IOPZ-1847: Support multiple K8s roles for single environment #12
Conversation
jordannb
force-pushed
the
IOPZ-1847-role-specific-profiles
branch
from
86f5f86
to
6f77927
Compare
jordannb
changed the title
create-k8s-chained-sessions.sh
Outdated
| createLeappSession "$session" "AWSAdministratorAccess" "eks-admin-1.24" | ||
| createLeappSession "$session" "PanoramaK8sEngineeringDefault" "panorama-dev-writer-1.24" | ||
| createLeappSession "$session" "PanoramaK8sEngineeringDefault" "panorama-dev-reader-1.24" | ||
| createLeappSession "$session" "AWSAdministratorAccess" "eks" "admin" "1.24" |
There was a problem hiding this comment.
Trying to reign in scope creep for now, so I left the eks and panorama keywords, but only to support the IAM roles without needing to change those too right now.
There was a problem hiding this comment.
Those will be changing very soon as part of the in-flight cluster upgrade epic, so I think this makes sense.
jordannb
force-pushed
the
IOPZ-1847-role-specific-profiles
branch
from
6f77927
to
c73c83b
Compare
create-k8s-chained-sessions.sh
Outdated
| createLeappSession "$session" "AWSAdministratorAccess" "eks-admin-1.24" | ||
| createLeappSession "$session" "PanoramaK8sEngineeringDefault" "panorama-dev-writer-1.24" | ||
| createLeappSession "$session" "PanoramaK8sEngineeringDefault" "panorama-dev-reader-1.24" | ||
| createLeappSession "$session" "AWSAdministratorAccess" "eks" "admin" "1.24" |
There was a problem hiding this comment.
Those will be changing very soon as part of the in-flight cluster upgrade epic, so I think this makes sense.
create-k8s-chained-sessions.sh
Outdated
| # and can be removed when the keyword is removed from the associated IAM | ||
| # roles. | ||
| # 4: name of the persona (e.g. admin, dev-writer, etc.) the new session is for | ||
| # 5: version of kubernetes, used to determine the associated IAM role | ||
| function createLeappSession { | ||
| green_echo "creating chained session for $1 with role $3" |
There was a problem hiding this comment.
This echo doesn't make sense anymore with the new arguments. It only outputs panorama or eks instead of a unique role. I think you'll need to do some concatenation to get a role, or just change it to with persona $4.
There was a problem hiding this comment.
Thank you - I went with the persona here since that's the abstraction people will be abstracting with directly anyways, so I guess it puts the idea out there from the start.
create-k8s-chained-sessions.sh
Outdated
|
|
||
| green_echo " looking for existing session ${chained_session_name}" | ||
| chained_session_id=$(leappSessionId "$chained_session_name" "$chained_role_name") | ||
| chained_session_id=$(leappSessionId "$chained_session_name" "${persona_name}") |
There was a problem hiding this comment.
This function is broken. The script should be idempotent, but after running it, the second time it still goes into the session creation logic and creates duplicate sessions.
You'll need to pass in the full role name or change the jq select function to work as a fuzzy filter.
There was a problem hiding this comment.
This has been fixed now. I retested by re-running the script; output is below (punycode deprecation errors removed manually for readability):
% ./create-k8s-chained-sessions.sh (~/Development/panorama/leapp-setup) panorama-k8s-playground-admin
creating chained session for panorama-k8s-playground with persona admin
looking for existing session panorama-k8s-playground-admin
existing session found
creating chained session for panorama-k8s-playground with persona dev-writer
looking for existing session panorama-k8s-playground-dev-writer
existing session found
creating chained session for panorama-k8s-playground with persona dev-reader
looking for existing session panorama-k8s-playground-dev-reader
existing session found
creating chained session for panorama-k8s-playground with persona data-science-tester
looking for existing session panorama-k8s-playground-data-science-tester
existing session found
creating chained session for panorama-k8s-playground-2 with persona admin
looking for existing session panorama-k8s-playground-2-admin
existing session found
creating chained session for panorama-k8s-playground-2 with persona dev-writer
looking for existing session panorama-k8s-playground-2-dev-writer
existing session found
creating chained session for panorama-k8s-playground-2 with persona dev-reader
looking for existing session panorama-k8s-playground-2-dev-reader
existing session found
creating chained session for panorama-k8s-playground-2 with persona data-science-tester
looking for existing session panorama-k8s-playground-2-data-science-tester
existing session found
creating chained session for panorama-k8s-staging with persona admin
looking for existing session panorama-k8s-staging-admin
existing session found
creating chained session for panorama-k8s-staging with persona dev-writer
looking for existing session panorama-k8s-staging-dev-writer
existing session found
creating chained session for panorama-k8s-staging with persona dev-reader
looking for existing session panorama-k8s-staging-dev-reader
existing session found
creating chained session for panorama-k8s-staging with persona data-science-tester
looking for existing session panorama-k8s-staging-data-science-tester
no existing session found; starting session for panorama-k8s-staging to get role arn
An error occurred (NoSuchEntity) when calling the GetRole operation: The role with name panorama-data-science-tester-1.24 cannot be found.
creating new profile
creating new session
creating chained session for panorama-k8s-production with persona admin
looking for existing session panorama-k8s-production-admin
existing session found
creating chained session for panorama-k8s-production with persona dev-writer
looking for existing session panorama-k8s-production-dev-writer
existing session found
creating chained session for panorama-k8s-production with persona dev-reader
looking for existing session panorama-k8s-production-dev-reader
existing session found
creating chained session for panorama-k8s-production with persona data-science-tester
An error occurred (NoSuchEntity) when calling the GetRole operation: The role with name panorama-data-science-tester-1.24 cannot be found.
There was a problem hiding this comment.
(fyi, you can get rid of the punycode output by changing your host installed node version. I opened a ticket with the leapp team about it with the workaround I used described.
jordannb
force-pushed
the
IOPZ-1847-role-specific-profiles
branch
from
c73c83b
to
9297d2a
Compare
IOPZ-1912: Add 2024Q1 k8s cluster
Testing
./create-k8s-chained-sessions.shadmin,dev-writer, etc.) to connect with (see https://github.com/panorama-ed/school-supplies/pull/167).