Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Add the GC_ORGANISATIONS_BUCKET_NAME env variable to admin and api #3383

Merged
merged 1 commit into from
Jan 22, 2025

Conversation

smcmurtry
Copy link
Contributor

What happens when your PR merges?

This PR adds the GC_ORGANISATIONS_BUCKET_NAME to admin and api deployments. This will let us get the gc-organisations data from S3 instead of github.

What are you changing?

  • Releasing a new version of Notify
  • Changing kubernetes configuration

Provide some background on the changes

If you are releasing a new version of Notify, what components are you updating

  • API
  • Admin
  • Documentation
  • Document download API

Checklist if releasing new version

Checklist if making changes to Kubernetes

  • I know how to get kubectl credentials in case it catches on fire

After merging this PR

  • I have verified that the tests / deployment actions succeeded
  • I have verified that any affected pods were restarted successfully
  • I have verified that I can still log into Notify production
  • I have verified that the smoke tests still pass on production
  • I have communicated the release in the #notify Slack channel.

@smcmurtry smcmurtry requested a review from jimleroyer as a code owner January 22, 2025 16:24
Copy link

ingress	nginx    	132     	2025-01-22 16:24:37.62983099 +0000 UTC	deployed	nginx-ingress-1.1.2	3.4.2      

xray-daemon	xray     	130     	2025-01-22 16:24:34.523566781 +0000 UTC	deployed	aws-xray-4.0.8	3.3.12     

Comparing release=notify-documentation, chart=charts/notify-documentation
Comparing release=notify-api, chart=charts/notify-api
notification-canada-ca, notify-api, Deployment (apps) has changed:
  # Source: notify-api/templates/deployment.yaml
  apiVersion: apps/v1
  kind: Deployment
  metadata:
    name: notify-api
    labels:
      app: notify-api
  spec:
    priorityClassName: high-priority
    strategy:
      
      rollingUpdate:
        maxSurge: 25%
        maxUnavailable: 25%
      type: RollingUpdate
    selector:
      matchLabels:
        app: notify-api
    template:
      metadata:
        labels:
          app: notify-api
      spec:
        serviceAccountName: notify-api
        dnsPolicy: ClusterFirst
        restartPolicy: Always
        terminationGracePeriodSeconds: 60
        securityContext:
          {}
        initContainers:
          - name: init-postgres
            image: alpine
            command:
              [
                "sh",
                "-c",
                "until nslookup $POSTGRES_HOST; do echo waiting for postgres; sleep 2; done;",
              ]
            env:
              - name: POSTGRES_HOST
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: POSTGRES_HOST   
          - name: migrate-db
            image: "public.ecr.aws/cds-snc/notify-api:2e6f633"
            volumeMounts:
              - name: secrets-store-inline
                mountPath: "/mnt/secrets-store"
                readOnly: true   
            env:
              # Includes common ENV Variables
              - name: ADMIN_BASE_DOMAIN
                value: "https://staging.notification.cdssandbox.xyz"
              - name: ALLOW_DEBUG_ROUTE
                value: "true"
              - name: ALLOW_HTML_SERVICE_IDS
                value: "4de8b784-03a8-4ba8-a440-3bfea1b04fe6,ea608120-148a-4eba-a64c-4d9a8010e7b0"
              - name: API_HOST_NAME
                value: "https://api.staging.notification.cdssandbox.xyz"
              - name: ASSET_DOMAIN
                value: "https://assets.staging.notification.cdssandbox.xyz"
              - name: ASSET_UPLOAD_BUCKET_NAME
                value: "notification-canada-ca-staging-asset-upload"
              - name: AWS_PINPOINT_REGION
                value: "us-west-2"
              - name: AWS_REGION
                value: "ca-central-1"
              - name: AWS_SES_REGION
                value: "us-east-1"
              - name: AWS_SES_SMTP
                value: "email-smtp.us-east-1.amazonaws.com"
              - name: AWS_US_TOLL_FREE_NUMBER
                value: "+18005555555"
              - name: AWS_XRAY_CONTEXT_MISSING
                value: "LOG_WARNING"
              - name: AWS_XRAY_SDK_ENABLED
                value: "true"
              - name: AWS_XRAY_TRACING_ENABLED
                value: "true"
              - name: BASE_DOMAIN
                value: "staging.notification.cdssandbox.xyz"
              - name: BATCH_INSERTION_CHUNK_SIZE
                value: "10"
              - name: CRM_ORG_LIST_URL
                value: "https://raw.githubusercontent.com/cds-snc/gc-organisations-qa/main/data/all.json"
              - name: CSV_UPLOAD_BUCKET_NAME
                value: "notification-canada-ca-staging-csv-upload"
              - name: DOCUMENTATION_DOMAIN
                value: "documentation.staging.notification.cdssandbox.xyz"
              - name: DOCUMENT_DOWNLOAD_API_HOST
                value: "http://notify-document-download.notification-canada-ca.svc.cluster.local:7000"
              - name: FF_ANNUAL_LIMIT
                value: "true"
              - name: FF_CLOUDWATCH_METRICS_ENABLED
                value: "false"
              - name: FF_PT_SERVICE_SKIP_FRESHDESK
                value: "true"
              - name: FF_SALESFORCE_CONTACT
                value: "false"
              - name: FLASK_APP
                value: "application.py"
              - name: FRESH_DESK_API_URL
                value: "https://cds-snc.freshdesk.com"
+             - name: GC_ORGANISATIONS_BUCKET_NAME
+               value: "notification-canada-ca-staging-gc-organisations"
              - name: HC_EN_SERVICE_ID
                value: "c2fe9fac-2f28-40ca-b152-08ee41cd6843"
              - name: HC_FR_SERVICE_ID
                value: "changeme"
              - name: NEW_RELIC_APP_NAME
                value: "notification-api-staging"
              - name: NEW_RELIC_CONFIG_FILE
                value: "/app/newrelic.ini"
              - name: NEW_RELIC_DISTRIBUTED_TRACING_ENABLED
                value: "true"
              - name: NEW_RELIC_MONITOR_MODE
                value: "false"
              - name: NOTIFICATION_QUEUE_PREFIX
                value: "eks-notification-canada-ca"
              - name: NOTIFY_ENVIRONMENT
                value: "staging"
              - name: REDIS_ENABLED
                value: "1"
              - name: SALESFORCE_DOMAIN
                value: "test"
              - name: SENTRY_URL
                value: "https://[email protected]/1522933"
              - name: SQL_ALCHEMY_POOL_SIZE
                value: "256"
              - name: ZENDESK_API_URL
                value: "https://api.getbase.com"
              - name: ZENDESK_SELL_API_URL
                value: "https://cds-snc.zendesk.com"
              # Includes secret ENV Variables
              - name: ADMIN_CLIENT_SECRET
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: ADMIN_CLIENT_SECRET
              - name: AWS_ROUTE53_ZONE
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: AWS_ROUTE53_ZONE
              - name: AWS_SES_ACCESS_KEY
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: AWS_SES_ACCESS_KEY
              - name: AWS_SES_SECRET_KEY
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: AWS_SES_SECRET_KEY
              - name: CRM_GITHUB_PERSONAL_ACCESS_TOKEN
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: CRM_GITHUB_PERSONAL_ACCESS_TOKEN
              - name: CYPRESS_AUTH_CLIENT_SECRET
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: CYPRESS_AUTH_CLIENT_SECRET
              - name: CYPRESS_USER_PW_SECRET
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: CYPRESS_USER_PW_SECRET
              - name: DANGEROUS_SALT
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: DANGEROUS_SALT
              - name: DEBUG_KEY
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: DEBUG_KEY
              - name: FRESH_DESK_API_KEY
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: FRESH_DESK_API_KEY
              - name: FRESH_DESK_PRODUCT_ID
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: FRESH_DESK_PRODUCT_ID
              - name: NEW_RELIC_LICENSE_KEY
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: NEW_RELIC_LICENSE_KEY
              - name: POSTGRES_HOST
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: POSTGRES_HOST
              - name: REDIS_PUBLISH_URL
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: REDIS_PUBLISH_URL
              - name: REDIS_URL
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: REDIS_URL
              - name: SALESFORCE_ENGAGEMENT_PRODUCT_ID
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: SALESFORCE_ENGAGEMENT_PRODUCT_ID
              - name: SALESFORCE_ENGAGEMENT_RECORD_TYPE
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: SALESFORCE_ENGAGEMENT_RECORD_TYPE
              - name: SALESFORCE_ENGAGEMENT_STANDARD_PRICEBOOK_ID
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: SALESFORCE_ENGAGEMENT_STANDARD_PRICEBOOK_ID
              - name: SALESFORCE_GENERIC_ACCOUNT_ID
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: SALESFORCE_GENERIC_ACCOUNT_ID
              - name: SALESFORCE_PASSWORD
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: SALESFORCE_PASSWORD
              - name: SALESFORCE_SECURITY_TOKEN
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: SALESFORCE_SECURITY_TOKEN
              - name: SALESFORCE_USERNAME
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: SALESFORCE_USERNAME
              - name: SECRET_KEY
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: SECRET_KEY
              - name: SENDGRID_API_KEY
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: SENDGRID_API_KEY
              - name: SQLALCHEMY_DATABASE_READER_URI
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: SQLALCHEMY_DATABASE_READER_URI
              - name: SQLALCHEMY_DATABASE_URI
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: SQLALCHEMY_DATABASE_URI
              - name: SRE_CLIENT_SECRET
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: SRE_CLIENT_SECRET
              - name: ZENDESK_API_KEY
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: ZENDESK_API_KEY
              - name: ZENDESK_SELL_API_KEY
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: ZENDESK_SELL_API_KEY
              - name: STATSD_HOST
                valueFrom:
                  fieldRef:
                    fieldPath: spec.nodeName
            command:
              [
                "sh",
                "-c",
                "flask db upgrade || echo 'ERROR: database migration failed'",
              ]
        containers:
          - name: notify-api
            securityContext:
              {}
            image: "public.ecr.aws/cds-snc/notify-api:2e6f633"
            imagePullPolicy: Always
            env:
              # Includes common ENV Variables
              - name: ADMIN_BASE_DOMAIN
                value: "https://staging.notification.cdssandbox.xyz"
              - name: ALLOW_DEBUG_ROUTE
                value: "true"
              - name: ALLOW_HTML_SERVICE_IDS
                value: "4de8b784-03a8-4ba8-a440-3bfea1b04fe6,ea608120-148a-4eba-a64c-4d9a8010e7b0"
              - name: API_HOST_NAME
                value: "https://api.staging.notification.cdssandbox.xyz"
              - name: ASSET_DOMAIN
                value: "https://assets.staging.notification.cdssandbox.xyz"
              - name: ASSET_UPLOAD_BUCKET_NAME
                value: "notification-canada-ca-staging-asset-upload"
              - name: AWS_PINPOINT_REGION
                value: "us-west-2"
              - name: AWS_REGION
                value: "ca-central-1"
              - name: AWS_SES_REGION
                value: "us-east-1"
              - name: AWS_SES_SMTP
                value: "email-smtp.us-east-1.amazonaws.com"
              - name: AWS_US_TOLL_FREE_NUMBER
                value: "+18005555555"
              - name: AWS_XRAY_CONTEXT_MISSING
                value: "LOG_WARNING"
              - name: AWS_XRAY_SDK_ENABLED
                value: "true"
              - name: AWS_XRAY_TRACING_ENABLED
                value: "true"
              - name: BASE_DOMAIN
                value: "staging.notification.cdssandbox.xyz"
              - name: BATCH_INSERTION_CHUNK_SIZE
                value: "10"
              - name: CRM_ORG_LIST_URL
                value: "https://raw.githubusercontent.com/cds-snc/gc-organisations-qa/main/data/all.json"
              - name: CSV_UPLOAD_BUCKET_NAME
                value: "notification-canada-ca-staging-csv-upload"
              - name: DOCUMENTATION_DOMAIN
                value: "documentation.staging.notification.cdssandbox.xyz"
              - name: DOCUMENT_DOWNLOAD_API_HOST
                value: "http://notify-document-download.notification-canada-ca.svc.cluster.local:7000"
              - name: FF_ANNUAL_LIMIT
