Merge pull request #600 from ostelco/develop

First attempt to deploy on new prod
ostelco · May 8, 2019 · 2003f13 · 2003f13
2 parents 4814e87 + b1fc032
commit 2003f13
Show file tree

Hide file tree

Showing 752 changed files with 59,200 additions and 12,730 deletions.
diff --git a/.circleci/README.md b/.circleci/README.md
@@ -31,7 +31,7 @@ This phase contains the following jobs:
 | GOOGLE_DEV_ENDPOINTS_CREDENTIALS  |               |            |
 | GOOGLE_GCR_CREDENTIALS            |               |            |
 | GOOGLE_PROD_ENDPOINTS_CREDENTIALS |               |            |
-| PANTEL_SECRETS_FILE               |               |            |
+| GCP_SERVICE_ACCOUNT_SECRETS_FILE  |               |            |
 | PI_DEV_CLUSTER_CREDENTIALS        |               |            |
 | PI_PROD_CLUSTER_CREDENTIALS       |               |            |
 | PROD_PROJECT                      |               |            |

diff --git a/.circleci/config.yml b/.circleci/config.yml
diff --git a/.circleci/prime-dev-values.yaml b/.circleci/prime-dev-values.yaml
@@ -2,44 +2,159 @@
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 
-replicaCount: 1
-firebaseServiceAccount: ""
-
+replicaCount: 2
+
+dnsPrefix: ""
+dnsSuffix: ".dev.oya.world"
+
+podAutoscaling:
+  enabled: true
+  minReplicas: 1
+  maxReplicas: 5
+  targetCPUUtilizationPercentage: 70
+
+cronjobs: 
+  extractor: 
+    enabled: true
+    image: eu.gcr.io/pi-ostelco-dev/bq-metrics-extractor
+    tag: "1.3.212.1.0-2d41d62b-dev"  
+    dataset_project: pi-ostelco-dev
+  shredder:
+    enabled: true
+    image: eu.gcr.io/pi-ostelco-dev/scaninfo-shredder
+    tag: "1.0.0-6052932a-dev"
+    dataset_project: pi-ostelco-dev
+    dev: true
 
 prime:
   image: eu.gcr.io/pi-ostelco-dev/prime
-  tag: 2f47ab570
+  tag: 9ca9ca976
   pullPolicy: Always
-  env: 
-    FIREBASE_ROOT_PATH: dev_new
+  configDataBucket: "gs://pi-ostelco-dev-prime-files/dev"
+
+  env:
+    FIREBASE_ROOT_PATH: dev
     NEO4J_HOST: neo4j-neo4j.neo4j.svc.cluster.local
-    STRIPE_API_KEY: ""
-    DATA_TRAFFIC_TOPIC: "data-traffic"
-    PURCHASE_INFO_TOPIC: "purchase-info"
-    ACTIVE_USERS_TOPIC: "active-users"
+    SLACK_CHANNEL: prime-alerts
+    DATASTORE_NAMESPACE: dev
+    DATA_TRAFFIC_TOPIC: data-traffic
+    PURCHASE_INFO_TOPIC: purchase-info
+    ACTIVE_USERS_TOPIC: active-users
+    STRIPE_EVENT_TOPIC: stripe-event
+    STRIPE_EVENT_STORE_SUBSCRIPTION: stripe-event-store-sub
+    STRIPE_EVENT_REPORT_SUBSCRIPTION: stripe-event-report-sub
+    GCP_PROJECT_ID: pi-ostelco-dev
+    ACTIVATE_TOPIC_ID: ocs-activate
+    CCR_SUBSCRIPTION_ID: ocs-ccr-sub
+    GOOGLE_APPLICATION_CREDENTIALS: /secret/prime-service-account.json
+    MY_INFO_API_URI: https://myinfosgstg.api.gov.sg/test/v2
+    MY_INFO_API_REALM: dev
+    MY_INFO_REDIRECT_URI: https://dl-dev.oya.world/links/myinfo
+
+  secretVolumes:
+    - secretName: "prime-sa-key"
+      containerMountPath: "/secret"
+    - secretName: "simmgr-test-secrets"
+      containerMountPath: "/certs"
+      secretKey: idemiaClientCert
+      secretPath: idemia-client-cert.jks
+    - secretName: "scaninfo-keysets"
+      containerMountPath: "/scaninfo-keysets"
+
+  envFromSecret:
+    - name: SLACK_WEBHOOK_URI
+      secretName: slack-secrets
+      secretKey: slackWebHookUri
+    - name: STRIPE_API_KEY
+      secretName: stripe-secrets
+      secretKey: stripeApiKey
+    - name: STRIPE_ENDPOINT_SECRET
+      secretName: stripe-secrets
+      secretKey: stripeEndpointSecret
+    - name: SCANINFO_STORAGE_BUCKET
+      secretName: scaninfo-secrets
+      secretKey:  bucketName
+    - name: SCANINFO_MASTERKEY_URI
+      secretName: scaninfo-keys
+      secretKey: masterKeyUri
+    - name: JUMIO_API_TOKEN
+      secretName: jumio-secrets
+      secretKey: apiToken
+    - name: JUMIO_API_SECRET
+      secretName: jumio-secrets
+      secretKey: apiSecret
+    - name: MY_INFO_API_CLIENT_ID
+      secretName: myinfo-secrets
+      secretKey: apiClientId
+    - name: MY_INFO_API_CLIENT_SECRET
+      secretName: myinfo-secrets
+      secretKey: apiClientSecret
+    - name: MY_INFO_SERVER_PUBLIC_KEY
+      secretName: myinfo-secrets
+      secretKey: serverPublicKey
+    - name: MY_INFO_CLIENT_PRIVATE_KEY
+      secretName: myinfo-secrets
+      secretKey: clientPrivateKey
+    - name: DB_USER
+      secretName: simmgr-test-secrets
+      secretKey: dbUser
+    - name: DB_PASSWORD
+      secretName: simmgr-test-secrets
+      secretKey: dbPassword
+    - name: DB_URL
+      secretName: simmgr-test-secrets
+      secretKey: dbUrl
+    - name: WG2_USER
+      secretName: simmgr-test-secrets
+      secretKey: wg2User
+    - name: WG2_API_KEY
+      secretName: simmgr-test-secrets
+      secretKey: wg2ApiKey
+    - name: WG2_ENDPOINT
+      secretName: simmgr-test-secrets
+      secretKey: wg2Endpoint
+    - name: ES2PLUS_ENDPOINT
+      secretName: simmgr-test-secrets
+      secretKey: es2plusEndpoint
+    - name: ES9PLUS_ENDPOINT
+      secretName: simmgr-test-secrets
+      secretKey: es9plusEndpoint
+    - name: FUNCTION_REQUESTER_IDENTIFIER
+      secretName: simmgr-test-secrets
+      secretKey: functionRequesterIdentifier
+    - name: MANDRILL_API_KEY
+      secretName: mandrill-secrets
+      secretKey: mandrillApiKey
+
   ports:
     - 8080
     - 8081
     - 8082 
     - 8083 
   resources: 
-    limits:
-      cpu: 200m
-      memory: 350Mi
     requests:
       cpu: 100m
-      memory: 200Mi  
+      memory: 300Mi  
   livenessProbe: {}
-    # path: /
-    # port: 8081
   readinessProbe: {}
-    # path: /
-    # port: 8081  
   annotations: 
     prometheus.io/scrape: 'true'
     prometheus.io/path: '/prometheus-metrics'
     prometheus.io/port: '8081'  
 
+
+canary: {}
+  # weight: 25
+  # headers: # only route requests with these headers to the canary service
+  #   x-mode: canary
+  # tag: e449ed672
+
+cloudsqlProxy:
+  enabled: true
+  instanceConnectionName: "pi-ostelco-dev:europe-west1:sim-manager"
+  secretName: "prime-sa-key"
+  secretKey: "prime-service-account.json"
+
 esp:
   image: gcr.io/endpoints-release/endpoints-runtime
   tag: 1
@@ -48,74 +163,115 @@ esp:
 ocsEsp: 
   enabled: true
   env: {}
-  endpointAddress: ocs.new.dev.ostelco.org
+  endpointAddress: ocs.dev.oya.world
   ports:
-    - 9000
-    - 8443
-
+    http2_port: 9000
+    ssl_port: 8443
+  secretVolumes:
+    - secretName: dev-oya-tls
+      containerMountPath: /etc/nginx/ssl
+      type: ssl
 
 apiEsp: 
   enabled: true
   env: {}
-  endpointAddress: api.new.dev.ostelco.org
+  endpointAddress: api.dev.oya.world
   ports:
-    - 9002
-    - 443  
+    http2_port: 9002
 
 metricsEsp:
   enabled: true
   env: {}
-  endpointAddress: metrics.new.dev.ostelco.org
+  endpointAddress: metrics.dev.oya.world
+  ports:
+    http2_port: 9004
+    ssl_port: 9443
+  secretVolumes:
+    - secretName: dev-oya-tls
+      containerMountPath: /etc/nginx/ssl
+      type: ssl
+
+alvinApiEsp:
+  enabled: true
+  env: {}
+  endpointAddress: alvin-api.dev.oya.world
   ports:
-    - 9004
-    - 9443
-
+    http_port: 9008
+
+houstonApiEsp:
+  enabled: true
+  env: {}
+  endpointAddress: houston-api.dev.oya.world
+  ports:
+    http_port: 9006
 
 services:
-  prime:
-    name: prime-service
+  ocs:
+    name: ocs
     type: LoadBalancer
     port: 443
     targetPort: 8443
-    portName: grpc 
-   # loadBalancerIP: x.y.z.n
+    portName: grpc
+    # host: ocs # the host name is formulated from concatenating: dnsPrefix, this host, and dnsSuffix
+    # grpcOrHttp2: true
   api:
-    name: prime-api
+    name: api
+    type: ClusterIP
+    port: 80
+    targetPort: 9002
+    portName: http
+    host: api # the host name is formulated from concatenating: dnsPrefix, this host, and dnsSuffix
+    grpcOrHttp2: true
+    ambassadorMappingOptions:
+      timeout_ms: 600000
+  metrics:
+    name: metrics
     type: LoadBalancer
     port: 443
-    targetPort: 443
-    portName: https
-    # loadBalancerIP: x.y.z.n
-  metrics: 
-    name: prime-metrics
-    type: LoadBalancer
-    port: 443
-    targetPort: 9443  
+    targetPort: 9443
     portName: grpc
     # loadBalancerIP: x.y.z.n
-
-ingress:
-  enabled: false
-  annotations: {}
-    # kubernetes.io/ingress.class: nginx
-  path: /
-  hosts:
-    - prime.local
-  tls: []
-  #  - secretName: chart-example-tls
-  #    hosts:
-  #      - chart-example.local
+    # host: metrics # the host name is formulated from concatenating: dnsPrefix, this host, and dnsSuffix
+    # grpcOrHttp2: true
+  prime-houston-api:
+    name: houston-api
+    type: ClusterIP
+    port: 80
+    targetPort: 9006
+    portName: http
+    host: houston-api # the host name is formulated from concatenating: dnsPrefix, this host, and dnsSuffix
+  prime-alvin-api:
+    name: alvin-api
+    type: ClusterIP
+    port: 80
+    targetPort: 9008
+    portName: http
+    host: alvin-api # the host name is formulated from concatenating: dnsPrefix, this host, and dnsSuffix
+    ambassadorMappingOptions:
+      timeout_ms: 600000
+  dwadmin-service:
+    name: dwadmin-service
+    type: ClusterIP
+    port: 8081
+    targetPort: 8081
+    portName: http
+  smdpplus:
+    name: smdpplus
+    type: ClusterIP
+    port: 80
+    targetPort: 8080
+    portName: http
+    host: smdpplus
+    clientCert: true
+    caCert: smdp-cacert.dev # secretname.namespace
 
 certs: 
   enabled: true
   dnsProvider: dev-clouddns
-  issuer: letsencrypt-production # or letsencrypt-staging
-  apiDns: 
-    - api.new.dev.ostelco.org
-  ocsDns: 
-    - ocs.new.dev.ostelco.org
-  metricsDns: 
-    - metrics.new.dev.ostelco.org
+  issuer: letsencrypt-production 
+  tlsSecretName: dev-oya-tls
+  hosts:
+    - '*.dev.oya.world'
 
 disruptionBudget: 
   enabled: false