kyma-project / application-connector-manager Goto Github PK
View Code? Open in Web Editor NEWLicense: Apache License 2.0
License: Apache License 2.0
We need to create new Dashboard in Grafana to monitor the state of Application Connector modules on the whole KCP landscape
The set of displayed metrics is about to be defined.
Description
The module must contain the Compass Runtime Agent
Acceptance criteria
Description
This issue is a follow-up to #6. The documentation of the AC module must be updated to the current state of the module.
Area
Reasons
Currently, not all features are available in the module. As soon as they are, they must be documented.
AC
**NOTE:** At this stage of development, the ApplicationConnector Custom Resource Definition (CRD) contains only one parameter for testing.
from README01-10-installation.md
doc05-10-application-connector-chart.md
docAssignees
A violation against the OSS Rules of Play has been detected.
Rule ID: rl-license_file-1
Explanation: Does it have a license file? No
Find more information at: https://sap.github.io/fosstars-rating-core/oss_rules_of_play_rating.html
A violation against the OSS Rules of Play has been detected.
Rule ID: rl-reuse_tool-1
Explanation: Does README mention REUSE? No
Find more information at: https://sap.github.io/fosstars-rating-core/oss_rules_of_play_rating.html
Also described in detail here.
At the moment the GH Action running integration tests k3d can fail on PR and it does not prevents the code merge.
Description
The application-connector-manager needs to detect if Istio is installed on the cluster during installation of application-connector.
Acceptance criteria
If Istio is missing application-connector CR must be set to Error state, and provide the clear message what is missing.
After Istio is installed the application-connector-manager should resume installation.
Description
Implement tests integrating external Java application with Kyma.
We do not have an automated test for testing such integrations and we want to track such scenarios.
Reasons
There are some integrations written in Java that are working with Kyma. The main reason is we want to make sure that we do not break any existing integrations.
We need to use the solution Hasselhoff team prepared.
AC
Description
We need to setup Application Connector Istio Gateway with correct cluster domain name. In existing POC the gateway hostname is statically set to some example value.
hosts:
- "gateway.kyma.example.com"
This will require modify yaml object installed by the operator.
Acceptance criteria
Suggestion:
For the host name use value passed in Module CR, when missing use value from Istio kyma-gateway
This functionality should be implemented if we decide to enable the module with using old reconciler.
That means that Compass Manager was not ready on control plane to create Compass Connection token for enabled module at the checkpoint time.
In such a case we want to install only the Operator that will install all services for the module to avoid dependency to Istio module.
When Istio is missing - we cannot install Application Connector module but at the same time we must ensure that Runtime Agent
service is enabled to used one time token before it expires.
We should make sure that operator is able to detect missing Istio install only Runtime Agent
service from the module.
Description
I observed following problem with central-application-connectivity-validator
service after hpa scales it under high load of events - pods are created correctly but new replicas cannot get any http requests. When initially scaled - all replicas get requests. We need to investigate and fix it.
This issue might be happening because of multiple reasons:
This issue can be done as part of the migration of validator into Kyma module
Description
We need to implement Application Connector Operator responsible for deploying Application Connector components.
Acceptance criteria:
Reasons
This issue is a part of this epic.
Description
Application Gateway must cache Kubernetes API server calls to improve performance. The following objects data must be cached:
Reasons
Some experiments were performed to understand the performance characteristics of the Application Gateway. Mock target API deployed inside Kubernetes cluster was used to measure operations performed by the Application Gateway. The experiments were performed with ddosify tool.
Although Application Gateway uses Horizontal Autoscaling, the experiments revealed that the maximal number of request per second was much smaller than expected. Analysis shown that the problem is directly caused by long response time of Kubernetes API server calls.
Depends on
#118 - if load test shows we are performing well, adding a caching layer could become obsolete
Description
We need to fix the repository code to make it reuse compliant.
More details be found on the page
Copyright and licensing information must be added some files in the project.
Description
After Enabling Compass Manager on KCP we are finally ready to make Runtime Agent the part of Application Connector module.
This task will include:
Required for first release:
application-connector-manager
compass-agent-configuration
(the Compass Runtime Agent's deployment is scaled to zero when the secret with the configuration doesn't exist)
Rollout of ACM:
Since Kyma 2.15 ECDHE-RSA-AES256-SHA
and ECDHE-RSA-AES128-SHA
cipher suites are deprecated because of Kyma security team recommendations.
