adding auth token #3198
Merged
adding auth token #3198
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ingress nginx 6 2024-12-12 20:12:53.230130487 +0000 UTC deployed nginx-ingress-1.1.2 3.4.2
xray-daemon xray 5 2024-12-12 20:12:53.037914625 +0000 UTC deployed aws-xray-4.0.8 3.3.12
Comparing release=notify-documentation, chart=charts/notify-documentation
Comparing release=notify-api, chart=charts/notify-api
notification-canada-ca, notify-api, Deployment (apps) has changed:
# Source: notify-api/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: notify-api
labels:
app: notify-api
spec:
priorityClassName: high-priority
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
selector:
matchLabels:
app: notify-api
template:
metadata:
labels:
app: notify-api
spec:
serviceAccountName: notify-api
dnsPolicy: ClusterFirst
restartPolicy: Always
terminationGracePeriodSeconds: 60
securityContext:
{}
initContainers:
- name: init-postgres
image: alpine
command:
[
"sh",
"-c",
"until nslookup $POSTGRES_HOST; do echo waiting for postgres; sleep 2; done;",
]
env:
- name: POSTGRES_HOST
valueFrom:
secretKeyRef:
name: notify-api
key: POSTGRES_HOST
- name: migrate-db
image: "public.ecr.aws/cds-snc/notify-api:latest"
volumeMounts:
- name: secrets-store-inline
mountPath: "/mnt/secrets-store"
readOnly: true
env:
# Includes common ENV Variables
- name: ADMIN_BASE_DOMAIN
value: "https://staging.notification.cdssandbox.xyz"
- name: ALLOW_DEBUG_ROUTE
value: "true"
- name: ALLOW_HTML_SERVICE_IDS
value: "4de8b784-03a8-4ba8-a440-3bfea1b04fe6,ea608120-148a-4eba-a64c-4d9a8010e7b0"
- name: API_HOST_NAME
value: "https://api.staging.notification.cdssandbox.xyz"
- name: ASSET_DOMAIN
value: "https://assets.staging.notification.cdssandbox.xyz"
- name: ASSET_UPLOAD_BUCKET_NAME
value: "notification-canada-ca-staging-asset-upload"
- name: AWS_PINPOINT_REGION
value: "us-west-2"
- name: AWS_REGION
value: "ca-central-1"
- name: AWS_SES_REGION
value: "us-east-1"
- name: AWS_SES_SMTP
value: "email-smtp.us-east-1.amazonaws.com"
- name: AWS_US_TOLL_FREE_NUMBER
value: "+18005555555"
- name: AWS_XRAY_CONTEXT_MISSING
value: "LOG_WARNING"
- name: AWS_XRAY_SDK_ENABLED
value: "true"
- name: AWS_XRAY_TRACING_ENABLED
value: "true"
- name: BASE_DOMAIN
value: "staging.notification.cdssandbox.xyz"
- name: BATCH_INSERTION_CHUNK_SIZE
value: "10"
- name: CRM_ORG_LIST_URL
value: "https://raw.githubusercontent.com/cds-snc/gc-organisations-qa/main/data/all.json"
- name: CSV_UPLOAD_BUCKET_NAME
value: "notification-canada-ca-staging-csv-upload"
- name: DOCUMENTATION_DOMAIN
value: "documentation.staging.notification.cdssandbox.xyz"
- name: DOCUMENT_DOWNLOAD_API_HOST
value: "http://document-download-api.notification-canada-ca.svc.cluster.local:7000"
- name: FF_ANNUAL_LIMIT
value: "true"
- name: FF_CLOUDWATCH_METRICS_ENABLED
value: "false"
- name: FF_SALESFORCE_CONTACT
value: "false"
- name: FLASK_APP
value: "application.py"
- name: FRESH_DESK_API_URL
value: "https://cds-snc.freshdesk.com"
- name: HC_EN_SERVICE_ID
value: "c2fe9fac-2f28-40ca-b152-08ee41cd6843"
