ofco/medicalalert-web-reloaded
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

malert commit

Browse Source
This commit is contained in:
Jay Sharma
2023-07-28 06:49:53 +05:30
parent 5d0f0734d8
commit 8c2a392196
42 changed files with 2515 additions and 258 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
Dockerfile
View File

@@ -1,5 +1,9 @@
FROM wyveo/nginx-php-fpm:php74
COPY wp/ /usr/share/nginx/html
RUN rm /etc/nginx/conf.d/default.conf
RUN mkdir -p /var/lib/nginx/cache /usr/share/nginx/subdomain; cd /usr/share/nginx/subdomain ; mkdir www
COPY wp/ /usr/share/nginx/subdomain/www
#RUN rm /etc/nginx/conf.d/default.conf
#COPY build/default.conf /etc/nginx/conf.d/default.conf
COPY redinessprobe-wp.sh /root/redinessprobe-wp.sh
RUN chmod +x /etc/nginx/conf.d/default.conf /root/redinessprobe-wp.sh
RUN chmod +xw -R /usr/share/nginx/
#USER nginx

269
bitbucket-pipelines.yml Normal file
View File

@@ -0,0 +1,269 @@
definitions:
set-variables: &set-variables
- variables:
- name: VERSION
default: "latest"
set-variables-jobs: &set-variables-jobs
- variables:
- name: ENV
default: "dev"
allowed-values: # Optionally restrict variable values
- "dev"
- "qa"
- "stage"
- "prod"
- name: JOBNAME
default: "mysql-backup"
allowed-values: # Optionally restrict variable values
- "mysql-backup"
- "wp-data-backup"
- "mysql-restore"
- "wp-data-restore"
- name: SUBDOMAIN
default: www
allowed-values: # Optionally restrict variable values
- "www"
- "dev01"
- "dev02"
- "dev03"
- "dev04"
- "dev05"
- name: RESTORE_VERSION
default: "PASTE_RESTORE_VERSION_FILE_NAME"
set-variables-subdomain: &set-variables-subdomain
- variables:
- name: ENV
default: "dev"
allowed-values: # Optionally restrict variable values
- "dev"
- name: URL_DOMAIN
default: dev01.dev-medicalalert.com
allowed-values: # Optionally restrict variable values
- "dev01.dev-medicalalert.com"
- "dev02.dev-medicalalert.com"
- "dev03.dev-medicalalert.com"
- "dev04.dev-medicalalert.com"
- "dev05.dev-medicalalert.com"
- name: MYSQL_FILE_NAME
default: "MYSQL_FILE_NAME_TO_DEPLOY"
- name: STATIC_FILE_NAME
default: "STATIC_FILE_NAME_TO_DEPLOY"
steps:
- step: &deploy
name: deploy to $ENV environment
image: atlassian/default-image:3
script:
# check if env file exists
- if [ -e setenv.sh ]; then
- cat setenv.sh
- source setenv.sh
- fi
- echo "This is for $ENV environment"
- ls -lrth && cd build/${ENV}
# - export DB_PASSWORD=$(aws ssm get-parameters --names $ENV-$BITBUCKET_REPO_SLUG --query "Parameters[*].{Value:Value}" --output text)
# - export DB_PASSWORD=`echo -n "$DB_PASSWORD" | base64` && sed -i "/DB_PASSWORD/c\ DB_PASSWORD = $DB_PASSWORD" secrets.yaml
- envsubst < deployment.tpl > deployment.yaml
- cat deployment.yaml
- pipe: atlassian/aws-eks-kubectl-run:2.2.0
variables:
AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID}
AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY}
AWS_DEFAULT_REGION: $AWS_DEFAULT_REGION
CLUSTER_NAME: $CLUSTER
KUBECTL_COMMAND: "apply"
RESOURCE_PATH: "../${ENV}"
KUBECTL_ARGS: ""
KUBECTL_APPLY_ARGS: "-f"
DEBUG: "true"
pipelines:
# our custom pipeline, what shows up Bitbucket web app
custom:
deploy-dev:
- !!merge <<: *set-variables
- step:
!!merge <<: *deploy
deployment: dev
name: "deploy to dev"
deploy-qa:
- !!merge <<: *set-variables
- step:
!!merge <<: *deploy
deployment: qa
name: "deploy to qa"
release-stg:
- !!merge <<: *set-variables
- step:
!!merge <<: *deploy
deployment: stage
name: "deploy to stage"
release-prod:
- !!merge <<: *set-variables
- step:
!!merge <<: *deploy
deployment: prod
name: "deploy to prod"
common-jobs:
- !!merge <<: *set-variables-jobs
- step:
name: vars for common-jobs
script:
- source setenv.sh
- echo "export JOBNAME=$JOBNAME" >> setenv.sh
- echo "export ENV=$ENV" >> setenv.sh
- echo "export CLUSTER=caresage-eks-cluster-$ENV" >> setenv.sh
- echo "export VERSION=$BITBUCKET_BUILD_NUMBER" >> setenv.sh
- echo "export RESTORE_VERSION=$RESTORE_VERSION" >> setenv.sh
- echo "export SUBDOMAIN=$SUBDOMAIN" >> setenv.sh
- echo "export BITBUCKET_REPO_SLUG=$BITBUCKET_REPO_SLUG" >> setenv.sh
artifacts: # define the artifacts to be passed to each future step
- setenv.sh
- step:
name: common jobs for SQL and WWW backup and restore.
image: atlassian/pipelines-awscli
script:
- source setenv.sh && chmod 755 ./common-jobs-bitbucket.sh
- if [ "$JOBNAME" = "mysql-restore" ] && [ "$SUBDOMAIN" = "www" ] ; then ./common-jobs-bitbucket.sh subdomain_deploy; fi
# - [[ "$SUBDOMAIN" != "www" ]] && [[ "$ENV" = "qa" || "$ENV" = "stage" || "$ENV" = "prod" ]] && exit || echo VALIDATION-PASS
- if [[ "$SUBDOMAIN" != "www" ]] && [[ "$ENV" = "qa" || "$ENV" = "stage" || "$ENV" = "prod" ]] ; then echo VALIDATION-FAIL && exit 9 ; else echo VALIDATION-PASS;fi
- ./common-jobs-bitbucket.sh $JOBNAME
subdomain-deploy:
- !!merge <<: *set-variables-subdomain
- step:
name: vars for subdomain
script:
- source setenv.sh
- echo "export ENV=$ENV" >> setenv.sh
- echo "export CLUSTER=caresage-eks-cluster-$ENV" >> setenv.sh
- echo "export VERSION=$BITBUCKET_BUILD_NUMBER" >> setenv.sh
- echo "export RESTORE_VERSION=$RESTORE_VERSION" >> setenv.sh
- echo "export URL_DOMAIN=$URL_DOMAIN" >> setenv.sh
- echo "export MYSQL_FILE_NAME=$MYSQL_FILE_NAME" >> setenv.sh
- echo "export STATIC_FILE_NAME=$STATIC_FILE_NAME" >> setenv.sh
- echo "export BITBUCKET_REPO_SLUG=$BITBUCKET_REPO_SLUG" >> setenv.sh
artifacts:
- setenv.sh
- step:
name: Deploy the wp source code
trigger: manual
image: atlassian/pipelines-awscli
script:
- source setenv.sh
- chmod 755 ./common-jobs-bitbucket.sh && ./common-jobs-bitbucket.sh subdomain_deploy
artifacts:
- setenv.sh
- step:
name: Deploy the mysql database
trigger: manual
image: atlassian/pipelines-awscli
script:
- source setenv.sh
- chmod 755 ./common-jobs-bitbucket.sh && ./common-jobs-bitbucket.sh mysql-restore $MYSQL_FILE_NAME
artifacts:
- setenv.sh
- step:
name: Deploy the static data
trigger: manual
image: atlassian/pipelines-awscli
script:
- source setenv.sh
- chmod 755 ./common-jobs-bitbucket.sh && ./common-jobs-bitbucket.sh wp-data-restore $STATIC_FILE_NAME
release:
- !!merge <<: *set-variables
- step:
name: "plan for the release and tag the given version."
image: atlassian/pipelines-awscli
script:
- echo "make sure that release version file and plan has been added to the release repo"
- source release
- export MANIFEST=$(aws ecr batch-get-image --repository-name medicalalert-web --image-ids imageTag=$VERSION --output json | jq --raw-output --join-output '.images[0].imageManifest')
- aws ecr put-image --repository-name medicalalert-web --image-tag $RELEASE --image-manifest "$MANIFEST" && echo ------ image $VERSION has been retagged as $RELEASE || exit 9
- echo "export VERSION=$RELEASE" >> setenv.sh
- echo "export ENV=stage" >> setenv.sh
artifacts: # define the artifacts to be passed to each future step
- setenv.sh
- step:
!!merge <<: *deploy
deployment: stage
name: "deploy the release to stage"
trigger: manual
- step:
name: vars for prod
script:
- source release
- echo "export VERSION=$RELEASE" >> setenv.sh
- echo "export ENV=prod" >> setenv.sh
artifacts: # define the artifacts to be passed to each future step
- setenv.sh
- step:
!!merge <<: *deploy
deployment: prod
name: "deploy the release to production"
trigger: manual
pull-requests:
develop:
- step:
name: build the application and push that to dev env.
image: atlassian/default-image:3
script:
- curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" && unzip awscliv2.zip && ./aws/install
- export BUILD_D=$BITBUCKET_BRANCH_$BITBUCKET_COMMIT_$BITBUCKET_BUILD_NUMBER
- export IMAGE="medicalalert-web" && export VERSION=$BITBUCKET_BUILD_NUMBER
- aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 716593996126.dkr.ecr.us-east-1.amazonaws.com
- docker build -t ${IMAGE} .
- docker tag ${IMAGE} ${IMAGE}:${VERSION}
- pipe: atlassian/aws-ecr-push-image:1.6.2
variables:
AWS_ACCESS_KEY_ID: $AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY: $AWS_SECRET_ACCESS_KEY
AWS_DEFAULT_REGION: $AWS_DEFAULT_REGION
IMAGE_NAME: $IMAGE
TAGS: $VERSION
services:
- docker
caches:
- docker
- step:
name: vars for dev
script:
- echo "export VERSION=$BITBUCKET_BUILD_NUMBER" >> setenv.sh
- echo "export ENV=dev" >> setenv.sh
artifacts: # define the artifacts to be passed to each future step
- setenv.sh
- step:
!!merge <<: *deploy
deployment: dev
name: "deploy to dev"
- step:
name: vars for qa
script:
- echo "export VERSION=$BITBUCKET_BUILD_NUMBER" >> setenv.sh
- echo "export ENV=qa" >> setenv.sh
artifacts:
- setenv.sh
- step:
!!merge <<: *deploy
deployment: qa
name: "deploy to qa"
trigger: manual

