diff --git a/kustomize/README.md b/kustomize/README.md
index 85102c1..d1e1d44 100644
--- a/kustomize/README.md
+++ b/kustomize/README.md
@@ -2,7 +2,7 @@
Declarative management of CSW Kubernetes resources using Kustomize.
-# How to use
+## How to use
Within an overlay directory, create a `.env` file to contain required secret
values in the format KEY=value (i.e. `overlays/uat/.env`). Required values:
@@ -22,8 +22,8 @@ Run `kubectl` with the `-k` flag to generate resources for a given overlay:
kubectl apply -k kustomize/overlays/uat --namespace sss --dry-run=client
```
-# References:
+## References
-* https://kubernetes.io/docs/tasks/manage-kubernetes-objects/kustomization/
-* https://github.com/kubernetes-sigs/kustomize
-* https://github.com/kubernetes-sigs/kustomize/tree/master/examples
+-
+-
+-
diff --git a/kustomize/base/deployment.yaml b/kustomize/base/deployment.yaml
index 754fab0..ce67dc9 100644
--- a/kustomize/base/deployment.yaml
+++ b/kustomize/base/deployment.yaml
@@ -16,68 +16,68 @@ spec:
app: csw-deployment
spec:
containers:
- - name: csw
- image: ghcr.io/dbca-wa/csw
- imagePullPolicy: Always
- env:
- - name: ALLOWED_HOSTS
- value: ".dbca.wa.gov.au"
- - name: CSRF_TRUSTED_ORIGINS
- value: "https://*.dbca.wa.gov.au"
- - name: CSRF_COOKIE_SECURE
- value: "True"
- - name: SESSION_COOKIE_SECURE
- value: "True"
- - name: TZ
- value: "Australia/Perth"
- resources:
- requests:
- memory: "100Mi"
- cpu: "5m"
- limits:
- memory: "2Gi"
- cpu: "1000m"
- startupProbe:
- httpGet:
- path: /livez
- port: 8080
- scheme: HTTP
- initialDelaySeconds: 3
- periodSeconds: 15
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
- livenessProbe:
- httpGet:
- path: /livez
- port: 8080
- scheme: HTTP
- initialDelaySeconds: 0
- periodSeconds: 15
- successThreshold: 1
- failureThreshold: 3
- timeoutSeconds: 10
- readinessProbe:
- httpGet:
- path: /readyz
- port: 8080
- scheme: HTTP
- initialDelaySeconds: 0
- periodSeconds: 15
- successThreshold: 1
- failureThreshold: 3
- timeoutSeconds: 10
- securityContext:
- runAsNonRoot: true
- privileged: false
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- volumeMounts:
- - mountPath: /tmp
- name: tmpfs-ram
+ - name: csw
+ image: ghcr.io/dbca-wa/csw
+ imagePullPolicy: Always
+ env:
+ - name: ALLOWED_HOSTS
+ value: ".dbca.wa.gov.au"
+ - name: CSRF_TRUSTED_ORIGINS
+ value: "https://*.dbca.wa.gov.au"
+ - name: CSRF_COOKIE_SECURE
+ value: "True"
+ - name: SESSION_COOKIE_SECURE
+ value: "True"
+ - name: TZ
+ value: "Australia/Perth"
+ resources:
+ requests:
+ memory: "100Mi"
+ cpu: "5m"
+ limits:
+ memory: "2Gi"
+ cpu: "1000m"
+ startupProbe:
+ httpGet:
+ path: /livez
+ port: 8080
+ scheme: HTTP
+ initialDelaySeconds: 3
+ periodSeconds: 15
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+ livenessProbe:
+ httpGet:
+ path: /livez
+ port: 8080
+ scheme: HTTP
+ initialDelaySeconds: 0
+ periodSeconds: 15
+ successThreshold: 1
+ failureThreshold: 3
+ timeoutSeconds: 10
