nais / bifrost Goto Github PK

Currently they are created without resources which gives each container default resources that is a little bit too much.

    Limits:
      cpu:                500m
      ephemeral-storage:  1Gi
      memory:             2Gi
    Requests:
      cpu:                500m
      ephemeral-storage:  1Gi
      memory:             2Gi

Can VerticalPodAutoscaler be used here? https://cloud.google.com/kubernetes-engine/docs/concepts/verticalpodautoscaler

Depends on: nais/unleash#93

Due to how Unleasherator is designed it creates services with the same name as
the unleash instance. Services must start with an aphabetic charecter.

Unsure if this should be fixed in Bifrost and/or Unleasherator, but preventing
team names starting with a number is a quick fix.

This is needed for the Unleash to Slack webhook.

Currently this variable is set manually from Fasit as we don't have an easy way to find it.

https://github.com/nais/fasit/blob/main/features/bifrost.yaml#L15-L18

config:
  backend.google.iapBackendServiceId:
    type: string
    description: ID for Backend Service for IAP loadbanacer used for verifying JWT tokens from IAP.

Google describes how to do this manually using gcloud, since this is created via an ingress it is a little more "unknown" what the name will be.

gcloud compute backend-services describe SERVICE_NAME --project=PROJECT_ID --global

How to get started with new Unleash instances.

Old docs: https://docs.nais.io/addons/unleash

Fetch latest version tags from nais/unleash for custom version upgrades.

• Prometheus metrics in Bifröst
• Prometheus metrics in Unleasherato
• Prometheus metrics fro Unleash
• Grafana Dashboard
• Prometheus alerts

There's very few tests. We should have a test suite that exercises the main functionality creating, deleting etc.

Add support for mapping namespaces to Unleash instances to make Unleash
avaialble accross other namespaces.

Automate roll out of new Unleash versions.

Cache fetched Unleash image versions from GitHub.

And also suffix it with -sql-user

bifrost-team1-sql-user

The current logic does not handle failures when creating or deleting instances fails. The error back to the user could be more descriptive and pinpoint which part failed.

Unleash web ingress host resolves to a private IP by default, it needs to be added to the DNS zone pointing to our IAP load balancer public IP.

Unleash instances runs on a shared Cloud Cloud SQL instance. There are metrics in Google Cloud Monitoring that we should keep an eye on.

Currently it is only authentication via IAP. Let's add some group authorization as well.

Move the Bifrost Helm Chart to this repository to make it easier to manage and keep in sync with code changes.

Operations documentation for Bifrost and Unleasherator. High level view and how it all fits together. Add necessary references to nais/vakt.

• Bifrost
  • Development and deployment
  • Architecture and components (dependencies)
• Unleasherator
  • Development and deployment
  • Architecture and components (dependencies)
• Unleash
  • Components (dependencies)
  • Failure scenarios

It would be useful to be able to create whole working unleash crd object from bifrost

The ability for Bifrost to do a self test on an Unleash instance to determine if the instance is configured correctly.

Image: https://github.com/nais/unleash

Needs the following environment variables set:

• GOOGLE_IAP_JWT_AUDIENCE (ex. /projects/PROJECT_NUMBER/global/backendServices/SERVICE_ID)

PROJECT_NUMBER and SERVICE_ID variables should be set in Terraform and made available in Fasit.

Export Prometheus metrics for Bifrost.