bootstrap ircs-prod gitops config

2026-06-14 11:46:13 +08:00
commit f83d1157b1
41 changed files with 3879 additions and 0 deletions
@@ -0,0 +1,233 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: ircs-portal-bff
+  namespace: ircs-prod
+  labels:
+    app: ircs-portal-bff
+    app.kubernetes.io/part-of: ircs
+    environment: prod
+  annotations:
+    ircs.prodigalgal.com/no-public-route: "true"
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: ircs-portal-bff
+  template:
+    metadata:
+      labels:
+        app: ircs-portal-bff
+        app.kubernetes.io/part-of: ircs
+        environment: prod
+      annotations:
+        ircs.prodigalgal.com/no-public-route: "true"
+    spec:
+      imagePullSecrets:
+        - name: harbor-secret
+      containers:
+        - name: app
+          image: harbor.mnnu.eu.org/ircs/ircs-portal-bff@sha256:713932a12c577f2dcb910d85f96a5f1c7489542d6cda8a2089efceb3195918d1
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: http
+              containerPort: 8080
+          envFrom:
+            - configMapRef:
+                name: ircs-prod-app-config
+          env:
+            - name: SPRING_APPLICATION_NAME
+              value: ircs-portal-bff
+            - name: SPRING_DATASOURCE_URL
+              valueFrom:
+                configMapKeyRef:
+                  name: ircs-prod-app-config
+                  key: DB_URL
+            - name: SPRING_DATASOURCE_USERNAME
+              value: postgres
+            - name: SPRING_DATASOURCE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: ircs-prod-secrets
+                  key: DB_PASSWORD
+            - name: APP_IDENTITY_JWT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: ircs-prod-secrets
+                  key: APP_IDENTITY_JWT_SECRET
+                  optional: true
+            - name: APP_BFF_AUDIT_ENABLED
+              value: "true"
+            - name: IRCS_OUTBOUND_CIRCUIT_PORTAL_BFF_PROXY_ENABLED
+              value: "true"
+            - name: IRCS_OUTBOUND_CIRCUIT_PORTAL_BFF_PROXY_FAILURE_THRESHOLD
+              value: "5"
+            - name: IRCS_OUTBOUND_CIRCUIT_PORTAL_BFF_PROXY_OPEN_DURATION_MS
+              value: "30000"
+            - name: IRCS_OUTBOUND_CIRCUIT_PORTAL_BFF_PROXY_HALF_OPEN_MAX_CALLS
+              value: "1"
+          startupProbe:
+            httpGet:
+              path: /actuator/health/liveness
+              port: http
+            failureThreshold: 30
+            periodSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /actuator/health/readiness
+              port: http
+            periodSeconds: 10
+          livenessProbe:
+            httpGet:
+              path: /actuator/health/liveness
+              port: http
+            periodSeconds: 30
+          resources:
+            requests:
+              cpu: 20m
+              memory: 128Mi
+            limits:
+              cpu: 250m
+              memory: 384Mi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: ircs-portal-bff
+  namespace: ircs-prod
+  labels:
+    app: ircs-portal-bff
+    app.kubernetes.io/part-of: ircs
+    environment: prod
+spec:
+  type: ClusterIP
+  selector:
+    app: ircs-portal-bff
+  ports:
+    - name: http
+      port: 8080
+      targetPort: http
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: ircs-admin-bff
+  namespace: ircs-prod
+  labels:
+    app: ircs-admin-bff
+    app.kubernetes.io/part-of: ircs
+    environment: prod
+  annotations:
+    ircs.prodigalgal.com/no-public-route: "true"
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: ircs-admin-bff
+  template:
+    metadata:
+      labels:
+        app: ircs-admin-bff
+        app.kubernetes.io/part-of: ircs
+        environment: prod
+      annotations:
+        ircs.prodigalgal.com/no-public-route: "true"
+    spec:
+      imagePullSecrets:
+        - name: harbor-secret
+      containers:
+        - name: app
+          image: harbor.mnnu.eu.org/ircs/ircs-admin-bff@sha256:e0314abeba097d5f2a25809bf4c7691cdb720b524841e94c522a3f7270baf899
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: http
+              containerPort: 8080
+          envFrom:
+            - configMapRef:
+                name: ircs-prod-app-config
+          env:
+            - name: SPRING_APPLICATION_NAME
+              value: ircs-admin-bff
+            - name: SPRING_DATASOURCE_URL
+              valueFrom:
+                configMapKeyRef:
+                  name: ircs-prod-app-config
+                  key: DB_URL
+            - name: SPRING_DATASOURCE_USERNAME
+              value: postgres
+            - name: SPRING_DATASOURCE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: ircs-prod-secrets
+                  key: DB_PASSWORD
+            - name: APP_IDENTITY_JWT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: ircs-prod-secrets
+                  key: APP_IDENTITY_JWT_SECRET
+                  optional: true
+            - name: APP_BFF_AUDIT_ENABLED
+              value: "true"
+            - name: APP_BFF_SERVICE_ID
+              value: admin-bff
+            - name: APP_BFF_OPS_SERVICE_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: ircs-prod-secrets
+                  key: INTERNAL_CREDENTIAL_TOKEN
+            - name: APP_BFF_OPS_SERVICE_SCOPES
+              value: ops:read ops:run
+            - name: IRCS_OUTBOUND_CIRCUIT_ADMIN_BFF_PROXY_ENABLED
+              value: "true"
+            - name: IRCS_OUTBOUND_CIRCUIT_ADMIN_BFF_PROXY_FAILURE_THRESHOLD
+              value: "5"
+            - name: IRCS_OUTBOUND_CIRCUIT_ADMIN_BFF_PROXY_OPEN_DURATION_MS
+              value: "30000"
+            - name: IRCS_OUTBOUND_CIRCUIT_ADMIN_BFF_PROXY_HALF_OPEN_MAX_CALLS
+              value: "1"
+          startupProbe:
+            httpGet:
+              path: /actuator/health/liveness
+              port: http
+            failureThreshold: 30
+            periodSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /actuator/health/readiness
+              port: http
+            periodSeconds: 10
+          livenessProbe:
+            httpGet:
+              path: /actuator/health/liveness
+              port: http
+            periodSeconds: 30
+          resources:
+            requests:
+              cpu: 20m
+              memory: 128Mi
+            limits:
+              cpu: 250m
+              memory: 384Mi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: ircs-admin-bff
+  namespace: ircs-prod
+  labels:
+    app: ircs-admin-bff
+    app.kubernetes.io/part-of: ircs
+    environment: prod
+spec:
+  type: ClusterIP
+  selector:
+    app: ircs-admin-bff
+  ports:
+    - name: http
+      port: 8080
+      targetPort: http
+