extenda · sasjo · Aug 22, 2024 · Aug 9, 2024 · Aug 9, 2024
@@ -16,13 +16,8 @@ rationale: |
   * Status subscription
   * How easy is setup
   * How to configure status page for Hii retail services, Relevate per customer and Platform services
-  * more details for the assessment available at
-    https://docs.google.com/presentation/d/16iPTFRKRX1n_xX_RB1S2soXo8-qeliRkWQAfes2nHCg/edit?usp=sharing
+  * more details for the assessment available in these
+  [slides](https://docs.google.com/presentation/d/16iPTFRKRX1n_xX_RB1S2soXo8-qeliRkWQAfes2nHCg/edit?usp=sharing)
 license:
   commercial:
     company: Admin Labs
-    description: https://www.adminlabs.com/status-pages-pricing/
-tags:
-  - Services status check
-  - Hii Retail
-  - Relevate
@@ -2,6 +2,8 @@ name: Apache Ant
 blip:
   - date: 2018-03-20
     ring: HOLD
+  - date: 2024-08-09
+    ring: ARCHIVE
 description: |
   Apache Ant is a build tool designed to replace Make in early 2000. It is
   implemented in Java, configured with XML and primarily used to configure

@@ -6,6 +6,8 @@ blip:
     ring: TRIAL
   - date: 2019-11-15
     ring: HOLD
+  - date: 2024-08-09
+    ring: ARCHIVE
 description: |
   Appveyor is an elastic SaaS CI/CD platform focused on the Microsoft development ecosystem. It's based on dockerized
   ephemeral builds configured with `appveyor.yml` files following the [pipelines as code](pipelines_as_code.html)

@@ -2,6 +2,8 @@ name: Auth0
 blip:
   - date: 2020-06-15
     ring: HOLD
+  - date: 2024-08-09
+    ring: ARCHIVE
 description: |
   [Auth0](https://auth0.com) is a SaaS for user and machine-machine authentication. It supports local users and
   federated login over social, Open ID, ADFS and SAML.

@@ -4,6 +4,8 @@ blip:
     ring: TRIAL
   - date: 2019-02-20
     ring: HOLD
+  - date: 2024-08-09
+    ring: ARCHIVE
 description: |
   AWS Lambdas are serverless functions managed by AWS and automatically scaled
   to handle varying load. They support multiple languages such as Java, Node.js

@@ -4,6 +4,8 @@ blip:
     ring: ASSESS
   - date: 2019-06-10
     ring: TRIAL
+  - date: 2024-08-09
+    ring: ARCHIVE
 description: |
   Cake (C# Make) is a cross-platform build automation system with a C# DSL for tasks such as compiling code, copying
   files and folders, running unit tests, compressing files and building NuGet packages.

@@ -4,6 +4,8 @@ blip:
     ring: ASSESS
   - date: 2019-11-15
     ring: HOLD
+  - date: 2024-08-09
+    ring: ARCHIVE
 description: |
   CircleCI is an elastic SaaS CI/CD platform. It's based on dockerized ephemeral builds
   configured with `.circleci/config.yml` files following the [pipelines as code](pipelines_as_code.html) principles.

@@ -1,35 +1,23 @@
-name: Cloud Run for Anthos
-shortname: Cloud Run
+name: Cloud Run
 logo: https://cloud.google.com/images/serverless/cloud-run.svg
 blip:
   - date: 2020-02-05
     ring: TRIAL
   - date: 2020-10-05
     ring: ADOPT
 description: |
-  Cloud Run is a servless compute platform on Google Cloud Platform that automatically scales your stateless containers.
-  Cloud Run is built on top of Knative and Kubernetes and abstract away most of the complexity to allow development
-  teams to deliver stateless containers.
+  Cloud Run is a serverless compute platform on Google Cloud Platform that automatically scales your
+  stateless containers.
 rationale: |
   Cloud Run reduces the cognitive load that is introduced by Kubernetes and Knative. It allows the development teams
   to focus on the application. To use Cloud Run, you must containerize your application, keep it stateless and write
   it as an request/event-driven application.
 
-  Cloud Run comes in two flavors:
-
-    1. Fully-managed by Google
-    2. Cloud Run for Anthos, running on GKE with Knative
-
-  We have adopted Cloud Run for Anthos as this gives us a serverless compute platform from the developer perspective,
-  but also supports the nobs we need to turn in the cloud native platform.
-
-  With Cloud Run for Anthos, we support a continuous deployment pipeline with GitHub Actions, policy-based
+  With Cloud Run, we support a continuous deployment pipeline with GitHub Actions, policy-based
   authorization with Open Policy Agent and integrated metrics and monitoring with Cloud Operations.
 license:
   commercial:
     company: Google
-    description: |
-      Use of this software requires a license for Google Cloud Platform.
 related:
   - infrastructure_ci_cd/gcf.yaml
   - infrastructure_ci_cd/gcp.yaml

@@ -18,14 +18,17 @@ rationale: |
     * Managing and sharing code across services is more complex
     * local or offline testing is more difficult if not impossible.
 
