From 0b0e641a759c9c867cd6efbe11675bd64f280feb Mon Sep 17 00:00:00 2001
From: soletsdev <soletsdev@github>
Date: Mon, 8 Apr 2024 09:46:55 -0700
Subject: [PATCH] reducing API cpu/memory requests because they didn't increase
 performance. Increased fluent-bit requests to prevent OOM crash. Deleted
 unused Jenkins files

---
 .../workflows/deploy-to.openshift-prod.yml    |   8 +-
 tools/jenkins/Jenkinsfile-api-ocp4            | 107 ----------------
 tools/jenkins/update-configmap.sh             | 117 ------------------
 tools/openshift/api.dc.yaml                   |   6 +-
 4 files changed, 7 insertions(+), 231 deletions(-)
 delete mode 100644 tools/jenkins/Jenkinsfile-api-ocp4
 delete mode 100644 tools/jenkins/update-configmap.sh

diff --git a/.github/workflows/deploy-to.openshift-prod.yml b/.github/workflows/deploy-to.openshift-prod.yml
index 6437f5f..b54f58a 100644
--- a/.github/workflows/deploy-to.openshift-prod.yml
+++ b/.github/workflows/deploy-to.openshift-prod.yml
@@ -31,10 +31,10 @@ env:
   TARGET_ENV: "prod"
   MIN_REPLICAS: "3"
   MAX_REPLICAS: "4"
-  MIN_CPU: "250m"
-  MAX_CPU: "500m"
-  MIN_MEM: "850Mi"
-  MAX_MEM: "1000Mi"
+  MIN_CPU: "50m"
+  MAX_CPU: "300m"
+  MIN_MEM: "650Mi"
+  MAX_MEM: "750Mi"
 
 on:
   # https://docs.github.com/en/actions/reference/events-that-trigger-workflows
diff --git a/tools/jenkins/Jenkinsfile-api-ocp4 b/tools/jenkins/Jenkinsfile-api-ocp4
deleted file mode 100644
index 46d0d92..0000000
--- a/tools/jenkins/Jenkinsfile-api-ocp4
+++ /dev/null
@@ -1,107 +0,0 @@
-pipeline{
-   agent any
-   environment{
-      extJSHelper = '';
-      DEBUG_OUTPUT = 'false'
-
-      NAMESPACE='75e61b'
-      TOOLS = "${NAMESPACE}-tools"
-      DEV = "${NAMESPACE}-dev"
-
-      APP_NAME = 'school-api'
-      REPO_NAME = "educ-${APP_NAME}"
-      OWNER = 'bcgov'
-      JOB_NAME = 'master'
-      TAG = 'latest'
-      TARGET_ENV = 'dev'
-      STAGING_ENV = 'Dev'
-      TARGET_ENVIRONMENT = "${NAMESPACE}-${TARGET_ENV}"
-
-      APP_DOMAIN = 'apps.silver.devops.gov.bc.ca'
-      SOURCE_REPO_REF = 'master'
-      SOURCE_REPO_URL = 'https://github.com/${OWNER}/${REPO_NAME}.git'
-      DC_URL = "https://raw.githubusercontent.com/${OWNER}/${REPO_NAME}/master/tools/openshift/api.dc.ocp4.yaml"
-      MIN_REPLICAS = "1"
-      MAX_REPLICAS = "1"
-      MIN_CPU = "5m"
-      MAX_CPU = "150m"
-      MIN_MEM = "400Mi"
-      MAX_MEM = "800Mi"
-  }
-  stages{
-    stage('Initialize') {
-      steps {
-        script {
-          if(DEBUG_OUTPUT.equalsIgnoreCase('true')) {
-            // Force OpenShift Plugin directives to be verbose
-            openshift.logLevel(1)
-
-            // Print all environment variables
-            echo 'DEBUG - All pipeline environment variables:'
-            echo sh(returnStdout: true, script: 'env')
-          }
-
-          sh "wget -O - https://raw.githubusercontent.com/bcgov/EDUC-INFRA-COMMON/master/openshift/common-deployment/deployHelpers.js > deployHelpers.js"
-          extJSHelper = evaluate readFile('deployHelpers.js')
-        }
-      }
-    }
-    stage('Build App') {
-      steps {
-        script {
-          openshift.withCluster() {
-            openshift.withProject(TOOLS) {
-              try {
-                echo "Building API..."