In Kyma 2.19 they were removed from kyma-gateway
.
We should follow that change and adjust Application Connector Istio gateway to remove deprecated cipher suites from it .
For more details:
Kyma 2.19 release notes - https://github.com/kyma-project/kyma/releases/tag/2.19.0
Issue for Kyma Gateway - kyma-project/kyma#17616
Pull request for Kyma Gateway - kyma-project/kyma#18085
A violation against the OSS Rules of Play has been detected.
Rule ID: rl-reuse_tool-3
Explanation: Is it registered in REUSE? No
Find more information at: https://sap.github.io/fosstars-rating-core/oss_rules_of_play_rating.html
Acceptance criteria
At this point we think there is no need to do anything. The migration is not needed as:
Description
Components in kyma-system
must have sidecar.istio.io/inject
set to true by default to work correctly. After installing Central-Application-Gateway on the cluster, we can observe that the deployment (on the cluster) in the labels section has the entry sidecar.istio.io/inject: "false"
, and in the annotations section has sidecar.istio.io/inject: "true"
. The deployments.yaml file for Central-Application-Gateway contains only an entry for Istio sidecar in the annotations section set to true. This condition makes Central-Application-Gateway have sidecar disabled by default.
Central-Application-Gateway deployment.yaml
metadata:
annotations:
sidecar.istio.io/inject: "true"
labels:
app: {{ .Chart.Name }}
release: {{ .Release.Name }}
Actual deployment on cluster
metadata:
creationTimestamp: null
labels:
app: central-application-gateway
release: application-connector
sidecar.istio.io/inject: 'false'
annotations:
sidecar.istio.io/inject: 'true'
After investigating, I discovered that in Busola, in the deployment edit window, there is a switch that can change the value of the sidecar.istio.io/inject
entry from true to false. However, it adds/modifies the Istio entry only in the label section.
Kyma version: 2.7.0
Kubernetes version: v1.22.12
Expected result
sidecar.istio.io/inject is set to true by default
Actual result
sidecar.istio.io/inject is set to false by coincidences
Steps to reproduce
Deploy a Kyma on the fresh cluster, and check if the Istio sidecar is properly configured and enabled on Central-Application-Gateway
Description
There is a bunch of fields in Application CRD that were introduced before Kyma 2.x and are no longer used (e.g. fields previously used by Application Broker). Those fields must be removed and Application CRD client regenerated.
Reasons
We must clean up Application CRD to reduce maintenance effort
Description
Configure a markdown link checker that will ensure that links we use in our *.MD files are valid.
Reasons
Attachments
/area documentation
/area application-connector
/kind feature
A violation against the OSS Rules of Play has been detected.
Rule ID: rl-license_file-1
Explanation: Does it have a license file? No
Find more information at: https://sap.github.io/fosstars-rating-core/oss_rules_of_play_rating.html
Description
We need to create validation logic for the cluster domain provided in App Connector Custom resource.
It is a good idea to build such a logic as validation webhook inside application-connector-manager service with endpoint
If there is no provided domain value, or provided domain cannot be parsed, we replace it with cluster domain taken from the kubernetes cluster.
Reasons
We need to provide fallback mechanism for setting the correct cluster domain if user does not provide any.
Attachments
It is follow up story of #23
We need to define this task after Operational Awareness workshop is complete.
Description
Application-connector-module-manager must react on the change of app-connector CR and update application-connector module deployments accordingly.
For this feature we may need to make a dedicated templating mechanism for applied yaml objects.
A violation against the OSS Rules of Play has been detected.
Rule ID: rl-vulnerability_alerts-1
Explanation: Are vulnerability alerts enabled? No
Find more information at: https://sap.github.io/fosstars-rating-core/oss_rules_of_play_rating.html
A violation against the OSS Rules of Play has been detected.
Rule ID: rl-reuse_tool-4
Explanation: Is it compliant with REUSE rules? No
Find more information at: https://sap.github.io/fosstars-rating-core/oss_rules_of_play_rating.html
Reason
We want to be secure and compliant with the release process
Description
Connect Application Connector Manager to security scanners
Acceptance Criteria
A violation against the OSS Rules of Play has been detected.
Rule ID: rl-vulnerability_alerts-1
Explanation: Are vulnerability alerts enabled? No
Find more information at: https://sap.github.io/fosstars-rating-core/oss_rules_of_play_rating.html
Description
We must introduce benchmarks that exercise Application Connector including all authorisation methods. The benchmarks should have similar structure and test cases to the Application Connector tests.
Reasons
In order to be able to spot performance regression we need to automate benchmarking. Some part of the existing tests can be used, such as mock services.
Related issues: #150 .
A violation against the OSS Rules of Play has been detected.
Rule ID: rl-reuse_tool-2
Explanation: Does it have LICENSES directory with licenses? No
Find more information at: https://sap.github.io/fosstars-rating-core/oss_rules_of_play_rating.html
Description
At the moment application-connector-manager
does not use any custom linter configuration for checking the code on GH Action CI. As a result GH Action golangci-lint
job is running with default settings. We should create our own configuration and put it into golangci.yml
file in the root of the project.
As a base we can use existing configs from lifecycle-manager , nats-manager or compass-manager as a base.
We should make sure that all linter checks are passed, and adjust the code accordingly.
Reasons
Custom linter configuration will allow us to maintain higher standards of the code quality.
When Application Connector Module finalizers block deleting of istio module to remove, the user should be notified about it.
Description
In POC of the Application connector module metrics are not correctly collected by Horizontal Pod Autoscaler objects. Following errors are logged in HPA object status section:
Warning FailedComputeMetricsReplicas 2s horizontal-pod-autoscaler invalid metrics (1 invalid out of 1), first error is: failed to get cpu resource metric value: failed to get cpu utilization: unable to get metrics for resource cpu: no metrics returned from resource metrics AP
Acceptance criteria
Metrics should be correctly collected and deployments should be scaled according to HPA configuration.
Ensure there is no expired issues in the Security dashboard for Application Conenctor Module and provide screenshot as evidence for release process
Acceptance criteria:
PR: #45
Description
Application Connector needs to be moved to the modular architecture according to this concept.
Reasons
Application Connector should be more independent so that it must be possible to install, upgrade and operate it separately without dependencies on other Kyma modules.
Acceptance criteria
Release 1.0.0:
Release 1.1.0:
Prerequisites:
Workplan:
Until the end of September, Release MVP:
Release required tasks, until 25 October: Milestone 1.0.0
Release hardening, until mid of November: Milestone 1.1.0
Until the end of November: Milestone 1.2.0
Stretch:
Consider to close as non-relevant:
Additional information
Description
There are some small documentation bugs in the README file that could be improved.
Area
Reasons
Assignees
Attachments
Description
To be ready for the go-live, we have to create an on-call guide for the Application Connector Manager. This is also a pre-requisite for the Microdelivery of the Application Connector Manager.
Possible location for the on-call guide: https://github.tools.sap/kyma/documentation/tree/main/kyma-internal/on-call-guides/mps
AC:
Area
Reasons
Mandatory pre-requisite before we can go-live and part of the SAP Product Standards.
Assignees
@kyma-project/technical-writers
Attachments
Include all charts of Compass Runtime Agent into yaml file of the application-connector Kyma module .
Acceptance criteria
Description
It'd be useful for our users to have a more detailed doc describing the AC Validator
Area
Reasons
Assignees
Attachments
Goal
Integrate our module with module-manager.
Reasons
Testing module on SKR
Attachments
A violation against the OSS Rules of Play has been detected.
Rule ID: rl-reuse_tool-4
Explanation: Is it compliant with REUSE rules? No
Find more information at: https://sap.github.io/fosstars-rating-core/oss_rules_of_play_rating.html
Description
The code of the application connector-manager reconciller in the directory kyma-project/application-connector-manager/pkg/reconciler
should be fully covered with Unit Tests
Description
For the new modularization approach, we need documentation that is common for all the modules, e.g. general description (landing page), getting started, module configuration, etc.
AC
Reasons
Assignees
@kyma-project/technical-writers
Attachments
kyma-project/kyma#16421
Acceptance criteria
We need to document the release process for the Application Connector module,
Acceptance criteria
Must be reliable
Must be documented
Must be quick - be able to release in 2h since the fix is prepared
Must be finally discussed and approved with @zhoujing2022
Technical review
Language review (in progress)
adapt to review remarks
@zhoujing2022 review (in progress)
adapt to review remark
Process verification
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.