Code Monkey home page Code Monkey logo

ephemeral.run's Introduction

ephemeral.run

CI ephemeral.run website Release Version License

ephemeral.run logo

ephemeral.run is an open-source project created by @OpenGov and @infracloudio to provide development teams with full application environments for every PR – before merging!

On 14 October 2020 we introduced ephemeral.run at a CNCF community webinar. The slides and recording can be viewed here.

Getting Started

Read GETTING-STARTED.md to... get started.

Contributing

We're just getting started, so star the repo, open issues, open PRs, and we'll slowly build this topic out.

Our maintainers (admins) are:

Note that this repository's configuration and permissions are managed by Terraform (maintained by @jspiro). Changes must never be made in the GitHub UI.

Design Goals

These were the design goals we started with:

  • Minimal per-environment cost that scales linearly with your team
  • Environments are "real" (not faked) and reflective of production
  • Easy to use and convenient for everyone, not just developers
  • Minimally complex configuration, fewer moving parts, prefer OSS reuse over "not invented here"
  • Left-shift as much development and testing as possible to be pre-merge

Anti-goals:

  • Performance: While we want these to be fast to start, they can only be so fast while meeting the above goals

Roadmap

These are sorted by what we feel provides the broadest value to teams. Over time we'd like to migrate to a better document format like this or use GitHub Projects. (If you're a good project manager, help us out!)

  • A generic, fork-friendly framework with simplified configuration DSL/templates.
    • Skaffold is powerful but verbose and easy to miswire. Not everyone needs that flexibility.
  • A loving and proactive @runbot (like GitHub's @dependabot)
  • BotKube integration for ChatOps
  • Suspend/Resume: Scale down compute indefinitely while retaining data
  • Dynamic TTLs on cluster resources
  • Local-to-remote telepresence: Connect a locally running service in an IDE to a remote cluster
  • CI integration
    • Wait for CI to finish building before starting, or launch/manage an environment from a pipeline
  • Smarter Pod scheduling to optimize autoscaling
    • Run the fewest number of nodes necessary and schedule with MostRequestedPriority or other tricks. The default spread behavior can keep all our nodes online for only one environment.
  • Centralized Control Plane with UI
  • Usage reporting and analytics
  • Budgeting policies
    • Dynamically control the number of environments and autoscalers

Logo

Our logo was designed by @torymartin88 (torymartin.com).

Licensing

ephemeral.run is licensed under the Apache License, Version 2.0. See LICENSE for the full license text.

ephemeral.run's People

Contributors

jspiro avatar gchaware avatar soulshake avatar asoni90 avatar og-terraform avatar sahil-lakhwani avatar skanade1 avatar vishal-biyani avatar mayurcrewale avatar

Stargazers

Daniel Corneschi avatar avatar Hashfyre avatar Grégory Faruch avatar avatar Gerald avatar Jon Hester avatar Amos Adekunle Ezekiel avatar avatar Travis Hampton avatar avatar Erick Oliveira avatar F. Kiss avatar Tim Sandquist avatar Marcio Mansur avatar Thorsten Klein avatar Kristoffer-Andre Kalliainen avatar Carlos Roberto Marques Junior avatar avatar Batuhan Apaydın avatar David Guyon avatar Florian Wilhelm avatar Marc Carmier avatar Antonio Muñoz avatar Viacheslav Vasilyev avatar Rimantas (Rimas) Mocevicius avatar Javier Juarez avatar Chandu Paladugu avatar krishnath poologanathan avatar Jacob Beltran avatar Cristen Jones avatar Paul Sherer avatar Aarat Nathwani avatar George Saadeh avatar Cqshinn avatar Hans-Jörg Wieland avatar avatar Anthony avatar Tristan Keen avatar Bhargav Tarpara avatar Cameron Yick avatar Gaurav Ashtikar avatar Todd Fast avatar Arvind Naidu avatar Daniel Bryant avatar Philipp B. avatar Joey Freeland avatar Karim Memon avatar Stephan Deumier avatar Exuper O. avatar Matthew Cooper avatar Sheldon Rupp avatar David Wooldridge avatar avatar Mriyam Tamuli avatar ayoub avatar Jack Williams avatar Li Shing To avatar avatar Engin Diri avatar 爱可可-爱生活 avatar Sanket Sudake avatar chakra j avatar Mahendra Bagul avatar Diego Rodriguez avatar Jose Cedeno avatar Cade Markegard avatar Matt Jiles avatar Morgan Keys avatar Ashwin Jayaprakash avatar Nijat Mahmudov avatar Jeferson Huan avatar avatar avatar Sako M avatar Amit Mahbubani avatar avatar Brandon High avatar Harsh Thakur avatar Anjul Sahu avatar Chetan Deshmukh avatar Ashish Bijlani avatar Charles Sullivan avatar Andy Slezak avatar

