PMM-14346: PMM HA EKS testing pipeline with ALB, Route53, and Access Entries #3693
+871
−133
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nogueiraanderson
requested review from
a team,
ademidoff and
talhabinrizwan
as code owners
nogueiraanderson
force-pushed
the
fix/pmm-ha-eks-access-entries
branch
2 times, most recently
from
0f410b8 to
4d0bdaa
Compare
nogueiraanderson
changed the title
nogueiraanderson
force-pushed
the
fix/pmm-ha-eks-access-entries
branch
3 times, most recently
from
aa147f6 to
0ff5e20
Compare
…Entries - Add AWS Load Balancer Controller with IRSA for ALB ingress - Add ALB Ingress with ACM certificate (*.cd.percona.com wildcard) - Add Route53 alias records for friendly URLs (pmm-ha-test-N.cd.percona.com) - Replace ConfigMap-based auth with EKS Access Entries API - Add pmm-eks-admins IAM group for kubectl access - Add SSO AdministratorAccess role support - Add cleanup job with Route53/ALB cleanup before cluster deletion - Extract shared library vars/pmmHaEks.groovy for reusable functions Jira: PMM-14346
nogueiraanderson
force-pushed
the
fix/pmm-ha-eks-access-entries
branch
from
0ff5e20 to
b38da5e
Compare
- Remove hardcoded account ID (119175775298), use aws sts get-caller-identity - Remove hardcoded SSO role suffix, discover via aws iam list-roles - Skip SSO role gracefully if not found in account - Revert library branch to feature branch for testing
The jmespath query returns trailing None values when using --output text, causing the access entry creation to fail with an embedded newline.
Discover availability zones from AWS at runtime instead of hardcoding. Improves spot instance resilience - if one AZ has interruptions, pods can reschedule to nodes in other AZs.
Remove comments that merely restate what the code does: - 'Get AWS account ID dynamically' - 'Install PMM HA' - 'Wait for components' - 'Wait for ALB' - 'Create Route53 record' - 'Delete the EKS cluster'
Cleanup requires kubectl and eksctl which may not be available on cli agents.
This reverts commit a3832ce.
CLI agents have kubectl, eksctl, helm, and AWS CLI - same as cleanup.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Jenkins pipelines for PMM HA testing on EKS.
Jobs
pmm3-ha-eks - Create EKS cluster with PMM HA
theTibi/percona-helm-charts(PMM-14420 branch)https://pmm-ha-test-{BUILD_NUMBER}.cd.percona.compmm3-ha-eks-cleanup - Delete EKS clusters
Access
Users in
pmm-eks-adminsIAM group get kubectl access via EKS Access Entries:Testing
Validated with temporary jobs (to be deleted after merge):
Jira: PMM-14346