scottk/wlan-toolsmith
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/wlan-toolsmith.git synced 2025-10-31 02:47:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

[TOOLS-137] Add: helm values for wlan-onboard and AWS user with access to EKS

Browse Source
This commit is contained in:
Dmitry Dunaev
2021-05-28 15:31:05 +03:00
parent c838b75d42
commit e90384e88f
4 changed files with 58 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
helm-values/aws-wlan-onboard.yaml Normal file
View File

@@ -0,0 +1,27 @@
images:
onboard:
repository: tip-tip-wlan-test-bss-docker-repo.jfrog.io/wlan-onboard
tag: latest
pullPolicy: IfNotPresent
regcred: eyJhdXRocyI6IHsidGlwLXRpcC13bGFuLWNsb3VkLWRvY2tlci1yZXBvLmpmcm9nLmlvIjogeyJhdXRoIjogImRHbHdMWEpsWVdRNmRHbHdMWEpsWVdRPSJ9fX0=
services:
onboard:
type: NodePort
ingresses:
default:
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/group.name: test-bss-load-testing
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
external-dns.alpha.kubernetes.io/hostname: onboard.cicd.lab.wlan.tip.build
hosts:
- onboard.cicd.lab.wlan.tip.build
paths:
- path: /*
serviceName: onboard
servicePort: http

5
terraform/wifi-289708231103/cloudsdk_cicd/eks.tf
View File

@@ -126,6 +126,11 @@ locals {
userarn = aws_iam_user.quali-poc.arn userarn = aws_iam_user.quali-poc.arn
username = aws_iam_user.quali-poc.name username = aws_iam_user.quali-poc.name
groups = ["system:masters"] groups = ["system:masters"]
},
{
userarn = aws_iam_user.gh-actions-wlan-test-bss.arn
username = aws_iam_user.gh-actions-wlan-test-bss.name
groups = ["system:masters"]
} }
] ]
admin_roles = [for role in var.eks_admin_roles : { admin_roles = [for role in var.eks_admin_roles : {

2
terraform/wifi-289708231103/cloudsdk_cicd/kms.tf
View File

@@ -35,6 +35,7 @@ data "aws_iam_policy_document" "kms" {
identifiers = [ identifiers = [
"arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_AdministratorAccess_5b24211378e8344f", "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_AdministratorAccess_5b24211378e8344f",
"arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_SystemAdministrator_622371b0ceece6f8", "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_SystemAdministrator_622371b0ceece6f8",
"arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/atlantis-ecs_task_execution",
] ]
} }
} }
@@ -55,6 +56,7 @@ data "aws_iam_policy_document" "kms" {
identifiers = [ identifiers = [
"arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_AdministratorAccess_5b24211378e8344f", "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_AdministratorAccess_5b24211378e8344f",
"arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_SystemAdministrator_622371b0ceece6f8", "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_SystemAdministrator_622371b0ceece6f8",
"arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/atlantis-ecs_task_execution",
] ]
} }
} }

44
terraform/wifi-289708231103/cloudsdk_cicd/users.tf
View File

@@ -1,3 +1,15 @@
data "aws_iam_policy_document" "gh-actions-policy" {
statement {
effect = "Allow"
actions = [
"eks:DescribeCluster",
"eks:ListClusters",
]
resources = ["*"]
}
}
# gh-actions-user
resource "aws_iam_user" "gh-actions-user" { resource "aws_iam_user" "gh-actions-user" {
name = "gh-actions-user" name = "gh-actions-user"
path = "/" path = "/"
@@ -10,17 +22,7 @@ resource "aws_iam_user_policy" "lb_ro" {
policy = data.aws_iam_policy_document.gh-actions-policy.json policy = data.aws_iam_policy_document.gh-actions-policy.json
} }
data "aws_iam_policy_document" "gh-actions-policy" { # quali-poc
statement {
effect = "Allow"
actions = [
"eks:DescribeCluster",
"eks:ListClusters",
]
resources = ["*"]
}
}
resource "aws_iam_user" "quali-poc" { resource "aws_iam_user" "quali-poc" {
name = "quali-poc" name = "quali-poc"
path = "/" path = "/"
@@ -33,13 +35,15 @@ resource "aws_iam_user_policy" "lb_ro_quali" {
policy = data.aws_iam_policy_document.gh-actions-policy.json policy = data.aws_iam_policy_document.gh-actions-policy.json
} }
data "aws_iam_policy_document" "quali-poc-policy" { # gh-actions-wlan-test-bss
statement { resource "aws_iam_user" "gh-actions-wlan-test-bss" {
effect = "Allow" name = "gh-actions-wlan-test-bss"
actions = [ path = "/"
"eks:DescribeCluster", tags = local.common_tags
"eks:ListClusters", }
]
resources = ["*"] resource "aws_iam_user_policy" "lb_ro_gh_wlan_test_bss" {
} name = "eks-list-access"
user = aws_iam_user.gh-actions-wlan-test-bss.name
policy = data.aws_iam_policy_document.gh-actions-policy.json
} }