From 3530e8c758df3ea2fb26d654109e17a75f157b37 Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Wed, 9 Dec 2020 10:01:06 +0100 Subject: [PATCH 1/3] fix(synthetics): `metricFailed` uses `Average` instead of `Sum` by default (#11941) Because the `Failed` metric is emitted as `1` if there is a failure, and no data points are emitted otherwise, the `Average` of all data points will always be `1`. `Sum` is a more appropriate default metric. This PR should not be merged before https://github.com/aws/aws-cdk/pull/11717 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/aws-synthetics/lib/canary.ts | 7 ++----- packages/@aws-cdk/aws-synthetics/test/metric.test.ts | 2 +- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/packages/@aws-cdk/aws-synthetics/lib/canary.ts b/packages/@aws-cdk/aws-synthetics/lib/canary.ts index 367c9efe6e435..7b1ccf79f5830 100644 --- a/packages/@aws-cdk/aws-synthetics/lib/canary.ts +++ b/packages/@aws-cdk/aws-synthetics/lib/canary.ts @@ -297,15 +297,12 @@ export class Canary extends cdk.Resource { /** * Measure the number of failed canary runs over a given time period. * - * Default: average over 5 minutes + * Default: sum over 5 minutes * * @param options - configuration options for the metric */ public metricFailed(options?: MetricOptions): Metric { - return this.cannedMetric(CloudWatchSyntheticsMetrics.failedSum, { - statistic: 'Average', - ...options, - }); + return this.cannedMetric(CloudWatchSyntheticsMetrics.failedSum, options); } /** diff --git a/packages/@aws-cdk/aws-synthetics/test/metric.test.ts b/packages/@aws-cdk/aws-synthetics/test/metric.test.ts index a2f13cd7e9fcc..6144d2d678cdb 100644 --- a/packages/@aws-cdk/aws-synthetics/test/metric.test.ts +++ b/packages/@aws-cdk/aws-synthetics/test/metric.test.ts @@ -31,7 +31,7 @@ test('.metricXxx() methods can be used to obtain Metrics for the canary', () => dimensions: { CanaryName: canary.canaryName }, namespace: 'CloudWatchSynthetics', metricName: 'Failed', - statistic: 'Average', + statistic: 'Sum', })); expect(metricDuration).toEqual(expect.objectContaining({ From 6f306adc7ac12cb24ec0cad2a543976464b037b8 Mon Sep 17 00:00:00 2001 From: Niranjan Jayakar Date: Wed, 9 Dec 2020 14:21:14 +0000 Subject: [PATCH 2/3] chore: apply mergify rules to v2-main branch (#11939) The same set of mergify rules are used for 'master' and 'v2-main' branches. With these changes, regular PRs from contributors get auto-merged. This is currently not the case. This also removes any special rules for v2 and reduces the number of rules. --- .mergify.yml | 27 +++------------------------ 1 file changed, 3 insertions(+), 24 deletions(-) diff --git a/.mergify.yml b/.mergify.yml index 2675841005330..97ca6d16de18b 100644 --- a/.mergify.yml +++ b/.mergify.yml @@ -19,7 +19,6 @@ pull_request_rules: commit_message: title+body conditions: - base!=release - - -base~=^v2 - -title~=(WIP|wip) - -label~=(blocked|do-not-merge|no-squash|two-approvers) - -merged @@ -34,7 +33,7 @@ pull_request_rules: - name: automatic merge (2+ approvers) actions: comment: - message: Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to [allow changes to be pushed to your fork](https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/allowing-changes-to-a-pull-request-branch-created-from-a-fork)). + message: Thank you for contributing! Your pull request will be automatically updated and merged (do not update manually, and be sure to [allow changes to be pushed to your fork](https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/allowing-changes-to-a-pull-request-branch-created-from-a-fork)). merge: strict: smart method: squash @@ -42,7 +41,6 @@ pull_request_rules: commit_message: title+body conditions: - base!