Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create a script to lock/unlock Azure resource groups #3479

Open
lemeurherve opened this issue Mar 30, 2023 · 1 comment
Open

Create a script to lock/unlock Azure resource groups #3479

lemeurherve opened this issue Mar 30, 2023 · 1 comment
Milestone
infra-team-sync-next

Comments

@lemeurherve
Copy link
Member

lemeurherve commented Mar 30, 2023
edited
Loading

Resource locks are often better set outside of terraform so that they don’t get accidentally removed on a destroy

Example: https://github.com/hmcts/azure-resource-locks/blob/master/scripts/enable-resource-locking.sh

Originally posted by @timja in #3459 (comment)

This script could be stored in runbooks, and potentially writes some logs in a text file then commited in runbooks too so we keep traces of executions.
@dduportal dduportal added this to the infra-team-sync-next milestone Apr 4, 2023
@dduportal dduportal mentioned this issue May 9, 2023
Closed
@dduportal dduportal mentioned this issue Jul 10, 2023
Merged
@dduportal
Copy link
Contributor

Update : initial try of adding locks to the public IPs in jenkins-infra/azure#433.

The goal is to make sure that these IP cannot be deleted when the AKS cluster which associated is deleted.

dduportal added a commit to jenkins-infra/azure that referenced this issue Jul 10, 2023
@dduportal
feat(locks) add locks on all public IPs that should not change (#433)
e46fb61 
Related to
jenkins-infra/helpdesk#3582 (comment)

Notes:

- The public IPs on trusted.ci (for the inbound SSH to bounce VM and for
the subnet's gateway) are not required to be locked
- Additional locks might be added to the data disks of ci.j or
trusted.ci.j for instance, as part of
jenkins-infra/helpdesk#3479 if this works as
expected

Signed-off-by: Damien Duportal <damien.duportal@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
infra-team-sync-next
Development

No branches or pull requests
2 participants
@dduportal @lemeurherve