Comments (18)
oh, btw, what about: https://github.com/thoth-station/thoth-application/blob/9cbd30aed172aff33ecf5f7e21e6f558493c8694/README.md#policy-based-control-of-resources
from aicoe-sre.
Btw, I've started using the https://github.com/Agilicus/yaml_filter suggested in kubernetes-sigs/kustomize#821 (comment) and It's so easy to populate the psi ticket attachments now. 😄
kustomize build applications/argo/overlays/dh-dev-argo | yaml_filter -i CustomResourceDefinition,ClusterRole > psi_ticket.yaml
kustomize build applications/argo-events/overlays/dh-dev-argo | yaml_filter -i CustomResourceDefinition,ClusterRole >> psi_ticket.yaml
the yaml_filter
is a pretty short yet clever script, can we integrate some variation of it (that may be reading the included and excluded resources from a config file instead of args?
from aicoe-sre.
- Kustomization manifests are buildable
- Resulting Kubernetes resource validation (
kubectl create --dry-run --validate
or something) - Kustomization files maintain the same standard:
- Use
commonLabels
as described in AICoE/aicoe-cd#29 - Don't use deprecated syntax like
bases
keyword etc.
- Use
- Markdown linting for runbooks (?)
from aicoe-sre.
@goern newer worked with OPA, so.. does it use any generic testsuite, you're referring to in your README? Or do you have any Thoth specific one that we can maybe take a look at? I couldn't find any...
I like the possibility to really test the manifests a lot!
from aicoe-sre.
Ja, there is https://github.com/thoth-station/thoth-application/tree/master/policy which contains the policies we want to enforce for the thoth-application. It is just testing around, I have had no deep thoughts on it...
from aicoe-sre.
I like that. That implements a good portion of my comment above. 🙂 👍
from aicoe-sre.
I think @tumido hit a lot of the initial ones we'd want to be covering. ++ to what has been said so far.
from aicoe-sre.
@HumairAK you looked into https://github.com/app-sre/qontract-validator before we went with argo-cd. Is this something we could do to validate a PR?
from aicoe-sre.
@durandom -- It's been some time, but my guess is no, as its probably coupled with their qontract-server
and not generalized. From their description in the ReadME:
This project contains the tools necessary to bundle data into the format used by qontract-server and to JSON validate it's schema.
Schema Validation would actually be something useful for the aicoe-cd
repository, and I think it's worth looking into.
from aicoe-sre.
+1 to ensuring Kustomizations build successfully on all overlays.
from aicoe-sre.
Another cool thing would be if the bots can diff the resources (after kustomize build) from before the PR and after and check if there are new CRDs or cluster wide resources added by the PR. This way we can know if we need to ticket PSI before merging the PR or not.
from aicoe-sre.
+1 @tumido --- If this can be somehow adjustable to not only CRDs but other apigroups/kinds that we can add onto some sort of a list, that would be even better.
from aicoe-sre.
And what about we can take it one step further. If such clusterwide resources are found and approved, can we automate opening of a Service Now ticket to PSI?
from aicoe-sre.
Yes we can :)
We just need some coding power to help us with that... First of all I'll turn this into a card...
from aicoe-sre.
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
.
/lifecycle stale
from aicoe-sre.
Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten
.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close
.
/lifecycle rotten
from aicoe-sre.
Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen
.
Mark the issue as fresh with /remove-lifecycle rotten
.
/close
from aicoe-sre.
@sesheta: Closing this issue.
In response to this:
Rotten issues close after 30d of inactivity.
Reopen the issue with/reopen
.
Mark the issue as fresh with/remove-lifecycle rotten
./close
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
from aicoe-sre.
Related Issues (3)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aicoe-sre.