                value: "true"
              - name: FF_CLOUDWATCH_METRICS_ENABLED
                value: "false"
              - name: FF_PT_SERVICE_SKIP_FRESHDESK
                value: "true"
              - name: FF_SALESFORCE_CONTACT
                value: "false"
              - name: FLASK_APP
                value: "application.py"
              - name: FRESH_DESK_API_URL
                value: "https://cds-snc.freshdesk.com"
+             - name: GC_ORGANISATIONS_BUCKET_NAME
+               value: "notification-canada-ca-staging-gc-organisations"
              - name: HC_EN_SERVICE_ID
                value: "c2fe9fac-2f28-40ca-b152-08ee41cd6843"
              - name: HC_FR_SERVICE_ID
                value: "changeme"
              - name: NEW_RELIC_APP_NAME
                value: "notification-api-staging"
              - name: NEW_RELIC_CONFIG_FILE
                value: "/app/newrelic.ini"
              - name: NEW_RELIC_DISTRIBUTED_TRACING_ENABLED
                value: "true"
              - name: NEW_RELIC_MONITOR_MODE
                value: "false"
              - name: NOTIFICATION_QUEUE_PREFIX
                value: "eks-notification-canada-ca"
              - name: NOTIFY_ENVIRONMENT
                value: "staging"
              - name: REDIS_ENABLED
                value: "1"
              - name: SALESFORCE_DOMAIN
                value: "test"
              - name: SENTRY_URL
                value: "https://[email protected]/1522933"
              - name: SQL_ALCHEMY_POOL_SIZE
                value: "256"
              - name: ZENDESK_API_URL
                value: "https://api.getbase.com"
              - name: ZENDESK_SELL_API_URL
                value: "https://cds-snc.zendesk.com"
              # Includes secret ENV Variables
              - name: ADMIN_CLIENT_SECRET
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: ADMIN_CLIENT_SECRET
              - name: AWS_ROUTE53_ZONE
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: AWS_ROUTE53_ZONE
              - name: AWS_SES_ACCESS_KEY
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: AWS_SES_ACCESS_KEY
              - name: AWS_SES_SECRET_KEY
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: AWS_SES_SECRET_KEY
              - name: CRM_GITHUB_PERSONAL_ACCESS_TOKEN
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: CRM_GITHUB_PERSONAL_ACCESS_TOKEN
              - name: CYPRESS_AUTH_CLIENT_SECRET
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: CYPRESS_AUTH_CLIENT_SECRET
              - name: CYPRESS_USER_PW_SECRET
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: CYPRESS_USER_PW_SECRET
              - name: DANGEROUS_SALT
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: DANGEROUS_SALT
              - name: DEBUG_KEY
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: DEBUG_KEY
              - name: FRESH_DESK_API_KEY
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: FRESH_DESK_API_KEY
              - name: FRESH_DESK_PRODUCT_ID
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: FRESH_DESK_PRODUCT_ID
              - name: NEW_RELIC_LICENSE_KEY
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: NEW_RELIC_LICENSE_KEY
              - name: POSTGRES_HOST
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: POSTGRES_HOST
              - name: REDIS_PUBLISH_URL
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: REDIS_PUBLISH_URL
              - name: REDIS_URL
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: REDIS_URL
              - name: SALESFORCE_ENGAGEMENT_PRODUCT_ID
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: SALESFORCE_ENGAGEMENT_PRODUCT_ID
              - name: SALESFORCE_ENGAGEMENT_RECORD_TYPE
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: SALESFORCE_ENGAGEMENT_RECORD_TYPE
              - name: SALESFORCE_ENGAGEMENT_STANDARD_PRICEBOOK_ID
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: SALESFORCE_ENGAGEMENT_STANDARD_PRICEBOOK_ID
              - name: SALESFORCE_GENERIC_ACCOUNT_ID
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: SALESFORCE_GENERIC_ACCOUNT_ID
              - name: SALESFORCE_PASSWORD
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: SALESFORCE_PASSWORD
              - name: SALESFORCE_SECURITY_TOKEN
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: SALESFORCE_SECURITY_TOKEN
              - name: SALESFORCE_USERNAME
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: SALESFORCE_USERNAME
              - name: SECRET_KEY
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: SECRET_KEY
              - name: SENDGRID_API_KEY
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: SENDGRID_API_KEY
              - name: SQLALCHEMY_DATABASE_READER_URI
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: SQLALCHEMY_DATABASE_READER_URI
              - name: SQLALCHEMY_DATABASE_URI
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: SQLALCHEMY_DATABASE_URI
              - name: SRE_CLIENT_SECRET
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: SRE_CLIENT_SECRET
              - name: ZENDESK_API_KEY
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: ZENDESK_API_KEY
              - name: ZENDESK_SELL_API_KEY
                valueFrom:
                  secretKeyRef:
                    name: notify-api
                    key: ZENDESK_SELL_API_KEY
              - name: STATSD_HOST
                valueFrom:
                  fieldRef:
                    fieldPath: spec.nodeName
                
