template-fastapi-react/radixconfig.yaml at main · equinor/template-fastapi-react · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
apiVersion: radix.equinor.com/v1
kind: RadixApplication
metadata:
  name: template-fastapi-react
spec:
  build:
    useBuildKit: true
    useBuildCache: true
  environments:
    - name: prod
    - name: test
      build:
        from: main
    - name: dev
      build:
        from: main
  components:
    - name: api
      image: ghcr.io/equinor/template-fastapi-react/api:{imageTagName}
      alwaysPullImageOnDeploy: true
      runAsUser: 65532  # nonroot
      resources:
        requests:
          memory: "256Mi"
          cpu: "100m"
        limits:
          memory: "4Gi"
          cpu: "4000m"
      environmentConfig:
        - environment: prod
          imageTagName: latest
          horizontalScaling:
            minReplicas: 1
            maxReplicas: 4
        - environment: test
          imageTagName: latest
          horizontalScaling:
            minReplicas: 1
            maxReplicas: 2
        - environment: dev
          imageTagName: latest
          horizontalScaling:
            minReplicas: 1
            maxReplicas: 1
      secrets:
        - MONGODB_PASSWORD
        - APPINSIGHTS_CONSTRING
      variables:
        LOGGING_LEVEL: "debug"
        AUTH_ENABLED: "True"
        ENVIRONMENT: production
        # Replace the zero-GUID tenant id with your Azure AD tenant id.
        OAUTH_WELL_KNOWN: https://login.microsoftonline.com/00000000-0000-0000-0000-000000000000/v2.0/.well-known/openid-configuration
        OAUTH_TOKEN_ENDPOINT: https://login.microsoftonline.com/00000000-0000-0000-0000-000000000000/oauth2/v2.0/token
        OAUTH_AUTH_ENDPOINT: https://login.microsoftonline.com/00000000-0000-0000-0000-000000000000/oauth2/v2.0/authorize
        OAUTH_AUDIENCE: api://00000000-0000-0000-0000-000000000000
        MONGODB_HOSTNAME: db
        MONGODB_USERNAME: root
        MONGODB_DATABASE: test
      ports:
        - name: rest
          port: 5000
      publicPort: rest

    - name: proxy
      image: ghcr.io/equinor/template-fastapi-react/nginx:{imageTagName}
      alwaysPullImageOnDeploy: true
      readOnlyFileSystem: true
      runAsUser: 65532  # nginx
      volumeMounts:
        - name: nginx-cache
          path: /var/cache/nginx
          emptyDir:
            sizeLimit: 10M
        - name: nginx-pid
          path: /run/nginx
          emptyDir:
            sizeLimit: 1M
      environmentConfig:
        - environment: prod
          imageTagName: latest
        - environment: test
          imageTagName: latest
        - environment: dev
          imageTagName: latest
      ports:
        - name: nginx
          port: 8080
      publicPort: nginx

    - name: db
      image: mongo:7.0.30
      alwaysPullImageOnDeploy: true
      command:
        - --auth
        - --quiet
      variables:
        MONGODB_USERNAME: root
        MONGODB_DATABASE: test
      secrets:
        - MONGODB_PASSWORD
      ports:
        - name: dbport
          port: 27017

    - name: oauth2
      image: ghcr.io/equinor/template-fastapi-react/oauth2:{imageTagName}
      alwaysPullImageOnDeploy: true
      runAsUser: 65532  # nonroot
      environmentConfig:
        - environment: prod
          imageTagName: latest
          variables:
            OAUTH2_PROXY_REDIRECT_URL: https://template-fastapi-react.equinor.com/oauth2/callback
        - environment: test
          imageTagName: latest
          variables:
            OAUTH2_PROXY_REDIRECT_URL: https://proxy-template-fastapi-react-test.radix.equinor.com/oauth2/callback
        - environment: dev
          imageTagName: latest
          variables:
            OAUTH2_PROXY_REDIRECT_URL: https://proxy-template-fastapi-react-dev.radix.equinor.com/oauth2/callback
      variables:
        AZURE_TENANT_ID: 00000000-0000-0000-0000-000000000000
        # Replace with the SPA-facing client id of your Azure AD app registration.
        OAUTH_CLIENT_ID: 00000000-0000-0000-0000-000000000000
        OAUTH_AUTH_SCOPE: api://00000000-0000-0000-0000-000000000000/api
        # Comma-separated allowlist of email domains accepted at sign-in.
        OAUTH2_PROXY_EMAIL_DOMAINS: example.com
      secrets:
        - CLIENT_SECRET
        - OAUTH2_PROXY_REDIS_PASSWORD
        - OAUTH2_PROXY_COOKIE_SECRET
      ports:
        - name: oauth2
          port: 8081

    - name: cookie-cache
      image: ghcr.io/equinor/template-fastapi-react/redis:{imageTagName}
      alwaysPullImageOnDeploy: true
      runAsUser: 65532  # nonroot
      environmentConfig:
        - environment: prod
          imageTagName: latest
        - environment: test
          imageTagName: latest
        - environment: dev
          imageTagName: latest
      ports:
        - name: cookie-cache
          port: 6379
      secrets:
        - REDIS_PASSWORD

  dnsAppAlias:
    environment: prod
    component: proxy