Oddschecker Production readiness review - Day 1+2 - 30th April 2019

# Oddschecker Production readiness review - Day 1+2 - 30th April 2019 ## Participants ### Jetstack * [Jon Tutcher](mailto:jon.tutcher@jetstack.io) * [Paul Jones](mailto:paul.jones@jetstack.io) ## Video call * Zoom: https://us02web.zoom.us/j/86924599376?pwd=NlV2ZUx1K01YMk5CRTFzUUJpTVdPUT09 ## Questions *Just ask here or in the video chat* ### Links - [This page](https://hackmd.io/@jetstack/oddschecker_prr) ## Agenda * Introduction * Establish where to focus in the next two days (e.g. break out sessions) * High level overview of architecture of cluster including applications running on it ### Thursday * Sessions on specific applications/use cases? * Assess Edge Proxy (priority) * Istio (current approach) * https://docs.solo.io/gloo/latest/ * Kong * Prometheus / Thanos architecture * Getting KPIs (priority) * Spinnaker to give folks advanced deployment strategies * Gitlab * Breaking out Central Content Management System * Secret Management * https://github.com/kubernetes-sigs/secrets-store-csi-driver * https://github.com/godaddy/kubernetes-external-secrets#gcp-secret-manager * CI/CD * Spinnaker vs [ArgoCD](https://argoproj.github.io/argo-cd/)? * [App Manager](https://cloud.google.com/blog/products/containers-kubernetes/announcing-application-manager-for-google-kubernetes-engine) * [Flagger](https://github.com/weaveworks/flagger) * [Flux](https://github.com/fluxcd/flux) * Readiness/Liveness probes * Dynamic scaling * Workload autoscaling (VPA, HPA) * Cluster autoscaling * Resources management of containers * requests/limits * Stateful applications * Monitoring * Logging * Telemetry * DR & Backups: * Look at https://github.com/vmware-tanzu/velero * ### Friday * Cluster (in detail) * Vulnerability scanning * https://snyk.io/ * Script to clean up old GCR images (rough and ready): * https://gist.github.com/ahmetb/7ce6d741bd5baa194a3fac6b1fec8bb7 Topics to dive back into: * Docker for desktop developer environment * https://github.com/kubernetes-sigs/kind - ### Other * RBAC (Google Groups) * Workload identity * PSP * Custom policies * Cluster API? * IAP / Bastion ### Notes * KPIs * [Gitlab Analytics](https://docs.gitlab.com/ee/user/analytics/productivity_analytics.html#accessing-metrics-and-visualizations) * CloudSQL * [MySQL users](https://www.terraform.io/docs/providers/google/r/sql_user.html) ### Schedule (Both Days) | | (BST) | |-----------------|-------------| | Start | 09.00 | | Lunch | 12:00-13:00 | | Finish | 17:00 | ### Links [FluxCD | ArgoCD | Jenkins X Blog](https://blog.container-solutions.com/fluxcd-argocd-or-jenkins-x-which-is-the-right-gitops-tool-for-you) [Jetstack Terraform GKE](https://github.com/jetstack/terraform-google-gke-cluster) [Helm security](https://engineering.bitnami.com/articles/helm-security.html) - Helm client runs in cluster, port-forwards to Tiller, binds over `localhost` [Helm Operator](https://github.com/fluxcd/helm-operator) [Priority Class and Preemption](https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#preemption) [PodDisruptionBudget](https://kubernetes.io/docs/concepts/workloads/pods/disruptions/) [Distroless](https://github.com/GoogleContainerTools/distroless) [Snyk.io](https://snyk.io/)