Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DevOps processes and Continuous Delivery - Moving Forward #158

Open
4 of 9 tasks
WadeBarnes opened this issue Jan 29, 2024 · 9 comments
Open
4 of 9 tasks

DevOps processes and Continuous Delivery - Moving Forward #158

WadeBarnes opened this issue Jan 29, 2024 · 9 comments
Assignees
@i5okie @esune @WadeBarnes @loneil

Comments

@WadeBarnes
Copy link
Member

WadeBarnes commented Jan 29, 2024
edited by i5okie
Loading

This ticket is meant to be a place where we can start the discussion and design of our DevOps and Continuous Delivery processes moving forward. We have a significant amount of technical debit that has built up over the years. While our processes have served us well for a very long time, we're overdue for an update.

Requirements:

  • Update CI/CD pipelines - Many of our projects are still relying on Jenkins pipelines. We want to migrate them all to newer platforms. Whether that is utilizing GitHub Actions, Tekton, ArgoCD, Helm, or the like is up for discussion. We're utilizing GitHub Actions and Helm in a couple projects, such as bcgov/traction, and bcgov/vc-authn-oidc, and have also started utilizing GitHub Actions to replace Jenkins in a couple other projects such as bcgov/von-bc-registries-audit, and bcgov/dts-endorser-service.
  • Standardize on standard Kubernetes resources. Where possible, migrate to using generic Kubernetes resources and avoid using platform specific (OCP specific) resources. For example, migrate away from using DeploymentConfig triggers to monitor image stream tags for managing image deployments.
  • Periodic image rebuilds. Rebuild and redeploy application pods at least once a month in order to pick updates and patches performed to the base image(s). This will require updates to the ACA-Py builds to perform the same periodic image rebuild, since the majority of our projects rely on the ACA-Py images.
  • Devise a strategy to review and address ACS vulnerability reports on a regular basis. Reviews were started here; Review ACS Reports #16
  • Document the plans and procedures in the bcgov/DITP-DevOps repo.

Considerations:

  • Helm - Can be a fairly heavyweight at times. We may want to consider a hybrid approach combining Helm and our existing templates in the short to medium term.

Short to Mid Term action items:

Mid to Long Term action items:

  • Items go here

Design Docs:

Related Tickets:
@WadeBarnes WadeBarnes moved this to Assigned in CDT Enterprise Apps Jan 29, 2024
@WadeBarnes
Copy link
Member Author

cc @jleach, not assigning to you, but we're interested in your input.

This was referenced Feb 1, 2024
Closed
Closed
@WadeBarnes
Copy link
Member Author

WadeBarnes commented Mar 4, 2024
edited
Loading

ArgoCD Implementation - Design Doc

@WadeBarnes
Copy link
Member Author

HashiCorp Vault Integration - Inventory of Credentials in the DITP Environment

@WadeBarnes WadeBarnes moved this from Assigned to In Progress in CDT Enterprise Apps Mar 7, 2024
@WadeBarnes
Copy link
Member Author

Finished, from my perspective, filling out the above document.

@WadeBarnes WadeBarnes mentioned this issue Mar 13, 2024
Closed
@WadeBarnes
Copy link
Member Author

We had a productive meeting with reps from platform services and Red Hat yesterday to go over a few different approaches using Helm with ArgoCD. A couple of the approaches work around some restrictions imposed by the instance maintained by platform services.

Resources from the meeting:

@i5okie
Copy link
Contributor

i5okie commented Jun 3, 2024
edited
Loading

Progress update:

  • The ArgoCD Implementation doc has been updated with current implementation details.
  • Grafana Agent has been deployed within bc0192, e79518, and ca7f8f namespaces with ArgoCD.
  • traction-database -- dev, test, and prod crunchy clusters have been deployed with ArgoCD
  • The traction and vc-authn-oidc Helm charts have been updated to be compatible with ArgoCD workflow.
  • Validated Helm chart updates by deploying vc-authn-oidc to dev and test environments with ArgoCD.

Next steps:

  • Deploy traction to dev. test, and prod via ArgoCD
  • Update traction GitHub Actions workflows to trigger automatic deployment via ArgoCD to dev, and test
  • Deploy vc-authn-oidc to prod via ArgoCD
  • Update vc-authn-oidc GitHub Actions workflows to trigger automatic deployment via ArgoCD to dev, and test
  • Document the workflow changes, and manual promotion of services to production

This was referenced Jun 6, 2024
Closed
Closed
@i5okie i5okie moved this from In Progress to Assigned in CDT Enterprise Apps Jun 24, 2024
This was referenced Jun 24, 2024
Merged
Merged
@i5okie i5okie mentioned this issue Jul 3, 2024
Merged
@i5okie
Copy link
Contributor

i5okie commented Aug 20, 2024

Progress update:

  • "Update CI/CD pipelines - Many of our projects are still relying on Jenkins pipelines. We want to migrate them all to newer platforms. Whether that is utilizing GitHub Actions, Tekton, ArgoCD, Helm, or the like is up for discussion...."

Pipelines for the traction and vc-authn-oidc have been updated and migrated to take advantage of GitOps automation with ArgoCD.
Deployment of dev environments will likely have to remain deployable directly from GitHub Actions workflows for both Traction and VC-AuthnN-OIDC projects.

  • "Standardize on standard Kubernetes resources. Where possible, migrate to using generic Kubernetes resources and avoid using platform specific (OCP specific) resources.... "

Resources for both Traction and VC-AuthN-OIDC projects use platform-agnostic technologies such as Helm charts, and plain kubernetes manifests. These resources can be deployed by anyone, on almost any Kubernetes cluster.

Updated the implementation documentation https://hackmd.io/hirbZlbkSQmp-UK_D7FbrQ

@i5okie
Copy link
Contributor

i5okie commented Aug 26, 2024

Standardize on standard Kubernetes resources. Where possible, migrate to using generic Kubernetes resources and avoid using platform specific (OCP specific) resources. For example, migrate away from using DeploymentConfig triggers to monitor image stream tags for managing image deployments.

Created issues for the following repositories to Migrate OCP templates to using generic Kubernetes resources
bcgov/DITP-DevOps#200
bcgov/openshift-aries-mediator-service#43
bcgov/dts-backup-configurations#22
bcgov/orgbook-configurations#144
bcgov/von-bc-registries-audit#42
bcgov/dts-endorser-service#50
bcgov/von-bc-registries-agent-configurations#81

@i5okie
Copy link
Contributor

i5okie commented Sep 12, 2024
edited
Loading

Update CI/CD pipelines - Many of our projects are still relying on Jenkins pipelines. We want to migrate them all to newer platforms. Whether that is utilizing GitHub Actions, Tekton, ArgoCD, Helm, or the like is up for discussion. We're utilizing GitHub Actions and Helm in a couple projects, such as bcgov/traction, and bcgov/vc-authn-oidc, and have also started utilizing GitHub Actions to replace Jenkins in a couple other projects such as bcgov/von-bc-registries-audit, and bcgov/dts-endorser-service.

Created tasks for migrating Jenkins pipelines to GitHub Actions workflows:
bcgov/openshift-aries-mediator-service#44
bcgov/orgbook-configurations#147
bcgov/von-bc-registries-agent-configurations#82
bcgov/dts-endorser-service#56

@i5okie i5okie mentioned this issue Sep 12, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@i5okie i5okie

@esune esune

@WadeBarnes WadeBarnes

@loneil loneil

Labels
None yet
Projects
CDT Enterprise Apps
Status: Assigned
Milestone
No milestone
Development

No branches or pull requests
4 participants
@i5okie @esune @WadeBarnes @loneil