Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update: Re-instated FSxN lab #1259

Open
wants to merge 23 commits into
base: main
Choose a base branch
from
Open

update: Re-instated FSxN lab #1259

wants to merge 23 commits into from

Conversation

mickeysh
Copy link
Contributor

@mickeysh mickeysh commented Feb 6, 2025

What this PR does / why we need it:

  • Support new EKS workshop structure - including new IAM policies
  • Shorten provisioning times
  • Support pod identity
  • Enable infrastructure pre provision

Which issue(s) this PR fixes:

  • Issues with lab provisioning times
  • remove marketplace add-on usage
  • Switch from OIDC to Pod Identity for CSI driver
  • Move FSxN base infrastructure to pre-provision module
  • Add IAM policy for FSxN infrastructure to EKS Workshop IAM module

Quality checks

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

mickeysh added 20 commits February 2, 2025 13:58
@mickeysh
update fsxn workshop module to new workshop format and change fs type…
de50109 
… to saz
@mickeysh
update fsxn output variables
543ca7f
@mickeysh
update fsxn module output variables index
d0c36f4
@mickeysh
update fsxn module iam naming conventio and fsxn SAZ attributes
a80ed53
@mickeysh
update fsxn workshop walkthrough and add required IAM policies
8d45f1d
@mickeysh
update cfn to run required IAM policies required for FSxN lab
fcea1f6
@mickeysh
update fsxn IAM policy
398e889
@mickeysh
update fsxn module terraform outputs
2d947be
@mickeysh
update fsxn module - password scheme
99c8a7a
@mickeysh
update fsxn module SVM password input
6665b9a
@mickeysh
update fsxn module resources names
fb92768
@mickeysh
remove output from fsxn preprovision
5c409b7
@mickeysh
update secret arn in CSI policy
e98daf5
@mickeysh
update secret arn in CSI policy, remove data resource
3c47320
@mickeysh
update fsxn module - get secret arn from datasource
e3e1e97
@mickeysh
update fsxn module - update secret delete window
1690aab
@mickeysh
update fsxn module - change to pod identity for trident csi
1f2f04d
@mickeysh
update fsxn module - remove env vars tf output
ff8ad1a
@mickeysh
update fsxn module - fix pod identity issues
b421eea
@mickeysh
FSxN module - update lab doc with the new pod identity changes
e2d2538
@netlify Netlify
Copy link

netlify bot commented Feb 6, 2025
edited
Loading

Deploy Preview for eks-workshop ready!

Name Link
🔨 Latest commit c522fa1
🔍 Latest deploy log https://app.netlify.com/sites/eks-workshop/deploys/67b1d0aeed35560008806b8a
😎 Deploy Preview https://deploy-preview-1259--eks-workshop.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

heinrichse
heinrichse previously approved these changes Feb 7, 2025
View reviewed changes
Copy link
Contributor

@heinrichse heinrichse left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed and approved

@mickeysh mickeysh changed the title Update: Shorten provisioning, enable pre-provision of infrastructure and support new workshop structure - fundamentals/storage/fsxn lab update: Shorten provisioning, enable pre-provision of infrastructure and support new workshop structure - fundamentals/storage/fsxn lab Feb 9, 2025
heinrichse
heinrichse previously approved these changes Feb 13, 2025
View reviewed changes
Copy link
Contributor

@heinrichse heinrichse left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes approved

@niallthomson niallthomson added this to the Release 25/02 milestone Feb 13, 2025
@niallthomson niallthomson changed the title update: Shorten provisioning, enable pre-provision of infrastructure and support new workshop structure - fundamentals/storage/fsxn lab update: Re-instated FSxN lab Feb 13, 2025
niallthomson
niallthomson requested changes Feb 13, 2025
View reviewed changes
Copy link
Contributor

@niallthomson niallthomson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR @mickeysh

The main thing I think is missing is a cleanup.sh script as seen here. It will need to basically unwind every command the user does during your lab (uninstall helm chart, cleanup Kubernetes resource etc). See EFS version:

https://github.com/aws-samples/eks-workshop-v2/blob/main/manifests/modules/fundamentals/storage/efs/.workshop/cleanup.sh

Some other smaller comments added inline.

lab/iam/policies/labs4.yaml Outdated
- fsx:ListTagsForResource
Resource:
- ["*"]
- Effect: Allow
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should be able to consolidate these permissions in to the secretsmanager ones in labs1.yaml so we aren't spreading permissions for the same service over multiple files.

lab/iam/policies/labs4.yaml
Statement:
- Effect: Allow
Action:
- fsx:CreateFileSystem
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it possible to lock some of these down a little bit, for example using RequestTag like here

eks-workshop-v2/lab/iam/policies/labs1.yaml

Line 10 in cf4ccfd

aws:RequestTag/env:

@niallthomson niallthomson removed this from the Release 25/02 milestone Feb 25, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@niallthomson niallthomson niallthomson requested changes

@heinrichse heinrichse heinrichse left review comments

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
content/fundamentals
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mickeysh @niallthomson @heinrichse