Skip to content

Engineer k8s group manual #10164

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ni9hty merged 8 commits into from
Dec 3, 2025
Merged

Engineer k8s group manual #10164

ni9hty merged 8 commits into from
Dec 3, 2025
+23 −1

Conversation

@ni9hty
Copy link
Contributor

@ni9hty ni9hty commented Nov 6, 2025

cluster.yaml changes:

  • Adds a new EKSAccessEntryManualAuth resource in an {{- else }} block
  • Creates an access entry for a manual IAM role (arn:aws:iam::${AWS::AccountId}:role/Manual)
  • Assigns the zalando:engineer Kubernetes group to this role

poweruser-binding.yaml changes:

  • Adds the zalando:engineer group as a subject in the existing RoleBinding/ClusterRoleBinding
  • This grants the same permissions that okta:common/engineer has to the new zalando:engineer group

@ni9hty ni9hty added the minor Minor changes, e.g. low risk config updates, changes that do not introduce a new API call. label Nov 6, 2025
@tcondeixa
Copy link
Contributor

tcondeixa commented Nov 6, 2025

I think we are missing 2 other places to add this new group
https://github.com/search?q=repo%3Azalando-incubator%2Fkubernetes-on-aws%20common%2Fengineer&type=code

tcondeixa
tcondeixa reviewed Nov 7, 2025
View reviewed changes
linki
linki reviewed Nov 7, 2025
View reviewed changes
tcondeixa
tcondeixa reviewed Nov 7, 2025
View reviewed changes
@zalando-robot
Copy link

zalando-robot commented Nov 10, 2025

Deployment Checklist

This change falls under the deployment policy.

💁 Since Nov 10th, we are in the RED deployment zone. This means all changes released to production must adhere to the following requirements:

  • Detailed release notes are provided in this PR’s description.
  • Thorough load-testing has been performed, and is documented in the description/comment.
  • Technical review: Principal Engineers or Tech Leads have green-lit your changes, and the reviewer is named in the description/comments.
  • You can enable/disable the change via feature toggles, and have confirmed these toggles work as expected.
  • Application Owner (Director+) approval is given about the PR, and the approver is named in the description/comments.

👉 Regardless of which boxes you click in this comment, merge/deployment will not be blocked.
Reports about deployment policy adherence will be circulated daily for Cyber-Week-relevant applications.

@ni9hty
Copy link
Contributor Author

ni9hty commented Dec 3, 2025

👍

@tcondeixa
Copy link
Contributor

tcondeixa commented Dec 3, 2025

👍

@ni9hty ni9hty merged commit ea437dc into dev Dec 3, 2025
15 checks passed
@ni9hty ni9hty deleted the engineer_k8s_group_Manual branch December 3, 2025 14:10
This was referenced Dec 3, 2025
Merged
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@linki linki linki left review comments

@tcondeixa tcondeixa tcondeixa left review comments

Assignees

No one assigned

Labels

merged/kube-1.34 minor Minor changes, e.g. low risk config updates, changes that do not introduce a new API call.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@ni9hty @tcondeixa @zalando-robot @linki