Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

External Secrets Operator Onboarding #421

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Conversation

BogdanAntoniu78
Copy link
Contributor

Onboarding external secrets operator

Summary

Test Plan

Checklist

  • No images hosted from dockerhub
  • Are dashboards present to understand the health of the application. There must be at least 1 of these
    • all databases should have dashboards
    • ideally also have at least cpu/mem utilization dashboards for webserver tier of the app
    • you can use plural from-grafana to convert a grafana dashboard found via google to our CRD
  • Are scaling runbooks present
    • all databases must have scaling runbooks
    • you can use the charts in pluralsh/module-library to accelerate this
  • do you need to add config overlays?
    • inputing secrets
    • configuring autoscaling
  • If there’s a web-facing component to the app, we need to support OIDC authentication and setting up private networks if no authentication option is viable
  • All major clouds must be supported
    • Azure
    • AWS
    • GCP

Signed-off-by: David van der Spek <vanderspek.david@gmail.com>
@BogdanAntoniu78
Copy link
Contributor Author

Prerequisites:

  • Policy to access AWS Secret Manager (included in terraform main.tf)
  • Role to be assumed via IRSA, with trust relationship with EKS OIDC provider and permission based on the policy created above
  • output.tf should contain account_id and the service account name included in OIDC qualified subjects
  • k8 values.yaml.tpl should include ServiceAccount variable with the correct annotation including the account id and the role to be assumed (defined above)

Signed-off-by: David van der Spek <vanderspek.david@gmail.com>
davidspek and others added 4 commits November 7, 2022 17:18
Signed-off-by: David van der Spek <vanderspek.david@gmail.com>
Signed-off-by: David van der Spek <vanderspek.david@gmail.com>
Signed-off-by: David van der Spek <vanderspek.david@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants