-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[IBCDPE-935] VPC Updates & VPC CNI Exploration #13
Merged
Merged
Changes from all commits
Commits
Show all changes
97 commits
Select commit
Hold shift + click to select a range
c2c74de
Create a spacelift private workerpool
BryanFauble 84c36db
Add the private workerpool module
BryanFauble 3c08ae6
Allow conditional create of the workerpool
BryanFauble 324ce7f
skip creating worker pool
BryanFauble 4546b72
Add missed variable
BryanFauble d224c1b
increment workerpool
BryanFauble 0e9324b
Correct version of helm chart
BryanFauble d3d5c24
Increment workerpool module version
BryanFauble c928d8a
Create the k8s worker pool
BryanFauble 5b39416
Add warning for drift detection
BryanFauble 83b96f1
Set to private worker pool id
BryanFauble 63a6868
Enable drift detection via tf
BryanFauble f6378bb
correct resource name
BryanFauble ba2dbb4
Remove drift detection from stack
BryanFauble 97f0412
Remove note
BryanFauble ebd8b3d
Comment out already imported block
BryanFauble b4517ec
Add module back for 2 step removal process
BryanFauble d53caa6
Remove private workerpool module
BryanFauble d60047a
Leave helm provider
BryanFauble dbf0d45
Merge branch 'ibcdpe-935-private-worker-pool' into ibcdpe-935-vpc-upd…
BryanFauble 910b4e5
hacking around to get the helm_release out of state
BryanFauble 98efa20
Leave module in to remove resources
BryanFauble 3ada360
Remove module
BryanFauble 846b1c2
Update to specify provider required versions in modules instead of pr…
BryanFauble 90f38ef
Updating modules
BryanFauble b20890d
Remove provider that is not actually required
BryanFauble a6229bd
Try setting load bal ip ranges
BryanFauble 589de1d
Capture flow logs
BryanFauble d1a8d28
Catpure flow logs
BryanFauble 113e816
Add to documentation
BryanFauble 200821a
Allow cloud watch logs to be toggled for the EKS module
BryanFauble 9f7e206
Set cloudwatch retention to 1
BryanFauble a9cdfc3
Set log group class
BryanFauble 00df837
Update to use new vpc module
BryanFauble 5940683
Enable flow log
BryanFauble 788c531
Increment module
BryanFauble 1946b29
Change which port the frontend is running on
BryanFauble 67d06ae
correct which port front-end is listening on
BryanFauble 28d01db
update ports to 80 across the board
BryanFauble ffef0b2
Add security enforcement for pod
BryanFauble 2d6694d
Leave enforcement on standard
BryanFauble 169b977
set enforcement mode to strict
BryanFauble fb63178
Create a security group for client
BryanFauble 45eb37a
Leave security group out
BryanFauble a6b5ff7
Leave out SG
BryanFauble 33d841c
Leave out SG
BryanFauble fe22b73
Create aws integration for aws dev account
BryanFauble 41d926f
Update integration ID for AWS
BryanFauble fda882c
Allow setting AWS account in EKS module
BryanFauble 93ead31
Set AWS account to use for EKS module
BryanFauble d4e3f72
Change which spotinst account to connect to
BryanFauble 984e83f
Apply pod level security group
BryanFauble 3d84150
Add security groups to all pods
BryanFauble cf2e616
Single security group block
BryanFauble 1b8fb87
rm tag
BryanFauble 41bc5d9
Allow all ports
BryanFauble 72faf17
egress from self
BryanFauble db0fb39
Allow self
BryanFauble 6d51e35
Allow traffic from the EKS control plane
BryanFauble de781ff
Test allow egress to the control plane
BryanFauble c603640
Update to remove some testing
BryanFauble 80e6308
Allow pod to node port 53 for DNS
BryanFauble a11ac32
Pass along and use the pod->node SG
BryanFauble 14cda29
Increment EKS module used
BryanFauble 6fbb444
Set type for node SG
BryanFauble 092901b
Increment EKS module being used
BryanFauble ead32c0
Use private subnet cidrs in DNS rule
BryanFauble 8ad2b53
increment eks module
BryanFauble ad16193
Correct var name
BryanFauble c9e6435
Correct definition
BryanFauble 5e48a57
Update module
BryanFauble fa1d9f2
no array value
BryanFauble 99a4e37
increment
BryanFauble dbb6403
Add ELB SG to pod
BryanFauble af78ec5
Allow inbound kubelet port from nodes
BryanFauble 9d40ef8
Test allowing traffic from ELB
BryanFauble d15aa67
Try allowing all ports
BryanFauble 40309d2
Swap over to standard enforcement
BryanFauble d70351c
default deny stars and client ns
BryanFauble bbf9574
Add more allowed connections
BryanFauble f3d4875
New policies
BryanFauble 1c7cfdd
Capture CW
BryanFauble 2f5947b
Increment module
BryanFauble 3ce93d5
Allow cw logs to be created
BryanFauble 106f75a
increment autoscaler
BryanFauble e8f82b5
Allow kube system traffic
BryanFauble e2301d2
correct port
BryanFauble d573cf7
Add egress policies as well
BryanFauble c5294f2
Set egress policy for client
BryanFauble 9707f0b
Set NS and pod selector
BryanFauble 11b5848
correct selector
BryanFauble 045e143
Correct NS selectors
BryanFauble a307ea9
Adding docs and pushing changes to stand alone modules
BryanFauble 63c5804
Point to main branch
BryanFauble 89f7e84
Merge branch 'main' into ibcdpe-935-vpc-updates
BryanFauble e147349
Default to standard
BryanFauble 07d593a
Add VPC diagram
BryanFauble File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
# Resources derived from: https://registry.terraform.io/providers/spacelift-io/spacelift/latest/docs/resources/aws_integration | ||
resource "spacelift_aws_integration" "org-sagebase-dnt-dev-aws-integration" { | ||
name = "org-sagebase-dnt-dev-aws-integration" | ||
role_arn = "arn:aws:iam::631692904429:role/spacelift-admin-role" | ||
generate_credentials_in_worker = false | ||
duration_seconds = 3600 | ||
space_id = "root" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
terraform { | ||
required_providers { | ||
spacelift = { | ||
source = "spacelift-io/spacelift" | ||
version = "1.13.0" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is this for dev or prod?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is dev