Versions Compared

Old Version 87

changes.mady.by.user oussama.zeaiter (Unlicensed)

Saved on

compared with

New Version 88

changes.mady.by.user oussama.zeaiter (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Review bicep deployment files (azuredeploy. *) under project repository folder AzureDeployment

    1. Review sku values for resources and update as necessary. The sku values are inside of bicep templates in repository: Infrastructure/AzureDeployment/azuredeploy.*.bicep

    2. In the same bicep files optionally set deployment flag to false if the associated resource did not need to be deployed. It is set to true by default.

  2. Configure the variables for each azure resource deployment DevOps pipelines

    1. Edit DevOps pipelines under Pipelines → All → Azure Deployment folder

    2. Configure variables listed for each deployment pipeline in Appendix section 1. For secured variables, need to re-create the value and check “Keep this value secret” checkbox after adding the value

  3. Run the first deployment pipeline Azure Resources Deployment 1 (Initial). This will create container registry, keyvault and app service plan resources

  4. Create a folder by environment name in DevOps pipeline and clone/create DevOps CI/CD pipelines in TK and TNT DevOps project.

  5. Configure new cloned/created DevOps CI/CD pipelines for specified resource groups, container image name and container image tag. Then build the pipelines. Please refer to the Appendix section 2 for the container name, image name and image tag.

  6. Update the deployment pipeline variables and run the remaining two: Azure Resources Deployment 2 (Safsecsur) and Azure Resources Deployment 3 (Eregistry). Verify the resources has been deployed successfully in Azure Portal → Resource Group → Deployments

  7. Add keyvault secrets used for applications from created resources. Please refer to the Appendix section 3 for the required application secrets (Optional: Configure Access Policies in the KeyVault)

  8. Create a Variable group in DevOps → Pipelines → Library. Toggle “Link Secrets” option, select appropriate Azure subscription → KeyVault name, add all the necessary keys and save the variable group

  9. Repeat above step in TNT project

  10. Add workmanagementservice appservice outbound IP addresses to Postgresql server connection security (Optional: Have to do this for documentmanagement service too)

  11. Run Vesselregistry and document service database script

  12. On all appservices, need to turn off & on continuous integration, save it. This should be done in order to create a webhook in container registry

  13. Disable public access to blob on storageaccount

  14. Add/Create a “Diagnostics Settings” to all the appservices on Azure portal

  15. Turn-on Identity in document api appservice and add the object id to safsecsur keyvault access policy

  16. Link and save the new variable group in all the DevOps CI/CD pipelines

  17. Make sure to use the correct branch(Develop/Master) on all the DevOps CI/CD pipelines

  18. Migrate LOV Azure Cosmos DB data using Microsoft tool or Console App

  19. Create Application Registration for Vessel Registration internal and external websites. Please refer to below Application Registration section.

  20. Run DevOps CI/CD pipelines of TK and TNT again and verify the applications runs as expected.

  21. Configure the App Configuration Resource [Applicable only for the NCD / PCP Environments] after completing the deployment of Azure Resources Deployment 1 (Initial) and Azure Resources Deployment 2 (Safsecsur).

    1. In the [nprd/prod]-vrappconfig App Configuration / Settings / Identity / System assigned → Copy the Object (principal) ID

    2. In the [environment]eregistrykv / Settings / Keys → Click the Generate/Import button, and use the following configuration:

      1. Options: Generate

      2. Name: [nprd / prod]-vr-appconfiguration-key

      3. Key type: RSA

      4. RSA key size 4096

      5. Enabled: Yes

    3. Under [environment]eregistrykv / Settings / Access policies → Click the Add Access Policy and apply the following settings

      1. Key permissions → Get, Unwrap, Wrap

      2. Select principal → Search for the Object (principal) ID you copied from step a

    4. In the [nprd/prod]-vrappconfig App Configuration / Settings / Encryption → Check the “Customer Managed Key“ and apply the following settings:

      1. Identity: System assigned

      2. Encryption Key: Select from Key Vault

      3. Key Vault:

        1. Subscription: NPRD / PROD

        2. Key vault: [environment]eregistrykv

        3. Key: [nprd / prod]-vr-appconfiguration-key

      4. Ensure you save the encryption settings

Application Registration

Script execution prerequisite

...