/gcp-projects-dashboard

A dashboard that displays useful information from multiple GCP projects.

Primary LanguageGoMIT LicenseMIT

GCP Projects Dashboard

This repository contains a dashboard that displays useful information from multiple GCP projects, with a particular focus on GKE clusters.

Organisation

This repository contains the following sub-directories:

  • collector - Go application that runs as a Kubernetes CronJob and calls the Kubernetes Engine API to collect information about each GKE cluster of interest. It also posts alerts to Slack when a cluster's GKE master or node version is the penultimate or last supported version. Additionally, it calls the Compute Engine API to collect details of Cloud Armour security policies. A Cloud Firestore database is used as persistent storage. Note that it is assumed there is only one GKE cluster per GCP project

  • versions - Go application that runs as a Kubernetes CronJob and calls the Kubernetes Engine API to retrieve inforation about available GKE versions. A Cloud Firestore database is used as persistent storage.

  • webapp - Ruby Sinatra dashboard application that displays the information held in Firestore

  • parent-image - Docker parent image containing Ruby and the dependencies required by the web application. Used to speed up the Docker build

Building

For the collector and versions applications, use make to compile binaries for macOS and Linux.

Environment Variables

The environment variables below are required:

Component Variable Purpose
collector FIRESTORE_PROJECT Name of the GCP project containing the Firestore database.
GCP_PROJECTS List of GCP projects containing the GKE clusters to collect information for (one cluster per project).
SLACK_CHANNEL Name of the Slack channel for post expiring GKE master/node version alerts to.
SLACK_WEBHOOK Slack webhook for posting expiring GKE master/node version alerts to.
versions FIRESTORE_PROJECT Name of the GCP project containing the Firestore database.
GCP_PROJECT Name of the GCP project to use when invoking the Kubernetes Engine API.
webapp FIRESTORE_PROJECT Name of the GCP project containing the Firestore database.
GCP_CONSOLE_BASE_URL Base URL to use for the project hyperlinks on the GKE tab. The project name is appended to this URL.
GCP_CONSOLE_CLOUD_ARMOUR_BASE_URL Base URL to use for the project hyperlinks on the Cloud Armour tab. The project name is appended to this URL.
GCP_ORGANISATION Name of the GCP organisation the deployed dashboard is reporting against. Displayed in the heading.

IAM Roles

The following GCP IAM roles are required to run this software:

Component IAM Role
collector roles/browser
roles/container.clusterViewer
roles/datastore.user
roles/orgSecurityPolicyUser
versions roles/datastore.user
roles/container.clusterViewer
webapp roles/datastore.user

Copyright

Copyright (C) 2020–2022 Crown Copyright (Office for National Statistics)