CAPT-1703 Migrate production environment to AKS

.github/actions/deploy-environment/action.yml

@@ -14,6 +14,16 @@ inputs:
   pull-request-number:
     description: The pull request number which triggered this deploy.
     required: false
+  prepare-database:
+    description: Whether to prepare the database by running migrations or seeding if needed
+    required: false
+    default: true
+  aks-namespace:
+    description: The namespace under which kubectl will run
+    required: true
+  aks-deployment:
+    description: The deployment which kubectl will target for running migrations
+    required: true
 
 runs:
   using: composite
@@ -42,3 +52,19 @@ runs:
       run: |
         output=$(terraform -chdir=terraform/application output -raw url)
         echo "APP_URL=$output" >> $GITHUB_ENV
+
+    - uses: azure/login@v2
+      with:
+        creds: ${{ inputs.azure-credentials }}
+
+    - name: Set kubectl
+      uses: DFE-Digital/github-actions/set-kubectl@master
+
+    - name: Prepare database
+      if: ${{ inputs.prepare-database }}
+      shell: bash
+      run: |
+        make ci ${{ inputs.environment }} get-cluster-credentials
+        kubectl exec -n ${{ inputs.aks-namespace }} deployment/${{ inputs.aks-deployment }}-worker -- sh -c "DISABLE_DATABASE_ENVIRONMENT_CHECK=1 bin/prepare-database"
+      env:
+        PR_NUMBER: ${{ inputs.pull-request-number }}

.github/workflows/build_and_deploy.yml

@@ -50,22 +50,9 @@ jobs:
           docker-image: ${{ needs.build.outputs.docker-image-tag }}
           azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
           pull-request-number: ${{ github.event.pull_request.number }}
-
-      - uses: azure/login@v2
-        with:
-          creds: ${{ secrets.AZURE_CREDENTIALS }}
-
-      - name: Set kubectl
-        uses: DFE-Digital/github-actions/set-kubectl@master
-
-      - name: Seed review app
-        shell: bash
-        if: github.event.number != ''
-        run: |
-          make ci review-aks get-cluster-credentials
-          kubectl exec -n srtl-development deployment/claim-additional-payments-for-teaching-review-${{ github.event.pull_request.number }}-worker -- sh -c "DISABLE_DATABASE_ENVIRONMENT_CHECK=1 bin/prepare-database"
-        env:
-          PR_NUMBER: ${{ github.event.pull_request.number }}
+          aks-namespace: srtl-development
+          aks-deployment: claim-additional-payments-for-teaching-review-${{ github.event.pull_request.number }}
+          prepare-database: ${{ github.event.pull_request.number != '' }}
 
       - name: Post comment to Pull Request ${{ github.event.number }}
         if: ${{ github.event_name == 'pull_request' }}
@@ -83,17 +70,21 @@ jobs:
             | Relocation Payments | <${{ env.APP_URL }}/get-a-teacher-relocation-payment/landing-page> |
             | Admin               | <${{ env.APP_URL }}/admin>                                         |
 
-  deploy_test:
-    name: Deploy to test environment
-    concurrency: deploy_test
+  deploy:
+    name: Deploy to ${{ matrix.environment }}
     runs-on: ubuntu-latest
+    concurrency: deploy_${{ matrix.environment }}
     if: github.ref == 'refs/heads/master' && github.event_name == 'push'
     needs: [build]
     environment:
-      name: test-aks
+      name: ${{ matrix.environment }}-aks
       url: ${{ steps.deploy.outputs.environment_url }}
     outputs:
       environment_url: ${{ steps.deploy.outputs.environment_url }}
+    strategy:
+      max-parallel: 1
+      matrix:
+        environment: [test, production]
 
     steps:
       - name: Checkout code
@@ -106,15 +97,11 @@ jobs:
       - uses: ./.github/actions/deploy-environment
         id: deploy
         with:
-          environment: test-aks
+          environment: ${{ matrix.environment }}-aks
           docker-image: ${{ needs.build.outputs.docker-image-tag }}
           azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
-
-      - name: Run migrations
-        shell: bash
-        run: |
-          make ci test-aks get-cluster-credentials
-          kubectl exec -n srtl-test deployment/claim-additional-payments-for-teaching-test-worker -- sh -c "DISABLE_DATABASE_ENVIRONMENT_CHECK=1 bin/prepare-database"
+          aks-namespace: srtl-${{ matrix.environment }}
+          aks-deployment: claim-additional-payments-for-teaching-${{ matrix.environment }}
 
