Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

terraform: update AWS LB permissions #3681

Merged
merged 3 commits into from
Mar 6, 2025
Merged

terraform: update AWS LB permissions #3681

merged 3 commits into from
Mar 6, 2025

Conversation

msanft
Copy link
Contributor

@msanft msanft commented Mar 6, 2025
edited
Loading

Context

AWS updated the permissions necessary for the aws-load-balancer-controller, which resulted in a failing LB E2E test for us, as well as the general symptom of AWS LBs not working.

Fixes https://github.com/edgelesssys/issues/issues/1300

Proposed change(s)

  • Update the permissions to incorporate the new requirements.
  • Update the docs to mention that an IAM migration is necessary.

Additional info

IAM Upgrade tested manually via:

git checkout f66c03e0c8c63163794264a1d7b96ebf56f36cc9
bazel run //:devbuild --cli_edition=enterprise
# constellation apply, ...
kubectl apply -f .github/actions/e2e_lb/ns.yml && kubectl apply -f .github/actions/e2e_lb/lb.yml
bazel run --test_timeout=14400 //e2e/internal/lb:lb_test
# verify failure
kubectl delete -f .github/actions/e2e_lb/ns.yml && kubectl delete -f .github/actions/e2e_lb/lb.yml
git checkout b49b909c058f187e5b96277b52b5d1f38028301b
bazel run //:devbuild --cli_edition=enterprise
# constellation apply, ...
kubectl apply -f .github/actions/e2e_lb/ns.yml && kubectl apply -f .github/actions/e2e_lb/lb.yml
bazel run --test_timeout=14400 //e2e/internal/lb:lb_test
# verify success

Checklist

  • Run the E2E tests that are relevant to this PR's changes
  • Update docs
  • Add labels (e.g., for changelog category)
  • Is PR title adequate for changelog?
  • Link to Milestone

@msanft msanft added the bug fix Fixing a bug label Mar 6, 2025
@msanft msanft added this to the v2.22.0 milestone Mar 6, 2025
@msanft msanft requested a review from thomasten as a code owner March 6, 2025 10:34
@netlify Netlify
Copy link

netlify bot commented Mar 6, 2025
edited
Loading

Deploy Preview for constellation-docs canceled.

Name Link
🔨 Latest commit 5e7aac7
🔍 Latest deploy log https://app.netlify.com/sites/constellation-docs/deploys/67c9b7d310926d0008cc980d

@msanft msanft force-pushed the msanft/terraform/aws-lb-perms branch from c836982 to 3bef0c0 Compare March 6, 2025 10:52
burgerdev
burgerdev reviewed Mar 6, 2025
View reviewed changes
@msanft msanft force-pushed the msanft/terraform/aws-lb-perms branch from 3bef0c0 to b49b909 Compare March 6, 2025 12:09
@msanft msanft requested a review from katexochen as a code owner March 6, 2025 12:09
daniel-weisse
daniel-weisse approved these changes Mar 6, 2025
View reviewed changes
@msanft msanft requested a review from burgerdev March 6, 2025 12:33
@msanft msanft force-pushed the msanft/terraform/aws-lb-perms branch from 4f329ee to 407ef4a Compare March 6, 2025 14:15
@msanft msanft force-pushed the msanft/terraform/aws-lb-perms branch from 407ef4a to 5e7aac7 Compare March 6, 2025 14:57
@msanft msanft merged commit a491cac into main Mar 6, 2025
8 checks passed
@msanft msanft deleted the msanft/terraform/aws-lb-perms branch March 6, 2025 15:44
@msanft msanft added the needs backport This PR needs to be backported to a previous release label Mar 6, 2025
msanft added a commit that referenced this pull request Mar 6, 2025
@msanft
terraform: update AWS LB permissions (#3681)
ab74d1b 
* bazel: add download rules for AWS LB policy

* docs: add migration notice

* terraform: re-download lb policy
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@burgerdev burgerdev burgerdev approved these changes

@daniel-weisse daniel-weisse daniel-weisse approved these changes

@thomasten thomasten Awaiting requested review from thomasten thomasten is a code owner

@katexochen katexochen Awaiting requested review from katexochen katexochen is a code owner

Assignees
No one assigned
Labels
bug fix Fixing a bug needs backport This PR needs to be backported to a previous release
Projects
None yet
Milestone
v2.22.0
Development

Successfully merging this pull request may close these issues.
3 participants
@msanft @burgerdev @daniel-weisse