Developer docs
Developer docs
Breadcrumbs

EKS Deployment Resource Hook Configuration & Deployment Flow

Last Updated:

Introduction

The following details the resource hook configuration and deployment flow for Vets API on EKS.


The vets-api EKS servers need the following components :

  • Service Account

  • Ingress Route

  • Horizontal Pod Autoscaler

  • External Sercrets

  • Server Deployment

  • Worker Deployment

  • Schema Migrations

  • SSO certificates


During deployments, the schema migration job runs before the server and worker pods are deployed. After the migration jobs runs, all other pods are deployed at the same time which has caused issues. The migration job is dependent on the External Secrets and the Service Account pods, which are not present when deploying an application to ArgoCD. The deployment had to be terminated and the External Secrets and Service Account had to be manually synced before the deployment could be manually ran again.

Resource Hooks are scripts that can be run before deploying a new version of the app. PreSync hooks were confiugred in the parent helm charts and the secrets.yaml to ensure the External Secrets and Service Account pods were deployed before the migration was ran and the server and worker pods are deployed.

Vets-api Resource Hook Deployment Flow

Resource Hook Deployment Flow for Vets API on EKS
https://mermaid.live/edit#pako:eNpdkMFqwzAQRH9F7Dk-tEcfCo7tOgkECg70IPUg5HUiYq2MIocG43_vRtQUenszDOzMzmB8h5DDOejxIk6VomL-CNg-yIjsdVG0_ZMvLMtVMlfzL9Sy9NTb81GPty9F77L-jhhIDy2agPHpNbLFcLcGRWGMnyiyt5OtuaDT4mj5fLSe2NynIAZR4Tj4h8MUPchPH67_3UJk2ZvYcskEJddLwCvqBA2XWaFJsOOzCfYrHBQpgg04DE7bjn8xKxJCQeRuqCBn7LDX0xAVKFo4qqfon9Mhj2HCDUxjpyNWVvMMB3mvhxsuP57tda4 
graph TD
A{PreSync -2}
B{PreSync -1}
C{PreSync}
D{Sync}
A --> B
B --> C
C --> D

E[ConfigMaps]
F[ExternalSecrets]
G[Service Account]
H[Schema Migration]
I[Server Deployment]
J[Worker Deployment]
E --> G
F --> G
G --> H
H --> I
H --> J

Vets-api PreSync hook configuration


Manifest type: ConfigMap and ExternalSecret

Files:

vets-api

  • chart/templates/ssoe-config.yaml

  • chart/templates/settings-configmap.yaml

  • chart/templates/lighthouse-pre-configs.yaml

vsp-infra-application-manifests

  • apps/vets-api/(dev | staging | sandbox | prod)/templates/secrets.yaml

apiVersion: v1
kind: ConfigMap | ExternalSecret
metadata:
  name: {{ $key.name }}
  annotations:
    argocd.argoproj.io/hook: PreSync
    argocd.argoproj.io/sync-wave: "-2"


Manifest type: ServiceAccount

Files:

vets-api

  • chart/templates/sa.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  annotations:
    argocd.argoproj.io/hook: PreSync
    argocd.argoproj.io/sync-wave: "-1"


Manifest type: Schema Migration - Job

Files:

vets-api

  • chart/templates/db-migrate-job.yaml

apiVersion: v1
kind: Job
metadata:
  annotations:
    argocd.argoproj.io/hook: PreSync

Help and feedback