            volumeMounts:
              - name: secrets-store-inline
                mountPath: "/mnt/secrets-store"
                readOnly: true          
               
            ports:
              - name: http
                containerPort: 6011
                protocol: TCP
            readinessProbe:
              httpGet:
                path: /_status?simple=true
                port: 6011
              initialDelaySeconds: 45
              periodSeconds: 3
              timeoutSeconds: 1
              successThreshold: 3
              failureThreshold: 10
            livenessProbe:
              httpGet:
                path: "/_status?simple=true"
                port: 6011
              initialDelaySeconds: 45
              periodSeconds: 3
              timeoutSeconds: 1
              successThreshold: 1
              failureThreshold: 3
            resources:
              limits:
                cpu: 1200m
                memory: 900Mi
              requests:
                cpu: 250m
                memory: 700Mi
            
        volumes:
          - name: secrets-store-inline
            csi:
              driver: secrets-store.csi.k8s.io
              readOnly: true
              volumeAttributes:
                secretProviderClass: notify-api
        
        nodeSelector:
          eks.amazonaws.com/capacityType: ON_DEMAND

Comparing release=notify-admin, chart=charts/notify-admin
notification-canada-ca, notify-admin, Deployment (apps) has changed:
  # Source: notify-admin/templates/deployment.yaml
  apiVersion: apps/v1
  kind: Deployment
  metadata:
    name: notify-admin
    labels:
      app: notify-admin
  spec:
    priorityClassName: high-priority
    strategy:
      
