Merge branch 'main' into feature/add-vpc-lattice-pattern

aws-ia · Dec 14, 2023 · ba79c8c · ba79c8c
2 parents fe703c9 + 0612af5
commit ba79c8c
Show file tree

Hide file tree

Showing 13 changed files with 144 additions and 154 deletions.
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -24,4 +24,4 @@ jobs:
       - name: 'Checkout Repository'
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.5.4
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@9f45b2463b475767b61721ccfef113fef513e6aa # v3.1.1
+        uses: actions/dependency-review-action@01bc87099ba56df1e897b6874784491ea6309bc4 # v3.1.4
diff --git a/.github/workflows/publish-docs.yml b/.github/workflows/publish-docs.yml
@@ -28,7 +28,7 @@ jobs:
           fetch-depth: 0
 
       - name: Set up Python ${{ env.PYTHON_VERSION }}
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: ${{ env.PYTHON_VERSION }}
 

diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -71,6 +71,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@74483a38d39275f33fcff5f35b679b5ca4a26a99 # v2.22.5
+        uses: github/codeql-action/upload-sarif@305f6546310b9203e892c28c1484e82977f4f63d # v2.22.10
         with:
           sarif_file: results.sarif
diff --git a/patterns/blue-green-upgrade/environment/versions.tf b/patterns/blue-green-upgrade/environment/versions.tf
@@ -10,5 +10,6 @@ terraform {
       source  = "hashicorp/random"
       version = ">= 3.0"
     }
+
   }
 }
diff --git a/patterns/blue-green-upgrade/modules/eks_cluster/outputs.tf b/patterns/blue-green-upgrade/modules/eks_cluster/outputs.tf
@@ -49,10 +49,3 @@ output "gitops_metadata" {
   value       = local.addons_metadata
   sensitive   = true
 }
-
-# output "debug" {
-#   description = "debug output"
-#   #value = data.template_file.addons_template.rendered
-#   value = data.template_file.workloads_template.rendered
-#   #value = file("${path.module}/../../bootstrap/addons.yaml")
-# }
diff --git a/patterns/blue-green-upgrade/modules/eks_cluster/versions.tf b/patterns/blue-green-upgrade/modules/eks_cluster/versions.tf
@@ -11,9 +11,5 @@ terraform {
       source  = "hashicorp/kubernetes"
       version = "2.22.0"
     }
-    template = {
-      source  = "hashicorp/template"
-      version = ">= 2.2.0"
-    }
   }
 }
diff --git a/patterns/blue-green-upgrade/terraform.tfvars.example b/patterns/blue-green-upgrade/terraform.tfvars.example
@@ -5,12 +5,17 @@ environment_name     = "eks-blueprint"
 hosted_zone_name    = "eks.mydomain.org" # your Existing Hosted Zone
 eks_admin_role_name = "Admin" # Additional role admin in the cluster (usually the role I use in the AWS console)
 
-# EKS Blueprint AddOns ArgoCD App of App repository
-gitops_bridge_repo_url = "[email protected]:gitops-bridge-dev/gitops-bridge-argocd-control-plane-template"
-gitops_bridge_repo_revision = "HEAD"
+#gitops_addons_org      = "[email protected]:aws-samples"
+#gitops_addons_repo     = "eks-blueprints-add-ons"
+#gitops_addons_path     = "argocd/bootstrap/control-plane/addons"
+#gitops_addons_basepath = "argocd/"
 
 # EKS Blueprint Workloads ArgoCD App of App repository
-workload_repo_url      = "[email protected]:aws-samples/eks-blueprints-workloads.git"
-workload_repo_revision = "main"
-workload_repo_path     = "envs/dev"
-workload_repo_secret   = "github-blueprint-ssh-key"
+gitops_workloads_org      = "[email protected]:aws-samples"
+gitops_workloads_repo     = "eks-blueprints-workloads"
+gitops_workloads_revision = "main"
+gitops_workloads_path     = "envs/dev"
+
+
+#Secret manager secret for github ssk jey
+aws_secret_manager_git_private_ssh_key_name = "github-blueprint-ssh-key"
diff --git a/patterns/istio/main.tf b/patterns/istio/main.tf
@@ -127,19 +127,19 @@ module "eks_blueprints_addons" {
 
   helm_releases = {
     istio-base = {
-      chart      = "base"
-      version    = local.istio_chart_version
-      repository = local.istio_chart_url
-      name       = "istio-base"
-      namespace  = kubernetes_namespace_v1.istio_system.metadata[0].name
+      chart         = "base"
+      chart_version = local.istio_chart_version
+      repository    = local.istio_chart_url
+      name          = "istio-base"
+      namespace     = kubernetes_namespace_v1.istio_system.metadata[0].name
     }
 
     istiod = {
-      chart      = "istiod"
-      version    = local.istio_chart_version
-      repository = local.istio_chart_url
-      name       = "istiod"
-      namespace  = kubernetes_namespace_v1.istio_system.metadata[0].name
+      chart         = "istiod"
+      chart_version = local.istio_chart_version
+      repository    = local.istio_chart_url
+      name          = "istiod"
+      namespace     = kubernetes_namespace_v1.istio_system.metadata[0].name
 
       set = [
         {
@@ -151,7 +151,7 @@ module "eks_blueprints_addons" {
 
     istio-ingress = {
       chart            = "gateway"
-      version          = local.istio_chart_version
+      chart_version    = local.istio_chart_version
       repository       = local.istio_chart_url
       name             = "istio-ingress"
       namespace        = "istio-ingress" # per https://github.com/istio/istio/blob/master/manifests/charts/gateways/istio-ingress/values.yaml#L2

diff --git a/patterns/karpenter/README.md b/patterns/karpenter/README.md
@@ -8,15 +8,55 @@ See [here](https://aws-ia.github.io/terraform-aws-eks-blueprints/getting-started
 
 ## Validate
 
-!!! danger "TODO"
-    Add in validation steps
+1. Test by listing the nodes in the cluster. You should see four Fargate nodes in the cluster:
+
+    ```sh
+    kubectl get nodes
+
+    NAME                                                STATUS   ROLES    AGE     VERSION
+    fargate-ip-10-0-11-195.us-west-2.compute.internal   Ready    <none>   5m20s   v1.28.2-eks-f8587cb
+    fargate-ip-10-0-27-183.us-west-2.compute.internal   Ready    <none>   5m2s    v1.28.2-eks-f8587cb
+    fargate-ip-10-0-4-169.us-west-2.compute.internal    Ready    <none>   5m3s    v1.28.2-eks-f8587cb
+    fargate-ip-10-0-44-106.us-west-2.compute.internal   Ready    <none>   5m12s   v1.28.2-eks-f8587cb
+    ```
+
+2. Provision the Karpenter `EC2NodeClass` and `NodePool` resources which provide Karpenter the necessary configurations to provision EC2 resources:
+
+    ```sh
+    kubectl apply -f karpenter.yaml
+    ```
+
+3. Once the Karpenter resources are in place, Karpenter will provision the necessary EC2 resources to satisfy any pending pods in the scheduler's queue. You can demonstrate this with the example deployment provided. First deploy the example deployment which has the initial number replicas set to 0:
+
+    ```sh
+    kubectl apply -f example.yaml
+    ```
+
+4. When you scale the example deployment, you should see Karpenter respond by quickly provisioning EC2 resources to satisfy those pending pod requests:
+
+    ```sh
+    kubectl scale deployment inflate --replicas=3
+    ```
+
+5. Listing the nodes should now show some EC2 compute that Karpenter has created for the example deployment:
+
+    ```sh
+    kubectl get nodes
+
+    NAME                                                STATUS   ROLES    AGE   VERSION
+    fargate-ip-10-0-11-195.us-west-2.compute.internal   Ready    <none>   13m   v1.28.2-eks-f8587cb
+    fargate-ip-10-0-27-183.us-west-2.compute.internal   Ready    <none>   12m   v1.28.2-eks-f8587cb
+    fargate-ip-10-0-4-169.us-west-2.compute.internal    Ready    <none>   12m   v1.28.2-eks-f8587cb
+    fargate-ip-10-0-44-106.us-west-2.compute.internal   Ready    <none>   13m   v1.28.2-eks-f8587cb
+    ip-10-0-32-199.us-west-2.compute.internal           Ready    <none>   29s   v1.28.2-eks-a5df82a # <== EC2 created by Karpenter
+    ```
 
 ## Destroy
 
 Scale down the deployment to de-provision Karpenter created resources first:
 
 ```sh
-kubectl delete deployment inflate
+kubectl delete -f example.yaml
 ```
 
 {%

diff --git a/patterns/karpenter/example.yaml b/patterns/karpenter/example.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: inflate
+spec:
+  replicas: 0
+  selector:
+    matchLabels:
+      app: inflate
+  template:
+    metadata:
+      labels:
+        app: inflate
+    spec:
+      terminationGracePeriodSeconds: 0
+      containers:
+        - name: inflate
+          image: public.ecr.aws/eks-distro/kubernetes/pause:3.7
+          resources:
+            requests:
+              cpu: 1
diff --git a/patterns/karpenter/karpenter.yaml b/patterns/karpenter/karpenter.yaml
@@ -0,0 +1,44 @@
+---
+apiVersion: karpenter.k8s.aws/v1beta1
+kind: EC2NodeClass
+metadata:
+  name: default
+spec:
+  amiFamily: AL2
+  role: karpenter-ex-karpenter
+  subnetSelectorTerms:
+    - tags:
+        karpenter.sh/discovery: ex-karpenter
+  securityGroupSelectorTerms:
+    - tags:
+        karpenter.sh/discovery: ex-karpenter
+  tags:
+    karpenter.sh/discovery: ex-karpenter
+---
+apiVersion: karpenter.sh/v1beta1
+kind: NodePool
+metadata:
+  name: default
+spec:
+  template:
+    spec:
+      nodeClassRef:
+        name: default
+      requirements:
+        - key: "karpenter.k8s.aws/instance-category"
+          operator: In
+          values: ["c", "m", "r"]
+        - key: "karpenter.k8s.aws/instance-cpu"
+          operator: In
+          values: ["4", "8", "16", "32"]
+        - key: "karpenter.k8s.aws/instance-hypervisor"
+          operator: In
+          values: ["nitro"]
+        - key: "karpenter.k8s.aws/instance-generation"
+          operator: Gt
+          values: ["2"]
+  limits:
+    cpu: 1000
+  disruption:
+    consolidationPolicy: WhenEmpty
+    consolidateAfter: 30s
-Original file line number
+Diff line change
@@ Expand Up / @@ -10,5 +10,6 @@ terraform { @@
           source  = "hashicorp/random"
           version = ">= 3.0"
         }
       }
     }