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: 8080
+ scheme: HTTP
+ initialDelaySeconds: 0
+ periodSeconds: 15
+ successThreshold: 1
+ failureThreshold: 3
+ timeoutSeconds: 10
+ securityContext:
+ runAsNonRoot: true
+ privileged: false
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ volumeMounts:
+ - mountPath: /tmp
+ name: tmpfs-ram
volumes:
- name: tmpfs-ram
emptyDir:
diff --git a/kustomize/base/service.yaml b/kustomize/base/service.yaml
index c74a93d..905bddb 100644
--- a/kustomize/base/service.yaml
+++ b/kustomize/base/service.yaml
@@ -5,7 +5,7 @@ metadata:
spec:
type: ClusterIP
ports:
- - name: wsgi
- port: 8080
- protocol: TCP
- targetPort: 8080
+ - name: wsgi
+ port: 8080
+ protocol: TCP
+ targetPort: 8080
diff --git a/kustomize/overlays/prod/deployment_patch.yaml b/kustomize/overlays/prod/deployment_patch.yaml
index 1a8ecb4..8c6f673 100644
--- a/kustomize/overlays/prod/deployment_patch.yaml
+++ b/kustomize/overlays/prod/deployment_patch.yaml
@@ -6,41 +6,41 @@ spec:
template:
spec:
containers:
- - name: csw
- imagePullPolicy: IfNotPresent
- env:
- - name: DATABASE_URL
- valueFrom:
- secretKeyRef:
- name: csw-env-prod
- key: DATABASE_URL
- - name: SECRET_KEY
- valueFrom:
- secretKeyRef:
- name: csw-env-prod
- key: SECRET_KEY
- - name: BASE_URL
- valueFrom:
- secretKeyRef:
- name: csw-env-prod
- key: BASE_URL
- - name: CORS_URL
- valueFrom:
- secretKeyRef:
- name: csw-env-prod
- key: CORS_URL
- - name: AZURE_ACCOUNT_NAME
- valueFrom:
- secretKeyRef:
- name: csw-env-prod
- key: AZURE_ACCOUNT_NAME
- - name: AZURE_ACCOUNT_KEY
- valueFrom:
- secretKeyRef:
- name: csw-env-prod
- key: AZURE_ACCOUNT_KEY
- - name: AZURE_CONTAINER
- valueFrom:
- secretKeyRef:
- name: csw-env-prod
- key: AZURE_CONTAINER
+ - name: csw
+ imagePullPolicy: IfNotPresent
+ env:
+ - name: DATABASE_URL
+ valueFrom:
+ secretKeyRef:
+ name: csw-env-prod
+ key: DATABASE_URL
+ - name: SECRET_KEY
+ valueFrom:
+ secretKeyRef:
+ name: csw-env-prod
+ key: SECRET_KEY
+ - name: BASE_URL
+ valueFrom:
+ secretKeyRef:
+ name: csw-env-prod
+ key: BASE_URL
+ - name: CORS_URL
+ valueFrom:
+ secretKeyRef:
+ name: csw-env-prod
+ key: CORS_URL
+ - name: AZURE_ACCOUNT_NAME
+ valueFrom:
+ secretKeyRef:
+ name: csw-env-prod
+ key: AZURE_ACCOUNT_NAME
+ - name: AZURE_ACCOUNT_KEY
+ valueFrom:
+ secretKeyRef:
+ name: csw-env-prod
+ key: AZURE_ACCOUNT_KEY
+ - name: AZURE_CONTAINER
+ valueFrom:
+ secretKeyRef:
+ name: csw-env-prod
+ key: AZURE_CONTAINER
diff --git a/kustomize/overlays/prod/ingress.yaml b/kustomize/overlays/prod/ingress.yaml
index 177319c..73b18e8 100644
--- a/kustomize/overlays/prod/ingress.yaml
+++ b/kustomize/overlays/prod/ingress.yaml
@@ -5,13 +5,13 @@ metadata:
spec:
ingressClassName: nginx
rules:
- - host: csw.dbca.wa.gov.au
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: csw-clusterip-prod
- port:
- number: 8080
+ - host: csw.dbca.wa.gov.au
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: csw-clusterip-prod
+ port:
+ number: 8080
diff --git a/kustomize/overlays/prod/kustomization.yaml b/kustomize/overlays/prod/kustomization.yaml
index 43072d3..42ba363 100644
--- a/kustomize/overlays/prod/kustomization.yaml
+++ b/kustomize/overlays/prod/kustomization.yaml
@@ -10,6 +10,8 @@ secretGenerator:
type: Opaque
envs:
- .env
+generatorOptions:
+ disableNameSuffixHash: true
labels:
- includeSelectors: true
pairs:
diff --git a/kustomize/overlays/uat/deployment_patch.yaml b/kustomize/overlays/uat/deployment_patch.yaml
index ecf089f..c264977 100644
--- a/kustomize/overlays/uat/deployment_patch.yaml
+++ b/kustomize/overlays/uat/deployment_patch.yaml
@@ -6,40 +6,40 @@ spec:
template:
spec:
containers:
- - name: csw
- env:
- - name: DATABASE_URL
- valueFrom:
- secretKeyRef:
- name: csw-env-uat
- key: DATABASE_URL
- - name: SECRET_KEY
- valueFrom:
- secretKeyRef:
- name: csw-env-uat
- key: SECRET_KEY
- - name: BASE_URL
- valueFrom:
- secretKeyRef:
- name: csw-env-uat
- key: BASE_URL
- - name: CORS_URL
- valueFrom:
- secretKeyRef:
- name: csw-env-uat
- key: CORS_URL
- - name: AZURE_ACCOUNT_NAME
- valueFrom:
- secretKeyRef:
- name: csw-env-uat
- key: AZURE_ACCOUNT_NAME
- - name: AZURE_ACCOUNT_KEY
- valueFrom:
- secretKeyRef:
- name: csw-env-uat
- key: AZURE_ACCOUNT_KEY
- - name: AZURE_CONTAINER
- valueFrom:
- secretKeyRef:
- name: csw-env-uat
- key: AZURE_CONTAINER
+ - name: csw
+ env:
+ - name: DATABASE_URL
+ valueFrom:
+ secretKeyRef:
+ name: csw-env-uat
+ key: DATABASE_URL
+ - name: SECRET_KEY
+ valueFrom:
+ secretKeyRef:
+ name: csw-env-uat
+ key: SECRET_KEY
+ - name: BASE_URL
+ valueFrom:
+ secretKeyRef:
+ name: csw-env-uat
+ key: BASE_URL
+ - name: CORS_URL
+ valueFrom:
+ secretKeyRef:
+ name: csw-env-uat
+ key: CORS_URL
+ - name: AZURE_ACCOUNT_NAME
+ valueFrom:
+ secretKeyRef:
+ name: csw-env-uat
+ key: AZURE_ACCOUNT_NAME
+ - name: AZURE_ACCOUNT_KEY
+ valueFrom:
+ secretKeyRef:
+ name: csw-env-uat
+ key: AZURE_ACCOUNT_KEY
+ - name: AZURE_CONTAINER
+ valueFrom:
+ secretKeyRef:
+ name: csw-env-uat
+ key: AZURE_CONTAINER
diff --git a/kustomize/overlays/uat/ingress.yaml b/kustomize/overlays/uat/ingress.yaml
index 258b522..9522d49 100644
--- a/kustomize/overlays/uat/ingress.yaml
+++ b/kustomize/overlays/uat/ingress.yaml
@@ -5,13 +5,13 @@ metadata:
spec:
ingressClassName: nginx
rules:
- - host: csw-uat.dbca.wa.gov.au
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: csw-clusterip-uat
- port:
- number: 8080
+ - host: csw-uat.dbca.wa.gov.au
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: csw-clusterip-uat
+ port:
+ number: 8080
diff --git a/kustomize/overlays/uat/kustomization.yaml b/kustomize/overlays/uat/kustomization.yaml
index 2f61ac2..afbf348 100644
--- a/kustomize/overlays/uat/kustomization.yaml
+++ b/kustomize/overlays/uat/kustomization.yaml
@@ -10,6 +10,8 @@ secretGenerator:
type: Opaque
envs:
- .env
+generatorOptions:
+ disableNameSuffixHash: true
labels:
- includeSelectors: true
pairs: