diff --git a/Dockerfile b/Dockerfile index ba471654..148bad64 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,9 @@ FROM wyveo/nginx-php-fpm:php74 -COPY wp/ /usr/share/nginx/html -RUN rm /etc/nginx/conf.d/default.conf +RUN mkdir -p /var/lib/nginx/cache /usr/share/nginx/subdomain; cd /usr/share/nginx/subdomain ; mkdir www +COPY wp/ /usr/share/nginx/subdomain/www +#RUN rm /etc/nginx/conf.d/default.conf +#COPY build/default.conf /etc/nginx/conf.d/default.conf +COPY redinessprobe-wp.sh /root/redinessprobe-wp.sh +RUN chmod +x /etc/nginx/conf.d/default.conf /root/redinessprobe-wp.sh RUN chmod +xw -R /usr/share/nginx/ #USER nginx diff --git a/bitbucket-pipelines.yml b/bitbucket-pipelines.yml new file mode 100644 index 00000000..ca3a23fd --- /dev/null +++ b/bitbucket-pipelines.yml @@ -0,0 +1,269 @@ +definitions: + set-variables: &set-variables + - variables: + - name: VERSION + default: "latest" + + set-variables-jobs: &set-variables-jobs + - variables: + - name: ENV + default: "dev" + allowed-values: # Optionally restrict variable values + - "dev" + - "qa" + - "stage" + - "prod" + - name: JOBNAME + default: "mysql-backup" + allowed-values: # Optionally restrict variable values + - "mysql-backup" + - "wp-data-backup" + - "mysql-restore" + - "wp-data-restore" + - name: SUBDOMAIN + default: www + allowed-values: # Optionally restrict variable values + - "www" + - "dev01" + - "dev02" + - "dev03" + - "dev04" + - "dev05" + - name: RESTORE_VERSION + default: "PASTE_RESTORE_VERSION_FILE_NAME" + + set-variables-subdomain: &set-variables-subdomain + - variables: + - name: ENV + default: "dev" + allowed-values: # Optionally restrict variable values + - "dev" + - name: URL_DOMAIN + default: dev01.dev-medicalalert.com + allowed-values: # Optionally restrict variable values + - "dev01.dev-medicalalert.com" + - "dev02.dev-medicalalert.com" + - "dev03.dev-medicalalert.com" + - "dev04.dev-medicalalert.com" + - "dev05.dev-medicalalert.com" + - name: MYSQL_FILE_NAME + default: "MYSQL_FILE_NAME_TO_DEPLOY" + - name: STATIC_FILE_NAME + default: "STATIC_FILE_NAME_TO_DEPLOY" + + + steps: + - step: &deploy + name: deploy to $ENV environment + image: atlassian/default-image:3 + script: + # check if env file exists + - if [ -e setenv.sh ]; then + - cat setenv.sh + - source setenv.sh + - fi + - echo "This is for $ENV environment" + - ls -lrth && cd build/${ENV} +# - export DB_PASSWORD=$(aws ssm get-parameters --names $ENV-$BITBUCKET_REPO_SLUG --query "Parameters[*].{Value:Value}" --output text) +# - export DB_PASSWORD=`echo -n "$DB_PASSWORD" | base64` && sed -i "/DB_PASSWORD/c\ DB_PASSWORD = $DB_PASSWORD" secrets.yaml + - envsubst < deployment.tpl > deployment.yaml + - cat deployment.yaml + - pipe: atlassian/aws-eks-kubectl-run:2.2.0 + variables: + AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID} + AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY} + AWS_DEFAULT_REGION: $AWS_DEFAULT_REGION + CLUSTER_NAME: $CLUSTER + KUBECTL_COMMAND: "apply" + RESOURCE_PATH: "../${ENV}" + KUBECTL_ARGS: "" + KUBECTL_APPLY_ARGS: "-f" + DEBUG: "true" + +pipelines: + # our custom pipeline, what shows up Bitbucket web app + custom: + deploy-dev: + - !!merge <<: *set-variables + - step: + !!merge <<: *deploy + deployment: dev + name: "deploy to dev" + + deploy-qa: + - !!merge <<: *set-variables + - step: + !!merge <<: *deploy + deployment: qa + name: "deploy to qa" + + release-stg: + - !!merge <<: *set-variables + - step: + !!merge <<: *deploy + deployment: stage + name: "deploy to stage" + + release-prod: + - !!merge <<: *set-variables + - step: + !!merge <<: *deploy + deployment: prod + name: "deploy to prod" + + + common-jobs: + - !!merge <<: *set-variables-jobs + - step: + name: vars for common-jobs + script: + - source setenv.sh + - echo "export JOBNAME=$JOBNAME" >> setenv.sh + - echo "export ENV=$ENV" >> setenv.sh + - echo "export CLUSTER=caresage-eks-cluster-$ENV" >> setenv.sh + - echo "export VERSION=$BITBUCKET_BUILD_NUMBER" >> setenv.sh + - echo "export RESTORE_VERSION=$RESTORE_VERSION" >> setenv.sh + - echo "export SUBDOMAIN=$SUBDOMAIN" >> setenv.sh + - echo "export BITBUCKET_REPO_SLUG=$BITBUCKET_REPO_SLUG" >> setenv.sh + artifacts: # define the artifacts to be passed to each future step + - setenv.sh + + - step: + name: common jobs for SQL and WWW backup and restore. + image: atlassian/pipelines-awscli + script: + - source setenv.sh && chmod 755 ./common-jobs-bitbucket.sh + - if [ "$JOBNAME" = "mysql-restore" ] && [ "$SUBDOMAIN" = "www" ] ; then ./common-jobs-bitbucket.sh subdomain_deploy; fi + # - [[ "$SUBDOMAIN" != "www" ]] && [[ "$ENV" = "qa" || "$ENV" = "stage" || "$ENV" = "prod" ]] && exit || echo VALIDATION-PASS + - if [[ "$SUBDOMAIN" != "www" ]] && [[ "$ENV" = "qa" || "$ENV" = "stage" || "$ENV" = "prod" ]] ; then echo VALIDATION-FAIL && exit 9 ; else echo VALIDATION-PASS;fi + - ./common-jobs-bitbucket.sh $JOBNAME + + + subdomain-deploy: + - !!merge <<: *set-variables-subdomain + - step: + name: vars for subdomain + script: + - source setenv.sh + - echo "export ENV=$ENV" >> setenv.sh + - echo "export CLUSTER=caresage-eks-cluster-$ENV" >> setenv.sh + - echo "export VERSION=$BITBUCKET_BUILD_NUMBER" >> setenv.sh + - echo "export RESTORE_VERSION=$RESTORE_VERSION" >> setenv.sh + - echo "export URL_DOMAIN=$URL_DOMAIN" >> setenv.sh + - echo "export MYSQL_FILE_NAME=$MYSQL_FILE_NAME" >> setenv.sh + - echo "export STATIC_FILE_NAME=$STATIC_FILE_NAME" >> setenv.sh + - echo "export BITBUCKET_REPO_SLUG=$BITBUCKET_REPO_SLUG" >> setenv.sh + artifacts: + - setenv.sh + + - step: + name: Deploy the wp source code + trigger: manual + image: atlassian/pipelines-awscli + script: + - source setenv.sh + - chmod 755 ./common-jobs-bitbucket.sh && ./common-jobs-bitbucket.sh subdomain_deploy + artifacts: + - setenv.sh + + + - step: + name: Deploy the mysql database + trigger: manual + image: atlassian/pipelines-awscli + script: + - source setenv.sh + - chmod 755 ./common-jobs-bitbucket.sh && ./common-jobs-bitbucket.sh mysql-restore $MYSQL_FILE_NAME + artifacts: + - setenv.sh + + - step: + name: Deploy the static data + trigger: manual + image: atlassian/pipelines-awscli + script: + - source setenv.sh + - chmod 755 ./common-jobs-bitbucket.sh && ./common-jobs-bitbucket.sh wp-data-restore $STATIC_FILE_NAME + + + release: + - !!merge <<: *set-variables + - step: + name: "plan for the release and tag the given version." + image: atlassian/pipelines-awscli + script: + - echo "make sure that release version file and plan has been added to the release repo" + - source release + - export MANIFEST=$(aws ecr batch-get-image --repository-name medicalalert-web --image-ids imageTag=$VERSION --output json | jq --raw-output --join-output '.images[0].imageManifest') + - aws ecr put-image --repository-name medicalalert-web --image-tag $RELEASE --image-manifest "$MANIFEST" && echo ------ image $VERSION has been retagged as $RELEASE || exit 9 + - echo "export VERSION=$RELEASE" >> setenv.sh + - echo "export ENV=stage" >> setenv.sh + artifacts: # define the artifacts to be passed to each future step + - setenv.sh + - step: + !!merge <<: *deploy + deployment: stage + name: "deploy the release to stage" + trigger: manual + - step: + name: vars for prod + script: + - source release + - echo "export VERSION=$RELEASE" >> setenv.sh + - echo "export ENV=prod" >> setenv.sh + artifacts: # define the artifacts to be passed to each future step + - setenv.sh + - step: + !!merge <<: *deploy + deployment: prod + name: "deploy the release to production" + trigger: manual + + pull-requests: + develop: + - step: + name: build the application and push that to dev env. + image: atlassian/default-image:3 + script: + - curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" && unzip awscliv2.zip && ./aws/install + - export BUILD_D=$BITBUCKET_BRANCH_$BITBUCKET_COMMIT_$BITBUCKET_BUILD_NUMBER + - export IMAGE="medicalalert-web" && export VERSION=$BITBUCKET_BUILD_NUMBER + - aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 716593996126.dkr.ecr.us-east-1.amazonaws.com + - docker build -t ${IMAGE} . + - docker tag ${IMAGE} ${IMAGE}:${VERSION} + - pipe: atlassian/aws-ecr-push-image:1.6.2 + variables: + AWS_ACCESS_KEY_ID: $AWS_ACCESS_KEY_ID + AWS_SECRET_ACCESS_KEY: $AWS_SECRET_ACCESS_KEY + AWS_DEFAULT_REGION: $AWS_DEFAULT_REGION + IMAGE_NAME: $IMAGE + TAGS: $VERSION + services: + - docker + caches: + - docker + + - step: + name: vars for dev + script: + - echo "export VERSION=$BITBUCKET_BUILD_NUMBER" >> setenv.sh + - echo "export ENV=dev" >> setenv.sh + artifacts: # define the artifacts to be passed to each future step + - setenv.sh + - step: + !!merge <<: *deploy + deployment: dev + name: "deploy to dev" + - step: + name: vars for qa + script: + - echo "export VERSION=$BITBUCKET_BUILD_NUMBER" >> setenv.sh + - echo "export ENV=qa" >> setenv.sh + artifacts: + - setenv.sh + - step: + !!merge <<: *deploy + deployment: qa + name: "deploy to qa" + trigger: manual + diff --git a/build/dev-org/configmap.yaml b/build/dev-org/configmap.yaml new file mode 100644 index 00000000..0724d258 --- /dev/null +++ b/build/dev-org/configmap.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: medicalalert-web-cm + namespace: caresage-web + labels: + app: medicalalert-web +data: + DB_HOST: dev-medicalalert-ecommerce.c5om7w6xopq1.us-east-1.rds.amazonaws.com + ENV: dev + WP_DEBUG: "false" + DB_CHARSET: utf8 + DB_COLLATE: utf8_general_ci + CACHE_HOST: master.redis-cache-all-be-caresage.cqsmse.use1.cache.amazonaws.com + CACHE_PORT: "6379" + DB_NAME: "pantheon" + DB_USER: "pantheon" \ No newline at end of file diff --git a/build/dev-org/deployment.tpl b/build/dev-org/deployment.tpl new file mode 100644 index 00000000..506775b3 --- /dev/null +++ b/build/dev-org/deployment.tpl @@ -0,0 +1,92 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + deployment.kubernetes.io/revision: "11" + labels: + app: medicalalert-web + name: medicalalert-web + namespace: caresage-web +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: medicalalert-web + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + kubectl.kubernetes.io/restartedAt: "2023-06-08T17:04:19-04:00" + creationTimestamp: null + labels: + app: medicalalert-web + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - arm64 + containers: + - env: + - name: ENVIRONMENT + value: "$ENV" + image: 716593996126.dkr.ecr.us-east-1.amazonaws.com/medicalalert-web:$VERSION + envFrom: + - secretRef: + name: medicalalert-web-secrets + - configMapRef: + name: medicalalert-web-cm + imagePullPolicy: Always + name: medicalalert-web + ports: + - containerPort: 80 + name: http + protocol: TCP + resources: + limits: + cpu: 200m + memory: 300Mi + requests: + cpu: 100m + memory: 100Mi + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /usr/share/nginx/html/wp-content/uploads + name: persistent-storage + - mountPath: /etc/nginx/conf.d/ + name: default-conf + dnsPolicy: ClusterFirst + imagePullSecrets: + - name: regcred + nodeSelector: + kubernetes.io/os: linux + restartPolicy: Always + schedulerName: default-scheduler + terminationGracePeriodSeconds: 30 + volumes: + - name: persistent-storage + persistentVolumeClaim: + claimName: efs-claim + - name: default-conf + configMap: + defaultMode: 420 + name: medicalalert-web-default-conf-cm + + + + + + + diff --git a/build/dev-org/deployment.yml b/build/dev-org/deployment.yml new file mode 100644 index 00000000..7581d4a1 --- /dev/null +++ b/build/dev-org/deployment.yml @@ -0,0 +1,98 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + deployment.kubernetes.io/revision: "11" + labels: + app: medicalalert-web + name: medicalalert-web + namespace: caresage-web +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: medicalalert-web + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + kubectl.kubernetes.io/restartedAt: "2023-06-08T17:04:19-04:00" + creationTimestamp: null + labels: + app: medicalalert-web + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - arm64 + containers: + - env: + - name: ENVIRONMENT + value: dev + image: 716593996126.dkr.ecr.us-east-1.amazonaws.com/medicalalert-web:v01 + envFrom: + - secretRef: + name: medicalalert-web-secrets + - configMapRef: + name: medicalalert-web-cm + imagePullPolicy: Always + name: medicalalert-web + ports: + - containerPort: 80 + name: http + protocol: TCP + resources: + limits: + cpu: 200m + memory: 300Mi + requests: + cpu: 100m + memory: 100Mi + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /usr/share/nginx/html/wp-content/uploads + name: persistent-storage + - mountPath: /etc/nginx/conf.d/ + name: default-conf + - mountPath: /var/lib/nginx/cache + name: cache + dnsPolicy: ClusterFirst + imagePullSecrets: + - name: regcred + nodeSelector: + kubernetes.io/os: linux + restartPolicy: Always + schedulerName: default-scheduler + terminationGracePeriodSeconds: 30 + volumes: + - name: persistent-storage + persistentVolumeClaim: + claimName: efs-claim-medicalalert + - name: default-conf + configMap: + defaultMode: 420 + name: medicalalert-web-default-conf-cm + - name: cache + emptyDir: {} + + + + + + + + + diff --git a/build/dev-org/jobs.tpl b/build/dev-org/jobs.tpl new file mode 100644 index 00000000..194ce018 --- /dev/null +++ b/build/dev-org/jobs.tpl @@ -0,0 +1,50 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: common-jobs + namespace: caresage-exec + labels: + app: lifeline-web + rds: enable +spec: + template: + metadata: + labels: + app: lifeline-web + rds: enable + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - arm64 + containers: + - name: common-jobs + image: bitnami/percona-xtrabackup:latest + envFrom: + - secretRef: + name: lifeline-web-secrets + - configMapRef: + name: lifeline-web-cm + command: ["bash"] + args: + - -c + - cp -rf /usr/share/nginx/html/wp-content/uploads/common-jobs.sh /root/ && /root/common-jobs.sh $JOBNAME + volumeMounts: + - mountPath: /usr/share/nginx/html/wp-content/uploads + name: persistent-storage + imagePullSecrets: + - name: regcred + nodeSelector: + kubernetes.io/os: linux + restartPolicy: Never + volumes: + - name: persistent-storage + persistentVolumeClaim: + claimName: efs-claim + \ No newline at end of file diff --git a/build/dev-org/medicalalert-web-default-conf-cm.yaml b/build/dev-org/medicalalert-web-default-conf-cm.yaml new file mode 100644 index 00000000..627a53c7 --- /dev/null +++ b/build/dev-org/medicalalert-web-default-conf-cm.yaml @@ -0,0 +1,285 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: medicalalert-web-default-conf-cm + namespace: medicalalert-web + labels: + app: medicalalert-web +data: + default.conf: | + + # --------------------- + fastcgi_cache_path /var/lib/nginx/cache levels=1:2 keys_zone=MYAPP:100m inactive=60m; + fastcgi_cache_key "$scheme$request_method$host$request_uri"; + # ----------------------------------------- + fastcgi_intercept_errors on; + fastcgi_ignore_client_abort on; + fastcgi_buffers 8 16k; + fastcgi_buffer_size 32k; + fastcgi_read_timeout 120; + #fastcgi_index index.php; + # -------------------------------- + + # Only cache positive responses + proxy_cache_valid 200 1h; + proxy_cache_valid 301 302 15m; + + server { + listen 80 default; ## listen for ipv4; this line is default and implied + listen [::]:80 default ipv6only=on; ## listen for ipv6 + + server_name dev-medicalalert.com ""; + + return 301 https://www.$host$request_uri; + + root /usr/share/nginx/subdomain/www; + index index.php index.html index.htm; + + } + + + subdomain.conf: | + + server { + listen 80; + listen [::]:80; + + server_name ~^(?.+)\.dev-medicalalert\.com$; + + if ($http_x_forwarded_proto != 'https') { + return 301 https://$host$request_uri; + } + + root /usr/share/nginx/subdomain/$subdomain; + index index.php index.html index.htm; + sendfile off; + + # Security - Hide nginx version number in error pages and Server header + server_tokens off; + + # Add stdout logging + error_log /dev/stdout error; + access_log /dev/stdout; + + # reduce the data that needs to be sent over network + gzip on; + gzip_min_length 10240; + gzip_proxied expired no-cache no-store private auth; + gzip_types text/plain text/css text/xml application/json text/javascript application/x-javascript application/xml; + gzip_disable "MSIE [1-6]\."; + add_header 'Content-Security-Policy' 'upgrade-insecure-requests'; + add_header X-Cache-Status $upstream_cache_status; + add_header Cache-Control "public"; + + #Cache everything by default + set $no_cache 0; + + #Don't cache POST requests + if ($request_method = POST) + { + set $no_cache 1; + } + + #Don't cache if the URL contains a query string + if ($query_string != "") + { + set $no_cache 1; + } + + #Don't cache the following URLs + if ($request_uri ~* "/(administrator/|wp-login.php)") + { + set $no_cache 1; + } + + #Don't cache if there is a cookie called PHPSESSID + if ($http_cookie = "PHPSESSID") + { + set $no_cache 1; + } + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to index.php + try_files $uri $uri/ /index.php?$args; + proxy_set_header X-Forwarded-Proto $scheme; + fastcgi_param SUBDOMAIN $subdomain; # $_SERVER["SUBDOMAIN"] + include fastcgi_params; + fastcgi_cache MYAPP; + fastcgi_cache_valid 200 302 60m; + fastcgi_cache_valid 301 1h; + fastcgi_cache_valid any 1m; + fastcgi_cache_bypass $no_cache; + fastcgi_no_cache $no_cache; + + } + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/subdomain/$subdomain; + } + + # pass the PHP scripts to FastCGI server listening on socket + # + #~ \.php$ + location ~ [^/]\.php(/|$) { + proxy_set_header X-Forwarded-Proto $scheme; + try_files $uri $uri/ /index.php?$args; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_split_path_info ^(.+\.php)(/.+)$; + + fastcgi_pass unix:/run/php/php7.4-fpm.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SUBDOMAIN $subdomain; # $_SERVER["SUBDOMAIN"] + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_cache MYAPP; + fastcgi_cache_valid 200 302 60m; + fastcgi_cache_valid 301 1h; + fastcgi_cache_valid any 1m; + fastcgi_cache_bypass $no_cache; + fastcgi_no_cache $no_cache; + } + + location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { + proxy_set_header X-Forwarded-Proto $scheme; + fastcgi_cache MYAPP; + fastcgi_cache_valid 200 302 60m; + fastcgi_cache_valid 301 1h; + fastcgi_cache_valid any 1m; + proxy_cache_background_update on; + proxy_cache_lock on; + } + + # deny access to . files, for security + # + location ~ /\. { + log_not_found off; + deny all; + } + + } + + localhost.conf: | + + server { + listen 80; + listen [::]:80; + + server_name localhost; + root /usr/share/nginx/subdomain/www; + index index.php index.html index.htm; + + sendfile off; + server_tokens off; + error_log /dev/stdout error; + access_log /dev/stdout; + + # reduce the data that needs to be sent over network + gzip on; + gzip_min_length 10240; + gzip_proxied expired no-cache no-store private auth; + gzip_types text/plain text/css text/xml application/json text/javascript application/x-javascript application/xml; + gzip_disable "MSIE [1-6]\."; + add_header 'Content-Security-Policy' 'upgrade-insecure-requests'; + add_header X-Cache-Status $upstream_cache_status; + add_header Cache-Control "public"; + + #Cache everything by default + set $no_cache 0; + + #Don't cache POST requests + if ($request_method = POST) + { + set $no_cache 1; + } + + #Don't cache if the URL contains a query string + if ($query_string != "") + { + set $no_cache 1; + } + + #Don't cache the following URLs + if ($request_uri ~* "/(administrator/|wp-login.php)") + { + set $no_cache 1; + } + + #Don't cache if there is a cookie called PHPSESSID + if ($http_cookie = "PHPSESSID") + { + set $no_cache 1; + } + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to index.php + try_files $uri $uri/ /index.php?$args; + proxy_set_header X-Forwarded-Proto $scheme; + fastcgi_param SUBDOMAIN www; # $_SERVER["SUBDOMAIN"] + include fastcgi_params; + fastcgi_cache MYAPP; + fastcgi_cache_valid 200 302 60m; + fastcgi_cache_valid 301 1h; + fastcgi_cache_valid any 1m; + fastcgi_cache_bypass $no_cache; + fastcgi_no_cache $no_cache; + + } + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/subdomain/www; + } + + # pass the PHP scripts to FastCGI server listening on socket + # + #~ \.php$ + location ~ [^/]\.php(/|$) { + proxy_set_header X-Forwarded-Proto $scheme; + try_files $uri $uri/ /index.php?$args; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_split_path_info ^(.