2024-02-28 & 29
- reviews and broken tests on crtxctl
- ceip-4469 ksi migration kong
- move secrets from infra to foundation
- add mtls to foundation
- fix (destroy, import) state
2024-02-27
- facilitation for SSDR
- ceip-4469 ksi migration kong
- complete python generator for coredns config
- look at manual helm deployment as debug route
- thoughts / TIL:
- CICD should merely automate independently tested and encapsulated functionality
- long failed kong init containers stuck in terminating state
- TIL: remove KSI annotations and they are able to terminate immediately Another reason to work with industry tools!
- tiny PR about twistlock docs for identity
2024-02-26
- ceip-4469 ksi migration kong
- python generator for coredns config
- convo about capability testing (90mins)
- retro
2024-02-20 - 23
- basically continuing on Kong
- Weds 21: half day supporting SSDR incident
- (inconclusive but seems to have been team mistake)
2024-02-19
- ceip-4469 ksi migration kong
- cannot delete RDS security group:
LEARN: terraform module dependencies bleed thruError: deleting Security Group (sg-043fc5ca7f24e173f): DependencyViolation: resource sg-043fc5ca7f24e173f has a dependent object
- cannot delete RDS security group:
2024-02-16
ceip-4469 ksi migration kong
- complete second labs creation
- return to testing db workflow
- workflow for destroy?
- script to init a new environment?
RDP convo with Adrian and Prasann
- 2 apps: proxy to elasticsearch and kafka debug (contains personal data)
- currently done at ALB not possible
- dispute if kafka debug available in prod
2024-02-15
- ceip-4469 ksi migration kong
- workflow for database, separate or integrate as second job in infra?
- separate workflows then third to compose
- workflow for database, separate or integrate as second job in infra?
2024-02-14
- ceip-4469 ksi migration kong
- infra workflow and associated IAM permissions deployed
- inc. dns parts
- OKR 3/4 meeting: RBAC
- personal fear about ability to scope the apigroups and verbs well enough for all users
- mitigate by long time to permit deployments to hit and resolve barriers
- writer and readers are of Cortex stuff.
- Partners will delegate smaller subsets of functionality to their own customers
- AN to revisit ADR 31, perhaps discuss again to clarify how this actually happens
- personal fear about ability to scope the apigroups and verbs well enough for all users
2024-02-13
- dev duty
- ceip-4469 ksi migration kong
- terraform init-plan-apply done but hitting OIDC issue
- terraform in tio-terraformcentral has no changes outstanding
- permission exists for PR and push to main
- terraform init-plan-apply done but hitting OIDC issue
- OKR 2/4 meeting: capability testing
2024-02-12
- ceip-4469 ksi migration kong
- need to work on the infra
- retro
- OKR squad planning
2024-02-09
- ceip-4469: ksi migration kong
- identified Kong upgrade needed due to CVEs
- progressed to terraform and explored how to rationalise that along limnes of TOBE process discussed with Felipe
2024-02-08
- Fix backstage backend staging: https://github.com/elsevier-centraltechnology/core-backstage-k8scontrol/pull/94
- ceip-4469: ksi migration kong
- solved expected format of config map to deploy plugins
- discovered plugins deployed this way cannot be named using underscores
- which is a problem because the existing plugin
rate-limiting-advanced_2| proxy 2024/02/08 18:22:45 [error] 1#0: init_by_lua error: /usr/local/share/lua/5.1/k │ │ ong/init.lua:656: error building initial plugins: rate-limiting-advanced_2 plugin is │ │ in use but not enabled
- which is a problem because the existing plugin
2024-02-07: Dev10 MIWG
- reapply tio-terraformcontrol-ce/595468393306/newrelic/, appeared that earlier non-terraform deployment had been deployed (helm rollback?)
2024-02-06
- CEIP-4469: KSI migration
- helm deployment for kong labs (formerly infra)
- infrastructure changed manually:
- add labs sa to trust of
arn:aws:iam::595468393306:role/ctrl-infra-20221121-65 - allow User: arn:aws:sts::595468393306:assumed-role/ctrl-infra-20221121-65/secrets-store-csi-driver-provider-aws to perform: secretsmanager:GetSecretValue on resource: kong/mtls-ca/infra/Root/cert edit
- add labs sa to trust of
- infrastructure changed manually:
- helm deployment for kong labs (formerly infra)
- planning
- capability reports: grid of passes and dates but also need coverage (what is target and what 100% is) https://global-elsevier.slack.com/archives/C030F90FM7U/p1707231771455769
- CEIP-5194: capability docs for artifactory / ECR
2024-02-05
C3
- KSI replacement
CEIP-4469: KSI migration
- helm deployment for kong labs (formerly infra)
- replace KSI and debug
- helm deployment for kong labs (formerly infra)
2024-02-02
- CEIP-4469: KSI migration
- helm deployment for kong labs (formerly infra)
- replace KSI and debug
- continue from this error:
Error: UPGRADE FAILED: template: kong/templates/migrations-pre-upgrade.yaml:72:12: executing "kong/templates/migrations-pre-upgrade.yaml" at <include "kong.no_daemon_env" .>: error calling include: template: kong/templates/_helpers.tpl:1161:39: executing "kong.env" at <include "kong.plugins" .>: error calling include: template: kong/templates/_helpers.tpl:823:17: executing "kong.plugins" at <.Values.plugins.configMaps>: can't evaluate field configMaps in type interface {}
- helm deployment for kong labs (formerly infra)
2024-02-01
- CEIP-4469: KSI migration
- helm deployment for kong labs (formerly infra)
- get init container running advises FG
- Cortex BPM
- several customers
- well suited to internal saas