Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Revert worker group IAM role policy for Nomad Autoscaler [ONPREM-553] #185

Merged
merged 5 commits into from
Nov 1, 2023
Merged

Revert worker group IAM role policy for Nomad Autoscaler [ONPREM-553] #185

merged 5 commits into from
Nov 1, 2023

Conversation

christian-stephen
Copy link
Contributor

⚙️ Issue https://circleci.atlassian.net/browse/ONPREM-553

Fix If we upgrade Nomad Autoscaler to v0.3.7, these changes appear to be unneeded.

Tests

  • Passed reality check

@christian-stephen christian-stephen requested a review from a team November 1, 2023 11:52
@christian-stephen christian-stephen force-pushed the ONPREM-553/revert-node-group-policy branch 3 times, most recently from e4090ed to c3ab83b Compare November 1, 2023 12:13
@christian-stephen christian-stephen force-pushed the ONPREM-553/revert-node-group-policy branch from c3ab83b to 6c23806 Compare November 1, 2023 12:14
christian-stephen
christian-stephen commented Nov 1, 2023
View reviewed changes
.circleci/config.yml
@@ -28,7 +28,7 @@ executors:
tfsec:
resource_class: small
docker:
- image: circleci/python:latest
- image: cimg/base:current
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We were using a deprecated image here introduced in PR #183. Update this to just use the base convenience image since we don't need Python.

nomad-aws/security_groups.tf
@@ -8,14 +8,14 @@ resource "aws_security_group" "nomad_sg" {
from_port = 64535
to_port = 65535
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
cidr_blocks = ["0.0.0.0/0"] #tfsec:ignore:aws-ec2-no-public-ingress-sgr
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Temporarily ignore these failing tfsec checks introduced in PR #183 until we can properly action them as they're failing CI and making detecting other issues more difficult.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pretty sure we actually do want 0.0.0.0 here so we can SSH into jobs

@christian-stephen christian-stephen marked this pull request as ready for review November 1, 2023 12:18
@christian-stephen christian-stephen force-pushed the ONPREM-553/revert-node-group-policy branch from 0c102c8 to cef746f Compare November 1, 2023 14:18
@christian-stephen christian-stephen merged commit e590e8b into main Nov 1, 2023
1 check passed
@christian-stephen christian-stephen deleted the ONPREM-553/revert-node-group-policy branch November 1, 2023 14:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ryanwohara ryanwohara ryanwohara approved these changes

@atulsingh0 atulsingh0 atulsingh0 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@christian-stephen @atulsingh0 @ryanwohara