From 236c833ff39caf1c2f08967a4ff52fd67a010202 Mon Sep 17 00:00:00 2001 From: Reid Vandewiele Date: Mon, 9 Dec 2024 16:21:59 -0800 Subject: [PATCH 1/3] Add StormForge Optimzie Live add-on --- .../Partner/StormForge/external-secret.yaml | 22 +++++++ .../Addons/Partner/StormForge/namespace.yaml | 9 +++ .../StormForge/stormforge-agent-release.yaml | 32 ++++++++++ .../stormforge-applier-release.yaml | 19 ++++++ .../StormForge/stormforge-cluster-name.yaml | 56 ++++++++++++++++ .../Partner/StormForge/stormforge-source.yaml | 10 +++ .../StormForge/stormforge-test-job.yaml | 64 +++++++++++++++++++ 7 files changed, 212 insertions(+) create mode 100644 eks-anywhere-common/Addons/Partner/StormForge/external-secret.yaml create mode 100644 eks-anywhere-common/Addons/Partner/StormForge/namespace.yaml create mode 100644 eks-anywhere-common/Addons/Partner/StormForge/stormforge-agent-release.yaml create mode 100644 eks-anywhere-common/Addons/Partner/StormForge/stormforge-applier-release.yaml create mode 100644 eks-anywhere-common/Addons/Partner/StormForge/stormforge-cluster-name.yaml create mode 100644 eks-anywhere-common/Addons/Partner/StormForge/stormforge-source.yaml create mode 100644 eks-anywhere-common/Testers/StormForge/stormforge-test-job.yaml diff --git a/eks-anywhere-common/Addons/Partner/StormForge/external-secret.yaml b/eks-anywhere-common/Addons/Partner/StormForge/external-secret.yaml new file mode 100644 index 00000000..eaa91168 --- /dev/null +++ b/eks-anywhere-common/Addons/Partner/StormForge/external-secret.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: stormforge-external-secret + namespace: stormforge +spec: + refreshInterval: 5m + secretStoreRef: + name: eksa-secret-store + kind: ClusterSecretStore + target: + name: stormforge-auth-secret + data: + - secretKey: clientID + remoteRef: + key: stormforge-secrets + property: clientID + - secretKey: clientSecret + remoteRef: + key: stormforge-secrets + property: clientSecret diff --git a/eks-anywhere-common/Addons/Partner/StormForge/namespace.yaml b/eks-anywhere-common/Addons/Partner/StormForge/namespace.yaml new file mode 100644 index 00000000..8f498a29 --- /dev/null +++ b/eks-anywhere-common/Addons/Partner/StormForge/namespace.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: stormforge + labels: + aws.conformance.vendor: stormforge + aws.conformance.vendor-solution: optimize-live + aws.conformance.vendor-solution-version: 2.16.1 diff --git a/eks-anywhere-common/Addons/Partner/StormForge/stormforge-agent-release.yaml b/eks-anywhere-common/Addons/Partner/StormForge/stormforge-agent-release.yaml new file mode 100644 index 00000000..eaf5abae --- /dev/null +++ b/eks-anywhere-common/Addons/Partner/StormForge/stormforge-agent-release.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: stormforge-agent-release + namespace: stormforge +spec: + releaseName: stormforge-agent + chart: + spec: + chart: stormforge-agent + reconcileStrategy: ChartVersion + sourceRef: + kind: HelmRepository + name: stormforge-charts + namespace: flux-system + version: 2.16.1 + interval: 5m0s + targetNamespace: stormforge + valuesFrom: + - kind: ConfigMap + name: stormforge-clustername + valuesKey: clusterName + targetPath: clusterName + - kind: Secret + name: stormforge-auth-secret + valuesKey: clientID + targetPath: authorization.clientID + - kind: Secret + name: stormforge-auth-secret + valuesKey: clientSecret + targetPath: authorization.clientSecret diff --git a/eks-anywhere-common/Addons/Partner/StormForge/stormforge-applier-release.yaml b/eks-anywhere-common/Addons/Partner/StormForge/stormforge-applier-release.yaml new file mode 100644 index 00000000..355ed847 --- /dev/null +++ b/eks-anywhere-common/Addons/Partner/StormForge/stormforge-applier-release.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: stormforge-applier-release + namespace: stormforge +spec: + releaseName: stormforge-applier + chart: + spec: + chart: stormforge-applier + reconcileStrategy: ChartVersion + sourceRef: + kind: HelmRepository + name: stormforge-charts + namespace: flux-system + version: 2.6.0 + interval: 5m0s + targetNamespace: stormforge diff --git a/eks-anywhere-common/Addons/Partner/StormForge/stormforge-cluster-name.yaml b/eks-anywhere-common/Addons/Partner/StormForge/stormforge-cluster-name.yaml new file mode 100644 index 00000000..b12d3855 --- /dev/null +++ b/eks-anywhere-common/Addons/Partner/StormForge/stormforge-cluster-name.yaml @@ -0,0 +1,56 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: stormforge-configmaps-admin + namespace: stormforge +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: stormforge-configmaps-admin + namespace: stormforge +rules: +- apiGroups: [""] # "" indicates the core API group + resources: ["configmaps"] + verbs: ["*"] # full access +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: stormforge-configmaps-admin + namespace: stormforge +subjects: + - kind: ServiceAccount + name: stormforge-configmaps-admin + namespace: stormforge +roleRef: + kind: Role + name: stormforge-configmaps-admin + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: stormforge-cluster-name + namespace: stormforge +spec: + template: + spec: + restartPolicy: Never + serviceAccountName: stormforge-configmaps-admin + containers: + - name: generate-name + image: bitnami/kubectl:1.31 + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + command: + - '/bin/sh' + - '-c' + - | + cm_name=stormforge-clustername + cluster_name="eksa-test-$(LC_ALL=C tr -dc a-z0-9 Date: Wed, 11 Dec 2024 11:26:47 -0800 Subject: [PATCH 2/3] Change StormForge test from Job to CronJob Runs daily @ 8am --- .../StormForge/stormforge-test-cronjob.yaml | 67 +++++++++++++++++++ .../StormForge/stormforge-test-job.yaml | 64 ------------------ 2 files changed, 67 insertions(+), 64 deletions(-) create mode 100644 eks-anywhere-common/Testers/StormForge/stormforge-test-cronjob.yaml delete mode 100644 eks-anywhere-common/Testers/StormForge/stormforge-test-job.yaml diff --git a/eks-anywhere-common/Testers/StormForge/stormforge-test-cronjob.yaml b/eks-anywhere-common/Testers/StormForge/stormforge-test-cronjob.yaml new file mode 100644 index 00000000..7d90bd0a --- /dev/null +++ b/eks-anywhere-common/Testers/StormForge/stormforge-test-cronjob.yaml @@ -0,0 +1,67 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: stormforge-test-cronjob + namespace: stormforge +spec: + schedule: "0 8 * * *" # Daily @ 8:00am + jobTemplate: + spec: + backoffLimit: 4 + template: + spec: + activeDeadlineSeconds: 1800 + restartPolicy: Never + containers: + - name: stormforge-test-job + image: badouralix/curl-jq:alpine + env: + - name: CLI_VERSION + value: "5.1.9" + envFrom: + - secretRef: + name: stormforge-agent-auth + - secretRef: + name: stormforge-agent-env + command: + - '/bin/sh' + - '-c' + - | + # Setup: Fetch the StormForge CLI tool + while :; do + [ "$(uname -sm)" = "Linux aarch64" ] && arch=arm64 || arch=amd64 + curl -L "https://downloads.stormforge.io/stormforge-cli/v${CLI_VERSION}/stormforge_${CLI_VERSION}_linux_${arch}.tar.gz" | tar -xz + if [ $? = 0 ]; then + chmod a+x ./stormforge + mv ./stormforge /usr/local/bin + break + fi + sleep 5 + done + + # Tidy: delete any old and inactive eksa test clusters that may still be registered + stormforge get clusters --state Inactive -o json \ + | jq -r '.items[].name | select(. | test("^eksa-test-"))' \ + | xargs --no-run-if-empty stormforge delete clusters + + # Validate: when the cluster name has been registered, is not Inactive, and + # shows both products connected, then Optimize Live is working. + while :; do + echo "checking for stormforge-agent, stormforge-applier registration on $STORMFORGE_CLUSTER_NAME" + if stormforge get cluster "$STORMFORGE_CLUSTER_NAME" -o json \ + | jq -e 'all(.items[]; + (.status.phase == "Created") + and + all(.stormforge.products | map(.name); + any(index("stormforge-agent")) + and + any(index("stormforge-applier")) ))' + then + echo "successfully connected ${STORMFORGE_CLUSTER_NAME} to StormForge backend" + break + fi + sleep 5 + done + + # Success! (failure is handled by spec.activeDeadlineSeconds) + exit 0 diff --git a/eks-anywhere-common/Testers/StormForge/stormforge-test-job.yaml b/eks-anywhere-common/Testers/StormForge/stormforge-test-job.yaml deleted file mode 100644 index d809b42c..00000000 --- a/eks-anywhere-common/Testers/StormForge/stormforge-test-job.yaml +++ /dev/null @@ -1,64 +0,0 @@ ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: stormforge-test-job - namespace: stormforge -spec: - template: - spec: - activeDeadlineSeconds: 1800 - restartPolicy: Never - containers: - - name: stormforge-test-job - image: badouralix/curl-jq:alpine - env: - - name: CLI_VERSION - value: "5.1.9" - envFrom: - - secretRef: - name: stormforge-agent-auth - - secretRef: - name: stormforge-agent-env - command: - - '/bin/sh' - - '-c' - - | - # Setup: Fetch the StormForge CLI tool - while :; do - [ "$(uname -sm)" = "Linux aarch64" ] && arch=arm64 || arch=amd64 - curl -L "https://downloads.stormforge.io/stormforge-cli/v${CLI_VERSION}/stormforge_${CLI_VERSION}_linux_${arch}.tar.gz" | tar -xz - if [ $? = 0 ]; then - chmod a+x ./stormforge - mv ./stormforge /usr/local/bin - break - fi - sleep 5 - done - - # Tidy: delete any old and inactive eksa test clusters that may still be registered - stormforge get clusters --state Inactive -o json \ - | jq -r '.items[].name | select(. | test("^eksa-test-"))' \ - | xargs --no-run-if-empty stormforge delete clusters - - # Validate: when the cluster name has been registered, is not Inactive, and - # shows both products connected, then Optimize Live is working. - while :; do - echo "checking for stormforge-agent, stormforge-applier registration on $STORMFORGE_CLUSTER_NAME" - if stormforge get cluster "$STORMFORGE_CLUSTER_NAME" -o json \ - | jq -e 'all(.items[]; - (.status.phase == "Created") - and - all(.stormforge.products | map(.name); - any(index("stormforge-agent")) - and - any(index("stormforge-applier")) ))' - then - echo "successfully connected ${STORMFORGE_CLUSTER_NAME} to StormForge backend" - break - fi - sleep 5 - done - - # Success! (failure is handled by spec.activeDeadlineSeconds) - exit 0 From 192b1caadc853cfbcf31b1e42ebf5c758aedd299 Mon Sep 17 00:00:00 2001 From: Reid Vandewiele Date: Wed, 11 Dec 2024 11:43:24 -0800 Subject: [PATCH 3/3] Add resources to StormForge test job --- .../Testers/StormForge/stormforge-test-cronjob.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/eks-anywhere-common/Testers/StormForge/stormforge-test-cronjob.yaml b/eks-anywhere-common/Testers/StormForge/stormforge-test-cronjob.yaml index 7d90bd0a..477167d4 100644 --- a/eks-anywhere-common/Testers/StormForge/stormforge-test-cronjob.yaml +++ b/eks-anywhere-common/Testers/StormForge/stormforge-test-cronjob.yaml @@ -23,6 +23,10 @@ spec: name: stormforge-agent-auth - secretRef: name: stormforge-agent-env + resources: + requests: + cpu: 10m + memory: 224Mi command: - '/bin/sh' - '-c'