{"type":"doc","content":[{"type":"layoutSection","content":[{"type":"layoutColumn","attrs":{"width":33.33},"content":[{"type":"panel","attrs":{"panelIconId":"atlassian-note","panelIcon":":note:","panelColor":"#F4F5F7","panelType":"custom"},"content":[{"type":"paragraph","content":[{"text":"Table of Content","type":"text"}]}]},{"type":"table","attrs":{"layout":"default","localId":"d4688fa8-f96b-4e56-a9e1-0c9c99c5213d"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[353.0]},"content":[{"type":"extension","attrs":{"layout":"default","extensionType":"com.atlassian.confluence.macro.core","extensionKey":"toc","parameters":{"macroParams":{"minLevel":{"value":"1"},"maxLevel":{"value":"7"},"style":{"value":"circle"}},"macroMetadata":{"macroId":{"value":"9e583df23e02d4b0011d9c258787a1ca"},"schemaVersion":{"value":"1"},"title":"Table of Contents"}},"localId":"7ef38439-dd36-451a-9696-6c2a0103a796"}}]}]}]},{"type":"paragraph"}]},{"type":"layoutColumn","attrs":{"width":66.66},"content":[{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"We assume you are logged into OpenShift and are in the repo/openshift local directory. We will run the scripts from there.","type":"text"}]}]},{"type":"paragraph","content":[{"type":"inlineExtension","attrs":{"extensionType":"com.atlassian.confluence.macro.core","extensionKey":"anchor","parameters":{"macroParams":{"":{"value":"top-of-the-page"}},"macroMetadata":{"macroId":{"value":"9e295bf7ac6fc537ab5f609a8d7c2d44"},"schemaVersion":{"value":"1"},"title":"Anchor"}},"localId":"e42489cb-b522-4c21-9cb3-2656e057e006"}}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Add Default Kubernetes Network Policies","type":"text","marks":[{"type":"strong"}]}]},{"type":"paragraph","content":[{"text":"Before deploying, ensure that you have the Network Policies ","type":"text"},{"text":"deny-by-default","type":"text","marks":[{"type":"code"}]},{"text":" and ","type":"text"},{"text":"allow-from-openshift-ingress","type":"text","marks":[{"type":"code"}]},{"text":" by running the following:","type":"text"}]},{"type":"codeBlock","content":[{"text":"export NAMESPACE=\noc process -n $NAMESPACE -f https://raw.githubusercontent.com/wiki/bcgov/nr-get-token/assets/templates/default.np.yaml | oc apply -n $NAMESPACE -f -","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Environment Setup - ConfigMaps and Secrets ","type":"text","marks":[{"type":"strong"}]},{"text":"(Top of the page)","type":"text","marks":[{"type":"textColor","attrs":{"color":"#4c9aff"}},{"type":"link","attrs":{"href":"#top-of-the-page"}}]}]},{"type":"paragraph","content":[{"text":"There are some requirements in the target Openshift namespace/project which are ","type":"text"},{"text":"outside","type":"text","marks":[{"type":"strong"}]},{"text":" of the CI/CD pipeline process. This application requires that a few Secrets as well as Config Maps are already present in the environment before it is able to function as intended. Otherwise the Jenkins pipeline will fail the deployment by design.","type":"text"}]},{"type":"paragraph","content":[{"text":"In order to prepare an environment, you will need to ensure that all of the following configmaps and secrets are populated. This is achieved by executing the following commands as a project administrator of the targeted environment. Note that this must be repeated on ","type":"text"},{"text":"each","type":"text","marks":[{"type":"em"}]},{"text":" of the target deployment namespace/projects (i.e. ","type":"text"},{"text":"dev","type":"text","marks":[{"type":"code"}]},{"text":", ","type":"text"},{"text":"test","type":"text","marks":[{"type":"code"}]},{"text":" and ","type":"text"},{"text":"prod","type":"text","marks":[{"type":"code"}]},{"text":") as that they are independent of each other. Deployments will fail otherwise. Refer to ","type":"text"},{"text":"custom-environment-variables","type":"text","marks":[{"type":"link","attrs":{"href":"https://github.com/bcgov/common-hosted-form-service/blob/master/app/config/custom-environment-variables.json"}}]},{"text":" for the direct mapping of environment variables to the app.