Routine service requests
Beware of the known issues listed below.
Resource requests
New cluster
Using podolica.
Format:
- Input: cluster name, org name, nodepools (from this sheet)
New node
Using podolica.
Format:
- Input: nodepool name, number of nodes
New nodepool
Using podolica.
Format:
- Input: resources (from this sheet), number of nodes
Disk increase
Using podolica or manually
New dedicated inbound ip
L4
- hlb
- gw-controller
L7
(Not filled in yet.)
New dedicated outbound ip
- Escalate to majid
New namespace
kubectl create ns
HA using GLB
Steps
- Update glb’s ansible similar to this commit
- Run:
ansible-playbook sync-glb.yml
Checks
- Check the new service works as intended
- Check that glb is working (check another service using glb like landing or vault)
- Check haproxy’s logs if needed
- Escalate to h.marvi if needed
Short-lived token
When a user requests a short-lived token, they must first create a ticket. The ticket contains essential information, including:
- the source cluster
- the target resource
- and—if applicable—the ServiceAccount (SA) name
If the request is for Darkube:
- A ServiceAccount is created in the
platform-systemnamespace. - Next, the process involves creating the ServiceAccount, the corresponding Role or ClusterRole, and the associated RoleBinding or ClusterRoleBinding.
- Finally, the Istio policy in the
hamravesh-podolicanamespace is updated accordingly.
Escalate to kiarash.norouzi if needed.
Add sso to dedicated cluster
Generate and share admin kubeconfig for on-premise clusters
- Confirm with team lead
- Use script to generate config
Enable hecant on external VMs
Or:
ufw allow from <ip> on hecant vm