Steve Williams
Steve Williams
## Background Following initial investigation into leveraging AWS Secrets Manager for Concourse secrets management, a spike into ASCP CSI driver: _The AWS provider for the [Secrets Store CSI Driver](https://github.com/kubernetes-sigs/secrets-store-csi-driver) allows...
## Background Elements of this runbook need a little updating, for example comments re vars here: https://github.com/ministryofjustice/cloud-platform-environments/blob/main/bin/delete-namespace.rb ## Proposed user journey N/A ## Approach Review and update runbook where required...
## Background Test clusters deploy with ingress controller replica count of 6, can we reduce this number and free up some resource? ## Proposed user journey N/A ## Approach Refactor...
**What steps did you take and what happened:** I am seeing a large number of trivy-operator generated vulnerability reports flagging CVEs for the following resources: ``` github.com/docker/docker github.com/docker/distribution github.com/sigstore/rekor google.golang.org/grpc...
https://runbooks.cloud-platform.service.justice.gov.uk/container-images.html#container-images-used-by-cluster-components Review the compatibility matrix for all cluster components and verify if the image is compatible with the upgraded kubernetes version Related to: #5341
## Background This function was created as a safety measure against the possibility of test cluster deployments leaving oprhaned AWS resources on non-standard namespaces being deleted: https://github.com/ministryofjustice/cloud-platform-cli/blob/bdc0cdcda306fe33f45ad521ac1cc53fcdc915c6/pkg/cluster/delete_utils/utils.go#L24 We should remove...
The Cloud Platform Cluster is in k8s version 1.27. Hence upgrade the descheduler to match the k8s version. https://github.com/kubernetes-sigs/descheduler?tab=readme-ov-file#%EF%B8%8F--documentation-versions-by-release https://github.com/ministryofjustice/cloud-platform-terraform-descheduler Related to: #5341
## Background We continue to see Throttling Errors in External DNS alarms. We should have another review of our configuration for external-dns, and see if we can tune our polling...
## Background Having identified the 1.27 warning issue with our implementation of the terraform service account module: https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/#auto-generated-legacy-serviceaccount-token-clean-up We have a branch which has removed the secret referencing inside of...
https://runbooks.cloud-platform.service.justice.gov.uk/container-images.html#container-images-used-by-cluster-components https://github.com/kubernetes/kube-state-metrics?tab=readme-ov-file#compatibility-matrix Review the compatibility matrix of kube-state-metrics and verify if the image is compatible with the upgraded kuebrnetes version. If the version is mismatch, check if the whole kube-prometheus-chart...