Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: Remove VPC CNI IRSA role; utilize permissions provided on EC2 node IAM role #244

Merged
merged 1 commit into from
Jul 12, 2023
Merged

chore: Remove VPC CNI IRSA role; utilize permissions provided on EC2 node IAM role #244

merged 1 commit into from
Jul 12, 2023

Conversation

bryantbiggs
Copy link
Contributor

What does this PR do?

  • Remove VPC CNI IRSA role; utilize permissions provided on EC2 node IAM role

Motivation

  • Currently, permissions are required on the node IAM role in order for VPC CNI to start creating and adding ENIs when provisioning a cluster

More

  • Yes, I have tested the PR using my local account setup (Provide any test evidence report under Additional Notes)
  • Mandatory for new blueprints. Yes, I have added a example to support my blueprint PR
  • Mandatory for new blueprints. Yes, I have updated the website/docs or website/blog section for this feature
  • Yes, I ran pre-commit run -a with this PR. Link for installing pre-commit locally

For Moderators

  • E2E Test successfully complete before merge?

Additional Notes

@bryantbiggs bryantbiggs temporarily deployed to DoEKS Test July 11, 2023 21:41 — with GitHub Actions Inactive
bryantbiggs
bryantbiggs commented Jul 11, 2023
View reviewed changes
Troubleshooting.md
@@ -137,41 +137,3 @@ This will remove the finalizers on the namespace.
NAMESPACE=<namespace>
kubectl get namespace $NAMESPACE -o json | sed 's/"kubernetes"//' | kubectl replace --raw "/api/v1/namespaces/$NAMESPACE/finalize" -f -
```

## Resolve Conflicts error while deploying VPC CNI managed add-on
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removed this since this OVERWRITE is the default for nearly all modules - let me know if we still want to retain this though

bryantbiggs
bryantbiggs commented Jul 11, 2023
View reviewed changes
ai-ml/emr-spark-rapids/addons.tf
aws-ebs-csi-driver = {
service_account_role_arn = module.ebs_csi_driver_irsa.iam_role_arn
}
coredns = {}
kube-proxy = {}
coredns = {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

standardized on this configuration across the board. Let me know if we want to tweak this and I can update. I think at minimum, keeping the preserve on the CNI is helpful for the examples

@bryantbiggs
Copy link
Contributor Author

greens look nice! 🟢

@bryantbiggs bryantbiggs mentioned this pull request Jul 12, 2023
Merged
5 tasks
vara-bonthu
vara-bonthu approved these changes Jul 12, 2023
View reviewed changes
Copy link
Contributor

@vara-bonthu vara-bonthu left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the update @bryantbiggs 🚀 🙇🏼

@vara-bonthu vara-bonthu merged commit b597887 into awslabs:main Jul 12, 2023
48 checks passed
@bryantbiggs bryantbiggs deleted the chore/remove-vpc-cni-irsa branch July 12, 2023 21:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vara-bonthu vara-bonthu vara-bonthu approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@bryantbiggs @vara-bonthu