+\.php)(/.+)$; + + fastcgi_pass unix:/run/php/php7.4-fpm.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param SUBDOMAIN www; # $_SERVER["SUBDOMAIN"] + fastcgi_cache MYAPP; + fastcgi_cache_valid 200 302 60m; + fastcgi_cache_valid 301 1h; + fastcgi_cache_valid any 1m; + fastcgi_cache_bypass $no_cache; + fastcgi_no_cache $no_cache; + } + + location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { + proxy_set_header X-Forwarded-Proto $scheme; + fastcgi_cache MYAPP; + fastcgi_cache_valid 200 302 60m; + fastcgi_cache_valid 301 1h; + fastcgi_cache_valid any 1m; + proxy_cache_background_update on; + proxy_cache_lock on; + } + + # deny access to . files, for security + # + location ~ /\. { + log_not_found off; + deny all; + } + + } diff --git a/build/dev-org/medicalalert-web-hpa.yml b/build/dev-org/medicalalert-web-hpa.yml new file mode 100644 index 00000000..baf41dbf --- /dev/null +++ b/build/dev-org/medicalalert-web-hpa.yml @@ -0,0 +1,13 @@ +apiVersion: autoscaling/v1 +kind: HorizontalPodAutoscaler +metadata: + name: medicalalert-web-hpa + namespace: caresage-web +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: medicalalert-web + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 70 diff --git a/build/dev-org/pvc.yml b/build/dev-org/pvc.yml new file mode 100644 index 00000000..097d2d8c --- /dev/null +++ b/build/dev-org/pvc.yml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: efs-claim-medicalalert + namespace: caresage-web +spec: + accessModes: + - ReadWriteMany + storageClassName: efs-sc + resources: + requests: + storage: 10Gi diff --git a/build/dev-org/secrets.yaml b/build/dev-org/secrets.yaml new file mode 100644 index 00000000..94de1302 --- /dev/null +++ b/build/dev-org/secrets.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +data: + CACHE_PASSWORD: UU1FRVQ0ZG15VlE4OXZKWUFSUjdQQXhoUU1FRVQ0ZG15VlE4OXZKWUFSUjdQQXho + DB_PASSWORD: cGFudGhlb24= + TOKEN: QVRDVFQzeEZmR04wbXpCZjF4NDVaSkVIa3l0eWVYX0NvWXJRSHJwbHk4RlUzWG1wTjZHcGNjNHU5RzB5bW5DMzg2SjFQUTFSR3Z3VG10QWN3WUVmc2s5MGt4UDQxVEc3Q0xhSWwtYUs2cFRTY0NqYVVQcUdOY3phWEFxdVFXaGhlWjc5d1FXa3dTd2J6NDVhY1Z4T21ZZWtpTFlIU21TMTBsWV9ibF9wZ1ZxbG9kMVFxSy1uYmV3PTg4NjIyMEM3 +kind: Secret +metadata: + annotations: + labels: + app: medicalalert-web + name: medicalalert-web-secrets + namespace: caresage-web +type: Opaque diff --git a/build/dev-org/service.yml b/build/dev-org/service.yml new file mode 100644 index 00000000..3358bd2d --- /dev/null +++ b/build/dev-org/service.yml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: medicalalert-web + namespace: caresage-web + labels: + app: medicalalert-web +spec: + type: NodePort + selector: + app: medicalalert-web + ports: + - protocol: TCP + port: 80 + targetPort: 80 + nodePort: 30846 diff --git a/build/dev-org/storageclass.yaml b/build/dev-org/storageclass.yaml new file mode 100644 index 00000000..0f81a4ed --- /dev/null +++ b/build/dev-org/storageclass.yaml @@ -0,0 +1,13 @@ +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: efs-sc +provisioner: efs.csi.aws.com +parameters: + provisioningMode: efs-ap +# reclaimPolicy: Retain + fileSystemId: fs-01d898a0e680dbd45 + directoryPerms: "700" + gidRangeStart: "1000" # optional + gidRangeEnd: "2000" # optional + basePath: "/dynamic_provisioning" # optional diff --git a/build/dev/configmap.yaml b/build/dev/configmap.yaml index 0724d258..9ebebfb6 100755 --- a/build/dev/configmap.yaml +++ b/build/dev/configmap.yaml @@ -1,17 +1,18 @@ apiVersion: v1 kind: ConfigMap metadata: - name: medicalalert-web-cm - namespace: caresage-web + name: lifeline-web-cm + namespace: lifeline-web labels: - app: medicalalert-web + app: lifeline-web data: - DB_HOST: dev-medicalalert-ecommerce.c5om7w6xopq1.us-east-1.rds.amazonaws.com + DB_HOST: dev-lifeline-ecommerce.c5om7w6xopq1.us-east-1.rds.amazonaws.com ENV: dev WP_DEBUG: "false" DB_CHARSET: utf8 DB_COLLATE: utf8_general_ci CACHE_HOST: master.redis-cache-all-be-caresage.cqsmse.use1.cache.amazonaws.com CACHE_PORT: "6379" - DB_NAME: "pantheon" - DB_USER: "pantheon" \ No newline at end of file + DB_USER: pantheon + DB_NAME: pantheon + SUBDB_NAME: dev03 diff --git a/build/dev/deployment.tpl b/build/dev/deployment.tpl index 506775b3..aa0b661e 100755 --- a/build/dev/deployment.tpl +++ b/build/dev/deployment.tpl @@ -4,16 +4,16 @@ metadata: annotations: deployment.kubernetes.io/revision: "11" labels: - app: medicalalert-web - name: medicalalert-web - namespace: caresage-web + app: lifeline-web + name: lifeline-web + namespace: lifeline-web spec: progressDeadlineSeconds: 600 replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: - app: medicalalert-web + app: lifeline-web strategy: rollingUpdate: maxSurge: 25% @@ -25,7 +25,7 @@ spec: kubectl.kubernetes.io/restartedAt: "2023-06-08T17:04:19-04:00" creationTimestamp: null labels: - app: medicalalert-web + app: lifeline-web spec: affinity: nodeAffinity: @@ -41,30 +41,40 @@ spec: - env: - name: ENVIRONMENT value: "$ENV" - image: 716593996126.dkr.ecr.us-east-1.amazonaws.com/medicalalert-web:$VERSION + image: 716593996126.dkr.ecr.us-east-1.amazonaws.com/lifeline-web:$VERSION envFrom: - secretRef: - name: medicalalert-web-secrets + name: lifeline-web-secrets - configMapRef: - name: medicalalert-web-cm + name: lifeline-web-cm imagePullPolicy: Always - name: medicalalert-web + name: lifeline-web ports: - containerPort: 80 name: http protocol: TCP resources: limits: - cpu: 200m - memory: 300Mi + cpu: 500m + memory: 700Mi requests: - cpu: 100m - memory: 100Mi + cpu: 300m + memory: 500Mi terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - - mountPath: /usr/share/nginx/html/wp-content/uploads + - mountPath: /usr/share/nginx/subdomain/www/wp-content/uploads name: persistent-storage + - mountPath: /usr/share/nginx/subdomain/dev01 + name: persistent-storage-dev01 + - mountPath: /usr/share/nginx/subdomain/dev02 + name: persistent-storage-dev02 + - mountPath: /usr/share/nginx/subdomain/dev03 + name: persistent-storage-dev03 + - mountPath: /usr/share/nginx/subdomain/dev04 + name: persistent-storage-dev04 + - mountPath: /usr/share/nginx/subdomain/dev05 + name: persistent-storage-dev05 - mountPath: /etc/nginx/conf.d/ name: default-conf dnsPolicy: ClusterFirst @@ -78,15 +88,23 @@ spec: volumes: - name: persistent-storage persistentVolumeClaim: - claimName: efs-claim + claimName: efs-claim-lifeline + - name: persistent-storage-dev01 + persistentVolumeClaim: + claimName: efs-claim-lifeline-dev01 + - name: persistent-storage-dev02 + persistentVolumeClaim: + claimName: efs-claim-lifeline-dev02 + - name: persistent-storage-dev03 + persistentVolumeClaim: + claimName: efs-claim-lifeline-dev03 + - name: persistent-storage-dev04 + persistentVolumeClaim: + claimName: efs-claim-lifeline-dev04 + - name: persistent-storage-dev05 + persistentVolumeClaim: + claimName: efs-claim-lifeline-dev05 - name: default-conf configMap: defaultMode: 420 - name: medicalalert-web-default-conf-cm - - - - - - - + name: lifeline-web-default-conf-cm diff --git a/build/dev/jobs.tpl b/build/dev/jobs.tpl index 194ce018..bd90bb9b 100755 --- a/build/dev/jobs.tpl +++ b/build/dev/jobs.tpl @@ -2,11 +2,12 @@ apiVersion: batch/v1 kind: Job metadata: name: common-jobs - namespace: caresage-exec + namespace: lifeline-web labels: app: lifeline-web rds: enable spec: + ttlSecondsAfterFinished: 10 template: metadata: labels: @@ -25,18 +26,18 @@ spec: - arm64 containers: - name: common-jobs - image: bitnami/percona-xtrabackup:latest + image: ubuntu:latest envFrom: - secretRef: name: lifeline-web-secrets - configMapRef: name: lifeline-web-cm - command: ["bash"] + command: ["bash"] args: - -c - - cp -rf /usr/share/nginx/html/wp-content/uploads/common-jobs.sh /root/ && /root/common-jobs.sh $JOBNAME + - cp -rf /usr/share/nginx/subdomain/www/wp-content/uploads/common-jobs.sh /root/ && chmod 755 /root/common-jobs.sh && /root/common-jobs.sh $JOBNAME volumeMounts: - - mountPath: /usr/share/nginx/html/wp-content/uploads + - mountPath: /usr/share/nginx/subdomain/www/wp-content/uploads name: persistent-storage imagePullSecrets: - name: regcred @@ -46,5 +47,4 @@ spec: volumes: - name: persistent-storage persistentVolumeClaim: - claimName: efs-claim - \ No newline at end of file + claimName: efs-claim-lifeline diff --git a/build/dev/lifeline-web-default-conf-cm.yaml b/build/dev/lifeline-web-default-conf-cm.yaml new file mode 100644 index 00000000..ddc04b5f --- /dev/null +++ b/build/dev/lifeline-web-default-conf-cm.yaml @@ -0,0 +1,285 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: lifeline-web-default-conf-cm + namespace: lifeline-web + labels: + app: lifeline-web +data: + default.conf: | + + # --------------------- + fastcgi_cache_path /var/lib/nginx/cache levels=1:2 keys_zone=MYAPP:100m inactive=60m; + fastcgi_cache_key "$scheme$request_method$host$request_uri"; + # ----------------------------------------- + fastcgi_intercept_errors on; + fastcgi_ignore_client_abort on; + fastcgi_buffers 8 16k; + fastcgi_buffer_size 32k; + fastcgi_read_timeout 120; + #fastcgi_index index.php; + # -------------------------------- + + # Only cache positive responses + proxy_cache_valid 200 1h; + proxy_cache_valid 301 302 15m; + + server { + listen 80 default; ## listen for ipv4; this line is default and implied + listen [::]:80 default ipv6only=on; ## listen for ipv6 + + server_name dev-lifeline.com ""; + + return 301 https://www.$host$request_uri; + + root /usr/share/nginx/subdomain/www; + index index.php index.html index.htm; + + } + + + subdomain.conf: | + + server { + listen 80; + listen [::]:80; + + server_name ~^(?.