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Config Maps","type":"text"}]},{"type":"paragraph","content":[{"text":"Note:","type":"text","marks":[{"type":"em"}]},{"text":" Replace anything in angle brackets with the appropriate value!","type":"text"}]},{"type":"paragraph","content":[{"text":"Note 2:","type":"text","marks":[{"type":"em"}]},{"text":" The Keycloak Public Key can be found in the Keycloak Admin Panel under Realm Settings > Keys. Look for the Public key button (normally under RS256 row), and click to see the key. The key should begin with a pattern of ","type":"text"},{"text":"MIIBIjANB...","type":"text","marks":[{"type":"code"}]},{"text":".","type":"text"}]},{"type":"codeBlock","content":[{"text":"export NAMESPACE=\nexport APP_NAME=\nexport PUBLIC_KEY=\nexport REPO_NAME=common-hosted-form-service\n# parameters for Fluent-bit container\nexport FLUENTD=\nexport AWS_DEFAULT_REGION=\nexport AWS_KINESIS_STREAM=\nexport AWS_ROLE_ARN=\n\noc create -n $NAMESPACE configmap $APP_NAME-frontend-config \\\n --from-literal=FRONTEND_APIPATH=api/v1 \\\n --from-literal=FRONTEND_BASEPATH=/app \\\n --from-literal=FRONTEND_ENV=dev \\\n --from-literal=FRONTEND_KC_REALM=cp1qly2d \\\n --from-literal=FRONTEND_KC_SERVERURL=https://dev.oidc.gov.bc.ca/auth\noc create -n $NAMESPACE configmap $APP_NAME-sc-config \\\n --from-literal=SC_CS_CHES_ENDPOINT=https://ches-dev.apps.silver.devops.gov.bc.ca/api \\\n --from-literal=SC_CS_CDOGS_ENDPOINT=https://cdogs-dev.apps.silver.devops.gov.bc.ca/api \\\n --from-literal=SC_CS_TOKEN_ENDPOINT=https://dev.oidc.gov.bc.ca/auth/realms/jbd6rnxw/protocol/openid-connect/token\noc create -n $NAMESPACE configmap $APP_NAME-server-config \\\n --from-literal=SERVER_APIPATH=/api/v1 \\\n --from-literal=SERVER_BASEPATH=/app \\\n --from-literal=SERVER_BODYLIMIT=30mb \\\n --from-literal=SERVER_KC_PUBLICKEY=$PUBLIC_KEY \\\n --from-literal=SERVER_KC_REALM=cp1qly2d \\\n --from-literal=SERVER_KC_SERVERURL=https://dev.oidc.gov.bc.ca/auth \\\n --from-literal=SERVER_LOGLEVEL=http \\\n --from-literal=SERVER_PORT=8080","type":"text"}]},{"type":"paragraph","content":[{"text":"Note:","type":"text","marks":[{"type":"em"}]},{"text":" We use the NRS ","type":"text"},{"text":"Object Storage","type":"text","marks":[{"type":"link","attrs":{"href":"https://github.com/bcgov/nr-get-token/wiki/Object-Storage"}}]},{"text":" for CHEFS.","type":"text"}]},{"type":"codeBlock","content":[{"text":"oc create -n $NAMESPACE configmap $APP_NAME-files-config \\\n --from-literal=FILES_UPLOADS_DIR= \\\n --from-literal=FILES_UPLOADS_ENABLED=true \\\n --from-literal=FILES_UPLOADS_FILECOUNT=1 \\\n --from-literal=FILES_UPLOADS_FILEKEY=files \\\n --from-literal=FILES_UPLOADS_FILEMAXSIZE=25MB \\\n --from-literal=FILES_UPLOADS_FILEMINSIZE=0KB \\\n --from-literal=FILES_UPLOADS_PATH=files \\\n --from-literal=FILES_PERMANENT=objectStorage \\\n --from-literal=FILES_LOCALSTORAGE_PATH= \\\n --from-literal=FILES_OBJECTSTORAGE_BUCKET=egejyy \\\n --from-literal=FILES_OBJECTSTORAGE_ENDPOINT=https://nrs.objectstore.gov.bc.ca \\\n --from-literal=FILES_OBJECTSTORAGE_KEY=chefs/dev/ \\","type":"text"}]},{"type":"paragraph","content":[{"text":"The following command creates an OpenShift config map that contains configuration files for our ","type":"text"},{"text":"Fluent-bit log forwarder","type":"text","marks":[{"type":"link","attrs":{"href":"https://github.com/bcgov/common-hosted-form-service/blob/master/openshift/README.md#sidecar-logging"}}]},{"text":".","type":"text"}]},{"type":"codeBlock","content":[{"text":"oc process -n $NAMESPACE -f fluent-bit.cm.yaml \\\n -p NAMESPACE=$NAMESPACE \\\n -p APP_NAME=$APP_NAME \\\n -p REPO_NAME=$REPO_NAME \\\n -p JOB_NAME=$JOB_NAME \\\n -p FLUENTD=$FLUENTD \\\n -p AWS_DEFAULT_REGION=$AWS_DEFAULT_REGION \\\n -p