Merge pull request #3566 from DFE-Digital/deploy-aks-review-app

Add AKS review app terraform
DFE-Digital · Sep 29, 2023 · 9fe0a80 · 9fe0a80
2 parents 4aa365c + aa04449
commit 9fe0a80
Show file tree

Hide file tree

Showing 12 changed files with 118 additions and 5 deletions.
diff --git a/Makefile b/Makefile
@@ -2,7 +2,7 @@ TERRAFILE_VERSION=0.8
 ARM_TEMPLATE_TAG=1.1.6
 RG_TAGS={"Product" : "Get into teaching website"}
 REGION=UK South
-SERVICE_NAME=get-into-teaching
+SERVICE_NAME=get-into-teaching-app
 SERVICE_SHORT=git
 DOCKER_REPOSITORY=ghcr.io/dfe-digital/get-into-teaching-frontend
 

diff --git a/config/database.yml b/config/database.yml
@@ -22,7 +22,11 @@ test:
 
 production: &production
   <<: *default
+  <% if ENV.key?("VCAP_APPLICATION") %>
   url: <%= Rails.application.config.x.vcap_services.dig("postgres", 0, "credentials", "uri") %>
+  <% else %>
+  url: <%= ENV["DATABASE_URL"] %>
+  <% end %>
 
 rolling:
   <<: *production

diff --git a/config/environments/production.rb b/config/environments/production.rb
@@ -47,6 +47,7 @@
   # config.force_ssl = true
   unless ENV["SKIPSSL"].in? %w[1 true yes]
     config.force_ssl = true
+    config.ssl_options = { redirect: { exclude: ->(request) { request.path.include?("/check") } } }
   end
 
   # Use the lowest log level to ensure availability of diagnostic information

diff --git a/config/routes.rb b/config/routes.rb
@@ -13,6 +13,7 @@
   get "/403", to: "errors#forbidden"
   get "/healthcheck.json", to: "healthchecks#show", as: :healthcheck
   get "/sitemap.xml", to: "sitemap#show", via: :all
+  get "/check", to: proc { [200, {}, %w[OK]] }
 
   YAML.load_file(Rails.root.join("config/redirects.yml")).fetch("redirects").tap do |redirect_rules|
     redirect_rules.each do |from, to|

