From f0df98b05d8795dda83e5711c33dbe41e080b903 Mon Sep 17 00:00:00 2001 From: LavMatt Date: Thu, 11 Jul 2024 11:41:27 +0100 Subject: [PATCH 1/6] add prod to workflows and create azure secrets --- .github/workflows/deploy-dev.yml | 1 + .github/workflows/deploy-staged.yml | 20 ++++++++++++++++++++ .github/workflows/deploy-workflow.yml | 14 ++++++++++++++ 3 files changed, 35 insertions(+) diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index eb7c2cd..9508c10 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -25,3 +25,4 @@ jobs: postgres_client_host: ${{ secrets.POSTGRES_CLIENT_HOST }} postgres_url: ${{ secrets.POSTGRES_URL }} opensearch_proxy_host: ${{ secrets.OPENSEARCH_PROXY_HOST }} + azure_client_secret: ${{ secrets.AZURE_CLIENT_SECRET }} diff --git a/.github/workflows/deploy-staged.yml b/.github/workflows/deploy-staged.yml index ba8cfe0..a258b7e 100644 --- a/.github/workflows/deploy-staged.yml +++ b/.github/workflows/deploy-staged.yml @@ -26,6 +26,7 @@ jobs: postgres_client_host: ${{ secrets.POSTGRES_CLIENT_HOST }} postgres_url: ${{ secrets.POSTGRES_URL }} opensearch_proxy_host: ${{ secrets.OPENSEARCH_PROXY_HOST }} + azure_client_secret: ${{ secrets.AZURE_CLIENT_SECRET }} deploy-preprod: uses: ./.github/workflows/deploy-workflow.yml @@ -43,3 +44,22 @@ jobs: postgres_client_host: ${{ secrets.POSTGRES_CLIENT_HOST }} postgres_url: ${{ secrets.POSTGRES_URL }} opensearch_proxy_host: ${{ secrets.OPENSEARCH_PROXY_HOST }} + azure_client_secret: ${{ secrets.AZURE_CLIENT_SECRET }} + + deploy-prod: + uses: ./.github/workflows/deploy-workflow.yml + needs: [deploy-preprod] + with: + env: prod + datahub_helm_version: "0.4.9" + datahub_prereqs_helm_version: "0.1.10" + secrets: + kube_namespace: "${{ secrets.KUBE_NAMESPACE }}" + kube_cert: "${{ secrets.KUBE_CERT }}" + kube_cluster: "${{ secrets.KUBE_CLUSTER }}" + kube_token: "${{ secrets.KUBE_TOKEN }}" + postgres_host: ${{ secrets.POSTGRES_HOST}} + postgres_client_host: ${{ secrets.POSTGRES_CLIENT_HOST }} + postgres_url: ${{ secrets.POSTGRES_URL }} + opensearch_proxy_host: ${{ secrets.OPENSEARCH_PROXY_HOST }} + azure_client_secret: ${{ secrets.AZURE_CLIENT_SECRET }} diff --git a/.github/workflows/deploy-workflow.yml b/.github/workflows/deploy-workflow.yml index bdb23dc..ca7248d 100644 --- a/.github/workflows/deploy-workflow.yml +++ b/.github/workflows/deploy-workflow.yml @@ -40,6 +40,9 @@ on: opensearch_proxy_host: description: "domain address to reach opensearch" required: true + azure_client_secret: + description: "client secret for azure authentication" + required: true concurrency: group: ${{ inputs.env }} @@ -183,6 +186,17 @@ jobs: envsubst < helm_deploy/monitoring/datahub-networkpolicy.yaml | kubectl apply -f - --namespace=${KUBE_NAMESPACE} + - name: create-azure-k8s-secrets + shell: bash + env: + KUBE_NAMESPACE: ${{ secrets.kube_namespace }} + AZURE_CLIENT_ID: ${{ vars.CLIENT_ID }} + AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} + TENANT_ID: ${{ vars.TENANT_ID }} + run: + cat helm_deploy/secrets.yml | envsubst > deployments/secrets.yml + kubectl -n ${KUBE_NAMESPACE} apply -f deployments/secrets.yml + - name: update grafana status dashboard configmap if: ${{ inputs.env == 'dev' }} shell: bash From d0b987d9a5703dc2f4f534c149808f5bccf3cf41 Mon Sep 17 00:00:00 2001 From: LavMatt Date: Thu, 11 Jul 2024 11:42:06 +0100 Subject: [PATCH 2/6] add secrets yaml for azure --- helm_deploy/secrets.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 helm_deploy/secrets.yaml diff --git a/helm_deploy/secrets.yaml b/helm_deploy/secrets.yaml new file mode 100644 index 0000000..a4806fd --- /dev/null +++ b/helm_deploy/secrets.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: "azure-secrets" +type: Opaque +stringData: + client_id: "${AZURE_CLIENT_ID}" + client_secret: "${AZURE_CLIENT_SECRET}" + tenant_id: "${TENANT_ID}" From d11cee891bde80347a4a812bc388331695f084f6 Mon Sep 17 00:00:00 2001 From: LavMatt Date: Thu, 11 Jul 2024 12:08:59 +0100 Subject: [PATCH 3/6] correct name for secrets yaml --- .github/workflows/deploy-workflow.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-workflow.yml b/.github/workflows/deploy-workflow.yml index ca7248d..43de23b 100644 --- a/.github/workflows/deploy-workflow.yml +++ b/.github/workflows/deploy-workflow.yml @@ -194,7 +194,7 @@ jobs: AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} TENANT_ID: ${{ vars.TENANT_ID }} run: - cat helm_deploy/secrets.yml | envsubst > deployments/secrets.yml + cat helm_deploy/secrets.yaml | envsubst > deployments/secrets.yml kubectl -n ${KUBE_NAMESPACE} apply -f deployments/secrets.yml - name: update grafana status dashboard configmap From 68bfd42f0b843e5e01c40956f81d1b83b2a15ef8 Mon Sep 17 00:00:00 2001 From: LavMatt Date: Thu, 11 Jul 2024 12:20:09 +0100 Subject: [PATCH 4/6] correct the name again --- .github/workflows/deploy-workflow.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy-workflow.yml b/.github/workflows/deploy-workflow.yml index 43de23b..e2a2da5 100644 --- a/.github/workflows/deploy-workflow.yml +++ b/.github/workflows/deploy-workflow.yml @@ -194,8 +194,8 @@ jobs: AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} TENANT_ID: ${{ vars.TENANT_ID }} run: - cat helm_deploy/secrets.yaml | envsubst > deployments/secrets.yml - kubectl -n ${KUBE_NAMESPACE} apply -f deployments/secrets.yml + cat helm_deploy/secrets.yaml | envsubst > helm_deploy/secrets.yaml + kubectl -n ${KUBE_NAMESPACE} apply -f helm_deploy/secrets.yaml - name: update grafana status dashboard configmap if: ${{ inputs.env == 'dev' }} From 302e06c4a371d8cb000fed1878b468ff329afcdb Mon Sep 17 00:00:00 2001 From: LavMatt Date: Thu, 11 Jul 2024 12:40:32 +0100 Subject: [PATCH 5/6] add pipe --- .github/workflows/deploy-workflow.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-workflow.yml b/.github/workflows/deploy-workflow.yml index e2a2da5..a587500 100644 --- a/.github/workflows/deploy-workflow.yml +++ b/.github/workflows/deploy-workflow.yml @@ -193,7 +193,7 @@ jobs: AZURE_CLIENT_ID: ${{ vars.CLIENT_ID }} AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} TENANT_ID: ${{ vars.TENANT_ID }} - run: + run: | cat helm_deploy/secrets.yaml | envsubst > helm_deploy/secrets.yaml kubectl -n ${KUBE_NAMESPACE} apply -f helm_deploy/secrets.yaml From 1e7efb7f53929732643ccb827211568a3293d326 Mon Sep 17 00:00:00 2001 From: LavMatt Date: Thu, 11 Jul 2024 13:21:49 +0100 Subject: [PATCH 6/6] change the command for create azure secrets step --- .github/workflows/deploy-workflow.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/deploy-workflow.yml b/.github/workflows/deploy-workflow.yml index a587500..e79456e 100644 --- a/.github/workflows/deploy-workflow.yml +++ b/.github/workflows/deploy-workflow.yml @@ -186,7 +186,7 @@ jobs: envsubst < helm_deploy/monitoring/datahub-networkpolicy.yaml | kubectl apply -f - --namespace=${KUBE_NAMESPACE} - - name: create-azure-k8s-secrets + - name: create azure k8s secrets shell: bash env: KUBE_NAMESPACE: ${{ secrets.kube_namespace }} @@ -194,8 +194,8 @@ jobs: AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} TENANT_ID: ${{ vars.TENANT_ID }} run: | - cat helm_deploy/secrets.yaml | envsubst > helm_deploy/secrets.yaml - kubectl -n ${KUBE_NAMESPACE} apply -f helm_deploy/secrets.yaml + envsubst < helm_deploy/secrets.yaml | + kubectl -n ${KUBE_NAMESPACE} apply -f - - name: update grafana status dashboard configmap if: ${{ inputs.env == 'dev' }}