Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix VPC policy in CAPA controller role CloudFormation template #127

Merged
merged 3 commits into from
Nov 13, 2024
Merged

Fix VPC policy in CAPA controller role CloudFormation template #127

merged 3 commits into from
Nov 13, 2024

Conversation

iuriaranda
Copy link
Contributor

@iuriaranda iuriaranda commented Nov 12, 2024
edited
Loading

Towards https://github.com/giantswarm/giantswarm/issues/32065

Turns out that with the split-out policy, we're now over the 10240 bytes limit for inline policies 😕

Maximum policy size of 10240 bytes exceeded for role giantswarm-alba-capa-controller

So even though this fixes the CF template, it's still not usable... I guess the solution would be to refactor it completely to use managed policies, but not sure if it's possible in CF.

Checklist

  • Update changelog in CHANGELOG.md.

@iuriaranda iuriaranda requested a review from a team as a code owner November 12, 2024 13:46
fiunchinho
fiunchinho previously approved these changes Nov 12, 2024
View reviewed changes
@iuriaranda
Switch to managed policies for capa controller role CF template
cb9252f 
We hit the 10240 bytes limit for inline policies in an IAM role, so we better use managed policies instead

Also renamed the capa controller VPC policy to match the other policies name pattern
@iuriaranda iuriaranda dismissed fiunchinho’s stale review November 12, 2024 14:07

made significant changes to the PR

@iuriaranda iuriaranda requested review from fiunchinho and a team November 12, 2024 14:07
@iuriaranda
Copy link
Contributor Author

iuriaranda commented Nov 12, 2024
edited
Loading

I've refactored the CloudFormation template to use managed policies instead of inline, since we were hitting the 10240 bytes limit for inline policies with my recent changes (we were probably hitting that limit already with some installation names). For reference, the setup.sh script and Terraform stack were already using managed policies.

I've also tested an upgrade of the CF stack from inline to managed policies and it works as expected.

fiunchinho
fiunchinho requested changes Nov 12, 2024
View reviewed changes
Copy link
Member

@fiunchinho fiunchinho left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe worth mentioning it in the changelog

@iuriaranda iuriaranda merged commit 4050ff3 into main Nov 13, 2024
1 check passed
@iuriaranda iuriaranda deleted the fix-cloudformation branch November 13, 2024 12:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fiunchinho fiunchinho fiunchinho approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@iuriaranda @fiunchinho