From cd2d38565349826610c97bdbe5ee4d38dfc1afa6 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 4 Nov 2024 09:26:04 +0100 Subject: [PATCH] 5 aws clusters: enable cost attribution system nmfs-openscapes was a truly standalone account, but earthscope, jupyter-meets-the-earth, nasa-ghg, nasa-veda, were not standalone accounts. This means that we have failed to enable the cost allocation tags and need to followup with the community about this. --- .../clusters/earthscope/support.values.yaml | 8 ++++++ .../support.values.yaml | 8 ++++++ config/clusters/nasa-ghg/support.values.yaml | 8 ++++++ config/clusters/nasa-veda/support.values.yaml | 8 ++++++ .../nmfs-openscapes/support.values.yaml | 8 ++++++ eksctl/earthscope.jsonnet | 26 ++++++++++--------- eksctl/jupyter-meets-the-earth.jsonnet | 2 +- eksctl/nasa-ghg.jsonnet | 2 +- terraform/aws/projects/earthscope.tfvars | 8 ++++-- .../projects/jupyter-meets-the-earth.tfvars | 8 ++++-- terraform/aws/projects/nasa-ghg.tfvars | 8 ++++-- terraform/aws/projects/nasa-veda.tfvars | 8 +++--- terraform/aws/projects/nmfs-openscapes.tfvars | 2 ++ 13 files changed, 81 insertions(+), 23 deletions(-) diff --git a/config/clusters/earthscope/support.values.yaml b/config/clusters/earthscope/support.values.yaml index ca5153b436..27afb06d3e 100644 --- a/config/clusters/earthscope/support.values.yaml +++ b/config/clusters/earthscope/support.values.yaml @@ -39,3 +39,11 @@ cluster-autoscaler: autoDiscovery: clusterName: earthscope awsRegion: us-east-2 + +aws-ce-grafana-backend: + enabled: true + envBasedConfig: + clusterName: earthscope + serviceAccount: + annotations: + eks.amazonaws.com/role-arn: arn:aws:iam::762698921361:role/aws_ce_grafana_backend_iam_role diff --git a/config/clusters/jupyter-meets-the-earth/support.values.yaml b/config/clusters/jupyter-meets-the-earth/support.values.yaml index db8e8ed15a..98ea69469c 100644 --- a/config/clusters/jupyter-meets-the-earth/support.values.yaml +++ b/config/clusters/jupyter-meets-the-earth/support.values.yaml @@ -40,3 +40,11 @@ prometheus: - secretName: prometheus-tls hosts: - prometheus.jmte.2i2c.cloud + +aws-ce-grafana-backend: + enabled: true + envBasedConfig: + clusterName: jupyter-meets-the-earth + serviceAccount: + annotations: + eks.amazonaws.com/role-arn: arn:aws:iam::286354552638:role/aws_ce_grafana_backend_iam_role diff --git a/config/clusters/nasa-ghg/support.values.yaml b/config/clusters/nasa-ghg/support.values.yaml index a0e6f0a718..d1d39e5184 100644 --- a/config/clusters/nasa-ghg/support.values.yaml +++ b/config/clusters/nasa-ghg/support.values.yaml @@ -32,3 +32,11 @@ prometheus: - secretName: prometheus-tls hosts: - prometheus.nasa-ghg.2i2c.cloud + +aws-ce-grafana-backend: + enabled: true + envBasedConfig: + clusterName: nasa-ghg-hub + serviceAccount: + annotations: + eks.amazonaws.com/role-arn: arn:aws:iam::597746869805:role/aws_ce_grafana_backend_iam_role diff --git a/config/clusters/nasa-veda/support.values.yaml b/config/clusters/nasa-veda/support.values.yaml index 8d8320bbf2..b43e07e4d0 100644 --- a/config/clusters/nasa-veda/support.values.yaml +++ b/config/clusters/nasa-veda/support.values.yaml @@ -41,3 +41,11 @@ prometheus: - secretName: prometheus-tls hosts: - prometheus.nasa-veda.2i2c.cloud + +aws-ce-grafana-backend: + enabled: true + envBasedConfig: + clusterName: nasa-veda + serviceAccount: + annotations: + eks.amazonaws.com/role-arn: arn:aws:iam::444055461661:role/aws_ce_grafana_backend_iam_role diff --git a/config/clusters/nmfs-openscapes/support.values.yaml b/config/clusters/nmfs-openscapes/support.values.yaml index 364858e64b..4b340ab42b 100644 --- a/config/clusters/nmfs-openscapes/support.values.yaml +++ b/config/clusters/nmfs-openscapes/support.values.yaml @@ -40,3 +40,11 @@ cluster-autoscaler: autoDiscovery: clusterName: nmfs-openscapes awsRegion: us-west-2 + +aws-ce-grafana-backend: + enabled: true + envBasedConfig: + clusterName: nmfs-openscapes + serviceAccount: + annotations: + eks.amazonaws.com/role-arn: arn:aws:iam::891612562472:role/aws_ce_grafana_backend_iam_role diff --git a/eksctl/earthscope.jsonnet b/eksctl/earthscope.jsonnet index 4d2fbe9e5d..2c6ac24394 100644 --- a/eksctl/earthscope.jsonnet +++ b/eksctl/earthscope.jsonnet @@ -25,21 +25,30 @@ local nodeAz = "us-east-2a"; // A `node.kubernetes.io/instance-type label is added, so pods // can request a particular kind of node with a nodeSelector local notebookNodes = [ - { + // FIXME: tainted, to be deleted when empty, replaced by equivalent during k8s upgrade + { instanceType: "r5.xlarge", tags+: { "earthscope:application:name": "geolab", "earthscope:application:owner": "research-onramp-to-the-cloud" }, }, - { + { + instanceType: "r5.xlarge", + nameSuffix: "b", + tags+: { + "earthscope:application:name": "geolab", + "earthscope:application:owner": "research-onramp-to-the-cloud" + }, + }, + { instanceType: "r5.4xlarge", tags+: { "earthscope:application:name": "geolab", "earthscope:application:owner": "research-onramp-to-the-cloud" }, }, - { + { instanceType: "r5.16xlarge", tags+: { "earthscope:application:name": "geolab", @@ -74,7 +83,7 @@ local daskNodes = [ metadata+: { name: "earthscope", region: clusterRegion, - version: "1.29", + version: "1.30", tags+: { "ManagedBy": "2i2c", "earthscope:application:name": "geolab", @@ -110,7 +119,7 @@ local daskNodes = [ [ ng + { namePrefix: 'core', - nameSuffix: 'b', + nameSuffix: 'a', nameIncludeInstanceType: false, availabilityZones: [nodeAz], ssh: { @@ -124,7 +133,6 @@ local daskNodes = [ "k8s.dask.org/node-purpose": "core" }, tags+: { - "ManagedBy": "2i2c", "earthscope:application:name": "geolab", "earthscope:application:owner": "research-onramp-to-the-cloud" }, @@ -143,9 +151,6 @@ local daskNodes = [ "hub.jupyter.org/node-purpose": "user", "k8s.dask.org/node-purpose": "scheduler" }, - tags+: { - "ManagedBy": "2i2c", - }, taints+: { "hub.jupyter.org_dedicated": "user:NoSchedule", "hub.jupyter.org/dedicated": "user:NoSchedule" @@ -164,9 +169,6 @@ local daskNodes = [ labels+: { "k8s.dask.org/node-purpose": "worker" }, - tags+: { - "ManagedBy": "2i2c", - }, taints+: { "k8s.dask.org_dedicated" : "worker:NoSchedule", "k8s.dask.org/dedicated" : "worker:NoSchedule" diff --git a/eksctl/jupyter-meets-the-earth.jsonnet b/eksctl/jupyter-meets-the-earth.jsonnet index 53bd577772..5ceec54f03 100644 --- a/eksctl/jupyter-meets-the-earth.jsonnet +++ b/eksctl/jupyter-meets-the-earth.jsonnet @@ -81,7 +81,7 @@ local daskNodes = [ metadata+: { name: "jupyter-meets-the-earth", region: clusterRegion, - version: "1.29", + version: "1.30", }, availabilityZones: masterAzs, iam: { diff --git a/eksctl/nasa-ghg.jsonnet b/eksctl/nasa-ghg.jsonnet index 