remote

vijayansarathy · May 20, 2022 · fe09a54 · fe09a54
1 parent 45c6134
commit fe09a54
Show file tree

Hide file tree

Showing 4 changed files with 43 additions and 4 deletions.
diff --git a/remote/kubeconfig-admin b/remote/kubeconfig-admin
@@ -0,0 +1,18 @@
+apiVersion: v1
+clusters:
+- cluster:
+    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeU1ESXdPREUxTURBeE4xb1hEVE15TURJd05qRTFNREF4TjFvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTVJLCjRPSjZFQnRpZE55dVZ2THlDc2hvS0Foekgwbzg4dUdrV0cyWEN5Rzd4YnZ6MDdsVDhONGtrdHRyWEpEemluKzMKaVNFZkRuNjJMMnVlNVVrVm52QnVQM1Q4b0R6ejdWVGwvVWY2NFgwekNVL3BUL1RUdlB0NWJqeWNxK2JKZmhQMgpSRmQzQ01EUEFGN1h4TC9aUFE2MmptSkVpWlZxNitrQ2piKytyNWc4Z0RqVCtTakQxT0NYMzBvS2FTcHVSL1U5ClJDQitqR1QxM05ZRXNDeVBZcHVnQ2dmSHozT2NlMXZaa3pDTEVjVEFieGw5TW16Tnd0MmRWdUI0RWZmMFNaV0EKSVhJSmFaZXpob28vL2N0WGloVGk4TVd5aTNleE5ka2twSkNYSVRvRWlqYUZwWGsvZ2gvYlBqRGtycmhIL2cyTwpkOE1XL3plSkJtQnFKaDQ5dStFQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZIZ1MremtyRTZpbXNXWHQ0bVBMeERIVGQrdzVNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFCeTBzZUJNRUlwQnYrRnhFR3czSXB2UVBWOVFNaHZKS0dhT1BTZXRjQlFnd0IwVjZpVApsZ2FiY2x1dWhnU0NQNVNqb0t2STRsS2hPMGdNZWttSE4xK0wwb2lDbGV0ZjNCOVIxM3hRc3JQRTVLZDNxc0svCmFmNDlMeVRnZmxtbXByODdic0hMQ1JsMGpoQTVkZWhYOHFoZjNDT1dEeW53dGJVQzBpenFrVjFqU1pSYVNudFMKWWhUZGloK0wvUkhKWlkxeTBKZnZWVjhaMHdUeTNxSWJyOE05bUtRakJWWmdseTR6QnNJQnNkT1M1THI3WlZVRApITmlJb2IyTEJoQzhtZTNuSjBxSGFzVEplQWR1L1dJS3BwRHVoMThjZTlMSndmemdXdklDbzNDMk5BNjZpSHJGCmppZCtqcjk3aUV4N0o2U3h6UGVHcFRMSUQvZ3NwL1VlczRDWAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
+    server: https://D61A5789E895B3B38F6626E00F74FEC8.gr7.us-west-2.eks.amazonaws.com
+  name: crossplane-argocd-cluster-sjltq
+contexts:
+- context:
+    cluster: crossplane-argocd-cluster-sjltq
+    user: crossplane-argocd-cluster-sjltq
+  name: crossplane-argocd-cluster-sjltq
+current-context: crossplane-argocd-cluster-sjltq
+kind: Config
+preferences: {}
+users:
+- name: crossplane-argocd-cluster-sjltq
+  user:
+    token: k8s-aws-v1.aHR0cHM6Ly9zdHMudXMtd2VzdC0yLmFtYXpvbmF3cy5jb20vP0FjdGlvbj1HZXRDYWxsZXJJZGVudGl0eSZWZXJzaW9uPTIwMTEtMDYtMTUmWC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBNVVQVUhNUlAySU4yVENPQiUyRjIwMjIwMjA4JTJGdXMtd2VzdC0yJTJGc3RzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyMjAyMDhUMTcyNDMxWiZYLUFtei1FeHBpcmVzPTYwJlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCUzQngtazhzLWF3cy1pZCZYLUFtei1TaWduYXR1cmU9OTU5MDM4ZGFhMjFhMGZiNDhiYTBmZGRhN2YyZjc2M2Q1ZWM3YjFhYWRmNDdjY2NlNmY2MDBhMjU4M2RmYzM4NA
diff --git a/remote/kubeconfig-sa b/remote/kubeconfig-sa
@@ -0,0 +1,21 @@
+apiVersion: v1
+clusters:
+- cluster:
+    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeE1USXhOakF6TVRjek5Wb1hEVE14TVRJeE5EQXpNVGN6TlZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTm1nCnJnMTdYNFFGUUhHdW1sNjUwTWw0bkJ3RHV1UXEyTHpPaVlZa2ZtM0VpM3R4WEJVZEVXNFlzQW1ZOUJnd05INVQKdktVK1JpUzU3OFZXYmJPODM1d1hHditmakxuY0g5UnRZN2x6N1lvL0Y5V0ZsV2pFdGk1QkJ2TUVHbG5hMGNHOQppaU15aDFValdJMURUUFpPcGJNaGVsVHhNdzh5dHpnejZGWFNScVREb09Pc0Y3TGQ1VWsyYmgxRmx2dkd6SWFaCnlJUGVsSW1MWVMvb3ozL2d2NGQ4Rk5YNzgyYXF4N2pnY2pYazNCcEttaGdGbnVrdkI5ZmY1cE9rZnhHWXJGRWYKY21PWFRPa1JUMnltUU9XbFNzc0s5Tis2Sm05U1Mxb25NZmp3Z3NYelByelJNZ1FWdUpXOFlvNVBpRXVIM203KwpGbDlJRG9nZmJzTWZiNTFjODRVQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZFa0NneFBXeUpoYlZDWkdBbXpxT1lESXpKc0FNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFCVHJhajdSRmVadVRvMDdaOUYrby9TYUpMZ1FaSHFFNUNsdjUxRlhycWsrVDdCUk1ZQwpOWkhmQk5vRHZDNWREYmE1cHpYKzB5aldXTU05Qk52NmxUdGZQZTk2VEkxbklLYmZiZkYrZng2eE9uRHpkbkRjClBXNW5JLzQwMWhCeTQyVFhHUzZiYzQvdzNueFlIdHhBaWJtV2Z5c0l3N0FwL3hjL2cxZ1c5V3puM1dwQVgvQTAKM3lnblRnZVJLZU05UHROQU5tbjVQOG1VeCt6bm4xNHJKdHZJZHRnVXNaaFgwTVRFRnB5SGhYNTgyM0pYcGNqSgpUZ05xZmRBdm9mVTBxUWRYbW1ibTZqVnhFaUtlK0FROFV2bUNmNjFoU3diN2dKQkkvZ1J5WnNKVzg4d082Z0drCmp2VzFLVkVFQ1RwZWxjLzM1TE8rOWYvcm9WTFd1YmlqL28zMQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
+    server: https://EAB914B4DFAEBCA333AECF8D0D11A766.sk1.us-west-2.eks.amazonaws.com
+  name: crossplane-flux-cluster-zcxmv
+contexts:
+- context:
+    cluster: crossplane-flux-cluster-zcxmv
+    user: apprunner
+  name: crossplane-flux-cluster-zcxmv
+current-context: crossplane-flux-cluster-zcxmv
+kind: Config
+preferences: {}
+users:
+- name: apprunner
+  user:
+    token: eyJhbGciOiJSUzI1NiIsImtpZCI6IjZadzAzZXgxWkd0bEd4WEQtSGhlYTlJeDVOTldpbkNkaEFzbjA1NWJXbnMifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJhcHBsaWNhdGlvbnMiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlY3JldC5uYW1lIjoiYXBwcnVubmVyLXRva2VuLThseDU5Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFwcHJ1bm5lciIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjEwZDNkY2I3LWM3OWQtNDMwYS05N2UyLTg0YzAwZDYxYWI2ZCIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDphcHBsaWNhdGlvbnM6YXBwcnVubmVyIn0.FzZE7frbwsfwWliNUuDAfL57lYDa3SEGXpZ_oM31teHnQ0UDUa5KpZVQ_WazcgpPYZoeNTyEgsSrPT1vHZ7eCFMp5NLjNApDgDbcMvxZ4Z4_FUXfQx7UUv3OIo5lwdb6FxsUvm9irYiqlbWkfUSH3cjMrt2VX2HTcA9ciaMeFRp9kPxxsftbX7Jmnao25GN-PIupChoRLN9WTBdKjPtYPZUZrcKeagl0fqRGfBaWkwSv-gpeyclseqp1m0gbzilasOo2YemcMLq5JewUrxH_D-lEtaBNX5vVwJPHuIqb84S82mX7KQ-lA_MZBR9W52Jj-YWMp0eOFPnNcIzV5MnCmw
+- name: crossplane-flux-cluster-zcxmv
+  user:
+    token: k8s-aws-v1.aHR0cHM6Ly9zdHMudXMtd2VzdC0yLmFtYXpvbmF3cy5jb20vP0FjdGlvbj1HZXRDYWxsZXJJZGVudGl0eSZWZXJzaW9uPTIwMTEtMDYtMTUmWC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBNVVQVUhNUlAySU4yVENPQiUyRjIwMjExMjE2JTJGdXMtd2VzdC0yJTJGc3RzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyMTEyMTZUMTQzOTUyWiZYLUFtei1FeHBpcmVzPTYwJlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCUzQngtazhzLWF3cy1pZCZYLUFtei1TaWduYXR1cmU9ODJjZGUzN2UwMjFiOWFkYThlMjk0ZTY2ZWMyNTBkYzJmZDc1MDBmYTU0ZWZhZGZhMzZjY2U3OGI4ZGQ4NDcwOQ
diff --git a/remote/remote-cluster-setup.sh b/remote/remote-cluster-setup.sh
@@ -9,9 +9,9 @@ kubectl apply -f service-account-rbac.yaml --kubeconfig ./kubeconfig-admin
 
