From efa52a8f5c01306e6efec8bc48e7596f67fda3af Mon Sep 17 00:00:00 2001 From: Shahe Islam Date: Wed, 16 Oct 2024 11:35:08 +0100 Subject: [PATCH] Documentation updates --- Makefile | 11 ++++++++++ README.md | 47 +++++++++++++++++++------------------------ docs/azure_storage.md | 1 - docs/deployment.md | 1 - docs/review_apps.md | 9 +++------ 5 files changed, 35 insertions(+), 34 deletions(-) diff --git a/Makefile b/Makefile index 81a952b9..d0d9a54e 100644 --- a/Makefile +++ b/Makefile @@ -207,6 +207,17 @@ aks-production: production-cluster domains: $(eval include global_config/domains.sh) +# make qa railsc +.PHONY: railsc +railsc: get-cluster-credentials + $(eval CONFIG_FILE=terraform/application/config/$(CONFIG).tfvars.json) + $(if $(wildcard $(CONFIG_FILE)),,$(error Config file $(CONFIG_FILE) not found)) + $(eval NAMESPACE=$(shell jq -r '.namespace // empty' $(CONFIG_FILE))) + $(if $(NAMESPACE),,$(error Namespace not found in $(CONFIG_FILE))) + @echo "Using namespace: $(NAMESPACE)" + @echo "Environment: $(CONFIG)" + kubectl -n $(NAMESPACE) exec -ti deployment/access-your-teaching-qualifications-$(ENVIRONMENT) -- rails c + bin/konduit.sh: curl -s https://raw.githubusercontent.com/DFE-Digital/teacher-services-cloud/main/scripts/konduit.sh -o bin/konduit.sh \ && chmod +x bin/konduit.sh diff --git a/README.md b/README.md index 89d95c94..4e71bb8f 100644 --- a/README.md +++ b/README.md @@ -11,21 +11,19 @@ This repo is home to two services: #### AYTQ -| Name | URL | -| ---------- | ------------ | -| Production | not deployed | -| Preprod | not deployed | -| Test | not deployed | -| Dev | in testing | +| Name | URL | +| ---------- | -------- | +| Production | Deployed | +| Preprod | Deployed | +| Test | Deployed | #### Check -| Name | URL | -| ---------- | ------------ | -| Production | not deployed | -| Preprod | not deployed | -| Test | not deployed | -| Dev | in testing | +| Name | URL | +| ---------- | -------- | +| Production | Deployed | +| Preprod | Deployed | +| Test | Deployed | All environments have continuous deployment, the state of which can be inspected in Github Actions. @@ -36,7 +34,6 @@ All environments have continuous deployment, the state of which can be inspected | Production | Public site | | Preprod | For internal use by DfE to test deploys | | Test | For external use by 3rd parties to run audits | -| Dev | For internal use by DfE for testing | ## Dependencies @@ -219,25 +216,23 @@ We have a helpful command you can run that will connect you to the right Azure r You will need the [Azure CLI](https://docs.microsoft.com/en-gb/cli) installed and a [PIM (Privileged Identity Management) request](docs/privileged-identity-management-requests.md) for `production`, `preprod` and `test`. ```bash -make dev az-console -make test az-console -make preprod az-console -make production az-console -make review pr_id= az-console +make aks-test railsc +make aks-preprod railsc +make aks-production railsc +make aks-review PR_NUMBER= railsc ``` -The review app needs to be deployed first. You can do this manually by tagging a PR with the `deploy` label. +The review app needs to be deployed first. You can do this manually by tagging a PR with the `aks-deploy` label. ### Updating keyvault secrets -Make sure `jq` is [installed](#local-development-dependencies). +Updating keyvault secrets is a manual process which will require elevated permissions via PIM for production access to Azure resources, the resource can be found in: -```bash -make dev edit-keyvault-secret -make test edit-keyvault-secret -make preprod edit-keyvault-secret -make production edit-keyvault-secret -make review pr_id= edit-keyvault-secret +``` +Review: s189t01-aytq-rv-app-kv +Test: s189t01-aytq-ts-app-kv +Preproduction: s189t01-aytq-pp-inf-kv +Production: s189p01-aytq-pd-app-kv ``` ## Licence diff --git a/docs/azure_storage.md b/docs/azure_storage.md index 6f4a2078..2a3e4621 100644 --- a/docs/azure_storage.md +++ b/docs/azure_storage.md @@ -6,7 +6,6 @@ We store evidence uploads in Azure Storage. Each environment has a storage accou | Environment | Storage account name | | ----------- | --------------------- | -| Dev | s165d01aytqevidencedv | | Test | s165d01aytqevidencets | | Preprod | s165d01aytqevidencepp | | Production | s165p01aytqevidencepd | diff --git a/docs/deployment.md b/docs/deployment.md index 5f04ead6..5be2a30a 100644 --- a/docs/deployment.md +++ b/docs/deployment.md @@ -4,7 +4,6 @@ The services are automatically deployed via a [Github action](https://github.com We deploy across four environments: -- dev - test - preprod - production diff --git a/docs/review_apps.md b/docs/review_apps.md index 19bd2bbf..0fc5e2f1 100644 --- a/docs/review_apps.md +++ b/docs/review_apps.md @@ -6,14 +6,11 @@ Both services are accessible at the single URL. By default, the base path will r ## Deployment -Pending a migration to AKS, the current process for provisioning a review app can be lengthy and somewhat unstable. The build and deploy action can fail for a number of reasons, as can the deployed app. This includes: +In order to deploy a review app you can either use the make target or raise a pull request and label the deployment with 'deploy-aks' and this will trigger the GHA workflow to deploy the review app based on the branch name. -- The slot swap that happens as part of the deployment can fail because the new service fails to respond to a ping -- The new service may not have its database created properly, resulting in missing table errors in the running app +This will then create a URL for testing and to destroy the review app when you close the pull request which will trigger the delete workflow. Further details for this can be found in the github workflow build-and-deploy.yml as well as the deploy-environment/action.yml. -Retrying the Github action usually resolves these issues, and subsequent deploys of the review app are generally faster and more reliable. - -For troubleshooting, logs are available in both Github Actions and Logit. +Note that review apps have container based Postgres and Redis volumes. The data will not persist once the review app has been destroyed. ## Authentication