Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhance pipeline setup for IT to adapt to gardener environment changes #853

Closed
3 of 11 tasks
Tracked by #787
himanshu-kun opened this issue Sep 27, 2023 · 8 comments · Fixed by #873
Closed
3 of 11 tasks
Tracked by #787

Enhance pipeline setup for IT to adapt to gardener environment changes #853

himanshu-kun opened this issue Sep 27, 2023 · 8 comments · Fixed by #873
Assignees
@piyuagr @sssash18
Labels
area/dev-productivity Developer productivity related (how to improve development) kind/enhancement Enhancement, improvement, extension priority/1 Priority (lower number equals higher priority) status/closed Issue is closed (either delivered or triaged)

Comments

@himanshu-kun
Copy link
Contributor

himanshu-kun commented Sep 27, 2023
edited by piyuagr
Loading

How to categorize this issue?

/area dev-productivity
/kind enhancement
/priority 1

What would you like to be added:

Enhance the following in current pipeline setup for mcm-provider IT

with @rishabh-11

with @himanshu-kun

non-pipeline changes:

  • Remove old IT code from MCM repo (@piyuagr)

pipeline changes:
@himanshu-kun

  • Create a service account mcm-ci-it in mcm-ci with Admin role
  • Security requirement: Internal job needed to rotate the token for the kubeconfig associated to SA. The token expires every 90 days (default and max) .
    More info here : https:// pages.github.tools.sap/kubernetes/gardener/docs/guides/sap-internal/security/token-request-api/) (Remove interim spaces to make the link)
    • need to be rotated manually every 90days and updated in secret-server, as cc-config rotation method
  • should we create another service account for userData refreshing, or use existing account of any other developer.

@piyuagr

  • Use the kubeconfig to generate admin kubeconfig for *-oot-control and *-oot-target clusters (This step will need to be done everytime the IT is run in pipeline)
  • Turn *-oot-control clusters Worker less to save costs (we can remove *-oot-control also)
    • See if control cluster = target cluster is working fine in IT

@sssash18

  • Create a cluster role and binding which gives access to secrets in garden-core namespace. Associate binding with service account.

Why is this needed:

Recently security hardening has been done for gardener deployment where the kubeconfigs have turned non-static (expires after 24h max). This has created problems for our pipeline IT , given the way we currently set them up. Through this issue we plan to make minimal changes to get the IT up and running.
Some other changes (not-urgent-for-now) are tracked in #787
@himanshu-kun himanshu-kun added the kind/enhancement Enhancement, improvement, extension label Sep 27, 2023
@gardener-robot gardener-robot added area/dev-productivity Developer productivity related (how to improve development) priority/1 Priority (lower number equals higher priority) labels Sep 27, 2023
@himanshu-kun himanshu-kun mentioned this issue Feb 24, 2023
Open
6 tasks
@himanshu-kun himanshu-kun changed the title Enhance pipeline IT to adapt to gardener environment changes Enhance pipeline setup for IT to adapt to gardener environment changes Sep 27, 2023
@himanshu-kun
Copy link
Contributor Author

/assign @rishabh-11 for point 4

@himanshu-kun himanshu-kun mentioned this issue Oct 17, 2023
Closed
6 tasks
@piyuagr piyuagr mentioned this issue Nov 6, 2023
Merged
@piyuagr piyuagr mentioned this issue Nov 10, 2023
Merged
@himanshu-kun himanshu-kun pinned this issue Nov 17, 2023
@rishabh-11 rishabh-11 assigned sssash18 and unassigned rishabh-11 Nov 20, 2023
@gardener-robot
Copy link

@himanshu-kun You have mentioned internal references in the public. Please check.

3 similar comments
@gardener-robot
Copy link

@himanshu-kun You have mentioned internal references in the public. Please check.

@gardener-robot
Copy link

@himanshu-kun You have mentioned internal references in the public. Please check.

@gardener-robot
Copy link

@himanshu-kun You have mentioned internal references in the public. Please check.

@piyuagr piyuagr mentioned this issue Nov 27, 2023
Merged
@gardener-robot gardener-robot added the status/closed Issue is closed (either delivered or triaged) label Nov 28, 2023
@gardener-robot
Copy link

@himanshu-kun You have mentioned internal references in the public. Please check.

@himanshu-kun
Copy link
Contributor Author

/close , as this is now tracked in an internal issue

@gardener-robot
Copy link

@piyuagr You have mentioned internal references in the public. Please check.

@rishabh-11 rishabh-11 unpinned this issue Jul 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@piyuagr piyuagr

@sssash18 sssash18

Labels
area/dev-productivity Developer productivity related (how to improve development) kind/enhancement Enhancement, improvement, extension priority/1 Priority (lower number equals higher priority) status/closed Issue is closed (either delivered or triaged)
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Removed old IT code from mcm. piyuagr/machine-controller-manager
5 participants
@piyuagr @sssash18 @gardener-robot @rishabh-11 @himanshu-kun