Skip to content
This repository has been archived by the owner on Nov 30, 2020. It is now read-only.

cds-snc/notification-tf

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

172 Commits
.github
.github
 
 
manifests
manifests
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
eksctl.yaml
eksctl.yaml
 
 

Repository files navigation

Notification Deployment

Please refer to the information in the CDS secrets vault on how to access the cluster.

Deploying a new release

To deploy new versions of service you need to update the image tags in the following file:

manifests/overlays/eks/kustomize.yaml

looking at this section:

images:
- name: admin
  newName: gcr.io/cdssnc/notify/admin:7ddcb76
- name: api
  newName: gcr.io/cdssnc/notify/api:b3434ef
- name: document-download-api
  newName: gcr.io/cdssnc/notify/document-download-api:latest
- name: document-download-frontend
  newName: gcr.io/cdssnc/notify/document-download-frontend:latest
- name: bastion
  newName: gcr.io/cdssnc/notify/bastion:latest

if you would for example like to update the API image change gcr.io/cdssnc/notify/api:b3434ef to your latest release tag - ex: gcr.io/cdssnc/notify/api:abcdefg

Note: To ensure the image has built visit

  • Admin - gcr.io/cdssnc/notify/admin:commit-hash-here
  • Api - gcr.io/cdssnc/notify/api:commit-hash-here

Deployment notes

The current production cluster was deployed using eksctl using the eksctl.yaml file.

eksctl create cluster --config-file=eksctl.yaml

Manifest files were applied by running make eks after the cluster was deployed.

The following pieces of AWS infrastructure were manually added:

  • RDS Database
  • Required S3 buckets (Assets, Documents, CSV)
  • SES sending identity
  • SNS (SMS) sending abilities
  • ALB loadbalancer
  • ACM certificates
  • SES callback into an SNS topic -> Notify API Endpoint
  • DNS records in Route53
  • Cloudwatch alerts

All these have been standardized into terraform and will be available with the next major release.

Editing production ENV variables

  1. Ensure you have the correct AWS credentials in ~/.aws/credentials.

  2. In manifests/overlays/eks is an encrypted .env.enc.aws file that you can decrypt with AWS using:

aws kms decrypt --ciphertext-blob fileb://.env.enc.aws --output text --query Plaintext --region us-east-1 | base64 --decode > .env

  1. Make the required changes to .env

  2. Re-encrypt the file and push to master

aws kms encrypt --key-id cd99fe45-693e-4139-bf95-b9fe8be1a446 --plaintext fileb://.env --output text --query CiphertextBlob --region us-east-1 | base64 --decode > .env.enc.aws

About

Terraform files to deploy notification

Topics

alpha notification-canada-ca notify-core

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

23 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 9

Languages