PAWS Data Pipeline deployment

Cris · May 13, 2024, 7:15pm

We are moving toward our for-real deployment and I have two questions (for now):

1 - We’re going to create an alias in the PAWS domain pointing to app in the CfP prod cluster - what CNAME do we point to?

2 - If the recommendation is still to use k8s Sealed Secrets, where do we find the public cert?

Thanks,
Cris

chris · May 28, 2024, 3:59pm

You can look at the choose-native-plants project as a model to open a pull request into the cfp-live-cluster:

github.com

CodeForPhilly/cfp-live-cluster/blob/main/choose-native-plants/release-values.yaml

app:
  image:
    tag: "1.0.3"

ingress:
  enabled: true
  annotations:
    kubernetes.io/ingress.class: nginx
    cert-manager.io/cluster-issuer: letsencrypt-prod
  hosts:
    - host: choose-native-plants.live.k8s.phl.io
      paths: [ '/' ]
    - host: choosenativeplants.com
      paths: [ '/' ]
    - host: www.choosenativeplants.com
      paths: [ '/' ]
  tls:
    - secretName: choose-native-plants-tls
      hosts:
        - choose-native-plants.live.k8s.phl.io

This file has been truncated. show original

Configure your Ingress with a *.live.k8s.phl.io hostname of your choice and then CNAME the production hostname to that

Yes use Sealed Secrets. The docs page for the live cluster has the needed public cert URL: Sealed Secrets - Philly Civic Cloud