       - name: Install Ruby
         uses: ruby/setup-ruby@v1
@@ -135,6 +122,6 @@ jobs:
         uses: rtCamp/action-slack-notify@master
         env:
           SLACK_COLOR: failure
-          SLACK_TITLE: Failure deploying release to test
-          SLACK_MESSAGE: Failure deploying release to test - Docker tag ${{ needs.build.outputs.docker-image-tag }}
+          SLACK_TITLE: Failure deploying release to ${{ matrix.environment }}
+          SLACK_MESSAGE: Failure deploying release to ${{ matrix.environment }} - Docker tag ${{ needs.build.outputs.docker-image-tag }}
           SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}

terraform/application/application.tf

@@ -58,4 +58,6 @@ module "worker_application" {
 
   docker_image = var.docker_image
   command      = var.worker_command
+
+  replicas = var.worker_replicas
 }

terraform/application/config/production.tfvars.json

@@ -0,0 +1,19 @@
+{
+  "cluster": "production",
+  "namespace": "srtl-production",
+  "config": "production",
+  "environment": "production",
+  "canonical_hostname": "claim-additional-payments-for-teaching-production-web.teacherservices.cloud",
+  "web_replicas": 2,
+  "worker_replicas": 2,
+  "startup_command": ["/bin/sh", "-c", "bin/rails server -b 0.0.0.0"],
+  "worker_command": ["/bin/sh", "-c", "bin/bundle exec bin/delayed_job run -n 1"],
+  "postgres_flexible_server_sku": "GP_Standard_D2ds_v4",
+  "postgres_enable_high_availability": true,
+  "enable_postgres_backup_storage": true,
+  "azure_maintenance_window": {
+    "day_of_week": 0,
+    "start_hour": 3,
+    "start_minute": 0
+  }
+}

terraform/application/config/production_Terrafile

@@ -0,0 +1,3 @@
+aks:
+    source:  "https://github.com/DFE-Digital/terraform-modules"
+    version: "stable"

terraform/application/config/production_app_env.yml

@@ -0,0 +1 @@
+---

terraform/application/config/review.tfvars.json

@@ -5,5 +5,5 @@
   "deploy_azure_backing_services": false,
   "enable_postgres_ssl": false,
   "startup_command": ["/bin/sh", "-c", "bin/rails server -b 0.0.0.0"],
-  "worker_command": ["/bin/sh", "-c", "bin/bundle exec bin/delayed_job run -n 4"]
+  "worker_command": ["/bin/sh", "-c", "bin/bundle exec bin/delayed_job run -n 1"]
 }

terraform/application/database.tf

@@ -1,16 +1,19 @@
 module "postgres" {
   source = "./vendor/modules/aks//aks/postgres"
 
-  namespace                   = var.namespace
-  environment                 = var.environment
-  azure_resource_prefix       = var.azure_resource_prefix
-  service_name                = var.service_name
-  service_short               = var.service_short
-  config_short                = var.config_short
-  cluster_configuration_map   = module.cluster_data.configuration_map
-  use_azure                   = var.deploy_azure_backing_services
-  azure_enable_monitoring     = var.enable_monitoring
-  azure_enable_backup_storage = var.enable_postgres_backup_storage
-  azure_extensions            = ["pg_trgm", "pgcrypto", "plpgsql"]
-  server_version              = "16"
+  namespace                      = var.namespace
+  environment                    = var.environment
+  azure_resource_prefix          = var.azure_resource_prefix
+  service_name                   = var.service_name
+  service_short                  = var.service_short
+  config_short                   = var.config_short
+  cluster_configuration_map      = module.cluster_data.configuration_map
+  use_azure                      = var.deploy_azure_backing_services
+  azure_enable_monitoring        = var.enable_monitoring
+  azure_enable_backup_storage    = var.enable_postgres_backup_storage
+  azure_extensions               = ["pg_trgm", "pgcrypto", "plpgsql"]
+  server_version                 = "16"
+  azure_sku_name                 = var.postgres_flexible_server_sku
+  azure_enable_high_availability = var.postgres_enable_high_availability
+  azure_maintenance_window       = var.azure_maintenance_window
 }

terraform/application/variables.tf

@@ -64,6 +64,19 @@ variable "web_replicas" {
   description = "Number of replicas of the web app"
   default     = 1
 }
+variable "worker_replicas" {
+  description = "Number of replicas of the worker"
+  default     = 1
+}
+variable "azure_maintenance_window" {
+  default = null
+}
+variable "postgres_flexible_server_sku" {
+  default = "B_Standard_B1ms"
+}
+variable "postgres_enable_high_availability" {
+  default = false
+}
 
 locals {
   postgres_ssl_mode       = var.enable_postgres_ssl ? "require" : "disable"