Skip to content
This repository has been archived by the owner on Jul 2, 2024. It is now read-only.

Commit

Permalink
engineering/managed-services: add generated docs
Browse files Browse the repository at this point in the history
  • Loading branch information
@bobheadxi
bobheadxi committed Jan 10, 2024
1 parent 44284ce commit d06c17a
Show file tree
Hide file tree
Showing 14 changed files with 576 additions and 34 deletions.
4 changes: 4 additions & 0 deletions content/departments/engineering/index.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,10 @@ The Engineering department at Sourcegraph consists of:
- [Our software development lifecycle (SDLC)](sdlc.md)
- [Bi-Weekly Status Updates](bi-weekly-updates.md)

## Resources

- [Managed Services infrastructure](./managed-services/index.md)

## What's in a feature?

For every feature we ship, consider:
Expand Down
55 changes: 55 additions & 0 deletions content/departments/engineering/managed-services/cloud-ops.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
# Cloud Ops Dashboard infrastructure operations

<!--
Generated documentation; DO NOT EDIT. Regenerate using this command: 'sg msp operations generate-handbook-pages'
-->

This document describes operational guidance for Cloud Ops Dashboard infrastructure.
This service is operated on the [Managed Services Platform (MSP)](../teams/core-services/managed-services/platform.md).

If you need assistance with MSP infrastructure, reach out to the [Core Services](../teams/core-services/index.md) team in #discuss-core-services.

## Service overview

| PROPERTY | DETAILS |
|--------------|----------------------------------------------------------------------------------------------------------------------------|
| Service ID | [`cloud-ops`](https://github.com/sourcegraph/managed-services/blob/main/services/cloud-ops/service.yaml) |
| Owners | **cloud** |
| Service kind | Cloud Run service |
| Environments | [prod environment](#prod-environment) |
| Docker image | `us-central1-docker.pkg.dev/control-plane-5e9ee072/docker/apiserver` |
| Source code | [`github.com/sourcegraph/controller` - `cmd/apiserver`](https://github.com/sourcegraph/controller/tree/HEAD/cmd/apiserver) |

## Environments

### prod environment

| PROPERTY | DETAILS |
|----------------|----------------------------------------------------------------------------------------------------|
| Project ID | [`cloud-ops-prod-dd32`](https://console.cloud.google.com/run?project=cloud-ops-prod-dd32) |
| Category | **internal** |
| Resources | [prod Redis](#prod-redis) |
| Alerts | [GCP monitoring](https://console.cloud.google.com/monitoring/alerting?project=cloud-ops-prod-dd32) |
| Domain | [cloud-ops.sgdev.org](https://cloud-ops.sgdev.org) |
| Cloudflare WAF ||

MSP infrastructure access needs to be requested using Entitle for time-bound privileges.
Test environments have less stringent requirements.

| ACCESS | ENTITLE REQUEST TEMPLATE |
|--------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| GCP project read access | [Entitle request for the 'Internal Services' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiNzg0M2MxYWYtYzU2MS00ZDMyLWE3ZTAtYjZkNjY0NDM4MzAzIiwidGhyb3VnaCI6Ijc4NDNjMWFmLWM1NjEtNGQzMi1hN2UwLWI2ZDY2NDQzODMwMyIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
| GCP project write access | [Entitle request for the 'Internal Services' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiZTEyYTJkZDktYzY1ZC00YzM0LTlmNDgtMzYzNTNkZmY0MDkyIiwidGhyb3VnaCI6ImUxMmEyZGQ5LWM2NWQtNGMzNC05ZjQ4LTM2MzUzZGZmNDA5MiIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |

#### prod Cloud Run

| PROPERTY | DETAILS |
|----------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Console | [Cloud Run service](https://console.cloud.google.com/run?project=cloud-ops-prod-dd32) |
| Logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=cloud-ops-prod-dd32) |

#### prod Redis

| PROPERTY | DETAILS |
|----------|-------------------------------------------------------------------------------------------------------------------------|
| Console | [Memorystore Redis instances](https://console.cloud.google.com/memorystore/redis/instances?project=cloud-ops-prod-dd32) |
49 changes: 49 additions & 0 deletions content/departments/engineering/managed-services/cody-analytics.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
# Cody Analytics infrastructure operations

<!--
Generated documentation; DO NOT EDIT. Regenerate using this command: 'sg msp operations generate-handbook-pages'
-->

This document describes operational guidance for Cody Analytics infrastructure.
This service is operated on the [Managed Services Platform (MSP)](../teams/core-services/managed-services/platform.md).

