Skip to content

Commit cdbb124

Browse files
authored
fix: dev-env outdated configs and bugs (#49)
1 parent 3697c39 commit cdbb124

5 files changed

Lines changed: 11 additions & 9 deletions

File tree

templates/README.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -83,16 +83,16 @@ A Kubernetes secret will exist in your application namespace (<% .Name %>) that
8383

8484
## Secrets
8585
Along with the database credentials, any other secrets that need to be provided to the application can be managed in AWS Secrets Manager.
86-
Secrets have been created for each environment called `<% .Name %>/kubernetes/<environment>/<% .Name %>` which contain a list of environment variables that will be synced with the kubernetes secret in your namespace via a tool called [external-secrets](https://github.com/external-secrets/kubernetes-external-secrets)
86+
Secrets have been created for each environment called `<% .Name %>/application/<environment>/<% .Name %>` which contain a list of environment variables that will be synced with the kubernetes secret in your namespace via a tool called [external-secrets](https://github.com/external-secrets/kubernetes-external-secrets)
8787
Any secrets managed by `external-secrets` will be synced to kubernetes every 15 seconds. Keep in mind that any changes must be made in Secrets Manager, as any that are made to the secret on the kubernetes side will be overwritten.
8888
You can see the `external-secrets` configuration in [kubernetes/overlays/staging/external-secret.yml](./kubernetes/overlays/staging/external-secret.yml) (this is the one for staging)
8989

9090
To work with the secret in AWS you can use the web interface or the cli tool:
9191
```
92-
aws secretsmanager get-secret-value --secret=<% .Name %>/kubernetes/stage/<% .Name %>
92+
aws secretsmanager get-secret-value --secret=<% .Name %>/application/stage/<% .Name %>
9393
```
9494

95-
The intent is that the last part of the secret name is the component of your application this secret is for. For example: if you were adding a new billing service, the secret might be called `<% .Name %>/kubernetes/stage/billing`
95+
The intent is that the last part of the secret name is the component of your application this secret is for. For example: if you were adding a new billing service, the secret might be called `<% .Name %>/application/stage/billing`
9696

9797
## Cron Jobs
9898
An example cron job is specified in [kubernetes/base/cronjob.yml][base-cronjob].

templates/kubernetes/overlays/dev/deployment.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,9 @@ metadata:
55
spec:
66
template:
77
spec:
8+
# To enable the backend-service account, you can add an entry from infrastructure repo
9+
# kubernetes/terraform/environments/stage/main.tf's application_policy_list for dev namespaces
10+
serviceAccountName: default
811
containers:
912
- name: <% .Name %>
1013
image: <% index .Params `accountId` %>.dkr.ecr.<% index .Params `region` %>.amazonaws.com/<% .Name %>:last-deployed

templates/kubernetes/overlays/dev/external-secret.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,4 +8,4 @@ metadata:
88
spec:
99
backendType: secretsManager
1010
dataFrom:
11-
- <% .Name %>/kubernetes/stage/devenv-<% .Name %>
11+
- <% .Name %>/application/stage/devenv-<% .Name %>

templates/kubernetes/overlays/dev/ingress.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ metadata:
2323
# CORS
2424
## to support both frontend origin and 'localhost', need 'configuration-snippet' implementation here, because 'cors-allow-origin' field doesn't support multiple originss yet.
2525
nginx.ingress.kubernetes.io/configuration-snippet: |
26-
if ($http_origin ~* "^https?://((?:<% index .Params `stagingFrontendSubdomain` %><% index .Params `stagingHostRoot` %>)|(?:localhost))|(?:127.0.0.1))") {
26+
if ($http_origin ~* "^https?:\/\/((?:<% index .Params `stagingFrontendSubdomain` %><% index .Params `stagingHostRoot` %>)|(?:localhost)|(?:127.0.0.1))") {
2727
set $cors "true";
2828
}
2929
if ($request_method = 'OPTIONS') {
@@ -52,7 +52,7 @@ metadata:
5252
5353
spec:
5454
rules:
55-
- host: {{ DEV_NAMESPACE }}.dev.<% index .Params `stagingHostRoot` %>
55+
- host: "{{ DEV_NAMESPACE }}.dev.<% index .Params `stagingHostRoot` %>"
5656
http:
5757
paths:
5858
- path: /(.*)
@@ -66,5 +66,5 @@ spec:
6666
<%- end %>
6767
tls:
6868
- hosts:
69-
- {{ DEV_NAMESPACE }}.dev.<% index .Params `stagingHostRoot` %>
69+
- "{{ DEV_NAMESPACE }}.dev.<% index .Params `stagingHostRoot` %>"
7070
secretName: <% .Name %>-tls-secret

templates/start-dev-env.sh

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -115,8 +115,7 @@ fi
115115
kustomize build . | \
116116
sed "s|${EXT_HOSTNAME}|${MY_EXT_HOSTNAME}|g" | \
117117
sed "s|{{ DEV_NAMESPACE }}|${DEV_NAMESPACE}|g" | \
118-
sed "s|DATABASE_NAME: ${DATABASE_NAME}|DATABASE_NAME: ${DEV_DATABASE_NAME}|g" > kustomizebuild
119-
exit 1
118+
sed "s|DATABASE_NAME: ${DATABASE_NAME}|DATABASE_NAME: ${DEV_DATABASE_NAME}|g"
120119
kubectl --context ${CLUSTER_CONTEXT} -n ${DEV_NAMESPACE} apply -f - ) || error_exit "Failed to apply kubernetes manifests"
121120

122121
# Confirm deployment

0 commit comments

Comments
 (0)