From 2e5daeda481e0ec52915bafa248b10a782a08b51 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Thu, 18 Jul 2024 23:25:02 -0400 Subject: [PATCH 01/90] initial poc Signed-off-by: Carlos Santana --- .../examples/eks/single-cluster-v2/README.md | 161 ++++++++++ .../addons/charts/gitops-bridge/.helmignore | 23 ++ .../addons/charts/gitops-bridge/Chart.yaml | 19 ++ .../gitops-bridge/templates/_helpers.tpl | 66 +++++ .../templates/applicationsets.yaml | 82 ++++++ .../charts/gitops-bridge/values-awslb.yaml | 10 + .../gitops-bridge/values-gatekeeper.yaml | 10 + .../addons/charts/gitops-bridge/values.yaml | 56 ++++ .../addons/stacks/stackv1.30-v1.0.0.yaml | 26 ++ .../addons/stacks/stackv1.30-v1.1.0.yaml | 26 ++ .../clusters/in-cluster/values.yaml | 1 + .../values/gatekeeper/common/values.yaml | 1 + .../addons/values/gatekeeper/dev/values.yaml | 1 + .../addons/values/gatekeeper/prod/values.yaml | 1 + .../single-cluster-v2/bootstrap/addons.yaml | 40 +++ .../bootstrap/workloads.yaml | 34 +++ .../examples/eks/single-cluster-v2/destroy.sh | 26 ++ .../eks/single-cluster-v2/k8s/game-2048.yaml | 62 ++++ .../examples/eks/single-cluster-v2/main.tf | 274 ++++++++++++++++++ .../examples/eks/single-cluster-v2/outputs.tf | 33 +++ .../eks/single-cluster-v2/variables.tf | 85 ++++++ .../eks/single-cluster-v2/versions.tf | 25 ++ 22 files changed, 1062 insertions(+) create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/README.md create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/.helmignore create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/Chart.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/templates/_helpers.tpl create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/templates/applicationsets.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values-awslb.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values-gatekeeper.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stackv1.30-v1.0.0.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stackv1.30-v1.1.0.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/clusters/in-cluster/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/common/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/dev/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/prod/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/workloads.yaml create mode 100755 argocd/iac/terraform/examples/eks/single-cluster-v2/destroy.sh create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/k8s/game-2048.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/outputs.tf create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/variables.tf create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/versions.tf diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/README.md b/argocd/iac/terraform/examples/eks/single-cluster-v2/README.md new file mode 100644 index 00000000..d9bbeb81 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/README.md @@ -0,0 +1,161 @@ +# ArgoCD on Amazon EKS + +This pattern shows how to use the new stack platform concept + +This tutorial guides you through deploying an Amazon EKS cluster with addons configured via ArgoCD, employing the [GitOps Bridge Pattern](https://github.com/gitops-bridge-dev). + + +## Prerequisites +Before you begin, make sure you have the following command line tools installed: +- git +- terraform +- kubectl +- argocd + +## Fork the Git Repositories + +### Fork the Addon GitOps Repo +1. Fork the git repository for addons [here](https://github.com/gitops-bridge-dev/gitops-bridge-argocd-control-plane-template). +2. Update the following environment variables to point to your fork by changing the default values: +```shell +export TF_VAR_gitops_addons_org=https://github.com/gitops-bridge-dev +export TF_VAR_gitops_addons_repo=gitops-bridge-argocd-control-plane-template +``` + +### Fork the Workloads GitOps Repo +1. Fork the git repository for this pattern [here](https://github.com/gitops-bridge-dev/gitops-bridge) +2. Update the following environment variables to point to your fork by changing the default values: +```shell +export TF_VAR_gitops_workload_org=https://github.com/gitops-bridge-dev +export TF_VAR_gitops_workload_repo=gitops-bridge +``` + +## Deploy the EKS Cluster +Initialize Terraform and deploy the EKS cluster: +```shell +terraform init +terraform apply -auto-approve +``` +Retrieve `kubectl` config, then execute the output command: +```shell +terraform output -raw configure_kubectl +``` + +Terraform will add GitOps Bridge Metadata to the ArgoCD secret. +The annotations contain metadata for the addons' Helm charts and ArgoCD ApplicationSets. +```shell +kubectl get secret -n argocd -l argocd.argoproj.io/secret-type=cluster -o json | jq '.items[0].metadata.annotations' +``` +The output looks like the following: +```json +{ + "addons_repo_basepath": "", + "addons_repo_path": "bootstrap/control-plane/addons", + "addons_repo_revision": "main", + "addons_repo_url": "https://github.com/gitops-bridge-dev/gitops-bridge-argocd-control-plane-template", + "aws_account_id": "0123456789", + "aws_cluster_name": "getting-started-gitops", + "aws_load_balancer_controller_iam_role_arn": "arn:aws:iam::0123456789:role/alb-controller", + "aws_load_balancer_controller_namespace": "kube-system", + "aws_load_balancer_controller_service_account": "aws-load-balancer-controller-sa", + "aws_region": "us-west-2", + "aws_vpc_id": "vpc-001d3f00151bbb731", + "cluster_name": "in-cluster", + "environment": "dev", + "workload_repo_basepath": "argocd/iac/terraform/examples/eks/", + "workload_repo_path": "getting-started/k8s", + "workload_repo_revision": "main", + "workload_repo_url": "https://github.com/gitops-bridge-dev/gitops-bridge" +} +``` +The labels offer a straightforward way to enable or disable an addon in ArgoCD for the cluster. +```shell +kubectl get secret -n argocd -l argocd.argoproj.io/secret-type=cluster -o json | jq '.items[0].metadata.labels' +``` +The output looks like the following: +```json +{ + "aws_cluster_name": "getting-started-gitops", + "enable_argocd": "true", + "enable_aws_load_balancer_controller": "true", + "enable_metrics_server": "true", + "kubernetes_version": "1.28", +} +``` + +## Deploy the Addons +Bootstrap the addons using ArgoCD: +```shell +kubectl apply -f bootstrap/addons.yaml +``` + +### Monitor GitOps Progress for Addons +Wait until all the ArgoCD applications' `HEALTH STATUS` is `Healthy`. Use Crl+C to exit the `watch` command +```shell +watch kubectl get applications -n argocd +``` + +### Verify the Addons +Verify that the addons are ready: +```shell +kubectl get deployment -n kube-system \ + aws-load-balancer-controller \ + metrics-server +``` + +## Access ArgoCD +Access ArgoCD's UI, run the command from the output: +```shell +terraform output -raw access_argocd +``` + + +## Deploy the Workloads +Deploy a sample application located in [k8s/game-2048.yaml](k8s/game-2048.yaml) using ArgoCD: +```shell +kubectl apply -f bootstrap/workloads.yaml +``` + +### Monitor GitOps Progress for Workloads +Watch until the Workloads ArgoCD Application is `Healthy` +```shell +watch kubectl get -n argocd applications workloads +``` +Wait until the ArgoCD Applications `HEALTH STATUS` is `Healthy`. Crl+C to exit the `watch` command + +### Verify the Application +Verify that the application configuration is present and the pod is running: +```shell +kubectl get -n game-2048 deployments,service,ep,ingress +``` +Wait until the Ingress/game-2048 `MESSAGE` column value is `Successfully reconciled`. Crl+C to exit the `watch` command +```shell +kubectl events -n game-2048 --for ingress/game-2048 --watch +``` + + + +### Access the Application using AWS Load Balancer +Verify the application endpoint health using `curl`: +```shell +curl -I $(kubectl get -n game-2048 ingress game-2048 -o jsonpath='{.status.loadBalancer.ingress[0].hostname}') +``` +The first line of the output should have `HTTP/1.1 200 OK`. + +Retrieve the ingress URL for the application, and access in the browser: +```shell +echo "Application URL: http://$(kubectl get -n game-2048 ingress game-2048 -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')" +``` + + +### Container Metrics +Check the application's CPU and memory metrics: +```shell +kubectl top pods -n game-2048 +``` + +## Destroy the EKS Cluster +To tear down all the resources and the EKS cluster, run the following command: +```shell +./destroy.sh +``` diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/.helmignore b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/Chart.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/Chart.yaml new file mode 100644 index 00000000..80735ce9 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/Chart.yaml @@ -0,0 +1,19 @@ +apiVersion: v2 +name: gitops-bridge +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 1.0.0 + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/templates/_helpers.tpl b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/templates/_helpers.tpl new file mode 100644 index 00000000..2ed849b2 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/templates/_helpers.tpl @@ -0,0 +1,66 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "gitops-bridge.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "gitops-bridge.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "gitops-bridge.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "gitops-bridge.labels" -}} +helm.sh/chart: {{ include "gitops-bridge.chart" . }} +{{ include "gitops-bridge.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "gitops-bridge.selectorLabels" -}} +app.kubernetes.io/name: {{ include "gitops-bridge.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "gitops-bridge.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "gitops-bridge.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{- define "toValidName" -}} +{{- printf "%s" . | regexReplaceAll "[^a-z0-9.-]" "-" | lower -}} +{{- end -}} \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/templates/applicationsets.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/templates/applicationsets.yaml new file mode 100644 index 00000000..3013c8bd --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/templates/applicationsets.yaml @@ -0,0 +1,82 @@ +{{- $namespace := .Values.namespace }} +{{- $useSelector := .Values.useSelector -}} +{{- $repoURLGit := .Values.repoURLGit -}} +{{- $repoURLGitrevision := .Values.repoURLGitrevision -}} +{{- $repoURLGitBasePath := .Values.repoURLGitBasePath -}} +{{- $repoURLValues := .Values.repoURLValues -}} +{{- $repoURLValuesrevision := .Values.repoURLValuesrevision -}} +{{- $repoURLValuesBasePath := .Values.repoURLValuesBasePath -}} +{{- $project := .Values.project -}} +{{- range $name, $addon := .Values.applicationsets }} +{{- $nameNormalize := printf "%s" $name | replace "_" "-" | trunc 63 | trimSuffix "-" -}} +{{- if $addon.enabled }} +{{- with $addon -}} +--- +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: {{ $nameNormalize }} + namespace: {{ $namespace }} +spec: + syncPolicy: + preserveResourcesOnDeletion: true + goTemplate: true + goTemplateOptions: + - missingkey=error + generators: + + - matrix: + generators: + - clusters: + selector: + matchLabels: + argocd.argoproj.io/secret-type: cluster + {{- if and $addon.selector $useSelector }} + {{- toYaml $addon.selector | nindent 16 }} + {{- end }} + - git: + repoURL: {{ $repoURLGit }} + revision: {{ $repoURLGitrevision }} + files: + - path: "{{ $repoURLGitBasePath }}**/stack{{`{{.metadata.annotations.platform_stack_version}}`}}.yaml" + template: + metadata: + name: addon-{{ $nameNormalize }} + spec: + project: {{ $project }} + sources: + - repoURL: {{ $repoURLValues }} + targetRevision: {{ $repoURLValuesrevision }} + ref: values + - chart: '{{`{{.addons.`}}{{ $name }}{{`.chart}}`}}' + repoURL: '{{`{{.addons.`}}{{ $name }}{{`.repoUrl}}`}}' + targetRevision: '{{`{{.addons.`}}{{ $name }}{{`.targetRevision}}`}}' + helm: + releaseName: '{{`{{.addons.`}}{{ $name }}{{`.releaseName}}`}}' + ignoreMissingValueFiles: true + valueFiles: + - $values/{{ $repoURLValuesBasePath }}values/{{`{{.addons.`}}{{ $name }}{{`.chart}}`}}/common/values.yaml + - $values/{{ $repoURLValuesBasePath }}values/{{`{{.addons.`}}{{ $name }}{{`.chart}}`}}/{{`{{.metadata.labels.environment}}`}}/values.yaml + - $values/{{ $repoURLValuesBasePath }}values/{{`{{.addons.`}}{{ $name }}{{`.chart}}`}}/clusters/{{`{{.name}}`}}/values.yaml + {{- with $addon.values }} + valuesObject: + {{- toYaml . | nindent 12 }} + {{- end }} + destination: + namespace: '{{`{{default .addons.`}}{{ $name }}{{`.namespace .metadata.annotations.`}}{{ $name }}{{`}}`}}' + name: '{{`{{.name}}`}}' + syncPolicy: + automated: + prune: false + retry: + limit: 100 + syncOptions: + - CreateNamespace=true + - ServerSideApply=true # Big CRDs. + {{- with $addon.ignoreDifferences }} + ignoreDifferences: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values-awslb.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values-awslb.yaml new file mode 100644 index 00000000..5d568130 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values-awslb.yaml @@ -0,0 +1,10 @@ +applicationsets: + argocd: + enabled: false + aws_load_balancer_controller: + enabled: true + gatekeeper: + enabled: false + + + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values-gatekeeper.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values-gatekeeper.yaml new file mode 100644 index 00000000..c7fab58d --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values-gatekeeper.yaml @@ -0,0 +1,10 @@ +applicationsets: + argocd: + enabled: false + aws_load_balancer_controller: + enabled: false + gatekeeper: + enabled: true + + + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml new file mode 100644 index 00000000..62c30114 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml @@ -0,0 +1,56 @@ +repoURLGit: "'{{.metadata.annotations.addons_repo_url}}'" +repoURLGitrevision: HEAD +repoURLGitBasePath: "" +repoURLValues: "'{{.metadata.annotations.addons_repo_url}}'" +repoURLValuesrevision: HEAD +repoURLValuesBasePath: "" +project: default +namespace: argocd +useSelector: false +applicationsets: + argocd: + enabled: true + selector: + matchExpressions: + - key: enable_argocd + operator: In + values: ['true'] + aws_load_balancer_controller: + enabled: true + selector: + matchExpressions: + - key: enable_aws_load_balancer_controller + operator: In + values: ['true'] + values: + vpcId: '{{.metadata.annotations.aws_vpc_id}}' + clusterName: '{{.metadata.annotations.aws_cluster_name}}' + serviceAccount: + name: '{{.metadata.annotations.aws_load_balancer_controller_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.aws_load_balancer_controller_iam_role_arn}}' + ignoreDifferences: + - kind: Secret + name: aws-load-balancer-tls + jsonPointers: [/data] + - group: admissionregistration.k8s.io + kind: MutatingWebhookConfiguration + jqPathExpressions: ['.webhooks[].clientConfig.caBundle'] + - group: admissionregistration.k8s.io + kind: ValidatingWebhookConfiguration + jqPathExpressions: ['.webhooks[].clientConfig.caBundle'] + gatekeeper: + enabled: true + selector: + matchExpressions: + - key: enable_gatekeeper + operator: In + values: ['true'] + metrics_server: + enabled: true + selector: + matchExpressions: + - key: enable_metrics_serve + operator: In + values: ['true'] + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stackv1.30-v1.0.0.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stackv1.30-v1.0.0.yaml new file mode 100644 index 00000000..6a2c1830 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stackv1.30-v1.0.0.yaml @@ -0,0 +1,26 @@ +version: v1.30-v1.0.0 +addons: + argocd: + chart: argo-cd + releaseName: argocd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "6.6.0" + namespace: argocd + aws_load_balancer_controller: + chart: aws-load-balancer-controller + releaseName: aws-load-balancer-controller + repoUrl: https://aws.github.io/eks-charts + targetRevision: "1.7.1" + namespace: kube-system + gatekeeper: + chart: gatekeeper + releaseName: gatekeeper + repoUrl: https://open-policy-agent.github.io/gatekeeper/charts + targetRevision: "3.15.0" + namespace: gatekeeper-system + metrics_server: + chart: gatekeeper + releaseName: metrics-server + repoUrl: https://kubernetes-sigs.github.io/metrics-server + targetRevision: "3.12.0" + namespace: kube-system diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stackv1.30-v1.1.0.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stackv1.30-v1.1.0.yaml new file mode 100644 index 00000000..281aefad --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stackv1.30-v1.1.0.yaml @@ -0,0 +1,26 @@ +version: v1.30-v1.1.0 +addons: + argocd: + chart: argo-cd + releaseName: argocd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "6.6.0" + namespace: argocd + aws_load_balancer_controller: + chart: aws-load-balancer-controller + releaseName: aws-load-balancer-controller + repoUrl: https://aws.github.io/eks-charts + targetRevision: "1.7.1" + namespace: kube-system + gatekeeper: + chart: gatekeeper + releaseName: gatekeeper + repoUrl: https://open-policy-agent.github.io/gatekeeper/charts + targetRevision: "3.15.0" + namespace: gatekeeper-system + metrics_server: + chart: gatekeeper + releaseName: metrics-server + repoUrl: https://kubernetes-sigs.github.io/metrics-server + targetRevision: "3.12.0" + namespace: kube-system diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/clusters/in-cluster/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/clusters/in-cluster/values.yaml new file mode 100644 index 00000000..cd419759 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/clusters/in-cluster/values.yaml @@ -0,0 +1 @@ +foo: cluster \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/common/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/common/values.yaml new file mode 100644 index 00000000..593b90a3 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/common/values.yaml @@ -0,0 +1 @@ +foo: common \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/dev/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/dev/values.yaml new file mode 100644 index 00000000..7ab70e08 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/dev/values.yaml @@ -0,0 +1 @@ +foo: dev \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/prod/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/prod/values.yaml new file mode 100644 index 00000000..baea7fc2 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/prod/values.yaml @@ -0,0 +1 @@ +foo: prod \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.yaml new file mode 100644 index 00000000..da7dde2d --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.yaml @@ -0,0 +1,40 @@ +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: cluster-addons + namespace: argocd +spec: + syncPolicy: + preserveResourcesOnDeletion: true + goTemplate: true + goTemplateOptions: + - missingkey=error + generators: + - clusters: {} + template: + metadata: + name: cluster-addons + spec: + project: default + source: + repoURL: '{{.metadata.annotations.addons_repo_url}}' + path: '{{.metadata.annotations.addons_repo_basepath}}charts/gitops-bridge' + targetRevision: '{{.metadata.annotations.addons_repo_revision}}' + helm: + valuesObject: + repoURLValuesBasePath: '{{.metadata.annotations.addons_repo_basepath}}' + repoURLGitBasePath: '{{.metadata.annotations.addons_repo_basepath}}' + applicationsets: + argocd: + enabled: true + aws_load_balancer_controller: + enabled: true + gatekeeper: + enabled: true + metrics_server: + enabled: true + destination: + namespace: argocd + name: '{{.name}}' + syncPolicy: + automated: {} diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/workloads.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/workloads.yaml new file mode 100644 index 00000000..e0b3be26 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/workloads.yaml @@ -0,0 +1,34 @@ +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: workloads + namespace: argocd +spec: + syncPolicy: + preserveResourcesOnDeletion: false + generators: + - clusters: {} + template: + metadata: + name: workloads + finalizers: + # This finalizer is for demo purposes, in production remove apps using argocd CLI "argocd app delete workload --cascade" + # When you invoke argocd app delete with --cascade, the finalizer is added automatically. + - resources-finalizer.argocd.argoproj.io + spec: + project: default + source: + repoURL: '{{metadata.annotations.workload_repo_url}}' + path: '{{metadata.annotations.workload_repo_basepath}}{{metadata.annotations.workload_repo_path}}' + targetRevision: '{{metadata.annotations.workload_repo_revision}}' + destination: + name: '{{name}}' + syncPolicy: + automated: + allowEmpty: true + syncOptions: + - CreateNamespace=true + retry: + backoff: + duration: 1m + limit: 60 diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/destroy.sh b/argocd/iac/terraform/examples/eks/single-cluster-v2/destroy.sh new file mode 100755 index 00000000..7089a684 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/destroy.sh @@ -0,0 +1,26 @@ +#!/bin/bash + +set -uo pipefail + +SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +ROOTDIR="$(cd ${SCRIPTDIR}/../..; pwd )" +[[ -n "${DEBUG:-}" ]] && set -x + +# Delete the Ingress/SVC before removing the addons +TMPFILE=$(mktemp) +terraform -chdir=$SCRIPTDIR output -raw configure_kubectl > "$TMPFILE" +# check if TMPFILE contains the string "No outputs found" +if [[ ! $(cat $TMPFILE) == *"No outputs found"* ]]; then + source "$TMPFILE" + kubectl delete -n argocd applicationset workloads + kubectl delete -n game-2048 ingress game-2048 + kubectl delete -n argocd applicationset cluster-addons + kubectl delete -n argocd applicationset addons-argocd + kubectl delete -n argocd svc argo-cd-argocd-server +fi + +terraform destroy -target="module.gitops_bridge_bootstrap" -auto-approve +terraform destroy -target="module.eks_blueprints_addons" -auto-approve +terraform destroy -target="module.eks" -auto-approve +terraform destroy -target="module.vpc" -auto-approve +terraform destroy -auto-approve diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/k8s/game-2048.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/k8s/game-2048.yaml new file mode 100644 index 00000000..44e2d12e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/k8s/game-2048.yaml @@ -0,0 +1,62 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: game-2048 +spec: {} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: game-2048 + name: game-2048 +spec: + selector: + matchLabels: + app.kubernetes.io/name: game-2048 + template: + metadata: + labels: + app.kubernetes.io/name: game-2048 + spec: + containers: + - image: public.ecr.aws/l6m2t8p7/docker-2048 + name: game-2048 + ports: + - containerPort: 80 + name: http +--- +apiVersion: v1 +kind: Service +metadata: + namespace: game-2048 + name: game-2048 +spec: + ports: + - name: http + port: 80 + targetPort: http + protocol: TCP + type: ClusterIP + selector: + app.kubernetes.io/name: game-2048 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + namespace: game-2048 + name: game-2048 + annotations: + alb.ingress.kubernetes.io/scheme: internet-facing + alb.ingress.kubernetes.io/target-type: ip +spec: + ingressClassName: alb + rules: + - http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: game-2048 + port: + name: http \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf b/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf new file mode 100644 index 00000000..f73be338 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf @@ -0,0 +1,274 @@ +provider "aws" { + region = local.region +} +data "aws_caller_identity" "current" {} +data "aws_availability_zones" "available" {} + +provider "helm" { + kubernetes { + host = module.eks.cluster_endpoint + cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data) + + exec { + api_version = "client.authentication.k8s.io/v1beta1" + command = "aws" + # This requires the awscli to be installed locally where Terraform is executed + args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name, "--region", local.region] + } + } +} + +provider "kubernetes" { + host = module.eks.cluster_endpoint + cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data) + + exec { + api_version = "client.authentication.k8s.io/v1beta1" + command = "aws" + # This requires the awscli to be installed locally where Terraform is executed + args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name, "--region", local.region] + } +} + +locals { + name = "getting-started" + region = var.region + + cluster_version = var.kubernetes_version + + vpc_cidr = var.vpc_cidr + azs = slice(data.aws_availability_zones.available.names, 0, 3) + + gitops_addons_url = "${var.gitops_addons_org}/${var.gitops_addons_repo}" + gitops_addons_basepath = var.gitops_addons_basepath + gitops_addons_path = var.gitops_addons_path + gitops_addons_revision = var.gitops_addons_revision + + gitops_workload_url = "${var.gitops_workload_org}/${var.gitops_workload_repo}" + gitops_workload_basepath = var.gitops_workload_basepath + gitops_workload_path = var.gitops_workload_path + gitops_workload_revision = var.gitops_workload_revision + + aws_addons = { + enable_cert_manager = try(var.addons.enable_cert_manager, false) + enable_aws_efs_csi_driver = try(var.addons.enable_aws_efs_csi_driver, false) + enable_aws_fsx_csi_driver = try(var.addons.enable_aws_fsx_csi_driver, false) + enable_aws_cloudwatch_metrics = try(var.addons.enable_aws_cloudwatch_metrics, false) + enable_aws_privateca_issuer = try(var.addons.enable_aws_privateca_issuer, false) + enable_cluster_autoscaler = try(var.addons.enable_cluster_autoscaler, false) + enable_external_dns = try(var.addons.enable_external_dns, false) + enable_external_secrets = try(var.addons.enable_external_secrets, false) + enable_aws_load_balancer_controller = try(var.addons.enable_aws_load_balancer_controller, false) + enable_fargate_fluentbit = try(var.addons.enable_fargate_fluentbit, false) + enable_aws_for_fluentbit = try(var.addons.enable_aws_for_fluentbit, false) + enable_aws_node_termination_handler = try(var.addons.enable_aws_node_termination_handler, false) + enable_karpenter = try(var.addons.enable_karpenter, false) + enable_velero = try(var.addons.enable_velero, false) + enable_aws_gateway_api_controller = try(var.addons.enable_aws_gateway_api_controller, false) + enable_aws_ebs_csi_resources = try(var.addons.enable_aws_ebs_csi_resources, false) + enable_aws_secrets_store_csi_driver_provider = try(var.addons.enable_aws_secrets_store_csi_driver_provider, false) + enable_ack_apigatewayv2 = try(var.addons.enable_ack_apigatewayv2, false) + enable_ack_dynamodb = try(var.addons.enable_ack_dynamodb, false) + enable_ack_s3 = try(var.addons.enable_ack_s3, false) + enable_ack_rds = try(var.addons.enable_ack_rds, false) + enable_ack_prometheusservice = try(var.addons.enable_ack_prometheusservice, false) + enable_ack_emrcontainers = try(var.addons.enable_ack_emrcontainers, false) + enable_ack_sfn = try(var.addons.enable_ack_sfn, false) + enable_ack_eventbridge = try(var.addons.enable_ack_eventbridge, false) + } + oss_addons = { + enable_argocd = try(var.addons.enable_argocd, true) + enable_argo_rollouts = try(var.addons.enable_argo_rollouts, false) + enable_argo_events = try(var.addons.enable_argo_events, false) + enable_argo_workflows = try(var.addons.enable_argo_workflows, false) + enable_cluster_proportional_autoscaler = try(var.addons.enable_cluster_proportional_autoscaler, false) + enable_gatekeeper = try(var.addons.enable_gatekeeper, false) + enable_gpu_operator = try(var.addons.enable_gpu_operator, false) + enable_ingress_nginx = try(var.addons.enable_ingress_nginx, false) + enable_keda = try(var.addons.enable_keda, false) + enable_kyverno = try(var.addons.enable_kyverno, false) + enable_kube_prometheus_stack = try(var.addons.enable_kube_prometheus_stack, false) + enable_metrics_server = try(var.addons.enable_metrics_server, false) + enable_prometheus_adapter = try(var.addons.enable_prometheus_adapter, false) + enable_secrets_store_csi_driver = try(var.addons.enable_secrets_store_csi_driver, false) + enable_vpa = try(var.addons.enable_vpa, false) + } + addons = merge( + local.aws_addons, + local.oss_addons, + { kubernetes_version = local.cluster_version }, + { aws_cluster_name = module.eks.cluster_name } + ) + + addons_metadata = merge( + { + platform_stack_version = var.platform_stack_version + }, + module.eks_blueprints_addons.gitops_metadata, + { + aws_cluster_name = module.eks.cluster_name + aws_region = local.region + aws_account_id = data.aws_caller_identity.current.account_id + aws_vpc_id = module.vpc.vpc_id + }, + { + addons_repo_url = local.gitops_addons_url + addons_repo_basepath = local.gitops_addons_basepath + addons_repo_path = local.gitops_addons_path + addons_repo_revision = local.gitops_addons_revision + }, + { + workload_repo_url = local.gitops_workload_url + workload_repo_basepath = local.gitops_workload_basepath + workload_repo_path = local.gitops_workload_path + workload_repo_revision = local.gitops_workload_revision + } + ) + + tags = { + Blueprint = local.name + GithubRepo = "github.com/gitops-bridge-dev/gitops-bridge" + } +} + +################################################################################ +# GitOps Bridge: Bootstrap +################################################################################ +module "gitops_bridge_bootstrap" { + source = "gitops-bridge-dev/gitops-bridge/helm" + + cluster = { + metadata = local.addons_metadata + addons = local.addons + } +} + +################################################################################ +# EKS Blueprints Addons +################################################################################ +module "eks_blueprints_addons" { + source = "aws-ia/eks-blueprints-addons/aws" + version = "~> 1.0" + + cluster_name = module.eks.cluster_name + cluster_endpoint = module.eks.cluster_endpoint + cluster_version = module.eks.cluster_version + oidc_provider_arn = module.eks.oidc_provider_arn + + # Using GitOps Bridge + create_kubernetes_resources = false + + # EKS Blueprints Addons + enable_cert_manager = local.aws_addons.enable_cert_manager + enable_aws_efs_csi_driver = local.aws_addons.enable_aws_efs_csi_driver + enable_aws_fsx_csi_driver = local.aws_addons.enable_aws_fsx_csi_driver + enable_aws_cloudwatch_metrics = local.aws_addons.enable_aws_cloudwatch_metrics + enable_aws_privateca_issuer = local.aws_addons.enable_aws_privateca_issuer + enable_cluster_autoscaler = local.aws_addons.enable_cluster_autoscaler + enable_external_dns = local.aws_addons.enable_external_dns + enable_external_secrets = local.aws_addons.enable_external_secrets + enable_aws_load_balancer_controller = local.aws_addons.enable_aws_load_balancer_controller + enable_fargate_fluentbit = local.aws_addons.enable_fargate_fluentbit + enable_aws_for_fluentbit = local.aws_addons.enable_aws_for_fluentbit + enable_aws_node_termination_handler = local.aws_addons.enable_aws_node_termination_handler + enable_karpenter = local.aws_addons.enable_karpenter + enable_velero = local.aws_addons.enable_velero + enable_aws_gateway_api_controller = local.aws_addons.enable_aws_gateway_api_controller + + tags = local.tags +} + +################################################################################ +# EKS Cluster +################################################################################ +#tfsec:ignore:aws-eks-enable-control-plane-logging +module "eks" { + source = "terraform-aws-modules/eks/aws" + version = "~> 19.13" + + cluster_name = local.name + cluster_version = local.cluster_version + cluster_endpoint_public_access = true + + + vpc_id = module.vpc.vpc_id + subnet_ids = module.vpc.private_subnets + + eks_managed_node_groups = { + initial = { + instance_types = ["t3.medium"] + + min_size = 1 + max_size = 3 + desired_size = 2 + } + } + # EKS Addons + cluster_addons = { + coredns = {} + kube-proxy = {} + vpc-cni = { + # Specify the VPC CNI addon should be deployed before compute to ensure + # the addon is configured before data plane compute resources are created + # See README for further details + before_compute = true + most_recent = true # To ensure access to the latest settings provided + configuration_values = jsonencode({ + env = { + # Reference docs https://docs.aws.amazon.com/eks/latest/userguide/cni-increase-ip-addresses.html + ENABLE_PREFIX_DELEGATION = "true" + WARM_PREFIX_TARGET = "1" + } + }) + } + aws-ebs-csi-driver = { + service_account_role_arn = module.ebs_csi_driver_irsa.iam_role_arn + } + } + tags = local.tags +} +module "ebs_csi_driver_irsa" { + source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" + version = "~> 5.20" + + role_name_prefix = "${module.eks.cluster_name}-ebs-csi-" + + attach_ebs_csi_policy = true + + oidc_providers = { + main = { + provider_arn = module.eks.oidc_provider_arn + namespace_service_accounts = ["kube-system:ebs-csi-controller-sa"] + } + } + + tags = local.tags +} + +################################################################################ +# Supporting Resources +################################################################################ +module "vpc" { + source = "terraform-aws-modules/vpc/aws" + version = "~> 5.0" + + name = local.name + cidr = local.vpc_cidr + + azs = local.azs + private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)] + public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)] + + enable_nat_gateway = true + single_nat_gateway = true + + public_subnet_tags = { + "kubernetes.io/role/elb" = 1 + } + + private_subnet_tags = { + "kubernetes.io/role/internal-elb" = 1 + } + + tags = local.tags +} diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/outputs.tf b/argocd/iac/terraform/examples/eks/single-cluster-v2/outputs.tf new file mode 100644 index 00000000..d4ecfbf1 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/outputs.tf @@ -0,0 +1,33 @@ +output "configure_kubectl" { + description = "Configure kubectl: make sure you're logged in with the correct AWS profile and run the following command to update your kubeconfig" + value = <<-EOT + export KUBECONFIG="/tmp/${module.eks.cluster_name}" + aws eks --region ${local.region} update-kubeconfig --name ${module.eks.cluster_name} + EOT +} + +output "configure_argocd" { + description = "Terminal Setup" + value = <<-EOT + export KUBECONFIG="/tmp/${module.eks.cluster_name}" + aws eks --region ${local.region} update-kubeconfig --name ${module.eks.cluster_name} + export ARGOCD_OPTS="--port-forward --port-forward-namespace argocd --grpc-web" + kubectl config set-context --current --namespace argocd + argocd login --port-forward --username admin --password $(argocd admin initial-password | head -1) + echo "ArgoCD Username: admin" + echo "ArgoCD Password: $(kubectl get secrets argocd-initial-admin-secret -n argocd --template="{{index .data.password | base64decode}}")" + echo Port Forward: http://localhost:8080 + kubectl port-forward -n argocd svc/argo-cd-argocd-server 8080:80 + EOT +} + +output "access_argocd" { + description = "ArgoCD Access" + value = <<-EOT + export KUBECONFIG="/tmp/${module.eks.cluster_name}" + aws eks --region ${local.region} update-kubeconfig --name ${module.eks.cluster_name} + echo "ArgoCD Username: admin" + echo "ArgoCD Password: $(kubectl get secrets argocd-initial-admin-secret -n argocd --template="{{index .data.password | base64decode}}")" + echo "ArgoCD URL: https://$(kubectl get svc -n argocd argo-cd-argocd-server -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')" + EOT +} diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/variables.tf b/argocd/iac/terraform/examples/eks/single-cluster-v2/variables.tf new file mode 100644 index 00000000..19658724 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/variables.tf @@ -0,0 +1,85 @@ +variable "vpc_cidr" { + description = "VPC CIDR" + type = string + default = "10.0.0.0/16" +} +variable "region" { + description = "AWS region" + type = string + default = "us-west-2" +} +variable "kubernetes_version" { + description = "Kubernetes version" + type = string + default = "1.28" +} +variable "addons" { + description = "Kubernetes addons" + type = any + default = { + enable_aws_load_balancer_controller = true + enable_aws_ebs_csi_resources = true # generate gp2 and gp3 storage classes for ebs-csi + enable_metrics_server = true + enable_gatekeeper = true + enable_argocd = true + } +} +# Addons Git +variable "gitops_addons_org" { + description = "Git repository org/user contains for addons" + type = string + default = "https://github.com/gitops-bridge-dev" +} +variable "gitops_addons_repo" { + description = "Git repository contains for addons" + type = string + default = "gitops-bridge" +} +variable "gitops_addons_revision" { + description = "Git repository revision/branch/ref for addons" + type = string + default = "main" +} +variable "gitops_addons_basepath" { + description = "Git repository base path for addons" + type = string + default = "argocd/iac/terraform/examples/eks/single-cluster-v2/addons/" +} +variable "gitops_addons_path" { + description = "Git repository path for addons" + type = string + default = "" +} + +# Workloads Git +variable "gitops_workload_org" { + description = "Git repository org/user contains for workload" + type = string + default = "https://github.com/gitops-bridge-dev" +} +variable "gitops_workload_repo" { + description = "Git repository contains for workload" + type = string + default = "gitops-bridge" +} +variable "gitops_workload_revision" { + description = "Git repository revision/branch/ref for workload" + type = string + default = "main" +} +variable "gitops_workload_basepath" { + description = "Git repository base path for workload" + type = string + default = "argocd/iac/terraform/examples/eks/" +} +variable "gitops_workload_path" { + description = "Git repository path for workload" + type = string + default = "getting-started/k8s" +} + +variable "platform_stack_version" { + description = "Platform stack version" + type = string + default = "v1.30-v1.1.0" +} \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/versions.tf b/argocd/iac/terraform/examples/eks/single-cluster-v2/versions.tf new file mode 100644 index 00000000..2de60d58 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/versions.tf @@ -0,0 +1,25 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 4.67.0" + } + helm = { + source = "hashicorp/helm" + version = ">= 2.10.1" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = "2.22.0" + } + } + + # ## Used for end-to-end testing on project; update to suit your needs + # backend "s3" { + # bucket = "terraform-ssp-github-actions-state" + # region = "us-west-2" + # key = "e2e/ipv4-prefix-delegation/terraform.tfstate" + # } +} From 129f384c56d25daa1db8b19e94d03bdf5375ce91 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Thu, 18 Jul 2024 23:33:51 -0400 Subject: [PATCH 02/90] --- split Signed-off-by: Carlos Santana --- .../addons/charts/gitops-bridge/templates/applicationsets.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/templates/applicationsets.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/templates/applicationsets.yaml index 3013c8bd..2026df70 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/templates/applicationsets.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/templates/applicationsets.yaml @@ -77,6 +77,7 @@ spec: ignoreDifferences: {{- toYaml . | nindent 8 }} {{- end }} +--- {{- end }} {{- end }} {{- end }} \ No newline at end of file From b00ef2ddcfb869a24bcbd8002aa4fb12e0414508 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Thu, 18 Jul 2024 23:45:06 -0400 Subject: [PATCH 03/90] update Signed-off-by: Carlos Santana --- .../addons/charts/gitops-bridge/templates/applicationsets.yaml | 2 +- .../single-cluster-v2/addons/charts/gitops-bridge/values.yaml | 2 +- .../examples/eks/single-cluster-v2/bootstrap/addons.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/templates/applicationsets.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/templates/applicationsets.yaml index 2026df70..a62d8055 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/templates/applicationsets.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/templates/applicationsets.yaml @@ -38,7 +38,7 @@ spec: repoURL: {{ $repoURLGit }} revision: {{ $repoURLGitrevision }} files: - - path: "{{ $repoURLGitBasePath }}**/stack{{`{{.metadata.annotations.platform_stack_version}}`}}.yaml" + - path: "{{ $repoURLGitBasePath }}stack{{`{{.metadata.annotations.platform_stack_version}}`}}.yaml" template: metadata: name: addon-{{ $nameNormalize }} diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml index 62c30114..6b3717a6 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml @@ -1,6 +1,6 @@ repoURLGit: "'{{.metadata.annotations.addons_repo_url}}'" repoURLGitrevision: HEAD -repoURLGitBasePath: "" +repoURLGitBasePath: "**" repoURLValues: "'{{.metadata.annotations.addons_repo_url}}'" repoURLValuesrevision: HEAD repoURLValuesBasePath: "" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.yaml index da7dde2d..71f74b46 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.yaml @@ -23,7 +23,7 @@ spec: helm: valuesObject: repoURLValuesBasePath: '{{.metadata.annotations.addons_repo_basepath}}' - repoURLGitBasePath: '{{.metadata.annotations.addons_repo_basepath}}' + repoURLGitBasePath: '{{.metadata.annotations.addons_repo_basepath}}stacks/' applicationsets: argocd: enabled: true From b518da58f415378bfe31478bbba32802dad0a9aa Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Thu, 18 Jul 2024 23:51:39 -0400 Subject: [PATCH 04/90] now Signed-off-by: Carlos Santana --- .../charts/gitops-bridge/templates/applicationsets.yaml | 4 ++-- .../single-cluster-v2/addons/charts/gitops-bridge/values.yaml | 2 +- .../examples/eks/single-cluster-v2/bootstrap/addons.yaml | 1 + 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/templates/applicationsets.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/templates/applicationsets.yaml index a62d8055..4865b714 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/templates/applicationsets.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/templates/applicationsets.yaml @@ -1,7 +1,7 @@ {{- $namespace := .Values.namespace }} {{- $useSelector := .Values.useSelector -}} {{- $repoURLGit := .Values.repoURLGit -}} -{{- $repoURLGitrevision := .Values.repoURLGitrevision -}} +{{- $repoURLGitRevision := .Values.repoURLGitRevision -}} {{- $repoURLGitBasePath := .Values.repoURLGitBasePath -}} {{- $repoURLValues := .Values.repoURLValues -}} {{- $repoURLValuesrevision := .Values.repoURLValuesrevision -}} @@ -36,7 +36,7 @@ spec: {{- end }} - git: repoURL: {{ $repoURLGit }} - revision: {{ $repoURLGitrevision }} + revision: {{ $repoURLGitRevision }} files: - path: "{{ $repoURLGitBasePath }}stack{{`{{.metadata.annotations.platform_stack_version}}`}}.yaml" template: diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml index 6b3717a6..9dd420d9 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml @@ -1,5 +1,5 @@ repoURLGit: "'{{.metadata.annotations.addons_repo_url}}'" -repoURLGitrevision: HEAD +repoURLGitRevision: HEAD repoURLGitBasePath: "**" repoURLValues: "'{{.metadata.annotations.addons_repo_url}}'" repoURLValuesrevision: HEAD diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.yaml index 71f74b46..1c10e17b 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.yaml @@ -24,6 +24,7 @@ spec: valuesObject: repoURLValuesBasePath: '{{.metadata.annotations.addons_repo_basepath}}' repoURLGitBasePath: '{{.metadata.annotations.addons_repo_basepath}}stacks/' + repoURLGitRevision: '{{.metadata.annotations.addons_repo_revision}}' applicationsets: argocd: enabled: true From d5a6add8fa49e762a5f14a577595447206f4c336 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Thu, 18 Jul 2024 23:53:06 -0400 Subject: [PATCH 05/90] update branch Signed-off-by: Carlos Santana --- .../charts/gitops-bridge/templates/applicationsets.yaml | 4 ++-- .../single-cluster-v2/addons/charts/gitops-bridge/values.yaml | 2 +- .../examples/eks/single-cluster-v2/bootstrap/addons.yaml | 1 + 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/templates/applicationsets.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/templates/applicationsets.yaml index 4865b714..1ef3673b 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/templates/applicationsets.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/templates/applicationsets.yaml @@ -4,7 +4,7 @@ {{- $repoURLGitRevision := .Values.repoURLGitRevision -}} {{- $repoURLGitBasePath := .Values.repoURLGitBasePath -}} {{- $repoURLValues := .Values.repoURLValues -}} -{{- $repoURLValuesrevision := .Values.repoURLValuesrevision -}} +{{- $repoURLValuesRevision := .Values.repoURLValuesRevision -}} {{- $repoURLValuesBasePath := .Values.repoURLValuesBasePath -}} {{- $project := .Values.project -}} {{- range $name, $addon := .Values.applicationsets }} @@ -46,7 +46,7 @@ spec: project: {{ $project }} sources: - repoURL: {{ $repoURLValues }} - targetRevision: {{ $repoURLValuesrevision }} + targetRevision: {{ $repoURLValuesRevision }} ref: values - chart: '{{`{{.addons.`}}{{ $name }}{{`.chart}}`}}' repoURL: '{{`{{.addons.`}}{{ $name }}{{`.repoUrl}}`}}' diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml index 9dd420d9..6656759f 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml @@ -2,7 +2,7 @@ repoURLGit: "'{{.metadata.annotations.addons_repo_url}}'" repoURLGitRevision: HEAD repoURLGitBasePath: "**" repoURLValues: "'{{.metadata.annotations.addons_repo_url}}'" -repoURLValuesrevision: HEAD +repoURLValuesRevision: HEAD repoURLValuesBasePath: "" project: default namespace: argocd diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.yaml index 1c10e17b..a0ea60e3 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.yaml @@ -23,6 +23,7 @@ spec: helm: valuesObject: repoURLValuesBasePath: '{{.metadata.annotations.addons_repo_basepath}}' + repoURLValuesRevision: '{{.metadata.annotations.addons_repo_revision}}' repoURLGitBasePath: '{{.metadata.annotations.addons_repo_basepath}}stacks/' repoURLGitRevision: '{{.metadata.annotations.addons_repo_revision}}' applicationsets: From 4f72e7e9a64a24b4909fece36a6dc6682c9b3c06 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Fri, 19 Jul 2024 00:01:25 -0400 Subject: [PATCH 06/90] update detaul Signed-off-by: Carlos Santana --- .../addons/charts/gitops-bridge/templates/applicationsets.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/templates/applicationsets.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/templates/applicationsets.yaml index 1ef3673b..7232c918 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/templates/applicationsets.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/templates/applicationsets.yaml @@ -63,7 +63,7 @@ spec: {{- toYaml . | nindent 12 }} {{- end }} destination: - namespace: '{{`{{default .addons.`}}{{ $name }}{{`.namespace .metadata.annotations.`}}{{ $name }}{{`}}`}}' + namespace: '{{`{{coalesce .metadata.annotations.`}}{{ $name }}{{`_namespace .addons.`}}{{ $name }}{{`.namespace}}`}}' name: '{{`{{.name}}`}}' syncPolicy: automated: From 201215bb5386566a5c4d1403921c4d98761f71cc Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Fri, 19 Jul 2024 00:11:04 -0400 Subject: [PATCH 07/90] fix namepsaces Signed-off-by: Carlos Santana --- .../charts/gitops-bridge/templates/applicationsets.yaml | 2 +- .../single-cluster-v2/addons/charts/gitops-bridge/values.yaml | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/templates/applicationsets.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/templates/applicationsets.yaml index 7232c918..7aefcd8c 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/templates/applicationsets.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/templates/applicationsets.yaml @@ -63,7 +63,7 @@ spec: {{- toYaml . | nindent 12 }} {{- end }} destination: - namespace: '{{`{{coalesce .metadata.annotations.`}}{{ $name }}{{`_namespace .addons.`}}{{ $name }}{{`.namespace}}`}}' + namespace: '{{ printf "{{" }}{{ $addon.namespace }}{{ printf "}}" }}' name: '{{`{{.name}}`}}' syncPolicy: automated: diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml index 6656759f..3099760e 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml @@ -15,6 +15,7 @@ applicationsets: - key: enable_argocd operator: In values: ['true'] + namespace: '.addons.argocd.namespace' aws_load_balancer_controller: enabled: true selector: @@ -29,6 +30,7 @@ applicationsets: name: '{{.metadata.annotations.aws_load_balancer_controller_service_account}}' annotations: eks.amazonaws.com/role-arn: '{{.metadata.annotations.aws_load_balancer_controller_iam_role_arn}}' + namespace: '.metadata.annotations.aws_load_balancer_controller_namespace' ignoreDifferences: - kind: Secret name: aws-load-balancer-tls @@ -46,6 +48,7 @@ applicationsets: - key: enable_gatekeeper operator: In values: ['true'] + namespace: '.addons.gatekeeper.namespace' metrics_server: enabled: true selector: @@ -53,4 +56,5 @@ applicationsets: - key: enable_metrics_serve operator: In values: ['true'] + namespace: '.addons.metrics_server.namespace' From 2fef0a68c812d5759579247dd27e222910cdb5d3 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Fri, 19 Jul 2024 00:16:16 -0400 Subject: [PATCH 08/90] use selector Signed-off-by: Carlos Santana --- .../eks/single-cluster-v2/bootstrap/addons.yaml | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.yaml index a0ea60e3..ce135992 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.yaml @@ -26,15 +26,7 @@ spec: repoURLValuesRevision: '{{.metadata.annotations.addons_repo_revision}}' repoURLGitBasePath: '{{.metadata.annotations.addons_repo_basepath}}stacks/' repoURLGitRevision: '{{.metadata.annotations.addons_repo_revision}}' - applicationsets: - argocd: - enabled: true - aws_load_balancer_controller: - enabled: true - gatekeeper: - enabled: true - metrics_server: - enabled: true + useSelector: true destination: namespace: argocd name: '{{.name}}' From 4254c5b1e93a1d20adc800658704492a92c09d4e Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Fri, 19 Jul 2024 00:21:06 -0400 Subject: [PATCH 09/90] csi resources Signed-off-by: Carlos Santana --- .../addons/charts/gitops-bridge/values.yaml | 9 ++++++++- .../addons/stacks/stackv1.30-v1.1.0.yaml | 6 ++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml index 3099760e..566188b6 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml @@ -57,4 +57,11 @@ applicationsets: operator: In values: ['true'] namespace: '.addons.metrics_server.namespace' - + aws_ebs_csi_resources: + enabled: true + selector: + matchExpressions: + - key: enable_aws_ebs_csi_resources + operator: In + values: ['true'] + namespace: '.addons.argocd.namespace' diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stackv1.30-v1.1.0.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stackv1.30-v1.1.0.yaml index 281aefad..e3cf1cfe 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stackv1.30-v1.1.0.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stackv1.30-v1.1.0.yaml @@ -24,3 +24,9 @@ addons: repoUrl: https://kubernetes-sigs.github.io/metrics-server targetRevision: "3.12.0" namespace: kube-system + aws_ebs_csi_resources: + chart: aws-ebs-csi-classes + releaseName: aws-ebs-csi-classes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + namespace: kube-system From d1ce66e7978cbf4b4b7443cc790bd8e592184994 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Fri, 19 Jul 2024 00:28:40 -0400 Subject: [PATCH 10/90] add workload Signed-off-by: Carlos Santana --- .../iac/terraform/examples/eks/single-cluster-v2/main.tf | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf b/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf index f73be338..90b58f5b 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf @@ -125,6 +125,11 @@ locals { } ) + argocd_apps = { + addons = file("${path.module}/bootstrap/addons.yaml") + workloads = file("${path.module}/bootstrap/workloads.yaml") + } + tags = { Blueprint = local.name GithubRepo = "github.com/gitops-bridge-dev/gitops-bridge" @@ -141,6 +146,8 @@ module "gitops_bridge_bootstrap" { metadata = local.addons_metadata addons = local.addons } + + apps = local.argocd_apps } ################################################################################ From 9f69ef3e0327f3644b6ffe1f116c10b1eba546d4 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Fri, 19 Jul 2024 11:40:36 -0400 Subject: [PATCH 11/90] hardcode the variable for now Signed-off-by: Carlos Santana --- .../addons/values/gatekeeper/common/values.yaml | 3 ++- .../iac/terraform/examples/eks/single-cluster-v2/variables.tf | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/common/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/common/values.yaml index 593b90a3..20e44808 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/common/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/common/values.yaml @@ -1 +1,2 @@ -foo: common \ No newline at end of file +server: + enabled: false \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/variables.tf b/argocd/iac/terraform/examples/eks/single-cluster-v2/variables.tf index 19658724..0302d92d 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/variables.tf +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/variables.tf @@ -38,7 +38,7 @@ variable "gitops_addons_repo" { variable "gitops_addons_revision" { description = "Git repository revision/branch/ref for addons" type = string - default = "main" + default = "single-cluster-v2" } variable "gitops_addons_basepath" { description = "Git repository base path for addons" @@ -65,7 +65,7 @@ variable "gitops_workload_repo" { variable "gitops_workload_revision" { description = "Git repository revision/branch/ref for workload" type = string - default = "main" + default = "single-cluster-v2" } variable "gitops_workload_basepath" { description = "Git repository base path for workload" From 6b1617aafe60539598e0e4a1eeb13f965b27af22 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Mon, 22 Jul 2024 22:36:28 -0400 Subject: [PATCH 12/90] push hcnages for karpenter Signed-off-by: Carlos Santana --- .../addons/charts/gitops-bridge/values.yaml | 8 + .../addons/stacks/stackv1.30-v1.0.0.yaml | 12 + .../addons/stacks/stackv1.30-v1.1.0.yaml | 6 + .../argocd/clusters/in-cluster/values.yaml | 1 + .../addons/values/argocd/common/values.yaml | 222 ++++++++++++++++++ .../addons/values/argocd/dev/values.yaml | 1 + .../addons/values/argocd/prod/values.yaml | 1 + .../values/gatekeeper/common/values.yaml | 4 +- .../bootstrap/addons-template.yaml | 35 +++ .../examples/eks/single-cluster-v2/main.tf | 48 +++- .../eks/single-cluster-v2/variables.tf | 7 + 11 files changed, 341 insertions(+), 4 deletions(-) create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/argocd/clusters/in-cluster/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/argocd/common/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/argocd/dev/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/argocd/prod/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons-template.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml index 566188b6..dc41cb70 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml @@ -65,3 +65,11 @@ applicationsets: operator: In values: ['true'] namespace: '.addons.argocd.namespace' + karpenter: + enabled: true + selector: + matchExpressions: + - key: enable_karpenter + operator: In + values: ['true'] + namespace: '.metadata.annotations.karpenter_namespace' \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stackv1.30-v1.0.0.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stackv1.30-v1.0.0.yaml index 6a2c1830..fad7b9d8 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stackv1.30-v1.0.0.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stackv1.30-v1.0.0.yaml @@ -24,3 +24,15 @@ addons: repoUrl: https://kubernetes-sigs.github.io/metrics-server targetRevision: "3.12.0" namespace: kube-system + aws_ebs_csi_resources: + chart: aws-ebs-csi-classes + releaseName: aws-ebs-csi-classes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + namespace: kube-system + karpenter: + chart: karpenter/karpenter + releaseName: karpenter + repoUrl: public.ecr.aws + targetRevision: "0.37.0" + namespace: kube-system diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stackv1.30-v1.1.0.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stackv1.30-v1.1.0.yaml index e3cf1cfe..59b69edc 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stackv1.30-v1.1.0.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stackv1.30-v1.1.0.yaml @@ -30,3 +30,9 @@ addons: repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts targetRevision: "1.0.0" namespace: kube-system + karpenter: + chart: karpenter/karpenter + releaseName: karpenter + repoUrl: public.ecr.aws + targetRevision: "0.37.0" + namespace: kube-system \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/argocd/clusters/in-cluster/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/argocd/clusters/in-cluster/values.yaml new file mode 100644 index 00000000..cd419759 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/argocd/clusters/in-cluster/values.yaml @@ -0,0 +1 @@ +foo: cluster \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/argocd/common/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/argocd/common/values.yaml new file mode 100644 index 00000000..ff55973a --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/argocd/common/values.yaml @@ -0,0 +1,222 @@ +controller: + replicas: 1 # Additional replicas will cause sharding of managed clusters across number of replicas. + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + env: + - name: ARGOCD_K8S_CLIENT_QPS #required for Crossplane too many CRDs https://github.com/argoproj/argo-cd/pull/448 + value: '300' + +repoServer: + autoscaling: + enabled: true + minReplicas: 1 + resources: # Adjust based on your specific use case (required for HPA) + requests: + cpu: '100m' + memory: '256Mi' + limits: + cpu: '200m' + memory: '512Mi' + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + +applicationSet: + replicaCount: 1 # The controller doesn't scale horizontally, is active-standby replicas + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + +server: + autoscaling: + enabled: true + minReplicas: 1 + resources: # Adjust based on your specific use case (required for HPA) + requests: + cpu: '100m' + memory: '256Mi' + limits: + cpu: '200m' + memory: '512Mi' + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + service: + type: LoadBalancer + annotations: + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing + +configs: + repositories: + # Required when using helm repository with oci formal like karpenter and aws-gateway-api-controller + aws-public-ecr: + name: aws-public-ecr + type: helm + url: public.ecr.aws + enableOCI: 'true' + cm: + application.resourceTrackingMethod: 'annotation' #use annotation for tracking required for Crossplane + resource.exclusions: | + - kinds: + - ProviderConfigUsage + apiGroups: + - "*" + resource.customizations: | + "awsblueprints.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + "*.aws.upbound.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + "*.aws.crossplane.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + +# -- Array of extra K8s manifests to deploy +## Note: Supports use of custom Helm templates +## It gets handle in this form inside the argo-cd chart +# {{ range .Values.extraObjects }} +# --- +# {{ if typeIs "string" . }} +# {{- tpl . $ }} +# {{- else }} +# {{- tpl (toYaml .) $ }} +# {{- end }} +# {{ end }} +extraObjects: + - | + apiVersion: argoproj.io/v1alpha1 + kind: AppProject + metadata: + name: default + namespace: {{ $.Release.Namespace | quote }} + annotations: + source: gitops-bridge + spec: + clusterResourceWhitelist: + - group: '*' + kind: '*' + sourceRepos: + - '*' + destinations: + - namespace: '*' + name: '*' + server: '*' diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/argocd/dev/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/argocd/dev/values.yaml new file mode 100644 index 00000000..7ab70e08 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/argocd/dev/values.yaml @@ -0,0 +1 @@ +foo: dev \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/argocd/prod/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/argocd/prod/values.yaml new file mode 100644 index 00000000..baea7fc2 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/argocd/prod/values.yaml @@ -0,0 +1 @@ +foo: prod \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/common/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/common/values.yaml index 20e44808..1e638e00 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/common/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/common/values.yaml @@ -1,2 +1,2 @@ -server: - enabled: false \ No newline at end of file +foo: common + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons-template.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons-template.yaml new file mode 100644 index 00000000..9bcf235e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons-template.yaml @@ -0,0 +1,35 @@ +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: cluster-addons + namespace: argocd +spec: + syncPolicy: + preserveResourcesOnDeletion: true + goTemplate: true + goTemplateOptions: + - missingkey=error + generators: + - clusters: {} + template: + metadata: + name: cluster-addons + spec: + project: default + source: + repoURL: '{{.metadata.annotations.addons_repo_url}}' + path: '{{.metadata.annotations.addons_repo_basepath}}charts/gitops-bridge' + targetRevision: '{{.metadata.annotations.addons_repo_revision}}' + helm: + valuesObject: + repoURLValuesBasePath: '{{.metadata.annotations.addons_repo_basepath}}' + repoURLValuesRevision: '{{.metadata.annotations.addons_repo_revision}}' + repoURLGitBasePath: '{{.metadata.annotations.addons_repo_basepath}}stacks/' + repoURLGitRevision: '{{.metadata.annotations.addons_repo_revision}}' + useSelector: true + destination: + namespace: argocd + name: '{{.name}}' + syncPolicy: + automated: {} + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf b/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf index 90b58f5b..7dc24dd4 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf @@ -34,6 +34,8 @@ locals { name = "getting-started" region = var.region + environment = var.environment + cluster_version = var.kubernetes_version vpc_cidr = var.vpc_cidr @@ -104,6 +106,9 @@ locals { { platform_stack_version = var.platform_stack_version }, + { + aws_karpenter_role_name = "${module.eks.cluster_name}-karpenter" + }, module.eks_blueprints_addons.gitops_metadata, { aws_cluster_name = module.eks.cluster_name @@ -143,6 +148,7 @@ module "gitops_bridge_bootstrap" { source = "gitops-bridge-dev/gitops-bridge/helm" cluster = { + environment = local.environment metadata = local.addons_metadata addons = local.addons } @@ -182,6 +188,11 @@ module "eks_blueprints_addons" { enable_velero = local.aws_addons.enable_velero enable_aws_gateway_api_controller = local.aws_addons.enable_aws_gateway_api_controller + karpenter_node = { + # Use static name so that it matches what is defined in `karpenter.yaml` example manifest + iam_role_use_name_prefix = false + } + tags = local.tags } @@ -209,10 +220,36 @@ module "eks" { max_size = 3 desired_size = 2 } + labels = { + # Used to ensure Karpenter runs on nodes that it does not manage + "karpenter.sh/controller" = "true" + } + + taints = { + # The pods that do not tolerate this taint should run on nodes + # created by Karpenter + karpenter = { + key = "karpenter.sh/controller" + value = "true" + effect = "NO_SCHEDULE" + } + } } # EKS Addons cluster_addons = { - coredns = {} + coredns = { + configuration_values = jsonencode({ + tolerations = [ + # Allow CoreDNS to run on the same nodes as the Karpenter controller + # for use during cluster creation when Karpenter nodes do not yet exist + { + key = "karpenter.sh/controller" + value = "true" + effect = "NoSchedule" + } + ] + }) + } kube-proxy = {} vpc-cni = { # Specify the VPC CNI addon should be deployed before compute to ensure @@ -232,7 +269,12 @@ module "eks" { service_account_role_arn = module.ebs_csi_driver_irsa.iam_role_arn } } - tags = local.tags + tags = merge(local.tags, { + # NOTE - if creating multiple security groups with this module, only tag the + # security group that Karpenter should utilize with the following tag + # (i.e. - at most, only one security group should have this tag in your account) + "karpenter.sh/discovery" = local.name + }) } module "ebs_csi_driver_irsa" { source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" @@ -275,6 +317,8 @@ module "vpc" { private_subnet_tags = { "kubernetes.io/role/internal-elb" = 1 + # Tags subnets for Karpenter auto-discovery + "karpenter.sh/discovery" = local.name } tags = local.tags diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/variables.tf b/argocd/iac/terraform/examples/eks/single-cluster-v2/variables.tf index 0302d92d..22c7d03f 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/variables.tf +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/variables.tf @@ -13,6 +13,12 @@ variable "kubernetes_version" { type = string default = "1.28" } +variable "environment" { + description = "Environment" + type = string + default = "dev" +} + variable "addons" { description = "Kubernetes addons" type = any @@ -21,6 +27,7 @@ variable "addons" { enable_aws_ebs_csi_resources = true # generate gp2 and gp3 storage classes for ebs-csi enable_metrics_server = true enable_gatekeeper = true + enable_karpenter = true enable_argocd = true } } From f617ffe3529079c24a61b6d03a68123e0a5651bb Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Mon, 22 Jul 2024 22:38:27 -0400 Subject: [PATCH 13/90] fix metric server Signed-off-by: Carlos Santana --- .../single-cluster-v2/addons/charts/gitops-bridge/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml index dc41cb70..2c6de33a 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml @@ -53,7 +53,7 @@ applicationsets: enabled: true selector: matchExpressions: - - key: enable_metrics_serve + - key: enable_metrics_server operator: In values: ['true'] namespace: '.addons.metrics_server.namespace' From e485bba958ee32af5433a6975b86fe320b6c4d37 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Mon, 22 Jul 2024 22:41:30 -0400 Subject: [PATCH 14/90] add irsa Signed-off-by: Carlos Santana --- .../addons/charts/gitops-bridge/values.yaml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml index 2c6de33a..b4fe57f6 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml @@ -72,4 +72,12 @@ applicationsets: - key: enable_karpenter operator: In values: ['true'] - namespace: '.metadata.annotations.karpenter_namespace' \ No newline at end of file + namespace: '.metadata.annotations.karpenter_namespace' + values: + settings: + clusterName: '{{metadata.annotations.aws_cluster_name}}' + interruptionQueue: '{{metadata.annotations.karpenter_sqs_queue_name}}' + serviceAccount: + name: '{{.metadata.annotations.karpenter_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.karpenter_iam_role_arn}}' From 440aa6161e7f92109e09c34a808b7ae361718e0f Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Mon, 22 Jul 2024 22:42:13 -0400 Subject: [PATCH 15/90] fix Signed-off-by: Carlos Santana --- .../single-cluster-v2/addons/charts/gitops-bridge/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml index b4fe57f6..5a935f75 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml @@ -76,7 +76,7 @@ applicationsets: values: settings: clusterName: '{{metadata.annotations.aws_cluster_name}}' - interruptionQueue: '{{metadata.annotations.karpenter_sqs_queue_name}}' + interruptionQueue: '{{.metadata.annotations.karpenter_sqs_queue_name}}' serviceAccount: name: '{{.metadata.annotations.karpenter_service_account}}' annotations: From faff635aecb46813d9400e4637b39283bc2e0b38 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Mon, 22 Jul 2024 22:42:52 -0400 Subject: [PATCH 16/90] fix Signed-off-by: Carlos Santana --- .../single-cluster-v2/addons/charts/gitops-bridge/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml index 5a935f75..c18af8c9 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml @@ -75,7 +75,7 @@ applicationsets: namespace: '.metadata.annotations.karpenter_namespace' values: settings: - clusterName: '{{metadata.annotations.aws_cluster_name}}' + clusterName: '{{.metadata.annotations.aws_cluster_name}}' interruptionQueue: '{{.metadata.annotations.karpenter_sqs_queue_name}}' serviceAccount: name: '{{.metadata.annotations.karpenter_service_account}}' From e7d9509e2dd33af8ddacab16b6cb9155bd18478b Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Tue, 23 Jul 2024 23:32:28 -0400 Subject: [PATCH 17/90] push the changes Signed-off-by: Carlos Santana --- .../templates/applicationsets.yaml | 48 +++-- .../addons/charts/gitops-bridge/values.yaml | 19 ++ .../addons/stacks/stack.yaml | 38 ++++ .../addons/values/gatekeeper/resources/.keep | 0 .../gatekeeper/resources/configmap.yaml | 6 + .../gatekeeper/resources/kustomization.yaml | 9 + .../karpenter/clusters/in-cluster/values.yaml | 1 + .../karpenter/common/resources/values.yaml | 0 .../values/karpenter/common/values.yaml | 2 + .../addons/values/karpenter/dev/values.yaml | 1 + .../karpenter/prod/resources/values.yaml | 0 .../addons/values/karpenter/prod/values.yaml | 1 + .../values/karpenter/resources/.helmignore | 23 +++ .../addons/values/karpenter/resources/.keep | 0 .../values/karpenter/resources/Chart.yaml | 19 ++ .../values/karpenter/resources/_helpers.tpl | 66 +++++++ .../resources/templates/nodeclass.yaml | 40 ++++ .../karpenter/resources/templates/pool.yaml | 187 ++++++++++++++++++ .../values/karpenter/resources/values.yaml | 12 ++ 19 files changed, 458 insertions(+), 14 deletions(-) create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stack.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/.keep create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/configmap.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/kustomization.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/clusters/in-cluster/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/common/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/common/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/dev/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/prod/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/prod/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/resources/.helmignore create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/resources/.keep create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/resources/Chart.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/resources/_helpers.tpl create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/resources/templates/nodeclass.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/resources/templates/pool.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/resources/values.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/templates/applicationsets.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/templates/applicationsets.yaml index 7aefcd8c..7c5e6de2 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/templates/applicationsets.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/templates/applicationsets.yaml @@ -7,6 +7,8 @@ {{- $repoURLValuesRevision := .Values.repoURLValuesRevision -}} {{- $repoURLValuesBasePath := .Values.repoURLValuesBasePath -}} {{- $project := .Values.project -}} +{{- $syncPolicy := .Values.syncPolicy -}} +{{- $stackPath := .Values.stackPath -}} {{- range $name, $addon := .Values.applicationsets }} {{- $nameNormalize := printf "%s" $name | replace "_" "-" | trunc 63 | trimSuffix "-" -}} {{- if $addon.enabled }} @@ -24,7 +26,6 @@ spec: goTemplateOptions: - missingkey=error generators: - - matrix: generators: - clusters: @@ -38,10 +39,12 @@ spec: repoURL: {{ $repoURLGit }} revision: {{ $repoURLGitRevision }} files: - - path: "{{ $repoURLGitBasePath }}stack{{`{{.metadata.annotations.platform_stack_version}}`}}.yaml" + - path: '{{ $stackPath}}' template: metadata: - name: addon-{{ $nameNormalize }} + name: addon-{{ $nameNormalize }}{{ if $useSelector }}-{{`{{.name}}`}}{{ end }} + annotations: + argocd.argoproj.io/manifest-generate-paths: {{ $repoURLValuesBasePath }}values/{{ $nameNormalize }}/common/values.yaml;{{ $repoURLValuesBasePath }}values/{{ $nameNormalize }}/{{`{{.metadata.labels.environment}}`}}/values.yaml;{{ $repoURLValuesBasePath }}values/{{ $nameNormalize }}/clusters/{{`{{.name}}`}}/values.yaml spec: project: {{ $project }} sources: @@ -55,24 +58,41 @@ spec: releaseName: '{{`{{.addons.`}}{{ $name }}{{`.releaseName}}`}}' ignoreMissingValueFiles: true valueFiles: - - $values/{{ $repoURLValuesBasePath }}values/{{`{{.addons.`}}{{ $name }}{{`.chart}}`}}/common/values.yaml - - $values/{{ $repoURLValuesBasePath }}values/{{`{{.addons.`}}{{ $name }}{{`.chart}}`}}/{{`{{.metadata.labels.environment}}`}}/values.yaml - - $values/{{ $repoURLValuesBasePath }}values/{{`{{.addons.`}}{{ $name }}{{`.chart}}`}}/clusters/{{`{{.name}}`}}/values.yaml + - $values/{{ $repoURLValuesBasePath }}values/{{ $nameNormalize }}/common/values.yaml + - $values/{{ $repoURLValuesBasePath }}values/{{ $nameNormalize }}/{{`{{.metadata.labels.environment}}`}}/values.yaml + - $values/{{ $repoURLValuesBasePath }}values/{{ $nameNormalize }}/clusters/{{`{{.name}}`}}/values.yaml {{- with $addon.values }} valuesObject: {{- toYaml . | nindent 12 }} {{- end }} + {{- if $addon.resources }} + - repoURL: {{ $repoURLValues }} + targetRevision: {{ $repoURLValuesRevision }} + path: '{{ $repoURLValuesBasePath }}values/{{ $nameNormalize }}/{{ $addon.resources.path }}resources' + {{- if $addon.resources.helm }} + helm: + releaseName: '{{`{{.addons.`}}{{ $name }}{{`.releaseName}}`}}' + ignoreMissingValueFiles: true + valueFiles: + - $values/{{ $repoURLValuesBasePath }}values/{{ $nameNormalize }}/common/resources/values.yaml + - $values/{{ $repoURLValuesBasePath }}values/{{ $nameNormalize }}/{{`{{.metadata.labels.environment}}`}}/resources/values.yaml + - $values/{{ $repoURLValuesBasePath }}values/{{ $nameNormalize }}/clusters/{{`{{.name}}`}}/resources/values.yaml + {{- if $addon.resources.helm.valuesObject }} + valuesObject: + {{- toYaml $addon.resources.helm.valuesObject | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} destination: - namespace: '{{ printf "{{" }}{{ $addon.namespace }}{{ printf "}}" }}' + namespace: '{{`{{`}}{{ $addon.namespace }}{{`}}`}}' name: '{{`{{.name}}`}}' + {{- if $addon.syncPolicy }} syncPolicy: - automated: - prune: false - retry: - limit: 100 - syncOptions: - - CreateNamespace=true - - ServerSideApply=true # Big CRDs. + {{- toYaml $addon.syncPolicy | nindent 8 }} + {{ else }} + syncPolicy: + {{- toYaml $syncPolicy | nindent 8 }} + {{- end }} {{- with $addon.ignoreDifferences }} ignoreDifferences: {{- toYaml . | nindent 8 }} diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml index c18af8c9..fadeaa11 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml @@ -1,3 +1,4 @@ +stackPath: '**/stack{{(.metadata.annotations.platform_stack_version | default "")}}.yaml' repoURLGit: "'{{.metadata.annotations.addons_repo_url}}'" repoURLGitRevision: HEAD repoURLGitBasePath: "**" @@ -7,6 +8,16 @@ repoURLValuesBasePath: "" project: default namespace: argocd useSelector: false +syncPolicy: + automated: + selfHeal: true + allowEmpty: true + prune: false + retry: + limit: 100 + syncOptions: + - CreateNamespace=true + - ServerSideApply=true # Big CRDs. applicationsets: argocd: enabled: true @@ -65,6 +76,7 @@ applicationsets: operator: In values: ['true'] namespace: '.addons.argocd.namespace' + kustomize: {} karpenter: enabled: true selector: @@ -81,3 +93,10 @@ applicationsets: name: '{{.metadata.annotations.karpenter_service_account}}' annotations: eks.amazonaws.com/role-arn: '{{.metadata.annotations.karpenter_iam_role_arn}}' + resources: + helm: + valuesObject: + clusterName: '{{.metadata.annotations.aws_cluster_name}}' + nodeRole: '{{.metadata.annotations.karpenter_node_iam_role_name}}' + + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stack.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stack.yaml new file mode 100644 index 00000000..a9b55ad7 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stack.yaml @@ -0,0 +1,38 @@ +version: v1.30-v1.1.0 +addons: + argocd: + chart: argo-cd + releaseName: argocd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "6.6.0" + namespace: argocd + aws_load_balancer_controller: + chart: aws-load-balancer-controller + releaseName: aws-load-balancer-controller + repoUrl: https://aws.github.io/eks-charts + targetRevision: "1.7.1" + namespace: kube-system + gatekeeper: + chart: gatekeeper + releaseName: gatekeeper + repoUrl: https://open-policy-agent.github.io/gatekeeper/charts + targetRevision: "3.15.0" + namespace: gatekeeper-system + metrics_server: + chart: gatekeeper + releaseName: metrics-server + repoUrl: https://kubernetes-sigs.github.io/metrics-server + targetRevision: "3.12.0" + namespace: kube-system + aws_ebs_csi_resources: + chart: aws-ebs-csi-classes + releaseName: aws-ebs-csi-classes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + namespace: kube-system + karpenter: + chart: karpenter/karpenter + releaseName: karpenter + repoUrl: public.ecr.aws + targetRevision: "0.37.0" + namespace: kube-system diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/.keep b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/.keep new file mode 100644 index 00000000..e69de29b diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/configmap.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/configmap.yaml new file mode 100644 index 00000000..2cbb83c0 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/configmap.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: foo +data: + foo: bar \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/kustomization.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/kustomization.yaml new file mode 100644 index 00000000..8c04d90c --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/kustomization.yaml @@ -0,0 +1,9 @@ +resources: +- configmap.yaml +# patches: +# - target: +# kind: ConfigMap +# patch: |- +# - op: replace +# path: /data/foo +# value: '{{.metadata.annotations.aws_vpc_id}}' \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/clusters/in-cluster/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/clusters/in-cluster/values.yaml new file mode 100644 index 00000000..cd419759 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/clusters/in-cluster/values.yaml @@ -0,0 +1 @@ +foo: cluster \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/common/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/common/resources/values.yaml new file mode 100644 index 00000000..e69de29b diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/common/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/common/values.yaml new file mode 100644 index 00000000..1e638e00 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/common/values.yaml @@ -0,0 +1,2 @@ +foo: common + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/dev/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/dev/values.yaml new file mode 100644 index 00000000..7ab70e08 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/dev/values.yaml @@ -0,0 +1 @@ +foo: dev \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/prod/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/prod/resources/values.yaml new file mode 100644 index 00000000..e69de29b diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/prod/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/prod/values.yaml new file mode 100644 index 00000000..baea7fc2 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/prod/values.yaml @@ -0,0 +1 @@ +foo: prod \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/resources/.helmignore b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/resources/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/resources/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/resources/.keep b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/resources/.keep new file mode 100644 index 00000000..e69de29b diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/resources/Chart.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/resources/Chart.yaml new file mode 100644 index 00000000..ecfa8278 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/resources/Chart.yaml @@ -0,0 +1,19 @@ +apiVersion: v2 +name: karpenter-resources +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 1.0.0 + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/resources/_helpers.tpl b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/resources/_helpers.tpl new file mode 100644 index 00000000..3716b4e6 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/resources/_helpers.tpl @@ -0,0 +1,66 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "karpenter-resources.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "karpenter-resources.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "karpenter-resources.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "karpenter-resources.labels" -}} +helm.sh/chart: {{ include "karpenter-resources.chart" . }} +{{ include "karpenter-resources.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "karpenter-resources.selectorLabels" -}} +app.kubernetes.io/name: {{ include "karpenter-resources.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "karpenter-resources.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "karpenter-resources.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{- define "toValidName" -}} +{{- printf "%s" . | regexReplaceAll "[^a-z0-9.-]" "-" | lower -}} +{{- end -}} \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/resources/templates/nodeclass.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/resources/templates/nodeclass.yaml new file mode 100644 index 00000000..1c4088d1 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/resources/templates/nodeclass.yaml @@ -0,0 +1,40 @@ +apiVersion: karpenter.k8s.aws/v1beta1 +kind: EC2NodeClass +metadata: + name: default + annotations: + argocd.argoproj.io/sync-wave: "1" +spec: + amiFamily: {{ .Values.amiFamily | default .Values.global.amiFamily | quote }} + metadataOptions: + httpEndpoint: enabled + httpProtocolIPv6: disabled + httpPutResponseHopLimit: 1 + httpTokens: required + role: {{ .Values.nodeRole | default .Values.global.nodeRole | quote }} + securityGroupSelectorTerms: + - tags: + karpenter.sh/discovery: {{ .Values.clusterName | default .Values.global.clusterName | quote }} + subnetSelectorTerms: + - tags: + karpenter.sh/discovery: {{ .Values.clusterName | default .Values.global.clusterName | quote }} + blockDeviceMappings: + # Root device + - deviceName: /dev/xvda + ebs: + volumeSize: 10Gi + volumeType: gp3 + encrypted: true + # Data device: Container resources such as images and logs + - deviceName: /dev/xvdb + ebs: + volumeSize: {{ .Values.volumeSize | default .Values.global.volumeSize | quote }} + volumeType: gp3 + encrypted: true + userData: | + [settings.kubernetes] + kube-api-qps = 30 + [settings.kubernetes.node-labels] + "bottlerocket.aws/updater-interface-version" = "2.0.0" + [settings.kubernetes.eviction-hard] + "memory.available" = "5%" \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/resources/templates/pool.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/resources/templates/pool.yaml new file mode 100644 index 00000000..d5000572 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/resources/templates/pool.yaml @@ -0,0 +1,187 @@ +{{- $environment := .Values.environment | default .Values.global.environment -}} +{{- if eq $environment "production" -}} +apiVersion: karpenter.sh/v1beta1 +kind: NodePool +metadata: + name: on-demand + annotations: + argocd.argoproj.io/sync-wave: "2" +spec: + disruption: + consolidationPolicy: WhenUnderutilized + expireAfter: 720h0m0s + limits: + cpu: 1k + template: + metadata: + labels: + bottlerocket.aws/updater-interface-version: 2.0.0 + spec: + nodeClassRef: + apiVersion: karpenter.k8s.aws/v1beta1 + kind: EC2NodeClass + name: default + requirements: + - key: capacity-spread + operator: In + values: + - "1" + - "2" + - key: karpenter.sh/capacity-type + operator: In + values: + - on-demand + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - arm64 + - key: karpenter.k8s.aws/instance-cpu + operator: In + values: + - "8" + - "16" + - "32" + - "48" + - "64" + - key: karpenter.k8s.aws/instance-category + operator: In + values: + - c + - m + - r + - key: karpenter.k8s.aws/instance-generation + operator: Gt + values: + - "4" + - key: kubernetes.io/os + operator: In + values: + - linux + {{- with .Values.startupTaints }} + startupTaints: + {{- toYaml . | nindent 6 }} + {{ end }} +--- +apiVersion: karpenter.sh/v1beta1 +kind: NodePool +metadata: + name: default + annotations: + argocd.argoproj.io/sync-wave: "2" +spec: + disruption: + consolidationPolicy: WhenUnderutilized + expireAfter: 720h0m0s + limits: + cpu: 1k + template: + metadata: + labels: + bottlerocket.aws/updater-interface-version: 2.0.0 + spec: + nodeClassRef: + apiVersion: karpenter.k8s.aws/v1beta1 + kind: EC2NodeClass + name: default + requirements: + - key: capacity-spread + operator: In + values: + - "3" + - key: karpenter.sh/capacity-type + operator: In + values: + - on-demand + - spot + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - arm64 + - key: karpenter.k8s.aws/instance-cpu + operator: In + values: + - "8" + - "16" + - "32" + - "48" + - "64" + - key: karpenter.k8s.aws/instance-category + operator: In + values: + - c + - m + - r + - key: karpenter.k8s.aws/instance-generation + operator: Gt + values: + - "4" + - key: kubernetes.io/os + operator: In + values: + - linux + {{- with .Values.startupTaints }} + startupTaints: + {{- toYaml . | nindent 6 }} + {{ end }} +{{- else -}} +apiVersion: karpenter.sh/v1beta1 +kind: NodePool +metadata: + name: default + annotations: + argocd.argoproj.io/sync-wave: "2" +spec: + disruption: + consolidationPolicy: WhenUnderutilized + expireAfter: 720h0m0s + limits: + cpu: 1k + template: + metadata: + labels: + bottlerocket.aws/updater-interface-version: 2.0.0 + spec: + nodeClassRef: + apiVersion: karpenter.k8s.aws/v1beta1 + kind: EC2NodeClass + name: default + requirements: + - key: karpenter.sh/capacity-type + operator: In + values: + - spot + - on-demand + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - arm64 + - key: karpenter.k8s.aws/instance-cpu + operator: In + values: + - "8" + - "16" + - "32" + - "48" + - "64" + - key: karpenter.k8s.aws/instance-category + operator: In + values: + - c + - m + - r + - key: karpenter.k8s.aws/instance-generation + operator: Gt + values: + - "4" + - key: kubernetes.io/os + operator: In + values: + - linux + {{- with .Values.startupTaints }} + startupTaints: + {{- toYaml . | nindent 6 }} + {{ end }} +{{- end -}} \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/resources/values.yaml new file mode 100644 index 00000000..cd08fefe --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/resources/values.yaml @@ -0,0 +1,12 @@ +global: + clusterName: "foo" + volumeSize: "10Gi" + nodeRole: "karpenter" + amiFamily: Bottlerocket + environment: "production" +# clusterName: "foo" +# volumeSize: "10Gi" +# nodeRole: "karpenter" +# amiFamily: Bottlerocket +# environment: "production" + From c24b6feaba8068edd4fd945ba04426f6609ee853 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Tue, 23 Jul 2024 23:39:25 -0400 Subject: [PATCH 18/90] update Signed-off-by: Carlos Santana --- .../gitops-bridge/templates/applicationsets.yaml | 4 ++-- .../eks/single-cluster-v2/bootstrap/addons.yaml | 10 +++++++++- .../eks/single-cluster-v2/bootstrap/workloads.yaml | 11 ++++++----- 3 files changed, 17 insertions(+), 8 deletions(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/templates/applicationsets.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/templates/applicationsets.yaml index 7c5e6de2..5f934215 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/templates/applicationsets.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/templates/applicationsets.yaml @@ -43,8 +43,8 @@ spec: template: metadata: name: addon-{{ $nameNormalize }}{{ if $useSelector }}-{{`{{.name}}`}}{{ end }} - annotations: - argocd.argoproj.io/manifest-generate-paths: {{ $repoURLValuesBasePath }}values/{{ $nameNormalize }}/common/values.yaml;{{ $repoURLValuesBasePath }}values/{{ $nameNormalize }}/{{`{{.metadata.labels.environment}}`}}/values.yaml;{{ $repoURLValuesBasePath }}values/{{ $nameNormalize }}/clusters/{{`{{.name}}`}}/values.yaml + annotations: + argocd.argoproj.io/manifest-generate-paths: {{ $repoURLValuesBasePath }}values/{{ $nameNormalize }}/common/values.yaml;{{ $repoURLValuesBasePath }}values/{{ $nameNormalize }}/{{`{{.metadata.labels.environment}}`}}/values.yaml;{{ $repoURLValuesBasePath }}values/{{ $nameNormalize }}/clusters/{{`{{.name}}`}}/values.yaml spec: project: {{ $project }} sources: diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.yaml index ce135992..8e6c837f 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.yaml @@ -31,4 +31,12 @@ spec: namespace: argocd name: '{{.name}}' syncPolicy: - automated: {} + automated: + selfHeal: true + allowEmpty: true + prune: false + retry: + limit: 100 + syncOptions: + - CreateNamespace=true + - ServerSideApply=true # Big CRDs. \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/workloads.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/workloads.yaml index e0b3be26..be73a35d 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/workloads.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/workloads.yaml @@ -25,10 +25,11 @@ spec: name: '{{name}}' syncPolicy: automated: + selfHeal: true allowEmpty: true - syncOptions: - - CreateNamespace=true + prune: false retry: - backoff: - duration: 1m - limit: 60 + limit: 100 + syncOptions: + - CreateNamespace=true + - ServerSideApply=true # Big CRDs. From 2ec8a82e5f9143c3dd83cf3ebdebae49e96d3fd3 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Wed, 24 Jul 2024 11:01:18 -0400 Subject: [PATCH 19/90] update argocd Signed-off-by: Carlos Santana --- .../addons/values/argocd/common/values.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/argocd/common/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/argocd/common/values.yaml index ff55973a..f7a536e3 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/argocd/common/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/argocd/common/values.yaml @@ -1,3 +1,8 @@ +global: + tolerations: + - key: "karpenter.sh/controller" + value: "true" + effect: "NoSchedule" controller: replicas: 1 # Additional replicas will cause sharding of managed clusters across number of replicas. metrics: From 12629f409300ea313e96ff585f2334ca2ea04f7b Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Wed, 24 Jul 2024 13:00:24 -0400 Subject: [PATCH 20/90] push tolerations Signed-off-by: Carlos Santana --- .../addons/values/argocd/common/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/argocd/common/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/argocd/common/values.yaml index f7a536e3..dd923a71 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/argocd/common/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/argocd/common/values.yaml @@ -1,8 +1,8 @@ global: tolerations: - - key: "karpenter.sh/controller" - value: "true" - effect: "NoSchedule" + - key: "CriticalAddonsOnly" + operator: "Exists" + controller: replicas: 1 # Additional replicas will cause sharding of managed clusters across number of replicas. metrics: From 1002927555198ec38002eba22029157437ebdb84 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Wed, 24 Jul 2024 13:01:04 -0400 Subject: [PATCH 21/90] update Signed-off-by: Carlos Santana --- .../argocd-initial-values.yaml | 4 +++ .../examples/eks/single-cluster-v2/main.tf | 36 ++++++------------- 2 files changed, 15 insertions(+), 25 deletions(-) create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/argocd-initial-values.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/argocd-initial-values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/argocd-initial-values.yaml new file mode 100644 index 00000000..ca19c961 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/argocd-initial-values.yaml @@ -0,0 +1,4 @@ +global: + tolerations: + - key: "CriticalAddonsOnly" + operator: "Exists" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf b/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf index 7dc24dd4..1f4027fe 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf @@ -148,12 +148,17 @@ module "gitops_bridge_bootstrap" { source = "gitops-bridge-dev/gitops-bridge/helm" cluster = { + name = module.eks.cluster_name environment = local.environment metadata = local.addons_metadata addons = local.addons } apps = local.argocd_apps + argocd = { + values = [file("${path.module}/argocd-initial-values.yaml")] + } + } ################################################################################ @@ -219,37 +224,18 @@ module "eks" { min_size = 1 max_size = 3 desired_size = 2 - } - labels = { - # Used to ensure Karpenter runs on nodes that it does not manage - "karpenter.sh/controller" = "true" - } - taints = { - # The pods that do not tolerate this taint should run on nodes - # created by Karpenter - karpenter = { - key = "karpenter.sh/controller" - value = "true" - effect = "NO_SCHEDULE" + dedicated = { + key = "CriticalAddonsOnly" + operator = "Exists" + effect = "NO_SCHEDULE" } } + } } # EKS Addons cluster_addons = { - coredns = { - configuration_values = jsonencode({ - tolerations = [ - # Allow CoreDNS to run on the same nodes as the Karpenter controller - # for use during cluster creation when Karpenter nodes do not yet exist - { - key = "karpenter.sh/controller" - value = "true" - effect = "NoSchedule" - } - ] - }) - } + coredns = {} kube-proxy = {} vpc-cni = { # Specify the VPC CNI addon should be deployed before compute to ensure From 203dd1b211f2c4313c7aaf555b99a7d05dbf77e1 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Wed, 24 Jul 2024 13:35:50 -0400 Subject: [PATCH 22/90] update Signed-off-by: Carlos Santana --- .../single-cluster-v2/addons/charts/gitops-bridge/values.yaml | 2 +- argocd/iac/terraform/examples/eks/single-cluster-v2/destroy.sh | 2 +- .../iac/terraform/examples/eks/single-cluster-v2/variables.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml index fadeaa11..b0b186b1 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml @@ -10,7 +10,7 @@ namespace: argocd useSelector: false syncPolicy: automated: - selfHeal: true + selfHeal: false allowEmpty: true prune: false retry: diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/destroy.sh b/argocd/iac/terraform/examples/eks/single-cluster-v2/destroy.sh index 7089a684..f302b355 100755 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/destroy.sh +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/destroy.sh @@ -13,7 +13,7 @@ terraform -chdir=$SCRIPTDIR output -raw configure_kubectl > "$TMPFILE" if [[ ! $(cat $TMPFILE) == *"No outputs found"* ]]; then source "$TMPFILE" kubectl delete -n argocd applicationset workloads - kubectl delete -n game-2048 ingress game-2048 + kubectl delete -n argocd application workloads kubectl delete -n argocd applicationset cluster-addons kubectl delete -n argocd applicationset addons-argocd kubectl delete -n argocd svc argo-cd-argocd-server diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/variables.tf b/argocd/iac/terraform/examples/eks/single-cluster-v2/variables.tf index 22c7d03f..d8fa7935 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/variables.tf +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/variables.tf @@ -11,7 +11,7 @@ variable "region" { variable "kubernetes_version" { description = "Kubernetes version" type = string - default = "1.28" + default = "1.30" } variable "environment" { description = "Environment" From 6151df85dfa5caba5267b53bd378ae2b18f5a8cd Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Wed, 24 Jul 2024 18:05:56 -0400 Subject: [PATCH 23/90] fix Signed-off-by: Carlos Santana --- .../single-cluster-v2/addons/stacks/stackv1.30-v1.1.0.yaml | 2 +- argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf | 1 + .../iac/terraform/examples/eks/single-cluster-v2/outputs.tf | 4 ++-- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stackv1.30-v1.1.0.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stackv1.30-v1.1.0.yaml index 59b69edc..33c40294 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stackv1.30-v1.1.0.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stackv1.30-v1.1.0.yaml @@ -19,7 +19,7 @@ addons: targetRevision: "3.15.0" namespace: gatekeeper-system metrics_server: - chart: gatekeeper + chart: metrics-server releaseName: metrics-server repoUrl: https://kubernetes-sigs.github.io/metrics-server targetRevision: "3.12.0" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf b/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf index 1f4027fe..82ffce43 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf @@ -156,6 +156,7 @@ module "gitops_bridge_bootstrap" { apps = local.argocd_apps argocd = { + name = "argocd" values = [file("${path.module}/argocd-initial-values.yaml")] } diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/outputs.tf b/argocd/iac/terraform/examples/eks/single-cluster-v2/outputs.tf index d4ecfbf1..e890d752 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/outputs.tf +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/outputs.tf @@ -17,7 +17,7 @@ output "configure_argocd" { echo "ArgoCD Username: admin" echo "ArgoCD Password: $(kubectl get secrets argocd-initial-admin-secret -n argocd --template="{{index .data.password | base64decode}}")" echo Port Forward: http://localhost:8080 - kubectl port-forward -n argocd svc/argo-cd-argocd-server 8080:80 + kubectl port-forward -n argocd svc/argocd-server 8080:80 EOT } @@ -28,6 +28,6 @@ output "access_argocd" { aws eks --region ${local.region} update-kubeconfig --name ${module.eks.cluster_name} echo "ArgoCD Username: admin" echo "ArgoCD Password: $(kubectl get secrets argocd-initial-admin-secret -n argocd --template="{{index .data.password | base64decode}}")" - echo "ArgoCD URL: https://$(kubectl get svc -n argocd argo-cd-argocd-server -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')" + echo "ArgoCD URL: https://$(kubectl get svc -n argocd argocd-server -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')" EOT } From a505548d69b7ebaba68a8c8bf62a9cd6091cf0d1 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Wed, 24 Jul 2024 18:08:08 -0400 Subject: [PATCH 24/90] fix metric-server Signed-off-by: Carlos Santana --- .../examples/eks/single-cluster-v2/addons/stacks/stack.yaml | 2 +- .../eks/single-cluster-v2/addons/stacks/stackv1.30-v1.0.0.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stack.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stack.yaml index a9b55ad7..c7373a7d 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stack.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stack.yaml @@ -19,7 +19,7 @@ addons: targetRevision: "3.15.0" namespace: gatekeeper-system metrics_server: - chart: gatekeeper + chart: metrics-server releaseName: metrics-server repoUrl: https://kubernetes-sigs.github.io/metrics-server targetRevision: "3.12.0" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stackv1.30-v1.0.0.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stackv1.30-v1.0.0.yaml index fad7b9d8..a2f212c8 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stackv1.30-v1.0.0.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stackv1.30-v1.0.0.yaml @@ -19,7 +19,7 @@ addons: targetRevision: "3.15.0" namespace: gatekeeper-system metrics_server: - chart: gatekeeper + chart: metrics-server releaseName: metrics-server repoUrl: https://kubernetes-sigs.github.io/metrics-server targetRevision: "3.12.0" From ec13d173394875a59e6f9e1723418175f1a8f858 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Wed, 24 Jul 2024 19:46:42 -0400 Subject: [PATCH 25/90] add values for alb Signed-off-by: Carlos Santana --- .../clusters/in-cluster/values.yaml | 1 + .../values/aws-load-balancer-controller/common/values.yaml | 3 +++ .../addons/values/aws-load-balancer-controller/dev/values.yaml | 1 + .../values/aws-load-balancer-controller/prod/values.yaml | 1 + argocd/iac/terraform/examples/eks/single-cluster-v2/destroy.sh | 2 +- 5 files changed, 7 insertions(+), 1 deletion(-) create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/aws-load-balancer-controller/clusters/in-cluster/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/aws-load-balancer-controller/common/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/aws-load-balancer-controller/dev/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/aws-load-balancer-controller/prod/values.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/aws-load-balancer-controller/clusters/in-cluster/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/aws-load-balancer-controller/clusters/in-cluster/values.yaml new file mode 100644 index 00000000..cd419759 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/aws-load-balancer-controller/clusters/in-cluster/values.yaml @@ -0,0 +1 @@ +foo: cluster \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/aws-load-balancer-controller/common/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/aws-load-balancer-controller/common/values.yaml new file mode 100644 index 00000000..dd388d7d --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/aws-load-balancer-controller/common/values.yaml @@ -0,0 +1,3 @@ +tolerations: +- key: "CriticalAddonsOnly" + operator: "Exists" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/aws-load-balancer-controller/dev/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/aws-load-balancer-controller/dev/values.yaml new file mode 100644 index 00000000..7ab70e08 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/aws-load-balancer-controller/dev/values.yaml @@ -0,0 +1 @@ +foo: dev \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/aws-load-balancer-controller/prod/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/aws-load-balancer-controller/prod/values.yaml new file mode 100644 index 00000000..baea7fc2 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/aws-load-balancer-controller/prod/values.yaml @@ -0,0 +1 @@ +foo: prod \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/destroy.sh b/argocd/iac/terraform/examples/eks/single-cluster-v2/destroy.sh index f302b355..62dd46b7 100755 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/destroy.sh +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/destroy.sh @@ -16,7 +16,7 @@ if [[ ! $(cat $TMPFILE) == *"No outputs found"* ]]; then kubectl delete -n argocd application workloads kubectl delete -n argocd applicationset cluster-addons kubectl delete -n argocd applicationset addons-argocd - kubectl delete -n argocd svc argo-cd-argocd-server + kubectl delete -n argocd svc argocd-server fi terraform destroy -target="module.gitops_bridge_bootstrap" -auto-approve From 2fcb657894af063edb5d561f3504259687843edd Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Wed, 24 Jul 2024 19:48:03 -0400 Subject: [PATCH 26/90] update cluster name Signed-off-by: Carlos Santana --- argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf b/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf index 82ffce43..88933838 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf @@ -148,7 +148,7 @@ module "gitops_bridge_bootstrap" { source = "gitops-bridge-dev/gitops-bridge/helm" cluster = { - name = module.eks.cluster_name + cluster_name = module.eks.cluster_name environment = local.environment metadata = local.addons_metadata addons = local.addons From 8f4b425e6beaf571f681664a7d09580ecedde775 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Wed, 24 Jul 2024 21:55:52 -0400 Subject: [PATCH 27/90] adm64 for now Signed-off-by: Carlos Santana --- .../addons/values/karpenter/resources/templates/pool.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/resources/templates/pool.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/resources/templates/pool.yaml index d5000572..4d97870f 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/resources/templates/pool.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/resources/templates/pool.yaml @@ -35,7 +35,7 @@ spec: operator: In values: - amd64 - - arm64 + #- arm64 - key: karpenter.k8s.aws/instance-cpu operator: In values: @@ -98,7 +98,7 @@ spec: operator: In values: - amd64 - - arm64 + #- arm64 - key: karpenter.k8s.aws/instance-cpu operator: In values: @@ -157,7 +157,7 @@ spec: operator: In values: - amd64 - - arm64 + #- arm64 - key: karpenter.k8s.aws/instance-cpu operator: In values: From 855ee81f17a9febcaea76a5516df6bf29aedb0c4 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Wed, 24 Jul 2024 23:44:08 -0400 Subject: [PATCH 28/90] add karpenter node role to cluster Signed-off-by: Carlos Santana --- .../examples/eks/single-cluster-v2/main.tf | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf b/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf index 88933838..04d4a2d4 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf @@ -214,10 +214,22 @@ module "eks" { cluster_version = local.cluster_version cluster_endpoint_public_access = true - vpc_id = module.vpc.vpc_id subnet_ids = module.vpc.private_subnets + manage_aws_auth_configmap = true + aws_auth_roles = [ + # We need to add in the Karpenter node IAM role for nodes launched by Karpenter + { + rolearn = module.eks_blueprints_addons.karpenter.node_iam_role_arn + username = "system:node:{{EC2PrivateDNSName}}" + groups = [ + "system:bootstrappers", + "system:nodes", + ] + }, + ] + eks_managed_node_groups = { initial = { instance_types = ["t3.medium"] From 28a34d0e4140b370eb3d3235029d5393f28c4c52 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Thu, 25 Jul 2024 19:06:58 -0400 Subject: [PATCH 29/90] update Signed-off-by: Carlos Santana --- .../iac/terraform/examples/eks/single-cluster-v2/destroy.sh | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/destroy.sh b/argocd/iac/terraform/examples/eks/single-cluster-v2/destroy.sh index 62dd46b7..9809ca36 100755 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/destroy.sh +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/destroy.sh @@ -12,10 +12,8 @@ terraform -chdir=$SCRIPTDIR output -raw configure_kubectl > "$TMPFILE" # check if TMPFILE contains the string "No outputs found" if [[ ! $(cat $TMPFILE) == *"No outputs found"* ]]; then source "$TMPFILE" - kubectl delete -n argocd applicationset workloads - kubectl delete -n argocd application workloads - kubectl delete -n argocd applicationset cluster-addons - kubectl delete -n argocd applicationset addons-argocd + kubectl delete nodepool --all + kubectl delete -n game-2048 ing game-2048 kubectl delete -n argocd svc argocd-server fi From c02a32d99db6a07ab7aa43456b36dea05fa1e300 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Thu, 25 Jul 2024 20:02:19 -0400 Subject: [PATCH 30/90] add gatekeeper Signed-off-by: Carlos Santana --- .../addons/charts/gitops-bridge/values.yaml | 2 + .../disallowedrepos/kustomization.yaml | 3 ++ .../constraint.yaml | 12 +++++ .../disallowed_all.yaml | 14 ++++++ .../example_allowed.yaml | 8 +++ .../example_disallowed_both.yaml | 11 +++++ .../example_disallowed_container.yaml | 9 ++++ .../example_disallowed_initcontainer.yaml | 11 +++++ .../resources/disallowedrepos/suite.yaml | 43 ++++++++++++++++ .../resources/disallowedrepos/template.yaml | 49 +++++++++++++++++++ .../gatekeeper/resources/kustomization.yaml | 24 ++++++--- .../eks/single-cluster-v2/k8s/game-2048.yaml | 19 ++++++- .../examples/eks/single-cluster-v2/main.tf | 10 ++-- 13 files changed, 201 insertions(+), 14 deletions(-) create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/kustomization.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/constraint.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/disallowed_all.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_allowed.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_both.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_container.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_initcontainer.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/suite.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/template.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml index b0b186b1..29650d05 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml @@ -60,6 +60,8 @@ applicationsets: operator: In values: ['true'] namespace: '.addons.gatekeeper.namespace' + resources: + enabled: true metrics_server: enabled: true selector: diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/kustomization.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/kustomization.yaml new file mode 100644 index 00000000..475a5391 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/kustomization.yaml @@ -0,0 +1,3 @@ +resources: + - template.yaml + - samples/repo-must-not-be-k8s-gcr-io/constraint.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/constraint.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/constraint.yaml new file mode 100644 index 00000000..3da15a5d --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/constraint.yaml @@ -0,0 +1,12 @@ +apiVersion: constraints.gatekeeper.sh/v1beta1 +kind: K8sDisallowedRepos +metadata: + name: repo-must-not-be-k8s-gcr-io +spec: + match: + kinds: + - apiGroups: [""] + kinds: ["Pod"] + parameters: + repos: + - "k8s.gcr.io/" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/disallowed_all.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/disallowed_all.yaml new file mode 100644 index 00000000..ec4bfc90 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/disallowed_all.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Pod +metadata: + name: kustomize-disallowed +spec: + initContainers: + - name: kustomize + image: k8s.gcr.io/kustomize/kustomize:v3.8.9 + containers: + - name: kustomize + image: k8s.gcr.io/kustomize/kustomize:v3.8.9 + ephemeralContainers: + - name: kustomize + image: k8s.gcr.io/kustomize/kustomize:v3.8.9 diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_allowed.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_allowed.yaml new file mode 100644 index 00000000..145d903f --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_allowed.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Pod +metadata: + name: kustomize-allowed +spec: + containers: + - name: kustomize + image: registry.k8s.io/kustomize/kustomize:v3.8.9 diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_both.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_both.yaml new file mode 100644 index 00000000..860e00d7 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_both.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Pod +metadata: + name: kustomize-disallowed +spec: + initContainers: + - name: kustomizeinit + image: k8s.gcr.io/kustomize/kustomize:v3.8.9 + containers: + - name: kustomize + image: k8s.gcr.io/kustomize/kustomize:v3.8.9 diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_container.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_container.yaml new file mode 100644 index 00000000..efae1b41 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_container.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Pod +metadata: + name: kustomize-disallowed +spec: + containers: + - name: kustomize + image: k8s.gcr.io/kustomize/kustomize:v3.8.9 + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_initcontainer.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_initcontainer.yaml new file mode 100644 index 00000000..93a419d6 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_initcontainer.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Pod +metadata: + name: kustomize-disallowed +spec: + initContainers: + - name: kustomizeinit + image: k8s.gcr.io/kustomize/kustomize:v3.8.9 + containers: + - name: kustomize + image: registry.k8s.io/kustomize/kustomize:v3.8.9 diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/suite.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/suite.yaml new file mode 100644 index 00000000..bcc77de9 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/suite.yaml @@ -0,0 +1,43 @@ +kind: Suite +apiVersion: test.gatekeeper.sh/v1alpha1 +metadata: + name: disallowedrepos +tests: +- name: repo-must-not-be-k8s-gcr-io + template: template.yaml + constraint: samples/repo-must-not-be-k8s-gcr-io/constraint.yaml + cases: + - name: example-allowed + object: samples/repo-must-not-be-k8s-gcr-io/example_allowed.yaml + assertions: + - violations: no + - name: container-disallowed + object: samples/repo-must-not-be-k8s-gcr-io/example_disallowed_container.yaml + assertions: + - violations: yes + message: container + - name: initcontainer-disallowed + object: samples/repo-must-not-be-k8s-gcr-io/example_disallowed_initcontainer.yaml + assertions: + - violations: 1 + message: initContainer + - violations: 0 + message: container + - name: both-disallowed + object: samples/repo-must-not-be-k8s-gcr-io/example_disallowed_both.yaml + assertions: + - violations: 2 + - message: initContainer + violations: 1 + - message: container + violations: 1 + - name: all-disallowed + object: samples/repo-must-not-be-k8s-gcr-io/disallowed_all.yaml + assertions: + - violations: 3 + - message: initContainer + violations: 1 + - message: container + violations: 1 + - message: ephemeralContainer + violations: 1 diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/template.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/template.yaml new file mode 100644 index 00000000..c4a27225 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/template.yaml @@ -0,0 +1,49 @@ +apiVersion: templates.gatekeeper.sh/v1 +kind: ConstraintTemplate +metadata: + name: k8sdisallowedrepos + annotations: + metadata.gatekeeper.sh/title: "Disallowed Repositories" + metadata.gatekeeper.sh/version: 1.0.0 + description: >- + Disallowed container repositories that begin with a string from the specified list. +spec: + crd: + spec: + names: + kind: K8sDisallowedRepos + validation: + # Schema for the `parameters` field + openAPIV3Schema: + type: object + properties: + repos: + description: The list of prefixes a container image is not allowed to have. + type: array + items: + type: string + targets: + - target: admission.k8s.gatekeeper.sh + rego: | + package k8sdisallowedrepos + + violation[{"msg": msg}] { + container := input.review.object.spec.containers[_] + image := container.image + startswith(image, input.parameters.repos[_]) + msg := sprintf("container <%v> has an invalid image repo <%v>, disallowed repos are %v", [container.name, container.image, input.parameters.repos]) + } + + violation[{"msg": msg}] { + container := input.review.object.spec.initContainers[_] + image := container.image + startswith(image, input.parameters.repos[_]) + msg := sprintf("initContainer <%v> has an invalid image repo <%v>, disallowed repos are %v", [container.name, container.image, input.parameters.repos]) + } + + violation[{"msg": msg}] { + container := input.review.object.spec.ephemeralContainers[_] + image := container.image + startswith(image, input.parameters.repos[_]) + msg := sprintf("ephemeralContainer <%v> has an invalid image repo <%v>, disallowed repos are %v", [container.name, container.image, input.parameters.repos]) + } diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/kustomization.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/kustomization.yaml index 8c04d90c..31ba11b0 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/kustomization.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/kustomization.yaml @@ -1,9 +1,17 @@ resources: -- configmap.yaml -# patches: -# - target: -# kind: ConfigMap -# patch: |- -# - op: replace -# path: /data/foo -# value: '{{.metadata.annotations.aws_vpc_id}}' \ No newline at end of file +- disallowedrepos +# commonAnnotations: +# argocd.argoproj.io/sync-wave: "1" +patches: + - target: + kind: ConstraintTemplate + patch: |- + - op: add + path: /metadata/annotations/argocd.argoproj.io~1sync-wave + value: "1" + - target: + group: constraints.gatekeeper.sh + patch: |- + - op: add + path: /metadata/annotations/argocd.argoproj.io~1sync-wave + value: "2" \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/k8s/game-2048.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/k8s/game-2048.yaml index 44e2d12e..f6db4cc2 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/k8s/game-2048.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/k8s/game-2048.yaml @@ -59,4 +59,21 @@ spec: service: name: game-2048 port: - name: http \ No newline at end of file + name: http +--- +# network policy that disallow egress requests to http port 8080 +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: game-2048 + namespace: game-2048 +spec: + podSelector: + matchLabels: + app.kubernetes.io/name: game-2048 + policyTypes: + - Egress + egress: + - ports: + - port: 8080 + protocol: TCP \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf b/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf index 04d4a2d4..e0fc4d70 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf @@ -218,7 +218,7 @@ module "eks" { subnet_ids = module.vpc.private_subnets manage_aws_auth_configmap = true - aws_auth_roles = [ + aws_auth_roles = local.aws_addons.enable_karpenter ? [ # We need to add in the Karpenter node IAM role for nodes launched by Karpenter { rolearn = module.eks_blueprints_addons.karpenter.node_iam_role_arn @@ -227,8 +227,8 @@ module "eks" { "system:bootstrappers", "system:nodes", ] - }, - ] + } + ] : [] eks_managed_node_groups = { initial = { @@ -237,13 +237,13 @@ module "eks" { min_size = 1 max_size = 3 desired_size = 2 - taints = { + taints = local.aws_addons.enable_karpenter ? { dedicated = { key = "CriticalAddonsOnly" operator = "Exists" effect = "NO_SCHEDULE" } - } + } : {} } } # EKS Addons From e43d2710fb0be016f69ab35cc0ad92e4849feb95 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Thu, 25 Jul 2024 21:02:11 -0400 Subject: [PATCH 31/90] add skipdryrun Signed-off-by: Carlos Santana --- .../single-cluster-v2/addons/charts/gitops-bridge/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml index 29650d05..1ad8ce13 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml @@ -18,6 +18,7 @@ syncPolicy: syncOptions: - CreateNamespace=true - ServerSideApply=true # Big CRDs. + - SkipDryRunOnMissingResource=true applicationsets: argocd: enabled: true From 168a72dbf6c869b0eda5b4e7960f47d3e6995e79 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Thu, 25 Jul 2024 21:05:46 -0400 Subject: [PATCH 32/90] fix skip Signed-off-by: Carlos Santana --- .../addons/charts/gitops-bridge/values.yaml | 1 - .../addons/values/gatekeeper/resources/kustomization.yaml | 5 ++++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml index 1ad8ce13..29650d05 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml @@ -18,7 +18,6 @@ syncPolicy: syncOptions: - CreateNamespace=true - ServerSideApply=true # Big CRDs. - - SkipDryRunOnMissingResource=true applicationsets: argocd: enabled: true diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/kustomization.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/kustomization.yaml index 31ba11b0..b8fba4c8 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/kustomization.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/kustomization.yaml @@ -14,4 +14,7 @@ patches: patch: |- - op: add path: /metadata/annotations/argocd.argoproj.io~1sync-wave - value: "2" \ No newline at end of file + value: "2" + - op: add + path: /metadata/annotations/argocd.argoproj.io~1sync-options + value: "SkipDryRunOnMissingResource=true" \ No newline at end of file From cd37ecf4cb9c7c914573e964de174ad6ce0051b4 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Thu, 25 Jul 2024 21:19:02 -0400 Subject: [PATCH 33/90] update argocd Signed-off-by: Carlos Santana --- .../eks/single-cluster-v2/addons/stacks/stackv1.30-v1.1.0.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stackv1.30-v1.1.0.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stackv1.30-v1.1.0.yaml index 33c40294..396cec94 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stackv1.30-v1.1.0.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stackv1.30-v1.1.0.yaml @@ -4,7 +4,7 @@ addons: chart: argo-cd releaseName: argocd repoUrl: https://argoproj.github.io/argo-helm - targetRevision: "6.6.0" + targetRevision: "7.3.11" namespace: argocd aws_load_balancer_controller: chart: aws-load-balancer-controller From 0defea4716d4a89b046565cc7210be959617fcf0 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Thu, 25 Jul 2024 21:32:06 -0400 Subject: [PATCH 34/90] netpol Signed-off-by: Carlos Santana --- .../terraform/examples/eks/single-cluster-v2/k8s/game-2048.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/k8s/game-2048.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/k8s/game-2048.yaml index f6db4cc2..c31192a2 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/k8s/game-2048.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/k8s/game-2048.yaml @@ -76,4 +76,4 @@ spec: egress: - ports: - port: 8080 - protocol: TCP \ No newline at end of file + protocol: TCP From e229d3fd79d9252df14fed6442447298b3539c64 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Thu, 25 Jul 2024 22:14:39 -0400 Subject: [PATCH 35/90] update netpol Signed-off-by: Carlos Santana --- .../examples/eks/single-cluster-v2/k8s/game-2048.yaml | 9 +-------- .../iac/terraform/examples/eks/single-cluster-v2/main.tf | 3 ++- 2 files changed, 3 insertions(+), 9 deletions(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/k8s/game-2048.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/k8s/game-2048.yaml index c31192a2..0539f2fa 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/k8s/game-2048.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/k8s/game-2048.yaml @@ -61,19 +61,12 @@ spec: port: name: http --- -# network policy that disallow egress requests to http port 8080 apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: game-2048 namespace: game-2048 spec: - podSelector: - matchLabels: - app.kubernetes.io/name: game-2048 + podSelector: {} policyTypes: - Egress - egress: - - ports: - - port: 8080 - protocol: TCP diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf b/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf index e0fc4d70..d54b2de2 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf @@ -261,7 +261,8 @@ module "eks" { # Reference docs https://docs.aws.amazon.com/eks/latest/userguide/cni-increase-ip-addresses.html ENABLE_PREFIX_DELEGATION = "true" WARM_PREFIX_TARGET = "1" - } + }, + enableNetworkPolicy : "true" }) } aws-ebs-csi-driver = { From 96c9f057bdb3c84e627c42a6540ffa8c28eff525 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Thu, 25 Jul 2024 22:16:55 -0400 Subject: [PATCH 36/90] fix location Signed-off-by: Carlos Santana --- .../iac/terraform/examples/eks/single-cluster-v2/variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/variables.tf b/argocd/iac/terraform/examples/eks/single-cluster-v2/variables.tf index d8fa7935..c1ea5214 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/variables.tf +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/variables.tf @@ -82,7 +82,7 @@ variable "gitops_workload_basepath" { variable "gitops_workload_path" { description = "Git repository path for workload" type = string - default = "getting-started/k8s" + default = "single-cluster-v2/k8s" } variable "platform_stack_version" { From 355435d474c20a5ae33029b6ad7aefbc23e648fb Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Thu, 25 Jul 2024 22:50:28 -0400 Subject: [PATCH 37/90] update argocd Signed-off-by: Carlos Santana --- .../iac/terraform/examples/eks/single-cluster-v2/destroy.sh | 6 +++++- argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf | 1 + 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/destroy.sh b/argocd/iac/terraform/examples/eks/single-cluster-v2/destroy.sh index 9809ca36..e85787fc 100755 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/destroy.sh +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/destroy.sh @@ -12,9 +12,13 @@ terraform -chdir=$SCRIPTDIR output -raw configure_kubectl > "$TMPFILE" # check if TMPFILE contains the string "No outputs found" if [[ ! $(cat $TMPFILE) == *"No outputs found"* ]]; then source "$TMPFILE" - kubectl delete nodepool --all + kubectl scale deploy -n game-2048 game-2048 --replicas=0 + kubectl scale deploy -n gatekeeper-system gatekeeper-audit --replicas=0 + kubectl scale deploy -n gatekeeper-system gatekeeper-controller-manager --replicas=0 + kubectl scale deploy -n kube-system metrics-server --replicas=0 kubectl delete -n game-2048 ing game-2048 kubectl delete -n argocd svc argocd-server + sleep 60 fi terraform destroy -target="module.gitops_bridge_bootstrap" -auto-approve diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf b/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf index d54b2de2..0c76252d 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf @@ -158,6 +158,7 @@ module "gitops_bridge_bootstrap" { argocd = { name = "argocd" values = [file("${path.module}/argocd-initial-values.yaml")] + chart_version= "7.3.11" } } From 97140f61e157c41e2906e5532166a9d2c28af226 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Fri, 26 Jul 2024 22:50:14 -0400 Subject: [PATCH 38/90] update values Signed-off-by: Carlos Santana --- .../single-cluster-v2/addons/values/karpenter/dev/values.yaml | 2 +- .../addons/values/karpenter/prod/resources/values.yaml | 2 ++ .../single-cluster-v2/addons/values/karpenter/prod/values.yaml | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/dev/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/dev/values.yaml index 7ab70e08..d0d2c7e9 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/dev/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/dev/values.yaml @@ -1 +1 @@ -foo: dev \ No newline at end of file +environment: production \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/prod/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/prod/resources/values.yaml index e69de29b..96d55c63 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/prod/resources/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/prod/resources/values.yaml @@ -0,0 +1,2 @@ +# karpenter resources like nodepool and nodeclass +environment: production \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/prod/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/prod/values.yaml index baea7fc2..efeff196 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/prod/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/prod/values.yaml @@ -1 +1 @@ -foo: prod \ No newline at end of file +# karpenter controller helm chart \ No newline at end of file From a60d7cc146a8b5d642ba8ceacf689cbcd64b2dc2 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Sat, 27 Jul 2024 14:44:46 -0400 Subject: [PATCH 39/90] refactor gitops brige directories Signed-off-by: Carlos Santana --- .../argocd/clusters/in-cluster/values.yaml | 1 - .../addons/values/argocd/dev/values.yaml | 1 - .../addons/values/argocd/prod/values.yaml | 1 - .../clusters/in-cluster/values.yaml | 1 - .../dev/values.yaml | 1 - .../prod/values.yaml | 1 - .../clusters/in-cluster/values.yaml | 1 - .../values/gatekeeper/common/values.yaml | 2 - .../addons/values/gatekeeper/dev/values.yaml | 1 - .../addons/values/gatekeeper/prod/values.yaml | 1 - .../karpenter/clusters/in-cluster/values.yaml | 1 - .../values/karpenter/common/values.yaml | 2 - .../addons/values/karpenter/dev/values.yaml | 1 - .../addons/values/karpenter/prod/values.yaml | 1 - .../bootstrap/addons-template.yaml | 35 --- .../addons/argocd/resources/values.yaml | 1 + .../addons/argocd}/values.yaml | 0 .../resources/values.yaml | 1 + .../aws-load-balancer-controller}/values.yaml | 1 + .../addons/gatekeeper/resources/values.yaml | 1 + .../gitops/addons/gatekeeper/values.yaml | 1 + .../addons/karpenter}/resources/.keep | 0 .../addons/karpenter}/resources/values.yaml | 3 +- .../gitops/addons/karpenter/values.yaml | 2 + .../metrics-server/resources/values.yaml | 1 + .../gitops/addons/metrics-server/values.yaml | 1 + .../charts/gitops-bridge/.helmignore | 0 .../charts/gitops-bridge/Chart.yaml | 0 .../gitops-bridge/templates/_helpers.tpl | 0 .../templates/applicationsets.yaml | 28 ++- .../charts/gitops-bridge/values-awslb.yaml | 0 .../gitops-bridge/values-gatekeeper.yaml | 0 .../charts/gitops-bridge/values.yaml | 20 +- .../charts/resources/gatekeeper/.gitkeep} | 0 .../charts/resources/karpenter}/.helmignore | 0 .../charts/resources/karpenter}/.keep | 0 .../charts/resources/karpenter}/Chart.yaml | 0 .../charts/resources/karpenter}/_helpers.tpl | 0 .../karpenter}/templates/nodeclass.yaml | 0 .../resources/karpenter}/templates/pool.yaml | 0 .../charts/resources/karpenter}/values.yaml | 0 .../addons/argocd/resources/values.yaml | 1 + .../cluster1/addons/argocd/values.yaml | 227 ++++++++++++++++++ .../resources/values.yaml | 1 + .../aws-load-balancer-controller/values.yaml | 4 + .../addons/gatekeeper/resources/values.yaml | 1 + .../cluster1/addons/gatekeeper/values.yaml | 2 + .../cluster1/addons/karpenter/resources/.keep | 0 .../addons/karpenter/resources/values.yaml | 3 + .../cluster1/addons/karpenter/values.yaml | 2 + .../metrics-server/resources/values.yaml | 1 + .../addons/metrics-server/values.yaml | 1 + .../dev/addons/argocd/resources/values.yaml | 1 + .../dev/addons/argocd/values.yaml | 227 ++++++++++++++++++ .../resources/values.yaml | 1 + .../aws-load-balancer-controller/values.yaml | 4 + .../addons/gatekeeper/resources/values.yaml | 1 + .../dev/addons/gatekeeper/values.yaml | 2 + .../dev/addons/karpenter/resources/.keep | 0 .../addons/karpenter/resources/values.yaml | 3 + .../dev/addons/karpenter/values.yaml | 2 + .../metrics-server/resources/values.yaml | 1 + .../dev/addons/metrics-server/values.yaml | 1 + .../prod/addons/argocd/resources/values.yaml | 1 + .../prod/addons/argocd/values.yaml | 227 ++++++++++++++++++ .../resources/values.yaml | 1 + .../aws-load-balancer-controller/values.yaml | 4 + .../addons/gatekeeper/resources/values.yaml | 1 + .../prod/addons/gatekeeper/values.yaml | 2 + .../prod/addons/karpenter/resources/.keep | 0 .../addons/karpenter/resources/values.yaml | 3 + .../prod/addons/karpenter/values.yaml | 2 + .../metrics-server/resources/values.yaml | 1 + .../prod/addons/metrics-server/values.yaml | 1 + .../addons/argocd/resources/values.yaml | 1 + .../staging/addons/argocd/values.yaml | 227 ++++++++++++++++++ .../resources/values.yaml | 1 + .../aws-load-balancer-controller/values.yaml | 4 + .../addons/gatekeeper/resources/values.yaml | 1 + .../staging/addons/gatekeeper/values.yaml | 2 + .../staging/addons/karpenter/resources/.keep | 0 .../addons/karpenter/resources/values.yaml | 3 + .../staging/addons/karpenter/values.yaml | 2 + .../metrics-server/resources/values.yaml | 1 + .../staging/addons/metrics-server/values.yaml | 1 + .../kustomize/resources/gatekeeper/.keep | 0 .../resources/gatekeeper}/configmap.yaml | 0 .../disallowedrepos/kustomization.yaml | 0 .../constraint.yaml | 0 .../disallowed_all.yaml | 0 .../example_allowed.yaml | 0 .../example_disallowed_both.yaml | 0 .../example_disallowed_container.yaml | 0 .../example_disallowed_initcontainer.yaml | 0 .../gatekeeper}/disallowedrepos/suite.yaml | 0 .../gatekeeper}/disallowedrepos/template.yaml | 0 .../resources/gatekeeper}/kustomization.yaml | 0 .../{addons => gitops}/stacks/stack.yaml | 0 .../stacks/stackv1.30-v1.0.0.yaml | 0 .../stacks/stackv1.30-v1.1.0.yaml | 2 +- .../addons/argocd/resources/values.yaml | 1 + .../cluster1/addons/argocd/values.yaml | 227 ++++++++++++++++++ .../resources/values.yaml | 1 + .../aws-load-balancer-controller/values.yaml | 4 + .../addons/gatekeeper/resources/values.yaml | 1 + .../cluster1/addons/gatekeeper/values.yaml | 2 + .../cluster1/addons/karpenter/resources/.keep | 0 .../addons/karpenter/resources/values.yaml | 3 + .../cluster1/addons/karpenter/values.yaml | 2 + .../dev/addons/argocd/resources/values.yaml | 1 + .../dev/addons/argocd/values.yaml | 227 ++++++++++++++++++ .../resources/values.yaml | 1 + .../aws-load-balancer-controller/values.yaml | 4 + .../addons/gatekeeper/resources/values.yaml | 1 + .../dev/addons/gatekeeper/values.yaml | 2 + .../dev/addons/karpenter/resources/.keep | 0 .../addons/karpenter/resources/values.yaml | 3 + .../dev/addons/karpenter/values.yaml | 2 + .../prod/addons/argocd/resources/values.yaml | 1 + .../prod/addons/argocd/values.yaml | 227 ++++++++++++++++++ .../resources/values.yaml | 1 + .../aws-load-balancer-controller/values.yaml | 4 + .../addons/gatekeeper/resources/values.yaml | 1 + .../prod/addons/gatekeeper/values.yaml | 2 + .../prod/addons/karpenter/resources/.keep | 0 .../addons/karpenter/resources/values.yaml | 3 + .../prod/addons/karpenter/values.yaml | 2 + .../addons/argocd/resources/values.yaml | 1 + .../staging/addons/argocd/values.yaml | 227 ++++++++++++++++++ .../resources/values.yaml | 1 + .../aws-load-balancer-controller/values.yaml | 4 + .../addons/gatekeeper/resources/values.yaml | 1 + .../staging/addons/gatekeeper/values.yaml | 2 + .../staging/addons/karpenter/resources/.keep | 0 .../addons/karpenter/resources/values.yaml | 3 + .../staging/addons/karpenter/values.yaml | 2 + .../eks/single-cluster-v2/variables.tf | 2 +- 137 files changed, 1985 insertions(+), 66 deletions(-) delete mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/argocd/clusters/in-cluster/values.yaml delete mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/argocd/dev/values.yaml delete mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/argocd/prod/values.yaml delete mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/aws-load-balancer-controller/clusters/in-cluster/values.yaml delete mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/aws-load-balancer-controller/dev/values.yaml delete mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/aws-load-balancer-controller/prod/values.yaml delete mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/clusters/in-cluster/values.yaml delete mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/common/values.yaml delete mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/dev/values.yaml delete mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/prod/values.yaml delete mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/clusters/in-cluster/values.yaml delete mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/common/values.yaml delete mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/dev/values.yaml delete mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/prod/values.yaml delete mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons-template.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/argocd/resources/values.yaml rename argocd/iac/terraform/examples/eks/single-cluster-v2/{addons/values/argocd/common => gitops/addons/argocd}/values.yaml (100%) create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/aws-load-balancer-controller/resources/values.yaml rename argocd/iac/terraform/examples/eks/single-cluster-v2/{addons/values/aws-load-balancer-controller/common => gitops/addons/aws-load-balancer-controller}/values.yaml (72%) create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/gatekeeper/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/gatekeeper/values.yaml rename argocd/iac/terraform/examples/eks/single-cluster-v2/{addons/values/gatekeeper => gitops/addons/karpenter}/resources/.keep (100%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/{addons/values/karpenter/prod => gitops/addons/karpenter}/resources/values.yaml (68%) create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/karpenter/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/metrics-server/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/metrics-server/values.yaml rename argocd/iac/terraform/examples/eks/single-cluster-v2/{addons => gitops}/charts/gitops-bridge/.helmignore (100%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/{addons => gitops}/charts/gitops-bridge/Chart.yaml (100%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/{addons => gitops}/charts/gitops-bridge/templates/_helpers.tpl (100%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/{addons => gitops}/charts/gitops-bridge/templates/applicationsets.yaml (79%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/{addons => gitops}/charts/gitops-bridge/values-awslb.yaml (100%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/{addons => gitops}/charts/gitops-bridge/values-gatekeeper.yaml (100%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/{addons => gitops}/charts/gitops-bridge/values.yaml (77%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/{addons/values/karpenter/common/resources/values.yaml => gitops/charts/resources/gatekeeper/.gitkeep} (100%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/{addons/values/karpenter/resources => gitops/charts/resources/karpenter}/.helmignore (100%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/{addons/values/karpenter/resources => gitops/charts/resources/karpenter}/.keep (100%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/{addons/values/karpenter/resources => gitops/charts/resources/karpenter}/Chart.yaml (100%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/{addons/values/karpenter/resources => gitops/charts/resources/karpenter}/_helpers.tpl (100%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/{addons/values/karpenter/resources => gitops/charts/resources/karpenter}/templates/nodeclass.yaml (100%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/{addons/values/karpenter/resources => gitops/charts/resources/karpenter}/templates/pool.yaml (100%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/{addons/values/karpenter/resources => gitops/charts/resources/karpenter}/values.yaml (100%) create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/argocd/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/argocd/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/aws-load-balancer-controller/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/aws-load-balancer-controller/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/gatekeeper/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/gatekeeper/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/karpenter/resources/.keep create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/karpenter/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/karpenter/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/metrics-server/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/metrics-server/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/argocd/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/argocd/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/aws-load-balancer-controller/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/aws-load-balancer-controller/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/gatekeeper/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/gatekeeper/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/karpenter/resources/.keep create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/karpenter/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/karpenter/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/metrics-server/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/metrics-server/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/argocd/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/argocd/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/aws-load-balancer-controller/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/aws-load-balancer-controller/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/gatekeeper/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/gatekeeper/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/karpenter/resources/.keep create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/karpenter/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/karpenter/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/metrics-server/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/metrics-server/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/argocd/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/argocd/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/aws-load-balancer-controller/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/aws-load-balancer-controller/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/gatekeeper/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/gatekeeper/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/karpenter/resources/.keep create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/karpenter/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/karpenter/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/metrics-server/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/metrics-server/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/.keep rename argocd/iac/terraform/examples/eks/single-cluster-v2/{addons/values/gatekeeper/resources => gitops/kustomize/resources/gatekeeper}/configmap.yaml (100%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/{addons/values/gatekeeper/resources => gitops/kustomize/resources/gatekeeper}/disallowedrepos/kustomization.yaml (100%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/{addons/values/gatekeeper/resources => gitops/kustomize/resources/gatekeeper}/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/constraint.yaml (100%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/{addons/values/gatekeeper/resources => gitops/kustomize/resources/gatekeeper}/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/disallowed_all.yaml (100%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/{addons/values/gatekeeper/resources => gitops/kustomize/resources/gatekeeper}/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_allowed.yaml (100%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/{addons/values/gatekeeper/resources => gitops/kustomize/resources/gatekeeper}/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_both.yaml (100%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/{addons/values/gatekeeper/resources => gitops/kustomize/resources/gatekeeper}/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_container.yaml (100%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/{addons/values/gatekeeper/resources => gitops/kustomize/resources/gatekeeper}/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_initcontainer.yaml (100%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/{addons/values/gatekeeper/resources => gitops/kustomize/resources/gatekeeper}/disallowedrepos/suite.yaml (100%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/{addons/values/gatekeeper/resources => gitops/kustomize/resources/gatekeeper}/disallowedrepos/template.yaml (100%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/{addons/values/gatekeeper/resources => gitops/kustomize/resources/gatekeeper}/kustomization.yaml (100%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/{addons => gitops}/stacks/stack.yaml (100%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/{addons => gitops}/stacks/stackv1.30-v1.0.0.yaml (100%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/{addons => gitops}/stacks/stackv1.30-v1.1.0.yaml (97%) create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/argocd/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/argocd/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/aws-load-balancer-controller/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/aws-load-balancer-controller/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/gatekeeper/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/gatekeeper/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/karpenter/resources/.keep create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/karpenter/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/karpenter/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/argocd/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/argocd/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/aws-load-balancer-controller/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/aws-load-balancer-controller/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/gatekeeper/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/gatekeeper/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/karpenter/resources/.keep create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/karpenter/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/karpenter/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/argocd/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/argocd/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/aws-load-balancer-controller/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/aws-load-balancer-controller/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/gatekeeper/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/gatekeeper/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/karpenter/resources/.keep create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/karpenter/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/karpenter/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/argocd/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/argocd/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/aws-load-balancer-controller/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/aws-load-balancer-controller/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/gatekeeper/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/gatekeeper/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/karpenter/resources/.keep create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/karpenter/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/karpenter/values.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/argocd/clusters/in-cluster/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/argocd/clusters/in-cluster/values.yaml deleted file mode 100644 index cd419759..00000000 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/argocd/clusters/in-cluster/values.yaml +++ /dev/null @@ -1 +0,0 @@ -foo: cluster \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/argocd/dev/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/argocd/dev/values.yaml deleted file mode 100644 index 7ab70e08..00000000 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/argocd/dev/values.yaml +++ /dev/null @@ -1 +0,0 @@ -foo: dev \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/argocd/prod/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/argocd/prod/values.yaml deleted file mode 100644 index baea7fc2..00000000 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/argocd/prod/values.yaml +++ /dev/null @@ -1 +0,0 @@ -foo: prod \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/aws-load-balancer-controller/clusters/in-cluster/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/aws-load-balancer-controller/clusters/in-cluster/values.yaml deleted file mode 100644 index cd419759..00000000 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/aws-load-balancer-controller/clusters/in-cluster/values.yaml +++ /dev/null @@ -1 +0,0 @@ -foo: cluster \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/aws-load-balancer-controller/dev/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/aws-load-balancer-controller/dev/values.yaml deleted file mode 100644 index 7ab70e08..00000000 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/aws-load-balancer-controller/dev/values.yaml +++ /dev/null @@ -1 +0,0 @@ -foo: dev \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/aws-load-balancer-controller/prod/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/aws-load-balancer-controller/prod/values.yaml deleted file mode 100644 index baea7fc2..00000000 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/aws-load-balancer-controller/prod/values.yaml +++ /dev/null @@ -1 +0,0 @@ -foo: prod \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/clusters/in-cluster/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/clusters/in-cluster/values.yaml deleted file mode 100644 index cd419759..00000000 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/clusters/in-cluster/values.yaml +++ /dev/null @@ -1 +0,0 @@ -foo: cluster \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/common/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/common/values.yaml deleted file mode 100644 index 1e638e00..00000000 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/common/values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -foo: common - diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/dev/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/dev/values.yaml deleted file mode 100644 index 7ab70e08..00000000 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/dev/values.yaml +++ /dev/null @@ -1 +0,0 @@ -foo: dev \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/prod/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/prod/values.yaml deleted file mode 100644 index baea7fc2..00000000 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/prod/values.yaml +++ /dev/null @@ -1 +0,0 @@ -foo: prod \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/clusters/in-cluster/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/clusters/in-cluster/values.yaml deleted file mode 100644 index cd419759..00000000 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/clusters/in-cluster/values.yaml +++ /dev/null @@ -1 +0,0 @@ -foo: cluster \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/common/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/common/values.yaml deleted file mode 100644 index 1e638e00..00000000 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/common/values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -foo: common - diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/dev/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/dev/values.yaml deleted file mode 100644 index d0d2c7e9..00000000 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/dev/values.yaml +++ /dev/null @@ -1 +0,0 @@ -environment: production \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/prod/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/prod/values.yaml deleted file mode 100644 index efeff196..00000000 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/prod/values.yaml +++ /dev/null @@ -1 +0,0 @@ -# karpenter controller helm chart \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons-template.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons-template.yaml deleted file mode 100644 index 9bcf235e..00000000 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons-template.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: ApplicationSet -metadata: - name: cluster-addons - namespace: argocd -spec: - syncPolicy: - preserveResourcesOnDeletion: true - goTemplate: true - goTemplateOptions: - - missingkey=error - generators: - - clusters: {} - template: - metadata: - name: cluster-addons - spec: - project: default - source: - repoURL: '{{.metadata.annotations.addons_repo_url}}' - path: '{{.metadata.annotations.addons_repo_basepath}}charts/gitops-bridge' - targetRevision: '{{.metadata.annotations.addons_repo_revision}}' - helm: - valuesObject: - repoURLValuesBasePath: '{{.metadata.annotations.addons_repo_basepath}}' - repoURLValuesRevision: '{{.metadata.annotations.addons_repo_revision}}' - repoURLGitBasePath: '{{.metadata.annotations.addons_repo_basepath}}stacks/' - repoURLGitRevision: '{{.metadata.annotations.addons_repo_revision}}' - useSelector: true - destination: - namespace: argocd - name: '{{.name}}' - syncPolicy: - automated: {} - diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/argocd/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/argocd/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/argocd/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/argocd/common/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/argocd/values.yaml similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/argocd/common/values.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/argocd/values.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/aws-load-balancer-controller/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/aws-load-balancer-controller/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/aws-load-balancer-controller/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/aws-load-balancer-controller/common/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/aws-load-balancer-controller/values.yaml similarity index 72% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/aws-load-balancer-controller/common/values.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/aws-load-balancer-controller/values.yaml index dd388d7d..869cc182 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/aws-load-balancer-controller/common/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/aws-load-balancer-controller/values.yaml @@ -1,3 +1,4 @@ +# values for the addon tolerations: - key: "CriticalAddonsOnly" operator: "Exists" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/gatekeeper/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/gatekeeper/resources/values.yaml new file mode 100644 index 00000000..204c5a57 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/gatekeeper/resources/values.yaml @@ -0,0 +1 @@ +# values for the resources of the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/gatekeeper/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/gatekeeper/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/gatekeeper/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/.keep b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/karpenter/resources/.keep similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/.keep rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/karpenter/resources/.keep diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/prod/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/karpenter/resources/values.yaml similarity index 68% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/prod/resources/values.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/karpenter/resources/values.yaml index 96d55c63..bf1d26d1 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/prod/resources/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/karpenter/resources/values.yaml @@ -1,2 +1,3 @@ # karpenter resources like nodepool and nodeclass -environment: production \ No newline at end of file +environment: dev + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/karpenter/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/karpenter/values.yaml new file mode 100644 index 00000000..d7ab2b2e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/karpenter/values.yaml @@ -0,0 +1,2 @@ +# values for the addon + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/metrics-server/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/metrics-server/resources/values.yaml new file mode 100644 index 00000000..204c5a57 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/metrics-server/resources/values.yaml @@ -0,0 +1 @@ +# values for the resources of the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/metrics-server/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/metrics-server/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/metrics-server/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/.helmignore b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/.helmignore similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/.helmignore rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/.helmignore diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/Chart.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/Chart.yaml similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/Chart.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/Chart.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/templates/_helpers.tpl b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/_helpers.tpl similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/templates/_helpers.tpl rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/_helpers.tpl diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/templates/applicationsets.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml similarity index 79% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/templates/applicationsets.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml index 5f934215..a82d56f8 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/templates/applicationsets.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml @@ -9,6 +9,7 @@ {{- $project := .Values.project -}} {{- $syncPolicy := .Values.syncPolicy -}} {{- $stackPath := .Values.stackPath -}} +{{- $valueFiles := .Values.valueFiles -}} {{- range $name, $addon := .Values.applicationsets }} {{- $nameNormalize := printf "%s" $name | replace "_" "-" | trunc 63 | trimSuffix "-" -}} {{- if $addon.enabled }} @@ -42,9 +43,9 @@ spec: - path: '{{ $stackPath}}' template: metadata: - name: addon-{{ $nameNormalize }}{{ if $useSelector }}-{{`{{.name}}`}}{{ end }} + name: addon-{{ $nameNormalize }}{{ if $useSelector }}-{{`{{.nameNormalized}}`}}{{ end }} annotations: - argocd.argoproj.io/manifest-generate-paths: {{ $repoURLValuesBasePath }}values/{{ $nameNormalize }}/common/values.yaml;{{ $repoURLValuesBasePath }}values/{{ $nameNormalize }}/{{`{{.metadata.labels.environment}}`}}/values.yaml;{{ $repoURLValuesBasePath }}values/{{ $nameNormalize }}/clusters/{{`{{.name}}`}}/values.yaml + argocd.argoproj.io/manifest-generate-paths: {{ $repoURLValuesBasePath }}values/{{ $nameNormalize }}/common/values.yaml;{{ $repoURLValuesBasePath }}values/{{ $nameNormalize }}/{{`{{.metadata.labels.environment}}`}}/values.yaml;{{ $repoURLValuesBasePath }}values/{{ $nameNormalize }}/clusters/{{`{{.nameNormalized}}`}}/values.yaml spec: project: {{ $project }} sources: @@ -57,10 +58,12 @@ spec: helm: releaseName: '{{`{{.addons.`}}{{ $name }}{{`.releaseName}}`}}' ignoreMissingValueFiles: true + {{ with $valueFiles -}} valueFiles: - - $values/{{ $repoURLValuesBasePath }}values/{{ $nameNormalize }}/common/values.yaml - - $values/{{ $repoURLValuesBasePath }}values/{{ $nameNormalize }}/{{`{{.metadata.labels.environment}}`}}/values.yaml - - $values/{{ $repoURLValuesBasePath }}values/{{ $nameNormalize }}/clusters/{{`{{.name}}`}}/values.yaml + {{- range . }} + - $values/{{ $repoURLValuesBasePath }}{{ . }}/{{ $nameNormalize }}/values.yaml + {{- end }} + {{- end }} {{- with $addon.values }} valuesObject: {{- toYaml . | nindent 12 }} @@ -68,15 +71,22 @@ spec: {{- if $addon.resources }} - repoURL: {{ $repoURLValues }} targetRevision: {{ $repoURLValuesRevision }} - path: '{{ $repoURLValuesBasePath }}values/{{ $nameNormalize }}/{{ $addon.resources.path }}resources' + {{- if $addon.resources.path }} + path: '{{ $repoURLValuesBasePath }}{{ $addon.resources.path }}' + {{- end }} {{- if $addon.resources.helm }} + {{- if $addon.resources.helm.path }} + path: '{{ $repoURLValuesBasePath }}{{ $addon.resources.helm.path }}' + {{- end }} helm: releaseName: '{{`{{.addons.`}}{{ $name }}{{`.releaseName}}`}}' ignoreMissingValueFiles: true + {{ with $valueFiles -}} valueFiles: - - $values/{{ $repoURLValuesBasePath }}values/{{ $nameNormalize }}/common/resources/values.yaml - - $values/{{ $repoURLValuesBasePath }}values/{{ $nameNormalize }}/{{`{{.metadata.labels.environment}}`}}/resources/values.yaml - - $values/{{ $repoURLValuesBasePath }}values/{{ $nameNormalize }}/clusters/{{`{{.name}}`}}/resources/values.yaml + {{- range . }} + - $values/{{ $repoURLValuesBasePath }}{{ . }}/{{ $nameNormalize }}/resources/values.yaml + {{- end }} + {{- end }} {{- if $addon.resources.helm.valuesObject }} valuesObject: {{- toYaml $addon.resources.helm.valuesObject | nindent 12 }} diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values-awslb.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values-awslb.yaml similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values-awslb.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values-awslb.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values-gatekeeper.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values-gatekeeper.yaml similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values-gatekeeper.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values-gatekeeper.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml similarity index 77% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml index 29650d05..a16b787f 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/charts/gitops-bridge/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml @@ -18,6 +18,19 @@ syncPolicy: syncOptions: - CreateNamespace=true - ServerSideApply=true # Big CRDs. +valueFiles: + - addons + - environments/{{.metadata.labels.environment}}/addons + - clusters/{{.nameNormalized}}/addons + - tenants/{{.metadata.labels.tenant}}/addons + - tenants/{{.metadata.labels.tenant}}/environments/{{.metadata.labels.environment}}/addons + - tenants/{{.metadata.labels.tenant}}/clusters/{{.nameNormalized}}/addons +valueFilesResources: + - environments/{{.metadata.labels.environment}}/addons + - clusters/{{.nameNormalized}}/addons + - tenants/{{.metadata.labels.tenant}}/addons + - tenants/{{.metadata.labels.tenant}}/environments/{{.metadata.labels.environment}}/addons + - tenants/{{.metadata.labels.tenant}}/clusters/{{.nameNormalized}}/addons applicationsets: argocd: enabled: true @@ -61,7 +74,7 @@ applicationsets: values: ['true'] namespace: '.addons.gatekeeper.namespace' resources: - enabled: true + path: kustomize/resources/gatekeeper metrics_server: enabled: true selector: @@ -97,8 +110,9 @@ applicationsets: eks.amazonaws.com/role-arn: '{{.metadata.annotations.karpenter_iam_role_arn}}' resources: helm: + path: charts/resources/karpenter valuesObject: - clusterName: '{{.metadata.annotations.aws_cluster_name}}' - nodeRole: '{{.metadata.annotations.karpenter_node_iam_role_name}}' + clusterName: '{{.metadata.annotations.aws_cluster_name}}' + nodeRole: '{{.metadata.annotations.karpenter_node_iam_role_name}}' diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/common/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/.gitkeep similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/common/resources/values.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/.gitkeep diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/resources/.helmignore b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/.helmignore similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/resources/.helmignore rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/.helmignore diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/resources/.keep b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/.keep similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/resources/.keep rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/.keep diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/resources/Chart.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/Chart.yaml similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/resources/Chart.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/Chart.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/resources/_helpers.tpl b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/_helpers.tpl similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/resources/_helpers.tpl rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/_helpers.tpl diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/resources/templates/nodeclass.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/nodeclass.yaml similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/resources/templates/nodeclass.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/nodeclass.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/resources/templates/pool.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/pool.yaml similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/resources/templates/pool.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/pool.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/values.yaml similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/karpenter/resources/values.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/values.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/argocd/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/argocd/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/argocd/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/argocd/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/argocd/values.yaml new file mode 100644 index 00000000..dd923a71 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/argocd/values.yaml @@ -0,0 +1,227 @@ +global: + tolerations: + - key: "CriticalAddonsOnly" + operator: "Exists" + +controller: + replicas: 1 # Additional replicas will cause sharding of managed clusters across number of replicas. + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + env: + - name: ARGOCD_K8S_CLIENT_QPS #required for Crossplane too many CRDs https://github.com/argoproj/argo-cd/pull/448 + value: '300' + +repoServer: + autoscaling: + enabled: true + minReplicas: 1 + resources: # Adjust based on your specific use case (required for HPA) + requests: + cpu: '100m' + memory: '256Mi' + limits: + cpu: '200m' + memory: '512Mi' + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + +applicationSet: + replicaCount: 1 # The controller doesn't scale horizontally, is active-standby replicas + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + +server: + autoscaling: + enabled: true + minReplicas: 1 + resources: # Adjust based on your specific use case (required for HPA) + requests: + cpu: '100m' + memory: '256Mi' + limits: + cpu: '200m' + memory: '512Mi' + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + service: + type: LoadBalancer + annotations: + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing + +configs: + repositories: + # Required when using helm repository with oci formal like karpenter and aws-gateway-api-controller + aws-public-ecr: + name: aws-public-ecr + type: helm + url: public.ecr.aws + enableOCI: 'true' + cm: + application.resourceTrackingMethod: 'annotation' #use annotation for tracking required for Crossplane + resource.exclusions: | + - kinds: + - ProviderConfigUsage + apiGroups: + - "*" + resource.customizations: | + "awsblueprints.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + "*.aws.upbound.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + "*.aws.crossplane.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + +# -- Array of extra K8s manifests to deploy +## Note: Supports use of custom Helm templates +## It gets handle in this form inside the argo-cd chart +# {{ range .Values.extraObjects }} +# --- +# {{ if typeIs "string" . }} +# {{- tpl . $ }} +# {{- else }} +# {{- tpl (toYaml .) $ }} +# {{- end }} +# {{ end }} +extraObjects: + - | + apiVersion: argoproj.io/v1alpha1 + kind: AppProject + metadata: + name: default + namespace: {{ $.Release.Namespace | quote }} + annotations: + source: gitops-bridge + spec: + clusterResourceWhitelist: + - group: '*' + kind: '*' + sourceRepos: + - '*' + destinations: + - namespace: '*' + name: '*' + server: '*' diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/aws-load-balancer-controller/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/aws-load-balancer-controller/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/aws-load-balancer-controller/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/aws-load-balancer-controller/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/aws-load-balancer-controller/values.yaml new file mode 100644 index 00000000..869cc182 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/aws-load-balancer-controller/values.yaml @@ -0,0 +1,4 @@ +# values for the addon +tolerations: +- key: "CriticalAddonsOnly" + operator: "Exists" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/gatekeeper/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/gatekeeper/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/gatekeeper/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/gatekeeper/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/gatekeeper/values.yaml new file mode 100644 index 00000000..d7ab2b2e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/gatekeeper/values.yaml @@ -0,0 +1,2 @@ +# values for the addon + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/karpenter/resources/.keep b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/karpenter/resources/.keep new file mode 100644 index 00000000..e69de29b diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/karpenter/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/karpenter/resources/values.yaml new file mode 100644 index 00000000..bf1d26d1 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/karpenter/resources/values.yaml @@ -0,0 +1,3 @@ +# karpenter resources like nodepool and nodeclass +environment: dev + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/karpenter/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/karpenter/values.yaml new file mode 100644 index 00000000..d7ab2b2e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/karpenter/values.yaml @@ -0,0 +1,2 @@ +# values for the addon + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/metrics-server/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/metrics-server/resources/values.yaml new file mode 100644 index 00000000..204c5a57 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/metrics-server/resources/values.yaml @@ -0,0 +1 @@ +# values for the resources of the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/metrics-server/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/metrics-server/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/metrics-server/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/argocd/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/argocd/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/argocd/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/argocd/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/argocd/values.yaml new file mode 100644 index 00000000..dd923a71 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/argocd/values.yaml @@ -0,0 +1,227 @@ +global: + tolerations: + - key: "CriticalAddonsOnly" + operator: "Exists" + +controller: + replicas: 1 # Additional replicas will cause sharding of managed clusters across number of replicas. + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + env: + - name: ARGOCD_K8S_CLIENT_QPS #required for Crossplane too many CRDs https://github.com/argoproj/argo-cd/pull/448 + value: '300' + +repoServer: + autoscaling: + enabled: true + minReplicas: 1 + resources: # Adjust based on your specific use case (required for HPA) + requests: + cpu: '100m' + memory: '256Mi' + limits: + cpu: '200m' + memory: '512Mi' + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + +applicationSet: + replicaCount: 1 # The controller doesn't scale horizontally, is active-standby replicas + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + +server: + autoscaling: + enabled: true + minReplicas: 1 + resources: # Adjust based on your specific use case (required for HPA) + requests: + cpu: '100m' + memory: '256Mi' + limits: + cpu: '200m' + memory: '512Mi' + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + service: + type: LoadBalancer + annotations: + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing + +configs: + repositories: + # Required when using helm repository with oci formal like karpenter and aws-gateway-api-controller + aws-public-ecr: + name: aws-public-ecr + type: helm + url: public.ecr.aws + enableOCI: 'true' + cm: + application.resourceTrackingMethod: 'annotation' #use annotation for tracking required for Crossplane + resource.exclusions: | + - kinds: + - ProviderConfigUsage + apiGroups: + - "*" + resource.customizations: | + "awsblueprints.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + "*.aws.upbound.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + "*.aws.crossplane.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + +# -- Array of extra K8s manifests to deploy +## Note: Supports use of custom Helm templates +## It gets handle in this form inside the argo-cd chart +# {{ range .Values.extraObjects }} +# --- +# {{ if typeIs "string" . }} +# {{- tpl . $ }} +# {{- else }} +# {{- tpl (toYaml .) $ }} +# {{- end }} +# {{ end }} +extraObjects: + - | + apiVersion: argoproj.io/v1alpha1 + kind: AppProject + metadata: + name: default + namespace: {{ $.Release.Namespace | quote }} + annotations: + source: gitops-bridge + spec: + clusterResourceWhitelist: + - group: '*' + kind: '*' + sourceRepos: + - '*' + destinations: + - namespace: '*' + name: '*' + server: '*' diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/aws-load-balancer-controller/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/aws-load-balancer-controller/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/aws-load-balancer-controller/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/aws-load-balancer-controller/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/aws-load-balancer-controller/values.yaml new file mode 100644 index 00000000..869cc182 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/aws-load-balancer-controller/values.yaml @@ -0,0 +1,4 @@ +# values for the addon +tolerations: +- key: "CriticalAddonsOnly" + operator: "Exists" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/gatekeeper/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/gatekeeper/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/gatekeeper/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/gatekeeper/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/gatekeeper/values.yaml new file mode 100644 index 00000000..d7ab2b2e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/gatekeeper/values.yaml @@ -0,0 +1,2 @@ +# values for the addon + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/karpenter/resources/.keep b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/karpenter/resources/.keep new file mode 100644 index 00000000..e69de29b diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/karpenter/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/karpenter/resources/values.yaml new file mode 100644 index 00000000..bf1d26d1 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/karpenter/resources/values.yaml @@ -0,0 +1,3 @@ +# karpenter resources like nodepool and nodeclass +environment: dev + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/karpenter/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/karpenter/values.yaml new file mode 100644 index 00000000..d7ab2b2e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/karpenter/values.yaml @@ -0,0 +1,2 @@ +# values for the addon + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/metrics-server/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/metrics-server/resources/values.yaml new file mode 100644 index 00000000..204c5a57 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/metrics-server/resources/values.yaml @@ -0,0 +1 @@ +# values for the resources of the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/metrics-server/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/metrics-server/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/metrics-server/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/argocd/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/argocd/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/argocd/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/argocd/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/argocd/values.yaml new file mode 100644 index 00000000..dd923a71 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/argocd/values.yaml @@ -0,0 +1,227 @@ +global: + tolerations: + - key: "CriticalAddonsOnly" + operator: "Exists" + +controller: + replicas: 1 # Additional replicas will cause sharding of managed clusters across number of replicas. + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + env: + - name: ARGOCD_K8S_CLIENT_QPS #required for Crossplane too many CRDs https://github.com/argoproj/argo-cd/pull/448 + value: '300' + +repoServer: + autoscaling: + enabled: true + minReplicas: 1 + resources: # Adjust based on your specific use case (required for HPA) + requests: + cpu: '100m' + memory: '256Mi' + limits: + cpu: '200m' + memory: '512Mi' + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + +applicationSet: + replicaCount: 1 # The controller doesn't scale horizontally, is active-standby replicas + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + +server: + autoscaling: + enabled: true + minReplicas: 1 + resources: # Adjust based on your specific use case (required for HPA) + requests: + cpu: '100m' + memory: '256Mi' + limits: + cpu: '200m' + memory: '512Mi' + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + service: + type: LoadBalancer + annotations: + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing + +configs: + repositories: + # Required when using helm repository with oci formal like karpenter and aws-gateway-api-controller + aws-public-ecr: + name: aws-public-ecr + type: helm + url: public.ecr.aws + enableOCI: 'true' + cm: + application.resourceTrackingMethod: 'annotation' #use annotation for tracking required for Crossplane + resource.exclusions: | + - kinds: + - ProviderConfigUsage + apiGroups: + - "*" + resource.customizations: | + "awsblueprints.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + "*.aws.upbound.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + "*.aws.crossplane.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + +# -- Array of extra K8s manifests to deploy +## Note: Supports use of custom Helm templates +## It gets handle in this form inside the argo-cd chart +# {{ range .Values.extraObjects }} +# --- +# {{ if typeIs "string" . }} +# {{- tpl . $ }} +# {{- else }} +# {{- tpl (toYaml .) $ }} +# {{- end }} +# {{ end }} +extraObjects: + - | + apiVersion: argoproj.io/v1alpha1 + kind: AppProject + metadata: + name: default + namespace: {{ $.Release.Namespace | quote }} + annotations: + source: gitops-bridge + spec: + clusterResourceWhitelist: + - group: '*' + kind: '*' + sourceRepos: + - '*' + destinations: + - namespace: '*' + name: '*' + server: '*' diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/aws-load-balancer-controller/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/aws-load-balancer-controller/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/aws-load-balancer-controller/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/aws-load-balancer-controller/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/aws-load-balancer-controller/values.yaml new file mode 100644 index 00000000..869cc182 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/aws-load-balancer-controller/values.yaml @@ -0,0 +1,4 @@ +# values for the addon +tolerations: +- key: "CriticalAddonsOnly" + operator: "Exists" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/gatekeeper/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/gatekeeper/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/gatekeeper/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/gatekeeper/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/gatekeeper/values.yaml new file mode 100644 index 00000000..d7ab2b2e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/gatekeeper/values.yaml @@ -0,0 +1,2 @@ +# values for the addon + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/karpenter/resources/.keep b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/karpenter/resources/.keep new file mode 100644 index 00000000..e69de29b diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/karpenter/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/karpenter/resources/values.yaml new file mode 100644 index 00000000..bf1d26d1 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/karpenter/resources/values.yaml @@ -0,0 +1,3 @@ +# karpenter resources like nodepool and nodeclass +environment: dev + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/karpenter/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/karpenter/values.yaml new file mode 100644 index 00000000..d7ab2b2e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/karpenter/values.yaml @@ -0,0 +1,2 @@ +# values for the addon + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/metrics-server/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/metrics-server/resources/values.yaml new file mode 100644 index 00000000..204c5a57 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/metrics-server/resources/values.yaml @@ -0,0 +1 @@ +# values for the resources of the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/metrics-server/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/metrics-server/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/metrics-server/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/argocd/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/argocd/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/argocd/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/argocd/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/argocd/values.yaml new file mode 100644 index 00000000..dd923a71 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/argocd/values.yaml @@ -0,0 +1,227 @@ +global: + tolerations: + - key: "CriticalAddonsOnly" + operator: "Exists" + +controller: + replicas: 1 # Additional replicas will cause sharding of managed clusters across number of replicas. + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + env: + - name: ARGOCD_K8S_CLIENT_QPS #required for Crossplane too many CRDs https://github.com/argoproj/argo-cd/pull/448 + value: '300' + +repoServer: + autoscaling: + enabled: true + minReplicas: 1 + resources: # Adjust based on your specific use case (required for HPA) + requests: + cpu: '100m' + memory: '256Mi' + limits: + cpu: '200m' + memory: '512Mi' + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + +applicationSet: + replicaCount: 1 # The controller doesn't scale horizontally, is active-standby replicas + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + +server: + autoscaling: + enabled: true + minReplicas: 1 + resources: # Adjust based on your specific use case (required for HPA) + requests: + cpu: '100m' + memory: '256Mi' + limits: + cpu: '200m' + memory: '512Mi' + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + service: + type: LoadBalancer + annotations: + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing + +configs: + repositories: + # Required when using helm repository with oci formal like karpenter and aws-gateway-api-controller + aws-public-ecr: + name: aws-public-ecr + type: helm + url: public.ecr.aws + enableOCI: 'true' + cm: + application.resourceTrackingMethod: 'annotation' #use annotation for tracking required for Crossplane + resource.exclusions: | + - kinds: + - ProviderConfigUsage + apiGroups: + - "*" + resource.customizations: | + "awsblueprints.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + "*.aws.upbound.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + "*.aws.crossplane.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + +# -- Array of extra K8s manifests to deploy +## Note: Supports use of custom Helm templates +## It gets handle in this form inside the argo-cd chart +# {{ range .Values.extraObjects }} +# --- +# {{ if typeIs "string" . }} +# {{- tpl . $ }} +# {{- else }} +# {{- tpl (toYaml .) $ }} +# {{- end }} +# {{ end }} +extraObjects: + - | + apiVersion: argoproj.io/v1alpha1 + kind: AppProject + metadata: + name: default + namespace: {{ $.Release.Namespace | quote }} + annotations: + source: gitops-bridge + spec: + clusterResourceWhitelist: + - group: '*' + kind: '*' + sourceRepos: + - '*' + destinations: + - namespace: '*' + name: '*' + server: '*' diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/aws-load-balancer-controller/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/aws-load-balancer-controller/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/aws-load-balancer-controller/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/aws-load-balancer-controller/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/aws-load-balancer-controller/values.yaml new file mode 100644 index 00000000..869cc182 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/aws-load-balancer-controller/values.yaml @@ -0,0 +1,4 @@ +# values for the addon +tolerations: +- key: "CriticalAddonsOnly" + operator: "Exists" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/gatekeeper/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/gatekeeper/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/gatekeeper/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/gatekeeper/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/gatekeeper/values.yaml new file mode 100644 index 00000000..d7ab2b2e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/gatekeeper/values.yaml @@ -0,0 +1,2 @@ +# values for the addon + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/karpenter/resources/.keep b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/karpenter/resources/.keep new file mode 100644 index 00000000..e69de29b diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/karpenter/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/karpenter/resources/values.yaml new file mode 100644 index 00000000..bf1d26d1 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/karpenter/resources/values.yaml @@ -0,0 +1,3 @@ +# karpenter resources like nodepool and nodeclass +environment: dev + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/karpenter/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/karpenter/values.yaml new file mode 100644 index 00000000..d7ab2b2e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/karpenter/values.yaml @@ -0,0 +1,2 @@ +# values for the addon + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/metrics-server/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/metrics-server/resources/values.yaml new file mode 100644 index 00000000..204c5a57 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/metrics-server/resources/values.yaml @@ -0,0 +1 @@ +# values for the resources of the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/metrics-server/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/metrics-server/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/metrics-server/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/.keep b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/.keep new file mode 100644 index 00000000..e69de29b diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/configmap.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/configmap.yaml similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/configmap.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/configmap.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/kustomization.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/disallowedrepos/kustomization.yaml similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/kustomization.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/disallowedrepos/kustomization.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/constraint.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/constraint.yaml similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/constraint.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/constraint.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/disallowed_all.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/disallowed_all.yaml similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/disallowed_all.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/disallowed_all.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_allowed.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_allowed.yaml similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_allowed.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_allowed.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_both.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_both.yaml similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_both.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_both.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_container.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_container.yaml similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_container.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_container.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_initcontainer.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_initcontainer.yaml similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_initcontainer.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_initcontainer.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/suite.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/disallowedrepos/suite.yaml similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/suite.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/disallowedrepos/suite.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/template.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/disallowedrepos/template.yaml similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/disallowedrepos/template.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/disallowedrepos/template.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/kustomization.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/kustomization.yaml similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/addons/values/gatekeeper/resources/kustomization.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/kustomization.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stack.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack.yaml similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stack.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stackv1.30-v1.0.0.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stackv1.30-v1.0.0.yaml similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stackv1.30-v1.0.0.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stackv1.30-v1.0.0.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stackv1.30-v1.1.0.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stackv1.30-v1.1.0.yaml similarity index 97% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stackv1.30-v1.1.0.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stackv1.30-v1.1.0.yaml index 396cec94..7b81b4a3 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/addons/stacks/stackv1.30-v1.1.0.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stackv1.30-v1.1.0.yaml @@ -35,4 +35,4 @@ addons: releaseName: karpenter repoUrl: public.ecr.aws targetRevision: "0.37.0" - namespace: kube-system \ No newline at end of file + namespace: kube-system diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/argocd/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/argocd/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/argocd/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/argocd/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/argocd/values.yaml new file mode 100644 index 00000000..dd923a71 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/argocd/values.yaml @@ -0,0 +1,227 @@ +global: + tolerations: + - key: "CriticalAddonsOnly" + operator: "Exists" + +controller: + replicas: 1 # Additional replicas will cause sharding of managed clusters across number of replicas. + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + env: + - name: ARGOCD_K8S_CLIENT_QPS #required for Crossplane too many CRDs https://github.com/argoproj/argo-cd/pull/448 + value: '300' + +repoServer: + autoscaling: + enabled: true + minReplicas: 1 + resources: # Adjust based on your specific use case (required for HPA) + requests: + cpu: '100m' + memory: '256Mi' + limits: + cpu: '200m' + memory: '512Mi' + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + +applicationSet: + replicaCount: 1 # The controller doesn't scale horizontally, is active-standby replicas + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + +server: + autoscaling: + enabled: true + minReplicas: 1 + resources: # Adjust based on your specific use case (required for HPA) + requests: + cpu: '100m' + memory: '256Mi' + limits: + cpu: '200m' + memory: '512Mi' + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + service: + type: LoadBalancer + annotations: + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing + +configs: + repositories: + # Required when using helm repository with oci formal like karpenter and aws-gateway-api-controller + aws-public-ecr: + name: aws-public-ecr + type: helm + url: public.ecr.aws + enableOCI: 'true' + cm: + application.resourceTrackingMethod: 'annotation' #use annotation for tracking required for Crossplane + resource.exclusions: | + - kinds: + - ProviderConfigUsage + apiGroups: + - "*" + resource.customizations: | + "awsblueprints.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + "*.aws.upbound.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + "*.aws.crossplane.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + +# -- Array of extra K8s manifests to deploy +## Note: Supports use of custom Helm templates +## It gets handle in this form inside the argo-cd chart +# {{ range .Values.extraObjects }} +# --- +# {{ if typeIs "string" . }} +# {{- tpl . $ }} +# {{- else }} +# {{- tpl (toYaml .) $ }} +# {{- end }} +# {{ end }} +extraObjects: + - | + apiVersion: argoproj.io/v1alpha1 + kind: AppProject + metadata: + name: default + namespace: {{ $.Release.Namespace | quote }} + annotations: + source: gitops-bridge + spec: + clusterResourceWhitelist: + - group: '*' + kind: '*' + sourceRepos: + - '*' + destinations: + - namespace: '*' + name: '*' + server: '*' diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/aws-load-balancer-controller/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/aws-load-balancer-controller/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/aws-load-balancer-controller/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/aws-load-balancer-controller/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/aws-load-balancer-controller/values.yaml new file mode 100644 index 00000000..869cc182 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/aws-load-balancer-controller/values.yaml @@ -0,0 +1,4 @@ +# values for the addon +tolerations: +- key: "CriticalAddonsOnly" + operator: "Exists" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/gatekeeper/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/gatekeeper/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/gatekeeper/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/gatekeeper/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/gatekeeper/values.yaml new file mode 100644 index 00000000..d7ab2b2e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/gatekeeper/values.yaml @@ -0,0 +1,2 @@ +# values for the addon + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/karpenter/resources/.keep b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/karpenter/resources/.keep new file mode 100644 index 00000000..e69de29b diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/karpenter/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/karpenter/resources/values.yaml new file mode 100644 index 00000000..bf1d26d1 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/karpenter/resources/values.yaml @@ -0,0 +1,3 @@ +# karpenter resources like nodepool and nodeclass +environment: dev + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/karpenter/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/karpenter/values.yaml new file mode 100644 index 00000000..d7ab2b2e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/karpenter/values.yaml @@ -0,0 +1,2 @@ +# values for the addon + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/argocd/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/argocd/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/argocd/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/argocd/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/argocd/values.yaml new file mode 100644 index 00000000..dd923a71 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/argocd/values.yaml @@ -0,0 +1,227 @@ +global: + tolerations: + - key: "CriticalAddonsOnly" + operator: "Exists" + +controller: + replicas: 1 # Additional replicas will cause sharding of managed clusters across number of replicas. + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + env: + - name: ARGOCD_K8S_CLIENT_QPS #required for Crossplane too many CRDs https://github.com/argoproj/argo-cd/pull/448 + value: '300' + +repoServer: + autoscaling: + enabled: true + minReplicas: 1 + resources: # Adjust based on your specific use case (required for HPA) + requests: + cpu: '100m' + memory: '256Mi' + limits: + cpu: '200m' + memory: '512Mi' + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + +applicationSet: + replicaCount: 1 # The controller doesn't scale horizontally, is active-standby replicas + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + +server: + autoscaling: + enabled: true + minReplicas: 1 + resources: # Adjust based on your specific use case (required for HPA) + requests: + cpu: '100m' + memory: '256Mi' + limits: + cpu: '200m' + memory: '512Mi' + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + service: + type: LoadBalancer + annotations: + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing + +configs: + repositories: + # Required when using helm repository with oci formal like karpenter and aws-gateway-api-controller + aws-public-ecr: + name: aws-public-ecr + type: helm + url: public.ecr.aws + enableOCI: 'true' + cm: + application.resourceTrackingMethod: 'annotation' #use annotation for tracking required for Crossplane + resource.exclusions: | + - kinds: + - ProviderConfigUsage + apiGroups: + - "*" + resource.customizations: | + "awsblueprints.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + "*.aws.upbound.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + "*.aws.crossplane.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + +# -- Array of extra K8s manifests to deploy +## Note: Supports use of custom Helm templates +## It gets handle in this form inside the argo-cd chart +# {{ range .Values.extraObjects }} +# --- +# {{ if typeIs "string" . }} +# {{- tpl . $ }} +# {{- else }} +# {{- tpl (toYaml .) $ }} +# {{- end }} +# {{ end }} +extraObjects: + - | + apiVersion: argoproj.io/v1alpha1 + kind: AppProject + metadata: + name: default + namespace: {{ $.Release.Namespace | quote }} + annotations: + source: gitops-bridge + spec: + clusterResourceWhitelist: + - group: '*' + kind: '*' + sourceRepos: + - '*' + destinations: + - namespace: '*' + name: '*' + server: '*' diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/aws-load-balancer-controller/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/aws-load-balancer-controller/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/aws-load-balancer-controller/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/aws-load-balancer-controller/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/aws-load-balancer-controller/values.yaml new file mode 100644 index 00000000..869cc182 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/aws-load-balancer-controller/values.yaml @@ -0,0 +1,4 @@ +# values for the addon +tolerations: +- key: "CriticalAddonsOnly" + operator: "Exists" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/gatekeeper/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/gatekeeper/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/gatekeeper/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/gatekeeper/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/gatekeeper/values.yaml new file mode 100644 index 00000000..d7ab2b2e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/gatekeeper/values.yaml @@ -0,0 +1,2 @@ +# values for the addon + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/karpenter/resources/.keep b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/karpenter/resources/.keep new file mode 100644 index 00000000..e69de29b diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/karpenter/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/karpenter/resources/values.yaml new file mode 100644 index 00000000..bf1d26d1 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/karpenter/resources/values.yaml @@ -0,0 +1,3 @@ +# karpenter resources like nodepool and nodeclass +environment: dev + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/karpenter/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/karpenter/values.yaml new file mode 100644 index 00000000..d7ab2b2e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/karpenter/values.yaml @@ -0,0 +1,2 @@ +# values for the addon + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/argocd/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/argocd/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/argocd/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/argocd/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/argocd/values.yaml new file mode 100644 index 00000000..dd923a71 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/argocd/values.yaml @@ -0,0 +1,227 @@ +global: + tolerations: + - key: "CriticalAddonsOnly" + operator: "Exists" + +controller: + replicas: 1 # Additional replicas will cause sharding of managed clusters across number of replicas. + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + env: + - name: ARGOCD_K8S_CLIENT_QPS #required for Crossplane too many CRDs https://github.com/argoproj/argo-cd/pull/448 + value: '300' + +repoServer: + autoscaling: + enabled: true + minReplicas: 1 + resources: # Adjust based on your specific use case (required for HPA) + requests: + cpu: '100m' + memory: '256Mi' + limits: + cpu: '200m' + memory: '512Mi' + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + +applicationSet: + replicaCount: 1 # The controller doesn't scale horizontally, is active-standby replicas + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + +server: + autoscaling: + enabled: true + minReplicas: 1 + resources: # Adjust based on your specific use case (required for HPA) + requests: + cpu: '100m' + memory: '256Mi' + limits: + cpu: '200m' + memory: '512Mi' + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + service: + type: LoadBalancer + annotations: + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing + +configs: + repositories: + # Required when using helm repository with oci formal like karpenter and aws-gateway-api-controller + aws-public-ecr: + name: aws-public-ecr + type: helm + url: public.ecr.aws + enableOCI: 'true' + cm: + application.resourceTrackingMethod: 'annotation' #use annotation for tracking required for Crossplane + resource.exclusions: | + - kinds: + - ProviderConfigUsage + apiGroups: + - "*" + resource.customizations: | + "awsblueprints.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + "*.aws.upbound.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + "*.aws.crossplane.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + +# -- Array of extra K8s manifests to deploy +## Note: Supports use of custom Helm templates +## It gets handle in this form inside the argo-cd chart +# {{ range .Values.extraObjects }} +# --- +# {{ if typeIs "string" . }} +# {{- tpl . $ }} +# {{- else }} +# {{- tpl (toYaml .) $ }} +# {{- end }} +# {{ end }} +extraObjects: + - | + apiVersion: argoproj.io/v1alpha1 + kind: AppProject + metadata: + name: default + namespace: {{ $.Release.Namespace | quote }} + annotations: + source: gitops-bridge + spec: + clusterResourceWhitelist: + - group: '*' + kind: '*' + sourceRepos: + - '*' + destinations: + - namespace: '*' + name: '*' + server: '*' diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/aws-load-balancer-controller/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/aws-load-balancer-controller/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/aws-load-balancer-controller/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/aws-load-balancer-controller/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/aws-load-balancer-controller/values.yaml new file mode 100644 index 00000000..869cc182 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/aws-load-balancer-controller/values.yaml @@ -0,0 +1,4 @@ +# values for the addon +tolerations: +- key: "CriticalAddonsOnly" + operator: "Exists" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/gatekeeper/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/gatekeeper/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/gatekeeper/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/gatekeeper/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/gatekeeper/values.yaml new file mode 100644 index 00000000..d7ab2b2e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/gatekeeper/values.yaml @@ -0,0 +1,2 @@ +# values for the addon + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/karpenter/resources/.keep b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/karpenter/resources/.keep new file mode 100644 index 00000000..e69de29b diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/karpenter/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/karpenter/resources/values.yaml new file mode 100644 index 00000000..bf1d26d1 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/karpenter/resources/values.yaml @@ -0,0 +1,3 @@ +# karpenter resources like nodepool and nodeclass +environment: dev + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/karpenter/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/karpenter/values.yaml new file mode 100644 index 00000000..d7ab2b2e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/karpenter/values.yaml @@ -0,0 +1,2 @@ +# values for the addon + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/argocd/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/argocd/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/argocd/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/argocd/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/argocd/values.yaml new file mode 100644 index 00000000..dd923a71 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/argocd/values.yaml @@ -0,0 +1,227 @@ +global: + tolerations: + - key: "CriticalAddonsOnly" + operator: "Exists" + +controller: + replicas: 1 # Additional replicas will cause sharding of managed clusters across number of replicas. + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + env: + - name: ARGOCD_K8S_CLIENT_QPS #required for Crossplane too many CRDs https://github.com/argoproj/argo-cd/pull/448 + value: '300' + +repoServer: + autoscaling: + enabled: true + minReplicas: 1 + resources: # Adjust based on your specific use case (required for HPA) + requests: + cpu: '100m' + memory: '256Mi' + limits: + cpu: '200m' + memory: '512Mi' + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + +applicationSet: + replicaCount: 1 # The controller doesn't scale horizontally, is active-standby replicas + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + +server: + autoscaling: + enabled: true + minReplicas: 1 + resources: # Adjust based on your specific use case (required for HPA) + requests: + cpu: '100m' + memory: '256Mi' + limits: + cpu: '200m' + memory: '512Mi' + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + service: + type: LoadBalancer + annotations: + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing + +configs: + repositories: + # Required when using helm repository with oci formal like karpenter and aws-gateway-api-controller + aws-public-ecr: + name: aws-public-ecr + type: helm + url: public.ecr.aws + enableOCI: 'true' + cm: + application.resourceTrackingMethod: 'annotation' #use annotation for tracking required for Crossplane + resource.exclusions: | + - kinds: + - ProviderConfigUsage + apiGroups: + - "*" + resource.customizations: | + "awsblueprints.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + "*.aws.upbound.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + "*.aws.crossplane.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + +# -- Array of extra K8s manifests to deploy +## Note: Supports use of custom Helm templates +## It gets handle in this form inside the argo-cd chart +# {{ range .Values.extraObjects }} +# --- +# {{ if typeIs "string" . }} +# {{- tpl . $ }} +# {{- else }} +# {{- tpl (toYaml .) $ }} +# {{- end }} +# {{ end }} +extraObjects: + - | + apiVersion: argoproj.io/v1alpha1 + kind: AppProject + metadata: + name: default + namespace: {{ $.Release.Namespace | quote }} + annotations: + source: gitops-bridge + spec: + clusterResourceWhitelist: + - group: '*' + kind: '*' + sourceRepos: + - '*' + destinations: + - namespace: '*' + name: '*' + server: '*' diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/aws-load-balancer-controller/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/aws-load-balancer-controller/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/aws-load-balancer-controller/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/aws-load-balancer-controller/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/aws-load-balancer-controller/values.yaml new file mode 100644 index 00000000..869cc182 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/aws-load-balancer-controller/values.yaml @@ -0,0 +1,4 @@ +# values for the addon +tolerations: +- key: "CriticalAddonsOnly" + operator: "Exists" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/gatekeeper/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/gatekeeper/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/gatekeeper/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/gatekeeper/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/gatekeeper/values.yaml new file mode 100644 index 00000000..d7ab2b2e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/gatekeeper/values.yaml @@ -0,0 +1,2 @@ +# values for the addon + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/karpenter/resources/.keep b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/karpenter/resources/.keep new file mode 100644 index 00000000..e69de29b diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/karpenter/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/karpenter/resources/values.yaml new file mode 100644 index 00000000..bf1d26d1 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/karpenter/resources/values.yaml @@ -0,0 +1,3 @@ +# karpenter resources like nodepool and nodeclass +environment: dev + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/karpenter/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/karpenter/values.yaml new file mode 100644 index 00000000..d7ab2b2e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/karpenter/values.yaml @@ -0,0 +1,2 @@ +# values for the addon + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/variables.tf b/argocd/iac/terraform/examples/eks/single-cluster-v2/variables.tf index c1ea5214..d9a78260 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/variables.tf +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/variables.tf @@ -50,7 +50,7 @@ variable "gitops_addons_revision" { variable "gitops_addons_basepath" { description = "Git repository base path for addons" type = string - default = "argocd/iac/terraform/examples/eks/single-cluster-v2/addons/" + default = "argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/" } variable "gitops_addons_path" { description = "Git repository path for addons" From 047e114e7fe37d77d298c2689cccdc0780ed5c3c Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Sat, 27 Jul 2024 15:24:32 -0400 Subject: [PATCH 40/90] update missing tenant metadata Signed-off-by: Carlos Santana --- .../gitops/charts/gitops-bridge/values.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml index a16b787f..4bebdc6e 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml @@ -22,15 +22,15 @@ valueFiles: - addons - environments/{{.metadata.labels.environment}}/addons - clusters/{{.nameNormalized}}/addons - - tenants/{{.metadata.labels.tenant}}/addons - - tenants/{{.metadata.labels.tenant}}/environments/{{.metadata.labels.environment}}/addons - - tenants/{{.metadata.labels.tenant}}/clusters/{{.nameNormalized}}/addons + - tenants/{{.metadata.labels.tenant | default ""}}/addons + - tenants/{{.metadata.labels.tenant | default ""}}/environments/{{.metadata.labels.environment}}/addons + - tenants/{{.metadata.labels.tenant | default ""}}/clusters/{{.nameNormalized}}/addons valueFilesResources: - environments/{{.metadata.labels.environment}}/addons - clusters/{{.nameNormalized}}/addons - - tenants/{{.metadata.labels.tenant}}/addons - - tenants/{{.metadata.labels.tenant}}/environments/{{.metadata.labels.environment}}/addons - - tenants/{{.metadata.labels.tenant}}/clusters/{{.nameNormalized}}/addons + - tenants/{{.metadata.labels.tenant | default ""}}/addons + - tenants/{{.metadata.labels.tenant | default ""}}/environments/{{.metadata.labels.environment}}/addons + - tenants/{{.metadata.labels.tenant | default ""}}/clusters/{{.nameNormalized}}/addons applicationsets: argocd: enabled: true From 987eed913db4c4880710354c82cb2db9f89d03e8 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Sat, 27 Jul 2024 15:25:04 -0400 Subject: [PATCH 41/90] update --- .../charts/gitops-bridge/templates/applicationsets.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml index a82d56f8..b2eef204 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml @@ -61,7 +61,7 @@ spec: {{ with $valueFiles -}} valueFiles: {{- range . }} - - $values/{{ $repoURLValuesBasePath }}{{ . }}/{{ $nameNormalize }}/values.yaml + - '$values/{{ $repoURLValuesBasePath }}{{ . }}/{{ $nameNormalize }}/values.yaml' {{- end }} {{- end }} {{- with $addon.values }} @@ -84,7 +84,7 @@ spec: {{ with $valueFiles -}} valueFiles: {{- range . }} - - $values/{{ $repoURLValuesBasePath }}{{ . }}/{{ $nameNormalize }}/resources/values.yaml + - '$values/{{ $repoURLValuesBasePath }}{{ . }}/{{ $nameNormalize }}/resources/values.yaml' {{- end }} {{- end }} {{- if $addon.resources.helm.valuesObject }} From afd7f69f342ae8cf7a3500dd7acd8d0144750f80 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Sat, 27 Jul 2024 15:27:07 -0400 Subject: [PATCH 42/90] comment out tenatns --- .../gitops/charts/gitops-bridge/values.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml index 4bebdc6e..f7730a32 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml @@ -22,15 +22,15 @@ valueFiles: - addons - environments/{{.metadata.labels.environment}}/addons - clusters/{{.nameNormalized}}/addons - - tenants/{{.metadata.labels.tenant | default ""}}/addons - - tenants/{{.metadata.labels.tenant | default ""}}/environments/{{.metadata.labels.environment}}/addons - - tenants/{{.metadata.labels.tenant | default ""}}/clusters/{{.nameNormalized}}/addons + # - tenants/{{.metadata.labels.tenant | default ""}}/addons + # - tenants/{{.metadata.labels.tenant | default ""}}/environments/{{.metadata.labels.environment}}/addons + # - tenants/{{.metadata.labels.tenant | default ""}}/clusters/{{.nameNormalized}}/addons valueFilesResources: - environments/{{.metadata.labels.environment}}/addons - clusters/{{.nameNormalized}}/addons - - tenants/{{.metadata.labels.tenant | default ""}}/addons - - tenants/{{.metadata.labels.tenant | default ""}}/environments/{{.metadata.labels.environment}}/addons - - tenants/{{.metadata.labels.tenant | default ""}}/clusters/{{.nameNormalized}}/addons + # - tenants/{{.metadata.labels.tenant | default ""}}/addons + # - tenants/{{.metadata.labels.tenant | default ""}}/environments/{{.metadata.labels.environment}}/addons + # - tenants/{{.metadata.labels.tenant | default ""}}/clusters/{{.nameNormalized}}/addons applicationsets: argocd: enabled: true From 3adf4446b653234dcc2d248fb7530d3873e346e0 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Sat, 27 Jul 2024 16:25:32 -0400 Subject: [PATCH 43/90] namepsaces from values --- .../charts/gitops-bridge/templates/applicationsets.yaml | 5 +++++ .../gitops/charts/gitops-bridge/values.yaml | 6 +++--- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml index b2eef204..eb7b08b5 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml @@ -94,7 +94,12 @@ spec: {{- end }} {{- end }} destination: + # if $addon.namespace starts with a dot then I want to make namespace to be foo else bar + {{- if hasPrefix "." $addon.namespace }} namespace: '{{`{{`}}{{ $addon.namespace }}{{`}}`}}' + {{- else }} + namespace: '{{ $addon.namespace }}' + {{- end }} name: '{{`{{.name}}`}}' {{- if $addon.syncPolicy }} syncPolicy: diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml index f7730a32..d6a4b50d 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml @@ -72,7 +72,7 @@ applicationsets: - key: enable_gatekeeper operator: In values: ['true'] - namespace: '.addons.gatekeeper.namespace' + namespace: gatekeeper-system resources: path: kustomize/resources/gatekeeper metrics_server: @@ -82,7 +82,7 @@ applicationsets: - key: enable_metrics_server operator: In values: ['true'] - namespace: '.addons.metrics_server.namespace' + namespace: kube-system aws_ebs_csi_resources: enabled: true selector: @@ -90,7 +90,7 @@ applicationsets: - key: enable_aws_ebs_csi_resources operator: In values: ['true'] - namespace: '.addons.argocd.namespace' + namespace: kube-system kustomize: {} karpenter: enabled: true From 5cb4a81e133c350e08e0fc411e324df231851a10 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Sat, 27 Jul 2024 16:26:53 -0400 Subject: [PATCH 44/90] update --- .../single-cluster-v2/gitops/stacks/stackv1.30-v1.1.0.yaml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stackv1.30-v1.1.0.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stackv1.30-v1.1.0.yaml index 7b81b4a3..618b0c14 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stackv1.30-v1.1.0.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stackv1.30-v1.1.0.yaml @@ -5,34 +5,29 @@ addons: releaseName: argocd repoUrl: https://argoproj.github.io/argo-helm targetRevision: "7.3.11" - namespace: argocd aws_load_balancer_controller: chart: aws-load-balancer-controller releaseName: aws-load-balancer-controller repoUrl: https://aws.github.io/eks-charts targetRevision: "1.7.1" - namespace: kube-system gatekeeper: chart: gatekeeper releaseName: gatekeeper repoUrl: https://open-policy-agent.github.io/gatekeeper/charts targetRevision: "3.15.0" - namespace: gatekeeper-system metrics_server: chart: metrics-server releaseName: metrics-server repoUrl: https://kubernetes-sigs.github.io/metrics-server targetRevision: "3.12.0" - namespace: kube-system aws_ebs_csi_resources: chart: aws-ebs-csi-classes releaseName: aws-ebs-csi-classes repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts targetRevision: "1.0.0" - namespace: kube-system karpenter: chart: karpenter/karpenter releaseName: karpenter repoUrl: public.ecr.aws targetRevision: "0.37.0" - namespace: kube-system + From 3724c7de924fda47f2aeccc3e6e2227c13dd4b3e Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Sat, 27 Jul 2024 16:28:31 -0400 Subject: [PATCH 45/90] update --- .../gitops-bridge/templates/applicationsets.yaml | 2 +- .../gitops/charts/gitops-bridge/values-awslb.yaml | 10 ---------- .../gitops/charts/gitops-bridge/values-gatekeeper.yaml | 10 ---------- .../gitops/charts/gitops-bridge/values.yaml | 2 +- 4 files changed, 2 insertions(+), 22 deletions(-) delete mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values-awslb.yaml delete mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values-gatekeeper.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml index eb7b08b5..b2299a14 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml @@ -10,7 +10,7 @@ {{- $syncPolicy := .Values.syncPolicy -}} {{- $stackPath := .Values.stackPath -}} {{- $valueFiles := .Values.valueFiles -}} -{{- range $name, $addon := .Values.applicationsets }} +{{- range $name, $addon := .Values.addons }} {{- $nameNormalize := printf "%s" $name | replace "_" "-" | trunc 63 | trimSuffix "-" -}} {{- if $addon.enabled }} {{- with $addon -}} diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values-awslb.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values-awslb.yaml deleted file mode 100644 index 5d568130..00000000 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values-awslb.yaml +++ /dev/null @@ -1,10 +0,0 @@ -applicationsets: - argocd: - enabled: false - aws_load_balancer_controller: - enabled: true - gatekeeper: - enabled: false - - - diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values-gatekeeper.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values-gatekeeper.yaml deleted file mode 100644 index c7fab58d..00000000 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values-gatekeeper.yaml +++ /dev/null @@ -1,10 +0,0 @@ -applicationsets: - argocd: - enabled: false - aws_load_balancer_controller: - enabled: false - gatekeeper: - enabled: true - - - diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml index d6a4b50d..c9dfa025 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml @@ -31,7 +31,7 @@ valueFilesResources: # - tenants/{{.metadata.labels.tenant | default ""}}/addons # - tenants/{{.metadata.labels.tenant | default ""}}/environments/{{.metadata.labels.environment}}/addons # - tenants/{{.metadata.labels.tenant | default ""}}/clusters/{{.nameNormalized}}/addons -applicationsets: +addons: argocd: enabled: true selector: From d5806d481d9821e83df0c1c9418f3533a275cae8 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Sat, 27 Jul 2024 16:30:35 -0400 Subject: [PATCH 46/90] update argo cd namespace --- .../single-cluster-v2/gitops/charts/gitops-bridge/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml index c9dfa025..6e3aa177 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml @@ -39,7 +39,7 @@ addons: - key: enable_argocd operator: In values: ['true'] - namespace: '.addons.argocd.namespace' + namespace: argocd aws_load_balancer_controller: enabled: true selector: From 1ce4e8f7daff11f5fd856722066390f22c6a3f18 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Sat, 27 Jul 2024 16:36:43 -0400 Subject: [PATCH 47/90] use releasename from helm chart Signed-off-by: Carlos Santana --- .../templates/applicationsets.yaml | 2 +- .../gitops/charts/gitops-bridge/values.yaml | 19 ++++++++++++------- .../gitops/stacks/stack.yaml | 9 ++------- .../gitops/stacks/stackv1.30-v1.0.0.yaml | 9 ++------- 4 files changed, 17 insertions(+), 22 deletions(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml index b2299a14..7da1f575 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml @@ -56,7 +56,7 @@ spec: repoURL: '{{`{{.addons.`}}{{ $name }}{{`.repoUrl}}`}}' targetRevision: '{{`{{.addons.`}}{{ $name }}{{`.targetRevision}}`}}' helm: - releaseName: '{{`{{.addons.`}}{{ $name }}{{`.releaseName}}`}}' + releaseName: '{{ $addon.releaseName }}' ignoreMissingValueFiles: true {{ with $valueFiles -}} valueFiles: diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml index 6e3aa177..9348eecb 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml @@ -34,14 +34,17 @@ valueFilesResources: addons: argocd: enabled: true + releaseName: argocd + namespace: argocd selector: matchExpressions: - key: enable_argocd operator: In values: ['true'] - namespace: argocd aws_load_balancer_controller: enabled: true + releaseName: aws-load-balancer-controller + namespace: '.metadata.annotations.aws_load_balancer_controller_namespace' selector: matchExpressions: - key: enable_aws_load_balancer_controller @@ -54,7 +57,6 @@ addons: name: '{{.metadata.annotations.aws_load_balancer_controller_service_account}}' annotations: eks.amazonaws.com/role-arn: '{{.metadata.annotations.aws_load_balancer_controller_iam_role_arn}}' - namespace: '.metadata.annotations.aws_load_balancer_controller_namespace' ignoreDifferences: - kind: Secret name: aws-load-balancer-tls @@ -67,39 +69,42 @@ addons: jqPathExpressions: ['.webhooks[].clientConfig.caBundle'] gatekeeper: enabled: true + releaseName: gatekeeper + namespace: gatekeeper-system selector: matchExpressions: - key: enable_gatekeeper operator: In values: ['true'] - namespace: gatekeeper-system resources: path: kustomize/resources/gatekeeper metrics_server: enabled: true + releaseName: metrics-server + namespace: kube-system selector: matchExpressions: - key: enable_metrics_server operator: In values: ['true'] - namespace: kube-system aws_ebs_csi_resources: enabled: true + releaseName: aws-ebs-csi-classes + namespace: kube-system selector: matchExpressions: - key: enable_aws_ebs_csi_resources operator: In values: ['true'] - namespace: kube-system - kustomize: {} karpenter: enabled: true + releaseName: karpenter + namespace: '.metadata.annotations.karpenter_namespace' selector: matchExpressions: - key: enable_karpenter operator: In values: ['true'] - namespace: '.metadata.annotations.karpenter_namespace' values: settings: clusterName: '{{.metadata.annotations.aws_cluster_name}}' diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack.yaml index c7373a7d..618b0c14 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack.yaml @@ -4,35 +4,30 @@ addons: chart: argo-cd releaseName: argocd repoUrl: https://argoproj.github.io/argo-helm - targetRevision: "6.6.0" - namespace: argocd + targetRevision: "7.3.11" aws_load_balancer_controller: chart: aws-load-balancer-controller releaseName: aws-load-balancer-controller repoUrl: https://aws.github.io/eks-charts targetRevision: "1.7.1" - namespace: kube-system gatekeeper: chart: gatekeeper releaseName: gatekeeper repoUrl: https://open-policy-agent.github.io/gatekeeper/charts targetRevision: "3.15.0" - namespace: gatekeeper-system metrics_server: chart: metrics-server releaseName: metrics-server repoUrl: https://kubernetes-sigs.github.io/metrics-server targetRevision: "3.12.0" - namespace: kube-system aws_ebs_csi_resources: chart: aws-ebs-csi-classes releaseName: aws-ebs-csi-classes repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts targetRevision: "1.0.0" - namespace: kube-system karpenter: chart: karpenter/karpenter releaseName: karpenter repoUrl: public.ecr.aws targetRevision: "0.37.0" - namespace: kube-system + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stackv1.30-v1.0.0.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stackv1.30-v1.0.0.yaml index a2f212c8..01ee8d53 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stackv1.30-v1.0.0.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stackv1.30-v1.0.0.yaml @@ -4,35 +4,30 @@ addons: chart: argo-cd releaseName: argocd repoUrl: https://argoproj.github.io/argo-helm - targetRevision: "6.6.0" - namespace: argocd + targetRevision: "7.3.11" aws_load_balancer_controller: chart: aws-load-balancer-controller releaseName: aws-load-balancer-controller repoUrl: https://aws.github.io/eks-charts targetRevision: "1.7.1" - namespace: kube-system gatekeeper: chart: gatekeeper releaseName: gatekeeper repoUrl: https://open-policy-agent.github.io/gatekeeper/charts targetRevision: "3.15.0" - namespace: gatekeeper-system metrics_server: chart: metrics-server releaseName: metrics-server repoUrl: https://kubernetes-sigs.github.io/metrics-server targetRevision: "3.12.0" - namespace: kube-system aws_ebs_csi_resources: chart: aws-ebs-csi-classes releaseName: aws-ebs-csi-classes repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts targetRevision: "1.0.0" - namespace: kube-system karpenter: chart: karpenter/karpenter releaseName: karpenter repoUrl: public.ecr.aws targetRevision: "0.37.0" - namespace: kube-system + From 780ed1710c55df861c43be658eaf8ecf98a12138 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Sat, 27 Jul 2024 16:38:35 -0400 Subject: [PATCH 48/90] remove release name from stack Signed-off-by: Carlos Santana --- .../examples/eks/single-cluster-v2/gitops/stacks/stack.yaml | 6 ------ .../single-cluster-v2/gitops/stacks/stackv1.30-v1.0.0.yaml | 6 ------ .../single-cluster-v2/gitops/stacks/stackv1.30-v1.1.0.yaml | 6 ------ 3 files changed, 18 deletions(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack.yaml index 618b0c14..7a5e3ac9 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack.yaml @@ -2,32 +2,26 @@ version: v1.30-v1.1.0 addons: argocd: chart: argo-cd - releaseName: argocd repoUrl: https://argoproj.github.io/argo-helm targetRevision: "7.3.11" aws_load_balancer_controller: chart: aws-load-balancer-controller - releaseName: aws-load-balancer-controller repoUrl: https://aws.github.io/eks-charts targetRevision: "1.7.1" gatekeeper: chart: gatekeeper - releaseName: gatekeeper repoUrl: https://open-policy-agent.github.io/gatekeeper/charts targetRevision: "3.15.0" metrics_server: chart: metrics-server - releaseName: metrics-server repoUrl: https://kubernetes-sigs.github.io/metrics-server targetRevision: "3.12.0" aws_ebs_csi_resources: chart: aws-ebs-csi-classes - releaseName: aws-ebs-csi-classes repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts targetRevision: "1.0.0" karpenter: chart: karpenter/karpenter - releaseName: karpenter repoUrl: public.ecr.aws targetRevision: "0.37.0" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stackv1.30-v1.0.0.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stackv1.30-v1.0.0.yaml index 01ee8d53..54392ab9 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stackv1.30-v1.0.0.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stackv1.30-v1.0.0.yaml @@ -2,32 +2,26 @@ version: v1.30-v1.0.0 addons: argocd: chart: argo-cd - releaseName: argocd repoUrl: https://argoproj.github.io/argo-helm targetRevision: "7.3.11" aws_load_balancer_controller: chart: aws-load-balancer-controller - releaseName: aws-load-balancer-controller repoUrl: https://aws.github.io/eks-charts targetRevision: "1.7.1" gatekeeper: chart: gatekeeper - releaseName: gatekeeper repoUrl: https://open-policy-agent.github.io/gatekeeper/charts targetRevision: "3.15.0" metrics_server: chart: metrics-server - releaseName: metrics-server repoUrl: https://kubernetes-sigs.github.io/metrics-server targetRevision: "3.12.0" aws_ebs_csi_resources: chart: aws-ebs-csi-classes - releaseName: aws-ebs-csi-classes repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts targetRevision: "1.0.0" karpenter: chart: karpenter/karpenter - releaseName: karpenter repoUrl: public.ecr.aws targetRevision: "0.37.0" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stackv1.30-v1.1.0.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stackv1.30-v1.1.0.yaml index 618b0c14..7a5e3ac9 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stackv1.30-v1.1.0.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stackv1.30-v1.1.0.yaml @@ -2,32 +2,26 @@ version: v1.30-v1.1.0 addons: argocd: chart: argo-cd - releaseName: argocd repoUrl: https://argoproj.github.io/argo-helm targetRevision: "7.3.11" aws_load_balancer_controller: chart: aws-load-balancer-controller - releaseName: aws-load-balancer-controller repoUrl: https://aws.github.io/eks-charts targetRevision: "1.7.1" gatekeeper: chart: gatekeeper - releaseName: gatekeeper repoUrl: https://open-policy-agent.github.io/gatekeeper/charts targetRevision: "3.15.0" metrics_server: chart: metrics-server - releaseName: metrics-server repoUrl: https://kubernetes-sigs.github.io/metrics-server targetRevision: "3.12.0" aws_ebs_csi_resources: chart: aws-ebs-csi-classes - releaseName: aws-ebs-csi-classes repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts targetRevision: "1.0.0" karpenter: chart: karpenter/karpenter - releaseName: karpenter repoUrl: public.ecr.aws targetRevision: "0.37.0" From 22ab650c1b8b9939b71bc7c8424624219a957f15 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Sat, 27 Jul 2024 16:56:28 -0400 Subject: [PATCH 49/90] make stacks optional Signed-off-by: Carlos Santana --- .../templates/applicationsets.yaml | 18 +++++++++++++--- .../gitops/charts/gitops-bridge/values.yaml | 21 +++++++++++++++++++ 2 files changed, 36 insertions(+), 3 deletions(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml index 7da1f575..bd1ef99d 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml @@ -1,5 +1,7 @@ {{- $namespace := .Values.namespace }} {{- $useSelector := .Values.useSelector -}} +{{- $useStack := .Values.useStack -}} +{{- $stackGenerator := .Values.stackGenerator -}} {{- $repoURLGit := .Values.repoURLGit -}} {{- $repoURLGitRevision := .Values.repoURLGitRevision -}} {{- $repoURLGitBasePath := .Values.repoURLGitBasePath -}} @@ -27,8 +29,10 @@ spec: goTemplateOptions: - missingkey=error generators: + {{- if $useStack }} - matrix: generators: + {{- end }} - clusters: selector: matchLabels: @@ -36,11 +40,14 @@ spec: {{- if and $addon.selector $useSelector }} {{- toYaml $addon.selector | nindent 16 }} {{- end }} + {{- if $useStack }} - git: repoURL: {{ $repoURLGit }} revision: {{ $repoURLGitRevision }} files: - - path: '{{ $stackPath}}' + - path: '{{ $stackPath }}' + {{- end }} + template: metadata: name: addon-{{ $nameNormalize }}{{ if $useSelector }}-{{`{{.nameNormalized}}`}}{{ end }} @@ -52,9 +59,15 @@ spec: - repoURL: {{ $repoURLValues }} targetRevision: {{ $repoURLValuesRevision }} ref: values + {{- if $useStack }} - chart: '{{`{{.addons.`}}{{ $name }}{{`.chart}}`}}' repoURL: '{{`{{.addons.`}}{{ $name }}{{`.repoUrl}}`}}' targetRevision: '{{`{{.addons.`}}{{ $name }}{{`.targetRevision}}`}}' + {{- else }} + - chart: '{{ $addon.chart }}' + repoURL: '{{ $addon.repoUrl }}' + targetRevision: '{{ $addon.targetRevision }}' + {{- end }} helm: releaseName: '{{ $addon.releaseName }}' ignoreMissingValueFiles: true @@ -79,7 +92,7 @@ spec: path: '{{ $repoURLValuesBasePath }}{{ $addon.resources.helm.path }}' {{- end }} helm: - releaseName: '{{`{{.addons.`}}{{ $name }}{{`.releaseName}}`}}' + releaseName: '{{ $addon.releaseName }}' ignoreMissingValueFiles: true {{ with $valueFiles -}} valueFiles: @@ -94,7 +107,6 @@ spec: {{- end }} {{- end }} destination: - # if $addon.namespace starts with a dot then I want to make namespace to be foo else bar {{- if hasPrefix "." $addon.namespace }} namespace: '{{`{{`}}{{ $addon.namespace }}{{`}}`}}' {{- else }} diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml index 9348eecb..c4615081 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml @@ -8,6 +8,7 @@ repoURLValuesBasePath: "" project: default namespace: argocd useSelector: false +useStack: true syncPolicy: automated: selfHeal: false @@ -36,6 +37,9 @@ addons: enabled: true releaseName: argocd namespace: argocd + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.3.11" selector: matchExpressions: - key: enable_argocd @@ -44,6 +48,10 @@ addons: aws_load_balancer_controller: enabled: true releaseName: aws-load-balancer-controller + aws_load_balancer_controller: + chart: aws-load-balancer-controller + repoUrl: https://aws.github.io/eks-charts + targetRevision: "1.7.1" namespace: '.metadata.annotations.aws_load_balancer_controller_namespace' selector: matchExpressions: @@ -71,6 +79,9 @@ addons: enabled: true releaseName: gatekeeper namespace: gatekeeper-system + chart: gatekeeper + repoUrl: https://open-policy-agent.github.io/gatekeeper/charts + targetRevision: "3.15.0" selector: matchExpressions: - key: enable_gatekeeper @@ -82,6 +93,10 @@ addons: enabled: true releaseName: metrics-server namespace: kube-system + metrics_server: + chart: metrics-server + repoUrl: https://kubernetes-sigs.github.io/metrics-server + targetRevision: "3.12.0" selector: matchExpressions: - key: enable_metrics_server @@ -90,6 +105,9 @@ addons: aws_ebs_csi_resources: enabled: true releaseName: aws-ebs-csi-classes + chart: aws-ebs-csi-classes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" namespace: kube-system selector: matchExpressions: @@ -100,6 +118,9 @@ addons: enabled: true releaseName: karpenter namespace: '.metadata.annotations.karpenter_namespace' + chart: karpenter/karpenter + repoUrl: public.ecr.aws + targetRevision: "0.37.0" selector: matchExpressions: - key: enable_karpenter From 955852f2118ee2e91bac147825e5adf219b8cd17 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Sat, 27 Jul 2024 21:12:21 -0400 Subject: [PATCH 50/90] add tenant options Signed-off-by: Carlos Santana --- .../charts/gitops-bridge/templates/applicationsets.yaml | 6 ++++-- .../gitops/charts/gitops-bridge/values.yaml | 8 ++------ 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml index bd1ef99d..ebda7fe0 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml @@ -12,6 +12,8 @@ {{- $syncPolicy := .Values.syncPolicy -}} {{- $stackPath := .Values.stackPath -}} {{- $valueFiles := .Values.valueFiles -}} +{{- $valuesFileTenants := .Values.valuesFileTenants -}} +{{- $useValuesFileTenants := .Values.useValuesFileTenants -}} {{- range $name, $addon := .Values.addons }} {{- $nameNormalize := printf "%s" $name | replace "_" "-" | trunc 63 | trimSuffix "-" -}} {{- if $addon.enabled }} @@ -74,7 +76,7 @@ spec: {{ with $valueFiles -}} valueFiles: {{- range . }} - - '$values/{{ $repoURLValuesBasePath }}{{ . }}/{{ $nameNormalize }}/values.yaml' + - '$values/{{ $repoURLValuesBasePath }}{{ if $useValuesFileTenants }}{{ $valuesFileTenants }}{{ end }}{{ . }}/{{ $nameNormalize }}/values.yaml' {{- end }} {{- end }} {{- with $addon.values }} @@ -97,7 +99,7 @@ spec: {{ with $valueFiles -}} valueFiles: {{- range . }} - - '$values/{{ $repoURLValuesBasePath }}{{ . }}/{{ $nameNormalize }}/resources/values.yaml' + - '$values/{{ $repoURLValuesBasePath }}{{ if $useValuesFileTenants }}{{ $valuesFileTenants }}{{ end }}{{ . }}/{{ $nameNormalize }}/resources/values.yaml' {{- end }} {{- end }} {{- if $addon.resources.helm.valuesObject }} diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml index c4615081..7bf87bf4 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml @@ -23,15 +23,11 @@ valueFiles: - addons - environments/{{.metadata.labels.environment}}/addons - clusters/{{.nameNormalized}}/addons - # - tenants/{{.metadata.labels.tenant | default ""}}/addons - # - tenants/{{.metadata.labels.tenant | default ""}}/environments/{{.metadata.labels.environment}}/addons - # - tenants/{{.metadata.labels.tenant | default ""}}/clusters/{{.nameNormalized}}/addons valueFilesResources: - environments/{{.metadata.labels.environment}}/addons - clusters/{{.nameNormalized}}/addons - # - tenants/{{.metadata.labels.tenant | default ""}}/addons - # - tenants/{{.metadata.labels.tenant | default ""}}/environments/{{.metadata.labels.environment}}/addons - # - tenants/{{.metadata.labels.tenant | default ""}}/clusters/{{.nameNormalized}}/addons +useValuesFileTenants: false +valuesFileTenants: tenants/{{.metadata.labels.tenant}}/ addons: argocd: enabled: true From 0e43e9ba191ebe48c05b47d6694bd683ff398bbb Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Sat, 27 Jul 2024 21:32:20 -0400 Subject: [PATCH 51/90] switch gatekeeper to chart Signed-off-by: Carlos Santana --- .../gitops/charts/gitops-bridge/values.yaml | 9 ++- .../charts/resources/gatekeeper/.helmignore | 23 +++++++ .../charts/resources/gatekeeper/Chart.yaml | 19 ++++++ .../charts/resources/gatekeeper/_helpers.tpl | 66 +++++++++++++++++++ .../constraint.yaml | 14 ++++ .../templates/disallowedrepos/template.yaml | 50 ++++++++++++++ .../charts/resources/gatekeeper/values.yaml | 4 ++ .../charts/resources/karpenter/_helpers.tpl | 20 +++--- 8 files changed, 193 insertions(+), 12 deletions(-) create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/.helmignore create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/Chart.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/_helpers.tpl create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/templates/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/constraint.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/templates/disallowedrepos/template.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/values.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml index 7bf87bf4..ef3aa3ab 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml @@ -83,8 +83,13 @@ addons: - key: enable_gatekeeper operator: In values: ['true'] + # resources: + # path: kustomize/resources/gatekeeper resources: - path: kustomize/resources/gatekeeper + helm: + path: charts/resources/gatekeeper + valuesObject: + environment: '{{.metadata.labels.environment}}' metrics_server: enabled: true releaseName: metrics-server @@ -134,7 +139,7 @@ addons: helm: path: charts/resources/karpenter valuesObject: + environment: '{{.metadata.labels.environment}}' clusterName: '{{.metadata.annotations.aws_cluster_name}}' nodeRole: '{{.metadata.annotations.karpenter_node_iam_role_name}}' - diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/.helmignore b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/Chart.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/Chart.yaml new file mode 100644 index 00000000..625ecce4 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/Chart.yaml @@ -0,0 +1,19 @@ +apiVersion: v2 +name: gatekeeper-resources +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 1.0.0 + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/_helpers.tpl b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/_helpers.tpl new file mode 100644 index 00000000..e3237df1 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/_helpers.tpl @@ -0,0 +1,66 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "resources.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "resources.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "resources.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "resources.labels" -}} +helm.sh/chart: {{ include "resources.chart" . }} +{{ include "resources.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "resources.selectorLabels" -}} +app.kubernetes.io/name: {{ include "resources.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "resources.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "resources.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{- define "toValidName" -}} +{{- printf "%s" . | regexReplaceAll "[^a-z0-9.-]" "-" | lower -}} +{{- end -}} \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/templates/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/constraint.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/templates/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/constraint.yaml new file mode 100644 index 00000000..0b7663e2 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/templates/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/constraint.yaml @@ -0,0 +1,14 @@ +apiVersion: constraints.gatekeeper.sh/v1beta1 +kind: K8sDisallowedRepos +metadata: + name: repo-must-not-be-k8s-gcr-io + annotations: + argocd.argoproj.io/sync-wave: "2" + argocd.argoproj.io/sync-options: "SkipDryRunOnMissingResource=true" +spec: + match: + kinds: + - apiGroups: [""] + kinds: ["Pod"] + parameters: + {{- toYaml .Values.disallowedrepos.parameters | nindent 4 }} diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/templates/disallowedrepos/template.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/templates/disallowedrepos/template.yaml new file mode 100644 index 00000000..2cbf2ff1 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/templates/disallowedrepos/template.yaml @@ -0,0 +1,50 @@ +apiVersion: templates.gatekeeper.sh/v1 +kind: ConstraintTemplate +metadata: + name: k8sdisallowedrepos + annotations: + argocd.argoproj.io/sync-wave: "2" + metadata.gatekeeper.sh/title: "Disallowed Repositories" + metadata.gatekeeper.sh/version: 1.0.0 + description: >- + Disallowed container repositories that begin with a string from the specified list. +spec: + crd: + spec: + names: + kind: K8sDisallowedRepos + validation: + # Schema for the `parameters` field + openAPIV3Schema: + type: object + properties: + repos: + description: The list of prefixes a container image is not allowed to have. + type: array + items: + type: string + targets: + - target: admission.k8s.gatekeeper.sh + rego: | + package k8sdisallowedrepos + + violation[{"msg": msg}] { + container := input.review.object.spec.containers[_] + image := container.image + startswith(image, input.parameters.repos[_]) + msg := sprintf("container <%v> has an invalid image repo <%v>, disallowed repos are %v", [container.name, container.image, input.parameters.repos]) + } + + violation[{"msg": msg}] { + container := input.review.object.spec.initContainers[_] + image := container.image + startswith(image, input.parameters.repos[_]) + msg := sprintf("initContainer <%v> has an invalid image repo <%v>, disallowed repos are %v", [container.name, container.image, input.parameters.repos]) + } + + violation[{"msg": msg}] { + container := input.review.object.spec.ephemeralContainers[_] + image := container.image + startswith(image, input.parameters.repos[_]) + msg := sprintf("ephemeralContainer <%v> has an invalid image repo <%v>, disallowed repos are %v", [container.name, container.image, input.parameters.repos]) + } diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/values.yaml new file mode 100644 index 00000000..5a1d8940 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/values.yaml @@ -0,0 +1,4 @@ +disallowedrepos: + parameters: + repos: + - "k8s.gcr.io/" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/_helpers.tpl b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/_helpers.tpl index 3716b4e6..e3237df1 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/_helpers.tpl +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/_helpers.tpl @@ -1,7 +1,7 @@ {{/* Expand the name of the chart. */}} -{{- define "karpenter-resources.name" -}} +{{- define "resources.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} {{- end }} @@ -10,7 +10,7 @@ Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} -{{- define "karpenter-resources.fullname" -}} +{{- define "resources.fullname" -}} {{- if .Values.fullnameOverride }} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} {{- else }} @@ -26,16 +26,16 @@ If release name contains chart name it will be used as a full name. {{/* Create chart name and version as used by the chart label. */}} -{{- define "karpenter-resources.chart" -}} +{{- define "resources.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} {{/* Common labels */}} -{{- define "karpenter-resources.labels" -}} -helm.sh/chart: {{ include "karpenter-resources.chart" . }} -{{ include "karpenter-resources.selectorLabels" . }} +{{- define "resources.labels" -}} +helm.sh/chart: {{ include "resources.chart" . }} +{{ include "resources.selectorLabels" . }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} @@ -45,17 +45,17 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{/* Selector labels */}} -{{- define "karpenter-resources.selectorLabels" -}} -app.kubernetes.io/name: {{ include "karpenter-resources.name" . }} +{{- define "resources.selectorLabels" -}} +app.kubernetes.io/name: {{ include "resources.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} {{/* Create the name of the service account to use */}} -{{- define "karpenter-resources.serviceAccountName" -}} +{{- define "resources.serviceAccountName" -}} {{- if .Values.serviceAccount.create }} -{{- default (include "karpenter-resources.fullname" .) .Values.serviceAccount.name }} +{{- default (include "resources.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} {{- end }} From 5c3c4e108db7bb03a1f10353c7affa73e09b95a3 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Sat, 27 Jul 2024 22:38:22 -0400 Subject: [PATCH 52/90] update workloads Signed-off-by: Carlos Santana --- .../bootstrap/workloads.yaml | 2 +- .../examples/eks/single-cluster-v2/destroy.sh | 1 + .../workloads/apps/game-2048}/game-2048.yaml | 20 +------ .../namespaces/game-2048/values.yaml | 56 ++++++++++++++++++ .../gitops/workloads/workloads.yaml | 59 +++++++++++++++++++ .../eks/single-cluster-v2/variables.tf | 2 +- 6 files changed, 119 insertions(+), 21 deletions(-) rename argocd/iac/terraform/examples/eks/single-cluster-v2/{k8s => gitops/workloads/apps/game-2048}/game-2048.yaml (77%) create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/namespaces/game-2048/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/workloads.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/workloads.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/workloads.yaml index be73a35d..bfa7c82c 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/workloads.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/workloads.yaml @@ -19,7 +19,7 @@ spec: project: default source: repoURL: '{{metadata.annotations.workload_repo_url}}' - path: '{{metadata.annotations.workload_repo_basepath}}{{metadata.annotations.workload_repo_path}}' + path: '{{metadata.annotations.workload_repo_basepath}}' targetRevision: '{{metadata.annotations.workload_repo_revision}}' destination: name: '{{name}}' diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/destroy.sh b/argocd/iac/terraform/examples/eks/single-cluster-v2/destroy.sh index e85787fc..d20076e4 100755 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/destroy.sh +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/destroy.sh @@ -16,6 +16,7 @@ if [[ ! $(cat $TMPFILE) == *"No outputs found"* ]]; then kubectl scale deploy -n gatekeeper-system gatekeeper-audit --replicas=0 kubectl scale deploy -n gatekeeper-system gatekeeper-controller-manager --replicas=0 kubectl scale deploy -n kube-system metrics-server --replicas=0 + kubectl delete nodes -l karpenter.sh/registered=true kubectl delete -n game-2048 ing game-2048 kubectl delete -n argocd svc argocd-server sleep 60 diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/k8s/game-2048.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/apps/game-2048/game-2048.yaml similarity index 77% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/k8s/game-2048.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/apps/game-2048/game-2048.yaml index 0539f2fa..7f5e2d34 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/k8s/game-2048.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/apps/game-2048/game-2048.yaml @@ -1,13 +1,6 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: game-2048 -spec: {} ---- apiVersion: apps/v1 kind: Deployment metadata: - namespace: game-2048 name: game-2048 spec: selector: @@ -28,7 +21,6 @@ spec: apiVersion: v1 kind: Service metadata: - namespace: game-2048 name: game-2048 spec: ports: @@ -43,7 +35,6 @@ spec: apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - namespace: game-2048 name: game-2048 annotations: alb.ingress.kubernetes.io/scheme: internet-facing @@ -60,13 +51,4 @@ spec: name: game-2048 port: name: http ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: game-2048 - namespace: game-2048 -spec: - podSelector: {} - policyTypes: - - Egress + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/namespaces/game-2048/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/namespaces/game-2048/values.yaml new file mode 100644 index 00000000..01e2abda --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/namespaces/game-2048/values.yaml @@ -0,0 +1,56 @@ +name: tenant1 +labels: + environment: dev +namespaces: + game-2048: + labels: + additionalLabels: + app.kubernetes.io/created-by: eks-workshop + limitRanges: + - name: default + labels: + app.kubernetes.io/created-by: eks-workshop + limits: + - default: # this section defines default limits + cpu: 500m + defaultRequest: # this section defines default requests + cpu: 500m + max: # max and min define the limit range + cpu: "2" + min: + cpu: 100m + type: Container + resourceQuotas: + - name: default + labels: + app.kubernetes.io/created-by: eks-workshop + spec: + hard: + cpu: "5000" + memory: 200Gi + pods: "20" + scopeSelector: + matchExpressions: + - operator : In + scopeName: PriorityClass + values: ["high"] +networkPolicies: + enabled: true + egress: + deny: + all: + # -- create a NetworkPolicy that denies all outgoing traffic + enabled: true + # -- define a PodSelector that should be used. Uses all Pods by default + podSelector: {} + allow: + dns: + # -- create a NetworkPolicy that allows outgoing traffic to the Kubernetes DNS + enabled: true + # -- The namespace where the Kubneretes DNS is running + namespace: "kube-system" + # -- The labels of the Kubernetes DNS + podLabels: + k8s-app: kube-dns + # -- define a PodSelector that should be used. Uses all Pods by default + podSelector: {} diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/workloads.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/workloads.yaml new file mode 100644 index 00000000..04dc0393 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/workloads.yaml @@ -0,0 +1,59 @@ +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: workload-namespaces + namespace: argocd +spec: + syncPolicy: + preserveResourcesOnDeletion: true + goTemplate: true + goTemplateOptions: + - missingkey=error + generators: + - matrix: + generators: + - clusters: + selector: + matchLabels: + argocd.argoproj.io/secret-type: cluster + - git: + repoURL: '{{.metadata.annotations.workload_repo_url}}' + revision: '{{.metadata.annotations.workload_repo_revision}}' + directories: + - path: '{{.metadata.annotations.workload_repo_basepath}}namespaces/*' + + template: + metadata: + name: 'namespaces-{{.path.basename}}' + labels: + environment: '{{.metadata.labels.environment}}' + component: '{{.path.basename}}' + workloads: 'true' + spec: + project: 'default' + sources: + - repoURL: '{{.metadata.annotations.workload_repo_url}}' + targetRevision: HEAD + ref: values + - chart: team + repoURL: 'https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts' + targetRevision: '1.0.0' + helm: + releaseName: 'teams' + ignoreMissingValueFiles: true + valueFiles: + - '$values/{{.path}}/values.yaml' + - repoURL: '{{.metadata.annotations.workload_repo_url}}' + path: '{{{.metadata.annotations.workload_repo_basepath}}apps/{{.path.basename}}' + targetRevision: '{{metadata.annotations.workload_repo_revision}}' + destination: + namespace: '{{.path.basename}}' + name: '{{.name}}' + syncPolicy: + automated: + allowEmpty: true + prune: true + retry: + backoff: + duration: 1m + limit: 100 \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/variables.tf b/argocd/iac/terraform/examples/eks/single-cluster-v2/variables.tf index d9a78260..299872c0 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/variables.tf +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/variables.tf @@ -77,7 +77,7 @@ variable "gitops_workload_revision" { variable "gitops_workload_basepath" { description = "Git repository base path for workload" type = string - default = "argocd/iac/terraform/examples/eks/" + default = "argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/" } variable "gitops_workload_path" { description = "Git repository path for workload" From bcb863465769d56f800d33b305a71c8bb2e71005 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Sat, 27 Jul 2024 22:55:30 -0400 Subject: [PATCH 53/90] fix typo Signed-off-by: Carlos Santana --- .../eks/single-cluster-v2/gitops/workloads/workloads.