- name: HC_FR_SERVICE_ID
value: "changeme"
- name: NEW_RELIC_APP_NAME
value: "notification-api-staging"
- name: NEW_RELIC_CONFIG_FILE
value: "/app/newrelic.ini"
- name: NEW_RELIC_DISTRIBUTED_TRACING_ENABLED
value: "true"
- name: NEW_RELIC_MONITOR_MODE
value: "false"
- name: NOTIFICATION_QUEUE_PREFIX
value: "eks-notification-canada-ca"
- name: NOTIFY_ENVIRONMENT
value: "staging"
- name: REDIS_ENABLED
value: "1"
- name: SALESFORCE_DOMAIN
value: "test"
- name: SENTRY_URL
value: "https://[email protected]/1522933"
- name: SQL_ALCHEMY_POOL_SIZE
value: "256"
- name: ZENDESK_API_URL
value: "https://api.getbase.com"
- name: ZENDESK_SELL_API_URL
value: "https://cds-snc.zendesk.com"
# Includes secret ENV Variables
- name: ADMIN_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: notify-api
key: ADMIN_CLIENT_SECRET
+ - name: AUTH_TOKENS
+ valueFrom:
+ secretKeyRef:
+ name: notify-api
+ key: AUTH_TOKENS
- name: AWS_ROUTE53_ZONE
valueFrom:
secretKeyRef:
name: notify-api
key: AWS_ROUTE53_ZONE
- name: AWS_SES_ACCESS_KEY
valueFrom:
secretKeyRef:
name: notify-api
key: AWS_SES_ACCESS_KEY
- name: AWS_SES_SECRET_KEY
valueFrom:
secretKeyRef:
name: notify-api
key: AWS_SES_SECRET_KEY
- name: CRM_GITHUB_PERSONAL_ACCESS_TOKEN
valueFrom:
secretKeyRef:
name: notify-api
key: CRM_GITHUB_PERSONAL_ACCESS_TOKEN
- name: CYPRESS_AUTH_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: notify-api
key: CYPRESS_AUTH_CLIENT_SECRET
- name: CYPRESS_USER_PW_SECRET
valueFrom:
secretKeyRef:
name: notify-api
key: CYPRESS_USER_PW_SECRET
- name: DANGEROUS_SALT
valueFrom:
secretKeyRef:
name: notify-api
key: DANGEROUS_SALT
- name: DEBUG_KEY
valueFrom:
secretKeyRef:
name: notify-api
key: DEBUG_KEY
- name: FRESH_DESK_API_KEY
valueFrom:
secretKeyRef:
name: notify-api
key: FRESH_DESK_API_KEY
- name: FRESH_DESK_PRODUCT_ID
valueFrom:
secretKeyRef:
name: notify-api
key: FRESH_DESK_PRODUCT_ID
- name: NEW_RELIC_LICENSE_KEY
valueFrom:
secretKeyRef:
name: notify-api
key: NEW_RELIC_LICENSE_KEY
- name: POSTGRES_HOST
valueFrom:
secretKeyRef:
name: notify-api
key: POSTGRES_HOST
- name: REDIS_PUBLISH_URL
valueFrom:
secretKeyRef:
name: notify-api
key: REDIS_PUBLISH_URL
- name: REDIS_URL
valueFrom:
secretKeyRef:
name: notify-api
key: REDIS_URL
- name: SALESFORCE_ENGAGEMENT_PRODUCT_ID
valueFrom:
secretKeyRef:
name: notify-api
key: SALESFORCE_ENGAGEMENT_PRODUCT_ID
- name: SALESFORCE_ENGAGEMENT_RECORD_TYPE
valueFrom:
secretKeyRef:
name: notify-api
key: SALESFORCE_ENGAGEMENT_RECORD_TYPE
- name: SALESFORCE_ENGAGEMENT_STANDARD_PRICEBOOK_ID
valueFrom:
secretKeyRef:
name: notify-api
key: SALESFORCE_ENGAGEMENT_STANDARD_PRICEBOOK_ID
- name: SALESFORCE_GENERIC_ACCOUNT_ID
valueFrom:
secretKeyRef:
name: notify-api
key: SALESFORCE_GENERIC_ACCOUNT_ID
- name: SALESFORCE_PASSWORD
valueFrom:
secretKeyRef:
name: notify-api
key: SALESFORCE_PASSWORD
- name: SALESFORCE_SECURITY_TOKEN
valueFrom:
secretKeyRef:
name: notify-api
key: SALESFORCE_SECURITY_TOKEN
- name: SALESFORCE_USERNAME
valueFrom:
secretKeyRef:
name: notify-api
key: SALESFORCE_USERNAME
- name: SECRET_KEY
valueFrom:
secretKeyRef:
