Open ben851 opened 3 months ago
All staging deploys in manifests are now tied to VPN
We'll give it a few works days in staging then switch prod.
Seems to be OK in staging. I will make the prod changes today.
Enabling in prod today!
Enabled in prod - will let it sit for the weekend and remove arc on Monday
PR for arc removal created https://github.com/cds-snc/notification-manifests/pull/2735
There was no release yesterday, so waiting until today's release before merging the above.
Arc runner removed in staging and prod, releases all working on VPN. Moving to QA
Dr. Astels to make health checks on this task.
Done!
Description
As a developer of notify, I would like to be able to simplify our deployment process so that it is easier to troubleshoot and be more reliable. Currently we are running internal Github ARC runners on our kubernetes cluster, which are prone to breaking due to aggressive deprecation policies by github. It also adds additional complexity when building and managing our github workflows.
WHY are we building?
We have had a few incidents regarding the github arc runners not working, and this causes our releases to be blocked.
WHAT are we building?
Implement the new certificate based client vpn in addition to the existing SAML based client vpn.
We will have two VPN's in this case, but we can actually reduce costs by removing subnet associations on the existing VPN and only adding one association with the new VPN.
VALUE created by our solution
Simplified release process Less outages and management Removes the chicken and egg scenario for github actions deployments to kubernetes
Tasks
Staging
Production
QA Steps
Acceptance Criteria