Notes - w3s7y/fluffy-octo-telegram GitHub Wiki

Cutting a new release of vets-app

  1. Pre-reqs
    1. Commit on master to release has passing workflow:
    2. Vets CI / CD Workflow
  2. Create a new release in git
    1. new semver tag as appropriate
    2. generate release notes / changelogs
  3. Actions build & push to dockerhub with the semver tag

Where is best placed to put the day 1 secret creations?

Vault needs the initial setup done by hand by an admin in the console. After that it would be nice if we could have a very simple way of tracking the secrets keys we need in order to run vets-app.

Don't have to store the secrets, just know what the keys are are and have a secure way of getting them from the operator to the vault before apps and pipelines start getting deployed.
After that everything just reads vault for secrets.

Vault setup

  • K8s auth
    • Add https://kubernetes.default.svc.cluster.local to the Kubernetes host in vault auth
  • Enable kv v.2 at the default path kv
    • Add secrets of choice to vets/dev
      • DJANGO_SECRET_KEY
      • POSTGRES_PASSWORD
    • rpt for vets/production
    • add DISCORD_WEBHOOK and github-access-token to vets/global