broadinstitute · s-rubenstein · Aug 25, 2023
diff --git a/dev/sr/create-secret-manager-secret.yaml b/dev/sr/create-secret-manager-secret.yaml
@@ -0,0 +1,41 @@
+---
+secrets:
+  - secretName: jade-sa
+    vals:
+      - kubeSecretKey: datareposerviceaccount
+        path: secret/dsde/datarepo/dev/sa-key-b64
+        encoding: base64
+        vaultKey: sa
+  - secretName: database-pwd-sr
+    vals:
+      - kubeSecretKey: datarepopassword
+        path: secret/dsde/datarepo/dev/helm-datarepodb-dev
+        vaultKey: datarepopassword
+      - kubeSecretKey: stairwaypassword
+        path: secret/dsde/datarepo/dev/helm-datarepodb-dev
+        vaultKey: stairwaypassword
+  - secretName: azure-sr
+    vals:
+      - kubeSecretKey: applicationsecret
+        path: secret/dsde/datarepo/dev/azure-application-secrets
+        vaultKey: client-secret
+      - kubeSecretKey: synapse-us-east-sql-admin-user
+        path: secret/dsde/datarepo/dev/azure-application-secrets
+        vaultKey: synapse-sql-admin-user
+      - kubeSecretKey: synapse-us-east-sql-admin-password
+        path: secret/dsde/datarepo/dev/azure-application-secrets
+        vaultKey: synapse-sql-admin-password
+      - kubeSecretKey: synapse-us-east-encryption-key
+        path: secret/dsde/datarepo/dev/azure-application-secrets
+        vaultKey: synapse-encryption-key
+  - secretName: rbs-sa-sr
+    vals:
+      - kubeSecretKey: rbsserviceaccount
+        path: secret/dsde/terra/kernel/dev/dev/buffer/client-sa
+        encoding: base64
+        vaultKey: key
+  - secretName: oauth-dev-sr
+    vals:
+      - kubeSecretKey: client-secret
+        path: secret/dsde/datarepo/dev/helm-oauth
+        vaultKey: client-secret
diff --git a/dev/sr/datarepo-api.yaml b/dev/sr/datarepo-api.yaml
@@ -0,0 +1,47 @@
+---
+env:
+  SERVER_MAX_HTTP_HEADER_SIZE: "1048576"
+  GOOGLE_ALLOWREUSEEXISTINGBUCKETS: true
+  GOOGLE_ALLOWREUSEEXISTINGPROJECTS: true
+  DB_DATAREPO_USERNAME: drmanager
+  SPRING_PROFILES_ACTIVE: google,cloudsql,dev,sr
+  DB_STAIRWAY_USERNAME: drmanager
+  DB_STAIRWAY_URI: jdbc:postgresql://sr-jade-gcloud-sqlproxy.sr:5432/stairway-sr
+  DB_DATAREPO_URI: jdbc:postgresql://sr-jade-gcloud-sqlproxy.sr:5432/datarepo-sr
+  DATAREPO_DNSNAME: jade-sr.datarepo-dev.broadinstitute.org
+  IT_JADE_API_URL: https://jade-sr.datarepo-dev.broadinstitute.org
+  AZURE_CREDENTIALS_APPLICATIONID: 4ab53258-0938-4e70-a25c-757b02b2af5a
+  AZURE_CREDENTIALS_HOMETENANTID: fad90753-2022-4456-9b0a-c7e5b934e408
+  AZURE_SYNAPSE_WORKSPACENAME: tdr-synapse-east-us-ondemand.sql.azuresynapse.net
+  AZURE_SYNAPSE_INITIALIZE: true
+  RBS_ENABLED: true
+  RBS_POOL_ID: datarepo_v3
+  RBS_INSTANCE_URL: https://buffer.dsde-dev.broadinstitute.org
+  TERRA_COMMON_TRACING_STACKDRIVER_EXPORT_ENABLED: false
+  OPENCENCUS_SPRING_ENABLED: false
+  GOOGLE_SECURE_FOLDER_RESOURCE_ID: "753276429356"
+  OIDC_CLIENTID: bbd07d43-01cb-4b69-8fd0-5746d9a5c9fe
+  OIDC_AUTHORITYENDPOINT: https://terradevb2c.b2clogin.com/terradevb2c.onmicrosoft.com/B2C_1A_SIGNUP_SIGNIN_TDR/v2.0
+  OIDC_ADDCLIENTIDTOSCOPE: true
+  OIDC_EXTRAAUTHPARAMS: prompt=login
+  DATAREPO_COMPACTIDPREFIXALLOWLIST_0_: foo.0
+  TPS_ENABLED: true
+  TPS_BASE_PATH: https://tps.dsde-dev.broadinstitute.org
+serviceAccount:
+  create: true
+rbac:
+  create: true
+  pspEnabled: true
+existingSecretDB: "database-pwd-sr"
+existingDatarepoDbSecretKey: "datarepopassword"