If you need assistance with MSP infrastructure, reach out to the [Core Services](../teams/core-services/index.md) team in #discuss-core-services.

## Service overview

| PROPERTY | DETAILS |
|--------------|--------------------------------------------------------------------------------------------------------------------|
| Service ID | [`cody-analytics`](https://github.com/sourcegraph/managed-services/blob/main/services/cody-analytics/service.yaml) |
| Owners | **cody-strat** |
| Service kind | Cloud Run service |
| Environments | [dev environment](#dev-environment) |
| Docker image | `us-central1-docker.pkg.dev/sourcegraph-dev/cody-analytics/service` |
| Source code | [`github.com/sourcegraph/cody-analytics` - `.`](https://github.com/sourcegraph/cody-analytics/tree/HEAD/.) |

## Environments

### dev environment

| PROPERTY | DETAILS |
|----------------|--------------------------------------------------------------------------------------------------------|
| Project ID | [`cody-analytics-dev-bd34`](https://console.cloud.google.com/run?project=cody-analytics-dev-bd34) |
| Category | **test** |
| Resources | |
| Alerts | [GCP monitoring](https://console.cloud.google.com/monitoring/alerting?project=cody-analytics-dev-bd34) |
| Domain | [cody-analytics.sgdev.org](https://cody-analytics.sgdev.org) |
| Cloudflare WAF ||

MSP infrastructure access needs to be requested using Entitle for time-bound privileges.
Test environments have less stringent requirements.

| ACCESS | ENTITLE REQUEST TEMPLATE |
|--------------------------|--------------------------------------------------------------------------------------------------------------------|
| GCP project read access | no Entitle request needed; all engineers have access to this environment through the 'Engineering Projects' folder |
| GCP project write access | no Entitle request needed; all engineers have access to this environment through the 'Engineering Projects' folder |

#### dev Cloud Run

| PROPERTY | DETAILS |
|----------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Console | [Cloud Run service](https://console.cloud.google.com/run?project=cody-analytics-dev-bd34) |
| Logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=cody-analytics-dev-bd34) |
47 changes: 47 additions & 0 deletions content/departments/engineering/managed-services/gatekeeper.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
# Cody Gatekeeper infrastructure operations

<!--
Generated documentation; DO NOT EDIT. Regenerate using this command: 'sg msp operations generate-handbook-pages'
-->

This document describes operational guidance for Cody Gatekeeper infrastructure.
This service is operated on the [Managed Services Platform (MSP)](../teams/core-services/managed-services/platform.md).

If you need assistance with MSP infrastructure, reach out to the [Core Services](../teams/core-services/index.md) team in #discuss-core-services.

## Service overview

| PROPERTY | DETAILS |
|--------------|------------------------------------------------------------------------------------------------------------|
| Service ID | [`gatekeeper`](https://github.com/sourcegraph/managed-services/blob/main/services/gatekeeper/service.yaml) |
| Owners | **cody-services** |
| Service kind | Cloud Run job |
| Environments | [prod environment](#prod-environment) |
| Docker image | `us.gcr.io/sourcegraph-dev/abuse-ban-bot` |
| Source code | [`github.com/sourcegraph/abuse-ban-bot` - `.`](https://github.com/sourcegraph/abuse-ban-bot/tree/HEAD/.) |

## Environments

### prod environment

| PROPERTY | DETAILS |
|------------|-----------------------------------------------------------------------------------------------------|
| Project ID | [`gatekeeper-prod-1c93`](https://console.cloud.google.com/run/jobs?project=gatekeeper-prod-1c93) |
| Category | **test** |
| Resources | |
| Alerts | [GCP monitoring](https://console.cloud.google.com/monitoring/alerting?project=gatekeeper-prod-1c93) |

MSP infrastructure access needs to be requested using Entitle for time-bound privileges.
Test environments have less stringent requirements.

| ACCESS | ENTITLE REQUEST TEMPLATE |
|--------------------------|--------------------------------------------------------------------------------------------------------------------|
| GCP project read access | no Entitle request needed; all engineers have access to this environment through the 'Engineering Projects' folder |
| GCP project write access | no Entitle request needed; all engineers have access to this environment through the 'Engineering Projects' folder |

#### prod Cloud Run

| PROPERTY | DETAILS |
|----------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Console | [Cloud Run job](https://console.cloud.google.com/run/jobs?project=gatekeeper-prod-1c93) |
| Logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_job%22;summaryFields=labels%252F%2522run.googleapis.com%252Fexecution_name%2522,jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=gatekeeper-prod-1c93) |
81 changes: 81 additions & 0 deletions content/departments/engineering/managed-services/index.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
# Managed Services infrastructure

<!--
Generated documentation; DO NOT EDIT. Regenerate using this command: 'sg msp operations generate-handbook-pages'
-->

These pages contain generated operational guidance for the infrastructure of [Managed Services Platform (MSP)](../teams/core-services/managed-services/platform.md) services.
This includes information about each service, configured environments, Entitle requests, common tasks, monitoring, etc.
In addition to service-specific guidance, [General guidance](#general-guidance) is also available.

MSP is owned by [Core Services](../teams/core-services/index.md), but individual teams are responsible for the services they operate on the platform.

Services are defined in [`sourcegraph/managed-services`](https://github.com/sourcegraph/managed-services), though service source code may live elsewhere.

> [!NOTE]
> This page may be out of date if a service or environment was recently added or updated - reach out to #discuss-core-services for help updating these pages.
## Customer Support

Managed Services Platform services owned by `Customer Support`:

- [Support Integration](./support-integration.md)

## cloud

Managed Services Platform services owned by `cloud`:

- [Cloud Ops Dashboard](./cloud-ops.md)

## cody-services

Managed Services Platform services owned by `cody-services`:

- [Cody Gatekeeper](./gatekeeper.md)

## cody-strat

Managed Services Platform services owned by `cody-strat`:

- [Cody Analytics](./cody-analytics.md)

## core-services

Managed Services Platform services owned by `core-services`:

- [MSP Testbed](./msp-testbed.md)
- [Pings Service](./pings.md)
- [Sourcegraph Accounts](./sams.md)
- [Telemetry Gateway](./telemetry-gateway.md)

## General guidance

### Infrastructure access

For MSP service environments other than `category: test`, access needs to be requested through Entitle.
Test environments are placed in the "Engineering Projects" GCP folder, which should have access granted to engineers by default.

Entitle access to a production MSP project is most easily provisioned through the `mspServiceReader` and custom roles, which provide read-only and editing access respectively.
You can request access to a project in Entitle by following these steps:

- Go to [app.entitle.io/request](https://app.entitle.io/request) and select **Specific Permission**
- Fill out the following:
- Integration: **GCP Production Projects**
- Resource types: **Project**
- Resource: name of MSP project you are interested in
- Role: `mspServiceReader` (or `mspServiceEditor` if you need additional privileges - use with care!)
- Duration: choose your own adventure!

These custom roles are configured [in in the infrastructure repo](https://github.com/sourcegraph/infrastructure/blob/main/gcp/custom-roles/msp.tf).

### Terraform Cloud access

Terraform Cloud (TFC) workspaces for MSP [can be found using the `msp` workspace tag](https://app.terraform.io/app/sourcegraph/workspaces?tag=msp).

To gain access to MSP project TFC workspaces, [log in to Terraform Cloud](https://app.terraform.io/app/sourcegraph) and _then_ [request membership to the `Managed Services Platform Operators` TFC team via Entitle](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjM2MDAiLCJqdXN0aWZpY2F0aW9uIjoiRU5URVIgSlVTVElGSUNBVElPTiBIRVJFIiwicm9sZUlkcyI6W3siaWQiOiJiMzg3MzJjYy04OTUyLTQ2Y2QtYmIxZS1lZjI2ODUwNzIyNmIiLCJ0aHJvdWdoIjoiYjM4NzMyY2MtODk1Mi00NmNkLWJiMWUtZWYyNjg1MDcyMjZiIiwidHlwZSI6InJvbGUifV19).
This TFC team has access to all MSP workspaces, and is [configured here](https://sourcegraph.sourcegraph.com/github.com/sourcegraph/infrastructure/-/blob/terraform-cloud/terraform.tfvars?L44:1-48:4).

Note that you **must [log in to Terraform Cloud](https://app.terraform.io/app/sourcegraph) before making your Entitle request**.
If you make your Entitle request, then log in, you will be removed from any team memberships granted through Entitle by Terraform Cloud's SSO implementation.

For more details, also see [creating and configuring services](https://github.com/sourcegraph/managed-services#operations).
Loading

0 comments on commit d06c17a

Please sign in to comment.