AWS_KINESIS_STREAM=$AWS_KINESIS_STREAM \\\n -p AWS_ROLE_ARN=$AWS_ROLE_ARN \\\n -o yaml | oc -n $NAMESPACE apply -f -","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Secrets","type":"text"}]},{"type":"paragraph","content":[{"text":"Replace anything in angle brackets with the appropriate value!","type":"text"}]},{"type":"codeBlock","content":[{"text":"export NAMESPACE=\nexport APP_NAME=\n\nexport username=\nexport password=\n\noc create -n $NAMESPACE secret generic $APP_NAME-keycloak-secret \\\n --type=kubernetes.io/basic-auth \\\n --from-literal=username=$username \\\n --from-literal=password=$password\nexport username=\nexport password=\n\noc create -n $NAMESPACE secret generic $APP_NAME-sc-cs-secret \\\n --type=kubernetes.io/basic-auth \\\n --from-literal=username=$username \\\n --from-literal=password=$password\nexport username=\nexport password=\n\noc create -n $NAMESPACE secret generic $APP_NAME-objectstorage-secret \\\n --type=kubernetes.io/basic-auth \\\n --from-literal=username=$username \\\n --from-literal=password=$password","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Build Config & Deployment","type":"text","marks":[{"type":"strong"}]},{"text":" ","type":"text","marks":[{"type":"textColor","attrs":{"color":"#0747a6"}},{"type":"strong"}]},{"text":"(Top of the page)","type":"text","marks":[{"type":"textColor","attrs":{"color":"#0747a6"}},{"type":"link","attrs":{"href":"#top-of-the-page"}}]}]},{"type":"paragraph","content":[{"text":"This application is currently designed as a single application pod deployments. It will host a static frontend containing all of the Vue.js resources and assets, and a Node.js backend which serves the API that the frontend requires. We are currently leveraging Openshift Routes with path based filtering in order to forward incoming traffic to the right deployment service.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Frontend","type":"text"}]},{"type":"paragraph","content":[{"text":"The frontend temporarily installs dependencies needed to generate the static assets that will appear in the ","type":"text"},{"text":"/app/frontend/dist","type":"text","marks":[{"type":"code"}]},{"text":" folder. These contents will be picked up by the application and hosted appropriately.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Application","type":"text"}]},{"type":"paragraph","content":[{"text":"The backend is a standard ","type":"text"},{"text":"Node","type":"text","marks":[{"type":"link","attrs":{"href":"https://nodejs.org/"}}]},{"text":"/","type":"text"},{"text":"Express","type":"text","marks":[{"type":"link","attrs":{"href":"https://expressjs.com/"}}]},{"text":" server. It handles the JWT based authentication via OIDC authentication flow, and exposes the API to authorized users. This deployment container is built up on top of an Alpine Node image. The resulting container after build is what is deployed.","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Templates ","type":"text","marks":[{"type":"strong"}]},{"text":"(Top of the page)","type":"text","marks":[{"type":"textColor","attrs":{"color":"#0747a6"}},{"type":"link","attrs":{"href":"#top-of-the-page"}}]}]},{"type":"paragraph","content":[{"text":"The Jenkins pipeline heavily leverages Openshift Templates in order to ensure that all of the environment variables, settings, and contexts are pushed to Openshift correctly. Files ending with ","type":"text"},{"text":".bc.yaml","type":"text","marks":[{"type":"code"}]},{"text":" specify the build configurations, while files ending with ","type":"text"},{"text":".dc.yaml","type":"text","marks":[{"type":"code"}]},{"text":" specify the components required for deployment.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Build Configurations","type":"text"}]},{"type":"paragraph","content":[{"text":"Build configurations will emit and handle the chained builds or standard builds as necessary. They take in the following parameters:","type":"text"}]},{"type":"table","attrs":{"layout":"default","localId":"9f878e42-190c-4911-93d9-3ef5e16f6242"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[342.0]},"content":[{"type":"paragraph","content":[{"text":"Name","type":"text"}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[330.0]},"content":[{"type":"paragraph","content":[{"text":"Required","type":"text"}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[330.0]},"content":[{"type":"paragraph","content":[{"text":"Description","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[342.0]},"content":[{"type":"paragraph","content":[{"text":"REPO_NAME","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[330.0]},"content":[{"type":"paragraph","content":[{"text":"yes","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[330.0]},"content":[{"type":"paragraph","content":[{"text":"Application repository name","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[342.0]},"content":[{"type":"paragraph","content":[{"text":"JOB_NAME","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[330.0]},"content":[{"type":"paragraph","content":[{"text":"yes","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[330.0]},"content":[{"type":"paragraph","content":[{"text":"Job identifier (i.e. 'pr-5' OR 'master')","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[342.0]},"content":[{"type":"paragraph","content":[{"text":"SOURCE_REPO_REF","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[330.0]},"content":[{"type":"paragraph","content":[{"text":"yes","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[330.0]},"content":[{"type":"paragraph","content":[{"text":"Git Pull Request Reference (i.e. 'pull/CHANGE_ID/head')","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[342.0]},"content":[{"type":"paragraph","content":[{"text":"SOURCE_REPO_URL","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[330.0]},"content":[{"type":"paragraph","content":[{"text":"yes","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[330.0]},"content":[{"type":"paragraph","content":[{"text":"Git Repository URL","type":"text"}]}]}]}]},{"type":"paragraph","content":[{"text":"The template can be manually invoked and deployed via Openshift CLI. For example:","type":"text"}]},{"type":"codeBlock","content":[{"text":"export NAMESPACE=\n\noc process -n $NAMESPACE -f openshift/app.bc.yaml -p REPO_NAME=common-hosted-form-service\n -p JOB_NAME=master -p SOURCE_REPO_URL=https://github.com/bcgov/common-hosted-form-service.git -p SOURCE_REPO_REF=master -o yaml | oc apply -n $NAMESPACE -f -","type":"text"}]},{"type":"paragraph","content":[{"text":"Note that these build configurations do not have any triggers defined. They will be invoked by the Jenkins pipeline, started manually in the console, or by an equivalent oc command for example:","type":"text"}]},{"type":"codeBlock","content":[{"text":"oc start-build -n $NAMESPACE --follow","type":"text"}]},{"type":"paragraph","content":[{"text":"Finally, we generally tag the resultant image so that the deployment config will know which exact image to use. This is also handled by the Jenkins pipeline. The equivalent oc command for example is:","type":"text"}]},{"type":"codeBlock","content":[{"text":"oc tag -n $NAMESPACE :latest :master","type":"text"}]},{"type":"paragraph","content":[{"text":"Note: Remember to swap out the bracketed values with the appropriate values!","type":"text","marks":[{"type":"em"}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Deployment Configurations","type":"text"}]},{"type":"paragraph","content":[{"text":"Deployment configurations will emit and handle the deployment lifecycles of running containers based off of the previously built images. They generally contain a deploymentconfig, a service, and a route. Before our application is deployed, Patroni (a Highly Available Postgres Cluster implementation) needs to be deployed. Refer to any ","type":"text"},{"text":"patroni*","type":"text","marks":[{"type":"code"}]},{"text":" templates