[installer-tests] add make targets to backup k8s user creds #13175
Conversation
nandajavarma
force-pushed
the
nvn/add-gcp-auth
branch
6 times, most recently
from
17ecfb7 to
7ca1855
Compare
nandajavarma
changed the title
roboquat
added
release-note-none
and removed
do-not-merge/release-note-label-needed
labels
nandajavarma
force-pushed
the
nvn/add-gcp-auth
branch
from
7ca1855 to
ab92fc7
Compare
nandajavarma
force-pushed
the
nvn/add-gcp-auth
branch
7 times, most recently
from
dc4aae7 to
76b9a42
Compare
There was a problem hiding this comment.
/hold
There's a couple of suggestions/nits in here, but happy to approve on that basis. With regards to the indentation comment, I've noticed that it's currently consistent with the rest of the file - I think we probably want to do the "correct" indentation at some point, but I'm happy if you elect not to change in this file and we do it as a future task
| @@ -33,35 +33,51 @@ help: Makefile | |||
| @sed -n 's/^##//p' $< | column -t -s ':' | sed -e 's/^/ /' | |||
| @echo | |||
|
|
|||
| upload-gcp-cluster-creds: | |||
| export GKE_CREDS=$$(terraform output -json gke_user_key) && \ | |||
| echo $$GKE_CREDS > gcp-creds | |||
There was a problem hiding this comment.
| echo $$GKE_CREDS > gcp-creds | |
| echo $$GKE_CREDS > gcp-creds |
Worth indenting this once more as it's a multiline command
| export KUBECONFIG=${KUBECONFIG} && \ | ||
| gcloud container clusters get-credentials gp-${TF_VAR_TEST_ID} --zone europe-west1-d --project sh-automated-tests || $(MAKE) sync-kubeconfig || echo "No cluster present" | ||
| gcloud container clusters get-credentials gp-${TF_VAR_TEST_ID} --zone europe-west1-d --project sh-automated-tests || echo "No cluster present" |
There was a problem hiding this comment.
| gcloud container clusters get-credentials gp-${TF_VAR_TEST_ID} --zone europe-west1-d --project sh-automated-tests || echo "No cluster present" | |
| gcloud container clusters get-credentials gp-${TF_VAR_TEST_ID} --zone europe-west1-d --project sh-automated-tests || echo "No cluster present" |
Indentation as above
| @echo "Done creating GKE cluster" | ||
|
|
||
| upload-eks-user: | ||
| export AWS_CLUSTER_USER=$$(terraform output -json aws_cluster_user) && \ |
There was a problem hiding this comment.
Suggest about the indentation again
There was a problem hiding this comment.
I am unholding this PR for now. Like you said, I have consistently not intended anywhere. So I think it would be better if I did a cleanup in a follow-up PR.
There was a problem hiding this comment.
That seems a very pragmatic decision 👍🏻
nandajavarma
force-pushed
the
nvn/add-gcp-auth
branch
2 times, most recently
from
cbe0ef4 to
e46c14f
Compare
nandajavarma
force-pushed
the
nvn/add-gcp-auth
branch
from
e46c14f to
cf86956
Compare
|
/unhold |
Description
This PR basically adds a couple of make targets that will push user credentials for accessing
kubeconfigof clusters created using the pipeline. The connection is slightly different for each managed cluster (documented in this internal doc):gcloud auth loginand running the make targetmake get-kubeconfigafter setting the variableTF_VAR_TEST_IDgcloud auth loginand running the make targetmake get-kubeconfigafter setting the variableTF_VAR_TEST_ID.adminaccess to the cluster, and that has describe cluster policies attached. access key to this user is uploaded to the GCS bucket. When the user needs access to it, they can login usinggcloud auth loginand running the make targetmake get-kubeconfigafter setting the variableTF_VAR_TEST_ID.az login --use-device-codeand then running:make get-kubeconfighaving set the variableTF_VAR_TEST_ID.Related Issue(s)
Fixes #
How to test
Please follow the documentation here.
Release Notes
Documentation
Werft options:
Valid options are
all,workspace,webapp,ide