Cody Gatekeeper infrastructure operations
This document describes operational guidance for Cody Gatekeeper infrastructure. This service is operated on the Managed Services Platform (MSP).
If you need assistance with MSP infrastructure, reach out to the Core Services team in #discuss-core-services.
Service overview
| PROPERTY | DETAILS |
|---|---|
| Service ID | gatekeeper (specification) |
| Owners | cody-services |
| Service kind | Cloud Run job |
| Environments | prod |
| Docker image | us.gcr.io/sourcegraph-dev/abuse-ban-bot |
| Source code | github.com/sourcegraph/abuse-ban-bot - . |
Environments
prod
| PROPERTY | DETAILS |
|---|---|
| Project ID | gatekeeper-prod-1c93 |
| Category | internal |
| Deployment type | subscription |
| Resources | |
| Slack notifications | #alerts-gatekeeper-prod |
| Alert policies | GCP Monitoring alert policies list, Dashboard |
| Errors | Sentry gatekeeper-prod |
MSP infrastructure access needs to be requested using Entitle for time-bound privileges.
| ACCESS | ENTITLE REQUEST TEMPLATE |
|---|---|
| GCP project read access | Read-only Entitle request for the ‘Internal Services’ folder |
| GCP project write access | Write access Entitle request for the ‘Internal Services’ folder |
For Terraform Cloud access, see prod Terraform Cloud.
prod Cloud Run
The Cody Gatekeeper prod service implementation is deployed on Google Cloud Run.
| PROPERTY | DETAILS |
|---|---|
| Console | Cloud Run job |
| Service logs | GCP logging |
| Service traces | Cloud Trace |
| Service errors | Sentry gatekeeper-prod |
You can also use sg msp to quickly open a link to your service logs:
sg msp logs gatekeeper prod
prod Architecture Diagram
prod Terraform Cloud
This service’s configuration is defined in sourcegraph/managed-services/services/gatekeeper/service.yaml, and sg msp generate gatekeeper prod generates the required infrastructure configuration for this environment in Terraform.
Terraform Cloud (TFC) workspaces specific to each service then provisions the required infrastructure from this configuration.
You may want to check your service environment’s TFC workspaces if a Terraform apply fails (reported via GitHub commit status checks in the sourcegraph/managed-services repository, or in #alerts-msp-tfc).
To access this environment’s Terraform Cloud workspaces, you will need to log in to Terraform Cloud and then request Entitle access to membership in the “Managed Services Platform Operator” TFC team. The “Managed Services Platform Operator” team has access to all MSP TFC workspaces.
The Terraform Cloud workspaces for this service environment are grouped under the msp-gatekeeper-prod tag, or you can use:
sg msp tfc view gatekeeper prod
Alert Policies
The following alert policies are defined for each of this service’s environments.
High Container CPU Utilization
High CPU Usage - it may be neccessary to reduce load or increase CPU allocation
Severity: WARNING
High Container Memory Utilization
High Memory Usage - it may be neccessary to reduce load or increase memory allocation
Severity: WARNING
Container Startup Latency
Service containers are taking longer than configured timeouts to start up.
Severity: WARNING
Cloud Run Job Execution Absence
No Cloud Run Job executions were detected in expected window (70m)
Severity: WARNING
Cloud Run Job Failures
Cloud Run Job executions failed
Severity: WARNING