name: notify-api
key: SECRET_KEY
- name: SENDGRID_API_KEY
valueFrom:
secretKeyRef:
name: notify-api
key: SENDGRID_API_KEY
- name: SQLALCHEMY_DATABASE_READER_URI
valueFrom:
secretKeyRef:
name: notify-api
key: SQLALCHEMY_DATABASE_READER_URI
- name: SQLALCHEMY_DATABASE_URI
valueFrom:
secretKeyRef:
name: notify-api
key: SQLALCHEMY_DATABASE_URI
- name: SRE_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: notify-api
key: SRE_CLIENT_SECRET
- name: ZENDESK_API_KEY
valueFrom:
secretKeyRef:
name: notify-api
key: ZENDESK_API_KEY
- name: ZENDESK_SELL_API_KEY
valueFrom:
secretKeyRef:
name: notify-api
key: ZENDESK_SELL_API_KEY
- name: STATSD_HOST
valueFrom:
fieldRef:
fieldPath: spec.nodeName
command:
[
"sh",
"-c",
"flask db upgrade",
]
containers:
- name: notify-api
securityContext:
{}
image: "public.ecr.aws/cds-snc/notify-api:latest"
imagePullPolicy: Always
env:
# Includes common ENV Variables
- name: ADMIN_BASE_DOMAIN
value: "https://staging.notification.cdssandbox.xyz"
- name: ALLOW_DEBUG_ROUTE
value: "true"
- name: ALLOW_HTML_SERVICE_IDS
value: "4de8b784-03a8-4ba8-a440-3bfea1b04fe6,ea608120-148a-4eba-a64c-4d9a8010e7b0"
- name: API_HOST_NAME
value: "https://api.staging.notification.cdssandbox.xyz"
- name: ASSET_DOMAIN
value: "https://assets.staging.notification.cdssandbox.xyz"
- name: ASSET_UPLOAD_BUCKET_NAME
value: "notification-canada-ca-staging-asset-upload"
- name: AWS_PINPOINT_REGION
value: "us-west-2"
- name: AWS_REGION
value: "ca-central-1"
- name: AWS_SES_REGION
value: "us-east-1"
- name: AWS_SES_SMTP
value: "email-smtp.us-east-1.amazonaws.com"
- name: AWS_US_TOLL_FREE_NUMBER
value: "+18005555555"
- name: AWS_XRAY_CONTEXT_MISSING
value: "LOG_WARNING"
- name: AWS_XRAY_SDK_ENABLED
value: "true"
- name: AWS_XRAY_TRACING_ENABLED
value: "true"
- name: BASE_DOMAIN
value: "staging.notification.cdssandbox.xyz"
- name: BATCH_INSERTION_CHUNK_SIZE
value: "10"
- name: CRM_ORG_LIST_URL
value: "https://raw.githubusercontent.com/cds-snc/gc-organisations-qa/main/data/all.json"
- name: CSV_UPLOAD_BUCKET_NAME
value: "notification-canada-ca-staging-csv-upload"
- name: DOCUMENTATION_DOMAIN
value: "documentation.staging.notification.cdssandbox.xyz"
- name: DOCUMENT_DOWNLOAD_API_HOST
value: "http://document-download-api.notification-canada-ca.svc.cluster.local:7000"
- name: FF_ANNUAL_LIMIT
value: "true"
- name: FF_CLOUDWATCH_METRICS_ENABLED
value: "false"
- name: FF_SALESFORCE_CONTACT
value: "false"
- name: FLASK_APP
value: "application.py"
- name: FRESH_DESK_API_URL
value: "https://cds-snc.freshdesk.com"
- name: HC_EN_SERVICE_ID
value: "c2fe9fac-2f28-40ca-b152-08ee41cd6843"
- name: HC_FR_SERVICE_ID
value: "changeme"
- name: NEW_RELIC_APP_NAME
value: "notification-api-staging"
- name: NEW_RELIC_CONFIG_FILE
value: "/app/newrelic.ini"
- name: NEW_RELIC_DISTRIBUTED_TRACING_ENABLED
value: "true"
- name: NEW_RELIC_MONITOR_MODE
value: "false"
- name: NOTIFICATION_QUEUE_PREFIX
value: "eks-notification-canada-ca"
- name: NOTIFY_ENVIRONMENT
value: "staging"
- name: REDIS_ENABLED
value: "1"
- name: SALESFORCE_DOMAIN
value: "test"
- name: SENTRY_URL
value: "https://[email protected]/1522933"
- name: SQL_ALCHEMY_POOL_SIZE
value: "256"
- name: ZENDESK_API_URL
value: "https://api.getbase.com"
- name: ZENDESK_SELL_API_URL
value: "https://cds-snc.zendesk.com"
# Includes secret ENV Variables
- name: ADMIN_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: notify-api
key: ADMIN_CLIENT_SECRET
+ - name: AUTH_TOKENS
+ valueFrom:
+ secretKeyRef:
+ name: notify-api
+ key: AUTH_TOKENS
- name: AWS_ROUTE53_ZONE
valueFrom:
secretKeyRef:
name: notify-api
key: AWS_ROUTE53_ZONE
- name: AWS_SES_ACCESS_KEY
valueFrom:
secretKeyRef:
name: notify-api
key: AWS_SES_ACCESS_KEY
- name: AWS_SES_SECRET_KEY
valueFrom:
secretKeyRef:
name: notify-api
key: AWS_SES_SECRET_KEY
- name: CRM_GITHUB_PERSONAL_ACCESS_TOKEN
valueFrom:
secretKeyRef:
name: notify-api
key: CRM_GITHUB_PERSONAL_ACCESS_TOKEN
- name: CYPRESS_AUTH_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: notify-api
key: CYPRESS_AUTH_CLIENT_SECRET
- name: CYPRESS_USER_PW_SECRET
valueFrom:
secretKeyRef:
name: notify-api
key: CYPRESS_USER_PW_SECRET
- name: DANGEROUS_SALT
valueFrom:
secretKeyRef:
name: notify-api
key: DANGEROUS_SALT
- name: DEBUG_KEY
valueFrom:
secretKeyRef:
name: notify-api
key: DEBUG_KEY
- name: FRESH_DESK_API_KEY
valueFrom:
secretKeyRef:
name: notify-api
key: FRESH_DESK_API_KEY
- name: FRESH_DESK_PRODUCT_ID
valueFrom:
secretKeyRef:
name: notify-api
key: FRESH_DESK_PRODUCT_ID
- name: NEW_RELIC_LICENSE_KEY
valueFrom:
secretKeyRef:
name: notify-api
key: NEW_RELIC_LICENSE_KEY
- name: POSTGRES_HOST
valueFrom:
secretKeyRef:
name: notify-api
key: POSTGRES_HOST
- name: REDIS_PUBLISH_URL
valueFrom:
secretKeyRef:
name: notify-api
key: REDIS_PUBLISH_URL
- name: REDIS_URL
valueFrom:
secretKeyRef:
name: notify-api
key: REDIS_URL
- name: SALESFORCE_ENGAGEMENT_PRODUCT_ID
valueFrom:
secretKeyRef:
name: notify-api
key: SALESFORCE_ENGAGEMENT_PRODUCT_ID
- name: SALESFORCE_ENGAGEMENT_RECORD_TYPE
valueFrom:
secretKeyRef:
name: notify-api
key: SALESFORCE_ENGAGEMENT_RECORD_TYPE
- name: SALESFORCE_ENGAGEMENT_STANDARD_PRICEBOOK_ID
valueFrom:
secretKeyRef:
name: notify-api
key: SALESFORCE_ENGAGEMENT_STANDARD_PRICEBOOK_ID
- name: SALESFORCE_GENERIC_ACCOUNT_ID
valueFrom:
secretKeyRef:
name: notify-api
key: SALESFORCE_GENERIC_ACCOUNT_ID
- name: SALESFORCE_PASSWORD
valueFrom:
secretKeyRef:
name: notify-api
key: SALESFORCE_PASSWORD
- name: SALESFORCE_SECURITY_TOKEN
valueFrom:
secretKeyRef:
name: notify-api
key: SALESFORCE_SECURITY_TOKEN
- name: SALESFORCE_USERNAME
valueFrom:
secretKeyRef:
name: notify-api
key: SALESFORCE_USERNAME
- name: SECRET_KEY
valueFrom:
secretKeyRef:
name: notify-api
key: SECRET_KEY
- name: SENDGRID_API_KEY
valueFrom:
secretKeyRef:
name: notify-api
key: SENDGRID_API_KEY
- name: SQLALCHEMY_DATABASE_READER_URI
valueFrom:
secretKeyRef:
name: notify-api
key: SQLALCHEMY_DATABASE_READER_URI
- name: SQLALCHEMY_DATABASE_URI
valueFrom:
secretKeyRef:
name: notify-api
key: SQLALCHEMY_DATABASE_URI
- name: SRE_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: notify-api
key: SRE_CLIENT_SECRET
- name: ZENDESK_API_KEY
valueFrom:
secretKeyRef:
name: notify-api
key: ZENDESK_API_KEY
- name: ZENDESK_SELL_API_KEY
valueFrom:
secretKeyRef:
name: notify-api
key: ZENDESK_SELL_API_KEY
- name: STATSD_HOST
valueFrom:
fieldRef:
fieldPath: spec.nodeName
volumeMounts:
- name: secrets-store-inline
mountPath: "/mnt/secrets-store"
readOnly: true
ports:
- name: http
containerPort: 6011
protocol: TCP
readinessProbe:
httpGet:
path: /_status?simple=true
port: 6011
initialDelaySeconds: 10
periodSeconds: 3
timeoutSeconds: 1
successThreshold: 3
failureThreshold: 10
livenessProbe:
httpGet:
path: "/_status?simple=true"
port: 6011
initialDelaySeconds: 30
periodSeconds: 3
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
resources:
limits:
cpu: 1200m
memory: 900Mi
requests:
cpu: 250m
memory: 700Mi
volumes:
- name: secrets-store-inline
csi:
driver: secrets-store.csi.k8s.io
readOnly: true
volumeAttributes:
secretProviderClass: notify-api
nodeSelector:
eks.amazonaws.com/capacityType: ON_DEMAND
notification-canada-ca, notify-api, SecretProviderClass (secrets-store.csi.x-k8s.io) has changed:
# Source: notify-api/templates/secretsproviderclass.yaml
apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
name: notify-api
labels:
helm.sh/chart: notify-api-0.1.0
app.kubernetes.io/name: notify-api
app.kubernetes.io/instance: notify-api
app.kubernetes.io/version: "1.16.0"
app.kubernetes.io/managed-by: Helm
spec:
provider: aws
#This is the source names from AWS Secrets Manager
parameters:
objects: |
- objectName: MANIFEST_ADMIN_CLIENT_SECRET
objectType: "secretsmanager"
+ - objectName: MANIFEST_DOCUMENT_DOWNLOAD_API_KEY
+ objectType: "secretsmanager"
- objectName: MANIFEST_AWS_ROUTE53_ZONE
objectType: "secretsmanager"
- objectName: MANIFEST_AWS_SES_ACCESS_KEY
objectType: "secretsmanager"
- objectName: MANIFEST_AWS_SES_SECRET_KEY
objectType: "secretsmanager"
- objectName: MANIFEST_CRM_GITHUB_PERSONAL_ACCESS_TOKEN
objectType: "secretsmanager"
- objectName: MANIFEST_CYPRESS_AUTH_CLIENT_SECRET
objectType: "secretsmanager"
- objectName: MANIFEST_CYPRESS_USER_PW_SECRET
objectType: "secretsmanager"
- objectName: MANIFEST_DANGEROUS_SALT
objectType: "secretsmanager"
- objectName: MANIFEST_DEBUG_KEY
objectType: "secretsmanager"
- objectName: MANIFEST_FRESH_DESK_API_KEY
objectType: "secretsmanager"
- objectName: MANIFEST_FRESH_DESK_PRODUCT_ID
objectType: "secretsmanager"
- objectName: MANIFEST_NEW_RELIC_LICENSE_KEY
objectType: "secretsmanager"
- objectName: MANIFEST_POSTGRES_HOST
objectType: "secretsmanager"
- objectName: MANIFEST_REDIS_PUBLISH_URL
objectType: "secretsmanager"
- objectName: MANIFEST_REDIS_URL
objectType: "secretsmanager"
- objectName: MANIFEST_SALESFORCE_ENGAGEMENT_PRODUCT_ID
objectType: "secretsmanager"
- objectName: MANIFEST_SALESFORCE_ENGAGEMENT_RECORD_TYPE
objectType: "secretsmanager"
- objectName: MANIFEST_SALESFORCE_ENGAGEMENT_STANDARD_PRICEBOOK_ID
objectType: "secretsmanager"
- objectName: MANIFEST_SALESFORCE_GENERIC_ACCOUNT_ID
objectType: "secretsmanager"
- objectName: MANIFEST_SALESFORCE_PASSWORD
objectType: "secretsmanager"
