...
The deployment and configuration is are defined in a dedicated git repository for each solution.
The git repository is hosted on the eHealth infrastructure , and is named:
| Code Block | ||
|---|---|---|
| ||
{Vendor Short Name}-{Application Short Name}/helmsman |
...
See Docker Base Images for requirements for the image and security risk mitigation.
The Docker repository is named:
...
This repository contains the only helm chart that the vendor is allowed to use to deploy their applications on the platform. The chart should be complete enough to run the application, with different configuration configurations for values, health endpoints, resource usage etc.
...
All applications on the platform is hosted on Kubernetes. To enforce separation between applications and to harden the security on the platform each application will have it’s its own Kubernetes namespace.
From this namespace, only communication to other specified namespaces is allowed.
This is at the moment only the
ehealth-publicnamespace.
Likewise, only communication to whitelisted services outside the eHealth Platform is allowed.
Please contact FUT-S Contact Information if new white - listings are needed
Namespace is named:
...
The vendor is given access to a central log collection where the vendor can query and access logs, audits and metrics collected from the application.
The vendor do does not have access to logs for the rest of the platform services, or from other applications.
When moving up through the different environments, the access will be less and less to protect against unwanted data disclosure.
Indexes available isare:
| Code Block |
|---|
{environment}_k8s_{Vendor Short Name}-{Application Short Name}_application
{environment}_k8s_{Vendor Short Name}-{Application Short Name}_audit
{environment}_k8s_{Vendor Short Name}-{Application Short Name}_metrics |
See also Logging model for logging requirements.
See also Using Splunk for a short introduction on how to use Splunk.
Jaeger tracing
In the test environment environments, the vendor is given access to a common tracing system where a call and the response times of each involved service can be found. This is possible when all involved services has have implemented the header propagation as described in Call Tracing
In production the , access to tracedata will be trace data is limited.
A GUI presenting the collected data for i.e. EXTTEST car can be accessed here https://jaeger.admin.exttest.ehealth.sundhed.dk/search