migrate to k8s
tasks
running todo list for @fdbk (perhaps these could be carved into separate cards?)
provision cluster
-
stand up a cluster with a leader and 2 followers -
figure out how to get Services or Ingresses assigned external ips (this was automatic in google or digital ocean clusters since they could create ips on demand, not the case here) -
harden cluster, figure out what good security policies are -
install nginx ingress controller and certbot for VERY easy TLS cert handling -
figure out storage (once again, in Google land you can create PersistentVolumes which are tied natively into google storage systems, we don’t have infinite storage here) how much storage do we need for database, key stores, logs, metrics? -
set up native k8s dashboard to introspect on state and metrics of entire cluster -
ansibilize this process (maybe we are doing this as we go? can we? - aguestuser)
support application & metrics
-
hook up loki grafana and prometheus to cluster -
hook up signalboost signald postgres to cluster -
move env vars and encrypted blackbox files into native k8s Secrets
support CI/CD pipeline
-
create new docker images for prod (no mounted source code, completely self sufficient) -
migrate to k8s api (via gitlab) for CI/deploy
Edited by aguestuser