Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(eks): IAM Roles for service accounts in imported clusters #10774

Merged
merged 55 commits into from
Nov 10, 2020
Merged

feat(eks): IAM Roles for service accounts in imported clusters #10774

merged 55 commits into from
Nov 10, 2020

Conversation

aka-toxa
Copy link
Contributor

@aka-toxa aka-toxa commented Oct 7, 2020
edited by SomayaB
Loading

Hi this is a try to fix #10601
I didn't add proper documentation and tests now because discussions about how to implement that are stale so I've decided to push it forward by creating this PR

if you guys think this is a good approach I will proceed with the unit tests and proper documentation

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@aka-toxa aka-toxa marked this pull request as draft October 7, 2020 22:19
iliapolo
iliapolo previously requested changes Oct 8, 2020
View reviewed changes
Copy link
Contributor

@iliapolo iliapolo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@aka-toxa General approach is good. See my comments. And thanks! :)

packages/@aws-cdk/aws-eks/lib/cluster.ts Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-eks/lib/cluster.ts Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-eks/lib/cluster.ts Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-eks/lib/service-account.ts Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-eks/lib/cluster.ts Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-eks/lib/cluster.ts Outdated Show resolved Hide resolved
@aka-toxa aka-toxa force-pushed the aka-toxa/irsa-support-for-imported-clusters branch from 5aa6ebf to 6222f33 Compare October 8, 2020 20:31
@mergify mergify bot dismissed iliapolo’s stale review October 8, 2020 20:32

Pull request has been modified.

@aka-toxa aka-toxa force-pushed the aka-toxa/irsa-support-for-imported-clusters branch from 437fea0 to 3f10bab Compare October 8, 2020 20:33
@aka-toxa aka-toxa force-pushed the aka-toxa/irsa-support-for-imported-clusters branch from 3f10bab to 34db58f Compare October 8, 2020 20:42
@aka-toxa aka-toxa marked this pull request as ready for review October 12, 2020 12:13
iliapolo
iliapolo previously requested changes Oct 12, 2020
View reviewed changes
packages/@aws-cdk/aws-eks/lib/cluster.ts Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-eks/lib/cluster.ts Show resolved Hide resolved
packages/@aws-cdk/aws-eks/lib/cluster.ts Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-eks/lib/cluster.ts Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-eks/lib/cluster.ts Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-eks/lib/legacy-cluster.ts Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-iam/lib/oidc-provider.ts Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-iam/lib/oidc-provider.ts Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-iam/lib/oidc-provider.ts Outdated Show resolved Hide resolved
@mergify mergify bot dismissed iliapolo’s stale review October 12, 2020 14:19

Pull request has been modified.

@aka-toxa
Copy link
Contributor Author

hey @iliapolo can you please help me with the failed build? I'm not sure I understand what it wants from me :(

@gitpod-io
Copy link

gitpod-io bot commented Oct 12, 2020
edited
Loading

@iliapolo
Copy link
Contributor

@aka-toxa I think its something to do with version numbers in lerna.json and an update from master should resolve it.
i've updated the branch, lets see if it works - Im digging a little deeper in the meantime.

@aka-toxa
Copy link
Contributor Author

@iliapolo it looks like that merging the master branch helps

can you check your prev. comments again please? I've resolved most of them

aka-toxa and others added 3 commits October 13, 2020 18:27
@aka-toxa
Copy link
Contributor Author

issuer and issuer url is the same thing.
in AWS console there is no separated fields, but only one

@iliapolo
Copy link
Contributor

issuer and issuer url is the same thing.
in AWS console there is no separated fields, but only one

But in the code you explicitly separate the https://.

https://github.com/aka-toxa/aws-cdk/blob/aka-toxa/irsa-support-for-imported-clusters/packages/@aws-cdk/aws-iam/lib/oidc-provider.ts#L168

That means that clusterOpenIdConnectIssuerUrl will not actually return a URL, i.e it won't have the https:// prefix. No?

@mergify mergify bot dismissed iliapolo’s stale review November 3, 2020 13:39

Pull request has been modified.

@aka-toxa
Copy link
Contributor Author

aka-toxa commented Nov 4, 2020

hi @iliapolo
I'm back
Stan merged his branch to my original PR and I've looked through your last review here and resolved comments that was already addressed. there are still two comments needed discussion.

let decide what we do next?

@aka-toxa
Copy link
Contributor Author

aka-toxa commented Nov 9, 2020

@iliapolo done.

iliapolo
iliapolo previously approved these changes Nov 10, 2020
View reviewed changes
@iliapolo
Copy link
Contributor

@aka-toxa Thanks for the hard work! Greatly appreciated :)

@mergify mergify bot dismissed iliapolo’s stale review November 10, 2020 10:59

Pull request has been modified.

@mergify
Copy link
Contributor

mergify bot commented Nov 10, 2020

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
  • Commit ID: 97b6983
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify
Copy link
Contributor

mergify bot commented Nov 10, 2020

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot merged commit 76c795a into aws:master Nov 10, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eladb eladb eladb left review comments

@iliapolo iliapolo iliapolo approved these changes

Assignees

@iliapolo iliapolo

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[aws-eks] Support adding service accounts to imported clusters
5 participants
@aka-toxa @iliapolo @aws-cdk-automation @eladb @parkhomenko