=release - - -base~=^v2 - -title~=(WIP|wip) - label~=two-approvers - -label~=(blocked|do-not-merge|no-squash) @@ -58,7 +56,7 @@ pull_request_rules: - name: automatic merge (no-squash) actions: comment: - message: Thank you for contributing! Your pull request will be updated from master and then merged automatically without squashing (do not update manually, and be sure to [allow changes to be pushed to your fork](https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/allowing-changes-to-a-pull-request-branch-created-from-a-fork)). + message: Thank you for contributing! Your pull request will be automatically updated and merged without squashing (do not update manually, and be sure to [allow changes to be pushed to your fork](https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/allowing-changes-to-a-pull-request-branch-created-from-a-fork)). merge: strict: smart # Merge instead of squash @@ -66,7 +64,6 @@ pull_request_rules: strict_method: merge commit_message: title+body conditions: - - -base~=^v2 - -title~=(WIP|wip) - -label~=(blocked|do-not-merge) # Only if no-squash is set @@ -121,22 +118,4 @@ pull_request_rules: - "#approved-reviews-by>=1" - "#changes-requested-reviews-by=0" - status-success~=AWS CodeBuild us-east-1 - - status-success=validate-pr - - name: automatic merge of v2 forward merges - actions: - comment: - message: Forward merge successful! - merge: - method: merge - strict: smart+fasttrack - strict_method: merge - commit_message: title+body - conditions: - - base=v2-main - - label~=forward-merge - - -label~=(blocked|do-not-merge) - - -merged - - -closed - - author~=aws-cdk-automation - - "#approved-reviews-by>=1" - - status-success~=AWS CodeBuild us-east-1 + - status-success=validate-pr \ No newline at end of file From 2ec294803427675b0ba594e929f32aca1ffdb075 Mon Sep 17 00:00:00 2001 From: Elad Ben-Israel Date: Wed, 9 Dec 2020 19:14:04 +0200 Subject: [PATCH 3/3] fix(eks): kubectl provider out-of-memory for large manifests/charts (now 1GiB) (#11957) Increase the default memory size of the kubectl provider's lambda function to 1GiB and introduce a `kubectlMemory` option that can be used to control memory allocation if needed. Fixes #11787 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/aws-eks/README.md | 25 ++++++++++- packages/@aws-cdk/aws-eks/lib/cluster.ts | 34 ++++++++++++-- .../@aws-cdk/aws-eks/lib/kubectl-provider.ts | 3 +- .../@aws-cdk/aws-eks/test/test.cluster.ts | 44 +++++++++++++++++-- 4 files changed, 97 insertions(+), 9 deletions(-) diff --git a/packages/@aws-cdk/aws-eks/README.md b/packages/@aws-cdk/aws-eks/README.md index 1b09a3ac995e5..cf08a43a16bfe 100644 --- a/packages/@aws-cdk/aws-eks/README.md +++ b/packages/@aws-cdk/aws-eks/README.md @@ -450,7 +450,11 @@ The `ClusterHandler` is a Lambda function responsible to interact the EKS API in ### Kubectl Support -The resources are created in the cluster by running `kubectl apply` from a python lambda function. You can configure the environment of this function by specifying it at cluster instantiation. For example, this can be useful in order to configure an http proxy: +The resources are created in the cluster by running `kubectl apply` from a python lambda function. + +#### Environment + +You can configure the environment of this function by specifying it at cluster instantiation. For example, this can be useful in order to configure an http proxy: ```ts const cluster = new eks.Cluster(this, 'hello-eks', { @@ -461,6 +465,8 @@ const cluster = new eks.Cluster(this, 'hello-eks', { }); ``` +#### Runtime + By default, the `kubectl`, `helm` and `aws` commands used to operate the cluster are provided by an AWS Lambda Layer from the AWS Serverless Application in [aws-lambda-layer-kubectl](https://github.com/aws-samples/aws-lambda-layer-kubectl). In most cases this should be sufficient. You can provide a custom layer in case the default layer does not meet your @@ -496,6 +502,23 @@ const cluster = eks.Cluster.fromClusterAttributes(this, 'MyCluster', { > Instructions on how to build `layer.zip` can be found > [here](https://github.com/aws-samples/aws-lambda-layer-kubectl/blob/master/cdk/README.md). +#### Memory + +By default, the kubectl provider is configured with 1024MiB of memory. You can use the `kubectlMemory` option to specify the memory size for the AWS Lambda function: + +```ts +import { Size } from '@aws-cdk/core'; + +new eks.Cluster(this, 'MyCluster', { + kubectlMemory: Size.gibibytes(4) +}); + +// or +eks.Cluster.fromClusterAttributes(this, 'MyCluster', { + kubectlMemory: Size.gibibytes(4) +}); +``` + ### ARM64 Support Instance types with `ARM64` architecture are supported in both managed nodegroup and self-managed capacity. Simply