search

ministryofjustice / data-catalogue

Data catalogue • This repository is defined and managed in Terraform
MIT License
2 stars 0 forks source link

Set up subdomains for non production environment (Split from "Sort production front end URL") #224

Open MatMoore opened 3 months ago

MatMoore commented 3 months ago

Split from https://github.com/ministryofjustice/find-moj-data/issues/546

We have control of the dev.find-moj-data.service.justice.gov.uk, test.find-moj-data.service.justice.gov.uk, preprod.find-moj-data.service.justice.gov.uk

However, they're not resolving yet.

If there's time, make sure these resolve to the right cloud platform service.

See this guide: https://user-guide.cloud-platform.service.justice.gov.uk/documentation/other-topics/custom-domain-cert.html#using-a-custom-domain

At the moment, I've created 4 separate hosted zones in AWS, but the guide recommends using just one, so I think we can remove the non-production ones and then hopefully everything will Just Work™

After the domain resolves:

murdo-moj commented 3 months ago

I had to do a few things to resolve this:

  1. Remove the hosted zones for dev, preprod, and prod (with the assistance of CP)
  2. Deregister the DNS delegations for dev, preprod and prod at an MoJ level
  3. Manually delete DNS rules related to dev, preprod, and prod from the prod hosted zone (with CP's help) so that ExternalDNS will recreate the rules according to the ingress.yml in the helm deployment. (The awkwardness of this might be due to the fact the hosted zones were force deleted. ExternalDNS wasn't removing DNS rules from them as expected)
  4. Once the old DNS rules were removed, ExternalDNS recreated them as corrected rules.
  5. Add DNS certificates to the k8s namespaces for dev, preprod, and prod
  6. Add the new redirect urls to EntraID
  7. Change the redirect url env var in all environments in Github and rebuild/deploy the image/helm chart

    Useful commands