-
Notifications
You must be signed in to change notification settings - Fork 14
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Jason Hall <jason@chainguard.dev>
- Loading branch information
Showing
6 changed files
with
651 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,47 @@ | ||
| # Cloud Events Recorder | ||
|
|
||
| This module sets up infrastructure to listen to Chainguard Image pull events and store them in BigQuery, for later analysis. | ||
|
|
||
| You can set up the infrastructure with Terraform. Create a file called `main.tf` with the following content: | ||
|
|
||
| ``` | ||
| module "image-copy" { | ||
| source = "github.com/chainguard-dev/platform-examples//event-recorder/iac" | ||
| project_id = "my-gcp-project" | ||
| region = "us-central1" | ||
| group = "[MY-CHAINGUARD-GROUP-ID]" | ||
| } | ||
| ``` | ||
|
|
||
| Then in that directory, run `terraform init` and `terraform apply` to create the infrastructure. | ||
|
|
||
| ## Architecture | ||
|
|
||
| ```mermaid | ||
| flowchart LR | ||
| A(((Chainguard))) -- events --> B["Cloud Run Trampoline\n(public URL)"] | ||
| B -- validated + filtered --> C[Cloud Run Broker Ingress] | ||
| subgraph private network | ||
| C -- publish --> D[["Cloud Pub/Sub\n(buffered)"]] | ||
| D -- subscribe --> E[Cloud Run Recorder] | ||
| E -- writes every 3m --> F[Cloud Storage] | ||
| F -- loads every 15m --> G[(BigQuery)] | ||
| end | ||
| ``` | ||
|
|
||
| The event recorder infrastructure leverages GCP Cloud Run, Cloud Pub/Sub and Cloud Storage to efficiently buffer events before loading into BigQuery. | ||
|
|
||
| This means that records may not be published immediately -- there is a delay of up to 18 minutes end-to-end -- but bursts of requests should be handled gracefully without dropping events. | ||
|
|
||
| ## Data Schema | ||
|
|
||
| The Terraform creates a BigQuery dataset named `cloudevents_pull_event_recorder`, with a table named `dev_chainguard_registry_pull_v1`. | ||
|
|
||
| The schema is described [here](./iac/pull.schema.json), and contains fields describing the user who pulled the image, the image that was pulled, the time of the pull, and information about errors that occurred during the pull. This schema matches the type described in the [event documentation](https://edu.chainguard.dev/chainguard/administration/cloudevents/events-reference/#service-registry---pull). | ||
|
|
||
| ## Destroying the infrastructure | ||
|
|
||
| There are GCP costs associated with running the infrastructure to ingest and store events. | ||
|
|
||
| To destroy the infrastructure, run `terraform destroy`. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| module github.com/chainguard-dev/platform-examples/event-recorder | ||
|
|
||
| go 1.21.5 | ||
|
|
||
| require ( | ||
| chainguard.dev/sdk v0.1.19 | ||
| github.com/cloudevents/sdk-go/v2 v2.15.2 | ||
| github.com/kelseyhightower/envconfig v1.4.0 | ||
| google.golang.org/api v0.156.0 | ||
| ) | ||
|
|
||
| require ( | ||
| cloud.google.com/go/compute v1.23.3 // indirect | ||
| cloud.google.com/go/compute/metadata v0.2.3 // indirect | ||
| github.com/coreos/go-oidc/v3 v3.9.0 // indirect | ||
| github.com/felixge/httpsnoop v1.0.4 // indirect | ||
| github.com/go-jose/go-jose/v3 v3.0.1 // indirect | ||
| github.com/go-logr/logr v1.3.0 // indirect | ||
| github.com/go-logr/stdr v1.2.2 // indirect | ||
| github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect | ||
| github.com/golang/protobuf v1.5.3 // indirect | ||
| github.com/google/s2a-go v0.1.7 // indirect | ||
| github.com/google/uuid v1.5.0 // indirect | ||
| github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect | ||
| github.com/json-iterator/go v1.1.12 // indirect | ||
| github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect | ||
| github.com/modern-go/reflect2 v1.0.2 // indirect | ||
| go.opencensus.io v0.24.0 // indirect | ||
| go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 // indirect | ||
| go.opentelemetry.io/otel v1.21.0 // indirect | ||
| go.opentelemetry.io/otel/metric v1.21.0 // indirect | ||
| go.opentelemetry.io/otel/trace v1.21.0 // indirect | ||
| go.uber.org/multierr v1.11.0 // indirect | ||
| go.uber.org/zap v1.26.0 // indirect | ||
| golang.org/x/crypto v0.19.0 // indirect | ||
| golang.org/x/net v0.21.0 // indirect | ||
| golang.org/x/oauth2 v0.17.0 // indirect | ||
| golang.org/x/sys v0.17.0 // indirect | ||
| golang.org/x/text v0.14.0 // indirect | ||
| google.golang.org/appengine v1.6.8 // indirect | ||
| google.golang.org/genproto/googleapis/rpc v0.0.0-20240125205218-1f4bbc51befe // indirect | ||
| google.golang.org/grpc v1.61.1 // indirect | ||
| google.golang.org/protobuf v1.32.0 // indirect | ||
| ) |
Oops, something went wrong.