Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[IBCDPE-939] Correcting some issues #6

Merged
merged 7 commits into from
May 20, 2024
Merged

[IBCDPE-939] Correcting some issues #6

merged 7 commits into from
May 20, 2024

Conversation

BryanFauble
Copy link
Contributor

Problem:

  1. No instructions were provided on authenticating to the cluster
  2. We were not setting a version on the terraform provider. I set this to the max provided by spacelift. To go beyond this version we'll need to consider using the OpenTofu backend/provider.
  3. We didn't have a CODEOWNERS
  4. Permissions should not have been given as administrator
  5. spotinst has 3 item currently being deployed. From the documentation I can find spotinst/kubernetes-controller/ocean seems like it was a mistake to add this
  6. We had no automatic checking of terraform in the CI pipeline

Solution:

  1. Adding all of the above items

Testing:

  1. Will be checking the terraform plan

thomasyu888
thomasyu888 reviewed May 20, 2024
View reviewed changes
.github/workflows/tfsec_pr_commenter.yml
- name: Clone repo
uses: actions/checkout@master
- name: tfsec
uses: aquasecurity/tfsec-pr-commenter-action@v1.2.0
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very neat action!

thomasyu888
thomasyu888 reviewed May 20, 2024
View reviewed changes
README.md
# AWS using my SSO session for the profile `dpe-prod-admin`. After authenticated
# assuming that we want to use the `role/eks_admin_role` to connect to the k8s
# cluster". This will update your kubeconfig with permissions to access the cluster.
aws eks update-kubeconfig --region us-east-1 --name dpe-k8 --role-arn arn:aws:iam::766808016710:role/eks_admin_role --profile dpe-prod-admin
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, these instructions worked for me!

➜  ~ kubectl get namespace
NAME              STATUS   AGE
airflow           Active   3d3h
default           Active   3d18h
kube-node-lease   Active   3d18h
kube-public       Active   3d18h
kube-system       Active   3d18h
spot-system       Active   3d14h```

thomasyu888
thomasyu888 approved these changes May 20, 2024
View reviewed changes
Copy link
Contributor

@thomasyu888 thomasyu888 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔥 fantastic - great additions here. Thanks for lowering the Admin access to power user as well. This is coming together nicely!

@BryanFauble BryanFauble merged commit bebf1a6 into main May 20, 2024
4 of 5 checks passed
@BryanFauble BryanFauble deleted the IBCDPE-939-notes-on-connecting branch May 20, 2024 20:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thomasyu888 thomasyu888 thomasyu888 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@BryanFauble @thomasyu888