+existingStairwayDbSecretKey: "stairwaypassword"
+existingSecretSA: "jade-sa"
+existingServiceAccountSecretKey: "datareposerviceaccount"
+existingSecretAzure: "azure-sr"
+existingApplicationSecretSecretKey: "applicationsecret"
+existingSynapseUserSecretKey: "synapse-us-east-sql-admin-user"
+existingSynapsePasswordSecretKey: "synapse-us-east-sql-admin-password"
+existingSynapseEncryptionKeySecretKey: "synapse-us-east-encryption-key"
+existingSecretRBS: "rbs-sa-sr"
+existingRBSSecretKey: "rbsserviceaccount"
+existingSecretNameOauth: "oauth-dev-sr"
diff --git a/dev/sr/datarepo-ui.yaml b/dev/sr/datarepo-ui.yaml
@@ -0,0 +1,9 @@
+---
+proxyPass:
+  status: http://sr-jade-datarepo-api.sr:8080/status
+  swagger: http://sr-jade-datarepo-api.sr:8080/swagger-ui.html
+  api: http://sr-jade-datarepo-api.sr:8080
+serviceAccount:
+  create: true
+rbac:
+  create: true
diff --git a/dev/sr/gcloud-sqlproxy.yaml b/dev/sr/gcloud-sqlproxy.yaml
@@ -0,0 +1,19 @@
+---
+enabled: true
+googleServiceAccount: sr-proxy-sa@broad-jade-dev.iam.gserviceaccount.com
+cloudsql:
+  instances:
+    # GCP instance name.
+    - instance: "jade-postgres-11-8a00fd4d3b"
+      # GCP project where the instance exists.
+      project: "broad-jade-dev"
+      # GCP region where the instance exists.
+      region: "us-central1"
+      # Port number for the proxy to expose for this instance.
+      port: 5432
+rbac:
+  create: true
+networkPolicy:
+  enabled: false
+nodeSelector:
+  cloud.google.com/gke-nodepool: dev-node
diff --git a/dev/sr/helmfile.yaml b/dev/sr/helmfile.yaml
@@ -0,0 +1,45 @@
+# single env example file
+# helm file dependencies
+# helm plugin install https://github.com/databus23/helm-diff
+# repositories to be installed
+repositories:
+  - name: datarepo-helm
+    url: https://broadinstitute.github.io/datarepo-helm
+
+# helm releases to be deployed
+releases:
+  - name: sr-jade-create-secret-manager-secret    # release name
+    namespace: sr   # target namespace
+    createNamespace: true
+    chart: datarepo-helm/create-secret-manager-secret   # chart name
+    missingFileHandler: Warn
+    values:
+      - create-secret-manager-secret.yaml      # Value files passed via --values
+  - name: sr-jade-gcloud-sqlproxy    # release name
+    namespace: sr   # target namespace
+    createNamespace: true
+    chart: datarepo-helm/gcloud-sqlproxy   # chart name
+    missingFileHandler: Warn
+    values:
+      - gcloud-sqlproxy.yaml    # Value files passed via --values
+  - name: sr-jade-datarepo-api   # name of this release
+    namespace: sr   # target namespace
+    createNamespace: true
+    chart: datarepo-helm/datarepo-api   # the chart name
+    missingFileHandler: Warn
+    values:
+      - datarepo-api.yaml   # Value files passed via --values
+  - name: sr-jade-datarepo-ui   # name of this release
+    namespace: sr   # target namespace
+    createNamespace: true
+    chart: datarepo-helm/datarepo-ui   # the chart name
+    missingFileHandler: Warn
+    values:
+      - datarepo-ui.yaml   # Value files passed via --values
+  - name: sr-jade-oidc-proxy   # name of this release
+    namespace: sr   # target namespace
+    createNamespace: true
+    chart: datarepo-helm/oidc-proxy   # the chart name
+    missingFileHandler: Warn
+    values:
+      - oidc-proxy.yaml   # Value files passed via --values