+  While there can be a place for Cloud Functions, we have put it on hold and recommend Cloud Run over functions.
+  Cloud Functions v2 is essentially Cloud Run with a build pipeline in-front. As we're building containers in our
+  CI/CD pipelines there's not much differences left.
 license:
   commercial:
     company: Google
     description: |
       Use of this software requires a license for Google Cloud Platform.
 related:
   - infrastructure_ci_cd/gcp.yaml
-  - infrastructure_ci_cd/knative.yaml
+  - infrastructure_ci_cd/cloud_run.yaml
 tags:
   - cloud
   - gcp

@@ -17,7 +17,7 @@ description: |
 rationale: |
   Since we have chosen to go with Google Cloud,
   This blip represent all services that are considered to be part of the core package for GCP.
-  Therefore all the services gathered here are consolidated into a single blip for brewity.
+  Therefore all the services gathered here are consolidated into a single blip for brevity.
 license:
   commercial:
     company: Google

@@ -15,7 +15,7 @@ description: |
 rationale: |
   Using GitHub makes it easier to collaborate with colleagues and peers
   and look back at previous versions of your work. We have many integrations to github
-  from other tools, e.g Spinnaker, Sonarcube, Jenkins.
+  from other tools, e.g Spinnaker, Sonarcloud, Jenkins.
 license:
   commercial:
     company: GitHub

@@ -12,7 +12,7 @@ description: |
 rationale: |
   GitHub Actions support CI on a variety of build platforms including Windows, MacOS and Linux. You have the option to
   build in pre-built containers, bring your own, or build on VMs. There already exists an enormous collection of
-  community actions to move quickly with intergrating with 3rd party sevices. The pricing model is highly competitive,
+  community actions to move quickly with integrating with 3rd party services. The pricing model is highly competitive,
   and would allow us to significantly reduce our spend compared to CircleCI or Appveyor. It is CI as a Service, which is
   the direction we want to move.
 

@@ -3,6 +3,8 @@ logo: https://gruntjs.com/img/grunt-logo.svg
 blip:
   - date: 2019-02-20
     ring: HOLD
+  - date: 2024-08-09
+    ring: ARCHIVE
 description: |
   The JavaScript task runner.
 rationale: |

@@ -3,6 +3,8 @@ logo: https://upload.wikimedia.org/wikipedia/commons/7/72/Gulp.js_Logo.svg
 blip:
   - date: 2019-02-20
     ring: HOLD
+  - date: 2024-08-09
+    ring: ARCHIVE
 description: |
   Gulp is a toolkit for automating painful or time-consuming tasks in your development
   workflow, so you can stop messing around and build something.

@@ -2,6 +2,8 @@ name: IdentityServer
 blip:
   - date: 2019-05-22
     ring: HOLD
+  - date: 2024-08-09
+    ring: ARCHIVE
 description: |
   [IdentityServer](http://docs.identityserver.io/en/latest/) is an OpenID Connect
   and OAuth 2.0 framework for ASP.NET Core.

@@ -5,6 +5,8 @@ blip:
     ring: ASSESS
   - date: 2020-04-13
     ring: TRIAL
+  - date: 2024-08-09
+    ring: ARCHIVE
 description: |
   Cloud platforms provide a wealth of benefits for the organizations that use them.
   However, there’s no denying that adopting the cloud can put strains on DevOps teams.

@@ -5,6 +5,8 @@ blip:
     ring: ASSESS
   - date: 2020-01-27
     ring: TRIAL
+  - date: 2024-08-09
+    ring: ARCHIVE
 description: |
   Jib builds optimized Docker and OCI images for your Java applications without a Docker daemon.
   It is available as plugins for Maven and Gradle and as a Java library.

@@ -2,6 +2,8 @@ name: Kustomize
 blip:
   - date: 2019-10-03
     ring: TRIAL
+  - date: 2024-08-09
+    ring: ARCHIVE
 description: |
   Kustomize introduces a template-free way to customize application configuration for Kubernetes.
   Simplifies the use of off-the-shelf applications.

