Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clean up Faltrn #985

Merged
merged 1 commit into from
Jan 8, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 12 additions & 12 deletions .github/workflows/delete-review-app.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,22 +17,22 @@ jobs:
- name: Extract configuration from tfvars
id: config
run: |
KEY_VAULT_NAME=$(jq -r '.key_vault_name' $TFVARS)
PAAS_SPACE=$(jq -r '.paas_space' $TFVARS)
if [ -z "$KEY_VAULT_NAME" ]; then
echo "::error ::Failed to extract key_vault_name from $TFVARS"
APP_KEY_VAULT=$(jq -r '.app_key_vault' $TFVARS)
NAMESPACE=$(jq -r '.namespace' $TFVARS)
if [ -z "$APP_KEY_VAULT" ]; then
echo "::error ::Failed to extract app_key_vault from $TFVARS"
exit 1
fi
if [ -z "$PAAS_SPACE" ]; then
echo "::error ::Failed to extract paas_space from $TFVARS"
if [ -z "$NAMESPACE" ]; then
echo "::error ::Failed to extract namespace from $TFVARS"
exit 1
fi
echo ::set-output name=key_vault_name::$KEY_VAULT_NAME
echo ::set-output name=paas_space::$PAAS_SPACE
echo ::set-output name=app_key_vault::$APP_KEY_VAULT
echo ::set-output name=namespace::$NAMESPACE
shell: bash
env:
TFVARS: workspace_variables/review.tfvars.json
working-directory: terraform/paas
working-directory: terraform/aks

- uses: Azure/login@v1
with:
Expand All @@ -41,7 +41,7 @@ jobs:
- uses: Azure/get-keyvault-secrets@v1
id: get_secrets
with:
keyvault: ${{ steps.config.outputs.key_vault_name }}
keyvault: ${{ steps.config.outputs.app_key_vault }}
secrets: "TFSTATE-CONTAINER-ACCESS-KEY,PAAS-USER,PAAS-PASSWORD"

- uses: hashicorp/setup-terraform@v2
Expand All @@ -57,7 +57,7 @@ jobs:
echo "TF_STATE_FILE=$TF_STATE_FILE" >> $GITHUB_ENV
pr_state_file=$(az storage blob list -c faltrn-tfstate \
--account-key ${{ steps.get_secrets.outputs.TFSTATE-CONTAINER-ACCESS-KEY }} \
--account-name "s165d01faltrntfstatedv" \
--account-name "s189t01faltrntfstatervsa" \
--prefix $TF_STATE_FILE --query "[].name" -o tsv)
if [ -n "$pr_state_file" ]; then echo "TF_STATE_EXISTS=true" >> $GITHUB_ENV; fi;
- name: Terraform
Expand All @@ -77,4 +77,4 @@ jobs:
run: |
az storage blob delete -c faltrn-tfstate --name ${{ env.TF_STATE_FILE }} \
--account-key ${{ steps.get_secrets.outputs.TFSTATE-CONTAINER-ACCESS-KEY }} \
--account-name "s165d01faltrntfstatedv"
--account-name "s189t01faltrntfstatervsa"
File renamed without changes.
8 changes: 7 additions & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,9 @@ terrafile: bin/terrafile
tags: ##Tags that will be added to resource group on it's creation in ARM template
$(eval RG_TAGS=$(shell echo '{"Portfolio": "Early years and Schools Group", "Parent Business":"Teaching Regulation Agency", "Product" : "Find a Lost TRN", "Service Line": "Teaching Workforce", "Service": "Teacher Services", "Service Offering": "Find a Lost TRN", "Environment" : "$(ENV_TAG)"}' | jq . ))

clone:
$(eval CLONE_STRING=-clone)

##@ Query parameter store to display environment variables. Requires Azure credentials
set-azure-account: ${environment}
echo "Logging on to ${AZURE_SUBSCRIPTION}"
Expand Down Expand Up @@ -125,7 +128,7 @@ terraform-init: bin/terrafile
[[ "${SP_AUTH}" != "true" ]] && az account set -s $(AZURE_SUBSCRIPTION) || true
./bin/terrafile -p terraform/aks/vendor/modules -f terraform/aks/workspace_variables/$(CONFIG)_Terrafile
terraform -chdir=terraform/aks init -backend-config workspace_variables/$(CONFIG).backend.tfvars $(backend_config) -upgrade -reconfigure
$(if $(DOCKER_IMAGE), $(eval export TF_VAR_paas_app_docker_image=$(DOCKER_IMAGE)), $(error Missing environment variable "DOCKER_IMAGE"))
$(if $(DOCKER_IMAGE), $(eval export TF_VAR_app_docker_image=$(DOCKER_IMAGE)), $(error Missing environment variable "DOCKER_IMAGE"))

terraform-plan: terraform-init
terraform -chdir=terraform/aks plan -var-file workspace_variables/$(CONFIG).tfvars.json
Expand Down Expand Up @@ -190,6 +193,9 @@ domains-infra-plan: domains-infra-init ## terraform plan for dns core resources
domains-infra-apply: domains-infra-init ## terraform apply for dns core resources
terraform -chdir=terraform/domains/infrastructure apply -var-file config/zones.tfvars.json ${AUTO_APPROVE}

get-cluster-credentials: set-azure-account ## make <config> get-cluster-credentials [ENVIRONMENT=<clusterX>]
az aks get-credentials --overwrite-existing -g ${RESOURCE_GROUP_NAME} -n ${RESOURCE_PREFIX}-tsc-${ENVIRONMENT}${CLONE_STRING}-aks

######################################

domains-init: bin/terrafile faltrn_domain set-azure-account ## terraform init for dns resources: make <env> domains-init
Expand Down
14 changes: 7 additions & 7 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,12 @@ A service that allows teachers to find their Teacher Reference Number (TRN).

### Links and application names

| Name | URL | Deployment | PaaS space | PaaS application |
| ---------- | ------------------------------------------------- | ---------- | ---------------- | ---------------------------- |
| Production | https://find-a-lost-trn.education.gov.uk/ | Automatic | `tra-production` | `find-a-lost-trn-production` |
| Preprod | https://preprod-find-a-lost-trn.education.gov.uk/ | Automatic | `tra-test` | `find-a-lost-trn-preprod` |
| Test | https://test-find-a-lost-trn.education.gov.uk/ | Automatic | `tra-test` | `find-a-lost-trn-test` |
| Dev | https://dev-find-a-lost-trn.education.gov.uk/ | Automatic | `tra-dev` | `find-a-lost-trn-dev` |
| Name | URL (Frontdoor) | Deployment | AKS namespace | Ingress URL |
| ------------- | ------------------------------------------------ | ---------- | ----------------- | ---------------------------------------------------------------- |
| Production | https://find-a-lost-trn.education.gov.uk | Automatic | `tra-production` | https://find-a-lost-trn-production.teacherservices.cloud |
| Preproduction | https://preprod.find-a-lost-trn.education.gov.uk | Automatic | `tra-test` | https://find-a-lost-trn-preproduction.test.teacherservices.cloud |
| Test | https://test.find-a-lost-trn.education.gov.uk | Automatic | `tra-test` | http://find-a-lost-trn-test.test.teacherservices.cloud |
| Dev | https://dev.find-a-lost-trn.education.gov.uk | Automatic | `tra-development` | https://find-a-lost-trn-development.test.teacherservices.cloud |

All environments have continuous deployment, the state of which can be inspected in Github Actions.

Expand Down Expand Up @@ -59,7 +59,7 @@ You can use this user to test that matching works against the preprod
## How the application works

Find a lost TRN is a monolithic Rails app built with the GOVUK Design System and hosted on
GOVUK PaaS.
GOVUK AKS.

We keep track of architecture decisions in [Architecture Decision Records
(ADRs)](/adr/).
Expand Down
22 changes: 0 additions & 22 deletions adr/00002-use-gov-paas.md

This file was deleted.

2 changes: 0 additions & 2 deletions adr/00007-scheduled-jobs.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,6 @@ We have considered:

Considering the effort to deploy and maintain the infrastructure to run the jobs, we think it's better to use sidekiq/sidekiq_cron.

The clockwork gem requires some workarounds to be able to run on PaaS.

#### Pros

- The sidekiq/sidekiq_cron combination is a proven, stable and scalable combination which can take us all the way to public launch and beyond.
Expand Down
2 changes: 1 addition & 1 deletion app/views/static/privacy.md
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ We also use Google’s G Suite to process some personal data. Google processes y

### Hosting services

We host our services on GOV.UK PaaS, which encrypts your data to prevent it being accessed by unauthorised people.
We host our services on AKS which encrypts your data to prevent it being accessed by unauthorised people.

### Auditors

Expand Down
54 changes: 9 additions & 45 deletions docs/ops-manual.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,55 +2,19 @@

## SSHing to a live docker container

To SSH into a container, install the `cloudfoundry-cli`. Example using `asdf`:

```bash
$ asdf plugin add cf
$ asdf cf install latest
$ asdf global cf latest
$ cf --version
cf version 8.3.0+e6f8a85.2022-03-11
```

You'll need a PaaS account that has access to the
`tra-dev/tra-test/tra-production` space. Sign into your account using SSO:

```bash
$ cf login -a api.london.cloud.service.gov.uk --sso
API endpoint: api.london.cloud.service.gov.uk

Temporary Authentication Code ( Get one at https://login.london.cloud.service.gov.uk/passcode ):
Authenticating...
OK
To SSH into a container, install `kubectl`

- Configure the credentials using the `get-cluster-credentials`, run make command. Example:

Targeted org dfe.

Select a space:
1. sandbox
2. tra-dev
3. tra-production
4. tra-test

Space (enter to skip): 2
Targeted space tra-dev.

API endpoint: https://api.london.cloud.service.gov.uk
API version: 3.112.0
user: 1XXXXXXXXXXXXXXXXXXXX
org: dfe
space: tra-dev
```

To SSH into the running docker container and go to the app directory:

```bash
cf ssh find-a-lost-trn-dev
cd /app
make test get-cluster-credentials
make development get-cluster-credentials ENVIRONMENT=cluster1
```

**Note**: SSH access is monitored and logged as an event in the Events tab on
the PaaS website.
find-a-lost-trn-test-57556754f9-q5mfd
To SSH into a container, in the test cluster. Example ssh into a container named `find-a-lost-trn-test`, within the pod `find-a-lost-trn-test-57556754f9-q5mfd`:

run `kubectl -n tra-test exec -it find-a-lost-trn-test-57556754f9-q5mfd -c find-a-lost-trn-test -- /bin/sh`

## Running a Rails console

Expand Down Expand Up @@ -98,7 +62,7 @@ xxxxxxxx-yyyy-zzzz-xxxx-yyyyyyyyyyyy 'digital.education.gov.uk'
"tenantId": "xxxxxxxx-yyyy-zzzz-xxxx-yyyyyyyyyyyy"
}
],
"name": "s165-teachingqualificationsservice-development",
"name": "s189-teacher-services-cloud-test",
"state": "Enabled",
"tenantId": "xxxxxxxx-yyyy-zzzz-xxxx-yyyyyyyyyyyy",
"user": {
Expand Down
2 changes: 1 addition & 1 deletion docs/technical-architecture.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

The Find a lost TRN service is a public facing web application that allows its users to retrieve their TRN by supplying personal information. It works by querying the DQT API with the supplied details, and returning them to the user. As a fallback, if the DQT API is unavailable, the Find a lost TRN service will create a ticket in a Zendesk system that the supporting team will then pick up, and handle manually.

The web primary web application in hosted in GOV.UK PaaS, uses a Postgres database for persistence and a Redis instance for retry logic for deferred executions of tasks.
The web primary web application in hosted in AKS, uses a Postgres database for persistence and a Redis instance for retry logic for deferred executions of tasks.

## Architecture Diagram

Expand Down
2 changes: 2 additions & 0 deletions global_config/development.sh
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@ CONFIG=development
DEPLOY_ENV=development
CONFIG_SHORT=dv
AZURE_SUBSCRIPTION=s189-teacher-services-cloud-test
RESOURCE_PREFIX=s189d01
AZURE_RESOURCE_PREFIX=s189t01
RESOURCE_GROUP_NAME=s189d01-tsc-${CONFIG_SHORT}-rg
ENV_TAG=Test
DOMAINS_TERRAFORM_BACKEND_KEY=faltrndomains_dev.tfstate
5 changes: 4 additions & 1 deletion global_config/production.sh
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,8 @@ DEPLOY_ENV=production
CONFIG_SHORT=pd
AZURE_SUBSCRIPTION=s189-teacher-services-cloud-production
AZURE_RESOURCE_PREFIX=s189p01
RESOURCE_PREFIX=s189p01
RESOURCE_GROUP_NAME=${AZURE_RESOURCE_PREFIX}-tsc-${CONFIG_SHORT}-rg
ENV_TAG=Prod
DOMAINS_TERRAFORM_BACKEND_KEY=faltrndomains_prod.tfstate
ENVIRONMENT=production
DOMAINS_TERRAFORM_BACKEND_KEY=faltrndomains_prod.tfstate
3 changes: 3 additions & 0 deletions global_config/test.sh
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,8 @@ DEPLOY_ENV=test
CONFIG_SHORT=ts
AZURE_SUBSCRIPTION=s189-teacher-services-cloud-test
AZURE_RESOURCE_PREFIX=s189t01
RESOURCE_PREFIX=s189t01
RESOURCE_GROUP_NAME=${RESOURCE_PREFIX}-tsc-${CONFIG_SHORT}-rg
ENVIRONMENT=test
ENV_TAG=Test
DOMAINS_TERRAFORM_BACKEND_KEY=faltrndomains_test.tfstate
4 changes: 2 additions & 2 deletions terraform/aks/application.tf
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ module "web_application" {
kubernetes_config_map_name = module.application_configuration.kubernetes_config_map_name
kubernetes_secret_name = module.application_configuration.kubernetes_secret_name

docker_image = var.paas_app_docker_image
docker_image = var.app_docker_image
max_memory = var.memory_max
replicas = var.replicas
web_external_hostnames = var.gov_uk_host_names
Expand Down Expand Up @@ -52,7 +52,7 @@ module "worker_application" {
cluster_configuration_map = module.cluster_data.configuration_map
kubernetes_config_map_name = module.application_configuration.kubernetes_config_map_name
kubernetes_secret_name = module.application_configuration.kubernetes_secret_name
docker_image = var.paas_app_docker_image
docker_image = var.app_docker_image
command = ["bundle", "exec", "sidekiq", "-C", "./config/sidekiq.yml"]
probe_command = ["pgrep", "-f", "sidekiq"]
max_memory = var.worker_memory_max
Expand Down
5 changes: 2 additions & 3 deletions terraform/aks/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -83,9 +83,8 @@ variable "gov_uk_host_names" {
type = list(any)
}

# PaaS variables
variable "paas_app_docker_image" {
description = "PaaS image name and version "
variable "app_docker_image" {
description = "image name and version "
}

variable "deploy_redis" {
Expand Down
Loading