Skip to main content

Manually Plan/Apply Namespace Resources in live cluster

These steps are more or less what the concourse pipeline does.

Start in the appropriate branch of the environments repo

cd cloud-platform-environments
git checkout main
git pull
git checkout -b [BRANCH-NAME] origin/[BRANCH-NAME]

Set pingdom environment variables(Optional)

If the changes involve applying “pingdom_check” or “github”, set the environment variables for pingdom and github. The values are stored as secrets in manager cluster - concourse-main namespace.

export PINGDOM_API_TOKEN="XXXXXXXXXXXXX"
export TF_VAR_github_owner="ministryofjustice"
export TF_VAR_github_token="XXXXXXXXXXXXX"

Target the live cluster

export AWS_PROFILE=moj-cp
export KUBECONFIG=${HOME}/.kube/config
aws eks --region eu-west-2 update-kubeconfig --name live

Set some environment variables

export TF_VAR_cluster_name="live-1"
export TF_VAR_cluster_state_bucket="cloud-platform-terraform-state"
export TF_VAR_kubernetes_cluster="DF366E49809688A3B16EEC29707D8C09.gr7.eu-west-2.eks.amazonaws.com"
#needed by tf k8s provider
export KUBE_CONFIG_PATH=${HOME}/.kube/config

Note: The variable cluster_name above is used to get VPC info

Set the namespace name

I’m using offender-events-dev for this example. Use whatever is relevant for your case.

export NAMESPACE=offender-events-dev

cd namespaces/live.cloud-platform.service.justice.gov.uk/${NAMESPACE}/resources

Terraform Init

terraform init \
  -backend-config="bucket=cloud-platform-terraform-state" \
  -backend-config="key=cloud-platform-environments/live-1.cloud-platform.service.justice.gov.uk/${NAMESPACE}/terraform.tfstate" \
  -backend-config="region=eu-west-1" \
  -backend-config="dynamodb_table=cloud-platform-environments-terraform-lock"

Note: live-1 reference in backend-config is s3 repo where namespace terraform state is stored currently.

Terraform Plan/Apply

terraform plan
terraform apply
This page was last reviewed on 3 September 2024. It needs to be reviewed again on 3 March 2025 by the page owner #cloud-platform .
This page was set to be reviewed before 3 March 2025 by the page owner #cloud-platform. This might mean the content is out of date.