The Howard project is named after Luke Howard, FRS, a notable British manufacturing chemist and amateur meteorologist known as "The Godfather of Clouds". His work laid foundational concepts in meteorology, including a nomenclature system for clouds introduced in 1802. Inspired by his innovation and legacy in categorizing the elements, our project aims to effectively manage and orchestrate the cloud-based infrastructure for the Canadian Food Inspection Agency (CFIA) ai-lab.
Howard is essentially the backbone that supports CFIA's ai-lab Kubernetes environment, where key applications such as Nachet, Finesse, and Louis are deployed and managed dynamically. This infrastructure emphasizes robustness, security, and efficiency to handle the critical workload involved in food inspection and safety.
The Howard infrastructure leverages a comprehensive suite of tools designed to provide a resilient, secure, and scalable environment:
- Initially hosted on Google Cloud, the infrastructure has transitioned to Azure.
- Kubernetes: Orchestrates container deployment, scaling, and management.
- ArgoCD: Used for continuous delivery, managing Kubernetes resources in a declarative way through Git repositories.
- Grafana: Visualization and analytics software.
- Kube-Prometheus-Stack: Comprehensive Kubernetes cluster monitoring with Prometheus.
- Grafana Tempo Distributed tracing of our applications.
- Grafana Loki: Logging and aggregation system.
- Grafana Alloy: Allows the collection and transmission of OpenTelemetry data from our applications.
- Falco: Open-source runtime security tool.
- Trivy: Vulnerability scanner for containers.
- Oneuptime: Monitoring tool for real-time performance and security insights.
- Vouch-Proxy: Authentication proxy.
- Nginx Ingress: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer.
- Istio: Service mesh that provides a secure interface for inter-service communication.
- HashiCorp Vault: Secures, stores, and tightly controls access to tokens, passwords, certificates, and other secrets.
- Terraform: Open-source infrastructure as code software tool that allows managing service life cycle in cloud providers declaratively.
- Ansible: Automation tool for configuring and managing computers.
Current configuration is hosting a kubernetes cluster on Azure (AKS). We have an
Azure Devops pipeline apply-terraform.yml
that applies terraform's resources
that are created on our Azure's subscription. The state is then saved to a blob
storage in Azure.
Assuming you have Azure's CLI and kubelogin plugin installed, here is how you can locally fetch the kube config :
az login
az account set --subscription xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
az aks get-credentials --resource-group resource-group-name --name aks-name --overwrite-existing
kubelogin convert-kubeconfig -l azurecli