Uploaded image for project: 'Red Hat Advanced Cluster Security'
  1. Red Hat Advanced Cluster Security
  2. ROX-28918

Make ACSCS Infra (ArgoCD, Observability) Accessible and Useful

    • Icon: Epic Epic
    • Resolution: Done
    • Icon: Critical Critical
    • None
    • None
    • None
    • None
    • Make ACSCS Infra Accessible
    • Future Sustainability
    • False
    • Hide

      None

      Show
      None
    • True
    • Done
    • 0% To Do, 0% In Progress, 100% Done
    • Hide
      • Sep 23: Epic closed.
      • Sep 16: Cert Manager installation + Issue a Let's Encrypt cert for the public ingress domain is ready for review. Tested on an infra cluster.
      • Sep 9: Making the public router certificate public with the help of Cert Manager
      • Sep 2: YK: Work on fixing the alertmanager auth
      • Aug 12: All clients created and tested Leaving this open to track trusting the certificates
      • Aug 5: Prod clusters turn up
      • Jul 22: Stage and Prod RHSSO client redirects fixed for ROSA cluster names, Stage is tested, Prod not yet, tickets still open
      • Jul 15: No update
      • Jul 8: Rollout to stage and prod together with new ROSA clusters
      • Jul 1: Wraping-up the accessibility epic. Agreed to move with an invalid certificate and fix in parallel with the ROSA migration.
      • Jun 24: oauth2 changes are implemented and tested on dev and to be promoted to integration. Raised tickets for RHSSO to create stage and prod clients. 
      • Jun 17: Evan is back from his planned PTO, no update yet.
      • Jun 10: Yury: Little progress due to switch to self-managed Argo. Focus on the epic this week..
      • Jun 3: Yury is taking over the observability work while Evan is out.
      • May 27: Added redirect urls for integration (via SNOW). Done changes in ArgoCD for the new accessibility. WIP: migrating oauth-proxy to the community image.
      Show
      Sep 23: Epic closed. Sep 16: Cert Manager installation + Issue a Let's Encrypt cert for the public ingress domain is ready for review. Tested on an infra cluster. Sep 9: Making the public router certificate public with the help of Cert Manager Sep 2: YK: Work on fixing the alertmanager auth Aug 12: All clients created and tested Leaving this open to track trusting the certificates Aug 5: Prod clusters turn up Jul 22: Stage and Prod RHSSO client redirects fixed for ROSA cluster names, Stage is tested, Prod not yet, tickets still open Jul 15: No update Jul 8: Rollout to stage and prod together with new ROSA clusters Jul 1: Wraping-up the accessibility epic. Agreed to move with an invalid certificate and fix in parallel with the ROSA migration. Jun 24: oauth2 changes are implemented and tested on dev and to be promoted to integration. Raised tickets for RHSSO to create stage and prod clients.  Jun 17: Evan is back from his planned PTO, no update yet. Jun 10: Yury: Little progress due to switch to self-managed Argo. Focus on the epic this week.. Jun 3: Yury is taking over the observability work while Evan is out. May 27: Added redirect urls for integration (via SNOW). Done changes in ArgoCD for the new accessibility. WIP: migrating oauth-proxy to the community image.

      ArgoCD, Observability (namely Prometheus and Grafana), and possibly in turn the cluster's OpenShift OAuth server need to be accessible to ACSCS engineers (and SREs). Today they are private, served only by the default IngressController on the ROSA cluster. We need to decide how they should be accessible on the network (public Internet accessible but RHSSO login required, private network only accessed via backplane or stunnel jump server, etc.)

      Definition of Done:

      • An ACSCS engineer can login to and use ArgoCD, Prometheus, and Grafana on our ROSA clusters.

      Design doc: https://docs.google.com/document/d/1e9Y7kJTpdncJQHMl3eKFTJxGmcgNI8xPhQRq5bqmJII/edit?tab=t.0

              ebenshet@redhat.com Evan Benshetler
              ebenshet@redhat.com Evan Benshetler
              ACS Cloud Service
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: