Azure: secret, eds-dms onboarding (!415) · Merge requests · OSDU Software / OSDU Data Platform / Deployment and Operations / helm-charts-azure

Arturo Hernandez [EPAM] requested to merge ah/mscosdu-131-eds-secret into master Aug 20, 2022

Onboard osdu-helm-library which is common place for templates to be used for onboarded services (possibly to migrate in the future to this common templates).
- Deployment, authpolicy, service, hpa, pbd are added for common
- Version update for osdu-helm-library
Onboard secret service <- osdu-azure/security-compliance subgroup
Onboard eds-dms <- osdu-azure/osdu-ingest_enrich subgroup
Fixed ci-cd to parse tag version in osdu-azure helm-charts subdependencies

Used approach mentioned in !398 (closed) about templates in helm-lib @krveduru (applied only for secret and eds-dms as for now)

Further suggestions for automation and avoid of code duplication are welcome.

Ref: infra-azure-provisioning#229 (closed)

Validated for single and subgroup installation:

helm upgrade -i ingest-services osdu-azure/osdu-ingest_enrich -n $NAMESPACE -f osdu_azure_custom_values.yaml --debug
history.go:56: [debug] getting history for release ingest-services
upgrade.go:142: [debug] preparing upgrade for ingest-services
upgrade.go:150: [debug] performing update for ingest-services
upgrade.go:322: [debug] creating upgraded release for ingest-services
client.go:218: [debug] checking 10 resources for changes
client.go:510: [debug] Patch PodDisruptionBudget "wks-pdb" in namespace osdu-azure
client.go:510: [debug] Patch PodDisruptionBudget "workflow-pdb" in namespace osdu-azure
client.go:501: [debug] Looks like there are no changes for Service "eds-dms"    <<<<< EDS SERVICE
client.go:501: [debug] Looks like there are no changes for Service "wks"
client.go:501: [debug] Looks like there are no changes for Service "workflow"
client.go:510: [debug] Patch Deployment "eds-dms" in namespace osdu-azure      <<<<< EDS SERVICE
client.go:501: [debug] Looks like there are no changes for Deployment "wks"
client.go:501: [debug] Looks like there are no changes for Deployment "workflow"
client.go:510: [debug] Patch AuthorizationPolicy "eds-dms-jwt-authz" in namespace osdu-azure    <<<<< EDS SERVICE
client.go:510: [debug] Patch AuthorizationPolicy "workflow-jwt-authz" in namespace osdu-azure
upgrade.go:157: [debug] updating status for upgraded release for ingest-services
Release "ingest-services" has been upgraded. Happy Helming!
NAME: ingest-services
LAST DEPLOYED: Wed Aug 24 11:36:33 2022
NAMESPACE: osdu-azure
STATUS: deployed
REVISION: 6
TEST SUITE: None
USER-SUPPLIED VALUES:

