Merge branch 'main' into feat/add_system_entity

.github/workflows/merge_to_main_staging.yaml

@@ -9,16 +9,13 @@ on:
       - ".github/workflows/merge_to_main_staging.yaml"
       - "env/staging/**"
 
-env:
-  KUBECTL_VERSION: 1.23.6
-
 defaults:
   run:
     shell: bash
 
 jobs:
   kubectl-apply:
-    runs-on: ubuntu-latest
+    runs-on: github-arc-ss-staging
 
     steps:
       - name: Checkout
@@ -34,12 +31,12 @@ jobs:
           aws-secret-access-key: ${{ secrets.STAGING_AWS_SECRET_ACCESS_KEY }}
           aws-region: ca-central-1
 
-      - name: Install kubectl
-        run: |
-          curl -LO https://dl.k8s.io/release/v$KUBECTL_VERSION/bin/linux/amd64/kubectl
-          chmod +x kubectl
-          mv kubectl /usr/local/bin/
-          kubectl version --client
+      # I'm cheating and using this action to install kubectl
+      - name: Setup helmfile
+        uses: mamezou-tech/[email protected]
+        with:
+          install-kubectl: yes
+          install-helm: yes
 
       - name: Decrypt staging env
         run: |
@@ -106,5 +103,5 @@ jobs:
       - name: Notify Slack channel if this job failed
         if: ${{ failure() }}
         run: |
-          json="{'text':'<!here> CI is failing in <https://github.com/cds-snc/notification-manifests/|notification-manifests> !'}"
+          json="{'text':'<!here> Manifests Merge To Staging CI is failing in <https://github.com/cds-snc/notification-manifests/|notification-manifests> !'}"
           curl -X POST -H 'Content-type: application/json' --data "$json"  ${{ secrets.SLACK_WEBHOOK }}

.github/workflows/syntax_check.yaml

@@ -1,11 +1,8 @@
-name: Testing manifest
+name: Testing Staging Manifest
 
 on: 
   - pull_request
 
-env:
-  KUBECTL_VERSION: 1.23.6
-
 jobs:
   testing_manifest:
     runs-on: ubuntu-latest
@@ -14,28 +11,20 @@ jobs:
       - name: Checkout
         uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
 
-      - name: Install kubectl
-        run: |
-          curl -LO https://dl.k8s.io/release/v$KUBECTL_VERSION/bin/linux/amd64/kubectl
-          chmod +x kubectl
-          mv kubectl /usr/local/bin/
-          kubectl version --client
+      # I'm cheating and using this action to install kubectl
+      - name: Setup helmfile
+        uses: mamezou-tech/[email protected]
+        with:
+          install-kubectl: yes
+          install-helm: yes
 
       - name: Add fake .env
         run: |
           cp env.example env/staging/.env
-          cp env.example env/production/.env
 
       - name: Test staging manifest build
         uses: ./.github/actions/test-manifest
         if: always()
         with:
           build-target: staging-debug
-          echo-manifest: true
-
-      - name: Test production manifest build
-        uses: ./.github/actions/test-manifest
-        if: always()
-        with:
-          build-target: production-debug          
-
+          echo-manifest: true

.github/workflows/syntax_check_prod.yaml

@@ -0,0 +1,33 @@
+name: Testing Prod Manifest
+
+on: 
+  - pull_request
+
+env:
+  KUBECTL_VERSION: 1.23.6
+
+jobs:
+  testing_manifest:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+
+      - name: Install kubectl
+        run: |
+          curl -LO https://dl.k8s.io/release/v$KUBECTL_VERSION/bin/linux/amd64/kubectl
+          chmod +x kubectl
+          mv kubectl /usr/local/bin/
+          kubectl version --client
+
+      - name: Add fake .env
+        run: |
+          cp env.example env/production/.env
+
+      - name: Test production manifest build
+        uses: ./.github/actions/test-manifest
+        if: always()
+        with:
+          build-target: production-debug          
+

env/dev/celery-init-delete/celery-email-send-primary-init-delete-patch.yaml

@@ -0,0 +1,11 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: celery-email-send-primary
+  namespace: notification-canada-ca
+spec:
+  template:
+    spec:
+      initContainers:
+        - name: wait-cwagent-ready
+          $patch: delete

