-
Notifications
You must be signed in to change notification settings - Fork 2
Credentials
This wiki page outlines all the different components that require credentials and how to gain access to them if needed.
- incrudibles-k8s.db.pdl.cmu.edu
- incrudibles-production.db.pdl.cmu.edu
- Grafana
- Kubernetes Secrets
- Performance Cop Github App
- Performance Storage Service API
- TimescaleDB
This is where the Kubernetes master server runs. You will need access to this if you want to perform any actions on the Kubernetes cluster. The secrets for the different services are also stored here so in order to lookup secrets, change secrets, or create new secrets you will need access to this machine. This machine also is where our system's monitoring is deployed, which includes a Grafana instance and Prometheus.
Ask Chad Dougherty
This is where all the production services are running. It is unlikely that you will need access to this machine because the pods can be managed from the Kubernetes master.
Ask Chad Dougherty
This is the service that creates all the data visualizations are created. In order to make changes to the Grafana dashboard on stats.noise.page you need to be an editor or admin.
In order to make someone an admin login with the admin account. The admin account is username: admin password: lookup gf_admin_password in the Kubernetes secrets. Once logged in as admin you can manage user roles and make anyone an editor/admin.
For all services running on Kubernetes, we have decided to manage the credentials in Kubernetes secrets. These secrets get injected into the pods during deployment.
To get access to secrets you will need access to the Kubernets master server.
In order to see the value of a Kubernetes secret SSH into the Kubernetes master. Follow this guide to view the secret: https://kubernetes.io/docs/tasks/configmap-secret/managing-secret-using-kubectl/#decoding-secret
To create a new secret SSH into the Kubernetes master. In /data/secrets/ find the folder for the environment you want to create the secret in (i.e. production). In that folder create a new file and store your secret in that file. Finally, run the script associated with the namespace that your secret will be applied to (in most cases it will be performance). The script will be /data/secrets/make_secrets_{namespace}.sh.
The process for updating a secret is basically the same as creating a new secret. Instead of creating a new file and storing the value of the secret there, just update the already existing file and run the /data/secrets/make_secrets_{namespace}.sh script.
This Github App is what sends Github events to the performance storage service. If you view the app on Github it will tell you the events that were sent to the service and the response that it received. There are two credentials that are associated with the Github app that are stored as secrets in Kubernetes. To find out the value look for the secrets named github_private_key and webhook_secret.
Ask Andy Pavlo
The endpoints that store data in the database require basic authentication as part of the POST request.
Find the credentials in the Kubernetes secrets. The secret names are pss_creator_user and pss_creator_password.
TimescaleDB is where we store all the metrics and test results.
Find the credentials in the Kubernetes secrets. The secret names are pss_db_user and pss_db_password.