search

2i2c-org / infrastructure

Infrastructure for configuring and deploying our community JupyterHubs.
https://infrastructure.2i2c.org
BSD 3-Clause "New" or "Revised" License
103 stars 63 forks source link

Is GCP config connector actively used or should be cleaned up (Requests 620m CPU) #2186

Closed consideRatio closed 1 year ago

consideRatio commented 1 year ago

Looking at GCP node pools, i see two core node pool pods in the GCP GKE cluster in the two-eye-two-see project, while only one would have been needed unless we requested 620m CPU from the config connector. So, is cnfig connector stuff used still, or was it something we experimented with and stopped using?

Name Status CPU requested Memory requested Storage requested Namespace Restarts Created on
cnrm-webhook-manager-d48686cb-x7ph7 Running 250 mCPU 134.22 MB 0 B cnrm-system 0 14 Dec 2022, 07:00:13
cnrm-deletiondefender-0 Running 250 mCPU 1.07 GB 0 B cnrm-system 0 14 Dec 2022, 07:00:16
cnrm-resource-stats-recorder-85c5876968-pqsw2 Running 20 mCPU 67.11 MB 0 B cnrm-system 0 14 Dec 2022, 07:00:26
configconnector-operator-0 Running 100 mCPU 536.87 MB 0 B configconnector-operator-system 0 14 Dec 2022, 06:59:50

Related

consideRatio commented 1 year ago

Using this query, I conclude that we are using config connector still. The question then becomes if we should, or if we should migrate to using terraform.

