[experiment] Switch from LocalID to Alias #8025
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
linki
added
experiment
do-not-merge
major
linki
changed the title
linki
commented
Sep 20, 2024
| @@ -556,7 +556,7 @@ Resources: | |||
| Resource: '*' | |||
| Version: 2012-10-17 | |||
| PolicyName: root | |||
| RoleName: "{{.Cluster.LocalID}}-app-autoscaler" | |||
| RoleName: "cluster-autoscaler-{{ .Cluster.Alias }}" | |||
There was a problem hiding this comment.
We should think about keeping the app- prefix as a kind of namespace to avoid clashing with other resources. Let's say there's another role related to the autoscaler for a different purpose, it could still lead to clashes although less likely because it's in the same project.
|
Alright, roll out is actually not that difficult: Instead of modifying the IAM roles in place, we can just make duplicate roles. Then change the annotations on the Kubernetes resources in a separate PR. Once everything is rolled out, remove the old IAM roles from the Stack and AWS will clean them up. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is an attempt to overcome the sometimes cryptic use of
Cluster.LocalID.In the past we didn't parametrize our cluster-wide resources (such as IAM roles) because there was no need for it since the Kubernetes stack was only created once per account. The introduction of multiple e2e clusters in the very same e2e account changed that and let to the need to occasionally add the
Cluster.LocalIDparameter to the resource names. However, the list grew and with the outlook of having multiple clusters in many accounts will only intensify.Unfamiliar users, such as new team members or other platform teams, are even more surprised by the need of this parameter as they haven't been exposed to multiple clusters in the accounts up until now.
In order to make this concept more clear and understandable, this PR changes it to use the
Cluster.Alias. The alias is globally unique and hence will also be unique in the same account, likeCluster.LocalID. In addition, the more familiar alias value is easier to understand and unforeseen future name conflicts are avoided proactively by making the alias part of each AWS resource name.