and their ","type":"text"},{"text":"official documentation","type":"text","marks":[{"type":"link","attrs":{"href":"https://patroni.readthedocs.io/en/latest/"}}]},{"text":" for more details.","type":"text"}]},{"type":"paragraph","content":[{"text":"Our application template take in the following parameters:","type":"text"}]},{"type":"table","attrs":{"layout":"default","localId":"668fc3d0-71fb-45fd-a594-668895611a79"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[342.0]},"content":[{"type":"paragraph","content":[{"text":"Name","type":"text"}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[330.0]},"content":[{"type":"paragraph","content":[{"text":"Required","type":"text"}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[330.0]},"content":[{"type":"paragraph","content":[{"text":"Description","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[342.0]},"content":[{"type":"paragraph","content":[{"text":"REPO_NAME","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[330.0]},"content":[{"type":"paragraph","content":[{"text":"yes","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[330.0]},"content":[{"type":"paragraph","content":[{"text":"Application repository name","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[342.0]},"content":[{"type":"paragraph","content":[{"text":"JOB_NAME","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[330.0]},"content":[{"type":"paragraph","content":[{"text":"yes","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[330.0]},"content":[{"type":"paragraph","content":[{"text":"Job identifier (i.e. 'pr-5' OR 'master')","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[342.0]},"content":[{"type":"paragraph","content":[{"text":"NAMESPACE","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[330.0]},"content":[{"type":"paragraph","content":[{"text":"yes","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[330.0]},"content":[{"type":"paragraph","content":[{"text":"which namespace/\"environment\" are we deploying to? dev, test, prod?","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[342.0]},"content":[{"type":"paragraph","content":[{"text":"APP_NAME","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[330.0]},"content":[{"type":"paragraph","content":[{"text":"yes","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[330.0]},"content":[{"type":"paragraph","content":[{"text":"short name for the application","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[342.0]},"content":[{"type":"paragraph","content":[{"text":"ROUTE_HOST","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[330.0]},"content":[{"type":"paragraph","content":[{"text":"yes","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[330.0]},"content":[{"type":"paragraph","content":[{"text":"base domain for the publicly accessible URL","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[342.0]},"content":[{"type":"paragraph","content":[{"text":"ROUTE_PATH","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[330.0]},"content":[{"type":"paragraph","content":[{"text":"yes","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[330.0]},"content":[{"type":"paragraph","content":[{"text":"base path for the publicly accessible URL","type":"text"}]}]}]}]},{"type":"paragraph","content":[{"text":"The Jenkins pipeline will handle deployment invocation automatically. However should you need to run it manually, you can do so with the following for example:","type":"text"}]},{"type":"codeBlock","content":[{"text":"export NAMESPACE=\nexport APP_NAME=\n\noc process -n $NAMESPACE -f openshift/app.dc.yaml -p REPO_NAME=common-hosted-form-service -p JOB_NAME=master -p NAMESPACE=$NAMESPACE -p APP_NAME=$APP_NAME -p ROUTE_HOST=$APP_NAME-dev.apps.silver.devops.gov.bc.ca -p ROUTE_PATH=master -o yaml | oc apply -n $NAMESPACE -f -","type":"text"}]},{"type":"paragraph","content":[{"text":"Due to the triggers that are