      rollingUpdate:
        maxSurge: 25%
        maxUnavailable: 25%
      type: RollingUpdate
    selector:
      matchLabels:
        app: notify-admin
    template:
      metadata:
        labels:
          app: notify-admin
      spec:
        serviceAccountName: notify-admin
        dnsPolicy: ClusterFirst
        restartPolicy: Always
        terminationGracePeriodSeconds: 60
        securityContext:
          {}
        initContainers:
          - name: init-postgres
            image: alpine
            command:
              [
                "sh",
                "-c",
                "until nc -z -w 2 $API_HOST_NAME 443; do echo waiting for api; sleep 2; done"
              ]
            env:
              - name: API_HOST_NAME
                value: api.staging.notification.cdssandbox.xyz            
        containers:
          - name: notify-admin
            securityContext:
              {}
            image: "public.ecr.aws/cds-snc/notify-admin:f9cdc39"
            imagePullPolicy: Always
            env:
              # Includes common ENV Variables
              - name: ADMIN_BASE_URL
                value: "staging.notification.cdssandbox.xyz"
              - name: ALLOW_DEBUG_ROUTE
                value: "true"
              - name: ALLOW_HTML_SERVICE_IDS
                value: "4de8b784-03a8-4ba8-a440-3bfea1b04fe6,ea608120-148a-4eba-a64c-4d9a8010e7b0"
              - name: API_HOST_NAME
                value: "https://api.staging.notification.cdssandbox.xyz"
              - name: ASSET_UPLOAD_BUCKET_NAME
                value: "notification-canada-ca-staging-asset-upload"
              - name: AWS_REGION
                value: "ca-central-1"
              - name: AWS_XRAY_CONTEXT_MISSING
                value: "LOG_WARNING"
              - name: AWS_XRAY_SDK_ENABLED
                value: "true"
              - name: AWS_XRAY_TRACING_ENABLED
                value: "true"
              - name: BASE_DOMAIN
                value: "staging.notification.cdssandbox.xyz"
              - name: BULK_SEND_AWS_BUCKET
                value: "notification-canada-ca-staging-bulk-send"
              - name: BULK_SEND_TEST_SERVICE_ID
                value: "ea608120-148a-4eba-a64c-4d9a8010e7b0"
              - name: CONTACT_EMAIL
                value: "[email protected]"
              - name: CRM_ORG_LIST_URL
                value: "https://raw.githubusercontent.com/cds-snc/gc-organisations/main/data/all.json"
              - name: CSV_UPLOAD_BUCKET_NAME
                value: "notification-canada-ca-staging-csv-upload"
              - name: DOCUMENTATION_DOMAIN
                value: "https://documentation.staging.notification.cdssandbox.xyz"
              - name: FF_ANNUAL_LIMIT
                value: "true"
              - name: FF_RTL
                value: "true"
              - name: FF_SALESFORCE_CONTACT
                value: "false"
              - name: FLASK_APP
                value: "application.py"
              - name: GC_ARTICLES_API
                value: "articles.alpha.canada.ca/notification-gc-notify"
+             - name: GC_ORGANISATIONS_BUCKET_NAME
+               value: "notification-canada-ca-staging-gc-organisations"
              - name: HC_EN_SERVICE_ID
                value: "c2fe9fac-2f28-40ca-b152-08ee41cd6843"
              - name: HC_FR_SERVICE_ID
                value: "changeme"
              - name: IP_GEOLOCATE_SERVICE
                value: "http://ipv4.notification-canada-ca.svc.cluster.local:8080"
              - name: NEW_RELIC_APP_NAME
                value: "notification-admin-staging"
              - name: NEW_RELIC_CONFIG_FILE
                value: "/app/newrelic.ini"
              - name: NEW_RELIC_DISTRIBUTED_TRACING_ENABLED
                value: "true"
              - name: NEW_RELIC_MONITOR_MODE
                value: "true"
              - name: NOTIFY_ENVIRONMENT
                value: "staging"
              - name: REDIS_ENABLED
                value: "true"
              - name: SENTRY_URL
                value: "https://[email protected]/1522933"
              - name: SHOW_STYLE_GUIDE
                value: "true"
              # Includes secret ENV Variables
              - name: ADMIN_CLIENT_SECRET
                valueFrom:
                  secretKeyRef:
                    name: notify-admin
                    key: ADMIN_CLIENT_SECRET
              - name: CRM_GITHUB_PERSONAL_ACCESS_TOKEN
                valueFrom:
                  secretKeyRef:
                    name: notify-admin
                    key: CRM_GITHUB_PERSONAL_ACCESS_TOKEN
              - name: DANGEROUS_SALT
                valueFrom:
                  secretKeyRef:
                    name: notify-admin
                    key: DANGEROUS_SALT
              - name: DEBUG_KEY
                valueFrom:
                  secretKeyRef:
                    name: notify-admin
                    key: DEBUG_KEY
              - name: GC_ARTICLES_API_AUTH_PASSWORD
                valueFrom:
                  secretKeyRef:
                    name: notify-admin
                    key: GC_ARTICLES_API_AUTH_PASSWORD
              - name: GC_ARTICLES_API_AUTH_USERNAME
                valueFrom:
                  secretKeyRef:
                    name: notify-admin
                    key: GC_ARTICLES_API_AUTH_USERNAME
              - name: MIXPANEL_PROJECT_TOKEN
                valueFrom:
                  secretKeyRef:
                    name: notify-admin
                    key: MIXPANEL_PROJECT_TOKEN
              - name: NEW_RELIC_LICENSE_KEY
                valueFrom:
                  secretKeyRef:
                    name: notify-admin
                    key: NEW_RELIC_LICENSE_KEY
              - name: REDIS_PUBLISH_URL
                valueFrom:
                  secretKeyRef:
                    name: notify-admin
                    key: REDIS_PUBLISH_URL
              - name: REDIS_URL
                valueFrom:
                  secretKeyRef:
                    name: notify-admin
                    key: REDIS_URL
              - name: SECRET_KEY
                valueFrom:
                  secretKeyRef:
                    name: notify-admin
                    key: SECRET_KEY
              - name: SQLALCHEMY_DATABASE_URI
                valueFrom:
                  secretKeyRef:
                    name: notify-admin
                    key: SQLALCHEMY_DATABASE_URI
              - name: WAF_SECRET
                valueFrom:
                  secretKeyRef:
                    name: notify-admin
                    key: WAF_SECRET
              - name: STATSD_HOST
                valueFrom:
                  fieldRef:
                    fieldPath: spec.nodeName
                
