Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

terraform/k8s-infra-kubernetes-io: manage k8s-infra-sandbox-capg budget #2940

Merged
merged 3 commits into from Oct 14, 2021
Merged

terraform/k8s-infra-kubernetes-io: manage k8s-infra-sandbox-capg budget #2940

merged 3 commits into from Oct 14, 2021

Conversation

spiffxp
Copy link
Member

@spiffxp spiffxp commented Oct 14, 2021
edited

Related:

A module to manage organization-level resources, including:

  • a project to use for APIs that only make sense to be enabled in the
    context of org management, like billing or orgpolicy
  • a lien on kubernetes-public to make sure it's not accidentally
    deleted, as a demonstration of how we could use liens
  • a budget for k8s-infra-sandbox-capg

Setting up the project required a little bit of a manual work, because
in order for terraform to use a project for billing purposes, the
project needs to already exist and have certain services enabled. This
involved:

  • commenting out "user_project_override" to use a gcloud project with
    cloudresourcemanager and serviceusage APIs enabled
  • commenting out terraform resources that weren't directly related to
    the creation/services of the k8s-infra-kubernetes-io project
  • running terraform apply
  • uncommenting everything
  • running terraform apply again

This was necessary because the Google Cloud billing budgets API does not
work with user credentials (which is how we've been authenticating and
using terraform thus far), ref: https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/billing_budget

@k8s-ci-robot k8s-ci-robot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. area/bash Bash scripts, testing them, writing less of them, code in infra/gcp/ area/infra Infrastructure management, infrastructure design, code in infra/ approved Indicates a PR has been approved by an approver from all required OWNERS files. area/terraform Terraform modules, testing them, writing more of them, code in infra/gcp/clusters/ sig/k8s-infra Categorizes an issue or PR as relevant to SIG K8s Infra. labels Oct 14, 2021
@spiffxp
Copy link
Member Author

spiffxp commented Oct 14, 2021

terraform import google_billing_budget.capg_budget billingAccounts/018801-93540E-22A20E/budgets/48207778-f6ad-44c1-9bd1-1b88e3006c81 to help me figure out what the actual resource should look like

@spiffxp
bash/main: add tf bucket for org-level resources
9b166d3
@spiffxp
terraform/k8s-infra-kubernetes-io: initial commit
0beacba 
A module to manage organization-level resources, including:

- a project to use for APIs that only make sense to be enabled in the
  context of org management, like billing or orgpolicy
- a lien on kubernetes-public to make sure it's not accidentally
  deleted, as a demonstration of how we could use liens
- a budget for k8s-infra-sandbox-capg

Setting up the project required a little bit of a manual work, because
in order for terraform to use a project for billing purposes, the
project needs to already exist and have certain services enabled. This
involved:

- commenting out "user_project_override" to use a gcloud project with
  cloudresourcemanager and serviceusage APIs enabled
- commenting out terraform resources that weren't directly related to
  the creation/services of the k8s-infra-kubernetes-io project
- running terraform apply
- uncommenting everything
- running terraform apply again

This was necessary because the Google Cloud billing budgets API does not
work with user credentials (which is how we've been authenticating and
using terraform thus far)
@spiffxp spiffxp changed the title [wip] terraform/k8s-infra-kubernetes-io: setup capg budget terraform/k8s-infra-kubernetes-io: manage k8s-infra-sandbox-capg budget Oct 14, 2021
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Oct 14, 2021
@spiffxp
Copy link
Member Author

spiffxp commented Oct 14, 2021

/cc @ameukam @dims

These changes are live: I have already run ensure-main-project.sh and terraform apply. I'm open to suggestions if things need to be renamed / reorganized.

@spiffxp
tf/k8s-infra-kubernetes-io: add k8s-infra-monthly budget
3d4fe9a 
$3M/y / 12 mo/y = $250K/mo, alert at 90% (225K) and 100%
@spiffxp
Copy link
Member Author

spiffxp commented Oct 14, 2021

Added a monthly budget for k8s-infra as a whole, we'll get e-mail alerts if we hit 90% (225K) for the month, which we have been.

@dims
Copy link
Member

dims commented Oct 14, 2021

/approve
/lgtm
/hold

thanks @spiffxp please remove hold when ready

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Oct 14, 2021
@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Oct 14, 2021
@spiffxp spiffxp mentioned this pull request Oct 14, 2021
Closed
endocrimes
endocrimes approved these changes Oct 14, 2021
View reviewed changes
Copy link
Member

@endocrimes endocrimes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Terraform LGTM (gonna start trying to help out more with infra, starting with reviews)

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dims, endocrimes, spiffxp

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@spiffxp
Copy link
Member Author

spiffxp commented Oct 14, 2021

/hold cancel

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Oct 14, 2021
@ameukam
Copy link
Member

ameukam commented Oct 14, 2021

/lgtm

@k8s-ci-robot k8s-ci-robot merged commit ec85f88 into kubernetes:main Oct 14, 2021
@k8s-ci-robot k8s-ci-robot added this to the v1.23 milestone Oct 14, 2021
ameukam
ameukam reviewed Oct 14, 2021
View reviewed changes
infra/gcp/terraform/k8s-infra-kubernetes-io/main.tf
Comment on lines +59 to +62
data "google_monitoring_notification_channel" "sig_k8s_infra_leads" {
project = data.google_project.kubernetes_public.project_id
display_name = "sig-k8s-infra-leads@kubernetes.io"
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not directly manage this with Terraform ? (use a resource)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And I think Steering should be get notified when the threshold reach a critical percentage of the budget defined

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll tackle these in a followup

@spiffxp spiffxp deleted the k8s-infra-org-tf branch October 14, 2021 21:56
This was referenced Oct 14, 2021
Merged
Merged
@justaugustus justaugustus mentioned this pull request Dec 10, 2021
Closed
@palnabarun palnabarun mentioned this pull request Mar 20, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ameukam ameukam ameukam left review comments

@endocrimes endocrimes endocrimes approved these changes

@thockin thockin Awaiting requested review from thockin

@dims dims Awaiting requested review from dims

Assignees

@dims dims

@endocrimes endocrimes

@ameukam ameukam

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/bash Bash scripts, testing them, writing less of them, code in infra/gcp/ area/infra Infrastructure management, infrastructure design, code in infra/ area/terraform Terraform modules, testing them, writing more of them, code in infra/gcp/clusters/ cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. sig/k8s-infra Categorizes an issue or PR as relevant to SIG K8s Infra. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
v1.23
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@spiffxp @dims @k8s-ci-robot @ameukam @endocrimes