Deploy review app into dedicated namespace
Problem to solve
Some components of review apps may receive additional load corresponding to the number of review app releases in the same namespace.
One of such that has been identified is nginx-ingress-controller
.
Hypothesis
Deploying into dedicated namespace would improve deployment stability because the number of resources in the namespace would be limited to those that are relevant to the same review app release.
It would also help in maintenance as cleaning up of resources would be equivalent to removing a namespace.
Todo list
-
configure cert-manager
to work across namespaces. Previously, it is inreview-apps
namespace responding to certificate needs in the same namespace.-
Current cert-manager
is ok -
Needs to create new ClusterIssuer
for theClusterIssuer
using DNS zone solver. -
Change base-config to use ClusterIssuer
-
-
configure external-dns
to work across namespaces. Previously, it is inreview-apps
namespace responding to DNS needs in the same namespace. - no change needed -
update review app deployment script to deploy into a dedicated namespace (using the release name as namespace. For example, review-branch-abc-123
is deployed into namespacereview-branch-abc-123
- [ ] maybe add custom label or annotations to help identify review-app resources that can be deleted during scheduled clean up (see point below) -
change pipeline specific clean up scripts to clean up namespace
after uninstalling helm -
change scheduled clean up scripts to clean up review app resources across all namespaces. Note: this has to be done with care to avoid deleting non review app resources. We may need to add custom label or annotations to help identify resources that need to be cleaned up => follow up #333519 (closed)
Additional context in the epic thread: &6024 (comment 589105331)
Part of &6024 (closed)
Edited by Albert