diff --git a/dev/sr/oidc-proxy.yaml b/dev/sr/oidc-proxy.yaml
@@ -0,0 +1,27 @@
+---
+env:
+  PROXY_URL: http://sr-jade-datarepo-ui.sr:8080/
+  PROXY_URL2: http://sr-jade-datarepo-api.sr:8080/api
+  PROXY_URL3: http://sr-jade-datarepo-api.sr:8080/ga4gh
+  PROXY_PATH3: /ga4gh
+  LOG_LEVEL: info
+  SERVER_NAME: jade.datarepo-dev.broadinstitute.org
+  REMOTE_USER_CLAIM: sub
+  ENABLE_STACKDRIVER: yes
+  FILTER2: AddOutputFilterByType DEFLATE application/json text/plain text/html application/javascript application/x-javascript
+ingress:
+  sslPolicy: global-ssl-policy
+  enabled: true
+  domainName: jade-sr.datarepo-dev.broadinstitute.org
+  annotations:
+    kubernetes.io/ingress.global-static-ip-name: jade-dev-sr
+    networking.gke.io/v1beta1.FrontendConfig: sr-jade-oidc-proxy
+  paths:
+    - /
+  hosts:
+    - jade-sr.datarepo-dev.broadinstitute.org
+serviceAccount:
+  create: true
+rbac:
+  create: true
+  pspEnabled: true
diff --git a/dev/sr/skaffold.yaml b/dev/sr/skaffold.yaml
@@ -0,0 +1,62 @@
+## sr env specific skaffold.yaml
+apiVersion: skaffold/v2alpha2
+kind: Config
+build:
+  tagPolicy:
+    gitCommit:
+      variant: AbbrevCommitSha
+  artifacts:
+  - image: gcr.io/broad-jade-dev/jade-data-repo
+    jib:
+      args:
+      - jib
+      type: gradle
+deploy:
+  helm:
+    flags:
+      upgrade:
+        - --install
+        - --debug
+    releases:
+# create secrets
+    - name: sr-jade-create-secret-manager-secret
+      chartPath: https://github.com/broadinstitute/datarepo-helm/releases/download/create-secret-manager-secret-0.0.6/create-secret-manager-secret-0.0.6.tgz
+      version: 0.0.6
+      namespace: sr
+      remote: true
+      valuesFiles:
+      - https://raw.githubusercontent.com/broadinstitute/datarepo-helm-definitions/master/dev/sr/create-secret-manager-secret.yaml
+# gcp sqlproxy
+    - name: sr-jade-gcloud-sqlproxy
+      chartPath: https://github.com/broadinstitute/datarepo-helm/releases/download/gcloud-sqlproxy-0.19.7/gcloud-sqlproxy-0.19.7.tgz
+      version: 0.19.7
+      namespace: sr
+      remote: true
+      valuesFiles:
+      - https://raw.githubusercontent.com/broadinstitute/datarepo-helm-definitions/master/dev/sr/gcloud-sqlproxy.yaml
+# datarepo-api
+    - name: sr-jade-datarepo-api
+      chartPath: https://github.com/broadinstitute/datarepo-helm/releases/download/datarepo-api-0.0.21/datarepo-api-0.0.21.tgz
+      version: 0.0.21
+      namespace: sr
+      remote: true
+      values:
+        imageName: gcr.io/broad-jade-dev/jade-data-repo
+      valuesFiles:
+      - https://raw.githubusercontent.com/broadinstitute/datarepo-helm-definitions/master/dev/sr/datarepo-api.yaml
+# datarepo-ui
+    - name: sr-jade-datarepo-ui
+      chartPath: https://github.com/broadinstitute/datarepo-helm/releases/download/datarepo-ui-0.0.14/datarepo-ui-0.0.14.tgz
+      version: 0.0.14
+      namespace: sr
+      remote: true
+      valuesFiles:
+      - https://raw.githubusercontent.com/broadinstitute/datarepo-helm-definitions/master/dev/sr/datarepo-ui.yaml
+# oidc-proxy
+    - name: sr-jade-oidc-proxy
+      chartPath: https://github.com/broadinstitute/datarepo-helm/releases/download/oidc-proxy-0.0.25/oidc-proxy-0.0.25.tgz
+      version: 0.0.25
+      namespace: sr
+      remote: true
+      valuesFiles:
+      - https://raw.githubusercontent.com/broadinstitute/datarepo-helm-definitions/master/dev/sr/oidc-proxy.yaml