/
Access

Access

Owned by Gordon Zhong (Unlicensed)
Last updated: Jun 06, 2020
2 min read

Note the Github team @csesoc/infrastructure is representative of:

  • Projects Directors

  • 1 member of the exec (e.g. Secretary) - as a backup

The Github team @csesoc/projects-team-leads is representative of:

  • All CURRENT project team leads

  • The team has a sub-team for each Project Lead(s)

What?

Who?

Access level

Why?

Granting access

What?

Who?

Access level

Why?

Granting access

SSH access to Wheatley

@csesoc/infrastructure

Root access to host

Occasionally you may need to access the underlying host to perform maintenance (e.g. restart the Rancher container or cycle SSH certificates)

Ask the Technical Projects Director to add your SSH key to the csesoc/infrastructure repo. The Director will need to apply the Ansible playbook to deploy the changes to Wheatley.

Admin access to github.com/csesoc/infrastructure

@csesoc/infrastructure

Access to modifying infrastructure level code

Occasionally you may need to update the documentation by adding in a new Project etc.

Ask a Github owner (e.g. Projects Directors or a member of the Exec team) to add you to the @csesoc/infrastructure team

Access to csesoc/infrastructure git secrets

@csesoc/infrastructure

Access to ALL projects secrets

Occasionally you may need to rotate the certificates in the repo or rotate other secrets

Ask the Technical Projects Director to add your GPG key to the git secrets. The Director will need to need to run git secret tell followed by git secret hide -d. See: https://git-secret.io/

Admin access to Rancher (orchestration tool) via Github OAuth

@csesoc/infrastructure

Access to Rancher and kubectl

As part of the infrastructure team you may need to modify the Kubernetes cluster or onboard new Projects

This level of access can modify the underlying host - so treat it like root access

Ask a Github owner (e.g. Projects Directors or a member of the Exec team) to add you to the @csesoc/infrastructure team.

Standard user access to Rancher (orchestration tool) via Github OAuth

@csesoc/projects-team-leads

Access to Rancher and any projects that they have access granted to

Project Team Leads can manage their own infrastructure for their Projects.

For Rancher admins:

  • Project Team Leads should only be able to access their own Project

  • Each Project has a sub-team in @csesoc/projects-team-leads for their lead(s) - use this so you can manage all users from Github

  • Each Project should have a modified restricted Pod Security Policy in place

Ask one of the Projects Directors to add you to the @csesoc/projects-team-leads team.

Docker Hub Organisation: csesoc

@csesoc/infrastructure

Admin access to all the public images of csesoc

You may need to modify how leads upload their images to the Docker Hub or onboard a new project.

Ask one of the Projects Directors to add you to the Docker Hub. Do NOT give access to Project Leads.

Projects Slack (#directors)

Projects Directors

Access to cluster-level alerts

You probably want to know when the cluster is failing

Ask a CSESoc Projects Slack admin (e.g. on of the Projects Directors/exec) to grant you access to the channel.