hiteshgh
commented
1 year ago Rajpal need access to a99fd4-test
Closed esune closed 11 months ago
hiteshgh
commented
1 year ago Rajpal need access to a99fd4-test
rajpalc7
commented
1 year ago https://tenant-ui-sandbox-dev.apps.silver.devops.gov.bc.ca/ is the URL when tenant-ui sandbox was deployed. I didnt get any URL for traction-sandbox.
esune
commented
1 year ago https://tenant-ui-sandbox-dev.apps.silver.devops.gov.bc.ca is the URL when tenant-ui sandbox was deployed. I didnt get any URL for traction-sandbox.
Thank you @rajpalc7. The back-end service traction-sandbox will not have public URLs exposed so that is expected.
Could you please try validating that the services work as expected too? You will need to:
innkeeper view (https://tenant-ui-sandbox-dev.apps.silver.devops.gov.bc.ca/innkeeper). Username/password for the innkeeper will be in the traction-sandbox-acapy-plugin-innkeeper secret that was created when you deployed the solution.This will confirm the basic functionality is working as expected, we can further check other pieces of functionality later on as-needed.
rajpalc7
commented
1 year ago Thanks @esune - I tried using the innkeeper credentials from https://console.apps.silver.devops.gov.bc.ca/k8s/ns/bc0192-test/secrets/traction-sandbox-acapy-plugin-innkeeper but got a 404 error.
esune
commented
12 months ago Hi @rajpalc7 , were you able to move past this error? How is enabling the auto-approval of reservations going?
rajpalc7
commented
12 months ago After using the tenant-ui script
ingressSuffix: -dev.apps.silver.devops.gov.bc.ca
image:
tag: "0.2.14"
pullPolicy: Always
traction:
pluginInnkeeper:
existingSecret: traction-acapy-plugin-innkeeper
generated: true
apiEndpoint: https://traction-sandbox-tenant-proxy-dev.apps.silver.devops.gov.bc.ca
tenantProxyEndpoint: https://traction-sandbox-tenant-proxy-dev.apps.silver.devops.gov.bc.ca
reservation:
expiry_minutes: 2880
auto_approve: true
auto_issuer: true
resources:
limits:
cpu: 200m
memory: 820Mi
requests:
cpu: 120m
memory: 400Mi
networkPolicy:
enabled: true
ingress:
enabled: true
namespaceSelector:
network.openshift.io/policy-group: ingress
ui:
image:
pullPolicy: Always
oidc:
active: false
showInnkeeperAdminLogin: false
showWritableComponents: false
authority: https://dev.loginproxy.gov.bc.ca/auth/realms/digitaltrust-nrm
jwksUri: https://dev.loginproxy.gov.bc.ca/auth/realms/digitaltrust-nrm/protocol/openid-connect/certs
ariesDetails:
ledgerDescription: "bcovrin-test"
smtp:
server: apps.smtp.gov.bc.ca
port: 25
senderAddress: DoNotReplyTractionPR@gov.bc.ca
innkeeperInbox: lucas.o'neil@gov.bc.ca
resources:
limits:
cpu: 200m
memory: 820Mi
requests:
cpu: 120m
memory: 400Mi
ingress:
annotations:
route.openshift.io/termination: edge
networkPolicy:
enabled: true
ingress:
enabled: true
namespaceSelector:
network.openshift.io/policy-group: ingress
ingress:
annotations:
route.openshift.io/termination: edge
postgresql:
primary:
resources:
limits:
cpu: 200m
memory: 820Mi
requests:
cpu: 120m
memory: 400MiIts asking me to wait for 3-5 business days and not auto-approving
esune
commented
12 months ago Its asking me to wait for 3-5 business days and not auto-approving
That likely means that the pods have not restarted and did not pick-up the new settings, otherwise it should provide you with the wallet id/key pair to sign-in right away. Try checking that and submitting a new tenant request after the pods are running using the latest configuration.
rajpalc7
commented
12 months ago rajpalc7
commented
12 months ago I was able to fix the issue. Auto-approving is working as expected now
esune
commented
12 months ago Thank you @rajpalc7. One extra tweak is needed: can you please remove the -dev suffix from the URL? There will only ever be one sandbox environment, so it doesn't make sense to have the -dev nameplate on this deployment.
Additionally, we will need the configuration file(s) you used to deploy this instance PR'd to https://github.com/bcgov/trust-over-ip-configurations - please link the PR here when ready.
I smoke-tested by creating a tenant for myself and connecting to the endorser and everything seems to work as expected.
rajpalc7
commented
12 months ago 
ingressSuffix: apps.silver.devops.gov.bc.ca
image:
tag: "0.2.14"
pullPolicy: Always
traction:
pluginInnkeeper:
existingSecret: traction-acapy-plugin-innkeeper
generated: true
apiEndpoint: https://traction-sandbox-tenant-proxy-dev.apps.silver.devops.gov.bc.ca
tenantProxyEndpoint: https://traction-sandbox-tenant-proxy-dev.apps.silver.devops.gov.bc.ca
reservation:
expiry_minutes: 2880
auto_approve: true
auto_issuer: true
resources:
limits:
cpu: 200m
memory: 820Mi
requests:
cpu: 120m
memory: 400Mi
networkPolicy:
enabled: true
ingress:
enabled: true
namespaceSelector:
network.openshift.io/policy-group: ingress
oidc:
active: false
showInnkeeperAdminLogin: false
showWritableComponents: false
authority: https://dev.loginproxy.gov.bc.ca/auth/realms/digitaltrust-nrm
jwksUri: https://dev.loginproxy.gov.bc.ca/auth/realms/digitaltrust-nrm/protocol/openid-connect/certs
ariesDetails:
ledgerDescription: "bcovrin-test"
smtp:
server: apps.smtp.gov.bc.ca
port: 25
senderAddress: DoNotReplyTractionSandbox@gov.bc.ca
innkeeperInbox: "lucas.o'neil@gov.bc.ca,emiliano.sune@quartech.com"
resources:
limits:
cpu: 400m
memory: 1600Mi
requests:
cpu: 200m
memory: 820Mi
ingress:
annotations:
route.openshift.io/termination: edge
networkPolicy:
enabled: true
ingress:
enabled: true
namespaceSelector:
network.openshift.io/policy-group: ingressThanks for testing Emiliano, glad the functionality works as expect. If this looks fine , I can create a PR right now to https://github.com/bcgov/trust-over-ip-configurations
esune
commented
12 months ago @rajpalc7 you will want to remove -dev from ALL urls related to the deployment, including values that are expected parameters such as apiEndpoint and tenantProxyEndpoint, and re-deploy the chart to apply the changes.
esune
commented
12 months ago Rajpal need access to a99fd4-test
Access has been provided. @rajpalc7 please wait to uninstall the instance in a99fd4-test until we confirm the sandbox is fully ready to go and replace it.
rajpalc7
commented
11 months ago https://github.com/bcgov/trust-over-ip-configurations/pull/146/commits - here is the pull request for values for Traction and Tenant UI.
rajpalc7
commented
11 months ago Traction anoncreds instance and leftover artifacts are uninstalled from namespace a99fd4-test now
esune
commented
11 months ago @rajpalc7 I still see leftovers of the tenant-ui component: https://console.apps.silver.devops.gov.bc.ca/k8s/ns/a99fd4-test/apps~v1~Deployment
rajpalc7
commented
11 months ago @esune - That should be deleted now as well.
WadeBarnes
commented
11 months ago Looks like there are still some remnants of the anoncreds instance:
$ oc -n a99fd4-test get -o name all,pvc,networkpolicy,secret,configmap | grep anoncreds
horizontalpodautoscaler.autoscaling/tenant-ui-anoncreds
horizontalpodautoscaler.autoscaling/traction-anoncreds-acapy
horizontalpodautoscaler.autoscaling/traction-anoncreds-tenant-proxy@rajpalc7, It's best practice to use the oc cli to search for resources in a namespace (as in the example above). You need to add pvc,networkpolicy,secret,configmap since they are not included in the resources returned by default when using get all.
rajpalc7
commented
11 months ago @WadeBarnes Thanks wade, thats good to know .
@esune - I was able to delete the lefover remnants as well
esune
commented
11 months ago Old resources have been deleted, closing as done.
Deploy Traction sandbox instance with auto-provisioning flags set to
true- connect with @esune and @WadeBarnes to define where to deploy it to. Decommission Anoncreds instance.Pre-Requisites:
Acceptance Criteria:
bc0192-testa99fd4-test