[IBCDPE-1007] Monitoring and security scanning #14

BryanFauble · 2024-07-29T21:48:29Z

Problem:

When running workloads on the K8s cluster we only had a small windows to view what was going on inside of the cluster.

Solution:

Implementing Victoria Metrics (Similar to Prometheus) that allows us to scrape metrics on the K8s cluster.
Implementing trivy to handle security and vulnerability scanning/best practices. This operator also creates new scans as resources are added to the cluster giving updates to the results. It also produces new scans every 6 hours.
Adding policy-reporter to give a nice UI on top of the scan reports

Testing:

I was able to deploy all of this out into the dev cluster and verify that as changes are made to the cluster new scans are produced.
I also verified that I could add new scrape configs and view the data in grafana dashboards.

…ates

…oviders themselves

dev/stacks/dpe-sandbox-k8s-deployments/main.tf

modules/sage-aws-k8s-node-autoscaler/main.tf

dev/spacelift/dpe-sandbox/main.tf

modules/main.tf

BryanFauble added 30 commits July 18, 2024 12:03

Create a spacelift private workerpool

c2c74de

Add the private workerpool module

84c36db

Allow conditional create of the workerpool

3c08ae6

skip creating worker pool

324ce7f

Add missed variable

4546b72

increment workerpool

d224c1b

Correct version of helm chart

0e9324b

Increment workerpool module version

d3d5c24

Create the k8s worker pool

c928d8a

Add warning for drift detection

5b39416

Set to private worker pool id

83b96f1

Enable drift detection via tf

63a6868

correct resource name

f6378bb

Remove drift detection from stack

ba2dbb4

Remove note

97f0412

Comment out already imported block

ebd8b3d

Add module back for 2 step removal process

b4517ec

Remove private workerpool module

d53caa6

Leave helm provider

d60047a

Merge branch 'ibcdpe-935-private-worker-pool' into ibcdpe-935-vpc-upd…

dbf0d45

…ates

hacking around to get the helm_release out of state

910b4e5

Leave module in to remove resources

98efa20

Remove module

3ada360

Update to specify provider required versions in modules instead of pr…

846b1c2

…oviders themselves

Updating modules

90f38ef

Remove provider that is not actually required

b20890d

Try setting load bal ip ranges

a6229bd

Capture flow logs

589de1d

Catpure flow logs

d1a8d28

Add to documentation

113e816

BWMac and others added 2 commits July 31, 2024 12:42

increments trivy-operator version for deployment

d037fba

Adding apache airflow module

97cdff2

spacelift-int-sagebionetworks bot temporarily deployed to spacelift/root-spacelift-administrative-stack July 31, 2024 19:22 Inactive

BryanFauble added 6 commits July 31, 2024 12:23

Deploy airflow

89b641f

Leave airflow turned off

59ea85e

Deploy ariflow

b931e5f

Update eks module

b2c577c

Correct var reference

e776195

Correction

0bd5037

spacelift-int-sagebionetworks bot temporarily deployed to spacelift/root-spacelift-administrative-stack July 31, 2024 21:02 Inactive

BryanFauble added 3 commits July 31, 2024 14:04

Increment eks module

fdeb6f6

Increment vpc version

a154a5f

Update the autoscaler to use nitro based instances

862838a

spacelift-int-sagebionetworks bot temporarily deployed to spacelift/root-spacelift-administrative-stack July 31, 2024 21:35 Inactive

BryanFauble added 3 commits July 31, 2024 14:36

Increment autoscaler

51c5318

Update where filter is defined

1949755

Increment autoscaler

7e20928

spacelift-int-sagebionetworks bot temporarily deployed to spacelift/root-spacelift-administrative-stack July 31, 2024 21:39 Inactive

BryanFauble added 2 commits July 31, 2024 14:46

Set required properties

3ad49d5

Increment

a55a11d

BryanFauble commented Jul 31, 2024

View reviewed changes

dev/stacks/dpe-sandbox-k8s-deployments/main.tf Show resolved Hide resolved

BryanFauble commented Jul 31, 2024

View reviewed changes

modules/sage-aws-k8s-node-autoscaler/main.tf Show resolved Hide resolved

Remove files that are not needed

abbe412

BWMac reviewed Aug 1, 2024

View reviewed changes

dev/spacelift/dpe-sandbox/main.tf Outdated Show resolved Hide resolved

dev/spacelift/dpe-sandbox/main.tf Show resolved Hide resolved

modules/main.tf Show resolved Hide resolved

BryanFauble mentioned this pull request Aug 2, 2024

[IBCDPE-1007] Templatizing items out to a root level #15

Merged

BryanFauble requested a review from BWMac August 12, 2024 17:11

Base automatically changed from ibcdpe-935-vpc-updates to main August 15, 2024 23:02

Merge branch 'main' into ibcdpe-1007-monitoring

122419c

BryanFauble merged commit 847e68f into main Aug 15, 2024
3 of 9 checks passed

BryanFauble deleted the ibcdpe-1007-monitoring branch August 15, 2024 23:07

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[IBCDPE-1007] Monitoring and security scanning #14

[IBCDPE-1007] Monitoring and security scanning #14

BryanFauble commented Jul 29, 2024

[IBCDPE-1007] Monitoring and security scanning #14

[IBCDPE-1007] Monitoring and security scanning #14

Conversation

BryanFauble commented Jul 29, 2024