17
build/dev-org/configmap.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: medicalalert-web-cm
namespace: caresage-web
labels:
app: medicalalert-web
data:
DB_HOST: dev-medicalalert-ecommerce.c5om7w6xopq1.us-east-1.rds.amazonaws.com
ENV: dev
WP_DEBUG: "false"
DB_CHARSET: utf8
DB_COLLATE: utf8_general_ci
CACHE_HOST: master.redis-cache-all-be-caresage.cqsmse.use1.cache.amazonaws.com
CACHE_PORT: "6379"
DB_NAME: "pantheon"
DB_USER: "pantheon"

92
build/dev-org/deployment.tpl Normal file
View File

@@ -0,0 +1,92 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: "11"
labels:
app: medicalalert-web
name: medicalalert-web
namespace: caresage-web
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app: medicalalert-web
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
annotations:
kubectl.kubernetes.io/restartedAt: "2023-06-08T17:04:19-04:00"
creationTimestamp: null
labels:
app: medicalalert-web
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- amd64
- arm64
containers:
- env:
- name: ENVIRONMENT
value: "$ENV"
image: 716593996126.dkr.ecr.us-east-1.amazonaws.com/medicalalert-web:$VERSION
envFrom:
- secretRef:
name: medicalalert-web-secrets
- configMapRef:
name: medicalalert-web-cm
imagePullPolicy: Always
name: medicalalert-web
ports:
- containerPort: 80
name: http
protocol: TCP
resources:
limits:
cpu: 200m
memory: 300Mi
requests:
cpu: 100m
memory: 100Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /usr/share/nginx/html/wp-content/uploads
name: persistent-storage
- mountPath: /etc/nginx/conf.d/
name: default-conf
dnsPolicy: ClusterFirst
imagePullSecrets:
- name: regcred
nodeSelector:
kubernetes.io/os: linux
restartPolicy: Always
schedulerName: default-scheduler
terminationGracePeriodSeconds: 30
volumes:
- name: persistent-storage
persistentVolumeClaim:
claimName: efs-claim
- name: default-conf
configMap:
defaultMode: 420
name: medicalalert-web-default-conf-cm

98
build/dev-org/deployment.yml Normal file
View File

@@ -0,0 +1,98 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: "11"
labels:
app: medicalalert-web
name: medicalalert-web
namespace: caresage-web
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app: medicalalert-web
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
annotations:
kubectl.kubernetes.io/restartedAt: "2023-06-08T17:04:19-04:00"
creationTimestamp: null
labels:
app: medicalalert-web
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- amd64
- arm64
containers:
- env:
- name: ENVIRONMENT
value: dev
image: 716593996126.dkr.ecr.us-east-1.amazonaws.com/medicalalert-web:v01
envFrom:
- secretRef:
name: medicalalert-web-secrets
- configMapRef:
name: medicalalert-web-cm
imagePullPolicy: Always
name: medicalalert-web
ports:
- containerPort: 80
name: http
protocol: TCP
resources:
limits:
cpu: 200m
memory: 300Mi
requests:
cpu: 100m
memory: 100Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /usr/share/nginx/html/wp-content/uploads
name: persistent-storage
- mountPath: /etc/nginx/conf.d/
name: default-conf
- mountPath: /var/lib/nginx/cache
name: cache
dnsPolicy: ClusterFirst
imagePullSecrets:
- name: regcred
nodeSelector:
kubernetes.io/os: linux
restartPolicy: Always
schedulerName: default-scheduler
terminationGracePeriodSeconds: 30
volumes:
- name: persistent-storage
persistentVolumeClaim:
claimName: efs-claim-medicalalert
- name: default-conf
configMap:
defaultMode: 420
name: medicalalert-web-default-conf-cm
- name: cache
emptyDir: {}

50
build/dev-org/jobs.tpl Normal file
View File

@@ -0,0 +1,50 @@
apiVersion: batch/v1
kind: Job
metadata:
name: common-jobs
namespace: caresage-exec
labels:
app: lifeline-web
rds: enable
spec:
template:
metadata:
labels:
app: lifeline-web
rds: enable
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- amd64
- arm64
containers:
- name: common-jobs
image: bitnami/percona-xtrabackup:latest
envFrom:
- secretRef:
name: lifeline-web-secrets
- configMapRef:
name: lifeline-web-cm
command: ["bash"]
args:
- -c
- cp -rf /usr/share/nginx/html/wp-content/uploads/common-jobs.sh /root/ && /root/common-jobs.sh $JOBNAME
volumeMounts:
- mountPath: /usr/share/nginx/html/wp-content/uploads
name: persistent-storage
imagePullSecrets:
- name: regcred
nodeSelector:
kubernetes.io/os: linux
restartPolicy: Never
volumes:
- name: persistent-storage
persistentVolumeClaim:
claimName: efs-claim

285
build/dev-org/medicalalert-web-default-conf-cm.yaml Normal file
View File

@@ -0,0 +1,285 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: medicalalert-web-default-conf-cm
namespace: medicalalert-web
labels:
app: medicalalert-web
data:
default.conf: |
# ---------------------
fastcgi_cache_path /var/lib/nginx/cache levels=1:2 keys_zone=MYAPP:100m inactive=60m;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
# -----------------------------------------
fastcgi_intercept_errors on;
fastcgi_ignore_client_abort on;
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
fastcgi_read_timeout 120;
#fastcgi_index index.php;
# --------------------------------
# Only cache positive responses
proxy_cache_valid 200 1h;
proxy_cache_valid 301 302 15m;
server {
listen 80 default; ## listen for ipv4; this line is default and implied
listen [::]:80 default ipv6only=on; ## listen for ipv6
server_name dev-medicalalert.com "";
return 301 https://www.$host$request_uri;
root /usr/share/nginx/subdomain/www;
index index.php index.html index.htm;
}
subdomain.conf: |
server {
listen 80;
listen [::]:80;
server_name ~^(?<subdomain>.+)\.dev-medicalalert\.com$;
if ($http_x_forwarded_proto != 'https') {
return 301 https://$host$request_uri;
}
root /usr/share/nginx/subdomain/$subdomain;
index index.php index.html index.htm;
sendfile off;
# Security - Hide nginx version number in error pages and Server header
server_tokens off;
# Add stdout logging
error_log /dev/stdout error;
access_log /dev/stdout;
# reduce the data that needs to be sent over network
gzip on;
gzip_min_length 10240;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css text/xml application/json text/javascript application/x-javascript application/xml;
gzip_disable "MSIE [1-6]\.";
add_header 'Content-Security-Policy' 'upgrade-insecure-requests';
add_header X-Cache-Status $upstream_cache_status;
add_header Cache-Control "public";
#Cache everything by default
set $no_cache 0;
#Don't cache POST requests
if ($request_method = POST)
{
set $no_cache 1;
}
#Don't cache if the URL contains a query string
if ($query_string != "")
{
set $no_cache 1;
}
#Don't cache the following URLs
if ($request_uri ~* "/(administrator/|wp-login.php)")
{
set $no_cache 1;
}
#Don't cache if there is a cookie called PHPSESSID
if ($http_cookie = "PHPSESSID")
{
set $no_cache 1;
}
location / {
# First attempt to serve request as file, then
# as directory, then fall back to index.php
try_files $uri $uri/ /index.php?$args;
proxy_set_header X-Forwarded-Proto $scheme;
fastcgi_param SUBDOMAIN $subdomain; # $_SERVER["SUBDOMAIN"]
include fastcgi_params;
fastcgi_cache MYAPP;
fastcgi_cache_valid 200 302 60m;
fastcgi_cache_valid 301 1h;
fastcgi_cache_valid any 1m;
fastcgi_cache_bypass $no_cache;
fastcgi_no_cache $no_cache;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/subdomain/$subdomain;
}
# pass the PHP scripts to FastCGI server listening on socket
#
#~ \.php$
location ~ [^/]\.php(/|$) {
proxy_set_header X-Forwarded-Proto $scheme;
try_files $uri $uri/ /index.php?$args;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SUBDOMAIN $subdomain; # $_SERVER["SUBDOMAIN"]
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_cache MYAPP;
fastcgi_cache_valid 200 302 60m;
fastcgi_cache_valid 301 1h;
fastcgi_cache_valid any 1m;
fastcgi_cache_bypass $no_cache;
fastcgi_no_cache $no_cache;
}
location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ {
proxy_set_header X-Forwarded-Proto $scheme;
fastcgi_cache MYAPP;
fastcgi_cache_valid 200 302 60m;
fastcgi_cache_valid 301 1h;
fastcgi_cache_valid any 1m;
proxy_cache_background_update on;
proxy_cache_lock on;
}
# deny access to . files, for security
#
location ~ /\. {
log_not_found off;
deny all;
}
}
localhost.conf: |
server {
listen 80;
listen [::]:80;
server_name localhost;
root /usr/share/nginx/subdomain/www;
index index.php index.html index.htm;
sendfile off;
server_tokens off;
error_log /dev/stdout error;
access_log /dev/stdout;
# reduce the data that needs to be sent over network
gzip on;
gzip_min_length 10240;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css text/xml application/json text/javascript application/x-javascript application/xml;
gzip_disable "MSIE [1-6]\.";
add_header 'Content-Security-Policy' 'upgrade-insecure-requests';
add_header X-Cache-Status $upstream_cache_status;
add_header Cache-Control "public";
#Cache everything by default
set $no_cache 0;
#Don't cache POST requests
if ($request_method = POST)
{
set $no_cache 1;
}
#Don't cache if the URL contains a query string
if ($query_string != "")
{
set $no_cache 1;
}
#Don't cache the following URLs
if ($request_uri ~* "/(administrator/|wp-login.php)")
{
set $no_cache 1;
}
#Don't cache if there is a cookie called PHPSESSID
if ($http_cookie = "PHPSESSID")
{
set $no_cache 1;
}
location / {
# First attempt to serve request as file, then
# as directory, then fall back to index.php
try_files $uri $uri/ /index.php?$args;
proxy_set_header X-Forwarded-Proto $scheme;
fastcgi_param SUBDOMAIN www; # $_SERVER["SUBDOMAIN"]
include fastcgi_params;
fastcgi_cache MYAPP;
fastcgi_cache_valid 200 302 60m;
fastcgi_cache_valid 301 1h;
fastcgi_cache_valid any 1m;
fastcgi_cache_bypass $no_cache;
fastcgi_no_cache $no_cache;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/subdomain/www;
}
# pass the PHP scripts to FastCGI server listening on socket
#
#~ \.php$
location ~ [^/]\.php(/|$) {
proxy_set_header X-Forwarded-Proto $scheme;
try_files $uri $uri/ /index.php?$args;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SUBDOMAIN www; # $_SERVER["SUBDOMAIN"]
fastcgi_cache MYAPP;
fastcgi_cache_valid 200 302 60m;
fastcgi_cache_valid 301 1h;
fastcgi_cache_valid any 1m;
fastcgi_cache_bypass $no_cache;
fastcgi_no_cache $no_cache;
}
location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ {
proxy_set_header X-Forwarded-Proto $scheme;
fastcgi_cache MYAPP;
fastcgi_cache_valid 200 302 60m;
fastcgi_cache_valid 301 1h;
fastcgi_cache_valid any 1m;
proxy_cache_background_update on;
proxy_cache_lock on;
}
# deny access to . files, for security
#
location ~ /\. {
log_not_found off;
deny all;
}
}