env/dev/celery-init-delete/celery-email-send-scalable-init-delete-patch.yaml

@@ -0,0 +1,11 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: celery-email-send-scalable
+  namespace: notification-canada-ca
+spec:
+  template:
+    spec:
+      initContainers:
+        - name: wait-cwagent-ready
+          $patch: delete

env/dev/celery-init-delete/celery-primary-init-delete-patch.yaml

@@ -0,0 +1,11 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: celery-primary
+  namespace: notification-canada-ca
+spec:
+  template:
+    spec:
+      initContainers:
+        - name: wait-cwagent-ready
+          $patch: delete

env/dev/celery-init-delete/celery-scalable-init-delete-patch.yaml

@@ -0,0 +1,11 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: celery-scalable
+  namespace: notification-canada-ca
+spec:
+  template:
+    spec:
+      initContainers:
+        - name: wait-cwagent-ready
+          $patch: delete

env/dev/celery-init-delete/celery-sms-send-primary-init-delete-patch.yaml

@@ -0,0 +1,11 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: celery-sms-send-primary
+  namespace: notification-canada-ca
+spec:
+  template:
+    spec:
+      initContainers:
+        - name: wait-cwagent-ready
+          $patch: delete

env/dev/celery-init-delete/celery-sms-send-scalable-init-delete-patch.yaml

@@ -0,0 +1,11 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: celery-sms-send-scalable
+  namespace: notification-canada-ca
+spec:
+  template:
+    spec:
+      initContainers:
+        - name: wait-cwagent-ready
+          $patch: delete

env/dev/karpenter/aws-node-template-patch.yaml

@@ -0,0 +1,11 @@
+apiVersion: karpenter.k8s.aws/v1alpha1
+kind: AWSNodeTemplate
+metadata:
+  name: default
+spec:
+  subnetSelector:
+    karpenter.sh/discovery: notification-canada-ca-dev-eks-cluster
+  securityGroupSelector:
+    karpenter.sh/discovery: notification-canada-ca-dev-eks-cluster    
+  metadataOptions:
+    httpTokens: optional

env/dev/karpenter/configmap-patch.yaml

@@ -0,0 +1,24 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: karpenter-global-settings
+  namespace: karpenter
+  labels:
+    app.kubernetes.io/name: karpenter
+    app.kubernetes.io/instance: karpenter
+    app.kubernetes.io/version: "0.30.0"
+data:  
+    "aws.assumeRoleARN": ""
+    "aws.assumeRoleDuration": "15m"
+    "aws.clusterCABundle": ""
+    "aws.clusterEndpoint": ""
+    "aws.clusterName": "notification-canada-ca-dev-eks-cluster"
+    "aws.defaultInstanceProfile": "KarpenterNodeInstanceProfile-karpenter-controller-eks"
+    "aws.enableENILimitedPodDensity": "true"
+    "aws.enablePodENI": "false"
+    "aws.interruptionQueueName": ""
+    "aws.isolatedVPC": "false"
+    "aws.vmMemoryOverheadPercent": "0.075"
+    "batchIdleDuration": "1s"
+    "batchMaxDuration": "10s"
+    "featureGates.driftEnabled": "false"

env/dev/karpenter/provisioner-patch.yaml

@@ -0,0 +1,19 @@
+apiVersion: karpenter.sh/v1alpha5
+kind: Provisioner
+metadata:
+  name: default
+spec:
+  requirements:
+    - key: karpenter.sh/capacity-type
+      operator: In
+      values: ["spot"]
+    - key: node.kubernetes.io/instance-type
+      operator: In
+      values: ["m5.large", "r5.large"]      
+  limits:
+    resources:
+      cpu: 1000
+  providerRef:
+    name: default
+  consolidation: 
+    enabled: true

env/dev/karpenter/service-account-patch.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: karpenter
+  namespace: karpenter
+  labels:
+    app.kubernetes.io/name: karpenter
+    app.kubernetes.io/instance: karpenter
+    app.kubernetes.io/version: "0.30.0"
+  annotations:
+    eks.amazonaws.com/role-arn: arn:aws:iam::800095993820:role/karpenter-controller-eks