ecr.outputs.registry }}/${{ vars.DOCKER_IMAGE_NAME }} \
+          --set serviceAccount.annotations."eks\.amazonaws\.com/role-arn"=${{ secrets.SERVICEACCOUNT_IAM_ROLE }}
diff --git a/.github/workflows/build-feature.yml b/.github/workflows/build-feature.yml
@@ -0,0 +1,45 @@
+name: Build everytime push or merge
+
+on:
+  push:
+    branches:
+      - '**'        # matches every branch
+
+defaults:
+  run:
+    shell: bash
+
+permissions:
+  id-token: write   # This is required for requesting the JWT
+  contents: read    # This is required for actions/checkout
+
+jobs:
+  build:
+    strategy:
+      matrix:
+        environment: [dev]
+    name: "build"
+    runs-on: ubuntu-latest
+    environment: ${{ matrix.environment }}
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@67fbcbb121271f7775d2e7715933280b06314838
+        with:
+          role-to-assume: ${{ secrets.IAM_ROLE }}
+          aws-region: ${{ vars.AWS_REGION }}
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v2
+
+      - name: Build, tag, and push docker image to Amazon ECR
+        env:
+          REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+          REPOSITORY: ${{ vars.DOCKER_IMAGE_NAME}}
+          IMAGE_TAG: ${{ github.sha }}
+        run: |
+          docker build -t $REGISTRY/$REPOSITORY:$IMAGE_TAG .
diff --git a/helm-chart/Chart.yaml b/helm-chart/Chart.yaml
@@ -0,0 +1,25 @@
+apiVersion: v2
+name: chart-1
+description: |
+  Helm Chart for Model ATM Layer
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"
diff --git a/helm-chart/environments/values-dev.yaml b/helm-chart/environments/values-dev.yaml
@@ -0,0 +1,140 @@
+# Default values for chart-1.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 2
+
+image:
+  repository: 00000000000.dkr.ecr.eu-south-1.amazonaws.com/xxxxxxx
+  pullPolicy: Always
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: latest
+
+namespace: pagopa
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+milAdapter:
+  disableBackoffStrategy: true
+  lockDuration: 20000
+  asyncResponseTimeout: 20000
+  milBasePath: https://mil-d-apim.azure-api.net
+  enableInterceptorLogging: true
+  logEngineInputVariables: true
+  restReadTimeout: 20000
+  restConnectionTmieout: 20000
+  milAuthRelativePath: /mil-auth/token
+  milAuthClientCredentials: client_credentials
+  tokenCacheName: token-cache
+  tokenCacheMaxEntries: 100
+
+milAuth:
+  credentialsSecretName: "pagopa-dev-atm-layer-model-mil-auth"
+  credentialsSecretKeys:
+    clientId: CLIENT_ID
+    clientSecret: CLIENT_SECRET
+
+camundaWebUser:
+  address: http://pagopa-dev-atm-layer-wf-engine.pagopa.svc.cluster.local:8080
+  credentialsSecretName: "pagopa-dev-atm-layer-model-camunda"
+  credentialsSecretKeys:
+    username: WEB_USER
+    password: WEB_PASSWORD
+
+database:
+  driver: org.postgresql.Driver
+  url: jdbc:postgresql://pagopa-dev-atm-layer-rds.cluster-cyezwzpjc2tj.eu-south-1.rds.amazonaws.com:5431
+  db_name: pagopadb
+  schema: atm_layer_engine
+  credentialsSecretName: "pagopa-dev-atm-layer-model-database"
+  credentialsSecretKeys:
+    username: DB_USERNAME
+    password: DB_PASSWORD
+
+secretProviderClass:
+  name: atm-layer-model-secrets
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations:
+    eks.amazonaws.com/role-arn: arn:aws:iam::00000000000:role/pagopa-dev-atm-layer-xxxxxx-serviceaccount-role
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: pagopa-dev-atm-layer-model
+
+podAnnotations: {}
+
+podSecurityContext: {}
+  # fsGroup: 2000
+
+securityContext: {}
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
+
+deployment:
+  name: pagopa-dev-atm-layer-model
+  annotations:
+    reloader.stakater.com/auto: "true"
+    secret.reloader.stakater.com/reload: pagopa-dev-atm-layer-mil-adapter-database, pagopa-dev-atm-layer-mil-adapter-camunda, pagopa-dev-atm-layer-mil-adapter-mil-auth
+
+service:
+  name: pagopa-dev-atm-layer-model
+  type: NodePort
+  port: 8080
+
+ingress:
+  enabled: false
+  name: pagopa-dev-atm-layer-model
+  className: ""
+  annotations: 
+    kubernetes.io/ingress.class: "alb"
+    alb.ingress.kubernetes.io/scheme: "internal"
+    alb.ingress.kubernetes.io/group.name: "alb-controller"
+    alb.ingress.kubernetes.io/load-balancer-name: "pagopa-dev-atm-layer-alb-int"
+    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTP": 8080}]'
+  hosts:
+    - host:
+      paths:
+        - path: /mil/
+          pathType: Prefix
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 100
+  targetCPUUtilizationPercentage: 80
+  # targetMemoryUtilizationPercentage: 80
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+Release:
+  Time:
+    Seconds: 60
diff --git a/helm-chart/environments/values-prod.yaml b/helm-chart/environments/values-prod.yaml
@@ -0,0 +1,91 @@
+# Default values for chart-1.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 2
+
+image:
+  repository: 00000000000.dkr.ecr.eu-south-1.amazonaws.com/xxxxxxx
+  pullPolicy: Always
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: prod
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: xxxxxx
+  namespace: pagopa
+
+podAnnotations: {}
+
+podSecurityContext: {}
+  # fsGroup: 2000
+
+securityContext: {}
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
+
+service:
+  type: NodePort
+  port: 8080
+
+ingress:
+  enabled: false
+  className: ""
+  annotations: 
+    kubernetes.io/ingress.class: "alb"
+    alb.ingress.kubernetes.io/scheme: "internal"
+    alb.ingress.kubernetes.io/group.name: "alb-controller"
+    alb.ingress.kubernetes.io/load-balancer-name: "pagopa-dev-atm-layer-alb-int"
+    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTP": 8080}]'
+  hosts:
+    - host: chart-example.local
+      paths:
+        - path: /microservice5/
+          pathType: Prefix
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 100
+  targetCPUUtilizationPercentage: 80
+  # targetMemoryUtilizationPercentage: 80
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+
+Release:
+  Time:
+    Seconds: 60