Skip to content

Commit

Permalink
Merge pull request #40 from tidepool-org/iam
Browse files Browse the repository at this point in the history 
Workaround K8s bug that prevents AWS EKS IAM for Service Accounts
  • Loading branch information
@derrickburns
derrickburns authored Oct 11, 2019
2 parents 0312a11 + a705822 commit 33f91fe
Show file tree
Hide file tree
Showing 20 changed files with 52 additions and 56 deletions.
12 changes: 6 additions & 6 deletions bin/get_k8s_secret_from_aws
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,15 @@
#
# Get Secret from AWS Secrets Manager
#
# Usage: $0 $SECRETID
# Usage: $0 $CLUSTER $ENVIRONMENT $SECRET

if [ $# -ne 1 ]
if [ $# -ne 3 ]
then
echo "Usage: $0 \$SECRETID, e.g. $0 development/qa1/mongo"
echo "Usage: $0 \$CLUSTER \$ENVIRONMENT \$SECRET e.g. $0 development qa1 mongo"
exit 1
fi

yaml=$(aws secretsmanager get-secret-value --secret-id $1 | jq '.SecretString | fromjson' | yq r - | sed -e 's/^/ /')
yaml=$(aws secretsmanager get-secret-value --secret-id $1/$2/$3 | jq '.SecretString | fromjson' | yq r - | sed -e 's/^/ /')