-                def bcBackend = openshift.process('-f', 'https://raw.githubusercontent.com/${OWNER}/${REPO_NAME}/master/tools/openshift/api.bc.yaml', "REPO_NAME=${REPO_NAME}-${JOB_NAME}", "JOB_NAME=${JOB_NAME}", "SOURCE_REPO_URL=${SOURCE_REPO_URL}", "SOURCE_REPO_REF=${SOURCE_REPO_REF}")
-                openshift.apply(bcBackend).narrow('bc').startBuild('-w').logs('-f')
-
-                openshift.tag("${REPO_NAME}-${JOB_NAME}:latest", "${REPO_NAME}-${JOB_NAME}:${JOB_NAME}")
-              } catch (e) {
-                echo "API build failed"
-                throw e
-              }
-            }
-          }
-        }
-      }
-      post {
-        success {
-          echo 'Cleanup BuildConfigs'
-          script {
-              openshift.withCluster() {
-                openshift.withProject(TOOLS) {
-                  def bcApi = openshift.selector('bc', "${REPO_NAME}-${JOB_NAME}")
-
-                  if(bcApi.exists()) {
-                      echo "Removing BuildConfig ${REPO_NAME}-${JOB_NAME}"
-                      bcApi.delete()
-                  }
-                }
-              }
-            }
-        }
-        failure {
-          echo 'Build stage failed'
-        }
-      }
-    }
-	stage('Promote and configure DEV') {
-      steps{
-        script{
-            extJSHelper.performApiDeploy(STAGING_ENV, TARGET_ENVIRONMENT, REPO_NAME, APP_NAME, JOB_NAME, TAG, TOOLS, TARGET_ENVIRONMENT, APP_DOMAIN, DC_URL, MIN_REPLICAS, MAX_REPLICAS, MIN_CPU, MAX_CPU, MIN_MEM, MAX_MEM, TARGET_ENV, NAMESPACE)
-        }
-      }
-      post{
-        success{
-          echo 'Deployment to Dev was successful'
-        }
-        failure{
-          echo 'Deployment to Dev failed'
-        }
-      }
-    }
-  }
-}
-
-
diff --git a/tools/jenkins/update-configmap.sh b/tools/jenkins/update-configmap.sh
deleted file mode 100644
index 4d39dca..0000000
--- a/tools/jenkins/update-configmap.sh
+++ /dev/null
@@ -1,117 +0,0 @@
-envValue=$1
-APP_NAME=$2
-OPENSHIFT_NAMESPACE=$3
-APP_NAME_UPPER=${APP_NAME^^}
-
-TZVALUE="America/Vancouver"
-SOAM_KC_REALM_ID="master"
-SOAM_KC=soam-$envValue.apps.silver.devops.gov.bc.ca
-
-SOAM_KC_LOAD_USER_ADMIN=$(oc -n "$OPENSHIFT_NAMESPACE"-"$envValue" -o json get secret sso-admin-${envValue} | sed -n 's/.*"username": "\(.*\)"/\1/p' | base64 --decode)
-SOAM_KC_LOAD_USER_PASS=$(oc -n "$OPENSHIFT_NAMESPACE"-"$envValue" -o json get secret sso-admin-${envValue} | sed -n 's/.*"password": "\(.*\)",/\1/p' | base64 --decode)
-DB_JDBC_CONNECT_STRING=$(oc -n "$OPENSHIFT_NAMESPACE"-"$envValue" -o json get configmaps ${APP_NAME}-${envValue}-setup-config | sed -n 's/.*"DB_JDBC_CONNECT_STRING": "\(.*\)",/\1/p')
-DB_PWD=$(oc -n "$OPENSHIFT_NAMESPACE"-"$envValue" -o json get configmaps ${APP_NAME}-${envValue}-setup-config | sed -n "s/.*\"DB_PWD_${APP_NAME_UPPER}\": \"\(.*\)\",/\1/p")
-DB_USER=$(oc -n "$OPENSHIFT_NAMESPACE"-"$envValue" -o json get configmaps "${APP_NAME}"-"${envValue}"-setup-config | sed -n "s/.*\"DB_USER_${APP_NAME_UPPER}\": \"\(.*\)\",/\1/p")
