Skip to article frontmatterSkip to article content
Site not loading correctly?

This may be due to an incorrect BASE_URL configuration. See the MyST Documentation for reference.

Tools used in this repo

Base tools

These are helpful for everyone, and not cloud provider-specific.

kubectl

The canonical commandline tool for talking to kubernetes clusters. Debugging and understanding runtime behavior of our hubs is greatly enhanced by knowledge of how to use kubectl. Understanding how to use kubectl really helps understand how kubernetes itself works.

Tips

Additional resources and tools

Helm

Helm is used in two ways:

  1. By our deployment scripts to deploy our hubs.

  2. To deploy cluster-wide support components (such as prometheus, grafana, nginx-ingress) for each cluster.

Tips

sops

In line with 2i2c’s Customer Right to Replicate, we try to keep all our deployment repositories as open as possible. But some values must be secret - like access tokens, cookie secret seeds, etc. We use sops to store them encrypted in our Git repo, so they can be version controlled and reviewed along with the rest of the repo. We use Google Cloud KMS to encrypt our secrets, so you need the Google Cloud tools installed and authenticated locally (following the instructions here) before you can use sops.

sops is called programmatically by our deployment scripts to decrypt files for deployment, and you will use it interactively to modify or encrypt new files.

Terraform

Terraform is an “Infrastructure as Code” (IaC) tool that allows you to build, change, and version infrastructure in the cloud. We use terraform to provision cloud infrastructure and modify it directly. We then deploy applications on top of that infrastructure via Helm.

The minimum required version is 1.3.

Google Cloud tools

google-cloud-sdk is the primary commandline tool used to interact with Google Cloud Platform (GCP). Our deployment scripts use it to authenticate to GCP, and it is very helpful in debugging node issues.

Tips

Authentication

gcloud has two authentication flows, and that can get quite confusing since we work on a number of clusters with different Google credentials.

gcloud auth login provides credentials for gcloud commands like gcloud compute instances list or gcloud container clusters list.

gcloud auth application-default login provides credentials for other tools (such as helm, kubectl, sops) to authenticate to Google Cloud Platform on your behalf. So if sops or kubectl is complaining about authentication, make sure you are authenticated correctly with application-default

AWS tools

awscli

The AWS Command Line Interface (CLI) is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts.

eksctl

eksctl is a simple CLI tool for creating and managing clusters on EKS - Amazon’s managed Kubernetes service for EC2. See the eksctl documentation for more information.

Make sure you are using at least version 0.115. You can check the installed version with eksctl version