Uploaded image for project: 'Request For Comments'
  1. Request For Comments
  2. RFC-760

Add Services deployment section to dev guide for k8s/ArgoCD/Vault

    XMLWordPrintable

Details

    • RFC
    • Status: Adopted
    • Resolution: Unresolved
    • DM
    • None

    Description

      We have been discussing adding a section with guidelines on the deployment of services in the developer guide in order to inform practices in the area.
      The baseline will be the model developed by SQuaRE, now used by other teams like Telescope & Site and can be summarized as:

      1. Strong encouragement to develop Kubernetes-based services whenever possible; Kubernetes gives us portability across all our in-house and commodity infrastructure platforms by abstracting service code from details of underlying resources. (This is actually mandatory for all Science Platform related services).

      2. Encouragement to use ArgoCD (implies GitOps) as a deployment framework for Kubernetes services. This improves the ability to provide operational cover to services whose details one is not intimately familiar with.

      3. Recommend the practice of using Vault to store deployment secrets and credentials in order to support GitOps operations.

      ... and of course offer pointers to technical documentation.

      Like with other sections of the developer guide, the intent here is to promote certain toolchains and practices particularly to guide new developers in the right direction. Nobody is going to make anybody rewrite anything they don't want to

      Discussion welcome.

      Attachments

        Issue Links

          Activity

            I would suggest making the deployment of services on k8s explicitly mandated but with a specified bureaucratic process for requesting a special exception. Special snowflakes require additional effort to support and I believe we as a project have a compelling interest to try to minimize them.

            jhoblitt Joshua Hoblitt added a comment - I would suggest making the deployment of services on k8s explicitly mandated but with a specified bureaucratic process for requesting a special exception. Special snowflakes require additional effort to support and I believe we as a project have a compelling interest to try to minimize them.

            jhoblitt sounds good

            frossie Frossie Economou added a comment - jhoblitt sounds good

            Note to self, also include to a pointer to the Helm best practices:

            https://helm.sh/docs/chart_best_practices/values/

            frossie Frossie Economou added a comment - Note to self, also include to a pointer to the Helm best practices: https://helm.sh/docs/chart_best_practices/values/
            rra Russ Allbery added a comment -

            Looks like https://helm.sh/docs/chart_best_practices/ is the top-level page.

            rra Russ Allbery added a comment - Looks like https://helm.sh/docs/chart_best_practices/ is the top-level page.

            Nicely uncontroversial seems like, thanks. Implementation ticket forthcoming.

            frossie Frossie Economou added a comment - Nicely uncontroversial seems like, thanks. Implementation ticket forthcoming.

            People

              frossie Frossie Economou
              frossie Frossie Economou
              Frossie Economou, Joshua Hoblitt, Russ Allbery
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Planned End:

                Jenkins

                  No builds found.