commitdev · bmonkman · Apr 28, 2020 · Apr 27, 2020 · Apr 28, 2020 · Apr 28, 2020
diff --git a/.circleci/README.md b/.circleci/README.md
@@ -13,11 +13,15 @@ $ aws eks list-clusters --query "clusters"
 
 - AWS_ACCESS_KEY_ID                     # AWS access key for the circleci user - this should be in AWS secret manager
 - AWS_SECRET_ACCESS_KEY                 # AWS secret for the circleci user - this should be in AWS secret manager
-- AWS_DEFAULT_REGION                    # Region of your cluster
+- AWS_REGION                            # Region of your EKS cluster
 - AWS_ECR_ACCOUNT_URL                   # {awsAccountNum}.dkr.ecr.{region}.amazonaws.com
 - AWS_ECR_REPO_NAME                     # The ECR repository name to write images to
 - PRODUCTION_EKS_CLUSTER_NAME           # The name of the production EKS cluster to deploy into
 - STAGING_EKS_CLUSTER_NAME              # The name of the staging EKS cluster to deploy into
+- AWS_CLUSTER_AUTH_ROLE_ARN_STAGING     # The ARN of the role to assume that allows access to the EK cluster. Most likely ends with `kubernetes-admin-staging`
+- AWS_CLUSTER_AUTH_ROLE_ARN_PRODUCTION  # The ARN of the role to assume that allows access to the EKS cluster. Same as above but for production
+- SLACK_WEBHOOK                         # Webhook for slack notifications. Must be specified, but doesn't need to be set to a real value
+- CIRCLECI_API_KEY                      # Needed for the queueing orb. You can generate this in the project settings in CircleCI. It needs the `status` scope.
 
 
 ## Deployment Process

diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -193,7 +193,8 @@ jobs:
       - version-tag/get
       - run: *install-binaries
       - aws-cli/install
-      - aws-cli/setup
+      - aws-cli/setup:
+          aws-region: AWS_REGION
       - aws-eks/update-kubeconfig-with-authenticator:
           cluster-name: << parameters.cluster-name >>
           cluster-authentication-role-arn: << parameters.cluster-authentication-role-arn >>
@@ -204,6 +205,7 @@ jobs:
       - run:
           name: Deploy
           command: |
+            kubectl create namespace << parameters.namespace >> || echo "Namespace already exists"
             cd kubernetes/overlays/<< parameters.config-environment >>
             IMAGE=${AWS_ECR_ACCOUNT_URL}/<< parameters.repo >>
             kustomize edit set image fake-image=${IMAGE}:${VERSION_TAG}
@@ -233,8 +235,8 @@ workflows:
             cluster-name: "${STAGING_EKS_CLUSTER_NAME}"
             config-environment: "staging"
             cluster-authentication-role-arn: "${AWS_CLUSTER_AUTH_ROLE_ARN_STAGING}"
-            region: "${AWS_DEFAULT_REGION}"
-            namespace: "${CIRCLE_BRANCH}"
+            region: "${AWS_REGION}"
+            namespace: "${AWS_ECR_REPO_NAME}"
             tag: "${VERSION_TAG}"
             requires:
               - build_and_push
@@ -255,8 +257,8 @@ workflows:
             cluster-name: "${PRODUCTION_EKS_CLUSTER_NAME}"
             config-environment: "production"
             cluster-authentication-role-arn: "${AWS_CLUSTER_AUTH_ROLE_ARN_PRODUCTION}"
-            region: "${AWS_DEFAULT_REGION}"
-            namespace: "${CIRCLE_BRANCH}"
+            region: "${AWS_REGION}"
+            namespace: "${AWS_ECR_REPO_NAME}"
             tag: "${VERSION_TAG}"
             requires:
               - queue/block_workflow
diff --git a/kubernetes/base/deployment.yml b/kubernetes/base/deployment.yml
@@ -33,14 +33,19 @@ spec:
             initialDelaySeconds: 5
             periodSeconds: 10
             timeoutSeconds: 2
+          ports:
+            - containerPort: 80
+              name: http
           envFrom:
           - configMapRef:
               name: <% .Name %>-config
           env:
-        - name: POD_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
+          - name: SERVER_PORT
+            value: "80"
+          - name: POD_NAME
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.name
           - name: DATABASE_USERNAME
             valueFrom:
                 secretKeyRef:

diff --git a/kubernetes/base/service.yml b/kubernetes/base/service.yml
@@ -7,6 +7,6 @@ spec:
   - name: http
     protocol: TCP
     port: 80
-    targetPort: 80
+    targetPort: http
   selector:
     app: <% .Name %>
diff --git a/kubernetes/overlays/production/kustomization.yml b/kubernetes/overlays/production/kustomization.yml
@@ -1,13 +1,11 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
-bases:
-- ../../base
-
 patchesStrategicMerge:
 - deployment.yml
 
 resources:
+- ../../base
 - ingress.yaml
 - pdb.yaml
 

diff --git a/kubernetes/overlays/staging/deployment.yml b/kubernetes/overlays/staging/deployment.yml
@@ -10,7 +10,7 @@ spec:
           resources:
             requests:
               memory: 128Mi
-              cpu: 0.5
+              cpu: 0.1
             limits:
               memory: 512Mi
               cpu: 1.0
diff --git a/kubernetes/overlays/staging/kustomization.yml b/kubernetes/overlays/staging/kustomization.yml
@@ -1,13 +1,11 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
-bases:
-- ../../base
-
 patchesStrategicMerge:
 - deployment.yml
 
 resources:
+- ../../base
 - ingress.yml
 
 configMapGenerator:

diff --git a/kubernetes/secrets/README.md b/kubernetes/secrets/README.md
@@ -17,7 +17,7 @@ Application secrets are stored in the kubernetes secrets management system, wher
 
 ## Adding a new secret to staging / production kuberenetes
 (Similar to the dev process)
-1. Download the `secrets.env` and `settings.ini` for the correct environment from lastpass
+1. Download the `secrets.env` for the correct environment from where it is stored
 2. Make sure your `kubectl` context is set to the proper environment
 3. Run `kubectl apply -k .`  (Change the namespace if necessary using `-n <namespace>`)