+)\.dev-lifeline\.com$; + + if ($http_x_forwarded_proto != 'https') { + return 301 https://$host$request_uri; + } + + root /usr/share/nginx/subdomain/$subdomain; + index index.php index.html index.htm; + sendfile off; + + # Security - Hide nginx version number in error pages and Server header + server_tokens off; + + # Add stdout logging + error_log /dev/stdout error; + access_log /dev/stdout; + + # reduce the data that needs to be sent over network + gzip on; + gzip_min_length 10240; + gzip_proxied expired no-cache no-store private auth; + gzip_types text/plain text/css text/xml application/json text/javascript application/x-javascript application/xml; + gzip_disable "MSIE [1-6]\."; + add_header 'Content-Security-Policy' 'upgrade-insecure-requests'; + add_header X-Cache-Status $upstream_cache_status; + add_header Cache-Control "public"; + + #Cache everything by default + set $no_cache 0; + + #Don't cache POST requests + if ($request_method = POST) + { + set $no_cache 1; + } + + #Don't cache if the URL contains a query string + if ($query_string != "") + { + set $no_cache 1; + } + + #Don't cache the following URLs + if ($request_uri ~* "/(administrator/|wp-login.php)") + { + set $no_cache 1; + } + + #Don't cache if there is a cookie called PHPSESSID + if ($http_cookie = "PHPSESSID") + { + set $no_cache 1; + } + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to index.php + try_files $uri $uri/ /index.php?$args; + proxy_set_header X-Forwarded-Proto $scheme; + fastcgi_param SUBDOMAIN $subdomain; # $_SERVER["SUBDOMAIN"] + include fastcgi_params; + fastcgi_cache MYAPP; + fastcgi_cache_valid 200 302 60m; + fastcgi_cache_valid 301 1h; + fastcgi_cache_valid any 1m; + fastcgi_cache_bypass $no_cache; + fastcgi_no_cache $no_cache; + + } + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/subdomain/$subdomain; + } + + # pass the PHP scripts to FastCGI server listening on socket + # + #~ \.php$ + location ~ [^/]\.php(/|$) { + proxy_set_header X-Forwarded-Proto $scheme; + try_files $uri $uri/ /index.php?$args; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_split_path_info ^(.+\.php)(/.+)$; + + fastcgi_pass unix:/run/php/php7.4-fpm.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SUBDOMAIN $subdomain; # $_SERVER["SUBDOMAIN"] + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_cache MYAPP; + fastcgi_cache_valid 200 302 60m; + fastcgi_cache_valid 301 1h; + fastcgi_cache_valid any 1m; + fastcgi_cache_bypass $no_cache; + fastcgi_no_cache $no_cache; + } + + location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { + proxy_set_header X-Forwarded-Proto $scheme; + fastcgi_cache MYAPP; + fastcgi_cache_valid 200 302 60m; + fastcgi_cache_valid 301 1h; + fastcgi_cache_valid any 1m; + proxy_cache_background_update on; + proxy_cache_lock on; + } + + # deny access to . files, for security + # + location ~ /\. { + log_not_found off; + deny all; + } + + } + + localhost.conf: | + + server { + listen 80; + listen [::]:80; + + server_name localhost; + root /usr/share/nginx/subdomain/www; + index index.php index.html index.htm; + + sendfile off; + server_tokens off; + error_log /dev/stdout error; + access_log /dev/stdout; + + # reduce the data that needs to be sent over network + gzip on; + gzip_min_length 10240; + gzip_proxied expired no-cache no-store private auth; + gzip_types text/plain text/css text/xml application/json text/javascript application/x-javascript application/xml; + gzip_disable "MSIE [1-6]\."; + add_header 'Content-Security-Policy' 'upgrade-insecure-requests'; + add_header X-Cache-Status $upstream_cache_status; + add_header Cache-Control "public"; + + #Cache everything by default + set $no_cache 0; + + #Don't cache POST requests + if ($request_method = POST) + { + set $no_cache 1; + } + + #Don't cache if the URL contains a query string + if ($query_string != "") + { + set $no_cache 1; + } + + #Don't cache the following URLs + if ($request_uri ~* "/(administrator/|wp-login.php)") + { + set $no_cache 1; + } + + #Don't cache if there is a cookie called PHPSESSID + if ($http_cookie = "PHPSESSID") + { + set $no_cache 1; + } + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to index.php + try_files $uri $uri/ /index.php?$args; + proxy_set_header X-Forwarded-Proto $scheme; + fastcgi_param SUBDOMAIN www; # $_SERVER["SUBDOMAIN"] + include fastcgi_params; + fastcgi_cache MYAPP; + fastcgi_cache_valid 200 302 60m; + fastcgi_cache_valid 301 1h; + fastcgi_cache_valid any 1m; + fastcgi_cache_bypass $no_cache; + fastcgi_no_cache $no_cache; + + } + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/subdomain/www; + } + + # pass the PHP scripts to FastCGI server listening on socket + # + #~ \.php$ + location ~ [^/]\.php(/|$) { + proxy_set_header X-Forwarded-Proto $scheme; + try_files $uri $uri/ /index.php?$args; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_split_path_info ^(.+\.php)(/.+)$; + + fastcgi_pass unix:/run/php/php7.4-fpm.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param SUBDOMAIN www; # $_SERVER["SUBDOMAIN"] + fastcgi_cache MYAPP; + fastcgi_cache_valid 200 302 60m; + fastcgi_cache_valid 301 1h; + fastcgi_cache_valid any 1m; + fastcgi_cache_bypass $no_cache; + fastcgi_no_cache $no_cache; + } + + location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { + proxy_set_header X-Forwarded-Proto $scheme; + fastcgi_cache MYAPP; + fastcgi_cache_valid 200 302 60m; + fastcgi_cache_valid 301 1h; + fastcgi_cache_valid any 1m; + proxy_cache_background_update on; + proxy_cache_lock on; + } + + # deny access to . files, for security + # + location ~ /\. { + log_not_found off; + deny all; + } + + } diff --git a/build/dev/lifeline-web-hpa.yml b/build/dev/lifeline-web-hpa.yml new file mode 100644 index 00000000..fb74c086 --- /dev/null +++ b/build/dev/lifeline-web-hpa.yml @@ -0,0 +1,13 @@ +apiVersion: autoscaling/v1 +kind: HorizontalPodAutoscaler +metadata: + name: lifeline-web-hpa + namespace: lifeline-web +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: lifeline-web + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 70 diff --git a/build/dev/medicalalert-web-default-conf-cm-image.yaml b/build/dev/medicalalert-web-default-conf-cm-image.yaml deleted file mode 100755 index a00478a2..00000000 --- a/build/dev/medicalalert-web-default-conf-cm-image.yaml +++ /dev/null @@ -1,168 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: medicalalert-web-default-conf-cm - namespace: caresage-web - labels: - app: medicalalert-web -data: - default.conf: | - - # --------------------- - fastcgi_cache_path /var/lib/nginx/cache levels=1:2 keys_zone=MYAPP:100m inactive=60m; - fastcgi_cache_key "$scheme$request_method$host$request_uri"; - - - # Only cache positive responses - proxy_cache_valid 200 1h; - proxy_cache_valid 301 302 15m; - - server { - listen 80; ## listen for ipv4; this line is default and implied - listen [::]:80 default ipv6only=on; ## listen for ipv6 - - # if ($http_x_forwarded_proto != 'https') { - #set $cond A; - #} - - #if ($http_host ~ ^localhost) { - #set $cond "${cond}B"; - - #if ($cond = AB) { - # return 301 http://$host$request_uri; - #} - - if ($http_x_forwarded_proto != 'https') { - return 301 https://$host$request_uri; - } - - - root /usr/share/nginx/html; - index index.php index.html index.htm; - - # Make site accessible from http://localhost/ - server_name localhost; - #server_name local.lifeline-prod.com; - - # Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtualbox.html - sendfile off; - - # Security - Hide nginx version number in error pages and Server header - server_tokens off; - - # Add stdout logging - error_log /dev/stdout error; - access_log /dev/stdout; - - # reduce the data that needs to be sent over network - gzip on; - gzip_min_length 10240; - gzip_proxied expired no-cache no-store private auth; - gzip_types text/plain text/css text/xml application/json text/javascript application/x-javascript application/xml; - gzip_disable "MSIE [1-6]\."; - add_header 'Content-Security-Policy' 'upgrade-insecure-requests'; - add_header X-Cache-Status $upstream_cache_status; - add_header Cache-Control "public"; - - #Cache everything by default - set $no_cache 0; - - #Don't cache POST requests - if ($request_method = POST) - { - set $no_cache 1; - } - - #Don't cache if the URL contains a query string - if ($query_string != "") - { - set $no_cache 1; - } - - #Don't cache the following URLs - if ($request_uri ~* "/(administrator/|wp-login.php)") - { - set $no_cache 1; - } - - #Don't cache if there is a cookie called PHPSESSID - if ($http_cookie = "PHPSESSID") - { - set $no_cache 1; - } - - location / { - # First attempt to serve request as file, then - # as directory, then fall back to index.php - try_files $uri $uri/ /index.php?$args; - proxy_set_header X-Forwarded-Proto $scheme; - #proxy_cache cache; - #proxy_cache_background_update on; - #proxy_cache_lock on; - #proxy_cache_revalidate on; - include /etc/nginx/fastcgi_params; - fastcgi_cache MYAPP; - fastcgi_cache_valid 200 302 60m; - fastcgi_cache_valid 301 1h; - fastcgi_cache_valid any 1m; - fastcgi_cache_bypass $no_cache; - fastcgi_no_cache $no_cache; - - } - - # redirect server error pages to the static page /50x.html - # - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } - - # pass the PHP scripts to FastCGI server listening on socket - # - #~ \.php$ - location ~ [^/]\.php(/|$) { - #try_files $uri $uri/ /index.php?$query_string; - proxy_set_header X-Forwarded-Proto $scheme; - #proxy_cache cache; - #proxy_cache_background_update on; - #proxy_cache_lock on; - #proxy_cache_revalidate on; - try_files $uri $uri/ /index.php?$args; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - fastcgi_split_path_info ^(.+\.php)(/.+)$; - - fastcgi_pass unix:/run/php/php7.4-fpm.sock; - fastcgi_index index.php; - include /etc/nginx/fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_cache MYAPP; - fastcgi_cache_valid 200 302 60m; - fastcgi_cache_valid 301 1h; - fastcgi_cache_valid any 1m; - fastcgi_cache_bypass $no_cache; - fastcgi_no_cache $no_cache; - } - - location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { - proxy_set_header X-Forwarded-Proto $scheme; - fastcgi_cache MYAPP; - fastcgi_cache_valid 200 302 60m; - fastcgi_cache_valid 301 1h; - fastcgi_cache_valid any 1m; - proxy_cache_background_update on; - proxy_cache_lock on; - access_log off; - expires max; - } - - # deny access to . files, for security - # - location ~ /\. { - log_not_found off; - deny all; - } - - } diff --git a/build/dev/medicalalert-web-default-conf-cm.yaml b/build/dev/medicalalert-web-default-conf-cm.yaml index 853c9439..627a53c7 100755 --- a/build/dev/medicalalert-web-default-conf-cm.yaml +++ b/build/dev/medicalalert-web-default-conf-cm.