Skip to content

How to setup a new service

This doc describes the step included to setup a new service. It describes the steps in a high level and the content inside each step may vary depending on the service you are setting up.

Strategy

  1. Terraform files
  2. Setup networks
  3. Application configuration
  4. Application repository and code
  5. CI/CD PR pipeline
  6. CI/CD ArgoCD(Deploy) pipeline
  7. Rolling out the application
  8. Add to CloudFlare

Terraform files

1. Go to the platform-infrastructure repo

2. Create a PR with new .tf file under folder opentofu/apps-layer.
This file will include:

  • Workload identities
  • Azure infra resources such as sql database inside elastic pool
  • KeyVault credentials

Example: https://github.com/majority-dev/platform-infrastructure/blob/master/opentofu/apps-layer/minority-lithic.tf

⚠ WARNING:
The KeyVault name must be globally unique!

💡 TIP:
You can check the uniqueness by running nslookup for the following urls:
prod-.vault.azure.net, stage-.vault.azure.net, dev-.vault.azure.net

If the KeyVault name is already taken just add the prefix 'm-' to the desired KeyVault name. Most likely that would make it globally unique.

3. After code review and merge deploy and rollout the terraform file

Setup networks

ℹ NOTE:
This will only be available after terraform has been synced for the environments.

Grab the network IP:s from the private key resource in azure.
Example url: https://portal.azure.com/#@majority.com/resource/subscriptions/4241bb02-cdaf-4c40-ae1e-989edb9ede36/resourceGroups/dev-bankPvtEndpoints-use2-rg/providers/Microsoft.Network/privateEndpoints/dev-lithic-kv-pe/dns

Then fill in the service, egress and ingress accordingly, example: https://github.com/majority-dev/platform-infrastructure/pull/351/files

Application configuration

Add the configuration needed in be-configuration.
It may vary a lot on what is required.

Application repository and code

  1. Setup a new repository in github
  2. Ask org admin to set majority-dev/backend as admin on repo (so it e.g. can be set in CODEOWNERS file)
  3. Add Deployment protection rules in the Environment repo's settings for PROD to Required review from majority-dev/backend
  4. Create a folder on your local computer with the same name
  5. Jump into the folder and do git init
  6. Change the git remote to the repository created in github
  7. Copy parts of an existing service similar to the one you are about to create
  8. Push and create PR

You can find an example setup here:

git clone https://MAJORITY@dev.azure.com/MAJORITY/Bank/_git/bank-lithic; cd .\bank-lithic; git checkout 596d01dbcc82bca92df72a9661af63fc3cc43d03;

CI/CD PR pipeline

Add pr_workflow.yaml file to the folder .github/workflows
Example: https://github.com/majority-dev/be-credit/blob/master/.github/workflows/pr_workflow.yaml

CI/CD ArgoCD(Deploy) pipeline

  1. Add folder and values structure similar to other applications, example: https://github.com/majority-dev/be-deployments/pull/17282/files
  2. Add the application to platform-infrastructure, example: https://github.com/majority-dev/platform-infrastructure/pull/356/files
  3. Merge them
  4. Add cicd_workflow.yaml file to the folder .github/workflows, example: https://github.com/majority-dev/be-credit/blob/master/.github/workflows/cicd_workflow.yaml

Rolling out the application

Run the cicd workflow in github. Platform team need to setup additional permissions so the deploy to production step is picked up by a runner.

Add to CloudFlare

ℹ NOTE:
This step needs to be performed only if the new service has a public api.
After the change is rolled out the dns records for the public api are created.

Add entries for dev, stage, prod to https://github.com/majority-dev/platform-infrastructure/blob/master/opentofu/cloudflare/apps/minority.com.tf.

Example: https://github.com/majority-dev/platform-infrastructure/pull/354/files

Verify that the api is accessible by for example open up swagger on https://dev-lithic.minority.com/swagger/index.html