profile
viewpoint
Shea Stewart stewartshea @ArctiqTeam Canada www.arctiq.ca Hanging out with @ArctiqTeam helping teams build great software through adoption of devops cultural and automation practices.

issue closedBCDevOps/platform-services

Sysdig Agents "Connected" but not providing data / erroring

We are running into issues where our Sysdig agents are connected and registered in SaaS console, but specific node details aren't being sent/displayed and this is causing a incomplete picture across our clusters and inaccurate monitoring.

An example of some of the logs that we see are:

2020-01-16 23:09:05.747, 119779.75643, Information, connection_manager:297: Connecting to collector 52.6.11.160:6443
2020-01-16 23:09:05.831, 119779.75643, Information, connection_manager:313: Performing SSL handshake
2020-01-16 23:09:06.024, 119779.75643, Information, connection_manager:319: SSL identity verified
2020-01-16 23:09:06.024, 119779.75643, Information, connection_manager:352: Connected to collector
2020-01-16 23:09:06.024, 119779.119836, Information, connection_manager:555: Processing messages
2020-01-16 23:09:06.024, 119779.119836, Information, connection_manager:667: Sent msgtype=1 len=25188 to collector
2020-01-16 23:09:06.025, 119779.119836, Information, connection_manager:667: Sent msgtype=1 len=23113 to collector
2020-01-16 23:09:06.025, 119779.119836, Information, connection_manager:667: Sent msgtype=1 len=22552 to collector
2020-01-16 23:09:06.025, 119779.119836, Information, connection_manager:667: Sent msgtype=1 len=22474 to collector
2020-01-16 23:09:06.056, 119779.119860, Information, Added 77 statsd metrics for container=k8s_sysdig-agent_sysdig-agent-app-8b6wx_devops-sysdig_0c3c81d0-3892-11ea-a963-00505683394a_0 (id=7a884bbdf37e)
2020-01-16 23:09:06.059, 119779.119860, Information, k8s_deleg: found our node: ociopf-t-322.dmz
2020-01-16 23:09:06.059, 119779.119860, Information, k8s_deleg: delegated node ociopf-t-301.dmz ips: 142.34.217.48 ociopf-t-301.dmz id: 28f4bf51-76e2-11e7-b9a6-00505683c9cc
2020-01-16 23:09:06.059, 119779.119860, Information, k8s_deleg: delegated node ociopf-t-302.dmz ips: 142.34.217.49 ociopf-t-302.dmz id: 2916e00d-76e2-11e7-b9a6-00505683c9cc
2020-01-16 23:09:06.059, 119779.119860, Information, k8s_deleg: This node is not delegated
2020-01-16 23:09:06.062, 119779.119860, Information, Added 77 statsd metrics for host=ociopf-t-322.dmz
2020-01-16 23:09:06.063, 119779.119860, Information, ts=1579216146, ne=68678, de=0, c=10.23, fp=0.39, sr=1, st=0, fl=47
2020-01-16 23:09:06.069, 119779.119836, Information, connection_manager:667: Sent msgtype=1 len=21244 to collector
2020-01-16 23:09:06.369, 119779.119836, Information, connection_manager:847: Received command 11 (CONFIG_DATA)
2020-01-16 23:09:06.669, 119779.119836, Information, connection_manager:847: Received command 12 (ERROR_MESSAGE)
2020-01-16 23:09:06.669, 119779.119836, Error, error_message_handler:63: received ERR_CONN_LIMIT (Too many agent connections.)
2020-01-16 23:09:06.970, 119779.119836, Error, connection_manager:751: Lost connection (reading header)
2020-01-16 23:09:06.970, 119779.119836, Information, connection_manager:468: Disconnecting from collector
2020-01-16 23:09:06.970, 119779.119836, Warning, connection_manager:570: Receive failed. Looping back to reconnect.
2020-01-16 23:09:06.970, 119779.119836, Information, connection_manager:256: Initiating connection to collector (trying for 60 seconds)
2020-01-16 23:09:06.970, 119779.119836, Information, connection_manager:397: Waiting to connect 60 s

closed time in 13 minutes

stewartshea

issue commentBCDevOps/platform-services

Sysdig Agents "Connected" but not providing data / erroring

There were indeed too many agents connected; I've turned off the masters in the lab for now to continue testing what we needed.

stewartshea

comment created time in 13 minutes

issue openedBCDevOps/platform-services

Sysdig Agents "Connected" but not providing data / erroring

We are running into issues where our Sysdig agents are connected and registered in SaaS console, but specific node details aren't being sent/displayed and this is causing a incomplete picture across our clusters and inaccurate monitoring.