8392a44533..15c50856e8 100644 --- a/eksctl/nasa-ghg.jsonnet +++ b/eksctl/nasa-ghg.jsonnet @@ -50,7 +50,7 @@ local daskNodes = [ metadata+: { name: "nasa-ghg-hub", region: clusterRegion, - version: "1.29", + version: "1.30", }, availabilityZones: masterAzs, iam: { diff --git a/terraform/aws/projects/earthscope.tfvars b/terraform/aws/projects/earthscope.tfvars index e9f8336f09..54c8cd5e44 100644 --- a/terraform/aws/projects/earthscope.tfvars +++ b/terraform/aws/projects/earthscope.tfvars @@ -14,12 +14,16 @@ default_budget_alert = { "enabled" : false, } +enable_aws_ce_grafana_backend_iam = true + user_buckets = { "scratch-staging" : { - "delete_after" : 7 + "delete_after" : 7, + "tags" : { "2i2c:hub-name" : "staging" }, }, "scratch" : { - "delete_after" : 7 + "delete_after" : 7, + "tags" : { "2i2c:hub-name" : "prod" }, }, } diff --git a/terraform/aws/projects/jupyter-meets-the-earth.tfvars b/terraform/aws/projects/jupyter-meets-the-earth.tfvars index c05a59092b..32c4bf1f33 100644 --- a/terraform/aws/projects/jupyter-meets-the-earth.tfvars +++ b/terraform/aws/projects/jupyter-meets-the-earth.tfvars @@ -6,15 +6,19 @@ default_budget_alert = { "enabled" : false, } +enable_aws_ce_grafana_backend_iam = true + user_buckets = { "scratch-staging" : { - "delete_after" : 7 + "delete_after" : 7, + "tags" : { "2i2c:hub-name" : "staging" }, }, // IMPORTANT: This bucket isn't used, they are instead using s3://jmte-scratch // that doesn't have a delete_after policy setup etc, but maybe // they want to have. "scratch" : { - "delete_after" : 7 + "delete_after" : 7, + "tags" : { "2i2c:hub-name" : "prod" }, }, } diff --git a/terraform/aws/projects/nasa-ghg.tfvars b/terraform/aws/projects/nasa-ghg.tfvars index 121bea86dc..c2b7780157 100644 --- a/terraform/aws/projects/nasa-ghg.tfvars +++ b/terraform/aws/projects/nasa-ghg.tfvars @@ -6,12 +6,16 @@ default_budget_alert = { "enabled" : false, } +enable_aws_ce_grafana_backend_iam = true + user_buckets = { "scratch-staging" : { - "delete_after" : 7 + "delete_after" : 7, + "tags" : { "2i2c:hub-name" : "staging" }, }, "scratch" : { - "delete_after" : 7 + "delete_after" : 7, + "tags" : { "2i2c:hub-name" : "prod" }, }, } diff --git a/terraform/aws/projects/nasa-veda.tfvars b/terraform/aws/projects/nasa-veda.tfvars index 7f15b47ce1..0f465c2237 100644 --- a/terraform/aws/projects/nasa-veda.tfvars +++ b/terraform/aws/projects/nasa-veda.tfvars @@ -6,18 +6,20 @@ default_budget_alert = { "enabled" : false, } +enable_aws_ce_grafana_backend_iam = true + user_buckets = { "scratch-staging" : { "delete_after" : 7, - "tags" : { "2i2c:hub-name" : "staging" } + "tags" : { "2i2c:hub-name" : "staging" }, }, "scratch" : { "delete_after" : 7, - "tags" : { "2i2c:hub-name" : "prod" } + "tags" : { "2i2c:hub-name" : "prod" }, }, "scratch-binder" : { "delete_after" : 1, - "tags" : { "2i2c:hub-name" : "binder" } + "tags" : { "2i2c:hub-name" : "binder" }, }, } diff --git a/terraform/aws/projects/nmfs-openscapes.tfvars b/terraform/aws/projects/nmfs-openscapes.tfvars index 1f0f7c0a61..1c9a175493 100644 --- a/terraform/aws/projects/nmfs-openscapes.tfvars +++ b/terraform/aws/projects/nmfs-openscapes.tfvars @@ -6,6 +6,8 @@ default_budget_alert = { "enabled" : false, } +enable_aws_ce_grafana_backend_iam = true + disable_cluster_wide_filestore = true filestores = { "staging" = {