sebastian-alfers · JustinPihony · Oct 28, 2020 · Oct 29, 2020 · Oct 29, 2020
diff --git a/README b/README
@@ -22,21 +22,54 @@ Run:
     play ~run
 
 
-Deploy on Heroku
-----------------
-
-    heroku create
-    heroku addons:add mongolab
-    heroku config:add APPLICATION_SECRET="---YOUR-APPLICATION-SECRET---"
-    heroku config:add TWITTER_AUTH_KEY="---YOUR-KEY---"
-    heroku config:add TWITTER_AUTH_SECRET="---YOUR-KEY---"
-    heroku config:add TWITTER_BEARER_TOKEN="---YOUR-BEARER-TOKEN---"
-    heroku config:add GOOGLE_CLIENT_ID="---YOUR-KEY---"
-    heroku config:add GOOGLE_CLIENT_SECRET="---YOUR-KEY---"
-    heroku config:add GOOGLE_API_KEY="---YOUR-API-KEY---"
-    heroku config:add GITHUB_CLIENT_ID="---YOUR-KEY---"
-    heroku config:add GITHUB_CLIENT_SECRET="---YOUR-KEY---"
-    heroku config:add LINKEDIN_CLIENT_ID="---YOUR-KEY---"
-    heroku config:add LINKEDIN_CLIENT_SECRET="---YOUR-KEY---"
-
-    git push heroku master
+# Production Operation Info (OpenShift)
+
+Deployment is via Redhat's Openshift Online cluster.
+
+### Docker image and deploying
+
+We use the sbt-native plugin to produce a docker image.
+
+`> sbt docker:publishLocal`
+
+**Note**: This defaults to stage (which is not set up currently) - prod should be done from CI, but if really wanted you can set the repository override via an environment variable `export DOCKER_REPOSITORY=registry.pro-us-east-1.openshift.com/reactivemanifesto-website`
+
+Once you have a docker image you can upload it to your openshift registry.  There are a number of ways to do this, so you may need to check your documentation.
+
+Currently that mechanism is to deploy the local image to Lightbend's internal repo.  You will need to make sure that you have access and will require both the username and password (or contact [email protected]).
+
+NOTE: You'll need to install the `oc` CLI, which can be accessed from https://console.pro-us-east-1.openshift.com/console/command-line
+
+First login to `oc`:
+
+`oc login https://api.pro-us-east-1.openshift.com -u USERNAME -p PASSWORD`
+
+and change to the correct project if needed:
+
+`oc project reactivemanifesto-website`
+
+After which you can set up your docker:
+
+`docker login -u USERNAME -p $(oc whoami -t) https://registry.pro-us-east-1.openshift.com`
+
+Then push the local image:
+
+`docker push registry.pro-us-east-1.openshift.com/reactivemanifesto-website/reactivemanifesto-website:latest`
+
+### Openshift Setup
+
+In case it needs re-built, the YAML files are in the deploy folder:
+
+* reactivemanifesto-deployment.yaml
+* reactivemanifesto-imagestream.yaml
+* https-reactivemanifesto-route.yaml
+* https-www-reactivemanifesto-route.yaml
+* reactivemanifesto-website-service.yaml
+
+You can choose to run these scripts via your `oc` cli or simply upload them into the openshift UI under their respective headings.
+Note: with oc you will need to first `oc login`
+
+ie. `oc apply -f deployment/reactivemanifesto-deployment.yaml` (repeat for each yaml)
+
+Secrets are managed through the openshift > secrets UI and are linked via the deployment.yaml
+
diff --git a/app/controllers/Application.scala b/app/controllers/Application.scala
@@ -190,4 +190,6 @@ class Application(components: ControllerComponents, implicit private val assetsF
       render(ru, views.html.ru.glossary())
     )
   }
+
+  def health = Action { Ok("All set!") }
 }
diff --git a/app/services/ReactiveManifestoFilter.scala b/app/services/ReactiveManifestoFilter.scala
@@ -5,7 +5,10 @@ import play.api.mvc.{EssentialAction, EssentialFilter, Results}
 
 class ReactiveManifestoFilter extends EssentialFilter {
   override def apply(next: EssentialAction): EssentialAction = EssentialAction { rh =>
-    if (!rh.secure) {
+    val isHealthCheck = rh.path == "/health"
+    if(isHealthCheck){
+      next(rh)
+    } else if (!rh.secure) {
       Accumulator.done(Results.MovedPermanently(s"https://${rh.host}${rh.uri}"))
     } else if (rh.host == "reactivemanifesto.org") {
       Accumulator.done(Results.MovedPermanently(s"https://www.reactivemanifesto.org${rh.uri}"))

diff --git a/build.sbt b/build.sbt
@@ -33,4 +33,4 @@ javaOptions in Universal ++= Seq(
 packageName in Docker := name.value
 version in Docker := "latest"
 dockerPermissionStrategy := DockerPermissionStrategy.Run
-dockerRepository := sys.env.get("DOCKER_REPOSITORY").orElse(Some("registry.pro-us-east-1.openshift.com/reactivemanifesto-website"))
+dockerRepository := sys.env.get("DOCKER_REPOSITORY").orElse(Some("registry.pro-us-east-1.openshift.com/staging-reactivemanifesto-website"))
diff --git a/conf/routes b/conf/routes
@@ -20,6 +20,7 @@ GET           /$lang<[a-z]{2}(?:-[A-Z]{2})?>/cookie          controllers.Applica
 GET           /signatories                                   controllers.SignatoriesController.list(page: Int ?= 1, per_page: Int ?= 30)
 GET           /signatories/total                             controllers.SignatoriesController.count
 GET           /search                                        controllers.SignatoriesController.search(page: Int ?= 1, per_page: Int ?= 30, query)
+GET           /health                                        controllers.Application.health
 
