Skip to content

GitLab EKS Cluster backend services

Tiger Watson requested to merge 46686-create-eks-cluster-from-gitlab into master

What does this MR do?

Adds backend services for creating EKS clusters from GitLab.

There are several steps to this process:

  • GitLab assumes the role provided by the user and stores a set of temporary credentials on the provider record. By default these credentials are valid for one hour.

  • A CloudFormation stack is created, based on the template in vendor/aws/cloudformation/eks_cluster.yaml. This triggers creation of all resources required for an EKS cluster.

  • GitLab polls the status of the stack until all resources are ready, which takes somewhere between 10 and 15 minutes in most cases.

  • When the cluster is ready, GitLab stores the cluster details and fetches another set of temporary credentials, this time to allow connecting to the cluster via Kubeclient. These credentials are valid for one minute.

  • GitLab configures the worker nodes so that they are able to authenticate to the cluster, and creates a service account for itself for future operations.

  • Finally, all details and credentials that are no longer required are removed.

The CloudFormation template itself is being added in a separate merge request: !17036 (merged)

Labelled as ~backstage because there is currently no way to trigger these services.

Screenshots

Does this MR meet the acceptance criteria?

Conformity

Performance and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • [-] Label as security and @ mention @gitlab-com/gl-security/appsec
  • [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • [-] Security reports checked/validated by a reviewer from the AppSec team

#22392 (closed)

Edited by 🤖 GitLab Bot 🤖

Merge request reports