Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: move karpenter ECR auth token and provider out of the module #2067

Merged
merged 31 commits into from
Jun 26, 2023
Merged

fix: move karpenter ECR auth token and provider out of the module #2067

merged 31 commits into from
Jun 26, 2023

Conversation

oleksiimorozenko
Copy link
Contributor

@oleksiimorozenko oleksiimorozenko commented Jun 5, 2023
edited
Loading

[Pull request title](fix: move karpenter ECR auth token and provider out of the module)

Description

Defining provider and related resources (data source) in the module can break even plan if the user running Terraform is assuming role (i.e. doesn't have any permissions assigned to itself but assume role) even if Karpenter module is disabled

The plan fails with Error: getting ECR Public authorization token: AccessDeniedException: User: arn:aws:iam::<account-id>:user/username is not authorized to perform: ecr-public:GetAuthorizationToken on resource: * because no identity-based policy allows the ecr-public:GetAuthorizationToken action in this case

It's better instead to define the provider in the root module as the dependent module's example shows
This PR solves the problem when the provider block looks like this:

provider "aws" {
  region = var.aws_region
  assume_role {
    session_name = "terraform-role"
    role_arn     = "arn:aws:iam::<account-id>:role/rolename"
  }
}

Checklist

@oleksiimorozenko oleksiimorozenko requested a review from a team as a code owner June 5, 2023 06:05
@oleksiimorozenko oleksiimorozenko requested review from ArchiFleKs and rguichard and removed request for a team June 5, 2023 06:05
@oleksiimorozenko
Copy link
Contributor Author

@ArchiFleKs @rguichard any chance it will be approved?

ArchiFleKs and others added 25 commits June 15, 2023 16:11
@ArchiFleKs @oleksiimorozenko
fix(tigera-operator): do not manage CRDs by default
c87fe31 
It should not be needed anymore and can lead to issues. It was fixed in
projectcalico/calico#7216

Signed-off-by: Kevin Lefevre <[email protected]>
Signed-off-by: Oleksii Morozenko <[email protected]>
@ArchiFleKs @oleksiimorozenko
fix(aws/tigera-operator): do not manage CRDs by default
1b5c0a4 
It should not be needed anymore and can lead to issues. It was fixed in
projectcalico/calico#7216

Signed-off-by: Kevin Lefevre <[email protected]>
Signed-off-by: Oleksii Morozenko <[email protected]>
@oleksiimorozenko
fix: move karpenter ECR auth token and provider out of the module
01962f7 
Signed-off-by: Oleksii Morozenko <[email protected]>
@oleksiimorozenko
fix: move karpenter ECR auth token and provider out of the module
a4bf30a 
Signed-off-by: Oleksii Morozenko <[email protected]>
@oleksiimorozenko
Fix pre-commit docs hook
4e3792a 
Signed-off-by: Oleksii Morozenko <[email protected]>
@renovate @oleksiimorozenko
feat(charts): update helm release kong to v2.23.0 (#2068)
586b077 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Oleksii Morozenko <[email protected]>
@renovate @oleksiimorozenko
feat(charts): update helm release traefik to v23.1.0 (#2069)
5bc4840 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Oleksii Morozenko <[email protected]>
@renovate @oleksiimorozenko
fix(charts): update helm release loki to v5.6.2 (#2070)
e41f5b9 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Oleksii Morozenko <[email protected]>
@renovate @oleksiimorozenko
fix(charts): update helm release loki to v5.6.3 (#2071)
47990b2 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Oleksii Morozenko <[email protected]>
@renovate @oleksiimorozenko
feat(charts): update helm release kube-prometheus-stack to v46.7.0 (#…
49ba503 
…2073)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Oleksii Morozenko <[email protected]>
@renovate @oleksiimorozenko
feat(charts): update helm release external-dns to v1.13.0 (#2072)
b3cc764 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Oleksii Morozenko <[email protected]>
@renovate @oleksiimorozenko
fix(charts): update helm release promtail to v6.11.3 (#2074)
6a448d6 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Oleksii Morozenko <[email protected]>
@renovate @oleksiimorozenko
fix(charts): update helm release velero to v4.0.3 (#2075)
35bd8d4 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Oleksii Morozenko <[email protected]>
@renovate @oleksiimorozenko
fix(charts): update helm release loki to v5.6.4 (#2076)
616e9bc 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Oleksii Morozenko <[email protected]>
@renovate @oleksiimorozenko
feat(charts): update helm release prometheus-blackbox-exporter to v7.…
05dec6b 
…10.0 (#2078)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Oleksii Morozenko <[email protected]>
@renovate @oleksiimorozenko
feat(charts): update helm release kube-prometheus-stack to v46.8.0 (#…
7a8bcf5 
…2077)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Oleksii Morozenko <[email protected]>
@renovate @oleksiimorozenko
fix(charts): update helm release aws-efs-csi-driver to v2.4.5 (#2079)
3e2d28c 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Oleksii Morozenko <[email protected]>
@renovate @oleksiimorozenko
fix(charts): update helm release cluster-autoscaler to v9.29.1 (#2080)
7d9122f 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Oleksii Morozenko <[email protected]>
@renovate @oleksiimorozenko
feat(charts): update helm release loki to v5.8.0 (#2084)
3dd3edd 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Oleksii Morozenko <[email protected]>
@renovate @oleksiimorozenko
fix(charts): update helm release thanos to v12.6.3 (#2082)
0c0ac47 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Oleksii Morozenko <[email protected]>
@renovate @oleksiimorozenko
fix(charts): update helm release secrets-store-csi-driver to v1.3.4 (#…
f64de33 
…2081)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Oleksii Morozenko <[email protected]>
@renovate @oleksiimorozenko
fix(charts): update karpenter docker tag to v0.27.6 (#2083)
49499d5 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Oleksii Morozenko <[email protected]>
@renovate @oleksiimorozenko
feat(charts): update karpenter docker tag to v0.28.0 (#2085)
8f811b9 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Oleksii Morozenko <[email protected]>
@oleksiimorozenko
Update terrafodm docs
0d4fea6 
Signed-off-by: Oleksii Morozenko <[email protected]>
@renovate @oleksiimorozenko
feat(charts): update helm release sealed-secrets to v2.10.0 (#2086)
359007c 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Oleksii Morozenko <[email protected]>
@rguichard
Copy link
Member

@ArchiFleKs @rguichard any chance it will be approved?

Don't worry we will review it! Thx a lot for your contribution!

ArchiFleKs
ArchiFleKs requested changes Jun 21, 2023
View reviewed changes
modules/aws/.terraform-docs.yml Outdated Show resolved Hide resolved
@ArchiFleKs
Copy link
Member

@oleksiimorozenko could you rebase please

@mergify mergify bot merged commit 625c957 into particuleio:main Jun 26, 2023
@github-actions
Copy link

🎉 This PR is included in version 14.1.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ArchiFleKs ArchiFleKs ArchiFleKs approved these changes

@rguichard rguichard Awaiting requested review from rguichard rguichard is a code owner automatically assigned from particuleio/team

Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@oleksiimorozenko @rguichard @ArchiFleKs