- objectName: MANIFEST_SALESFORCE_SECURITY_TOKEN
objectType: "secretsmanager"
- objectName: MANIFEST_SALESFORCE_USERNAME
objectType: "secretsmanager"
- objectName: MANIFEST_SECRET_KEY
objectType: "secretsmanager"
- objectName: MANIFEST_SENDGRID_API_KEY
objectType: "secretsmanager"
- objectName: MANIFEST_SQLALCHEMY_DATABASE_READER_URI
objectType: "secretsmanager"
- objectName: MANIFEST_SQLALCHEMY_DATABASE_URI
objectType: "secretsmanager"
- objectName: MANIFEST_SRE_CLIENT_SECRET
objectType: "secretsmanager"
- objectName: MANIFEST_ZENDESK_API_KEY
objectType: "secretsmanager"
- objectName: MANIFEST_ZENDESK_SELL_API_KEY
objectType: "secretsmanager"
#This is the target name in the kubernetes secret
secretObjects:
- data:
- key: ADMIN_CLIENT_SECRET
objectName: MANIFEST_ADMIN_CLIENT_SECRET
+ - key: AUTH_TOKENS
+ objectName: MANIFEST_DOCUMENT_DOWNLOAD_API_KEY
- key: AWS_ROUTE53_ZONE
objectName: MANIFEST_AWS_ROUTE53_ZONE
- key: AWS_SES_ACCESS_KEY
objectName: MANIFEST_AWS_SES_ACCESS_KEY
- key: AWS_SES_SECRET_KEY
objectName: MANIFEST_AWS_SES_SECRET_KEY
- key: CRM_GITHUB_PERSONAL_ACCESS_TOKEN
objectName: MANIFEST_CRM_GITHUB_PERSONAL_ACCESS_TOKEN
- key: CYPRESS_AUTH_CLIENT_SECRET
objectName: MANIFEST_CYPRESS_AUTH_CLIENT_SECRET
- key: CYPRESS_USER_PW_SECRET
objectName: MANIFEST_CYPRESS_USER_PW_SECRET
- key: DANGEROUS_SALT
objectName: MANIFEST_DANGEROUS_SALT
- key: DEBUG_KEY
objectName: MANIFEST_DEBUG_KEY
- key: FRESH_DESK_API_KEY
objectName: MANIFEST_FRESH_DESK_API_KEY
- key: FRESH_DESK_PRODUCT_ID
objectName: MANIFEST_FRESH_DESK_PRODUCT_ID
- key: NEW_RELIC_LICENSE_KEY
objectName: MANIFEST_NEW_RELIC_LICENSE_KEY
- key: POSTGRES_HOST
objectName: MANIFEST_POSTGRES_HOST
- key: REDIS_PUBLISH_URL
objectName: MANIFEST_REDIS_PUBLISH_URL
- key: REDIS_URL
objectName: MANIFEST_REDIS_URL
- key: SALESFORCE_ENGAGEMENT_PRODUCT_ID
objectName: MANIFEST_SALESFORCE_ENGAGEMENT_PRODUCT_ID
- key: SALESFORCE_ENGAGEMENT_RECORD_TYPE
objectName: MANIFEST_SALESFORCE_ENGAGEMENT_RECORD_TYPE
- key: SALESFORCE_ENGAGEMENT_STANDARD_PRICEBOOK_ID
objectName: MANIFEST_SALESFORCE_ENGAGEMENT_STANDARD_PRICEBOOK_ID
- key: SALESFORCE_GENERIC_ACCOUNT_ID
objectName: MANIFEST_SALESFORCE_GENERIC_ACCOUNT_ID
- key: SALESFORCE_PASSWORD
objectName: MANIFEST_SALESFORCE_PASSWORD
- key: SALESFORCE_SECURITY_TOKEN
objectName: MANIFEST_SALESFORCE_SECURITY_TOKEN
- key: SALESFORCE_USERNAME
objectName: MANIFEST_SALESFORCE_USERNAME
- key: SECRET_KEY
objectName: MANIFEST_SECRET_KEY
- key: SENDGRID_API_KEY
objectName: MANIFEST_SENDGRID_API_KEY
- key: SQLALCHEMY_DATABASE_READER_URI
objectName: MANIFEST_SQLALCHEMY_DATABASE_READER_URI
- key: SQLALCHEMY_DATABASE_URI
objectName: MANIFEST_SQLALCHEMY_DATABASE_URI
- key: SRE_CLIENT_SECRET
objectName: MANIFEST_SRE_CLIENT_SECRET
- key: ZENDESK_API_KEY
objectName: MANIFEST_ZENDESK_API_KEY
- key: ZENDESK_SELL_API_KEY
objectName: MANIFEST_ZENDESK_SELL_API_KEY
secretName: notify-api
type: generic
Comparing release=notify-admin, chart=charts/notify-admin
notification-canada-ca, notify-admin, Deployment (apps) has changed:
# Source: notify-admin/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: notify-admin
labels:
app: notify-admin
spec:
priorityClassName: high-priority
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
selector:
matchLabels:
app: notify-admin
template:
metadata:
labels:
app: notify-admin
spec:
serviceAccountName: notify-admin
dnsPolicy: ClusterFirst
restartPolicy: Always
terminationGracePeriodSeconds: 60
securityContext:
{}
initContainers:
- name: init-postgres
image: alpine
command:
[
"sh",
"-c",
"until nc -z -w 2 $API_HOST_NAME 443; do echo waiting for api; sleep 2; done"
]
env:
- name: API_HOST_NAME
value: api.staging.notification.cdssandbox.xyz
containers:
- name: notify-admin
securityContext:
{}
image: "public.ecr.aws/cds-snc/notify-admin:latest"
imagePullPolicy: Always
env:
# Includes common ENV Variables
- name: ADMIN_BASE_URL
value: "staging.notification.cdssandbox.xyz"
- name: ALLOW_DEBUG_ROUTE
value: "true"
- name: ALLOW_HTML_SERVICE_IDS
value: "4de8b784-03a8-4ba8-a440-3bfea1b04fe6,ea608120-148a-4eba-a64c-4d9a8010e7b0"
- name: API_HOST_NAME
value: "https://api.staging.notification.cdssandbox.xyz"
- name: ASSET_UPLOAD_BUCKET_NAME
value: "notification-canada-ca-staging-asset-upload"
- name: AWS_REGION
value: "ca-central-1"
- name: AWS_XRAY_CONTEXT_MISSING
value: "LOG_WARNING"
- name: AWS_XRAY_SDK_ENABLED
value: "true"
- name: AWS_XRAY_TRACING_ENABLED
value: "true"
- name: BASE_DOMAIN
value: "staging.notification.cdssandbox.xyz"
- name: BULK_SEND_AWS_BUCKET
value: "notification-canada-ca-staging-bulk-send"
- name: BULK_SEND_TEST_SERVICE_ID
value: "ea608120-148a-4eba-a64c-4d9a8010e7b0"
- name: CONTACT_EMAIL
value: "[email protected]"
- name: CRM_ORG_LIST_URL
value: "https://raw.githubusercontent.com/cds-snc/gc-organisations/main/data/all.json"
- name: CSV_UPLOAD_BUCKET_NAME
- value: "notification-canada-ca-staging-csv"
+ value: "notification-canada-ca-staging-csv-upload"
- name: DOCUMENTATION_DOMAIN
value: "https://documentation.staging.notification.cdssandbox.xyz"
- name: FF_ANNUAL_LIMIT
value: "true"
- name: FF_SALESFORCE_CONTACT
value: "false"
- name: FLASK_APP
value: "application.py"
- name: GC_ARTICLES_API
value: "articles.alpha.canada.ca/notification-gc-notify"
- name: HC_EN_SERVICE_ID
value: "c2fe9fac-2f28-40ca-b152-08ee41cd6843"
- name: HC_FR_SERVICE_ID
value: "changeme"
- name: IP_GEOLOCATE_SERVICE
value: "http://ipv4.notification-canada-ca.svc.cluster.local:8080"
- name: NEW_RELIC_APP_NAME
value: "notification-admin-staging"
- name: NEW_RELIC_CONFIG_FILE
value: "/app/newrelic.ini"
- name: NEW_RELIC_DISTRIBUTED_TRACING_ENABLED
value: "true"
- name: NEW_RELIC_MONITOR_MODE
value: "true"
- name: NOTIFY_ENVIRONMENT
value: "staging"
- name: REDIS_ENABLED
value: "true"
- name: SENTRY_URL
value: "https://[email protected]/1522933"
- name: SHOW_STYLE_GUIDE
value: "true"
# Includes secret ENV Variables
- name: ADMIN_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: notify-admin
key: ADMIN_CLIENT_SECRET
- name: CRM_GITHUB_PERSONAL_ACCESS_TOKEN
valueFrom:
secretKeyRef:
name: notify-admin
key: CRM_GITHUB_PERSONAL_ACCESS_TOKEN
