Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move Notify System Code to Helmfile/AWS Secrets Manager #466

Open
10 tasks
P0NDER0SA opened this issue Nov 26, 2024 · 3 comments
Open
10 tasks

Move Notify System Code to Helmfile/AWS Secrets Manager #466

P0NDER0SA opened this issue Nov 26, 2024 · 3 comments
Assignees
@ben851

Comments

@P0NDER0SA
Copy link

P0NDER0SA commented Nov 26, 2024
edited
Loading

Description

As a developer of notify, I would like all of our kubernetes deployments to be managed by Helmfile so that all of our kubernetes code is in one location. I would also like to have all secrets automated from a single source of truth (1pass -> AWS Secrets) and remove our dependency on encrypted .env files

WHY are we building?

  • Provides the ability to deploy dynamic environments
  • Provides the ability to run "diff" commands against environments
  • Reduces the amount of code that Notify has to manage
  • Keeps code DRY

WHAT are we building?

  • Add Document Download entry to the helmfile
  • source secrets for helmfile from AWS Secrets Manager
  • source configuration values from helmfile overrides where necessary
  • adjust GitHub actions to work with these changes
  • This work is scoped to the DEV environment.

VALUE created by our solution

  • Increased reliability via reduced chance of accidental changes during releases
  • Increased velocity due to reduction in maintenance
  • better secrets management that falls in line with our OKRs

Acceptance Criteria

  • Notify System components are deployed and managed with helmfile
  • All secrets required by Document Download are sourced from 1pass -> terraform -> aws secrets manager and accessed using a kubernetes secret
  • The Notify System Stack still works

Not in scope

  • Deployment in staging and production: we should only deploy to dev until we figure out the deployment steps.

QA Steps

  • verify that the Notify System Pods and other K8s components are functional and running properly (might need some guidance on the best way to QA this!)
@P0NDER0SA P0NDER0SA assigned ben851 and P0NDER0SA and unassigned ben851 Nov 26, 2024
@P0NDER0SA P0NDER0SA changed the title Copy of Move Celery Main to Helmfile/AWS Secrets Manager Move Notify System Code to Helmfile/AWS Secrets Manager Nov 26, 2024
@P0NDER0SA
Copy link
Author

Began work on this. I have a couple of different ways I could handle it, so I will have a conversation with the team to decide which route i'll take. I've already bootstrapped the project so it's ready for migration.

@P0NDER0SA
Copy link
Author

cds-snc/notification-manifests#3137

Draft PR

@jimleroyer
Copy link
Member

Currently blocked by release of other components, so waiting on other tasks.

@jimleroyer jimleroyer assigned ben851 and unassigned P0NDER0SA Jan 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ben851 ben851

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jimleroyer @ben851 @P0NDER0SA