Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Helm Migration for Staging no TGB (DO NOT MERGE) #3189

Draft
wants to merge 9 commits into
base: main
Choose a base branch
from
Draft

Helm Migration for Staging no TGB (DO NOT MERGE) #3189

wants to merge 9 commits into from

Conversation

P0NDER0SA
Copy link
Contributor

What happens when your PR merges?

  • Prefix the title of your PR:
    • fix: - tag main as a new patch release
    • feat: - tag main as a new minor release
    • BREAKING CHANGE: - tag main as a new major release
    • [MANIFEST] or [AUTO-PR] - tag main as a new patch release and deploy to production
    • chore: - use for changes to non-app code (ex: GitHub actions)
  • Alternatively, change the VERSION file - this will not create a new tag, but rather will release the tag in VERSION to production.

What are you changing?

  • Releasing a new version of Notify
  • Changing kubernetes configuration

Provide some background on the changes

Give details ex. Security patching, content update, more API pods etc

If you are releasing a new version of Notify, what components are you updating

  • API
  • Admin
  • Documentation
  • Document download API

Checklist if releasing new version

Checklist if making changes to Kubernetes

  • I know how to get kubectl credentials in case it catches on fire

After merging this PR

  • I have verified that the tests / deployment actions succeeded
  • I have verified that any affected pods were restarted successfully
  • I have verified that I can still log into Notify production
  • I have verified that the smoke tests still pass on production
  • I have communicated the release in the #notify Slack channel.

@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 12, 2024
edited
Loading 

ingress	nginx    	2       	2024-02-12 19:08:42.93215444 +0000 UTC	deployed	nginx-ingress-1.1.2	3.4.2      

xray-daemon	xray     	1       	2024-07-29 19:45:48.684608347 +0000 UTC	deployed	aws-xray-4.0.8	3.3.12     

Comparing release=notify-documentation, chart=charts/notify-documentation
notification-canada-ca, notify-documentation, TargetGroupBinding (elbv2.k8s.aws) has been removed:
- # Source: notify-documentation/templates/targetgroup.yaml
- apiVersion: elbv2.k8s.aws/v1beta1
- kind: TargetGroupBinding
- metadata:
-   name: notify-documentation
-   labels:
-     helm.sh/chart: notify-documentation-0.1.0
-     app.kubernetes.io/name: notify-documentation
-     app.kubernetes.io/instance: notify-documentation
-     app.kubernetes.io/version: "1.16.0"
-     app.kubernetes.io/managed-by: Helm
- spec:
-   serviceRef:
-     name: notify-documentation
-     port: 80
-   targetGroupARN: arn:aws:elasticloadbalancing:ca-central-1:239043911459:targetgroup/notification-documentation/8c5b4c1e7c439ae9
+ 

Comparing release=notify-api, chart=charts/notify-api
notification-canada-ca, notify-api, TargetGroupBinding (elbv2.k8s.aws) has been removed:
- # Source: notify-api/templates/targetgroup.yaml
- apiVersion: elbv2.k8s.aws/v1beta1
- kind: TargetGroupBinding
- metadata:
-   name: notify-api
-   labels:
-     helm.sh/chart: notify-api-0.1.0
-     app.kubernetes.io/name: notify-api
-     app.kubernetes.io/instance: notify-api
-     app.kubernetes.io/version: "1.16.0"
-     app.kubernetes.io/managed-by: Helm
- spec:
-   serviceRef:
-     name: notify-api
-     port: 6011
-   targetGroupARN: arn:aws:elasticloadbalancing:ca-central-1:239043911459:targetgroup/notification-canada-ca-alb-api/78a926c7209e046e
+ 

Comparing release=notify-admin, chart=charts/notify-admin
notification-canada-ca, notify-admin, TargetGroupBinding (elbv2.k8s.aws) has been removed:
- # Source: notify-admin/templates/targetgroup.yaml
- apiVersion: elbv2.k8s.aws/v1beta1
- kind: TargetGroupBinding
- metadata:
-   name: notify-admin
-   labels:
-     helm.sh/chart: notify-admin-0.1.0
-     app: notify-admin
-     app.kubernetes.io/name: notify-admin
-     app.kubernetes.io/instance: notify-admin
-     app.kubernetes.io/version: "1.16.0"
-     app.kubernetes.io/managed-by: Helm
- spec:
-   serviceRef:
-     name: notify-admin
-     port: 6012
-   targetGroupARN: arn:aws:elasticloadbalancing:ca-central-1:239043911459:targetgroup/notification-canada-ca-alb-admin/f840461ae7a91ff0
+ 

Comparing release=notify-document-download, chart=charts/notify-document-download
notification-canada-ca, notify-document-download, Deployment (apps) has changed:
  # Source: notify-document-download/templates/deployment.yaml
  apiVersion: apps/v1
  kind: Deployment
  metadata:
    name: notify-document-download
    labels:
      app: notify-document-download
  spec:
    selector:
      matchLabels:
        app.kubernetes.io/name: notify-document-download
        app.kubernetes.io/instance: notify-document-download
    template:
      metadata:
        labels:
          helm.sh/chart: notify-document-download-0.1.0
          app.kubernetes.io/name: notify-document-download
          app.kubernetes.io/instance: notify-document-download
          app.kubernetes.io/version: "1.16.0"
          app.kubernetes.io/managed-by: Helm
          app: notify-document-download
      spec:
        serviceAccountName: notify-document-download
        securityContext:
          {}
        containers:
          - name: notify-document-download
            securityContext:
              {}
            image: "public.ecr.aws/cds-snc/notify-document-download-api:latest"
            imagePullPolicy: Always
            env:
              # NON-SECRET CONFIGURATIONS
              - name: ALLOW_DEBUG_ROUTE
                value: "true"
              - name: AWS_REGION
                value: "ca-central-1"
              - name: AWS_XRAY_CONTEXT_MISSING
                value: "LOG_WARNING"
              - name: AWS_XRAY_DAEMON_ADDRESS
                value: "xray-daemon-aws-xray.xray.svc.cluster.local:2000"
              - name: AWS_XRAY_SDK_ENABLED
                value: "true"
              - name: BACKEND_HOSTNAME
                value: "api.document.staging.notification.cdssandbox.xyz"
              - name: DEBUG
                value: "false"
              - name: DOCUMENTS_BUCKET
                value: "notification-canada-ca-staging-document-download"
              - name: EXTRA_MIME_TYPES
                value: "b7b2104c-011f-436a-a25f-3fd66b6591e4:application/octet-stream,b7b2104c-011f-436a-a25f-3fd66b6591e4:application/xml,b7b2104c-011f-436a-a25f-3fd66b6591e4:text/xml,b7b2104c-011f-436a-a25f-3fd66b6591e4:application/json,dea2d718-b7fb-4003-868a-1832fd025d7a:image/svg+xml"
              - name: HTTP_SCHEME
                value: "https"
              - name: NEW_RELIC_APP_NAME
                value: "notification-dd-api-staging"
              - name: NEW_RELIC_CONFIG_FILE
                value: "/app/newrelic.ini"
              - name: NEW_RELIC_DISTRIBUTED_TRACING_ENABLED
                value: "true"
              - name: NEW_RELIC_MONITOR_MODE
                value: "true"
              - name: NOTIFY_ENVIRONMENT
                value: "staging"
              - name: SCAN_FILES_DOCUMENTS_BUCKET
                value: "notification-canada-ca-staging-document-download-scan-files"

            # SECRET CONFIGURATIONS
              - name: DEBUG_KEY
                valueFrom:
                  secretKeyRef:
                    name: document-download
                    key: DEBUG_KEY
              - name: NEW_RELIC_LICENSE_KEY
                valueFrom:
                  secretKeyRef:
                    name: document-download
                    key: NEW_RELIC_LICENSE_KEY
              - name: SECRET_KEY
                valueFrom:
                  secretKeyRef:
                    name: document-download
                    key: SECRET_KEY
                
            volumeMounts:
              - name: secrets-store-inline
                mountPath: "/mnt/secrets-store"
                readOnly: true          
              
            ports:
              - name: http
                containerPort: 7000
                protocol: TCP
            livenessProbe:
              httpGet:
                path: /_status
                port: 7000
+             initialDelaySeconds: 30
            readinessProbe:
              httpGet:
                path: /_status
                port: 7000
+             initialDelaySeconds: 30
            resources:
              limits:
                cpu: 400m
                memory: 800Mi
              requests:
                cpu: 100m
                memory: 400Mi
            
        volumes:
          - name: secrets-store-inline
            csi:
              driver: secrets-store.csi.k8s.io
              readOnly: true
              volumeAttributes:
                secretProviderClass: notify-document-download
        
        nodeSelector:
          eks.amazonaws.com/capacityType: ON_DEMAND
notification-canada-ca, notify-document-download, TargetGroupBinding (elbv2.k8s.aws) has been removed:
- # Source: notify-document-download/templates/targetgroup.yaml
- apiVersion: elbv2.k8s.aws/v1beta1
- kind: TargetGroupBinding
- metadata:
-   name: notify-document-download
-   labels:
-     helm.sh/chart: notify-document-download-0.1.0
-     app.kubernetes.io/name: notify-document-download
-     app.kubernetes.io/instance: notify-document-download
-     app.kubernetes.io/version: "1.16.0"
-     app.kubernetes.io/managed-by: Helm
- spec:
-   serviceRef:
-     name: notify-document-download
-     port: 7000
-   targetGroupARN: arn:aws:elasticloadbalancing:ca-central-1:239043911459:targetgroup/notification-document-api/f3059ddbe05de399
+ 

Comparing release=notify-celery, chart=charts/notify-celery
Comparing release=k8s-event-logger, chart=/tmp/helmfile1089669926/amazon-cloudwatch/staging/k8s-event-logger/k8s-event-logger/1.1.8/k8s-event-logger
Comparing release=karpenter-crd, chart=/tmp/helmfile1089669926/karpenter/staging/karpenter-crd/karpenter-crd/0.36.1/karpenter-crd
Comparing release=karpenter, chart=/tmp/helmfile1089669926/karpenter/staging/karpenter/karpenter/0.36.1/karpenter
Comparing release=karpenter-nodepool, chart=charts/karpenter-nodepool
Comparing release=priority-classes, chart=deliveryhero/priority-class
Comparing release=secrets-store-csi-driver, chart=secrets-store-csi-driver/secrets-store-csi-driver
Comparing release=aws-secrets-provider, chart=aws-secrets-manager/secrets-store-csi-driver-provider-aws
Comparing release=kube-state-metrics, chart=prometheus-community/kube-state-metrics
Comparing release=blazer, chart=stakater/application
Comparing release=ingress, chart=charts/nginx-ingress
Comparing release=xray-daemon, chart=okgolove/aws-xray

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jimleroyer jimleroyer Awaiting requested review from jimleroyer jimleroyer will be requested when the pull request is marked ready for review jimleroyer is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@P0NDER0SA @ben851