From 1bf464843fc160afad62bc4a5333393c26e67b53 Mon Sep 17 00:00:00 2001 From: Moshe Immermam Date: Mon, 5 Feb 2024 23:07:12 +0200 Subject: [PATCH] chore: doc updates --- mission-control/docs/architecture.md | 39 +++++------------- mission-control/docs/images/how-it-works.svg | 3 ++ mission-control/docs/index.md | 42 ++++---------------- mission-control/docs/security.md | 20 +++++----- 4 files changed, 30 insertions(+), 74 deletions(-) create mode 100644 mission-control/docs/images/how-it-works.svg diff --git a/mission-control/docs/architecture.md b/mission-control/docs/architecture.md index 0c1486fe..04c2cdcd 100644 --- a/mission-control/docs/architecture.md +++ b/mission-control/docs/architecture.md @@ -9,11 +9,11 @@ -Mission Control has a micro-service architecture with a shared data source with multiple deployment models. +Mission Control has a micro-service architecture with a shared data source with multiple deployment models. -1. CLI +1. CLI 2. Kubernetes (Helm Chart) 3. SaaS @@ -21,46 +21,27 @@ Mission Control has a micro-service architecture with a shared data source with -Communication Model +## Communication Model Communication between services happen in 3 ways: -1. **Database** - A shared database with interface library enables services to query the data owned by other services by directly hitting the database using an interface provided by a shared library +1. **Database** - A shared database with interface library enables services to query the data owned by other services by directly hitting the database using an interface provided by a shared library 2. **Messaging** - A postgres based message bus is used, database triggers insert events into queues which are then consumed by various services 3. **HTTP/REST** - This model is primarily used when the service need to interact with services outside the DB (e.g. the APM hub needs to connect to log stores to retrieve logs) +## Postgres +Postgres is the only data store used by Mission Control and is also used as a JSON document database and message queue. This limits the dependencies and complexity especially when self-hosting. -Shared Data Source - - - -All microservices use a shared database and model via the https://github.com/flanksource/duty project, this provides the following benefits: - - - -* Each microservice can update the database directly with full referential integrity between tables owned by other services -* - - +All services use a shared database and model via the [duty](https://github.com/flanksource/duty) project, this provides the following benefits: +* Limit RPC calls improving latency and performance +* Services can run with slightly different versions of the library, limiting the need for coordinated migrations +* Library updates happen automatically using dependabot ## Kubernetes & Gitops - - Mission control is kubernetes-native with all configuration being possible by Custom Resource Definition (CRD's) The single source of truth is still the database, the operators only function is to synchronize CRD's into the database and update the CRD status periodically. - - - - - - - - - - - diff --git a/mission-control/docs/images/how-it-works.svg b/mission-control/docs/images/how-it-works.svg new file mode 100644 index 00000000..23521874 --- /dev/null +++ b/mission-control/docs/images/how-it-works.svg @@ -0,0 +1,3 @@ + + + 1x 1x 1x 1x Icon-devops-261
Catalog
Playbooks
Health
GitOps
Topology
\ No newline at end of file diff --git a/mission-control/docs/index.md b/mission-control/docs/index.md index c976c8ca..7de1a790 100644 --- a/mission-control/docs/index.md +++ b/mission-control/docs/index.md @@ -1,47 +1,21 @@ --- slug: / -title: Overview +title: Flanksource Mission Control hide_title: true # hide_table_of_contents: true # pagination_next: null # pagination_prev: null --- -![](./images/flanksource.svg) -### Flanksource Mission Control +Flanksource Mission Control is an Internal Developer Platform focused on GitOps platforms. -Flanksource Mission Control is an internal developer platform that helps teams to understand and operate complex systems easier. Mission Control includes the following features: +![](./images/how-it-works.svg) -- A real-time map or dashboard showing the location and status of resources, including personnel, equipment and facilities. -- A messaging system for communication between the incident commander and other members of the response team. -- Tools for tracking and managing incident-related tasks, including assigning and prioritizing tasks, tracking progress and recording outcomes. -- Tools for tracking and monitoring health checks. -- Configuration tool that enables you to view and search the change history of your configuration across multiple dimensions (node, zone, environment, application, technology, etc). -- Integration with other systems such as; scrape data from network device in order to help incident commanders make informed decisions. -## Config DB +* [Catalog](./config-db/overview) - Catalog all your infrastructure, applications, pipelines and configuration into a schema-less JSON database, with automatic change tracking. +* [Playbooks](./playbooks/overview) - Self-Service portal for day 0-2 operations like provisioning a new namespace, restarting a deployment, or updating files in git repositories. Playbooks also be triggered via webhooks and events. +* [Health Checks](./canary-checker/overview) - RAG (red, amber, green) statuses across infrastructure, applications and commercial off the shelf software, With alert aggregation, synthethic application and infrastructure checks. +* [Topology](./topology/overview) - Visualize complex systems using a multi-dimensional hierarchical cards. +* [Notifications](./notifications/overview) - Send notifcations during playbook execution or based on any event fired from catalog, health or topology changes. -Config DB is an open source tool that allows developers to easily configure, scrape and manage data within their application. It provides a user-friendly interface for setting up and managing database connections, as well as configuring tables and fields within the database. This tool can be particularly useful for developers who need to quickly set up a database for their application, without having to manually write complex SQL queries or code. It also allows for easy updates and changes to the database as the application evolves, making it a useful tool for maintaining a healthy and efficient database. - - - -## Health Checks - -Understand the health of complex services at a glance with