From d5cdc81fcd4f2b5a74db00bfd18e8639d93429cf Mon Sep 17 00:00:00 2001 From: Kevin Bimonte Date: Sat, 26 Oct 2024 11:18:31 -0400 Subject: [PATCH 1/7] other: Update gitignore (#259) Signed-off-by: Kevin Bimonte --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 9bcb12d..0238eed 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ *state.json deploy-*.sh .DS_Store +/.idea/ From af2c5e0a48f4b10e91bd802c91bc06d9c2787056 Mon Sep 17 00:00:00 2001 From: Kevin Bimonte Date: Sat, 26 Oct 2024 11:18:58 -0400 Subject: [PATCH 2/7] feat: Add skeleton for new ops files (#259) Signed-off-by: Kevin Bimonte --- cluster/operations/ipv6_networking.yml | 0 cluster/operations/resource-type-checking-interval.yml | 0 cluster/operations/vault-client-token-path.yml | 0 3 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 cluster/operations/ipv6_networking.yml create mode 100644 cluster/operations/resource-type-checking-interval.yml create mode 100644 cluster/operations/vault-client-token-path.yml diff --git a/cluster/operations/ipv6_networking.yml b/cluster/operations/ipv6_networking.yml new file mode 100644 index 0000000..e69de29 diff --git a/cluster/operations/resource-type-checking-interval.yml b/cluster/operations/resource-type-checking-interval.yml new file mode 100644 index 0000000..e69de29 diff --git a/cluster/operations/vault-client-token-path.yml b/cluster/operations/vault-client-token-path.yml new file mode 100644 index 0000000..e69de29 From 07652906f8c004571b8999cd65c3721733fc0cb0 Mon Sep 17 00:00:00 2001 From: Kevin Bimonte Date: Sat, 26 Oct 2024 11:26:47 -0400 Subject: [PATCH 3/7] feat: Add Vault Client Token Path Ops File (#259) Signed-off-by: Kevin Bimonte --- cluster/operations/vault-client-token-path.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/cluster/operations/vault-client-token-path.yml b/cluster/operations/vault-client-token-path.yml index e69de29..41ea2d1 100644 --- a/cluster/operations/vault-client-token-path.yml +++ b/cluster/operations/vault-client-token-path.yml @@ -0,0 +1,15 @@ +# +# This operations file will configure web to accept the Vault Client +# Token from a file +# +# Requires the vault.yml ops file +# + +--- +- type: remove + path: /instance_groups/name=web/jobs/name=web/properties/vault/auth/client_token + +- type: replace + path: /instance_groups/name=web/jobs/name=web/properties/vault/auth? + value: + client_token_path: ((vault.client_token_path)) \ No newline at end of file From 568f799e100919daeeab7408c1e9d8745e09bae5 Mon Sep 17 00:00:00 2001 From: Kevin Bimonte Date: Sat, 26 Oct 2024 11:37:09 -0400 Subject: [PATCH 4/7] feat: Add IPv6 Worker Networking content (#259) Signed-off-by: Kevin Bimonte --- cluster/operations/ipv6_networking.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/cluster/operations/ipv6_networking.yml b/cluster/operations/ipv6_networking.yml index e69de29..efe46e5 100644 --- a/cluster/operations/ipv6_networking.yml +++ b/cluster/operations/ipv6_networking.yml @@ -0,0 +1,12 @@ +# +# This operations file will configure workers to communicate over +# the IPv6 Protocol in addition to existing IPv4 +# +# Requires the runtime-containerd.yml ops file +--- +- type: replace + path: /instance_groups/name=worker/containerd/ipv6? + value: + enabled: ((ipv6.enabled)) + pool: ((ipv6.pool)) + disable_masquerade: ((ipv6.disable_masquerade)) From 242a75a2aceef5864a0d040efb168d1156b6f02c Mon Sep 17 00:00:00 2001 From: Kevin Bimonte Date: Sat, 26 Oct 2024 11:40:31 -0400 Subject: [PATCH 5/7] feat: Add Resource Type Checking Interval content (#259) Signed-off-by: Kevin Bimonte --- cluster/operations/resource-type-checking-interval.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/cluster/operations/resource-type-checking-interval.yml b/cluster/operations/resource-type-checking-interval.yml index e69de29..ff5c72f 100644 --- a/cluster/operations/resource-type-checking-interval.yml +++ b/cluster/operations/resource-type-checking-interval.yml @@ -0,0 +1,9 @@ +# +# This operations file will override the default Resource Type +# Check Interval on the web node +# + +--- +- type: replace + path: /instance_groups/name=web/default_resource_type_check_interval + value: ((resource_check_interval)) \ No newline at end of file From 5514740b73052773da3a2b3fcab77b06ee1f5554 Mon Sep 17 00:00:00 2001 From: Kevin Bimonte Date: Sat, 26 Oct 2024 11:56:24 -0400 Subject: [PATCH 6/7] feat: Add base AWS SSM Ops File along with additional properties (#259) Signed-off-by: Kevin Bimonte --- cluster/operations/aws-ssm-instance-profile.yml | 13 +++++++++++++ cluster/operations/aws-ssm-manager.yml | 17 +++++++++++++++++ cluster/operations/aws-ssm-session-token.yml | 16 ++++++++++++++++ cluster/operations/aws-ssm-shared-path.yml | 10 ++++++++++ cluster/operations/ipv6_networking.yml | 1 + 5 files changed, 57 insertions(+) create mode 100644 cluster/operations/aws-ssm-instance-profile.yml create mode 100644 cluster/operations/aws-ssm-manager.yml create mode 100644 cluster/operations/aws-ssm-session-token.yml create mode 100644 cluster/operations/aws-ssm-shared-path.yml diff --git a/cluster/operations/aws-ssm-instance-profile.yml b/cluster/operations/aws-ssm-instance-profile.yml new file mode 100644 index 0000000..3c4f401 --- /dev/null +++ b/cluster/operations/aws-ssm-instance-profile.yml @@ -0,0 +1,13 @@ +# +# This operations file will use remove the AWS SSM +# Access and Secret Access Key to instead use the instance +# profile of the web node. +# +# Requires the aws-ssm-manager.yml ops file + +--- +- type: remove + path: /instance_groups/name=web/jobs/name=web/properties/aws_ssm/access_key + +- type: remove + path: /instance_groups/name=web/jobs/name=web/properties/aws_ssm/secret_key diff --git a/cluster/operations/aws-ssm-manager.yml b/cluster/operations/aws-ssm-manager.yml new file mode 100644 index 0000000..92bdf88 --- /dev/null +++ b/cluster/operations/aws-ssm-manager.yml @@ -0,0 +1,17 @@ +# +# This operations file will add AWS SSM Secrets Manager Support to +# the web node + +--- +- type: replace + path: /instance_groups/name=web/jobs/name=web/properties/aws_ssm? + value: + access_key: ((aws_ssm.access_key)) + secret_key: ((aws_ssm.secret_key)) + region: ((aws_ssm.region)) + + pipeline_secret_template: ((aws_ssm.pipeline_secret_template)) + # default value is /concourse/{{.Team}}/{{.Pipeline}}/{{.Secret}} + + team_secret_template: ((aws_ssm.team_secret_template)) + # default value is /concourse/{{.Team}}/{{.Secret}} diff --git a/cluster/operations/aws-ssm-session-token.yml b/cluster/operations/aws-ssm-session-token.yml new file mode 100644 index 0000000..828f734 --- /dev/null +++ b/cluster/operations/aws-ssm-session-token.yml @@ -0,0 +1,16 @@ +# +# This operations file will use a Session Token instead of +# a pair of Access and Secret Access Keys +# +# Requires the aws-ssm-manager.yml ops file + +--- +- type: remove + path: /instance_groups/name=web/jobs/name=web/properties/aws_ssm/access_key + +- type: remove + path: /instance_groups/name=web/jobs/name=web/properties/aws_ssm/secret_key + +- type: replace + path: /instance_groups/name=web/jobs/name=web/properties/aws_ssm/session_token + value: ((aws_ssm_session_token)) diff --git a/cluster/operations/aws-ssm-shared-path.yml b/cluster/operations/aws-ssm-shared-path.yml new file mode 100644 index 0000000..a79fb45 --- /dev/null +++ b/cluster/operations/aws-ssm-shared-path.yml @@ -0,0 +1,10 @@ +# +# This operations file will add a shared path route +# in order to define secrets accessible by all teams. +# +# Requires the aws-ssm-manager.yml ops file + +--- +- type: replace + path: /instance_groups/name=web/jobs/name=web/properties/aws_ssm/shared_path? + value: ((aws_ssm_shared_path)) diff --git a/cluster/operations/ipv6_networking.yml b/cluster/operations/ipv6_networking.yml index efe46e5..47ee892 100644 --- a/cluster/operations/ipv6_networking.yml +++ b/cluster/operations/ipv6_networking.yml @@ -3,6 +3,7 @@ # the IPv6 Protocol in addition to existing IPv4 # # Requires the runtime-containerd.yml ops file + --- - type: replace path: /instance_groups/name=worker/containerd/ipv6? From 998bcac3418b6adcdefa4a194fd97f50aeba6070 Mon Sep 17 00:00:00 2001 From: Kevin Bimonte Date: Sat, 26 Oct 2024 12:09:29 -0400 Subject: [PATCH 7/7] feat: Add postgres-binary-parameters.yml (#259) Signed-off-by: Kevin Bimonte --- cluster/operations/postgres-binary-parameters.yml | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 cluster/operations/postgres-binary-parameters.yml diff --git a/cluster/operations/postgres-binary-parameters.yml b/cluster/operations/postgres-binary-parameters.yml new file mode 100644 index 0000000..44ad959 --- /dev/null +++ b/cluster/operations/postgres-binary-parameters.yml @@ -0,0 +1,8 @@ +# +# This operations file will allow the option for the +# PostgreSQL Driver to use Binary Parameters for Prepared Statements. + +--- +- type: replace + path: /instance_groups/name=web/jobs/name=web/properties/postgresql?/binary_parameters? + value: ((postgres_binary)) \ No newline at end of file