gitops: deploy base app to dev

future-sir-gitops/base/future-sir-frontend/deployments.yaml

@@ -17,6 +17,11 @@ spec:
         - name: future-sir-frontend
           # Note: image tag should be pinned to a specific version in overlays
           image: dtsrhpdevscedacr.azurecr.io/future-sir/future-sir-frontend:latest
+          envFrom:
+            - configMapRef:
+                name: future-sir-frontend
+            - secretRef:
+                name: future-sir-frontend
           ports:
             - name: http
               containerPort: 3000

future-sir-gitops/overlays/dev/configs/future-sir-frontend/config.conf

@@ -0,0 +1,164 @@
+# Controls the verbosity of log messages (default: info).
+# Valid values (from least to most verbose):
+#   - error: logs only error messages
+#   - warn: logs warnings and errors
+#   - info: logs general information, warnings, and errors
+#   - audit: logs security/audit events (http requests), info, warnings, and errors
+#   - debug: logs debugging information, audit, info, warnings, and errors
+#   - trace: logs detailed tracing information for development and debugging
+LOG_LEVEL=
+
+# The port number the HTTP server will listen on (default: 3000).
+# Specify the port used to serve the application.
+PORT=
+
+# Enables debug logging for the i18next localization library (default: false).
+# Set to true to log additional information about translations and potential issues.
+I18NEXT_DEBUG=
+
+
+
+#################################################
+# Feature flags
+#################################################
+
+# Enable the mock OIDC provider for development purposes (default: false in production)
+# Note: Although the default is false in production mode, you can override it to true
+# for local development on localhost when testing with production-like settings.
+ENABLE_DEVMODE_OIDC=true
+
+
+
+#################################################
+# Session configuration
+#################################################
+
+# Backend storage type for sessions (default: memory).
+# Valid values:
+#   - memory: stores sessions in memory (use only for local development)
+#   - redis: stores sessions in a Redis database (recommended for production)
+SESSION_TYPE=
+
+# Time-to-live for sessions in seconds (default: 3600 -- 1h).
+# Determines how long a session remains valid after being created.
+SESSION_EXPIRES_SECONDS=
+
+# The name of the session cookie (default: __FSIR||session).
+# This cookie stores session ID in the browser.
+SESSION_COOKIE_NAME=
+
+# The domain for which the session cookie is valid (default: localhost).
+# Examples:
+#   - `localhost`: cookie is valid only for the localhost domain
+#   - `.example.com`: cookie is valid for all subdomains of example.com
+SESSION_COOKIE_DOMAIN=
+
+# The path scope of the session cookie (default: /).
+# Defines where the cookie is sent in HTTP requests. For example:
+#   - `/` makes it valid for the entire site
+#   - `/my-app` restricts it to that path
+SESSION_COOKIE_PATH=
+
+# The SameSite attribute for the session cookie (default: strict).
+# Valid values:
+#   - strict: the cookie will only be sent in same-site requests
+#   - lax: the cookie will be sent in same-site requests and cross-site top-level navigation
+#   - none: the cookie will be sent in all requests (requires Secure attribute to be true)
+SESSION_COOKIE_SAMESITE=
+
+# Secret key for signing and validating session cookies (default: 00000000-0000-0000-0000-000000000000).
+# Must be a strong, unique string of at least 32 characters. Keep this secure.
+SESSION_COOKIE_SECRET=
+
+# Specifies if the session cookie is marked as secure (default: true in production).
+# Note: Although the default is true in production mode, you can override it to false
+# for local development on localhost when testing with production-like settings.
+SESSION_COOKIE_SECURE=
+
+
+
+#################################################
+# Redis configuration (used when SESSION_TYPE=redis)
+#################################################
+
+# Specifies the Redis connection type (default: standalone).
+# Valid values:
+#   - standalone: connects to a single Redis server
+#   - sentinel: connects to a Redis Sentinel setup for high availability
+REDIS_CONNECTION_TYPE=
+
+# The hostname or IP address of the Redis server (default: localhost).
+REDIS_HOST=
+
+# The port number for the Redis server (default: 6379).
+REDIS_PORT=
+
+# Username for Redis authentication (optional).
+# Provide a username if your Redis setup requires username/password authentication.
+REDIS_USERNAME=
+
+# Password for Redis authentication (optional).
+# Provide a password if your Redis setup requires username/password or just password authentication.
+REDIS_PASSWORD=
+
+# Command timeout for Redis operations in seconds (default: 1).
+# Specifies the maximum time to wait before a command times out.
+REDIS_COMMAND_TIMEOUT_SECONDS=
+
+# The name of the Redis Sentinel master (required when REDIS_CONNECTION_TYPE=sentinel).
+# Specifies the primary node in a Sentinel-managed Redis setup.
+REDIS_SENTINEL_MASTER_NAME=
+
+
+
+#################################################
+# Authenication configuration
+#################################################
+
+# The name of this service (default: Future SIR frontend).
+OTEL_SERVICE_NAME=
+
+# The version of this service (default: 0.0.0).
+OTEL_SERVICE_VERSION=
+
+# Name of the deployment environment (default: localhost).
+OTEL_ENVIRONMENT_NAME=development
+
+# Autentication header name (default: Authorization 00000000-0000-0000-0000-000000000000).
+OTEL_AUTH_HEADER=
+
+# URL to ship metrics to (default: http://localhost:4318/v1/metrics).
+OTEL_METRICS_ENDPOINT=
+
+# URL to ship traces to (default: http://localhost:4318/v1/traces).
+OTEL_TRACES_ENDPOINT=
+
+
+
+#################################################
+# Authenication configuration
+#################################################
+
+# Default authentication provider (default: local).
+# Valid values:
+#   - azuread: uses Azure Active Directory for authentication
+#   - local: use a local mock OIDC provider
+AUTH_DEFAULT_PROVIDER=local
+
+
+
+#################################################
+# Azure AD configuration
+#################################################
+
+# The Azure Active Directory issuer URL.
+# Used for OAuth2 or OpenID Connect authentication flows.
+AZUREAD_ISSUER_URL=
+
+# The Azure AD client ID.
+# This identifies your application when interacting with Azure AD.
+AZUREAD_CLIENT_ID=
+
+# The Azure AD client secret.
+# This is used to authenticate your application with Azure AD.
+AZUREAD_CLIENT_SECRET=

future-sir-gitops/overlays/dev/ingresses.yaml

@@ -0,0 +1,19 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: future-sir-frontend
+  labels:
+    app.kubernetes.io/name: future-sir-frontend
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: future-sir-dev.dev-dp-internal.dts-stn.com
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: future-sir-frontend
+                port:
+                  name: http

future-sir-gitops/overlays/dev/kustomization.yaml

@@ -0,0 +1,28 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: future-social-insurance-registry
+nameSuffix: -dev
+commonLabels:
+  # commonLabels must have at least one unique label
+  # per environment to ensure selectors are applied correctly
+  app.kubernetes.io/instance: dev
+labels:
+  - pairs:
+      app.kubernetes.io/part-of: future-social-insurance-registry
+      app.kubernetes.io/managed-by: teamcity
+      app.kubernetes.io/cluster: dts-dev-sced-rhp-spoke-aks
+      app.kubernetes.io/environment: dev
+      app.kubernetes.io/tier: nonprod
+resources:
+  - ../../base/future-sir-frontend/
+  - ./ingresses.yaml
+configMapGenerator:
+  - name: future-sir-frontend
+    behavior: merge
+    envs:
+      - ./configs/future-sir-frontend/config.conf
+secretGenerator:
+  - name: future-sir-frontend
+    behavior: replace
+    envs:
+      - ./configs/future-sir-frontend/secrets.conf