Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Setup service monitoring for TSA in terraform #43

Open
haydentherapper opened this issue Feb 24, 2025 · 3 comments
Open

Setup service monitoring for TSA in terraform #43

haydentherapper opened this issue Feb 24, 2025 · 3 comments
Assignees
@jku
Labels
infrastructure Improvements for infrastructure configuration
Milestone
Beta

Comments

@haydentherapper
Copy link
Contributor

Description
@haydentherapper haydentherapper added the enhancement New feature or request label Feb 24, 2025
@haydentherapper haydentherapper added infrastructure Improvements for infrastructure configuration and removed enhancement New feature or request labels Feb 24, 2025
@haydentherapper haydentherapper added this to the Beta milestone Feb 25, 2025
@jku jku moved this from Todo to In progress in Rekor v2 on Tiles Feb 27, 2025
@jku
Copy link
Member

jku commented Feb 28, 2025

It turns out we have both of these already. I'm no expert but these look like I expected:

There is even https://github.com/sigstore/scaffolding/tree/main/cmd/tsa for setting things up in (the CI part of) scaffolding.

I think I'll close this one. We have #54 already but I will file a new issue for actually running tsa in staging: this is needed by the time we want to test rekor-tiles in staging.

@jku jku closed this as completed Feb 28, 2025
@github-project-automation github-project-automation bot moved this from In progress to Done in Rekor v2 on Tiles Feb 28, 2025
@haydentherapper
Copy link
Contributor Author

@jku Reopening to track the addition of Terraform configuration for monitoring the TSA, under https://github.com/sigstore/scaffolding/tree/main/terraform/gcp/modules/monitoring. I initially added the Terraform configuration for the TSA, but didn't add monitoring as well. I think we mostly need to copy the Rekor or Fulcio monitoring configuration, and add additional alerts based on any exported metrics from the TSA service, https://github.com/sigstore/timestamp-authority/blob/95148b257e1410c4962c32cb3b3aecffe5b2892e/pkg/api/metrics.go#L27

@jku
Copy link
Member

jku commented Mar 3, 2025
edited
Loading

I can't edit the title to reflect that but sure sounds fine to me.

So the task is actually:

setup service monitoring for TSA in terraform

These estimates based on rekor etc -- we can discuss and tweak

  • metrics: fulcio/k8s_pod/restarting-failed-container and fulcio/k8s_pod/unschedulable
  • define slo:
    • 0.995 goal for server-availability, all endpoints, counting 5xx errors only
    • 0.995 goal for prober-availability, all endpoints
  • uptime: test an api endpoint every 60 secs
  • setup alerts:
    • for k8s metrics
    • for uptime failure (five consecutive failures)

The API endpoints are:

  • /api/v1/timestamp/
  • /api/v1/timestamp/certchain

@haydentherapper haydentherapper changed the title Create helm charts and terraform modules for the TSA Setup service monitoring for TSA in terraform Mar 3, 2025
@jku jku moved this from Done to Todo in Rekor v2 on Tiles Mar 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jku jku

Labels
infrastructure Improvements for infrastructure configuration
Projects
Rekor v2 on Tiles
Status: Todo
Milestone
Beta
Development

No branches or pull requests
2 participants
@jku @haydentherapper