-SPLUNK_TOKEN=$(oc -n "$OPENSHIFT_NAMESPACE"-"$envValue" -o json get configmaps "${APP_NAME}"-"${envValue}"-setup-config | sed -n "s/.*\"SPLUNK_TOKEN_${APP_NAME_UPPER}\": \"\(.*\)\"/\1/p")
-
-echo Fetching SOAM token
-TKN=$(curl -s \
-  -d "client_id=admin-cli" \
-  -d "username=$SOAM_KC_LOAD_USER_ADMIN" \
-  -d "password=$SOAM_KC_LOAD_USER_PASS" \
-  -d "grant_type=password" \
-  "https://$SOAM_KC/auth/realms/$SOAM_KC_REALM_ID/protocol/openid-connect/token" | jq -r '.access_token')
-
-echo
-echo Writing scope READ_SCHOOL
-curl -sX POST "https://$SOAM_KC/auth/admin/realms/$SOAM_KC_REALM_ID/client-scopes" \
-  -H "Content-Type: application/json" \
-  -H "Authorization: Bearer $TKN" \
-  -d "{\"description\": \"Read scope for school\",\"id\": \"READ_SCHOOL\",\"name\": \"READ_SCHOOL\",\"protocol\": \"openid-connect\",\"attributes\" : {\"include.in.token.scope\" : \"true\",\"display.on.consent.screen\" : \"false\"}}"
-
-echo
-echo Writing scope READ_PEN_COORDINATOR
-curl -sX POST "https://$SOAM_KC/auth/admin/realms/$SOAM_KC_REALM_ID/client-scopes" \
-  -H "Content-Type: application/json" \
-  -H "Authorization: Bearer $TKN" \
-  -d "{\"description\": \"Read scope for pen coordinator\",\"id\": \"READ_PEN_COORDINATOR\",\"name\": \"READ_PEN_COORDINATOR\",\"protocol\": \"openid-connect\",\"attributes\" : {\"include.in.token.scope\" : \"true\",\"display.on.consent.screen\" : \"false\"}}"
-
-echo
-echo Writing scope WRITE_PEN_COORDINATOR
-curl -sX POST "https://$SOAM_KC/auth/admin/realms/$SOAM_KC_REALM_ID/client-scopes" \
-  -H "Content-Type: application/json" \
-  -H "Authorization: Bearer $TKN" \
-  -d "{\"description\": \"Write scope for pen coordinator\",\"id\": \"WRITE_PEN_COORDINATOR\",\"name\": \"WRITE_PEN_COORDINATOR\",\"protocol\": \"openid-connect\",\"attributes\" : {\"include.in.token.scope\" : \"true\",\"display.on.consent.screen\" : \"false\"}}"
-
-echo
-echo Writing SCOPE_READ_FED_PROV_CODE
-curl -sX POST "https://$SOAM_KC/auth/admin/realms/$SOAM_KC_REALM_ID/client-scopes" \
-  -H "Content-Type: application/json" \
-  -H "Authorization: Bearer $TKN" \
-  -d "{\"description\": \"Read scope for fed to provincial school codes \",\"id\": \"READ_FED_PROV_CODE\",\"name\": \"READ_FED_PROV_CODE\",\"protocol\": \"openid-connect\",\"attributes\" : {\"include.in.token.scope\" : \"true\",\"display.on.consent.screen\" : \"false\"}}"
-
-echo
-echo Writing SCOPE_WRITE_FED_PROV_CODE
-curl -sX POST "https://$SOAM_KC/auth/admin/realms/$SOAM_KC_REALM_ID/client-scopes" \
-  -H "Content-Type: application/json" \
-  -H "Authorization: Bearer $TKN" \
-  -d "{\"description\": \"Write scope for fed to provincial school codes \",\"id\": \"WRITE_FED_PROV_CODE\",\"name\": \"WRITE_FED_PROV_CODE\",\"protocol\": \"openid-connect\",\"attributes\" : {\"include.in.token.scope\" : \"true\",\"display.on.consent.screen\" : \"false\"}}"
-
-echo
-echo Writing SCOPE_DELETE_FED_PROV_CODE
-curl -sX POST "https://$SOAM_KC/auth/admin/realms/$SOAM_KC_REALM_ID/client-scopes" \
-  -H "Content-Type: application/json" \
