Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Buildkite] Intrastructure #95714

Closed
3 of 4 tasks
brianseeders opened this issue Mar 29, 2021 · 1 comment
Closed
3 of 4 tasks

[Buildkite] Intrastructure #95714

brianseeders opened this issue Mar 29, 2021 · 1 comment
Assignees
@brianseeders
Labels
Feature:Buildkite Feature:CI Continuous integration impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. loe:small Small Level of Effort Team:Operations Team label for Operations Team

Comments

@brianseeders
Copy link
Contributor

brianseeders commented Mar 29, 2021
edited
Loading

Intrastructure

  • New GCP project for Kibana CI
  • Developer IAM + Roles?
  • Migrate current Buildkite infra to new GCP project
  • Check quotas and do a bit of capacity planning

Notes:

  • Separate GCP project for CI
  • Things that will live here:
    • GCS Buckets
    • Artifact Registry
    • Cloud Build
    • Cloud Run
      • PR bot, Slack bot?
    • GKE Auto-Pilot
      • Agent Manager
    • Agent Instances / Images
    • Cloud NAT + Cloud Router (for agents)
  • Cloud NAT
    • To scale beyond about 1,800 agents, we will likely need to implement Cloud NAT and remove external IP addresses from our agent instances
    • Needs Cloud Router set up as well
    • Automatic IP allocation works like this:
      • Each VM is reserved a specified number of ports per IP address in Cloud NAT
      • When the ports are maxed, a new IP address is added to the pool, which counts against static IP quota (confirm static IP quota?)
      • Each IP can have about 64K ports
      • Each VM can reserve up to 1024 ports
      • So, with auto scaling of IPs, at least 64 agents will share an IP
  • Allow SSH via IAP
    • IAP allows authorized users (auth via GCP/Google IAM) to SSH into agent instances that don't have public IPs
    • This is already done, except for assigning user/group permissions
@brianseeders brianseeders added Feature:Buildkite Feature:CI Continuous integration Team:Operations Team label for Operations Team labels Mar 29, 2021
@brianseeders brianseeders self-assigned this Mar 29, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-operations (Team:Operations)

@tylersmalley tylersmalley mentioned this issue Mar 30, 2021
Closed
@tylersmalley tylersmalley added 1 and removed 1 labels Oct 11, 2021
@exalate-issue-sync exalate-issue-sync bot added impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. loe:small Small Level of Effort labels Nov 5, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@brianseeders brianseeders

Labels
Feature:Buildkite Feature:CI Continuous integration impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. loe:small Small Level of Effort Team:Operations Team label for Operations Team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tylersmalley @brianseeders @elasticmachine