From ace43b4526b558363148714190200bd19db8b641 Mon Sep 17 00:00:00 2001 From: Joachim Hill-Grannec Date: Mon, 8 Apr 2024 11:13:45 -0400 Subject: [PATCH] feat: upgrade karpenter, add cluster name label to ebs, docs --- docs/CLEANUP.md | 20 +++++++++++ docs/GETTING-STARTED.md | 33 ++++++++++--------- gitops/base-install/ebs-csi/install.yaml | 1 + .../replacements/kustomization.yaml | 14 ++++++++ gitops/components/karpenter/resources.yaml | 6 ++-- 5 files changed, 55 insertions(+), 19 deletions(-) create mode 100644 docs/CLEANUP.md diff --git a/docs/CLEANUP.md b/docs/CLEANUP.md new file mode 100644 index 0000000..33b95e0 --- /dev/null +++ b/docs/CLEANUP.md @@ -0,0 +1,20 @@ +# Cleanup + +This is the location to be able to hunt down most of the various resources which are created by the clusters components + +## Karpenter +* Search for tags with `karpenter.sh/managed-by` = `{cluster-name}` + +## ALB/Cluster - +### Security groups +* Tags `elbv2.k8s.aws/cluster` = `{cluster-name}` +* Tags `aws:eks:cluster-name` = `{cluster-name}` +### Load Balancers +* Tags `elbv2.k8s.aws/cluster` = `{cluster-name}` +### Target Groups +* Tags `elbv2.k8s.aws/cluster` = `{cluster-name}` + +## EBS +### Volumes +* Tags `ebs.csi.aws.com/cluster` = `true` +* There's a couple new tags to be added that are generated with the k8sTagClusterId to map to cluster - TBD diff --git a/docs/GETTING-STARTED.md b/docs/GETTING-STARTED.md index 2da8f9c..0559a33 100644 --- a/docs/GETTING-STARTED.md +++ b/docs/GETTING-STARTED.md @@ -15,30 +15,31 @@ metadata: name: kustomize-environment namespace: argocd data: - CLUSTER_NAME: # name of your EKS cluster - AWS_REGION: # AWS region of your EKS cluster - ARGOCD_SERVER_HOST: # hostname for the cluster's ArgoCD web interace, e.g. argocd.example-cluster.com - ACME_ISSUER_EMAIL: # email used by cert-manager for ACME/letsencrypt requests - VPC_CIDR_BLOCK: # the CIDR block of your cluster's VPC i.e. '172.16.0.0/16' + CLUSTER_NAME: "# name of your EKS cluster" + AWS_REGION: "# AWS region of your EKS cluster" + ARGOCD_SERVER_HOST: "# hostname for the cluster's ArgoCD web interace, e.g. argocd.example-cluster.com" + ACME_ISSUER_EMAIL: "# email used by cert-manager for ACME/letsencrypt requests" + VPC_CIDR_BLOCK: "# the CIDR block of your cluster's VPC i.e. '172.16.0.0/16'" # See the ./terraform/cluster_roles example module for setting up these roles and their policies - ALB_ROLE_ARN: arn:aws:iam::{YOUR_AWS_ACCOUNT_ID}:role/alb-role - KARPENTER_ROLE_ARN: arn:aws:iam::{YOUR_AWS_ACCOUNT_ID}:role/karpenter-role - EBS_CSI_ROLE_ARN: arn:aws:iam::{YOUR_AWS_ACCOUNT_ID}:role/ebs-csi-driver - EXTERNAL_DNS_ROLE_ARN: arn:aws:iam::{YOUR_AWS_ACCOUNT_ID}:role/external-dns-role - CERT_MANAGER_ROLE_ARN: arn:aws:iam::{YOUR_AWS_ACCOUNT_ID}:role/cert-manager-role + ALB_ROLE_ARN: "arn:aws:iam::{YOUR_AWS_ACCOUNT_ID}:role/alb-role" + CERT_MANAGER_ROLE_ARN: "arn:aws:iam::{YOUR_AWS_ACCOUNT_ID}:role/cert-manager-role" + EBS_CSI_ROLE_ARN: "arn:aws:iam::{YOUR_AWS_ACCOUNT_ID}:role/ebs-csi-driver" + EXTERNAL_DNS_ROLE_ARN: "arn:aws:iam::{YOUR_AWS_ACCOUNT_ID}:role/external-dns-role" + KARPENTER_ROLE_ARN: "arn:aws:iam::{YOUR_AWS_ACCOUNT_ID}:role/karpenter-role" + S3_CSI_ROLE_ARN: "arn:aws:iam::{YOUR_AWS_ACCOUNT_ID}:role/s3-csi-driver-role" # Only required if using Loki - LOKI_GATEWAY_HOST: # hostname for Loki gateway i.e. for Grafana to Loki - LOKI_ROLE_ARN: arn:aws:iam::{YOUR_AWS_ACCOUNT_ID}:role/loki-role - LOKI_S3_BUCKET: # name of S3 bucket where Loki will store logs + LOKI_GATEWAY_HOST: "# hostname for Loki gateway i.e. for Grafana to Loki" + LOKI_ROLE_ARN: "arn:aws:iam::{YOUR_AWS_ACCOUNT_ID}:role/loki-role" + LOKI_S3_BUCKET: "# name of S3 bucket where Loki will store logs" # Only required if using Fluent Bit - FLUENT_BIT_ROLE_ARN: arn:aws:iam::{YOUR_AWS_ACCOUNT_ID}:role/loki-role + FLUENT_BIT_ROLE_ARN: "arn:aws:iam::{YOUR_AWS_ACCOUNT_ID}:role/loki-role" # Only required if using ADOT - ADOT_ROLE_ARN: arn:aws:iam::{YOUR_AWS_ACCOUNT_ID}:role/adot-collector-role - AMP_RW_ENDPOINT: # Prometheus remote endpoint for ADOT (if exporting to Prometheus/Grafana) + ADOT_ROLE_ARN: "arn:aws:iam::{YOUR_AWS_ACCOUNT_ID}:role/adot-collector-role" + AMP_RW_ENDPOINT: "# Prometheus remote endpoint for ADOT (if exporting to Prometheus/Grafana)" ``` diff --git a/gitops/base-install/ebs-csi/install.yaml b/gitops/base-install/ebs-csi/install.yaml index 0796ea5..22d1b02 100644 --- a/gitops/base-install/ebs-csi/install.yaml +++ b/gitops/base-install/ebs-csi/install.yaml @@ -20,6 +20,7 @@ spec: releaseName: aws-ebs-csi-driver valuesObject: controller: + k8sTagClusterId: CLUSTER_NAME serviceAccount: create: true name: ebs-csi-driver diff --git a/gitops/base-install/replacements/kustomization.yaml b/gitops/base-install/replacements/kustomization.yaml index 877ed0e..c2ede5b 100644 --- a/gitops/base-install/replacements/kustomization.yaml +++ b/gitops/base-install/replacements/kustomization.yaml @@ -103,6 +103,20 @@ replacements: fieldPaths: - spec.sources.[chart=aws-ebs-csi-driver].helm.valuesObject.controller.serviceAccount.annotations.[eks.amazonaws.com/role-arn] + - source: + version: v1 + kind: ConfigMap + name: kustomize-environment + fieldPath: data.CLUSTER_NAME + targets: + - select: + group: argoproj.io + version: v1alpha1 + kind: Application + name: ebs-csi + fieldPaths: + - spec.sources.[chart=aws-ebs-csi-driver].helm.valuesObject.controller.k8sTagClusterId + - source: version: v1 kind: ConfigMap diff --git a/gitops/components/karpenter/resources.yaml b/gitops/components/karpenter/resources.yaml index 3e949dc..b5378f7 100644 --- a/gitops/components/karpenter/resources.yaml +++ b/gitops/components/karpenter/resources.yaml @@ -18,7 +18,7 @@ spec: source: chart: karpenter repoURL: public.ecr.aws/karpenter - targetRevision: v0.34.1 + targetRevision: v0.35.4 helm: releaseName: karpenter valuesObject: @@ -26,8 +26,8 @@ spec: controller: image: repository: ghcr.io/pelotech/karpenter - tag: v0.34.1-modified - digest: sha256:feb63abd6dbc2461ce5b7906cb6fe8e18a09f78aa8ed61cfd1f35df4db748cfe + tag: v0.35.4-modified + digest: sha256:2377914d771aee5f7499bfdc3fe1fcc87df419eaf56fa5b383f28bbef5b1fad4 env: - name: IGNORED_RESOURCE_REQUESTS value: "devices.kubevirt.io/kvm,devices.kubevirt.io/tun,devices.kubevirt.io/vhost-net"