-
Notifications
You must be signed in to change notification settings - Fork 0
Emerald Cluster
The case management repo (this repo [https://github.com/bcgov/nr-compliance-enforcement-cm/]) contains the code for the case management application. This repo also contains the following github actions:
- code quality checks
- build and push images to GHCR (which results in images being pushed to artifactory)
- Push of the helm values.yaml file to the gitops repo (to trigger deployments to OpenShift)
Artifactory is where are application images are stored. We need to store the images here because Argo can't access GHCR.
- URL: https://artifacts.developer.gov.bc.ca/ui/admin/repositories/local?projectKey=cdc0 (Barrett, Alec and Om have access)
- Credentials are in an OpenShift secret: https://console.apps.emerald.devops.gov.bc.ca/k8s/ns/dc0a4a-tools/secrets/artifacts-default-tzhvhu
- General Documentation: https://docs.developer.gov.bc.ca/push-pull-artifacts-artifactory/
- Images are pushed to GHCR.io via github actions, but we pull from artifactory. This is possible because artifactory is configured as a caching mechanism for GHCR. Before these appear in artifactory, you need to do an initial pull:
docker pull --platform linux/amd64 artifacts.developer.gov.bc.ca/github-docker-remote/bcgov/nr-compliance-enforcement-cm/frontend:latest
docker pull --platform linux/amd64 [artifacts.developer.gov.bc.ca/github-docker-remote/bcgov/nr-compliance-enforcement-cm/backend:latest](http://artifacts.developer.gov.bc.ca/github-docker-remote/bcgov/nr-compliance-enforcement-cm/frontend:latest)
docker pull --platform linux/amd64 [artifacts.developer.gov.bc.ca/github-docker-remote/bcgov/nr-compliance-enforcement-cm/database:latest](http://artifacts.developer.gov.bc.ca/github-docker-remote/bcgov/nr-compliance-enforcement-cm/frontend:latest)
docker pull --platform linux/amd64 [artifacts.developer.gov.bc.ca/github-docker-remote/bcgov/nr-compliance-enforcement-cm/migrations:latest](http://artifacts.developer.gov.bc.ca/github-docker-remote/bcgov/nr-compliance-enforcement-cm/frontend:latest)
The gitops repo contains the helm charts to deploy the application to OpenShift. This is required because Argo (used for our deployment pipeline) only has access to this repo (not the case management repo). A github action has been setup in the case management repo to update the values file, which will trigger a deployment of the case management application to Emerald.
URL: https://github.com/[bcgov-c/tenant-gitops-dc0a4a](https://github.com/bcgov-c/tenant-gitops-dc0a4a
Argo is the gitops component of our pipeline. Once a pull request is approved in the gitops repo, Argo will see the change and deploy the new images to Emerald.
- URL: https://gitops-shared.apps.emerald.devops.gov.bc.ca/applications
- Documentation: https://github.com/BCDevOps/openshift-wiki/tree/master/docs/ArgoCD#enable-argocd
I had to login using my github account to setup argo. All that is required on this end is to create an application. Here's my yaml for that:
apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: dc0a4a-compenf-dev spec: destination: name: '' namespace: dc0a4a-dev server: 'https://kubernetes.default.svc' source: path: charts/nr-compliance-enforcement-cm repoURL: '[email protected]:bcgov-c/tenant-gitops-dc0a4a' targetRevision: update-helm-chart-18 sources: [] project: dc0a4a
URLS:
- DEV: https://console.apps.emerald.devops.gov.bc.ca/k8s/cluster/projects/dc0a4a-dev
- TEST: https://console.apps.emerald.devops.gov.bc.ca/k8s/cluster/projects/dc0a4a-test
- PROD: https://console.apps.emerald.devops.gov.bc.ca/k8s/cluster/projects/dc0a4a-prod
- TOOLS: https://console.apps.emerald.devops.gov.bc.ca/k8s/cluster/projects/dc0a4a-tools
Steps Taken:
Create Artifactory Repo (refer to documentation above in Artifactory section)
Create ArgoCD to create github-c (gitops) repo for manifests (refer to documentation above in Argo section)
Update pipeline to push helm-charts to gitops repo (tenant-gitops-dc0a4a)
Create application in ArgoCD
Create network policy to allow traffic from all pods in TOOLS to bcgov.github.io