This PR implements a basic Fatigue Monitoring System (FAMS) deployment.
K8s manifests to run the FAMS service in the Kitt4sme cloud.
IaC. FAMS manifests are tied to an Argo CD app in the mesh infra project so we can easily manage deployments through a GUI too.
Security. The FAMS image is private and K8s pulls it through a Docker secret. We manage the secret the usual way with Sealed Secrets and Reloader. So the actual Docker secret is never stored in this repo, what gets stored here is the Sealed Secret encrypting the data that makes up the Docker secret. We whipped together a script to generate the Sealed Secret from a GitLab Access Token containing a permission to pull the image.
Docs. How to use sealed secrets/reloader for docker image secrets. (Security Ops page.)
Notes
Service replicas. Currently set to 0. Reason: the GitLab token we have in the Sealed Secret is invalid, so K8s won't be able to pull the image. (We don't want to run FAMS in the Kitt4sme live instance just yet because we'd like to wait until SUPSI decide on image usage policy in the cloud.)
Authorised service use. If you fork this repo and would like to use FAMS, you'll first have to get in touch with @vcutrona (SUPSI) to agree on terms of use. Then he'll issue you with a token you can use to pull the image. Use the fams-image.sh script in deployment/mesh-infra/security/secrets to generate a Sealed Secret for that token. Then set the service replicas to at least 1. Finally commit your changes and the service should automatically go live soon after.
This PR implements a basic Fatigue Monitoring System (FAMS) deployment.
Notes
fams-image.shscript indeployment/mesh-infra/security/secretsto generate a Sealed Secret for that token. Then set the service replicas to at least 1. Finally commit your changes and the service should automatically go live soon after.