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/workloads.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/workloads.yaml index 04dc0393..d50c078b 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/workloads.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/workloads.yaml @@ -44,7 +44,7 @@ spec: valueFiles: - '$values/{{.path}}/values.yaml' - repoURL: '{{.metadata.annotations.workload_repo_url}}' - path: '{{{.metadata.annotations.workload_repo_basepath}}apps/{{.path.basename}}' + path: '{{.metadata.annotations.workload_repo_basepath}}apps/{{.path.basename}}' targetRevision: '{{metadata.annotations.workload_repo_revision}}' destination: namespace: '{{.path.basename}}' From ec63ec42ded734ab9ef619fafae53591c61a8fc3 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Sat, 27 Jul 2024 22:56:13 -0400 Subject: [PATCH 54/90] update Signed-off-by: Carlos Santana --- .../eks/single-cluster-v2/gitops/workloads/workloads.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/workloads.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/workloads.yaml index d50c078b..02f5b8ea 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/workloads.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/workloads.yaml @@ -33,7 +33,7 @@ spec: project: 'default' sources: - repoURL: '{{.metadata.annotations.workload_repo_url}}' - targetRevision: HEAD + targetRevision: '{{.metadata.annotations.workload_repo_revision}}' ref: values - chart: team repoURL: 'https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts' @@ -45,7 +45,7 @@ spec: - '$values/{{.path}}/values.yaml' - repoURL: '{{.metadata.annotations.workload_repo_url}}' path: '{{.metadata.annotations.workload_repo_basepath}}apps/{{.path.basename}}' - targetRevision: '{{metadata.annotations.workload_repo_revision}}' + targetRevision: '{{.metadata.annotations.workload_repo_revision}}' destination: namespace: '{{.path.basename}}' name: '{{.name}}' From 47fb1f2569715b6314d06a93d66da83983f3171b Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Sat, 27 Jul 2024 22:57:59 -0400 Subject: [PATCH 55/90] fix Signed-off-by: Carlos Santana --- .../eks/single-cluster-v2/gitops/workloads/workloads.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/workloads.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/workloads.yaml index 02f5b8ea..4aad8422 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/workloads.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/workloads.yaml @@ -42,7 +42,7 @@ spec: releaseName: 'teams' ignoreMissingValueFiles: true valueFiles: - - '$values/{{.path}}/values.yaml' + - '$values/{{.path.path}}/values.yaml' - repoURL: '{{.metadata.annotations.workload_repo_url}}' path: '{{.metadata.annotations.workload_repo_basepath}}apps/{{.path.basename}}' targetRevision: '{{.metadata.annotations.workload_repo_revision}}' From 0b0cb8e0f0f824a6bbe2fbfcac0823a8eae75ffd Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Sat, 27 Jul 2024 23:03:48 -0400 Subject: [PATCH 56/90] ugly fix Signed-off-by: Carlos Santana --- .../gitops/workloads/namespaces/game-2048/values.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/namespaces/game-2048/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/namespaces/game-2048/values.yaml index 01e2abda..a6da1f25 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/namespaces/game-2048/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/namespaces/game-2048/values.yaml @@ -54,3 +54,6 @@ networkPolicies: k8s-app: kube-dns # -- define a PodSelector that should be used. Uses all Pods by default podSelector: {} + ingress: + deny: + all: false From c4ea1458d5ed9ea25f79bba15dc80029fab0916d Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Sat, 27 Jul 2024 23:11:37 -0400 Subject: [PATCH 57/90] fix netpol Signed-off-by: Carlos Santana --- .../namespaces/game-2048/values.yaml | 28 ++++--------------- 1 file changed, 6 insertions(+), 22 deletions(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/namespaces/game-2048/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/namespaces/game-2048/values.yaml index a6da1f25..1fb0a1cf 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/namespaces/game-2048/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/namespaces/game-2048/values.yaml @@ -34,26 +34,10 @@ namespaces: - operator : In scopeName: PriorityClass values: ["high"] -networkPolicies: - enabled: true - egress: - deny: - all: - # -- create a NetworkPolicy that denies all outgoing traffic - enabled: true - # -- define a PodSelector that should be used. Uses all Pods by default - podSelector: {} - allow: - dns: - # -- create a NetworkPolicy that allows outgoing traffic to the Kubernetes DNS - enabled: true - # -- The namespace where the Kubneretes DNS is running - namespace: "kube-system" - # -- The labels of the Kubernetes DNS - podLabels: - k8s-app: kube-dns - # -- define a PodSelector that should be used. Uses all Pods by default + networkPolicies: + - name: egress-deny-all + spec: podSelector: {} - ingress: - deny: - all: false + policyTypes: + - Egress + From d1a0359b4b829d044e84ed94a9f9b2328e155e02 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Sun, 28 Jul 2024 14:14:21 -0400 Subject: [PATCH 58/90] update teams helm chart and network policies Signed-off-by: Carlos Santana --- .../examples/eks/single-cluster-v2/destroy.sh | 1 + .../namespaces/game-2048/values.yaml | 20 +++++++++++++------ .../gitops/workloads/workloads.yaml | 2 +- 3 files changed, 16 insertions(+), 7 deletions(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/destroy.sh b/argocd/iac/terraform/examples/eks/single-cluster-v2/destroy.sh index d20076e4..1d90e400 100755 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/destroy.sh +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/destroy.sh @@ -16,6 +16,7 @@ if [[ ! $(cat $TMPFILE) == *"No outputs found"* ]]; then kubectl scale deploy -n gatekeeper-system gatekeeper-audit --replicas=0 kubectl scale deploy -n gatekeeper-system gatekeeper-controller-manager --replicas=0 kubectl scale deploy -n kube-system metrics-server --replicas=0 + sleep 60 kubectl delete nodes -l karpenter.sh/registered=true kubectl delete -n game-2048 ing game-2048 kubectl delete -n argocd svc argocd-server diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/namespaces/game-2048/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/namespaces/game-2048/values.yaml index 1fb0a1cf..4589405b 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/namespaces/game-2048/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/namespaces/game-2048/values.yaml @@ -1,6 +1,19 @@ name: tenant1 labels: environment: dev +networkPolicies: + enabled: true + egress: + deny: + all: + enabled: true + allow: + dns: + enabled: true + ingress: + deny: + all: + enabled: false namespaces: game-2048: labels: @@ -34,10 +47,5 @@ namespaces: - operator : In scopeName: PriorityClass values: ["high"] - networkPolicies: - - name: egress-deny-all - spec: - podSelector: {} - policyTypes: - - Egress + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/workloads.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/workloads.yaml index 4aad8422..de4245bd 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/workloads.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/workloads.yaml @@ -37,7 +37,7 @@ spec: ref: values - chart: team repoURL: 'https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts' - targetRevision: '1.0.0' + targetRevision: '2.0.0' helm: releaseName: 'teams' ignoreMissingValueFiles: true From 14d22127f463e2ccf9448fab27d1269c263e0b94 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Sun, 28 Jul 2024 18:14:30 -0400 Subject: [PATCH 59/90] update gitops bridge helm Signed-off-by: Carlos Santana --- .../templates/applicationsets.yaml | 19 ++++++++++++++----- .../gitops/charts/gitops-bridge/values.yaml | 5 +++-- 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml index ebda7fe0..3b858233 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml @@ -12,8 +12,8 @@ {{- $syncPolicy := .Values.syncPolicy -}} {{- $stackPath := .Values.stackPath -}} {{- $valueFiles := .Values.valueFiles -}} -{{- $valuesFileTenants := .Values.valuesFileTenants -}} -{{- $useValuesFileTenants := .Values.useValuesFileTenants -}} +{{- $valuesFilePrefix := .Values.valuesFilePrefix -}} +{{- $useValuesFilePrefix := .Values.useValuesFilePrefix -}} {{- range $name, $addon := .Values.addons }} {{- $nameNormalize := printf "%s" $name | replace "_" "-" | trunc 63 | trimSuffix "-" -}} {{- if $addon.enabled }} @@ -24,6 +24,10 @@ kind: ApplicationSet metadata: name: {{ $nameNormalize }} namespace: {{ $namespace }} + {{- if $addon.syncWaveOrder}} + annotations: + argocd.argoproj.io/sync-wave: {{ $addon.syncWaveOrder | quote}} + {{- end }} spec: syncPolicy: preserveResourcesOnDeletion: true @@ -54,7 +58,12 @@ spec: metadata: name: addon-{{ $nameNormalize }}{{ if $useSelector }}-{{`{{.nameNormalized}}`}}{{ end }} annotations: - argocd.argoproj.io/manifest-generate-paths: {{ $repoURLValuesBasePath }}values/{{ $nameNormalize }}/common/values.yaml;{{ $repoURLValuesBasePath }}values/{{ $nameNormalize }}/{{`{{.metadata.labels.environment}}`}}/values.yaml;{{ $repoURLValuesBasePath }}values/{{ $nameNormalize }}/clusters/{{`{{.nameNormalized}}`}}/values.yaml + argocd.argoproj.io/manifest-generate-paths: {{ with $valueFiles }}{{ range . }}{{ $repoURLValuesBasePath }}{{ if $useValuesFilePrefix }}{{ $valuesFilePrefix }}{{ end }}{{ . }}/{{ $nameNormalize }}/values.yaml;{{ end }}{{ end }} + labels: + component: '{{ $nameNormalize }}' + addon: 'true' + environment: '{{`{{.metadata.labels.environment}}`}}' + cluster: '{{`{{.name}}`}}' spec: project: {{ $project }} sources: @@ -76,7 +85,7 @@ spec: {{ with $valueFiles -}} valueFiles: {{- range . }} - - '$values/{{ $repoURLValuesBasePath }}{{ if $useValuesFileTenants }}{{ $valuesFileTenants }}{{ end }}{{ . }}/{{ $nameNormalize }}/values.yaml' + - '$values/{{ $repoURLValuesBasePath }}{{ if $useValuesFilePrefix }}{{ $valuesFilePrefix }}{{ end }}{{ . }}/{{ $nameNormalize }}/values.yaml' {{- end }} {{- end }} {{- with $addon.values }} @@ -99,7 +108,7 @@ spec: {{ with $valueFiles -}} valueFiles: {{- range . }} - - '$values/{{ $repoURLValuesBasePath }}{{ if $useValuesFileTenants }}{{ $valuesFileTenants }}{{ end }}{{ . }}/{{ $nameNormalize }}/resources/values.yaml' + - '$values/{{ $repoURLValuesBasePath }}{{ if $useValuesFilePrefix }}{{ $valuesFilePrefix }}{{ end }}{{ . }}/{{ $nameNormalize }}/resources/values.yaml' {{- end }} {{- end }} {{- if $addon.resources.helm.valuesObject }} diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml index ef3aa3ab..8528ac17 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml @@ -26,8 +26,8 @@ valueFiles: valueFilesResources: - environments/{{.metadata.labels.environment}}/addons - clusters/{{.nameNormalized}}/addons -useValuesFileTenants: false -valuesFileTenants: tenants/{{.metadata.labels.tenant}}/ +useValuesFilePrefix: false +valuesFilePrefix: tenants/{{.metadata.labels.tenant}}/ addons: argocd: enabled: true @@ -49,6 +49,7 @@ addons: repoUrl: https://aws.github.io/eks-charts targetRevision: "1.7.1" namespace: '.metadata.annotations.aws_load_balancer_controller_namespace' + syncWaveOrder: -1 selector: matchExpressions: - key: enable_aws_load_balancer_controller From 9890a83ca9c2f20b18ef2ddf9749d2f42d390faf Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Sun, 28 Jul 2024 22:46:37 -0400 Subject: [PATCH 60/90] move addons to default Signed-off-by: Carlos Santana --- .../eks/single-cluster-v2/argocd-initial-values.yaml | 4 ++++ .../gitops/charts/gitops-bridge/values.yaml | 4 ++-- .../{ => default}/addons/argocd/resources/values.yaml | 0 .../gitops/{ => default}/addons/argocd/values.yaml | 3 ++- .../aws-load-balancer-controller/resources/values.yaml | 0 .../addons/aws-load-balancer-controller/values.yaml | 0 .../{ => default}/addons/gatekeeper/resources/values.yaml | 0 .../gitops/{ => default}/addons/gatekeeper/values.yaml | 0 .../gitops/{ => default}/addons/karpenter/resources/.keep | 0 .../{ => default}/addons/karpenter/resources/values.yaml | 0 .../gitops/{ => default}/addons/karpenter/values.yaml | 0 .../addons/metrics-server/resources/values.yaml | 0 .../gitops/{ => default}/addons/metrics-server/values.yaml | 0 .../gitops/kustomize/resources/gatekeeper/configmap.yaml | 6 ------ .../{kustomize => manifests}/resources/gatekeeper/.keep | 0 .../resources/gatekeeper/disallowedrepos/kustomization.yaml | 0 .../samples/repo-must-not-be-k8s-gcr-io/constraint.yaml | 0 .../samples/repo-must-not-be-k8s-gcr-io/disallowed_all.yaml | 0 .../repo-must-not-be-k8s-gcr-io/example_allowed.yaml | 0 .../example_disallowed_both.yaml | 0 .../example_disallowed_container.yaml | 0 .../example_disallowed_initcontainer.yaml | 0 .../resources/gatekeeper/disallowedrepos/suite.yaml | 0 .../resources/gatekeeper/disallowedrepos/template.yaml | 0 .../resources/gatekeeper/kustomization.yaml | 1 + 25 files changed, 9 insertions(+), 9 deletions(-) rename argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/{ => default}/addons/argocd/resources/values.yaml (100%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/{ => default}/addons/argocd/values.yaml (99%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/{ => default}/addons/aws-load-balancer-controller/resources/values.yaml (100%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/{ => default}/addons/aws-load-balancer-controller/values.yaml (100%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/{ => default}/addons/gatekeeper/resources/values.yaml (100%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/{ => default}/addons/gatekeeper/values.yaml (100%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/{ => default}/addons/karpenter/resources/.keep (100%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/{ => default}/addons/karpenter/resources/values.yaml (100%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/{ => default}/addons/karpenter/values.yaml (100%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/{ => default}/addons/metrics-server/resources/values.yaml (100%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/{ => default}/addons/metrics-server/values.yaml (100%) delete mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/configmap.yaml rename argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/{kustomize => manifests}/resources/gatekeeper/.keep (100%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/{kustomize => manifests}/resources/gatekeeper/disallowedrepos/kustomization.yaml (100%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/{kustomize => manifests}/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/constraint.yaml (100%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/{kustomize => manifests}/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/disallowed_all.yaml (100%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/{kustomize => manifests}/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_allowed.yaml (100%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/{kustomize => manifests}/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_both.yaml (100%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/{kustomize => manifests}/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_container.yaml (100%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/{kustomize => manifests}/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_initcontainer.yaml (100%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/{kustomize => manifests}/resources/gatekeeper/disallowedrepos/suite.yaml (100%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/{kustomize => manifests}/resources/gatekeeper/disallowedrepos/template.yaml (100%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/{kustomize => manifests}/resources/gatekeeper/kustomization.yaml (88%) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/argocd-initial-values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/argocd-initial-values.yaml index ca19c961..48dd8d45 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/argocd-initial-values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/argocd-initial-values.yaml @@ -2,3 +2,7 @@ global: tolerations: - key: "CriticalAddonsOnly" operator: "Exists" +controller: + env: + - name: ARGOCD_SYNC_WAVE_DELAY + value: '30' diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml index 8528ac17..32a004fc 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml @@ -20,7 +20,7 @@ syncPolicy: - CreateNamespace=true - ServerSideApply=true # Big CRDs. valueFiles: - - addons + - default/addons - environments/{{.metadata.labels.environment}}/addons - clusters/{{.nameNormalized}}/addons valueFilesResources: @@ -85,7 +85,7 @@ addons: operator: In values: ['true'] # resources: - # path: kustomize/resources/gatekeeper + # path: manifests/resources/gatekeeper resources: helm: path: charts/resources/gatekeeper diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/argocd/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/argocd/resources/values.yaml similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/argocd/resources/values.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/argocd/resources/values.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/argocd/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/argocd/values.yaml similarity index 99% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/argocd/values.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/argocd/values.yaml index dd923a71..979aefba 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/argocd/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/argocd/values.yaml @@ -13,7 +13,8 @@ controller: env: - name: ARGOCD_K8S_CLIENT_QPS #required for Crossplane too many CRDs https://github.com/argoproj/argo-cd/pull/448 value: '300' - + - name: ARGOCD_SYNC_WAVE_DELAY + value: '30' repoServer: autoscaling: enabled: true diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/aws-load-balancer-controller/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/aws-load-balancer-controller/resources/values.yaml similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/aws-load-balancer-controller/resources/values.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/aws-load-balancer-controller/resources/values.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/aws-load-balancer-controller/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/aws-load-balancer-controller/values.yaml similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/aws-load-balancer-controller/values.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/aws-load-balancer-controller/values.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/gatekeeper/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/gatekeeper/resources/values.yaml similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/gatekeeper/resources/values.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/gatekeeper/resources/values.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/gatekeeper/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/gatekeeper/values.yaml similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/gatekeeper/values.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/gatekeeper/values.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/karpenter/resources/.keep b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/karpenter/resources/.keep similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/karpenter/resources/.keep rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/karpenter/resources/.keep diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/karpenter/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/karpenter/resources/values.yaml similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/karpenter/resources/values.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/karpenter/resources/values.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/karpenter/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/karpenter/values.yaml similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/karpenter/values.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/karpenter/values.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/metrics-server/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/metrics-server/resources/values.yaml similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/metrics-server/resources/values.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/metrics-server/resources/values.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/metrics-server/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/metrics-server/values.yaml similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/addons/metrics-server/values.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/metrics-server/values.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/configmap.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/configmap.yaml deleted file mode 100644 index 2cbb83c0..00000000 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/configmap.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: foo -data: - foo: bar \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/.keep b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/.keep similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/.keep rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/.keep diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/disallowedrepos/kustomization.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/disallowedrepos/kustomization.yaml similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/disallowedrepos/kustomization.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/disallowedrepos/kustomization.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/constraint.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/constraint.yaml similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/constraint.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/constraint.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/disallowed_all.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/disallowed_all.yaml similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/disallowed_all.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/disallowed_all.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_allowed.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_allowed.yaml similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_allowed.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_allowed.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_both.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_both.yaml similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_both.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_both.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_container.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_container.yaml similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_container.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_container.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_initcontainer.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_initcontainer.yaml similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_initcontainer.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_initcontainer.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/disallowedrepos/suite.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/disallowedrepos/suite.yaml similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/disallowedrepos/suite.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/disallowedrepos/suite.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/disallowedrepos/template.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/disallowedrepos/template.yaml similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/disallowedrepos/template.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/disallowedrepos/template.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/kustomization.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/kustomization.yaml similarity index 88% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/kustomization.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/kustomization.yaml index b8fba4c8..af6fe332 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/kustomize/resources/gatekeeper/kustomization.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/kustomization.yaml @@ -2,6 +2,7 @@ resources: - disallowedrepos # commonAnnotations: # argocd.argoproj.io/sync-wave: "1" +# argocd.argoproj.io/sync-options: "SkipDryRunOnMissingResource=true" patches: - target: kind: ConstraintTemplate From 19c0f6ec033015f041c00bfae26ab384aafd0282 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Mon, 29 Jul 2024 12:15:45 -0400 Subject: [PATCH 61/90] update node class Signed-off-by: Carlos Santana --- .../resources/karpenter/templates/nodeclass.yaml | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/nodeclass.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/nodeclass.yaml index 1c4088d1..0f7b50dd 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/nodeclass.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/nodeclass.yaml @@ -6,11 +6,6 @@ metadata: argocd.argoproj.io/sync-wave: "1" spec: amiFamily: {{ .Values.amiFamily | default .Values.global.amiFamily | quote }} - metadataOptions: - httpEndpoint: enabled - httpProtocolIPv6: disabled - httpPutResponseHopLimit: 1 - httpTokens: required role: {{ .Values.nodeRole | default .Values.global.nodeRole | quote }} securityGroupSelectorTerms: - tags: @@ -31,10 +26,3 @@ spec: volumeSize: {{ .Values.volumeSize | default .Values.global.volumeSize | quote }} volumeType: gp3 encrypted: true - userData: | - [settings.kubernetes] - kube-api-qps = 30 - [settings.kubernetes.node-labels] - "bottlerocket.aws/updater-interface-version" = "2.0.0" - [settings.kubernetes.eviction-hard] - "memory.available" = "5%" \ No newline at end of file From 8736edc49fad832775dac452300c90de32bc5c44 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Mon, 29 Jul 2024 22:48:05 -0400 Subject: [PATCH 62/90] fix karpenter sg Signed-off-by: Carlos Santana --- .../iac/terraform/examples/eks/single-cluster-v2/main.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf b/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf index 0c76252d..3ec07d06 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf @@ -270,12 +270,12 @@ module "eks" { service_account_role_arn = module.ebs_csi_driver_irsa.iam_role_arn } } - tags = merge(local.tags, { - # NOTE - if creating multiple security groups with this module, only tag the + node_security_group_tags = { # security group that Karpenter should utilize with the following tag # (i.e. - at most, only one security group should have this tag in your account) - "karpenter.sh/discovery" = local.name - }) + "karpenter.sh/discovery" = local.name + } + tags = local.tags } module "ebs_csi_driver_irsa" { source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" From 4e7ea9249b250c1d5610bd4c5e78d1f3391ffbf6 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Tue, 30 Jul 2024 00:04:03 -0400 Subject: [PATCH 63/90] add labels and annotations Signed-off-by: Carlos Santana --- .../gitops-bridge/templates/_helpers.tpl | 26 +++++------- .../templates/applicationsets.yaml | 40 ++++++++++++------- .../gitops/charts/gitops-bridge/values.yaml | 12 ++++-- 3 files changed, 46 insertions(+), 32 deletions(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/_helpers.tpl b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/_helpers.tpl index 2ed849b2..b276184a 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/_helpers.tpl +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/_helpers.tpl @@ -31,36 +31,32 @@ Create chart name and version as used by the chart label. {{- end }} {{/* -Common labels +Common Helm and Kubernetes labels */}} {{- define "gitops-bridge.labels" -}} helm.sh/chart: {{ include "gitops-bridge.chart" . }} -{{ include "gitops-bridge.selectorLabels" . }} +app.kubernetes.io/name: {{ include "gitops-bridge.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- if .Values.labels }} +{{ toYaml .Values.labels }} {{- end }} - -{{/* -Selector labels -*/}} -{{- define "gitops-bridge.selectorLabels" -}} -app.kubernetes.io/name: {{ include "gitops-bridge.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} {{/* -Create the name of the service account to use +Common Helm and Kubernetes Annotations */}} -{{- define "gitops-bridge.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "gitops-bridge.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} +{{- define "gitops-bridge.annotations" -}} +helm.sh/chart: {{ include "gitops-bridge.chart" . }} +{{- if .Values.annotations }} +{{ toYaml .Values.annotations }} {{- end }} {{- end }} + {{- define "toValidName" -}} {{- printf "%s" . | regexReplaceAll "[^a-z0-9.-]" "-" | lower -}} {{- end -}} \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml index 3b858233..171b2edd 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml @@ -14,6 +14,9 @@ {{- $valueFiles := .Values.valueFiles -}} {{- $valuesFilePrefix := .Values.valuesFilePrefix -}} {{- $useValuesFilePrefix := .Values.useValuesFilePrefix -}} +{{- $syncPolicyAppSet := .Values.syncPolicyAppSet -}} +{{- $goTemplate := .Values.goTemplate -}} +{{- $goTemplateOptions := .Values.goTemplateOptions -}} {{- range $name, $addon := .Values.addons }} {{- $nameNormalize := printf "%s" $name | replace "_" "-" | trunc 63 | trimSuffix "-" -}} {{- if $addon.enabled }} @@ -24,16 +27,28 @@ kind: ApplicationSet metadata: name: {{ $nameNormalize }} namespace: {{ $namespace }} - {{- if $addon.syncWaveOrder}} annotations: - argocd.argoproj.io/sync-wave: {{ $addon.syncWaveOrder | quote}} - {{- end }} + {{- include "gitops-bridge.annotations" $ | nindent 4 }} + {{- if $addon.annotationsAppSet }}{{- toYaml $addon.annotationsAppSet | nindent 4 }}{{- end }} + labels: + {{- include "gitops-bridge.labels" $ | nindent 4 }} + {{- if $addon.labelsAppSet }}{{- toYaml $addon.labelsAppSet | nindent 4 }}{{- end }} spec: + {{- if $addon.syncPolicyAppSet }} + syncPolicy: + {{- toYaml $addon.syncPolicyAppSet | nindent 4 }} + {{- else }} syncPolicy: - preserveResourcesOnDeletion: true - goTemplate: true + {{- toYaml $syncPolicyAppSet | nindent 4 }} + {{- end }} + goTemplate: {{ default $goTemplate $addon.goTemplate }} + {{- if $addon.goTemplateOptions }} + goTemplateOptions: + {{ toYaml $addon.goTemplateOptions | nindent 2 }} + {{ else }} goTemplateOptions: - - missingkey=error + {{ toYaml $goTemplateOptions }} + {{- end }} generators: {{- if $useStack }} - matrix: @@ -53,13 +68,16 @@ spec: files: - path: '{{ $stackPath }}' {{- end }} - template: metadata: name: addon-{{ $nameNormalize }}{{ if $useSelector }}-{{`{{.nameNormalized}}`}}{{ end }} annotations: argocd.argoproj.io/manifest-generate-paths: {{ with $valueFiles }}{{ range . }}{{ $repoURLValuesBasePath }}{{ if $useValuesFilePrefix }}{{ $valuesFilePrefix }}{{ end }}{{ . }}/{{ $nameNormalize }}/values.yaml;{{ end }}{{ end }} + {{- include "gitops-bridge.annotations" $ | nindent 8 }} + {{- if $addon.annotationsApp }}{{- toYaml $addon.annotationsApp | nindent 8 }}{{- end }} labels: + {{- include "gitops-bridge.labels" $ | nindent 8 }} + {{- if $addon.labelsApp }}{{- toYaml $addon.labelsApp | nindent 8 }}{{- end }} component: '{{ $nameNormalize }}' addon: 'true' environment: '{{`{{.metadata.labels.environment}}`}}' @@ -99,9 +117,6 @@ spec: path: '{{ $repoURLValuesBasePath }}{{ $addon.resources.path }}' {{- end }} {{- if $addon.resources.helm }} - {{- if $addon.resources.helm.path }} - path: '{{ $repoURLValuesBasePath }}{{ $addon.resources.helm.path }}' - {{- end }} helm: releaseName: '{{ $addon.releaseName }}' ignoreMissingValueFiles: true @@ -111,10 +126,7 @@ spec: - '$values/{{ $repoURLValuesBasePath }}{{ if $useValuesFilePrefix }}{{ $valuesFilePrefix }}{{ end }}{{ . }}/{{ $nameNormalize }}/resources/values.yaml' {{- end }} {{- end }} - {{- if $addon.resources.helm.valuesObject }} - valuesObject: - {{- toYaml $addon.resources.helm.valuesObject | nindent 12 }} - {{- end }} + {{- toYaml $addon.resources.helm | nindent 10 }} {{- end }} {{- end }} destination: diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml index 32a004fc..ab934f10 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml @@ -1,3 +1,7 @@ +syncPolicyAppSet: + preserveResourcesOnDeletion: true +goTemplate: true +goTemplateOptions: ["missingkey=error"] stackPath: '**/stack{{(.metadata.annotations.platform_stack_version | default "")}}.yaml' repoURLGit: "'{{.metadata.annotations.addons_repo_url}}'" repoURLGitRevision: HEAD @@ -49,7 +53,8 @@ addons: repoUrl: https://aws.github.io/eks-charts targetRevision: "1.7.1" namespace: '.metadata.annotations.aws_load_balancer_controller_namespace' - syncWaveOrder: -1 + annotationsAppSet: + argocd.argoproj.io/sync-wave: '-1' selector: matchExpressions: - key: enable_aws_load_balancer_controller @@ -87,8 +92,8 @@ addons: # resources: # path: manifests/resources/gatekeeper resources: + path: charts/resources/gatekeeper helm: - path: charts/resources/gatekeeper valuesObject: environment: '{{.metadata.labels.environment}}' metrics_server: @@ -137,10 +142,11 @@ addons: annotations: eks.amazonaws.com/role-arn: '{{.metadata.annotations.karpenter_iam_role_arn}}' resources: + path: charts/resources/karpenter helm: - path: charts/resources/karpenter valuesObject: environment: '{{.metadata.labels.environment}}' clusterName: '{{.metadata.annotations.aws_cluster_name}}' nodeRole: '{{.metadata.annotations.karpenter_node_iam_role_name}}' + From b78d2d9a393a142e47050fbad76c1075d4050a88 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Wed, 31 Jul 2024 02:50:43 -0400 Subject: [PATCH 64/90] chart improvements Signed-off-by: Carlos Santana --- .../charts/gitops-bridge/templates/applicationsets.yaml | 5 +++++ .../gitops/charts/gitops-bridge/values.yaml | 7 ++++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml index 171b2edd..2c3a6d5b 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml @@ -104,6 +104,11 @@ spec: valueFiles: {{- range . }} - '$values/{{ $repoURLValuesBasePath }}{{ if $useValuesFilePrefix }}{{ $valuesFilePrefix }}{{ end }}{{ . }}/{{ $nameNormalize }}/values.yaml' + {{- if $useStack }} + - '$values/{{ $repoURLValuesBasePath }}{{ if $useValuesFilePrefix }}{{ $valuesFilePrefix }}{{ end }}{{ . }}/{{ $nameNormalize }}/{{`{{.addons.`}}{{ $name }}{{`.targetRevision}}`}}/values.yaml' + {{- else }} + - '$values/{{ $repoURLValuesBasePath }}{{ if $useValuesFilePrefix }}{{ $valuesFilePrefix }}{{ end }}{{ . }}/{{ $nameNormalize }}/{{ $addon.targetRevision }}/values.yaml' + {{- end }} {{- end }} {{- end }} {{- with $addon.values }} diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml index ab934f10..f827cbc3 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml @@ -13,13 +13,18 @@ project: default namespace: argocd useSelector: false useStack: true +useStackChart: true syncPolicy: automated: selfHeal: false allowEmpty: true prune: false retry: - limit: 100 + limit: -1 # number of failed sync attempt retries; unlimited number of attempts if less than 0 + backoff: + duration: 5s # the amount to back off. Default unit is seconds, but could also be a duration (e.g. "2m", "1h") + factor: 2 # a factor to multiply the base duration after each failed retry + maxDuration: 10m # the maximum amount of time allowed for the backoff strategy syncOptions: - CreateNamespace=true - ServerSideApply=true # Big CRDs. From ad45c055b6a58e531391761bd66280ad84549d38 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Wed, 31 Jul 2024 02:51:00 -0400 Subject: [PATCH 65/90] chart improvements Signed-off-by: Carlos Santana --- .../templates/applicationsets.yaml | 60 +++++++++++++++++-- 1 file changed, 54 insertions(+), 6 deletions(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml index 2c3a6d5b..d6071ca0 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml @@ -1,6 +1,7 @@ {{- $namespace := .Values.namespace }} {{- $useSelector := .Values.useSelector -}} {{- $useStack := .Values.useStack -}} +{{- $useStackChart := .Values.useStackChart -}} {{- $stackGenerator := .Values.stackGenerator -}} {{- $repoURLGit := .Values.repoURLGit -}} {{- $repoURLGitRevision := .Values.repoURLGitRevision -}} @@ -17,8 +18,12 @@ {{- $syncPolicyAppSet := .Values.syncPolicyAppSet -}} {{- $goTemplate := .Values.goTemplate -}} {{- $goTemplateOptions := .Values.goTemplateOptions -}} +{{- $templatePatch := .Values.templatePatch -}} +{{- $applyNestedSelectors := .Values.applyNestedSelectors -}} +{{- $hasapplyNestedSelectors := hasKey .Values "applyNestedSelectors" -}} {{- range $name, $addon := .Values.addons }} {{- $nameNormalize := printf "%s" $name | replace "_" "-" | trunc 63 | trimSuffix "-" -}} +{{- $addonhasapplyNestedSelectors := hasKey $addon "applyNestedSelectors" -}} {{- if $addon.enabled }} {{- with $addon -}} --- @@ -36,10 +41,10 @@ metadata: spec: {{- if $addon.syncPolicyAppSet }} syncPolicy: - {{- toYaml $addon.syncPolicyAppSet | nindent 4 }} + {{- toYaml $addon.syncPolicyAppSet | nindent 4 }} {{- else }} syncPolicy: - {{- toYaml $syncPolicyAppSet | nindent 4 }} + {{- toYaml $syncPolicyAppSet | nindent 4 }} {{- end }} goTemplate: {{ default $goTemplate $addon.goTemplate }} {{- if $addon.goTemplateOptions }} @@ -49,6 +54,32 @@ spec: goTemplateOptions: {{ toYaml $goTemplateOptions }} {{- end }} + {{- if $addon.ignoreApplicationDifferences }} + ignoreApplicationDifferences: + {{- toYaml $addon.ignoreApplicationDifferences | nindent 2 }} + {{- end }} + {{- if $addon.preservedFields }} + preservedFields: + {{- toYaml $addon.preservedFields | nindent 4 }} + {{- end }} + {{- if $addon.strategy }} + strategy: + {{- toYaml $addon.strategy | nindent 4 }} + {{- end }} + {{- if $addon.templatePatch }} + templatePatch: {{- $addon.templatePatch | toYaml | indent 1 }} + {{- else }} + {{- if $templatePatch }} + templatePatch: {{- $templatePatch | toYaml | indent 1 }} + {{- end }} + {{- end }} + {{- if $addonhasapplyNestedSelectors }} + applyNestedSelectors: {{ $addon.applyNestedSelectors }} + {{- else }} + {{- if $hasapplyNestedSelectors }} + applyNestedSelectors: {{ $applyNestedSelectors }} + {{- end }} + {{- end }} generators: {{- if $useStack }} - matrix: @@ -89,13 +120,22 @@ spec: targetRevision: {{ $repoURLValuesRevision }} ref: values {{- if $useStack }} - - chart: '{{`{{.addons.`}}{{ $name }}{{`.chart}}`}}' - repoURL: '{{`{{.addons.`}}{{ $name }}{{`.repoUrl}}`}}' + - repoURL: '{{`{{.addons.`}}{{ $name }}{{`.repoUrl}}`}}' targetRevision: '{{`{{.addons.`}}{{ $name }}{{`.targetRevision}}`}}' + {{- if $useStackChart }} + chart: '{{`{{.addons.`}}{{ $name }}{{`.chart}}`}}' + {{- else }} + path: '{{`{{.addons.`}}{{ $name }}{{`.path}}`}}' + {{- end }} {{- else }} - - chart: '{{ $addon.chart }}' - repoURL: '{{ $addon.repoUrl }}' + - repoURL: '{{ $addon.repoUrl }}' targetRevision: '{{ $addon.targetRevision }}' + {{- if $addon.chart }} + chart: '{{ $addon.chart }}' + {{- end }} + {{- if $addon.path }} + path: '{{ $addon.path }}' + {{- end }} {{- end }} helm: releaseName: '{{ $addon.releaseName }}' @@ -121,6 +161,9 @@ spec: {{- if $addon.resources.path }} path: '{{ $repoURLValuesBasePath }}{{ $addon.resources.path }}' {{- end }} + {{- if $addon.resources.chart }} + chart: '{{ $addon.resources.chart }}' + {{- end }} {{- if $addon.resources.helm }} helm: releaseName: '{{ $addon.releaseName }}' @@ -129,6 +172,11 @@ spec: valueFiles: {{- range . }} - '$values/{{ $repoURLValuesBasePath }}{{ if $useValuesFilePrefix }}{{ $valuesFilePrefix }}{{ end }}{{ . }}/{{ $nameNormalize }}/resources/values.yaml' + {{- if $useStack }} + - '$values/{{ $repoURLValuesBasePath }}{{ if $useValuesFilePrefix }}{{ $valuesFilePrefix }}{{ end }}{{ . }}/{{ $nameNormalize }}/{{`{{.addons.`}}{{ $name }}{{`.targetRevision}}`}}/resources/values.yaml' + {{- else }} + - '$values/{{ $repoURLValuesBasePath }}{{ if $useValuesFilePrefix }}{{ $valuesFilePrefix }}{{ end }}{{ . }}/{{ $nameNormalize }}/{{ $addon.targetRevision }}/resources/values.yaml' + {{- end }} {{- end }} {{- end }} {{- toYaml $addon.resources.helm | nindent 10 }} From 3fb063785d2679845dc9c4541c133d409667ceda Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Thu, 1 Aug 2024 13:23:09 -0400 Subject: [PATCH 66/90] add stack assigment Signed-off-by: Carlos Santana --- .../gitops/stacks/stack-assigments.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-assigments.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-assigments.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-assigments.yaml new file mode 100644 index 00000000..773af15b --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-assigments.yaml @@ -0,0 +1,13 @@ +tenants: + tenant1: + stack_version: v2 + environments: + dev: + stack_version: v2 + staging: + stack_version: v1 + prod: + stack_version: v2 + clusters: + cluster1: + stack_version: v2 From 316dd3a81aa40c3a648b2e7b8cb96e9285d04d8e Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Sun, 4 Aug 2024 13:58:58 -0400 Subject: [PATCH 67/90] sync gitops-bridge chart Signed-off-by: Carlos Santana --- .../templates/applicationsets.yaml | 36 ++++++++++------ .../gitops/charts/gitops-bridge/values.yaml | 43 +++++++++++++++---- .../addons/volcano/resources/values.yaml | 1 + .../gitops/default/addons/volcano/values.yaml | 1 + .../dev/addons/volcano/resources/values.yaml | 1 + .../dev/addons/volcano/values.yaml | 1 + .../prod/addons/volcano/resources/values.yaml | 1 + .../prod/addons/volcano/values.yaml | 1 + .../addons/volcano/resources/values.yaml | 1 + .../staging/addons/volcano/values.yaml | 1 + .../stacks/stack-k8sv1.30-addons-default.yaml | 31 +++++++++++++ .../stacks/stack-k8sv1.30-addonsv1.0.yaml | 31 +++++++++++++ .../stacks/stack-k8sv1.30-addonsv1.1.yaml | 31 +++++++++++++ .../stacks/stack-k8sv1.30-addonsv1.2.yaml | 31 +++++++++++++ .../stacks/stack-k8sv1.30-addonsv1.3.yaml | 31 +++++++++++++ .../stacks/stack-k8sv1.30-addonsv1.4.yaml | 31 +++++++++++++ .../stacks/stack-k8sv1.30-addonsv1.5.yaml | 28 ++++++++++++ .../gitops/stacks/stack-k8sv1.30-config.yaml | 14 ++++++ .../addons/volcano/resources/values.yaml | 1 + .../cluster1/addons/volcano/values.yaml | 1 + .../addons/volcano/resources/values.yaml | 1 + .../default/addons/volcano/values.yaml | 1 + .../dev/addons/volcano/resources/values.yaml | 1 + .../dev/addons/volcano/values.yaml | 1 + .../prod/addons/volcano/resources/values.yaml | 1 + .../prod/addons/volcano/values.yaml | 1 + .../addons/volcano/resources/values.yaml | 1 + .../staging/addons/volcano/values.yaml | 1 + .../examples/eks/single-cluster-v2/main.tf | 1 + 29 files changed, 306 insertions(+), 20 deletions(-) create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/volcano/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/volcano/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/volcano/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/volcano/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/volcano/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/volcano/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/volcano/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/volcano/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addons-default.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.0.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.1.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.2.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.3.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.4.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.5.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-config.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/volcano/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/volcano/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/default/addons/volcano/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/default/addons/volcano/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/volcano/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/volcano/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/volcano/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/volcano/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/volcano/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/volcano/values.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml index d6071ca0..773d127b 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml @@ -12,6 +12,9 @@ {{- $project := .Values.project -}} {{- $syncPolicy := .Values.syncPolicy -}} {{- $stackPath := .Values.stackPath -}} +{{- $stackPathPrefix := .Values.stackPathPrefix -}} +{{- $stackPathConfig := .Values.stackPathConfig -}} +{{- $stackPathConfigPrefix := .Values.stackPathConfigPrefix -}} {{- $valueFiles := .Values.valueFiles -}} {{- $valuesFilePrefix := .Values.valuesFilePrefix -}} {{- $useValuesFilePrefix := .Values.useValuesFilePrefix -}} @@ -21,12 +24,12 @@ {{- $templatePatch := .Values.templatePatch -}} {{- $applyNestedSelectors := .Values.applyNestedSelectors -}} {{- $hasapplyNestedSelectors := hasKey .Values "applyNestedSelectors" -}} + {{- range $name, $addon := .Values.addons }} +{{- if or $useSelector $addon.enabled }} +{{- with $addon -}} {{- $nameNormalize := printf "%s" $name | replace "_" "-" | trunc 63 | trimSuffix "-" -}} {{- $addonhasapplyNestedSelectors := hasKey $addon "applyNestedSelectors" -}} -{{- if $addon.enabled }} -{{- with $addon -}} ---- apiVersion: argoproj.io/v1alpha1 kind: ApplicationSet metadata: @@ -82,23 +85,32 @@ spec: {{- end }} generators: {{- if $useStack }} - - matrix: - generators: + - matrix: + generators: + - matrix: + generators: {{- end }} - - clusters: + - clusters: # for reason this is need it as second in the matrix, if not the above extracting .tenants doesn't work selector: matchLabels: argocd.argoproj.io/secret-type: cluster - {{- if and $addon.selector $useSelector }} - {{- toYaml $addon.selector | nindent 16 }} - {{- end }} - {{- if $useStack }} + {{- if and $addon.selector $useSelector }} + {{- toYaml $addon.selector | nindent 16 }} + {{- end }} + {{- if $useStack }} - git: repoURL: {{ $repoURLGit }} revision: {{ $repoURLGitRevision }} files: - - path: '{{ $stackPath }}' - {{- end }} + - path: '{{ $stackPathConfigPrefix }}{{`{{.metadata.annotations.kubernetes_version}}`}}{{ $stackPathConfig }}' + - git: + repoURL: {{ $repoURLGit }} + revision: {{ $repoURLGitRevision }} + files: + - path: '{{ $stackPathPrefix }}{{`{{.metadata.annotations.kubernetes_version}}`}}{{ $stackPath }}' + {{- end }} + + template: metadata: name: addon-{{ $nameNormalize }}{{ if $useSelector }}-{{`{{.nameNormalized}}`}}{{ end }} diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml index f827cbc3..c5a16e5b 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml @@ -2,7 +2,21 @@ syncPolicyAppSet: preserveResourcesOnDeletion: true goTemplate: true goTemplateOptions: ["missingkey=error"] -stackPath: '**/stack{{(.metadata.annotations.platform_stack_version | default "")}}.yaml' +stackPathPrefix: 'stacks/stack-k8sv' +stackPath: '-addons{{- $tenant := default dict (index .tenants .metadata.labels.tenant) -}} + {{- $cluster := index (default dict (index $tenant "clusters")) .name -}} + {{- $env := index (default dict (index $tenant "environments")) .metadata.labels.environment -}} + {{- if $cluster -}} + {{ $cluster.addons_version }} + {{- else if $env -}} + {{ $env.addons_version }} + {{- else if $tenant -}} + {{ $tenant.addons_version }} + {{- else -}} + {{ .addons_version }} + {{- end -}}.yaml' +stackPathConfigPrefix: 'stacks/stack-k8sv' +stackPathConfig: '-config.yaml' repoURLGit: "'{{.metadata.annotations.addons_repo_url}}'" repoURLGitRevision: HEAD repoURLGitBasePath: "**" @@ -39,7 +53,7 @@ useValuesFilePrefix: false valuesFilePrefix: tenants/{{.metadata.labels.tenant}}/ addons: argocd: - enabled: true + enabled: false releaseName: argocd namespace: argocd chart: argo-cd @@ -51,7 +65,7 @@ addons: operator: In values: ['true'] aws_load_balancer_controller: - enabled: true + enabled: false releaseName: aws-load-balancer-controller aws_load_balancer_controller: chart: aws-load-balancer-controller @@ -83,7 +97,7 @@ addons: kind: ValidatingWebhookConfiguration jqPathExpressions: ['.webhooks[].clientConfig.caBundle'] gatekeeper: - enabled: true + enabled: false releaseName: gatekeeper namespace: gatekeeper-system chart: gatekeeper @@ -102,7 +116,7 @@ addons: valuesObject: environment: '{{.metadata.labels.environment}}' metrics_server: - enabled: true + enabled: false releaseName: metrics-server namespace: kube-system metrics_server: @@ -115,7 +129,7 @@ addons: operator: In values: ['true'] aws_ebs_csi_resources: - enabled: true + enabled: false releaseName: aws-ebs-csi-classes chart: aws-ebs-csi-classes repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts @@ -127,7 +141,7 @@ addons: operator: In values: ['true'] karpenter: - enabled: true + enabled: false releaseName: karpenter namespace: '.metadata.annotations.karpenter_namespace' chart: karpenter/karpenter @@ -153,5 +167,18 @@ addons: environment: '{{.metadata.labels.environment}}' clusterName: '{{.metadata.annotations.aws_cluster_name}}' nodeRole: '{{.metadata.annotations.karpenter_node_iam_role_name}}' - + volcano: + enabled: false + releaseName: volcano + namespace: volcano-system + chart: volcano + repoUrl: https://volcano-sh.github.io/helm-charts + targetRevision: "1.9.0" + selector: + matchExpressions: + - key: enable_karpenter + operator: In + values: ['true'] + annotationsApp: + argocd.argoproj.io/compare-options: "ServerSideDiff=true" # required for volcano https://github.com/argoproj/argo-cd/issues/18548 diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/volcano/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/volcano/resources/values.yaml new file mode 100644 index 00000000..204c5a57 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/volcano/resources/values.yaml @@ -0,0 +1 @@ +# values for the resources of the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/volcano/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/volcano/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/volcano/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/volcano/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/volcano/resources/values.yaml new file mode 100644 index 00000000..204c5a57 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/volcano/resources/values.yaml @@ -0,0 +1 @@ +# values for the resources of the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/volcano/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/volcano/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/volcano/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/volcano/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/volcano/resources/values.yaml new file mode 100644 index 00000000..204c5a57 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/volcano/resources/values.yaml @@ -0,0 +1 @@ +# values for the resources of the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/volcano/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/volcano/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/volcano/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/volcano/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/volcano/resources/values.yaml new file mode 100644 index 00000000..204c5a57 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/volcano/resources/values.yaml @@ -0,0 +1 @@ +# values for the resources of the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/volcano/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/volcano/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/volcano/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addons-default.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addons-default.yaml new file mode 100644 index 00000000..13e17ade --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addons-default.yaml @@ -0,0 +1,31 @@ +file: stack-k8sv1.30-addons-default.yaml +kubernetes_version: "1.30" +addons: + argocd: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.3.11" + aws_load_balancer_controller: + chart: aws-load-balancer-controller + repoUrl: https://aws.github.io/eks-charts + targetRevision: "1.7.1" + gatekeeper: + chart: gatekeeper + repoUrl: https://open-policy-agent.github.io/gatekeeper/charts + targetRevision: "3.15.0" + metrics_server: + chart: metrics-server + repoUrl: https://kubernetes-sigs.github.io/metrics-server + targetRevision: "3.12.0" + aws_ebs_csi_resources: + chart: aws-ebs-csi-classes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + karpenter: + chart: karpenter/karpenter + repoUrl: public.ecr.aws + targetRevision: "0.37.0" + volcano: + chart: volcano + repoUrl: https://volcano-sh.github.io/helm-charts + targetRevision: "1.9.0" \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.0.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.0.yaml new file mode 100644 index 00000000..400d30ba --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.0.yaml @@ -0,0 +1,31 @@ +file: stack-k8sv1.30-addonsv1.0.yaml +kubernetes_version: "1.30" +addons: + argocd: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.3.11" + aws_load_balancer_controller: + chart: aws-load-balancer-controller + repoUrl: https://aws.github.io/eks-charts + targetRevision: "1.7.1" + gatekeeper: + chart: gatekeeper + repoUrl: https://open-policy-agent.github.io/gatekeeper/charts + targetRevision: "3.15.0" + metrics_server: + chart: metrics-server + repoUrl: https://kubernetes-sigs.github.io/metrics-server + targetRevision: "3.12.0" + aws_ebs_csi_resources: + chart: aws-ebs-csi-classes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + karpenter: + chart: karpenter/karpenter + repoUrl: public.ecr.aws + targetRevision: "0.37.0" + volcano: + chart: volcano + repoUrl: https://volcano-sh.github.io/helm-charts + targetRevision: "1.9.0" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.1.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.1.yaml new file mode 100644 index 00000000..ba7acfd6 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.1.yaml @@ -0,0 +1,31 @@ +file: stack-k8sv1.30-addonsv1.1.yaml +kubernetes_version: "1.30" +addons: + argocd: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.3.11" + aws_load_balancer_controller: + chart: aws-load-balancer-controller + repoUrl: https://aws.github.io/eks-charts + targetRevision: "1.7.1" + gatekeeper: + chart: gatekeeper + repoUrl: https://open-policy-agent.github.io/gatekeeper/charts + targetRevision: "3.15.0" + metrics_server: + chart: metrics-server + repoUrl: https://kubernetes-sigs.github.io/metrics-server + targetRevision: "3.12.0" + aws_ebs_csi_resources: + chart: aws-ebs-csi-classes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + karpenter: + chart: karpenter/karpenter + repoUrl: public.ecr.aws + targetRevision: "0.37.0" + volcano: + chart: volcano + repoUrl: https://volcano-sh.github.io/helm-charts + targetRevision: "1.9.0" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.2.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.2.yaml new file mode 100644 index 00000000..2a6fd6af --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.2.yaml @@ -0,0 +1,31 @@ +file: stack-k8sv1.30-addonsv1.2.yaml +kubernetes_version: "1.30" +addons: + argocd: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.3.11" + aws_load_balancer_controller: + chart: aws-load-balancer-controller + repoUrl: https://aws.github.io/eks-charts + targetRevision: "1.7.1" + gatekeeper: + chart: gatekeeper + repoUrl: https://open-policy-agent.github.io/gatekeeper/charts + targetRevision: "3.15.0" + metrics_server: + chart: metrics-server + repoUrl: https://kubernetes-sigs.github.io/metrics-server + targetRevision: "3.12.0" + aws_ebs_csi_resources: + chart: aws-ebs-csi-classes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + karpenter: + chart: karpenter/karpenter + repoUrl: public.ecr.aws + targetRevision: "0.37.0" + volcano: + chart: volcano + repoUrl: https://volcano-sh.github.io/helm-charts + targetRevision: "1.9.0" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.3.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.3.yaml new file mode 100644 index 00000000..657dd090 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.3.yaml @@ -0,0 +1,31 @@ +file: stack-k8sv1.30-addonsv1.3.yaml +kubernetes_version: "1.30" +addons: + argocd: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.3.11" + aws_load_balancer_controller: + chart: aws-load-balancer-controller + repoUrl: https://aws.github.io/eks-charts + targetRevision: "1.7.1" + gatekeeper: + chart: gatekeeper + repoUrl: https://open-policy-agent.github.io/gatekeeper/charts + targetRevision: "3.15.0" + metrics_server: + chart: metrics-server + repoUrl: https://kubernetes-sigs.github.io/metrics-server + targetRevision: "3.12.0" + aws_ebs_csi_resources: + chart: aws-ebs-csi-classes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + karpenter: + chart: karpenter/karpenter + repoUrl: public.ecr.aws + targetRevision: "0.37.0" + volcano: + chart: volcano + repoUrl: https://volcano-sh.github.io/helm-charts + targetRevision: "1.9.0" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.4.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.4.yaml new file mode 100644 index 00000000..42c55f27 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.4.yaml @@ -0,0 +1,31 @@ +file: stack-k8sv1.30-addonsv1.4.yaml +kubernetes_version: "1.30" +addons: + argocd: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.3.11" + aws_load_balancer_controller: + chart: aws-load-balancer-controller + repoUrl: https://aws.github.io/eks-charts + targetRevision: "1.7.1" + gatekeeper: + chart: gatekeeper + repoUrl: https://open-policy-agent.github.io/gatekeeper/charts + targetRevision: "3.15.0" + metrics_server: + chart: metrics-server + repoUrl: https://kubernetes-sigs.github.io/metrics-server + targetRevision: "3.12.0" + aws_ebs_csi_resources: + chart: aws-ebs-csi-classes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + karpenter: + chart: karpenter/karpenter + repoUrl: public.ecr.aws + targetRevision: "0.37.0" + volcano: + chart: volcano + repoUrl: https://volcano-sh.github.io/helm-charts + targetRevision: "1.9.0" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.5.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.5.yaml new file mode 100644 index 00000000..27b8c08f --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.5.yaml @@ -0,0 +1,28 @@ +file: stack-k8sv1.30-addonsv1.5.yaml +kubernetes_version: "1.30" +addons: + argocd: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.3.11" + aws_load_balancer_controller: + chart: aws-load-balancer-controller + repoUrl: https://aws.github.io/eks-charts + targetRevision: "1.7.1" + gatekeeper: + chart: gatekeeper + repoUrl: https://open-policy-agent.github.io/gatekeeper/charts + targetRevision: "3.15.0" + metrics_server: + chart: metrics-server + repoUrl: https://kubernetes-sigs.github.io/metrics-server + targetRevision: "3.12.0" + aws_ebs_csi_resources: + chart: aws-ebs-csi-classes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + karpenter: + chart: karpenter/karpenter + repoUrl: public.ecr.aws + targetRevision: "0.37.0" + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-config.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-config.yaml new file mode 100644 index 00000000..9dcb76b6 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-config.yaml @@ -0,0 +1,14 @@ +addons_version: "-default" # this can be also be a version like v1.5 +tenants: + tenant1: + addons_version: v1.3 + environments: + dev: + addons_version: v1.2 + staging: + addons_version: v1.1 + prod: + addons_version: v1.0 + clusters: + cluster1: + addons_version: v1.4 diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/volcano/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/volcano/resources/values.yaml new file mode 100644 index 00000000..204c5a57 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/volcano/resources/values.yaml @@ -0,0 +1 @@ +# values for the resources of the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/volcano/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/volcano/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/volcano/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/default/addons/volcano/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/default/addons/volcano/resources/values.yaml new file mode 100644 index 00000000..204c5a57 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/default/addons/volcano/resources/values.yaml @@ -0,0 +1 @@ +# values for the resources of the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/default/addons/volcano/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/default/addons/volcano/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/default/addons/volcano/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/volcano/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/volcano/resources/values.yaml new file mode 100644 index 00000000..204c5a57 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/volcano/resources/values.yaml @@ -0,0 +1 @@ +# values for the resources of the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/volcano/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/volcano/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/volcano/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/volcano/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/volcano/resources/values.yaml new file mode 100644 index 00000000..204c5a57 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/volcano/resources/values.yaml @@ -0,0 +1 @@ +# values for the resources of the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/volcano/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/volcano/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/volcano/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/volcano/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/volcano/resources/values.yaml new file mode 100644 index 00000000..204c5a57 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/volcano/resources/values.yaml @@ -0,0 +1 @@ +# values for the resources of the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/volcano/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/volcano/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/volcano/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf b/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf index 3ec07d06..18a21de3 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf @@ -99,6 +99,7 @@ locals { local.aws_addons, local.oss_addons, { kubernetes_version = local.cluster_version }, + {argocd.argoproj.io/kubernetes-version = local.cluster_version}, { aws_cluster_name = module.eks.cluster_name } ) From e52d32960d2f2cc3f2aab6e9020898357c886d9d Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Sun, 4 Aug 2024 14:12:33 -0400 Subject: [PATCH 68/90] update Signed-off-by: Carlos Santana --- .../templates/applicationsets.yaml | 4 +-- .../gitops/charts/gitops-bridge/values.yaml | 6 ++--- .../gitops/stacks/stack-assigments.yaml | 13 --------- .../gitops/stacks/stack.yaml | 27 ------------------- .../gitops/stacks/stackv1.30-v1.0.0.yaml | 27 ------------------- .../gitops/stacks/stackv1.30-v1.1.0.yaml | 27 ------------------- 6 files changed, 5 insertions(+), 99 deletions(-) delete mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-assigments.yaml delete mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack.yaml delete mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stackv1.30-v1.0.0.yaml delete mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stackv1.30-v1.1.0.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml index 773d127b..d904c995 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml @@ -102,12 +102,12 @@ spec: repoURL: {{ $repoURLGit }} revision: {{ $repoURLGitRevision }} files: - - path: '{{ $stackPathConfigPrefix }}{{`{{.metadata.annotations.kubernetes_version}}`}}{{ $stackPathConfig }}' + - path: '{{ $repoURLGitBasePath }}{{ $stackPathConfigPrefix }}{{`{{.metadata.annotations.kubernetes_version}}`}}{{ $stackPathConfig }}' - git: repoURL: {{ $repoURLGit }} revision: {{ $repoURLGitRevision }} files: - - path: '{{ $stackPathPrefix }}{{`{{.metadata.annotations.kubernetes_version}}`}}{{ $stackPath }}' + - path: '{{ $repoURLGitBasePath }}{{ $stackPathPrefix }}{{`{{.metadata.annotations.kubernetes_version}}`}}{{ $stackPath }}' {{- end }} diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml index c5a16e5b..3ed1c0aa 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml @@ -2,7 +2,7 @@ syncPolicyAppSet: preserveResourcesOnDeletion: true goTemplate: true goTemplateOptions: ["missingkey=error"] -stackPathPrefix: 'stacks/stack-k8sv' +stackPathPrefix: 'stack-k8sv' stackPath: '-addons{{- $tenant := default dict (index .tenants .metadata.labels.tenant) -}} {{- $cluster := index (default dict (index $tenant "clusters")) .name -}} {{- $env := index (default dict (index $tenant "environments")) .metadata.labels.environment -}} @@ -15,11 +15,11 @@ stackPath: '-addons{{- $tenant := default dict (index .tenants .metadata.labels. {{- else -}} {{ .addons_version }} {{- end -}}.yaml' -stackPathConfigPrefix: 'stacks/stack-k8sv' +stackPathConfigPrefix: 'stack-k8sv' stackPathConfig: '-config.yaml' repoURLGit: "'{{.metadata.annotations.addons_repo_url}}'" repoURLGitRevision: HEAD -repoURLGitBasePath: "**" +repoURLGitBasePath: "stacks/" repoURLValues: "'{{.metadata.annotations.addons_repo_url}}'" repoURLValuesRevision: HEAD repoURLValuesBasePath: "" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-assigments.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-assigments.yaml deleted file mode 100644 index 773af15b..00000000 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-assigments.yaml +++ /dev/null @@ -1,13 +0,0 @@ -tenants: - tenant1: - stack_version: v2 - environments: - dev: - stack_version: v2 - staging: - stack_version: v1 - prod: - stack_version: v2 - clusters: - cluster1: - stack_version: v2 diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack.yaml deleted file mode 100644 index 7a5e3ac9..00000000 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack.yaml +++ /dev/null @@ -1,27 +0,0 @@ -version: v1.30-v1.1.0 -addons: - argocd: - chart: argo-cd - repoUrl: https://argoproj.github.io/argo-helm - targetRevision: "7.3.11" - aws_load_balancer_controller: - chart: aws-load-balancer-controller - repoUrl: https://aws.github.io/eks-charts - targetRevision: "1.7.1" - gatekeeper: - chart: gatekeeper - repoUrl: https://open-policy-agent.github.io/gatekeeper/charts - targetRevision: "3.15.0" - metrics_server: - chart: metrics-server - repoUrl: https://kubernetes-sigs.github.io/metrics-server - targetRevision: "3.12.0" - aws_ebs_csi_resources: - chart: aws-ebs-csi-classes - repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts - targetRevision: "1.0.0" - karpenter: - chart: karpenter/karpenter - repoUrl: public.ecr.aws - targetRevision: "0.37.0" - diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stackv1.30-v1.0.0.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stackv1.30-v1.0.0.yaml deleted file mode 100644 index 54392ab9..00000000 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stackv1.30-v1.0.0.yaml +++ /dev/null @@ -1,27 +0,0 @@ -version: v1.30-v1.0.0 -addons: - argocd: - chart: argo-cd - repoUrl: https://argoproj.github.io/argo-helm - targetRevision: "7.3.11" - aws_load_balancer_controller: - chart: aws-load-balancer-controller - repoUrl: https://aws.github.io/eks-charts - targetRevision: "1.7.1" - gatekeeper: - chart: gatekeeper - repoUrl: https://open-policy-agent.github.io/gatekeeper/charts - targetRevision: "3.15.0" - metrics_server: - chart: metrics-server - repoUrl: https://kubernetes-sigs.github.io/metrics-server - targetRevision: "3.12.0" - aws_ebs_csi_resources: - chart: aws-ebs-csi-classes - repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts - targetRevision: "1.0.0" - karpenter: - chart: karpenter/karpenter - repoUrl: public.ecr.aws - targetRevision: "0.37.0" - diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stackv1.30-v1.1.0.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stackv1.30-v1.1.0.yaml deleted file mode 100644 index 7a5e3ac9..00000000 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stackv1.30-v1.1.0.yaml +++ /dev/null @@ -1,27 +0,0 @@ -version: v1.30-v1.1.0 -addons: - argocd: - chart: argo-cd - repoUrl: https://argoproj.github.io/argo-helm - targetRevision: "7.3.11" - aws_load_balancer_controller: - chart: aws-load-balancer-controller - repoUrl: https://aws.github.io/eks-charts - targetRevision: "1.7.1" - gatekeeper: - chart: gatekeeper - repoUrl: https://open-policy-agent.github.io/gatekeeper/charts - targetRevision: "3.15.0" - metrics_server: - chart: metrics-server - repoUrl: https://kubernetes-sigs.github.io/metrics-server - targetRevision: "3.12.0" - aws_ebs_csi_resources: - chart: aws-ebs-csi-classes - repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts - targetRevision: "1.0.0" - karpenter: - chart: karpenter/karpenter - repoUrl: public.ecr.aws - targetRevision: "0.37.0" - From 7aca4ff9ba4776d571232e2cb75f753e39188f3e Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Sun, 4 Aug 2024 15:24:24 -0400 Subject: [PATCH 69/90] new karpenter chart Signed-off-by: Carlos Santana --- .../gitops/charts/gitops-bridge/values.yaml | 8 +- .../charts/resources/karpenter/Chart.yaml | 23 +- .../charts/resources/karpenter/README.md | 151 + .../karpenter/examples/argocd_example.yaml | 22 + .../resources/karpenter/examples/common.yaml | 73 + .../resources/karpenter/examples/generate.sh | 2 + .../karpenter/examples/nodegroups.yaml | 108 + .../karpenter/examples/output/output.yaml | 1931 +++++++++++++ .../karpenter/examples/userdata.yaml | 67 + .../karpenter/grafana/Karpenter-OverView.json | 1935 +++++++++++++ .../grafana/Karpenter-Per-NodeGroup.json | 2499 +++++++++++++++++ .../karpenter/templates/_helpers.tpl | 21 + .../karpenter/templates/headroom.yaml | 64 + .../karpenter/templates/nodeclass.yaml | 94 +- .../karpenter/templates/nodepool.yaml | 222 ++ .../karpenter/templates/priorityclass.yaml | 9 + .../tests/headroom_nodes_default_test.yaml | 55 + .../tests/headroom_nodes_workers_test.yaml | 73 + .../karpenter/tests/nodeclass_test.yaml | 148 + .../tests/nodepool_nodes_default_test.yaml | 158 ++ .../nodepool_nodes_explicittypes_test.yaml | 63 + .../tests/nodepool_nodes_noclass_test.yaml | 97 + .../tests/nodepool_nodes_workers_test.yaml | 211 ++ .../karpenter/tests/priorityclass_test.yaml | 21 + .../resources/karpenter/tests/values.yaml | 168 ++ .../charts/resources/karpenter/values.yaml | 155 +- .../{karpenter => karpenter_old}/.helmignore | 0 .../{karpenter => karpenter_old}/.keep | 0 .../charts/resources/karpenter_old/Chart.yaml | 19 + .../{karpenter => karpenter_old}/_helpers.tpl | 0 .../karpenter_old/templates/nodeclass.yaml | 28 + .../templates/pool.yaml | 0 .../resources/karpenter_old/values.yaml | 12 + .../addons/karpenter/resources/values.yaml | 51 + .../examples/eks/single-cluster-v2/main.tf | 3 +- .../eks/single-cluster-v2/variables.tf | 5 + 36 files changed, 8442 insertions(+), 54 deletions(-) create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/README.md create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/examples/argocd_example.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/examples/common.yaml create mode 100755 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/examples/generate.sh create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/examples/nodegroups.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/examples/output/output.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/examples/userdata.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/grafana/Karpenter-OverView.json create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/grafana/Karpenter-Per-NodeGroup.json create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/_helpers.tpl create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/headroom.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/nodepool.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/priorityclass.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/headroom_nodes_default_test.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/headroom_nodes_workers_test.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/nodeclass_test.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/nodepool_nodes_default_test.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/nodepool_nodes_explicittypes_test.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/nodepool_nodes_noclass_test.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/nodepool_nodes_workers_test.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/priorityclass_test.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/values.yaml rename argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/{karpenter => karpenter_old}/.helmignore (100%) rename argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/{karpenter => karpenter_old}/.keep (100%) create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter_old/Chart.yaml rename argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/{karpenter => karpenter_old}/_helpers.tpl (100%) create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter_old/templates/nodeclass.yaml rename argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/{karpenter => karpenter_old}/templates/pool.yaml (100%) create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter_old/values.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml index 3ed1c0aa..3d032d31 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml @@ -166,7 +166,13 @@ addons: valuesObject: environment: '{{.metadata.labels.environment}}' clusterName: '{{.metadata.annotations.aws_cluster_name}}' - nodeRole: '{{.metadata.annotations.karpenter_node_iam_role_name}}' + IamRole: '{{.metadata.annotations.karpenter_node_iam_role_name}}' + securityGroupSelectorTerms: + - tags: + karpenter.sh/discovery: '{{.metadata.annotations.aws_cluster_name}}' + subnetSelectorTerms: + - tags: + karpenter.sh/discovery: '{{.metadata.annotations.aws_cluster_name}}' volcano: enabled: false releaseName: volcano diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/Chart.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/Chart.yaml index ecfa8278..1d0304f5 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/Chart.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/Chart.yaml @@ -1,19 +1,6 @@ apiVersion: v2 -name: karpenter-resources -description: A Helm chart for Kubernetes - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.0.0 - +name: karpenter_nodes +version: 1.0.3 +description: A Helm chart for generating NodeClasses and NodePools for Karpenter +maintainers: + - name: nadavbuc diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/README.md b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/README.md new file mode 100644 index 00000000..586103a4 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/README.md @@ -0,0 +1,151 @@ +## Fiverr Public Helm Templates - Karpenter Nodes + +### Introduction +This Helm Template is designed to generate NodeClasses and NodePools using [Karpenter](https://karpenter.sh/) in addition to optional HeadRoom. + +The template follows a naming convention which is comprised of the `nodegroup` name and its architecture (amd64, arm64 or multiarch). + +For example `nodes-default-amd64` + +The chart will loop over the `nodegroups` and generate the relevant NodeClasses and NodePools. + +### UserData +The `UserData` field supports templating and your own values. You can take a look at the `userdata_example_values.yaml` file for an example. + +## Working with Helm + +### Setting up +1. Add Repository:
```helm repo add fiverr_public https://opensource.fiverr.com/public_charts/``` +2. Either get the values.yaml file from the repository or pull it with the following command:
```helm show values fiverr_public/karpenter_nodes > values.yaml``` +3. Edit the values.yaml file to your needs. +4. Install the chart:
```helm install karpenter_nodes fiverr_public/karpenter_nodes -f values.yaml``` + + +### Testing Your Changes +After making changes you will probably want to see the new output. Run `helm template` with the relevant example files:
+`helm template . -f values.yaml` + +### Unit Tests +Make sure you have `helm-unittest` plugin installed. [helm-unittest](https://github.com/helm-unittest/helm-unittest) + +Unit tests are written in `tests` directory. To run the tests, use the following command:
+`helm unittest --helm3 karpenter_nodes -f "tests/*_test.yaml"` + + +## Configuration keys +Note - Most of the values can be overridden per nodegroup (If not specified, it will use the default (Global) values) + +| Key Name | Description | Type | Optional? | Optional Per NodeGroup? | +| ------------------------------ | ----------- | ---- | --------- | ----------------------- | +| `ApiVersion` | ApiVersion used in Karpenter's CRD | `String` | × | × | +| `IamRole` | The IAM Role which will be attached to the instance
via instance-profile (not required if `IamInstanceProfile` is specified) | `String` | x | ✓ | +| `IamInstanceProfile` | Existing instance profile To set on the instances
(not required if `IamRole` is specified)| `String` | x | ✓ | +| `amiFamily` | AMIFamily to use (Default to AL2) [Documentation](https://karpenter.sh/docs/concepts/nodeclasses/#specamifamily) | `String` | x | ✓ | +| `amiSelectorTerms` | AMI Selector Terms (This will override `amiFamily`) [Documentation](https://karpenter.sh/docs/concepts/nodeclasses/#specamiselectorterms) | `List(Map)` | x | ✓ | +| `subnetSelectorTerms` | Selector for Subnets [Documentation](https://karpenter.sh/docs/concepts/nodeclasses/#specsubnetselectorterms) | `List(Map)` | x | ✓ | +| `securityGroupSelectorTerms` | Selector for Security Groups [Documentation](https://karpenter.sh/docs/concepts/nodeclasses/#specsecuritygroupselectorterms) | `List(Map)` | x | ✓ | +| `nodeGroupLabelName` | The Name of the label for each nodegroup (default is `nodegroup`) | `String` | x | ✓ | +| `nodeTags` | Tags to add to the instances ``: `` | `Map` | ✓ | ✓ | +| `nodegroups.{}` | each will be used to setup a provisioner and template based on the nodegrup name key | `List[Maps]` | x | ✓ | +| `blockDeviceMappings` | Block Device Mappings [Documentation](https://karpenter.sh/docs/concepts/nodeclasses/#specblockdevicemappings) | `List(Map)` | x | ✓ | +| `detailedMonitoring` | Detailed Monitoring [Documentation](https://karpenter.sh/docs/concepts/nodeclasses/#specdetailedmonitoring) | `Boolean` | x | ✓ | +| `associatePublicIPAddress` | Associate Public IP Address [Documentation](https://karpenter.sh/docs/concepts/nodeclasses/#specassociatepublicipaddress) | `Boolean` | x | ✓ | +| `instanceStorePolicy` | Instance Store Policy [Documentation](https://karpenter.sh/docs/concepts/nodeclasses/#specinstancestorepolicy) | `String` | ✓ | ✓ | +| `metaDataHttpEndpoint` | Metadata HTTP Endpoint [Documentation](https://karpenter.sh/docs/concepts/nodeclasses/#specmetadataoptions) | `String` | x | ✓ | +| `metaDataHttpProtocolIPv6` | Metadata HTTP Protocol IPv6 [Documentation](https://karpenter.sh/docs/concepts/nodeclasses/#specmetadataoptions) | `String` | x | ✓ | +| `metaDataHttpPutResponseHopLimit` | Metadata HTTP Put Response Hop Limit [Documentation](https://karpenter.sh/docs/concepts/nodeclasses/#specmetadataoptions) | `String` | x | ✓ | +| `metaDataHttpTokens` | Metadata HTTP Tokens [Documentation](https://karpenter.sh/docs/concepts/nodeclasses/#specmetadataoptions) | `String` | x | ✓ | +| `userData` | User Data (supports templating and your own values) | `MultilineString` | ✓ | ✓ | +| `instances` | Instance configurations for node types, families and sizing - see below | `Map` | x | ✓ | +| `instances.minGeneration` | The minimum instance generation to use (for example 4 = c4,c5,c6 etc) | `Integer` | x | ✓ | +| `instances.architecture` | `amd64`, `arm64` or `multiarch` for nodegroups which can have combined architectures | `String` | x | ✓ | +| `instances.categories` | Allowed instance categories (c, m, r) | `List(String)` | x | ✓ | +| `instances.cores` | Allowed cores per instance (`"4"`, `"8"`) | `List(String(int))` | x | ✓ | +| `instances.capacityType` | `spot`, `on-demand` (can use both on single provisioner) | `List(String)` | x | ✓ | +| `instances.operatingSystems` | Allowed operating systems (`"linux"`, `"windows"`) | `List(String)` | x | ✓ | +| `instances.instanceTypes` | Explicit list of instance types to use (ie `m7i.xlarge`) This will ignore all sizing related requirements | `List(String)` | x | ✓ | +| `availabilityZones` | Availability Zones to use | `List(String)` | x | ✓ | +| `expireAfter` | Specify how long node should be up before refreshing it [Documentation](https://karpenter.sh/docs/concepts/disruption/#automated-methods) | `String` | x | ✓ | +| `weight` | Specify NodeGroup Weight (default is `1`) | `Integer` | x | ✓ | +| `excludeFamilies` | Exclude specific instance families | `List` | x | ✓ | +| `consolidationPolicy` | Specify how to consolidate nodes [Documentation](https://karpenter.sh/docs/concepts/nodepools/) | `String` | x | ✓ | +| `consolidateAfter` | Specify how long to wait before consolidating nodes [Documentation](https://karpenter.sh/docs/concepts/nodepools/) | `String` | ✓ | ✓ | +| `excludeInstanceSize` | Exclude specific instance sizes | `List` | ✓ | ✓ | +| `headRoom` | Generate Ultra Low Priority Class for Headroom (see below) | `String` | ✓ | x | +| `additionalRequirements` | add NodePool requirements which are not covered by this chart | `List(map)` | ✓ | ✓ | +| `autoTaint` | add NodePool taint with `dedicated` as key and nodegroup name as value (`-` replaced with `_`) | `Boolean(String)` | ✓ | ✓ | +| `cilium` | Add startupTaints for Cilium | `Boolean` | ✓ | ✓ | +| `ciliumEffect` | Set Effect on CiliumStartupTaint (Default `NoExecute`) [Documentation](https://docs.cilium.io/en/stable/installation/taints/) | `String` | ✓ | ✓ | + +### NodeGroup Configuration +| Key Name | Description | Type | Optional? | Optional Per NodeGroup? | +| ------------------------------ | ----------- | ---- | --------- | ----------------------- | +| `nodegroups.{}.labels` | Labels to add to nodes ``: `` | `Map` | ✓ | ✓ | +| `nodegroups.{}.additionalNodeTags` | Additional Tags to add to the instances ``: `` | `Map` | ✓ | ✓ | +| `nodegroups.{}.annotations` | Annotations to add to nodes ``: `` | `Map` | ✓ | ✓ | +| `nodegroups.{}.nodeClassRef` | If you wish to use your own nodeClass, specify it [Documentation](https://karpenter.sh/docs/concepts/nodeclasses/) | `Map` | ✓ | ✓ | +| `nodegroups.{}.taints` | Taints to add to nodes `- `: ``: `` | `List(Map)` | ✓ | ✓ | +| `nodegroups.{}.startupTaints` | startupTaints to add to nodes `- `: ``: `` | `List(Map)` | ✓ | ✓ | +| `nodegroups.{}.limits` | Specify Limits [Documentation](https://karpenter.sh/docs/concepts/nodepools/#speclimits) | `Map` | ✓ | ✓ | +| `nodegroups.{}.capacitySpread` | Set range of capacity spread keys (`integers`), set int for `start` and `end` | `Map` | ✓ | ✓ | +| `nodegroups.{}.excludeFamilies`| Exclude specific instance families | `List` | ✓ | ✓ | +| `nodegroups.{}.budgets` | Specify Disruption Budgets [Documentation](https://karpenter.sh/docs/concepts/disruption/#nodes) | `List` | ✓ | ✓ | +| `nodegroups.{}.*` | Over-write all above which supports it | `Map` | ✓ | ✓ | +| `nodegroups.{}.instances.*` | Explicitly specify instances override, if using defaults specify `instances: {}` | `Map` | ✓ | ✓ | + +### Headroom Configuration +Headroom will create `pause` pods with resources-requests to just keep free amount of resources up and ready for scheduling.
This is useful for scaling up quickly when needed.