13
build/dev-org/medicalalert-web-hpa.yml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: autoscaling/v1
kind: HorizontalPodAutoscaler
metadata:
name: medicalalert-web-hpa
namespace: caresage-web
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: medicalalert-web
minReplicas: 1
maxReplicas: 1
targetCPUUtilizationPercentage: 70

13
build/dev-org/pvc.yml Normal file
View File

@@ -0,0 +1,13 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: efs-claim-medicalalert
namespace: caresage-web
spec:
accessModes:
- ReadWriteMany
storageClassName: efs-sc
resources:
requests:
storage: 10Gi

13
build/dev-org/secrets.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: v1
data:
CACHE_PASSWORD: UU1FRVQ0ZG15VlE4OXZKWUFSUjdQQXhoUU1FRVQ0ZG15VlE4OXZKWUFSUjdQQXho
DB_PASSWORD: cGFudGhlb24=
TOKEN: QVRDVFQzeEZmR04wbXpCZjF4NDVaSkVIa3l0eWVYX0NvWXJRSHJwbHk4RlUzWG1wTjZHcGNjNHU5RzB5bW5DMzg2SjFQUTFSR3Z3VG10QWN3WUVmc2s5MGt4UDQxVEc3Q0xhSWwtYUs2cFRTY0NqYVVQcUdOY3phWEFxdVFXaGhlWjc5d1FXa3dTd2J6NDVhY1Z4T21ZZWtpTFlIU21TMTBsWV9ibF9wZ1ZxbG9kMVFxSy1uYmV3PTg4NjIyMEM3
kind: Secret
metadata:
annotations:
labels:
app: medicalalert-web
name: medicalalert-web-secrets
namespace: caresage-web
type: Opaque

16
build/dev-org/service.yml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: v1
kind: Service
metadata:
name: medicalalert-web
namespace: caresage-web
labels:
app: medicalalert-web
spec:
type: NodePort
selector:
app: medicalalert-web
ports:
- protocol: TCP
port: 80
targetPort: 80
nodePort: 30846

13
build/dev-org/storageclass.yaml Normal file
View File

@@ -0,0 +1,13 @@
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: efs-sc
provisioner: efs.csi.aws.com
parameters:
provisioningMode: efs-ap
# reclaimPolicy: Retain
fileSystemId: fs-01d898a0e680dbd45
directoryPerms: "700"
gidRangeStart: "1000" # optional
gidRangeEnd: "2000" # optional
basePath: "/dynamic_provisioning" # optional

13
build/dev/configmap.yaml
View File

@@ -1,17 +1,18 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: medicalalert-web-cm
namespace: caresage-web
name: lifeline-web-cm
namespace: lifeline-web
labels:
app: medicalalert-web
app: lifeline-web
data:
DB_HOST: dev-medicalalert-ecommerce.c5om7w6xopq1.us-east-1.rds.amazonaws.com
DB_HOST: dev-lifeline-ecommerce.c5om7w6xopq1.us-east-1.rds.amazonaws.com
ENV: dev
WP_DEBUG: "false"
DB_CHARSET: utf8
DB_COLLATE: utf8_general_ci
CACHE_HOST: master.redis-cache-all-be-caresage.cqsmse.use1.cache.amazonaws.com
CACHE_PORT: "6379"
DB_NAME: "pantheon"
DB_USER: "pantheon"
DB_USER: pantheon
DB_NAME: pantheon
SUBDB_NAME: dev03

64
build/dev/deployment.tpl
View File

@@ -4,16 +4,16 @@ metadata:
annotations:
deployment.kubernetes.io/revision: "11"
labels:
app: medicalalert-web
name: medicalalert-web
namespace: caresage-web
app: lifeline-web
name: lifeline-web
namespace: lifeline-web
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app: medicalalert-web
app: lifeline-web
strategy:
rollingUpdate:
maxSurge: 25%
@@ -25,7 +25,7 @@ spec:
kubectl.kubernetes.io/restartedAt: "2023-06-08T17:04:19-04:00"
creationTimestamp: null
labels:
app: medicalalert-web
app: lifeline-web
spec:
affinity:
nodeAffinity:
@@ -41,30 +41,40 @@ spec:
- env:
- name: ENVIRONMENT
value: "$ENV"
image: 716593996126.dkr.ecr.us-east-1.amazonaws.com/medicalalert-web:$VERSION
image: 716593996126.dkr.ecr.us-east-1.amazonaws.com/lifeline-web:$VERSION
envFrom:
- secretRef:
name: medicalalert-web-secrets
name: lifeline-web-secrets
- configMapRef:
name: medicalalert-web-cm
name: lifeline-web-cm
imagePullPolicy: Always
name: medicalalert-web
name: lifeline-web
ports:
- containerPort: 80
name: http
protocol: TCP
resources:
limits:
cpu: 200m
memory: 300Mi
cpu: 500m
memory: 700Mi
requests:
cpu: 100m
memory: 100Mi
cpu: 300m
memory: 500Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /usr/share/nginx/html/wp-content/uploads
- mountPath: /usr/share/nginx/subdomain/www/wp-content/uploads
name: persistent-storage
- mountPath: /usr/share/nginx/subdomain/dev01
name: persistent-storage-dev01
- mountPath: /usr/share/nginx/subdomain/dev02
name: persistent-storage-dev02
- mountPath: /usr/share/nginx/subdomain/dev03
name: persistent-storage-dev03
- mountPath: /usr/share/nginx/subdomain/dev04
name: persistent-storage-dev04
- mountPath: /usr/share/nginx/subdomain/dev05
name: persistent-storage-dev05
- mountPath: /etc/nginx/conf.d/
name: default-conf
dnsPolicy: ClusterFirst
@@ -78,15 +88,23 @@ spec:
volumes:
- name: persistent-storage
persistentVolumeClaim:
claimName: efs-claim
claimName: efs-claim-lifeline
- name: persistent-storage-dev01
persistentVolumeClaim:
claimName: efs-claim-lifeline-dev01
- name: persistent-storage-dev02
persistentVolumeClaim:
claimName: efs-claim-lifeline-dev02
- name: persistent-storage-dev03
persistentVolumeClaim:
claimName: efs-claim-lifeline-dev03
- name: persistent-storage-dev04
persistentVolumeClaim:
claimName: efs-claim-lifeline-dev04
- name: persistent-storage-dev05
persistentVolumeClaim:
claimName: efs-claim-lifeline-dev05
- name: default-conf
configMap:
defaultMode: 420
name: medicalalert-web-default-conf-cm
name: lifeline-web-default-conf-cm

14
build/dev/jobs.tpl
View File

@@ -2,11 +2,12 @@ apiVersion: batch/v1
kind: Job
metadata:
name: common-jobs
namespace: caresage-exec
namespace: lifeline-web
labels:
app: lifeline-web
rds: enable
spec:
ttlSecondsAfterFinished: 10
template:
metadata:
labels:
@@ -25,18 +26,18 @@ spec:
- arm64
containers:
- name: common-jobs
image: bitnami/percona-xtrabackup:latest
image: ubuntu:latest
envFrom:
- secretRef:
name: lifeline-web-secrets
- configMapRef:
name: lifeline-web-cm
command: ["bash"]
command: ["bash"]
args:
- -c
- cp -rf /usr/share/nginx/html/wp-content/uploads/common-jobs.sh /root/ && /root/common-jobs.sh $JOBNAME
- cp -rf /usr/share/nginx/subdomain/www/wp-content/uploads/common-jobs.sh /root/ && chmod 755 /root/common-jobs.sh && /root/common-jobs.sh $JOBNAME
volumeMounts:
- mountPath: /usr/share/nginx/html/wp-content/uploads
- mountPath: /usr/share/nginx/subdomain/www/wp-content/uploads
name: persistent-storage
imagePullSecrets:
- name: regcred
@@ -46,5 +47,4 @@ spec:
volumes:
- name: persistent-storage
persistentVolumeClaim:
claimName: efs-claim
claimName: efs-claim-lifeline