specify an ARM64 `instanceType` (such as `m6g.medium`), and the latest diff --git a/packages/@aws-cdk/aws-eks/lib/cluster.ts b/packages/@aws-cdk/aws-eks/lib/cluster.ts index 54cbeb9379d02..beee73cca05dd 100644 --- a/packages/@aws-cdk/aws-eks/lib/cluster.ts +++ b/packages/@aws-cdk/aws-eks/lib/cluster.ts @@ -6,7 +6,7 @@ import * as iam from '@aws-cdk/aws-iam'; import * as kms from '@aws-cdk/aws-kms'; import * as lambda from '@aws-cdk/aws-lambda'; import * as ssm from '@aws-cdk/aws-ssm'; -import { Annotations, CfnOutput, CfnResource, IResource, Resource, Stack, Tags, Token, Duration } from '@aws-cdk/core'; +import { Annotations, CfnOutput, CfnResource, IResource, Resource, Stack, Tags, Token, Duration, Size } from '@aws-cdk/core'; import { Construct, Node } from 'constructs'; import * as YAML from 'yaml'; import { AwsAuth } from './aws-auth'; @@ -92,14 +92,13 @@ export interface ICluster extends IResource, ec2.IConnectable { /** * Custom environment variables when running `kubectl` against this cluster. - * @default - no additional environment variables */ readonly kubectlEnvironment?: { [key: string]: string }; /** * A security group to use for `kubectl` execution. * - * @default - If not specified, the k8s endpoint is expected to be accessible + * If this is undefined, the k8s endpoint is expected to be accessible * publicly. */ readonly kubectlSecurityGroup?: ec2.ISecurityGroup; @@ -107,7 +106,7 @@ export interface ICluster extends IResource, ec2.IConnectable { /** * Subnets to host the `kubectl` compute resources. * - * @default - If not specified, the k8s endpoint is expected to be accessible + * If this is undefined, the k8s endpoint is expected to be accessible * publicly. */ readonly kubectlPrivateSubnets?: ec2.ISubnet[]; @@ -119,6 +118,10 @@ export interface ICluster extends IResource, ec2.IConnectable { */ readonly kubectlLayer?: lambda.ILayerVersion; + /** + * Amount of memory to allocate to the provider's lambda function. + */ + readonly kubectlMemory?: Size; /** * Creates a new service account with corresponding IAM Role (IRSA). * @@ -271,6 +274,13 @@ export interface ClusterAttributes { * @see https://github.com/aws-samples/aws-lambda-layer-kubectl */ readonly kubectlLayer?: lambda.ILayerVersion; + + /** + * Amount of memory to allocate to the provider's lambda function. + * + * @default Size.gibibytes(1) + */ + readonly kubectlMemory?: Size; } /** @@ -416,6 +426,13 @@ export interface ClusterOptions extends CommonClusterOptions { * @see https://github.com/aws-samples/aws-lambda-layer-kubectl */ readonly kubectlLayer?: lambda.ILayerVersion; + + /** + * Amount of memory to allocate to the provider's lambda function. + * + * @default Size.gibibytes(1) + */ + readonly kubectlMemory?: Size; } /** @@ -630,6 +647,7 @@ abstract class ClusterBase extends Resource implements ICluster { public abstract readonly kubectlEnvironment?: { [key: string]: string }; public abstract readonly kubectlSecurityGroup?: ec2.ISecurityGroup; public abstract readonly kubectlPrivateSubnets?: ec2.ISubnet[]; + public abstract readonly kubectlMemory?: Size; public abstract readonly openIdConnectProvider: iam.IOpenIdConnectProvider; /** @@ -842,6 +860,11 @@ export class Cluster extends ClusterBase { */ public readonly kubectlLayer?: lambda.ILayerVersion; + /** + * The amount of memory allocated to the kubectl provider's lambda function. + */ + public readonly kubectlMemory?: Size; + /** * If this cluster is kubectl-enabled, returns the `ClusterResource` object * that manages it. If this cluster is not kubectl-enabled (i.e. uses the @@ -929,6 +952,7 @@ export class Cluster extends ClusterBase { this.endpointAccess = props.endpointAccess ?? EndpointAccess.PUBLIC_AND_PRIVATE; this.kubectlEnvironment = props.kubectlEnvironment; this.kubectlLayer = props.kubectlLayer; + this.kubectlMemory = props.kubectlMemory; const privateSubents = this.selectPrivateSubnets().slice(0, 16); const publicAccessDisabled = !this.endpointAccess._config.publicAccess; @@ -1630,6 +1654,7 @@ class ImportedCluster extends ClusterBase { public readonly kubectlSecurityGroup?: ec2.ISecurityGroup | undefined; public readonly kubectlPrivateSubnets?: ec2.ISubnet[] | undefined; public readonly kubectlLayer?: lambda.ILayerVersion; + public readonly kubectlMemory?: Size; constructor(scope: Construct, id: string, private readonly props: ClusterAttributes) { super(scope, id); @@ -1641,6 +1666,7 @@ class ImportedCluster extends ClusterBase { this.kubectlEnvironment = props.kubectlEnvironment; this.kubectlPrivateSubnets = props.kubectlPrivateSubnetIds ? props.kubectlPrivateSubnetIds.map((subnetid, index) => ec2.Subnet.fromSubnetId(this, `KubectlSubnet${index}`, subnetid)) : undefined; this.kubectlLayer = props.kubectlLayer; + this.kubectlMemory = props.kubectlMemory; let i = 1; for (const sgid of props.securityGroupIds ?? []) { diff --git a/packages/@aws-cdk/aws-eks/lib/kubectl-provider.ts b/packages/@aws-cdk/aws-eks/lib/kubectl-provider.ts index be23ac355c42e..4cf2d254099f6 100644 --- a/packages/@aws-cdk/aws-eks/lib/kubectl-provider.ts +++ b/packages/@aws-cdk/aws-eks/lib/kubectl-provider.ts @@ -67,6 +67,7 @@ export class KubectlProvider extends NestedStack { } const layer = cluster.kubectlLayer ?? getOrCreateKubectlLayer(this); + const memorySize = cluster.kubectlMemory ? cluster.kubectlMemory.toMebibytes() : 1024; const handler = new lambda.Function(this, 'Handler', { code: lambda.Code.fromAsset(path.join(__dirname, 'kubectl-handler')), @@ -75,7 +76,7 @@ export class KubectlProvider extends NestedStack { timeout: Duration.minutes(15), description: 'onEvent handler for EKS kubectl resource provider', layers: [layer], - memorySize: 256, + memorySize, environment: cluster.kubectlEnvironment, // defined only when using private access diff --git a/packages/@aws-cdk/aws-eks/test/test.cluster.ts b/packages/@aws-cdk/aws-eks/test/test.cluster.ts index facdf1880d426..409fb829bbc93 100644 --- a/packages/@aws-cdk/aws-eks/test/test.cluster.ts +++ b/packages/@aws-cdk/aws-eks/test/test.cluster.ts @@ -12,7 +12,7 @@ import * as constructs from 'constructs'; import { Test } from 'nodeunit'; import * as YAML from 'yaml'; import * as eks from '../lib'; -import { getOrCreateKubectlLayer } from '../lib/kubectl-provider'; +import * as kubectl from '../lib/kubectl-provider'; import { BottleRocketImage } from '../lib/private/bottlerocket'; import { testFixture, testFixtureNoVpc } from './util'; @@ -391,7 +391,7 @@ export = { // WHEN const vpc = new ec2.Vpc(stack, 'VPC'); new eks.Cluster(stack, 'Cluster', { vpc, defaultCapacity: 0, version: CLUSTER_VERSION }); - getOrCreateKubectlLayer(stack); + kubectl.getOrCreateKubectlLayer(stack); // THEN expect(stack).to(haveResource('Custom::AWSCDK-EKS-Cluster')); @@ -411,7 +411,7 @@ export = { // WHEN const vpc = new ec2.Vpc(stack, 'VPC'); new eks.Cluster(stack, 'Cluster', { vpc, defaultCapacity: 0, version: CLUSTER_VERSION }); - getOrCreateKubectlLayer(stack); + kubectl.getOrCreateKubectlLayer(stack); // THEN expect(stack).to(haveResource('Custom::AWSCDK-EKS-Cluster')); @@ -2583,4 +2583,42 @@ export = { })); test.done(); }, + + 'custom memory size for kubectl provider'(test: Test) { + // GIVEN + const { stack, vpc, app } = testFixture(); + + // WHEN + new eks.Cluster(stack, 'Cluster', { + vpc, + version: CLUSTER_VERSION, + kubectlMemory: cdk.Size.gibibytes(2), + }); + + // THEN + const casm = app.synth(); + const providerNestedStackTemplate = JSON.parse(fs.readFileSync(path.join(casm.directory, 'StackawscdkawseksKubectlProvider7346F799.nested.template.json'), 'utf-8')); + test.equal(providerNestedStackTemplate?.Resources?.Handler886CB40B?.Properties?.MemorySize, 2048); + test.done(); + }, + + 'custom memory size for imported clusters'(test: Test) { + // GIVEN + const { stack, app } = testFixture(); + + // WHEN + const cluster = eks.Cluster.fromClusterAttributes(stack, 'Imported', { + clusterName: 'my-cluster', + kubectlRoleArn: 'arn:aws:iam::123456789012:role/MyRole', + kubectlMemory: cdk.Size.gibibytes(4), + }); + + cluster.addManifest('foo', { bar: 123 }); + + // THEN + const casm = app.synth(); + const providerNestedStackTemplate = JSON.parse(fs.readFileSync(path.join(casm.directory, 'StackStackImported1CBA9C50KubectlProviderAA00BA49.nested.template.json'), 'utf-8')); + test.equal(providerNestedStackTemplate?.Resources?.Handler886CB40B?.Properties?.MemorySize, 4096); + test.done(); + }, };