+The pods will be configured with ultra-low priority, and will be terminated and recreated on new nodes to free them up for usage if needed. +| Key Name | Description | Type | Optional? | Optional Per NodeGroup? | +| ------------------------------ | ----------- | ---- | --------- | ----------------------- | +| `nodegroups.{}.headRoom` | List of headroom configurations for the nodePool | `List(Map)` | ✓ | ✓ | +| `nodegroups.{}.headRoom.size` | `small`, `medium`, `large`, `xlarge` - see below | `String` | ✓ | ✓ | +| `nodegroups.{}.headRoom.count` | Number of headroom pod replicas to schedule | `Integer` | ✓ | ✓ | +| `nodegroups.{}.headRoom.antiAffinitySpec` | Optional - set antiaffinity to match against running workloads | `LabelSelectorSpec` | ✓ | ✓ | +| `nodegroups.{}.headRoom.nameSpaces` | Specify list of namespaces to match again (default `all`) | `List(String)` | ✓ | ✓ | + +### Headroom Sizing + +| Size | CPU | Ram | +| ----- | --- | --- | +| `small` | 1 | 4Gi | +| `medium` | 2 | 8Gi | +| `large` | 4 | 16Gi | +| `xlarge` | 8 | 32Gi | + +### Kubelet Configuration +[Documentation](https://karpenter.sh/docs/concepts/nodepools/#spectemplatespeckubelet) +Kubelet configuration can be set globally or per nodegroup. The following keys are supported: +| Key Name | Description | Type | Optional? | Optional Per NodeGroup? | +| ------------------------------ | ----------- | ---- | --------- | ----------------------- | +| `kubeletClusterDNS` | Cluster DNS | `List` | ✓ | ✓ | +| `kubeletSystemReservedCpu` | System Reserved CPU | `String` | x | ✓ | +| `kubeletSystemReservedMemory` | System Reserved Memory | `String` | x | ✓ | +| `kubeletSystemReservedEphemeralStorage` | System Reserved Ephemeral Storage | `String` | x | ✓ | +| `kubeletKubeReservedCpu` | Kube Reserved CPU | `String` | x | ✓ | +| `kubeletKubeReservedMemory` | Kube Reserved Memory | `String` | x | ✓ | +| `kubeletKubeReservedEphemeralStorage` | Kube Reserved Ephemeral Storage | `String` | x | ✓ | +| `kubeletEvictionHardMemoryAvailable` | Eviction Hard Memory Available | `String` | x | ✓ | +| `kubeletEvictionHardNodefsAvailable` | Eviction Hard Nodefs Available | `String` | x | ✓ | +| `kubeletEvictionHardNodefsInodesFree` | Eviction Hard Nodefs Inodes Free | `String` | x | ✓ | +| `kubeletEvictionSoftMemoryAvailable` | Eviction Soft Memory Available | `String` | x | ✓ | +| `kubeletEvictionSoftNodefsAvailable` | Eviction Soft Nodefs Available | `String` | x | ✓ | +| `kubeletEvictionSoftNodefsInodesFree` | Eviction Soft Nodefs Inodes Free | `String` | x | ✓ | +| `kubeletEvictionSoftImagefsAvailable` | Eviction Soft Imagefs Available | `String` | x | ✓ | +| `kubeletEvictionSoftImagefsInodesFree` | Eviction Soft Imagefs Inodes Free | `String` | x | ✓ | +| `kubeletEvictionSoftPidAvailable` | Eviction Soft Pid Available | `String` | x | ✓ | +| `kubeletEvictionSoftGracePeriodImagefsAvailable` | Eviction Soft Grace Period Imagefs Available | `String` | x | ✓ | +| `kubeletEvictionSoftGracePeriodImagefsInodesFree` | Eviction Soft Grace Period Imagefs Inodes Free | `String` | x | ✓ | +| `kubeletEvictionSoftGracePeriodMemoryAvailable` | Eviction Soft Grace Period Memory Available | `String` | x | ✓ | +| `kubeletEvictionSoftGracePeriodNodefsAvailable` | Eviction Soft Grace Period Nodefs Available | `String` | x | ✓ | +| `kubeletEvictionSoftGracePeriodNodefsInodesFree` | Eviction Soft Grace Period Nodefs Inodes Free | `String` | x | ✓ | +| `kubeletEvictionSoftGracePeriodPidAvailable` | Eviction Soft Grace Period Pid Available | `String` | x | ✓ | +| `kubeletImageGCHighThresholdPercent` | Image GC High Threshold Percent | `String` | ✓ | ✓ | +| `kubeletImageGCLowThresholdPercent` | Image GC Low Threshold Percent | `String` | ✓ | ✓ | +| `kubeletImageMinimumGCAge` | Image Minimum GC Age | `String` | ✓ | ✓ | +| `kubeletCpuCFSQuota` | CPU CFS Quota | `String` | ✓ | ✓ | +| `kubeletPodsPerCore` | Pods Per Core | `String` | ✓ | ✓ | +| `kubeletMaxPods` | Max Pods | `String` | ✓ | ✓ | + +## Extras +See grafana directory for dashbaords available for you to import into your Grafana instance. diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/examples/argocd_example.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/examples/argocd_example.yaml new file mode 100644 index 00000000..84b2a265 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/examples/argocd_example.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: karpenter-nodes + namespace: argocd +spec: + project: infra + sources: + - repoURL: 'https://opensource.fiverr.com/public_charts/' + chart: karpenter_nodes + targetRevision: 1.0.3 + helm: + valueFiles: + - $values/karpenter_nodes/eks-dev/common.yaml + - $values/karpenter_nodes/eks-dev/nodegroups.yaml + - $values/karpenter_nodes/eks-dev/userdata.yaml + - repoURL: https://github.com/my_values_repo.git + targetRevision: HEAD + ref: values + destination: + server: https://kubernetes diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/examples/common.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/examples/common.yaml new file mode 100644 index 00000000..e508da47 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/examples/common.yaml @@ -0,0 +1,73 @@ +clusterName: "eks-dev" + +subnetSelectorTerms: + - tags: + Name: eks-dev-eu-west-1a + - tags: + Name: eks-dev-eu-west-1b + - tags: + Name: eks-dev-eu-west-1c + +securityGroupSelectorTerms: + - tags: + Name: eks-nodes + - tags: + Name: eks-dev + +availabilityZones: + - eu-west-1a + - eu-west-1b + - eu-west-1c + +excludeInstanceSize: + - metal + +blockDeviceMappings: + - deviceName: /dev/xvda + ebs: + volumeSize: 100Gi + volumeType: gp3 + encrypted: true + deleteOnTermination: true + iops: 3000 + throughput: 125 + +instances: + minGeneration: 4 + architecture: "amd64" + categories: + - m + - r + - c + cores: + - "4" + - "8" + - "12" + - "16" + - "24" + - "32" + - "48" + capacityType: + - spot + + +nodeTags: + team: devops + component: eks-karpenter-nodes + created_by: helm + +amiFamily: AL2 +autoTaint: "true" +excludeFamilies: + - c6a + - m6a + - r6a + - c5a + - m5a + - r5a + - c6ad + - m6ad + - r6ad + - m5ad + - r5ad + - r5ad diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/examples/generate.sh b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/examples/generate.sh new file mode 100755 index 00000000..f9758edf --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/examples/generate.sh @@ -0,0 +1,2 @@ +#!/bin/bash +helm template karpenter-nodes ../ -f common.yaml -f nodegroups.yaml -f userdata.yaml > output/output.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/examples/nodegroups.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/examples/nodegroups.yaml new file mode 100644 index 00000000..2cdf1c01 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/examples/nodegroups.yaml @@ -0,0 +1,108 @@ +nodeGroups: + nodes-default: + autoTaint: "false" + weight: 2 + instances: + categories: + - m + - r + capacitySpread: + start: 1 + end: 5 + nodes-default-od: + autoTaint: "false" + nodeGroupLabel: nodes-default + capacitySpread: + start: 6 + end: 6 + instances: + minGeneration: 5 + categories: + - m + - r + capacityType: + - on-demand + nodeClassRef: + name: nodes-default-amd64 + nodes-workers: + weight: 2 + instances: + categories: + - m + - r + capacitySpread: + start: 1 + end: 5 + nodes-workers-c: + nodeGroupLabel: nodes-workers + capacitySpread: + start: 1 + end: 5 + instances: + categories: + - c + nodeClassRef: + name: nodes-workers-amd64 + nodes-canary: + instances: {} + capacitySpread: + start: 1 + end: 5 + nodes-jobs: + expireAfter: "Never" + instances: + capacityType: + - on-demand + cores: + - "8" + - "16" + consolidationPolicy: "WhenEmpty" + blockDeviceMappings: + - deviceName: /dev/xvda + ebs: + deleteOnTermination: true + encrypted: true + iops: 9000 + throughput: 125 + volumeSize: 500Gi + volumeType: gp3 + nodes-ingress: + registryCache: "false" + expireAfter: "Never" + instances: + architecture: "multiarch" + capacityType: + - on-demand + minGeneration: 7 + cores: + - "8" + nodes-monitoring: + labels: + prometheus-scrape: "true" #Not Real Use-case + additionalNodeTags: + innercomponent: monitoring + expireAfter: "Never" + instances: + architecture: "multiarch" + capacityType: + - on-demand + excludeFamilies: [] + nodes-gpu: + labels: + gpu: "true" + instances: + instanceTypes: + - g5.xlarge + - g5.2xlarge + - g5.4xlarge + categories: + - g + limits: + cpu: "128" + taints: + - key: "dedicated" + value: "gpu" + effect: "NoSchedule" + nodes-cilium-managed: + instances: {} + cilium: true diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/examples/output/output.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/examples/output/output.yaml new file mode 100644 index 00000000..b4d2e88e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/examples/output/output.yaml @@ -0,0 +1,1931 @@ +--- +# Source: karpenter_nodes/templates/priorityclass.yaml +apiVersion: scheduling.k8s.io/v1 +kind: PriorityClass +metadata: + name: karpenter-headroom +value: -1000000 +globalDefault: false +description: "Used for dummy pods to generate headroom in karpenter" +--- +# Source: karpenter_nodes/templates/nodeclass.yaml +apiVersion: karpenter.k8s.aws/v1beta1 +kind: EC2NodeClass +metadata: + name: "nodes-canary-amd64" +spec: + role: eks_nodes_role + amiFamily: AL2 + amiSelectorTerms: + subnetSelectorTerms: + - tags: + Name: eks-dev-eu-west-1a + - tags: + Name: eks-dev-eu-west-1b + - tags: + Name: eks-dev-eu-west-1c + securityGroupSelectorTerms: + - tags: + Name: eks-nodes + - tags: + Name: eks-dev + tags: + cluster: eks-dev + nodegroup: nodes-canary + component: eks-karpenter-nodes + created_by: helm + team: devops + managed_by: karpenter + blockDeviceMappings: + - deviceName: /dev/xvda + ebs: + deleteOnTermination: true + encrypted: true + iops: 3000 + throughput: 125 + volumeSize: 100Gi + volumeType: gp3 + detailedMonitoring: false + associatePublicIPAddress: false + metadataOptions: + httpEndpoint: enabled + httpProtocolIPv6: disabled + httpPutResponseHopLimit: 2 + httpTokens: required + userData: | + CLUSTER_NAME=eks-dev + INSTANCEGROUP=nodes-canary + INSTANCE_ID=`/usr/bin/ec2-metadata --instance-id | awk '{print $2}'` + ID_SUFFIX=`/usr/bin/ec2-metadata --instance-id | awk '{print substr($0,length-5,6)}'` + HOSTNAME="${CLUSTER_NAME}-${INSTANCEGROUP}-$ID_SUFFIX" + hostname $HOSTNAME + echo $HOSTNAME > /etc/hostname + aws ec2 create-tags --resources $INSTANCE_ID --tags=Key=Name,Value=$HOSTNAME + sed -i "s/127.0.0.1 [0-9a-z-]*\s*localhost/127.0.0.1 $HOSTNAME localhost/" /etc/hosts + # Sysctl changes + ## Disable IPv6 + cat < /etc/sysctl.d/10-disable-ipv6.conf + # disable ipv6 config + net.ipv6.conf.all.disable_ipv6 = 1 + net.ipv6.conf.default.disable_ipv6 = 1 + net.ipv6.conf.lo.disable_ipv6 = 1 + EOF + ## Stolen from this guy: https://blog.codeship.com/running-1000-containers-in-docker-swarm/ + cat < /etc/sysctl.d/99-kube-net.conf + # Have a larger connection range available + net.ipv4.ip_local_port_range=1024 65000 + # Reuse closed sockets faster + net.ipv4.tcp_tw_reuse=1 + net.ipv4.tcp_fin_timeout=15 + # The maximum number of "backlogged sockets". Default is 128. + net.core.somaxconn=4096 + net.core.netdev_max_backlog=4096 + # 16MB per socket - which sounds like a lot, + # but will virtually never consume that much. + net.core.rmem_max=16777216 + net.core.wmem_max=16777216 + # Various network tunables + net.ipv4.tcp_max_syn_backlog=20480 + net.ipv4.tcp_max_tw_buckets=400000 + net.ipv4.tcp_no_metrics_save=1 + net.ipv4.tcp_rmem=4096 87380 16777216 + net.ipv4.tcp_syn_retries=2 + net.ipv4.tcp_synack_retries=2 + net.ipv4.tcp_wmem=4096 65536 16777216 + #vm.min_free_kbytes=65536 + # Connection tracking to prevent dropped connections (usually issue on LBs) + net.netfilter.nf_conntrack_max=262144 + net.ipv4.netfilter.ip_conntrack_generic_timeout=120 + net.netfilter.nf_conntrack_tcp_timeout_established=86400 + # ARP cache settings for a highly loaded docker swarm + net.ipv4.neigh.default.gc_thresh1=8096 + net.ipv4.neigh.default.gc_thresh2=12288 + net.ipv4.neigh.default.gc_thresh3=16384 + EOF + systemctl restart systemd-sysctl.service + #Increase RegistryQPS + echo "$(jq '.registryPullQPS=100' /etc/kubernetes/kubelet/kubelet-config.json)" > /etc/kubernetes/kubelet/kubelet-config.json + echo "$(jq '.registryBurst=200' /etc/kubernetes/kubelet/kubelet-config.json)" > /etc/kubernetes/kubelet/kubelet-config.json + mkdir -p /etc/containerd/certs.d/docker.io + cat</etc/containerd/certs.d/docker.io/hosts.toml + server = "https://registry-1.docker.io" + [host."http://registry"] + capabilities = ["pull", "resolve"] + skip_verify = true + EOF +--- +# Source: karpenter_nodes/templates/nodeclass.yaml +apiVersion: karpenter.k8s.aws/v1beta1 +kind: EC2NodeClass +metadata: + name: "nodes-cilium-managed-amd64" +spec: + role: eks_nodes_role + amiFamily: AL2 + amiSelectorTerms: + subnetSelectorTerms: + - tags: + Name: eks-dev-eu-west-1a + - tags: + Name: eks-dev-eu-west-1b + - tags: + Name: eks-dev-eu-west-1c + securityGroupSelectorTerms: + - tags: + Name: eks-nodes + - tags: + Name: eks-dev + tags: + cluster: eks-dev + nodegroup: nodes-cilium-managed + component: eks-karpenter-nodes + created_by: helm + team: devops + managed_by: karpenter + blockDeviceMappings: + - deviceName: /dev/xvda + ebs: + deleteOnTermination: true + encrypted: true + iops: 3000 + throughput: 125 + volumeSize: 100Gi + volumeType: gp3 + detailedMonitoring: false + associatePublicIPAddress: false + metadataOptions: + httpEndpoint: enabled + httpProtocolIPv6: disabled + httpPutResponseHopLimit: 2 + httpTokens: required + userData: | + CLUSTER_NAME=eks-dev + INSTANCEGROUP=nodes-cilium-managed + INSTANCE_ID=`/usr/bin/ec2-metadata --instance-id | awk '{print $2}'` + ID_SUFFIX=`/usr/bin/ec2-metadata --instance-id | awk '{print substr($0,length-5,6)}'` + HOSTNAME="${CLUSTER_NAME}-${INSTANCEGROUP}-$ID_SUFFIX" + hostname $HOSTNAME + echo $HOSTNAME > /etc/hostname + aws ec2 create-tags --resources $INSTANCE_ID --tags=Key=Name,Value=$HOSTNAME + sed -i "s/127.0.0.1 [0-9a-z-]*\s*localhost/127.0.0.1 $HOSTNAME localhost/" /etc/hosts + # Sysctl changes + ## Disable IPv6 + cat < /etc/sysctl.d/10-disable-ipv6.conf + # disable ipv6 config + net.ipv6.conf.all.disable_ipv6 = 1 + net.ipv6.conf.default.disable_ipv6 = 1 + net.ipv6.conf.lo.disable_ipv6 = 1 + EOF + ## Stolen from this guy: https://blog.codeship.com/running-1000-containers-in-docker-swarm/ + cat < /etc/sysctl.d/99-kube-net.conf + # Have a larger connection range available + net.ipv4.ip_local_port_range=1024 65000 + # Reuse closed sockets faster + net.ipv4.tcp_tw_reuse=1 + net.ipv4.tcp_fin_timeout=15 + # The maximum number of "backlogged sockets". Default is 128. + net.core.somaxconn=4096 + net.core.netdev_max_backlog=4096 + # 16MB per socket - which sounds like a lot, + # but will virtually never consume that much. + net.core.rmem_max=16777216 + net.core.wmem_max=16777216 + # Various network tunables + net.ipv4.tcp_max_syn_backlog=20480 + net.ipv4.tcp_max_tw_buckets=400000 + net.ipv4.tcp_no_metrics_save=1 + net.ipv4.tcp_rmem=4096 87380 16777216 + net.ipv4.tcp_syn_retries=2 + net.ipv4.tcp_synack_retries=2 + net.ipv4.tcp_wmem=4096 65536 16777216 + #vm.min_free_kbytes=65536 + # Connection tracking to prevent dropped connections (usually issue on LBs) + net.netfilter.nf_conntrack_max=262144 + net.ipv4.netfilter.ip_conntrack_generic_timeout=120 + net.netfilter.nf_conntrack_tcp_timeout_established=86400 + # ARP cache settings for a highly loaded docker swarm + net.ipv4.neigh.default.gc_thresh1=8096 + net.ipv4.neigh.default.gc_thresh2=12288 + net.ipv4.neigh.default.gc_thresh3=16384 + EOF + systemctl restart systemd-sysctl.service + #Increase RegistryQPS + echo "$(jq '.registryPullQPS=100' /etc/kubernetes/kubelet/kubelet-config.json)" > /etc/kubernetes/kubelet/kubelet-config.json + echo "$(jq '.registryBurst=200' /etc/kubernetes/kubelet/kubelet-config.json)" > /etc/kubernetes/kubelet/kubelet-config.json + mkdir -p /etc/containerd/certs.d/docker.io + cat</etc/containerd/certs.d/docker.io/hosts.toml + server = "https://registry-1.docker.io" + [host."http://registry"] + capabilities = ["pull", "resolve"] + skip_verify = true + EOF +--- +# Source: karpenter_nodes/templates/nodeclass.yaml +apiVersion: karpenter.k8s.aws/v1beta1 +kind: EC2NodeClass +metadata: + name: "nodes-default-amd64" +spec: + role: eks_nodes_role + amiFamily: AL2 + amiSelectorTerms: + subnetSelectorTerms: + - tags: + Name: eks-dev-eu-west-1a + - tags: + Name: eks-dev-eu-west-1b + - tags: + Name: eks-dev-eu-west-1c + securityGroupSelectorTerms: + - tags: + Name: eks-nodes + - tags: + Name: eks-dev + tags: + cluster: eks-dev + nodegroup: nodes-default + component: eks-karpenter-nodes + created_by: helm + team: devops + managed_by: karpenter + blockDeviceMappings: + - deviceName: /dev/xvda + ebs: + deleteOnTermination: true + encrypted: true + iops: 3000 + throughput: 125 + volumeSize: 100Gi + volumeType: gp3 + detailedMonitoring: false + associatePublicIPAddress: false + metadataOptions: + httpEndpoint: enabled + httpProtocolIPv6: disabled + httpPutResponseHopLimit: 2 + httpTokens: required + userData: | + CLUSTER_NAME=eks-dev + INSTANCEGROUP=nodes-default + INSTANCE_ID=`/usr/bin/ec2-metadata --instance-id | awk '{print $2}'` + ID_SUFFIX=`/usr/bin/ec2-metadata --instance-id | awk '{print substr($0,length-5,6)}'` + HOSTNAME="${CLUSTER_NAME}-${INSTANCEGROUP}-$ID_SUFFIX" + hostname $HOSTNAME + echo $HOSTNAME > /etc/hostname + aws ec2 create-tags --resources $INSTANCE_ID --tags=Key=Name,Value=$HOSTNAME + sed -i "s/127.0.0.1 [0-9a-z-]*\s*localhost/127.0.0.1 $HOSTNAME localhost/" /etc/hosts + # Sysctl changes + ## Disable IPv6 + cat < /etc/sysctl.d/10-disable-ipv6.conf + # disable ipv6 config + net.ipv6.conf.all.disable_ipv6 = 1 + net.ipv6.conf.default.disable_ipv6 = 1 + net.ipv6.conf.lo.disable_ipv6 = 1 + EOF + ## Stolen from this guy: https://blog.codeship.com/running-1000-containers-in-docker-swarm/ + cat < /etc/sysctl.d/99-kube-net.conf + # Have a larger connection range available + net.ipv4.ip_local_port_range=1024 65000 + # Reuse closed sockets faster + net.ipv4.tcp_tw_reuse=1 + net.ipv4.tcp_fin_timeout=15 + # The maximum number of "backlogged sockets". Default is 128. + net.core.somaxconn=4096 + net.core.netdev_max_backlog=4096 + # 16MB per socket - which sounds like a lot, + # but will virtually never consume that much. + net.core.rmem_max=16777216 + net.core.wmem_max=16777216 + # Various network tunables + net.ipv4.tcp_max_syn_backlog=20480 + net.ipv4.tcp_max_tw_buckets=400000 + net.ipv4.tcp_no_metrics_save=1 + net.ipv4.tcp_rmem=4096 87380 16777216 + net.ipv4.tcp_syn_retries=2 + net.ipv4.tcp_synack_retries=2 + net.ipv4.tcp_wmem=4096 65536 16777216 + #vm.min_free_kbytes=65536 + # Connection tracking to prevent dropped connections (usually issue on LBs) + net.netfilter.nf_conntrack_max=262144 + net.ipv4.netfilter.ip_conntrack_generic_timeout=120 + net.netfilter.nf_conntrack_tcp_timeout_established=86400 + # ARP cache settings for a highly loaded docker swarm + net.ipv4.neigh.default.gc_thresh1=8096 + net.ipv4.neigh.default.gc_thresh2=12288 + net.ipv4.neigh.default.gc_thresh3=16384 + EOF + systemctl restart systemd-sysctl.service + #Increase RegistryQPS + echo "$(jq '.registryPullQPS=100' /etc/kubernetes/kubelet/kubelet-config.json)" > /etc/kubernetes/kubelet/kubelet-config.json + echo "$(jq '.registryBurst=200' /etc/kubernetes/kubelet/kubelet-config.json)" > /etc/kubernetes/kubelet/kubelet-config.json + mkdir -p /etc/containerd/certs.d/docker.io + cat</etc/containerd/certs.d/docker.io/hosts.toml + server = "https://registry-1.docker.io" + [host."http://registry"] + capabilities = ["pull", "resolve"] + skip_verify = true + EOF +--- +# Source: karpenter_nodes/templates/nodeclass.yaml +apiVersion: karpenter.k8s.aws/v1beta1 +kind: EC2NodeClass +metadata: + name: "nodes-gpu-amd64" +spec: + role: eks_nodes_role + amiFamily: AL2 + amiSelectorTerms: + subnetSelectorTerms: + - tags: + Name: eks-dev-eu-west-1a + - tags: + Name: eks-dev-eu-west-1b + - tags: + Name: eks-dev-eu-west-1c + securityGroupSelectorTerms: + - tags: + Name: eks-nodes + - tags: + Name: eks-dev + tags: + cluster: eks-dev + nodegroup: nodes-gpu + component: eks-karpenter-nodes + created_by: helm + team: devops + managed_by: karpenter + blockDeviceMappings: + - deviceName: /dev/xvda + ebs: + deleteOnTermination: true + encrypted: true + iops: 3000 + throughput: 125 + volumeSize: 100Gi + volumeType: gp3 + detailedMonitoring: false + associatePublicIPAddress: false + metadataOptions: + httpEndpoint: enabled + httpProtocolIPv6: disabled + httpPutResponseHopLimit: 2 + httpTokens: required + userData: | + CLUSTER_NAME=eks-dev + INSTANCEGROUP=nodes-gpu + INSTANCE_ID=`/usr/bin/ec2-metadata --instance-id | awk '{print $2}'` + ID_SUFFIX=`/usr/bin/ec2-metadata --instance-id | awk '{print substr($0,length-5,6)}'` + HOSTNAME="${CLUSTER_NAME}-${INSTANCEGROUP}-$ID_SUFFIX" + hostname $HOSTNAME + echo $HOSTNAME > /etc/hostname + aws ec2 create-tags --resources $INSTANCE_ID --tags=Key=Name,Value=$HOSTNAME + sed -i "s/127.0.0.1 [0-9a-z-]*\s*localhost/127.0.0.1 $HOSTNAME localhost/" /etc/hosts + # Sysctl changes + ## Disable IPv6 + cat < /etc/sysctl.d/10-disable-ipv6.conf + # disable ipv6 config + net.ipv6.conf.all.disable_ipv6 = 1 + net.ipv6.conf.default.disable_ipv6 = 1 + net.ipv6.conf.lo.disable_ipv6 = 1 + EOF + ## Stolen from this guy: https://blog.codeship.com/running-1000-containers-in-docker-swarm/ + cat < /etc/sysctl.d/99-kube-net.conf + # Have a larger connection range available + net.ipv4.ip_local_port_range=1024 65000 + # Reuse closed sockets faster + net.ipv4.tcp_tw_reuse=1 + net.ipv4.tcp_fin_timeout=15 + # The maximum number of "backlogged sockets". Default is 128. + net.core.somaxconn=4096 + net.core.netdev_max_backlog=4096 + # 16MB per socket - which sounds like a lot, + # but will virtually never consume that much. + net.core.rmem_max=16777216 + net.core.wmem_max=16777216 + # Various network tunables + net.ipv4.tcp_max_syn_backlog=20480 + net.ipv4.tcp_max_tw_buckets=400000 + net.ipv4.tcp_no_metrics_save=1 + net.ipv4.tcp_rmem=4096 87380 16777216 + net.ipv4.tcp_syn_retries=2 + net.ipv4.tcp_synack_retries=2 + net.ipv4.tcp_wmem=4096 65536 16777216 + #vm.min_free_kbytes=65536 + # Connection tracking to prevent dropped connections (usually issue on LBs) + net.netfilter.nf_conntrack_max=262144 + net.ipv4.netfilter.ip_conntrack_generic_timeout=120 + net.netfilter.nf_conntrack_tcp_timeout_established=86400 + # ARP cache settings for a highly loaded docker swarm + net.ipv4.neigh.default.gc_thresh1=8096 + net.ipv4.neigh.default.gc_thresh2=12288 + net.ipv4.neigh.default.gc_thresh3=16384 + EOF + systemctl restart systemd-sysctl.service + #Increase RegistryQPS + echo "$(jq '.registryPullQPS=100' /etc/kubernetes/kubelet/kubelet-config.json)" > /etc/kubernetes/kubelet/kubelet-config.json + echo "$(jq '.registryBurst=200' /etc/kubernetes/kubelet/kubelet-config.json)" > /etc/kubernetes/kubelet/kubelet-config.json + mkdir -p /etc/containerd/certs.d/docker.io + cat</etc/containerd/certs.d/docker.io/hosts.toml + server = "https://registry-1.docker.io" + [host."http://registry"] + capabilities = ["pull", "resolve"] + skip_verify = true + EOF +--- +# Source: karpenter_nodes/templates/nodeclass.yaml +apiVersion: karpenter.k8s.aws/v1beta1 +kind: EC2NodeClass +metadata: + name: "nodes-ingress-multiarch" +spec: + role: eks_nodes_role + amiFamily: AL2 + amiSelectorTerms: + subnetSelectorTerms: + - tags: + Name: eks-dev-eu-west-1a + - tags: + Name: eks-dev-eu-west-1b + - tags: + Name: eks-dev-eu-west-1c + securityGroupSelectorTerms: + - tags: + Name: eks-nodes + - tags: + Name: eks-dev + tags: + cluster: eks-dev + nodegroup: nodes-ingress + component: eks-karpenter-nodes + created_by: helm + team: devops + managed_by: karpenter + blockDeviceMappings: + - deviceName: /dev/xvda + ebs: + deleteOnTermination: true + encrypted: true + iops: 3000 + throughput: 125 + volumeSize: 100Gi + volumeType: gp3 + detailedMonitoring: false + associatePublicIPAddress: false + metadataOptions: + httpEndpoint: enabled + httpProtocolIPv6: disabled + httpPutResponseHopLimit: 2 + httpTokens: required + userData: | + CLUSTER_NAME=eks-dev + INSTANCEGROUP=nodes-ingress + INSTANCE_ID=`/usr/bin/ec2-metadata --instance-id | awk '{print $2}'` + ID_SUFFIX=`/usr/bin/ec2-metadata --instance-id | awk '{print substr($0,length-5,6)}'` + HOSTNAME="${CLUSTER_NAME}-${INSTANCEGROUP}-$ID_SUFFIX" + hostname $HOSTNAME + echo $HOSTNAME > /etc/hostname + aws ec2 create-tags --resources $INSTANCE_ID --tags=Key=Name,Value=$HOSTNAME + sed -i "s/127.0.0.1 [0-9a-z-]*\s*localhost/127.0.0.1 $HOSTNAME localhost/" /etc/hosts + # Sysctl changes + ## Disable IPv6 + cat < /etc/sysctl.d/10-disable-ipv6.conf + # disable ipv6 config + net.ipv6.conf.all.disable_ipv6 = 1 + net.ipv6.conf.default.disable_ipv6 = 1 + net.ipv6.conf.lo.disable_ipv6 = 1 + EOF + ## Stolen from this guy: https://blog.codeship.com/running-1000-containers-in-docker-swarm/ + cat < /etc/sysctl.d/99-kube-net.conf + # Have a larger connection range available + net.ipv4.ip_local_port_range=1024 65000 + # Reuse closed sockets faster + net.ipv4.tcp_tw_reuse=1 + net.ipv4.tcp_fin_timeout=15 + # The maximum number of "backlogged sockets". Default is 128. + net.core.somaxconn=4096 + net.core.netdev_max_backlog=4096 + # 16MB per socket - which sounds like a lot, + # but will virtually never consume that much. + net.core.rmem_max=16777216 + net.core.wmem_max=16777216 + # Various network tunables + net.ipv4.tcp_max_syn_backlog=20480 + net.ipv4.tcp_max_tw_buckets=400000 + net.ipv4.tcp_no_metrics_save=1 + net.ipv4.tcp_rmem=4096 87380 16777216 + net.ipv4.tcp_syn_retries=2 + net.ipv4.tcp_synack_retries=2 + net.ipv4.tcp_wmem=4096 65536 16777216 + #vm.min_free_kbytes=65536 + # Connection tracking to prevent dropped connections (usually issue on LBs) + net.netfilter.nf_conntrack_max=262144 + net.ipv4.netfilter.ip_conntrack_generic_timeout=120 + net.netfilter.nf_conntrack_tcp_timeout_established=86400 + # ARP cache settings for a highly loaded docker swarm + net.ipv4.neigh.default.gc_thresh1=8096 + net.ipv4.neigh.default.gc_thresh2=12288 + net.ipv4.neigh.default.gc_thresh3=16384 + EOF + systemctl restart systemd-sysctl.service + #Increase RegistryQPS + echo "$(jq '.registryPullQPS=100' /etc/kubernetes/kubelet/kubelet-config.json)" > /etc/kubernetes/kubelet/kubelet-config.json + echo "$(jq '.registryBurst=200' /etc/kubernetes/kubelet/kubelet-config.json)" > /etc/kubernetes/kubelet/kubelet-config.json +--- +# Source: karpenter_nodes/templates/nodeclass.yaml +apiVersion: karpenter.k8s.aws/v1beta1 +kind: EC2NodeClass +metadata: + name: "nodes-jobs-amd64" +spec: + role: eks_nodes_role + amiFamily: AL2 + amiSelectorTerms: + subnetSelectorTerms: + - tags: + Name: eks-dev-eu-west-1a + - tags: + Name: eks-dev-eu-west-1b + - tags: + Name: eks-dev-eu-west-1c + securityGroupSelectorTerms: + - tags: + Name: eks-nodes + - tags: + Name: eks-dev + tags: + cluster: eks-dev + nodegroup: nodes-jobs + component: eks-karpenter-nodes + created_by: helm + team: devops + managed_by: karpenter + blockDeviceMappings: + - deviceName: /dev/xvda + ebs: + deleteOnTermination: true + encrypted: true + iops: 9000 + throughput: 125 + volumeSize: 500Gi + volumeType: gp3 + detailedMonitoring: false + associatePublicIPAddress: false + metadataOptions: + httpEndpoint: enabled + httpProtocolIPv6: disabled + httpPutResponseHopLimit: 2 + httpTokens: required + userData: | + CLUSTER_NAME=eks-dev + INSTANCEGROUP=nodes-jobs + INSTANCE_ID=`/usr/bin/ec2-metadata --instance-id | awk '{print $2}'` + ID_SUFFIX=`/usr/bin/ec2-metadata --instance-id | awk '{print substr($0,length-5,6)}'` + HOSTNAME="${CLUSTER_NAME}-${INSTANCEGROUP}-$ID_SUFFIX" + hostname $HOSTNAME + echo $HOSTNAME > /etc/hostname + aws ec2 create-tags --resources $INSTANCE_ID --tags=Key=Name,Value=$HOSTNAME + sed -i "s/127.0.0.1 [0-9a-z-]*\s*localhost/127.0.0.1 $HOSTNAME localhost/" /etc/hosts + # Sysctl changes + ## Disable IPv6 + cat < /etc/sysctl.d/10-disable-ipv6.conf + # disable ipv6 config + net.ipv6.conf.all.disable_ipv6 = 1 + net.ipv6.conf.default.disable_ipv6 = 1 + net.ipv6.conf.lo.disable_ipv6 = 1 + EOF + ## Stolen from this guy: https://blog.codeship.com/running-1000-containers-in-docker-swarm/ + cat < /etc/sysctl.d/99-kube-net.conf + # Have a larger connection range available + net.ipv4.ip_local_port_range=1024 65000 + # Reuse closed sockets faster + net.ipv4.tcp_tw_reuse=1 + net.ipv4.tcp_fin_timeout=15 + # The maximum number of "backlogged sockets". Default is 128. + net.core.somaxconn=4096 + net.core.netdev_max_backlog=4096 + # 16MB per socket - which sounds like a lot, + # but will virtually never consume that much. + net.core.rmem_max=16777216 + net.core.wmem_max=16777216 + # Various network tunables + net.ipv4.tcp_max_syn_backlog=20480 + net.ipv4.tcp_max_tw_buckets=400000 + net.ipv4.tcp_no_metrics_save=1 + net.ipv4.tcp_rmem=4096 87380 16777216 + net.ipv4.tcp_syn_retries=2 + net.ipv4.tcp_synack_retries=2 + net.ipv4.tcp_wmem=4096 65536 16777216 + #vm.min_free_kbytes=65536 + # Connection tracking to prevent dropped connections (usually issue on LBs) + net.netfilter.nf_conntrack_max=262144 + net.ipv4.netfilter.ip_conntrack_generic_timeout=120 + net.netfilter.nf_conntrack_tcp_timeout_established=86400 + # ARP cache settings for a highly loaded docker swarm + net.ipv4.neigh.default.gc_thresh1=8096 + net.ipv4.neigh.default.gc_thresh2=12288 + net.ipv4.neigh.default.gc_thresh3=16384 + EOF + systemctl restart systemd-sysctl.service + #Increase RegistryQPS + echo "$(jq '.registryPullQPS=100' /etc/kubernetes/kubelet/kubelet-config.json)" > /etc/kubernetes/kubelet/kubelet-config.json + echo "$(jq '.registryBurst=200' /etc/kubernetes/kubelet/kubelet-config.json)" > /etc/kubernetes/kubelet/kubelet-config.json + mkdir -p /etc/containerd/certs.d/docker.io + cat</etc/containerd/certs.d/docker.io/hosts.toml + server = "https://registry-1.docker.io" + [host."http://registry"] + capabilities = ["pull", "resolve"] + skip_verify = true + EOF +--- +# Source: karpenter_nodes/templates/nodeclass.yaml +apiVersion: karpenter.k8s.aws/v1beta1 +kind: EC2NodeClass +metadata: + name: "nodes-monitoring-multiarch" +spec: + role: eks_nodes_role + amiFamily: AL2 + amiSelectorTerms: + subnetSelectorTerms: + - tags: + Name: eks-dev-eu-west-1a + - tags: + Name: eks-dev-eu-west-1b + - tags: + Name: eks-dev-eu-west-1c + securityGroupSelectorTerms: + - tags: + Name: eks-nodes + - tags: + Name: eks-dev + tags: + cluster: eks-dev + nodegroup: nodes-monitoring + component: eks-karpenter-nodes + created_by: helm + team: devops + innercomponent: monitoring + managed_by: karpenter + blockDeviceMappings: + - deviceName: /dev/xvda + ebs: + deleteOnTermination: true + encrypted: true + iops: 3000 + throughput: 125 + volumeSize: 100Gi + volumeType: gp3 + detailedMonitoring: false + associatePublicIPAddress: false + metadataOptions: + httpEndpoint: enabled + httpProtocolIPv6: disabled + httpPutResponseHopLimit: 2 + httpTokens: required + userData: | + CLUSTER_NAME=eks-dev + INSTANCEGROUP=nodes-monitoring + INSTANCE_ID=`/usr/bin/ec2-metadata --instance-id | awk '{print $2}'` + ID_SUFFIX=`/usr/bin/ec2-metadata --instance-id | awk '{print substr($0,length-5,6)}'` + HOSTNAME="${CLUSTER_NAME}-${INSTANCEGROUP}-$ID_SUFFIX" + hostname $HOSTNAME + echo $HOSTNAME > /etc/hostname + aws ec2 create-tags --resources $INSTANCE_ID --tags=Key=Name,Value=$HOSTNAME + sed -i "s/127.0.0.1 [0-9a-z-]*\s*localhost/127.0.0.1 $HOSTNAME localhost/" /etc/hosts + # Sysctl changes + ## Disable IPv6 + cat < /etc/sysctl.d/10-disable-ipv6.conf + # disable ipv6 config + net.ipv6.conf.all.disable_ipv6 = 1 + net.ipv6.conf.default.disable_ipv6 = 1 + net.ipv6.conf.lo.disable_ipv6 = 1 + EOF + ## Stolen from this guy: https://blog.codeship.com/running-1000-containers-in-docker-swarm/ + cat < /etc/sysctl.d/99-kube-net.conf + # Have a larger connection range available + net.ipv4.ip_local_port_range=1024 65000 + # Reuse closed sockets faster + net.ipv4.tcp_tw_reuse=1 + net.ipv4.tcp_fin_timeout=15 + # The maximum number of "backlogged sockets". Default is 128. + net.core.somaxconn=4096 + net.core.netdev_max_backlog=4096 + # 16MB per socket - which sounds like a lot, + # but will virtually never consume that much. + net.core.rmem_max=16777216 + net.core.wmem_max=16777216 + # Various network tunables + net.ipv4.tcp_max_syn_backlog=20480 + net.ipv4.tcp_max_tw_buckets=400000 + net.ipv4.tcp_no_metrics_save=1 + net.ipv4.tcp_rmem=4096 87380 16777216 + net.ipv4.tcp_syn_retries=2 + net.ipv4.tcp_synack_retries=2 + net.ipv4.tcp_wmem=4096 65536 16777216 + #vm.min_free_kbytes=65536 + # Connection tracking to prevent dropped connections (usually issue on LBs) + net.netfilter.nf_conntrack_max=262144 + net.ipv4.netfilter.ip_conntrack_generic_timeout=120 + net.netfilter.nf_conntrack_tcp_timeout_established=86400 + # ARP cache settings for a highly loaded docker swarm + net.ipv4.neigh.default.gc_thresh1=8096 + net.ipv4.neigh.default.gc_thresh2=12288 + net.ipv4.neigh.default.gc_thresh3=16384 + EOF + systemctl restart systemd-sysctl.service + #Increase RegistryQPS + echo "$(jq '.registryPullQPS=100' /etc/kubernetes/kubelet/kubelet-config.json)" > /etc/kubernetes/kubelet/kubelet-config.json + echo "$(jq '.registryBurst=200' /etc/kubernetes/kubelet/kubelet-config.json)" > /etc/kubernetes/kubelet/kubelet-config.json + mkdir -p /etc/containerd/certs.d/docker.io + cat</etc/containerd/certs.d/docker.io/hosts.toml + server = "https://registry-1.docker.io" + [host."http://registry"] + capabilities = ["pull", "resolve"] + skip_verify = true + EOF +--- +# Source: karpenter_nodes/templates/nodeclass.yaml +apiVersion: karpenter.k8s.aws/v1beta1 +kind: EC2NodeClass +metadata: + name: "nodes-workers-amd64" +spec: + role: eks_nodes_role + amiFamily: AL2 + amiSelectorTerms: + subnetSelectorTerms: + - tags: + Name: eks-dev-eu-west-1a + - tags: + Name: eks-dev-eu-west-1b + - tags: + Name: eks-dev-eu-west-1c + securityGroupSelectorTerms: + - tags: + Name: eks-nodes + - tags: + Name: eks-dev + tags: + cluster: eks-dev + nodegroup: nodes-workers + component: eks-karpenter-nodes + created_by: helm + team: devops + managed_by: karpenter + blockDeviceMappings: + - deviceName: /dev/xvda + ebs: + deleteOnTermination: true + encrypted: true + iops: 3000 + throughput: 125 + volumeSize: 100Gi + volumeType: gp3 + detailedMonitoring: false + associatePublicIPAddress: false + metadataOptions: + httpEndpoint: enabled + httpProtocolIPv6: disabled + httpPutResponseHopLimit: 2 + httpTokens: required + userData: | + CLUSTER_NAME=eks-dev + INSTANCEGROUP=nodes-workers + INSTANCE_ID=`/usr/bin/ec2-metadata --instance-id | awk '{print $2}'` + ID_SUFFIX=`/usr/bin/ec2-metadata --instance-id | awk '{print substr($0,length-5,6)}'` + HOSTNAME="${CLUSTER_NAME}-${INSTANCEGROUP}-$ID_SUFFIX" + hostname $HOSTNAME + echo $HOSTNAME > /etc/hostname + aws ec2 create-tags --resources $INSTANCE_ID --tags=Key=Name,Value=$HOSTNAME + sed -i "s/127.0.0.1 [0-9a-z-]*\s*localhost/127.0.0.1 $HOSTNAME localhost/" /etc/hosts + # Sysctl changes + ## Disable IPv6 + cat < /etc/sysctl.d/10-disable-ipv6.conf + # disable ipv6 config + net.ipv6.conf.all.disable_ipv6 = 1 + net.ipv6.conf.default.disable_ipv6 = 1 + net.ipv6.conf.lo.disable_ipv6 = 1 + EOF + ## Stolen from this guy: https://blog.codeship.com/running-1000-containers-in-docker-swarm/ + cat < /etc/sysctl.d/99-kube-net.conf + # Have a larger connection range available + net.ipv4.ip_local_port_range=1024 65000 + # Reuse closed sockets faster + net.ipv4.tcp_tw_reuse=1 + net.ipv4.tcp_fin_timeout=15 + # The maximum number of "backlogged sockets". Default is 128. + net.core.somaxconn=4096 + net.core.netdev_max_backlog=4096 + # 16MB per socket - which sounds like a lot, + # but will virtually never consume that much. + net.core.rmem_max=16777216 + net.core.wmem_max=16777216 + # Various network tunables + net.ipv4.tcp_max_syn_backlog=20480 + net.ipv4.tcp_max_tw_buckets=400000 + net.ipv4.tcp_no_metrics_save=1 + net.ipv4.tcp_rmem=4096 87380 16777216 + net.ipv4.tcp_syn_retries=2 + net.ipv4.tcp_synack_retries=2 + net.ipv4.tcp_wmem=4096 65536 16777216 + #vm.min_free_kbytes=65536 + # Connection tracking to prevent dropped connections (usually issue on LBs) + net.netfilter.nf_conntrack_max=262144 + net.ipv4.netfilter.ip_conntrack_generic_timeout=120 + net.netfilter.nf_conntrack_tcp_timeout_established=86400 + # ARP cache settings for a highly loaded docker swarm + net.ipv4.neigh.default.gc_thresh1=8096 + net.ipv4.neigh.default.gc_thresh2=12288 + net.ipv4.neigh.default.gc_thresh3=16384 + EOF + systemctl restart systemd-sysctl.service + #Increase RegistryQPS + echo "$(jq '.registryPullQPS=100' /etc/kubernetes/kubelet/kubelet-config.json)" > /etc/kubernetes/kubelet/kubelet-config.json + echo "$(jq '.registryBurst=200' /etc/kubernetes/kubelet/kubelet-config.json)" > /etc/kubernetes/kubelet/kubelet-config.json + mkdir -p /etc/containerd/certs.d/docker.io + cat</etc/containerd/certs.d/docker.io/hosts.toml + server = "https://registry-1.docker.io" + [host."http://registry"] + capabilities = ["pull", "resolve"] + skip_verify = true + EOF +--- +# Source: karpenter_nodes/templates/nodepool.yaml +apiVersion: karpenter.sh/v1beta1 +kind: NodePool +metadata: + name: "nodes-canary-amd64" +spec: + template: + metadata: + labels: + nodegroup: nodes-canary + cluster: eks-dev + spec: + nodeClassRef: + name: nodes-canary-amd64 + taints: + - key: dedicated + effect: NoSchedule + value: nodes_canary + requirements: + - key: "karpenter.k8s.aws/instance-category" + operator: In + values: + - m + - r + - c + - key: "karpenter.k8s.aws/instance-cpu" + operator: In + values: + - "4" + - "8" + - "12" + - "16" + - "24" + - "32" + - "48" + - key: karpenter.k8s.aws/instance-generation + operator: Gt + values: + - "3" + - key: "topology.kubernetes.io/zone" + operator: In + values: + - eu-west-1a + - eu-west-1b + - eu-west-1c + - key: "kubernetes.io/arch" + operator: In + values: + - amd64 + - key: "karpenter.sh/capacity-type" + operator: In + values: + - spot + - key: kubernetes.io/os + operator: In + values: + - linux + - key: "karpenter.k8s.aws/instance-family" + operator: NotIn + values: + - c6a + - m6a + - r6a + - c5a + - m5a + - r5a + - c6ad + - m6ad + - r6ad + - m5ad + - r5ad + - r5ad + - key: "karpenter.k8s.aws/instance-size" + operator: NotIn + values: + - metal + - key: capacity-spread + operator: In + values: + - "1" + - "2" + - "3" + - "4" + - "5" + kubelet: + systemReserved: + cpu: 250m + memory: 200Mi + ephemeral-storage: 2Gi + kubeReserved: + cpu: 250m + memory: 1Gi + ephemeral-storage: 4Gi + evictionHard: + memory.available: 768Mi + nodefs.available: 8% + nodefs.inodesFree: 8% + evictionSoft: + memory.available: 1280Mi + nodefs.available: 10% + nodefs.inodesFree: 15% + imagefs.available: 10% + imagefs.inodesFree: 10% + pid.available: 10% + evictionSoftGracePeriod: + imagefs.available: 10m0s + imagefs.inodesFree: 10m0s + memory.available: 5m0s + nodefs.available: 10m0s + nodefs.inodesFree: 10m0s + pid.available: 2m0s + disruption: + expireAfter: 720h + consolidationPolicy: WhenUnderutilized + weight: 1 +--- +# Source: karpenter_nodes/templates/nodepool.yaml +apiVersion: karpenter.sh/v1beta1 +kind: NodePool +metadata: + name: "nodes-cilium-managed-amd64" +spec: + template: + metadata: + labels: + nodegroup: nodes-cilium-managed + cluster: eks-dev + spec: + nodeClassRef: + name: nodes-cilium-managed-amd64 + taints: + - key: dedicated + effect: NoSchedule + value: nodes_cilium_managed + startupTaints: + - key: node.cilium.io/agent-not-ready + value: "true" + effect: NoExecute + requirements: + - key: "karpenter.k8s.aws/instance-category" + operator: In + values: + - m + - r + - c + - key: "karpenter.k8s.aws/instance-cpu" + operator: In + values: + - "4" + - "8" + - "12" + - "16" + - "24" + - "32" + - "48" + - key: karpenter.k8s.aws/instance-generation + operator: Gt + values: + - "3" + - key: "topology.kubernetes.io/zone" + operator: In + values: + - eu-west-1a + - eu-west-1b + - eu-west-1c + - key: "kubernetes.io/arch" + operator: In + values: + - amd64 + - key: "karpenter.sh/capacity-type" + operator: In + values: + - spot + - key: kubernetes.io/os + operator: In + values: + - linux + - key: "karpenter.k8s.aws/instance-family" + operator: NotIn + values: + - c6a + - m6a + - r6a + - c5a + - m5a + - r5a + - c6ad + - m6ad + - r6ad + - m5ad + - r5ad + - r5ad + - key: "karpenter.k8s.aws/instance-size" + operator: NotIn + values: + - metal + kubelet: + systemReserved: + cpu: 250m + memory: 200Mi + ephemeral-storage: 2Gi + kubeReserved: + cpu: 250m + memory: 1Gi + ephemeral-storage: 4Gi + evictionHard: + memory.available: 768Mi + nodefs.available: 8% + nodefs.inodesFree: 8% + evictionSoft: + memory.available: 1280Mi + nodefs.available: 10% + nodefs.inodesFree: 15% + imagefs.available: 10% + imagefs.inodesFree: 10% + pid.available: 10% + evictionSoftGracePeriod: + imagefs.available: 10m0s + imagefs.inodesFree: 10m0s + memory.available: 5m0s + nodefs.available: 10m0s + nodefs.inodesFree: 10m0s + pid.available: 2m0s + disruption: + expireAfter: 720h + consolidationPolicy: WhenUnderutilized + weight: 1 +--- +# Source: karpenter_nodes/templates/nodepool.yaml +apiVersion: karpenter.sh/v1beta1 +kind: NodePool +metadata: + name: "nodes-default-amd64" +spec: + template: + metadata: + labels: + nodegroup: nodes-default + cluster: eks-dev + spec: + nodeClassRef: + name: nodes-default-amd64 + requirements: + - key: "karpenter.k8s.aws/instance-category" + operator: In + values: + - m + - r + - key: "karpenter.k8s.aws/instance-cpu" + operator: In + values: + - "4" + - "8" + - "12" + - "16" + - "24" + - "32" + - "48" + - key: karpenter.k8s.aws/instance-generation + operator: Gt + values: + - "3" + - key: "topology.kubernetes.io/zone" + operator: In + values: + - eu-west-1a + - eu-west-1b + - eu-west-1c + - key: "kubernetes.io/arch" + operator: In + values: + - amd64 + - key: "karpenter.sh/capacity-type" + operator: In + values: + - spot + - key: kubernetes.io/os + operator: In + values: + - linux + - key: "karpenter.k8s.aws/instance-family" + operator: NotIn + values: + - c6a + - m6a + - r6a + - c5a + - m5a + - r5a + - c6ad + - m6ad + - r6ad + - m5ad + - r5ad + - r5ad + - key: "karpenter.k8s.aws/instance-size" + operator: NotIn + values: + - metal + - key: capacity-spread + operator: In + values: + - "1" + - "2" + - "3" + - "4" + - "5" + kubelet: + systemReserved: + cpu: 250m + memory: 200Mi + ephemeral-storage: 2Gi + kubeReserved: + cpu: 250m + memory: 1Gi + ephemeral-storage: 4Gi + evictionHard: + memory.available: 768Mi + nodefs.available: 8% + nodefs.inodesFree: 8% + evictionSoft: + memory.available: 1280Mi + nodefs.available: 10% + nodefs.inodesFree: 15% + imagefs.available: 10% + imagefs.inodesFree: 10% + pid.available: 10% + evictionSoftGracePeriod: + imagefs.available: 10m0s + imagefs.inodesFree: 10m0s + memory.available: 5m0s + nodefs.available: 10m0s + nodefs.inodesFree: 10m0s + pid.available: 2m0s + disruption: + expireAfter: 720h + consolidationPolicy: WhenUnderutilized + weight: 2 +--- +# Source: karpenter_nodes/templates/nodepool.yaml +apiVersion: karpenter.sh/v1beta1 +kind: NodePool +metadata: + name: "nodes-default-od-amd64" +spec: + template: + metadata: + labels: + nodegroup: nodes-default + cluster: eks-dev + spec: + nodeClassRef: + name: nodes-default-amd64 + requirements: + - key: "karpenter.k8s.aws/instance-category" + operator: In + values: + - m + - r + - key: "karpenter.k8s.aws/instance-cpu" + operator: In + values: + - "4" + - "8" + - "12" + - "16" + - "24" + - "32" + - "48" + - key: karpenter.k8s.aws/instance-generation + operator: Gt + values: + - "4" + - key: "topology.kubernetes.io/zone" + operator: In + values: + - eu-west-1a + - eu-west-1b + - eu-west-1c + - key: "kubernetes.io/arch" + operator: In + values: + - amd64 + - key: "karpenter.sh/capacity-type" + operator: In + values: + - on-demand + - key: kubernetes.io/os + operator: In + values: + - linux + - key: "karpenter.k8s.aws/instance-family" + operator: NotIn + values: + - c6a + - m6a + - r6a + - c5a + - m5a + - r5a + - c6ad + - m6ad + - r6ad + - m5ad + - r5ad + - r5ad + - key: "karpenter.k8s.aws/instance-size" + operator: NotIn + values: + - metal + - key: capacity-spread + operator: In + values: + - "6" + kubelet: + systemReserved: + cpu: 250m + memory: 200Mi + ephemeral-storage: 2Gi + kubeReserved: + cpu: 250m + memory: 1Gi + ephemeral-storage: 4Gi + evictionHard: + memory.available: 768Mi + nodefs.available: 8% + nodefs.inodesFree: 8% + evictionSoft: + memory.available: 1280Mi + nodefs.available: 10% + nodefs.inodesFree: 15% + imagefs.available: 10% + imagefs.inodesFree: 10% + pid.available: 10% + evictionSoftGracePeriod: + imagefs.available: 10m0s + imagefs.inodesFree: 10m0s + memory.available: 5m0s + nodefs.available: 10m0s + nodefs.inodesFree: 10m0s + pid.available: 2m0s + disruption: + expireAfter: 720h + consolidationPolicy: WhenUnderutilized + weight: 1 +--- +# Source: karpenter_nodes/templates/nodepool.yaml +apiVersion: karpenter.sh/v1beta1 +kind: NodePool +metadata: + name: "nodes-gpu-amd64" +spec: + template: + metadata: + labels: + nodegroup: nodes-gpu + cluster: eks-dev + gpu: true + spec: + nodeClassRef: + name: nodes-gpu-amd64 + taints: + - key: dedicated + effect: NoSchedule + value: nodes_gpu + - key: dedicated + value: gpu + effect: NoSchedule + requirements: + - key: "topology.kubernetes.io/zone" + operator: In + values: + - eu-west-1a + - eu-west-1b + - eu-west-1c + - key: "kubernetes.io/arch" + operator: In + values: + - amd64 + - key: "karpenter.sh/capacity-type" + operator: In + values: + - spot + - key: kubernetes.io/os + operator: In + values: + - linux + - key: "karpenter.k8s.aws/instance-family" + operator: NotIn + values: + - c6a + - m6a + - r6a + - c5a + - m5a + - r5a + - c6ad + - m6ad + - r6ad + - m5ad + - r5ad + - r5ad + - key: "karpenter.k8s.aws/instance-size" + operator: NotIn + values: + - metal + - key: node.kubernetes.io/instance-type + operator: In + values: + - g5.xlarge + - g5.2xlarge + - g5.4xlarge + kubelet: + systemReserved: + cpu: 250m + memory: 200Mi + ephemeral-storage: 2Gi + kubeReserved: + cpu: 250m + memory: 1Gi + ephemeral-storage: 4Gi + evictionHard: + memory.available: 768Mi + nodefs.available: 8% + nodefs.inodesFree: 8% + evictionSoft: + memory.available: 1280Mi + nodefs.available: 10% + nodefs.inodesFree: 15% + imagefs.available: 10% + imagefs.inodesFree: 10% + pid.available: 10% + evictionSoftGracePeriod: + imagefs.available: 10m0s + imagefs.inodesFree: 10m0s + memory.available: 5m0s + nodefs.available: 10m0s + nodefs.inodesFree: 10m0s + pid.available: 2m0s + disruption: + expireAfter: 720h + consolidationPolicy: WhenUnderutilized + limits: + cpu: 128 + weight: 1 +--- +# Source: karpenter_nodes/templates/nodepool.yaml +apiVersion: karpenter.sh/v1beta1 +kind: NodePool +metadata: + name: "nodes-ingress-multiarch" +spec: + template: + metadata: + labels: + nodegroup: nodes-ingress + cluster: eks-dev + spec: + nodeClassRef: + name: nodes-ingress-multiarch + taints: + - key: dedicated + effect: NoSchedule + value: nodes_ingress + requirements: + - key: "karpenter.k8s.aws/instance-category" + operator: In + values: + - m + - r + - c + - key: "karpenter.k8s.aws/instance-cpu" + operator: In + values: + - "8" + - key: karpenter.k8s.aws/instance-generation + operator: Gt + values: + - "6" + - key: "topology.kubernetes.io/zone" + operator: In + values: + - eu-west-1a + - eu-west-1b + - eu-west-1c + - key: "kubernetes.io/arch" + operator: In + values: + - amd64 + - arm64 + - key: "karpenter.sh/capacity-type" + operator: In + values: + - on-demand + - key: kubernetes.io/os + operator: In + values: + - linux + - key: "karpenter.k8s.aws/instance-family" + operator: NotIn + values: + - c6a + - m6a + - r6a + - c5a + - m5a + - r5a + - c6ad + - m6ad + - r6ad + - m5ad + - r5ad + - r5ad + - key: "karpenter.k8s.aws/instance-size" + operator: NotIn + values: + - metal + kubelet: + systemReserved: + cpu: 250m + memory: 200Mi + ephemeral-storage: 2Gi + kubeReserved: + cpu: 250m + memory: 1Gi + ephemeral-storage: 4Gi + evictionHard: + memory.available: 768Mi + nodefs.available: 8% + nodefs.inodesFree: 8% + evictionSoft: + memory.available: 1280Mi + nodefs.available: 10% + nodefs.inodesFree: 15% + imagefs.available: 10% + imagefs.inodesFree: 10% + pid.available: 10% + evictionSoftGracePeriod: + imagefs.available: 10m0s + imagefs.inodesFree: 10m0s + memory.available: 5m0s + nodefs.available: 10m0s + nodefs.inodesFree: 10m0s + pid.available: 2m0s + disruption: + expireAfter: Never + consolidationPolicy: WhenUnderutilized + weight: 1 +--- +# Source: karpenter_nodes/templates/nodepool.yaml +apiVersion: karpenter.sh/v1beta1 +kind: NodePool +metadata: + name: "nodes-jobs-amd64" +spec: + template: + metadata: + labels: + nodegroup: nodes-jobs + cluster: eks-dev + spec: + nodeClassRef: + name: nodes-jobs-amd64 + taints: + - key: dedicated + effect: NoSchedule + value: nodes_jobs + requirements: + - key: "karpenter.k8s.aws/instance-category" + operator: In + values: + - m + - r + - c + - key: "karpenter.k8s.aws/instance-cpu" + operator: In + values: + - "8" + - "16" + - key: karpenter.k8s.aws/instance-generation + operator: Gt + values: + - "3" + - key: "topology.kubernetes.io/zone" + operator: In + values: + - eu-west-1a + - eu-west-1b + - eu-west-1c + - key: "kubernetes.io/arch" + operator: In + values: + - amd64 + - key: "karpenter.sh/capacity-type" + operator: In + values: + - on-demand + - key: kubernetes.io/os + operator: In + values: + - linux + - key: "karpenter.k8s.aws/instance-family" + operator: NotIn + values: + - c6a + - m6a + - r6a + - c5a + - m5a + - r5a + - c6ad + - m6ad + - r6ad + - m5ad + - r5ad + - r5ad + - key: "karpenter.k8s.aws/instance-size" + operator: NotIn + values: + - metal + kubelet: + systemReserved: + cpu: 250m + memory: 200Mi + ephemeral-storage: 2Gi + kubeReserved: + cpu: 250m + memory: 1Gi + ephemeral-storage: 4Gi + evictionHard: + memory.available: 768Mi + nodefs.available: 8% + nodefs.inodesFree: 8% + evictionSoft: + memory.available: 1280Mi + nodefs.available: 10% + nodefs.inodesFree: 15% + imagefs.available: 10% + imagefs.inodesFree: 10% + pid.available: 10% + evictionSoftGracePeriod: + imagefs.available: 10m0s + imagefs.inodesFree: 10m0s + memory.available: 5m0s + nodefs.available: 10m0s + nodefs.inodesFree: 10m0s + pid.available: 2m0s + disruption: + expireAfter: Never + consolidationPolicy: WhenEmpty + consolidateAfter: 5m + weight: 1 +--- +# Source: karpenter_nodes/templates/nodepool.yaml +apiVersion: karpenter.sh/v1beta1 +kind: NodePool +metadata: + name: "nodes-monitoring-multiarch" +spec: + template: + metadata: + labels: + nodegroup: nodes-monitoring + cluster: eks-dev + prometheus-scrape: true + spec: + nodeClassRef: + name: nodes-monitoring-multiarch + taints: + - key: dedicated + effect: NoSchedule + value: nodes_monitoring + requirements: + - key: "karpenter.k8s.aws/instance-category" + operator: In + values: + - m + - r + - c + - key: "karpenter.k8s.aws/instance-cpu" + operator: In + values: + - "4" + - "8" + - "12" + - "16" + - "24" + - "32" + - "48" + - key: karpenter.k8s.aws/instance-generation + operator: Gt + values: + - "3" + - key: "topology.kubernetes.io/zone" + operator: In + values: + - eu-west-1a + - eu-west-1b + - eu-west-1c + - key: "kubernetes.io/arch" + operator: In + values: + - amd64 + - arm64 + - key: "karpenter.sh/capacity-type" + operator: In + values: + - on-demand + - key: kubernetes.io/os + operator: In + values: + - linux + - key: "karpenter.k8s.aws/instance-family" + operator: NotIn + values: + - key: "karpenter.k8s.aws/instance-size" + operator: NotIn + values: + - metal + kubelet: + systemReserved: + cpu: 250m + memory: 200Mi + ephemeral-storage: 2Gi + kubeReserved: + cpu: 250m + memory: 1Gi + ephemeral-storage: 4Gi + evictionHard: + memory.available: 768Mi + nodefs.available: 8% + nodefs.inodesFree: 8% + evictionSoft: + memory.available: 1280Mi + nodefs.available: 10% + nodefs.inodesFree: 15% + imagefs.available: 10% + imagefs.inodesFree: 10% + pid.available: 10% + evictionSoftGracePeriod: + imagefs.available: 10m0s + imagefs.inodesFree: 10m0s + memory.available: 5m0s + nodefs.available: 10m0s + nodefs.inodesFree: 10m0s + pid.available: 2m0s + disruption: + expireAfter: Never + consolidationPolicy: WhenUnderutilized + weight: 1 +--- +# Source: karpenter_nodes/templates/nodepool.yaml +apiVersion: karpenter.sh/v1beta1 +kind: NodePool +metadata: + name: "nodes-workers-amd64" +spec: + template: + metadata: + labels: + nodegroup: nodes-workers + cluster: eks-dev + spec: + nodeClassRef: + name: nodes-workers-amd64 + taints: + - key: dedicated + effect: NoSchedule + value: nodes_workers + requirements: + - key: "karpenter.k8s.aws/instance-category" + operator: In + values: + - m + - r + - key: "karpenter.k8s.aws/instance-cpu" + operator: In + values: + - "4" + - "8" + - "12" + - "16" + - "24" + - "32" + - "48" + - key: karpenter.k8s.aws/instance-generation + operator: Gt + values: + - "3" + - key: "topology.kubernetes.io/zone" + operator: In + values: + - eu-west-1a + - eu-west-1b + - eu-west-1c + - key: "kubernetes.io/arch" + operator: In + values: + - amd64 + - key: "karpenter.sh/capacity-type" + operator: In + values: + - spot + - key: kubernetes.io/os + operator: In + values: + - linux + - key: "karpenter.k8s.aws/instance-family" + operator: NotIn + values: + - c6a + - m6a + - r6a + - c5a + - m5a + - r5a + - c6ad + - m6ad + - r6ad + - m5ad + - r5ad + - r5ad + - key: "karpenter.k8s.aws/instance-size" + operator: NotIn + values: + - metal + - key: capacity-spread + operator: In + values: + - "1" + - "2" + - "3" + - "4" + - "5" + kubelet: + systemReserved: + cpu: 250m + memory: 200Mi + ephemeral-storage: 2Gi + kubeReserved: + cpu: 250m + memory: 1Gi + ephemeral-storage: 4Gi + evictionHard: + memory.available: 768Mi + nodefs.available: 8% + nodefs.inodesFree: 8% + evictionSoft: + memory.available: 1280Mi + nodefs.available: 10% + nodefs.inodesFree: 15% + imagefs.available: 10% + imagefs.inodesFree: 10% + pid.available: 10% + evictionSoftGracePeriod: + imagefs.available: 10m0s + imagefs.inodesFree: 10m0s + memory.available: 5m0s + nodefs.available: 10m0s + nodefs.inodesFree: 10m0s + pid.available: 2m0s + disruption: + expireAfter: 720h + consolidationPolicy: WhenUnderutilized + weight: 2 +--- +# Source: karpenter_nodes/templates/nodepool.yaml +apiVersion: karpenter.sh/v1beta1 +kind: NodePool +metadata: + name: "nodes-workers-c-amd64" +spec: + template: + metadata: + labels: + nodegroup: nodes-workers + cluster: eks-dev + spec: + nodeClassRef: + name: nodes-workers-amd64 + taints: + - key: dedicated + effect: NoSchedule + value: nodes_workers + requirements: + - key: "karpenter.k8s.aws/instance-category" + operator: In + values: + - c + - key: "karpenter.k8s.aws/instance-cpu" + operator: In + values: + - "4" + - "8" + - "12" + - "16" + - "24" + - "32" + - "48" + - key: karpenter.k8s.aws/instance-generation + operator: Gt + values: + - "3" + - key: "topology.kubernetes.io/zone" + operator: In + values: + - eu-west-1a + - eu-west-1b + - eu-west-1c + - key: "kubernetes.io/arch" + operator: In + values: + - amd64 + - key: "karpenter.sh/capacity-type" + operator: In + values: + - spot + - key: kubernetes.io/os + operator: In + values: + - linux + - key: "karpenter.k8s.aws/instance-family" + operator: NotIn + values: + - c6a + - m6a + - r6a + - c5a + - m5a + - r5a + - c6ad + - m6ad + - r6ad + - m5ad + - r5ad + - r5ad + - key: "karpenter.k8s.aws/instance-size" + operator: NotIn + values: + - metal + - key: capacity-spread + operator: In + values: + - "1" + - "2" + - "3" + - "4" + - "5" + kubelet: + systemReserved: + cpu: 250m + memory: 200Mi + ephemeral-storage: 2Gi + kubeReserved: + cpu: 250m + memory: 1Gi + ephemeral-storage: 4Gi + evictionHard: + memory.available: 768Mi + nodefs.available: 8% + nodefs.inodesFree: 8% + evictionSoft: + memory.available: 1280Mi + nodefs.available: 10% + nodefs.inodesFree: 15% + imagefs.available: 10% + imagefs.inodesFree: 10% + pid.available: 10% + evictionSoftGracePeriod: + imagefs.available: 10m0s + imagefs.inodesFree: 10m0s + memory.available: 5m0s + nodefs.available: 10m0s + nodefs.inodesFree: 10m0s + pid.available: 2m0s + disruption: + expireAfter: 720h + consolidationPolicy: WhenUnderutilized + weight: 1 diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/examples/userdata.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/examples/userdata.yaml new file mode 100644 index 00000000..bd9ac6f6 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/examples/userdata.yaml @@ -0,0 +1,67 @@ +registry: "https://registry-1.docker.io" +registryCache: "true" +registryHost: "http://registry" + +userData: | + CLUSTER_NAME={{ $.Values.clusterName }} + INSTANCEGROUP={{ .value.nodeGroupLabel | default .key }} + INSTANCE_ID=`/usr/bin/ec2-metadata --instance-id | awk '{print $2}'` + ID_SUFFIX=`/usr/bin/ec2-metadata --instance-id | awk '{print substr($0,length-5,6)}'` + HOSTNAME="${CLUSTER_NAME}-${INSTANCEGROUP}-$ID_SUFFIX" + hostname $HOSTNAME + echo $HOSTNAME > /etc/hostname + aws ec2 create-tags --resources $INSTANCE_ID --tags=Key=Name,Value=$HOSTNAME + sed -i "s/127.0.0.1 [0-9a-z-]*\s*localhost/127.0.0.1 $HOSTNAME localhost/" /etc/hosts + # Sysctl changes + ## Disable IPv6 + cat < /etc/sysctl.d/10-disable-ipv6.conf + # disable ipv6 config + net.ipv6.conf.all.disable_ipv6 = 1 + net.ipv6.conf.default.disable_ipv6 = 1 + net.ipv6.conf.lo.disable_ipv6 = 1 + EOF + ## Stolen from this guy: https://blog.codeship.com/running-1000-containers-in-docker-swarm/ + cat < /etc/sysctl.d/99-kube-net.conf + # Have a larger connection range available + net.ipv4.ip_local_port_range=1024 65000 + # Reuse closed sockets faster + net.ipv4.tcp_tw_reuse=1 + net.ipv4.tcp_fin_timeout=15 + # The maximum number of "backlogged sockets". Default is 128. + net.core.somaxconn=4096 + net.core.netdev_max_backlog=4096 + # 16MB per socket - which sounds like a lot, + # but will virtually never consume that much. + net.core.rmem_max=16777216 + net.core.wmem_max=16777216 + # Various network tunables + net.ipv4.tcp_max_syn_backlog=20480 + net.ipv4.tcp_max_tw_buckets=400000 + net.ipv4.tcp_no_metrics_save=1 + net.ipv4.tcp_rmem=4096 87380 16777216 + net.ipv4.tcp_syn_retries=2 + net.ipv4.tcp_synack_retries=2 + net.ipv4.tcp_wmem=4096 65536 16777216 + #vm.min_free_kbytes=65536 + # Connection tracking to prevent dropped connections (usually issue on LBs) + net.netfilter.nf_conntrack_max=262144 + net.ipv4.netfilter.ip_conntrack_generic_timeout=120 + net.netfilter.nf_conntrack_tcp_timeout_established=86400 + # ARP cache settings for a highly loaded docker swarm + net.ipv4.neigh.default.gc_thresh1=8096 + net.ipv4.neigh.default.gc_thresh2=12288 + net.ipv4.neigh.default.gc_thresh3=16384 + EOF + systemctl restart systemd-sysctl.service + #Increase RegistryQPS + echo "$(jq '.registryPullQPS=100' /etc/kubernetes/kubelet/kubelet-config.json)" > /etc/kubernetes/kubelet/kubelet-config.json + echo "$(jq '.registryBurst=200' /etc/kubernetes/kubelet/kubelet-config.json)" > /etc/kubernetes/kubelet/kubelet-config.json + {{- if eq ( .value.registryCache | default $.Values.registryCache ) "true" }} + mkdir -p /etc/containerd/certs.d/docker.io + cat</etc/containerd/certs.d/docker.io/hosts.toml + server = "{{ .value.registry | default $.Values.registry }}" + [host."{{ .value.registryHost | default $.Values.registryHost }}"] + capabilities = ["pull", "resolve"] + skip_verify = true + EOF + {{- end }} diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/grafana/Karpenter-OverView.json b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/grafana/Karpenter-OverView.json new file mode 100644 index 00000000..0e372b47 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/grafana/Karpenter-OverView.json @@ -0,0 +1,1935 @@ +{ + "__inputs": [ + { + "name": "DS_PROMETHEUS", + "label": "prometheus", + "description": "", + "type": "datasource", + "pluginId": "prometheus", + "pluginName": "Prometheus" + } + ], + "__elements": [], + "__requires": [ + { + "type": "panel", + "id": "bargauge", + "name": "Bar gauge", + "version": "" + }, + { + "type": "grafana", + "id": "grafana", + "name": "Grafana", + "version": "8.4.4" + }, + { + "type": "datasource", + "id": "prometheus", + "name": "Prometheus", + "version": "1.0.0" + }, + { + "type": "panel", + "id": "stat", + "name": "Stat", + "version": "" + }, + { + "type": "panel", + "id": "timeseries", + "name": "Time series", + "version": "" + } + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 1, + "id": null, + "iteration": 1712640887031, + "links": [], + "liveNow": false, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "super-light-purple", + "mode": "fixed" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 40, + "options": { + "colorMode": "background", + "graphMode": "none", + "justifyMode": "center", + "orientation": "vertical", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": { + "titleSize": 40, + "valueSize": 40 + }, + "textMode": "value_and_name" + }, + "pluginVersion": "8.4.4", + "repeat": "CLUSTER", + "repeatDirection": "v", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": false, + "expr": "sum(karpenter_nodeclaims_terminated{reason=\"interruption\",cluster=~\"$CLUSTER\"}) by (nodepool) - (sum(karpenter_nodeclaims_terminated{reason=\"interruption\",cluster=~\"$CLUSTER\"}) by (nodepool) offset $timediff)", + "instant": true, + "interval": "", + "legendFormat": "{{nodepool}}", + "refId": "A" + } + ], + "title": "$CLUSTER Total Interruptions - during $timediff", + "transparent": true, + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 6 + }, + "id": 38, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "mean" + ], + "displayMode": "table", + "placement": "right", + "sortBy": "Max", + "sortDesc": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum(rate(container_cpu_usage_seconds_total{pod=~\"karpenter.*\"})) by (cluster, pod)", + "interval": "", + "legendFormat": "[{{cluster}}]{{pod}}", + "refId": "A" + } + ], + "title": "CPU Usage", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 6 + }, + "id": 39, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "mean" + ], + "displayMode": "table", + "placement": "right", + "sortBy": "Max", + "sortDesc": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum(container_memory_usage_bytes{pod=~\"karpenter.*\"}) by (cluster, pod)", + "interval": "", + "legendFormat": "[{{cluster}}]{{pod}}", + "refId": "A" + } + ], + "title": "Memory Usage", + "type": "timeseries" + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 14 + }, + "id": 22, + "panels": [], + "title": "Cluster Capacity", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 15 + }, + "id": 35, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "mean" + ], + "displayMode": "table", + "placement": "right", + "sortBy": "Max", + "sortDesc": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "repeat": "CLUSTER", + "repeatDirection": "v", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "count(kube_node_labels{cluster=~\"$CLUSTER\",label_karpenter_sh_capacity_type!=\"\"}) by (label_karpenter_sh_nodepool, label_karpenter_sh_capacity_type)", + "interval": "", + "legendFormat": "[{{label_karpenter_sh_capacity_type}}]{{label_karpenter_sh_nodepool}} ", + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "count(kube_node_labels{cluster=~\"$CLUSTER\",label_karpenter_sh_capacity_type!=\"\"}) by ( label_karpenter_sh_capacity_type)", + "hide": false, + "interval": "", + "legendFormat": "TOTAL [{{label_karpenter_sh_capacity_type}}]", + "refId": "B" + } + ], + "title": "Spot/OD by Provisioners - $CLUSTER", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 24 + }, + "id": 30, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "mean" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "sum(karpenter_nodepool_usage) by (cluster, nodepool, resource_type) / sum(karpenter_nodepool_limit) by (cluster, nodepool, resource_type)", + "interval": "", + "legendFormat": "[{{cluster}}] {{nodepool}} {{resource_type}}", + "range": true, + "refId": "A" + } + ], + "title": "NodeGroup Usage Out Of limit", + "type": "timeseries" + }, + { + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 31 + }, + "id": 13, + "title": "Provisioning", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineStyle": { + "fill": "solid" + }, + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "opm" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 32 + }, + "id": 19, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "min", + "max", + "sum" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "sum(increase(karpenter_nodeclaims_created[1m])) by (cluster, nodepool, reason)", + "interval": "", + "legendFormat": "[A][{{cluster}} {{nodepool}}]{{reason}}", + "range": true, + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "- sum(increase(karpenter_nodeclaims_terminated[1m])) by (cluster, reason, nodepool)", + "hide": false, + "interval": "", + "legendFormat": "[R][{{cluster}} {{nodepool}}]{{reason}}", + "range": true, + "refId": "B" + } + ], + "title": "Created/Removed Nodes", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "left", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineStyle": { + "fill": "solid" + }, + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 32 + }, + "id": 20, + "maxDataPoints": 9999999999, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "min", + "max" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true, + "sortBy": "Total", + "sortDesc": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "sum(idelta(karpenter_nodeclaims_terminated{reason=\"interruption\"}[1m])) by (nodepool, cluster)", + "hide": false, + "interval": "", + "legendFormat": "[{{cluster}}] {{nodepool}}", + "range": true, + "refId": "A" + } + ], + "thresholds": [ + { + "colorMode": "critical", + "op": "gt", + "value": 10, + "visible": true + } + ], + "title": "Karpenter Spot Interruptions", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "opm" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 40 + }, + "id": 11, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "mean", + "sum" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "sum(irate(karpenter_cloudprovider_duration_seconds_count{method!=\"GetInstanceTypes\"}[1m])) by (cluster, method) * 60", + "interval": "", + "legendFormat": "{{cluster}} {{method}}", + "range": true, + "refId": "A" + } + ], + "title": "Instance Provisioning Actions", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "opm" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 40 + }, + "id": 9, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "mean", + "max", + "sum" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "sum(increase(karpenter_interruption_actions_performed[1m])) by (action_type,cluster)", + "interval": "", + "legendFormat": "[{{cluster}}]{{action_type}}", + "range": true, + "refId": "A" + } + ], + "title": "Interruption actions", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 48 + }, + "id": 6, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "mean", + "max" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "sum(increase(karpenter_deprovisioning_actions_performed[5m])) by (action)", + "interval": "", + "legendFormat": "{{action}}", + "range": true, + "refId": "A" + } + ], + "title": "Deprovisioning", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 48 + }, + "id": 4, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "mean", + "max" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "histogram_quantile($perc, sum(rate(karpenter_cloudprovider_duration_seconds_bucket{method!=\"GetInstanceTypes\"}[5m])) by (le, method))", + "interval": "", + "legendFormat": "{{method}}", + "range": true, + "refId": "A" + } + ], + "title": "AWS Requests", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "opm" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 56 + }, + "id": 8, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "mean", + "max" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "sum(irate(karpenter_interruption_received_messages[1m])) by (message_type, cluster) * 60", + "hide": false, + "interval": "", + "legendFormat": "{{cluster}}_{{message_type}}", + "range": true, + "refId": "B" + } + ], + "title": "Interruption messages", + "type": "timeseries" + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 64 + }, + "id": 24, + "panels": [], + "title": "Workers", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 65 + }, + "id": 26, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "mean" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true, + "sortBy": "Mean", + "sortDesc": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "sum(controller_runtime_active_workers{service=\"karpenter\"}) by (cluster, controller) / sum(controller_runtime_max_concurrent_reconciles{service=\"karpenter\"}) by (cluster, controller)", + "legendFormat": "[{{cluster}}] {{controller}}", + "range": true, + "refId": "A" + } + ], + "title": "Workers Utilization", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 65 + }, + "id": 28, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "mean" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true, + "sortBy": "Mean", + "sortDesc": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "sum(rate(controller_runtime_reconcile_errors_total{service=\"karpenter\"}[5m])) by (cluster, controller)", + "legendFormat": "[{{cluster}}] {{controller}}", + "range": true, + "refId": "A" + } + ], + "title": "Reconcile errors rate", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 14, + "w": 12, + "x": 0, + "y": 73 + }, + "id": 50, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "mean" + ], + "displayMode": "table", + "placement": "right" + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "histogram_quantile($perc, rate(controller_runtime_reconcile_time_seconds_bucket{controller=~\"$controller\",cluster=~\"$CLUSTER\"}[10m]))", + "hide": false, + "interval": "", + "legendFormat": "[$perc {{controller}}] {{cluster}}", + "range": true, + "refId": "Minimum" + } + ], + "title": "Controller Reconciliation Latency [$controller]", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "reqps" + }, + "overrides": [] + }, + "gridPos": { + "h": 14, + "w": 12, + "x": 12, + "y": 73 + }, + "id": 54, + "options": { + "displayMode": "gradient", + "minVizHeight": 10, + "minVizWidth": 0, + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showUnfilled": true + }, + "pluginVersion": "8.4.4", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "sum(rate(controller_runtime_reconcile_total{cluster=~\"$CLUSTER\",controller=~\"$controller\"}[10m])) by (controller,cluster)", + "interval": "", + "legendFormat": "[{{cluster}}]{{controller}}", + "range": true, + "refId": "A", + "target": "" + } + ], + "title": "Controller Reconciliation Rate", + "type": "bargauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 87 + }, + "id": 46, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "mean" + ], + "displayMode": "table", + "placement": "right" + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "karpenter_nodes_termination_time_seconds{quantile=\"$quantile\"}", + "hide": false, + "interval": "", + "legendFormat": "[$quantile][{{cluster}}]{{nodepool}}", + "range": true, + "refId": "C" + } + ], + "title": "Node Termination Latency", + "type": "timeseries" + } + ], + "refresh": false, + "schemaVersion": 35, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "current": { + "selected": true, + "text": "0.9", + "value": "0.9" + }, + "hide": 0, + "includeAll": false, + "label": "Percentile", + "multi": false, + "name": "perc", + "options": [ + { + "selected": false, + "text": "0.5", + "value": "0.5" + }, + { + "selected": false, + "text": "0.8", + "value": "0.8" + }, + { + "selected": true, + "text": "0.9", + "value": "0.9" + }, + { + "selected": false, + "text": "1", + "value": "1" + } + ], + "query": "0.5, 0.8, 0.9,1", + "queryValue": "", + "skipUrlSync": false, + "type": "custom" + }, + { + "current": { + "selected": false, + "text": "1d", + "value": "1d" + }, + "hide": 0, + "includeAll": false, + "multi": false, + "name": "timediff", + "options": [ + { + "selected": true, + "text": "1d", + "value": "1d" + }, + { + "selected": false, + "text": "2d", + "value": "2d" + }, + { + "selected": false, + "text": "5d", + "value": "5d" + }, + { + "selected": false, + "text": "7d", + "value": "7d" + }, + { + "selected": false, + "text": "14d", + "value": "14d" + }, + { + "selected": false, + "text": "30d", + "value": "30d" + }, + { + "selected": false, + "text": "60d", + "value": "60d" + }, + { + "selected": false, + "text": "90d", + "value": "90d" + } + ], + "query": "1d,2d,5d,7d,14d,30d,60d,90d", + "queryValue": "", + "skipUrlSync": false, + "type": "custom" + }, + { + "current": {}, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "definition": "label_values(cluster)", + "hide": 0, + "includeAll": true, + "multi": true, + "name": "CLUSTER", + "options": [], + "query": { + "query": "label_values(cluster)", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + }, + { + "current": {}, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "definition": "label_values(karpenter_nodes_termination_time_seconds,quantile)", + "hide": 0, + "includeAll": false, + "multi": false, + "name": "quantile", + "options": [], + "query": { + "query": "label_values(karpenter_nodes_termination_time_seconds,quantile)", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + }, + { + "current": {}, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "definition": "label_values(controller_runtime_reconcile_time_seconds_count, controller)", + "hide": 0, + "includeAll": true, + "multi": true, + "name": "controller", + "options": [], + "query": { + "query": "label_values(controller_runtime_reconcile_time_seconds_count, controller)", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "Karpenter-for-export", + "uid": "ctAxtWaIk", + "version": 12, + "weekStart": "" +} \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/grafana/Karpenter-Per-NodeGroup.json b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/grafana/Karpenter-Per-NodeGroup.json new file mode 100644 index 00000000..014fd68f --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/grafana/Karpenter-Per-NodeGroup.json @@ -0,0 +1,2499 @@ +{ + "__inputs": [ + { + "name": "DS_PROMETHEUS", + "label": "prometheus", + "description": "", + "type": "datasource", + "pluginId": "prometheus", + "pluginName": "Prometheus" + } + ], + "__elements": [], + "__requires": [ + { + "type": "panel", + "id": "bargauge", + "name": "Bar gauge", + "version": "" + }, + { + "type": "grafana", + "id": "grafana", + "name": "Grafana", + "version": "8.4.4" + }, + { + "type": "panel", + "id": "piechart", + "name": "Pie chart", + "version": "" + }, + { + "type": "datasource", + "id": "prometheus", + "name": "Prometheus", + "version": "1.0.0" + }, + { + "type": "panel", + "id": "stat", + "name": "Stat", + "version": "" + }, + { + "type": "panel", + "id": "timeseries", + "name": "Time series", + "version": "" + } + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 1, + "id": null, + "iteration": 1713189648192, + "links": [], + "liveNow": false, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "super-light-purple", + "mode": "fixed" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 4, + "x": 0, + "y": 0 + }, + "id": 32, + "options": { + "colorMode": "background", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": { + "titleSize": 40, + "valueSize": 40 + }, + "textMode": "value_and_name" + }, + "pluginVersion": "8.4.4", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": false, + "expr": "sum(karpenter_nodeclaims_terminated{reason=\"interruption\",cluster=\"$CLUSTER\", nodepool=~\"$NODEPOOL\"}) by (nodepool)", + "instant": true, + "interval": "", + "legendFormat": "{{nodepool}}", + "refId": "A" + } + ], + "title": "Total Interruptions", + "transparent": true, + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 4, + "x": 4, + "y": 0 + }, + "id": 36, + "options": { + "displayLabels": [ + "percent", + "name" + ], + "legend": { + "displayMode": "hidden", + "placement": "bottom" + }, + "pieType": "pie", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "8.4.4", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": false, + "expr": "count(kube_node_labels{cluster=\"$CLUSTER\",label_nodegroup=\"$NODEGROUP\", label_karpenter_sh_capacity_type!