Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Set up subdomains for non production environment (Split from "Sort production front end URL") #224

Open
MatMoore opened this issue Jul 30, 2024 · 1 comment
Assignees

Comments

@MatMoore
Copy link
Contributor

MatMoore commented Jul 30, 2024

Split from ministryofjustice/find-moj-data#546

We have control of the dev.find-moj-data.service.justice.gov.uk, test.find-moj-data.service.justice.gov.uk, preprod.find-moj-data.service.justice.gov.uk

However, they're not resolving yet.

If there's time, make sure these resolve to the right cloud platform service.

See this guide: https://user-guide.cloud-platform.service.justice.gov.uk/documentation/other-topics/custom-domain-cert.html#using-a-custom-domain

At the moment, I've created 4 separate hosted zones in AWS, but the guide recommends using just one, so I think we can remove the non-production ones and then hopefully everything will Just Work™

After the domain resolves:

  • Add the domain to the redirect_uris list in the Entra ID configuration (via the azure portal)
  • Update the AZURE_REDIRECT_URI secret in github for each of the environments
@MatMoore MatMoore converted this from a draft issue Jul 30, 2024
@murdo-moj murdo-moj moved this from Todo to In Progress in Data Catalogue Jul 31, 2024
@murdo-moj murdo-moj self-assigned this Jul 31, 2024
@murdo-moj
Copy link
Contributor

murdo-moj commented Aug 6, 2024

I had to do a few things to resolve this:

  1. Remove the hosted zones for dev, preprod, and prod (with the assistance of CP)
  2. Deregister the DNS delegations for dev, preprod and prod at an MoJ level
  3. Manually delete DNS rules related to dev, preprod, and prod from the prod hosted zone (with CP's help) so that ExternalDNS will recreate the rules according to the ingress.yml in the helm deployment. (The awkwardness of this might be due to the fact the hosted zones were force deleted. ExternalDNS wasn't removing DNS rules from them as expected)
  4. Once the old DNS rules were removed, ExternalDNS recreated them as corrected rules.
  5. Add DNS certificates to the k8s namespaces for dev, preprod, and prod
  6. Add the new redirect urls to EntraID
  7. Change the redirect url env var in all environments in Github and rebuild/deploy the image/helm chart

Useful commands

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Status: Done ✅
Development

No branches or pull requests

2 participants