@@ -1,4 +1,5 @@
-name: OPA
+name: Open Policy Agent
+logo: https://www.openpolicyagent.org/img/logo.png
 blip:
   - date: 2020-03-11
     ring: ASSESS
@@ -7,8 +8,6 @@ blip:
   - date: 2020-08-29
     ring: ADOPT
 description: |
-  Open Policy Agent
-rationale: |
   As the technology landscape is becoming more complex, concerns such as security need more automation and engineering
   practices. When building systems, we need to take into consideration security policies, which are rules and procedures
   to protect our systems from threats and disruption. For example, access control policies define and enforce who can
@@ -19,6 +18,12 @@ rationale: |
   policy enforcement across the stack. OPA provides a high-level declarative language that let’s you specify
   policy as code and simple APIs to offload policy decision-making from your software. You can use OPA to
   enforce policies in microservices, Kubernetes, CI/CD pipelines, API gateways, and more.
+rationale: |
+  We use OPA to secure all our APIs. OPA allows us to express security policies in a technology agnostic language
+  (Rego) and decouples authorization decisions from application business logic.
+
+  We prefer to run OPA an ingestor sidecar that intercepts and authorizes all API calls prior to dispatching them
+  to the API.
 license:
   open-source:
     name: Apache-2.0

@@ -2,13 +2,15 @@ name: ORY Hydra
 blip:
   - date: 2021-01-29
     ring: ASSESS
+  - date: 2024-08-09
+    ring: ARCHIVE
 description: |
   [ORY Hyrda](https://www.ory.sh/hydra/) OAuth 2.0 and OpenID Certified OpenID Connect Server.
 rationale: |
-  ORY Hydra is a fully compiant OAuth2.0 and OpenID Connect Server. We plan to utilize Hydra to support the OAuth Client
-  Credential Flow which is not currently supported by Google Identity Platform. The Client Credential Flow is used to
-  enable machine authentication, where a client_id and client_secret are exchanged for a signed JWT which is used for
-  authentication to Extenda Retail APIs. Things that we want to assess are as follows
+  ORY Hydra is a fully compliant OAuth2.0 and OpenID Connect Server. We plan to utilize Hydra to support the
+  OAuth Client Credential Flow which is not currently supported by Google Identity Platform. The Client Credential
+  Flow is used to enable machine authentication, where a client_id and client_secret are exchanged for a signed
+  JWT which is used for authentication to Extenda Retail APIs. Things that we want to assess are as follows
 
     * Ease of Deployment
     * Scalability

@@ -4,6 +4,8 @@ blip:
     ring: ADOPT
   - date: 2020-06-15
     ring: HOLD
+  - date: 2024-08-09
+    ring: ARCHIVE
 description: |
   SaltStack is a deployment and monitoring platform.
 rationale: |

@@ -2,6 +2,8 @@ name: Skaffold
 blip:
   - date: 2020-04-16
     ring: TRIAL
+  - date: 2024-08-09
+    ring: ARCHIVE
 description: |
   [Skaffold](https://skaffold.dev/) is a command line tool that facilitates continuous development for K8s applications.
   You can iterate on your application source code locally

@@ -2,6 +2,8 @@ name: Spinnaker
 blip:
   - date: 2019-05-22
     ring: ADOPT
+  - date: 2024-08-09
+    ring: ARCHIVE
 description: |
   Spinnaker is an open-source, multi-cloud continuous delivery platform
   that helps you release software changes with high velocity and confidence.

@@ -3,6 +3,8 @@ shortname: Stream.io
 blip:
   - date: 2020-07-02
     ring: ASSESS
+  - date: 2024-08-09
+    ring: ARCHIVE
 description: |
   [Stream](https://getstream.io/) enables us to build chat/feeds/push message functionality
   without implementing backend and transport. It has stylable components for

@@ -6,7 +6,6 @@ description: |
   HashiCorp Terraform allows you to declare infrastructure as code.
 rationale:
   Terraform is the preferred IoC configuration tool in use at Extenda Retail.
-  It is for example  used by IS/IT and for all our AWS services.
 license:
   open-source:
     name: MPL-2.0

@@ -2,6 +2,8 @@ name: Vale
 blip:
   - date: 2021-08-19
     ring: ASSESS
+  - date: 2024-08-09
+    ring: ARCHIVE
 description: |
   [Vale](https://github.com/errata-ai/vale) is a command-line tool that brings code-like linting to prose.
   It's fast, cross-platform (Windows, macOS, and Linux), and highly customizable.

@@ -4,6 +4,8 @@ logo: https://vernemq.com/images/og-vernemq-logo.png
 blip:
   - date: 2021-01-28
     ring: ASSESS
+  - date: 2024-08-09
+    ring: ARCHIVE
 description: |
   [VerneMQ](https://vernemq.com) is first and foremost a MQTT publish/subscribe message broker which
   implements the OASIS industry standard MQTT protocol. But VerneMQ is also built to take messaging and IoT

@@ -2,6 +2,8 @@ name: YUM
 blip:
   - date: 2018-03-20
     ring: TRIAL
+  - date: 2024-08-09
+    ring: ARCHIVE
 description: |
   Linux package management to find packages and resolve dependencies between RPM packages.
 rationale: |