Prerequisite: You must be a member of the [VA-ABD-RRD GitHub team](https://github.com/orgs/department-of-veterans-affairs/teams/va-abd-rrd/members) Followed [Getting Started instructions](https://animated-carnival-57b3e7f5.pages.github.io/#getting-started) and [GETTING-STARTED page](https://animated-carnival-57b3e7f5.pages.github.io/GETTING-STARTED/) to install `lightkeeper`. ### Development Environment Step: > [!IMPORTANT] > the following `lightkeeper` commands must be run from the VA network (GFE or CAG). - Execute below command: ```sh lightkeeper create clusterconfig nonprod > kube_config ``` - Transfer `kube_config` from GFE to development laptop (where `kubectl` is installed) and save it as `~/.kube/config`.
NOTE:- this config is for the `nonprod` cluster (containing `dev`, `qa`, and `sandbox` only ) - Execute below command for Prod cluster ( containing `prod-test` and `prod`), ```sh lightkeeper create clusterconfig prod > kube_config` ``` - see [](Development%20environments#LHDI) for cluster info.
NOTE:- If you're switching between the two clusters, remember to use the right config file. - Remember to specify the namespace (e.g., `--namespace va-abd-rrd-dev`) for all `kubectl` commands, e.g.:
`kubectl get pods --namespace va-abd-rrd-dev`
`helm list --namespace va-abd-rrd-dev` ### Important - Kube `config` needs to be renewed every 90 days. - Be cautious when running commands as this may affect others using VRO in these environments, particularly in the `prod-test` and `prod` environments where PII/PHI and various secrets are visible. - Tip: For a nice GUI to monitor the status, try the [Lens app](https://k8slens.dev/). - TODO: document how to set up Lens app - Tip: By default, your access to virtual machines inside VA Network does not permit bi-directional clipboard access. This is true for both Citrix Access Gateway (CAG), and Azure Remote Desktop. This restriction makes it extremely difficult to operate in these environments. Clipboard access is highly recommended, and we encourage all engineers working within the LHDI environment to [request clipboard permissions by following the steps in this article](https://yourit.va.gov/va?id=kb_article_view_yourit&sys_id=f96381201ba6a99048a36242604bcbcb&table=kb_knowledge) (note: accessing this article requires being within the VA Network to begin with). ## Watch VRO logs To follow the logs for the `app` container in the `dev` environment: ```bash # Use the namespace corresponding to the dev environment alias kc='kubectl -n va-abd-rrd-dev' # List the pods; we want the vro-api pod with 7 containers in it kc get pods NAME READY STATUS RESTARTS AGE vro-api-7ff6569c78-jj9zk 7/7 Running 2 (17m ago) 22m vro-api-postgres-7776cbd54f-wkf8r 1/1 Running 0 22m vro-api-rabbit-mq-7ff55bcb5f-6rg46 1/1 Running 0 22m vro-api-redis-555446854-ksgjt 1/1 Running 0 22m # Follow the logs for the abd-vro-api in the vro-api pod kc logs -f vro-api-7ff6569c78-jj9zk -c abd-vro-api . ____ _ __ _ _ /\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \ ( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \ \\/ ___)| |_)| | | | | || (_| | ) ) ) ) ' |____| .__|_| |_|_| |_\__, | / / / / =========|_|==============|___/=/_/_/_/ :: Spring Boot :: (v2.7.4) 2022-11-18 18:47:11.835 INFO 1 --- [ main] gov.va.vro.VroApplication : Starting VroApplication using Java 17.0.5 on vro-api-7ff6569c78-jj9zk with PID 1 (/project/vro-app.jar started by docker in /project) 2022-11-18 18:47:11.839 INFO 1 --- [ main] gov.va.vro.VroApplication : The following 2 profiles are active: "compose", "dev" 2022-11-18 18:47:15.525 INFO 1 --- [ main] .s.d.r.c.RepositoryConfigurationDelegate : Multiple Spring Data modules found, entering strict repository configuration mode ``` ### Machine user login (DevOPS - Step only ):
IMPORTANT:- This step is only for Automated GH workflows and GH Actions. Not for Development use. Use this step to generate kubernetes config for both prod and non-prod clusters - Execute `.\lighkeeper login` - Follow the OTP Url generated by lightkeeper in a browser - Follow instruction provided in section OTP [[https://github.com/department-of-veterans-affairs/abd-vro/wiki/Machine-User-Account]] to log in to GitHub - Generate *_KUBE_CONFIG secrets for GitHub Action workflows by executing ```sh lightkeeper create clusterconfig nonprod | base64 > DEV_KUBE_CONFIG lightkeeper create clusterconfig prod | base64 > PROD_KUBE_CONFIG ``` If the environment does not support `base64`, consider using `certutil` to perform the encoding, for example: ```sh lightkeeper create clusterconfig nonprod > DEV_KUBE_CONFIG_RAW certutil -encode DEV_KUBE_CONFIG_RAW DEV_KUBE_CONFIG ``` - Update DEV_KUBE_CONFIG and PROD_KUBE_CONFIG in GitHub secrets in git [GH Action secrets](https://github.com/department-of-veterans-affairs/abd-vro/blob/0bc222dd889b108506e9a954320132dae9ff1a92/scripts/set-secret-kube-config.sh#L2) - Then test [deploying to LHDI](https://github.com/department-of-veterans-affairs/abd-vro-internal/actions/workflows/update-deployment.yml). - `IMPORTANT`: Since the config expires in 90 days, the `DEV_KUBE_CONFIG` and `PROD_KUBE_CONFIG` in git [GH Action secrets](https://github.com/department-of-veterans-affairs/abd-vro/blob/0bc222dd889b108506e9a954320132dae9ff1a92/scripts/set-secret-kube-config.sh#L2) need to be updated regularly so that GitHub Action workflows that interact with LHDI continue to work. - this rotation was last executed: `Aug 13, 2024` - 90 days from the last rotation: `Nov 11, 2024`