search

department-of-veterans-affairs / va.gov-team

Public resources for building on and in support of VA.gov. Visit complete Knowledge Hub:
https://depo-platform-documentation.scrollhelp.site/index.html
284 stars 206 forks source link

[Application Hosting & Deployment] Kubernetes permissions model for developers (EKS) #35395

Closed LindseySaari closed 2 years ago

LindseySaari commented 2 years ago

Description

Developers will need the ability to access K8s pods/containers for debugging and other development purposes. Developers don't currently have a way to access the running pods/containers for shell access, rails console, etc. We will need to define a permissions model for platform and vfs members to provide the ability to access their K8s resources. We may want to start with a permissions model for access to the development environment.

Background/context

As we are ramping up the console services application, we will need a way to easily access our pods/containers for debugging purposes. We assume that as the services are broken out into a microservices architecture, teams will need access to their K8s resources (VSP and VFS)

Background: When debugging a configuration issue for the PgHero deployment, we needed shell access to a container running on a pod. We did not have permission to do so and this was a blocker during development.

Technical notes

Notes around work that is happening, if applicable (optional, please delete if unused)

jhouse-solvd commented 2 years ago

Relates to #43549

ph-One commented 2 years ago

Closing this ticket in favor of the new approach, https://app.zenhub.com/workspaces/platform-infrastructure-team-6112bc325f570300140f7852/issues/department-of-veterans-affairs/va.gov-team/44415