 GET           /user                                          controllers.CurrentUserController.getUser
 DELETE        /user                                          controllers.CurrentUserController.logOut

diff --git a/deploy/https-reactivemanifesto-route.yaml b/deploy/https-reactivemanifesto-route.yaml
@@ -0,0 +1,23 @@
+# This is OpenShift online specific yaml
+apiVersion: route.openshift.io/v1
+kind: Route
+metadata:
+  labels:
+    app: reactivemanifesto-website
+  name: reactivemanifesto.org
+  namespace: reactivemanifesto-website
+spec:
+  host: reactivemanifesto.org
+  port:
+    targetPort: 9000-tcp
+  to:
+    kind: Service
+    name: reactivemanifesto-website-svc
+    weight: 100
+  wildcardPolicy: None
+  tls:
+    insecureEdgeTerminationPolicy: Redirect
+    termination: edge
+    certificate: GET_FROM_COMODOSSL
+    key: BUILT_LOCALLY_AND_FED_TO_COMODOSSL
+    caCertificate: GET_FROM_COMODOSSL
diff --git a/deploy/reactivemanifesto-route.yaml → ...oy/https-www-reactivemanifesto-route.yaml b/deploy/reactivemanifesto-route.yaml → ...oy/https-www-reactivemanifesto-route.yaml
diff --git a/deploy/reactivemanifesto-deployment.yaml b/deploy/reactivemanifesto-deployment.yaml
@@ -41,7 +41,7 @@ spec:
             - name: HTTP_BIND_ADDRESS
               value: 0.0.0.0
             - name: JAVA_OPTS
-              value: "-Dpidfile.path=/dev/null -Dconfig.resource=application.conf -Xmx1073741824 -Xms1073741824"
+              value: "-Dpidfile.path=/dev/null -Dconfig.resource=application.conf -Xmx1g -Xms1g -Xss512k -Dfile.encoding=UTF-8"
             - name: APPLICATION_SECRET
               valueFrom:
                 secretKeyRef:
@@ -72,11 +72,6 @@ spec:
                 secretKeyRef:
                   key: GOOGLE_CLIENT_SECRET
                   name: google-client-secret
-            - name: JAVA_TOOL_OPTIONS
-              valueFrom:
-                secretKeyRef:
-                  key: JAVA_TOOL_OPTIONS
-                  name: java-tool-options
             - name: LINKEDIN_CLIENT_ID
               valueFrom:
                 secretKeyRef:
@@ -87,11 +82,11 @@ spec:
                 secretKeyRef:
                   key: LINKEDIN_CLIENT_SECRET
                   name: linkedin-client-secret
-            - name: MONGOLAB_URI
+            - name: MONGODB_URI
               valueFrom:
                 secretKeyRef:
-                  key: MONGOLAB_URI
-                  name: mongolab-uri
+                  key: MONGODB_URI
+                  name: mongodb-uri
             - name: TWITTER_AUTH_KEY
               valueFrom:
                 secretKeyRef:
@@ -110,20 +105,33 @@ spec:
           image: >-
             docker-registry.default.svc:5000/reactivemanifesto-website/reactivemanifesto-website@sha256:8cb6ef7bd0b651ef21dffad8166228b9f00a584c5afe1182aef05d024254cef2
           imagePullPolicy: Always
+          livenessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /health
+              port: 9000
+              scheme: HTTP
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /health
+              port: 9000
+              scheme: HTTP
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
           name: reactivemanifesto-website
           resources:
             limits:
               memory: 1500Mi
           ports:
-            - containerPort: 80
-              protocol: TCP
-            - containerPort: 443
-              protocol: TCP
             - containerPort: 9000
               protocol: TCP
-          resources:
-            limits:
-              memory: 1500Mi
           terminationMessagePath: /dev/termination-log
           terminationMessagePolicy: File
       dnsPolicy: ClusterFirst

diff --git a/deploy/reactivemanifesto-website-service.yaml b/deploy/reactivemanifesto-website-service.yaml
@@ -7,14 +7,6 @@ metadata:
 spec:
   clusterIP: 172.30.132.34
   ports:
-    - name: 80-tcp
-      port: 80
-      protocol: TCP
-      targetPort: 80
-    - name: 443-tcp
-      port: 443
-      protocol: TCP
-      targetPort: 443
     - name: 9000-tcp
       port: 9000
       protocol: TCP
-Original file line number
+Diff line change
@@ Expand Up @@
           render(ru, views.html.ru.glossary())
         )
       }
+      def health = Action { Ok("All set!") }
     }