diff --git a/.werft/eks-installer-tests.yaml b/.werft/eks-installer-tests.yaml new file mode 100644 index 00000000000000..96c376ebf465d2 --- /dev/null +++ b/.werft/eks-installer-tests.yaml @@ -0,0 +1,85 @@ +# debug using `werft run github -f -s .werft/installer-tests.ts -j .werft/eks-installer-tests.yaml -a debug=true` +pod: + serviceAccount: werft + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: dev/workload + operator: In + values: + - "builds" + securityContext: + runAsUser: 0 + volumes: + - name: sh-playground-sa-perm + secret: + secretName: sh-playground-sa-perm + - name: sh-playground-dns-perm + secret: + secretName: sh-playground-dns-perm + - name: sh-aks-perm + secret: + secretName: aks-credentials + containers: + - name: nightly-test + image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:cw-werft-cred.0 + workingDir: /workspace + imagePullPolicy: Always + volumeMounts: + - name: sh-playground-sa-perm + mountPath: /mnt/secrets/sh-playground-sa-perm + - name: sh-playground-dns-perm # this sa is used for the DNS management + mountPath: /mnt/secrets/sh-playground-dns-perm + env: + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: aws-credentials + key: aws-access-key + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: aws-credentials + key: aws-secret-key + - name: AWS_REGION + valueFrom: + secretKeyRef: + name: aws-credentials + key: aws-region + - name: WERFT_HOST + value: "werft.werft.svc.cluster.local:7777" + - name: GOOGLE_APPLICATION_CREDENTIALS + value: "/mnt/secrets/sh-playground-sa-perm/sh-sa.json" + - name: WERFT_K8S_NAMESPACE + value: "werft" + - name: WERFT_K8S_LABEL + value: "component=werft" + - name: TF_VAR_sa_creds + value: "/mnt/secrets/sh-playground-sa-perm/sh-sa.json" + - name: TF_VAR_dns_sa_creds + value: "/mnt/secrets/sh-playground-dns-perm/sh-dns-sa.json" + - name: NODENAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + command: + - bash + - -c + - | + sleep 1 + set -Eeuo pipefail + + sudo chown -R gitpod:gitpod /workspace + sudo apt update && apt install gettext-base + + export TF_VAR_TEST_ID=$(echo $RANDOM | md5sum | head -c 5; echo) + + (cd .werft && yarn install && mv node_modules ..) | werft log slice prep + printf '{{ toJson . }}' > context.json + + npx ts-node .werft/installer-tests.ts "STANDARD_EKS_TEST" +# The bit below makes this a cron job +# plugins: +# cron: "15 3 * * *" diff --git a/.werft/installer-tests.ts b/.werft/installer-tests.ts index 6f7e00794277a3..9597eade921264 100644 --- a/.werft/installer-tests.ts +++ b/.werft/installer-tests.ts @@ -39,6 +39,11 @@ const INFRA_PHASES: { [name: string]: InfraConfig } = { makeTarget: "aks-standard-cluster", description: "Creating an aks cluster(azure)", }, + STANDARD_EKS_CLUSTER: { + phase: "create-std-eks-cluster", + makeTarget: "eks-standard-cluster", + description: "Creating a EKS cluster with 1 nodepool each for workspace and server", + }, CERT_MANAGER: { phase: "setup-cert-manager", makeTarget: "cert-manager", @@ -174,6 +179,23 @@ const TEST_CONFIGURATIONS: { [name: string]: TestConfig } = { "DESTROY", ], }, + STANDARD_EKS_TEST: { + DESCRIPTION: "Create an EKS cluster", + PHASES: [ + "STANDARD_EKS_CLUSTER", + "CERT_MANAGER", + // TODO phases are: + // 1) register domains in AWS, associate with route53 + // 2) add the associated ns record to gcp(since we use gitpod-self-hsoted.com domain) + // 3) create cluster issuer with route53 as solver + "GENERATE_KOTS_CONFIG", + "INSTALL_GITPOD", + // "CHECK_INSTALLATION", + // "RUN_INTEGRATION_TESTS", + "RESULTS", + "DESTROY", + ], + }, STANDARD_K3S_PREVIEW: { DESCRIPTION: "Create a SH Gitpod preview environment on a K3s cluster, created on a GCP instance", PHASES: [ diff --git a/install/infra/terraform/eks/kubernetes.tf b/install/infra/terraform/eks/kubernetes.tf new file mode 100644 index 00000000000000..08900f4f0b624f --- /dev/null +++ b/install/infra/terraform/eks/kubernetes.tf @@ -0,0 +1,203 @@ +terraform { + required_providers { + kubectl = { + source = "gavinbunney/kubectl" + version = ">= 1.7.0" + } + aws = { + version = " ~> 3.0" + source = "registry.terraform.io/hashicorp/aws" + } + } +} + +resource "aws_iam_role" "eks_cluster" { + depends_on = [data.aws_subnet_ids.subnet_ids] + name = "iam-${var.cluster_name}" + + assume_role_policy = <