Skip to content

Track Government of Canada domains for adherence to digital security best practices and federal requirements.

Notifications You must be signed in to change notification settings

canada-ca/tracker

Repository files navigation

Tracker

This project tracks Government of Canada domains for adherence to digital security best practices and federal requirements.

Application structure

In pursuit of a vision of Government as a Platform, the TBS Directive on Service and Digital states that developers should "Validate your API design by consuming it" and "Use microservices built around business capabilities". Supporting this vision and taking this guidance to heart has meant that the core of the Tracker system is an API/consumer pair resulting in a minimalist microservices architecture.

The Directive also says "Design for cloud mobility", "Use distributed architectures", "Run applications in containers" and to use "open source software first". The technology at the intersection of these four directives is Kubernetes, which is used as a cloud agnostic platform to deploy the services that make up the Tracker system.

Repo Structure

As is common with microservices projects, this repository is organized in the monorepo style with the various services/components separated into their own folders.

.
├── api
├── ci
├── clients
├── CONTRIBUTING.md
├── frontend
├── guidance
├── Makefile
├── README.md
├── scripts
├── SECURITY.md
└── services

The ci folder contains an image used in the CI process, but the main event is the next three folders:

The frontend and api folders contain the two main parts parts of the application.

The k8s folder contain the Kubernetes configurations needed to continuously deploy the tracker on the cloud provider of your choice.

The clients folder contains API clients offered as an alternative to Tracker's web frontend. Only a Python client is available at this time.

The services folder contains smaller services dedicated to scanning or account creation.

The scripts folder is a dumping ground for various utility scripts and codemods.

Running it locally

Running Tracker locally takes a few commands and a lot of RAM. See the instructions in the k8s folder

Deploying to the cloud

Assuming a connection to the target cluster has been established, navigate to the root of the repository.

$ make credentials
$ make platform env=<your cloud platform (gke/aks)>
$ make secrets env=<gke or aks>
$ make platform env=<gke or aks>
$ make app env=<gke or aks>

Tracker is now deployed. To add coninuous deployment functionality via Flux (this will ensure the Tracker deployment stays up to date with all the latest changes), follow the instructions listed below.

NOTE: Steps 1) and 2) are only required if the Tracker deployment should write back to this repository, updating image tags as necessary.

  1. Create SSH key:
ssh-keygen -q -N "" -C "flux-read-write" -f ./k8s/clusters/auto-image-update/bases/creds/identity
ssh-keygen github.com > ./k8s/clusters/auto-image-update/bases/creds/known_hosts
  1. Add key to repository

  2. Finally, run:

$ make deploy env=<gke or aks>

Tracker is now fully deployed, with continuous deployment functionality provided by Flux!