getbranches / conf Goto Github PK
View Code? Open in Web Editor NEWInfrastructure as code and configurations for the Branches organization
License: Apache License 2.0
Infrastructure as code and configurations for the Branches organization
License: Apache License 2.0
It might make sense for us to refactor to using autopilot on GKE. Having talked to some Google reps, and using it for some time on another project, it seems more like what we want.
We pay a bit more per resource, but the resource usage is lowered since we no longer have to have nodes running that we don't need. We're not big users for Kubernetes, so I think it makes sense.
We need bjerk bot (or some other bot) in order to run the sync_labels
workflow
error: Running program '/home/runner/work/conf/conf' failed with an unhandled exception:
Error: Github token has expired
conf/resources/kubernetes/components/standard-deployment.ts
Lines 43 to 48 in 0120514
TODO
comment in 0120514. It's been assigned to @simenandre because they committed the code.To deploy anything to Cloud Run, we need to store Docker artefacts in either Artifact Registry or Container Registry.
Seeing as Artifact Registry is the new thing, hence I think we should use that.
To ensure that we can quickly deploy infrastructure, we'd like a simple Pulumi setup.
I've given this repository access to a folder in Bjerk's Google Cloud Plattform account. I guess we'll move to our setup at some point, but I think that should be later (?).
Working branch: https://github.com/getbranches/conf/tree/epic-first-install
I have no idea where the logs from procore-abax
are ending up now that the service is running in the kubernetes cluster. Is our slack notification setup not designed with kuberenetes in mind?
conf/resources/repository-with-artifacts.ts
Lines 18 to 21 in 57c5a6f
TODO
comment in 57c5a6f. It's been assigned to @simenandre because they committed the code.I get a DNS_PROBE_FINISHED_NXDOMAIN
when attempting to connect.
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
These updates are currently rate-limited. Click on a checkbox below to force their creation now.
These updates have all been created already. Click a checkbox below to force a retry/rebase of any.
.github/workflows/add-issues-to-project.yml
actions/add-to-project v0.5.0
actions/github-script v6
.github/workflows/auto-assign-author.yml
toshimaru/auto-author-assign v1.6.2
.github/workflows/create-todo-issues.yml
actions/checkout v4
.github/workflows/deploy-to-cloud-run.yml
actions/checkout v4
google-github-actions/auth v1
docker/login-action v2
docker/metadata-action v4
docker/setup-buildx-action v2
docker/build-push-action v4
google-github-actions/deploy-cloudrun v1
.github/workflows/drift-check.yml
actions/checkout v4
pnpm/action-setup v2
actions/setup-node v3
google-github-actions/auth v1
simenandre/setup-gke-gcloud-auth-plugin v1
pulumi/actions v4
slackapi/slack-github-action v1
.github/workflows/infra-main-apply.yml
actions/checkout v4
pnpm/action-setup v2
actions/setup-node v3
google-github-actions/auth v1
simenandre/setup-gke-gcloud-auth-plugin v1
pulumi/actions v4
.github/workflows/infra-main-preview.yml
actions/checkout v4
pnpm/action-setup v2
actions/setup-node v3
google-github-actions/auth v1
simenandre/setup-gke-gcloud-auth-plugin v1
pulumi/actions v4
.github/workflows/refresh.yml
actions/checkout v4
pnpm/action-setup v2
actions/setup-node v3
google-github-actions/auth v1
simenandre/setup-gke-gcloud-auth-plugin v1
pulumi/actions v4
.github/workflows/sync_labels.yml
actions/checkout v4
actions/github-script v6
micnncim/action-label-syncer v1
.github/workflows/update-deployment-tag.yml
actions/checkout v4
simenandre/setup-inputs v1
simenandre/pulumi-config v2
simenandre/get-commit-changelog v1
peter-evans/create-pull-request v5
package.json
@pulumi/gcp ^6.60.0
@pulumi/github ^5.14.1
@pulumi/google-native ^0.32.0
@pulumi/kubernetes ^4.0.3
@pulumi/pulumi ^3.76.0
js-yaml ^4.1.0
ts-invariant ^0.10.3
@bjerk/eslint-config ^5.3.1
@simenandre/prettier ^5.0.0
@types/node ^18
@types/js-yaml ^4.0.9
eslint ^8.45.0
prettier ^3.0.0
typescript ^5.1.6
pnpm 8.6.10
resources/kubernetes/ingress-controller.chart.ts
caddy-ingress-controller 1.0.5
resources/kubernetes/postgres-operator.chart.ts
postgres-operator 1.10.1
Pulumi.main.yaml
unleash:ext-image 5.4.2
vaultwarden:ext-image 1.29.2-alpine
It appears we are missing a lot of environment variables.
We probably want to release getbranches/conf
, our infrastructure as code project as Apache 2.0.
I've asked Pulumi to grant Branches a free Team license for our organization, which probably makes this project more visible. It would be nice if people knew if they could reuse the stuff we have here :)
Reference: pulumi/team-edition-for-open-source#8
Some builds are failing, we probably need simenandre/setup-gke-gcloud-auth-plugin
.
Abax-VWFS needs to communicate with VWFS through a specific IP address. Therefore we need to set up something like VPC. It's unclear how difficult this is to achieve in a kubernetes cluster. This might be worth reading though. It has been suggeted that we move this service to Cloud Run to make things simpler.
As the only backups we need are database backups, I suggest we use Google Storage Buckets as our main storage for backups and use the instructed backup setup from Postgres Operator (which is what we use to manage our databases).
We need to provide this API key to the cron job
We probably want reuseable workflows, that is used in GitHub Actions.
I propose that we'll have workflows that build a Docker and deploys it.
The drift check is detecting a change to some google cloud resources. Looking at the diff shows us that there are some service-accounts that pulumi wants to remove from a project IAM member. I suspect that google cloud is adding some extra stuff to this IAM member automatically. Since this happens every time this resource is modified, it becomes a sisyphean task for pulumi, meaning that a diff is detected every single time and the drift check keeps on failing every day.
We should add a cron job that runs every so often and performs a sync operation. Not immediately urgent, but something we want eventually
See the abax-procore cron job for inspiration:
conf/resources/kubernetes/deployments/abax-procore.ts
Lines 35 to 64 in 021cf06
There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.
Location: .github/renovate.json
Error type: The renovate configuration file contains some invalid settings
Message: Regex Managers must contain datasourceTemplate configuration or regex group named datasource
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.