helm upgrade -i security-services osdu-azure/osdu-security_compliance/ -n osdu-azure -f osdu_azure_custom_values.yaml --debug --timeout 5m --wait
history.go:56: [debug] getting history for release security-services
upgrade.go:142: [debug] preparing upgrade for security-services
upgrade.go:150: [debug] performing update for security-services
upgrade.go:322: [debug] creating upgraded release for security-services
client.go:218: [debug] checking 19 resources for changes
client.go:510: [debug] Patch PodDisruptionBudget "entitlements-pdb" in namespace osdu-azure
client.go:510: [debug] Patch PodDisruptionBudget "legal-pdb" in namespace osdu-azure
client.go:510: [debug] Patch PodDisruptionBudget "policy-pdb" in namespace osdu-azure
client.go:501: [debug] Looks like there are no changes for Service "entitlements"
client.go:501: [debug] Looks like there are no changes for Service "legal"
client.go:501: [debug] Looks like there are no changes for Service "policy"
client.go:501: [debug] Looks like there are no changes for Service "secret"     <<<<< SECRET SERVICE
client.go:501: [debug] Looks like there are no changes for Deployment "entitlements"
client.go:501: [debug] Looks like there are no changes for Deployment "legal"
client.go:510: [debug] Patch Deployment "policy" in namespace osdu-azure
client.go:510: [debug] Patch Deployment "secret" in namespace osdu-azure     <<<<< SECRET SERVICE
client.go:510: [debug] Patch AuthorizationPolicy "entitlements-jwt-authz" in namespace osdu-azure
client.go:510: [debug] Patch AuthorizationPolicy "legal-jwt-authz" in namespace osdu-azure
client.go:510: [debug] Patch AuthorizationPolicy "policy-jwt-authz" in namespace osdu-azure
client.go:501: [debug] Looks like there are no changes for AuthorizationPolicy "secret-jwt-authz"   <<<<< SECRET SERVICE
client.go:510: [debug] Patch EnvoyFilter "header-1-remove-user-appid-from-default" in namespace osdu-azure
W0824 11:26:25.447727  116507 warnings.go:70] using deprecated filter name "envoy.http_connection_manager"; use "envoy.filters.network.http_connection_manager" instead
W0824 11:26:25.448068  116507 warnings.go:70] using deprecated filter name "envoy.router"; use "envoy.filters.http.router" instead
client.go:510: [debug] Patch EnvoyFilter "header-2-add-user-from-msft-aad-token" in namespace osdu-azure
W0824 11:26:25.615869  116507 warnings.go:70] using deprecated filter name "envoy.http_connection_manager"; use "envoy.filters.network.http_connection_manager" instead
client.go:510: [debug] Patch EnvoyFilter "header-3-add-user-from-msftonline-token" in namespace osdu-azure
W0824 11:26:25.787447  116507 warnings.go:70] using deprecated filter name "envoy.http_connection_manager"; use "envoy.filters.network.http_connection_manager" instead
client.go:510: [debug] Patch EnvoyFilter "header-add-sub-from-sauth-token" in namespace osdu-azure
W0824 11:26:25.957171  116507 warnings.go:70] using deprecated filter name "envoy.http_connection_manager"; use "envoy.filters.network.http_connection_manager" instead
client.go:267: [debug] Deleting ConfigMap "secret-config" in namespace osdu-azure...
client.go:270: [debug] Unable to get obj "secret-config", err: configmaps "secret-config" not found
client.go:267: [debug] Deleting Service "secret-service" in namespace osdu-azure...
client.go:270: [debug] Unable to get obj "secret-service", err: services "secret-service" not found
client.go:267: [debug] Deleting Ingress "security-services-ingress" in namespace osdu-azure...
client.go:270: [debug] Unable to get obj "security-services-ingress", err: ingresses.networking.k8s.io "security-services-ingress" not found
client.go:267: [debug] Deleting AuthorizationPolicy "secret-auth" in namespace osdu-azure...
client.go:270: [debug] Unable to get obj "secret-auth", err: authorizationpolicies.security.istio.io "secret-auth" not found
client.go:267: [debug] Deleting AzureIdentity "security-services-identity" in namespace osdu-azure...
client.go:270: [debug] Unable to get obj "security-services-identity", err: azureidentities.aadpodidentity.k8s.io "security-services-identity" not found
client.go:267: [debug] Deleting AzureIdentityBinding "security-services-binding" in namespace osdu-azure...
client.go:270: [debug] Unable to get obj "security-services-binding", err: azureidentitybindings.aadpodidentity.k8s.io "security-services-binding" not found
client.go:267: [debug] Deleting SecretProviderClass "security-services-secret" in namespace osdu-azure...
client.go:270: [debug] Unable to get obj "security-services-secret", err: secretproviderclasses.secrets-store.csi.x-k8s.io "security-services-secret" not found
wait.go:48: [debug] beginning wait for 19 resources with timeout of 5m0s
upgrade.go:157: [debug] updating status for upgraded release for security-services
Release "security-services" has been upgraded. Happy Helming!
NAME: security-services
LAST DEPLOYED: Wed Aug 24 11:26:21 2022
NAMESPACE: osdu-azure
STATUS: deployed
REVISION: 6
TEST SUITE: None
USER-SUPPLIED VALUES:
configuration:
- podDisruptionBudget:
    enabled: false

Edited Aug 24, 2022 by Arturo Hernandez [EPAM]

Azure: secret, eds-dms onboarding

Merge request reports