Migrate to v5 blueprints (awslabs#779)

**Which issue is resolved by this Pull Request:** Resolves awslabs#775 **Description of your changes:** Upgrade to v5 blueprints for the eks addons Major changes: 1. v5 does not have an option to enable the ebs csi driver, will need to do with the help of another module 2. v5 does not have an option for enabling the nvidia plugin, an operator is used instead. 3. V5/V4 parameters are different. **Testing:** - [ ] Unit tests pass - [x] e2e tests pass - Cognito, rds-s3-static, rds/s3-irsa passes, efs/fsx look fine manually. Need to test nvidia. - Details about new tests (If this PR adds a new feature) - Details about any manual tests performed - GPU testing By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
tne-ai · Sep 27, 2023 · 973b3b4 · 973b3b4
1 parent f229d49
commit 973b3b4
Show file tree

Hide file tree

Showing 7 changed files with 256 additions and 95 deletions.
diff --git a/deployments/cognito-rds-s3/terraform/main.tf b/deployments/cognito-rds-s3/terraform/main.tf
@@ -140,54 +140,76 @@ module "eks_blueprints" {
   tags = local.tags
 }
 
+module "ebs_csi_driver_irsa" {
+  source                = "../../../iaac/terraform/aws-infra/ebs-csi-driver-irsa"
+  cluster_name          = local.cluster_name
+  cluster_region        = local.region
+  tags                  = local.tags
+  eks_oidc_provider_arn = module.eks_blueprints.eks_oidc_provider_arn
+}
+
 module "eks_blueprints_kubernetes_addons" {
-  source = "github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons?ref=v4.32.1"
+  source  = "aws-ia/eks-blueprints-addons/aws"
+  version = "~> 1.0" #ensure to update this to the latest/desired version
 
-  eks_cluster_id       = module.eks_blueprints.eks_cluster_id
-  eks_cluster_endpoint = module.eks_blueprints.eks_cluster_endpoint
-  eks_oidc_provider    = module.eks_blueprints.oidc_provider
-  eks_cluster_version  = module.eks_blueprints.eks_cluster_version
+  cluster_name      = local.cluster_name
+  cluster_endpoint  = module.eks_blueprints.eks_cluster_endpoint
+  cluster_version   = module.eks_blueprints.eks_cluster_version
+  oidc_provider_arn = module.eks_blueprints.eks_oidc_provider_arn
 
-  # EKS Managed Add-ons
-  enable_amazon_eks_vpc_cni            = true
-  enable_amazon_eks_coredns            = true
-  enable_amazon_eks_kube_proxy         = true
-  enable_amazon_eks_aws_ebs_csi_driver = true
+  depends_on = [module.ebs_csi_driver_irsa, module.eks_data_addons]
+
+  eks_addons = {
+    aws-ebs-csi-driver = {
+      most_recent              = true
+      service_account_role_arn = module.ebs_csi_driver_irsa.iam_role_arn
+    }
+    coredns = {
+      most_recent = true
+    }
+    vpc-cni = {
+      most_recent = true
+    }
+    kube-proxy = {
+      most_recent = true
+    }
+  }
 
-  # EKS Blueprints Add-ons
-  enable_cert_manager                 = true
   enable_aws_load_balancer_controller = true
+  enable_cert_manager                 = true
 
-  aws_efs_csi_driver_helm_config = {
-    namespace = "kube-system"
-    version   = "2.4.1"
+  cert_manager = {
+    chart_version = "v1.10.0"
   }
 
   enable_aws_efs_csi_driver = true
+  enable_aws_fsx_csi_driver = true
 
-  aws_fsx_csi_driver_helm_config = {
-    namespace = "kube-system"
-    version   = "1.5.1"
-  }
 
-  enable_aws_fsx_csi_driver = true
+  aws_efs_csi_driver = {
+    namespace     = "kube-system"
+    chart_version = "2.4.1"
+  }
 
-  enable_nvidia_device_plugin = local.using_gpu
+  aws_fsx_csi_driver = {
+    namespace     = "kube-system"
+    chart_version = "1.5.1"
+  }
 
-  secrets_store_csi_driver_helm_config = {
-    namespace = "kube-system"
-    version   = "1.3.2"
+  secrets_store_csi_driver = {
+    namespace     = "kube-system"
+    chart_version = "1.3.2"
     set = [
       {
         name  = "syncSecret.enabled",
         value = "true"
       }
     ]
   }
-  enable_secrets_store_csi_driver = true
 