-  -H "Authorization: Bearer $TKN" \
-  -d "{\"description\": \"Write scope for fed to provincial school codes \",\"id\": \"DELETE_FED_PROV_CODE\",\"name\": \"DELETE_FED_PROV_CODE\",\"protocol\": \"openid-connect\",\"attributes\" : {\"include.in.token.scope\" : \"true\",\"display.on.consent.screen\" : \"false\"}}"
-
-###########################################################
-#Setup for config-map
-###########################################################
-SPLUNK_URL="gww.splunk.educ.gov.bc.ca"
-FLB_CONFIG="[SERVICE]
-   Flush        1
-   Daemon       Off
-   Log_Level    debug
-   HTTP_Server   On
-   HTTP_Listen   0.0.0.0
-   Parsers_File parsers.conf
-[INPUT]
-   Name   tail
-   Path   /mnt/log/*
-   Exclude_Path *.gz,*.zip
-   Parser docker
-   Mem_Buf_Limit 20MB
-[FILTER]
-   Name record_modifier
-   Match *
-   Record hostname \${HOSTNAME}
-[OUTPUT]
-   Name   stdout
-   Match  *
-[OUTPUT]
-   Name  splunk
-   Match *
-   Host  $SPLUNK_URL
-   Port  443
-   TLS         On
-   TLS.Verify  Off
-   Message_Key $APP_NAME
-   Splunk_Token $SPLUNK_TOKEN
-"
-PARSER_CONFIG="
-[PARSER]
-    Name        docker
-    Format      json
-"
-echo Creating config map "$APP_NAME"-config-map
-oc create -n "$OPENSHIFT_NAMESPACE"-"$envValue" configmap "$APP_NAME"-config-map --from-literal=TZ=$TZVALUE --from-literal=JDBC_URL="$DB_JDBC_CONNECT_STRING" --from-literal=ORACLE_USERNAME="$DB_USER" --from-literal=ORACLE_PASSWORD="$DB_PWD" --from-literal=KEYCLOAK_PUBLIC_KEY="$soamFullPublicKey" --from-literal=SPRING_SECURITY_LOG_LEVEL=INFO --from-literal=SPRING_WEB_LOG_LEVEL=INFO --from-literal=APP_LOG_LEVEL=INFO --from-literal=SPRING_BOOT_AUTOCONFIG_LOG_LEVEL=INFO --from-literal=SPRING_SHOW_REQUEST_DETAILS=false --from-literal=SPRING_JPA_SHOW_SQL="false" --from-literal=TOKEN_ISSUER_URL="https://$SOAM_KC/auth/realms/$SOAM_KC_REALM_ID" --dry-run -o yaml | oc apply -f -
-
-echo
-echo Setting environment variables for $APP_NAME-$SOAM_KC_REALM_ID application
-oc -n "$OPENSHIFT_NAMESPACE"-"$envValue" set env --from=configmap/$APP_NAME-config-map dc/$APP_NAME-$SOAM_KC_REALM_ID
-
-echo Creating config map "$APP_NAME"-flb-sc-config-map
-oc create -n "$OPENSHIFT_NAMESPACE"-"$envValue" configmap "$APP_NAME"-flb-sc-config-map --from-literal=fluent-bit.conf="$FLB_CONFIG"  --from-literal=parsers.conf="$PARSER_CONFIG" --dry-run -o yaml | oc apply -f -
-
-echo Removing un-needed config entries
-oc -n "$OPENSHIFT_NAMESPACE"-"$envValue" set env dc/"$APP_NAME"-$SOAM_KC_REALM_ID KEYCLOAK_PUBLIC_KEY-
diff --git a/tools/openshift/api.dc.yaml b/tools/openshift/api.dc.yaml
index 8c61ebc..753ce11 100644
--- a/tools/openshift/api.dc.yaml
+++ b/tools/openshift/api.dc.yaml
@@ -101,11 +101,11 @@ objects:
               name: metrics
           resources:
             requests:
-              cpu: "5m"
-              memory: "25Mi"
-            limits:
               cpu: "10m"
               memory: "50Mi"
+            limits:
+              cpu: "20m"
+              memory: "100Mi"
         volumes:
         - name: tls-certs
           secret: