bcgov / platform-services-registry

Platform services OCP project registry
https://registry.developer.gov.bc.ca/
Apache License 2.0
9 stars 13 forks source link
citz

Platform Services Registry

Lifecycle:Maturing

Project Overview

 This application facilitates the efficient allocation of OpenShift namespace environments within BC Gov. in response to project team requests. It streamlines the handling of new and update requests, ensuring scalability and flexibility. Key features include a user-friendly request management system, automated provisioning, and comprehensive notification and monitoring capabilities.

Key Technologies Used

Application

These technologies foster rapid iterative development, polished user interfaces, and a user-centric experience for application development.

Database & ORM

Run-time Package Version Manager

Linters & Formatters

Testing Framework

Deployment Tools

Configuration of Code

Challenges and Solutions / Lessons Learned

Peer Review Optimization

 A significant challenge the team encountered was optimizing the peer review process to facilitate the effective review and integration of new changes into the main branch with minimal time and effort from colleagues. We identified opportunities for improvement by implementing checks to ensure code quality and seamless integration with the deployment process. Leveraging the pre-commit tool, we conducted code quality checks locally before committing changes, and by extending these checks to our CI pipelines, we reduced the burden on colleagues reviewing linting and formatting issues during peer review. Following the implementation of these automated processes, the peer review workflow became more efficient, and we gained confidence in applying changes to the main branch and deploying them to the development environment. This experience highlighted the importance of continuous integration checks, emphasizing their necessity for ongoing improvement as the project evolves.

Container Image Management and Deployment

 Navigating container image management and deployment within our continuous deployment process presented challenges, particularly in ensuring efficient building and publishing while maintaining control over image usage. However, this experience highlighted the importance of leveraging available tools effectively to overcome such hurdles. By harnessing GitHub Packages and GitHub Actions, we streamlined our deployment pipelines, enabling seamless building, tagging, and storage of container images. Furthermore, integrating Helm charts facilitated intuitive deployment of updated Kubernetes templates, enhancing overall deployment efficiency. This journey emphasized the value of exploring and leveraging existing tools and features to optimize workflows and address challenges in software development projects.

Ensuring Container Consistency in Production Deployments from Testing Environment

 Maintaining consistency between the testing and production environments proved challenging. Discrepancies in container images built for production, despite originating from the same codebase as those tested, posed a risk of introducing unexpected issues and compromising production stability. Even with identical codebases, variations during container image generation could lead to subtle differences, potentially disrupting deployments. To address this, we implemented a solution where we reference the container images built for the testing environment in production. This approach minimizes the potential for discrepancies during deployment, ensuring greater reliability and consistency in the production environment.

Automated Change Log Generation

 To maintain an accurate record of application changes, we implemented tag-based deployment extensively across upper environments. This approach offers us the flexibility to roll back to previous application versions by updating container image tags and facilitates the generation of change logs based on these tags. Leveraging tools such as conventional-changelog-cli and release-it, we automated this process. Whenever a new tag is generated for testing and production environments after changes are verified, the CHANGELOG.md file is automatically updated by the tool. This automated mechanism ensures that our change log remains up-to-date, reflecting all pertinent modifications made to the application.

Infrastructure Configuration as Code

 Incorporating changes into the infrastructure and other managed services posed a challenge, particularly in integrating the change process into the peer review workflow and maintaining a clear history within the repository. To address this challenge, we implemented Terraform as a solution for managing resources in our infrastructures, including services like Keycloak and Sysdig. This allowed us to define and track changes to infrastructure configurations in code, enabling seamless integration into the peer review process and providing a transparent history of modifications within the repository.

Team Convention Meetings and Codebase Consistency

 The absence of team conventions can result in codebase inconsistencies and delays during individual implementation and peer review stages. To address this issue, we organize regular team meetings to establish and document agreed-upon conventions. This approach allows us to discuss common deployment concerns and streamline the deployment process. Following these discussions, we enhance our CI checks where possible and document conventions to ensure they are tracked and adhered to consistently. By implementing this solution, we foster a more cohesive development environment and expedite the deployment process.

Useful Links

Service Diagrams

graph TD;
    frontendApp-->|HTTP requests| backendAPI;
    backendAPI-->|Queries| database;
    backendAPI-->|Sends emails| emailService(CHES);
    backendAPI-->|Provisions namespaces| namespaceProvisioner(NATS);
    backendAPI-->|Queries| MSGraphAPI(MS graph API);
    backendAPI-->|Handles authentication & authorization| authAuthorization(Keycloak);
    backendAPI-->|Manages publice cloud users| publicCloudUserManagement(Keycloak);
    backendAPI-->|Interacts with| openshiftAPI(Openshift API);