Skip to content

DEPLOY.md

Latest commit

 

History

History
39 lines (26 loc) · 3.01 KB

DEPLOY.md

File metadata and controls

39 lines (26 loc) · 3.01 KB

How We Deploy the App

We use ArgoCD to manage the deployment of our application.

Background

ArgoCD runs on our us-west-2 EKS cluster and connects to additional EKS clusters in us-east-1 and eu-west-1 to manage the application across all regions. The ArgoCD setup is defined in Terraform.

We use an ApplicationSet to generate three ArgoCD Applications, one for each cluster. The ApplicationSet configuration is defined in Terraform.

Deployment Process

Debug & Staging Environments

When a branch is pushed to one of the deployment branches for staging or debug, the following steps occur:

  1. A GitHub Action Workflow is triggered. This workflow builds container images and pushes them to Amazon ECR. Authorization to access AWS ECR is handled using OIDC between GitHub and AWS.

  2. The ArgoCD Image Updater polls the AWS ECR repository for new images.

    • It primarily monitors the LogServer image, as images for other services share the same tag.
    • The LogServer image is always pushed last, ensuring that all other images are already in their respective ECR repositories.
    • The ArgoCD Image Updater then updates the ArgoCD Application with the new image tag.
    • ArgoCD deploys the new image to the clusters.

Production Deployment

We don't want to build new container images for production; instead, we use the same images built and deployed for staging.

When new images are pushed to the staging ECR repositories, they are automatically replicated to the production ECR repositories. This is managed in Terraform: ecr-repos.hcl:ecr_repos_internal_replication.

To avoid triggering a deploy to production when the images become available (which happens when we push to staging), we set the ArgoCD ApplicationSet (and thus the ArgoCD Applications) for production to syncPolicy: none. This means ArgoCD doesn't automatically sync the application when the image is updated (or any other changes occur). The image update will still happen when the new images are available, but it won't sync (i.e., it won't change anything in the production clusters). When we run the deploy process for production (make deploy-prod), the underlying script calls the ArgoCD CLI for each application (i.e., each cluster) to sync the application.