GOV-285: New g2p-sandbox-security-fynarfin-SIT chart (#155)

danishjamal104 · web-flow · commit 2b0ef61ec75c · 2023-09-01T21:03:23.000+05:30
* Testing env variable in makefile for g2p-sandbox

* Updated circle ci pipeline

* Fixed run command on circle ci

* Fixed makefile for es

* Updated the kibana secret makefile to take ns form env

* Bug fixed while setting the ns env variable

* Added create-secret-security-namespace step in cricle ci

* Added new step upgrade-g2psandbox-security-helm-chart

* Added init db script for keycloak

* Updated ingress

* Fixed the variable override

* Override channle ssl property

* Override aws region for bp

* Channel and bulk ingress classname set to kong

* Added latest image tag

* Testing enable false

* Updated the security chart name

* Added step to host security-fynarfin-sit chart

* Fixed circel ci

* Disabled everything, enabled kong keycloak

* Only kong

* Migrations enabled

* Fixed the db bootstraping in kong

* Fullname override for keycloak

* Fullnameoveride removed, since moved to template

* Create ns if it doesnt exist

* Simplified the security chart

* Test

* Updated the readme file

* Renamed the ns

* namespace updated to ph-infra

* Bug fixed in ns creation in security chart

* Fixed the circle ci
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -25,6 +25,7 @@ jobs:
       - run: chmod 400 b64encoded.pem
       - run: scp -o StrictHostKeyChecking=No -i b64encoded.pem index.yaml ph-ee-g2psandbox-fynarfin-0.2.0.tgz ec2-user@13.233.68.128:~/
       - run: ssh -i b64encoded.pem -o StrictHostKeyChecking=No ec2-user@13.233.68.128 sudo mv -t /apps/apache-tomcat-7.0.82/webapps/ROOT/images/ph-ee-g2psandbox-fynarfin index.yaml ph-ee-g2psandbox-fynarfin-0.2.0.tgz
+  
   upgrade-g2psandbox-helm-chart:
     docker:
       - image: cimg/python:3.10
@@ -58,9 +59,9 @@ jobs:
 
       # kubectl delete secrets elastic-certificates elastic-certificate-pem elastic-certificate-crt|| true
 
-  create-secret:
+  create-secret-paymenthub-namespace:
     docker:
-      - image: cimg/base:2022.06 
+      - image: cimg/base:2022.06
     steps:
       - setup_remote_docker:
             version: 20.10.14
@@ -70,21 +71,74 @@ jobs:
           cluster-name: "sit"
           aws-region: "$REGION"
       - run: |
+          export ENV_NAMESPACE=paymenthub
           kubectl config use-context arn:aws:eks:$REGION:419830066942:cluster/sit
           kubectl config get-contexts
           cd helm/kibana-secret/
           make secrets || echo "kibana" already exists
+
       - run: |
+          export ENV_NAMESPACE=paymenthub
           kubectl config use-context arn:aws:eks:$REGION:419830066942:cluster/sit
           kubectl config get-contexts
           cd helm/es-secret/
           make secrets || echo "elastic-certificates" already exists
 
       - run: |
-          kubectl delete secret bulk-processor-secret -n paymenthub || echo "delete the secret if exist"
+          export ENV_NAMESPACE=paymenthub
+          kubectl delete secret bulk-processor-secret -n $ENV_NAMESPACE || echo "delete the secret if exist"
           kubectl create secret generic bulk-processor-secret \
           --from-literal=aws-access-key="$S3_ACCESS_KEY_ID" \
-          --from-literal=aws-secret-key="$S3_SECRET_ACCESS_KEY" -n paymenthub
+          --from-literal=aws-secret-key="$S3_SECRET_ACCESS_KEY" -n $ENV_NAMESPACE
+
+  host-g2-sandbox-security-fynarfin-chart:
+    docker:
+      - image: cimg/python:3.10
+    working_directory: ~/repo
+    environment:
+      TERM: dumb
+    steps:
+      - checkout
+      - run: rm -f helm/g2p-sandbox-security-fynarfin-SIT/Chart.lock helm/g2p-sandbox-security-fynarfin-SIT/requirements.lock helm/g2p-sandbox-security-fynarfin-SIT/charts/*
+      - helm/install-helm-client:
+          version: "v3.8.2"
+      - run: cat helm/g2p-sandbox-security-fynarfin-SIT/Chart.yaml
+      - run: helm dep up helm/g2p-sandbox-security-fynarfin-SIT
+      - run: helm package helm/g2p-sandbox-security-fynarfin-SIT
+      - run: helm repo index .
+      - run: echo "$CERT_FILE" | base64 --decode > b64encoded.pem
+      - run: chmod 400 b64encoded.pem
+      - run: ssh -i b64encoded.pem -o StrictHostKeyChecking=No ec2-user@13.233.68.128 sudo mkdir -p /apps/apache-tomcat-7.0.82/webapps/ROOT/images/ph-ee-g2psandbox-security-fynarfin
+      - run: scp -o StrictHostKeyChecking=No -i b64encoded.pem index.yaml ph-ee-g2psandbox-security-fynarfin-0.0.0.tgz ec2-user@13.233.68.128:~/
+      - run: ssh -i b64encoded.pem -o StrictHostKeyChecking=No ec2-user@13.233.68.128 sudo mv -t /apps/apache-tomcat-7.0.82/webapps/ROOT/images/ph-ee-g2psandbox-security-fynarfin index.yaml ph-ee-g2psandbox-security-fynarfin-0.0.0.tgz
+
+  upgrade-g2psandbox-security-helm-chart:
+    docker:
+      - image: cimg/python:3.10
+    parameters:
+      cluster-name:
+        description: "sit"
+        type: string        
+    steps:
+      - aws-eks/update-kubeconfig-with-authenticator:
+          cluster-name: "sit"
+          aws-region: "$REGION"
+      - helm/install-helm-client:
+          version: "v3.8.2"
+      - kubernetes/install-kubectl
+      - run: |
+          if ! kubectl get ns ph-infrastructure > /dev/null 2>&1; then
+              kubectl create namespace ph-infrastructure
+          fi
+      - run: helm ls --namespace=ph-infrastructure
+      - helm/upgrade-helm-chart:
+          chart: "https://fynarfin.io/images/ph-ee-g2psandbox-security-fynarfin/ph-ee-g2psandbox-security-fynarfin-0.0.0.tgz"
+          release-name: "g2p-sandbox-security"
+          namespace: ph-infrastructure
+          recreate-pods: true
+          add-repo: "https://fynarfin.io/images/ph-ee-g2psandbox-security"
+          wait: true
+          timeout: "300s"     
                                        
   deploying-bpmns:
     docker:
@@ -120,24 +174,40 @@ workflows:
             - AWS
             - Helm
             - slack
-
+      - host-g2-sandbox-security-fynarfin-chart:
+          requires:
+            - build
+          context:
+            - AWS
+            - Helm
+            - slack
       - upgrade-g2psandbox-helm-chart:
           cluster-name: sit
           requires:
             - build
+            - upgrade-g2psandbox-security-helm-chart
           context:
             - AWS
             - Helm
             - slack
-            - Secrets      
-      - create-secret:
+            - Secrets        
+      - create-secret-paymenthub-namespace:
           requires: 
             - upgrade-g2psandbox-helm-chart
           context: 
             - AWS
             - Helm
             - slack
             - Secrets  
+      - upgrade-g2psandbox-security-helm-chart:
+          cluster-name: sit
+          requires:
+            - host-g2-sandbox-security-fynarfin-chart
+          context:
+            - AWS
+            - Helm
+            - slack
+            - Secrets 
       - deploying-bpmns:
           requires:
             - upgrade-g2psandbox-helm-chart
@@ -147,15 +217,15 @@ workflows:
             - slack
       - test-chart-gov:
           requires:
-            - create-secret
+            - create-secret-paymenthub-namespace
             - deploying-bpmns
           context: 
             - AWS
             - Helm
             - slack
       - test-chart-ams:
           requires:
-            - create-secret
+            - create-secret-paymenthub-namespace
             - deploying-bpmns
           context:
             - AWS
diff --git a/.gitignore b/.gitignore
@@ -33,3 +33,4 @@ integration-tests/out/
 module/dummy/starter/out/
 chart.lock
 *.tgz
+charts/
diff --git a/helm/es-secret/Makefile b/helm/es-secret/Makefile
@@ -25,9 +25,9 @@ secrets:
 	docker rm -f elastic-helm-charts-certs && \
 	openssl pkcs12 -nodes -passin pass:'' -in elastic-certificates.p12 -out elastic-certificate.pem && \
 	openssl x509 -outform der -in elastic-certificate.pem -out elastic-certificate.crt && \
-	kubectl create namespace paymenthub || echo "namespace already exists"  && \
-	kubectl create secret generic elastic-certificates --namespace=paymenthub --from-file=elastic-certificates.p12 && \	
-	kubectl create secret generic elastic-certificate-pem --namespace=paymenthub --from-file=elastic-certificate.pem && \
-	kubectl create secret generic elastic-certificate-crt --namespace=paymenthub  --from-file=elastic-certificate.crt && \
-	kubectl create secret generic elastic-credentials --namespace=paymenthub --from-literal=password=$$password --from-literal=username=elastic && \
+	kubectl create namespace $(NAMESPACE) || echo "namespace already exists"  && \
+	kubectl create secret generic elastic-certificates --namespace=$(NAMESPACE) --from-file=elastic-certificates.p12 && \
+	kubectl create secret generic elastic-certificate-pem --namespace=$(NAMESPACE) --from-file=elastic-certificate.pem && \
+	kubectl create secret generic elastic-certificate-crt --namespace=$(NAMESPACE)  --from-file=elastic-certificate.crt && \
+	kubectl create secret generic elastic-credentials --namespace=$(NAMESPACE) --from-literal=password=$$password --from-literal=username=elastic && \
 	rm -f elastic-certificates.p12 elastic-certificate.pem elastic-certificate.crt elastic-stack-ca.p12	
diff --git a/helm/es-secret/examples.mk b/helm/es-secret/examples.mk
@@ -4,6 +4,7 @@ GOSS_FILE ?= goss.yaml
 GOSS_SELECTOR ?= release=$(RELEASE)
 STACK_VERSION := 7.17.3
 TIMEOUT := 900s
+NAMESPACE = $(ENV_NAMESPACE)
 
