Automation for standing up Gen3 commons
For: uc-cdis/cloud-automation Notes since tag: pybase3-1.5.0 Notes to tag/commit: pybase3-1.5.1 Generated: 2021-05-24
Bug Fixes
gen3qa-check-bucket-access
pods. (#1575)Improvements
Dependency Updates
Release Notes
New Features
gen3 gen3qa-run <test_job>
) (#1474)Deployment Changes
Dependency Updates
Bug Fixes
Improvements
cache-control: no-store
for lw-workspace/proxy
(#1469)gen3 infra
helper - collect infrastructure reports on a VPC for pen
tests, security reviews, whatever (#1468)gen3 api indexd-delete $did
(#1468)gen3 jupyter idle
to properly consider the length limit on
ambassador cluster names - the hatchery-reaper
should properly garbage
collect hatchery pods with long names now ... (#1452)gen3 gitops configmaps key1 key2 ...
(#1445)kube-setup-wts
fail fast on failure to setup OIDC client with fence
(#1445)AWS_STS_REGIONAL_ENDPOINTS=regional
environment to ssjdispatcher
(#1445)kube-setup-seleniumhub
script is TBD. (#1232)cloud-automation
will use the organization one (#1179)data-ingestion-job
, which is specific to
DataSTAGE. (#1012)self_uri
(#1133)gen3 squid info
to get information about the HA-proxy instances (#1137)gen3 workers-cycle
to cycle a node or all nodes (#1126)
$JOB_NAME
can be added to log filename (#1207)
codecept.conf.js
script in gen3-qa
needs to be adjusted
accordingly. (#1232)apps/v1
apiVersion (#1360)portal_app
set to GEN3-WORKSPACE-PARENT
(#1360)gen3 logs history byuser
command to get list of top 100 users over some
time range (#1360)revproxy
tweak handling of Strict-Transport-Security
header - there's a
covid19 security scan jira someplace (#1360)watch kubectl get pods
or echo bla | xargs kubectl
will work now (#1339)heptio-authenticator-aws
to recent
aws-iam-authenticator
(#1325)gen3_terraform destroy
is success (#1320)gen3 es garbage
helper (#1310)gen3 job cron
helper (#1310)gen3 jupyter idle
(#1310)backoffLimit
to some batch jobs (#1310)gen3 roll all --fast
(#1291)gen3 roll all
calls out to gen3 dashboard gitops-sync
(#1291)gen3 awsrole
extended to support sa-linked roles (#1291)gen3 api hostname
, environment
, namespace
, and safe-name
helpers
(#1291)gitops-sync
jobs extended with sa linked to an iam role - gen3 dashboard gitops-sync
should work (#1291)gen3 shutdown namespace
helper and cron jobs (#1272)gen3 api hostname
helper (#1272)kube-setup-aws-es-proxy
to not rely on $vpc_name
(#1272)gen3 ebs snapshot
to copy volume tags to snapshot (#1272)kube-setup-metadata
to gen3 roll all
(#1270)gen3 api sower-run commandFile.json $apiKey
(#1269)gen3 api sower-template pfb
(#1269)gen3 prometheus query $query $apiKey
(#1269)gen3 prometheus list $apiKey
(#1269)gen3 prometheus curl $urlBase $apiKey
(#1269)gen3 ecr
helpers for interacting with ECR docker image
repositories. (#1265)set -i
from batch jobs - deprecated in bash 4.4 (#1244)awshelper
to package cloud-automation/
code package (#1244)GEN3_AWSHELPER_IMAGE
variable to simplify testing (#1244)messages
and
secure
logs. (#1238)chrome not reachable (Session info: headless chrome=70.0.3538.77) (Driver info: chromedriver=2.43.600233 (#1232)
terraform12
(#1184)gen3 es create index-name mapping.json
(#1184)gen3 secrets gcp ...
for service key rotation (#1184)gcp.md
with instructions for GCP integration (#1184)npm audit fix
) (#1184)gen3 s3 ...
and gen3 aws*
to not call gen3 trash
- leave
terraform workspace in place (#1184)gen3 devterm
(#1184)gen3 workon profile whatever__data_bucket_queue
(#1177)kubectl node drain
commands now have the --force
flag for draining
deleting "Pods not managed by ReplicationController, ReplicaSet, Job,
DaemonSet or StatefulSet" like hatchery pods. (#1175)gen3 bootstrap
subcommand (#1173)gen3 logs cloudwatch ...
subcommands (#1160)aws autoscaling terminate-instance-in-auto-scaling-group
instead
of aws ec2 stop-instances
we are letting the ASG that we want to keep the
desired state so it tries to spin up a new instance right away. (#1169)deploy_before_destroy
enabled. (#1092).southsideweekly.com
to allow grabbing the CHI-NBHD
dataset for PRC (#1347)kubectl
with g3kubectl
, (#1289)${HOME}/${vpc_name}/kubeconfig
. It is now loaded from the location
returned by gen3. (#1204)command
override was introduced to this deployment (which suppresses the parent
image's entrypoint.sh
execution). Adding an extra call to this script to
make sure the NGINX_RATE_LIMIT check is executed. (#1182)gen3 iam-serviceaccount
results in null
in service-account
annotation. This is a fix for the issue. (#1180)gen3 iam-serviceaccount
produces wrong link (contains https
part) in
Federated part of trust policy. Fixed now. (#1180)db_restore
ing. (#1164)kubectl apply -f
on the same
line, breaking the application of the file that deploys calico. (#1147)Add Nginx rate limit to help Fence with its RPS throughput
By default, disable uwsgi cheaper mode and run 2 uwsgi processes