285
build/dev/lifeline-web-default-conf-cm.yaml Normal file
View File

@@ -0,0 +1,285 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: lifeline-web-default-conf-cm
namespace: lifeline-web
labels:
app: lifeline-web
data:
default.conf: |
# ---------------------
fastcgi_cache_path /var/lib/nginx/cache levels=1:2 keys_zone=MYAPP:100m inactive=60m;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
# -----------------------------------------
fastcgi_intercept_errors on;
fastcgi_ignore_client_abort on;
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
fastcgi_read_timeout 120;
#fastcgi_index index.php;
# --------------------------------
# Only cache positive responses
proxy_cache_valid 200 1h;
proxy_cache_valid 301 302 15m;
server {
listen 80 default; ## listen for ipv4; this line is default and implied
listen [::]:80 default ipv6only=on; ## listen for ipv6
server_name dev-lifeline.com "";
return 301 https://www.$host$request_uri;
root /usr/share/nginx/subdomain/www;
index index.php index.html index.htm;
}
subdomain.conf: |
server {
listen 80;
listen [::]:80;
server_name ~^(?<subdomain>.+)\.dev-lifeline\.com$;
if ($http_x_forwarded_proto != 'https') {
return 301 https://$host$request_uri;
}
root /usr/share/nginx/subdomain/$subdomain;
index index.php index.html index.htm;
sendfile off;
# Security - Hide nginx version number in error pages and Server header
server_tokens off;
# Add stdout logging
error_log /dev/stdout error;
access_log /dev/stdout;
# reduce the data that needs to be sent over network
gzip on;
gzip_min_length 10240;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css text/xml application/json text/javascript application/x-javascript application/xml;
gzip_disable "MSIE [1-6]\.";
add_header 'Content-Security-Policy' 'upgrade-insecure-requests';
add_header X-Cache-Status $upstream_cache_status;
add_header Cache-Control "public";
#Cache everything by default
set $no_cache 0;
#Don't cache POST requests
if ($request_method = POST)
{
set $no_cache 1;
}
#Don't cache if the URL contains a query string
if ($query_string != "")
{
set $no_cache 1;
}
#Don't cache the following URLs
if ($request_uri ~* "/(administrator/|wp-login.php)")
{
set $no_cache 1;
}
#Don't cache if there is a cookie called PHPSESSID
if ($http_cookie = "PHPSESSID")
{
set $no_cache 1;
}
location / {
# First attempt to serve request as file, then
# as directory, then fall back to index.php
try_files $uri $uri/ /index.php?$args;
proxy_set_header X-Forwarded-Proto $scheme;
fastcgi_param SUBDOMAIN $subdomain; # $_SERVER["SUBDOMAIN"]
include fastcgi_params;
fastcgi_cache MYAPP;
fastcgi_cache_valid 200 302 60m;
fastcgi_cache_valid 301 1h;
fastcgi_cache_valid any 1m;
fastcgi_cache_bypass $no_cache;
fastcgi_no_cache $no_cache;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/subdomain/$subdomain;
}
# pass the PHP scripts to FastCGI server listening on socket
#
#~ \.php$
location ~ [^/]\.php(/|$) {
proxy_set_header X-Forwarded-Proto $scheme;
try_files $uri $uri/ /index.php?$args;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SUBDOMAIN $subdomain; # $_SERVER["SUBDOMAIN"]
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_cache MYAPP;
fastcgi_cache_valid 200 302 60m;
fastcgi_cache_valid 301 1h;
fastcgi_cache_valid any 1m;
fastcgi_cache_bypass $no_cache;
fastcgi_no_cache $no_cache;
}
location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ {
proxy_set_header X-Forwarded-Proto $scheme;
fastcgi_cache MYAPP;
fastcgi_cache_valid 200 302 60m;
fastcgi_cache_valid 301 1h;
fastcgi_cache_valid any 1m;
proxy_cache_background_update on;
proxy_cache_lock on;
}
# deny access to . files, for security
#
location ~ /\. {
log_not_found off;
deny all;
}
}
localhost.conf: |
server {
listen 80;
listen [::]:80;
server_name localhost;
root /usr/share/nginx/subdomain/www;
index index.php index.html index.htm;
sendfile off;
server_tokens off;
error_log /dev/stdout error;
access_log /dev/stdout;
# reduce the data that needs to be sent over network
gzip on;
gzip_min_length 10240;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css text/xml application/json text/javascript application/x-javascript application/xml;
gzip_disable "MSIE [1-6]\.";
add_header 'Content-Security-Policy' 'upgrade-insecure-requests';
add_header X-Cache-Status $upstream_cache_status;
add_header Cache-Control "public";
#Cache everything by default
set $no_cache 0;
#Don't cache POST requests
if ($request_method = POST)
{
set $no_cache 1;
}
#Don't cache if the URL contains a query string
if ($query_string != "")
{
set $no_cache 1;
}
#Don't cache the following URLs
if ($request_uri ~* "/(administrator/|wp-login.php)")
{
set $no_cache 1;
}
#Don't cache if there is a cookie called PHPSESSID
if ($http_cookie = "PHPSESSID")
{
set $no_cache 1;
}
location / {
# First attempt to serve request as file, then
# as directory, then fall back to index.php
try_files $uri $uri/ /index.php?$args;
proxy_set_header X-Forwarded-Proto $scheme;
fastcgi_param SUBDOMAIN www; # $_SERVER["SUBDOMAIN"]
include fastcgi_params;
fastcgi_cache MYAPP;
fastcgi_cache_valid 200 302 60m;
fastcgi_cache_valid 301 1h;
fastcgi_cache_valid any 1m;
fastcgi_cache_bypass $no_cache;
fastcgi_no_cache $no_cache;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/subdomain/www;
}
# pass the PHP scripts to FastCGI server listening on socket
#
#~ \.php$
location ~ [^/]\.php(/|$) {
proxy_set_header X-Forwarded-Proto $scheme;
try_files $uri $uri/ /index.php?$args;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SUBDOMAIN www; # $_SERVER["SUBDOMAIN"]
fastcgi_cache MYAPP;
fastcgi_cache_valid 200 302 60m;
fastcgi_cache_valid 301 1h;
fastcgi_cache_valid any 1m;
fastcgi_cache_bypass $no_cache;
fastcgi_no_cache $no_cache;
}
location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ {
proxy_set_header X-Forwarded-Proto $scheme;
fastcgi_cache MYAPP;
fastcgi_cache_valid 200 302 60m;
fastcgi_cache_valid 301 1h;
fastcgi_cache_valid any 1m;
proxy_cache_background_update on;
proxy_cache_lock on;
}
# deny access to . files, for security
#
location ~ /\. {
log_not_found off;
deny all;
}
}

13
build/dev/lifeline-web-hpa.yml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: autoscaling/v1
kind: HorizontalPodAutoscaler
metadata:
name: lifeline-web-hpa
namespace: lifeline-web
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: lifeline-web
minReplicas: 1
maxReplicas: 1
targetCPUUtilizationPercentage: 70

168
build/dev/medicalalert-web-default-conf-cm-image.yaml
View File

@@ -1,168 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: medicalalert-web-default-conf-cm
namespace: caresage-web
labels:
app: medicalalert-web
data:
default.conf: |
# ---------------------
fastcgi_cache_path /var/lib/nginx/cache levels=1:2 keys_zone=MYAPP:100m inactive=60m;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
# Only cache positive responses
proxy_cache_valid 200 1h;
proxy_cache_valid 301 302 15m;
server {
listen 80; ## listen for ipv4; this line is default and implied
listen [::]:80 default ipv6only=on; ## listen for ipv6
# if ($http_x_forwarded_proto != 'https') {
#set $cond A;
#}
#if ($http_host ~ ^localhost) {
#set $cond "${cond}B";
#if ($cond = AB) {
# return 301 http://$host$request_uri;
#}
if ($http_x_forwarded_proto != 'https') {
return 301 https://$host$request_uri;
}
root /usr/share/nginx/html;
index index.php index.html index.htm;
# Make site accessible from http://localhost/
server_name localhost;
#server_name local.lifeline-prod.com;
# Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtualbox.html
sendfile off;
# Security - Hide nginx version number in error pages and Server header
server_tokens off;
# Add stdout logging
error_log /dev/stdout error;
access_log /dev/stdout;
# reduce the data that needs to be sent over network
gzip on;
gzip_min_length 10240;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css text/xml application/json text/javascript application/x-javascript application/xml;
gzip_disable "MSIE [1-6]\.";
add_header 'Content-Security-Policy' 'upgrade-insecure-requests';
add_header X-Cache-Status $upstream_cache_status;
add_header Cache-Control "public";
#Cache everything by default
set $no_cache 0;
#Don't cache POST requests
if ($request_method = POST)
{
set $no_cache 1;
}
#Don't cache if the URL contains a query string
if ($query_string != "")
{
set $no_cache 1;
}
#Don't cache the following URLs
if ($request_uri ~* "/(administrator/|wp-login.php)")
{
set $no_cache 1;
}
#Don't cache if there is a cookie called PHPSESSID
if ($http_cookie = "PHPSESSID")
{
set $no_cache 1;
}
location / {
# First attempt to serve request as file, then
# as directory, then fall back to index.php
try_files $uri $uri/ /index.php?$args;
proxy_set_header X-Forwarded-Proto $scheme;
#proxy_cache cache;
#proxy_cache_background_update on;
#proxy_cache_lock on;
#proxy_cache_revalidate on;
include /etc/nginx/fastcgi_params;
fastcgi_cache MYAPP;
fastcgi_cache_valid 200 302 60m;
fastcgi_cache_valid 301 1h;
fastcgi_cache_valid any 1m;
fastcgi_cache_bypass $no_cache;
fastcgi_no_cache $no_cache;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# pass the PHP scripts to FastCGI server listening on socket
#
#~ \.php$
location ~ [^/]\.php(/|$) {
#try_files $uri $uri/ /index.php?$query_string;
proxy_set_header X-Forwarded-Proto $scheme;
#proxy_cache cache;
#proxy_cache_background_update on;
#proxy_cache_lock on;
#proxy_cache_revalidate on;
try_files $uri $uri/ /index.php?$args;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_cache MYAPP;
fastcgi_cache_valid 200 302 60m;
fastcgi_cache_valid 301 1h;
fastcgi_cache_valid any 1m;
fastcgi_cache_bypass $no_cache;
fastcgi_no_cache $no_cache;
}
location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ {
proxy_set_header X-Forwarded-Proto $scheme;
fastcgi_cache MYAPP;
fastcgi_cache_valid 200 302 60m;
fastcgi_cache_valid 301 1h;
fastcgi_cache_valid any 1m;
proxy_cache_background_update on;
proxy_cache_lock on;
access_log off;
expires max;
}
# deny access to . files, for security
#
location ~ /\. {
log_not_found off;
deny all;
}
}

188
build/dev/medicalalert-web-default-conf-cm.yaml
View File

@@ -2,7 +2,7 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: medicalalert-web-default-conf-cm
namespace: caresage-web
namespace: medicalalert-web
labels:
app: medicalalert-web
data:
@@ -11,39 +11,47 @@ data:
# ---------------------
fastcgi_cache_path /var/lib/nginx/cache levels=1:2 keys_zone=MYAPP:100m inactive=60m;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
# -----------------------------------------
fastcgi_intercept_errors on;
fastcgi_ignore_client_abort on;
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
fastcgi_read_timeout 120;
#fastcgi_index index.php;
# --------------------------------
# Only cache positive responses
proxy_cache_valid 200 1h;
proxy_cache_valid 301 302 15m;
server {
listen 80; ## listen for ipv4; this line is default and implied
listen 80 default; ## listen for ipv4; this line is default and implied
listen [::]:80 default ipv6only=on; ## listen for ipv6
# if ($http_x_forwarded_proto != 'https') {
#set $cond A;
#}
#if ($http_host ~ ^localhost) {
#set $cond "${cond}B";
server_name dev-medicalalert.com "";
#if ($cond = AB) {
# return 301 http://$host$request_uri;
#}
return 301 https://www.$host$request_uri;
if ($http_x_forwarded_proto != 'https') {
root /usr/share/nginx/subdomain/www;
index index.php index.html index.htm;
}
subdomain.conf: |
server {
listen 80;
listen [::]:80;
server_name ~^(?<subdomain>.+)\.dev-medicalalert\.com$;
if ($http_x_forwarded_proto != 'https') {
return 301 https://$host$request_uri;
}
root /usr/share/nginx/html;
root /usr/share/nginx/subdomain/$subdomain;
index index.php index.html index.htm;
# Make site accessible from http://localhost/
server_name localhost;
#server_name local.lifeline-prod.com;
# Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtualbox.html
sendfile off;
# Security - Hide nginx version number in error pages and Server header
@@ -95,11 +103,8 @@ data:
# as directory, then fall back to index.php
try_files $uri $uri/ /index.php?$args;
proxy_set_header X-Forwarded-Proto $scheme;
#proxy_cache cache;
#proxy_cache_background_update on;
#proxy_cache_lock on;
#proxy_cache_revalidate on;
include /etc/nginx/fastcgi_params;
fastcgi_param SUBDOMAIN $subdomain; # $_SERVER["SUBDOMAIN"]
include fastcgi_params;
fastcgi_cache MYAPP;
fastcgi_cache_valid 200 302 60m;
fastcgi_cache_valid 301 1h;
@@ -113,19 +118,14 @@ data:
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
root /usr/share/nginx/subdomain/$subdomain;
}
# pass the PHP scripts to FastCGI server listening on socket
#
#~ \.php$
location ~ [^/]\.php(/|$) {
#try_files $uri $uri/ /index.php?$query_string;
proxy_set_header X-Forwarded-Proto $scheme;
#proxy_cache cache;
#proxy_cache_background_update on;
#proxy_cache_lock on;
#proxy_cache_revalidate on;
try_files $uri $uri/ /index.php?$args;
if (!-f $document_root$fastcgi_script_name) {
return 404;
@@ -134,7 +134,8 @@ data:
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
include fastcgi_params;
fastcgi_param SUBDOMAIN $subdomain; # $_SERVER["SUBDOMAIN"]
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_cache MYAPP;
@@ -163,3 +164,122 @@ data:
}
}
localhost.conf: |
server {
listen 80;
listen [::]:80;
server_name localhost;
root /usr/share/nginx/subdomain/www;
index index.php index.html index.htm;
sendfile off;
server_tokens off;
error_log /dev/stdout error;
access_log /dev/stdout;
# reduce the data that needs to be sent over network
gzip on;
gzip_min_length 10240;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css text/xml application/json text/javascript application/x-javascript application/xml;
gzip_disable "MSIE [1-6]\.";
add_header 'Content-Security-Policy' 'upgrade-insecure-requests';
add_header X-Cache-Status $upstream_cache_status;
add_header Cache-Control "public";
#Cache everything by default
set $no_cache 0;
#Don't cache POST requests
if ($request_method = POST)
{
set $no_cache 1;
}
#Don't cache if the URL contains a query string
if ($query_string != "")
{
set $no_cache 1;
}
#Don't cache the following URLs
if ($request_uri ~* "/(administrator/|wp-login.php)")
{
set $no_cache 1;
}
#Don't cache if there is a cookie called PHPSESSID
if ($http_cookie = "PHPSESSID")
{
set $no_cache 1;
}
location / {
# First attempt to serve request as file, then
# as directory, then fall back to index.php
try_files $uri $uri/ /index.php?$args;
proxy_set_header X-Forwarded-Proto $scheme;
fastcgi_param SUBDOMAIN www; # $_SERVER["SUBDOMAIN"]
include fastcgi_params;
fastcgi_cache MYAPP;
fastcgi_cache_valid 200 302 60m;
fastcgi_cache_valid 301 1h;
fastcgi_cache_valid any 1m;
fastcgi_cache_bypass $no_cache;
fastcgi_no_cache $no_cache;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/subdomain/www;
}
# pass the PHP scripts to FastCGI server listening on socket
#
#~ \.php$
location ~ [^/]\.php(/|$) {
proxy_set_header X-Forwarded-Proto $scheme;
try_files $uri $uri/ /index.php?$args;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SUBDOMAIN www; # $_SERVER["SUBDOMAIN"]
fastcgi_cache MYAPP;
fastcgi_cache_valid 200 302 60m;
fastcgi_cache_valid 301 1h;
fastcgi_cache_valid any 1m;
fastcgi_cache_bypass $no_cache;
fastcgi_no_cache $no_cache;
}
location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ {
proxy_set_header X-Forwarded-Proto $scheme;
fastcgi_cache MYAPP;
fastcgi_cache_valid 200 302 60m;
fastcgi_cache_valid 301 1h;
fastcgi_cache_valid any 1m;
proxy_cache_background_update on;
proxy_cache_lock on;
}
# deny access to . files, for security
#
location ~ /\. {
log_not_found off;
deny all;
}
}

43
build/dev/pod.tpl Normal file
View File

@@ -0,0 +1,43 @@
apiVersion: v1
kind: Pod
metadata:
name: common-job-pod
namespace: lifeline-web
labels:
app: lifeline-web
rds: enable
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- amd64
- arm64
containers:
- name: common-job
image: ubuntu:latest
envFrom:
- secretRef:
name: lifeline-web-secrets
- configMapRef:
name: lifeline-web-cm
command: ["bash"]
args:
- -c
- sleep infinity
volumeMounts:
- mountPath: /usr/share/nginx/subdomain/www/wp-content/uploads
name: persistent-storage
imagePullSecrets:
- name: regcred
nodeSelector:
kubernetes.io/os: linux
restartPolicy: Never
volumes:
- name: persistent-storage
persistentVolumeClaim:
claimName: efs-claim-lifeline

72
build/dev/pvc.yml
View File

@@ -1,13 +1,77 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: efs-claim-lifeline
namespace: lifeline-web
spec:
accessModes:
- ReadWriteMany
storageClassName: efs-sc
resources:
requests:
storage: 5Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: efs-claim-medicalalert
namespace: caresage-web
name: efs-claim-lifeline-dev05
namespace: lifeline-web
spec:
accessModes:
- ReadWriteMany
- ReadWriteMany
storageClassName: efs-sc
resources:
requests:
storage: 10Gi
storage: 3Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: efs-claim-lifeline-dev04
namespace: lifeline-web
spec:
accessModes:
- ReadWriteMany
storageClassName: efs-sc
resources:
requests:
storage: 3Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: efs-claim-lifeline-dev03
namespace: lifeline-web
spec:
accessModes:
- ReadWriteMany
storageClassName: efs-sc
resources:
requests:
storage: 3Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: efs-claim-lifeline-dev02
namespace: lifeline-web
spec:
accessModes:
- ReadWriteMany
storageClassName: efs-sc
resources:
requests:
storage: 3Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: efs-claim-lifeline-dev01
namespace: lifeline-web
spec:
accessModes:
- ReadWriteMany
storageClassName: efs-sc
resources:
requests:
storage: 3Gi

15
build/dev/secrets.yaml
View File

@@ -1,13 +1,12 @@
apiVersion: v1
data:
CACHE_PASSWORD: UU1FRVQ0ZG15VlE4OXZKWUFSUjdQQXhoUU1FRVQ0ZG15VlE4OXZKWUFSUjdQQXho
DB_PASSWORD: cGFudGhlb24=
TOKEN: QVRDVFQzeEZmR04wbXpCZjF4NDVaSkVIa3l0eWVYX0NvWXJRSHJwbHk4RlUzWG1wTjZHcGNjNHU5RzB5bW5DMzg2SjFQUTFSR3Z3VG10QWN3WUVmc2s5MGt4UDQxVEc3Q0xhSWwtYUs2cFRTY0NqYVVQcUdOY3phWEFxdVFXaGhlWjc5d1FXa3dTd2J6NDVhY1Z4T21ZZWtpTFlIU21TMTBsWV9ibF9wZ1ZxbG9kMVFxSy1uYmV3PTg4NjIyMEM3
kind: Secret
metadata:
annotations:
name: lifeline-web-secrets
namespace: lifeline-web
labels:
app: medicalalert-web
name: medicalalert-web-secrets
namespace: caresage-web
app: lifeline-web
type: Opaque
data:
DB_PASSWORD: cGFudGhlb24=
CACHE_PASSWORD: UU1FRVQ0ZG15VlE4OXZKWUFSUjdQQXhoUU1FRVQ0ZG15VlE4OXZKWUFSUjdQQXho
TOKEN: QVRDVFQzeEZmR04wbXpCZjF4NDVaSkVIa3l0eWVYX0NvWXJRSHJwbHk4RlUzWG1wTjZHcGNjNHU5RzB5bW5DMzg2SjFQUTFSR3Z3VG10QWN3WUVmc2s5MGt4UDQxVEc3Q0xhSWwtYUs2cFRTY0NqYVVQcUdOY3phWEFxdVFXaGhlWjc5d1FXa3dTd2J6NDVhY1Z4T21ZZWtpTFlIU21TMTBsWV9ibF9wZ1ZxbG9kMVFxSy1uYmV3PTg4NjIyMEM3

10
build/dev/service.yml
View File

@@ -1,16 +1,16 @@
apiVersion: v1
kind: Service
metadata:
name: medicalalert-web
namespace: caresage-web
name: lifeline-web
namespace: lifeline-web
labels:
app: medicalalert-web
app: lifeline-web
spec:
type: NodePort
selector:
app: medicalalert-web
app: lifeline-web
ports:
- protocol: TCP
port: 80
targetPort: 80
nodePort: 30846
nodePort: 30843

4
build/dev/storageclass.yaml
View File

@@ -3,9 +3,11 @@ apiVersion: storage.k8s.io/v1
metadata:
name: efs-sc
provisioner: efs.csi.aws.com
#reclaimPolicy: Retain
allowVolumeExpansion: true
volumeBindingMode: Immediate
parameters:
provisioningMode: efs-ap
# reclaimPolicy: Retain
fileSystemId: fs-01d898a0e680dbd45
directoryPerms: "700"
gidRangeStart: "1000" # optional

17
build/qa/configmap.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: medicalalert-web-cm
namespace: caresage-web
labels:
app: medicalalert-web
data:
DB_HOST: dev-medicalalert-ecommerce.c5om7w6xopq1.us-east-1.rds.amazonaws.com
ENV: dev
WP_DEBUG: "false"
DB_CHARSET: utf8
DB_COLLATE: utf8_general_ci
CACHE_HOST: master.redis-cache-all-be-caresage.cqsmse.use1.cache.amazonaws.com
CACHE_PORT: "6379"
DB_NAME: "pantheon"
DB_USER: "pantheon"

92
build/qa/deployment.tpl Normal file
View File

@@ -0,0 +1,92 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: "11"
labels:
app: medicalalert-web
name: medicalalert-web
namespace: caresage-web
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app: medicalalert-web
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
annotations:
kubectl.kubernetes.io/restartedAt: "2023-06-08T17:04:19-04:00"
creationTimestamp: null
labels:
app: medicalalert-web
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- amd64
- arm64
containers:
- env:
- name: ENVIRONMENT
value: "$ENV"
image: 716593996126.dkr.ecr.us-east-1.amazonaws.com/medicalalert-web:$VERSION
envFrom:
- secretRef:
name: medicalalert-web-secrets
- configMapRef:
name: medicalalert-web-cm
imagePullPolicy: Always
name: medicalalert-web
ports:
- containerPort: 80
name: http
protocol: TCP
resources:
limits:
cpu: 200m
memory: 300Mi
requests:
cpu: 100m
memory: 100Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /usr/share/nginx/html/wp-content/uploads
name: persistent-storage
- mountPath: /etc/nginx/conf.d/
name: default-conf
dnsPolicy: ClusterFirst
imagePullSecrets:
- name: regcred
nodeSelector:
kubernetes.io/os: linux
restartPolicy: Always
schedulerName: default-scheduler
terminationGracePeriodSeconds: 30
volumes:
- name: persistent-storage
persistentVolumeClaim:
claimName: efs-claim
- name: default-conf
configMap:
defaultMode: 420
name: medicalalert-web-default-conf-cm

98
build/qa/deployment.yml Normal file
View File

@@ -0,0 +1,98 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: "11"
labels:
app: medicalalert-web
name: medicalalert-web
namespace: caresage-web
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app: medicalalert-web
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
annotations:
kubectl.kubernetes.io/restartedAt: "2023-06-08T17:04:19-04:00"
creationTimestamp: null
labels:
app: medicalalert-web
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- amd64
- arm64
containers:
- env:
- name: ENVIRONMENT
value: dev
image: 716593996126.dkr.ecr.us-east-1.amazonaws.com/medicalalert-web:v01
envFrom:
- secretRef:
name: medicalalert-web-secrets
- configMapRef:
name: medicalalert-web-cm
imagePullPolicy: Always
name: medicalalert-web
ports:
- containerPort: 80
name: http
protocol: TCP
resources:
limits:
cpu: 200m
memory: 300Mi
requests:
cpu: 100m
memory: 100Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /usr/share/nginx/html/wp-content/uploads
name: persistent-storage
- mountPath: /etc/nginx/conf.d/
name: default-conf
- mountPath: /var/lib/nginx/cache
name: cache
dnsPolicy: ClusterFirst
imagePullSecrets:
- name: regcred
nodeSelector:
kubernetes.io/os: linux
restartPolicy: Always
schedulerName: default-scheduler
terminationGracePeriodSeconds: 30
volumes:
- name: persistent-storage
persistentVolumeClaim:
claimName: efs-claim-medicalalert
- name: default-conf
configMap:
defaultMode: 420
name: medicalalert-web-default-conf-cm
- name: cache
emptyDir: {}

50
build/qa/jobs.tpl Normal file
View File

@@ -0,0 +1,50 @@
apiVersion: batch/v1
kind: Job
metadata:
name: common-jobs
namespace: caresage-exec
labels:
app: lifeline-web
rds: enable
spec:
template:
metadata:
labels:
app: lifeline-web
rds: enable
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- amd64
- arm64
containers:
- name: common-jobs
image: bitnami/percona-xtrabackup:latest
envFrom:
- secretRef:
name: lifeline-web-secrets
- configMapRef:
name: lifeline-web-cm
command: ["bash"]
args:
- -c
- cp -rf /usr/share/nginx/html/wp-content/uploads/common-jobs.sh /root/ && /root/common-jobs.sh $JOBNAME
volumeMounts:
- mountPath: /usr/share/nginx/html/wp-content/uploads
name: persistent-storage
imagePullSecrets:
- name: regcred
nodeSelector:
kubernetes.io/os: linux
restartPolicy: Never
volumes:
- name: persistent-storage
persistentVolumeClaim:
claimName: efs-claim

285
build/qa/medicalalert-web-default-conf-cm.yaml Normal file
View File

@@ -0,0 +1,285 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: medicalalert-web-default-conf-cm
namespace: medicalalert-web
labels:
app: medicalalert-web
data:
default.conf: |
# ---------------------
fastcgi_cache_path /var/lib/nginx/cache levels=1:2 keys_zone=MYAPP:100m inactive=60m;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
# -----------------------------------------
fastcgi_intercept_errors on;
fastcgi_ignore_client_abort on;
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
fastcgi_read_timeout 120;
#fastcgi_index index.php;
# --------------------------------
# Only cache positive responses
proxy_cache_valid 200 1h;
proxy_cache_valid 301 302 15m;
server {
listen 80 default; ## listen for ipv4; this line is default and implied
listen [::]:80 default ipv6only=on; ## listen for ipv6
server_name qa-medicalalert.com "";
return 301 https://www.$host$request_uri;
root /usr/share/nginx/subdomain/www;
index index.php index.html index.htm;
}
subdomain.conf: |
server {
listen 80;
listen [::]:80;
server_name ~^(?<subdomain>.+)\.qa-medicalalert\.com$;
if ($http_x_forwarded_proto != 'https') {
return 301 https://$host$request_uri;
}
root /usr/share/nginx/subdomain/$subdomain;
index index.php index.html index.htm;
sendfile off;
# Security - Hide nginx version number in error pages and Server header
server_tokens off;
# Add stdout logging
error_log /dev/stdout error;
access_log /dev/stdout;
# reduce the data that needs to be sent over network
gzip on;
gzip_min_length 10240;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css text/xml application/json text/javascript application/x-javascript application/xml;
gzip_disable "MSIE [1-6]\.";
add_header 'Content-Security-Policy' 'upgrade-insecure-requests';
add_header X-Cache-Status $upstream_cache_status;
add_header Cache-Control "public";
#Cache everything by default
set $no_cache 0;
#Don't cache POST requests
if ($request_method = POST)
{
set $no_cache 1;
}
#Don't cache if the URL contains a query string
if ($query_string != "")
{
set $no_cache 1;
}
#Don't cache the following URLs
if ($request_uri ~* "/(administrator/|wp-login.php)")
{
set $no_cache 1;
}
#Don't cache if there is a cookie called PHPSESSID
if ($http_cookie = "PHPSESSID")
{
set $no_cache 1;
}
location / {
# First attempt to serve request as file, then
# as directory, then fall back to index.php
try_files $uri $uri/ /index.php?$args;
proxy_set_header X-Forwarded-Proto $scheme;
fastcgi_param SUBDOMAIN $subdomain; # $_SERVER["SUBDOMAIN"]
include fastcgi_params;
fastcgi_cache MYAPP;
fastcgi_cache_valid 200 302 60m;
fastcgi_cache_valid 301 1h;
fastcgi_cache_valid any 1m;
fastcgi_cache_bypass $no_cache;
fastcgi_no_cache $no_cache;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/subdomain/$subdomain;
}
# pass the PHP scripts to FastCGI server listening on socket
#
#~ \.php$
location ~ [^/]\.php(/|$) {
proxy_set_header X-Forwarded-Proto $scheme;
try_files $uri $uri/ /index.php?$args;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SUBDOMAIN $subdomain; # $_SERVER["SUBDOMAIN"]
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_cache MYAPP;
fastcgi_cache_valid 200 302 60m;
fastcgi_cache_valid 301 1h;
fastcgi_cache_valid any 1m;
fastcgi_cache_bypass $no_cache;
fastcgi_no_cache $no_cache;
}
location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ {
proxy_set_header X-Forwarded-Proto $scheme;
fastcgi_cache MYAPP;
fastcgi_cache_valid 200 302 60m;
fastcgi_cache_valid 301 1h;
fastcgi_cache_valid any 1m;
proxy_cache_background_update on;
proxy_cache_lock on;
}
# deny access to . files, for security
#
location ~ /\. {
log_not_found off;
deny all;
}
}
localhost.conf: |
server {
listen 80;
listen [::]:80;
server_name localhost;
root /usr/share/nginx/subdomain/www;
index index.php index.html index.htm;
sendfile off;
server_tokens off;
error_log /dev/stdout error;
access_log /dev/stdout;
# reduce the data that needs to be sent over network
gzip on;
gzip_min_length 10240;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css text/xml application/json text/javascript application/x-javascript application/xml;
gzip_disable "MSIE [1-6]\.";
add_header 'Content-Security-Policy' 'upgrade-insecure-requests';
add_header X-Cache-Status $upstream_cache_status;
add_header Cache-Control "public";
#Cache everything by default
set $no_cache 0;
#Don't cache POST requests
if ($request_method = POST)
{
set $no_cache 1;
}
#Don't cache if the URL contains a query string
if ($query_string != "")
{
set $no_cache 1;
}
#Don't cache the following URLs
if ($request_uri ~* "/(administrator/|wp-login.php)")
{
set $no_cache 1;
}
#Don't cache if there is a cookie called PHPSESSID
if ($http_cookie = "PHPSESSID")
{
set $no_cache 1;
}
location / {
# First attempt to serve request as file, then
# as directory, then fall back to index.php
try_files $uri $uri/ /index.php?$args;
proxy_set_header X-Forwarded-Proto $scheme;
fastcgi_param SUBDOMAIN www; # $_SERVER["SUBDOMAIN"]
include fastcgi_params;
fastcgi_cache MYAPP;
fastcgi_cache_valid 200 302 60m;
fastcgi_cache_valid 301 1h;
fastcgi_cache_valid any 1m;
fastcgi_cache_bypass $no_cache;
fastcgi_no_cache $no_cache;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/subdomain/www;
}
# pass the PHP scripts to FastCGI server listening on socket
#
#~ \.php$
location ~ [^/]\.php(/|$) {
proxy_set_header X-Forwarded-Proto $scheme;
try_files $uri $uri/ /index.php?$args;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SUBDOMAIN www; # $_SERVER["SUBDOMAIN"]
fastcgi_cache MYAPP;
fastcgi_cache_valid 200 302 60m;
fastcgi_cache_valid 301 1h;
fastcgi_cache_valid any 1m;
fastcgi_cache_bypass $no_cache;
fastcgi_no_cache $no_cache;
}
location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ {
proxy_set_header X-Forwarded-Proto $scheme;
fastcgi_cache MYAPP;
fastcgi_cache_valid 200 302 60m;
fastcgi_cache_valid 301 1h;
fastcgi_cache_valid any 1m;
proxy_cache_background_update on;
proxy_cache_lock on;
}
# deny access to . files, for security
#
location ~ /\. {
log_not_found off;
deny all;
}
}

13
build/qa/medicalalert-web-hpa.yml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: autoscaling/v1
kind: HorizontalPodAutoscaler
metadata:
name: medicalalert-web-hpa
namespace: caresage-web
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: medicalalert-web
minReplicas: 1
maxReplicas: 1
targetCPUUtilizationPercentage: 70

13
build/qa/pvc.yml Normal file
View File

@@ -0,0 +1,13 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: efs-claim-medicalalert
namespace: caresage-web
spec:
accessModes:
- ReadWriteMany
storageClassName: efs-sc
resources:
requests:
storage: 10Gi

13
build/qa/secrets.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: v1
data:
CACHE_PASSWORD: UU1FRVQ0ZG15VlE4OXZKWUFSUjdQQXhoUU1FRVQ0ZG15VlE4OXZKWUFSUjdQQXho
DB_PASSWORD: cGFudGhlb24=
TOKEN: QVRDVFQzeEZmR04wbXpCZjF4NDVaSkVIa3l0eWVYX0NvWXJRSHJwbHk4RlUzWG1wTjZHcGNjNHU5RzB5bW5DMzg2SjFQUTFSR3Z3VG10QWN3WUVmc2s5MGt4UDQxVEc3Q0xhSWwtYUs2cFRTY0NqYVVQcUdOY3phWEFxdVFXaGhlWjc5d1FXa3dTd2J6NDVhY1Z4T21ZZWtpTFlIU21TMTBsWV9ibF9wZ1ZxbG9kMVFxSy1uYmV3PTg4NjIyMEM3
kind: Secret
metadata:
annotations:
labels:
app: medicalalert-web
name: medicalalert-web-secrets
namespace: caresage-web
type: Opaque

16
build/qa/service.yml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: v1
kind: Service
metadata:
name: medicalalert-web
namespace: caresage-web
labels:
app: medicalalert-web
spec:
type: NodePort
selector:
app: medicalalert-web
ports:
- protocol: TCP
port: 80
targetPort: 80
nodePort: 30846

13
build/qa/storageclass.yaml Normal file
View File

@@ -0,0 +1,13 @@
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: efs-sc
provisioner: efs.csi.aws.com
parameters:
provisioningMode: efs-ap
# reclaimPolicy: Retain
fileSystemId: fs-01d898a0e680dbd45
directoryPerms: "700"
gidRangeStart: "1000" # optional
gidRangeEnd: "2000" # optional
basePath: "/dynamic_provisioning" # optional

162
common-jobs-bitbucket.sh Normal file
View File

@@ -0,0 +1,162 @@
#!/bin/bash
# Install the required packages #
# --------------------------------------------------------------
apk upgrade && apk add curl wget zip unzip
curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl && chmod +x ./kubectl && mv ./kubectl /usr/local/bin/kubectl
. ./setenv.sh
# ----------------------------------------------------------------------
export CLUSTER=caresage-eks-cluster-$ENV
export SUBDOMAIN=`echo $URL_DOMAIN | awk -F. '{print $1}'`
export APP=`echo $URL_DOMAIN | awk -F[.-] '{print $3}'`
export NAMESPACE=$APP-web
export REPO=$BITBUCKET_REPO_SLUG
# ---------------------------
echo "export SUBDOMAIN=`echo $URL_DOMAIN | awk -F. '{print $1}'`" >> setenv.sh
echo "export NEW_URL=https://$URL_DOMAIN" >> setenv.sh
echo "export APP=`echo $URL_DOMAIN | awk -F[.-] '{print $3}'`" >> setenv.sh
echo "export NAMESPACE=$APP-web" >> setenv.sh
echo "export REPO=$BITBUCKET_REPO_SLUG" >> setenv.sh
# ---------------------------------------------------------------
echo "JOBNAME -- $JOBNAME"
echo "ENV -- $ENV"
echo "CLUSTER -- $CLUSTER"
echo "VERSION -- $BITBUCKET_BUILD_NUMBER"
echo "RESTORE_VERSION -- $RESTORE_VERSION"
echo "URL_DOMAIN -- $URL_DOMAIN"
echo "SUBDOMAIN -- $SUBDOMAIN"
echo "VERSION -- $VERSION"
echo "RESTORE_VERSION -- $RESTORE_VERSION"
echo "DB_NAME -- $DB_NAME"
echo "MYSQL_FILE_NAME -- $MYSQL_FILE_NAME"
echo "STATIC_FILE_NAME -- $STATIC_FILE_NAME"
cat ./setenv.sh
# -------------------------------------------------------------------------------------------------------------------------
opt=$1
deploy_version=$2
case $opt in
subdomain_deploy)
echo "Deploy the wordpress source code fromo the branch to pvc mount of subdomain..."
aws eks update-kubeconfig --name caresage-eks-cluster-$ENV --region us-east-1
kubectl apply -f build/$ENV/pod.tpl && sleep 15 && echo pod-created
kubectl cp wp $NAMESPACE/common-job-pod:/tmp && echo "wp copy to /tmp done" || exit 9
kubectl cp setenv.sh $NAMESPACE/common-job-pod:/tmp/setenv.sh && echo "setenv copy done" || exit 9
kubectl exec common-job-pod -n $NAMESPACE -- sh -c 'chmod 755 /tmp/setenv.sh'
kubectl exec common-job-pod -n $NAMESPACE -- sh -c '. /tmp/setenv.sh ; cp -rf /tmp/wp/* /usr/share/nginx/subdomain/$SUBDOMAIN/'
echo $URL_DOMAIN | grep www && echo "maindomain $URL_DOMAIN" || kubectl delete po common-job-pod -n $NAMESPACE
;;
mysql-backup)
echo "Running mysql backup with s3..."
aws eks update-kubeconfig --name caresage-eks-cluster-$ENV --region us-east-1
kubectl apply -f build/$ENV/pod.tpl && sleep 15
kubectl cp setenv.sh $NAMESPACE/common-job-pod:/tmp/setenv.sh
kubectl exec common-job-pod -n $NAMESPACE -- sh -c 'chmod 755 /tmp/setenv.sh'
kubectl exec common-job-pod -n $NAMESPACE -- apt update
kubectl exec common-job-pod -n $NAMESPACE -- apt install zip wget unzip curl mariadb-client -y
kubectl exec common-job-pod -n $NAMESPACE -- sh -c '. /tmp/setenv.sh ;mysqldump -h $DB_HOST --single-transaction --quick --lock-tables=false --user=$DB_USER --password=$DB_PASSWORD $SUBDOMAIN --skip-lock-tables | gzip > /tmp/$NAMESPACE-pantheon.sql.gz'
kubectl cp $NAMESPACE/common-job-pod:/tmp/$NAMESPACE-pantheon.sql.gz $NAMESPACE-pantheon-$VERSION-$ENV-$SUBDOMAIN-$(date +%Y-%m-%dT%H_%M_%S).sql.gz
FILE=`ls $NAMESPACE-pantheon-*.sql.gz`
aws s3 cp $FILE s3://commonjobs/$NAMESPACE/$opt/
curl --request POST -F files=@"$FILE" --url "https://api.bitbucket.org/2.0/repositories/connectamerica/$REPO/downloads" \
--header "Authorization: Bearer $TOKEN"
kubectl delete po common-job-pod -n $NAMESPACE
;;
wp-data-backup)
aws eks update-kubeconfig --name caresage-eks-cluster-$ENV --region us-east-1
kubectl apply -f build/$ENV/pod.tpl && sleep 15
kubectl cp setenv.sh $NAMESPACE/common-job-pod:/tmp/setenv.sh
kubectl exec common-job-pod -n $NAMESPACE -- sh -c 'chmod 755 /tmp/setenv.sh'
kubectl exec common-job-pod -n $NAMESPACE -- apt update
kubectl exec common-job-pod -n $NAMESPACE -- apt install wget zip unzip curl -y
kubectl exec common-job-pod -n $NAMESPACE -- sh -c '. /tmp/setenv.sh;cd /usr/share/nginx/subdomain/$SUBDOMAIN/wp-content/uploads;zip -r /tmp/upload.zip .'
kubectl cp $NAMESPACE/common-job-pod:/tmp/upload.zip $NAMESPACE-$VERSION-$ENV-$SUBDOMAIN-$(date +%Y-%m-%dT%H_%M_%S).zip
FILE=`ls $NAMESPACE-*.zip`
aws s3 cp $FILE s3://commonjobs/$NAMESPACE/$opt/
kubectl delete po common-job-pod -n $NAMESPACE
;;
mysql-restore)
aws eks update-kubeconfig --name caresage-eks-cluster-$ENV --region us-east-1
kubectl apply -f build/$ENV/pod.tpl && sleep 15
kubectl cp setenv.sh $NAMESPACE/common-job-pod:/tmp/setenv.sh
kubectl exec common-job-pod -n $NAMESPACE -- sh -c 'chmod 755 /tmp/setenv.sh'
[ -n "$RESTORE_VERSION" ] && FILE=$RESTORE_VERSION || FILE=$deploy_version
kubectl exec common-job-pod -n $NAMESPACE -- apt update
kubectl exec common-job-pod -n $NAMESPACE -- apt install zip wget unzip curl mariadb-client -y
#Check if file is present in bitbucket download else check on s3
# -------------------------------------------------------------------
curl -s -L -O -H "Authorization: Bearer $TOKEN" https://api.bitbucket.org/2.0/repositories/connectamerica/$REPO/downloads/$FILE && echo file_downloaded || aws s3 cp s3://commonjobs/$NAMESPACE/mysql-backup/$FILE $FILE
kubectl cp $FILE $NAMESPACE/common-job-pod:/tmp/$FILE
#Create schema if not present #
# -------------------------------
kubectl exec common-job-pod -n $NAMESPACE -- sh -c '. /tmp/setenv.sh; mysql -h $DB_HOST --user=$DB_USER --password=$DB_PASSWORD -e "create schema IF NOT EXISTS $SUBDOMAIN"'
kubectl exec common-job-pod -n $NAMESPACE -- sh -c '. /tmp/setenv.sh; export FILE=`ls /tmp/*.sql.gz` ; gunzip -c $FILE | mysql -h $DB_HOST --user=$DB_USER --password=$DB_PASSWORD $SUBDOMAIN'
kubectl exec common-job-pod -n $NAMESPACE -- sh -c 'wget https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar ; chmod u+x wp-cli.phar;mv wp-cli.phar /usr/local/bin/wp; php /usr/local/bin/wp --info'
kubectl exec common-job-pod -n $NAMESPACE -- sh -c '. /tmp/setenv.sh; OLD_URL=`wp option get siteurl --allow-root --path=/usr/share/nginx/subdomain/$SUBDOMAIN`; echo "export OLD_URL=$OLD_URL" >> /tmp/setenv.sh'
kubectl exec common-job-pod -n $NAMESPACE -- sh -c '. /tmp/setenv.sh; wp search-replace --allow-root --path=/usr/share/nginx/subdomain/$SUBDOMAIN "$OLD_URL" "$NEW_URL"'
kubectl delete po common-job-pod -n $NAMESPACE
;;
wp-data-restore)
aws eks update-kubeconfig --name caresage-eks-cluster-$ENV --region us-east-1
kubectl apply -f build/$ENV/pod.tpl && sleep 60 || exit 9
kubectl get po common-job-pod -n $NAMESPACE | grep -i pending && exit 9 || echo ----common-pod-NOT-in-pending-state --
kubectl cp setenv.sh $NAMESPACE/common-job-pod:/tmp/setenv.sh
kubectl exec common-job-pod -n $NAMESPACE -- sh -c 'chmod 755 /tmp/setenv.sh'
[ -n "$RESTORE_VERSION" ] && FILE=$RESTORE_VERSION || FILE=$deploy_version
kubectl exec common-job-pod -n $NAMESPACE -- apt update
kubectl exec common-job-pod -n $NAMESPACE -- apt install wget zip unzip curl -y
aws s3 cp s3://commonjobs/$NAMESPACE/wp-data-backup/$FILE $FILE
kubectl cp $FILE $NAMESPACE/common-job-pod:/tmp/$FILE
kubectl exec common-job-pod -n $NAMESPACE -- sh -c '. /tmp/setenv.sh; mkdir -p /usr/share/nginx/subdomain/$SUBDOMAIN/wp-content/uploads'
kubectl exec common-job-pod -n $NAMESPACE -- sh -c '. /tmp/setenv.sh;export FILE=`ls /tmp/*.zip`;unzip -o $FILE -d /usr/share/nginx/subdomain/$SUBDOMAIN/wp-content/uploads'
kubectl delete po common-job-pod -n $NAMESPACE
;;
*)
echo "common job shell script utility taking variables from env"
echo "Usage: $0 {mysql-backup|wp-data-backup|mysql-restore|wp-data-restore}"
echo "mysql-backup : Run MySQL backup utility and upload"
echo "mysql-restore : Run MySQL backup utility and upload it to bitbucket."
echo "wp-data-backup : Run web server backup utility and uplaod."
echo "wp-data-restore : Run web server backup utility and uplaod to bitbucket." ;;
esac

68
common-jobs.sh Normal file
View File

@@ -0,0 +1,68 @@
#!/bin/bash
# Install the required packages #
# --------------------------------------------------------------
apt update && apt install curl unzip zip mariadb-client -y
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" && unzip awscliv2.zip && ./aws/install
# -------------------------------------------------------------------------------------------------------------------------
opt=$1
case $opt in
mysql-backup)
echo "Running mysql backup with s3..."
export DATABASES=perchon
export MYSQL_USER=perchona
# execute the command now #
# --------------------------------------------------------------------------------------------------------------
mysqldump -h $DB_HOST --single-transaction --quick --lock-tables=false --user=pantheon --password=$DB_PASSWORD \
pantheon --skip-lock-tables | gzip > "/tmp/lifeline-web-pantheon-$(date +%Y-%m-%dT%H_%M_%S).sql.gz"
# ----------------------------------------------------------------------------------------------------------
# upload the same to s3 #
# -----------------------------------------
# aws s3 cp /tmp/lifeline-web-pantheon-*.sql.gz s3://caresage-dev-ws/mysqlbackups/
# aws s3 ls s3://caresage-dev-ws/mysqlbackups/
# upload to bitbucket #
# ---------------------------------------
FILE=`ls /tmp/lifeline-web-pantheon-*.sql.gz`
curl --request POST -F files=@"$FILE" --url 'https://api.bitbucket.org/2.0/repositories/connectamerica/lifeline-ecommerce/downloads' \
--header "Authorization: Bearer $TOKEN"
;;
mysql-backup-bitbucket)
echo "Running bmysql-backup-s3 with bitbucket ..."
export DATABASES=perchona
export MYSQL_USER=perchona
;;
wp-data-backup)
echo "Running wp-data-s3..."
cd /usr/share/nginx/html/wp-content/
zip -r lifeline-web-static-data-$(date +%Y-%m-%dT%H_%M_%S).zip ./uploads && FILE=`ls lifeline-web-static-data-*.zip`
curl --request POST -F files=@"$FILE" --url 'https://api.bitbucket.org/2.0/repositories/connectamerica/lifeline-ecommerce/downloads' \
--header "Authorization: Bearer $TOKEN"
#aws s3 mv lifeline-web-static-data-*.zip s3://caresage-dev-ws/staticbackups/
#aws s3 ls s3://caresage-dev-ws/staticbackups/
;;
wp-data-bitbucket)
echo "Running wp-data-bitbucket ..."
;;
*)
echo "common job shell script utility taking variables from env"
echo "Usage: $0 {mysql-backup|mysql-backup-bitbucket|wp-data-backup}"
echo " mysql-backup : Run MySQL backup utility and upload"
echo " mysql-backup-bitbucket : Run MySQL backup utility and upload it to bitbucket."
echo " wp-data-backup : Run web server backup utility and uplaod."
echo " wp-data-bitbucket : Run web server backup utility and uplaod to bitbucket." ;;
esac

5
envvars-phpfpm Normal file
View File

@@ -0,0 +1,5 @@
env["CACHE_PASSWORD"] = $CACHE_PASSWORD
env["CACHE_HOST"] = $CACHE_HOST
env["CACHE_PORT"] = $CACHE_PORT
env["DB_PASSWORD"] = $DB_PASSWORD
env["DB_HOST"] = $DB_HOST

50
jobs.tpl Normal file
View File

@@ -0,0 +1,50 @@
apiVersion: batch/v1
kind: Job
metadata:
name: common-jobs
namespace: lifeline-web
labels:
app: lifeline-web
rds: enable
spec:
ttlSecondsAfterFinished: 10
template:
metadata:
labels:
app: lifeline-web
rds: enable
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- amd64
- arm64
containers:
- name: common-jobs
image: ubuntu:latest
envFrom:
- secretRef:
name: lifeline-web-secrets
- configMapRef:
name: lifeline-web-cm
command: ["bash"]
args:
- -c
- cp -rf /usr/share/nginx/subdomain/www/wp-content/uploads/common-jobs.sh /root/ && chmod 755 /root/common-jobs.sh && /root/common-jobs.sh $JOBNAME
volumeMounts:
- mountPath: /usr/share/nginx/subdomain/www/wp-content/uploads
name: persistent-storage
imagePullSecrets:
- name: regcred
nodeSelector:
kubernetes.io/os: linux
restartPolicy: Never
volumes:
- name: persistent-storage
persistentVolumeClaim:
claimName: efs-claim-lifeline

69
pod.tpl Normal file
View File

@@ -0,0 +1,69 @@
apiVersion: v1
kind: Pod
metadata:
name: common-job-pod
namespace: medicalalert-web
labels:
app: medicalalert-web
rds: enable
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- amd64
- arm64
containers:
- name: common-job
image: wyveo/nginx-php-fpm:php74
envFrom:
- secretRef:
name: medicalalert-web-secrets
- configMapRef:
name: medicalalert-web-cm
command: ["bash"]
args:
- -c
- sleep infinity
volumeMounts:
- mountPath: /usr/share/nginx/subdomain/www/wp-content/uploads
name: persistent-storage
- mountPath: /usr/share/nginx/subdomain/dev01
name: persistent-storage-dev01
- mountPath: /usr/share/nginx/subdomain/dev02
name: persistent-storage-dev02
- mountPath: /usr/share/nginx/subdomain/dev03
name: persistent-storage-dev03
- mountPath: /usr/share/nginx/subdomain/dev04
name: persistent-storage-dev04
- mountPath: /usr/share/nginx/subdomain/dev05
name: persistent-storage-dev05
imagePullSecrets:
- name: regcred
nodeSelector:
kubernetes.io/os: linux
restartPolicy: Never
volumes:
- name: persistent-storage
persistentVolumeClaim:
claimName: efs-claim-medicalalert
- name: persistent-storage-dev01
persistentVolumeClaim:
claimName: efs-claim-medicalalert-dev01
- name: persistent-storage-dev02
persistentVolumeClaim:
claimName: efs-claim-medicalalert-dev02
- name: persistent-storage-dev03
persistentVolumeClaim:
claimName: efs-claim-medicalalert-dev03
- name: persistent-storage-dev04
persistentVolumeClaim:
claimName: efs-claim-medicalalert-dev04
- name: persistent-storage-dev05
persistentVolumeClaim:
claimName: efs-claim-medicalalert-dev05

7
redinessprobe-wp.sh Normal file
View File

@@ -0,0 +1,7 @@
#!/bin/bash
sed -i '/^define.*NONCE_SALT.*/a define(\'\'WP_SITEURL\'', '\'http://localhost/\'');' /usr/share/nginx/html/wp-config.php || exit
sed -i '/^define.*NONCE_SALT.*/a define(\'\'WP_HOME\'', '\'http://localhost/\'');' /usr/share/nginx/html/wp-config.php || exit
wget -q --spider localhost && wget -q --spider localhost/wp-login.php || exit
sed -i '/http\:\/\/localhost/d' /usr/share/nginx/html/wp-config.php || exit

1
release Normal file
View File

@@ -0,0 +1 @@
RELEASE=release-1.00

25
setenv.sh Normal file
View File

@@ -0,0 +1,25 @@
#!/bin/bash
case $ENV in
dev)
export CLUSTER=caresage-eks-cluster-$ENV
export URL_DOMAIN=$SUBDOMAIN.$ENV-medicalalert.com
;;
qa)
export CLUSTER=caresage-eks-cluster-$ENV
export URL_DOMAIN=$SUBDOMAIN.$ENV-medicalalert.com
;;
stage)
export CLUSTER=caresage-eks-cluster-$ENV
export URL_DOMAIN=$SUBDOMAIN.$ENV-medicalalert.com
;;
prod)
export CLUSTER=caresage-eks-cluster-$ENV
export URL_DOMAIN=$SUBDOMAIN.medicalalert.com
;;
*)
echo "source env varibales"
echo "Usage: $0 ENV"
;;
esac