Notes - w3s7y/fluffy-octo-telegram GitHub Wiki
Cutting a new release of vets-app
- Pre-reqs
- Create a new release in git
- new semver tag as appropriate
- generate release notes / changelogs
- Actions build & push to dockerhub with the semver tag
Where is best placed to put the day 1 secret creations?
Vault needs the initial setup done by hand by an admin in the console. After that it would be nice if we could
have a very simple way of tracking the secrets keys we need in order to run vets-app
.
Don't have to store the secrets, just know what the keys are are and have a secure way of getting
them from the operator to the vault before apps and pipelines start getting deployed.
After that everything just reads vault for secrets.
Vault setup
- K8s auth
- Add
https://kubernetes.default.svc.cluster.local
to the Kubernetes host in vault auth
- Add
- Enable kv v.2 at the default path
kv
- Add secrets of choice to
vets/dev
- DJANGO_SECRET_KEY
- POSTGRES_PASSWORD
- rpt for
vets/production
- add
DISCORD_WEBHOOK
andgithub-access-token
tovets/global
- Add secrets of choice to