An example of some of the logs that we see are:

2020-01-16 23:09:05.747, 119779.75643, Information, connection_manager:297: Connecting to collector 52.6.11.160:6443
2020-01-16 23:09:05.831, 119779.75643, Information, connection_manager:313: Performing SSL handshake
2020-01-16 23:09:06.024, 119779.75643, Information, connection_manager:319: SSL identity verified
2020-01-16 23:09:06.024, 119779.75643, Information, connection_manager:352: Connected to collector
2020-01-16 23:09:06.024, 119779.119836, Information, connection_manager:555: Processing messages
2020-01-16 23:09:06.024, 119779.119836, Information, connection_manager:667: Sent msgtype=1 len=25188 to collector
2020-01-16 23:09:06.025, 119779.119836, Information, connection_manager:667: Sent msgtype=1 len=23113 to collector
2020-01-16 23:09:06.025, 119779.119836, Information, connection_manager:667: Sent msgtype=1 len=22552 to collector
2020-01-16 23:09:06.025, 119779.119836, Information, connection_manager:667: Sent msgtype=1 len=22474 to collector
2020-01-16 23:09:06.056, 119779.119860, Information, Added 77 statsd metrics for container=k8s_sysdig-agent_sysdig-agent-app-8b6wx_devops-sysdig_0c3c81d0-3892-11ea-a963-00505683394a_0 (id=7a884bbdf37e)
2020-01-16 23:09:06.059, 119779.119860, Information, k8s_deleg: found our node: ociopf-t-322.dmz
2020-01-16 23:09:06.059, 119779.119860, Information, k8s_deleg: delegated node ociopf-t-301.dmz ips: 142.34.217.48 ociopf-t-301.dmz id: 28f4bf51-76e2-11e7-b9a6-00505683c9cc
2020-01-16 23:09:06.059, 119779.119860, Information, k8s_deleg: delegated node ociopf-t-302.dmz ips: 142.34.217.49 ociopf-t-302.dmz id: 2916e00d-76e2-11e7-b9a6-00505683c9cc
2020-01-16 23:09:06.059, 119779.119860, Information, k8s_deleg: This node is not delegated
2020-01-16 23:09:06.062, 119779.119860, Information, Added 77 statsd metrics for host=ociopf-t-322.dmz
2020-01-16 23:09:06.063, 119779.119860, Information, ts=1579216146, ne=68678, de=0, c=10.23, fp=0.39, sr=1, st=0, fl=47
2020-01-16 23:09:06.069, 119779.119836, Information, connection_manager:667: Sent msgtype=1 len=21244 to collector
2020-01-16 23:09:06.369, 119779.119836, Information, connection_manager:847: Received command 11 (CONFIG_DATA)
2020-01-16 23:09:06.669, 119779.119836, Information, connection_manager:847: Received command 12 (ERROR_MESSAGE)
2020-01-16 23:09:06.669, 119779.119836, Error, error_message_handler:63: received ERR_CONN_LIMIT (Too many agent connections.)
2020-01-16 23:09:06.970, 119779.119836, Error, connection_manager:751: Lost connection (reading header)
2020-01-16 23:09:06.970, 119779.119836, Information, connection_manager:468: Disconnecting from collector
2020-01-16 23:09:06.970, 119779.119836, Warning, connection_manager:570: Receive failed. Looping back to reconnect.
2020-01-16 23:09:06.970, 119779.119836, Information, connection_manager:256: Initiating connection to collector (trying for 60 seconds)
2020-01-16 23:09:06.970, 119779.119836, Information, connection_manager:397: Waiting to connect 60 s

created time in 19 hours

push eventBCDevOps/platform-services

stewartshea

commit sha a6aecf6f5f26943a0a78bb159ba65ae6c9eed4d1

disable sysdig metric

view details

stewartshea

commit sha f96b2ba0a58382fed17b35d354c276a8d3c47ae3

minor doc changes

view details

push time in a day

issue commentBCDevOps/OpenShift4-RollOut

Procure Software Entitlements for Cluster Add-Ons

Numbers are confirmed and requests are put out for pricing.

stewartshea

comment created time in a day

issue commentBCDevOps/platform-services

Statuspage deployment pipeline race condition


webhook] 2020/01/15 20:15:59 [351dab] executing /opt/update_notifications.sh (/opt/update_notifications.sh) with arguments ["/opt/update_notifications.sh" "https://github.com/BCDevOps/platform-services-status-page-notifications " "" "41" "" ""] and environment [] using /opt as cwd
--
  | [webhook] 2020/01/15 20:17:20 [351dab] command output: From https://github.com/BCDevOps/platform-services
  | 90d37c1..bd16763  master     -> origin/master
  | 6f0be90..8a7183f  feature/sysdig-teams-operator -> origin/feature/sysdig-teams-operator
  | * [new branch]      latency-test -> origin/latency-test
  | Updating 90d37c1..bd16763
  | Fast-forward
  | security/aporeto/tools/latency-test/README.md      \| 40 ++++++++++++++++++
  | security/aporeto/tools/latency-test/analize.js     \| 49 ++++++++++++++++++++++
  | .../tools/latency-test/test/curl-format.txt        \|  9 ++++
  | security/aporeto/tools/latency-test/test/run.sh    \|  8 ++++
  | 4 files changed, 106 insertions(+)
  | create mode 100644 security/aporeto/tools/latency-test/README.md
  | create mode 100644 security/aporeto/tools/latency-test/analize.js
  | create mode 100644 security/aporeto/tools/latency-test/test/curl-format.txt
  | create mode 100755 security/aporeto/tools/latency-test/test/run.sh
  |  
  | PLAY [localhost] ***************************************************************
  |  
  | TASK [python_requirements_facts] ***********************************************
  | ok: [localhost]
  |  
  | TASK [debug] *******************************************************************
  | ok: [localhost] => {
  | "groupvars[inventory_hostname]": "VARIABLE IS NOT DEFINED!"
  | }
  |  
  | TASK [include_tasks] ***********************************************************
  | included: /opt/platform-services/apps/statuspage/ansible/tasks/set_env.yml for localhost
  |  
  | TASK [set_fact] ****************************************************************
  | skipping: [localhost]
  |  
  | TASK [set_fact] ****************************************************************
  | skipping: [localhost]
  |  
  | TASK [set_fact] ****************************************************************
  | skipping: [localhost]
  |  
  | TASK [set_fact] ****************************************************************
  | ok: [localhost]
  |  
  | TASK [set_fact] ****************************************************************
  | skipping: [localhost]
  |  
  | TASK [set_fact] ****************************************************************
  | skipping: [localhost]
  |  
  | TASK [include_tasks] ***********************************************************
  | skipping: [localhost]
  |  
  | TASK [include_tasks] ***********************************************************
  | [DEPRECATION WARNING]: k8s_raw is kept for backwards compatibility but usage is
  | discouraged. The module documentation details page may explain more about this
  | rationale.. This feature will be removed in a future release. Deprecation
  | warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
  | included: /opt/platform-services/apps/statuspage/ansible/tasks/configure.yml for localhost
  |  
  | TASK [Wait for Grafana to be ready...] *****************************************
  | changed: [localhost]
  |  
  | TASK [Get Route] ***************************************************************
  | changed: [localhost]
  |  
  | TASK [Get existing admin password] *********************************************
  | changed: [localhost]
  |  
  | TASK [Generate admin password] *************************************************
  | skipping: [localhost]
  |  
  | TASK [Set password variable] ***************************************************
  | ok: [localhost]
  |  
  | TASK [Insert delay] ************************************************************
  | changed: [localhost]
  |  
  | TASK [Reset admin password] ****************************************************
  | skipping: [localhost]
  |  
  | TASK [Add grafana admin password to deployment] ********************************
  | skipping: [localhost]
  |  
  | TASK [Set light theme] *********************************************************
  | changed: [localhost]
  |  
  | TASK [Get existing public viewer API key] **************************************
  | ok: [localhost]
  |  
  | TASK [set_fact] ****************************************************************
  | ok: [localhost]
  |  
  | TASK [set_fact] ****************************************************************
  | ok: [localhost]
  |  
  | TASK [set_fact] ****************************************************************
  | ok: [localhost]
  |  
  | TASK [set_fact] ****************************************************************
  | ok: [localhost]
  |  
  | TASK [set_fact] ****************************************************************
  | ok: [localhost]
  |  
  | TASK [Delete existing public viewer API key] ***********************************
  | ok: [localhost]
  |  
  | TASK [Delete existing admin viewer API key] ************************************
  | ok: [localhost]
  |  
  | TASK [Create new public viewer API key] ****************************************
  | ok: [localhost]
  |  
  | TASK [Create new admin API key] ************************************************
  | ok: [localhost]
  |  
  | TASK [Add api key to envoy ConfigMap] ******************************************
  | changed: [localhost]
  |  
  | TASK [Reapply envoy configmap] *************************************************
  | changed: [localhost]
  |  
  | TASK [Redeploy Envoy] **********************************************************
  | changed: [localhost]
  |  
  | TASK [Configure Grafana Datasource] ********************************************
  | changed: [localhost]
  |  
  | TASK [Generate and apply dashboard] ********************************************
  | included: /opt/platform-services/apps/statuspage/ansible/tasks/generate_dashboard.yml for localhost
  |  
  | TASK [set fact from yaml file] *************************************************
  | ok: [localhost]
  |  
  | TASK [Fetch notifications repo content] ****************************************
  | changed: [localhost]
  |  
  | TASK [Set notifications fact path] *********************************************
  | ok: [localhost]
  |  
  | TASK [Get file list] ***********************************************************
  | changed: [localhost]
  |  
  | TASK [render template] *********************************************************
  | changed: [localhost]
  |  
  | TASK [Validate dashboard] ******************************************************
  | fatal: [localhost]: FAILED! => {"changed": true, "cmd": ["bin/grafana-dashboard", "--debug", "--grafana-url", "http://grafana-c81e6h-dev.pathfinder.gov.bc.ca ", "--grafana-apikey", "eyJrIjoiNFU5bEh4akdzODZBcU9nRmo3dm85M05YNHp6Mnhsb0EiLCJuIjoiYWRtaW4iLCJpZCI6MX0=", "validate", "templates/statuspage_grafyaml.yml"], "delta": "0:00:02.363862", "end": "2020-01-15 20:17:20.741649", "msg": "non-zero return code", "rc": 1, "start": "2020-01-15 20:17:18.377787", "stderr": "DEBUG:grafana_dashboards.cmd:Grafana URL override: http://grafana-c81e6h-dev.pathfinder.gov.bc.ca\nDEBUG:grafana_dashboards.cmd:Grafana  APIKey overridden\nINFO:grafana_dashboards.cmd:Validating schema in templates/statuspage_grafyaml.yml", "stderr_lines": ["DEBUG:grafana_dashboards.cmd:Grafana URL override: http://grafana-c81e6h-dev.pathfinder.gov.bc.ca ", "DEBUG:grafana_dashboards.cmd:Grafana APIKey overridden", "INFO:grafana_dashboards.cmd:Validating schema in templates/statuspage_grafyaml.yml"], "stdout": "templates/statuspage_grafyaml.yml: ERROR: expected str for dictionary value @ data['dashboard']['rows'][4]['panels']['content']", "stdout_lines": ["templates/statuspage_grafyaml.yml: ERROR: expected str for dictionary value @ data['dashboard']['rows'][4]['panels']['content']"]}
  | to retry, use: --limit @/opt/platform-services/apps/statuspage/ansible/statuspage.retry
  |  
  | PLAY RECAP *********************************************************************
  | localhost                  : ok=31   changed=12   unreachable=0    failed=1
  |  
  | Failed to update dev
  |  
  | [webhook] 2020/01/15 20:17:20 [351dab] finished handling update_notifications
stewartshea

comment created time in 2 days

issue commentBCDevOps/OpenShift4-RollOut

Procure Software Entitlements for Cluster Add-Ons

No final numbers yet. This is in progress. Waiting on some detail from @jefkel before we can provide some quotes to move forward with contract amendments

stewartshea

comment created time in 4 days

push eventBCDevOps/platform-services

stewartshea

commit sha 8a7183f9da5a737c50fc256873252fb340714b66

fix filter for new_team

view details

push time in 5 days

push eventBCDevOps/platform-services

stewartshea

commit sha 2641f8e3a00fb1efcacc0f274a7951ccc4dabb00

remove sysdig capture from team capability

view details

push time in 5 days

push eventBCDevOps/platform-services

stewartshea

commit sha cffe090125962a3422e2a8410c0d92e86901ff5e

add default dashboard and cleanup debug logs

view details

push time in 5 days

push eventBCDevOps/platform-services

stewartshea

commit sha 66e851ce01dcbab397dcf9b7f1e073a1b3475918

add default dashboard

view details

push time in 7 days

push eventBCDevOps/platform-services

Cailey Jones

commit sha 7df553a774bb734379533b97f8c42745eec4db85

add backup cronjob

view details

Cailey Jones

commit sha 4e2369e3efbf5fba9624fb4fbe903d0c393a491f

add backup cronjob

view details

Cailey Jones

commit sha 168d1385171f3a31ad762a59bf4f3cb2934c33af

first sa commit

view details

mitovskaol

commit sha ac1d40a72f5dbfa0fa45deccc88968d0b57a0e46

A couple of minor updates for Dev Guide

view details

mitovskaol

commit sha f2416430d6a22a9c9c1f8ce3bd72477f1e696dd3

Added descriptions and metadata to all markdown files under security/aporeto that were included in Dev Guide

view details

Olena Mitovska

commit sha ac421256383658a804ea69c4f998bfcfb275e3b2

Merge branch 'master' into olena-update-devguide

view details

Cailey Jones

commit sha bc5d88e3bd0726b5ea4dfcf4763dca888faa7012

basic working sa operator

view details

Cailey Jones

commit sha 0e3bf10fe0af9c16f6602422d01b3adc9b10f654

forgot to add

view details

stewartshea

commit sha 3d30d2e6ea9276997bc7064eca270864ac6b0cb4

minor heading change

view details

mitovskaol

commit sha e7a956cc7a4a73c7a29f91a6868f3185ed3bdae1

More updates to the Developer Guide

view details

Cailey Jones

commit sha e69edfbf7f171540dc958bce52a8eaee3ea7d4c5

working operators

view details

Cailey Jones

commit sha 8c8f0a6fadda80627ee4616071374427454ef06d

image version consistency update

view details

Olena Mitovska

commit sha af648604c44ce767ec11d8e1ca97db7b1a3769f5

Merge branch 'master' into olena-update-devguide

view details

Cailey Jones

commit sha c09b4441094384324e3e6adfe796f26ce703b872

removing temp rocketchat route

view details

Jeff Kelly

commit sha 30a62691e69ce3aaac66120ede4762e8bacc1236

small doc updates and cleanup

view details

Cailey Jones

commit sha f2cc2a9e1d6e8744d3fd869a27778f50cb938d2b

artifactory documentation and support scripts

view details

Cailey Jones

commit sha b49b9e104cd66c61a610bd391f785052d382118a

Merge branch 'cailey-artifactory-operatorSAs' of github.com:BCDevOps/platform-services into cailey-artifactory-operatorSAs

view details

Cailey Jones

commit sha aee364934f96f00469d8b9fecd5d06355bff89f3

Merge pull request #460 from BCDevOps/cailey-artifactory-operatorSAs Cailey artifactory operator SAs

view details

Cailey Jones

commit sha c925de93574aea24c0827f3eb496812850c98025

add the step to delete files older than 30 days

view details

Shelly Han

commit sha b7fc3df2c49da2bc78510af3662930aee2620288

Create docs for documize admin control (#459) * update jenkins file change filter * remove error output for no builds * remove error output in jenkins * added documents for documize admin usage

view details

push time in 7 days

issue commentBCDevOps/platform-services

Look at shortening the way to authenticate into the Aporeto UI

Once prod is updated (on the Aporeto side), there will be a way. Writeup is here:

https://junon.sandbox.aporeto.us/saas/release-notes/20200108/#streamlined-web-interface-logins

stewartshea

comment created time in 7 days

issue openedBCDevOps/platform-services

Document NSP Creation in Jenkins Pipeline

Jenkins is still currently one of the most widely used pipeline tool at BCGov. There are use-cases where teams want to apply new NSP's within the deployment pipeline, and this requires that validation is performed prior to deploying additional components/ services.

In the developer hub, provide documentation that;

  • [ ] describes the simple pipeline flow and a simple example
  • [ ] points to a live / real use case (from NR)

created time in 7 days

issue openedBCDevOps/platform-services

Publish Common Service Labels for Policies with Aporeto and Document

There is a use case where a team may not want pods to not communicate to the internet but require certain internal services. A specific example would be a service that needs access to SSO only, or services inside the entire cluster.

Test and document in the developer hub the following;

  • [ ] Common labels for services like SSO or Artifactory
  • [ ] A pod that only wants to talk to SSO
  • [ ] A pod that wants to talk to any service in OpenShift only

created time in 7 days

issue commentBCDevOps/platform-services

Look at shortening the way to authenticate into the Aporeto UI

I've reached out to Aporeto to see if there is any other way to shorten the process.

stewartshea

comment created time in 7 days

issue commentBCDevOps/platform-services

Look at shortening the way to authenticate into the Aporeto UI

We do have a default provider configured and so currently the only required information is: -> Sign into OIDC provider -> Putting in the namespace of /bcgov or the desired namespace.

stewartshea

comment created time in 7 days

issue openedBCDevOps/platform-services

Look at shortening the way to authenticate into the Aporeto UI

Logging into the Aporeto UI is annoying to developers when they have to insert the SSO realm. It would be nice to have a shortcut that can shorten this process.

created time in 7 days

issue openedBCDevOps/platform-services

Statuspage deployment pipeline race condition

Occasionally the update_notifications playbook craps out in one of the environment deployments (most recently was seen in test) and rerunning the update_notifications.sh script cleans everything up. We need to investigate the race condition and apply appropriate changes to stabilise it (or notify of failure)

created time in 9 days

issue openedBCDevOps/platform-services

Bug: events with an invalid type of StateChange

The setup in the eventhub test project are causing an issue for the router and the EFK instance. This needs to be resolved before anything moves to prod.

created time in 11 days

pull request commentBCDevOps/platform-services

apb-aporeto-fix

@jefkel @sbarre-esit This is related to https://trello.com/c/zz3nMCt9/138-nfs-backup-apb-provisioning-network-security-policy-fixes

I tested adding delays into the APB playbook (to give the PU ample time to register) and also tried a few different policy and Enforcer profile PU combinations.

After all that testing, the stable deployment was achieved by adding only the image into the ignored PU's configuration of the enforcer profile.

I've already applied these changes to the lab and prod as a part of my testing.

stewartshea

comment created time in 13 days

PR opened BCDevOps/platform-services

apb-aporeto-fix
+1 -16

0 comment

2 changed files

pr created time in 13 days

push eventBCDevOps/platform-services

stewartshea

commit sha 4ae642dcdcf452d99b41abdaa70f749ea64c2e38

remove apb policy and add image to ignored PU in profile

view details

push time in 13 days

create barnchBCDevOps/platform-services

branch : apb-aporeto-fix

created branch time in 13 days

push eventstewartshea/provision-nfs-apb

Shea Stewart

commit sha f38b377a518a56fd891aa3e1863fcc1a38ddbfd2

Update deprovision.yml

view details

push time in 13 days

push eventstewartshea/provision-nfs-apb

Shea Stewart

commit sha 6a87745eab9355e7ccdcbd34d18b9f2b70d68542

Update provision.yml

view details

push time in 13 days

push eventstewartshea/provision-nfs-apb

Shea Stewart

commit sha 07d86cbf56994d0019b5b6525bbb10c199a3bfe7

Update stage.yml

view details

push time in 13 days

push eventstewartshea/provision-nfs-apb

Shea Stewart

commit sha 2b4e3a09bd704f752b3d858786774a529596c337

Update stage.yml

view details

push time in 13 days

push eventstewartshea/provision-nfs-apb

Shea Stewart

commit sha 67274f7f7ef51d3abf29fba260c8f1fe1ed9a406

Update provision.yml

view details

push time in 13 days

push eventstewartshea/provision-nfs-apb

Shea Stewart

commit sha 9eaf552d280cdacb36bfa6ed86ca82d31f347d8f

Update main.yml

view details

push time in 13 days

push eventstewartshea/provision-nfs-apb

Shea Stewart

commit sha 55bdd7e553ae94927274cb9399dffb602480b2a6

Update provision.yml

view details

push time in 13 days

push eventstewartshea/provision-nfs-apb

Shea Stewart

commit sha 186b6b9bd959e2fab08da153694b6ed5fbd73136

Update main.yml # Add Delay for Aporeto Debugging

view details

push time in 13 days

fork stewartshea/provision-nfs-apb

Provision NFS persistent volume and claim for use as a backup target

fork in 13 days

delete branch BCDevOps/platform-services

delete branch : fix-aporeto-nfs-apb-access

delete time in 14 days

delete branch BCDevOps/platform-services

delete branch : fix-operator-for-prod

delete time in 15 days

push eventBCDevOps/platform-services

Shea Stewart

commit sha 83fd42c99e34248f70ecef83d15d341122de5f11

fix-operator-for-prod

view details

push time in 15 days

push eventBCDevOps/platform-services

stewartshea

commit sha 6b90497e8335a71c4525c3a4caa5a6bdb1df65ec

apply to build directory as well

view details

push time in 15 days

push eventBCDevOps/platform-services

stewartshea

commit sha 081ff6e29ff9d6630a5ae089757c205dc1a0042a

clean up

view details

push time in 15 days

push eventBCDevOps/platform-services

stewartshea

commit sha 1aaa27a95f9024cff034fded1dfd23a3f4ca89a6

try something else

view details

push time in 15 days

push eventBCDevOps/platform-services

stewartshea

commit sha febb1e7c874a683513c10da115dedf34243db912

typo fix

view details

push time in 15 days

push eventBCDevOps/platform-services

stewartshea

commit sha 6a7ca90ecc34f870112bcefc6f1d7ac938bbcb52

manually add openssl for some dumb reason

view details

push time in 15 days

push eventBCDevOps/platform-services

stewartshea

commit sha e6e01c13f645ee4fcb9ee7cb65f139d9c747b001

fix typo

view details

push time in 15 days

push eventBCDevOps/platform-services

stewartshea

commit sha 5c89eee48ca3edc10ebdc1473f5d7565c85f4d2c

additional debugging

view details

push time in 15 days

push eventBCDevOps/platform-services

stewartshea

commit sha fbeb32ba6e8023bec7eba6e84d89e1136067cb72

fix locale

view details

push time in 15 days

create barnchBCDevOps/platform-services

branch : fix-operator-for-prod

created branch time in 15 days

delete branch BCDevOps/platform-services

delete branch : refresh-operator-in-prod

delete time in 16 days

push eventBCDevOps/platform-services

Shea Stewart

commit sha aac2634aad4bea53e4be3160f0ce24d70bc07f4b

refresh-operator-in-prod (#553) * change image location * update operator version * tag fix

view details

push time in 16 days

issue openedBCDevOps/platform-services-status-page-notifications

fix date sorting

with the new year, it looks as though the date isn't sorting properly to post the right message to rc or to show the latest message in the status page appropriately.

created time in 16 days

delete branch BCDevOps/platform-services-status-page-notifications

delete branch : stewartshea-patch-1

delete time in 16 days

push eventBCDevOps/platform-services-status-page-notifications

Shea Stewart

commit sha 5b36e315820fb9768259bab1cd4761779053ae80

fix date

view details

Shea Stewart

commit sha 12d920b750401d9ac90565d8e13213238878868c

Merge pull request #37 from BCDevOps/stewartshea-patch-1 fix date

view details

push time in 16 days

delete branch BCDevOps/platform-services-status-page-notifications

delete branch : read-only-registry

delete time in 16 days

push eventBCDevOps/platform-services-status-page-notifications

Shea Stewart

commit sha f7a5f723abd43ca6b67d2acde4edc46201d75141

read-only-registry notice

view details

Shea Stewart

commit sha a7b3de6654ebdd1a5ef3e9a172375bd3ae6f8023

Merge pull request #36 from BCDevOps/read-only-registry read-only-registry notice

view details

push time in 16 days

push eventBCDevOps/platform-services-status-page-notifications

Shea Stewart

commit sha f7a5f723abd43ca6b67d2acde4edc46201d75141

read-only-registry notice

view details

push time in 16 days

push eventBCDevOps/platform-services

stewartshea

commit sha 15ec6d1d9048e40af1c176dd784877ec6fa486fb

tag fix

view details

push time in 16 days

push eventBCDevOps/platform-services

stewartshea

commit sha e7597d09b18bc64e4d4136832993850190fe095d

update operator version

view details

push time in 16 days

create barnchBCDevOps/platform-services

branch : refresh-operator-in-prod

created branch time in 17 days

push eventBCDevOps/platform-services

stewartshea

commit sha 3db636fe2bf5b820582cf787ce1dd0248a59fde7

remove namespace reference from serviceaccount field

view details

push time in 18 days

push eventArctiqTeam/ocp-net-tools

Shea Stewart

commit sha ffd21625d88dd2d43cf7ae389e0d87a7d4397e4c

Create main.yml

view details

push time in 18 days

push eventBCDevOps/platform-services

stewartshea

commit sha 5f14a85c0b9a72607b18b5655533593e1612ceb0

fix up gitignore and add templet

view details

push time in 25 days

push eventBCDevOps/platform-services

stewartshea

commit sha 3b4c45ab30141493e26a150469ee75d3e54001f6

ugh

view details

push time in 25 days

push eventBCDevOps/platform-services

stewartshea

commit sha b298f19934a0fa89b2a457dea59e0a019342e1ca

fix gitignore

view details

push time in 25 days

push eventBCDevOps/platform-services

stewartshea

commit sha de464d177ebc615f2320d72f70fd84a33396f17b

gitignore update

view details

push time in 25 days

issue openedBCDevOps/platform-services

Create database for Security Event Hub

The security event hub will require a database to store security related events and scorings.

  • [ ] validate a mongo db deployment
  • [ ] add the deployment to the Security Event Hub development infrastructure instructions
  • [ ] test an event trigger that actually stores a document in mongodb

created time in a month

issue openedBCDevOps/platform-services

Security Event Hub

In order to receive and process security events from different sources, we require a central event hub that can transform security events and take specific action.

The MVP of this is that an event source such as robo-mountie can submit a security event into the hub and either a report is generated or a specific repo owner is notified of the security event. This will eventually evolve into a a more complex rating system of overall security health.

created time in a month

issue openedBCDevOps/platform-services

Secure webhook generation

The Security Event Hub will generate webhooks as a public endpoint to receive events. We will require a way to secure the endpoints.

Definition of done;

  • [ ] wehbooks are not invoked if the proper security credential is not presented
  • [ ] secure webhook gateway configuration is documented

created time in a month

push eventArctiqTeamTest/apptest1

stewartshea

commit sha 8309f91e11eba27b4e4d913e4dc8d9d51b1b32a9

test commit

view details

push time in a month

push eventArctiqTeamTest/apptest1

stewartshea

commit sha 0028a99763c11eefd70ec52106c1ade75dd234d2

sig test

view details

push time in a month

pull request commentBCDevOps/platform-services

robomountie-arch

related to #484

stewartshea

comment created time in a month

PR opened BCDevOps/platform-services

robomountie-arch
+2264 -0

0 comment

14 changed files

pr created time in a month

push eventBCDevOps/platform-services

Steven Barre

commit sha e430edf2fb04352d4fe3d4364f11fdaa3539ecf4

Fix which subnet is which in LAB (#524) * Fix which subnet is which in LAB * add option to just update the forcer profile * update readme * Add newline * Update security/aporeto/build/ansible/readme.md

view details

Jeff

commit sha 479ecb064872c2f61b4a8818586f4a94af7ebf02

add edge tls to envoy route (#533)

view details

Mark Wilson

commit sha 56af8aa5095bd78dfe7715f80c688d2f895fb30f

fixed typo (#535)

view details

Cailey Jones

commit sha 42a63fc92f578638b72114bc167529dbc3e09192

update time formats and fix the tagging problem with remindme

view details

Cailey Jones

commit sha 7fec82660fce9f428739826abd49a530e3ce81ff

Merge pull request #543 from BCDevOps/cailey-hubot-reminderfix update time formats and fix the tagging problem with remindme

view details

stewartshea

commit sha 6264d7e97778e9fc24146a25759ddda89b26030d

Merge branch 'master' into robomountie-arch

view details

push time in a month

push eventBCDevOps/platform-services

stewartshea

commit sha b9ee9ab60a6bdf5d13bc59b2e03abd7cca6f66db

update the readme

view details

push time in a month

push eventBCDevOps/platform-services

stewartshea

commit sha 3c84701dafb104df315bfc18824b9fe086f0c867

minor updates to the instructions

view details

stewartshea

commit sha f6dc0a964c598253effefe0404674112e964f045

updating known issues

view details

push time in a month

push eventArctiqTeamTest/apptest1

Shea Stewart

commit sha 5920731f822e508a59122bb8dc21d5dda89d625f

Create test2.md

view details

push time in a month

PR opened ArctiqTeamTest/apptest1

Create test.md
+1 -0

0 comment

1 changed file

pr created time in a month

push eventArctiqTeamTest/apptest1

Shea Stewart

commit sha 949aaeb5be2b921a981dede1676076b1f20542b0

Create test.md

view details

push time in a month

create barnchArctiqTeamTest/apptest1

branch : test

created branch time in a month

push eventBCDevOps/platform-services

stewartshea

commit sha 1ac6563e1ad81b0613b88123ed5b37c941c0c289

template updates

view details

push time in a month

startedk14s/kapp

started time in a month

startedk14s/ytt

started time in a month

push eventBCDevOps/platform-services

stewartshea

commit sha ac49f3ff236b2d4d3f7f18210d3d29874094813f

base infrastructure updates

view details

stewartshea

commit sha c3eb609eb6db31af754b4a3b7443efe4f58334a1

comitting latest changes

view details

push time in a month

issue commentBCDevOps/platform-services

POC infrastructure for Security Event Hub

Looks like full payload injection is slated for 0.13. This will be helpful down the road: https://github.com/argoproj/argo-events/issues/333

stewartshea

comment created time in a month

startedargoproj/argo-events

started time in a month

issue commentBCDevOps/platform-services

POC infrastructure for Security Event Hub

experiencing a similar issue to https://github.com/argoproj/argo-events/issues/441 and https://github.com/argoproj/argo-events/issues/431

Not wanting to move backwards to 0.11 since 0.12 has some breaking changes. Working on a couple of other components before re-attempting to solve this.

stewartshea

comment created time in a month

issue commentBCDevOps/platform-services

POC infrastructure for Security Event Hub

Still working on this; refactoring for argo-events 0.12-rc and using kustomize for local development / deployment where possible.

stewartshea

comment created time in a month

delete branch BCDevOps/platform-services

delete branch : statuspage-add-tls

delete time in a month

push eventBCDevOps/platform-services

Jeff

commit sha 479ecb064872c2f61b4a8818586f4a94af7ebf02

add edge tls to envoy route (#533)

view details

push time in a month

PR merged BCDevOps/platform-services

Add tls to statuspage

published status URL's are only using HTTP. An HTTPS endpoint is requested.

modified the envoy external route to add tls (edge terminated) with no visible issues.

+3 -0

1 comment

1 changed file

jefkel

pr closed time in a month

pull request commentBCDevOps/platform-services

Add tls to statuspage

@jefkel did you try this out? Also, I generally ask people "why TLS"... think about the data that is traversing the wire. I don't see much of a reason to add TLS on public data, but I'm happy to oblige.

jefkel

comment created time in a month

push eventBCDevOps/platform-services

stewartshea

commit sha de5629de23b3bf54b279b4e4d6b01e6c2fb94cab

saving state

view details

push time in a month

push eventBCDevOps/platform-services

Cailey Jones

commit sha 7df553a774bb734379533b97f8c42745eec4db85

add backup cronjob

view details

Cailey Jones

commit sha 4e2369e3efbf5fba9624fb4fbe903d0c393a491f

add backup cronjob

view details

Jason C. Leach

commit sha a116c0500b5283cd3e9a0ff2fa9c920eaa679392

Work on policy backup playbook

view details

Jason C. Leach

commit sha 925335be27224f22a46e3acaa05a4297e8eb9cd8

Move playbook to scripts dir

view details

Jason C. Leach

commit sha 731773b1f144d9d092982e456fa262352402420d

Finalize backup playbook

view details

Jason C. Leach

commit sha 941d69f298cb3e000a1915fc2d5ccc3b040e0bda

Finalize build and cronjob

view details

Jason C. Leach

commit sha 257314100dff4fd2c5b89a87f8db02fc92b3b625

Initial draft of docs

view details

Jason C. Leach

commit sha 3c24e21230ab3530692549c16fbba55e11c4a307

Add contact section

view details

Cailey Jones

commit sha 168d1385171f3a31ad762a59bf4f3cb2934c33af

first sa commit

view details

Jason C. Leach

commit sha 7808485fceae49ffd0182cee90dde2089f40a4f2

Merge pull request #379 from BCDevOps/feature/pol-backup Ansible playbook to export policy

view details

mitovskaol

commit sha 64e7fea3960f01eb1e1047602aa008da4077babc

Added cross-references to the docs in the security/aporeto folder

view details

Olena Mitovska

commit sha 03b622086ac51799dd34cca7c40c3d880e81a1ad

Merge pull request #444 from BCDevOps/olena-update-devguide Added cross-references to the docs in the security/aporeto folder

view details

Shea Stewart

commit sha cc64410919d529843ea27000934a89759eb5f641

adding some context to the headings and an additional tag for devhub. (#445)

view details

mitovskaol

commit sha ac1d40a72f5dbfa0fa45deccc88968d0b57a0e46

A couple of minor updates for Dev Guide

view details

mitovskaol

commit sha f2416430d6a22a9c9c1f8ce3bd72477f1e696dd3

Added descriptions and metadata to all markdown files under security/aporeto that were included in Dev Guide

view details

Olena Mitovska

commit sha ac421256383658a804ea69c4f998bfcfb275e3b2

Merge branch 'master' into olena-update-devguide

view details

Cailey Jones

commit sha bc5d88e3bd0726b5ea4dfcf4763dca888faa7012

basic working sa operator

view details

Cailey Jones

commit sha 0e3bf10fe0af9c16f6602422d01b3adc9b10f654

forgot to add

view details

stewartshea

commit sha 3d30d2e6ea9276997bc7064eca270864ac6b0cb4

minor heading change

view details

Olena Mitovska

commit sha f966b2e72bf2410e3f7149f30da72d555e98d350

A couple of minor updates for Dev Guide (#447) * A couple of minor updates for Dev Guide * Added descriptions and metadata to all markdown files under security/aporeto that were included in Dev Guide * minor heading change

view details

push time in a month

more