Added new environment

Author: adskyiproger

environments/demo-prod/dependencies/values.yaml

@@ -0,0 +1,23 @@
+storage_type: host_path
+
+ingress:
+  tls_resolver: letsencrypt
+
+minio:
+  use_default_credentials: false
+
+elasticsearch:
+  use_default_credentials: false
+
+mongodb:
+  use_default_credentials: false
+
+postgres:
+  use_default_credentials: false
+
+monitoring:
+  enabled: true
+
+elastalert:
+  env:
+    HTTP_POST2_ALERT_URL: http://countryconfig.opencrvs-demo-prod.svc.cluster.local:3040

environments/demo-prod/mosip-api/values.yaml

@@ -0,0 +1,2 @@
+ingress:
+  ssl_enabled: true

environments/demo-prod/opencrvs-services/values.yaml

@@ -0,0 +1,54 @@
+########################################################################################
+# Initial configuration file for OpenCRVS installation
+########################################################################################
+# Some properties are not defined in this file and should be provided as key/value at
+# installation time:
+# - hostname: valid DNS name for opencrvs
+# - countryconfig.image.name: Countryconfig image repository
+# - countryconfig.image.tag: Countryconfig image tag
+ingress:
+  tls_resolver: letsencrypt
+
+hpa:
+  enabled: false
+
+env:
+  APN_SERVICE_URL: "http://apm-server.opencrvs-deps-demo-prod.svc.cluster.local:8200"
+
+influxdb:
+  host: influxdb-0.influxdb.opencrvs-deps-demo-prod.svc.cluster.local
+elasticsearch:
+  auth_mode: auto
+  host: elasticsearch.opencrvs-deps-demo-prod.svc.cluster.local
+
+
+minio:
+  auth_mode: use_secret
+  host: minio-0.minio.opencrvs-deps-demo-prod.svc.cluster.local
+  external_hostname: minio.test-k8s.opencrvs.dev
+
+mongodb:
+  auth_mode: auto
+  host: mongodb-0.mongodb.opencrvs-deps-demo-prod.svc.cluster.local
+
+redis:
+  auth_mode: acl
+  host: redis-0.redis.opencrvs-deps-demo-prod.svc.cluster.local
+
+postgres:
+  auth_mode: auto
+  host: postgres-0.postgres.opencrvs-deps-demo-prod.svc.cluster.local
+
+imagePullSecrets:
+  # Default value for credentials created while yarn environment:init
+  - name: dockerhub-credentials
+
+countryconfig:
+  smtp-config:
+    - ALERT_EMAIL
+    - SENDER_EMAIL_ADDRESS
+    - SMTP_HOST
+    - SMTP_PASSWORD
+    - SMTP_PORT
+    - SMTP_SECURE
+    - SMTP_USERNAME

environments/demo-prod/traefik/values.yaml

@@ -0,0 +1,74 @@
+# Overwriting https://github.com/traefik/traefik-helm-chart/blob/master/traefik/values.yaml
+namespaceOverride: "traefik"
+logs:
+  general:
+    # "TRACE", "DEBUG", "INFO", "WARN", "ERROR", "FATAL", "PANIC"
+    level: "INFO"
+    # format: "common" # For local environment
+    format: "json" # For server environment
+  access:
+    # -- To enable access logs
+    enabled: true
+    format: "json"
+ingressRoute:
+  dashboard:
+    enabled: false
+
+# Be explicit that we only use CRDs, not ingress/gw support
+providers: 
+  kubernetesCRD:
+    enabled: true
+  kubernetesIngress:
+    enabled: true
+  kubernetesGateway:
+    enabled: false
+
+service:
+  enabled: true
+  single: false
+  type: NodePort
+
+ports:
+  web:
+    port: 8000
+    hostPort: 80
+    protocol: TCP
+    nodePort: 30080
+  websecure:
+    port: 8443
+    nodePort: 30443
+    hostPort: 443
+    protocol: TCP
+
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      tlsChallenge: false
+      httpChallenge:
+        entryPoint: web
+      email: vadym@opencrvs.org
+      # Storage for production certificates:
+      # storage: /data/acme.json
+      # Storage for staging certificates:
+      storage: /data/acme-staging.json
+      # Staging server
+      caServer: https://acme-staging-v02.api.letsencrypt.org/directory
+      # Production server
+      # caServer: https://acme-v02.api.letsencrypt.org/directory
+
+# Additional arguments
+additionalArguments:
+  - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
+  - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
+  - "--certificatesresolvers.letsencrypt.acme.email=vadym@opencrvs.org"
+  # Storage for staging certificates:
+  - "--certificatesresolvers.letsencrypt.acme.storage=/data/acme-staging.json"
+  # Storage for staging certificates:
+  # - "--certificatesresolvers.letsencrypt.acme.storage=/data/acme.json"
+
+deployment:
+  hostNetwork: true
+  additionalVolumes:
+    - name: acme
+      hostPath:
+        path: /data/traefik

infrastructure/server-setup/inventory/demo-prod.yml

@@ -0,0 +1,69 @@
+all:
+  vars:
+    # single_node:
+    # For development/qa/testing/staging keep true
+    # For production keep false
+    # Defaults production configuration:
+    # - master node
+    # - 2 worker nodes
+    single_node: false
+
+    # Domain/IP address for remote access to your cluster API
+    # Domain/IP address will be added as main endpoint to your ~/.kube/config
+    # - If you are behind VPN, use private IP address
+    # - If your server is exposed (not recommeded), use public IP address
+    # - If you would like to run kubectl commands from the remote server, leave this field empty
+    # kube_api_endpoint: ''
+
+    # IMPORTANT: If master VM has multiple ethernet interfaces, put private IP address at kube_api_address
+    # kube_api_host: 10.10.10.10
+    kube_api_host: demo-prod.opencrvs.dev
+
+    # Default ansible provision user, keep as is
+    ansible_user: provision
+
+    # users: Add as many users as you wish
+    # Configuration example
+    # - name: <login>
+    #   ssh_keys:
+    #     - <public ssh key 1>
+    #     - <public ssh key 2>
+    #   state: present
+    #   role: admin
+    # Allowed roles:
+    # - operator, read only access to OS, full access to kubernetes cluster
+    # - admin, full access
+    # Allowed states:
+    # - present, user is allowed to login
+    # - absent, account is disabled
+    users: []
+
+  children:
+    master:
+      hosts:
+        # Replace master with value returned by command: hostname 
+        master:
+          # Keep values (ansible_host, ansible_connection) as is
+          # Ansible is executed on master node
+          ansible_host: localhost
+          ansible_connection: local
+          labels:
+            # traefik-role label is used to identify where to deploy traefik
+            traefik-role: ingress
+
+    # Workers section is optional, for single node cluster feel free to remove this section
+    # section can be added later
+    # more workers can be added later as well
+
+    workers:
+      hosts:
+        worker0:
+          ansible_host: 157.180.92.54
+          labels:
+            # By default all datastores are deployed to worker node with role data1
+            role: data1
+
+
+
+    # backup section is optional, feel free to remove if backups are not enabled
+    # section can be added later