cat <<!
apiVersion: v1
Expand All @@ -19,6 +19,6 @@ type: Opaque
data:
$yaml
metadata:
name: ${SECRET}
namespace: ${ENVIRONMENT}
name: $3
namespace: $2
!
4 changes: 2 additions & 2 deletions charts/tidepool/0.1.7/charts/auth/templates/auth-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,6 @@ spec:
- containerPort: {{.Values.global.ports.auth}}
resources:
{{- toYaml .Values.resources | nindent 10 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 10 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 8 }}
restartPolicy: Always
4 changes: 2 additions & 2 deletions charts/tidepool/0.1.7/charts/blip/templates/blip-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,6 @@ spec:
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 10 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 10 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 8 }}
restartPolicy: Always
9 changes: 4 additions & 5 deletions charts/tidepool/0.1.7/charts/blob/templates/blob-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,10 +30,11 @@ spec:
spec:
initContainers:
{{ include "charts.init.shoreline" .}}
{{ if .Values.serviceAccount.create }}
serviceAccount: blob
serviceAccountName: blob
{{ if .Values.serviceAccount.name }}
serviceAccountName: {{ .Values.serviceAccount.name }}
{{- end }}
securityContext:
{{- toYaml .Values.securityContext | nindent 8 }}
containers:
- env:
{{ include "charts.platform.env.mongo" .}}
Expand Down Expand Up @@ -61,6 +62,4 @@ spec:
- containerPort: {{.Values.global.ports.blob}}
resources:
{{- toYaml .Values.resources | nindent 10 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 10 }}
restartPolicy: Always
4 changes: 2 additions & 2 deletions charts/tidepool/0.1.7/charts/data/templates/data-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,6 @@ spec:
- containerPort: {{.Values.global.ports.data}}
resources:
{{- toYaml .Values.resources | nindent 10 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 10 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 8 }}
restartPolicy: Always
4 changes: 2 additions & 2 deletions charts/tidepool/0.1.7/charts/export/templates/export-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ spec:
- containerPort: {{.Values.global.ports.export}}
resources:
{{- toYaml .Values.resources | nindent 10 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 10 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 8 }}
restartPolicy: Always
{{- end }}
4 changes: 2 additions & 2 deletions charts/tidepool/0.1.7/charts/gatekeeper/templates/gatekeeper-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,6 @@ spec:
- containerPort: {{.Values.global.ports.gatekeeper}}
resources:
{{- toYaml .Values.resources | nindent 10 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 10 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 8 }}
restartPolicy: Always
4 changes: 2 additions & 2 deletions charts/tidepool/0.1.7/charts/highwater/templates/highwater-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,6 @@ spec:
- containerPort: {{.Values.global.ports.highwater}}
resources:
{{- toYaml .Values.resources | nindent 10 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 10 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 8 }}
restartPolicy: Always
9 changes: 4 additions & 5 deletions charts/tidepool/0.1.7/charts/hydrophone/templates/hydrophone-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,9 +30,8 @@ spec:
spec:
initContainers:
{{ include "charts.init.shoreline" .}}
{{ if .Values.serviceAccount.create }}
serviceAccount: hydrophone
serviceAccountName: hydrophone
{{ if .Values.serviceAccount.name }}
serviceAccountName: {{ .Values.serviceAccount.name }}
{{- end }}
containers:
- env:
Expand Down Expand Up @@ -100,6 +99,6 @@ spec:
- containerPort: {{.Values.global.ports.hydrophone}}
resources:
{{- toYaml .Values.resources | nindent 10 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 10 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 8 }}
restartPolicy: Always
9 changes: 4 additions & 5 deletions charts/tidepool/0.1.7/charts/image/templates/image-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,9 +29,8 @@ spec:
spec:
initContainers:
{{ include "charts.init.shoreline" .}}
{{ if .Values.serviceAccount.create }}
serviceAccount: image
serviceAccountName: image
{{ if .Values.serviceAccount.name }}
serviceAccountName: {{ .Values.serviceAccount.name }}
{{- end }}
containers:
- env:
Expand Down Expand Up @@ -60,6 +59,6 @@ spec:
- containerPort: {{.Values.global.ports.image}}
resources:
{{- toYaml .Values.resources | nindent 10 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 10 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 8 }}
restartPolicy: Always
9 changes: 4 additions & 5 deletions charts/tidepool/0.1.7/charts/jellyfish/templates/jellyfish-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,9 +28,8 @@ spec:
app.kubernetes.io/name: {{ include "charts.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
spec:
{{ if .Values.serviceAccount.create }}
serviceAccount: jellyfish
serviceAccountName: jellyfish
{{ if .Values.serviceAccount.name }}
serviceAccountName: {{ .Values.serviceAccount.name }}
{{- end }}
containers:
- env:
Expand Down Expand Up @@ -87,6 +86,6 @@ spec:
- containerPort: {{ .Values.global.ports.jellyfish }}
resources:
{{- toYaml .Values.resources | nindent 10 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 10 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 8 }}
restartPolicy: Always
4 changes: 2 additions & 2 deletions charts/tidepool/0.1.7/charts/messageapi/templates/message-api-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,6 @@ spec:
- containerPort: {{.Values.global.ports.messageapi}}
resources:
{{- toYaml .Values.resources | nindent 10 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 10 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 8 }}
restartPolicy: Always
4 changes: 2 additions & 2 deletions charts/tidepool/0.1.7/charts/migrations/templates/migrations-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ spec:
name: migrations
resources:
{{- toYaml .Values.resources | nindent 10 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 10 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 8 }}
restartPolicy: Always
{{- end }}
4 changes: 2 additions & 2 deletions charts/tidepool/0.1.7/charts/notification/templates/notification-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,6 @@ spec:
- containerPort: {{.Values.global.ports.notification}}
resources:
{{- toYaml .Values.resources | nindent 10 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 10 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 8 }}
restartPolicy: Always
4 changes: 2 additions & 2 deletions charts/tidepool/0.1.7/charts/seagull/templates/seagull-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,6 @@ spec:
- containerPort: {{.Values.global.ports.seagull}}
resources:
{{- toYaml .Values.resources | nindent 10 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 10 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 8 }}
restartPolicy: Always
4 changes: 2 additions & 2 deletions charts/tidepool/0.1.7/charts/shoreline/templates/shoreline-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -148,6 +148,6 @@ spec:
- containerPort: {{ .Values.global.ports.shoreline }}
resources:
{{- toYaml .Values.resources | nindent 10 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 10 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 8 }}
restartPolicy: Always
4 changes: 2 additions & 2 deletions charts/tidepool/0.1.7/charts/task/templates/task-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,6 @@ spec:
- containerPort: {{.Values.global.ports.task}}
resources:
{{- toYaml .Values.resources | nindent 10 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 10 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 8 }}
restartPolicy: Always
4 changes: 2 additions & 2 deletions charts/tidepool/0.1.7/charts/tidewhisperer/templates/tide-whisperer-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,6 @@ spec:
- containerPort: {{.Values.global.ports.tidewhisperer}}
resources:
{{- toYaml .Values.resources | nindent 10 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 10 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 8 }}
restartPolicy: Always
4 changes: 2 additions & 2 deletions charts/tidepool/0.1.7/charts/tools/templates/tools-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ spec:
name: tools
resources:
{{- toYaml .Values.resources | nindent 10 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 10 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 8 }}
restartPolicy: Always
{{- end }}
4 changes: 2 additions & 2 deletions charts/tidepool/0.1.7/charts/user/templates/user-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,6 @@ spec:
- containerPort: {{.Values.global.ports.user}}
resources:
{{- toYaml .Values.resources | nindent 10 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 10 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 8 }}
restartPolicy: Always

0 comments on commit 33f91fe

Please sign in to comment.