- name: DANGEROUS_SALT
valueFrom:
secretKeyRef:
name: notify-admin
key: DANGEROUS_SALT
- name: DEBUG_KEY
valueFrom:
secretKeyRef:
name: notify-admin
key: DEBUG_KEY
- name: GC_ARTICLES_API_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: notify-admin
key: GC_ARTICLES_API_AUTH_PASSWORD
- name: GC_ARTICLES_API_AUTH_USERNAME
valueFrom:
secretKeyRef:
name: notify-admin
key: GC_ARTICLES_API_AUTH_USERNAME
- name: MIXPANEL_PROJECT_TOKEN
valueFrom:
secretKeyRef:
name: notify-admin
key: MIXPANEL_PROJECT_TOKEN
- name: NEW_RELIC_LICENSE_KEY
valueFrom:
secretKeyRef:
name: notify-admin
key: NEW_RELIC_LICENSE_KEY
- name: REDIS_PUBLISH_URL
valueFrom:
secretKeyRef:
name: notify-admin
key: REDIS_PUBLISH_URL
- name: REDIS_URL
valueFrom:
secretKeyRef:
name: notify-admin
key: REDIS_URL
- name: SECRET_KEY
valueFrom:
secretKeyRef:
name: notify-admin
key: SECRET_KEY
- name: SQLALCHEMY_DATABASE_URI
valueFrom:
secretKeyRef:
name: notify-admin
key: SQLALCHEMY_DATABASE_URI
- name: WAF_SECRET
valueFrom:
secretKeyRef:
name: notify-admin
key: WAF_SECRET
- name: STATSD_HOST
valueFrom:
fieldRef:
fieldPath: spec.nodeName
volumeMounts:
- name: secrets-store-inline
mountPath: "/mnt/secrets-store"
readOnly: true
ports:
- name: http
containerPort: 6012
protocol: TCP
readinessProbe:
httpGet:
path: /_status?simple=true
port: 6012
initialDelaySeconds: 10
periodSeconds: 3
timeoutSeconds: 1
successThreshold: 3
failureThreshold: 10
livenessProbe:
httpGet:
path: "/_status?simple=true"
port: 6012
initialDelaySeconds: 30
periodSeconds: 3
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
resources:
limits:
cpu: 1200m
memory: 900Mi
requests:
cpu: 250m
memory: 700Mi
volumes:
- name: secrets-store-inline
csi:
driver: secrets-store.csi.k8s.io
readOnly: true
volumeAttributes:
secretProviderClass: notify-admin
nodeSelector:
eks.amazonaws.com/capacityType: ON_DEMAND
Comparing release=notify-document-download, chart=charts/notify-document-download
Comparing release=notify-celery, chart=charts/notify-celery
Comparing release=k8s-event-logger, chart=/tmp/helmfile2692679447/amazon-cloudwatch/staging/k8s-event-logger/k8s-event-logger/1.1.8/k8s-event-logger
Comparing release=karpenter-crd, chart=/tmp/helmfile2692679447/karpenter/staging/karpenter-crd/karpenter-crd/0.36.1/karpenter-crd
Comparing release=karpenter, chart=/tmp/helmfile2692679447/karpenter/staging/karpenter/karpenter/0.36.1/karpenter
Comparing release=karpenter-nodepool, chart=charts/karpenter-nodepool
Comparing release=priority-classes, chart=deliveryhero/priority-class
Comparing release=secrets-store-csi-driver, chart=secrets-store-csi-driver/secrets-store-csi-driver
Comparing release=aws-secrets-provider, chart=aws-secrets-manager/secrets-store-csi-driver-provider-aws
Comparing release=kube-state-metrics, chart=prometheus-community/kube-state-metrics
Comparing release=blazer, chart=stakater/application
Comparing release=ingress, chart=charts/nginx-ingress
Comparing release=xray-daemon, chart=okgolove/aws-xray |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What happens when your PR merges?