Skip to content

Merge back to stsci - IGNORE THIS#1

Open
mgough-970 wants to merge 19 commits intosuper-cob:masterfrom
mgough-970:master
Open

Merge back to stsci - IGNORE THIS#1
mgough-970 wants to merge 19 commits intosuper-cob:masterfrom
mgough-970:master

Conversation

@mgough-970
Copy link

@mgough-970 mgough-970 commented Aug 4, 2020

No description provided.

jmatuskey and others added 19 commits April 6, 2020 13:39
modify IAM role to be prefixed with your cluster name
03b6891
@super-cob @yuvipanda
more elegant use of variables in cluster-autoscaler name
d9e7940 
Co-Authored-By: Yuvi Panda <yuvipanda@gmail.com>
@yuvipanda
Merge pull request pangeo-data#24 from super-cob/master
420176a
@yuvipanda
Use AWS roles instead of service users
1c09c92 
We were creating AWS service users, giving them keys
and then checking those keys in with git-crypt. This isn't
good security practice. We should be creating roles with
minimal permissions instead. These roles can then be 'assumed'
by different entities - an EC2 instance running GitHub actions,
a local user on a computer, etc. This also removes need to
managed EC2 access credentials in a repo - dangerous, and bothersome
to rotate.

This needs corresponding changes in hubploy to use assumed
roles before it can work.
@yuvipanda
Permit hubploy-eks access to kube cluster by default
afe2b86 
Currently, only the user who created the cluster can
access the cluster. We need to explicitly set role in
[aws-auth](https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html)
to let roles access the cluster.

We set this up, so the hubploy role can actually talk to the
kubernetes cluster
@yuvipanda
Let hubploy deployers group assume ECR role too
085b0b7
@yuvipanda
Create a role for use by ec2 instances
85f69f5 
We create a role that can assume only the two roles
necessary for hubploy. This role can only be attached
to ec2 instances
@jmatuskey
up size to t3.medium so hubploy has enough space
f664f96
@jmatuskey
Merge branch 'fix/no-users' of github.com:super-cob/terraform-deploy …
16df14f 
…into fix/no-users
@jmatuskey
automate creation of role that can do initial cluster setup
6ea018d
@yuvipanda
Restrict hubploy deploy role
164bc90 
Only needs to run describe-cluster on the one we just
created
@jmatuskey
fully working with no-users role based terraform
dfb6cd8
@jmatuskey
up size to t3.medium so hubploy has enough space
7dcb43e
@jmatuskey
automate creation of role that can do initial cluster setup
d18b2a4
@jmatuskey
fully working with no-users role based terraform
b2a19fe
@jmatuskey
move trust policy to data block
45b1167
@jmatuskey
Merge branch 'fix/no-users' of github.com:super-cob/terraform-deploy …
a1e313c 
…into fix/no-users

# Conflicts:
#	aws-creds/iam.tf
@jmatuskey
use variables to prefix roles
31f841d
Added submodule
c397388
@mgough-970 mgough-970 changed the title Merge back to stsci Merge back to stsci - IGNORE THIS Aug 4, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mgough-970 @super-cob @yuvipanda @jmatuskey