 #
 # After applying the above change, a service account named 'apprunner' is created in the 'applications' namespace of the remote cluster.
-# The service account is configured to have 'cluster-admin' permissions in the EKS cluster.
+# The service account is configured to have 'cluster-admin' permissions in the EKS cluster for a specific set of namespaces.
 # Next, create a file 'kubeconfig-sa' with the KubeConfig data to connect to the workload cluster using this service account's credentials.
-# These credentials are not rotataed and are permanent.
+# These credentials are not rotated and are permanent.
 #
 cp kubeconfig-admin kubeconfig-sa
 SERVICE_ACCOUNT_NAME=apprunner

diff --git a/remote/service-account-rbac.yaml b/remote/service-account-rbac.yaml
@@ -12,8 +12,8 @@ metadata:
   namespace: applications
 
 #
-# When Flux reconciles a HelmRelease to a remote cluster, the list of Helm releases are created in the flux-system.
-# TO facilitate this, the 'apprunner' service account is granted full access to the 'flux-system' namespace in the workload cluster.
+# When Flux reconciles a HelmRelease to a remote cluster, the list of Helm releases are created in the flux-system namespace.
+# To facilitate this, the 'apprunner' service account is granted full access to the 'flux-system' namespace in the workload cluster.
 # The actual application workloads that makeup the chart are deployed into the namespace specified by the 'targetNamespace' field in the HelmRelease resource.
 #
 ---