diff --git a/terraform/aks/application.tf b/terraform/aks/application.tf
@@ -0,0 +1,50 @@
+locals {
+  environment  = "${var.environment}${var.pr_number}"
+}
+
+module "application_configuration" {
+  source = "./vendor/modules/aks//aks/application_configuration"
+
+  namespace              = var.namespace
+  environment            = local.environment
+  azure_resource_prefix  = var.azure_resource_prefix
+  service_short          = var.service_short
+  config_short           = var.config_short
+  secret_key_vault_short = "app"
+
+  # Delete for non rails apps
+  is_rails_application = true
+
+  config_variables = {
+    PGSSLMODE        = local.postgres_ssl_mode
+  }
+  secret_variables = {
+    DATABASE_URL = module.postgres.url
+    REDIS_URL    = module.redis-cache.url
+# below added from paas config
+    HTTPAUTH_PASSWORD = module.infrastructure_secrets.map.HTTP-PASSWORD,
+    HTTPAUTH_USERNAME = module.infrastructure_secrets.map.HTTP-USERNAME,
+    BASIC_AUTH        = var.basic_auth,
+    APP_URL           = length(var.paas_asset_hostnames) == 0 ? "" : "https://${var.paas_internet_hostnames[0]}.education.gov.uk",
+#   keeping here as a reminder, but went be set in aks and need to confirm impact
+    APP_ASSETS_URL    = length(var.paas_asset_hostnames) == 0 ? "" : "https://${var.paas_asset_hostnames[0]}.education.gov.uk"
+  }
+}
+
+module "web_application" {
+  source = "./vendor/modules/aks//aks/application"
+
+  is_web = true
+
+  namespace    = var.namespace
+  environment  = local.environment
+  service_name = var.service_name
+  probe_path   = "/check"
+  command      = var.command
+
+  cluster_configuration_map  = module.cluster_data.configuration_map
+  kubernetes_config_map_name = module.application_configuration.kubernetes_config_map_name
+  kubernetes_secret_name     = module.application_configuration.kubernetes_secret_name
+
+  docker_image = var.docker_image
+}
diff --git a/terraform/aks/config/review_aks.tfvars.json b/terraform/aks/config/review_aks.tfvars.json
@@ -3,5 +3,5 @@
     "namespace": "git-development",
     "environment": "review",
     "deploy_azure_backing_services": false,
-    "enable_postgres_ssl" : false
+    "enable_postgres_ssl": false
 }
diff --git a/terraform/aks/database.tf b/terraform/aks/database.tf
@@ -0,0 +1,32 @@
+module "postgres" {
+  source = "./vendor/modules/aks//aks/postgres"
+
+  namespace                   = var.namespace
+  environment                 = local.environment
+  azure_resource_prefix       = var.azure_resource_prefix
+  service_name                = var.service_name
+  service_short               = var.service_short
+  config_short                = var.config_short
+  cluster_configuration_map   = module.cluster_data.configuration_map
+  use_azure                   = var.deploy_azure_backing_services
+  azure_enable_monitoring     = var.enable_monitoring
+  azure_enable_backup_storage = var.enable_postgres_backup_storage
+  server_version              = "14"
+}
+
+
+module "redis-cache" {
+  source = "./vendor/modules/aks//aks/redis"
+
+  namespace                 = var.namespace
+  environment               = local.environment
+  azure_resource_prefix     = var.azure_resource_prefix
+  service_short             = var.service_short
+  config_short              = var.config_short
+  service_name              = var.service_name
+  cluster_configuration_map = module.cluster_data.configuration_map
+  use_azure                 = var.deploy_azure_backing_services
+  azure_enable_monitoring   = var.enable_monitoring
+  azure_patch_schedule      = [{ "day_of_week" : "Sunday", "start_hour_utc" : 01 }]
+  server_version            = "6"
+}
diff --git a/terraform/aks/output.tf b/terraform/aks/output.tf
@@ -0,0 +1,3 @@
+output "url" {
+  value = module.web_application.url
+}
diff --git a/terraform/aks/secrets.tf b/terraform/aks/secrets.tf
@@ -0,0 +1,8 @@
+module "infrastructure_secrets" {
+  source = "./vendor/modules/aks//aks/secrets"
+
+  azure_resource_prefix = var.azure_resource_prefix
+  service_short         = var.service_short
+  config_short          = var.config_short
+  key_vault_short       = "inf"
+}
diff --git a/terraform/aks/statuscake.tf b/terraform/aks/statuscake.tf
@@ -0,0 +1,10 @@
+module "statuscake" {
+  count = var.enable_monitoring ? 1 : 0
+
+  source = "./vendor/modules/aks//monitoring/statuscake"
+
+  uptime_urls = compact([module.web_application.probe_url, var.external_url])
+  ssl_urls    = compact([var.external_url])
+
+  contact_groups = var.statuscake_contact_groups
+}
diff --git a/terraform/aks/terraform.tf b/terraform/aks/terraform.tf
@@ -36,6 +36,6 @@ provider "kubernetes" {
   cluster_ca_certificate = module.cluster_data.kubernetes_cluster_ca_certificate
 }
 
-# provider "statuscake" {
-#   api_token = module.infrastructure_secrets.map.STATUSCAKE-API-TOKEN
-# }
+provider "statuscake" {
+  api_token = module.infrastructure_secrets.map.SC-PASSWORD
+}
diff --git a/terraform/aks/variables.tf b/terraform/aks/variables.tf
@@ -64,6 +64,10 @@ variable "paas_asset_hostnames" {
 variable "paas_internet_hostnames" {
   default = []
 }
+variable "command" {
+  type = list(string)
+  default = []
+}
 
 locals {
   azure_credentials = try(jsondecode(var.azure_credentials_json), null)