Potato installation validation checklist

[whites11]

• [x] Check that SSO works
• [x] Create a first organization for the customer
• [x] Create a cluster via kubectl-gs/gsctl in the customer's organization
• [x] Test network
• [x] Make sure the Helloworld example works with ingress
• [x] Test PVC
• [x] Delete test cluster
• [x] Check if the installation can be upgraded using GitHub actions

Once all these things are ok:

• [x] Delete [the routing rule or OpsGenie policy]({{< relref "/docs/support-and-ops/installation-setup-guide/silence.md" >}}) that silences alerts
• [x] Let your colleagues know that a new cluster is coming up, what it's codename is, and who it's for in #news-ops

For a cluster that will be set up with SSO for customers (this should be the default where possible):

Good morning [contact-person], the cluster has been created, [I or @someoneelse] will now set up single sign-on (SSO) for you guys :giantswarm:

This will help you to get access to the management cluster's Kubernetes API (also known as the Management API) and our UI. This lets you create Kubernetes clusters.
Once a Kubernetes cluster is created, you can grant access to it by creating a client certificate.

• [x] Ask SE to setup SSO for the customer

For a cluster that cannot be set up with SSO, and will use user accounts:

• [x] Communicate in slack that the cluster is up and that they can start working with it using happa or gsctl

Good morning [contact-person], the cluster is ready, [I or @someoneelse] will now create user accounts for you guys :giantswarm:

The accounts I'll be making are to get access to the Giant Swarm Rest API and our UI. This lets you create Kubernetes clusters.
Once a Kubernetes cluster is created, you can grant access to it by creating a client certificate.

[whites11]

Cluster creation fails with

E 10/26 16:03:03 org-babymarkt/xg7w8 failed to reconcile | operatorkit/v7/pkg/controller/controller.go:326 | controller=aws-operator-cluster-controller | event=update | loop=16 | version=2050220
        /go/pkg/mod/github.com/giantswarm/operatorkit/v7@v7.1.0/pkg/controller/controller.go:532
        /go/pkg/mod/github.com/giantswarm/operatorkit/v7@v7.1.0/pkg/controller/controller.go:567
        /go/pkg/mod/github.com/giantswarm/operatorkit/v7@v7.1.0/pkg/resource/wrapper/metricsresource/basic_resource.go:43
        /go/pkg/mod/github.com/giantswarm/operatorkit/v7@v7.1.0/pkg/resource/wrapper/retryresource/basic_resource.go:64
        /go/pkg/mod/github.com/giantswarm/backoff@v1.0.0/retry.go:23
        /go/pkg/mod/github.com/giantswarm/operatorkit/v7@v7.1.0/pkg/resource/wrapper/retryresource/basic_resource.go:52
        /root/project/service/controller/resource/tccp/create.go:90
        /root/project/service/controller/resource/tccp/create.go:180
        unknown: ValidationError: [/Resources/MasterSecurityGroup/Type/SecurityGroupIngress/2/CidrIp] 'null' values are not allowed in templates
        status code: 400, request id: e6b51bf9-5360-46cd-9b91-4be743de171a

[whites11]

external dns on the test WC failing with:

time="2022-10-26T16:43:41Z" level=error msg="records retrieval failed: failed to list hosted zones: AccessDenied: User: arn:aws:sts::400957944947:assumed-role/gs-cluster-xg7w8-role-wr6t4/i-0138a64f3b4732544 is not authorized to perform: route53:ListHostedZones because no identity-based policy allows the route53:ListHostedZones action\n\tstatus code: 403, request id: 68f0fdb6-7b9d-44f7-8fc1-03ba8c91513f"