Closed consideRatio closed 1 year ago
Using this query, I conclude that we are using config connector still. The question then becomes if we should, or if we should migrate to using terraform.
kubectl get accesscontextmanageraccesslevels.accesscontextmanager.cnrm.cloud.google.com,accesscontextmanageraccesspolicies.accesscontextmanager.cnrm.cloud.google.com,accesscontextmanagerserviceperimeters.accesscontextmanager.cnrm.cloud.google.com,artifactregistryrepositories.artifactregistry.cnrm.cloud.google.com,bigquerydatasets.bigquery.cnrm.cloud.google.com,bigqueryjobs.bigquery.cnrm.cloud.google.com,bigquerytables.bigquery.cnrm.cloud.google.com,bigtableappprofiles.bigtable.cnrm.cloud.google.com,bigtablegcpolicies.bigtable.cnrm.cloud.google.com,bigtableinstances.bigtable.cnrm.cloud.google.com,bigtabletables.bigtable.cnrm.cloud.google.com,binaryauthorizationattestors.binaryauthorization.cnrm.cloud.google.com,binaryauthorizationpolicies.binaryauthorization.cnrm.cloud.google.com,cloudbuildtriggers.cloudbuild.cnrm.cloud.google.com,cloudidentitygroups.cloudidentity.cnrm.cloud.google.com,cloudidentitymemberships.cloudidentity.cnrm.cloud.google.com,cloudschedulerjobs.cloudscheduler.cnrm.cloud.google.com,computeaddresses.compute.cnrm.cloud.google.com,computebackendbuckets.compute.cnrm.cloud.google.com,computebackendservices.compute.cnrm.cloud.google.com,computedisks.compute.cnrm.cloud.google.com,computeexternalvpngateways.compute.cnrm.cloud.google.com,computefirewallpolicies.compute.cnrm.cloud.google.com,computefirewallpolicyrules.compute.cnrm.cloud.google.com,computefirewalls.compute.cnrm.cloud.google.com,computeforwardingrules.compute.cnrm.cloud.google.com,computehealthchecks.compute.cnrm.cloud.google.com,computehttphealthchecks.compute.cnrm.cloud.google.com,computehttpshealthchecks.compute.cnrm.cloud.google.com,computeimages.compute.cnrm.cloud.google.com,computeinstancegroupmanagers.compute.cnrm.cloud.google.com,computeinstancegroups.compute.cnrm.cloud.google.com,computeinstances.compute.cnrm.cloud.google.com,computeinstancetemplates.compute.cnrm.cloud.google.com,computeinterconnectattachments.compute.cnrm.cloud.google.com,computenetworkendpointgroups.compute.cnrm.cloud.google.com,computenetworkpeerings.compute.cnrm.cloud.google.com,computenetworks.compute.cnrm.cloud.google.com,computenodegroups.compute.cnrm.cloud.google.com,computenodetemplates.compute.cnrm.cloud.google.com,computepacketmirrorings.compute.cnrm.cloud.google.com,computeprojectmetadatas.compute.cnrm.cloud.google.com,computereservations.compute.cnrm.cloud.google.com,computeresourcepolicies.compute.cnrm.cloud.google.com,computerouterinterfaces.compute.cnrm.cloud.google.com,computerouternats.compute.cnrm.cloud.google.com,computerouterpeers.compute.cnrm.cloud.google.com,computerouters.compute.cnrm.cloud.google.com,computeroutes.compute.cnrm.cloud.google.com,computesecuritypolicies.compute.cnrm.cloud.google.com,computeserviceattachments.compute.cnrm.cloud.google.com,computesharedvpchostprojects.compute.cnrm.cloud.google.com,computesharedvpcserviceprojects.compute.cnrm.cloud.google.com,computesnapshots.compute.cnrm.cloud.google.com,computesslcertificates.compute.cnrm.cloud.google.com,computesslpolicies.compute.cnrm.cloud.google.com,computesubnetworks.compute.cnrm.cloud.google.com,computetargetgrpcproxies.compute.cnrm.cloud.google.com,computetargethttpproxies.compute.cnrm.cloud.google.com,computetargethttpsproxies.compute.cnrm.cloud.google.com,computetargetinstances.compute.cnrm.cloud.google.com,computetargetpools