set in the deploymentconfig, the deployment will begin automatically. However, you can deploy manually by use the following command for example:","type":"text"}]},{"type":"codeBlock","content":[{"text":"oc rollout -n $NAMESPACE latest dc/-master","type":"text"}]},{"type":"paragraph","content":[{"text":"Note: Remember to swap out the bracketed values with the appropriate values!","type":"text","marks":[{"type":"em"}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Sidecar Logging","type":"text","marks":[{"type":"strong"}]},{"text":" ","type":"text","marks":[{"type":"textColor","attrs":{"color":"#0747a6"}},{"type":"strong"}]},{"text":"(Top of the page)","type":"text","marks":[{"type":"textColor","attrs":{"color":"#0747a6"}},{"type":"link","attrs":{"href":"#top-of-the-page"}}]}]},{"type":"paragraph","content":[{"text":"Our deployment on OpenShift uses a Fluent-bit sidecar to collect logs from the CHEFS application. The sidecar deployment is included in the main app.dc.yaml file. Our NodeJS apps output logs to a configurable file path (for example app/app.log ). This is done using using a logger script. For example see our ","type":"text"},{"text":"CHEFS app logger","type":"text","marks":[{"type":"link","attrs":{"href":"https://github.com/bcgov/common-hosted-form-service/blob/master/app/src/components/log.js"}}]}]},{"type":"paragraph","content":[{"text":"The Fluent-bit configuration is kept in the openshift config map ","type":"text"},{"text":"fluent-bit.cm.yaml","type":"text","marks":[{"type":"link","attrs":{"href":"https://github.com/bcgov/common-hosted-form-service/blob/master/openshift/fluent-bit.cm.yaml"}}]}]},{"type":"paragraph","content":[{"text":"Additional details for configuring the sidecar can be seen on the ","type":"text"},{"text":"wiki","type":"text","marks":[{"type":"link","attrs":{"href":"https://github.com/bcgov/nr-get-token/wiki/Logging-to-a-Sidecar"}}]},{"text":".","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Logs sent to AWS Opensearch","type":"text"}]},{"type":"paragraph","content":[{"text":"We currently forward our application logs from Fluent-bit to an AWS OpenSearch service. the AWS connection credentials are found using environment variables in the fluent-bit container (aws credentials stored in 'chefs-aws-kinesis-secret' secret.)","type":"text"}]},{"type":"paragraph","content":[{"text":"to create this secret on OpenShift:","type":"text"}]},{"type":"codeBlock","content":[{"text":"export NAMESPACE=\nexport APP_NAME=\n\nexport username=\nexport password=\n\noc create -n $NAMESPACE secret generic $APP_NAME-aws-kinesis-secret \\\n --type=kubernetes.io/basic-auth \\\n --from-literal=username=$username \\\n --from-literal=password=$password","type":"text"}]},{"type":"paragraph","content":[{"text":"The Fluent-bit configuration includes the output plugin 'kinesis streams' where we define our AWS region, arn_role and stream name. A further parser for our logs was added to a node app running on an ","type":"text"},{"text":"AWS Lambda service","type":"text","marks":[{"type":"link","attrs":{"href":"https://github.com/BCDevOps/nr-elasticsearch-stack/tree/master/event-stream-processing/src"}}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Error Notifications","type":"text"}]},{"type":"paragraph","content":[{"text":"We currently also output logs to a Fluentd service where we can trigger error notifications to our Discord channel. See our ","type":"text"},{"text":"Wiki","type":"text","marks":[{"type":"link","attrs":{"href":"https://github.com/bcgov/nr-get-token/wiki/Aggregate-logs-with-Fluentd"}}]},{"text":" from more details.","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Pull Request Cleanup ","type":"text","marks":[{"type":"strong"}]},{"text":"(Top of the page)","type":"text","marks":[{"type":"link","attrs":{"href":"#top-of-the-page"}}]}]},{"type":"paragraph","content":[{"text":"As of this time, we do not automatically clean up resources generated by a Pull Request once it has been accepted and merged in. This is still a manual process. Our PR deployments are all named in the format \"pr-###\", where the ### is the number of the specific PR. In order to clear all resources for a specific PR, run the following two commands to delete all relevant resources from the Openshift project (replacing ","type":"text"},{"text":"PRNUMBER","type":"text","marks":[{"type":"code"}]},{"text":" with the appropriate number):","type":"text"}]},{"type":"codeBlock","content":[{"text":"export NAMESPACE=\nexport APP_NAME=\n\noc delete all,secret,pvc,networkpolicy,rolebinding -n $NAMESPACE --selector app=$APP_NAME-pr-\noc delete all,svc,cm,sa,role,secret -n $NAMESPACE --selector cluster-name=pr-","type":"text"}]},{"type":"paragraph","content":[{"text":"The first command will clear out all related executable resources for the application, while the second command will clear out the remaining Patroni cluster resources associated with that PR.","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Appendix - Supporting Deployments ","type":"text","marks":[{"type":"strong"}]},{"text":"(Top of the page)","type":"text","marks":[{"type":"link","attrs":{"href":"#top-of-the-page"}}]}]},{"type":"paragraph","content":[{"text":"There will be instances where this application will need supporting modifications or deployment such as databases and business analytics tools. Below is a list of initial reference points for other Openshift templates that could be leveraged and bolted onto the existing Jenkins pipeline if applicable.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Metabase","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Overview & Templates","type":"text","marks":[{"type":"link","attrs":{"href":"https://github.com/bcgov/nr-get-token/wiki/Metabase"}}]}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"MongoDB","type":"text"}]},{"type":"paragraph","content":[{"text":"Refer to the ","type":"text"},{"text":"mongodb.dc.yaml","type":"text","marks":[{"type":"code"}]},{"text":" and ","type":"text"},{"text":"mongodb.secret.yaml","type":"text","marks":[{"type":"code"}]},{"text":" files found below for a simple persistent MongoDB deployment:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Templates","type":"text","marks":[{"type":"link","attrs":{"href":"https://github.com/jujaga/common-hosted-form-service/tree/formio-mongodb/openshift"}}]}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Patroni (HA Postgres)","type":"text"}]},{"type":"paragraph","content":[{"text":"Refer to the ","type":"text"},{"text":"patroni.dc.yaml","type":"text","marks":[{"type":"code"}]},{"text":" and ","type":"text"},{"text":"patroni.secret.yaml","type":"text","marks":[{"type":"code"}]},{"text":" files found below for a Highly Available Patroni cluster statefulset:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Templates","type":"text","marks":[{"type":"link","attrs":{"href":"https://github.com/bcgov/nr-get-token/tree/master/openshift"}}]}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Database Backup","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Documentation & Templates","type":"text","marks":[{"type":"link","attrs":{"href":"https://github.com/bcgov/nr-get-token/wiki/Database-Backup"}}]}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Redis","type":"text"}]},{"type":"paragraph","content":[{"text":"Refer to the ","type":"text"},{"text":"redis.dc.yaml","type":"text","marks":[{"type":"code"}]},{"text":" and ","type":"text"},{"text":"redis.secret.yaml","type":"text","marks":[{"type":"code"}]},{"text":" files found below for a simple persistent Redis deployment:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Templates","type":"text","marks":[{"type":"underline"},{"type":"link","attrs":{"href":"https://github.com/bcgov/common-hosted-email-service/tree/master/openshift"}}]}]}]}]}]}]},{"type":"paragraph"}],"version":1}

Browser not supported