Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Enabled workload identity access for kms and gcs #113

Merged
merged 18 commits into from
Jun 13, 2024
Merged

feat: Enabled workload identity access for kms and gcs #113

merged 18 commits into from
Jun 13, 2024

Conversation

amanpruthi
Copy link
Collaborator

No description provided.

@amanpruthi amanpruthi requested a review from gls4 as a code owner March 11, 2024 08:14
@amanpruthi amanpruthi requested a review from a team March 11, 2024 08:14
@amanpruthi amanpruthi requested a review from a team as a code owner March 11, 2024 08:14
@gls4
Copy link
Contributor

gls4 commented Mar 11, 2024
edited
Loading

Has this been tested against en existing cluster, as well as used to build a new cluster? When I try to apply this PR against a new managed install built using the master branch, I get these errors:

│ Error: Get "http://localhost/api/v1/namespaces/default/serviceaccounts/wandb-serviceaccount": dial tcp 127.0.0.1:80: connect: connection refused
│ 
│   with module.wandb.module.gke_app.kubernetes_service_account.default,
│   on .terraform/modules/wandb.gke_app/main.tf line 13, in resource "kubernetes_service_account" "default":
│   13: resource "kubernetes_service_account" "default" {
│ 
╵
╷
│ Error: Get "http://localhost/apis/scheduling.k8s.io/v1/priorityclasses/wandb-priority": dial tcp 127.0.0.1:80: connect: connection refused
│ 
│   with module.wandb.module.gke_app.kubernetes_priority_class.priority,
│   on .terraform/modules/wandb.gke_app/main.tf line 23, in resource "kubernetes_priority_class" "priority":
│   23: resource "kubernetes_priority_class" "priority" {
│ 
╵
╷
│ Error: Get "http://localhost/api/v1/namespaces/default/services/wandb": dial tcp 127.0.0.1:80: connect: connection refused
│ 
│   with module.wandb.module.gke_app.kubernetes_service.service,
│   on .terraform/modules/wandb.gke_app/main.tf line 241, in resource "kubernetes_service" "service":
│  241: resource "kubernetes_service" "service" {
│ 
╵
╷
│ Error: Get "http://localhost/api/v1/namespaces/default/services/prometheus": dial tcp 127.0.0.1:80: connect: connection refused
│ 
│   with module.wandb.module.gke_app.kubernetes_service.prometheus,
│   on .terraform/modules/wandb.gke_app/main.tf line 259, in resource "kubernetes_service" "prometheus":
│  259: resource "kubernetes_service" "prometheus" {
│ 
╵
╷
│ Error: Get "http://localhost/api/v1/namespaces/default/configmaps/wandb": dial tcp 127.0.0.1:80: connect: connection refused
│ 
│   with module.wandb.module.gke_app.kubernetes_config_map.config_map,
│   on .terraform/modules/wandb.gke_app/main.tf line 275, in resource "kubernetes_config_map" "config_map":
│  275: resource "kubernetes_config_map" "config_map" {
│ 
╵
╷
│ Error: Get "http://localhost/api/v1/namespaces/default/secrets/wandb": dial tcp 127.0.0.1:80: connect: connection refused
│ 
│   with module.wandb.module.gke_app.kubernetes_secret.secret,
│   on .terraform/modules/wandb.gke_app/main.tf line 285, in resource "kubernetes_secret" "secret":
│  285: resource "kubernetes_secret" "secret" {
│

I'm attaching the full output of terraform plan as well.
gcp-terraform-log.txt

gls4
gls4 approved these changes Mar 18, 2024
View reviewed changes
Copy link
Contributor

@gls4 gls4 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Working! :-)

@jsbroks jsbroks linked an issue Apr 30, 2024 that may be closed by this pull request
Connect to GCS and KMS using GKE workload identity federation #99
Open
@jsbroks
Copy link
Member

jsbroks commented May 9, 2024

@amanpruthi we are merge without security

@amanpruthi amanpruthi changed the base branch from main to aman/otel-stackdriver-support June 13, 2024 05:06
@amanpruthi amanpruthi merged commit f8bba42 into aman/otel-stackdriver-support Jun 13, 2024
6 checks passed
@amanpruthi amanpruthi deleted the aman/issue_99 branch June 13, 2024 05:14
adityachoudhari26 pushed a commit that referenced this pull request Jun 18, 2024
@amanpruthi @github-actions
feat: Added service account name in stackdriver conf (#136)
87aa2b9 
* feat: added support for stackdriver and otel metrics

* fixed checks

* fixed tmp service account issue

* fixed lint

* fixed sa issue

* added namespace var

* added service account var

* terraform-docs: automated action

* fixed naming

* terraform-docs: automated action

* Added node pool metadata

* feat: Enabled workload identity access for kms and gcs (#113)

* enabled workload identity access for kms and gcs

* Fixed wandb-app service account issue

* added permissions to sa

* fixed permission issue

* terraform-docs: automated action

* Added service name in otel conf

---------

Co-authored-by: amanpruthi <[email protected]>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
jsbroks pushed a commit that referenced this pull request Jun 18, 2024
@semantic-release-bot
chore(release): version 3.3.0 [skip ci]
444ae02 
## [3.3.0](v3.2.0...v3.3.0) (2024-06-18)

### Features

* Added service account name in stackdriver conf ([#136](#136)) ([87aa2b9](87aa2b9)), closes [#113](#113)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gls4 gls4 gls4 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Connect to GCS and KMS using GKE workload identity federation
3 participants
@amanpruthi @gls4 @jsbroks