Re: Managing KVM for multiple teams/application

ankitas

Hi All,

what is recommended approach for managing KVM deployment in production?

Considering the fact, there are multiple teams managing various aspects of the business and using their own KVMs for manage specific flows.

Recently, we had to update a flag in KVM. The PR was raised for entire KVM deployment for pipeline to run. Any production update on KVM through CICD, by lets say Team A ,should not cause any conflict with KVMs owned by other team.

Get/Set API on KVM was though through to be an option. However, with a clause that git repo should always entries matching with prod at any point of time.

NikhilAnand_whp

I have the same problem and I am leaning towards creating individual repo per kvm. In this way, KVM wouldn't intersect with any other KVM.

ankitas

@NikhilAnand_whp Can you please elaborate more on individual repo management for KVM. If there are let's say 20 teams who needs KVM to manage their config keys, there will be 20 repos? How will this help not to overwrite other KVMs when deploying in prod through CICD?

NikhilAnand_whp

Each KVM needs to have an individual owner. If there are KVMs, which is shared across multiple team, then there would be a central platform devOps team, who would own the KVM. Any changes required in that kvm should be routed to the devOps team.

You can further add naming restriction, say team A KVM name will start with A- and team B KVM would start with B-.

Playing around GCP IAM, you would be able to create two role with permission granting selective access to these KVM based on KVM name.