feat(control-room): add EKS access entries support#96
Draft
ian-flores wants to merge 2 commits intomainfrom
Draft
feat(control-room): add EKS access entries support#96ian-flores wants to merge 2 commits intomainfrom
ian-flores wants to merge 2 commits intomainfrom
Conversation
Add eks_access_entries configuration to control room EKS clusters, mirroring the existing workload cluster pattern. This allows control rooms to use modern EKS Access Entries instead of the legacy aws-auth ConfigMap when eks_access_entries.enabled is set to true. Closes #79
The randomness check for length=1 strings had ~1.6% collision probability (1/62 charset), causing intermittent CI failures. Only check randomness for lengths >= 4 where collision is negligible.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
eks_access_entriesconfiguration to control room EKS clustersProblem
Control room EKS clusters were hardcoded to use the legacy
aws-authConfigMap for authentication, while workload clusters had the option to use modern EKS Access Entries via theeks_access_entriesconfig.Solution
Added the same
eks_access_entriesconfiguration support to control rooms:eks_access_entries.enabled- Enable EKS Access Entries instead of aws-auth ConfigMapeks_access_entries.additional_entries- Add custom access entrieseks_access_entries.include_same_account_poweruser- Include PowerUser roleUsage
To enable EKS Access Entries on a control room, add to
ptd.yaml:Test plan
eks_access_entries.enabled: trueCloses #79