From f17425a7c6d70c6e5eac9bbdc9dd2149279af2fb Mon Sep 17 00:00:00 2001 From: Karishma Chawla Date: Fri, 24 Jan 2025 15:27:43 -0800 Subject: [PATCH] Update command to fetch cluster security group (#2030) Signed-off-by: Karishma Chawla --- .github/workflows/test.yaml | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index c7c29ae6..8cdd0211 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -251,26 +251,20 @@ jobs: - name: Configure EKS for Dapr if: steps.gen-id.outputs.RUN_TEST == 'true' && matrix.credential == 'aws' run: | - # Fetch the node group name dynamically - NODEGROUP_NAME=$(eksctl get nodegroup \ - --cluster ${{ steps.gen-id.outputs.TEST_EKS_CLUSTER_NAME }} \ - --region ${{ env.AWS_REGION }} \ - -o json | jq -r '.[0].Name') - - # Fetch the security group ID for the EKS worker nodes - NODE_SECURITY_GROUP_ID=$(eksctl get nodegroup \ - --cluster ${{ steps.gen-id.outputs.TEST_EKS_CLUSTER_NAME }} \ - --name $NODEGROUP_NAME \ + # Fetch the security group ID for the EKS cluster + SECURITY_GROUP_ID=$(aws eks describe-cluster \ + --name ${{ steps.gen-id.outputs.TEST_EKS_CLUSTER_NAME }} \ + --query 'cluster.resourcesVpcConfig.clusterSecurityGroupId' \ --region ${{ env.AWS_REGION }} \ - -o json | jq -r '.[0].Resources.SecurityGroup.ID') + --output text) # Authorize port 4000 for Dapr sidecar communication within the same security group # https://docs.dapr.io/operations/hosting/kubernetes/cluster/setup-eks/#add-dapr-requirements-for-sidecar-access-and-default-storage-class aws ec2 authorize-security-group-ingress \ - --group-id $NODE_SECURITY_GROUP_ID \ + --group-id $SECURITY_GROUP_ID \ --protocol tcp \ --port 4000 \ - --source-group $NODE_SECURITY_GROUP_ID + --source-group $SECURITY_GROUP_ID # Add a default storage class kubectl patch storageclass gp2 -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'