[TOOLS-137] Add: helm values for wlan-onboard and AWS user with access to EKS

2025-10-31 02:47:51 +00:00 · 2021-05-28 15:31:05 +03:00
parent c838b75d42
commit e90384e88f
4 changed files with 58 additions and 20 deletions
--- a/helm-values/aws-wlan-onboard.yaml
+++ b/helm-values/aws-wlan-onboard.yaml
@@ -0,0 +1,27 @@
+images:
+  onboard:
+    repository: tip-tip-wlan-test-bss-docker-repo.jfrog.io/wlan-onboard
+    tag: latest
+    pullPolicy: IfNotPresent
+    regcred: eyJhdXRocyI6IHsidGlwLXRpcC13bGFuLWNsb3VkLWRvY2tlci1yZXBvLmpmcm9nLmlvIjogeyJhdXRoIjogImRHbHdMWEpsWVdRNmRHbHdMWEpsWVdRPSJ9fX0=
+
+services:
+  onboard:
+    type: NodePort
+
+ingresses:
+  default: 
+    annotations:
+      kubernetes.io/ingress.class: alb
+      alb.ingress.kubernetes.io/scheme: internet-facing
+      alb.ingress.kubernetes.io/group.name: test-bss-load-testing
+      alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
+      alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
+      alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
+      external-dns.alpha.kubernetes.io/hostname: onboard.cicd.lab.wlan.tip.build
+    hosts:
+    - onboard.cicd.lab.wlan.tip.build
+    paths:
+    - path: /*
+      serviceName: onboard
+      servicePort: http
--- a/terraform/wifi-289708231103/cloudsdk_cicd/eks.tf
+++ b/terraform/wifi-289708231103/cloudsdk_cicd/eks.tf
@@ -126,6 +126,11 @@ locals {
      userarn  = aws_iam_user.quali-poc.arn
      username = aws_iam_user.quali-poc.name
      groups   = ["system:masters"]
+    },
+    {
+      userarn  = aws_iam_user.gh-actions-wlan-test-bss.arn
+      username = aws_iam_user.gh-actions-wlan-test-bss.name
+      groups   = ["system:masters"]
    }
  ]
  admin_roles = [for role in var.eks_admin_roles : {
--- a/terraform/wifi-289708231103/cloudsdk_cicd/kms.tf
+++ b/terraform/wifi-289708231103/cloudsdk_cicd/kms.tf
@@ -35,6 +35,7 @@ data "aws_iam_policy_document" "kms" {
      identifiers = [
        "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_AdministratorAccess_5b24211378e8344f",
        "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_SystemAdministrator_622371b0ceece6f8",
+        "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/atlantis-ecs_task_execution",
      ]
    }
  }
@@ -55,6 +56,7 @@ data "aws_iam_policy_document" "kms" {
      identifiers = [
        "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_AdministratorAccess_5b24211378e8344f",
        "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_SystemAdministrator_622371b0ceece6f8",
+        "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/atlantis-ecs_task_execution",
      ]
    }
  }
--- a/terraform/wifi-289708231103/cloudsdk_cicd/users.tf
+++ b/terraform/wifi-289708231103/cloudsdk_cicd/users.tf
@@ -1,3 +1,15 @@
+data "aws_iam_policy_document" "gh-actions-policy" {
+  statement {
+    effect = "Allow"
+    actions = [
+      "eks:DescribeCluster",
+      "eks:ListClusters",
+    ]
+    resources = ["*"]
+  }
+}
+
+# gh-actions-user
 resource "aws_iam_user" "gh-actions-user" {
  name = "gh-actions-user"
  path = "/"
@@ -10,17 +22,7 @@ resource "aws_iam_user_policy" "lb_ro" {
  policy = data.aws_iam_policy_document.gh-actions-policy.json
 }

-data "aws_iam_policy_document" "gh-actions-policy" {
-  statement {
-    effect = "Allow"
-    actions = [
-      "eks:DescribeCluster",
-      "eks:ListClusters",
-    ]
-    resources = ["*"]
-  }
-}
-
+# quali-poc
 resource "aws_iam_user" "quali-poc" {
  name = "quali-poc"
  path = "/"
@@ -33,13 +35,15 @@ resource "aws_iam_user_policy" "lb_ro_quali" {
  policy = data.aws_iam_policy_document.gh-actions-policy.json
 }

-data "aws_iam_policy_document" "quali-poc-policy" {
-  statement {
-    effect = "Allow"
-    actions = [
-      "eks:DescribeCluster",
-      "eks:ListClusters",
-    ]
-    resources = ["*"]
+# gh-actions-wlan-test-bss
+resource "aws_iam_user" "gh-actions-wlan-test-bss" {
+  name = "gh-actions-wlan-test-bss"
+  path = "/"
+  tags = local.common_tags
 }
+
+resource "aws_iam_user_policy" "lb_ro_gh_wlan_test_bss" {
+  name   = "eks-list-access"
+  user   = aws_iam_user.gh-actions-wlan-test-bss.name
+  policy = data.aws_iam_policy_document.gh-actions-policy.json
 }