            volumeMounts:
              - name: secrets-store-inline
                mountPath: "/mnt/secrets-store"
                readOnly: true          
               
            ports:
              - name: http
                containerPort: 6012
                protocol: TCP
            readinessProbe:
              httpGet:
                path: /_status?simple=true
                port: 6012
              initialDelaySeconds: 10
              periodSeconds: 3
              timeoutSeconds: 1
              successThreshold: 3
              failureThreshold: 10
            livenessProbe:
              httpGet:
                path: "/_status?simple=true"
                port: 6012
              initialDelaySeconds: 30
              periodSeconds: 3
              timeoutSeconds: 1
              successThreshold: 1
              failureThreshold: 3
            resources:
              limits:
                cpu: 1200m
                memory: 900Mi
              requests:
                cpu: 250m
                memory: 700Mi
            
        volumes:
          - name: secrets-store-inline
            csi:
              driver: secrets-store.csi.k8s.io
              readOnly: true
              volumeAttributes:
                secretProviderClass: notify-admin
        
        nodeSelector:
          eks.amazonaws.com/capacityType: ON_DEMAND

Comparing release=notify-document-download, chart=charts/notify-document-download
Comparing release=notify-celery, chart=charts/notify-celery
Comparing release=k8s-event-logger, chart=/tmp/helmfile2648521322/amazon-cloudwatch/staging/k8s-event-logger/k8s-event-logger/1.1.8/k8s-event-logger
Comparing release=karpenter-crd, chart=/tmp/helmfile2648521322/karpenter/staging/karpenter-crd/karpenter-crd/0.36.1/karpenter-crd
Comparing release=karpenter, chart=/tmp/helmfile2648521322/karpenter/staging/karpenter/karpenter/0.36.1/karpenter
Comparing release=karpenter-nodepool, chart=charts/karpenter-nodepool
Comparing release=priority-classes, chart=deliveryhero/priority-class
Comparing release=secrets-store-csi-driver, chart=secrets-store-csi-driver/secrets-store-csi-driver
Comparing release=aws-secrets-provider, chart=aws-secrets-manager/secrets-store-csi-driver-provider-aws
Comparing release=kube-state-metrics, chart=prometheus-community/kube-state-metrics
Comparing release=blazer, chart=stakater/application
Comparing release=ingress, chart=charts/nginx-ingress
Comparing release=xray-daemon, chart=okgolove/aws-xray

Copy link
Collaborator

@ben851 ben851 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@smcmurtry smcmurtry merged commit 397a6e4 into main Jan 22, 2025
2 checks passed
@smcmurtry smcmurtry deleted the chore/add-new-env branch January 22, 2025 19:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants