aws-samples · mikemcd3912 · May 9, 2024 · May 9, 2024 · May 9, 2024 · May 9, 2024
diff --git a/.github/workflows/close-pull-request.yaml b/.github/workflows/close-pull-request.yaml
@@ -1,7 +1,7 @@
 name: PR Closed - purging developer_branch
 on: 
   pull_request_target:
-    branches: [main]
+    branches: [githubActions]
     types: [closed]
 
 jobs:
@@ -46,12 +46,12 @@ jobs:
         git fetch origin pull/${{ github.event.pull_request.number }}/head:pr
 
     - name: Remove Deleted Files, copy over added or modified files in accepted PR
-      id: find-namespace-yaml
+      id: update-branch-with-pr-files
       run: |
         # Pull file information down into a JSON array
         readarray -t files < <(curl -s "https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/files" | jq -c '.[]')
 
-        # Checkout and update Developer branch 
+        # Move updated files over to dev branch
         git fetch --all
         git config --local user.email "dev@null"
         git config --local user.name "Conformitron Bot"
@@ -83,6 +83,72 @@ jobs:
           fi
         done
 
+
+        # Create Monitoring ConfigMap for each file's partner folder
+        for item in "${files[@]}"; do
+          status=$(echo "$item" | jq -r '.status')
+          filename=$(echo "$item" | jq -r '.filename')
+          echo $filename
+
+
+          if [ "$status" != removed ] && [[ $filename != *README.md ]]; then
+            # Parse namespace data
+            subdirectory=$(dirname $filename)
+            namespace_file_subdirectory=$(dirname $filename)
+            namespace_file=$(find $namespace_file_subdirectory -name *namespace*)
+            namespace_name=""
+            partner_name=""
+
+            # get namespace from dev branch partner directory. If in Testers directory, re-align to Addons/Partner/{partner}
+            while [ -z "$(find $namespace_file_subdirectory -name '*namespace*')" ] && [[ -z $namespace_name ]]; do
+              partner_name=$(basename $namespace_file_subdirectory)
+              namespace_file_subdirectory=$(dirname $namespace_file_subdirectory)
+              if [ $(basename $namespace_file_subdirectory) == "Testers" ]; then
+                namespace_file_subdirectory=$(dirname $namespace_file_subdirectory)
+                namespace_file_subdirectory=$namespace_file_subdirectory/Addons/Partner/$partner_name
+              elif [ $(basename $namespace_file_subdirectory) == "Partner" ] || [ $(basename $namespace_file_subdirectory) == "Core" ]; then
+                echo "No Namespace File Found in Partner Directory"
+                exit 200
+              fi
+              namespace_file=$(find $namespace_file_subdirectory -name "*namespace*")
+            done
+
+            if [ -f $namespace_file ]; then
+              namespace_file_subdirectory=$(dirname $namespace_file)
+              namespace_name=$(grep -E '^\s*metadata:\s*$|^\s*name:\s*' "$namespace_file" | awk -F':' '{gsub(/ /, "", $2); print $2}')
+            else
+              echo "No Namespace file found"
+              exit 200
+            fi
+
+            if [[ -n $namespace_name ]]; then
+              namespace=$(echo $namespace_name | xargs echo -n)
+              config_map_file="config-map-$namespace.yml"
+              echo "apiVersion: v1" >> $config_map_file
+              echo "kind: ConfigMap" >> $config_map_file
+              echo "metadata:" >> $config_map_file
+              echo "  name: $namespace-observation-configmap" >> $config_map_file
+              echo "  namespace: $namespace" >> $config_map_file
+              echo "  labels:" >> $config_map_file
+              echo "    bot: conformitron" >> $config_map_file
+              echo "data:" >> $config_map_file
+              echo "  Namespace: ${namespace}" >> $config_map_file
+              echo "  lastApprovedPrNumber: \"${{ github.event.pull_request.number }}\"" >> $config_map_file
+              echo "  lastPrCommitHash: ${{ github.event.pull_request.head.sha }}" >> $config_map_file
+              echo "  lastPointOfContact: ${{ github.event.pull_request.user.login }}" >> $config_map_file
+              echo "  approved: \"$(date +%s)\"" >> $config_map_file
+              echo "  env: $(echo $subdirectory | cut -f1 -d/ | awk -F-  '{print $NF}' )"  >> $config_map_file
+              mkdir -p ./$namespace_file_subdirectory/
+              mv "$config_map_file" ./$namespace_file_subdirectory/
+              git add ./$namespace_file_subdirectory/
+
+            else
+              echo "No Namespace found, Invalid namespace file"
+              exit 100
+            fi
+          fi        
+        done
+
         git commit -m "Adding new and changed files for merged PR_${{ github.event.pull_request.number }}"
         git push
 
diff --git a/.github/workflows/new-pull-request.yaml b/.github/workflows/new-pull-request.yaml
@@ -2,7 +2,7 @@ name: PR Opened - moving new ISV addon to developer_branch for E2E testing
 
 on:
   pull_request_target:
-    branches: [main]
+    branches: [githubActions]
     types: [opened, reopened, synchronize]
     paths-ignore: 
      - 'Validated_Partners/**'

diff --git a/eks-anywhere-common/Addons/Partner/Test6/external-secret.yaml b/eks-anywhere-common/Addons/Partner/Test6/external-secret.yaml
@@ -0,0 +1,16 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: kubecost-external-secret
+  namespace: kubecost
+spec:
+  refreshInterval: 1m
+  secretStoreRef:
+    name: eksa-secret-store #The secret store name we have just created.
+    kind: ClusterSecretStore
+  target:
+    name: kubecost-secret # Secret name in k8s
+  data:
+  - secretKey: kubecost-token # which key it's going to be stored
+    remoteRef:
+      key: kubecost-token # Our secret-name goes here
diff --git a/eks-anywhere-common/Addons/Partner/Test6/kubecost-source.yaml b/eks-anywhere-common/Addons/Partner/Test6/kubecost-source.yaml
@@ -0,0 +1,10 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: kubecost-charts
+  namespace: flux-system
+spec:
+  interval: 30s
+  url: https://kubecost.github.io/cost-analyzer/
+
diff --git a/eks-anywhere-common/Addons/Partner/Test6/kubecost.yaml b/eks-anywhere-common/Addons/Partner/Test6/kubecost.yaml
@@ -0,0 +1,23 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: kubecost
+  namespace: kubecost
+spec:
+  chart:
+    spec:
+      chart: cost-analyzer
+      reconcileStrategy: ChartVersion
+      sourceRef:
+        kind: HelmRepository
+        name: kubecost-charts
+        namespace: flux-system
+      version: 2.1.0
+  interval: 1m0s
+  targetNamespace: kubecost
+  valuesFrom:
+  - kind: Secret
+    name: kubecost-secret
+    valuesKey: kubecost-token
+    targetPath: kubecostToken
diff --git a/eks-anywhere-common/Addons/Partner/Test6/namespace.yaml b/eks-anywhere-common/Addons/Partner/Test6/namespace.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: kubecost
+  labels:
+      aws.conformance.vendor: kubecost
+      aws.conformance.vendor-solution: cost-analyzer
+      aws.conformance.vendor-solution-version: 2.1.0
diff --git a/eks-anywhere-common/Testers/Test6/kubecost-testJob.yaml b/eks-anywhere-common/Testers/Test6/kubecost-testJob.yaml
@@ -0,0 +1,77 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: kubecost-healthtest
+  namespace: kubecost
+spec:
+  schedule: "*/10 * * * *"
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          securityContext:
+            seccompProfile:
+              type: RuntimeDefault
+            runAsNonRoot: true
+            runAsUser: 1000
+            runAsGroup: 3000
+            fsGroup: 2000
+          serviceAccountName: tester
+          containers:
+            - name: test-kubecost
+              image: alpine/k8s:1.26.9
+              securityContext:
+                privileged: false
+                capabilities:
+                  drop: 
+                  - ALL
+                allowPrivilegeEscalation: false
+                readOnlyRootFilesystem: true
+              command:
+                - /bin/sh
+              args:
+                - -c
+                - >-
+                  svc=$(kubectl get --raw  /api/v1/namespaces/kubecost/services | jq -r '.items[] | select(.metadata.name | test("cost-analyzer$")).metadata.name');
+                  echo Getting current Kubecost state.;
+                  response=$(curl -sL http://${svc}:9090/model/getConfigs);
+                  code=$(echo ${response} | jq .code);
+                  if [ "$code" -eq 200 ]; then
+                    echo "Got Kubecost working configuration. Successful."
+                    exit 0
+                  else 
+                    echo "Failed to fetch Kubecost configuration. Response was $response"
+                    exit 1
+                  fi
+          restartPolicy: Never
+      backoffLimit: 1
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: test-role
+  namespace: kubecost
+rules:
+- apiGroups: [""]
+  resources: ["services"]
+  verbs: ["list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: test-rolebinding
+  namespace: kubecost
+subjects:
+- kind: ServiceAccount
+  name: tester
+  namespace: kubecost
+roleRef:
+  kind: Role
+  name: test-role
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: tester
+  namespace: kubecost