https://github.com/dfds/k8s-janitor

Service for mapping IAM roles to k8s cluster roles
https://github.com/dfds/k8s-janitor

aws aws-iam eks-roles kubernetes-setup self-service

Last synced: 5 months ago
JSON representation

Service for mapping IAM roles to k8s cluster roles

• Host: GitHub
• URL: https://github.com/dfds/k8s-janitor
• Owner: dfds
• License: mit
• Created: 2018-12-12T13:06:52.000Z (over 7 years ago)
• Default Branch: master
• Last Pushed: 2025-03-20T07:58:05.000Z (over 1 year ago)
• Last Synced: 2025-03-20T08:39:27.641Z (over 1 year ago)
• Topics: aws, aws-iam, eks-roles, kubernetes-setup, self-service
• Language: C#
• Size: 359 KB
• Stars: 0
• Watchers: 8
• Forks: 3
• Open Issues: 2
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# k8s-janitor Service

[![Build Status](https://dev.azure.com/dfds/DevelopmentExcellence/_apis/build/status/self-service/K8s-Janitor-CI?branchName=master)](https://dev.azure.com/dfds/DevelopmentExcellence/_build/latest?definitionId=967&branchName=master)

Service managing k8s cluster with our business logics.

## Development

### Prerequisites

- .NET Core 2.2 SDK ([download](https://dotnet.microsoft.com/download/dotnet-core/2.2))

- Docker (any relatively new version will do)

- All scripts are written in bash. You can use gitbash on windows

Other than the above prerequisites this application requires no additional

special setup on your machine. Open the solution or root folder in your

editor of choice and start cracking!

## Access to Kubernetes

The The application operates on a Kubernetes cluster. The credentials from current-context in ./kube/config will be used if the environment variables `KUBERNETES_SERVICE_HOST` & `KUBERNETES_SERVICE_PORT` are not set.

## Running the application locally

The folder local-development contains bash scripts that enables you to run the application locally while developing.

- start-dependencies.sh starts a kafka cluster

- watch-run.sh starts the api project with environment variables set for local development and will rebuild on file change

- watch-run-unit-tests.sh runs unit tests and will rerun them on file change

The file `rest-request.http` contains some rest request you can use for development, you can use the vsts plugin `humao.rest-client` to execute the requests

### Environment variables

The application requires the following environment variables when running locally:

| Name | Description |

|------|-------------|

| KUBERNETES_SERVICE_KAFKA_BOOTSTRAP_SERVERS | A list of host/port pairs to use for establishing the initial connection to the Kafka cluster.

| KUBERNETES_SERVICE_KAFKA_GROUP_ID | Id of the consumer group that the application will join. Only a single consumer in a group will read a message.

| KUBERNETES_SERVICE_KAFKA_ENABLE_AUTO_COMMIT | commit the Offset on Consumer fetches or manually.

### Running in a container

To run the application you first need to execute a script located in the repository

root. This will restore any dependencies and build both the application and also a

container image using Docker. Run the following on your command line in the repository

root:

```shell

./pipeline.sh

```

Now you should be able to start a container by running the following on your command line:

```shell

docker run -it --rm -p 8080:80 k8s-janitor

```

You should be able to navigate to `http://localhost:8080` in a browser.

## Running in production

### Environment variables

The application requires the following environment variables when running in production:

| Name | Description |

|------|-------------|

| AWS_S3_BUCKET_REGION | The region the buckets exist in|

| AWS_S3_BUCKET_NAME_CONFIG_MAP | name of the bucket containing the config map file

| CONFIG_MAP_FILE_NAME | Name of the file the configmap will be stored in.

| KUBERNETES_SERVICE_KAFKA_BOOTSTRAP_SERVERS | A list of host/port pairs to use for establishing the initial connection to the Kafka cluster.

| KUBERNETES_SERVICE_KAFKA_GROUP_ID | Id of the consumer group that the application will join. Only a single consumer in a group will read a message.

| KUBERNETES_SERVICE_KAFKA_SASL_PASSWORD | Kafka Simple Authentication and Security Layer password

| KUBERNETES_SERVICE_KAFKA_SASL_USERNAME |  Kafka Simple Authentication and Security Layer username

## Deployment prerequisites

With the change to scoped Kubernetes service connections during deploment, certain manifests have been moved out of the *k8s* directory and moved to the *k8s_initial* directory.

The manifests within *k8s_initial* will have to be run manually or with a different service connection due to elevated rights.

---

If the scoped service account is missing for deployment, see https://wiki.dfds.cloud/en/teams/devex/selfservice/Kubernetes-selfservice-deployment-setup