lisac
commented
16 hours ago i thought this would be complete with merging of https://github.com/department-of-veterans-affairs/va-abd-rrd-argocd-applications-vault/pull/92 . however, the deployment to sandbox and prod-test failed. it appears to be a Secrel issue - that the image isn't signed. This feels odd, as the tag i'm trying to deploy - 12e5bac - is from just a week ago (see commit) and was previously successfully deployed to the sandbox and higher. The deployment was not attempted on prod, as auto-sync is disabled for this app in that environment.
the error message i'm getting:
admission webhook "connaisseur-svc.connaisseur.svc" denied the request: Image not compliant with validation policy (threshold of '1' not reached). The following errors occurred (please check the logs for more information): * trust root 'sandbox': Unexpected Cosign exception for image "ghcr.io/department-of-veterans-affairs/abd-vro-internal/vro-cc-app:12e5bac":
will need to investigate more tomorrow.
User Story
As a VRO engineer, I would like to be able to use ArgoCD for VRO deployments. As a first step: I would like to be able to use ArgoCD to deploy
CCto environments dev, qa, and sandbox with minimal manual intervention.Notes about work This ticket depends on completion of #3030 and targets Problem 3 that was described in that ticket:
Recommendations
Acceptance Criteria
(in the scope of environments dev, qa, and sandbox; this does NOT apply to higher environments)
CCto dev, qa, and sandbox successfully retrieve secrets as stored in Vault. There should be no indication in the logs that secret inflation failed.Note In order to complete AC1, the current structure of our secrets might need to be altered to comply with the requirements for the Argo Vault Plugin which will require changes to the application as well.
Related This is a follow up to the deployment improvement workshop (recap) and https://github.com/department-of-veterans-affairs/abd-vro/issues/2781