Skip to content

Add gharts RDS instance and IRSA role to 01_infra#442

Closed
afrittoli wants to merge 2 commits intopytorch:mainfrom
afrittoli:gharts_setup
Closed

Add gharts RDS instance and IRSA role to 01_infra#442
afrittoli wants to merge 2 commits intopytorch:mainfrom
afrittoli:gharts_setup

Conversation

@afrittoli
Copy link
Copy Markdown
Collaborator

@afrittoli afrittoli commented Apr 14, 2026

Provisions the AWS infrastructure required by the gharts service on the arc dev cluster.

This PR

  • RDS db.t3.micro PostgreSQL instance with IAM authentication enabled
  • Security group allowing PostgreSQL access from within the VPC
  • DB subnet group covering private subnets
  • IAM role and rds-db:connect policy for IRSA
  • Outputs: gharts_rds_host, gharts_irsa_role_arn (consumed by 02_helm)

Stack Overview

  1. PR #??? (this PR): 01_infra — RDS instance and IRSA role ← MERGE FIRST
  2. PR Add gharts to the arc dev cluster #404: 02_helm — gharts Helm release (depends on this PR)

Review Guidance

Changes are isolated to 01_infra/gharts-rds.tf and 01_infra/outputs.tf.

afrittoli and others added 2 commits March 19, 2026 15:53
@afrittoli @claude
Add gharts RDS instance and IRSA role to 01_infra
ccecc6b 
Provisions the AWS infrastructure required by the gharts service:
- RDS db.t3.micro PostgreSQL instance with IAM authentication enabled
- Security group allowing PostgreSQL access from within the VPC
- DB subnet group covering private subnets
- IAM role and rds-db:connect policy for IRSA
- Outputs: gharts_rds_host, gharts_irsa_role_arn (consumed by 02_helm)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@afrittoli @claude
Add gharts Helm release to 02_helm
08e07e7 
Deploys the GitHub Actions Runner Token Service (gharts) to the arc
dev cluster using the OCI chart from ghcr.io/afrittoli/gharts (v0.0.3).

- Reuses GitHub App credentials from the pytorch-arc-github-app secret
- OIDC authentication via Linux Foundation SSO (sso.linuxfoundation.org)
- RDS IAM authentication via IRSA — no password required
- Ingress at gharts.pytorch.org with Let's Encrypt TLS

Depends on the 01_infra gharts outputs (gharts_rds_host, gharts_irsa_role_arn).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@linux-foundation-easycla
Copy link
Copy Markdown

linux-foundation-easycla bot commented Apr 14, 2026
edited
Loading

CLA Missing ID CLA Not Signed

One or more co-authors of this pull request were not found. You must specify co-authors in commit message trailer via:

Co-authored-by: name <email>

Supported Co-authored-by: formats include:

  1. Anything <id+login@users.noreply.github.com> - it will locate your GitHub user by id part.
  2. Anything <login@users.noreply.github.com> - it will locate your GitHub user by login part.
  3. Anything <public-email> - it will locate your GitHub user by public-email part. Note that this email must be made public on Github.
  4. Anything <other-email> - it will locate your GitHub user by other-email part but only if that email was used before for any other CLA as a main commit author.
  5. login <any-valid-email> - it will locate your GitHub user by login part, note that login part must be at least 3 characters long.

Alternatively, if the co-author should not be included, remove the Co-authored-by: line from the commit message.

Please update your commit message(s) by doing git commit --amend and then git push [--force] and then request re-running CLA check via commenting on this pull request:

/easycla

@afrittoli afrittoli mentioned this pull request Apr 14, 2026
Merged
@afrittoli afrittoli closed this Apr 14, 2026
@afrittoli afrittoli reopened this Apr 14, 2026
@afrittoli afrittoli closed this Apr 14, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jeanschmidt jeanschmidt Awaiting requested review from jeanschmidt jeanschmidt is a code owner

@zxiiro zxiiro Awaiting requested review from zxiiro zxiiro is a code owner

@ZainRizvi ZainRizvi Awaiting requested review from ZainRizvi ZainRizvi is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@afrittoli