Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(doks,doks-public) create infraciadmin SA for each cluster along with their token and kubeconfigs #134

Merged
merged 2 commits into from
Aug 8, 2023
Merged

feat(doks,doks-public) create infraciadmin SA for each cluster along with their token and kubeconfigs #134

merged 2 commits into from
Aug 8, 2023

Conversation

dduportal
Copy link
Contributor

@dduportal dduportal commented Aug 8, 2023
edited
Loading

Related to jenkins-infra/helpdesk#3679

This PRs adds the jenkinsciinfraadmin to both doks and doks-public clusters.

Notes:

  • The variable do_token as been removed in favor of using the DIGITALOCEAN_ACCESS_TOKEN relying on the doctl command. It was required to ensure that the kubernetes provider where able to access the clusters to bootstrap the SAs.
  • It starts to be a lot of code duplication. Could be a great opportunity to start having Terraform module:
    • 2 clusters here (and same in AWS and Azure)
    • The SA/Secret/CRB does not look specifics to DigitalOcean and the code could be reused.
      But I want to validate end to end the usage of this solution before factorizing

@dduportal
feat(doks,doks-public) create infraciadmin SA for each cluster along …
7c34208 
…with their token and kubeconfigs

Signed-off-by: Damien Duportal <[email protected]>
@dduportal dduportal changed the title feat(doks,doks-public) create infraciadmin SA for each cluster along … feat(doks,doks-public) create infraciadmin SA for each cluster along with their token and kubeconfigs Aug 8, 2023
@dduportal dduportal marked this pull request as ready for review August 8, 2023 10:20
@dduportal dduportal requested review from a team, timja, lemeurherve and smerle33 August 8, 2023 10:20
timja
timja previously approved these changes Aug 8, 2023
View reviewed changes
lemeurherve
lemeurherve previously approved these changes Aug 8, 2023
View reviewed changes
Copy link
Member

@lemeurherve lemeurherve left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

doks-cluster.tf Outdated Show resolved Hide resolved
doks-cluster.tf Outdated Show resolved Hide resolved
doks-public-cluster.tf Outdated Show resolved Hide resolved
@dduportal dduportal merged commit cbba128 into jenkins-infra:main Aug 8, 2023
1 check passed
@dduportal dduportal deleted the helpdesk-3679 branch August 8, 2023 11:47
@dduportal dduportal mentioned this pull request Aug 8, 2023
Merged
@dduportal
Copy link
Contributor Author

For info: this PR failed to be applied. The error was getting credentials: exec: executable doctl not found.

Opened jenkins-infra/docker-hashicorp-tools#320 to fix

This was referenced Aug 8, 2023
Closed
Merged
Merged
dduportal added a commit to jenkins-infra/azure that referenced this pull request Aug 9, 2023
@dduportal
refactor(publick8s,privatek8s) define infraciadmin SA with a terrafor…
01cfa3c 
…m module (#448)

Ref. jenkins-infra/helpdesk#3679

Same as jenkins-infra/digitalocean#134 +
jenkins-infra/digitalocean#136 but for Azure

Please note that the `privatek8s` SA can be used directly by the pod of
jenkins-infra/kubernetes-management by mounting the token in the pod
directly.

Signed-off-by: Damien Duportal <[email protected]>
@dduportal dduportal mentioned this pull request Aug 9, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@timja timja timja left review comments

@smerle33 smerle33 Awaiting requested review from smerle33

@lemeurherve lemeurherve Awaiting requested review from lemeurherve

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dduportal @timja @lemeurherve