Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Testing node pool AWS IAM or GCP Scope rules #8

Open
sekka1 opened this issue Nov 20, 2019 · 0 comments
Open

Testing node pool AWS IAM or GCP Scope rules #8

sekka1 opened this issue Nov 20, 2019 · 0 comments

Comments

@sekka1
Copy link
Contributor

sekka1 commented Nov 20, 2019

We ran into this problem today. One of our app failed to get credstash credentials from DynamoDB. There has been some updates to the k8s cluster where these apps were running, so the app team called up DevOps to troubleshoot. It turned out that the app was updated and credstash updated somehow which broke it.

The point here is that, they suspected the infrastructure/k8s cluster was at fault first before their app. This shows that they have less confidence in the infrastructure upgrades than they do in their own app upgrades.

There should be a test like the "statefulset" test where a pod is launched which uses some IAM or GCP scope role to perform an action. Then at least this path would be some what tested. At first we were unsure if it was b/c of the k8s cluster updates. It shouldnt be since we didn't touch any of that stuff but who really knows.

The idea here is that to perform some test to give us and the app team confidence on what is tested during every cluster update change.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant