Skip to content

A GitOps repository for defining the desired state of the Passport Status Application Checker Kubernetes resources.

Notifications You must be signed in to change notification settings

DTS-STN/passport-status-gitops

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Deploying environment

Shared Resources (One per namespace e.g. nonprod, preprod, prod)

Artemis

ActiveMQ Artemis

Deploying environment resources

PostgreSQL

Currently each environment deploys a new PGSQL server.

Helm chart for PostgreSQL HA

For reference, manually add passwords created during the setup to HashiCorp Vault

  • PassportStatusAPI/env/{env}
    • Pgpool Admin Password
    • PostgreSQL Password
    • Repmgr Password

Environment resources

Create ".env.api.secret" in your environment folder with secrets. See .env.api.secret.sample.

APPLICATION_GCNOTIFY_ENGLISH_API_KEY=YOUR_KEY_HERE
APPLICATION_GCNOTIFY_FRENCH_API_KEY=YOUR_KEY_HERE
MANAGEMENT_METRICS_EXPORT_DYNATRACE_API_TOKEN=YOUR_KEY_HERE

Run Kustomize package

kubectl --kubeconfig ~/.kube/dts-dev-sced-rhp-spoke-aks.yaml --namespace $NAMESPACE \
  apply \
  --kustomize ./environments/$ENVIRONMENT \
  --dry-run=server

Applying Basic Auth to NGINX Ingress

Basic Authentication - NGINX Ingress Controller

First thing to do is to generate user and password for the basic authentication, we will use the htpasswd.

htpasswd -nb 'foo' 'bar'

Create the secret

NAMESPACE=passport-status-preprod
ENVIRONMENT=staging
PASSWD=$(htpasswd -nb 'foo' 'bar')

# Secret with auth value
kubectl --kubeconfig ~/.kube/dts-dev-sced-rhp-spoke-aks.yaml --namespace $NAMESPACE \
  create secret generic passport-status-basic-auth-$ENVIRONMENT \
  --from-literal=auth=$PASSWD \

# Add labels to secret
kubectl --kubeconfig ~/.kube/dts-dev-sced-rhp-spoke-aks.yaml --namespace $NAMESPACE \
  label secrets passport-status-basic-auth-$ENVIRONMENT \
  app.kubernetes.io/instance=$ENVIRONMENT \
  app.kubernetes.io/part-of=$NAMESPACE

Apply the proper annotations to the ingress

# type of authentication
nginx.ingress.kubernetes.io/auth-type: basic
# name of the secret that contains the user/password definitions
nginx.ingress.kubernetes.io/auth-secret: passport-status-basic-auth-staging
# message to display with an appropriate context why the authentication is required
nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required'

About

A GitOps repository for defining the desired state of the Passport Status Application Checker Kubernetes resources.

Topics

Resources

Stars

Watchers

Forks