Comments (4)
The issue potentially impacts the creation of 5 buckets
vault-unseal-bucket
logs_jenkins_x
reports_jenkins_x
repository_jenkins_x
backup_bucket
The files that need updating are:
modules/vault/main.tf
modules/cluster/storage.tf
modules/backup/main.tf
A new variable "enable_acl" is being considered for backward compatibility
from jx.
I have a configuration that resolves this issue of ACL not supported by setting object ownership controls instead of ACL for the five S3 buckets.
EKS Resources
A new variable "enable_acl" is created and defaults to false.
Five S3 buckets are adjusted
backup_bucket
logs_jenkins_x
report_jenkins_x
repositor_jenkins_x
vault-unseal-bucket
Terraform Bucket Resources
## Original setting using ACL variable enable_acl=true
resource "aws_s3_bucket_acl" "<jx3-bucket>" {
bucket = aws_s3_bucket.<jx3-bucket>[0].bucket
acl = "private"
}
## Setting with ACL Disabled. variable enable_acl=false (default)
resource "aws_s3_bucket_ownership_controls" "<jx3-bucket>" {
bucket = aws_s3_bucket.<jx3-bucket>[0].bucket
rule {
object_ownership = "BucketOwnerEnforced"
}
}
## All buckets continue to be encrypted
resource "aws_s3_bucket_server_side_encryption_configuration" "<jx3-bucket>" {
bucket = aws_s3_bucket.<jx3-bucket>[0].bucket
rule {
apply_server_side_encryption_by_default {
sse_algorithm = local.encryption_algo
kms_master_key_id = var.s3_kms_arn
}
}
}
Changed Files
README.md
main.tf
variables.tf
modules/backup/main.tf
modules/backup/variables.tf
modules/cluster/storage.tf
modules/cluster/variables.tf
modules/vault/main.tf
The new Infrastructure was tested agains both the Vault and AWS Secret Manager cluster configs. The buckets get created and is viewable from the portal or s3cli. It appears that the vault cluster configuration was creating folders under the log bucket whereas the ASM version was not. I believe this limitation on the ASM version is currently an issue and is not caused by this recent update.
The code can be tested using the following branch:
source = "github.com/jx3rocks/terraform-aws-eks-jx?ref=enable_acl"
from jx.
This issue has been fixed with PR #362
from jx.
This issue has been fixed with PR jenkins-x/terraform-aws-eks-jx#362
from jx.
Related Issues (20)
- (jx gitops) helmfile report 404 on private github pages HOT 1
- JenkinsX just stopped triggering pipelines
- jx git operator minikube install on windows hangs on "waiting for the mandatory Secrets to be populated from ExternalSecrets" util timeout. HOT 1
- Migrate to Native Tekton HOT 2
- Results passed between tasks disappear when using a "uses" step
- Quickstarts giving: repository 'https://github.com/jenkins-x-bdd/repo.git/' not found
- The pipeline is getting failed and not able to identify where exactly it is getting failed HOT 1
- jx-git-operator │ Error: context deadline exceeded HOT 1
- jenkins
- Outdated jx version installed by brew HOT 2
- Update Twitter Icon on Website
- bvv ccvbn
- asfdasfasf
- Error executing Maven HOT 1
- Top Jenkins X Contributor Award 2024 HOT 2
- Monorepo support in V3?
- no matches for kind "CustomResourceDefinition" in version "apiextensions.k8s.io/v1beta1"~!!! HOT 2
- Switch to artifact registry for GKE HOT 2
- "jx admin operator" takes too long time waiting
- Failing while building jenkins-parent version 2.319.2 using mvn clean install (org.jenkins-ci.main:jenkins-parent:2.319.2) HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jx.