=\"\"}) by (label_karpenter_sh_capacity_type)", + "instant": true, + "interval": "", + "legendFormat": "{{label_karpenter_sh_capacity_type}}", + "refId": "A" + } + ], + "title": "LifeCycles", + "transparent": true, + "type": "piechart" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 4, + "x": 8, + "y": 0 + }, + "id": 40, + "options": { + "displayLabels": [ + "percent", + "name" + ], + "legend": { + "displayMode": "hidden", + "placement": "bottom" + }, + "pieType": "pie", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "8.4.4", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": false, + "expr": "count(kube_node_labels{cluster=\"$CLUSTER\",label_nodegroup=\"$NODEGROUP\", label_topology_kubernetes_io_zone!=\"\"}) by (label_topology_kubernetes_io_zone)", + "instant": true, + "interval": "", + "legendFormat": "{{label_topology_kubernetes_io_zone}}", + "refId": "A" + } + ], + "title": "AZ ", + "transparent": true, + "type": "piechart" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "continuous-BlYlRd" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 3, + "x": 12, + "y": 0 + }, + "id": 39, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "8.4.4", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "sum(karpenter_nodepool_usage{cluster=\"$CLUSTER\",nodepool=~\"$NODEPOOL\",resource_type=\"memory\"} / 1024 /1024 / 1024) / \nsum(karpenter_nodepool_usage{cluster=\"$CLUSTER\",nodepool=~\"$NODEPOOL\",resource_type=\"cpu\"}) ", + "format": "table", + "instant": true, + "interval": "", + "legendFormat": "", + "range": true, + "refId": "A" + } + ], + "title": "Memory / CPU Ratio", + "transparent": true, + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "semi-dark-blue", + "value": null + }, + { + "color": "red", + "value": 1536 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 3, + "x": 15, + "y": 0 + }, + "id": 38, + "options": { + "colorMode": "background", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "8.4.4", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "sum(karpenter_nodepool_usage{cluster=\"$CLUSTER\",nodepool=~\"$NODEPOOL\",resource_type=\"cpu\"})", + "format": "table", + "instant": true, + "interval": "", + "legendFormat": "", + "range": true, + "refId": "A" + } + ], + "title": "Total cores $NODEGROUP", + "transparent": true, + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "continuous-BlYlRd" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1536 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 3, + "x": 18, + "y": 0 + }, + "id": 37, + "options": { + "colorMode": "background", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "/^Value$/", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "8.4.4", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "sum(karpenter_nodepool_usage{cluster=\"$CLUSTER\",nodepool=~\"$NODEPOOL\",resource_type=\"memory\"} /1024 /1024 /1024)", + "format": "table", + "instant": true, + "interval": "", + "legendFormat": "", + "range": true, + "refId": "A" + } + ], + "title": "Total Memory (Gb)", + "transparent": true, + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 3, + "x": 21, + "y": 0 + }, + "id": 41, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "8.4.4", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "sum(karpenter_nodepool_usage{cluster=\"$CLUSTER\", nodepool=~\"$NODEPOOL\"}) by (resource_type, nodepool) / sum(karpenter_nodepool_limit{cluster=\"$CLUSTER\", nodepool=~\"$NODEPOOL\"}) by (resource_type, nodepool)", + "instant": false, + "interval": "", + "legendFormat": "{{resource_type}} {{nodepool}}", + "range": true, + "refId": "A" + } + ], + "title": "NodeGroup Usage Out Of limit", + "transparent": true, + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 7, + "x": 0, + "y": 7 + }, + "id": 44, + "options": { + "displayLabels": [ + "percent", + "name" + ], + "legend": { + "displayMode": "table", + "placement": "right", + "values": [ + "value" + ] + }, + "pieType": "pie", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "8.4.4", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": false, + "expr": "count(kube_node_labels{cluster=\"$CLUSTER\",label_nodegroup=\"$NODEGROUP\", label_karpenter_sh_capacity_type!=\"\"}) by (label_node_kubernetes_io_instance_type)", + "instant": true, + "interval": "", + "legendFormat": "{{label_node_kubernetes_io_instance_type}}", + "refId": "A" + } + ], + "title": "Instance Types", + "transparent": true, + "type": "piechart" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "continuous-YlBl" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 500 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 3, + "x": 7, + "y": 7 + }, + "id": 42, + "options": { + "displayMode": "gradient", + "orientation": "vertical", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showUnfilled": true + }, + "pluginVersion": "8.4.4", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "sum(karpenter_nodes_created{cluster=\"$CLUSTER\", nodepool=~\"$NODEPOOL\"}) by (nodepool)", + "format": "time_series", + "instant": false, + "interval": "", + "legendFormat": "Created by {{provisioner}}", + "range": true, + "refId": "A" + } + ], + "title": "Total Created Nodes", + "type": "bargauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 5, + "x": 10, + "y": 7 + }, + "id": 47, + "options": { + "displayLabels": [ + "name" + ], + "legend": { + "displayMode": "hidden", + "placement": "bottom" + }, + "pieType": "pie", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "8.4.4", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "sum(karpenter_nodeclaims_drifted{cluster=\"$CLUSTER\", nodepool=~\"$NODEPOOL\"}) by (type)", + "format": "time_series", + "hide": false, + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{type}}", + "range": true, + "refId": "B" + } + ], + "title": "Drift types", + "type": "piechart" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "continuous-GrYlRd" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 9, + "x": 15, + "y": 7 + }, + "id": 43, + "options": { + "displayMode": "gradient", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showUnfilled": true + }, + "pluginVersion": "8.4.4", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "sum(karpenter_nodeclaims_terminated{cluster=\"$CLUSTER\", nodepool=~\"$NODEPOOL\"}) by (nodepool, reason)", + "format": "time_series", + "hide": false, + "instant": false, + "interval": "", + "legendFormat": "Removed by {{provisioner}} {{reason}}", + "range": true, + "refId": "B" + } + ], + "title": "Total Removed Nodes", + "type": "bargauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "currencyUSD" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 15 + }, + "id": 52, + "interval": "1h", + "options": { + "displayMode": "gradient", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showUnfilled": true + }, + "pluginVersion": "8.4.4", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum_over_time(sum(count(label_replace(kube_node_labels_mixin{cluster=\"$CLUSTER\",label_nodegroup=\"$NODEGROUP\",label_karpenter_sh_capacity_type=\"spot\"}, \"instance_type\", \"$1\", \"label_node_kubernetes_io_instance_type\", \"(.+)\")) by (instance_type) * on (instance_type) max(karpenter_cloudprovider_instance_type_price_estimate{cluster=\"$CLUSTER\",capacity_type=\"spot\"}) by (instance_type))[1d])", + "instant": false, + "interval": "", + "legendFormat": "Day", + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum_over_time(sum(count(label_replace(kube_node_labels_mixin{cluster=\"$CLUSTER\",label_nodegroup=\"$NODEGROUP\",label_karpenter_sh_capacity_type=\"spot\"}, \"instance_type\", \"$1\", \"label_node_kubernetes_io_instance_type\", \"(.+)\")) by (instance_type) * on (instance_type) max(karpenter_cloudprovider_instance_type_price_estimate{cluster=\"$CLUSTER\",capacity_type=\"spot\"}) by (instance_type))[7d])", + "hide": false, + "instant": false, + "interval": "", + "legendFormat": "Week", + "refId": "B" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum_over_time(sum(count(label_replace(kube_node_labels_mixin{cluster=\"$CLUSTER\",label_nodegroup=\"$NODEGROUP\",label_karpenter_sh_capacity_type=\"spot\"}, \"instance_type\", \"$1\", \"label_node_kubernetes_io_instance_type\", \"(.+)\")) by (instance_type) * on (instance_type) max(karpenter_cloudprovider_instance_type_price_estimate{cluster=\"$CLUSTER\",capacity_type=\"spot\"}) by (instance_type))[30d])", + "hide": false, + "instant": false, + "interval": "", + "legendFormat": "Month", + "refId": "C" + } + ], + "title": "Spot Costs on $NODEGROUP", + "type": "bargauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "currencyUSD" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 15 + }, + "id": 53, + "interval": "1h", + "options": { + "displayMode": "gradient", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showUnfilled": true + }, + "pluginVersion": "8.4.4", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum_over_time(sum(count(label_replace(kube_node_labels_mixin{cluster=\"$CLUSTER\",label_nodegroup=\"$NODEGROUP\",label_karpenter_sh_capacity_type=\"on-demand\"}, \"instance_type\", \"$1\", \"label_node_kubernetes_io_instance_type\", \"(.+)\")) by (instance_type) * on (instance_type) max(karpenter_cloudprovider_instance_type_price_estimate{cluster=\"$CLUSTER\",capacity_type=\"on-demand\"}) by (instance_type))[1d])", + "format": "time_series", + "instant": false, + "interval": "", + "legendFormat": "Day", + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum_over_time(sum(count(label_replace(kube_node_labels_mixin{cluster=\"$CLUSTER\",label_nodegroup=\"$NODEGROUP\",label_karpenter_sh_capacity_type=\"on-demand\"}, \"instance_type\", \"$1\", \"label_node_kubernetes_io_instance_type\", \"(.+)\")) by (instance_type) * on (instance_type) max(karpenter_cloudprovider_instance_type_price_estimate{cluster=\"$CLUSTER\",capacity_type=\"on-demand\"}) by (instance_type))[7d])", + "hide": false, + "instant": false, + "interval": "", + "legendFormat": "Week", + "refId": "B" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum_over_time(sum(count(label_replace(kube_node_labels_mixin{cluster=\"$CLUSTER\",label_nodegroup=\"$NODEGROUP\",label_karpenter_sh_capacity_type=\"on-demand\"}, \"instance_type\", \"$1\", \"label_node_kubernetes_io_instance_type\", \"(.+)\")) by (instance_type) * on (instance_type) max(karpenter_cloudprovider_instance_type_price_estimate{cluster=\"$CLUSTER\",capacity_type=\"on-demand\"}) by (instance_type))[30d])", + "hide": false, + "instant": false, + "interval": "", + "legendFormat": "Month", + "refId": "C" + } + ], + "title": "On-Demand Costs on $NODEGROUP", + "type": "bargauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "currencyUSD" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 23 + }, + "id": 49, + "interval": "1h", + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "sum" + ], + "displayMode": "table", + "placement": "right", + "sortBy": "Total", + "sortDesc": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "count(label_replace(kube_node_labels_mixin{cluster=\"$CLUSTER\",label_nodegroup=\"$NODEGROUP\",label_karpenter_sh_capacity_type=\"spot\"}, \"instance_type\", \"$1\", \"label_node_kubernetes_io_instance_type\", \"(.+)\")) by (instance_type) * on (instance_type) max(karpenter_cloudprovider_instance_type_price_estimate{cluster=\"$CLUSTER\",capacity_type=\"spot\"}) by (instance_type)", + "interval": "", + "legendFormat": "{{instance_type}} / Hour", + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum(count(label_replace(kube_node_labels_mixin{cluster=\"$CLUSTER\",label_nodegroup=\"$NODEGROUP\",label_karpenter_sh_capacity_type=\"spot\"}, \"instance_type\", \"$1\", \"label_node_kubernetes_io_instance_type\", \"(.+)\")) by (instance_type) * on (instance_type) max(karpenter_cloudprovider_instance_type_price_estimate{cluster=\"$CLUSTER\",capacity_type=\"spot\"}) by (instance_type))", + "hide": false, + "interval": "", + "legendFormat": "Total Hourly Price", + "refId": "B" + } + ], + "title": "Spot Hourly Pricing for $NODEGROUP", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "currencyUSD" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 23 + }, + "id": 50, + "interval": "1h", + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "sum" + ], + "displayMode": "table", + "placement": "right" + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "count(label_replace(kube_node_labels_mixin{cluster=\"$CLUSTER\",label_nodegroup=\"$NODEGROUP\",label_karpenter_sh_capacity_type=\"on-demand\"}, \"instance_type\", \"$1\", \"label_node_kubernetes_io_instance_type\", \"(.+)\")) by (instance_type) * on (instance_type) max(karpenter_cloudprovider_instance_type_price_estimate{cluster=\"$CLUSTER\",capacity_type=\"on-demand\"}) by (instance_type)", + "interval": "", + "legendFormat": "{{instance_type}} Hourly Price", + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum(count(label_replace(kube_node_labels_mixin{cluster=\"$CLUSTER\",label_nodegroup=\"$NODEGROUP\",label_karpenter_sh_capacity_type=\"on-demand\"}, \"instance_type\", \"$1\", \"label_node_kubernetes_io_instance_type\", \"(.+)\")) by (instance_type) * on (instance_type) max(karpenter_cloudprovider_instance_type_price_estimate{cluster=\"$CLUSTER\",capacity_type=\"on-demand\"}) by (instance_type))", + "hide": false, + "interval": "", + "legendFormat": "Total Hourly Price", + "refId": "B" + } + ], + "title": "On-Demand Hourly Pricing for $NODEGROUP", + "type": "timeseries" + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 31 + }, + "id": 22, + "panels": [], + "title": "NodeGroup Capacity", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineStyle": { + "fill": "solid" + }, + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 32 + }, + "id": 19, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "min", + "max", + "sum" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "sum(increase(karpenter_nodeclaims_created{cluster=\"$CLUSTER\", nodepool=~\"$NODEPOOL\" }[1m])) by (reason)", + "interval": "", + "legendFormat": "[ADD] {{reason}}", + "range": true, + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "- sum(increase(karpenter_nodeclaims_terminated{cluster=\"$CLUSTER\", nodepool=~\"$NODEPOOL\"}[1m])) by (reason)", + "hide": false, + "interval": "", + "legendFormat": "[REM] {{reason}}", + "range": true, + "refId": "B" + } + ], + "title": "Created/Removed Nodes $NODEGROUP", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "left", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineStyle": { + "fill": "solid" + }, + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "Total Counter" + }, + "properties": [ + { + "id": "custom.axisPlacement", + "value": "right" + }, + { + "id": "unit", + "value": "none" + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 32 + }, + "id": 20, + "maxDataPoints": 9999999999, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "min", + "max" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true, + "sortBy": "Total", + "sortDesc": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "sum(increase(karpenter_nodeclaims_terminated{reason=\"interruption\", cluster=\"$CLUSTER\", nodepool=~\"$NODEPOOL\"}[1m])) by (nodepool)", + "hide": false, + "interval": "", + "legendFormat": "{{provisioner}}", + "range": true, + "refId": "B" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum(karpenter_nodeclaims_terminated{reason=\"interruption\", cluster=\"$CLUSTER\", nodepool=~\"$NODEPOOL\"})", + "hide": false, + "interval": "", + "legendFormat": "Total Counter", + "refId": "C" + } + ], + "thresholds": [ + { + "colorMode": "critical", + "op": "gt", + "value": 10, + "visible": true + } + ], + "title": "Karpenter Spot Interruptions", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 40 + }, + "id": 55, + "maxDataPoints": 9999999999, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max" + ], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum(increase(karpenter_nodeclaims_drifted{cluster=\"$CLUSTER\", nodepool=~\"$NODEPOOL\"})) by (type) > 0", + "interval": "", + "legendFormat": "{{type}}", + "refId": "A" + } + ], + "title": "Drift Tracker", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 47 + }, + "id": 15, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "min", + "max", + "mean" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true, + "sortBy": "Max", + "sortDesc": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "sum(karpenter_nodepool_usage{resource_type=\"cpu\", cluster=\"$CLUSTER\", nodepool=~\"$NODEPOOL\"}) by (nodepool)", + "interval": "", + "legendFormat": "{{nodepool}}", + "range": true, + "refId": "A" + } + ], + "title": "Current Provisioned Cores", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 47 + }, + "id": 16, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "min", + "max", + "mean" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "sum(karpenter_nodepool_usage{resource_type=\"memory\", cluster=\"$CLUSTER\", nodepool=~\"$NODEPOOL\"}) by (nodepool)", + "interval": "", + "legendFormat": "{{cluster}} {{nodepool}}", + "range": true, + "refId": "A" + } + ], + "title": "Current Provisioned Memory", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 55 + }, + "id": 57, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max" + ], + "displayMode": "table", + "placement": "right" + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum(karpenter_nodes_total_pod_requests{nodepool=~\"$NODEPOOL\",resource_type=\"cpu\"}) by (nodepool)", + "instant": false, + "interval": "", + "legendFormat": "[{{nodepool}}] Pods", + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum(karpenter_nodes_total_daemon_requests{nodepool=~\"$NODEPOOL\",resource_type=\"cpu\"}) by (nodepool)", + "hide": false, + "instant": false, + "interval": "", + "legendFormat": "[{{nodepool}}] DaemonSets", + "refId": "C" + } + ], + "title": "CPU Requests for Pods and DaemonSets", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 55 + }, + "id": 59, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max" + ], + "displayMode": "table", + "placement": "right" + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum(karpenter_nodes_total_pod_requests{nodepool=~\"$NODEPOOL\",resource_type=\"memory\"}) by (nodepool)", + "instant": false, + "interval": "", + "legendFormat": "[{{nodepool}}] Pods", + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum(karpenter_nodes_total_daemon_requests{nodepool=~\"$NODEPOOL\",resource_type=\"memory\"}) by (nodepool)", + "hide": false, + "instant": false, + "interval": "", + "legendFormat": "[{{nodepool}}] DaemonSets", + "refId": "C" + } + ], + "title": "Memory Requests for Pods and DaemonSets", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 63 + }, + "id": 35, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "mean" + ], + "displayMode": "table", + "placement": "right", + "sortBy": "Max", + "sortDesc": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "count(kube_node_labels{cluster=\"$CLUSTER\",label_nodegroup=\"$NODEGROUP\", label_karpenter_sh_capacity_type!=\"\"}) by (label_karpenter_sh_capacity_type, label_karpenter_sh_nodepool)", + "interval": "", + "legendFormat": "[{{label_karpenter_sh_capacity_type}}]{{label_karpenter_sh_nodepool }}", + "refId": "A" + } + ], + "title": "LifeCycle", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 63 + }, + "id": 30, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "mean" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "sum(karpenter_nodepool_usage{cluster=\"$CLUSTER\", nodepool=~\"$NODEPOOL\"}) by (resource_type) / sum(karpenter_nodepool_limit{cluster=\"$CLUSTER\", nodepool=~\"$NODEPOOL\"}) by (resource_type)", + "interval": "", + "legendFormat": "{{resource_type}}", + "range": true, + "refId": "A" + } + ], + "title": "NodeGroup Usage Out Of limit", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 71 + }, + "id": 45, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "mean" + ], + "displayMode": "table", + "placement": "right", + "sortBy": "Max", + "sortDesc": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "count(kube_node_labels{cluster=\"$CLUSTER\",label_nodegroup=\"$NODEGROUP\", label_karpenter_sh_capacity_type!=\"\"}) by (label_node_kubernetes_io_instance_type)", + "interval": "", + "legendFormat": "{{label_node_kubernetes_io_instance_type}}", + "refId": "A" + } + ], + "title": "Instance Types", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 71 + }, + "id": 46, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "mean" + ], + "displayMode": "table", + "placement": "right", + "sortBy": "Max", + "sortDesc": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "count(kube_node_labels{cluster=\"$CLUSTER\",label_nodegroup=\"$NODEGROUP\", label_karpenter_sh_capacity_type!=\"\"}) by (label_node_kubernetes_io_instance_type,label_karpenter_sh_capacity_type, label_topology_kubernetes_io_zone)", + "interval": "", + "legendFormat": "[{{label_topology_kubernetes_io_zone}}][{{label_karpenter_sh_capacity_type}}]{{label_node_kubernetes_io_instance_type}}", + "refId": "A" + } + ], + "title": "Instance Types, lifecycle and zone", + "type": "timeseries" + } + ], + "refresh": false, + "schemaVersion": 35, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "current": {}, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "definition": "label_values(kube_node_labels,cluster)", + "hide": 0, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "CLUSTER", + "options": [], + "query": { + "query": "label_values(kube_node_labels,cluster)", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + }, + { + "current": {}, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "definition": "label_values(kube_node_labels{cluster=\"$CLUSTER\"},label_nodegroup)", + "hide": 0, + "includeAll": false, + "label": "Node Group", + "multi": false, + "name": "NODEGROUP", + "options": [], + "query": { + "query": "label_values(kube_node_labels{cluster=\"$CLUSTER\"},label_nodegroup)", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + }, + { + "current": {}, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "definition": "label_values(kube_node_labels{cluster=\"$CLUSTER\",label_nodegroup=\"$NODEGROUP\"},label_karpenter_sh_nodepool)", + "hide": 0, + "includeAll": true, + "label": "NodePool", + "multi": true, + "name": "NODEPOOL", + "options": [], + "query": { + "query": "label_values(kube_node_labels{cluster=\"$CLUSTER\",label_nodegroup=\"$NODEGROUP\"},label_karpenter_sh_nodepool)", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "Karpenter Per Node - Export", + "uid": "5DCs2Z-Sk", + "version": 2, + "weekStart": "" +} diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/_helpers.tpl b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/_helpers.tpl new file mode 100644 index 00000000..cdbf84a2 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/_helpers.tpl @@ -0,0 +1,21 @@ +{{/*Define headroom sizes*/}} +{{- define "headroom.sizing" -}} +{{- range $key, $val := .Args }} +{{- if eq $val "small" }} +cpu: "1" +memory: "4Gi" +{{- end }} +{{- if eq $val "medium" }} +cpu: "2" +memory: "8Gi" +{{- end }} +{{- if eq $val "large" }} +cpu: "4" +memory: "16Gi" +{{- end }} +{{- if eq $val "xlarge" }} +cpu: "8" +memory: "32Gi" +{{- end }} +{{- end }} +{{- end }} diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/headroom.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/headroom.yaml new file mode 100644 index 00000000..e312dfb7 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/headroom.yaml @@ -0,0 +1,64 @@ +{{- range $k, $v := .Values.nodeGroups }} +{{- range $nhr := $v.headRoom }} +{{ $data := + dict "sv" $nhr.size +}} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: headroom-{{ $k }}-{{ $v.instances.architecture | default $.Values.instances.architecture }}-{{ $nhr.size }} + namespace: {{ $.Values.headRoomNamespace | default "karpenter" }} + labels: + k8s-app: headroom-{{ $k }}-{{ $v.instances.architecture | default $.Values.instances.architecture }}-{{ $nhr.size }} +spec: + replicas: {{ $nhr.count | default 1}} + selector: + matchLabels: + k8s-app: headroom-{{ $k }}-{{ $v.instances.architecture | default $.Values.instances.architecture }}-{{ $nhr.size }} + template: + metadata: + labels: + k8s-app: headroom-{{ $k }}-{{ $v.instances.architecture | default $.Values.instances.architecture }}-{{ $nhr.size }} + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: karpenter.sh/nodepool + operator: In + values: + - {{ $k }}-{{ $v.instances.architecture | default $.Values.instances.architecture }} + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: k8s-app + operator: In + values: + - headroom-{{ $k }}-{{ $v.instances.architecture | default $.Values.instances.architecture }}-{{ $nhr.size }} + {{- if hasKey $nhr "antiAffinitySpec" }} + {{- $nhr.antiAffinitySpec | toYaml | nindent 14 }} + {{- end }} + topologyKey: kubernetes.io/hostname + {{- if hasKey $nhr "nameSpaces" }} + namespaces: + - {{ $.Values.headRoomNamespace | default "karpenter" }} + {{- range $nhr.nameSpaces }} + - {{ . }} + {{- end }} + {{- else }} + namespaces: {} + {{- end }} + tolerations: + - operator: Exists + containers: + - name: pause + image: registry.k8s.io/pause + resources: + requests: + {{- include "headroom.sizing" (merge (dict "Args" $data) . ) | indent 12 }} + priorityClassName: karpenter-headroom +{{- end }} +{{- end }} diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/nodeclass.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/nodeclass.yaml index 0f7b50dd..fd02ddd7 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/nodeclass.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/nodeclass.yaml @@ -1,28 +1,76 @@ -apiVersion: karpenter.k8s.aws/v1beta1 +{{- range $k, $v := $.Values.nodeGroups }} +{{- $_ := set $ "key" $k }} +{{- $_ := set $ "value" $v }} +{{- if not (hasKey $v "nodeClassRef") }} +--- +apiVersion: karpenter.k8s.aws/{{ $.Values.ApiVersion }} kind: EC2NodeClass metadata: - name: default - annotations: - argocd.argoproj.io/sync-wave: "1" + name: "{{ $k }}-{{ $v.instances.architecture | default $.Values.instances.architecture }}" spec: - amiFamily: {{ .Values.amiFamily | default .Values.global.amiFamily | quote }} - role: {{ .Values.nodeRole | default .Values.global.nodeRole | quote }} - securityGroupSelectorTerms: - - tags: - karpenter.sh/discovery: {{ .Values.clusterName | default .Values.global.clusterName | quote }} + {{- if hasKey $v "IamRole" }} + role: {{ $v.IamRole }} + {{- else if hasKey $v "IamInstanceProfile" }} + instanceProfile: {{ $v.IamInstanceProfile }} + {{- else if hasKey $.Values "IamRole" }} + role: {{ $.Values.IamRole }} + {{- else if hasKey $.Values "IamInstanceProfile" }} + instanceProfile: {{ $.Values.IamInstanceProfile }} + {{- else }} + {{- fail "nodeClass error: Either IamRole or IamInstanceProfile must be defined" }} + {{- end }} + amiFamily: {{ $v.amiFamily | default $.Values.amiFamily }} + amiSelectorTerms: + {{- if or (hasKey $v "amiSelectorTerms") (hasKey $.Values "amiSelectorTerms") }} + {{- toYaml ($v.amiSelectorTerms | default $.Values.amiSelectorTerms) | nindent 4 }} + {{- end }} subnetSelectorTerms: - - tags: - karpenter.sh/discovery: {{ .Values.clusterName | default .Values.global.clusterName | quote }} + {{- if hasKey $v "subnetSelectorTerms" }} + {{- toYaml $v.subnetSelectorTerms | nindent 4 }} + {{- else }} + {{- toYaml $.Values.subnetSelectorTerms | nindent 4 }} + {{- end }} + securityGroupSelectorTerms: + {{- if hasKey $v "securityGroupSelectorTerms" }} + {{- toYaml $v.securityGroupSelectorTerms | nindent 4 }} + {{- else }} + {{- toYaml $.Values.securityGroupSelectorTerms | nindent 4 }} + {{- end }} + tags: + cluster: {{ $.Values.clusterName }} + {{ $.Values.nodeGroupLabelName }}: {{ $v.nodeGroupLabel | default $k }} + {{- if or (hasKey $v "nodeTags") (hasKey $.Values "nodeTags") }} + {{- toYaml ($v.nodeTags | default $.Values.nodeTags) | nindent 4 }} + {{- end }} + {{- if hasKey $v "additionalNodeTags" }} + {{- toYaml $v.additionalNodeTags | nindent 4 }} + {{- end }} + managed_by: karpenter blockDeviceMappings: - # Root device - - deviceName: /dev/xvda - ebs: - volumeSize: 10Gi - volumeType: gp3 - encrypted: true - # Data device: Container resources such as images and logs - - deviceName: /dev/xvdb - ebs: - volumeSize: {{ .Values.volumeSize | default .Values.global.volumeSize | quote }} - volumeType: gp3 - encrypted: true + {{- if hasKey $v "blockDeviceMappings" }} + {{- toYaml $v.blockDeviceMappings | nindent 4 }} + {{- else }} + {{- toYaml $.Values.blockDeviceMappings | nindent 4 }} + {{- end }} + {{- if hasKey $v "instanceStorePolicy" }} + instanceStorePolicy: {{ $v.instanceStorePolicy }} + {{- else if hasKey $.Values "instanceStorePolicy" }} + instanceStorePolicy: {{ $.Values.instanceStorePolicy }} + {{- end }} + detailedMonitoring: {{ $v.detailedMonitoring | default $.Values.detailedMonitoring }} + associatePublicIPAddress: {{ $v.associatePublicIPAddress | default $.Values.associatePublicIPAddress }} + metadataOptions: + httpEndpoint: {{ $v.metaDataHttpEndpoint | default $.Values.metaDataHttpEndpoint }} + httpProtocolIPv6: {{ $v.metaDataHttpProtocolIPv6 | default $.Values.metaDataHttpProtocolIPv6 }} + httpPutResponseHopLimit: {{ $v.metaDataHttpPutResponseHopLimit | default $.Values.metaDataHttpPutResponseHopLimit }} + httpTokens: {{ $v.metaDataHttpTokens | default $.Values.metaDataHttpTokens }} + {{- if or (hasKey $v "userData") (hasKey $.Values "userData") }} + userData: | + {{- if hasKey $v "userData" }} + {{- tpl $v.userData $ | nindent 4 }} + {{- else if hasKey $.Values "userData" }} + {{- tpl $.Values.userData $ | nindent 4 }} + {{- end }} + {{- end}} +{{- end }} +{{- end }} diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/nodepool.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/nodepool.yaml new file mode 100644 index 00000000..c539f9aa --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/nodepool.yaml @@ -0,0 +1,222 @@ +{{- range $k, $v := $.Values.nodeGroups }} +--- +apiVersion: karpenter.sh/{{ $.Values.ApiVersion }} +kind: NodePool +metadata: + name: "{{ $k }}-{{ $v.instances.architecture | default $.Values.instances.architecture }}" +spec: + template: + metadata: + labels: + {{ $.Values.nodeGroupLabelName }}: {{ $v.nodeGroupLabel | default $k }} + cluster: {{ $.Values.clusterName }} + {{- if hasKey $v "labels" }} + {{- range $labelName, $labelValue := $v.labels }} + {{ $labelName }}: {{ $labelValue }} + {{- end }} + {{- end }} + {{- if hasKey $v "annotations" }} + annotations: + {{- range $annotationName, $annotationValue := $v.annotations }} + {{ $annotationName }}: {{ $annotationValue }} + {{- end }} + {{- end }} + spec: + nodeClassRef: + {{- if hasKey $v "nodeClassRef" }} + {{- $v.nodeClassRef | toYaml | nindent 8 }} + {{- else }} + name: {{ $k }}-{{ $v.instances.architecture | default $.Values.instances.architecture }} + {{- end }} + {{- if or (hasKey $v "taints") (eq ($v.autoTaint | default $.Values.autoTaint) "true") }} + taints: + {{- if eq ($v.autoTaint | default $.Values.autoTaint) "true" }} + - key: dedicated + effect: NoSchedule + value: {{ ($v.nodeGroupLabel | default $k) | replace "-" "_" }} + {{- end }} + {{- if hasKey $v "taints" }} + {{- range $v.taints }} + - key: {{ .key }} + value: {{ .value }} + effect: {{ .effect }} + {{- end }} + {{- end }} + {{- end }} + {{- if or (hasKey $v "startupTaints") ($v.cilium | default $.Values.cilium) }} + startupTaints: + {{- if hasKey $v "startupTaints" }} + {{- range $v.startupTaints }} + - key: {{ .key }} + value: {{ .value }} + effect: {{ .effect }} + {{- end }} + {{- end }} + {{- if $v.cilium | default $.Values.cilium }} + - key: node.cilium.io/agent-not-ready + value: "true" + effect: {{ $v.ciliumEffect | default $.Values.ciliumEffect }} + {{- end }} + {{- end }} + requirements: + {{- if not (hasKey $v.instances "instanceTypes") }} + - key: "karpenter.k8s.aws/instance-category" + operator: In + values: + {{- range $v.instances.categories | default $.Values.instances.categories }} + - {{ . }} + {{- end }} + - key: "karpenter.k8s.aws/instance-cpu" + operator: In + values: + {{- range $v.instances.cores | default $.Values.instances.cores }} + - {{ . | quote }} + {{- end }} + - key: karpenter.k8s.aws/instance-generation + operator: Gt + values: + - {{ sub ($v.instances.minGeneration | default $.Values.instances.minGeneration) 1 | quote }} + {{- end }} + - key: "kubernetes.io/arch" + operator: In + values: + {{- if eq ($v.instances.architecture | default $.Values.instances.architecture) "multiarch" }} + - amd64 + - arm64 + {{- else }} + - {{ $v.instances.architecture | default $.Values.instances.architecture }} + {{- end }} + - key: "karpenter.sh/capacity-type" + operator: In + values: + {{- range $v.instances.capacityType | default $.Values.instances.capacityType }} + - {{ . }} + {{- end }} + - key: kubernetes.io/os + operator: In + values: + {{- range $v.instances.operatingSystems | default $.Values.instances.operatingSystems }} + - {{ . }} + {{- end }} + {{- if or (hasKey $.Values "excludeFamilies") (hasKey $v "excludeFamilies") }} + - key: "karpenter.k8s.aws/instance-family" + operator: NotIn + values: + {{- if hasKey $v "excludeFamilies" }} + {{- range $v.excludeFamilies }} + - {{ . }} + {{- end }} + {{- else }} + {{- range $.Values.excludeFamilies }} + - {{ . }} + {{- end }} + {{- end }} + {{- end }} + {{- if or (hasKey $.Values "excludeInstanceSize") (hasKey $v "excludeInstanceSize") }} + - key: "karpenter.k8s.aws/instance-size" + operator: NotIn + values: + {{- if hasKey $v "excludeInstanceSize" }} + {{- range $v .excludeInstanceSize }} + - {{ . }} + {{- end }} + {{- else }} + {{- range $.Values.excludeInstanceSize }} + - {{ . }} + {{- end }} + {{- end }} + {{- end }} + {{- if hasKey $v "capacitySpread" }} + - key: capacity-spread + operator: In + values: + {{- range untilStep (int $v.capacitySpread.start) (int (add1 $v.capacitySpread.end)) 1 }} + - "{{ . }}" + {{- end }} + {{- end }} + {{- if hasKey $v.instances "instanceTypes" }} + - key: node.kubernetes.io/instance-type + operator: In + values: + {{- range $v.instances.instanceTypes }} + - {{ . -}} + {{- end }} + {{- end }} + {{- if or (hasKey $.Values "additionalRequirements") (hasKey $v "additionalRequirements") }} + {{- toYaml ($v.additionalRequirements | default $.Values.additionalRequirements) | nindent 8 }} + {{- end }} + kubelet: + {{- if or (hasKey $v "kubeletClusterDNS") (hasKey $.Values "kubeletClusterDNS") }} + clusterDNS: + {{- if hasKey $v "kubeletClusterDNS" }} + {{- range $v.kubeletClusterDNS }} + - {{ . }} + {{- end }} + {{- else }} + {{- range $.Values.kubeletClusterDNS }} + - {{ . }} + {{- end }} + {{- end }} + {{- end }} + systemReserved: + cpu: {{ $v.kubeletSystemReservedCpu | default $.Values.kubeletSystemReservedCpu }} + memory: {{ $v.kubeletSystemReservedMemory | default $.Values.kubeletSystemReservedMemory }} + ephemeral-storage: {{ $v.kubeletSystemReservedEphemeralStorage | default $.Values.kubeletSystemReservedEphemeralStorage }} + kubeReserved: + cpu: {{ $v.kubeletKubeReservedCpu | default $.Values.kubeletKubeReservedCpu }} + memory: {{ $v.kubeletKubeReservedMemory | default $.Values.kubeletKubeReservedMemory }} + ephemeral-storage: {{ $v.kubeletKubeReservedEphemeralStorage | default $.Values.kubeletKubeReservedEphemeralStorage }} + evictionHard: + memory.available: {{ $v.kubeletEvictionHardMemoryAvailable | default $.Values.kubeletEvictionHardMemoryAvailable }} + nodefs.available: {{ $v.kubeletEvictionHardNodefsAvailable | default $.Values.kubeletEvictionHardNodefsAvailable }} + nodefs.inodesFree: {{ $v.kubeletEvictionHardNodefsInodesFree | default $.Values.kubeletEvictionHardNodefsInodesFree }} + evictionSoft: + memory.available: {{ $v.kubeletEvictionSoftMemoryAvailable | default $.Values.kubeletEvictionSoftMemoryAvailable }} + nodefs.available: {{ $v.kubeletEvictionSoftNodefsAvailable | default $.Values.kubeletEvictionSoftNodefsAvailable }} + nodefs.inodesFree: {{ $v.kubeletEvictionSoftNodefsInodesFree | default $.Values.kubeletEvictionSoftNodefsInodesFree }} + imagefs.available: {{ $v.kubeletEvictionSoftImagefsAvailable | default $.Values.kubeletEvictionSoftImagefsAvailable }} + imagefs.inodesFree: {{ $v.kubeletEvictionSoftImagefsInodesFree | default $.Values.kubeletEvictionSoftImagefsInodesFree }} + pid.available: {{ $v.kubeletEvictionSoftPidAvailable | default $.Values.kubeletEvictionSoftPidAvailable }} + evictionSoftGracePeriod: + imagefs.available: {{ $v.kubeletEvictionSoftGracePeriodImagefsAvailable | default $.Values.kubeletEvictionSoftGracePeriodImagefsAvailable }} + imagefs.inodesFree: {{ $v.kubeletEvictionSoftGracePeriodImagefsInodesFree | default $.Values.kubeletEvictionSoftGracePeriodImagefsInodesFree }} + memory.available: {{ $v.kubeletEvictionSoftGracePeriodMemoryAvailable | default $.Values.kubeletEvictionSoftGracePeriodMemoryAvailable }} + nodefs.available: {{ $v.kubeletEvictionSoftGracePeriodNodefsAvailable | default $.Values.kubeletEvictionSoftGracePeriodNodefsAvailable }} + nodefs.inodesFree: {{ $v.kubeletEvictionSoftGracePeriodNodefsInodesFree | default $.Values.kubeletEvictionSoftGracePeriodNodefsInodesFree }} + pid.available: {{ $v.kubeletEvictionSoftGracePeriodPidAvailable | default $.Values.kubeletEvictionSoftGracePeriodPidAvailable }} + {{- if or (hasKey $v "kubeletImageGCHighThresholdPercent") (hasKey $.Values "kubeletImageGCHighThresholdPercent") }} + imageGCHighThresholdPercent: {{ $v.kubeletImageGCHighThresholdPercent | default $.Values.kubeletImageGCHighThresholdPercent }} + {{- end }} + {{- if or (hasKey $v "kubeletImageGCLowThresholdPercent") (hasKey $.Values "kubeletImageGCLowThresholdPercent") }} + imageGCLowThresholdPercent: {{ $v.kubeletImageGCLowThresholdPercent | default $.Values.kubeletImageGCLowThresholdPercent }} + {{- end }} + {{- if or (hasKey $v "kubeletImageMinimumGCAge") (hasKey $.Values "kubeletImageMinimumGCAge") }} + imageMinimumGCAge: {{ $v.kubeletImageMinimumGCAge | default $.Values.kubeletImageMinimumGCAge }} + {{- end }} + {{- if or (hasKey $v "kubeletCpuCFSQuota") (hasKey $.Values "kubeletCpuCFSQuota") }} + cpuCFSQuota: {{ $v.kubeletCpuCFSQuota | default $.Values.kubeletCpuCFSQuota }} + {{- end }} + {{- if or (hasKey $v "kubeletPodsPerCore") (hasKey $.Values "kubeletPodsPerCore") }} + podsPerCore: {{ $v.kubeletPodsPerCore | default $.Values.kubeletPodsPerCore }} + {{- end }} + {{- if or (hasKey $v "kubeletMaxPods") (hasKey $.Values "kubeletMaxPods") }} + maxPods: {{ $v.kubeletMaxPods | default $.Values.kubeletMaxPods }} + {{- end }} + disruption: + expireAfter: {{ $v.expireAfter | default $.Values.expireAfter }} + consolidationPolicy: {{$v.consolidationPolicy | default $.Values.consolidationPolicy}} + {{- if eq ($v.consolidationPolicy | default $.Values.consolidationPolicy) "WhenEmpty" }} + consolidateAfter: {{ $v.consolidateAfter | default $.Values.consolidateAfter }} + {{- end }} + {{- if $v.budgets }} + budgets: + {{- toYaml $v.budgets | nindent 6 }} + {{- end }} + {{- if hasKey $v "limits" }} + limits: + {{- range $limitName, $limitValue := $v.limits }} + {{ $limitName }}: {{ $limitValue }} + {{- end }} + {{- end }} + weight: {{ $v.weight | default $.Values.weight }} +{{- end }} diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/priorityclass.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/priorityclass.yaml new file mode 100644 index 00000000..f3b75b7c --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/priorityclass.yaml @@ -0,0 +1,9 @@ +{{- if .Values.headRoom -}} +apiVersion: scheduling.k8s.io/v1 +kind: PriorityClass +metadata: + name: karpenter-headroom +value: -1000000 +globalDefault: false +description: "Used for dummy pods to generate headroom in karpenter" +{{- end -}} diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/headroom_nodes_default_test.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/headroom_nodes_default_test.yaml new file mode 100644 index 00000000..134bb3fd --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/headroom_nodes_default_test.yaml @@ -0,0 +1,55 @@ +suite: test headroom nodes-default +templates: + - headroom.yaml + +values: + - values.yaml + +tests: + - it: Verify nodes-default metadata + documentIndex: 0 + asserts: + - isKind: + of: Deployment + - equal: + path: metadata.name + value: headroom-nodes-default-amd64-small + - equal: + path: metadata.labels.k8s-app + value: headroom-nodes-default-amd64-small + + - it: Verify nodes-default affinity + documentIndex: 0 + asserts: + - equal: + path: spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].key + value: karpenter.sh/nodepool + - equal: + path: spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].operator + value: In + - equal: + path: spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[0] + value: nodes-default-amd64 + - equal: + path: spec.template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].labelSelector.matchExpressions[0].key + value: k8s-app + - equal: + path: spec.template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].labelSelector.matchExpressions[0].operator + value: In + - equal: + path: spec.template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].labelSelector.matchExpressions[0].values[0] + value: headroom-nodes-default-amd64-small + - equal: + path: spec.template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].namespaces + value: {} + + - it: Verify nodes-default Requests + documentIndex: 0 + asserts: + - equal: + path: spec.template.spec.containers[0].resources.requests.cpu + value: "1" + - equal: + path: spec.template.spec.containers[0].resources.requests.memory + value: 4Gi + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/headroom_nodes_workers_test.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/headroom_nodes_workers_test.yaml new file mode 100644 index 00000000..bea2ff0c --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/headroom_nodes_workers_test.yaml @@ -0,0 +1,73 @@ +suite: test headroom nodes-workers +templates: + - headroom.yaml + +values: + - values.yaml + +tests: + - it: Verify nodes-workers metadata + documentIndex: 1 + asserts: + - isKind: + of: Deployment + - equal: + path: metadata.name + value: headroom-nodes-workers-arm64-xlarge + - equal: + path: metadata.labels.k8s-app + value: headroom-nodes-workers-arm64-xlarge + + - it: Verify nodes-workers affinity + documentIndex: 1 + asserts: + - equal: + path: spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].key + value: karpenter.sh/nodepool + - equal: + path: spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].operator + value: In + - equal: + path: spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[0] + value: nodes-workers-arm64 + - equal: + path: spec.template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].labelSelector.matchExpressions[0].key + value: k8s-app + - equal: + path: spec.template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].labelSelector.matchExpressions[0].operator + value: In + - equal: + path: spec.template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].labelSelector.matchExpressions[0].values[0] + value: headroom-nodes-workers-arm64-xlarge + - equal: + path: spec.template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].labelSelector.matchExpressions[1].key + value: testlabel2 + - equal: + path: spec.template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].labelSelector.matchExpressions[1].operator + value: In + - equal: + path: spec.template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].labelSelector.matchExpressions[1].values[0] + value: value1 + - equal: + path: spec.template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].labelSelector.matchExpressions[1].values[1] + value: value2 + - equal: + path: spec.template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].namespaces[0] + value: karpenter + - equal: + path: spec.template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].namespaces[1] + value: default + - equal: + path: spec.template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].namespaces[2] + value: kube-system + + - it: Verify nodes-workers Requests + documentIndex: 1 + asserts: + - equal: + path: spec.template.spec.containers[0].resources.requests.cpu + value: "8" + - equal: + path: spec.template.spec.containers[0].resources.requests.memory + value: 32Gi + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/nodeclass_test.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/nodeclass_test.yaml new file mode 100644 index 00000000..3c0a0e92 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/nodeclass_test.yaml @@ -0,0 +1,148 @@ +suite: test nodeclasses +templates: + - nodeclass.yaml +values: + - values.yaml +tests: + - it: should only render 2 nodeclasses + asserts: + - hasDocuments: + count: 2 + - it: Verify nodes-default + documentIndex: 0 + asserts: + - isKind: + of: EC2NodeClass + - equal: + path: metadata.name + value: nodes-default-amd64 + - equal: + path: spec.role + value: eks_nodes_role + - isNull: + path: spec.instanceProfile + - equal: + path: spec.amiFamily + value: AL2 + - equal: + path: spec.subnetSelectorTerms[0].tags.Name + value: eks-subnet-1 + - equal: + path: spec.securityGroupSelectorTerms[1].tags.Name + value: my-security-group-2 + - equal: + path: spec.tags.nodegroup + value: nodes-default + - equal: + path: spec.tags.component + value: eks-karpenter-nodes + - equal: + path: spec.tags.cluster + value: eks-dev + - equal: + path: spec.blockDeviceMappings[0].deviceName + value: /dev/xvda + - equal: + path: spec.blockDeviceMappings[0].ebs.volumeSize + value: 100Gi + - isNull: + path: spec.instanceStorePolicy + - equal: + path: spec.metadataOptions.httpTokens + value: required + - equal: + path: spec.metadataOptions.httpEndpoint + value: enabled + - equal: + path: spec.metadataOptions.httpProtocolIPv6 + value: disabled + - equal: + path: spec.metadataOptions.httpPutResponseHopLimit + value: 2 + - equal: + path: spec.detailedMonitoring + value: false + - equal: + path: spec.associatePublicIPAddress + value: false + + + - it: Verify nodes-workers + documentIndex: 1 + asserts: + - isKind: + of: EC2NodeClass + - equal: + path: metadata.name + value: nodes-workers-arm64 + - isNull: + path: spec.role + - equal: + path: spec.instanceProfile + value: arn:aws:blablablabla + - equal: + path: spec.amiFamily + value: BottleRocket + - equal: + path: spec.amiSelectorTerms[0].tags.environment + value: test + - equal: + path: spec.amiSelectorTerms[1].name + value: my-ami + - equal: + path: spec.amiSelectorTerms[2].id + value: ami-123 + - equal: + path: spec.subnetSelectorTerms[0].tags.Name + value: eks-subnet-workers-1 + - equal: + path: spec.securityGroupSelectorTerms[1].tags.Name + value: my-security-group-workers-2 + - equal: + path: spec.tags.nodegroup + value: nodes-workers + - equal: + path: spec.tags.component + value: eks-karpenter-nodes + - equal: + path: spec.tags.cluster + value: eks-dev + - equal: + path: spec.tags.testtag1 + value: tag1 + - equal: + path: spec.tags.testtag2 + value: tag2 + - equal: + path: spec.blockDeviceMappings[0].deviceName + value: /dev/xvda + - equal: + path: spec.blockDeviceMappings[0].ebs.volumeSize + value: 150Gi + - equal: + path: spec.instanceStorePolicy + value: test + - equal: + path: spec.metadataOptions.httpTokens + value: required + - equal: + path: spec.metadataOptions.httpEndpoint + value: enabled + - equal: + path: spec.metadataOptions.httpProtocolIPv6 + value: disabled + - equal: + path: spec.metadataOptions.httpPutResponseHopLimit + value: 2 + - equal: + path: spec.userData + value: | + echo "Nodepool name is nodes-workers" + - equal: + path: spec.detailedMonitoring + value: true + - equal: + path: spec.associatePublicIPAddress + value: true + + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/nodepool_nodes_default_test.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/nodepool_nodes_default_test.yaml new file mode 100644 index 00000000..473ef5f7 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/nodepool_nodes_default_test.yaml @@ -0,0 +1,158 @@ +suite: test nodepool - nodes-default +templates: + - nodepool.yaml +values: + - values.yaml + +tests: + - it: Verify nodes-default metadata + documentIndex: 0 + asserts: + - isKind: + of: NodePool + - equal: + path: metadata.name + value: nodes-default-amd64 + - equal: + path: spec.template.metadata.labels.cluster + value: eks-dev + - equal: + path: spec.template.metadata.labels.nodegroup + value: nodes-default + - equal: + path: spec.template.metadata.labels.testlabel1 + value: label1 + - equal: + path: spec.template.metadata.labels.testlabel2 + value: label2 + - equal: + path: spec.template.spec.nodeClassRef.name + value: nodes-default-amd64 + - equal: + path: spec.template.spec.taints[0].key + value: testtaint1 + - equal: + path: spec.template.spec.taints[0].value + value: taint1 + - equal: + path: spec.template.spec.taints[0].effect + value: NoSchedule + - equal: + path: spec.template.spec.taints[1].key + value: testtaint2 + - equal: + path: spec.template.spec.taints[1].value + value: taint2 + - equal: + path: spec.template.spec.taints[1].effect + value: NoSchedule + + + - it: Verify nodes-default requirements + documentIndex: 0 + asserts: + - equal: + path: spec.template.spec.requirements[0].key + value: "karpenter.k8s.aws/instance-category" + - notContains: + path: spec.template.spec.requirements[0].values + content: t + - equal: + path: spec.template.spec.requirements[0].values[0] + value: m + - equal: + path: spec.template.spec.requirements[0].values[2] + value: c + - equal: + path: spec.template.spec.requirements[1].key + value: "karpenter.k8s.aws/instance-cpu" + - equal: + path: spec.template.spec.requirements[1].values[0] + value: "4" + - equal: + path: spec.template.spec.requirements[1].values[2] + value: "16" + - equal: + path: spec.template.spec.requirements[2].key + value: "karpenter.k8s.aws/instance-generation" + - equal: + path: spec.template.spec.requirements[2].operator + value: "Gt" + - equal: + path: spec.template.spec.requirements[2].values[0] + value: "6" + - equal: + path: spec.template.spec.requirements[3].key + value: "topology.kubernetes.io/zone" + - equal: + path: spec.template.spec.requirements[3].values[0] + value: "eu-west-1a" + - equal: + path: spec.template.spec.requirements[3].values[2] + value: "eu-west-1c" + - equal: + path: spec.template.spec.requirements[4].key + value: "kubernetes.io/arch" + - equal: + path: spec.template.spec.requirements[4].values[0] + value: "amd64" + - equal: + path: spec.template.spec.requirements[5].key + value: "karpenter.sh/capacity-type" + - equal: + path: spec.template.spec.requirements[5].values[0] + value: "spot" + - equal: + path: spec.template.spec.requirements[5].values[1] + value: "on-demand" + - equal: + path: spec.template.spec.requirements[6].key + value: "kubernetes.io/os" + - equal: + path: spec.template.spec.requirements[6].values[0] + value: "linux" + - equal: + path: spec.template.spec.requirements[7].key + value: "karpenter.k8s.aws/instance-family" + - equal: + path: spec.template.spec.requirements[7].values[0] + value: "c6a" + - equal: + path: spec.template.spec.requirements[8].key + value: "karpenter.k8s.aws/instance-size" + - equal: + path: spec.template.spec.requirements[8].operator + value: NotIn + - equal: + path: spec.template.spec.requirements[8].values[0] + value: metal + + - it: Verify nodes-default kubelet + documentIndex: 0 + asserts: + - equal: + path: spec.template.spec.kubelet.systemReserved.cpu + value: 250m + - equal: + path: spec.template.spec.kubelet.kubeReserved.ephemeral-storage + value: 4Gi + + - it: Verify nodes-default Options + documentIndex: 0 + asserts: + - equal: + path: spec.disruption.expireAfter + value: 720h + - equal: + path: spec.disruption.consolidationPolicy + value: WhenUnderutilized + - isNull: + path: spec.disruption.consolidateAfter + - isNull: + path: spec.disruption.budgets + - isNull: + path: spec.limits + - equal: + path: spec.weight + value: 1 + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/nodepool_nodes_explicittypes_test.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/nodepool_nodes_explicittypes_test.yaml new file mode 100644 index 00000000..565e6dba --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/nodepool_nodes_explicittypes_test.yaml @@ -0,0 +1,63 @@ +suite: test nodepool - nodes-explicittypes +templates: + - nodepool.yaml +values: + - values.yaml + +tests: + - it: Verify nodes-explicittypes metadata + documentIndex: 1 + asserts: + - isKind: + of: NodePool + - equal: + path: metadata.name + value: nodes-explicittypes-amd64 + - equal: + path: spec.template.metadata.labels.cluster + value: eks-dev + - equal: + path: spec.template.metadata.labels.nodegroup + value: nodes-explicittypes + - equal: + path: spec.template.spec.nodeClassRef.name + value: default + + - it: Verify nodes-explicittypes requirements + documentIndex: 1 + asserts: + - equal: + path: spec.template.spec.requirements[0].key + value: "topology.kubernetes.io/zone" + - equal: + path: spec.template.spec.requirements[1].key + value: "kubernetes.io/arch" + - equal: + path: spec.template.spec.requirements[2].key + value: "karpenter.sh/capacity-type" + - equal: + path: spec.template.spec.requirements[3].key + value: "kubernetes.io/os" + - equal: + path: spec.template.spec.requirements[4].key + value: "karpenter.k8s.aws/instance-size" + - equal: + path: spec.template.spec.requirements[5].key + value: "node.kubernetes.io/instance-type" + - equal: + path: spec.template.spec.requirements[5].values[0] + value: t3a.large + - equal: + path: spec.template.spec.requirements[5].values[1] + value: t3a.xlarge + - isNull: + path: spec.template.spec.requirements[6] + - equal: + path: spec.template.spec.startupTaints[0].key + value: "node.cilium.io/agent-not-ready" + - equal: + path: spec.template.spec.startupTaints[0].value + value: "true" + - equal: + path: spec.template.spec.startupTaints[0].effect + value: NoExecute diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/nodepool_nodes_noclass_test.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/nodepool_nodes_noclass_test.yaml new file mode 100644 index 00000000..798230d8 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/nodepool_nodes_noclass_test.yaml @@ -0,0 +1,97 @@ +suite: test nodepool - nodes-noclass +templates: + - nodepool.yaml +values: + - values.yaml + +tests: + - it: Verify nodes-noclass metadata + documentIndex: 2 + asserts: + - isKind: + of: NodePool + - equal: + path: metadata.name + value: nodes-noclass-amd64 + - equal: + path: spec.template.metadata.labels.cluster + value: eks-dev + - equal: + path: spec.template.metadata.labels.nodegroup + value: nodes-noclass + - equal: + path: spec.template.spec.nodeClassRef.name + value: default + + - it: Verify nodes-noclass requirements + documentIndex: 2 + asserts: + - equal: + path: spec.template.spec.requirements[0].key + value: "karpenter.k8s.aws/instance-category" + - notContains: + path: spec.template.spec.requirements[0].values + content: t + - equal: + path: spec.template.spec.requirements[0].values[0] + value: m + - equal: + path: spec.template.spec.requirements[0].values[2] + value: c + - equal: + path: spec.template.spec.requirements[1].key + value: "karpenter.k8s.aws/instance-cpu" + - equal: + path: spec.template.spec.requirements[1].values[0] + value: "4" + - equal: + path: spec.template.spec.requirements[1].values[2] + value: "16" + - equal: + path: spec.template.spec.requirements[2].key + value: "karpenter.k8s.aws/instance-generation" + - equal: + path: spec.template.spec.requirements[2].operator + value: "Gt" + - equal: + path: spec.template.spec.requirements[2].values[0] + value: "4" + - equal: + path: spec.template.spec.requirements[3].key + value: "topology.kubernetes.io/zone" + - equal: + path: spec.template.spec.requirements[3].values[0] + value: "eu-west-1a" + - equal: + path: spec.template.spec.requirements[3].values[2] + value: "eu-west-1c" + - equal: + path: spec.template.spec.requirements[4].key + value: "kubernetes.io/arch" + - equal: + path: spec.template.spec.requirements[4].values[0] + value: "amd64" + - equal: + path: spec.template.spec.requirements[5].key + value: "karpenter.sh/capacity-type" + - equal: + path: spec.template.spec.requirements[5].values[0] + value: "spot" + - equal: + path: spec.template.spec.requirements[5].values[1] + value: "on-demand" + - equal: + path: spec.template.spec.requirements[6].key + value: "kubernetes.io/os" + - equal: + path: spec.template.spec.requirements[6].values[0] + value: "linux" + - equal: + path: spec.template.spec.startupTaints[0].key + value: "node.cilium.io/agent-not-ready" + - equal: + path: spec.template.spec.startupTaints[0].value + value: "true" + - equal: + path: spec.template.spec.startupTaints[0].effect + value: NoSchedule diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/nodepool_nodes_workers_test.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/nodepool_nodes_workers_test.yaml new file mode 100644 index 00000000..33f897dd --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/nodepool_nodes_workers_test.yaml @@ -0,0 +1,211 @@ +suite: test nodepool - nodes-workers +templates: + - nodepool.yaml +values: + - values.yaml + +tests: + - it: Verify nodes-workers metadata + documentIndex: 3 + asserts: + - isKind: + of: NodePool + - equal: + path: metadata.name + value: nodes-workers-arm64 + - equal: + path: spec.template.metadata.labels.cluster + value: eks-dev + - equal: + path: spec.template.metadata.labels.nodegroup + value: nodes-workers + - isNull: + path: spec.template.metadata.labels.testlabel1 + - equal: + path: spec.template.metadata.annotations.testannotation1 + value: annotation1 + - equal: + path: spec.template.metadata.annotations.testannotation2 + value: annotation2 + - equal: + path: spec.template.spec.nodeClassRef.name + value: nodes-workers-arm64 + - equal: + path: spec.template.spec.startupTaints[0].key + value: testtaint1 + - equal: + path: spec.template.spec.startupTaints[0].value + value: taint1 + - equal: + path: spec.template.spec.startupTaints[0].effect + value: NoSchedule + - equal: + path: spec.template.spec.startupTaints[1].key + value: testtaint2 + - equal: + path: spec.template.spec.startupTaints[1].value + value: taint2 + - equal: + path: spec.template.spec.startupTaints[1].effect + value: NoSchedule + - equal: + path: spec.template.spec.taints[0].key + value: dedicated + - equal: + path: spec.template.spec.taints[0].value + value: nodes_workers + - equal: + path: spec.template.spec.taints[0].effect + value: NoSchedule + + - it: Verify nodes-workers requirements + documentIndex: 3 + asserts: + - equal: + path: spec.template.spec.requirements[0].key + value: "karpenter.k8s.aws/instance-category" + - notContains: + path: spec.template.spec.requirements[0].values + content: m + - equal: + path: spec.template.spec.requirements[0].values[0] + value: t + - equal: + path: spec.template.spec.requirements[0].values[1] + value: x + - equal: + path: spec.template.spec.requirements[1].key + value: "karpenter.k8s.aws/instance-cpu" + - equal: + path: spec.template.spec.requirements[1].values[0] + value: "2" + - equal: + path: spec.template.spec.requirements[1].values[1] + value: "6" + - equal: + path: spec.template.spec.requirements[2].key + value: "karpenter.k8s.aws/instance-generation" + - equal: + path: spec.template.spec.requirements[2].operator + value: "Gt" + - equal: + path: spec.template.spec.requirements[2].values[0] + value: "4" + - equal: + path: spec.template.spec.requirements[3].key + value: "topology.kubernetes.io/zone" + - equal: + path: spec.template.spec.requirements[3].values[0] + value: "eu-west-1g" + - equal: + path: spec.template.spec.requirements[4].key + value: "kubernetes.io/arch" + - equal: + path: spec.template.spec.requirements[4].values[0] + value: "arm64" + - equal: + path: spec.template.spec.requirements[5].key + value: "karpenter.sh/capacity-type" + - equal: + path: spec.template.spec.requirements[5].values[0] + value: "on-demand" + - equal: + path: spec.template.spec.requirements[6].key + value: "kubernetes.io/os" + - equal: + path: spec.template.spec.requirements[6].values[0] + value: "linux" + - equal: + path: spec.template.spec.requirements[7].key + value: "karpenter.k8s.aws/instance-family" + - equal: + path: spec.template.spec.requirements[7].operator + value: "NotIn" + - equal: + path: spec.template.spec.requirements[7].values[0] + value: "m6a" + - equal: + path: spec.template.spec.requirements[8].key + value: "karpenter.k8s.aws/instance-size" + - equal: + path: spec.template.spec.requirements[8].operator + value: NotIn + - equal: + path: spec.template.spec.requirements[8].values[0] + value: metal + - equal: + path: spec.template.spec.requirements[9].key + value: "capacity-spread" + - equal: + path: spec.template.spec.requirements[9].values[0] + value: "1" + - equal: + path: spec.template.spec.requirements[9].values[4] + value: "5" + # additional requirements + - equal: + path: spec.template.spec.requirements[10].key + value: "karpenter.k8s.aws/instance-local-nvme" + - equal: + path: spec.template.spec.requirements[10].operator + value: "Exists" + - equal: + path: spec.template.spec.requirements[11].key + value: "karpenter.k8s.aws/other" + - equal: + path: spec.template.spec.requirements[11].operator + value: "In" + - equal: + path: spec.template.spec.requirements[11].values[1] + value: "value2" + + + - it: Verify nodes-workers kubelet + documentIndex: 3 + asserts: + - equal: + path: spec.template.spec.kubelet.systemReserved.cpu + value: 750m + - equal: + path: spec.template.spec.kubelet.kubeReserved.ephemeral-storage + value: 4Gi + - equal: + path: spec.template.spec.kubelet.clusterDNS[0] + value: "1.1.1.1" + - equal: + path: spec.template.spec.kubelet.clusterDNS[1] + value: "2.2.2.2" + + - it: Verify nodes-workers Options + documentIndex: 3 + asserts: + - equal: + path: spec.disruption.expireAfter + value: 720h + - equal: + path: spec.disruption.consolidationPolicy + value: WhenEmpty + - equal: + path: spec.disruption.consolidateAfter + value: 10m + - equal: + path: spec.disruption.budgets[0].nodes + value: "5" + - equal: + path: spec.disruption.budgets[1].nodes + value: "0" + - equal: + path: spec.disruption.budgets[1].schedule + value: "@daily" + - equal: + path: spec.disruption.budgets[1].duration + value: "10m" + - equal: + path: spec.limits.cpu + value: 100 + - equal: + path: spec.limits.memory + value: "384Gi" + - equal: + path: spec.weight + value: 3 diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/priorityclass_test.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/priorityclass_test.yaml new file mode 100644 index 00000000..e99f836e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/priorityclass_test.yaml @@ -0,0 +1,21 @@ +suite: test priorityclass +templates: + - priorityclass.yaml + +values: + - values.yaml +tests: + - it: Verify priorityclass + documentIndex: 0 + asserts: + - isKind: + of: PriorityClass + - equal: + path: metadata.name + value: karpenter-headroom + - equal: + path: value + value: -1000000 + - equal: + path: globalDefault + value: false diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/values.yaml new file mode 100644 index 00000000..2382c102 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/values.yaml @@ -0,0 +1,168 @@ +#Nodegroups and customizeable overwrites +nodeGroups: + nodes-default: + instances: + minGeneration: 7 + budget: + - nodes: "2" + headRoom: + - size: small + count: 2 + labels: + testlabel1: label1 + testlabel2: label2 + taints: + - key: testtaint1 + effect: NoSchedule + value: taint1 + - key: testtaint2 + effect: NoSchedule + value: taint2 + excludeFamilies: + - c6a + + nodes-noclass: + instances: {} + nodeClassRef: + name: default + cilium: true + ciliumEffect: "NoSchedule" + + nodes-workers: + additionalNodeTags: + testtag1: tag1 + testtag2: tag2 + annotations: + testannotation1: annotation1 + testannotation2: annotation2 + weight: 3 + amiFamily: BottleRocket + consolidationPolicy: "WhenEmpty" + consolidateAfter: "10m" + blockDeviceMappings: + - deviceName: /dev/xvda + ebs: + volumeSize: 150Gi + volumeType: gp3 + encrypted: false + deleteOnTermination: true + iops: 3000 + throughput: 125 + IamInstanceProfile: "arn:aws:blablablabla" + detailedMonitoring: true + associatePublicIPAddress: true + excludeFamilies: + - m6a + headRoom: + - size: xlarge + count: 4 + antiAffinitySpec: + - key: testlabel2 + operator: In + values: + - value1 + - value2 + nameSpaces: + - default + - kube-system + additionalRequirements: + - key: "karpenter.k8s.aws/instance-local-nvme" + operator: "Exists" + - key: "karpenter.k8s.aws/other" + operator: "In" + values: + - "value1" + - "value2" + budgets: + - nodes: "5" + - nodes: "0" + schedule: "@daily" + duration: 10m + amiSelectorTerms: + - tags: + environment: test + - name: my-ami + - id: ami-123 + instances: + architecture: "arm64" + minGeneration: 5 + categories: + - t + - x + cores: + - "2" + - "6" + capacityType: + - on-demand + subnetSelectorTerms: + - tags: + Name: "eks-subnet-workers-1" + - tags: + Name: "eks-subnet-workers-2" + - tags: + Name: "eks-subnet-workers-3" + securityGroupSelectorTerms: + - tags: + Name: "my-security-group-workers-1" + - tags: + Name: "my-security-group-workers-2" + - tags: + Name: "my-security-group-workers-3" + availabilityZones: + - eu-west-1g + instanceStorePolicy: "test" + kubeletSystemReservedCpu: 750m + kubeletClusterDNS: + - "1.1.1.1" + - "2.2.2.2" + userData: | + echo "Nodepool name is {{ default .key }}" + capacitySpread: + start: 1 + end: 5 + limits: + cpu: "100" + memory: "384Gi" + startupTaints: + - key: testtaint1 + effect: NoSchedule + value: taint1 + - key: testtaint2 + effect: NoSchedule + value: taint2 + autoTaint: "true" + + nodes-explicittypes: + instances: + instanceTypes: + - t3a.large + - t3a.xlarge + nodeClassRef: + name: default + cilium: true + +#Default cluster Settings +clusterName: "eks-dev" +subnetSelectorTerms: +- tags: + Name: "eks-subnet-1" +- tags: + Name: "eks-subnet-2" +- tags: + Name: "eks-subnet-3" + +securityGroupSelectorTerms: +- tags: + Name: "my-security-group-1" +- tags: + Name: "my-security-group-2" +- tags: + Name: "my-security-group-3" + +availabilityZones: +- eu-west-1a +- eu-west-1b +- eu-west-1c + +excludeInstanceSize: +- metal diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/values.yaml index cd08fefe..5cf3695e 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/values.yaml @@ -1,12 +1,145 @@ -global: - clusterName: "foo" - volumeSize: "10Gi" - nodeRole: "karpenter" - amiFamily: Bottlerocket - environment: "production" -# clusterName: "foo" -# volumeSize: "10Gi" -# nodeRole: "karpenter" -# amiFamily: Bottlerocket -# environment: "production" + ## Global Configuration + # Karpenter API Version in CRD +ApiVersion: v1beta1 + + # Nodes Configuration +clusterName: "eks-cluster" # My Cluster Name +amiFamily: AL2 # Bottlerocket #AL2023, Can be overridden by amiSelectorTerms +IamRole: eks_nodes_role + +subnetSelectorTerms: [] + # - tags: + # cluster: eks-cluster + # karpenter.sh/discovery/eks-cluster: '*' + # - id: subnet-id + ## Reusing same Tag Name + # - tags: + # Name: "eks-subnet-1" + # - tags: + # Name: "eks-subnet-2" + +securityGroupSelectorTerms: [] + # - tags: + # cluster: eks-cluster + # karpenter.sh/discovery/eks-cluster: '*' + # - name: my-security-group + # - id: sg-063d7acfb4b06c82c + ## Reusing same Tag Name + # - tags: + # Name: "my-security-group-1" + # - tags: + # Name: "my-security-group-2" + +nodeGroupLabelName: nodegroup + +nodeTags: + team: devops + component: eks-karpenter-nodes + +availabilityZones: [] + + # MetaData Options +metaDataHttpEndpoint: enabled +metaDataHttpProtocolIPv6: disabled +metaDataHttpPutResponseHopLimit: 2 +metaDataHttpTokens: required + + # Storage +blockDeviceMappings: + - deviceName: /dev/xvda + ebs: + volumeSize: 100Gi + volumeType: gp3 + encrypted: false + deleteOnTermination: true + iops: 3000 + throughput: 125 + +detailedMonitoring: false +associatePublicIPAddress: false + # Consolidation Options +expireAfter: "720h" +consolidationPolicy: "WhenUnderutilized" +consolidateAfter: "5m" + + # Default Instance Sizing +instances: + minGeneration: 5 + architecture: "amd64" + categories: + - m + - r + - c + cores: + - "4" + - "8" + - "16" + capacityType: + - spot + - on-demand + operatingSystems: + - linux + +autoTaint: "false" + ## Exclude weak types of AMD instances + # excludeFamilies: + # - c6a + # - m6a + # - r6a + # - c5a + # - m5a + # - r5a + # - c6ad + # - m6ad + # - r6ad + # - m5ad + # - r5ad + # - r5ad + + ## Exclude Expensive types like Metal + # excludeInstanceSize: + # - metal + + # Kubelet Configuration paramemters + # kubeletClusterDNS: [] +kubeletSystemReservedCpu: 250m +kubeletSystemReservedMemory: 200Mi +kubeletSystemReservedEphemeralStorage: 2Gi +kubeletKubeReservedCpu: 250m +kubeletKubeReservedMemory: 1Gi +kubeletKubeReservedEphemeralStorage: 4Gi +kubeletEvictionHardMemoryAvailable: 768Mi +kubeletEvictionHardNodefsAvailable: 8% +kubeletEvictionHardNodefsInodesFree: 8% +kubeletEvictionSoftMemoryAvailable: 1280Mi +kubeletEvictionSoftNodefsAvailable: 10% +kubeletEvictionSoftNodefsInodesFree: 15% +kubeletEvictionSoftImagefsAvailable: 10% +kubeletEvictionSoftImagefsInodesFree: 10% +kubeletEvictionSoftPidAvailable: 10% +kubeletEvictionSoftGracePeriodImagefsAvailable: 10m0s +kubeletEvictionSoftGracePeriodImagefsInodesFree: 10m0s +kubeletEvictionSoftGracePeriodMemoryAvailable: 5m0s +kubeletEvictionSoftGracePeriodNodefsAvailable: 10m0s +kubeletEvictionSoftGracePeriodNodefsInodesFree: 10m0s +kubeletEvictionSoftGracePeriodPidAvailable: 2m0s + # kubeletImageGCHighThresholdPercent: 85 + # kubeletImageGCLowThresholdPercent: 80 + # kubeletImageMinimumGCAge: 2m0s + # kubeletCpuCFSQuota: true + # kubeletPodsPerCore: 5 + # kubeletMaxPods: 110 +weight: 1 + ## Create Low Priority Class For Generating Headroom +headRoom: false + + # PlaceHolder fo NodeGroups +nodeGroups: {} + +# additionalRequirements: +# - key: "karpenter.k8s.aws/instance-local-nvme" +# operator: "Exists" + +cilium: false +ciliumEffect: "NoExecute" # "NoSchedule" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/.helmignore b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter_old/.helmignore similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/.helmignore rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter_old/.helmignore diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/.keep b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter_old/.keep similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/.keep rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter_old/.keep diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter_old/Chart.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter_old/Chart.yaml new file mode 100644 index 00000000..ecfa8278 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter_old/Chart.yaml @@ -0,0 +1,19 @@ +apiVersion: v2 +name: karpenter-resources +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 1.0.0 + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/_helpers.tpl b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter_old/_helpers.tpl similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/_helpers.tpl rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter_old/_helpers.tpl diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter_old/templates/nodeclass.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter_old/templates/nodeclass.yaml new file mode 100644 index 00000000..0f7b50dd --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter_old/templates/nodeclass.yaml @@ -0,0 +1,28 @@ +apiVersion: karpenter.k8s.aws/v1beta1 +kind: EC2NodeClass +metadata: + name: default + annotations: + argocd.argoproj.io/sync-wave: "1" +spec: + amiFamily: {{ .Values.amiFamily | default .Values.global.amiFamily | quote }} + role: {{ .Values.nodeRole | default .Values.global.nodeRole | quote }} + securityGroupSelectorTerms: + - tags: + karpenter.sh/discovery: {{ .Values.clusterName | default .Values.global.clusterName | quote }} + subnetSelectorTerms: + - tags: + karpenter.sh/discovery: {{ .Values.clusterName | default .Values.global.clusterName | quote }} + blockDeviceMappings: + # Root device + - deviceName: /dev/xvda + ebs: + volumeSize: 10Gi + volumeType: gp3 + encrypted: true + # Data device: Container resources such as images and logs + - deviceName: /dev/xvdb + ebs: + volumeSize: {{ .Values.volumeSize | default .Values.global.volumeSize | quote }} + volumeType: gp3 + encrypted: true diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/pool.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter_old/templates/pool.yaml similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/pool.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter_old/templates/pool.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter_old/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter_old/values.yaml new file mode 100644 index 00000000..cd08fefe --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter_old/values.yaml @@ -0,0 +1,12 @@ +global: + clusterName: "foo" + volumeSize: "10Gi" + nodeRole: "karpenter" + amiFamily: Bottlerocket + environment: "production" +# clusterName: "foo" +# volumeSize: "10Gi" +# nodeRole: "karpenter" +# amiFamily: Bottlerocket +# environment: "production" + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/karpenter/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/karpenter/resources/values.yaml index bf1d26d1..6b57637c 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/karpenter/resources/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/karpenter/resources/values.yaml @@ -1,3 +1,54 @@ # karpenter resources like nodepool and nodeclass environment: dev +nodeGroups: + nodes-default: + instances: + categories: + - c + - m + - r + +instances: + minGeneration: 5 + architecture: "amd64" + categories: + - m + - r + cores: + - "4" + - "8" + - "16" + capacityType: + - spot + - on-demand + operatingSystems: + - linux + minGeneration: 5 + + +clusterName: in-cluster +IamRole: myRole +amiFamily: Bottlerocket +securityGroupSelectorTerms: +- tags: + karpenter.sh/discovery: 'in-cluster' +subnetSelectorTerms: +- tags: + karpenter.sh/discovery: 'in-cluster' +nodeTags: + component: gitops-bridge + team: gitops-bridge +blockDeviceMappings: +- deviceName: /dev/xvda + ebs: + volumeSize: 10Gi + volumeType: gp3 + encrypted: true +- deviceName: /dev/xvdb + ebs: + volumeSize: 20Gi + volumeType: gp3 + encrypted: true + + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf b/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf index 18a21de3..1c1822ae 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf @@ -35,6 +35,7 @@ locals { region = var.region environment = var.environment + tenant = var.tenant cluster_version = var.kubernetes_version @@ -98,8 +99,8 @@ locals { addons = merge( local.aws_addons, local.oss_addons, + { tenant = local.tenant }, { kubernetes_version = local.cluster_version }, - {argocd.argoproj.io/kubernetes-version = local.cluster_version}, { aws_cluster_name = module.eks.cluster_name } ) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/variables.tf b/argocd/iac/terraform/examples/eks/single-cluster-v2/variables.tf index 299872c0..0650e4a3 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/variables.tf +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/variables.tf @@ -18,6 +18,11 @@ variable "environment" { type = string default = "dev" } +variable "tenant" { + description = "Tenant for addon stacks" + type = string + default = "tenant1" # make it empty string if you don't want to use tenant +} variable "addons" { description = "Kubernetes addons" From 92aebd405c15ae1f330471432413786d1e9c91b9 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Sun, 4 Aug 2024 15:35:41 -0400 Subject: [PATCH 70/90] add license to karpenter community repo Signed-off-by: Carlos Santana --- .../gitops/charts/resources/karpenter/LICENSE | 201 ++++++++++++++++++ .../charts/resources/karpenter/README-REPO.md | 32 +++ 2 files changed, 233 insertions(+) create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/LICENSE create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/README-REPO.md diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/LICENSE b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/LICENSE new file mode 100644 index 00000000..261eeb9e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/README-REPO.md b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/README-REPO.md new file mode 100644 index 00000000..e2f18f43 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/README-REPO.md @@ -0,0 +1,32 @@ +NOTICE: This chart is original from https://github.com/fiverr/public_charts + + +# Fiverr Community Helm Charts + +The code is provided as-is with no warranties. + +## Usage + +[Helm](https://helm.sh) must be installed to use the charts. +Please refer to Helm's [documentation](https://helm.sh/docs/) to get started. + +Once Helm is set up properly, add the repository as follows: + +```console +helm repo add fiverr_public https://opensource.fiverr.com/public_charts/ +``` + +You can then run `helm search repo fiverr_public` to see the charts. + +## License + + +[Apache 2.0 License](https://github.com/fiverr/public_charts/blob/master/LICENSE). + +## Helm charts build status + +![Release Charts](https://github.com/fiverr/public_charts/actions/workflows/release.yml/badge.svg?branch=master) +![Tests](https://github.com/fiverr/public_charts/actions/workflows/test.yml/badge.svg) + +## Charts +[Karpenter Nodes](https://github.com/fiverr/public_charts/tree/master/charts/karpenter_nodes) From 9e517c2439e0c00a7b5b49969537823f9d6ed3c6 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Sun, 4 Aug 2024 15:43:34 -0400 Subject: [PATCH 71/90] update Signed-off-by: Carlos Santana --- .../charts/gitops-bridge/templates/applicationsets.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml index d904c995..0871ed05 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml @@ -102,12 +102,12 @@ spec: repoURL: {{ $repoURLGit }} revision: {{ $repoURLGitRevision }} files: - - path: '{{ $repoURLGitBasePath }}{{ $stackPathConfigPrefix }}{{`{{.metadata.annotations.kubernetes_version}}`}}{{ $stackPathConfig }}' + - path: '{{ $repoURLGitBasePath }}{{ $stackPathConfigPrefix }}{{`{{.metadata.labels.kubernetes_version}}`}}{{ $stackPathConfig }}' - git: repoURL: {{ $repoURLGit }} revision: {{ $repoURLGitRevision }} files: - - path: '{{ $repoURLGitBasePath }}{{ $stackPathPrefix }}{{`{{.metadata.annotations.kubernetes_version}}`}}{{ $stackPath }}' + - path: '{{ $repoURLGitBasePath }}{{ $stackPathPrefix }}{{`{{.metadata.labels.kubernetes_version}}`}}{{ $stackPath }}' {{- end }} From eeab017703a122939eea87a98fcad471d9b1102d Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Sun, 4 Aug 2024 18:04:15 -0400 Subject: [PATCH 72/90] fix volcano Signed-off-by: Carlos Santana --- .../single-cluster-v2/gitops/charts/gitops-bridge/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml index 3d032d31..f871ecba 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml @@ -182,7 +182,7 @@ addons: targetRevision: "1.9.0" selector: matchExpressions: - - key: enable_karpenter + - key: enable_volcano operator: In values: ['true'] annotationsApp: From ec4d6180ec4e2d6e6909da80c2e6cb021733d3a7 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Sun, 4 Aug 2024 18:14:41 -0400 Subject: [PATCH 73/90] fix amiselector Signed-off-by: Carlos Santana --- .../gitops/charts/resources/karpenter/templates/nodeclass.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/nodeclass.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/nodeclass.yaml index fd02ddd7..5aa1cc6f 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/nodeclass.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/nodeclass.yaml @@ -20,8 +20,8 @@ spec: {{- fail "nodeClass error: Either IamRole or IamInstanceProfile must be defined" }} {{- end }} amiFamily: {{ $v.amiFamily | default $.Values.amiFamily }} - amiSelectorTerms: {{- if or (hasKey $v "amiSelectorTerms") (hasKey $.Values "amiSelectorTerms") }} + amiSelectorTerms: {{- toYaml ($v.amiSelectorTerms | default $.Values.amiSelectorTerms) | nindent 4 }} {{- end }} subnetSelectorTerms: From b52591888e3676904aae56a8a0739c636680de0e Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Sun, 4 Aug 2024 18:18:42 -0400 Subject: [PATCH 74/90] skip argocd Signed-off-by: Carlos Santana --- .../charts/resources/karpenter/templates/nodeclass.yaml | 7 +++++++ .../charts/resources/karpenter/templates/nodepool.yaml | 3 ++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/nodeclass.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/nodeclass.yaml index 5aa1cc6f..33ef1d53 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/nodeclass.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/nodeclass.yaml @@ -7,6 +7,13 @@ apiVersion: karpenter.k8s.aws/{{ $.Values.ApiVersion }} kind: EC2NodeClass metadata: name: "{{ $k }}-{{ $v.instances.architecture | default $.Values.instances.architecture }}" + annotations: + argocd.argoproj.io/sync-options: "SkipDryRunOnMissingResource=true" + {{- if hasKey $v "annotations" }} + {{- range $annotationName, $annotationValue := $v.annotations }} + {{ $annotationName }}: {{ $annotationValue }} + {{- end }} + {{- end }} spec: {{- if hasKey $v "IamRole" }} role: {{ $v.IamRole }} diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/nodepool.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/nodepool.yaml index c539f9aa..b24756d0 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/nodepool.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/nodepool.yaml @@ -15,8 +15,9 @@ spec: {{ $labelName }}: {{ $labelValue }} {{- end }} {{- end }} - {{- if hasKey $v "annotations" }} annotations: + argocd.argoproj.io/sync-options: "SkipDryRunOnMissingResource=true" + {{- if hasKey $v "annotations" }} {{- range $annotationName, $annotationValue := $v.annotations }} {{ $annotationName }}: {{ $annotationValue }} {{- end }} From bcf09ac55d32230a76597c27f8f5302925c83622 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Mon, 5 Aug 2024 20:36:59 -0400 Subject: [PATCH 75/90] adjust workload Signed-off-by: Carlos Santana --- .../eks/single-cluster-v2/gitops/workloads/workloads.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/workloads.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/workloads.yaml index de4245bd..1ab3a8a7 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/workloads.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/workloads.yaml @@ -51,9 +51,10 @@ spec: name: '{{.name}}' syncPolicy: automated: + selfHeal: false allowEmpty: true prune: true retry: backoff: duration: 1m - limit: 100 \ No newline at end of file + limit: -1 \ No newline at end of file From df3804808180e58a9cfa2ae5c5979a05b3abf7a0 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Mon, 5 Aug 2024 21:46:27 -0400 Subject: [PATCH 76/90] enable_addon_selector Signed-off-by: Carlos Santana --- .../bootstrap/addons.tpl.yaml | 46 +++++++++++++++++++ .../examples/eks/single-cluster-v2/main.tf | 5 +- .../eks/single-cluster-v2/variables.tf | 8 ++-- 3 files changed, 51 insertions(+), 8 deletions(-) create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.tpl.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.tpl.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.tpl.yaml new file mode 100644 index 00000000..f3842af5 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.tpl.yaml @@ -0,0 +1,46 @@ +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: cluster-addons + namespace: argocd +spec: + syncPolicy: + preserveResourcesOnDeletion: true + goTemplate: true + goTemplateOptions: + - missingkey=error + generators: + - clusters: {} + template: + metadata: + name: cluster-addons + spec: + project: default + source: + repoURL: '{{.metadata.annotations.addons_repo_url}}' + path: '{{.metadata.annotations.addons_repo_basepath}}charts/gitops-bridge' + targetRevision: '{{.metadata.annotations.addons_repo_revision}}' + helm: + valuesObject: + repoURLValuesBasePath: '{{.metadata.annotations.addons_repo_basepath}}' + repoURLValuesRevision: '{{.metadata.annotations.addons_repo_revision}}' + repoURLGitBasePath: '{{.metadata.annotations.addons_repo_basepath}}stacks/' + repoURLGitRevision: '{{.metadata.annotations.addons_repo_revision}}' + useSelector: false +%{ for key, value in addons ~} + ${replace(key, "enable_", "")}: + enabled: ${value} +%{ endfor ~} + destination: + namespace: argocd + name: '{{.name}}' + syncPolicy: + automated: + selfHeal: true + allowEmpty: true + prune: false + retry: + limit: 100 + syncOptions: + - CreateNamespace=true + - ServerSideApply=true # Big CRDs. \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf b/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf index 1c1822ae..6fa40f2d 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf @@ -105,9 +105,6 @@ locals { ) addons_metadata = merge( - { - platform_stack_version = var.platform_stack_version - }, { aws_karpenter_role_name = "${module.eks.cluster_name}-karpenter" }, @@ -133,7 +130,7 @@ locals { ) argocd_apps = { - addons = file("${path.module}/bootstrap/addons.yaml") + addons = var.enable_addon_selector ? file("${path.module}/bootstrap/addons.yaml"): templatefile("${path.module}/addons.tpl.yaml", {addons: local.addons}) workloads = file("${path.module}/bootstrap/workloads.yaml") } diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/variables.tf b/argocd/iac/terraform/examples/eks/single-cluster-v2/variables.tf index 0650e4a3..b22cf212 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/variables.tf +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/variables.tf @@ -90,8 +90,8 @@ variable "gitops_workload_path" { default = "single-cluster-v2/k8s" } -variable "platform_stack_version" { - description = "Platform stack version" - type = string - default = "v1.30-v1.1.0" +variable "enable_addon_selector" { + description = "select addons using cluster selector" + type = bool + default = false } \ No newline at end of file From 59a409911e29e6da1dc5f26c10b86eab17553350 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Mon, 5 Aug 2024 22:27:25 -0400 Subject: [PATCH 77/90] add dynamic addons template Signed-off-by: Carlos Santana --- .../bootstrap/addons.tpl.yaml | 15 ++++- .../single-cluster-v2/bootstrap/addons.yaml | 8 +++ .../examples/eks/single-cluster-v2/main.tf | 2 +- .../test-boot-strap-addons/addons.tpl.yaml | 57 +++++++++++++++++++ .../test-boot-strap-addons/main.tf | 26 +++++++++ 5 files changed, 105 insertions(+), 3 deletions(-) create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/test-boot-strap-addons/addons.tpl.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/test-boot-strap-addons/main.tf diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.tpl.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.tpl.yaml index f3842af5..d85d7ae0 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.tpl.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.tpl.yaml @@ -27,10 +27,21 @@ spec: repoURLGitBasePath: '{{.metadata.annotations.addons_repo_basepath}}stacks/' repoURLGitRevision: '{{.metadata.annotations.addons_repo_revision}}' useSelector: false + addons: %{ for key, value in addons ~} - ${replace(key, "enable_", "")}: - enabled: ${value} +%{ if substr(key, 0, 7) == "enable_" && value == true ~} + ${replace(key, "enable_", "")}: + enabled: ${value} +%{ endif ~} %{ endfor ~} + ignoreMissingValueFiles: true + valueFiles: + - '{{.metadata.annotations.addons_repo_basepath}}default/addons/gitops-bridge/values.yaml' + - '{{.metadata.annotations.addons_repo_basepath}}environments/{{.metadata.labels.environment}}/gitops-bridge/values.yaml' + - '{{.metadata.annotations.addons_repo_basepath}}clusters/{{.nameNormalized}}/addons/values.yaml' + - '{{.metadata.annotations.addons_repo_basepath}}tenants/{{.metadata.labels.tenant}}/default/addons/gitops-bridge/values.yaml' + - '{{.metadata.annotations.addons_repo_basepath}}tenants/{{.metadata.labels.tenant}}/environments/{{.metadata.labels.environment}}/gitops-bridge/values.yaml' + - '{{.metadata.annotations.addons_repo_basepath}}tenants/{{.metadata.labels.tenant}}/clusters/{{.nameNormalized}}/addons/values.yaml' destination: namespace: argocd name: '{{.name}}' diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.yaml index 8e6c837f..de405f00 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.yaml @@ -27,6 +27,14 @@ spec: repoURLGitBasePath: '{{.metadata.annotations.addons_repo_basepath}}stacks/' repoURLGitRevision: '{{.metadata.annotations.addons_repo_revision}}' useSelector: true + ignoreMissingValueFiles: true + valueFiles: + - '{{.metadata.annotations.addons_repo_basepath}}default/addons/gitops-bridge/values.yaml' + - '{{.metadata.annotations.addons_repo_basepath}}environments/{{.metadata.labels.environment}}/gitops-bridge/values.yaml' + - '{{.metadata.annotations.addons_repo_basepath}}clusters/{{.nameNormalized}}/addons/values.yaml' + - '{{.metadata.annotations.addons_repo_basepath}}tenants/{{.metadata.labels.tenant}}/default/addons/gitops-bridge/values.yaml' + - '{{.metadata.annotations.addons_repo_basepath}}tenants/{{.metadata.labels.tenant}}/environments/{{.metadata.labels.environment}}/gitops-bridge/values.yaml' + - '{{.metadata.annotations.addons_repo_basepath}}tenants/{{.metadata.labels.tenant}}/clusters/{{.nameNormalized}}/addons/values.yaml' destination: namespace: argocd name: '{{.name}}' diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf b/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf index 6fa40f2d..22b01ce0 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf @@ -130,7 +130,7 @@ locals { ) argocd_apps = { - addons = var.enable_addon_selector ? file("${path.module}/bootstrap/addons.yaml"): templatefile("${path.module}/addons.tpl.yaml", {addons: local.addons}) + addons = var.enable_addon_selector ? file("${path.module}/bootstrap/addons.yaml"): templatefile("${path.module}/bootstrap/addons.tpl.yaml", {addons: local.addons}) workloads = file("${path.module}/bootstrap/workloads.yaml") } diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/test-boot-strap-addons/addons.tpl.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/test-boot-strap-addons/addons.tpl.yaml new file mode 100644 index 00000000..d85d7ae0 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/test-boot-strap-addons/addons.tpl.yaml @@ -0,0 +1,57 @@ +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: cluster-addons + namespace: argocd +spec: + syncPolicy: + preserveResourcesOnDeletion: true + goTemplate: true + goTemplateOptions: + - missingkey=error + generators: + - clusters: {} + template: + metadata: + name: cluster-addons + spec: + project: default + source: + repoURL: '{{.metadata.annotations.addons_repo_url}}' + path: '{{.metadata.annotations.addons_repo_basepath}}charts/gitops-bridge' + targetRevision: '{{.metadata.annotations.addons_repo_revision}}' + helm: + valuesObject: + repoURLValuesBasePath: '{{.metadata.annotations.addons_repo_basepath}}' + repoURLValuesRevision: '{{.metadata.annotations.addons_repo_revision}}' + repoURLGitBasePath: '{{.metadata.annotations.addons_repo_basepath}}stacks/' + repoURLGitRevision: '{{.metadata.annotations.addons_repo_revision}}' + useSelector: false + addons: +%{ for key, value in addons ~} +%{ if substr(key, 0, 7) == "enable_" && value == true ~} + ${replace(key, "enable_", "")}: + enabled: ${value} +%{ endif ~} +%{ endfor ~} + ignoreMissingValueFiles: true + valueFiles: + - '{{.metadata.annotations.addons_repo_basepath}}default/addons/gitops-bridge/values.yaml' + - '{{.metadata.annotations.addons_repo_basepath}}environments/{{.metadata.labels.environment}}/gitops-bridge/values.yaml' + - '{{.metadata.annotations.addons_repo_basepath}}clusters/{{.nameNormalized}}/addons/values.yaml' + - '{{.metadata.annotations.addons_repo_basepath}}tenants/{{.metadata.labels.tenant}}/default/addons/gitops-bridge/values.yaml' + - '{{.metadata.annotations.addons_repo_basepath}}tenants/{{.metadata.labels.tenant}}/environments/{{.metadata.labels.environment}}/gitops-bridge/values.yaml' + - '{{.metadata.annotations.addons_repo_basepath}}tenants/{{.metadata.labels.tenant}}/clusters/{{.nameNormalized}}/addons/values.yaml' + destination: + namespace: argocd + name: '{{.name}}' + syncPolicy: + automated: + selfHeal: true + allowEmpty: true + prune: false + retry: + limit: 100 + syncOptions: + - CreateNamespace=true + - ServerSideApply=true # Big CRDs. \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/test-boot-strap-addons/main.tf b/argocd/iac/terraform/examples/eks/single-cluster-v2/test-boot-strap-addons/main.tf new file mode 100644 index 00000000..a7aac3dd --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/test-boot-strap-addons/main.tf @@ -0,0 +1,26 @@ +variable "addons" { + description = "Kubernetes addons" + type = any + default = { + enable_aws_load_balancer_controller = true + enable_aws_ebs_csi_resources = true # generate gp2 and gp3 storage classes for ebs-csi + enable_metrics_server = true + enable_gatekeeper = true + enable_karpenter = true + enable_argocd = true + enable_foobar = true + } +} + +locals { + addons = var.addons +} + +locals { + appset = templatefile("${path.module}/addons.tpl.yaml", {addons: local.addons}) +} + +output "appset" { + value = local.appset +} + From 284567891fa0435702b650fefacfe28de11b4774 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Mon, 5 Aug 2024 23:25:56 -0400 Subject: [PATCH 78/90] update gitops bridge char values Signed-off-by: Carlos Santana --- .../bootstrap/addons.tpl.yaml | 1 + .../single-cluster-v2/bootstrap/addons.yaml | 1 + .../gitops/clusters/cluster1/ack/.gitkeep | 0 .../cluster1/addons/gitops-bridge/values.yaml | 1 + .../gitops/clusters/cluster1/capi/.gitkeep | 0 .../clusters/cluster1/crossplane/.gitkeep | 0 .../gitops/clusters/cluster2/ack/.gitkeep | 0 .../addons/argocd/resources/values.yaml | 1 + .../cluster2/addons/argocd/values.yaml | 227 ++++++++++++++++++ .../resources/values.yaml | 1 + .../aws-load-balancer-controller/values.yaml | 4 + .../addons/gatekeeper/resources/values.yaml | 1 + .../cluster2/addons/gatekeeper/values.yaml | 2 + .../cluster2/addons/gitops-bridge/values.yaml | 1 + .../cluster2/addons/karpenter/resources/.keep | 0 .../addons/karpenter/resources/values.yaml | 3 + .../cluster2/addons/karpenter/values.yaml | 2 + .../metrics-server/resources/values.yaml | 0 .../addons/metrics-server/values.yaml | 1 + .../gitops/clusters/cluster2/capi/.gitkeep | 0 .../clusters/cluster2/crossplane/.gitkeep | 0 .../default/addons/gitops-bridge/values.yaml | 1 + .../addons/argocd/resources/values.yaml | 1 + .../control-plane/addons/argocd/values.yaml | 227 ++++++++++++++++++ .../resources/values.yaml | 1 + .../aws-load-balancer-controller/values.yaml | 4 + .../addons/gatekeeper/resources/values.yaml | 1 + .../addons/gatekeeper/values.yaml | 2 + .../addons/gitops-bridge/values.yaml | 1 + .../addons/karpenter/resources/.keep | 0 .../addons/karpenter/resources/values.yaml | 3 + .../addons/karpenter/values.yaml | 2 + .../metrics-server}/resources/values.yaml | 0 .../addons/metrics-server/values.yaml | 1 + .../addons/volcano/resources/values.yaml | 1 + .../control-plane/addons/volcano/values.yaml | 1 + .../dev/addons/gitops-bridge/values.yaml | 1 + .../prod/addons/gitops-bridge/values.yaml | 1 + .../staging/addons/gitops-bridge/values.yaml | 1 + 39 files changed, 495 insertions(+) create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/ack/.gitkeep create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/gitops-bridge/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/capi/.gitkeep create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/crossplane/.gitkeep create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/ack/.gitkeep create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/argocd/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/argocd/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/aws-load-balancer-controller/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/aws-load-balancer-controller/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/gatekeeper/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/gatekeeper/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/gitops-bridge/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/karpenter/resources/.keep create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/karpenter/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/karpenter/values.yaml rename argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/{default => clusters/cluster2}/addons/metrics-server/resources/values.yaml (100%) create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/metrics-server/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/capi/.gitkeep create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/crossplane/.gitkeep create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/gitops-bridge/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/argocd/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/argocd/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/aws-load-balancer-controller/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/aws-load-balancer-controller/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/gatekeeper/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/gatekeeper/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/gitops-bridge/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/karpenter/resources/.keep create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/karpenter/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/karpenter/values.yaml rename argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/{default/addons/volcano => environments/control-plane/addons/metrics-server}/resources/values.yaml (100%) create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/metrics-server/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/volcano/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/volcano/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/gitops-bridge/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/gitops-bridge/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/gitops-bridge/values.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.tpl.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.tpl.yaml index d85d7ae0..c7f4d818 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.tpl.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.tpl.yaml @@ -27,6 +27,7 @@ spec: repoURLGitBasePath: '{{.metadata.annotations.addons_repo_basepath}}stacks/' repoURLGitRevision: '{{.metadata.annotations.addons_repo_revision}}' useSelector: false + useStack: true addons: %{ for key, value in addons ~} %{ if substr(key, 0, 7) == "enable_" && value == true ~} diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.yaml index de405f00..4661fcba 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.yaml @@ -27,6 +27,7 @@ spec: repoURLGitBasePath: '{{.metadata.annotations.addons_repo_basepath}}stacks/' repoURLGitRevision: '{{.metadata.annotations.addons_repo_revision}}' useSelector: true + useStack: true ignoreMissingValueFiles: true valueFiles: - '{{.metadata.annotations.addons_repo_basepath}}default/addons/gitops-bridge/values.yaml' diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/ack/.gitkeep b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/ack/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/gitops-bridge/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/gitops-bridge/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/capi/.gitkeep b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/capi/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/crossplane/.gitkeep b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/crossplane/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/ack/.gitkeep b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/ack/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/argocd/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/argocd/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/argocd/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/argocd/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/argocd/values.yaml new file mode 100644 index 00000000..dd923a71 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/argocd/values.yaml @@ -0,0 +1,227 @@ +global: + tolerations: + - key: "CriticalAddonsOnly" + operator: "Exists" + +controller: + replicas: 1 # Additional replicas will cause sharding of managed clusters across number of replicas. + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + env: + - name: ARGOCD_K8S_CLIENT_QPS #required for Crossplane too many CRDs https://github.com/argoproj/argo-cd/pull/448 + value: '300' + +repoServer: + autoscaling: + enabled: true + minReplicas: 1 + resources: # Adjust based on your specific use case (required for HPA) + requests: + cpu: '100m' + memory: '256Mi' + limits: + cpu: '200m' + memory: '512Mi' + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + +applicationSet: + replicaCount: 1 # The controller doesn't scale horizontally, is active-standby replicas + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + +server: + autoscaling: + enabled: true + minReplicas: 1 + resources: # Adjust based on your specific use case (required for HPA) + requests: + cpu: '100m' + memory: '256Mi' + limits: + cpu: '200m' + memory: '512Mi' + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + service: + type: LoadBalancer + annotations: + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing + +configs: + repositories: + # Required when using helm repository with oci formal like karpenter and aws-gateway-api-controller + aws-public-ecr: + name: aws-public-ecr + type: helm + url: public.ecr.aws + enableOCI: 'true' + cm: + application.resourceTrackingMethod: 'annotation' #use annotation for tracking required for Crossplane + resource.exclusions: | + - kinds: + - ProviderConfigUsage + apiGroups: + - "*" + resource.customizations: | + "awsblueprints.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + "*.aws.upbound.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + "*.aws.crossplane.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + +# -- Array of extra K8s manifests to deploy +## Note: Supports use of custom Helm templates +## It gets handle in this form inside the argo-cd chart +# {{ range .Values.extraObjects }} +# --- +# {{ if typeIs "string" . }} +# {{- tpl . $ }} +# {{- else }} +# {{- tpl (toYaml .) $ }} +# {{- end }} +# {{ end }} +extraObjects: + - | + apiVersion: argoproj.io/v1alpha1 + kind: AppProject + metadata: + name: default + namespace: {{ $.Release.Namespace | quote }} + annotations: + source: gitops-bridge + spec: + clusterResourceWhitelist: + - group: '*' + kind: '*' + sourceRepos: + - '*' + destinations: + - namespace: '*' + name: '*' + server: '*' diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/aws-load-balancer-controller/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/aws-load-balancer-controller/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/aws-load-balancer-controller/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/aws-load-balancer-controller/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/aws-load-balancer-controller/values.yaml new file mode 100644 index 00000000..869cc182 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/aws-load-balancer-controller/values.yaml @@ -0,0 +1,4 @@ +# values for the addon +tolerations: +- key: "CriticalAddonsOnly" + operator: "Exists" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/gatekeeper/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/gatekeeper/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/gatekeeper/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/gatekeeper/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/gatekeeper/values.yaml new file mode 100644 index 00000000..d7ab2b2e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/gatekeeper/values.yaml @@ -0,0 +1,2 @@ +# values for the addon + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/gitops-bridge/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/gitops-bridge/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/karpenter/resources/.keep b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/karpenter/resources/.keep new file mode 100644 index 00000000..e69de29b diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/karpenter/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/karpenter/resources/values.yaml new file mode 100644 index 00000000..bf1d26d1 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/karpenter/resources/values.yaml @@ -0,0 +1,3 @@ +# karpenter resources like nodepool and nodeclass +environment: dev + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/karpenter/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/karpenter/values.yaml new file mode 100644 index 00000000..d7ab2b2e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/karpenter/values.yaml @@ -0,0 +1,2 @@ +# values for the addon + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/metrics-server/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/metrics-server/resources/values.yaml similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/metrics-server/resources/values.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/metrics-server/resources/values.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/metrics-server/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/metrics-server/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/metrics-server/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/capi/.gitkeep b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/capi/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/crossplane/.gitkeep b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/crossplane/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/gitops-bridge/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/gitops-bridge/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/argocd/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/argocd/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/argocd/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/argocd/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/argocd/values.yaml new file mode 100644 index 00000000..dd923a71 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/argocd/values.yaml @@ -0,0 +1,227 @@ +global: + tolerations: + - key: "CriticalAddonsOnly" + operator: "Exists" + +controller: + replicas: 1 # Additional replicas will cause sharding of managed clusters across number of replicas. + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + env: + - name: ARGOCD_K8S_CLIENT_QPS #required for Crossplane too many CRDs https://github.com/argoproj/argo-cd/pull/448 + value: '300' + +repoServer: + autoscaling: + enabled: true + minReplicas: 1 + resources: # Adjust based on your specific use case (required for HPA) + requests: + cpu: '100m' + memory: '256Mi' + limits: + cpu: '200m' + memory: '512Mi' + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + +applicationSet: + replicaCount: 1 # The controller doesn't scale horizontally, is active-standby replicas + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + +server: + autoscaling: + enabled: true + minReplicas: 1 + resources: # Adjust based on your specific use case (required for HPA) + requests: + cpu: '100m' + memory: '256Mi' + limits: + cpu: '200m' + memory: '512Mi' + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + service: + type: LoadBalancer + annotations: + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing + +configs: + repositories: + # Required when using helm repository with oci formal like karpenter and aws-gateway-api-controller + aws-public-ecr: + name: aws-public-ecr + type: helm + url: public.ecr.aws + enableOCI: 'true' + cm: + application.resourceTrackingMethod: 'annotation' #use annotation for tracking required for Crossplane + resource.exclusions: | + - kinds: + - ProviderConfigUsage + apiGroups: + - "*" + resource.customizations: | + "awsblueprints.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + "*.aws.upbound.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + "*.aws.crossplane.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + +# -- Array of extra K8s manifests to deploy +## Note: Supports use of custom Helm templates +## It gets handle in this form inside the argo-cd chart +# {{ range .Values.extraObjects }} +# --- +# {{ if typeIs "string" . }} +# {{- tpl . $ }} +# {{- else }} +# {{- tpl (toYaml .) $ }} +# {{- end }} +# {{ end }} +extraObjects: + - | + apiVersion: argoproj.io/v1alpha1 + kind: AppProject + metadata: + name: default + namespace: {{ $.Release.Namespace | quote }} + annotations: + source: gitops-bridge + spec: + clusterResourceWhitelist: + - group: '*' + kind: '*' + sourceRepos: + - '*' + destinations: + - namespace: '*' + name: '*' + server: '*' diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/aws-load-balancer-controller/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/aws-load-balancer-controller/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/aws-load-balancer-controller/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/aws-load-balancer-controller/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/aws-load-balancer-controller/values.yaml new file mode 100644 index 00000000..869cc182 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/aws-load-balancer-controller/values.yaml @@ -0,0 +1,4 @@ +# values for the addon +tolerations: +- key: "CriticalAddonsOnly" + operator: "Exists" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/gatekeeper/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/gatekeeper/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/gatekeeper/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/gatekeeper/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/gatekeeper/values.yaml new file mode 100644 index 00000000..d7ab2b2e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/gatekeeper/values.yaml @@ -0,0 +1,2 @@ +# values for the addon + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/gitops-bridge/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/gitops-bridge/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/karpenter/resources/.keep b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/karpenter/resources/.keep new file mode 100644 index 00000000..e69de29b diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/karpenter/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/karpenter/resources/values.yaml new file mode 100644 index 00000000..bf1d26d1 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/karpenter/resources/values.yaml @@ -0,0 +1,3 @@ +# karpenter resources like nodepool and nodeclass +environment: dev + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/karpenter/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/karpenter/values.yaml new file mode 100644 index 00000000..d7ab2b2e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/karpenter/values.yaml @@ -0,0 +1,2 @@ +# values for the addon + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/volcano/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/metrics-server/resources/values.yaml similarity index 100% rename from argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/volcano/resources/values.yaml rename to argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/metrics-server/resources/values.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/metrics-server/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/metrics-server/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/metrics-server/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/volcano/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/volcano/resources/values.yaml new file mode 100644 index 00000000..204c5a57 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/volcano/resources/values.yaml @@ -0,0 +1 @@ +# values for the resources of the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/volcano/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/volcano/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/volcano/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/gitops-bridge/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/gitops-bridge/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/gitops-bridge/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/gitops-bridge/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/gitops-bridge/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/gitops-bridge/values.yaml @@ -0,0 +1 @@ +# values for the addon From 6ca77985ff4ee8e37e385164953bc5594c031724 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Tue, 6 Aug 2024 18:02:39 -0400 Subject: [PATCH 79/90] stacks in folder Signed-off-by: Carlos Santana --- .../templates/applicationsets.yaml | 19 ++++++++---- .../gitops/charts/gitops-bridge/values.yaml | 8 ++--- .../templates/disallowedrepos/template.yaml | 2 +- .../charts/resources/karpenter/.helmignore | 23 ++++++++++++++ .../metrics-server/resources/values.yaml | 1 + .../addons/volcano/resources/values.yaml | 1 + .../stacks/k8s-v1.29/addons-config.yaml | 14 +++++++++ .../stacks/k8s-v1.29/addons-default.yaml | 31 +++++++++++++++++++ .../gitops/stacks/k8s-v1.29/addons-v1.0.yaml | 31 +++++++++++++++++++ .../gitops/stacks/k8s-v1.29/addons-v1.1.yaml | 31 +++++++++++++++++++ .../gitops/stacks/k8s-v1.29/addons-v1.2.yaml | 31 +++++++++++++++++++ .../gitops/stacks/k8s-v1.29/addons-v1.3.yaml | 31 +++++++++++++++++++ .../gitops/stacks/k8s-v1.29/addons-v1.4.yaml | 31 +++++++++++++++++++ .../gitops/stacks/k8s-v1.29/addons-v1.5.yaml | 28 +++++++++++++++++ .../stacks/k8s-v1.30/addons-config.yaml | 14 +++++++++ .../stacks/k8s-v1.30/addons-default.yaml | 31 +++++++++++++++++++ .../gitops/stacks/k8s-v1.30/addons-v1.0.yaml | 31 +++++++++++++++++++ .../gitops/stacks/k8s-v1.30/addons-v1.1.yaml | 31 +++++++++++++++++++ .../gitops/stacks/k8s-v1.30/addons-v1.2.yaml | 31 +++++++++++++++++++ .../gitops/stacks/k8s-v1.30/addons-v1.3.yaml | 31 +++++++++++++++++++ .../gitops/stacks/k8s-v1.30/addons-v1.4.yaml | 31 +++++++++++++++++++ .../gitops/stacks/k8s-v1.30/addons-v1.5.yaml | 28 +++++++++++++++++ 22 files changed, 499 insertions(+), 11 deletions(-) create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/.helmignore create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/metrics-server/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/volcano/resources/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-config.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-default.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.0.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.1.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.2.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.3.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.4.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.5.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-config.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-default.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.0.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.1.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.2.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.3.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.4.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.5.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml index 0871ed05..b1452c5e 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml @@ -30,6 +30,9 @@ {{- with $addon -}} {{- $nameNormalize := printf "%s" $name | replace "_" "-" | trunc 63 | trimSuffix "-" -}} {{- $addonhasapplyNestedSelectors := hasKey $addon "applyNestedSelectors" -}} +{{- $version := $addon.targetRevision -}} +{{- $versionWithoutV := regexReplaceAll "^v" $version "" -}} +{{- $majorMinor := regexReplaceAll "\\.\\d+$" $versionWithoutV "" }} apiVersion: argoproj.io/v1alpha1 kind: ApplicationSet metadata: @@ -102,12 +105,12 @@ spec: repoURL: {{ $repoURLGit }} revision: {{ $repoURLGitRevision }} files: - - path: '{{ $repoURLGitBasePath }}{{ $stackPathConfigPrefix }}{{`{{.metadata.labels.kubernetes_version}}`}}{{ $stackPathConfig }}' + - path: '{{ $repoURLGitBasePath }}{{ $stackPathConfigPrefix }}{{`{{.metadata.labels.kubernetes_version}}`}}/{{ $stackPathConfig }}' - git: repoURL: {{ $repoURLGit }} revision: {{ $repoURLGitRevision }} files: - - path: '{{ $repoURLGitBasePath }}{{ $stackPathPrefix }}{{`{{.metadata.labels.kubernetes_version}}`}}{{ $stackPath }}' + - path: '{{ $repoURLGitBasePath }}{{ $stackPathPrefix }}{{`{{.metadata.labels.kubernetes_version}}`}}/{{ $stackPath }}' {{- end }} @@ -157,9 +160,11 @@ spec: {{- range . }} - '$values/{{ $repoURLValuesBasePath }}{{ if $useValuesFilePrefix }}{{ $valuesFilePrefix }}{{ end }}{{ . }}/{{ $nameNormalize }}/values.yaml' {{- if $useStack }} - - '$values/{{ $repoURLValuesBasePath }}{{ if $useValuesFilePrefix }}{{ $valuesFilePrefix }}{{ end }}{{ . }}/{{ $nameNormalize }}/{{`{{.addons.`}}{{ $name }}{{`.targetRevision}}`}}/values.yaml' + - '$values/{{ $repoURLValuesBasePath }}{{ if $useValuesFilePrefix }}{{ $valuesFilePrefix }}{{ end }}{{ . }}/{{ $nameNormalize }}/{{`{{- $version := .addons.`}}{{ $name }}{{`.targetRevision -}} +{{- $versionWithoutV := regexReplaceAll "^v" $version "" -}} +{{- $majorMinor := regexReplaceAll "\\.\\d+$" $versionWithoutV "" -}}{{- $majorMinor -}}`}}/values.yaml' {{- else }} - - '$values/{{ $repoURLValuesBasePath }}{{ if $useValuesFilePrefix }}{{ $valuesFilePrefix }}{{ end }}{{ . }}/{{ $nameNormalize }}/{{ $addon.targetRevision }}/values.yaml' + - '$values/{{ $repoURLValuesBasePath }}{{ if $useValuesFilePrefix }}{{ $valuesFilePrefix }}{{ end }}{{ . }}/{{ $nameNormalize }}/{{ $majorMinor }}/values.yaml' {{- end }} {{- end }} {{- end }} @@ -185,9 +190,11 @@ spec: {{- range . }} - '$values/{{ $repoURLValuesBasePath }}{{ if $useValuesFilePrefix }}{{ $valuesFilePrefix }}{{ end }}{{ . }}/{{ $nameNormalize }}/resources/values.yaml' {{- if $useStack }} - - '$values/{{ $repoURLValuesBasePath }}{{ if $useValuesFilePrefix }}{{ $valuesFilePrefix }}{{ end }}{{ . }}/{{ $nameNormalize }}/{{`{{.addons.`}}{{ $name }}{{`.targetRevision}}`}}/resources/values.yaml' + - '$values/{{ $repoURLValuesBasePath }}{{ if $useValuesFilePrefix }}{{ $valuesFilePrefix }}{{ end }}{{ . }}/{{ $nameNormalize }}/{{`{{- $version := .addons.`}}{{ $name }}{{`.targetRevision -}} +{{- $versionWithoutV := regexReplaceAll "^v" $version "" -}} +{{- $majorMinor := regexReplaceAll "\\.\\d+$" $versionWithoutV "" -}}{{- $majorMinor -}}`}}/values.yaml' {{- else }} - - '$values/{{ $repoURLValuesBasePath }}{{ if $useValuesFilePrefix }}{{ $valuesFilePrefix }}{{ end }}{{ . }}/{{ $nameNormalize }}/{{ $addon.targetRevision }}/resources/values.yaml' + - '$values/{{ $repoURLValuesBasePath }}{{ if $useValuesFilePrefix }}{{ $valuesFilePrefix }}{{ end }}{{ . }}/{{ $nameNormalize }}/{{ $majorMinor }}/resources/values.yaml' {{- end }} {{- end }} {{- end }} diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml index f871ecba..619089b3 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml @@ -2,8 +2,8 @@ syncPolicyAppSet: preserveResourcesOnDeletion: true goTemplate: true goTemplateOptions: ["missingkey=error"] -stackPathPrefix: 'stack-k8sv' -stackPath: '-addons{{- $tenant := default dict (index .tenants .metadata.labels.tenant) -}} +stackPathPrefix: 'k8s-v' +stackPath: 'addons-{{- $tenant := default dict (index .tenants .metadata.labels.tenant) -}} {{- $cluster := index (default dict (index $tenant "clusters")) .name -}} {{- $env := index (default dict (index $tenant "environments")) .metadata.labels.environment -}} {{- if $cluster -}} @@ -15,8 +15,8 @@ stackPath: '-addons{{- $tenant := default dict (index .tenants .metadata.labels. {{- else -}} {{ .addons_version }} {{- end -}}.yaml' -stackPathConfigPrefix: 'stack-k8sv' -stackPathConfig: '-config.yaml' +stackPathConfigPrefix: 'k8s-v' +stackPathConfig: 'addons-config.yaml' repoURLGit: "'{{.metadata.annotations.addons_repo_url}}'" repoURLGitRevision: HEAD repoURLGitBasePath: "stacks/" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/templates/disallowedrepos/template.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/templates/disallowedrepos/template.yaml index 2cbf2ff1..bb612ca7 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/templates/disallowedrepos/template.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/templates/disallowedrepos/template.yaml @@ -3,7 +3,7 @@ kind: ConstraintTemplate metadata: name: k8sdisallowedrepos annotations: - argocd.argoproj.io/sync-wave: "2" + argocd.argoproj.io/sync-wave: "1" metadata.gatekeeper.sh/title: "Disallowed Repositories" metadata.gatekeeper.sh/version: 1.0.0 description: >- diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/.helmignore b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/metrics-server/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/metrics-server/resources/values.yaml new file mode 100644 index 00000000..204c5a57 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/metrics-server/resources/values.yaml @@ -0,0 +1 @@ +# values for the resources of the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/volcano/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/volcano/resources/values.yaml new file mode 100644 index 00000000..204c5a57 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/volcano/resources/values.yaml @@ -0,0 +1 @@ +# values for the resources of the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-config.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-config.yaml new file mode 100644 index 00000000..d9cc2ea6 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-config.yaml @@ -0,0 +1,14 @@ +addons_version: "default" # this can be also be a version like v1.5 +tenants: + tenant1: + addons_version: v1.3 + environments: + dev: + addons_version: v1.2 + staging: + addons_version: v1.1 + prod: + addons_version: v1.0 + clusters: + cluster1: + addons_version: v1.4 diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-default.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-default.yaml new file mode 100644 index 00000000..691d8830 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-default.yaml @@ -0,0 +1,31 @@ +file: stack-k8sv1.29-addons-default.yaml +kubernetes_version: "1.29" +addons: + argocd: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.3.11" + aws_load_balancer_controller: + chart: aws-load-balancer-controller + repoUrl: https://aws.github.io/eks-charts + targetRevision: "1.7.1" + gatekeeper: + chart: gatekeeper + repoUrl: https://open-policy-agent.github.io/gatekeeper/charts + targetRevision: "3.15.0" + metrics_server: + chart: metrics-server + repoUrl: https://kubernetes-sigs.github.io/metrics-server + targetRevision: "3.12.0" + aws_ebs_csi_resources: + chart: aws-ebs-csi-classes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + karpenter: + chart: karpenter/karpenter + repoUrl: public.ecr.aws + targetRevision: "0.37.0" + volcano: + chart: volcano + repoUrl: https://volcano-sh.github.io/helm-charts + targetRevision: "1.9.0" \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.0.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.0.yaml new file mode 100644 index 00000000..91d9bbee --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.0.yaml @@ -0,0 +1,31 @@ +file: stack-k8sv1.29-addonsv1.0.yaml +kubernetes_version: "1.29" +addons: + argocd: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.3.11" + aws_load_balancer_controller: + chart: aws-load-balancer-controller + repoUrl: https://aws.github.io/eks-charts + targetRevision: "1.7.1" + gatekeeper: + chart: gatekeeper + repoUrl: https://open-policy-agent.github.io/gatekeeper/charts + targetRevision: "3.15.0" + metrics_server: + chart: metrics-server + repoUrl: https://kubernetes-sigs.github.io/metrics-server + targetRevision: "3.12.0" + aws_ebs_csi_resources: + chart: aws-ebs-csi-classes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + karpenter: + chart: karpenter/karpenter + repoUrl: public.ecr.aws + targetRevision: "0.37.0" + volcano: + chart: volcano + repoUrl: https://volcano-sh.github.io/helm-charts + targetRevision: "1.9.0" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.1.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.1.yaml new file mode 100644 index 00000000..44e73d92 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.1.yaml @@ -0,0 +1,31 @@ +file: stack-k8sv1.29-addonsv1.1.yaml +kubernetes_version: "1.29" +addons: + argocd: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.3.11" + aws_load_balancer_controller: + chart: aws-load-balancer-controller + repoUrl: https://aws.github.io/eks-charts + targetRevision: "1.7.1" + gatekeeper: + chart: gatekeeper + repoUrl: https://open-policy-agent.github.io/gatekeeper/charts + targetRevision: "3.15.0" + metrics_server: + chart: metrics-server + repoUrl: https://kubernetes-sigs.github.io/metrics-server + targetRevision: "3.12.0" + aws_ebs_csi_resources: + chart: aws-ebs-csi-classes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + karpenter: + chart: karpenter/karpenter + repoUrl: public.ecr.aws + targetRevision: "0.37.0" + volcano: + chart: volcano + repoUrl: https://volcano-sh.github.io/helm-charts + targetRevision: "1.9.0" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.2.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.2.yaml new file mode 100644 index 00000000..7a6354b5 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.2.yaml @@ -0,0 +1,31 @@ +file: stack-k8sv1.29-addonsv1.2.yaml +kubernetes_version: "1.29" +addons: + argocd: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.3.11" + aws_load_balancer_controller: + chart: aws-load-balancer-controller + repoUrl: https://aws.github.io/eks-charts + targetRevision: "1.7.1" + gatekeeper: + chart: gatekeeper + repoUrl: https://open-policy-agent.github.io/gatekeeper/charts + targetRevision: "3.15.0" + metrics_server: + chart: metrics-server + repoUrl: https://kubernetes-sigs.github.io/metrics-server + targetRevision: "3.12.0" + aws_ebs_csi_resources: + chart: aws-ebs-csi-classes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + karpenter: + chart: karpenter/karpenter + repoUrl: public.ecr.aws + targetRevision: "0.37.0" + volcano: + chart: volcano + repoUrl: https://volcano-sh.github.io/helm-charts + targetRevision: "1.9.0" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.3.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.3.yaml new file mode 100644 index 00000000..646f5723 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.3.yaml @@ -0,0 +1,31 @@ +file: stack-k8sv1.29-addonsv1.3.yaml +kubernetes_version: "1.29" +addons: + argocd: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.3.11" + aws_load_balancer_controller: + chart: aws-load-balancer-controller + repoUrl: https://aws.github.io/eks-charts + targetRevision: "1.7.1" + gatekeeper: + chart: gatekeeper + repoUrl: https://open-policy-agent.github.io/gatekeeper/charts + targetRevision: "3.15.0" + metrics_server: + chart: metrics-server + repoUrl: https://kubernetes-sigs.github.io/metrics-server + targetRevision: "3.12.0" + aws_ebs_csi_resources: + chart: aws-ebs-csi-classes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + karpenter: + chart: karpenter/karpenter + repoUrl: public.ecr.aws + targetRevision: "0.37.0" + volcano: + chart: volcano + repoUrl: https://volcano-sh.github.io/helm-charts + targetRevision: "1.9.0" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.4.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.4.yaml new file mode 100644 index 00000000..b589436c --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.4.yaml @@ -0,0 +1,31 @@ +file: stack-k8sv1.29-addonsv1.4.yaml +kubernetes_version: "1.29" +addons: + argocd: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.3.11" + aws_load_balancer_controller: + chart: aws-load-balancer-controller + repoUrl: https://aws.github.io/eks-charts + targetRevision: "1.7.1" + gatekeeper: + chart: gatekeeper + repoUrl: https://open-policy-agent.github.io/gatekeeper/charts + targetRevision: "3.15.0" + metrics_server: + chart: metrics-server + repoUrl: https://kubernetes-sigs.github.io/metrics-server + targetRevision: "3.12.0" + aws_ebs_csi_resources: + chart: aws-ebs-csi-classes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + karpenter: + chart: karpenter/karpenter + repoUrl: public.ecr.aws + targetRevision: "0.37.0" + volcano: + chart: volcano + repoUrl: https://volcano-sh.github.io/helm-charts + targetRevision: "1.9.0" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.5.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.5.yaml new file mode 100644 index 00000000..e8a27f3d --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.5.yaml @@ -0,0 +1,28 @@ +file: stack-k8sv1.29-addonsv1.5.yaml +kubernetes_version: "1.29" +addons: + argocd: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.3.11" + aws_load_balancer_controller: + chart: aws-load-balancer-controller + repoUrl: https://aws.github.io/eks-charts + targetRevision: "1.7.1" + gatekeeper: + chart: gatekeeper + repoUrl: https://open-policy-agent.github.io/gatekeeper/charts + targetRevision: "3.15.0" + metrics_server: + chart: metrics-server + repoUrl: https://kubernetes-sigs.github.io/metrics-server + targetRevision: "3.12.0" + aws_ebs_csi_resources: + chart: aws-ebs-csi-classes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + karpenter: + chart: karpenter/karpenter + repoUrl: public.ecr.aws + targetRevision: "0.37.0" + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-config.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-config.yaml new file mode 100644 index 00000000..d9cc2ea6 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-config.yaml @@ -0,0 +1,14 @@ +addons_version: "default" # this can be also be a version like v1.5 +tenants: + tenant1: + addons_version: v1.3 + environments: + dev: + addons_version: v1.2 + staging: + addons_version: v1.1 + prod: + addons_version: v1.0 + clusters: + cluster1: + addons_version: v1.4 diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-default.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-default.yaml new file mode 100644 index 00000000..13e17ade --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-default.yaml @@ -0,0 +1,31 @@ +file: stack-k8sv1.30-addons-default.yaml +kubernetes_version: "1.30" +addons: + argocd: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.3.11" + aws_load_balancer_controller: + chart: aws-load-balancer-controller + repoUrl: https://aws.github.io/eks-charts + targetRevision: "1.7.1" + gatekeeper: + chart: gatekeeper + repoUrl: https://open-policy-agent.github.io/gatekeeper/charts + targetRevision: "3.15.0" + metrics_server: + chart: metrics-server + repoUrl: https://kubernetes-sigs.github.io/metrics-server + targetRevision: "3.12.0" + aws_ebs_csi_resources: + chart: aws-ebs-csi-classes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + karpenter: + chart: karpenter/karpenter + repoUrl: public.ecr.aws + targetRevision: "0.37.0" + volcano: + chart: volcano + repoUrl: https://volcano-sh.github.io/helm-charts + targetRevision: "1.9.0" \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.0.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.0.yaml new file mode 100644 index 00000000..400d30ba --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.0.yaml @@ -0,0 +1,31 @@ +file: stack-k8sv1.30-addonsv1.0.yaml +kubernetes_version: "1.30" +addons: + argocd: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.3.11" + aws_load_balancer_controller: + chart: aws-load-balancer-controller + repoUrl: https://aws.github.io/eks-charts + targetRevision: "1.7.1" + gatekeeper: + chart: gatekeeper + repoUrl: https://open-policy-agent.github.io/gatekeeper/charts + targetRevision: "3.15.0" + metrics_server: + chart: metrics-server + repoUrl: https://kubernetes-sigs.github.io/metrics-server + targetRevision: "3.12.0" + aws_ebs_csi_resources: + chart: aws-ebs-csi-classes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + karpenter: + chart: karpenter/karpenter + repoUrl: public.ecr.aws + targetRevision: "0.37.0" + volcano: + chart: volcano + repoUrl: https://volcano-sh.github.io/helm-charts + targetRevision: "1.9.0" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.1.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.1.yaml new file mode 100644 index 00000000..ba7acfd6 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.1.yaml @@ -0,0 +1,31 @@ +file: stack-k8sv1.30-addonsv1.1.yaml +kubernetes_version: "1.30" +addons: + argocd: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.3.11" + aws_load_balancer_controller: + chart: aws-load-balancer-controller + repoUrl: https://aws.github.io/eks-charts + targetRevision: "1.7.1" + gatekeeper: + chart: gatekeeper + repoUrl: https://open-policy-agent.github.io/gatekeeper/charts + targetRevision: "3.15.0" + metrics_server: + chart: metrics-server + repoUrl: https://kubernetes-sigs.github.io/metrics-server + targetRevision: "3.12.0" + aws_ebs_csi_resources: + chart: aws-ebs-csi-classes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + karpenter: + chart: karpenter/karpenter + repoUrl: public.ecr.aws + targetRevision: "0.37.0" + volcano: + chart: volcano + repoUrl: https://volcano-sh.github.io/helm-charts + targetRevision: "1.9.0" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.2.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.2.yaml new file mode 100644 index 00000000..2a6fd6af --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.2.yaml @@ -0,0 +1,31 @@ +file: stack-k8sv1.30-addonsv1.2.yaml +kubernetes_version: "1.30" +addons: + argocd: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.3.11" + aws_load_balancer_controller: + chart: aws-load-balancer-controller + repoUrl: https://aws.github.io/eks-charts + targetRevision: "1.7.1" + gatekeeper: + chart: gatekeeper + repoUrl: https://open-policy-agent.github.io/gatekeeper/charts + targetRevision: "3.15.0" + metrics_server: + chart: metrics-server + repoUrl: https://kubernetes-sigs.github.io/metrics-server + targetRevision: "3.12.0" + aws_ebs_csi_resources: + chart: aws-ebs-csi-classes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + karpenter: + chart: karpenter/karpenter + repoUrl: public.ecr.aws + targetRevision: "0.37.0" + volcano: + chart: volcano + repoUrl: https://volcano-sh.github.io/helm-charts + targetRevision: "1.9.0" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.3.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.3.yaml new file mode 100644 index 00000000..657dd090 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.3.yaml @@ -0,0 +1,31 @@ +file: stack-k8sv1.30-addonsv1.3.yaml +kubernetes_version: "1.30" +addons: + argocd: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.3.11" + aws_load_balancer_controller: + chart: aws-load-balancer-controller + repoUrl: https://aws.github.io/eks-charts + targetRevision: "1.7.1" + gatekeeper: + chart: gatekeeper + repoUrl: https://open-policy-agent.github.io/gatekeeper/charts + targetRevision: "3.15.0" + metrics_server: + chart: metrics-server + repoUrl: https://kubernetes-sigs.github.io/metrics-server + targetRevision: "3.12.0" + aws_ebs_csi_resources: + chart: aws-ebs-csi-classes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + karpenter: + chart: karpenter/karpenter + repoUrl: public.ecr.aws + targetRevision: "0.37.0" + volcano: + chart: volcano + repoUrl: https://volcano-sh.github.io/helm-charts + targetRevision: "1.9.0" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.4.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.4.yaml new file mode 100644 index 00000000..42c55f27 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.4.yaml @@ -0,0 +1,31 @@ +file: stack-k8sv1.30-addonsv1.4.yaml +kubernetes_version: "1.30" +addons: + argocd: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.3.11" + aws_load_balancer_controller: + chart: aws-load-balancer-controller + repoUrl: https://aws.github.io/eks-charts + targetRevision: "1.7.1" + gatekeeper: + chart: gatekeeper + repoUrl: https://open-policy-agent.github.io/gatekeeper/charts + targetRevision: "3.15.0" + metrics_server: + chart: metrics-server + repoUrl: https://kubernetes-sigs.github.io/metrics-server + targetRevision: "3.12.0" + aws_ebs_csi_resources: + chart: aws-ebs-csi-classes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + karpenter: + chart: karpenter/karpenter + repoUrl: public.ecr.aws + targetRevision: "0.37.0" + volcano: + chart: volcano + repoUrl: https://volcano-sh.github.io/helm-charts + targetRevision: "1.9.0" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.5.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.5.yaml new file mode 100644 index 00000000..27b8c08f --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.5.yaml @@ -0,0 +1,28 @@ +file: stack-k8sv1.30-addonsv1.5.yaml +kubernetes_version: "1.30" +addons: + argocd: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.3.11" + aws_load_balancer_controller: + chart: aws-load-balancer-controller + repoUrl: https://aws.github.io/eks-charts + targetRevision: "1.7.1" + gatekeeper: + chart: gatekeeper + repoUrl: https://open-policy-agent.github.io/gatekeeper/charts + targetRevision: "3.15.0" + metrics_server: + chart: metrics-server + repoUrl: https://kubernetes-sigs.github.io/metrics-server + targetRevision: "3.12.0" + aws_ebs_csi_resources: + chart: aws-ebs-csi-classes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + karpenter: + chart: karpenter/karpenter + repoUrl: public.ecr.aws + targetRevision: "0.37.0" + From cbb21c2ea5fd1322833d7b885fcdf04b3837d47d Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Tue, 6 Aug 2024 18:02:48 -0400 Subject: [PATCH 80/90] remove old files Signed-off-by: Carlos Santana --- .../stacks/stack-k8sv1.30-addons-default.yaml | 31 ------------------- .../stacks/stack-k8sv1.30-addonsv1.0.yaml | 31 ------------------- .../stacks/stack-k8sv1.30-addonsv1.1.yaml | 31 ------------------- .../stacks/stack-k8sv1.30-addonsv1.2.yaml | 31 ------------------- .../stacks/stack-k8sv1.30-addonsv1.3.yaml | 31 ------------------- .../stacks/stack-k8sv1.30-addonsv1.4.yaml | 31 ------------------- .../stacks/stack-k8sv1.30-addonsv1.5.yaml | 28 ----------------- .../gitops/stacks/stack-k8sv1.30-config.yaml | 14 --------- 8 files changed, 228 deletions(-) delete mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addons-default.yaml delete mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.0.yaml delete mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.1.yaml delete mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.2.yaml delete mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.3.yaml delete mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.4.yaml delete mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.5.yaml delete mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-config.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addons-default.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addons-default.yaml deleted file mode 100644 index 13e17ade..00000000 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addons-default.yaml +++ /dev/null @@ -1,31 +0,0 @@ -file: stack-k8sv1.30-addons-default.yaml -kubernetes_version: "1.30" -addons: - argocd: - chart: argo-cd - repoUrl: https://argoproj.github.io/argo-helm - targetRevision: "7.3.11" - aws_load_balancer_controller: - chart: aws-load-balancer-controller - repoUrl: https://aws.github.io/eks-charts - targetRevision: "1.7.1" - gatekeeper: - chart: gatekeeper - repoUrl: https://open-policy-agent.github.io/gatekeeper/charts - targetRevision: "3.15.0" - metrics_server: - chart: metrics-server - repoUrl: https://kubernetes-sigs.github.io/metrics-server - targetRevision: "3.12.0" - aws_ebs_csi_resources: - chart: aws-ebs-csi-classes - repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts - targetRevision: "1.0.0" - karpenter: - chart: karpenter/karpenter - repoUrl: public.ecr.aws - targetRevision: "0.37.0" - volcano: - chart: volcano - repoUrl: https://volcano-sh.github.io/helm-charts - targetRevision: "1.9.0" \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.0.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.0.yaml deleted file mode 100644 index 400d30ba..00000000 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.0.yaml +++ /dev/null @@ -1,31 +0,0 @@ -file: stack-k8sv1.30-addonsv1.0.yaml -kubernetes_version: "1.30" -addons: - argocd: - chart: argo-cd - repoUrl: https://argoproj.github.io/argo-helm - targetRevision: "7.3.11" - aws_load_balancer_controller: - chart: aws-load-balancer-controller - repoUrl: https://aws.github.io/eks-charts - targetRevision: "1.7.1" - gatekeeper: - chart: gatekeeper - repoUrl: https://open-policy-agent.github.io/gatekeeper/charts - targetRevision: "3.15.0" - metrics_server: - chart: metrics-server - repoUrl: https://kubernetes-sigs.github.io/metrics-server - targetRevision: "3.12.0" - aws_ebs_csi_resources: - chart: aws-ebs-csi-classes - repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts - targetRevision: "1.0.0" - karpenter: - chart: karpenter/karpenter - repoUrl: public.ecr.aws - targetRevision: "0.37.0" - volcano: - chart: volcano - repoUrl: https://volcano-sh.github.io/helm-charts - targetRevision: "1.9.0" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.1.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.1.yaml deleted file mode 100644 index ba7acfd6..00000000 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.1.yaml +++ /dev/null @@ -1,31 +0,0 @@ -file: stack-k8sv1.30-addonsv1.1.yaml -kubernetes_version: "1.30" -addons: - argocd: - chart: argo-cd - repoUrl: https://argoproj.github.io/argo-helm - targetRevision: "7.3.11" - aws_load_balancer_controller: - chart: aws-load-balancer-controller - repoUrl: https://aws.github.io/eks-charts - targetRevision: "1.7.1" - gatekeeper: - chart: gatekeeper - repoUrl: https://open-policy-agent.github.io/gatekeeper/charts - targetRevision: "3.15.0" - metrics_server: - chart: metrics-server - repoUrl: https://kubernetes-sigs.github.io/metrics-server - targetRevision: "3.12.0" - aws_ebs_csi_resources: - chart: aws-ebs-csi-classes - repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts - targetRevision: "1.0.0" - karpenter: - chart: karpenter/karpenter - repoUrl: public.ecr.aws - targetRevision: "0.37.0" - volcano: - chart: volcano - repoUrl: https://volcano-sh.github.io/helm-charts - targetRevision: "1.9.0" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.2.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.2.yaml deleted file mode 100644 index 2a6fd6af..00000000 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.2.yaml +++ /dev/null @@ -1,31 +0,0 @@ -file: stack-k8sv1.30-addonsv1.2.yaml -kubernetes_version: "1.30" -addons: - argocd: - chart: argo-cd - repoUrl: https://argoproj.github.io/argo-helm - targetRevision: "7.3.11" - aws_load_balancer_controller: - chart: aws-load-balancer-controller - repoUrl: https://aws.github.io/eks-charts - targetRevision: "1.7.1" - gatekeeper: - chart: gatekeeper - repoUrl: https://open-policy-agent.github.io/gatekeeper/charts - targetRevision: "3.15.0" - metrics_server: - chart: metrics-server - repoUrl: https://kubernetes-sigs.github.io/metrics-server - targetRevision: "3.12.0" - aws_ebs_csi_resources: - chart: aws-ebs-csi-classes - repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts - targetRevision: "1.0.0" - karpenter: - chart: karpenter/karpenter - repoUrl: public.ecr.aws - targetRevision: "0.37.0" - volcano: - chart: volcano - repoUrl: https://volcano-sh.github.io/helm-charts - targetRevision: "1.9.0" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.3.