From bdc9c28823ec0994a4337604695c9fc1fc714c15 Mon Sep 17 00:00:00 2001 From: Paul Solecki Date: Wed, 16 Feb 2022 08:07:45 +0000 Subject: [PATCH] Add dev, add ingress rules for stage/prod --- deploy/development/deployment.yaml | 109 ++++++++++++++++++++++++ deploy/development/ingress.yaml | 21 +++++ deploy/development/network-policy.yaml | 16 ++++ deploy/development/service-monitor.yaml | 15 ++++ deploy/development/service.yaml | 17 ++++ deploy/production/ingress.yaml | 2 + deploy/staging/ingress.yaml | 2 + 7 files changed, 182 insertions(+) create mode 100644 deploy/development/deployment.yaml create mode 100644 deploy/development/ingress.yaml create mode 100644 deploy/development/network-policy.yaml create mode 100644 deploy/development/service-monitor.yaml create mode 100644 deploy/development/service.yaml diff --git a/deploy/development/deployment.yaml b/deploy/development/deployment.yaml new file mode 100644 index 000000000..fb9bfa937 --- /dev/null +++ b/deploy/development/deployment.yaml @@ -0,0 +1,109 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: prison-visits-public + labels: + app: prison-visits-public + annotations: + kubernetes.io/change-cause: "" +spec: + replicas: 4 + revisionHistoryLimit: 1 + minReadySeconds: 10 + strategy: + rollingUpdate: + maxSurge: 100% + maxUnavailable: 50% + type: RollingUpdate + selector: + matchLabels: + app: prison-visits-public + template: + metadata: + labels: + app: prison-visits-public + spec: + containers: + - name: prison-visits-public + image: 754256621582.dkr.ecr.eu-west-2.amazonaws.com/prison-visits-booking/prison-visits-public:latest + imagePullPolicy: Always + command: ['sh', '-c', "bundle exec puma -p 3000 -C ./config/puma_prod.rb --pidfile /tmp/server.pid"] + ports: + - containerPort: 3000 + livenessProbe: + httpGet: + path: /ping + port: 3000 + initialDelaySeconds: 10 + periodSeconds: 60 + readinessProbe: + httpGet: + path: /ping + port: 3000 + initialDelaySeconds: 10 + periodSeconds: 60 + resources: + limits: + memory: "500Mi" + cpu: "50m" + requests: + memory: "125Mi" + cpu: "15m" + env: + - name: SECRET_KEY_BASE + valueFrom: + secretKeyRef: + name: prison-visits-public-secrets + key: secret_key_base + - name: RAILS_ENV + value: "production" + - name: RAILS_SERVE_STATIC_FILES + value: "true" + - name: KUBERNETES_DEPLOYMENT + value: "true" + - name: PRISON_VISITS_API + value: "https://prison-visits-booking-staff-dev.apps.live-1.cloud-platform.service.justice.gov.uk/" + - name: EMAIL_DOMAIN + value: "email-dev.pvb.dsd.io" + - name: STAFF_SERVICE_URL + value: "https://prison-visits-booking-staff-dev.apps.live-1.cloud-platform.service.justice.gov.uk" + - name: SERVICE_URL + value: "https://prison-visits-public-dev.apps.live-1.cloud-platform.service.justice.gov.uk" + - name: SENTRY_DSN + valueFrom: + secretKeyRef: + name: prison-visits-public-secrets + key: sentry_dsn + - name: SENTRY_JS_DSN + valueFrom: + secretKeyRef: + name: prison-visits-public-secrets + key: sentry_js_dsn + - name: GA_TRACKING_ID + valueFrom: + secretKeyRef: + name: prison-visits-public-secrets + key: ga_tracking_id + - name: WEB_CONCURRENCY + valueFrom: + secretKeyRef: + name: prison-visits-public-secrets + key: rails_web_concurrency + - name: prison-visits-public-metrics + image: 754256621582.dkr.ecr.eu-west-2.amazonaws.com/prison-visits-booking/prison-visits-public:latest + imagePullPolicy: Always + command: ['sh', '-c', "bundle exec prometheus_exporter"] + ports: + - containerPort: 9394 + livenessProbe: + httpGet: + path: /metrics + port: 9394 + initialDelaySeconds: 10 + periodSeconds: 60 + readinessProbe: + httpGet: + path: /metrics + port: 9394 + initialDelaySeconds: 10 + periodSeconds: 60 diff --git a/deploy/development/ingress.yaml b/deploy/development/ingress.yaml new file mode 100644 index 000000000..02e88b037 --- /dev/null +++ b/deploy/development/ingress.yaml @@ -0,0 +1,21 @@ +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: prison-visits-public + namespace: prison-visits-booking-dev + annotations: + external-dns.alpha.kubernetes.io/set-identifier: prison-visits-public-prison-visits-booking-dev-green + external-dns.alpha.kubernetes.io/aws-weight: "100" + kubernetes.io/ingress.class: "nginx" +spec: + tls: + - hosts: + - prison-visits-public-dev.apps.live-1.cloud-platform.service.justice.gov.uk + rules: + - host: prison-visits-public-dev.apps.live-1.cloud-platform.service.justice.gov.uk + http: + paths: + - path: / + backend: + serviceName: prison-visits-public + servicePort: 3000 diff --git a/deploy/development/network-policy.yaml b/deploy/development/network-policy.yaml new file mode 100644 index 000000000..ae35d9bd3 --- /dev/null +++ b/deploy/development/network-policy.yaml @@ -0,0 +1,16 @@ +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: allow-prometheus-scraping-pvb-public + namespace: prison-visits-booking-dev +spec: + podSelector: + matchLabels: + app: prison-visits-public + policyTypes: + - Ingress + ingress: + - from: + - namespaceSelector: + matchLabels: + component: monitoring diff --git a/deploy/development/service-monitor.yaml b/deploy/development/service-monitor.yaml new file mode 100644 index 000000000..86bd68c0f --- /dev/null +++ b/deploy/development/service-monitor.yaml @@ -0,0 +1,15 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: prison-visits-public + namespace: prison-visits-booking-dev +spec: + selector: + matchLabels: + app: prison-visits-public + namespaceSelector: + matchNames: + - prison-visits-booking-dev + endpoints: + - port: metrics + interval: 15s diff --git a/deploy/development/service.yaml b/deploy/development/service.yaml new file mode 100644 index 000000000..abbf4b115 --- /dev/null +++ b/deploy/development/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: prison-visits-public + namespace: prison-visits-booking-dev + labels: + app: prison-visits-public +spec: + ports: + - port: 3000 + name: http + targetPort: 3000 + - port: 9394 + name: metrics + targetPort: 9394 + selector: + app: prison-visits-public diff --git a/deploy/production/ingress.yaml b/deploy/production/ingress.yaml index f0d7a58b5..73d1eac9b 100644 --- a/deploy/production/ingress.yaml +++ b/deploy/production/ingress.yaml @@ -6,6 +6,8 @@ metadata: annotations: kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/temporal-redirect: https://www.gov.uk/prison-visits + external-dns.alpha.kubernetes.io/set-identifier: prison-visits-public-prison-visits-booking-production-blue + external-dns.alpha.kubernetes.io/aws-weight: "100" spec: tls: - hosts: diff --git a/deploy/staging/ingress.yaml b/deploy/staging/ingress.yaml index c8c70be95..88a1a983d 100644 --- a/deploy/staging/ingress.yaml +++ b/deploy/staging/ingress.yaml @@ -4,6 +4,8 @@ metadata: name: prison-visits-public namespace: prison-visits-booking-staging annotations: + external-dns.alpha.kubernetes.io/set-identifier: prison-visits-public-prison-visits-booking-staging-blue + external-dns.alpha.kubernetes.io/aws-weight: "100" kubernetes.io/ingress.class: "nginx" spec: tls: