Skip to content

Commit

Permalink
fix: Additional fixes to my fixes!
Browse files Browse the repository at this point in the history
  • Loading branch information
@bryantbiggs
bryantbiggs committed Jun 24, 2022
1 parent 3d652b9 commit d626d8f
Show file tree
Hide file tree
Showing 16 changed files with 72 additions and 107 deletions.
48 changes: 20 additions & 28 deletions docs/extensibility.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,36 +64,23 @@ data "aws_caller_identity" "current" {}
locals {
cni_metrics_name = "cni-metrics-helper"
}
default_helm_values = [templatefile("${path.module}/helm-values/cni-metrics-helper-values.yaml", {
eks_cluster_id = var.eks_cluster_id,
image = "602401143452.dkr.ecr.${var.region}.amazonaws.com/cni-metrics-helper:v1.10.3",
sa-name = local.cni_metrics_name
oidc_url = "oidc.eks.eu-west-1.amazonaws.com/id/E6CASOMETHING55B9D01F7"
})]
addon_context = {
aws_caller_identity_account_id = data.aws_caller_identity.current.account_id
aws_caller_identity_arn = data.aws_caller_identity.current.arn
aws_eks_cluster_endpoint = data.aws_eks_cluster.cluster.endpoint
aws_partition_id = data.aws_partition.current.partition
aws_region_name = var.region
eks_cluster_id = var.eks_cluster_id
eks_oidc_issuer_url = local.oidc_url
eks_oidc_provider_arn = "arn:${data.aws_partition.current.partition}:iam::${data.aws_caller_identity.current.account_id}:oidc-provider/${local.oidc_url}"
tags = {}
}
module "helm_addon" {
source = "github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons/helm-addon"
helm_config = {
name = local.cni_metrics_name
description = "CNI Metrics Helper Helm Chart"
timeout = "300"
chart = "${path.module}/local-helm-charts/cni-metrics-helper"
version = "0.1.7"
repository = null
namespace = "kube-system"
lint = false
values = local.default_helm_values
values = [templatefile("${path.module}/helm-values/cni-metrics-helper-values.yaml", {
eks_cluster_id = var.eks_cluster_id,
image = "602401143452.dkr.ecr.${var.region}.amazonaws.com/cni-metrics-helper:v1.10.3",
sa-name = local.cni_metrics_name
oidc_url = "oidc.eks.eu-west-1.amazonaws.com/id/E6CASOMETHING55B9D01F7"
})]
}
irsa_config = {
Expand All @@ -103,13 +90,18 @@ locals {
create_kubernetes_service_account = true
irsa_iam_policies = [aws_iam_policy.cni_metrics.arn]
}
}
module "helm_addon" {
source = "github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons/helm-addon"
helm_config = local.helm_config
irsa_config = local.irsa_config
addon_context = local.addon_context
addon_context = {
aws_caller_identity_account_id = data.aws_caller_identity.current.account_id
aws_caller_identity_arn = data.aws_caller_identity.current.arn
aws_eks_cluster_endpoint = data.aws_eks_cluster.cluster.endpoint
aws_partition_id = data.aws_partition.current.partition
aws_region_name = var.region
eks_cluster_id = var.eks_cluster_id
eks_oidc_issuer_url = local.oidc_url
eks_oidc_provider_arn = "arn:${data.aws_partition.current.partition}:iam::${data.aws_caller_identity.current.account_id}:oidc-provider/${local.oidc_url}"
tags = {}
}
}
resource "aws_iam_policy" "cni_metrics" {
Expand Down
6 changes: 4 additions & 2 deletions modules/kubernetes-addons/aws-for-fluentbit/main.tf
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
locals {
namespace = try(var.helm_config.namespace, "aws-for-fluent-bit")
service_account = try(var.helm_config.service_account, "aws-for-fluent-bit-sa")

log_group_name = coalesce(var.cw_log_group_name, "/${var.addon_context.eks_cluster_id}/worker-fluentbit-logs")
}

module "helm_addon" {
Expand Down Expand Up @@ -50,7 +52,7 @@ module "helm_addon" {
}

