-
-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cheat Sheet #20
Comments
What software are we using for devops and what licenses are they licensed under? This list will be required for a future buyer for sure and possibly for future investors. If there is anything licensed under AGPL, how can we replace it with something with a more favorable license? How would we bring up a new cluster in another region? What existing files/repos would we clone or modify? |
As far as I know, nothing is AGPL. I know this is a toxic license. We try to use mostly This is a good question though. We should make sure to call out the software licensing on all tools in the solution. |
While all the questions below should also have generic answers in the generic documentation (e.g. add a metric by adding some piece of info to some configuration file), the cheat sheet should have the specifics (e.g. name and location of configuration file to change, and if it is not in GitHub, how to change it and maintain version history, and how to deploy changes). How do we manage access control to devops related systems (both in staging and in production):
|
@goruha can you add some notes, links, references in this issue to unblock @Nuru. I'll refine them in the documentation, but we can start it here. Specifically, address this question first as it relates to grafana: #20 (comment) |
@Nuru we need to upgrade the clusters ASAP to use our current "best practice" that we've already rolled out with Joany and PeerStreet. Namely, we've switched to using AWS Parameter Store with KMS encryption. This is all automated using The benefits with |
I'll take a stab at this one today. |
@osterman I'm in favor of using AWS Parameter Store and KMS, and it is fine to switch to that before/instead of documenting the env files (except please note where the env files are/were so we can track whatever secrets were in them should we later discover the files were disclosed) as long as this does not break local/dev/CI environments. I'm a little wary about using |
@Nuru thanks for taking time to explain your position on this. Let me just expand on why we've chosen to back `chamber.
Great! My gripe with using the Chamber is a convenience utility. And like you say, it's possible to manage the secrets themselves using the AWS Web Console directly. My experience with AWS is that they make great APIs and rather poor command line tools. That's why there's a rich ecosystem of tools that support it. Segment.io as a company has raised $108M and been around since 2011. Our philosophy is to cherry pick the best tools from the community to facilitate integration. Most of the tools are by startups because they are the earliest adopters. Segment.io's Chamber meets the cloudposse criteria for this. There are 600+ stars on the repo. It has an Unfortunately, as with the entire Alternatives to consider would be HashiCorp's Vault. This is a tool with widespread support and in use by many major financial institutions. HashiCorp Vault coupled with |
@osterman The examples above were not meant to be a bullet list of specific documentation requirements as much as a set of examples meant to be broadly covered by the cheat sheet. The cheat sheet can say
and that might be all we need. To you it is probably obvious where everything is but to people with no experience with any of the DevOps tools you installed (which is, I think, our entire team), it is not even clear where to start. |
Cool, yes, we'll start with just documenting a roadmap of links with light descriptions of how the pieces fit together. I'll be writing up a few more docs this weekend. We've also officially relaunched the documentation portal now on Hugo (https://docs.cloudposse.com) with more or less equivalent functionality, but the added benefit of tight github integration for issues. |
This PR will serve as the "cheat sheet" (#108). It's more of a getting started guide, but tries to cover all pertinent pages in paragraph form with links out to all the pages. The goal is to communicate how all the pieces fit together. |
what
(requested by @Nuru from PopChest)
The text was updated successfully, but these errors were encountered: