From 3ccc31b7f42c12dc82fd6a341ab4405064d43814 Mon Sep 17 00:00:00 2001 From: maxim Date: Fri, 15 Apr 2022 09:39:20 +0600 Subject: [PATCH 1/4] tigera-operator --- terraform/layer2-k8s/helm-releases.yaml | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/terraform/layer2-k8s/helm-releases.yaml b/terraform/layer2-k8s/helm-releases.yaml index 0ac9d291..a070f520 100644 --- a/terraform/layer2-k8s/helm-releases.yaml +++ b/terraform/layer2-k8s/helm-releases.yaml @@ -12,7 +12,7 @@ releases: chart_version: 0.13.3 namespace: aws-node-termination-handler - id: aws-calico - enabled: true + enabled: false chart: aws-calico repository: https://aws.github.io/eks-charts chart_version: 0.3.4 @@ -90,7 +90,7 @@ releases: chart_version: 1.44 namespace: kiali - id: kube-prometheus-stack - enabled: false + enabled: true chart: kube-prometheus-stack repository: https://prometheus-community.github.io/helm-charts chart_version: 30.1.0 @@ -107,8 +107,14 @@ releases: repository: https://stakater.github.io/stakater-charts chart_version: 0.0.81 namespace: reloader - - id: victoria-metrics-k8s-stack + - id: tigera-operator enabled: true + chart: tigera-operator + repository: https://projectcalico.docs.tigera.io/charts + chart_version: v3.22.1 + namespace: tigera-operator + - id: victoria-metrics-k8s-stack + enabled: false chart: victoria-metrics-k8s-stack repository: https://victoriametrics.github.io/helm-charts chart_version: 0.5.9 From dded1776cbd24f649560384e776df43a52191214 Mon Sep 17 00:00:00 2001 From: maxim Date: Fri, 15 Apr 2022 10:44:35 +0600 Subject: [PATCH 2/4] tigera --- terraform/layer2-k8s/eks-tigera-operator.tf | 79 +++++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100644 terraform/layer2-k8s/eks-tigera-operator.tf diff --git a/terraform/layer2-k8s/eks-tigera-operator.tf b/terraform/layer2-k8s/eks-tigera-operator.tf new file mode 100644 index 00000000..18567eaf --- /dev/null +++ b/terraform/layer2-k8s/eks-tigera-operator.tf @@ -0,0 +1,79 @@ +locals { + tigera_operator = { + name = local.helm_releases[index(local.helm_releases.*.id, "tigera-operator")].id + enabled = local.helm_releases[index(local.helm_releases.*.id, "tigera-operator")].enabled + chart = local.helm_releases[index(local.helm_releases.*.id, "tigera-operator")].chart + repository = local.helm_releases[index(local.helm_releases.*.id, "tigera-operator")].repository + chart_version = local.helm_releases[index(local.helm_releases.*.id, "tigera-operator")].chart_version + namespace = local.helm_releases[index(local.helm_releases.*.id, "tigera-operator")].namespace + } + + tigera_operator_values = < Date: Fri, 13 May 2022 13:44:38 +0600 Subject: [PATCH 3/4] enh: switch from calico helm chart to tigera-operator helm chart --- terraform/layer2-k8s/README.md | 6 +++- terraform/layer2-k8s/eks-calico.tf | 33 ------------------- terraform/layer2-k8s/eks-tigera-operator.tf | 27 +++++++++++++-- .../eks-victoria-metrics-k8s-stack.tf | 2 +- terraform/layer2-k8s/helm-releases.yaml | 8 +---- 5 files changed, 32 insertions(+), 44 deletions(-) delete mode 100644 terraform/layer2-k8s/eks-calico.tf diff --git a/terraform/layer2-k8s/README.md b/terraform/layer2-k8s/README.md index 5efb0005..f8b1eec2 100644 --- a/terraform/layer2-k8s/README.md +++ b/terraform/layer2-k8s/README.md @@ -67,6 +67,7 @@ | [kubernetes](#provider\_kubernetes) | 2.6.1 | | [random](#provider\_random) | 3.1.2 | | [terraform](#provider\_terraform) | n/a | +| [time](#provider\_time) | 0.7.2 | ## Modules @@ -98,6 +99,7 @@ | [kube\_prometheus\_stack\_namespace](#module\_kube\_prometheus\_stack\_namespace) | ../modules/kubernetes-namespace | n/a | | [loki\_namespace](#module\_loki\_namespace) | ../modules/kubernetes-namespace | n/a | | [reloader\_namespace](#module\_reloader\_namespace) | ../modules/kubernetes-namespace | n/a | +| [tigera\_operator\_namespace](#module\_tigera\_operator\_namespace) | ../modules/kubernetes-namespace | n/a | | [victoria\_metrics\_k8s\_stack\_namespace](#module\_victoria\_metrics\_k8s\_stack\_namespace) | ../modules/kubernetes-namespace | n/a | ## Resources @@ -110,7 +112,6 @@ | [aws_s3_bucket_public_access_block.gitlab_runner_cache_public_access_block](https://registry.terraform.io/providers/aws/3.72.0/docs/resources/s3_bucket_public_access_block) | resource | | [helm_release.aws_loadbalancer_controller](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource | | [helm_release.aws_node_termination_handler](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource | -| [helm_release.calico_daemonset](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource | | [helm_release.cert_manager](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource | | [helm_release.certificate](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource | | [helm_release.cluster_autoscaler](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource | @@ -127,7 +128,9 @@ | [helm_release.loki_stack](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource | | [helm_release.prometheus_operator](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource | | [helm_release.reloader](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource | +| [helm_release.tigera_operator](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource | | [helm_release.victoria_metrics_k8s_stack](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource | +| [kubectl_manifest.calico_felix](https://registry.terraform.io/providers/gavinbunney/kubectl/1.13.1/docs/resources/manifest) | resource | | [kubectl_manifest.istio_prometheus_service_monitor_cp](https://registry.terraform.io/providers/gavinbunney/kubectl/1.13.1/docs/resources/manifest) | resource | | [kubectl_manifest.istio_prometheus_service_monitor_dp](https://registry.terraform.io/providers/gavinbunney/kubectl/1.13.1/docs/resources/manifest) | resource | | [kubectl_manifest.kube_prometheus_stack_operator_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/1.13.1/docs/resources/manifest) | resource | @@ -141,6 +144,7 @@ | [random_string.kibana_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource | | [random_string.kube_prometheus_stack_grafana_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource | | [random_string.victoria_metrics_k8s_stack_grafana_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource | +| [time_sleep.wait_10_seconds_tigera_operator](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource | | [aws_caller_identity.current](https://registry.terraform.io/providers/aws/3.72.0/docs/data-sources/caller_identity) | data source | | [aws_eks_cluster.main](https://registry.terraform.io/providers/aws/3.72.0/docs/data-sources/eks_cluster) | data source | | [aws_eks_cluster_auth.main](https://registry.terraform.io/providers/aws/3.72.0/docs/data-sources/eks_cluster_auth) | data source | diff --git a/terraform/layer2-k8s/eks-calico.tf b/terraform/layer2-k8s/eks-calico.tf deleted file mode 100644 index 768b340b..00000000 --- a/terraform/layer2-k8s/eks-calico.tf +++ /dev/null @@ -1,33 +0,0 @@ -locals { - aws_calico = { - name = local.helm_releases[index(local.helm_releases.*.id, "aws-calico")].id - enabled = local.helm_releases[index(local.helm_releases.*.id, "aws-calico")].enabled - chart = local.helm_releases[index(local.helm_releases.*.id, "aws-calico")].chart - repository = local.helm_releases[index(local.helm_releases.*.id, "aws-calico")].repository - chart_version = local.helm_releases[index(local.helm_releases.*.id, "aws-calico")].chart_version - namespace = local.helm_releases[index(local.helm_releases.*.id, "aws-calico")].namespace - } - aws_calico_values = < Date: Fri, 13 May 2022 14:53:01 +0600 Subject: [PATCH 4/4] update documentation --- docs/FAQ.md | 13 +++++++++++ terraform/layer2-k8s/.terraform.lock.hcl | 26 ++++++++++----------- terraform/layer2-k8s/README.md | 4 +--- terraform/layer2-k8s/eks-tigera-operator.tf | 8 +------ 4 files changed, 28 insertions(+), 23 deletions(-) diff --git a/docs/FAQ.md b/docs/FAQ.md index 2aa2c875..f8b01169 100644 --- a/docs/FAQ.md +++ b/docs/FAQ.md @@ -291,3 +291,16 @@ alertmanager: ### If you want to receive alerts **via Slack**, then do next: * See [this instruction](https://slack.com/help/articles/115005265063-Incoming-webhooks-for-Slack) and generate Slack Incoming Webhook * Set `alertmanager_slack_webhook`, `alertmanager_slack_channel` variables in [AWS Secrets Manager](https://console.aws.amazon.com/secretsmanager/home?region=us-east-1#!/home) secret with the pattern `/${local.name_wo_region}/infra/layer2-k8s`. + +## Deleting Tigera-operator +1. Run +```bash +kubectl delete installations.operator.tigera.io default +``` +2. Set `enabled: false` for `id: tigera-operator` in the file **helm-releases.yaml** +3. Run `terraform apply` in the layer2-k8s folder +4. Run +```bash +kubectl delete ns calico-apiserver calico-system +``` +5. Restart all nodes diff --git a/terraform/layer2-k8s/.terraform.lock.hcl b/terraform/layer2-k8s/.terraform.lock.hcl index 34a0ddd4..a0d1eeb7 100644 --- a/terraform/layer2-k8s/.terraform.lock.hcl +++ b/terraform/layer2-k8s/.terraform.lock.hcl @@ -117,21 +117,21 @@ provider "registry.terraform.io/hashicorp/kubernetes" { } provider "registry.terraform.io/hashicorp/random" { - version = "3.1.2" + version = "3.1.3" hashes = [ - "h1:9A6Ghjgad0KjJRxa6nPo8i8uFvwj3Vv0wnEgy49u+24=", - "zh:0daceba867b330d3f8e2c5dc895c4291845a78f31955ce1b91ab2c4d1cd1c10b", - "zh:104050099efd30a630741f788f9576b19998e7a09347decbec3da0b21d64ba2d", - "zh:173f4ef3fdf0c7e2564a3db0fac560e9f5afdf6afd0b75d6646af6576b122b16", - "zh:41d50f975e535f968b3f37170fb07937c15b76d85ba947d0ce5e5ff9530eda65", - "zh:51a5038867e5e60757ed7f513dd6a973068241190d158a81d1b69296efb9cb8d", - "zh:6432a568e97a5a36cc8aebca5a7e9c879a55d3bc71d0da1ab849ad905f41c0be", - "zh:6bac6501394b87138a5e17c9f3a41e46ff7833ad0ba2a96197bb7787e95b641c", - "zh:6c0a7f5faacda644b022e7718e53f5868187435be6d000786d1ca05aa6683a25", - "zh:74c89de3fa6ef3027efe08f8473c2baeb41b4c6cee250ba7aeb5b64e8c79800d", + "h1:7+wnAXQM7IpNEAQ6WZXdO0ZfQW/ncQFXYJ5T2KaR+Z8=", + "zh:26e07aa32e403303fc212a4367b4d67188ac965c37a9812e07acee1470687a73", + "zh:27386f48e9c9d849fbb5a8828d461fde35e71f6b6c9fc235bc4ae8403eb9c92d", + "zh:5f4edda4c94240297bbd9b83618fd362348cadf6bf24ea65ea0e1844d7ccedc0", + "zh:646313a907126cd5e69f6a9fafe816e9154fccdc04541e06fed02bb3a8fa2d2e", + "zh:7349692932a5d462f8dee1500ab60401594dddb94e9aa6bf6c4c0bd53e91bbb8", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:b29eabbf0a5298f0e95a1df214c7cfe06ea9bcf362c63b3ad2f72d85da7d4685", - "zh:e891458c7a61e5b964e09616f1a4f87d0471feae1ec04cc51776e7dec1a3abce", + "zh:9034daba8d9b32b35930d168f363af04cecb153d5849a7e4a5966c97c5dc956e", + "zh:bb81dfca59ef5f949ef39f19ea4f4de25479907abc28cdaa36d12ecd7c0a9699", + "zh:bcf7806b99b4c248439ae02c8e21f77aff9fadbc019ce619b929eef09d1221bb", + "zh:d708e14d169e61f326535dd08eecd3811cd4942555a6f8efabc37dbff9c6fc61", + "zh:dc294e19a46e1cefb9e557a7b789c8dd8f319beca99b8c265181bc633dc434cc", + "zh:f9d758ee53c55dc016dd736427b6b0c3c8eb4d0dbbc785b6a3579b0ffedd9e42", ] } diff --git a/terraform/layer2-k8s/README.md b/terraform/layer2-k8s/README.md index af29af50..652af543 100644 --- a/terraform/layer2-k8s/README.md +++ b/terraform/layer2-k8s/README.md @@ -19,9 +19,8 @@ | [http](#provider\_http) | 2.1.0 | | [kubectl](#provider\_kubectl) | 1.14.0 | | [kubernetes](#provider\_kubernetes) | 2.10.0 | -| [random](#provider\_random) | 3.1.2 | +| [random](#provider\_random) | 3.1.3 | | [terraform](#provider\_terraform) | n/a | -| [time](#provider\_time) | n/a | ## Modules @@ -97,7 +96,6 @@ | [random_string.kibana_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource | | [random_string.kube_prometheus_stack_grafana_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource | | [random_string.victoria_metrics_k8s_stack_grafana_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource | -| [time_sleep.wait_10_seconds_tigera_operator](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource | | [aws_caller_identity.current](https://registry.terraform.io/providers/aws/4.10.0/docs/data-sources/caller_identity) | data source | | [aws_eks_cluster.main](https://registry.terraform.io/providers/aws/4.10.0/docs/data-sources/eks_cluster) | data source | | [aws_eks_cluster_auth.main](https://registry.terraform.io/providers/aws/4.10.0/docs/data-sources/eks_cluster_auth) | data source | diff --git a/terraform/layer2-k8s/eks-tigera-operator.tf b/terraform/layer2-k8s/eks-tigera-operator.tf index 118b3c72..383dc58e 100644 --- a/terraform/layer2-k8s/eks-tigera-operator.tf +++ b/terraform/layer2-k8s/eks-tigera-operator.tf @@ -76,16 +76,10 @@ spec: YAML depends_on = [ - time_sleep.wait_10_seconds_tigera_operator + helm_release.tigera_operator ] } -resource "time_sleep" "wait_10_seconds_tigera_operator" { - depends_on = [helm_release.tigera_operator] - - create_duration = "20s" -} - resource "helm_release" "tigera_operator" { count = local.tigera_operator.enabled ? 1 : 0