#refarch (2023-11)
Cloud Posse Reference Architecture
2023-11-06
i’ve used the dns-delegated component to launch a hosted zone in one of my workload accounts (prod), but I’m not sure how to create dns records in the subdomain (service.prod.example.net). am i supposed to deploy dns-primary in the prod account in addition to the dns account?
we typically will have another component or service add records to the hosted zone once created. So for example, say that you’ve created [prod.example.net](http://prod.example.net) with dns-delegated and you might have external-dns deployed. Then if you add an annotation to the “service” app in your cluster, external-dns will add/update the dns record to the hosted zone for you
more on external-dns: https://docs.cloudposse.com/components/library/aws/eks/external-dns/
2023-11-08
2023-11-21
@Dan Miller (Cloud Posse) your PR… https://github.com/cloudposse/terraform-aws-components/pull/904/files#diff-3cdcf3533e53e86fc193966f5d8208159900d1f4283640730436ba958d400c66L5-L6
…breaks the module due to… https://github.com/cloudposse/terraform-aws-components/blob/main/modules/spacelift/worker-pool/iam.tf#L28
╷
│ Error: Reference to undeclared local value
│
│ on iam.tf line 28, in locals:
│ 28: role_arn_template = module.account_map.outputs.iam_role_arn_templates[local.identity_account_name]
│
│ A local value with the name "identity_account_name" has not been declared.
oh man yes it does. thanks for pointing that out. Will fix right now
np…our workers are down so started investigating
@Dan Miller (Cloud Posse) semi-related: https://github.com/cloudposse/terraform-aws-components/blob/main/modules/spacelift/worker-pool/templates/user-data.sh#L6.
This is now breaking workers (see log):
Note these args are invalid as well:
--registry-ids ${ecr_account_id} --no-include-email
cloud-init[1842]: Unknown options: --registry-ids,123456789,--no-include-email
I noticed a similar issue and I just pinned a specific AMI until we have a chance to fix this
spacelift_ami_id: ami-05aae360ff018f5a0
havent looked into it too much, but I suspect Spacelift changed what’s installed on their image
yeah, must’ve upgraded their AWS CLI
just using what is in our Makefile for non-geodesic commands.
$(aws --region ${ecr_region} ecr get-login-password | docker login --username AWS --password-stdin ${ecr_account_id})
…will report back how well it works
ahh…forgot it needs the full domain:
$(aws --region ${ecr_region} ecr get-login-password | docker login --username AWS --password-stdin ${ecr_account_id}.dkr.ecr.us-east-1.amazonaws.com)
back at it, but switched it up and this needs a credential helper so i’ll prob just punt on it and lock the AMI
the above AMI wasn’t found. ended up just using this one: ami-05e8730417b8c3199
Ah yeah it’s likely regional
and yes, the very much outdated aws cli command used currently is the reason. @Dan Miller (Cloud Posse) you can peek in our repo to see how we fixed it currently
2023-11-22
When using the latest ami for the spacelift worker pool, things might get broken (see ^^^). Response from spacelift:
[…] you have a very good point about this being an unannounced breaking change. we’ll prepare an announcment today, and we’ll try to think about introducing semver into this process. sorry for the inconvenience.