Open jimleroyer opened 5 months ago
PR over here to resurrect the repository and change current ECR auth to OIDC: https://github.com/cds-snc/ipv4-geolocate-webservice/pull/6
Image is building and deploying to staging - next steps are to add renovate and verify the deployment restart job in k8s.
Integrated renovate and upgraded to the latest lib dependencies, which required a code migration for the hyper web server: https://github.com/cds-snc/ipv4-geolocate-webservice/pull/14
A few PRs to review and merge in that exact order (and which might be wrong; requires proper review), with the end goal of getting rid of the k8s cron job that rolls out the ipv4 deployment with a pull model, in favor of a push model, i.e. roll out the ipv4 deployment once a new image has been pushed to the public cds-snc AWS elastic container registry (ECR):
There is also this PR to bump some dependencies I thought I upgraded to latest but turned out, I didn't: https://github.com/cds-snc/ipv4-geolocate-webservice/pull/17
Jimmy to merge 2 remaining PRs today and test the release.
The PR to add permissions to all kubernetes environment was merged yesterday by Steve during the release process. (thank you!)
Tested the deployment from the github actions and that works. We could have this tested by someone else for QA process.
In the meantime, I removed the cron job that automated the kubernetes rollout for ipv4-geolocate-service as the github actions can do that work on a push model (kubectl rollout restart..) rather than a pull one (via cronjobs): https://github.com/cds-snc/notification-manifests/pull/2305
Ben reviewed the PR and approved. We need to manually delete the resources and we'll do it tomorrow during the core group work session.
Moved this to QA as we deleted the k8s resources around service account, roles and cronjob.
Steps to QA:
1- Go to the renovate dependency dashboard and click one of the issue that will trigger the creation of a renovate maintenance PR. The rust Docker image SHA ID would be a good candidate to select as this would be a minimal change. 2- Merge the PR that was created by renovate. 3- Monitor both the github actions to be successful and the kubernetes events of the deployment rollout in all environments (dev, staging and prod). 4- Compare the SHA ID of the built docker image that was pushed to AWS ECR with the reported one in Kubernetes.
Ben will QA.
Verified that the image is pushed to public ECR: https://gallery.ecr.aws/cds-snc/notify-ipv4-geolocate-webservice
Verified that k8s is using "latest" tag with image pull policy "Always". Each restart will pull latest.
Description
As a GCNotify operator, I want the latest IP/Geolocation database to be used to identify GCAdmin users, So that I can optimize security tracking and monitoring.
WHY are we building?
Why do we need this?
WHAT are we building?
Resurrect the ipv4-geolocate-webservice repository
VALUE created by our solution
Close to the business, what's the value?
Acceptance Criteria
main
insteadmaster
.kubectl rollout
command into the GitHub action and get rid of the kubernetes cron job from the manifest repository.QA Steps