kubectl get accesscontextmanageraccesslevels.accesscontextmanager.cnrm.cloud.google.com,accesscontextmanageraccesspolicies.accesscontextmanager.cnrm.cloud.google.com,accesscontextmanagerserviceperimeters.accesscontextmanager.cnrm.cloud.google.com,artifactregistryrepositories.artifactregistry.cnrm.cloud.google.com,bigquerydatasets.bigquery.cnrm.cloud.google.com,bigqueryjobs.bigquery.cnrm.cloud.google.com,bigquerytables.bigquery.cnrm.cloud.google.com,bigtableappprofiles.bigtable.cnrm.cloud.google.com,bigtablegcpolicies.bigtable.cnrm.cloud.google.com,bigtableinstances.bigtable.cnrm.cloud.google.com,bigtabletables.bigtable.cnrm.cloud.google.com,binaryauthorizationattestors.binaryauthorization.cnrm.cloud.google.com,binaryauthorizationpolicies.binaryauthorization.cnrm.cloud.google.com,cloudbuildtriggers.cloudbuild.cnrm.cloud.google.com,cloudidentitygroups.cloudidentity.cnrm.cloud.google.com,cloudidentitymemberships.cloudidentity.cnrm.cloud.google.com,cloudschedulerjobs.cloudscheduler.cnrm.cloud.google.com,computeaddresses.compute.cnrm.cloud.google.com,computebackendbuckets.compute.cnrm.cloud.google.com,computebackendservices.compute.cnrm.cloud.google.com,computedisks.compute.cnrm.cloud.google.com,computeexternalvpngateways.compute.cnrm.cloud.google.com,computefirewallpolicies.compute.cnrm.cloud.google.com,computefirewallpolicyrules.compute.cnrm.cloud.google.com,computefirewalls.compute.cnrm.cloud.google.com,computeforwardingrules.compute.cnrm.cloud.google.com,computehealthchecks.compute.cnrm.cloud.google.com,computehttphealthchecks.compute.cnrm.cloud.google.com,computehttpshealthchecks.compute.cnrm.cloud.google.com,computeimages.compute.cnrm.cloud.google.com,computeinstancegroupmanagers.compute.cnrm.cloud.google.com,computeinstancegroups.compute.cnrm.cloud.google.com,computeinstances.compute.cnrm.cloud.google.com,computeinstancetemplates.compute.cnrm.cloud.google.com,computeinterconnectattachments.compute.cnrm.cloud.google.com,computenetworkendpointgroups.compute.cnrm.cloud.google.com,computenetworkpeerings.compute.cnrm.cloud.google.com,computenetworks.compute.cnrm.cloud.google.com,computenodegroups.compute.cnrm.cloud.google.com,computenodetemplates.compute.cnrm.cloud.google.com,computepacketmirrorings.compute.cnrm.cloud.google.com,computeprojectmetadatas.compute.cnrm.cloud.google.com,computereservations.compute.cnrm.cloud.google.com,computeresourcepolicies.compute.cnrm.cloud.google.com,computerouterinterfaces.compute.cnrm.cloud.google.com,computerouternats.compute.cnrm.cloud.google.com,computerouterpeers.compute.cnrm.cloud.google.com,computerouters.compute.cnrm.cloud.google.com,computeroutes.compute.cnrm.cloud.google.com,computesecuritypolicies.compute.cnrm.cloud.google.com,computeserviceattachments.compute.cnrm.cloud.google.com,computesharedvpchostprojects.compute.cnrm.cloud.google.com,computesharedvpcserviceprojects.compute.cnrm.cloud.google.com,computesnapshots.compute.cnrm.cloud.google.com,computesslcertificates.compute.cnrm.cloud.google.com,computesslpolicies.compute.cnrm.cloud.google.com,computesubnetworks.compute.cnrm.cloud.google.com,computetargetgrpcproxies.compute.cnrm.cloud.google.com,computetargethttpproxies.compute.cnrm.cloud.google.com,computetargethttpsproxies.compute.cnrm.cloud.google.com,computetargetinstances.compute.cnrm.cloud.google.com,computetargetpools.compute.cnrm.cloud.google.com,computetargetsslproxies.compute.cnrm.cloud.google.com,computetargettcpproxies.compute.cnrm.cloud.google.com,computetargetvpngateways.compute.cnrm.cloud.google.com,computeurlmaps.compute.cnrm.cloud.google.com,computevpngateways.compute.cnrm.cloud.google.com,computevpntunnels.compute.cnrm.cloud.google.com,configcontrollerinstances.configcontroller.cnrm.cloud.google.com,containeranalysisnotes.containeranalysis.cnrm.cloud.google.com,containerclusters.container.cnrm.cloud.google.com,containernodepools.container.cnrm.cloud.google.com,dataflowflextemplatejobs.dataflow.cnrm.cloud.google.com,dataflowjobs.dataflow.cnrm.cloud.google.com,datafusioninstances.datafusion.cnrm.cloud.google.com,dataprocautoscalingpolicies.dataproc.cnrm.cloud.google.com,dataprocclusters.dataproc.cnrm.cloud.google.com,dataprocworkflowtemplates.dataproc.cnrm.cloud.google.com,dnsmanagedzones.dns.cnrm.cloud.google.com,dnspolicies.dns.cnrm.cloud.google.com,dnsrecordsets.dns.cnrm.cloud.google.com,filestorebackups.filestore.cnrm.cloud.google.com,filestoreinstances.filestore.cnrm.cloud.google.com,firestoreindexes.firestore.cnrm.cloud.google.com,folders.resourcemanager.cnrm.cloud.google.com,gameservicesrealms.gameservices.cnrm.cloud.google.com,gkehubfeaturememberships.gkehub.cnrm.cloud.google.com,gkehubfeatures.gkehub.cnrm.cloud.google.com,gkehubmemberships.gkehub.cnrm.cloud.google.com,iamauditconfigs.iam.cnrm.cloud.google.com,iamcustomroles.iam.cnrm.cloud.google.com,iampartialpolicies.iam.cnrm.cloud.google.com,iampolicies.iam.cnrm.cloud.google.com,iampolicymembers.iam.cnrm.cloud.google.com,iamserviceaccountkeys.iam.cnrm.cloud.google.com,iamserviceaccounts.iam.cnrm.cloud.google.com,iamworkloadidentitypoolproviders.iam.cnrm.cloud.google.com,iamworkloadidentitypools.iam.cnrm.cloud.google.com,iapbrands.iap.cnrm.cloud.google.com,iapidentityawareproxyclients.iap.cnrm.cloud.google.com,identityplatformoauthidpconfigs.identityplatform.cnrm.cloud.google.com,identityplatformtenantoauthidpconfigs.identityplatform.cnrm.cloud.google.com,identityplatformtenants.identityplatform.cnrm.cloud.google.com,kmscryptokeys.kms.cnrm.cloud.google.com,kmskeyrings.kms.cnrm.cloud.google.com,logginglogexclusions.logging.cnrm.cloud.google.com,logginglogmetrics.logging.cnrm.cloud.google.com,logginglogsinks.logging.cnrm.cloud.google.com,memcacheinstances.memcache.cnrm.cloud.google.com,monitoringalertpolicies.monitoring.cnrm.cloud.google.com,monitoringdashboards.monitoring.cnrm.cloud.google.com,monitoringgroups.monitoring.cnrm.cloud.google.com,monitoringmetricdescriptors.monitoring.cnrm.cloud.google.com,monitoringnotificationchannels.monitoring.cnrm.cloud.google.com,monitoringservicelevelobjectives.monitoring.cnrm.cloud.google.com,monitoringservices.monitoring.cnrm.cloud.google.com,monitoringuptimecheckconfigs.monitoring.cnrm.cloud.google.com,networkconnectivityhubs.networkconnectivity.cnrm.cloud.google.com,networkconnectivityspokes.networkconnectivity.cnrm.cloud.google.com,networksecurityauthorizationpolicies.networksecurity.cnrm.cloud.google.com,networksecurityclienttlspolicies.networksecurity.cnrm.cloud.google.com,networksecurityservertlspolicies.networksecurity.cnrm.cloud.google.com,networkservicesendpointpolicies.networkservices.cnrm.cloud.google.com,networkservicesgateways.networkservices.cnrm.cloud.google.com,networkservicesgrpcroutes.networkservices.cnrm.cloud.google.com,networkserviceshttproutes.networkservices.cnrm.cloud.google.com,networkservicesmeshes.networkservices.cnrm.cloud.google.com,networkservicestcproutes.networkservices.cnrm.cloud.google.com,osconfigguestpolicies.osconfig.cnrm.cloud.google.com,osconfigospolicyassignments.osconfig.cnrm.cloud.google.com,privatecacapools.privateca.cnrm.cloud.google.com,privatecacertificatetemplates.privateca.cnrm.cloud.google.com,projects.resourcemanager.cnrm.cloud.google.com,pubsubsubscriptions.pubsub.cnrm.cloud.google.com,pubsubtopics.pubsub.cnrm.cloud.google.com,recaptchaenterprisekeys.recaptchaenterprise.cnrm.cloud.google.com,redisinstances.redis.cnrm.cloud.google.com,resourcemanagerliens.resourcemanager.cnrm.cloud.google.com,resourcemanagerpolicies.resourcemanager.cnrm.cloud.google.com,runservices.run.cnrm.cloud.google.com,secretmanagersecrets.secretmanager.cnrm.cloud.google.com,secretmanagersecretversions.secretmanager.cnrm.cloud.google.com,servicemappings.core.cnrm.cloud.google.com,servicenetworkingconnections.servicenetworking.cnrm.cloud.google.com,services.serviceusage.cnrm.cloud.google.com,sourcereporepositories.sourcerepo.cnrm.cloud.google.com,spannerdatabases.spanner.cnrm.cloud.google.com,spannerinstances.spanner.cnrm.cloud.google.com,sqldatabases.sql.cnrm.cloud.google.com,sqlinstances.sql.cnrm.cloud.google.com,sqlsslcerts.sql.cnrm.cloud.google.com,sqlusers.sql.cnrm.cloud.google.com,storagebucketaccesscontrols.storage.cnrm.cloud.google.com,storagebuckets.storage.cnrm.cloud.google.com,storagedefaultobjectaccesscontrols.storage.cnrm.cloud.google.com,storagenotifications.storage.cnrm.cloud.google.com,storagetransferjobs.storagetransfer.cnrm.cloud.google.com -A
NAMESPACE              NAME                                                            AGE    READY   STATUS   STATUS AGE
catalyst-cooperative   iampolicy.iam.cnrm.cloud.google.com/workload-identity-binding   610d                    
dask-staging           iampolicy.iam.cnrm.cloud.google.com/workload-identity-binding   226d                    
ohw                    iampolicy.iam.cnrm.cloud.google.com/workload-identity-binding   562d                    

NAMESPACE              NAME                                                                  AGE    READY   STATUS   STATUS AGE
catalyst-cooperative   iampolicymember.iam.cnrm.cloud.google.com/sa-requester-pays-binding   610d                    
catalyst-cooperative   iampolicymember.iam.cnrm.cloud.google.com/scratch-bucket-binding      610d                    
dask-staging           iampolicymember.iam.cnrm.cloud.google.com/sa-requester-pays-binding   226d                    
dask-staging           iampolicymember.iam.cnrm.cloud.google.com/scratch-bucket-binding      226d                    
ohw                    iampolicymember.iam.cnrm.cloud.google.com/sa-requester-pays-binding   562d                    
ohw                    iampolicymember.iam.cnrm.cloud.google.com/scratch-bucket-binding      562d                    

NAMESPACE              NAME                                                                       AGE    READY   STATUS   STATUS AGE
catalyst-cooperative   iamserviceaccount.iam.cnrm.cloud.google.com/catalyst-cooperative-user-sa   610d                    
dask-staging           iamserviceaccount.iam.cnrm.cloud.google.com/dask-staging-user-sa           226d                    
ohw                    iamserviceaccount.iam.cnrm.cloud.google.com/ohw-user-sa                    562d                    

NAMESPACE              NAME                                                                                              AGE    READY   STATUS   STATUS AGE
catalyst-cooperative   storagebucket.storage.cnrm.cloud.google.com/two-eye-two-see-catalyst-cooperative-scratch-bucket   610d                    
dask-staging           storagebucket.storage.cnrm.cloud.google.com/two-eye-two-see-dask-staging-scratch-bucket           226d                    
ohw                    storagebucket.storage.cnrm.cloud.google.com/two-eye-two-see-ohw-scratch-bucket                    562d
yuvipanda commented 1 year ago

We should definitely move off to using terraform for everything. I don’t think we use it on any new clusters.

yuvipanda commented 1 year ago

Closing as dupe of https://github.com/2i2c-org/infrastructure/issues/1046