cloud-accouts: add a policy for multi-tenancy #166

zugwan · 2023-05-03T07:42:55Z

클러스터 노드 간 통신을 위해 보안 그룹을 추가할 때 아래와 같이 기존 보안 그룹 정보를 얻어 오는 부분이 존재합니다.

tks-flow/tks-cluster/manage-internal-communication.yaml

Line 64 in 4077fce

    
                     current=$(aws ec2 describe-instance-attribute --attribute "groupSet" --instance-id $instance --output text --query "Groups[].GroupId")

멀티 테넌시 환경에서는 CAPA에서 생성하는 cluster-api 컨트롤러 Role을 사용하며 기본 정책에서 빠져있는 ec2:DescribeInstanceAttribute 권한을 추가하였습니다.

cloud-accouts: add a policy for multi-tenancy

86cba8f

zugwan requested review from ktkfree, intelliguy, robertchoi80, seungkyua, kyuho24, cho4036 and Siyeop May 3, 2023 07:42

ktkfree approved these changes May 4, 2023

View reviewed changes

zugwan merged commit 32c8b39 into main May 8, 2023

zugwan deleted the add_policy_for_multitenancy branch May 8, 2023 06:07

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

cloud-accouts: add a policy for multi-tenancy #166

cloud-accouts: add a policy for multi-tenancy #166

zugwan commented May 3, 2023

cloud-accouts: add a policy for multi-tenancy #166

cloud-accouts: add a policy for multi-tenancy #166

Conversation

zugwan commented May 3, 2023