Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[single-cluster/aws] make self-signed work #13305

Merged
merged 2 commits into from
Sep 28, 2022
Merged

[single-cluster/aws] make self-signed work #13305

merged 2 commits into from
Sep 28, 2022

Conversation

Pothulapati
Copy link
Contributor

@Pothulapati Pothulapati commented Sep 26, 2022
edited
Loading

Description

This PR adds a new post_bootstrap_user_data variable to the EKS terraform modules that changes the containerd config to accept new self signed SSL Certificates, and restarting containerd to make the same work.

This PR also changes the self-signed of infra tests to upload the CA certificate into gcs for us to download and use.

Signed-off-by: Tarun Pothulapati [email protected]

Related Issue(s)

Fixes #12979

How to test

Run

werft run github -f -s .werft/installer-tests.ts -j .werft/eks-installer-tests.yaml -a debug=true -a selfSigned=true -a skipTests=true -a preview=true -a domain=tests.doptig.com

or use the self-signed instance at https://f0761-aws.tests.doptig.com while using the certificate from https://werft.gitpod-dev.com/job/gitpod-custom-tar-eks-selfsigned.6/results

Release Notes

[single-cluster/aws] Make `self-signed` work

Documentation

Werft options:

  • /werft with-local-preview
    If enabled this will build install/preview
  • /werft with-preview
  • /werft with-integration-tests=all
    Valid options are all, workspace, webapp, ide

@Pothulapati
[single-cluster/aws] Make self-signed work
c2a4a37 
Fixes #12979

This PR adds a new `post_bootstrap_user_data` variable
to the EKS terraform modules that changes the containerd
config to accept new self signed SSL Certificates, and
restarting `containerd` to make the same work.

Signed-off-by: Tarun Pothulapati <[email protected]>
@roboquat roboquat added size/M and removed size/S labels Sep 27, 2022
@Pothulapati Pothulapati marked this pull request as ready for review September 27, 2022 09:25
@Pothulapati Pothulapati requested a review from a team September 27, 2022 09:25
@github-actions github-actions bot added the team: delivery Issue belongs to the self-hosted team label Sep 27, 2022
Pothulapati
Pothulapati commented Sep 27, 2022
View reviewed changes
.werft/eks-installer-tests.yaml
@@ -89,6 +89,8 @@ pod:
value: "/mnt/secrets/sh-playground-sa-perm/sh-sa.json"
- name: TF_VAR_dns_sa_creds
value: "/mnt/secrets/sh-playground-dns-perm/sh-dns-sa.json"
- name: TF_VAR_sa_creds
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is an unrelated change required to re-use the same environment while running tests! Context: https://gitpod.slack.com/archives/C01KLC56NP7/p1664268857397169?thread_ts=1664261197.651119&cid=C01KLC56NP7

nandajavarma
nandajavarma approved these changes Sep 27, 2022
View reviewed changes
Copy link
Contributor

@nandajavarma nandajavarma left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a small cleanup command is necessary. This is a nit but can go long way in keeping the cloud storage clean.

/hold merge at your discretion

Would you also consider adding a doc for this to the internal notion page. The page doesn't have the most easiest structure right now but having it there would be great!

install/tests/Makefile
@@ -314,6 +314,9 @@ self-signed-config:
envsubst < ./manifests/kots-config-self-signed.yaml > tmp_2_config.yml
yq m -i tmp_config.yml tmp_2_config.yml

# upload the Custom CA Cert into tf-state
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you also add commands to delete this file upon cleanup? It can be in this target if you would like.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've added it to destroy-kubeconfig, Do you think we should do it separately? 🤔

install/infra/modules/eks/kubernetes.tf Show resolved Hide resolved
@Pothulapati
upload custom CA into terraform state
523110a 
Signed-off-by: Tarun Pothulapati <[email protected]>
@Pothulapati
Copy link
Contributor Author

/unhold

@roboquat roboquat merged commit 9d3c170 into main Sep 28, 2022
@roboquat roboquat deleted the tar/eks-selfsigned branch September 28, 2022 04:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nandajavarma nandajavarma nandajavarma approved these changes

@adrienthebo adrienthebo Awaiting requested review from adrienthebo

Assignees
No one assigned
Labels
release-note size/M team: delivery Issue belongs to the self-hosted team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[single-cluster/eks] Support for self-signed certificates
3 participants
@Pothulapati @nandajavarma @roboquat