feat: opensearch #127

leiicamundi · 2024-09-25T18:37:50Z

Implements: #362

New Features:

Added an OpenSearch module and GitHub Actions (GHA).
The cleanup script and action can now target specific modules.
The IRSA for AuroraDB now creates roles and access policies.
The README documents the usage of the IRSA setup.

Improvements:

The cleanup of dependencies in tests has been enhanced.
Deletion of the EBS storage class in the Terraform state no longer fails.
The IRSA for AuroraDB is now integrated into the tests.
Modules are now idempotent (tags and labels have been fixed).

TODOs:

Backup and monitoring tasks have been referenced for later work in #396.

.github/workflows/test-gha-eks.yml

README.md

modules/eks-cluster/outputs.tf

modules/fixtures/opensearch-client.yml

modules/fixtures/postgres-client.yml

test/src/custom_eks_opensearch_test.go

Langleu

Some smaller changes here and there.
Overall looks quite good! 🚀
I did not try it out but as you've written tests and they seemed to have made sense on utilizing the IRSA stuff 👍

Langleu · 2024-10-10T09:41:49Z

Thinking a bit about the IRSA stuff and usefulness.

Let's say we have Operate, Tasklist, and Zeebe. All need access to OpenSearch but the default policy will only be working for one service account name, right?

Maybe we should mention that somewhere and an easy example on how they can configure the remaining ones to get access as well?
Maybe it's covered in the docs, only have insights based on this work.

leiicamundi · 2024-10-10T09:51:49Z

Maybe it's covered in the docs; I only have insights based on this work.

It's indeed covered by the docs. I'll finish it ASAP so you can review it.
However, we will need one service account (SA) per service that needs to access the resource.

Thanks for the review! I've fixed most of the points, but the remaining ones are open questions. Let me think about them and get back to you.

Langleu

looks good from my side 🚀

Langleu · 2024-10-11T06:10:51Z

oh wow, it merges it even with failures in the tests 🙈

leiicamundi · 2024-10-11T07:59:21Z

Incredible... I'll have to fix the postgres job, it fails due to the switch on amazonlinix

leiicamundi added 2 commits September 25, 2024 20:37

wip opensearch

488d65e

update readme

5fda68a

github-actions bot added the feature label Sep 25, 2024

leiicamundi added 7 commits September 26, 2024 18:31

add missing sg

7b08427

add types

2c5112e

update opensearch gha

d286aaa

integrate opensearch in the actions

9104908

fix tests path

a9e1cda

wip go tests

bb62073

fix

4644752

github-actions bot added the test label Sep 27, 2024

leiicamundi added 17 commits September 27, 2024 10:45

fix go mod

bb057be

wip irsa os

31cc348

fine tune default options

9e8d5ed

fix default large type

bc772f1

re-enable idempotency checks for other modules than eks

1a1237b

fix destroy

1725cd4

re-enable idempotency tests

5239e44

tests: implement opensearch-client for irsa

9df3d7e

update opensearch tests

f4e712e

delete each cluster one by one

32b2222

remove password auth in opensearch

abc4dd3

wip tests

21f84f1

update tests

91ad9cd

update tests

878e436

update

e6c38d7

fix tests

121c7ad

update doc

e5fdfab

leiicamundi self-assigned this Oct 3, 2024

leiicamundi requested a review from Langleu October 3, 2024 17:48