Team Management to support different personas and features #18
Comments
|
are you referring to gaps in the current implementation at https://github.com/aws-ia/terraform-aws-eks-blueprints-teams? |
|
This issue has been automatically marked as stale because it has been open 30 days |
@bryantbiggs yes it is. |
|
This issue has been automatically marked as stale because it has been open 30 days |
|
@bryantbiggs do you have any updates on this ? |
|
@bryantbiggs @askulkarni2 fyi... Please let us know whether you need any other info. |
|
hey @haofeif - do you have more info on patterns or configurations that the module currently doesn't support? Perhaps if we can see some examples of whats trying to be created, we can work backwards to figure out what can or cannot be supported, or perhaps there are alternate routes to reach those outcomes. |
|
Yes @bryantbiggs. For instance, in the current team management repo, if users would like to add customization ( i.e. providing flexibility like provide additional personas for IAM Roles/RBAC roles other than just the read-only and namespace admin roles, it is not supported. Other features that are currently not supported including customization like cross-account assume roles (as usually the multi-tenancy cluster is hosted in a central AWS account, while tenants are accessing via their own accounts where they host their own RDS, S3 and other AWS resources) , network policies bootstrapped for each namespace . it is not possible in the current module as they are all hard coded. For instance, below is the tenant/team definition {
"tenant1": {
"aws_account_ids": [
"509164722760"
],
"compute_quota": {
"requests.cpu": "1000m",
"requests.memory": "12Gi",
"limits.cpu": "2000m",
"limits.memory": "12Gi"
},
"labels": {
"bsbcc": "example",
"appname": "example",
"testingNewLabel": "blah"
},
"object_quota": {
"pods": "10",
"secrets": "10",
"services": "10"
}
},
"tenant2": {
"aws_account_ids": [
"509164722760"
],
"compute_quota": {
"requests.cpu": "1000m",
"requests.memory": "12Gi",
"limits.cpu": "2000m",
"limits.memory": "12Gi"
},
"labels": {
"bsbcc": "example",
"appname": "example",
"testingNewLabel": "blah2"
},
"object_quota": {
"pods": "10",
"secrets": "10",
"services": "10"
}
}
}Which has the account info added in as the cross-account access. Our team has developed our code which we are happy to contribute as a PR (we showed it to @askulkarni2 a couple months ago hence creating this issue post our conversations) |
|
if you have any code that is publicly available, we'd be happy to take a look to better understand the ask |
|
This issue has been automatically marked as stale because it has been open 30 days |
|
Issue closed due to inactivity. |
|
This issue has been automatically marked as stale because it has been open 30 days |
|
Issue closed due to inactivity. |
Community Note
What is the outcome that you are trying to reach?
The current team management module does not provide flexibility for the team to provide customized feature to create different RBAC roles/IAM roles for different personas, it is not very easy to be used.
We would like to provide flexibility for the team management to provide additional IAM Roles/RBAC roles, cross-account assume roles, network policies bootstrapped for each namespace.
Describe the solution you would like
We would like the solution to cater for users inputting parameters to enable additional personas and features mentioned above
Describe alternatives you have considered
N/A
Additional context
The text was updated successfully, but these errors were encountered: