check differences

helm/Chart.lock

@@ -1,9 +1,9 @@
 dependencies:
 - name: mongodb
   repository: https://charts.bitnami.com/bitnami
-  version: 10.7.1
+  version: 14.3.2
 - name: redis
   repository: https://charts.bitnami.com/bitnami
-  version: 14.7.2
-digest: sha256:19781f1c97b7baf124418df0c55387c2872b7d8fbd7566bfd38d483ff4d41aec
-generated: "2021-07-17T14:40:55.426466-07:00"
+  version: 16.13.2
+digest: sha256:e3cb6ade019f5169d547ac65001758b57bebf2beb6d8e47c4053f4d2e5a6ba06
+generated: "2023-12-12T09:45:47.7723153-08:00"

helm/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.1.0
+version: 4.1.2
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

helm/README.md

@@ -29,9 +29,9 @@ To restore from a backup:
 2. Find the `RELEASE_NAME` of the app you want to restore to. This should match the name of the PersistentVolumeClaim that contains the database backups, for example if your PVC is called `example-notifybc-dev-notify-bc-cronjob-mongodb-backup`, the `RELEASE_NAME` should be `example-notifybc-dev`.
 3. Determine the `BACKUP_DATE`, the date of the backup you want to restore from. For example if you want to restore from a backup created on January 25th, 2024, the `BACKUP_DATE` should be `20240125`.
    - Depending on the backup schedule there may be multiple backups performed per day in which case the latest backup from the given `BACKUP_DATE` will be used.
-4. From the root of this project, run the command:
+4. From the root of this project, run the following command:
     ```bash
-    oc process -f helm/deployments/openshift/backup-restore.yaml -p RELEASE_NAME="{RELEASE_NAME}" -p BACKUP_DATE="{BACKUP_DATE}" | oc apply -f -
+    oc process -f helm/deployments/openshift/backup-restore.yaml -p RELEASE_NAME="example-notifybc-dev" -p BACKUP_DATE="20240125" | oc apply -f -
     ```
-    (replacing `{RELEASE_NAME}` and `{BACKUP_DATE}` with the values found earlier) to run the database restore job.
+    (replacing the example values `example-notifybc-dev` and `20240125` with the values found earlier) to run the database restore job.
 5. A Job and a Pod will be created to perform the restore process which can be monitored in OpenShift. Both will be cleaned up automatically a few minutes after the process is complete.

helm/deployments/openshift/notify-build.yaml

@@ -0,0 +1,48 @@
+# ImageStream api-run
+apiVersion: image.openshift.io/v1
+kind: ImageStream
+metadata:
+  annotations:
+    description: Image for the notify application
+  labels:
+    role: app
+  name: notify-bc
+
+---
+# BuildConfig api-run
+apiVersion: build.openshift.io/v1
+kind: BuildConfig
+metadata:
+  annotations:
+    description: Image Build for notify bc application
+  labels:
+    role: app
+  name: notify-bc
+spec:
+  failedBuildsHistoryLimit: 1
+  successfulBuildsHistoryLimit: 2
+  strategy:
+    dockerStrategy:
+      from:
+        kind: DockerImage
+        name: node:20.9.0-slim
+      incremental: false
+    type: Docker
+  source:
+    contextDir: ./
+    git:
+      ref: main
+      uri: https://github.com/bcgov/NotifyBC.git
+    type: Git
+  output:
+    to:
+      kind: ImageStreamTag
+      name: notify-bc:latest
+  resources:
+    limits:
+      cpu: "2"
+      memory: 2Gi
+    requests:
+      cpu: "1.5"
+      memory: 1.5Gi
+  runPolicy: Serial

helm/platform-specific/openshift.yaml

@@ -1,36 +1,3 @@
 service:
   smtp:
     type: ClusterIP
-mongodb:
-  podSecurityContext:
-    enabled: false
-  containerSecurityContext:
-    enabled: true
-    runAsUser: 1004000000
-    runAsNonRoot: true
-  arbiter:
-    podSecurityContext:
-      enabled: false
-    containerSecurityContext:
-      enabled: true
-      runAsUser: 1004000000
-      runAsNonRoot: true
-redis:
-  master:
-    podSecurityContext:
-      enabled: false
-    containerSecurityContext:
-      enabled: true
-      runAsUser: 1004000000
-  replica:
-    podSecurityContext:
-      enabled: false
-    containerSecurityContext:
-      enabled: true
-      runAsUser: 1004000000
-  sentinel:
-    podSecurityContext:
-      enabled: false
-    containerSecurityContext:
-      enabled: true
-      runAsUser: 1004000000

helm/templates/cronjob.yaml

@@ -5,7 +5,7 @@ metadata:
   name: {{ include "NotifyBC.fullname" . }}-mongodb-backup
   labels: {{- include "NotifyBC.labels" . | nindent 4}}
 spec:
-  concurrencyPolicy: Forbid
+  concurrencyPolicy: Replace
   schedule: '{{ .Values.cronJob.schedule }}'
   jobTemplate:
     spec:

helm/templates/deployment-app.yaml

@@ -41,14 +41,14 @@ spec:
                 -headless
               {{- end }}
             - name: MONGODB_USER
-              value: {{ .Values.mongodb.auth.username }}
+              value: {{ .Values.mongodb.auth.usernames | first }}
             - name: MONGODB_PASSWORD
               valueFrom:
                 secretKeyRef:
                   name: {{ .Release.Name }}-mongodb
-                  key: mongodb-password
+                  key: mongodb-passwords
             - name: MONGODB_DATABASE
-              value: {{ .Values.mongodb.auth.database }}
+              value: {{ .Values.mongodb.auth.databases | first }}
             - name: MONGODB_ADMIN_PASSWORD
               valueFrom:
                 secretKeyRef:

helm/templates/deployment-cron.yaml

@@ -41,14 +41,14 @@ spec:
                 -headless
               {{- end }}
             - name: MONGODB_USER
-              value: {{ .Values.mongodb.auth.username }}
+              value: {{ .Values.mongodb.auth.usernames | first }}
             - name: MONGODB_PASSWORD
               valueFrom:
                 secretKeyRef:
                   name: {{ .Release.Name }}-mongodb
-                  key: mongodb-password
+                  key: mongodb-passwords
             - name: MONGODB_DATABASE
-              value: {{ .Values.mongodb.auth.database }}
+              value: {{ .Values.mongodb.auth.databases | first }}
             - name: MONGODB_ADMIN_PASSWORD
               valueFrom:
                 secretKeyRef:

helm/templates/network-policy-redis-ingress.yaml

@@ -19,5 +19,6 @@ spec:
         - podSelector:
             matchLabels:
               app.kubernetes.io/name: {{ include "NotifyBC.name" . }}-app
+              app.kubernetes.io/instance: {{ .Release.Name }}
   policyTypes:
     - Ingress

helm/templates/pvc.yaml

@@ -2,6 +2,8 @@
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
+  annotations:
+    "helm.sh/resource-policy": keep
   name: {{ include "NotifyBC.fullname" . }}-cronjob-mongodb-backup
   labels: {{- include "NotifyBC.labels" . | nindent 4}}
 spec:

helm/templates/route-smtp.yaml

@@ -19,4 +19,4 @@ spec:
     kind: Service
     name: {{ $fullName }}
 {{- end }}
-{{- end }}
+{{- end }}

helm/values.yaml

@@ -86,9 +86,12 @@ affinity: {}
 
 mongodb:
   architecture: replicaset
+  replicaCount: 3
   auth:
-    username: notify-bc
-    database: notify-bc
+    usernames:
+      - notify-bc
+    databases:
+      - notify-bc
     password: ''
   persistence:
     size: 1Gi
@@ -97,11 +100,9 @@ mongodb:
   containerSecurityContext:
     enabled: false
   arbiter:
-    podSecurityContext:
-      enabled: false
-    containerSecurityContext:
-      enabled: false
-
+    enabled: false
+  readinessProbe:
+    timeoutSeconds: 10
 configMap:
   config.local.js: |-
     module.exports = {};
@@ -129,7 +130,6 @@ route:
     host: ''
     tls:
       termination: edge
-    ip_whitelist: 0.0.0.0/0  
   smtp:
     host: ''