Watchers

Richard Baker avatar Michael Silveira avatar avatar Jose Cedeno avatar Todd Lemoine avatar Jeremiah Hall avatar James Cloos avatar Todd Fast avatar Alexey Dmitriyev avatar avatar Chase Martin avatar Chris Koskey avatar Jim avatar Javier Rivas avatar Noah Conley avatar Matt Bangert avatar Dan Nakhla avatar Brian avatar Stuart Cianos avatar Chad Miller avatar Chad Asbjornsen avatar Carlos Roberto Marques Junior avatar avatar Andreiev Mykyta avatar avatar avatar Jay Guo avatar Andrew Reder avatar Nick avatar Bill Leece avatar Marie Azcueta avatar Mano Kovacs avatar avatar Brian avatar Sébastien Allamand avatar Ihor Lavryk avatar Sullivan Valaer avatar David Suski avatar avatar Roman Kanafotskyi avatar Nataliia Salinko avatar Nicolas Meller avatar Oleksandr Moroz avatar avatar avatar Jacob Coker-Dukowitz avatar avatar Facundo avatar Johannes Schmidt avatar Alexey Voronenko avatar Alex Plotnikov avatar avatar Himanshu Tiwari avatar Ayesha Saha avatar Joshua Chumbley avatar Suraj Ghodke avatar avatar Sako M avatar avatar avatar Ashish J. Chougule avatar Nitu avatar avatar

Forkers

sahil-lakhwani amitmahbubani soulshake bagulm123 enixdark clix-dev-llc devopstoday11 himadri518 dasrodriguezs highb t-velmachos

ephemeral.run's Issues

Default instance type t2.medium insufficient for demo repo

Deployments always fail as follows:

+ skaffold deploy -p ephemeral-deployment -f skaffold.yaml --build-artifacts=default-tags.json
Tags used in deployment:
 - soulshake/front-end -> soulshake/front-end:main
Starting deploy...
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /home/runner/.kube/config
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /home/runner/.kube/config
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /home/runner/.kube/config
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /home/runner/.kube/config
Release "microservice-demo-pr-front-end-2" has been upgraded. Happy Helming!
NAME: microservice-demo-pr-front-end-2
LAST DEPLOYED: Sat Oct 17 17:05:12 2020
NAMESPACE: pr-front-end-2
STATUS: deployed
REVISION: 2
TEST SUITE: None
Waiting for deployments to stabilize...
 - pr-front-end-2:deployment/carts-db is ready. [12/13 deployment(s) still pending]
 - pr-front-end-2:deployment/queue-master: running [kubectl --context ephemeral-demo-spot rollout status deployment queue-master --namespace pr-front-end-2 --watch=false]
 - stdout: ""
 - stderr: "error: deployment \"queue-master\" exceeded its progress deadline\n"
 - cause: exit status 1
 - pr-front-end-2:deployment/queue-master failed. Error: running [kubectl --context ephemeral-demo-spot rollout status deployment queue-master --namespace pr-front-end-2 --watch=false]
 - stdout: ""
 - stderr: "error: deployment \"queue-master\" exceeded its progress deadline\n"
 - cause: exit status 1.
12/13 deployment(s) failed
 - pr-front-end-2:deployment/carts: running [kubectl --context ephemeral-demo-spot rollout status deployment carts --namespace pr-front-end-2 --watch=false]
 - stdout: ""
 - stderr: "error: deployment \"carts\" exceeded its progress deadline\n"
 - cause: exit status 1
 - pr-front-end-2:deployment/carts failed. Error: running [kubectl --context ephemeral-demo-spot rollout status deployment carts --namespace pr-front-end-2 --watch=false]
 - stdout: ""
 - stderr: "error: deployment \"carts\" exceeded its progress deadline\n"
 - cause: exit status 1.
Error: Process completed with exit code 1.

This seems to be because t2.medium instances can run up to 17 pods. The demo project has 13; these plus the services of the ephemeral.run repo exceed the maximum, so new pods remain forever in Pending, causing the deployment to time out and fail.

It would be nice to check for this situation or document workarounds (add a node, increase the desired ASG size, change default instance type, etc).

Hardcoded AWS account ID in variables.tf

The Configure Access to EKS cluster workflow step always fails at kubectl get ns with error: You must be logged in to the server (Unauthorized).

Github actions apparently (even when it's not defined as a secret?) automatically replaces the account ID with *** in log output so this was finally tracked down by running kubectl --namespace=kube-system describe configmaps aws-auth and noticing an unfamiliar account ID, which I then found hardcoded in variables.tf.

Improve GETTING-STARTED.md

Hi and thanks for your work on this promising project!

I'll use this issue to document a few of the stumbling blocks I encountered when trying this out for the first time.

Secrets

This document says to create two forks, front-end and ephemeral.run.

A following step says "Set the following secrets on your fork" but it's not clear which secrets need to go on which forked repo.

The intended values of the following secrets is unclear:

  • DOCKERHUB_REPOSITORY -- it's not clear if this should be hub.docker.com/repository/registry-1.docker.io/soulshake/front-end/, soulshake/front-end, just soulshake, or what
  • DOCKERHUB_USERNAME, DOCKERHUB_PASSWORD -- these are clear enough; however, it seems that the front-end repo is actually expecting to find DOCKER_USER and DOCKER_PASS
  • GIT_HUB_ACCESS_TOKEN -- what permissions are required?
  • AWS_CLUSTER_NAME -- corresponds to terraform output value cluster_name
  • IAM_CLUSTER_USER -- it seems this is supposed to be the AWS_ACCESS_KEY_ID of the ephemeral-gha-user, corresponds to the terraform output value of ephemeral-gha-user_iam_creds_id
  • IAM_CLUSTER_PASSWORD -- it seems this is supposed to be the AWS_SECRET_ACCESS_KEY of the ephemeral-gha-user, corresponds to the terraform output value of ephemeral-gha-user_iam_creds_secret

Non-secret secrets

It would be preferable to use something other than Github secrets to store the non-secret items, as all "secrets" are obfuscated in the action logs, making it harder to debug.

Other variables

It seems there are some additional variables that need to be updated in the workflow files (AWS_REGION, repository paths for create-or-update-comment steps, KUBE_CONTEXT?, etc).

KUBE_CONTEXT in particular was confusing -- to me, the name implies that it should be set to e.g. arn:aws:eks:ap-south-1:ACCOUNT_ID:cluster/ephemeral-demo-spot (as it appears in kubectl config get-contexts) but it seems it's actually supposed to be the short cluster name, e.g. ephemeral-demo-spot ?

Workflow files / front-end repo changes needed

GETTING-STARTED.md says to fork microservices-demo/front-end but that repo doesn't have the Github actions that actually trigger the build (see diff). The doc should either instead point to OpenGov/front-end or document the workflow yaml files that need to be added.

It's actually not clear (without some investigation) which workflow files need to go on which repo.

WIP

(Will continue to gather feedback for this issue, and will be happy to create a PR, however it might be preferable to rename some of these variables instead)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.