Meeting with Denis Galajda (Unlicensed)
November 29, 2022
Core Foundation
Core Foundation - Handover Notes
- What are the current tasks being worked in old dev environment? What needs to be considered before deleting it? Aleksandr Kanaev (Unlicensed)
- Covered in AppFoundation session vol 3. (timestamp: 1:15:18)
- Link to Documentation - How does argocd connects via proxy - in relation with terraform agents. Aleksandr Kanaev (Unlicensed) → covered on sessions 1 & 2;
- Covered in Sessions 1 & 2 of Data Foundation - link the video (Denis)
- Link to Documentation - Confluent cloud networking in shared vpc, check with Peter Kmec (Unlicensed)
- Confirmation -
safibank.internal
we don't use this anymore? - do we plan on using this in the future? We are not using this. We can doublecheck with Aleksandr Kanaev (Unlicensed) - Covered today - link the video and timestamp (Denis)
- Link to Documentation - What are the different external and internal load balancers that are deployed and how are they connected and communicating? c/o Aleksandr Kanaev (Unlicensed)
- Covered today - link the video and timestamp (Denis)
- Link to Documentation - How are we achieving/generating the ssl certificate creation through zerossl for the private load balancers Aleksandr Kanaev (Unlicensed) →ZeroSSL
- Covered today - link the video and timestamp (Denis)
Core Banking
- For TM 4 testing in the old dev env, kindly check with Pavol Antalík (Unlicensed) what are the last updates and what needs to be turned over with BharathKumar D
- Oauth testing on TM 4 - Status by Friday and what needs to be done next. c/o Peter Kmec (Unlicensed) and Pavol Antalík (Unlicensed)
- OAUTH is implemented on confluent-dev and also confluent-brave, TM4.4.1 communicating via OAUTH successfully. There are still issues with config we have to do ourselves (topics & acls) According support and responses we are getting, TM team never used Confluent Cloud, they did just connection POC.
Data Foundation
- Link to Documentation - Updated Doc on Confluent Cloud Setup Peter Kmec (Unlicensed)
- Link to Documentation - Confluent Cloud User Management (adding devs, the process itself that was shared in slack needs to go in Confluence) Peter Kmec (Unlicensed)
- Link to updated doc - For kafka-connect - Deploy Kafka-Connect in GKE Cluster for Confluent-Cloud but need to be updated that should also cover setting up the topics and schemas Peter Kmec (Unlicensed)
- Link to doc regarding TF custom ccloud provider Peter Kmec (Unlicensed)
- Link to Doc - How to scale connectors and the current task on oauth in confluent cloud. Peter Kmec (Unlicensed)
- Link to Doc - POC of Alloydb Karapet Andreasyan (Unlicensed) EOW
- please follow comment in SAF-214 - POC - AlloyDB Cluster for Applications Done
- Link to the Documentation on what is currently setup and implemented in GCP or outside GCP for Data Team. - BQ, CFN, Pub/Sub, Vertex AI(Jupyter notebook- API ) Sergei Teteriukov (Unlicensed)
- PubSub, BigQuery, Google functions documentation: Data Team: PubSub, BigQuery, Google Functions, Vertex AI Feature store
- Any Ably Documentation for DevOps related tasks? - creation of environments and keys has been automated - only manual is ios certs, firebase keys Karapet Andreasyan (Unlicensed)
- Link to Doc - Sergei Teteriukov (Unlicensed) tasks on firebase automation. EOW
GHA pipeline to build custom terraform provider?
Meiro Connectivity to confluent cloud kafka(proxy)?
Monitoring for kafka topics on confluent cloud
issue with the confluent cloud brave multi-region/single-region partitions/ replicaset
App Foundation
- Link to Documentation - BOFE onboarding, how to add users for BOFE and map the roles and groups
- Covered in AppFoundation session vol 3. (timestamp: 1:09:44)
- Aleksandr Kanaev (Unlicensed) to briefly document (if any time left - low priority as it was already covered in sessions)
- Link to updated doc - How argocd was setup and others mentioned during the handover
- Update complete
- Aleksandr Kanaev (Unlicensed) provide docs link
- Argo CD
- Link to updated doc - Monitoring stack, how each components are connected to one another
- Update done (In review - to be confirmed)
- Aleksandr Kanaev (Unlicensed) provide docs link→Self-managed Monitoring Stack Tempo Logging (applications in cluster)
- Link to updated doc - Okta implementation
- User management part update by Aleksandr Kanaev (Unlicensed)
- Peter Kmec (Unlicensed) to update based on the changes related to Confluent
- Provide the link to docs Aleksandr Kanaev (Unlicensed) → Okta
- Link to updated doc - Github Actions setup (?), github runners (to be updated), current issues - Aleksandr Kanaev (Unlicensed)
- Github Actions available information (link program docs, path in code) Aleksandr Kanaev (Unlicensed)→GitHub Action
- github runners docs Aleksandr Kanaev (Unlicensed) →GitHub Actions self-hosted runners
- provide link to docs Aleksandr Kanaev (Unlicensed)
- Link to updated doc - CICD Vault - current setup implementation - Aleksandr Kanaev (Unlicensed)
- Update docs and share the link Aleksandr Kanaev (Unlicensed) → CICD Vault
- Do we have any documentation on specific security processes we implemented? (tf scan(trivy scan), kms etc) → check with Aleksandr Kanaev (Unlicensed) (Trivy, Threatmapper and others) and Gregor Zaťko (Unlicensed) (Sentinel policies)
- Implemented processes covered today - link the video and timestamp (Denis)
- Docs on ThreatMapper Mahmudul Hasan (Unlicensed) → Self Managed Vulnerability Scanner - ThreatMapper
- Docs on Trivy Aleksandr Kanaev (Unlicensed) → Vulnerability scan
- Docs on Sentinel policies Gregor Zaťko (Unlicensed) (Ondřej Wantula (Unlicensed) to review) → Sentinel policies
- Link docs for other tools involved Aleksandr Kanaev (Unlicensed)
Others
- All tickets in Devops VL - https://safibank.atlassian.net/wiki/spaces/ITArch/pages/220594185/Engineering+handover+-+Devops#Open-VL-tickets
- Add comment per each assigned item (Implementation or SRE ticket) In Progress (or Blocked, In Review) that will remain open on/past Fri, Dec 2, 2022 - on what's pending/needs to be done next
- Aleksandr Kanaev (Unlicensed) all open tickets commented
- Ondřej Wantula (Unlicensed) all open tickets commented
- Peter Kmec (Unlicensed) all open tickets commented
- Pavol Antalík (Unlicensed) all open tickets commented
- Sergei Teteriukov (Unlicensed) all open tickets commented
- Karapet Andreasyan (Unlicensed) all open tickets commented
- Mahmudul Hasan (Unlicensed) all open tickets commented
- Gregor Zaťko (Unlicensed) all open tickets commented
- All VAPT related issues - https://safibank.atlassian.net/wiki/spaces/ITArch/pages/220594185/Engineering+handover+-+Devops#Bugs%2FVAPT-findings
- Any outstanding plans/issues/discussion Peter Luknar was working on/and planning prior from announcement of end of contract with VL (Peter Luknár (Unlicensed) )
Credentials/Admin Access
- All handed over
Name of Tool | Handed over? (y/n) | Who was/were the person/s to whom access was transferred? | Path to Vault where we can find the credentials? |
---|---|---|---|
GCP Org Owner | Yes | N/A | |
Terraform Owner | Yes | N/A | |
Github | Already Owner | N/A | |
Argocd Root Token | Yes | N/A | |
HCV Keys/Tokens | Yes | BharathKumar D Lucky La Torre (Unlicensed) Fol Justin Lacsina (Unlicensed) | N/A, the token was shared privately |
Okta Admin | Already Owner | N/A | |
Cloudflare | Already Owner | N/A | |
Vault CICD Root Token | Yes | Fol Justin Lacsina (Unlicensed) Lucky La Torre (Unlicensed) BharathKumar D | kubectl get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" -n argocd | base64 --decode Covered in AppFoundation session vol 2. (timestamp: 43:10) |
Confluent Cloud Kafka Admin/Owner | Already Owner | N/A | |
Threatmapper | Yes | N/A | |
Zerossl | Already Owner | N/A | |
SaFi implementation DevOps boards | Yes | N/A |