Provide all services related to Legend deployment

Question

Provide all services related to Legend deployment

Opened this issue a year ago · 8 comments

This issue follows an ongoing discussion related to our project's position within FINOS: Our services should be inarguably valuable to other projects in the ecosystem.

The team will need to identify the resources required for a complete Legend deployment, and subsequently create the policies, IaC, and validation packs for each service. This will benefit any Legend users who want CFI resources to deploy their instance of Legend.

As a first step for the policy development, we will solicit information regarding the policies used by the FINOS infrastructure team for the Legend instance they host. Subsequent policies will require guidance from Legend end users. This will allow the RI and RV groups to begin work on those services.

Answer 1 · 2023-03-12T17:55:26.000Z

@eddie-knight , who's our primary contact for Legend? Can we please involve him/her in this issue?

Answer 2 · 2023-03-12T18:06:41.000Z

I suspect @maoo can help us find the info we need to plan this out

Answer 3 · 2023-03-13T08:50:27.000Z

Hi @abdullahgarcia and @eddie-knight !

You can find all the info you need on https://legend.finos.org/docs/getting-started/installation-guide - I suppose that the Docker compose file gives a very clear idea on how to deploy. Also note that there is a Juju integration for legend on https://github.com/finos/legend-juju-bundle .

If you have any further question, the best way to engage with the Legend team is via https://github.com/finos/legend/issues

If you have questions related with our production environment on legend.finos.org/studio , I'm the right person.

Hope this helps!

Answer 4 · 2023-03-13T09:52:00.000Z

Thanks @maoo, will have a look!

Answer 5 · 2023-03-22T14:48:12.000Z

RFC @maoo

It looks like we just need these three elements to prepare an infrastructure for the legend deployment... could you take a look to see if we missed anything here? After we have these child modules built, we'll try out a deployment to see if we can provide a recommended tf config for the end-to-end deploy.

EKS (w/ VPC)
S3
Mongo

Answer 6 · 2023-03-23T10:16:53.000Z

EKS (w/ VPC)

I'd suggest creating a user in the AWS CFI account that is able to create and tear down EKS clusters; I can see that we already have a user on the CFI (FINOS) AWS IAM user (and group), with a custom policy called CSC-Terraform-Policy

Maybe we can reuse this group/policy and just create a new user?

S3

I believe that this is used only for CDK deployments; is this what you intend to use?

Mongo

I'd suggest using a container for this; please note that Mongo acts as a session cache, so there is no need to persist this data.

Hope this helps!

Answer 7 · 2023-03-23T16:35:04.000Z

Thanks @maoo!
@thinkl33t @AdrianHammond @ml4

For the development purposes, it looks like we'll just need to finalize EKS and set up a Mongo child module. For dev/test purposes we'll follow Mao's guidance and make sure we're able to deploy legend using our modules, then we can make a pull request to Legend to see if they want to list that config example it as an installation quickstart.

Subject to y'alls feedback, I think the next step is to create the mongo child module repo.

Answer 8 · 2023-04-12T14:24:11.000Z

@thinkl33t could you link any associated RI WG issues to this epic?