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: medicalalert-web-default-conf-cm - namespace: caresage-web + namespace: medicalalert-web labels: app: medicalalert-web data: @@ -11,39 +11,47 @@ data: # --------------------- fastcgi_cache_path /var/lib/nginx/cache levels=1:2 keys_zone=MYAPP:100m inactive=60m; fastcgi_cache_key "$scheme$request_method$host$request_uri"; - + # ----------------------------------------- + fastcgi_intercept_errors on; + fastcgi_ignore_client_abort on; + fastcgi_buffers 8 16k; + fastcgi_buffer_size 32k; + fastcgi_read_timeout 120; + #fastcgi_index index.php; + # -------------------------------- + # Only cache positive responses proxy_cache_valid 200 1h; proxy_cache_valid 301 302 15m; server { - listen 80; ## listen for ipv4; this line is default and implied + listen 80 default; ## listen for ipv4; this line is default and implied listen [::]:80 default ipv6only=on; ## listen for ipv6 - # if ($http_x_forwarded_proto != 'https') { - #set $cond A; - #} - - #if ($http_host ~ ^localhost) { - #set $cond "${cond}B"; + server_name dev-medicalalert.com ""; - #if ($cond = AB) { - # return 301 http://$host$request_uri; - #} + return 301 https://www.$host$request_uri; - if ($http_x_forwarded_proto != 'https') { + root /usr/share/nginx/subdomain/www; + index index.php index.html index.htm; + + } + + + subdomain.conf: | + + server { + listen 80; + listen [::]:80; + + server_name ~^(?.+)\.dev-medicalalert\.com$; + + if ($http_x_forwarded_proto != 'https') { return 301 https://$host$request_uri; } - - - root /usr/share/nginx/html; + + root /usr/share/nginx/subdomain/$subdomain; index index.php index.html index.htm; - - # Make site accessible from http://localhost/ - server_name localhost; - #server_name local.lifeline-prod.com; - - # Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtualbox.html sendfile off; # Security - Hide nginx version number in error pages and Server header @@ -95,11 +103,8 @@ data: # as directory, then fall back to index.php try_files $uri $uri/ /index.php?$args; proxy_set_header X-Forwarded-Proto $scheme; - #proxy_cache cache; - #proxy_cache_background_update on; - #proxy_cache_lock on; - #proxy_cache_revalidate on; - include /etc/nginx/fastcgi_params; + fastcgi_param SUBDOMAIN $subdomain; # $_SERVER["SUBDOMAIN"] + include fastcgi_params; fastcgi_cache MYAPP; fastcgi_cache_valid 200 302 60m; fastcgi_cache_valid 301 1h; @@ -113,19 +118,14 @@ data: # error_page 500 502 503 504 /50x.html; location = /50x.html { - root /usr/share/nginx/html; + root /usr/share/nginx/subdomain/$subdomain; } # pass the PHP scripts to FastCGI server listening on socket # #~ \.php$ location ~ [^/]\.php(/|$) { - #try_files $uri $uri/ /index.php?$query_string; proxy_set_header X-Forwarded-Proto $scheme; - #proxy_cache cache; - #proxy_cache_background_update on; - #proxy_cache_lock on; - #proxy_cache_revalidate on; try_files $uri $uri/ /index.php?$args; if (!-f $document_root$fastcgi_script_name) { return 404; @@ -134,7 +134,8 @@ data: fastcgi_pass unix:/run/php/php7.4-fpm.sock; fastcgi_index index.php; - include /etc/nginx/fastcgi_params; + include fastcgi_params; + fastcgi_param SUBDOMAIN $subdomain; # $_SERVER["SUBDOMAIN"] fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_cache MYAPP; @@ -163,3 +164,122 @@ data: } } + + localhost.conf: | + + server { + listen 80; + listen [::]:80; + + server_name localhost; + root /usr/share/nginx/subdomain/www; + index index.php index.html index.htm; + + sendfile off; + server_tokens off; + error_log /dev/stdout error; + access_log /dev/stdout; + + # reduce the data that needs to be sent over network + gzip on; + gzip_min_length 10240; + gzip_proxied expired no-cache no-store private auth; + gzip_types text/plain text/css text/xml application/json text/javascript application/x-javascript application/xml; + gzip_disable "MSIE [1-6]\."; + add_header 'Content-Security-Policy' 'upgrade-insecure-requests'; + add_header X-Cache-Status $upstream_cache_status; + add_header Cache-Control "public"; + + #Cache everything by default + set $no_cache 0; + + #Don't cache POST requests + if ($request_method = POST) + { + set $no_cache 1; + } + + #Don't cache if the URL contains a query string + if ($query_string != "") + { + set $no_cache 1; + } + + #Don't cache the following URLs + if ($request_uri ~* "/(administrator/|wp-login.php)") + { + set $no_cache 1; + } + + #Don't cache if there is a cookie called PHPSESSID + if ($http_cookie = "PHPSESSID") + { + set $no_cache 1; + } + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to index.php + try_files $uri $uri/ /index.php?$args; + proxy_set_header X-Forwarded-Proto $scheme; + fastcgi_param SUBDOMAIN www; # $_SERVER["SUBDOMAIN"] + include fastcgi_params; + fastcgi_cache MYAPP; + fastcgi_cache_valid 200 302 60m; + fastcgi_cache_valid 301 1h; + fastcgi_cache_valid any 1m; + fastcgi_cache_bypass $no_cache; + fastcgi_no_cache $no_cache; + + } + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/subdomain/www; + } + + # pass the PHP scripts to FastCGI server listening on socket + # + #~ \.php$ + location ~ [^/]\.php(/|$) { + proxy_set_header X-Forwarded-Proto $scheme; + try_files $uri $uri/ /index.php?$args; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_split_path_info ^(.+\.php)(/.+)$; + + fastcgi_pass unix:/run/php/php7.4-fpm.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param SUBDOMAIN www; # $_SERVER["SUBDOMAIN"] + fastcgi_cache MYAPP; + fastcgi_cache_valid 200 302 60m; + fastcgi_cache_valid 301 1h; + fastcgi_cache_valid any 1m; + fastcgi_cache_bypass $no_cache; + fastcgi_no_cache $no_cache; + } + + location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { + proxy_set_header X-Forwarded-Proto $scheme; + fastcgi_cache MYAPP; + fastcgi_cache_valid 200 302 60m; + fastcgi_cache_valid 301 1h; + fastcgi_cache_valid any 1m; + proxy_cache_background_update on; + proxy_cache_lock on; + } + + # deny access to . files, for security + # + location ~ /\. { + log_not_found off; + deny all; + } + + } diff --git a/build/dev/pod.tpl b/build/dev/pod.tpl new file mode 100644 index 00000000..445013a1 --- /dev/null +++ b/build/dev/pod.tpl @@ -0,0 +1,43 @@ +apiVersion: v1 +kind: Pod +metadata: + name: common-job-pod + namespace: lifeline-web + labels: + app: lifeline-web + rds: enable +spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - arm64 + containers: + - name: common-job + image: ubuntu:latest + envFrom: + - secretRef: + name: lifeline-web-secrets + - configMapRef: + name: lifeline-web-cm + command: ["bash"] + args: + - -c + - sleep infinity + volumeMounts: + - mountPath: /usr/share/nginx/subdomain/www/wp-content/uploads + name: persistent-storage + imagePullSecrets: + - name: regcred + nodeSelector: + kubernetes.io/os: linux + restartPolicy: Never + volumes: + - name: persistent-storage + persistentVolumeClaim: + claimName: efs-claim-lifeline diff --git a/build/dev/pvc.yml b/build/dev/pvc.yml index 097d2d8c..3dd52c8c 100755 --- a/build/dev/pvc.yml +++ b/build/dev/pvc.yml @@ -1,13 +1,77 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: efs-claim-lifeline + namespace: lifeline-web +spec: + accessModes: + - ReadWriteMany + storageClassName: efs-sc + resources: + requests: + storage: 5Gi --- apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: efs-claim-medicalalert - namespace: caresage-web + name: efs-claim-lifeline-dev05 + namespace: lifeline-web spec: accessModes: - - ReadWriteMany + - ReadWriteMany storageClassName: efs-sc resources: requests: - storage: 10Gi + storage: 3Gi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: efs-claim-lifeline-dev04 + namespace: lifeline-web +spec: + accessModes: + - ReadWriteMany + storageClassName: efs-sc + resources: + requests: + storage: 3Gi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: efs-claim-lifeline-dev03 + namespace: lifeline-web +spec: + accessModes: + - ReadWriteMany + storageClassName: efs-sc + resources: + requests: + storage: 3Gi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: efs-claim-lifeline-dev02 + namespace: lifeline-web +spec: + accessModes: + - ReadWriteMany + storageClassName: efs-sc + resources: + requests: + storage: 3Gi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: efs-claim-lifeline-dev01 + namespace: lifeline-web +spec: + accessModes: + - ReadWriteMany + storageClassName: efs-sc + resources: + requests: + storage: 3Gi diff --git a/build/dev/secrets.yaml b/build/dev/secrets.yaml index 94de1302..cdb4f2b6 100644 --- a/build/dev/secrets.yaml +++ b/build/dev/secrets.yaml @@ -1,13 +1,12 @@ apiVersion: v1 -data: - CACHE_PASSWORD: UU1FRVQ0ZG15VlE4OXZKWUFSUjdQQXhoUU1FRVQ0ZG15VlE4OXZKWUFSUjdQQXho - DB_PASSWORD: cGFudGhlb24= - TOKEN: QVRDVFQzeEZmR04wbXpCZjF4NDVaSkVIa3l0eWVYX0NvWXJRSHJwbHk4RlUzWG1wTjZHcGNjNHU5RzB5bW5DMzg2SjFQUTFSR3Z3VG10QWN3WUVmc2s5MGt4UDQxVEc3Q0xhSWwtYUs2cFRTY0NqYVVQcUdOY3phWEFxdVFXaGhlWjc5d1FXa3dTd2J6NDVhY1Z4T21ZZWtpTFlIU21TMTBsWV9ibF9wZ1ZxbG9kMVFxSy1uYmV3PTg4NjIyMEM3 kind: Secret metadata: - annotations: + name: lifeline-web-secrets + namespace: lifeline-web labels: - app: medicalalert-web - name: medicalalert-web-secrets - namespace: caresage-web + app: lifeline-web type: Opaque +data: + DB_PASSWORD: cGFudGhlb24= + CACHE_PASSWORD: UU1FRVQ0ZG15VlE4OXZKWUFSUjdQQXhoUU1FRVQ0ZG15VlE4OXZKWUFSUjdQQXho + TOKEN: QVRDVFQzeEZmR04wbXpCZjF4NDVaSkVIa3l0eWVYX0NvWXJRSHJwbHk4RlUzWG1wTjZHcGNjNHU5RzB5bW5DMzg2SjFQUTFSR3Z3VG10QWN3WUVmc2s5MGt4UDQxVEc3Q0xhSWwtYUs2cFRTY0NqYVVQcUdOY3phWEFxdVFXaGhlWjc5d1FXa3dTd2J6NDVhY1Z4T21ZZWtpTFlIU21TMTBsWV9ibF9wZ1ZxbG9kMVFxSy1uYmV3PTg4NjIyMEM3 diff --git a/build/dev/service.yml b/build/dev/service.yml index 3358bd2d..aebe136d 100755 --- a/build/dev/service.yml +++ b/build/dev/service.yml @@ -1,16 +1,16 @@ apiVersion: v1 kind: Service metadata: - name: medicalalert-web - namespace: caresage-web + name: lifeline-web + namespace: lifeline-web labels: - app: medicalalert-web + app: lifeline-web spec: type: NodePort selector: - app: medicalalert-web + app: lifeline-web ports: - protocol: TCP port: 80 targetPort: 80 - nodePort: 30846 + nodePort: 30843 diff --git a/build/dev/storageclass.yaml b/build/dev/storageclass.yaml index 0f81a4ed..6d4acbd2 100755 --- a/build/dev/storageclass.yaml +++ b/build/dev/storageclass.yaml @@ -3,9 +3,11 @@ apiVersion: storage.k8s.io/v1 metadata: name: efs-sc provisioner: efs.csi.aws.com + #reclaimPolicy: Retain +allowVolumeExpansion: true +volumeBindingMode: Immediate parameters: provisioningMode: efs-ap -# reclaimPolicy: Retain fileSystemId: fs-01d898a0e680dbd45 directoryPerms: "700" gidRangeStart: "1000" # optional diff --git a/build/qa/configmap.yaml b/build/qa/configmap.yaml new file mode 100644 index 00000000..0724d258 --- /dev/null +++ b/build/qa/configmap.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: medicalalert-web-cm + namespace: caresage-web + labels: + app: medicalalert-web +data: + DB_HOST: dev-medicalalert-ecommerce.c5om7w6xopq1.us-east-1.rds.amazonaws.com + ENV: dev + WP_DEBUG: "false" + DB_CHARSET: utf8 + DB_COLLATE: utf8_general_ci + CACHE_HOST: master.redis-cache-all-be-caresage.cqsmse.use1.cache.amazonaws.com + CACHE_PORT: "6379" + DB_NAME: "pantheon" + DB_USER: "pantheon" \ No newline at end of file diff --git a/build/qa/deployment.tpl b/build/qa/deployment.tpl new file mode 100644 index 00000000..506775b3 --- /dev/null +++ b/build/qa/deployment.tpl @@ -0,0 +1,92 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + deployment.kubernetes.io/revision: "11" + labels: + app: medicalalert-web + name: medicalalert-web + namespace: caresage-web +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: medicalalert-web + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + kubectl.kubernetes.io/restartedAt: "2023-06-08T17:04:19-04:00" + creationTimestamp: null + labels: + app: medicalalert-web + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - arm64 + containers: + - env: + - name: ENVIRONMENT + value: "$ENV" + image: 716593996126.dkr.ecr.us-east-1.amazonaws.com/medicalalert-web:$VERSION + envFrom: + - secretRef: + name: medicalalert-web-secrets + - configMapRef: + name: medicalalert-web-cm + imagePullPolicy: Always + name: medicalalert-web + ports: + - containerPort: 80 + name: http + protocol: TCP + resources: + limits: + cpu: 200m + memory: 300Mi + requests: + cpu: 100m + memory: 100Mi + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /usr/share/nginx/html/wp-content/uploads + name: persistent-storage + - mountPath: /etc/nginx/conf.d/ + name: default-conf + dnsPolicy: ClusterFirst + imagePullSecrets: + - name: regcred + nodeSelector: + kubernetes.io/os: linux + restartPolicy: Always + schedulerName: default-scheduler + terminationGracePeriodSeconds: 30 + volumes: + - name: persistent-storage + persistentVolumeClaim: + claimName: efs-claim + - name: default-conf + configMap: + defaultMode: 420 + name: medicalalert-web-default-conf-cm + + + + + + + diff --git a/build/qa/deployment.yml b/build/qa/deployment.yml new file mode 100644 index 00000000..7581d4a1 --- /dev/null +++ b/build/qa/deployment.yml @@ -0,0 +1,98 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + deployment.kubernetes.io/revision: "11" + labels: + app: medicalalert-web + name: medicalalert-web + namespace: caresage-web +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: medicalalert-web + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + kubectl.kubernetes.io/restartedAt: "2023-06-08T17:04:19-04:00" + creationTimestamp: null + labels: + app: medicalalert-web + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - arm64 + containers: + - env: + - name: ENVIRONMENT + value: dev + image: 716593996126.dkr.ecr.us-east-1.amazonaws.com/medicalalert-web:v01 + envFrom: + - secretRef: + name: medicalalert-web-secrets + - configMapRef: + name: medicalalert-web-cm + imagePullPolicy: Always + name: medicalalert-web + ports: + - containerPort: 80 + name: http + protocol: TCP + resources: + limits: + cpu: 200m + memory: 300Mi + requests: + cpu: 100m + memory: 100Mi + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /usr/share/nginx/html/wp-content/uploads + name: persistent-storage + - mountPath: /etc/nginx/conf.d/ + name: default-conf + - mountPath: /var/lib/nginx/cache + name: cache + dnsPolicy: ClusterFirst + imagePullSecrets: + - name: regcred + nodeSelector: + kubernetes.io/os: linux + restartPolicy: Always + schedulerName: default-scheduler + terminationGracePeriodSeconds: 30 + volumes: + - name: persistent-storage + persistentVolumeClaim: + claimName: efs-claim-medicalalert + - name: default-conf + configMap: + defaultMode: 420 + name: medicalalert-web-default-conf-cm + - name: cache + emptyDir: {} + + + + + + + + + diff --git a/build/qa/jobs.tpl b/build/qa/jobs.tpl new file mode 100644 index 00000000..194ce018 --- /dev/null +++ b/build/qa/jobs.tpl @@ -0,0 +1,50 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: common-jobs + namespace: caresage-exec + labels: + app: lifeline-web + rds: enable +spec: + template: + metadata: + labels: + app: lifeline-web + rds: enable + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - arm64 + containers: + - name: common-jobs + image: bitnami/percona-xtrabackup:latest + envFrom: + - secretRef: + name: lifeline-web-secrets + - configMapRef: + name: lifeline-web-cm + command: ["bash"] + args: + - -c + - cp -rf /usr/share/nginx/html/wp-content/uploads/common-jobs.sh /root/ && /root/common-jobs.sh $JOBNAME + volumeMounts: + - mountPath: /usr/share/nginx/html/wp-content/uploads + name: persistent-storage + imagePullSecrets: + - name: regcred + nodeSelector: + kubernetes.io/os: linux + restartPolicy: Never + volumes: + - name: persistent-storage + persistentVolumeClaim: + claimName: efs-claim + \ No newline at end of file diff --git a/build/qa/medicalalert-web-default-conf-cm.yaml b/build/qa/medicalalert-web-default-conf-cm.yaml new file mode 100644 index 00000000..382a6c20 --- /dev/null +++ b/build/qa/medicalalert-web-default-conf-cm.yaml @@ -0,0 +1,285 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: medicalalert-web-default-conf-cm + namespace: medicalalert-web + labels: + app: medicalalert-web +data: + default.conf: | + + # --------------------- + fastcgi_cache_path /var/lib/nginx/cache levels=1:2 keys_zone=MYAPP:100m inactive=60m; + fastcgi_cache_key "$scheme$request_method$host$request_uri"; + # ----------------------------------------- + fastcgi_intercept_errors on; + fastcgi_ignore_client_abort on; + fastcgi_buffers 8 16k; + fastcgi_buffer_size 32k; + fastcgi_read_timeout 120; + #fastcgi_index index.php; + # -------------------------------- + + # Only cache positive responses + proxy_cache_valid 200 1h; + proxy_cache_valid 301 302 15m; + + server { + listen 80 default; ## listen for ipv4; this line is default and implied + listen [::]:80 default ipv6only=on; ## listen for ipv6 + + server_name qa-medicalalert.com ""; + + return 301 https://www.$host$request_uri; + + root /usr/share/nginx/subdomain/www; + index index.php index.html index.htm; + + } + + + subdomain.conf: | + + server { + listen 80; + listen [::]:80; + + server_name ~^(?.+)\.qa-medicalalert\.com$; + + if ($http_x_forwarded_proto != 'https') { + return 301 https://$host$request_uri; + } + + root /usr/share/nginx/subdomain/$subdomain; + index index.php index.html index.htm; + sendfile off; + + # Security - Hide nginx version number in error pages and Server header + server_tokens off; + + # Add stdout logging + error_log /dev/stdout error; + access_log /dev/stdout; + + # reduce the data that needs to be sent over network + gzip on; + gzip_min_length 10240; + gzip_proxied expired no-cache no-store private auth; + gzip_types text/plain text/css text/xml application/json text/javascript application/x-javascript application/xml; + gzip_disable "MSIE [1-6]\."; + add_header 'Content-Security-Policy' 'upgrade-insecure-requests'; + add_header X-Cache-Status $upstream_cache_status; + add_header Cache-Control "public"; + + #Cache everything by default + set $no_cache 0; + + #Don't cache POST requests + if ($request_method = POST) + { + set $no_cache 1; + } + + #Don't cache if the URL contains a query string + if ($query_string != "") + { + set $no_cache 1; + } + + #Don't cache the following URLs + if ($request_uri ~* "/(administrator/|wp-login.php)") + { + set $no_cache 1; + } + + #Don't cache if there is a cookie called PHPSESSID + if ($http_cookie = "PHPSESSID") + { + set $no_cache 1; + } + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to index.php + try_files $uri $uri/ /index.php?$args; + proxy_set_header X-Forwarded-Proto $scheme; + fastcgi_param SUBDOMAIN $subdomain; # $_SERVER["SUBDOMAIN"] + include fastcgi_params; + fastcgi_cache MYAPP; + fastcgi_cache_valid 200 302 60m; + fastcgi_cache_valid 301 1h; + fastcgi_cache_valid any 1m; + fastcgi_cache_bypass $no_cache; + fastcgi_no_cache $no_cache; + + } + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/subdomain/$subdomain; + } + + # pass the PHP scripts to FastCGI server listening on socket + # + #~ \.php$ + location ~ [^/]\.php(/|$) { + proxy_set_header X-Forwarded-Proto $scheme; + try_files $uri $uri/ /index.php?$args; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_split_path_info ^(.+\.php)(/.+)$; + + fastcgi_pass unix:/run/php/php7.4-fpm.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SUBDOMAIN $subdomain; # $_SERVER["SUBDOMAIN"] + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_cache MYAPP; + fastcgi_cache_valid 200 302 60m; + fastcgi_cache_valid 301 1h; + fastcgi_cache_valid any 1m; + fastcgi_cache_bypass $no_cache; + fastcgi_no_cache $no_cache; + } + + location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { + proxy_set_header X-Forwarded-Proto $scheme; + fastcgi_cache MYAPP; + fastcgi_cache_valid 200 302 60m; + fastcgi_cache_valid 301 1h; + fastcgi_cache_valid any 1m; + proxy_cache_background_update on; + proxy_cache_lock on; + } + + # deny access to . files, for security + # + location ~ /\. { + log_not_found off; + deny all; + } + + } + + localhost.conf: | + + server { + listen 80; + listen [::]:80; + + server_name localhost; + root /usr/share/nginx/subdomain/www; + index index.php index.html index.htm; + + sendfile off; + server_tokens off; + error_log /dev/stdout error; + access_log /dev/stdout; + + # reduce the data that needs to be sent over network + gzip on; + gzip_min_length 10240; + gzip_proxied expired no-cache no-store private auth; + gzip_types text/plain text/css text/xml application/json text/javascript application/x-javascript application/xml; + gzip_disable "MSIE [1-6]\."; + add_header 'Content-Security-Policy' 'upgrade-insecure-requests'; + add_header X-Cache-Status $upstream_cache_status; + add_header Cache-Control "public"; + + #Cache everything by default + set $no_cache 0; + + #Don't cache POST requests + if ($request_method = POST) + { + set $no_cache 1; + } + + #Don't cache if the URL contains a query string + if ($query_string != "") + { + set $no_cache 1; + } + + #Don't cache the following URLs + if ($request_uri ~* "/(administrator/|wp-login.php)") + { + set $no_cache 1; + } + + #Don't cache if there is a cookie called PHPSESSID + if ($http_cookie = "PHPSESSID") + { + set $no_cache 1; + } + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to index.php + try_files $uri $uri/ /index.php?$args; + proxy_set_header X-Forwarded-Proto $scheme; + fastcgi_param SUBDOMAIN www; # $_SERVER["SUBDOMAIN"] + include fastcgi_params; + fastcgi_cache MYAPP; + fastcgi_cache_valid 200 302 60m; + fastcgi_cache_valid 301 1h; + fastcgi_cache_valid any 1m; + fastcgi_cache_bypass $no_cache; + fastcgi_no_cache $no_cache; + + } + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/subdomain/www; + } + + # pass the PHP scripts to FastCGI server listening on socket + # + #~ \.php$ + location ~ [^/]\.php(/|$) { + proxy_set_header X-Forwarded-Proto $scheme; + try_files $uri $uri/ /index.php?$args; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_split_path_info ^(.+\.php)(/.+)$; + + fastcgi_pass unix:/run/php/php7.4-fpm.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param SUBDOMAIN www; # $_SERVER["SUBDOMAIN"] + fastcgi_cache MYAPP; + fastcgi_cache_valid 200 302 60m; + fastcgi_cache_valid 301 1h; + fastcgi_cache_valid any 1m; + fastcgi_cache_bypass $no_cache; + fastcgi_no_cache $no_cache; + } + + location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { + proxy_set_header X-Forwarded-Proto $scheme; + fastcgi_cache MYAPP; + fastcgi_cache_valid 200 302 60m; + fastcgi_cache_valid 301 1h; + fastcgi_cache_valid any 1m; + proxy_cache_background_update on; + proxy_cache_lock on; + } + + # deny access to . files, for security + # + location ~ /\. { + log_not_found off; + deny all; + } + + } diff --git a/build/qa/medicalalert-web-hpa.yml b/build/qa/medicalalert-web-hpa.yml new file mode 100644 index 00000000..baf41dbf --- /dev/null +++ b/build/qa/medicalalert-web-hpa.yml @@ -0,0 +1,13 @@ +apiVersion: autoscaling/v1 +kind: HorizontalPodAutoscaler +metadata: + name: medicalalert-web-hpa + namespace: caresage-web +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: medicalalert-web + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 70 diff --git a/build/qa/pvc.yml b/build/qa/pvc.yml new file mode 100644 index 00000000..097d2d8c --- /dev/null +++ b/build/qa/pvc.yml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: efs-claim-medicalalert + namespace: caresage-web +spec: + accessModes: + - ReadWriteMany + storageClassName: efs-sc + resources: + requests: + storage: 10Gi diff --git a/build/qa/secrets.yaml b/build/qa/secrets.yaml new file mode 100644 index 00000000..94de1302 --- /dev/null +++ b/build/qa/secrets.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +data: + CACHE_PASSWORD: UU1FRVQ0ZG15VlE4OXZKWUFSUjdQQXhoUU1FRVQ0ZG15VlE4OXZKWUFSUjdQQXho + DB_PASSWORD: cGFudGhlb24= + TOKEN: QVRDVFQzeEZmR04wbXpCZjF4NDVaSkVIa3l0eWVYX0NvWXJRSHJwbHk4RlUzWG1wTjZHcGNjNHU5RzB5bW5DMzg2SjFQUTFSR3Z3VG10QWN3WUVmc2s5MGt4UDQxVEc3Q0xhSWwtYUs2cFRTY0NqYVVQcUdOY3phWEFxdVFXaGhlWjc5d1FXa3dTd2J6NDVhY1Z4T21ZZWtpTFlIU21TMTBsWV9ibF9wZ1ZxbG9kMVFxSy1uYmV3PTg4NjIyMEM3 +kind: Secret +metadata: + annotations: + labels: + app: medicalalert-web + name: medicalalert-web-secrets + namespace: caresage-web +type: Opaque diff --git a/build/qa/service.yml b/build/qa/service.yml new file mode 100644 index 00000000..3358bd2d --- /dev/null +++ b/build/qa/service.yml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: medicalalert-web + namespace: caresage-web + labels: + app: medicalalert-web +spec: + type: NodePort + selector: + app: medicalalert-web + ports: + - protocol: TCP + port: 80 + targetPort: 80 + nodePort: 30846 diff --git a/build/qa/storageclass.yaml b/build/qa/storageclass.yaml new file mode 100644 index 00000000..0f81a4ed --- /dev/null +++ b/build/qa/storageclass.yaml @@ -0,0 +1,13 @@ +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: efs-sc +provisioner: efs.csi.aws.com +parameters: + provisioningMode: efs-ap +# reclaimPolicy: Retain + fileSystemId: fs-01d898a0e680dbd45 + directoryPerms: "700" + gidRangeStart: "1000" # optional + gidRangeEnd: "2000" # optional + basePath: "/dynamic_provisioning" # optional diff --git a/common-jobs-bitbucket.sh b/common-jobs-bitbucket.sh new file mode 100644 index 00000000..bdd4222c --- /dev/null +++ b/common-jobs-bitbucket.sh @@ -0,0 +1,162 @@ +#!/bin/bash + +# Install the required packages # +# -------------------------------------------------------------- +apk upgrade && apk add curl wget zip unzip +curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl && chmod +x ./kubectl && mv ./kubectl /usr/local/bin/kubectl + +. ./setenv.sh +# ---------------------------------------------------------------------- +export CLUSTER=caresage-eks-cluster-$ENV +export SUBDOMAIN=`echo $URL_DOMAIN | awk -F. '{print $1}'` +export APP=`echo $URL_DOMAIN | awk -F[.-] '{print $3}'` +export NAMESPACE=$APP-web +export REPO=$BITBUCKET_REPO_SLUG + +# --------------------------- +echo "export SUBDOMAIN=`echo $URL_DOMAIN | awk -F. '{print $1}'`" >> setenv.sh +echo "export NEW_URL=https://$URL_DOMAIN" >> setenv.sh +echo "export APP=`echo $URL_DOMAIN | awk -F[.-] '{print $3}'`" >> setenv.sh +echo "export NAMESPACE=$APP-web" >> setenv.sh +echo "export REPO=$BITBUCKET_REPO_SLUG" >> setenv.sh +# --------------------------------------------------------------- +echo "JOBNAME -- $JOBNAME" +echo "ENV -- $ENV" +echo "CLUSTER -- $CLUSTER" +echo "VERSION -- $BITBUCKET_BUILD_NUMBER" +echo "RESTORE_VERSION -- $RESTORE_VERSION" +echo "URL_DOMAIN -- $URL_DOMAIN" +echo "SUBDOMAIN -- $SUBDOMAIN" +echo "VERSION -- $VERSION" +echo "RESTORE_VERSION -- $RESTORE_VERSION" +echo "DB_NAME -- $DB_NAME" +echo "MYSQL_FILE_NAME -- $MYSQL_FILE_NAME" +echo "STATIC_FILE_NAME -- $STATIC_FILE_NAME" + +cat ./setenv.sh +# ------------------------------------------------------------------------------------------------------------------------- +opt=$1 +deploy_version=$2 + +case $opt in + + +subdomain_deploy) + +echo "Deploy the wordpress source code fromo the branch to pvc mount of subdomain..." +aws eks update-kubeconfig --name caresage-eks-cluster-$ENV --region us-east-1 +kubectl apply -f build/$ENV/pod.tpl && sleep 15 && echo pod-created +kubectl cp wp $NAMESPACE/common-job-pod:/tmp && echo "wp copy to /tmp done" || exit 9 +kubectl cp setenv.sh $NAMESPACE/common-job-pod:/tmp/setenv.sh && echo "setenv copy done" || exit 9 +kubectl exec common-job-pod -n $NAMESPACE -- sh -c 'chmod 755 /tmp/setenv.sh' +kubectl exec common-job-pod -n $NAMESPACE -- sh -c '. /tmp/setenv.sh ; cp -rf /tmp/wp/* /usr/share/nginx/subdomain/$SUBDOMAIN/' +echo $URL_DOMAIN | grep www && echo "maindomain $URL_DOMAIN" || kubectl delete po common-job-pod -n $NAMESPACE + +;; + + +mysql-backup) + +echo "Running mysql backup with s3..." +aws eks update-kubeconfig --name caresage-eks-cluster-$ENV --region us-east-1 +kubectl apply -f build/$ENV/pod.tpl && sleep 15 + +kubectl cp setenv.sh $NAMESPACE/common-job-pod:/tmp/setenv.sh +kubectl exec common-job-pod -n $NAMESPACE -- sh -c 'chmod 755 /tmp/setenv.sh' + +kubectl exec common-job-pod -n $NAMESPACE -- apt update +kubectl exec common-job-pod -n $NAMESPACE -- apt install zip wget unzip curl mariadb-client -y +kubectl exec common-job-pod -n $NAMESPACE -- sh -c '. /tmp/setenv.sh ;mysqldump -h $DB_HOST --single-transaction --quick --lock-tables=false --user=$DB_USER --password=$DB_PASSWORD $SUBDOMAIN --skip-lock-tables | gzip > /tmp/$NAMESPACE-pantheon.sql.gz' + +kubectl cp $NAMESPACE/common-job-pod:/tmp/$NAMESPACE-pantheon.sql.gz $NAMESPACE-pantheon-$VERSION-$ENV-$SUBDOMAIN-$(date +%Y-%m-%dT%H_%M_%S).sql.gz +FILE=`ls $NAMESPACE-pantheon-*.sql.gz` + +aws s3 cp $FILE s3://commonjobs/$NAMESPACE/$opt/ + +curl --request POST -F files=@"$FILE" --url "https://api.bitbucket.org/2.0/repositories/connectamerica/$REPO/downloads" \ + --header "Authorization: Bearer $TOKEN" + +kubectl delete po common-job-pod -n $NAMESPACE + +;; + +wp-data-backup) + +aws eks update-kubeconfig --name caresage-eks-cluster-$ENV --region us-east-1 +kubectl apply -f build/$ENV/pod.tpl && sleep 15 +kubectl cp setenv.sh $NAMESPACE/common-job-pod:/tmp/setenv.sh +kubectl exec common-job-pod -n $NAMESPACE -- sh -c 'chmod 755 /tmp/setenv.sh' +kubectl exec common-job-pod -n $NAMESPACE -- apt update +kubectl exec common-job-pod -n $NAMESPACE -- apt install wget zip unzip curl -y +kubectl exec common-job-pod -n $NAMESPACE -- sh -c '. /tmp/setenv.sh;cd /usr/share/nginx/subdomain/$SUBDOMAIN/wp-content/uploads;zip -r /tmp/upload.zip .' +kubectl cp $NAMESPACE/common-job-pod:/tmp/upload.zip $NAMESPACE-$VERSION-$ENV-$SUBDOMAIN-$(date +%Y-%m-%dT%H_%M_%S).zip +FILE=`ls $NAMESPACE-*.zip` +aws s3 cp $FILE s3://commonjobs/$NAMESPACE/$opt/ +kubectl delete po common-job-pod -n $NAMESPACE +;; + + + +mysql-restore) + +aws eks update-kubeconfig --name caresage-eks-cluster-$ENV --region us-east-1 +kubectl apply -f build/$ENV/pod.tpl && sleep 15 +kubectl cp setenv.sh $NAMESPACE/common-job-pod:/tmp/setenv.sh +kubectl exec common-job-pod -n $NAMESPACE -- sh -c 'chmod 755 /tmp/setenv.sh' + +[ -n "$RESTORE_VERSION" ] && FILE=$RESTORE_VERSION || FILE=$deploy_version + +kubectl exec common-job-pod -n $NAMESPACE -- apt update +kubectl exec common-job-pod -n $NAMESPACE -- apt install zip wget unzip curl mariadb-client -y + +#Check if file is present in bitbucket download else check on s3 +# ------------------------------------------------------------------- +curl -s -L -O -H "Authorization: Bearer $TOKEN" https://api.bitbucket.org/2.0/repositories/connectamerica/$REPO/downloads/$FILE && echo file_downloaded || aws s3 cp s3://commonjobs/$NAMESPACE/mysql-backup/$FILE $FILE + + + +kubectl cp $FILE $NAMESPACE/common-job-pod:/tmp/$FILE + +#Create schema if not present # +# ------------------------------- +kubectl exec common-job-pod -n $NAMESPACE -- sh -c '. /tmp/setenv.sh; mysql -h $DB_HOST --user=$DB_USER --password=$DB_PASSWORD -e "create schema IF NOT EXISTS $SUBDOMAIN"' + +kubectl exec common-job-pod -n $NAMESPACE -- sh -c '. /tmp/setenv.sh; export FILE=`ls /tmp/*.sql.gz` ; gunzip -c $FILE | mysql -h $DB_HOST --user=$DB_USER --password=$DB_PASSWORD $SUBDOMAIN' + + +kubectl exec common-job-pod -n $NAMESPACE -- sh -c 'wget https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar ; chmod u+x wp-cli.phar;mv wp-cli.phar /usr/local/bin/wp; php /usr/local/bin/wp --info' +kubectl exec common-job-pod -n $NAMESPACE -- sh -c '. /tmp/setenv.sh; OLD_URL=`wp option get siteurl --allow-root --path=/usr/share/nginx/subdomain/$SUBDOMAIN`; echo "export OLD_URL=$OLD_URL" >> /tmp/setenv.sh' +kubectl exec common-job-pod -n $NAMESPACE -- sh -c '. /tmp/setenv.sh; wp search-replace --allow-root --path=/usr/share/nginx/subdomain/$SUBDOMAIN "$OLD_URL" "$NEW_URL"' + +kubectl delete po common-job-pod -n $NAMESPACE + +;; + +wp-data-restore) +aws eks update-kubeconfig --name caresage-eks-cluster-$ENV --region us-east-1 +kubectl apply -f build/$ENV/pod.tpl && sleep 60 || exit 9 +kubectl get po common-job-pod -n $NAMESPACE | grep -i pending && exit 9 || echo ----common-pod-NOT-in-pending-state -- + +kubectl cp setenv.sh $NAMESPACE/common-job-pod:/tmp/setenv.sh +kubectl exec common-job-pod -n $NAMESPACE -- sh -c 'chmod 755 /tmp/setenv.sh' + +[ -n "$RESTORE_VERSION" ] && FILE=$RESTORE_VERSION || FILE=$deploy_version + +kubectl exec common-job-pod -n $NAMESPACE -- apt update +kubectl exec common-job-pod -n $NAMESPACE -- apt install wget zip unzip curl -y +aws s3 cp s3://commonjobs/$NAMESPACE/wp-data-backup/$FILE $FILE +kubectl cp $FILE $NAMESPACE/common-job-pod:/tmp/$FILE +kubectl exec common-job-pod -n $NAMESPACE -- sh -c '. /tmp/setenv.sh; mkdir -p /usr/share/nginx/subdomain/$SUBDOMAIN/wp-content/uploads' +kubectl exec common-job-pod -n $NAMESPACE -- sh -c '. /tmp/setenv.sh;export FILE=`ls /tmp/*.zip`;unzip -o $FILE -d /usr/share/nginx/subdomain/$SUBDOMAIN/wp-content/uploads' +kubectl delete po common-job-pod -n $NAMESPACE + +;; + + *) + echo "common job shell script utility taking variables from env" + echo "Usage: $0 {mysql-backup|wp-data-backup|mysql-restore|wp-data-restore}" + echo "mysql-backup : Run MySQL backup utility and upload" + echo "mysql-restore : Run MySQL backup utility and upload it to bitbucket." + echo "wp-data-backup : Run web server backup utility and uplaod." + echo "wp-data-restore : Run web server backup utility and uplaod to bitbucket." ;; +esac diff --git a/common-jobs.sh b/common-jobs.sh new file mode 100644 index 00000000..ae0e47b8 --- /dev/null +++ b/common-jobs.sh @@ -0,0 +1,68 @@ +#!/bin/bash + + +# Install the required packages # +# -------------------------------------------------------------- +apt update && apt install curl unzip zip mariadb-client -y +curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" && unzip awscliv2.zip && ./aws/install +# ------------------------------------------------------------------------------------------------------------------------- + +opt=$1 +case $opt in + mysql-backup) + echo "Running mysql backup with s3..." + export DATABASES=perchon + export MYSQL_USER=perchona + + # execute the command now # + # -------------------------------------------------------------------------------------------------------------- + mysqldump -h $DB_HOST --single-transaction --quick --lock-tables=false --user=pantheon --password=$DB_PASSWORD \ + pantheon --skip-lock-tables | gzip > "/tmp/lifeline-web-pantheon-$(date +%Y-%m-%dT%H_%M_%S).sql.gz" + # ---------------------------------------------------------------------------------------------------------- + + # upload the same to s3 # + # ----------------------------------------- + # aws s3 cp /tmp/lifeline-web-pantheon-*.sql.gz s3://caresage-dev-ws/mysqlbackups/ + # aws s3 ls s3://caresage-dev-ws/mysqlbackups/ + + # upload to bitbucket # + # --------------------------------------- + FILE=`ls /tmp/lifeline-web-pantheon-*.sql.gz` + curl --request POST -F files=@"$FILE" --url 'https://api.bitbucket.org/2.0/repositories/connectamerica/lifeline-ecommerce/downloads' \ + --header "Authorization: Bearer $TOKEN" + ;; + + + mysql-backup-bitbucket) + echo "Running bmysql-backup-s3 with bitbucket ..." + export DATABASES=perchona + export MYSQL_USER=perchona + ;; + + + wp-data-backup) + echo "Running wp-data-s3..." + cd /usr/share/nginx/html/wp-content/ + zip -r lifeline-web-static-data-$(date +%Y-%m-%dT%H_%M_%S).zip ./uploads && FILE=`ls lifeline-web-static-data-*.zip` + curl --request POST -F files=@"$FILE" --url 'https://api.bitbucket.org/2.0/repositories/connectamerica/lifeline-ecommerce/downloads' \ + --header "Authorization: Bearer $TOKEN" + #aws s3 mv lifeline-web-static-data-*.zip s3://caresage-dev-ws/staticbackups/ + #aws s3 ls s3://caresage-dev-ws/staticbackups/ + + + ;; + + + wp-data-bitbucket) + echo "Running wp-data-bitbucket ..." + ;; + + + *) + echo "common job shell script utility taking variables from env" + echo "Usage: $0 {mysql-backup|mysql-backup-bitbucket|wp-data-backup}" + echo " mysql-backup : Run MySQL backup utility and upload" + echo " mysql-backup-bitbucket : Run MySQL backup utility and upload it to bitbucket." + echo " wp-data-backup : Run web server backup utility and uplaod." + echo " wp-data-bitbucket : Run web server backup utility and uplaod to bitbucket." ;; +esac diff --git a/envvars-phpfpm b/envvars-phpfpm new file mode 100644 index 00000000..b857dd66 --- /dev/null +++ b/envvars-phpfpm @@ -0,0 +1,5 @@ +env["CACHE_PASSWORD"] = $CACHE_PASSWORD +env["CACHE_HOST"] = $CACHE_HOST +env["CACHE_PORT"] = $CACHE_PORT +env["DB_PASSWORD"] = $DB_PASSWORD +env["DB_HOST"] = $DB_HOST diff --git a/jobs.tpl b/jobs.tpl new file mode 100644 index 00000000..bd90bb9b --- /dev/null +++ b/jobs.tpl @@ -0,0 +1,50 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: common-jobs + namespace: lifeline-web + labels: + app: lifeline-web + rds: enable +spec: + ttlSecondsAfterFinished: 10 + template: + metadata: + labels: + app: lifeline-web + rds: enable + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - arm64 + containers: + - name: common-jobs + image: ubuntu:latest + envFrom: + - secretRef: + name: lifeline-web-secrets + - configMapRef: + name: lifeline-web-cm + command: ["bash"] + args: + - -c + - cp -rf /usr/share/nginx/subdomain/www/wp-content/uploads/common-jobs.sh /root/ && chmod 755 /root/common-jobs.sh && /root/common-jobs.sh $JOBNAME + volumeMounts: + - mountPath: /usr/share/nginx/subdomain/www/wp-content/uploads + name: persistent-storage + imagePullSecrets: + - name: regcred + nodeSelector: + kubernetes.io/os: linux + restartPolicy: Never + volumes: + - name: persistent-storage + persistentVolumeClaim: + claimName: efs-claim-lifeline diff --git a/pod.tpl b/pod.tpl new file mode 100644 index 00000000..94984380 --- /dev/null +++ b/pod.tpl @@ -0,0 +1,69 @@ +apiVersion: v1 +kind: Pod +metadata: + name: common-job-pod + namespace: medicalalert-web + labels: + app: medicalalert-web + rds: enable +spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - arm64 + containers: + - name: common-job + image: wyveo/nginx-php-fpm:php74 + envFrom: + - secretRef: + name: medicalalert-web-secrets + - configMapRef: + name: medicalalert-web-cm + command: ["bash"] + args: + - -c + - sleep infinity + volumeMounts: + - mountPath: /usr/share/nginx/subdomain/www/wp-content/uploads + name: persistent-storage + - mountPath: /usr/share/nginx/subdomain/dev01 + name: persistent-storage-dev01 + - mountPath: /usr/share/nginx/subdomain/dev02 + name: persistent-storage-dev02 + - mountPath: /usr/share/nginx/subdomain/dev03 + name: persistent-storage-dev03 + - mountPath: /usr/share/nginx/subdomain/dev04 + name: persistent-storage-dev04 + - mountPath: /usr/share/nginx/subdomain/dev05 + name: persistent-storage-dev05 + imagePullSecrets: + - name: regcred + nodeSelector: + kubernetes.io/os: linux + restartPolicy: Never + volumes: + - name: persistent-storage + persistentVolumeClaim: + claimName: efs-claim-medicalalert + - name: persistent-storage-dev01 + persistentVolumeClaim: + claimName: efs-claim-medicalalert-dev01 + - name: persistent-storage-dev02 + persistentVolumeClaim: + claimName: efs-claim-medicalalert-dev02 + - name: persistent-storage-dev03 + persistentVolumeClaim: + claimName: efs-claim-medicalalert-dev03 + - name: persistent-storage-dev04 + persistentVolumeClaim: + claimName: efs-claim-medicalalert-dev04 + - name: persistent-storage-dev05 + persistentVolumeClaim: + claimName: efs-claim-medicalalert-dev05 + diff --git a/redinessprobe-wp.sh b/redinessprobe-wp.sh new file mode 100644 index 00000000..19d8f04c --- /dev/null +++ b/redinessprobe-wp.sh @@ -0,0 +1,7 @@ +#!/bin/bash +sed -i '/^define.*NONCE_SALT.*/a define(\'\'WP_SITEURL\'', '\'http://localhost/\'');' /usr/share/nginx/html/wp-config.php || exit +sed -i '/^define.*NONCE_SALT.*/a define(\'\'WP_HOME\'', '\'http://localhost/\'');' /usr/share/nginx/html/wp-config.php || exit +wget -q --spider localhost && wget -q --spider localhost/wp-login.php || exit +sed -i '/http\:\/\/localhost/d' /usr/share/nginx/html/wp-config.php || exit + + diff --git a/release b/release new file mode 100644 index 00000000..efd4f3d3 --- /dev/null +++ b/release @@ -0,0 +1 @@ +RELEASE=release-1.00 diff --git a/setenv.sh b/setenv.sh new file mode 100644 index 00000000..5fa8ce4b --- /dev/null +++ b/setenv.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +case $ENV in + + dev) + export CLUSTER=caresage-eks-cluster-$ENV + export URL_DOMAIN=$SUBDOMAIN.$ENV-medicalalert.com + ;; + qa) + export CLUSTER=caresage-eks-cluster-$ENV + export URL_DOMAIN=$SUBDOMAIN.$ENV-medicalalert.com + ;; + stage) + export CLUSTER=caresage-eks-cluster-$ENV + export URL_DOMAIN=$SUBDOMAIN.$ENV-medicalalert.com + ;; + prod) + export CLUSTER=caresage-eks-cluster-$ENV + export URL_DOMAIN=$SUBDOMAIN.medicalalert.com + ;; + *) + echo "source env varibales" + echo "Usage: $0 ENV" + ;; +esac