feat: add pattern for ArgoCD workloads in AWS CodeCommit #158
Conversation
|
@shapirov103 @elamaran11 |
There was a problem hiding this comment.
@ybezsonov
Awesome work!
I was able to validate end to end.
I have a couple of minor comments inline with the code/docs.
One thing that I wanted to bring up as a suggestion: for our patterns we follow the rule of "zero trust", meaning customers should not require any mutating access to the cluster (like creation of secrets, etc.), everything is done through IaC.
To align with that, please consider the following refactoring:
- Create IAM user using CLI, then generate credentials and store them as a secret (along with username and url).
- Pass the secret name with the
bootstrapRepoto ArgoCD addon as described in the private repos section. - You can still look up the user in the stack and grant pull permission.
The above is just a suggestion, I will be happy to merge as is, since this functionality is awesome and I can reuse some of it in the workshops now.
| @@ -0,0 +1,40 @@ | |||
| import { Construct } from 'constructs'; | |||
There was a problem hiding this comment.
minor - file names should be lower case, "-" delimited.
| ```bash | ||
| pushd .. | ||
| git clone https://github.com/aws-samples/eks-blueprints-workloads.git | ||
| git clone codecommit::$AWS_REGION://$CC_REPO_NAME |
There was a problem hiding this comment.
let's call out that AWS_REGION env var must be defined (or add a statement to initialize it from local config if not defined).
|
@shapirov103 Thank you! |
Issue #, if available:
Description of changes:
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.