.compute.cnrm.cloud.google.com,computetargetsslproxies.compute.cnrm.cloud.google.com,computetargettcpproxies.compute.cnrm.cloud.google.com,computetargetvpngateways.compute.cnrm.cloud.google.com,computeurlmaps.compute.cnrm.cloud.google.com,computevpngateways.compute.cnrm.cloud.google.com,computevpntunnels.compute.cnrm.cloud.google.com,configcontrollerinstances.configcontroller.cnrm.cloud.google.com,containeranalysisnotes.containeranalysis.cnrm.cloud.google.com,containerclusters.container.cnrm.cloud.google.com,containernodepools.container.cnrm.cloud.google.com,dataflowflextemplatejobs.dataflow.cnrm.cloud.google.com,dataflowjobs.dataflow.cnrm.cloud.google.com,datafusioninstances.datafusion.cnrm.cloud.google.com,dataprocautoscalingpolicies.dataproc.cnrm.cloud.google.com,dataprocclusters.dataproc.cnrm.cloud.google.com,dataprocworkflowtemplates.dataproc.cnrm.cloud.google.com,dnsmanagedzones.dns.cnrm.cloud.google.com,dnspolicies.dns.cnrm.cloud.google.com,dnsrecordsets.dns.cnrm.cloud.google.com,filestorebackups.filestore.cnrm.cloud.google.com,filestoreinstances.filestore.cnrm.cloud.google.com,firestoreindexes.firestore.cnrm.cloud.google.com,folders.resourcemanager.cnrm.cloud.google.com,gameservicesrealms.gameservices.cnrm.cloud.google.com,gkehubfeaturememberships.gkehub.cnrm.cloud.google.com,gkehubfeatures.gkehub.cnrm.cloud.google.com,gkehubmemberships.gkehub.cnrm.cloud.google.com,iamauditconfigs.iam.cnrm.cloud.google.com,iamcustomroles.iam.cnrm.cloud.google.com,iampartialpolicies.iam.cnrm.cloud.google.com,iampolicies.iam.cnrm.cloud.google.com,iampolicymembers.iam.cnrm.cloud.google.com,iamserviceaccountkeys.iam.cnrm.cloud.google.com,iamserviceaccounts.iam.cnrm.cloud.google.com,iamworkloadidentitypoolproviders.iam.cnrm.cloud.google.com,iamworkloadidentitypools.iam.cnrm.cloud.google.com,iapbrands.iap.cnrm.cloud.google.com,iapidentityawareproxyclients.iap.cnrm.cloud.google.com,identityplatformoauthidpconfigs.identityplatform.cnrm.cloud.google.com,identityplatformtenantoauthidpconfigs.identityplatform.cnrm.cloud.google.com,identityplatformtenants.identityplatform.cnrm.cloud.google.com,kmscryptokeys.kms.cnrm.cloud.google.com,kmskeyrings.kms.cnrm.cloud.google.com,logginglogexclusions.logging.cnrm.cloud.google.com,logginglogmetrics.logging.cnrm.cloud.google.com,logginglogsinks.logging.cnrm.cloud.google.com,memcacheinstances.memcache.cnrm.cloud.google.com,monitoringalertpolicies.monitoring.cnrm.cloud.google.com,monitoringdashboards.monitoring.cnrm.cloud.google.com,monitoringgroups.monitoring.cnrm.cloud.google.com,monitoringmetricdescriptors.monitoring.cnrm.cloud.google.com,monitoringnotificationchannels.monitoring.cnrm.cloud.google.com,monitoringservicelevelobjectives.monitoring.cnrm.cloud.google.com,monitoringservices.monitoring.cnrm.cloud.google.com,monitoringuptimecheckconfigs.monitoring.cnrm.cloud.google.com,networkconnectivityhubs.networkconnectivity.cnrm.cloud.google.com,networkconnectivityspokes.networkconnectivity.cnrm.cloud.google.com,networksecurityauthorizationpolicies.networksecurity.cnrm.cloud.google.com,networksecurityclienttlspolicies.networksecurity.cnrm.cloud.google.com,networksecurityservertlspolicies.networksecurity.cnrm.cloud.google.com,networkservicesendpointpolicies.networkservices.cnrm.cloud.google.com,networkservicesgateways.networkservices.cnrm.cloud.google.com,networkservicesgrpcroutes.networkservices.cnrm.cloud.google.com,networkserviceshttproutes.networkservices.cnrm.cloud.google.com,networkservicesmeshes.networkservices.cnrm.cloud.google.com,networkservicestcproutes.networkservices.cnrm.cloud.google.com,osconfigguestpolicies.osconfig.cnrm.cloud.google.com,osconfigospolicyassignments.osconfig.cnrm.cloud.google.com,privatecacapools.privateca.cnrm.cloud.google.com,privatecacertificatetemplates.privateca.cnrm.cloud.google.com,projects.resourcemanager.cnrm.cloud.google.com,pubsubsubscriptions.pubsub.cnrm.cloud.google.com,pubsubtopics.pubsub.cnrm.cloud.google.com,recaptchaenterprisekeys.recaptchaenterprise.cnrm.cloud.google.com,redisinstances.redis.cnrm.cloud.google.com,resourcemanagerliens.resourcemanager.cnrm.cloud.google.com,resourcemanagerpolicies.resourcemanager.cnrm.cloud.google.com,runservices.run.cnrm.cloud.google.com,secretmanagersecrets.secretmanager.cnrm.cloud.google.com,secretmanagersecretversions.secretmanager.cnrm.cloud.google.com,servicemappings.core.cnrm.cloud.google.com,servicenetworkingconnections.servicenetworking.cnrm.cloud.google.com,services.serviceusage.cnrm.cloud.google.com,sourcereporepositories.sourcerepo.cnrm.cloud.google.com,spannerdatabases.spanner.cnrm.cloud.google.com,spannerinstances.spanner.cnrm.cloud.google.com,sqldatabases.sql.cnrm.cloud.google.com,sqlinstances.sql.cnrm.cloud.google.com,sqlsslcerts.sql.cnrm.cloud.google.com,sqlusers.sql.cnrm.cloud.google.com,storagebucketaccesscontrols.storage.cnrm.cloud.google.com,storagebuckets.storage.cnrm.cloud.google.com,storagedefaultobjectaccesscontrols.storage.cnrm.cloud.google.com,storagenotifications.storage.cnrm.cloud.google.com,storagetransferjobs.storagetransfer.cnrm.cloud.google.com -A
NAMESPACE NAME AGE READY STATUS STATUS AGE
catalyst-cooperative iampolicy.iam.cnrm.cloud.google.com/workload-identity-binding 610d
dask-staging iampolicy.iam.cnrm.cloud.google.com/workload-identity-binding 226d
ohw iampolicy.iam.cnrm.cloud.google.com/workload-identity-binding 562d
NAMESPACE NAME AGE READY STATUS STATUS AGE
catalyst-cooperative iampolicymember.iam.cnrm.cloud.google.com/sa-requester-pays-binding 610d
catalyst-cooperative iampolicymember.iam.cnrm.cloud.google.com/scratch-bucket-binding 610d
dask-staging iampolicymember.iam.cnrm.cloud.google.com/sa-requester-pays-binding 226d
dask-staging iampolicymember.iam.cnrm.cloud.google.com/scratch-bucket-binding 226d
ohw iampolicymember.iam.cnrm.cloud.google.com/sa-requester-pays-binding 562d
ohw iampolicymember.iam.cnrm.cloud.google.com/scratch-bucket-binding 562d
NAMESPACE NAME AGE READY STATUS STATUS AGE
catalyst-cooperative iamserviceaccount.iam.cnrm.cloud.google.com/catalyst-cooperative-user-sa 610d
dask-staging iamserviceaccount.iam.cnrm.cloud.google.com/dask-staging-user-sa 226d
ohw iamserviceaccount.iam.cnrm.cloud.google.com/ohw-user-sa 562d
NAMESPACE NAME AGE READY STATUS STATUS AGE
catalyst-cooperative storagebucket.storage.cnrm.cloud.google.com/two-eye-two-see-catalyst-cooperative-scratch-bucket 610d
dask-staging storagebucket.storage.cnrm.cloud.google.com/two-eye-two-see-dask-staging-scratch-bucket 226d
ohw storagebucket.storage.cnrm.cloud.google.com/two-eye-two-see-ohw-scratch-bucket 562d
We should definitely move off to using terraform for everything. I don’t think we use it on any new clusters.
Closing as dupe of https://github.com/2i2c-org/infrastructure/issues/1046
Looking at GCP node pools, i see two core node pool pods in the GCP GKE cluster in the
two-eye-two-see
project, while only one would have been needed unless we requested 620m CPU from the config connector. So, is cnfig connector stuff used still, or was it something we experimented with and stopped using?Related