resource "aws_cloudwatch_log_group" "aws_for_fluent_bit" {
name = coalesce(var.cw_log_group_name, "/${var.addon_context.eks_cluster_id}/worker-fluentbit-logs")
name = local.log_group_name
retention_in_days = var.cw_log_group_retention
kms_key_id = var.cw_log_group_kms_key_arn == null ? module.kms[0].key_arn : var.cw_log_group_kms_key_arn
tags = var.addon_context.tags
Expand Down Expand Up @@ -119,7 +121,7 @@ data "aws_iam_policy_document" "kms" {
condition {
test = "ArnEquals"
variable = "kms:EncryptionContext:aws:logs:arn"
values = [aws_cloudwatch_log_group.aws_for_fluent_bit.arn]
values = ["arn:${var.addon_context.aws_partition_id}:logs:${var.addon_context.aws_region_name}:${var.addon_context.aws_caller_identity_account_id}:log-group:${local.log_group_name}"]
}

principals {
Expand Down
5 changes: 1 addition & 4 deletions modules/kubernetes-addons/cluster-proportional-autoscaler/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@ For more details checkout [cluster-proportional-autoscaler](https://github.com/k
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |

## Providers

Expand All @@ -36,7 +35,5 @@ No resources.

## Outputs

| Name | Description |
|------|-------------|
| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
No outputs.
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
30 changes: 0 additions & 30 deletions modules/kubernetes-addons/cluster-proportional-autoscaler/locals.tf
View file

This file was deleted.

23 changes: 18 additions & 5 deletions modules/kubernetes-addons/cluster-proportional-autoscaler/main.tf
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,21 @@
module "helm_addon" {
source = "../helm-addon"
source = "../helm-addon"

manage_via_gitops = var.manage_via_gitops
helm_config = local.helm_config
set_values = local.set_values
irsa_config = null
addon_context = var.addon_context

helm_config = merge(
{
name = "cluster-proportional-autoscaler"
chart = "cluster-proportional-autoscaler"
repository = "https://kubernetes-sigs.github.io/cluster-proportional-autoscaler"
version = "1.0.0"
namespace = "kube-system"
values = [file("${path.module}/values.yaml")]
description = "Cluster Proportional Autoscaler Helm Chart"
},
var.helm_config
)

irsa_config = null
addon_context = var.addon_context
}
4 changes: 0 additions & 4 deletions modules/kubernetes-addons/cluster-proportional-autoscaler/outputs.tf
View file
Original file line number Diff line number Diff line change
@@ -1,4 +0,0 @@
output "argocd_gitops_config" {
description = "Configuration used for managing the add-on with ArgoCD"
value = var.manage_via_gitops ? local.argocd_gitops_config : null
}
13 changes: 0 additions & 13 deletions modules/kubernetes-addons/cluster-proportional-autoscaler/values.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,3 @@
# Formula for controlling the replicas. Adjust according to your needs
# replicas = max( ceil( cores * 1/coresPerReplica ) , ceil( nodes * 1/nodesPerReplica ) )
# replicas = min(replicas, max)
# replicas = max(replicas, min)
config:
linear:
coresPerReplica: 256
Expand All @@ -11,21 +7,12 @@ config:
preventSinglePointFailure: true
includeUnschedulableNodes: true

# Target to scale. In format: deployment/*, replicationcontroller/* or replicaset/* (not case sensitive).
# The following option should be defined in user defined values.yaml using var.helm_config

#options:
# target:

podSecurityContext:
seccompProfile:
type: RuntimeDefault
supplementalGroups: [ 65534 ]
fsGroup: 65534

nodeSelector:
kubernetes.io/os: ${operating_system}

resources:
limits:
cpu: 100m
Expand Down
7 changes: 0 additions & 7 deletions modules/kubernetes-addons/cluster-proportional-autoscaler/versions.tf
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,3 @@
terraform {
required_version = ">= 1.0.0"

required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 3.72"
}
}
}
2 changes: 1 addition & 1 deletion modules/kubernetes-addons/external-dns/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ module "helm_addon" {
]

irsa_config = {
create_kubernetes_namespace = try(local.helm_config.create_namespace, true)
create_kubernetes_namespace = try(var.helm_config.create_namespace, true)
kubernetes_namespace = local.namespace

create_kubernetes_service_account = true
Expand Down
2 changes: 1 addition & 1 deletion modules/kubernetes-addons/fargate-fluentbit/main.tf
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
locals {
default_config = mereg({
config = merge({
output_conf = <<-EOF
[OUTPUT]
Name cloudwatch_logs
Expand Down
3 changes: 2 additions & 1 deletion modules/kubernetes-addons/helm-addon/main.tf
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
resource "helm_release" "addon" {
count = var.manage_via_gitops ? 0 : 1
count = var.manage_via_gitops ? 0 : 1

name = var.helm_config["name"]
repository = try(var.helm_config["repository"], null)
chart = var.helm_config["chart"]
Expand Down
2 changes: 1 addition & 1 deletion modules/kubernetes-addons/helm-addon/outputs.tf
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
output "namespace" {
description = "Namespace where Helm chart resources are installed"
value = helm_release.addon.metadata.0.namespace
value = helm_release.addon[0].metadata[0].namespace
}
2 changes: 1 addition & 1 deletion modules/kubernetes-addons/kubernetes-dashboard/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ module "helm_addon" {

manage_via_gitops = var.manage_via_gitops

helm_config = mereg(
helm_config = merge(
{
name = "kubernetes-dashboard"
chart = "kubernetes-dashboard"
Expand Down
3 changes: 3 additions & 0 deletions modules/kubernetes-addons/prometheus/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,12 +45,14 @@ Repeat the above steps for other 4 images
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |
| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.72 |
| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.10 |

## Modules

Expand All @@ -66,6 +68,7 @@ Repeat the above steps for other 4 images
|------|------|
| [aws_iam_policy.ingest](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
| [aws_iam_policy.query](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
| [kubernetes_namespace_v1.prometheus](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1) | resource |
| [aws_iam_policy_document.ingest](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.query](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |

Expand Down
25 changes: 16 additions & 9 deletions modules/kubernetes-addons/prometheus/main.tf
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
locals {
namespace = kubernetes_namespace_v1.prometheus.metadata[0].name

workspace_url = var.amazon_prometheus_workspace_endpoint != null ? "${var.amazon_prometheus_workspace_endpoint}api/v1/remote_write" : ""
ingest_service_account = "amp-ingest"
ingest_iam_role_arn = var.enable_amazon_prometheus ? module.irsa_amp_ingest[0].irsa_iam_role_arn : ""
Expand All @@ -10,20 +12,25 @@ locals {
} : {}
}

resource "kubernetes_namespace_v1" "prometheus" {
metadata {
name = try(var.helm_config.namespace, "prometheus")
}
}

module "helm_addon" {
source = "../helm-addon"

manage_via_gitops = var.manage_via_gitops

helm_config = merge(
{
name = "prometheus"
chart = "prometheus"
version = "15.10.1"
repository = "https://prometheus-community.github.io/helm-charts"
namespace = "prometheus"
create_namespace = true
description = "Prometheus helm Chart deployment configuration"
name = "prometheus"
chart = "prometheus"
version = "15.10.1"
repository = "https://prometheus-community.github.io/helm-charts"
namespace = local.namespace
description = "Prometheus helm Chart deployment configuration"
values = [templatefile("${path.module}/values.yaml", {
operating_system = try(var.helm_config.operating_system, "linux")
})]
Expand Down Expand Up @@ -91,7 +98,7 @@ module "irsa_amp_ingest" {
count = var.enable_amazon_prometheus ? 1 : 0

create_kubernetes_namespace = false
kubernetes_namespace = module.helm_addon.namespace
kubernetes_namespace = local.namespace

kubernetes_service_account = local.ingest_service_account
irsa_iam_policies = [aws_iam_policy.ingest[0].arn]
Expand Down Expand Up @@ -131,7 +138,7 @@ module "irsa_amp_query" {
count = var.enable_amazon_prometheus ? 1 : 0

create_kubernetes_namespace = false
kubernetes_namespace = module.helm_addon.namespace
kubernetes_namespace = local.namespace

kubernetes_service_account = "amp-query"
irsa_iam_policies = [aws_iam_policy.query[0].arn]
Expand Down
4 changes: 4 additions & 0 deletions modules/kubernetes-addons/prometheus/versions.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,5 +6,9 @@ terraform {
source = "hashicorp/aws"
version = ">= 3.72"
}
kubernetes = {
source = "hashicorp/kubernetes"
version = ">= 2.10"
}
}
}

0 comments on commit d626d8f

Please sign in to comment.