Skip to content

feat: Add EKS capabilities integration #442

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
allamand wants to merge 77 commits into
base: main
Choose a base branch
from
Open

feat: Add EKS capabilities integration #442

allamand wants to merge 77 commits into from

Conversation

@allamand
Copy link
Contributor

@allamand allamand commented Jan 23, 2026

  • Add EKS cluster Terraform configuration updates
  • Add Identity Center Terraform module for IAM integration
  • Update deployment scripts with force-unlock helper
  • Add hub-config.yaml changes for EKS capabilities
  • Update ArgoCD and secrets Terraform configurations
  • Add EKS Capabilities ArgoCD setup documentation

Issue #, if available:

Description of changes:

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@allamand allamand self-assigned this Jan 23, 2026
@allamand allamand marked this pull request as draft January 23, 2026 17:34
@allamand allamand force-pushed the feat/eks-capabilities-integration branch 2 times, most recently from 62f5f5b to b19a134 Compare January 29, 2026 17:01
allamand and others added 17 commits February 2, 2026 22:51
@allamand
feat: Add EKS capabilities integration with Identity Center and deplo…
ecf1bdb 
…yment scripts

- Add EKS cluster Terraform configuration updates
- Add Identity Center Terraform module for IAM integration
- Update deployment scripts with force-unlock helper
- Add hub-config.yaml changes for EKS capabilities
- Update ArgoCD and secrets Terraform configurations
- Add EKS Capabilities ArgoCD setup documentation
@allamand
chore: Update Renovate base branch from riv25 to main
c720054
@allamand
feat: Add EKS capabilities integration with Identity Center and deplo…
eed8e29 
…yment scripts

- Add EKS cluster Terraform configuration updates
- Add Identity Center Terraform module for IAM integration
- Update deployment scripts with force-unlock helper and state lock management
- Add hub-config.yaml changes for EKS capabilities
- Update ArgoCD and secrets Terraform configurations
- Add EKS Capabilities ArgoCD setup documentation
- Add multi-acct EKS capabilities RBAC and IAM role selectors
- Keep spark_operator enabled
@allamand
feat: Update Keycloak configuration for EKS Capabilities
921a499 
- Disable ArgoCD client creation (using EKS Marina managed ArgoCD)
- Remove ARGOCD_SESSION_TOKEN from keycloak-clients secret
- Add AWS Secrets Manager ClusterSecretStore for platform secrets
- Add Keycloak split-brain detector CronJob for cluster health monitoring
@allamand
fix: Use dynamic server in fleet-secrets ApplicationSet
99727d0 
- Change destination server from hardcoded kubernetes.default.svc to {{server}} template
- Enables proper multi-cluster fleet management
@allamand
fix: Update Backstage external secret for EKS managed ArgoCD
1830fc1 
- Switch from ARGOCD_SESSION_TOKEN (keycloak-clients) to ARGOCD_AUTH_TOKEN (cluster secrets)
- Aligns with EKS Marina managed ArgoCD authentication
@allamand
remove dublicate secretstore
b7ff9c4 
Signed-off-by: user1 <[email protected]>
@allamand
fix: comment out ArgoCD auth token in Backstage external secret
dd543e9 
- Remove ARGOCD_AUTH_TOKEN from external secret configuration
- Backstage will use OIDC authentication instead of token-based auth
@allamand
fix: improve ArgoCD revision conflict recovery
7ab13e4 
- Remove stuck operation before clearing operation state
- Simplify revision conflict fix by clearing operation first
@allamand
fix: improve stuck app detection in ArgoCD sync wave monitoring
bb176a6 
- Skip apps that are already Healthy and Synced
- Only recover apps with truly stuck operations (Running >5min)
- Prevent unnecessary recovery attempts on healthy apps
@allamand
revert: restore original stuck app detection logic
42f41b6 
- Revert to checking both stuck operations and Progressing status
- Restore simpler condition for stuck app detection
@allamand
fix: improve ArgoCD recovery script to handle stale finished operations
3c007d9 
- Add detection of stale operations (finishedAt exists but phase=Running)
- Clear stale operation state without unnecessary retries
- Fix revision conflict handling to sync to HEAD
- Improve output to show finished timestamp for better debugging
@allamand
feat: add HuggingFace model download support and update platform mani…
775e3db 
…fests

- Add HuggingFace model download documentation
- Add Kro resource group for HuggingFace model management
- Add platform manifest template for HuggingFace models
- Update addons configuration
- Update GitLab initialization script
- Remove deprecated platform-manifests values.yaml
@allamand
feat: update platform configurations and HuggingFace model support
b77d09c 
- Update addons configuration for platform manifests
- Enhance Argo Workflows installation template
- Improve CICD pipeline Kro resource group
- Refine HuggingFace model resource group
- Update cluster secret store configuration
- Configure Spark operator values
@allamand
fix: update Argo Workflows installation template
33bb588
@allamand
chore: update addons configuration
6fe703e
@allamand
feat: switch from Auto Mode default nodepools to custom Karpenter nod…
5c4efb0 
…epools

- Comment out compute_config in Terraform to disable Auto Mode default nodepools
- Enable customNodepools in platform-manifests values
- Custom nodepools provide more control over instance types, taints, and disruption policies
@allamand allamand force-pushed the feat/eks-capabilities-integration branch from e0ee763 to 5c4efb0 Compare February 2, 2026 21:52
allamand and others added 8 commits February 2, 2026 23:03
@allamand
feat: add automatic recovery for stuck Argo Workflows
b5966c3 
- Add recover_stuck_workflows() function to detect and delete workflows stuck > 15min
- Integrate into wait_for_sync_wave_completion() to run every 30s
- Prevents cascading failures when workflows hang (e.g., mysql-setup-workflow)
- Allows ArgoCD to automatically recreate workflows after deletion
@allamand
fix: add EKS cluster security group to RDS ingress rules
1cfc929 
- Add second SecurityGroupIngressRule referencing EKS cluster SG
- Extract cluster_security_group_id from VPC secret
- Add clusterSecurityGroupId to Crossplane EnvironmentConfig
- Ensures reliable pod-to-RDS connectivity without manual SG fixes
don't use Auto mode nodepools
0362371 
Signed-off-by: Workshop User <[email protected]>
@allamand
feat: Add EKS capabilities integration with Identity Center and deplo…
072995a 
…yment scripts

- Add EKS cluster Terraform configuration updates
- Add Identity Center Terraform module for IAM integration
- Update deployment scripts with force-unlock helper
- Add hub-config.yaml changes for EKS capabilities
- Update ArgoCD and secrets Terraform configurations
- Add EKS Capabilities ArgoCD setup documentation
@allamand
chore: Update Renovate base branch from riv25 to main
2edd546
@allamand
feat: Add EKS capabilities integration with Identity Center and deplo…
a8afc59 
…yment scripts

- Add EKS cluster Terraform configuration updates
- Add Identity Center Terraform module for IAM integration
- Update deployment scripts with force-unlock helper and state lock management
- Add hub-config.yaml changes for EKS capabilities
- Update ArgoCD and secrets Terraform configurations
- Add EKS Capabilities ArgoCD setup documentation
- Add multi-acct EKS capabilities RBAC and IAM role selectors
- Keep spark_operator enabled
@allamand
feat: Update Keycloak configuration for EKS Capabilities
863d4fe 
- Disable ArgoCD client creation (using EKS Marina managed ArgoCD)
- Remove ARGOCD_SESSION_TOKEN from keycloak-clients secret
- Add AWS Secrets Manager ClusterSecretStore for platform secrets
- Add Keycloak split-brain detector CronJob for cluster health monitoring
@allamand
fix: Use dynamic server in fleet-secrets ApplicationSet
a2953af 
- Change destination server from hardcoded kubernetes.default.svc to {{server}} template
- Enables proper multi-cluster fleet management
@allamand allamand marked this pull request as ready for review February 6, 2026 15:28
allamand and others added 14 commits February 6, 2026 17:14
@allamand
remove unused doc
2a82535 
Signed-off-by: Sébastien Allamand <[email protected]>
add missing pdbs
2df9dc5 
Signed-off-by: Workshop User <[email protected]>
@allamand
zdd ssm command
2b58c05 
Signed-off-by: Sébastien Allamand <[email protected]>
tweak syncwaves
dcf6f3f 
Signed-off-by: Workshop User <[email protected]>
fix project name in cicd
a6716bf 
Signed-off-by: Workshop User <[email protected]>
fix project name in cicd
f6736d3 
Signed-off-by: Workshop User <[email protected]>
fix project name in cicd
b736807 
Signed-off-by: Workshop User <[email protected]>
create old folder for legacy backstage templates
73e5ed6 
Signed-off-by: Workshop User <[email protected]>
update manifest with kro
2d1cbe4 
Signed-off-by: Workshop User <[email protected]>
update ACK to use EKS capabilities
d745528 
Signed-off-by: Workshop User <[email protected]>
add kro for s3 template
559c3b5 
Signed-off-by: Workshop User <[email protected]>
update to use appmod kro service
9636aad 
Signed-off-by: user1 <[email protected]>
Merge main into feat/eks-capabilities-integration
fb4825d
update cicd
c2fb6ab 
Signed-off-by: Workshop User <[email protected]>
hmuthusamy
hmuthusamy reviewed Feb 11, 2026
View reviewed changes
platform/infra/terraform/scripts/1-tools-urls.sh
ARGOCD_URL="$ARGOCD_SERVER_URL"
print_info "Using EKS-managed ArgoCD URL: $ARGOCD_URL"
else
ARGOCD_URL="https://$DOMAIN_NAME/argocd"
Copy link
Collaborator

@hmuthusamy hmuthusamy Feb 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@allamand Are we still setting up argocd during initial bootstrap? Do we need to set this condition with capabilities enabled?

Workshop User and others added 7 commits February 11, 2026 13:49
update cluster configuration
00ba5b5 
Signed-off-by: Workshop User <[email protected]>
rewrite appmod kro manifest
41820d2 
Signed-off-by: user1 <[email protected]>
update appmod with different rewrite rules
4798e12 
Signed-off-by: user1 <[email protected]>
update appmod with different rewrite rules
e30f1b3 
Signed-off-by: Workshop User <[email protected]>
update do use Appmod kro
68e3f4a 
Signed-off-by: Workshop User <[email protected]>
activate cross-zone load balancing to ensure it will still work even …
ed2e476 
…if 1 nginx pod or if 2 are in same AZ

Signed-off-by: Workshop User <[email protected]>
update do use Appmod kro
d37dea5 
Signed-off-by: Workshop User <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hmuthusamy hmuthusamy hmuthusamy left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@allamand allamand

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@allamand @hmuthusamy