red, amber, green statuses which leverage active/passive health checks and consolidated alerts from Prometheus, AWS, Dynatrace, etc. - -Canary checker is an open source tool that allows users to monitor the status of their canaries (server monitoring tools) in real-time. Canary checker allows users to set up alerts for when their canaries go down or encounter any issues, giving them the ability to quickly respond and fix any potential problems before they become more significant. It also provides users with detailed logs and analytics of their canary activity, giving them valuable insights into the performance and reliability of their systems. Canary checker is an essential tool for anyone who relies on canaries for server monitoring and maintenance, helping them to ensure the stability and uptime of their systems. - -One potential use of Canary Checker is, if you want to get the cert expiry dates for your URLs and get warn when we are X number of days from the expiry date. - -With Mission Control up and running, one can have a better understanding of their infrastructure, which helps in planning of disaster recovery and reducing downtime to the minimum. - -## - -Playbooks - -Empower developers to be more self-sufficient without the need to become experts in the Cloud and Kubernetes. - -Run playbooks automatically on failing health checks/ alerts -Implement security best practices of least privilege and just in time (JIT) access -Use the built-In library of actions including HTTP, SQL, kubectl, AWS CLI or run any custom code from Git diff --git a/mission-control/docs/security.md b/mission-control/docs/security.md index edfcbcb3..a7fb8d1c 100644 --- a/mission-control/docs/security.md +++ b/mission-control/docs/security.md @@ -30,20 +30,18 @@ All the code for Mission Control self-hosted is publicly available and free to u | Project | Description | License | Scorecard | CII Best Practises | | -------------------- | ------------------------------------------------ | ------------------------------------------------------------ | ------------------------------------------------------------ | ------------------------------------------------------------ | -| Mission Control | Primary microservice and orchestrator | Static Badge | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/flanksource/mission-control/badge)](https://securityscorecards.dev/viewer/?uri=github.com/flanksource/mission-control) | | -| Canary Checker | Health checks and topology scanning | GitHub License | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/flanksource/canary-checker/badge)](https://securityscorecards.dev/viewer/?uri=github.com/flanksource/canary-checker) | CII Best Practices | -| Config DB | Catalog Scraper | Static Badge | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/flanksource/config-db/badge)](https://securityscorecards.dev/viewer/?uri=github.com/flanksource/config-db) | | -| Duty | Data Access Library | GitHub License | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/flanksource/duty/badge)](https://securityscorecards.dev/viewer/?uri=github.com/flanksource/duty) | | -| Is-Healthy | Library for get health status of Kubernetes objects | GitHub License | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/flanksource/is-healthy/badge)](https://securityscorecards.dev/viewer/?uri=github.com/flanksource/is-healthy) | | -| Gomplate | Go and CEL templating library | GitHub License | ![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/flanksource/gomplate/badge) | | -| Flanksource UI | Dashboard | Static Badge | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/flanksource/flanksource-ui/badge)](https://securityscorecards.dev/viewer/?uri=github.com/flanksource/flanksource-ui) | | +| Mission Control | Primary microservice and orchestrator | Static Badge | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/flanksource/mission-control/badge)](https://securityscorecards.dev/viewer/?uri=github.com/flanksource/mission-control) | | +| Canary Checker | Health checks and topology scanning | GitHub License | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/flanksource/canary-checker/badge)](https://securityscorecards.dev/viewer/?uri=github.com/flanksource/canary-checker) | CII Best Practices | +| Config DB | Catalog Scraper | Static Badge | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/flanksource/config-db/badge)](https://securityscorecards.dev/viewer/?uri=github.com/flanksource/config-db) | | +| Duty | Data Access Library | GitHub License | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/flanksource/duty/badge)](https://securityscorecards.dev/viewer/?uri=github.com/flanksource/duty) | | +| Is-Healthy | Library for get health status of Kubernetes objects | GitHub License | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/flanksource/is-healthy/badge)](https://securityscorecards.dev/viewer/?uri=github.com/flanksource/is-healthy) | | +| Gomplate | Go and CEL templating library | GitHub License | ![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/flanksource/gomplate/badge) | | +| Flanksource UI | Dashboard | Static Badge | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/flanksource/flanksource-ui/badge)](https://securityscorecards.dev/viewer/?uri=github.com/flanksource/flanksource-ui) | | | **External Dependencies** | | | | | -| PostgREST | REST API for Daytabase | GitHub License | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/PostgREST/postgrest/badge)](https://securityscorecards.dev/viewer/?uri=github.com/PostgREST/postgrest) | | -| Kratos (Self-Hosted) | 3rd Party Application for Authentication | GitHub License | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/ory/kratos/badge)](https://securityscorecards.dev/viewer/?uri=github.com/ory/kratos) | | +| PostgREST | REST API for Daytabase | GitHub License | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/PostgREST/postgrest/badge)](https://securityscorecards.dev/viewer/?uri=github.com/PostgREST/postgrest) | | +| Kratos (Self-Hosted) | 3rd Party Application for Authentication | GitHub License | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/ory/kratos/badge)](https://securityscorecards.dev/viewer/?uri=github.com/ory/kratos) | | | Clerk (SaaS) | 3rd Party Service for Authentication | | [Docs](https://clerk.com/docs/security/overview) | | - - ## Reporting a Vulnerability If you discover any security vulnerabilities within this project, please report them to our team immediately. We appreciate your help in making this project more secure for everyone.