 .PHONY: help
 help: ## Display this help
diff --git a/helm/g2p-sandbox-security-fynarfin-SIT/Chart.yaml b/helm/g2p-sandbox-security-fynarfin-SIT/Chart.yaml
@@ -0,0 +1,11 @@
+apiVersion: v2
+name: ph-ee-g2psandbox-security-fynarfin
+description: PaymentHub EE Barebone Edition
+type: application
+version: 0.0.0
+appVersion: 1.0.0
+
+dependencies:
+- name: ph-ee-g2psandbox-security
+  repository: https://fynarfin.io/images/ph-ee-g2psandbox-security
+  version: 0.0.0
diff --git a/helm/g2p-sandbox-security-fynarfin-SIT/README.md b/helm/g2p-sandbox-security-fynarfin-SIT/README.md
@@ -0,0 +1,2 @@
+Helm Upgrade command ---->
+hehelm upgrade -f helm/g2p-sandbox-security/values.yaml g2p-sandbox-security helm/g2p-sandbox-security --install --create-namespace --namespace security
diff --git a/helm/g2p-sandbox-security-fynarfin-SIT/values.yaml b/helm/g2p-sandbox-security-fynarfin-SIT/values.yaml
@@ -0,0 +1,25 @@
+ph-ee-g2psandbox-security:
+  ph-ee-engine:
+
+    keycloak:
+      enabled: true
+      ingress:
+        enabled: true 
+        ingressClassName: "kong"
+        rules:
+          - host: 'keycloak.sandbox.fynarfin.io'
+            paths:
+            - path: /
+              pathType: Prefix
+
+    kong:
+      enabled: true
+      env:
+        database: "postgres"
+      admin:
+        ingress:
+          enabled: true
+          hostname: 'kong-admin.sandbox.fynarfin.io'
+
+    wildcardhostname: "*.sandbox.fynarfin.io"
+    tls: ""
diff --git a/helm/kibana-secret/examples.mk b/helm/kibana-secret/examples.mk
@@ -4,6 +4,7 @@ GOSS_FILE ?= goss.yaml
 GOSS_SELECTOR ?= release=$(RELEASE)
 STACK_VERSION := 7.16.3
 TIMEOUT := 900s
+NAMESPACE = $(ENV_NAMESPACE)
 
 .PHONY: help
 help: ## Display this help
diff --git a/helm/kibana-secret/makefile b/helm/kibana-secret/makefile
@@ -13,5 +13,5 @@ purge:
 
 secrets:
 	encryptionkey=$$(docker run --rm busybox:1.31.1 /bin/sh -c "< /dev/urandom tr -dc _A-Za-z0-9 | head -c50") && \
-  kubectl create namespace paymenthub || echo "namespace already exists"  && \
-	kubectl create secret generic kibana --namespace=paymenthub --from-literal=encryptionkey=$$encryptionkey
+  kubectl create namespace $(NAMESPACE) || echo "namespace already exists"  && \
+	kubectl create secret generic kibana --namespace=$(NAMESPACE) --from-literal=encryptionkey=$$encryptionkey

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+Helm Upgrade command ---->`
	`2`	`+hehelm upgrade -f helm/g2p-sandbox-security/values.yaml g2p-sandbox-security helm/g2p-sandbox-security --install --create-namespace --namespace security`