+  enable_secrets_store_csi_driver = true
 
-  csi_secrets_store_provider_aws_helm_config = {
+  secrets_store_csi_driver_provider_aws = {
     namespace = "kube-system"
     set = [
       {
@@ -196,10 +218,19 @@ module "eks_blueprints_kubernetes_addons" {
       }
     ]
   }
+
   enable_secrets_store_csi_driver_provider_aws = true
 
   tags = local.tags
+}
 
+module "eks_data_addons" {
+  source  = "aws-ia/eks-data-addons/aws"
+  version = "~> 1.0" # ensure to update this to the latest/desired version
+
+  oidc_provider_arn = module.eks_blueprints.eks_oidc_provider_arn
+
+  enable_nvidia_gpu_operator = local.using_gpu
 }
 
 # todo: update the blueprints repo code to export the desired values as outputs
@@ -263,6 +294,7 @@ module "kubeflow_components" {
 
   tags = local.tags
 
+
   providers = {
     aws          = aws
     aws.virginia = aws.virginia

diff --git a/deployments/cognito/terraform/main.tf b/deployments/cognito/terraform/main.tf
@@ -129,42 +129,72 @@ module "eks_blueprints" {
   tags = local.tags
 }
 
+module "ebs_csi_driver_irsa" {
+  source                = "../../../iaac/terraform/aws-infra/ebs-csi-driver-irsa"
+  cluster_name          = local.cluster_name
+  cluster_region        = local.region
+  tags                  = local.tags
+  eks_oidc_provider_arn = module.eks_blueprints.eks_oidc_provider_arn
+}
+
 module "eks_blueprints_kubernetes_addons" {
-  source = "github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons?ref=v4.32.1"
+  source  = "aws-ia/eks-blueprints-addons/aws"
+  version = "~> 1.0" #ensure to update this to the latest/desired version
 
-  eks_cluster_id       = module.eks_blueprints.eks_cluster_id
-  eks_cluster_endpoint = module.eks_blueprints.eks_cluster_endpoint
-  eks_oidc_provider    = module.eks_blueprints.oidc_provider
-  eks_cluster_version  = module.eks_blueprints.eks_cluster_version
+  cluster_name      = local.cluster_name
+  cluster_endpoint  = module.eks_blueprints.eks_cluster_endpoint
+  cluster_version   = module.eks_blueprints.eks_cluster_version
+  oidc_provider_arn = module.eks_blueprints.eks_oidc_provider_arn
 
-  # EKS Managed Add-ons
-  enable_amazon_eks_vpc_cni            = true
-  enable_amazon_eks_coredns            = true
-  enable_amazon_eks_kube_proxy         = true
-  enable_amazon_eks_aws_ebs_csi_driver = true
+  depends_on = [module.ebs_csi_driver_irsa, module.eks_data_addons]
+
+  eks_addons = {
+    aws-ebs-csi-driver = {
+      most_recent              = true
+      service_account_role_arn = module.ebs_csi_driver_irsa.iam_role_arn
+    }
+    coredns = {
+      most_recent = true
+    }
+    vpc-cni = {
+      most_recent = true
+    }
+    kube-proxy = {
+      most_recent = true
+    }
+  }
 
-  # EKS Blueprints Add-ons
-  enable_cert_manager                 = true
   enable_aws_load_balancer_controller = true
+  enable_cert_manager                 = true
 
-  aws_efs_csi_driver_helm_config = {
-    namespace = "kube-system"
-    version   = "2.4.1"
+  cert_manager = {
+    chart_version = "v1.10.0"
   }
 
   enable_aws_efs_csi_driver = true
+  enable_aws_fsx_csi_driver = true
 
-  aws_fsx_csi_driver_helm_config = {
-    namespace = "kube-system"
-    version   = "1.5.1"
-  }
 
-  enable_aws_fsx_csi_driver = true
+  aws_efs_csi_driver = {
+    namespace     = "kube-system"
+    chart_version = "2.4.1"
+  }
 
-  enable_nvidia_device_plugin = local.using_gpu
+  aws_fsx_csi_driver = {
+    namespace     = "kube-system"
+    chart_version = "1.5.1"
+  }
 
   tags = local.tags
+}
+
+module "eks_data_addons" {
+  source  = "aws-ia/eks-data-addons/aws"
+  version = "~> 1.0" # ensure to update this to the latest/desired version
+
+  oidc_provider_arn = module.eks_blueprints.eks_oidc_provider_arn
 
+  enable_nvidia_gpu_operator = local.using_gpu
 }
 
 # todo: update the blueprints repo code to export the desired values as outputs

diff --git a/deployments/rds-s3/terraform/main.tf b/deployments/rds-s3/terraform/main.tf
@@ -121,54 +121,76 @@ module "eks_blueprints" {
   tags = local.tags
 }
 
+module "ebs_csi_driver_irsa" {
+  source                = "../../../iaac/terraform/aws-infra/ebs-csi-driver-irsa"
+  cluster_name          = local.cluster_name
+  cluster_region        = local.region
+  tags                  = local.tags
+  eks_oidc_provider_arn = module.eks_blueprints.eks_oidc_provider_arn
+}
+
 module "eks_blueprints_kubernetes_addons" {
-  source = "github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons?ref=v4.32.1"
+  source  = "aws-ia/eks-blueprints-addons/aws"
+  version = "~> 1.0" #ensure to update this to the latest/desired version
 
-  eks_cluster_id       = module.eks_blueprints.eks_cluster_id
-  eks_cluster_endpoint = module.eks_blueprints.eks_cluster_endpoint
-  eks_oidc_provider    = module.eks_blueprints.oidc_provider
-  eks_cluster_version  = module.eks_blueprints.eks_cluster_version
+  cluster_name      = local.cluster_name
+  cluster_endpoint  = module.eks_blueprints.eks_cluster_endpoint
+  cluster_version   = module.eks_blueprints.eks_cluster_version
+  oidc_provider_arn = module.eks_blueprints.eks_oidc_provider_arn
 
-  # EKS Managed Add-ons
-  enable_amazon_eks_vpc_cni            = true
-  enable_amazon_eks_coredns            = true
-  enable_amazon_eks_kube_proxy         = true
-  enable_amazon_eks_aws_ebs_csi_driver = true
+  depends_on = [module.ebs_csi_driver_irsa, module.eks_data_addons]
+
+  eks_addons = {
+    aws-ebs-csi-driver = {
+      most_recent              = true
+      service_account_role_arn = module.ebs_csi_driver_irsa.iam_role_arn
+    }
+    coredns = {
+      most_recent = true
+    }
+    vpc-cni = {
+      most_recent = true
+    }
+    kube-proxy = {
+      most_recent = true
+    }
+  }
 
-  # EKS Blueprints Add-ons
-  enable_cert_manager                 = true
   enable_aws_load_balancer_controller = true
+  enable_cert_manager                 = true
 
-  aws_efs_csi_driver_helm_config = {
-    namespace = "kube-system"
-    version   = "2.4.1"
+  cert_manager = {
+    chart_version = "v1.10.0"
   }
 
   enable_aws_efs_csi_driver = true
+  enable_aws_fsx_csi_driver = true
 
-  aws_fsx_csi_driver_helm_config = {
-    namespace = "kube-system"
-    version   = "1.5.1"
-  }
 
-  enable_aws_fsx_csi_driver = true
+  aws_efs_csi_driver = {
+    namespace     = "kube-system"
+    chart_version = "2.4.1"
+  }
 
-  enable_nvidia_device_plugin = local.using_gpu
+  aws_fsx_csi_driver = {
+    namespace     = "kube-system"
+    chart_version = "1.5.1"
+  }
 
-  secrets_store_csi_driver_helm_config = {
-    namespace = "kube-system"
-    version   = "1.3.2"
+  secrets_store_csi_driver = {
+    namespace     = "kube-system"
+    chart_version = "1.3.2"
     set = [
       {
         name  = "syncSecret.enabled",
         value = "true"
       }
     ]
   }
-  enable_secrets_store_csi_driver = true
 
+  enable_secrets_store_csi_driver = true
 
-  csi_secrets_store_provider_aws_helm_config = {
+  secrets_store_csi_driver_provider_aws = {
     namespace = "kube-system"
     set = [
       {
@@ -177,10 +199,19 @@ module "eks_blueprints_kubernetes_addons" {
       }
     ]
   }
+
   enable_secrets_store_csi_driver_provider_aws = true
 
   tags = local.tags
+}
+
+module "eks_data_addons" {
+  source  = "aws-ia/eks-data-addons/aws"
+  version = "~> 1.0" # ensure to update this to the latest/desired version
+
+  oidc_provider_arn = module.eks_blueprints.eks_oidc_provider_arn
 
+  enable_nvidia_gpu_operator = local.using_gpu
 }
 
 # todo: update the blueprints repo code to export the desired values as outputs