feat: upgrade karpenter, add cluster name label to ebs, docs

pelotech · Apr 8, 2024 · ace43b4 · ace43b4
1 parent b28144f
commit ace43b4
Show file tree

Hide file tree

Showing 5 changed files with 55 additions and 19 deletions.
diff --git a/docs/CLEANUP.md b/docs/CLEANUP.md
@@ -0,0 +1,20 @@
+# Cleanup
+
+This is the location to be able to hunt down most of the various resources which are created by the clusters components
+
+## Karpenter
+* Search for tags with `karpenter.sh/managed-by` = `{cluster-name}`
+
+## ALB/Cluster -
+### Security groups
+* Tags `elbv2.k8s.aws/cluster` = `{cluster-name}`
+* Tags `aws:eks:cluster-name` = `{cluster-name}`
+### Load Balancers
+* Tags `elbv2.k8s.aws/cluster` = `{cluster-name}`
+### Target Groups
+* Tags `elbv2.k8s.aws/cluster` = `{cluster-name}`
+
+## EBS
+### Volumes
+* Tags `ebs.csi.aws.com/cluster` = `true`
+* There's a couple new tags to be added that are generated with the k8sTagClusterId to map to cluster - TBD
diff --git a/docs/GETTING-STARTED.md b/docs/GETTING-STARTED.md
@@ -15,30 +15,31 @@ metadata:
   name: kustomize-environment
   namespace: argocd
 data:
-  CLUSTER_NAME: # name of your EKS cluster
-  AWS_REGION: # AWS region of your EKS cluster
-  ARGOCD_SERVER_HOST: # hostname for the cluster's ArgoCD web interace, e.g. argocd.example-cluster.com
-  ACME_ISSUER_EMAIL: # email used by cert-manager for ACME/letsencrypt requests
-  VPC_CIDR_BLOCK: # the CIDR block of your cluster's VPC i.e. '172.16.0.0/16'
+  CLUSTER_NAME: "# name of your EKS cluster"
+  AWS_REGION: "# AWS region of your EKS cluster"
+  ARGOCD_SERVER_HOST: "# hostname for the cluster's ArgoCD web interace, e.g. argocd.example-cluster.com"
+  ACME_ISSUER_EMAIL: "# email used by cert-manager for ACME/letsencrypt requests"
+  VPC_CIDR_BLOCK: "# the CIDR block of your cluster's VPC i.e. '172.16.0.0/16'"
 
   # See the ./terraform/cluster_roles example module for setting up these roles and their policies
-  ALB_ROLE_ARN: arn:aws:iam::{YOUR_AWS_ACCOUNT_ID}:role/alb-role
-  KARPENTER_ROLE_ARN: arn:aws:iam::{YOUR_AWS_ACCOUNT_ID}:role/karpenter-role
-  EBS_CSI_ROLE_ARN: arn:aws:iam::{YOUR_AWS_ACCOUNT_ID}:role/ebs-csi-driver
-  EXTERNAL_DNS_ROLE_ARN: arn:aws:iam::{YOUR_AWS_ACCOUNT_ID}:role/external-dns-role
-  CERT_MANAGER_ROLE_ARN: arn:aws:iam::{YOUR_AWS_ACCOUNT_ID}:role/cert-manager-role
+  ALB_ROLE_ARN: "arn:aws:iam::{YOUR_AWS_ACCOUNT_ID}:role/alb-role"
+  CERT_MANAGER_ROLE_ARN: "arn:aws:iam::{YOUR_AWS_ACCOUNT_ID}:role/cert-manager-role"
+  EBS_CSI_ROLE_ARN: "arn:aws:iam::{YOUR_AWS_ACCOUNT_ID}:role/ebs-csi-driver"
+  EXTERNAL_DNS_ROLE_ARN: "arn:aws:iam::{YOUR_AWS_ACCOUNT_ID}:role/external-dns-role"
+  KARPENTER_ROLE_ARN: "arn:aws:iam::{YOUR_AWS_ACCOUNT_ID}:role/karpenter-role"
+  S3_CSI_ROLE_ARN: "arn:aws:iam::{YOUR_AWS_ACCOUNT_ID}:role/s3-csi-driver-role"
 
   # Only required if using Loki
-  LOKI_GATEWAY_HOST: # hostname for Loki gateway i.e. for Grafana to Loki
-  LOKI_ROLE_ARN: arn:aws:iam::{YOUR_AWS_ACCOUNT_ID}:role/loki-role
-  LOKI_S3_BUCKET: # name of S3 bucket where Loki will store logs
+  LOKI_GATEWAY_HOST: "# hostname for Loki gateway i.e. for Grafana to Loki"
+  LOKI_ROLE_ARN: "arn:aws:iam::{YOUR_AWS_ACCOUNT_ID}:role/loki-role"
+  LOKI_S3_BUCKET: "# name of S3 bucket where Loki will store logs"
 
   # Only required if using Fluent Bit
-  FLUENT_BIT_ROLE_ARN: arn:aws:iam::{YOUR_AWS_ACCOUNT_ID}:role/loki-role
+  FLUENT_BIT_ROLE_ARN: "arn:aws:iam::{YOUR_AWS_ACCOUNT_ID}:role/loki-role"
 
   # Only required if using ADOT
-  ADOT_ROLE_ARN: arn:aws:iam::{YOUR_AWS_ACCOUNT_ID}:role/adot-collector-role
-  AMP_RW_ENDPOINT: # Prometheus remote endpoint for ADOT (if exporting to Prometheus/Grafana)
+  ADOT_ROLE_ARN: "arn:aws:iam::{YOUR_AWS_ACCOUNT_ID}:role/adot-collector-role"
+  AMP_RW_ENDPOINT: "# Prometheus remote endpoint for ADOT (if exporting to Prometheus/Grafana)"
 
 ```
 

diff --git a/gitops/base-install/ebs-csi/install.yaml b/gitops/base-install/ebs-csi/install.yaml
@@ -20,6 +20,7 @@ spec:
       releaseName: aws-ebs-csi-driver
       valuesObject:
         controller:
+          k8sTagClusterId: CLUSTER_NAME
           serviceAccount:
             create: true
             name: ebs-csi-driver

diff --git a/gitops/base-install/replacements/kustomization.yaml b/gitops/base-install/replacements/kustomization.yaml
@@ -103,6 +103,20 @@ replacements:
         fieldPaths:
           - spec.sources.[chart=aws-ebs-csi-driver].helm.valuesObject.controller.serviceAccount.annotations.[eks.amazonaws.com/role-arn]
 
+  - source:
+      version: v1
+      kind: ConfigMap
+      name: kustomize-environment
+      fieldPath: data.CLUSTER_NAME
+    targets:
+      - select:
+          group: argoproj.io
+          version: v1alpha1
+          kind: Application
+          name: ebs-csi
+        fieldPaths:
+          - spec.sources.[chart=aws-ebs-csi-driver].helm.valuesObject.controller.k8sTagClusterId
+
   - source:
       version: v1
       kind: ConfigMap

diff --git a/gitops/components/karpenter/resources.yaml b/gitops/components/karpenter/resources.yaml
@@ -18,16 +18,16 @@ spec:
   source:
     chart: karpenter
     repoURL: public.ecr.aws/karpenter
-    targetRevision: v0.34.1
+    targetRevision: v0.35.4
     helm:
       releaseName: karpenter
       valuesObject:
         hostNetwork: true
         controller:
           image:
             repository: ghcr.io/pelotech/karpenter
-            tag: v0.34.1-modified
-            digest: sha256:feb63abd6dbc2461ce5b7906cb6fe8e18a09f78aa8ed61cfd1f35df4db748cfe
+            tag: v0.35.4-modified
+            digest: sha256:2377914d771aee5f7499bfdc3fe1fcc87df419eaf56fa5b383f28bbef5b1fad4
           env:
             - name: IGNORED_RESOURCE_REQUESTS
               value: "devices.kubevirt.io/kvm,devices.kubevirt.io/tun,devices.kubevirt.io/vhost-net"