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.3.yaml deleted file mode 100644 index 657dd090..00000000 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.3.yaml +++ /dev/null @@ -1,31 +0,0 @@ -file: stack-k8sv1.30-addonsv1.3.yaml -kubernetes_version: "1.30" -addons: - argocd: - chart: argo-cd - repoUrl: https://argoproj.github.io/argo-helm - targetRevision: "7.3.11" - aws_load_balancer_controller: - chart: aws-load-balancer-controller - repoUrl: https://aws.github.io/eks-charts - targetRevision: "1.7.1" - gatekeeper: - chart: gatekeeper - repoUrl: https://open-policy-agent.github.io/gatekeeper/charts - targetRevision: "3.15.0" - metrics_server: - chart: metrics-server - repoUrl: https://kubernetes-sigs.github.io/metrics-server - targetRevision: "3.12.0" - aws_ebs_csi_resources: - chart: aws-ebs-csi-classes - repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts - targetRevision: "1.0.0" - karpenter: - chart: karpenter/karpenter - repoUrl: public.ecr.aws - targetRevision: "0.37.0" - volcano: - chart: volcano - repoUrl: https://volcano-sh.github.io/helm-charts - targetRevision: "1.9.0" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.4.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.4.yaml deleted file mode 100644 index 42c55f27..00000000 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.4.yaml +++ /dev/null @@ -1,31 +0,0 @@ -file: stack-k8sv1.30-addonsv1.4.yaml -kubernetes_version: "1.30" -addons: - argocd: - chart: argo-cd - repoUrl: https://argoproj.github.io/argo-helm - targetRevision: "7.3.11" - aws_load_balancer_controller: - chart: aws-load-balancer-controller - repoUrl: https://aws.github.io/eks-charts - targetRevision: "1.7.1" - gatekeeper: - chart: gatekeeper - repoUrl: https://open-policy-agent.github.io/gatekeeper/charts - targetRevision: "3.15.0" - metrics_server: - chart: metrics-server - repoUrl: https://kubernetes-sigs.github.io/metrics-server - targetRevision: "3.12.0" - aws_ebs_csi_resources: - chart: aws-ebs-csi-classes - repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts - targetRevision: "1.0.0" - karpenter: - chart: karpenter/karpenter - repoUrl: public.ecr.aws - targetRevision: "0.37.0" - volcano: - chart: volcano - repoUrl: https://volcano-sh.github.io/helm-charts - targetRevision: "1.9.0" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.5.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.5.yaml deleted file mode 100644 index 27b8c08f..00000000 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-addonsv1.5.yaml +++ /dev/null @@ -1,28 +0,0 @@ -file: stack-k8sv1.30-addonsv1.5.yaml -kubernetes_version: "1.30" -addons: - argocd: - chart: argo-cd - repoUrl: https://argoproj.github.io/argo-helm - targetRevision: "7.3.11" - aws_load_balancer_controller: - chart: aws-load-balancer-controller - repoUrl: https://aws.github.io/eks-charts - targetRevision: "1.7.1" - gatekeeper: - chart: gatekeeper - repoUrl: https://open-policy-agent.github.io/gatekeeper/charts - targetRevision: "3.15.0" - metrics_server: - chart: metrics-server - repoUrl: https://kubernetes-sigs.github.io/metrics-server - targetRevision: "3.12.0" - aws_ebs_csi_resources: - chart: aws-ebs-csi-classes - repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts - targetRevision: "1.0.0" - karpenter: - chart: karpenter/karpenter - repoUrl: public.ecr.aws - targetRevision: "0.37.0" - diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-config.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-config.yaml deleted file mode 100644 index 9dcb76b6..00000000 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/stack-k8sv1.30-config.yaml +++ /dev/null @@ -1,14 +0,0 @@ -addons_version: "-default" # this can be also be a version like v1.5 -tenants: - tenant1: - addons_version: v1.3 - environments: - dev: - addons_version: v1.2 - staging: - addons_version: v1.1 - prod: - addons_version: v1.0 - clusters: - cluster1: - addons_version: v1.4 From 9749797bdd3a2d9a538071bad78114658e184bd6 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Tue, 6 Aug 2024 22:55:05 -0400 Subject: [PATCH 81/90] add addons Signed-off-by: Carlos Santana --- .../gitops/charts/gitops-bridge/values.yaml | 432 +++++++++++++++++- .../stacks/k8s-v1.29/addons-config.yaml | 6 +- .../stacks/k8s-v1.29/addons-default.yaml | 78 +++- .../gitops/stacks/k8s-v1.29/addons-v1.0.yaml | 76 +++ .../gitops/stacks/k8s-v1.29/addons-v1.1.yaml | 76 +++ .../gitops/stacks/k8s-v1.29/addons-v1.2.yaml | 76 +++ .../gitops/stacks/k8s-v1.29/addons-v1.3.yaml | 31 -- .../gitops/stacks/k8s-v1.29/addons-v1.4.yaml | 31 -- .../gitops/stacks/k8s-v1.29/addons-v1.5.yaml | 28 -- .../stacks/k8s-v1.30/addons-config.yaml | 6 +- .../stacks/k8s-v1.30/addons-default.yaml | 78 +++- .../gitops/stacks/k8s-v1.30/addons-v1.0.yaml | 76 +++ .../gitops/stacks/k8s-v1.30/addons-v1.1.yaml | 76 +++ .../gitops/stacks/k8s-v1.30/addons-v1.2.yaml | 77 ++++ .../gitops/stacks/k8s-v1.30/addons-v1.3.yaml | 31 -- .../gitops/stacks/k8s-v1.30/addons-v1.4.yaml | 31 -- .../gitops/stacks/k8s-v1.30/addons-v1.5.yaml | 28 -- 17 files changed, 1047 insertions(+), 190 deletions(-) delete mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.3.yaml delete mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.4.yaml delete mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.5.yaml delete mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.3.yaml delete mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.4.yaml delete mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.5.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml index 619089b3..ee718748 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml @@ -58,7 +58,7 @@ addons: namespace: argocd chart: argo-cd repoUrl: https://argoproj.github.io/argo-helm - targetRevision: "7.3.11" + targetRevision: "7.4.1" selector: matchExpressions: - key: enable_argocd @@ -187,4 +187,432 @@ addons: values: ['true'] annotationsApp: argocd.argoproj.io/compare-options: "ServerSideDiff=true" # required for volcano https://github.com/argoproj/argo-cd/issues/18548 - + aws_cloudwatch_metrics: + enabled: false + releaseName: aws-cloudwatch-metrics + namespace: '.metadata.annotations.enable_aws_cloudwatch_metrics' + chart: aws-cloudwatch-metrics + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.0.11" + selector: + matchExpressions: + - key: enable_aws_cloudwatch_metrics + operator: In + values: ['true'] + values: + clusterName: '{{.metadata.annotations.aws_cluster_name}}' + serviceAccount: + name: '{{.metadata.annotations.aws_cloudwatch_metrics_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.aws_cloudwatch_metrics_iam_role_arn}}' + aws_efs_csi_driver: + enabled: false + releaseName: aws-efs-csi-driver + namespace: '{{.metadata.annotations.aws_efs_csi_driver_namespace}}' + chart: aws-efs-csi-driver + repoUrl: https://kubernetes-sigs.github.io/aws-efs-csi-driver + targetRevision: "3.0.7" + selector: + matchExpressions: + - key: enable_aws_efs_csi_driver + operator: In + values: ['true'] + values: + controller: + serviceAccount: + name: '{{.metadata.annotations.aws_efs_csi_driver_controller_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.aws_efs_csi_driver_iam_role_arn}}' + node: + serviceAccount: + name: '{{.metadata.annotations.aws_efs_csi_driver_node_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.aws_efs_csi_driver_iam_role_arn}}' + enable_aws_fsx_csi_driver: + enabled: false + releaseName: aws-fsx-csi-driver + namespace: '{{.metadata.annotations.aws_fsx_csi_driver_namespace}}' + chart: aws-fsx-csi-driver + repoUrl: https://kubernetes-sigs.github.io/aws-fsx-csi-driver + targetRevision: "1.9.0" + selector: + matchExpressions: + - key: enable_aws_fsx_csi_driver + operator: In + values: ['true'] + values: + controller: + serviceAccount: + name: '{{.metadata.annotations.aws_fsx_csi_driver_controller_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.aws_fsx_csi_driver_iam_role_arn}}' + node: + serviceAccount: + name: '{{.metadata.annotations.aws_fsx_csi_driver_node_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.aws_fsx_csi_driver_iam_role_arn}}' + aws_for_fluent_bit: + enabled: false + releaseName: aws-for-fluent-bit + namespace: '{{.metadata.annotations.aws_for_fluent_bit_namespace}}' + chart: aws-for-fluent-bit + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.1.34" + selector: + matchExpressions: + - key: enable_aws_for_fluent_bit + operator: In + values: ['true'] + values: + cloudWatchLogs: + enabled: true + region: '{{.metadata.annotations.aws_region}}'' + logGroupName: '{{.metadata.annotations.aws_for_fluentbit_log_group_name}}'' + logGroupTemplate: '{{.metadata.annotations.aws_for_fluentbit_log_group_name}}/workload/$kubernetes['namespace_name']'' + logStreamTemplate: '$kubernetes['pod_name'].$kubernetes['container_name']' + logRetentionDays: 90 + serviceAccount: + name: '{{.metadata.annotations.aws_for_fluentbit_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.aws_for_fluentbit_iam_role_arn}}' + aws_fargate_fluentbit: + enabled: false + releaseName: aws-fargate-fluentbit + namespace: 'kube-system' + chart: aws-fargate-fluentbit + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + selector: + matchExpressions: + - key: enable_fargate_fluentbit + operator: In + values: ['true'] + values: + region: '{{.metadata.annotations.aws_region}}' + log_group_name: '{{.metadata.annotations.fargate_fluentbit_log_group_name}}' + log_stream_prefix: '{{.metadata.annotations.fargate_fluentbit_log_stream_prefix}}' + aws_gateway_api_controller: + enabled: false + releaseName: aws-gateway-api-controller + namespace: '{{.metadata.annotations.aws_gateway_api_controller_namespace}}' + chart: aws-gateway-controller-chart + repoUrl: public.ecr.aws + targetRevision: "v1.0.7" + selector: + matchExpressions: + - key: enable_aws_gateway_api_controller + operator: In + values: ['true'] + values: + awsRegion: '{{.metadata.annotations.aws_region}}' + awsAccountId: '{{.metadata.annotations.aws_account_id}}' + clusterVpcId: '{{.metadata.annotations.aws_vpc_id}}' + serviceAccount: + name: '{{.metadata.annotations.aws_gateway_api_controller_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.aws_gateway_api_controller_iam_role_arn}}' + aws_node_termination_handler: + enabled: false + releaseName: aws-node-termination-handler + namespace: '{{.metadata.annotations.aws_node_termination_handler_namespace}}' + chart: aws-node-termination-handler + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.21.0" + selector: + matchExpressions: + - key: enable_aws_node_termination_handler + operator: In + values: ['true'] + values: + awsRegion: '{{.metadata.annotations.aws_region}}' + queueURL: '{{.metadata.annotations.aws_node_termination_handler_sqs_queue_url}}' + enableSqsTerminationDraining: true + serviceAccount: + name: '{{.metadata.annotations.aws_node_termination_handler_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.aws_node_termination_handler_iam_role_arn}}' + aws_argo_workflows_ingress: + enabled: false + releaseName: aws-argo-workflows-ingress + namespace: '{{default "argo-worflows" (index .metadata.annotations "argo_workflows_namespace") }}' + chart: argo-workflows + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "0.41.14" + selector: + matchExpressions: + - key: enable_aws_argo_workflows_ingress + operator: In + values: ['true'] + values: + server: + serviceType: ClusterIP + servicePort: "2746" + servicePortName: http + ingress: + enabled: true + annotations: + alb.ingress.kubernetes.io/scheme: "internet-facing" + alb.ingress.kubernetes.io/target-type: "ip" + alb.ingress.kubernetes.io/backend-protocol: "HTTP" + alb.ingress.kubernetes.io/listen-ports: "[{\"HTTPS\":443}]" + alb.ingress.kubernetes.io/tags: "Environment=hub,GitOps=true" + ingressClassName: "alb" + hosts: {{.metadata.annotations.argo_workflows_hosts}} + paths: + - / + pathType: Prefix + tls: + - hosts: {{.metadata.annotations.argo_workflows_hosts}} + aws_argocd: + enabled: false + releaseName: argocd + namespace: '{{default "argocd" (index .metadata.annotations "aws_argocd_namespace") }}' + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.4.1" + selector: + matchExpressions: + - key: enable_aws_argocd + operator: In + values: ['true'] + values: + controller: + serviceAccount: + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.argocd_iam_role_arn}}' + server: + serviceAccount: + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.argocd_iam_role_arn}}' + aws_argocd_ingress: + enabled: false + releaseName: argocd + namespace: '{{default "argocd" (index .metadata.annotations "aws_argocd_ingress_namespace") }}' + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.4.1" + selector: + matchExpressions: + - key: enable_aws_argocd_ingress + operator: In + values: ['true'] + values: + global: + domain: {{.metadata.annotations.argocd_domain}} + server: + service: + type: "ClusterIP" + ingress: + enabled: true + controller: "aws" + ingressClassName: "alb" + annotations: + alb.ingress.kubernetes.io/scheme: "internet-facing" + alb.ingress.kubernetes.io/target-type: "ip" + alb.ingress.kubernetes.io/backend-protocol: "HTTPS" + alb.ingress.kubernetes.io/listen-ports: "[{\"HTTP\":80},{\"HTTPS\":443}]" + alb.ingress.kubernetes.io/ssl-redirect: "443" + alb.ingress.kubernetes.io/tags: "Environment=hub,GitOps=true" + aws: + serviceType: "ClusterIP" # Instance mode needs type NodePort, IP mode needs type ClusterIP or NodePort + backendProtocolVersion: "GRPC" # This tells AWS to send traffic from the ALB using HTTP2. Can use gRPC as well if you want to leverage gRPC specific features + cert_manager: + enabled: false + releaseName: cert-manager + namespace: '{{.metadata.annotations.cert_manager_namespace}}' + chart: cert-manager + repoUrl: https://charts.jetstack.io + targetRevision: "v1.15.2" + selector: + matchExpressions: + - key: enable_cert_manager + operator: In + values: ['true'] + values: + installCRDs: true + serviceAccount: + name: '{{.metadata.annotations.cert_manager_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.cert_manager_iam_role_arn}}' + cluster_autoscaler: + enabled: false + releaseName: cluster-autoscaler + namespace: '{{.metadata.annotations.cluster_autoscaler_namespace}}' + chart: cluster-autoscaler + repoUrl: https://kubernetes.github.io/autoscaler + targetRevision: "9.37.0" + selector: + matchExpressions: + - key: enable_cluster_autoscaler + operator: In + values: ['true'] + values: + image: + tag: 'v{{.metada.labels.kubernetes_version}}.0' + awsRegion: '{{.metadata.annotations.aws_region}}' + autoDiscovery: + clusterName: '{{.metadata.annotations.aws_cluster_name}}' + rbac: + serviceAccount: + name: '{{.metadata.annotations.cluster_autoscaler_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.cluster_autoscaler_iam_role_arn}}' + aws_crossplane_provider: + enabled: false + releaseName: crossplane-aws + namespace: crossplane-system + chart: crossplane-aws + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "2.2.0" + selector: + matchExpressions: + - key: enable_aws_crossplane_provider + operator: In + values: ['true'] + values: + deploymentRuntimeConfig: + metadata: + role_arn: '{{.metadata.annotations.aws_crossplane_iam_role_arn}}' + provider: + package: + registry: xpkg.upbound.io/crossplane-contrib/provider-aws + version: "v0.49.1" + aws_crossplane_upbound_provider: + enabled: false + releaseName: crossplane-aws-upbound + namespace: crossplane-system + chart: crossplane-aws-upbound + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "3.0.0" + selector: + matchExpressions: + - key: enable_aws_crossplane_upbound_provider + operator: In + values: ['true'] + values: + deploymentRuntimeConfig: + metadata: + role_arn: '{{.metadata.annotations.aws_upbound_crossplane_iam_role_arn}}' + provider: + package: + registry: xpkg.upbound.io/upbound + version: v1.1.0 + providers: + - cloudfront + - cloudwatchlogs + - dynamodb + - ec2 + - eks + - firehose + - iam + - kms + - lambda + - rds + - s3 + - sns + - sqs + external-dns: + enabled: false + releaseName: external-dns + namespace: '{{.metadata.annotations.external_dns_namespace}}' + chart: external-dns + repoUrl: https://kubernetes-sigs.github.io/external-dns + targetRevision: "1.14.5" + selector: + matchExpressions: + - key: enable_external_dns + operator: In + values: ['true'] + values: + provider: aws + serviceAccount: + name: '{{.metadata.annotations.external_dns_service_account}}'s + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.external_dns_iam_role_arn}}' + domainFilters: '{{.metadata.annotations.external_dns_domain_filters}}' + txtOwnerId: '{{.metadata.annotations.aws_cluster_name}}' + policy: '{{default "upsert-only" (index .metadata.annotations "external_dns_policy")}}' + external_secrets: + enabled: false + releaseName: external-secrets + namespace: '{{.metadata.annotations.external_secrets_namespace}}' + chart: external-secrets + repoUrl: https://charts.external-secrets.io + targetRevision: "0.10.0" + selector: + matchExpressions: + - key: enable_external_secrets + operator: In + values: ['true'] + values: + serviceAccount: + name: '{{.metadata.annotations.external_secrets_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.external_secrets_iam_role_arn}}' + privateca_issuer: + enabled: false + releaseName: privateca-issuer + namespace: '{{.metadata.annotations.aws_privateca_issuer_namespace}}' + chart: aws-privateca-issuer + repoUrl: https://cert-manager.github.io/aws-privateca-issuer + targetRevision: "v1.3.0" + selector: + matchExpressions: + - key: enable_aws_privateca_issuer + operator: In + values: ['true'] + values: + serviceAccount: + name: '{{.metadata.annotations.aws_privateca_issuer_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.aws_privateca_issuer_iam_role_arn}}' + aws_velero: + enabled: false + releaseName: velero + namespace: '{{.metadata.annotations.aws_velero_namespace}}' + chart: velero + repoUrl: https://vmware-tanzu.github.io/helm-charts + targetRevision: "2.17.0" + selector: + matchExpressions: + - key: enable_velero + operator: In + values: ['true'] + values: + configuration: + backupStorageLocation: + - name: default + provider: aws + prefix: '{{.metadata.annotations.velero_backup_s3_bucket_prefix}}' + bucket: '{{.metadata.annotations.velero_backup_s3_bucket_name}}' + config: + region: '{{.metadata.annotations.aws_region}}' + volumeSnapshotLocation: + - name: default + provider: aws + config: + region: '{{.metadata.annotations.aws_region}}' + serviceAccount: + server: + name: '{{.metadata.annotations.velero_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.velero_iam_role_arn}}' + initContainers: + - name: velero-plugin-for-aws + image: velero/velero-plugin-for-aws:v1.10.0 + imagePullPolicy: IfNotPresent + volumeMounts: + - mountPath: /target + name: plugins + aws_secrets_store_csi_driver_provider: + enabled: false + releaseName: secrets-store-csi-driver-provider-aws + namespace: '{{default "kube-system" (index .metadata.annotations "aws_secrets_store_csi_driver_provider_namespace")}}' + chart: secrets-store-csi-driver-provider-aws + repoUrl: https://aws.github.io/secrets-store-csi-driver-provider-aws + targetRevision: "0.3.6" + selector: + matchExpressions: + - key: enable_aws_secrets_store_csi_driver_provider + operator: In + values: ['true'] diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-config.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-config.yaml index d9cc2ea6..81ec1138 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-config.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-config.yaml @@ -1,14 +1,14 @@ addons_version: "default" # this can be also be a version like v1.5 tenants: tenant1: - addons_version: v1.3 + addons_version: v1.2 environments: dev: - addons_version: v1.2 + addons_version: v1.1 staging: addons_version: v1.1 prod: addons_version: v1.0 clusters: cluster1: - addons_version: v1.4 + addons_version: v1.0 diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-default.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-default.yaml index 691d8830..25a32552 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-default.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-default.yaml @@ -28,4 +28,80 @@ addons: volcano: chart: volcano repoUrl: https://volcano-sh.github.io/helm-charts - targetRevision: "1.9.0" \ No newline at end of file + targetRevision: "1.9.0" + aws_cloudwatch_metrics: + chart: aws-cloudwatch-metrics + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.0.11" + aws_efs_csi_driver: + chart: aws-efs-csi-driver + repoUrl: https://kubernetes-sigs.github.io/aws-efs-csi-driver + targetRevision: "3.0.7" + enable_aws_fsx_csi_driver: + chart: aws-fsx-csi-driver + repoUrl: https://kubernetes-sigs.github.io/aws-fsx-csi-driver + targetRevision: "1.9.0" + aws_for_fluent_bit: + chart: aws-for-fluent-bit + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.1.34" + aws_fargate_fluentbit: + chart: aws-fargate-fluentbit + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + aws_gateway_api_controller: + chart: aws-gateway-controller-chart + repoUrl: public.ecr.aws + targetRevision: "v1.0.7" + aws_node_termination_handler: + chart: aws-node-termination-handler + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.21.0" + aws_argo_workflows_ingress: + chart: argo-workflows + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "0.41.14" + aws_argocd: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.4.1" + aws_argocd_ingress: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.4.1" + cert_manager: + chart: cert-manager + repoUrl: https://charts.jetstack.io + targetRevision: "v1.15.2" + cluster_autoscaler: + chart: cluster-autoscaler + repoUrl: https://kubernetes.github.io/autoscaler + targetRevision: "9.37.0" + aws_crossplane_provider: + chart: crossplane-aws + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "2.2.0" + aws_crossplane_upbound_provider: + chart: crossplane-aws-upbound + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "3.0.0" + external-dns: + chart: external-dns + repoUrl: https://kubernetes-sigs.github.io/external-dns + targetRevision: "1.14.5" + external_secrets: + chart: external-secrets + repoUrl: https://charts.external-secrets.io + targetRevision: "0.10.0" + privateca_issuer: + chart: aws-privateca-issuer + repoUrl: https://cert-manager.github.io/aws-privateca-issuer + targetRevision: "v1.3.0" + aws_velero: + chart: velero + repoUrl: https://vmware-tanzu.github.io/helm-charts + targetRevision: "2.17.0" + aws_secrets_store_csi_driver_provider: + chart: secrets-store-csi-driver-provider-aws + repoUrl: https://aws.github.io/secrets-store-csi-driver-provider-aws + targetRevision: "0.3.6" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.0.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.0.yaml index 91d9bbee..7acd1331 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.0.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.0.yaml @@ -29,3 +29,79 @@ addons: chart: volcano repoUrl: https://volcano-sh.github.io/helm-charts targetRevision: "1.9.0" + aws_cloudwatch_metrics: + chart: aws-cloudwatch-metrics + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.0.11" + aws_efs_csi_driver: + chart: aws-efs-csi-driver + repoUrl: https://kubernetes-sigs.github.io/aws-efs-csi-driver + targetRevision: "3.0.7" + enable_aws_fsx_csi_driver: + chart: aws-fsx-csi-driver + repoUrl: https://kubernetes-sigs.github.io/aws-fsx-csi-driver + targetRevision: "1.9.0" + aws_for_fluent_bit: + chart: aws-for-fluent-bit + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.1.34" + aws_fargate_fluentbit: + chart: aws-fargate-fluentbit + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + aws_gateway_api_controller: + chart: aws-gateway-controller-chart + repoUrl: public.ecr.aws + targetRevision: "v1.0.7" + aws_node_termination_handler: + chart: aws-node-termination-handler + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.21.0" + aws_argo_workflows_ingress: + chart: argo-workflows + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "0.41.14" + aws_argocd: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.4.1" + aws_argocd_ingress: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.4.1" + cert_manager: + chart: cert-manager + repoUrl: https://charts.jetstack.io + targetRevision: "v1.15.2" + cluster_autoscaler: + chart: cluster-autoscaler + repoUrl: https://kubernetes.github.io/autoscaler + targetRevision: "9.37.0" + aws_crossplane_provider: + chart: crossplane-aws + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "2.2.0" + aws_crossplane_upbound_provider: + chart: crossplane-aws-upbound + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "3.0.0" + external-dns: + chart: external-dns + repoUrl: https://kubernetes-sigs.github.io/external-dns + targetRevision: "1.14.5" + external_secrets: + chart: external-secrets + repoUrl: https://charts.external-secrets.io + targetRevision: "0.10.0" + privateca_issuer: + chart: aws-privateca-issuer + repoUrl: https://cert-manager.github.io/aws-privateca-issuer + targetRevision: "v1.3.0" + aws_velero: + chart: velero + repoUrl: https://vmware-tanzu.github.io/helm-charts + targetRevision: "2.17.0" + aws_secrets_store_csi_driver_provider: + chart: secrets-store-csi-driver-provider-aws + repoUrl: https://aws.github.io/secrets-store-csi-driver-provider-aws + targetRevision: "0.3.6" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.1.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.1.yaml index 44e73d92..902be28d 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.1.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.1.yaml @@ -29,3 +29,79 @@ addons: chart: volcano repoUrl: https://volcano-sh.github.io/helm-charts targetRevision: "1.9.0" + aws_cloudwatch_metrics: + chart: aws-cloudwatch-metrics + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.0.11" + aws_efs_csi_driver: + chart: aws-efs-csi-driver + repoUrl: https://kubernetes-sigs.github.io/aws-efs-csi-driver + targetRevision: "3.0.7" + enable_aws_fsx_csi_driver: + chart: aws-fsx-csi-driver + repoUrl: https://kubernetes-sigs.github.io/aws-fsx-csi-driver + targetRevision: "1.9.0" + aws_for_fluent_bit: + chart: aws-for-fluent-bit + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.1.34" + aws_fargate_fluentbit: + chart: aws-fargate-fluentbit + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + aws_gateway_api_controller: + chart: aws-gateway-controller-chart + repoUrl: public.ecr.aws + targetRevision: "v1.0.7" + aws_node_termination_handler: + chart: aws-node-termination-handler + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.21.0" + aws_argo_workflows_ingress: + chart: argo-workflows + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "0.41.14" + aws_argocd: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.4.1" + aws_argocd_ingress: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.4.1" + cert_manager: + chart: cert-manager + repoUrl: https://charts.jetstack.io + targetRevision: "v1.15.2" + cluster_autoscaler: + chart: cluster-autoscaler + repoUrl: https://kubernetes.github.io/autoscaler + targetRevision: "9.37.0" + aws_crossplane_provider: + chart: crossplane-aws + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "2.2.0" + aws_crossplane_upbound_provider: + chart: crossplane-aws-upbound + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "3.0.0" + external-dns: + chart: external-dns + repoUrl: https://kubernetes-sigs.github.io/external-dns + targetRevision: "1.14.5" + external_secrets: + chart: external-secrets + repoUrl: https://charts.external-secrets.io + targetRevision: "0.10.0" + privateca_issuer: + chart: aws-privateca-issuer + repoUrl: https://cert-manager.github.io/aws-privateca-issuer + targetRevision: "v1.3.0" + aws_velero: + chart: velero + repoUrl: https://vmware-tanzu.github.io/helm-charts + targetRevision: "2.17.0" + aws_secrets_store_csi_driver_provider: + chart: secrets-store-csi-driver-provider-aws + repoUrl: https://aws.github.io/secrets-store-csi-driver-provider-aws + targetRevision: "0.3.6" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.2.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.2.yaml index 7a6354b5..94972268 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.2.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.2.yaml @@ -29,3 +29,79 @@ addons: chart: volcano repoUrl: https://volcano-sh.github.io/helm-charts targetRevision: "1.9.0" + aws_cloudwatch_metrics: + chart: aws-cloudwatch-metrics + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.0.11" + aws_efs_csi_driver: + chart: aws-efs-csi-driver + repoUrl: https://kubernetes-sigs.github.io/aws-efs-csi-driver + targetRevision: "3.0.7" + enable_aws_fsx_csi_driver: + chart: aws-fsx-csi-driver + repoUrl: https://kubernetes-sigs.github.io/aws-fsx-csi-driver + targetRevision: "1.9.0" + aws_for_fluent_bit: + chart: aws-for-fluent-bit + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.1.34" + aws_fargate_fluentbit: + chart: aws-fargate-fluentbit + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + aws_gateway_api_controller: + chart: aws-gateway-controller-chart + repoUrl: public.ecr.aws + targetRevision: "v1.0.7" + aws_node_termination_handler: + chart: aws-node-termination-handler + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.21.0" + aws_argo_workflows_ingress: + chart: argo-workflows + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "0.41.14" + aws_argocd: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.4.1" + aws_argocd_ingress: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.4.1" + cert_manager: + chart: cert-manager + repoUrl: https://charts.jetstack.io + targetRevision: "v1.15.2" + cluster_autoscaler: + chart: cluster-autoscaler + repoUrl: https://kubernetes.github.io/autoscaler + targetRevision: "9.37.0" + aws_crossplane_provider: + chart: crossplane-aws + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "2.2.0" + aws_crossplane_upbound_provider: + chart: crossplane-aws-upbound + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "3.0.0" + external-dns: + chart: external-dns + repoUrl: https://kubernetes-sigs.github.io/external-dns + targetRevision: "1.14.5" + external_secrets: + chart: external-secrets + repoUrl: https://charts.external-secrets.io + targetRevision: "0.10.0" + privateca_issuer: + chart: aws-privateca-issuer + repoUrl: https://cert-manager.github.io/aws-privateca-issuer + targetRevision: "v1.3.0" + aws_velero: + chart: velero + repoUrl: https://vmware-tanzu.github.io/helm-charts + targetRevision: "2.17.0" + aws_secrets_store_csi_driver_provider: + chart: secrets-store-csi-driver-provider-aws + repoUrl: https://aws.github.io/secrets-store-csi-driver-provider-aws + targetRevision: "0.3.6" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.3.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.3.yaml deleted file mode 100644 index 646f5723..00000000 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.3.yaml +++ /dev/null @@ -1,31 +0,0 @@ -file: stack-k8sv1.29-addonsv1.3.yaml -kubernetes_version: "1.29" -addons: - argocd: - chart: argo-cd - repoUrl: https://argoproj.github.io/argo-helm - targetRevision: "7.3.11" - aws_load_balancer_controller: - chart: aws-load-balancer-controller - repoUrl: https://aws.github.io/eks-charts - targetRevision: "1.7.1" - gatekeeper: - chart: gatekeeper - repoUrl: https://open-policy-agent.github.io/gatekeeper/charts - targetRevision: "3.15.0" - metrics_server: - chart: metrics-server - repoUrl: https://kubernetes-sigs.github.io/metrics-server - targetRevision: "3.12.0" - aws_ebs_csi_resources: - chart: aws-ebs-csi-classes - repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts - targetRevision: "1.0.0" - karpenter: - chart: karpenter/karpenter - repoUrl: public.ecr.aws - targetRevision: "0.37.0" - volcano: - chart: volcano - repoUrl: https://volcano-sh.github.io/helm-charts - targetRevision: "1.9.0" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.4.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.4.yaml deleted file mode 100644 index b589436c..00000000 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.4.yaml +++ /dev/null @@ -1,31 +0,0 @@ -file: stack-k8sv1.29-addonsv1.4.yaml -kubernetes_version: "1.29" -addons: - argocd: - chart: argo-cd - repoUrl: https://argoproj.github.io/argo-helm - targetRevision: "7.3.11" - aws_load_balancer_controller: - chart: aws-load-balancer-controller - repoUrl: https://aws.github.io/eks-charts - targetRevision: "1.7.1" - gatekeeper: - chart: gatekeeper - repoUrl: https://open-policy-agent.github.io/gatekeeper/charts - targetRevision: "3.15.0" - metrics_server: - chart: metrics-server - repoUrl: https://kubernetes-sigs.github.io/metrics-server - targetRevision: "3.12.0" - aws_ebs_csi_resources: - chart: aws-ebs-csi-classes - repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts - targetRevision: "1.0.0" - karpenter: - chart: karpenter/karpenter - repoUrl: public.ecr.aws - targetRevision: "0.37.0" - volcano: - chart: volcano - repoUrl: https://volcano-sh.github.io/helm-charts - targetRevision: "1.9.0" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.5.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.5.yaml deleted file mode 100644 index e8a27f3d..00000000 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.5.yaml +++ /dev/null @@ -1,28 +0,0 @@ -file: stack-k8sv1.29-addonsv1.5.yaml -kubernetes_version: "1.29" -addons: - argocd: - chart: argo-cd - repoUrl: https://argoproj.github.io/argo-helm - targetRevision: "7.3.11" - aws_load_balancer_controller: - chart: aws-load-balancer-controller - repoUrl: https://aws.github.io/eks-charts - targetRevision: "1.7.1" - gatekeeper: - chart: gatekeeper - repoUrl: https://open-policy-agent.github.io/gatekeeper/charts - targetRevision: "3.15.0" - metrics_server: - chart: metrics-server - repoUrl: https://kubernetes-sigs.github.io/metrics-server - targetRevision: "3.12.0" - aws_ebs_csi_resources: - chart: aws-ebs-csi-classes - repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts - targetRevision: "1.0.0" - karpenter: - chart: karpenter/karpenter - repoUrl: public.ecr.aws - targetRevision: "0.37.0" - diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-config.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-config.yaml index d9cc2ea6..d7ce4231 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-config.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-config.yaml @@ -1,14 +1,14 @@ addons_version: "default" # this can be also be a version like v1.5 tenants: tenant1: - addons_version: v1.3 + addons_version: v1.2 environments: dev: - addons_version: v1.2 + addons_version: v1.1 staging: addons_version: v1.1 prod: addons_version: v1.0 clusters: cluster1: - addons_version: v1.4 + addons_version: v1.1 diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-default.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-default.yaml index 13e17ade..172b3135 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-default.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-default.yaml @@ -28,4 +28,80 @@ addons: volcano: chart: volcano repoUrl: https://volcano-sh.github.io/helm-charts - targetRevision: "1.9.0" \ No newline at end of file + targetRevision: "1.9.0" + aws_cloudwatch_metrics: + chart: aws-cloudwatch-metrics + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.0.11" + aws_efs_csi_driver: + chart: aws-efs-csi-driver + repoUrl: https://kubernetes-sigs.github.io/aws-efs-csi-driver + targetRevision: "3.0.7" + enable_aws_fsx_csi_driver: + chart: aws-fsx-csi-driver + repoUrl: https://kubernetes-sigs.github.io/aws-fsx-csi-driver + targetRevision: "1.9.0" + aws_for_fluent_bit: + chart: aws-for-fluent-bit + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.1.34" + aws_fargate_fluentbit: + chart: aws-fargate-fluentbit + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + aws_gateway_api_controller: + chart: aws-gateway-controller-chart + repoUrl: public.ecr.aws + targetRevision: "v1.0.7" + aws_node_termination_handler: + chart: aws-node-termination-handler + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.21.0" + aws_argo_workflows_ingress: + chart: argo-workflows + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "0.41.14" + aws_argocd: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.4.1" + aws_argocd_ingress: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.4.1" + cert_manager: + chart: cert-manager + repoUrl: https://charts.jetstack.io + targetRevision: "v1.15.2" + cluster_autoscaler: + chart: cluster-autoscaler + repoUrl: https://kubernetes.github.io/autoscaler + targetRevision: "9.37.0" + aws_crossplane_provider: + chart: crossplane-aws + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "2.2.0" + aws_crossplane_upbound_provider: + chart: crossplane-aws-upbound + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "3.0.0" + external-dns: + chart: external-dns + repoUrl: https://kubernetes-sigs.github.io/external-dns + targetRevision: "1.14.5" + external_secrets: + chart: external-secrets + repoUrl: https://charts.external-secrets.io + targetRevision: "0.10.0" + privateca_issuer: + chart: aws-privateca-issuer + repoUrl: https://cert-manager.github.io/aws-privateca-issuer + targetRevision: "v1.3.0" + aws_velero: + chart: velero + repoUrl: https://vmware-tanzu.github.io/helm-charts + targetRevision: "2.17.0" + aws_secrets_store_csi_driver_provider: + chart: secrets-store-csi-driver-provider-aws + repoUrl: https://aws.github.io/secrets-store-csi-driver-provider-aws + targetRevision: "0.3.6" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.0.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.0.yaml index 400d30ba..d9b9f0ed 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.0.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.0.yaml @@ -29,3 +29,79 @@ addons: chart: volcano repoUrl: https://volcano-sh.github.io/helm-charts targetRevision: "1.9.0" + aws_cloudwatch_metrics: + chart: aws-cloudwatch-metrics + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.0.11" + aws_efs_csi_driver: + chart: aws-efs-csi-driver + repoUrl: https://kubernetes-sigs.github.io/aws-efs-csi-driver + targetRevision: "3.0.7" + enable_aws_fsx_csi_driver: + chart: aws-fsx-csi-driver + repoUrl: https://kubernetes-sigs.github.io/aws-fsx-csi-driver + targetRevision: "1.9.0" + aws_for_fluent_bit: + chart: aws-for-fluent-bit + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.1.34" + aws_fargate_fluentbit: + chart: aws-fargate-fluentbit + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + aws_gateway_api_controller: + chart: aws-gateway-controller-chart + repoUrl: public.ecr.aws + targetRevision: "v1.0.7" + aws_node_termination_handler: + chart: aws-node-termination-handler + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.21.0" + aws_argo_workflows_ingress: + chart: argo-workflows + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "0.41.14" + aws_argocd: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.4.1" + aws_argocd_ingress: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.4.1" + cert_manager: + chart: cert-manager + repoUrl: https://charts.jetstack.io + targetRevision: "v1.15.2" + cluster_autoscaler: + chart: cluster-autoscaler + repoUrl: https://kubernetes.github.io/autoscaler + targetRevision: "9.37.0" + aws_crossplane_provider: + chart: crossplane-aws + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "2.2.0" + aws_crossplane_upbound_provider: + chart: crossplane-aws-upbound + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "3.0.0" + external-dns: + chart: external-dns + repoUrl: https://kubernetes-sigs.github.io/external-dns + targetRevision: "1.14.5" + external_secrets: + chart: external-secrets + repoUrl: https://charts.external-secrets.io + targetRevision: "0.10.0" + privateca_issuer: + chart: aws-privateca-issuer + repoUrl: https://cert-manager.github.io/aws-privateca-issuer + targetRevision: "v1.3.0" + aws_velero: + chart: velero + repoUrl: https://vmware-tanzu.github.io/helm-charts + targetRevision: "2.17.0" + aws_secrets_store_csi_driver_provider: + chart: secrets-store-csi-driver-provider-aws + repoUrl: https://aws.github.io/secrets-store-csi-driver-provider-aws + targetRevision: "0.3.6" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.1.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.1.yaml index ba7acfd6..e13e7baf 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.1.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.1.yaml @@ -29,3 +29,79 @@ addons: chart: volcano repoUrl: https://volcano-sh.github.io/helm-charts targetRevision: "1.9.0" + aws_cloudwatch_metrics: + chart: aws-cloudwatch-metrics + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.0.11" + aws_efs_csi_driver: + chart: aws-efs-csi-driver + repoUrl: https://kubernetes-sigs.github.io/aws-efs-csi-driver + targetRevision: "3.0.7" + enable_aws_fsx_csi_driver: + chart: aws-fsx-csi-driver + repoUrl: https://kubernetes-sigs.github.io/aws-fsx-csi-driver + targetRevision: "1.9.0" + aws_for_fluent_bit: + chart: aws-for-fluent-bit + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.1.34" + aws_fargate_fluentbit: + chart: aws-fargate-fluentbit + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + aws_gateway_api_controller: + chart: aws-gateway-controller-chart + repoUrl: public.ecr.aws + targetRevision: "v1.0.7" + aws_node_termination_handler: + chart: aws-node-termination-handler + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.21.0" + aws_argo_workflows_ingress: + chart: argo-workflows + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "0.41.14" + aws_argocd: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.4.1" + aws_argocd_ingress: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.4.1" + cert_manager: + chart: cert-manager + repoUrl: https://charts.jetstack.io + targetRevision: "v1.15.2" + cluster_autoscaler: + chart: cluster-autoscaler + repoUrl: https://kubernetes.github.io/autoscaler + targetRevision: "9.37.0" + aws_crossplane_provider: + chart: crossplane-aws + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "2.2.0" + aws_crossplane_upbound_provider: + chart: crossplane-aws-upbound + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "3.0.0" + external-dns: + chart: external-dns + repoUrl: https://kubernetes-sigs.github.io/external-dns + targetRevision: "1.14.5" + external_secrets: + chart: external-secrets + repoUrl: https://charts.external-secrets.io + targetRevision: "0.10.0" + privateca_issuer: + chart: aws-privateca-issuer + repoUrl: https://cert-manager.github.io/aws-privateca-issuer + targetRevision: "v1.3.0" + aws_velero: + chart: velero + repoUrl: https://vmware-tanzu.github.io/helm-charts + targetRevision: "2.17.0" + aws_secrets_store_csi_driver_provider: + chart: secrets-store-csi-driver-provider-aws + repoUrl: https://aws.github.io/secrets-store-csi-driver-provider-aws + targetRevision: "0.3.6" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.2.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.2.yaml index 2a6fd6af..19e207fa 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.2.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.2.yaml @@ -29,3 +29,80 @@ addons: chart: volcano repoUrl: https://volcano-sh.github.io/helm-charts targetRevision: "1.9.0" + aws_cloudwatch_metrics: + chart: aws-cloudwatch-metrics + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.0.11" + aws_efs_csi_driver: + chart: aws-efs-csi-driver + repoUrl: https://kubernetes-sigs.github.io/aws-efs-csi-driver + targetRevision: "3.0.7" + enable_aws_fsx_csi_driver: + chart: aws-fsx-csi-driver + repoUrl: https://kubernetes-sigs.github.io/aws-fsx-csi-driver + targetRevision: "1.9.0" + aws_for_fluent_bit: + chart: aws-for-fluent-bit + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.1.34" + aws_fargate_fluentbit: + chart: aws-fargate-fluentbit + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + aws_gateway_api_controller: + chart: aws-gateway-controller-chart + repoUrl: public.ecr.aws + targetRevision: "v1.0.7" + aws_node_termination_handler: + chart: aws-node-termination-handler + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.21.0" + aws_argo_workflows_ingress: + chart: argo-workflows + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "0.41.14" + aws_argocd: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.4.1" + aws_argocd_ingress: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.4.1" + cert_manager: + chart: cert-manager + repoUrl: https://charts.jetstack.io + targetRevision: "v1.15.2" + cluster_autoscaler: + chart: cluster-autoscaler + repoUrl: https://kubernetes.github.io/autoscaler + targetRevision: "9.37.0" + aws_crossplane_provider: + chart: crossplane-aws + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "2.2.0" + aws_crossplane_upbound_provider: + chart: crossplane-aws-upbound + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "3.0.0" + external-dns: + chart: external-dns + repoUrl: https://kubernetes-sigs.github.io/external-dns + targetRevision: "1.14.5" + external_secrets: + chart: external-secrets + repoUrl: https://charts.external-secrets.io + targetRevision: "0.10.0" + privateca_issuer: + chart: aws-privateca-issuer + repoUrl: https://cert-manager.github.io/aws-privateca-issuer + targetRevision: "v1.3.0" + aws_velero: + chart: velero + repoUrl: https://vmware-tanzu.github.io/helm-charts + targetRevision: "2.17.0" + aws_secrets_store_csi_driver_provider: + chart: secrets-store-csi-driver-provider-aws + repoUrl: https://aws.github.io/secrets-store-csi-driver-provider-aws + targetRevision: "0.3.6" + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.3.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.3.yaml deleted file mode 100644 index 657dd090..00000000 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.3.yaml +++ /dev/null @@ -1,31 +0,0 @@ -file: stack-k8sv1.30-addonsv1.3.yaml -kubernetes_version: "1.30" -addons: - argocd: - chart: argo-cd - repoUrl: https://argoproj.github.io/argo-helm - targetRevision: "7.3.11" - aws_load_balancer_controller: - chart: aws-load-balancer-controller - repoUrl: https://aws.github.io/eks-charts - targetRevision: "1.7.1" - gatekeeper: - chart: gatekeeper - repoUrl: https://open-policy-agent.github.io/gatekeeper/charts - targetRevision: "3.15.0" - metrics_server: - chart: metrics-server - repoUrl: https://kubernetes-sigs.github.io/metrics-server - targetRevision: "3.12.0" - aws_ebs_csi_resources: - chart: aws-ebs-csi-classes - repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts - targetRevision: "1.0.0" - karpenter: - chart: karpenter/karpenter - repoUrl: public.ecr.aws - targetRevision: "0.37.0" - volcano: - chart: volcano - repoUrl: https://volcano-sh.github.io/helm-charts - targetRevision: "1.9.0" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.4.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.4.yaml deleted file mode 100644 index 42c55f27..00000000 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.4.yaml +++ /dev/null @@ -1,31 +0,0 @@ -file: stack-k8sv1.30-addonsv1.4.yaml -kubernetes_version: "1.30" -addons: - argocd: - chart: argo-cd - repoUrl: https://argoproj.github.io/argo-helm - targetRevision: "7.3.11" - aws_load_balancer_controller: - chart: aws-load-balancer-controller - repoUrl: https://aws.github.io/eks-charts - targetRevision: "1.7.1" - gatekeeper: - chart: gatekeeper - repoUrl: https://open-policy-agent.github.io/gatekeeper/charts - targetRevision: "3.15.0" - metrics_server: - chart: metrics-server - repoUrl: https://kubernetes-sigs.github.io/metrics-server - targetRevision: "3.12.0" - aws_ebs_csi_resources: - chart: aws-ebs-csi-classes - repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts - targetRevision: "1.0.0" - karpenter: - chart: karpenter/karpenter - repoUrl: public.ecr.aws - targetRevision: "0.37.0" - volcano: - chart: volcano - repoUrl: https://volcano-sh.github.io/helm-charts - targetRevision: "1.9.0" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.5.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.5.yaml deleted file mode 100644 index 27b8c08f..00000000 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.5.yaml +++ /dev/null @@ -1,28 +0,0 @@ -file: stack-k8sv1.30-addonsv1.5.yaml -kubernetes_version: "1.30" -addons: - argocd: - chart: argo-cd - repoUrl: https://argoproj.github.io/argo-helm - targetRevision: "7.3.11" - aws_load_balancer_controller: - chart: aws-load-balancer-controller - repoUrl: https://aws.github.io/eks-charts - targetRevision: "1.7.1" - gatekeeper: - chart: gatekeeper - repoUrl: https://open-policy-agent.github.io/gatekeeper/charts - targetRevision: "3.15.0" - metrics_server: - chart: metrics-server - repoUrl: https://kubernetes-sigs.github.io/metrics-server - targetRevision: "3.12.0" - aws_ebs_csi_resources: - chart: aws-ebs-csi-classes - repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts - targetRevision: "1.0.0" - karpenter: - chart: karpenter/karpenter - repoUrl: public.ecr.aws - targetRevision: "0.37.0" - From 177762e5b09ce37f3fe80926a8e9eb3f1f272b34 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Wed, 7 Aug 2024 12:18:09 -0400 Subject: [PATCH 82/90] fix values Signed-off-by: Carlos Santana --- .../gitops/charts/gitops-bridge/values.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml index ee718748..6e252bb5 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml @@ -266,10 +266,10 @@ addons: values: cloudWatchLogs: enabled: true - region: '{{.metadata.annotations.aws_region}}'' - logGroupName: '{{.metadata.annotations.aws_for_fluentbit_log_group_name}}'' - logGroupTemplate: '{{.metadata.annotations.aws_for_fluentbit_log_group_name}}/workload/$kubernetes['namespace_name']'' - logStreamTemplate: '$kubernetes['pod_name'].$kubernetes['container_name']' + region: '{{.metadata.annotations.aws_region}}' + logGroupName: '{{.metadata.annotations.aws_for_fluentbit_log_group_name}}' + logGroupTemplate: '{{.metadata.annotations.aws_for_fluentbit_log_group_name}}/workload/$kubernetes["namespace_name"]' + logStreamTemplate: '$kubernetes["pod_name"].$kubernetes["container_name"]' logRetentionDays: 90 serviceAccount: name: '{{.metadata.annotations.aws_for_fluentbit_service_account}}' @@ -357,12 +357,12 @@ addons: alb.ingress.kubernetes.io/listen-ports: "[{\"HTTPS\":443}]" alb.ingress.kubernetes.io/tags: "Environment=hub,GitOps=true" ingressClassName: "alb" - hosts: {{.metadata.annotations.argo_workflows_hosts}} + hosts: '{{.metadata.annotations.argo_workflows_hosts}}' paths: - / pathType: Prefix tls: - - hosts: {{.metadata.annotations.argo_workflows_hosts}} + - hosts: '{{.metadata.annotations.argo_workflows_hosts}}' aws_argocd: enabled: false releaseName: argocd @@ -398,7 +398,7 @@ addons: values: ['true'] values: global: - domain: {{.metadata.annotations.argocd_domain}} + domain: '{{.metadata.annotations.argocd_domain}}' server: service: type: "ClusterIP" @@ -526,7 +526,7 @@ addons: values: provider: aws serviceAccount: - name: '{{.metadata.annotations.external_dns_service_account}}'s + name: '{{.metadata.annotations.external_dns_service_account}}' annotations: eks.amazonaws.com/role-arn: '{{.metadata.annotations.external_dns_iam_role_arn}}' domainFilters: '{{.metadata.annotations.external_dns_domain_filters}}' From 6e3937be9e737c8475d78517eee498389fe586e5 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Wed, 7 Aug 2024 15:45:57 -0400 Subject: [PATCH 83/90] update destroy Signed-off-by: Carlos Santana --- .../examples/eks/single-cluster-v2/destroy.sh | 213 ++++++++++++++++++ 1 file changed, 213 insertions(+) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/destroy.sh b/argocd/iac/terraform/examples/eks/single-cluster-v2/destroy.sh index 1d90e400..960df2e7 100755 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/destroy.sh +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/destroy.sh @@ -6,6 +6,170 @@ SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" ROOTDIR="$(cd ${SCRIPTDIR}/../..; pwd )" [[ -n "${DEBUG:-}" ]] && set -x +scale_down_karpenter_nodes() { + # Get all nodes with the label karpenter.sh/registered=true + nodes=$(kubectl get nodes -l karpenter.sh/registered=true -o jsonpath='{.items[*].metadata.name}') + + # Iterate over each node + for node in $nodes; do + # Get all pods running on the current node + pods=$(kubectl get pods --all-namespaces --field-selector spec.nodeName=$node -o jsonpath='{range .items[*]}{.metadata.namespace}{" "}{.metadata.name}{"\n"}{end}') + + # Iterate over each pod + while IFS= read -r pod; do + namespace=$(echo $pod | awk '{print $1}') + pod_name=$(echo $pod | awk '{print $2}') + + # Get the owner references of the pod + owner_refs=$(kubectl get pod $pod_name -n $namespace -o jsonpath='{.metadata.ownerReferences[*]}') + + # Check if the owner is a ReplicaSet (which is part of a deployment) or a StatefulSet and scale down + if echo $owner_refs | grep -q "ReplicaSet"; then + replicaset_name=$(kubectl get pod $pod_name -n $namespace -o jsonpath='{.metadata.ownerReferences[?(@.kind=="ReplicaSet")].name}') + deployment_name=$(kubectl get replicaset $replicaset_name -n $namespace -o jsonpath='{.metadata.ownerReferences[?(@.kind=="Deployment")].name}') + if [[ $(kubectl get deployment $deployment_name -n $namespace -o jsonpath='{.spec.replicas}') -gt 0 ]]; then + kubectl scale deployment $deployment_name -n $namespace --replicas=0 + fi + elif echo $owner_refs | grep -q "StatefulSet"; then + statefulset_name=$(kubectl get pod $pod_name -n $namespace -o jsonpath='{.metadata.ownerReferences[?(@.kind=="StatefulSet")].name}') + if [[ $(kubectl get statefulset $statefulset_name -n $namespace -o jsonpath='{.spec.replicas}') -gt 0 ]]; then + kubectl scale statefulset $statefulset_name -n $namespace --replicas=0 + fi + fi + done <<< "$pods" + done + + # Loop through each node and delete it + for node in $nodes; do + echo "Deleting node: $node" + kubectl delete node $node + done + # do a final check to make sure the nodes are gone, loop sleep 60 in between checks + nodes=$(kubectl get nodes -l karpenter.sh/registered=true -o jsonpath='{.items[*].metadata.name}') + while [[ ! -z $nodes ]]; do + echo "Waiting for nodes to be deleted: $nodes" + sleep 60 + nodes=$(kubectl get nodes -l karpenter.sh/registered=true -o jsonpath='{.items[*].metadata.name}') + done + + +} + +# We must destroy the karpenter node before we destroy the EKS cluster + +exit 0 + +# Delete the Ingress/SVC before removing the addons +TMPFILE=$(mktemp) +terraform -chdir=$SCRIPTDIR output -raw configure_kubectl > "$TMPFILE" +# check if TMPFILE contains the string "No outputs found" +if [[ ! $(cat $TMPFILE) == *"No outputs found"* ]]; then + source "$TMPFILE" + scale_down_karpenter_nodes + kubectl delete ing -A --all + # delete all the kuberneters service of type LoadBalancer, without using jq + kubectl get svc --all-namespaces -o json | grep -E '"type": "LoadBalancer"' | awk '{print "echo kubectl delete svc " $1 " -n " $2}' | bash + sleep 60 +fi + +terraform destroy -target="module.gitops_bridge_bootstrap" -auto-approve +terraform destroy -target="module.eks_blueprints_addons" -auto-approve +terraform destroy -target="module.eks" -auto-approve +terraform destroy -target="module.vpc" -auto-approve +terraform destroy -auto-approve + +# Delete the Ingress/SVC before removing the addons +TMPFILE=$(mktemp) +terraform -chdir=$SCRIPTDIR output -raw configure_kubectl > "$TMPFILE" +# check if TMPFILE contains the string "No outputs found" +if [[ ! $(cat $TMPFILE) == *"No outputs found"* ]]; then + source "$TMPFILE" + kubectl scale deploy -n game-2048 game-2048 --replicas=0 + kubectl scale deploy -n gatekeeper-system gatekeeper-audit --replicas=0 + kubectl scale deploy -n gatekeeper-system gatekeeper-controller-manager --replicas=0 + kubectl scale deploy -n kube-system metrics-server --replicas=0 + sleep 60 + kubectl delete nodes -l karpenter.sh/registered=true + kubectl delete -n game-2048 ing game-2048 + kubectl delete -n argocd svc argocd-server + sleep 60 +fi + +terraform destroy -target="module.gitops_bridge_bootstrap" -auto-approve +terraform destroy -target="module.eks_blueprints_addons" -auto-approve +terraform destroy -target="module.eks" -auto-approve +terraform destroy -target="module.vpc" -auto-approve +terraform destroy -auto-approve + +# Delete the Ingress/SVC before removing the addons +TMPFILE=$(mktemp) +terraform -chdir=$SCRIPTDIR output -raw configure_kubectl > "$TMPFILE" +# check if TMPFILE contains the string "No outputs found" +if [[ ! $(cat $TMPFILE) == *"No outputs found"* ]]; then + source "$TMPFILE" + kubectl scale deploy -n game-2048 game-2048 --replicas=0 + kubectl scale deploy -n gatekeeper-system gatekeeper-audit --replicas=0 + kubectl scale deploy -n gatekeeper-system gatekeeper-controller-manager --replicas=0 + kubectl scale deploy -n kube-system metrics-server --replicas=0 + sleep 60 + kubectl delete nodes -l karpenter.sh/registered=true + kubectl delete -n game-2048 ing game-2048 + kubectl delete -n argocd svc argocd-server + sleep 60 +fi + +terraform destroy -target="module.gitops_bridge_bootstrap" -auto-approve +terraform destroy -target="module.eks_blueprints_addons" -auto-approve +terraform destroy -target="module.eks" -auto-approve +terraform destroy -target="module.vpc" -auto-approve +terraform destroy -auto-approve + +# Delete the Ingress/SVC before removing the addons +TMPFILE=$(mktemp) +terraform -chdir=$SCRIPTDIR output -raw configure_kubectl > "$TMPFILE" +# check if TMPFILE contains the string "No outputs found" +if [[ ! $(cat $TMPFILE) == *"No outputs found"* ]]; then + source "$TMPFILE" + kubectl scale deploy -n game-2048 game-2048 --replicas=0 + kubectl scale deploy -n gatekeeper-system gatekeeper-audit --replicas=0 + kubectl scale deploy -n gatekeeper-system gatekeeper-controller-manager --replicas=0 + kubectl scale deploy -n kube-system metrics-server --replicas=0 + sleep 60 + kubectl delete nodes -l karpenter.sh/registered=true + kubectl delete -n game-2048 ing game-2048 + kubectl delete -n argocd svc argocd-server + sleep 60 +fi + +terraform destroy -target="module.gitops_bridge_bootstrap" -auto-approve +terraform destroy -target="module.eks_blueprints_addons" -auto-approve +terraform destroy -target="module.eks" -auto-approve +terraform destroy -target="module.vpc" -auto-approve +terraform destroy -auto-approve + +# Delete the Ingress/SVC before removing the addons +TMPFILE=$(mktemp) +terraform -chdir=$SCRIPTDIR output -raw configure_kubectl > "$TMPFILE" +# check if TMPFILE contains the string "No outputs found" +if [[ ! $(cat $TMPFILE) == *"No outputs found"* ]]; then + source "$TMPFILE" + kubectl scale deploy -n game-2048 game-2048 --replicas=0 + kubectl scale deploy -n gatekeeper-system gatekeeper-audit --replicas=0 + kubectl scale deploy -n gatekeeper-system gatekeeper-controller-manager --replicas=0 + kubectl scale deploy -n kube-system metrics-server --replicas=0 + sleep 60 + kubectl delete nodes -l karpenter.sh/registered=true + kubectl delete -n game-2048 ing game-2048 + kubectl delete -n argocd svc argocd-server + sleep 60 +fi + +terraform destroy -target="module.gitops_bridge_bootstrap" -auto-approve +terraform destroy -target="module.eks_blueprints_addons" -auto-approve +terraform destroy -target="module.eks" -auto-approve +terraform destroy -target="module.vpc" -auto-approve +terraform destroy -auto-approve + # Delete the Ingress/SVC before removing the addons TMPFILE=$(mktemp) terraform -chdir=$SCRIPTDIR output -raw configure_kubectl > "$TMPFILE" @@ -28,3 +192,52 @@ terraform destroy -target="module.eks_blueprints_addons" -auto-approve terraform destroy -target="module.eks" -auto-approve terraform destroy -target="module.vpc" -auto-approve terraform destroy -auto-approve + +# Delete the Ingress/SVC before removing the addons +TMPFILE=$(mktemp) +terraform -chdir=$SCRIPTDIR output -raw configure_kubectl > "$TMPFILE" +# check if TMPFILE contains the string "No outputs found" +if [[ ! $(cat $TMPFILE) == *"No outputs found"* ]]; then + source "$TMPFILE" + kubectl scale deploy -n game-2048 game-2048 --replicas=0 + kubectl scale deploy -n gatekeeper-system gatekeeper-audit --replicas=0 + kubectl scale deploy -n gatekeeper-system gatekeeper-controller-manager --replicas=0 + kubectl scale deploy -n kube-system metrics-server --replicas=0 + sleep 60 + kubectl delete nodes -l karpenter.sh/registered=true + kubectl delete -n game-2048 ing game-2048 + kubectl delete -n argocd svc argocd-server + sleep 60 +fi + +terraform destroy -target="module.gitops_bridge_bootstrap" -auto-approve +terraform destroy -target="module.eks_blueprints_addons" -auto-approve +terraform destroy -target="module.eks" -auto-approve +terraform destroy -target="module.vpc" -auto-approve +terraform destroy -auto-approve + +# Delete the Ingress/SVC before removing the addons +TMPFILE=$(mktemp) +terraform -chdir=$SCRIPTDIR output -raw configure_kubectl > "$TMPFILE" +# check if TMPFILE contains the string "No outputs found" +if [[ ! $(cat $TMPFILE) == *"No outputs found"* ]]; then + source "$TMPFILE" + kubectl scale deploy -n game-2048 game-2048 --replicas=0 + kubectl scale deploy -n gatekeeper-system gatekeeper-audit --replicas=0 + kubectl scale deploy -n gatekeeper-system gatekeeper-controller-manager --replicas=0 + kubectl scale deploy -n kube-system metrics-server --replicas=0 + sleep 60 + kubectl delete nodes -l karpenter.sh/registered=true + kubectl delete -n game-2048 ing game-2048 + kubectl delete -n argocd svc argocd-server + sleep 60 +fi + +terraform destroy -target="module.gitops_bridge_bootstrap" -auto-approve +terraform destroy -target="module.eks_blueprints_addons" -auto-approve +terraform destroy -target="module.eks" -auto-approve +terraform destroy -target="module.vpc" -auto-approve +terraform destroy -auto-approve + + + From 050367fd28d575df4f79d64c565b22009d8e7552 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Wed, 7 Aug 2024 17:52:03 -0400 Subject: [PATCH 84/90] update list of addons Signed-off-by: Carlos Santana --- .../gitops/charts/gitops-bridge/values.yaml | 360 +++++++++++++++++- .../stacks/k8s-v1.29/addons-default.yaml | 104 ++++- .../gitops/stacks/k8s-v1.29/addons-v1.0.yaml | 104 ++++- .../gitops/stacks/k8s-v1.29/addons-v1.1.yaml | 104 ++++- .../gitops/stacks/k8s-v1.29/addons-v1.2.yaml | 104 ++++- .../stacks/k8s-v1.30/addons-default.yaml | 104 ++++- .../gitops/stacks/k8s-v1.30/addons-v1.0.yaml | 104 ++++- .../gitops/stacks/k8s-v1.30/addons-v1.1.yaml | 104 ++++- .../gitops/stacks/k8s-v1.30/addons-v1.2.yaml | 105 ++++- 9 files changed, 1137 insertions(+), 56 deletions(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml index 6e252bb5..0a28ee72 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml @@ -70,7 +70,7 @@ addons: aws_load_balancer_controller: chart: aws-load-balancer-controller repoUrl: https://aws.github.io/eks-charts - targetRevision: "1.7.1" + targetRevision: "1.8.1" namespace: '.metadata.annotations.aws_load_balancer_controller_namespace' annotationsAppSet: argocd.argoproj.io/sync-wave: '-1' @@ -102,7 +102,7 @@ addons: namespace: gatekeeper-system chart: gatekeeper repoUrl: https://open-policy-agent.github.io/gatekeeper/charts - targetRevision: "3.15.0" + targetRevision: "3.16.3" selector: matchExpressions: - key: enable_gatekeeper @@ -122,7 +122,7 @@ addons: metrics_server: chart: metrics-server repoUrl: https://kubernetes-sigs.github.io/metrics-server - targetRevision: "3.12.0" + targetRevision: "3.12.1" selector: matchExpressions: - key: enable_metrics_server @@ -549,7 +549,7 @@ addons: name: '{{.metadata.annotations.external_secrets_service_account}}' annotations: eks.amazonaws.com/role-arn: '{{.metadata.annotations.external_secrets_iam_role_arn}}' - privateca_issuer: + aws_privateca_issuer: enabled: false releaseName: privateca-issuer namespace: '{{.metadata.annotations.aws_privateca_issuer_namespace}}' @@ -566,13 +566,13 @@ addons: name: '{{.metadata.annotations.aws_privateca_issuer_service_account}}' annotations: eks.amazonaws.com/role-arn: '{{.metadata.annotations.aws_privateca_issuer_iam_role_arn}}' - aws_velero: + velero: enabled: false releaseName: velero namespace: '{{.metadata.annotations.aws_velero_namespace}}' chart: velero repoUrl: https://vmware-tanzu.github.io/helm-charts - targetRevision: "2.17.0" + targetRevision: "7.1.4" selector: matchExpressions: - key: enable_velero @@ -610,9 +610,355 @@ addons: namespace: '{{default "kube-system" (index .metadata.annotations "aws_secrets_store_csi_driver_provider_namespace")}}' chart: secrets-store-csi-driver-provider-aws repoUrl: https://aws.github.io/secrets-store-csi-driver-provider-aws - targetRevision: "0.3.6" + targetRevision: "0.3.9" selector: matchExpressions: - key: enable_aws_secrets_store_csi_driver_provider operator: In values: ['true'] + argo_events: + enabled: false + releaseName: argo-events + namespace: '{{default "argo-events" (index .metadata.annotations "argo_events_namespace")}}' + chart: argo-events + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "2.4.7" + selector: + matchExpressions: + - key: enable_argo_events + operator: In + values: ['true'] + argo_rollouts: + enabled: false + releaseName: argo-rollouts + namespace: '{{default "argo-rollouts" (index .metadata.annotations "argo_rollouts_namespace")}}' + chart: argo-rollouts + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "2.37.3" + selector: + matchExpressions: + - key: enable_argo_rollouts + operator: In + values: ['true'] + argo_workflows: + enabled: false + releaseName: argo-workflows + namespace: '{{default "argo-workflows" (index .metadata.annotations "argo_workflows_namespace")}}' + chart: argo-workflows + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "0.41.14" + selector: + matchExpressions: + - key: enable_argo_workflows + operator: In + values: ['true'] + cluster_proportional_autoscaler: + enabled: false + releaseName: cluster-proportional-autoscaler + namespace: '{{default "kube-system" (index .metadata.annotations "cluster_proportional_autoscaler_namespace")}}' + chart: cluster-proportional-autoscaler + repoUrl: https://kubernetes-sigs.github.io/cluster-proportional-autoscaler + targetRevision: "1.1.0" + selector: + matchExpressions: + - key: enable_cluster_proportional_autoscaler + operator: In + values: ['true'] + crossplane: + enabled: false + releaseName: crossplane + namespace: '{{default "crossplane-system" (index .metadata.annotations "crossplane_namespace")}}' + chart: crossplane + repoUrl: https://crossplane.github.io/charts + targetRevision: "1.16.0" + selector: + matchExpressions: + - key: enable_crossplane + operator: In + values: ['true'] + ignoreDifferences: + - kind: Deployment + group: apps + jqPathExpressions: + - .spec.template.spec.containers[].env[].valueFrom.resourceFieldRef.divisor + - .spec.template.spec.initContainers[].env[].valueFrom.resourceFieldRef.divisor + crossplane_helm_provider: + enabled: false + releaseName: crossplane-helm + namespace: '{{default "crossplane-system" (index .metadata.annotations "crossplane_helm_namespace")}}' + chart: crossplane-helm + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.1.0" + selector: + matchExpressions: + - key: enable_crossplane_helm_provider + operator: In + values: ['true'] + crossplane_kubernetes_provider: + enabled: false + releaseName: crossplane-kubernetes + namespace: '{{default "crossplane-system" (index .metadata.annotations "crossplane_kubernetes_namespace")}}' + chart: crossplane-kubernetes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.2.0" + selector: + matchExpressions: + - key: enable_crossplane_kubernetes_provider + operator: In + values: ['true'] + gpu_operator: + enabled: false + releaseName: gpu-operator + namespace: '{{default "gpu-operator" (index .metadata.annotations "gpu_operator_namespace")}}' + chart: gpu-operator + repoUrl: https://nvidia.github.io/gpu-operator + targetRevision: "v24.6.0" + selector: + matchExpressions: + - key: enable_gpu_operator + operator: In + values: ['true'] + ingress_nginx: + enabled: false + releaseName: ingress-nginx + namespace: '{{default "ingress-nginx" (index .metadata.annotations "ingress_nginx_namespace")}}' + chart: ingress-nginx + repoUrl: https://kubernetes.github.io/ingress-nginx + targetRevision: "4.11.1" + selector: + matchExpressions: + - key: enable_ingress_nginx + operator: In + values: ['true'] + keda: + enabled: false + releaseName: keda + namespace: '{{default "keda" (index .metadata.annotations "keda_namespace")}}' + chart: keda + repoUrl: https://kedacore.github.io/charts + targetRevision: "2.15.0" + selector: + matchExpressions: + - key: enable_keda + operator: In + values: ['true'] + kube_prometheus_stack: + enabled: false + releaseName: kube-prometheus-stack + namespace: '{{default "kube-prometheus-stack" (index .metadata.annotations "kube_prometheus_stack_namespace")}}' + chart: kube-prometheus-stack + repoUrl: https://prometheus-community.github.io/helm-charts + targetRevision: "61.7.1" + selector: + matchExpressions: + - key: enable_kube_prometheus_stack + operator: In + values: ['true'] + kyverno: + enabled: false + releaseName: kyverno + namespace: '{{default "kyverno" (index .metadata.annotations "kyverno_namespace")}}' + chart: kyverno + repoUrl: https://kyverno.github.io/kyverno + targetRevision: "3.2.6" + selector: + matchExpressions: + - key: enable_kyverno + operator: In + values: ['true'] + prometheus_adapter: + enabled: false + releaseName: prometheus-adapter + namespace: '{{default "prometheus-adapter" (index .metadata.annotations "prometheus_adapter_namespace")}}' + chart: prometheus-adapter + repoUrl: https://prometheus-community.github.io/helm-charts + targetRevision: "4.10.0" + selector: + matchExpressions: + - key: enable_prometheus_adapter + operator: In + values: ['true'] + secrets_store_csi_driver: + enabled: false + releaseName: secrets-store-csi-driver + namespace: '{{default "kube-system" (index .metadata.annotations "secrets_store_csi_driver_namespace")}}' + chart: secrets-store-csi-driver + repoUrl: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts + targetRevision: "1.4.4" + selector: + matchExpressions: + - key: enable_secrets_store_csi_driver + operator: In + values: ['true'] + vpa: + enabled: false + releaseName: vpa + namespace: '{{default "vpa" (index .metadata.annotations "vpa_namespace")}}' + chart: vpa + repoUrl: https://charts.fairwinds.com/stable + targetRevision: "4.5.0" + selector: + matchExpressions: + - key: enable_vpa + operator: In + values: ['true'] + ack_apigatewayv2: + enabled: false + releaseName: ack-apigatewayv2 + namespace: '{{default "aws-controllers-k8s" (index .metadata.annotations "ack_apigatewayv2_namespace")}}' + chart: aws-controllers-k8s/apigatewayv2-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.15" + selector: + matchExpressions: + - key: enable_ack_apigatewayv2 + operator: In + values: ['true'] + values: + aws: + region: '{{.metadata.annotations.aws_region}}' + nameOverride: 'aws-controllers-k8s' + serviceAccount: + name: '{{.metadata.annotations.ack_apigatewayv2_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.ack_apigatewayv2_iam_role_arn}}' + ack_dynamodb: + enabled: false + releaseName: ack-dynamodb + namespace: '{{default "aws-controllers-k8s" (index .metadata.annotations "ack_dynamodb_namespace")}}' + chart: aws-controllers-k8s/dynamodb-chart + repoUrl: public.ecr.aws + targetRevision: "1.2.13" + selector: + matchExpressions: + - key: enable_ack_dynamodb + operator: In + values: ['true'] + values: + aws: + region: '{{.metadata.annotations.aws_region}}' + nameOverride: 'aws-controllers-k8s' + serviceAccount: + name: '{{.metadata.annotations.ack_dynamodb_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.ack_dynamodb_iam_role_arn}}' + ack_prometheusservice: + enabled: false + releaseName: ack-prometheusservice + namespace: '{{default "aws-controllers-k8s" (index .metadata.annotations "ack_prometheusservice_namespace")}}' + chart: aws-controllers-k8s/prometheusservice-chart + repoUrl: public.ecr.aws + targetRevision: "1.2.13" + selector: + matchExpressions: + - key: enable_ack_prometheusservice + operator: In + values: ['true'] + values: + aws: + region: '{{.metadata.annotations.aws_region}}' + nameOverride: 'aws-controllers-k8s' + serviceAccount: + name: '{{.metadata.annotations.ack_prometheusservice_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.ack_prometheusservice_iam_role_arn}}' + ack_emrcontainers: + enabled: false + releaseName: ack-emrcontainers + namespace: '{{default "aws-controllers-k8s" (index .metadata.annotations "ack_emrcontainers_namespace")}}' + chart: aws-controllers-k8s/emrcontainers-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.12" + selector: + matchExpressions: + - key: enable_ack_emrcontainers + operator: In + values: ['true'] + values: + aws: + region: '{{.metadata.annotations.aws_region}}' + nameOverride: 'aws-controllers-k8s' + serviceAccount: + name: '{{.metadata.annotations.ack_emrcontainers_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.ack_emrcontainers_iam_role_arn}}' + ack_eventbridge: + enabled: false + releaseName: ack-eventbridge + namespace: '{{default "aws-controllers-k8s" (index .metadata.annotations "ack_eventbridge_namespace")}}' + chart: aws-controllers-k8s/eventbridge-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.13" + selector: + matchExpressions: + - key: enable_ack_eventbridge + operator: In + values: ['true'] + values: + aws: + region: '{{.metadata.annotations.aws_region}}' + nameOverride: 'aws-controllers-k8s' + serviceAccount: + name: '{{.metadata.annotations.ack_eventbridge_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.ack_eventbridge_iam_role_arn}}' + ack_rds: + enabled: false + releaseName: ack-rds + namespace: '{{default "aws-controllers-k8s" (index .metadata.annotations "ack_rds_namespace")}}' + chart: aws-controllers-k8s/rds-chart + repoUrl: public.ecr.aws + targetRevision: "1.4.3" + selector: + matchExpressions: + - key: enable_ack_rds + operator: In + values: ['true'] + values: + aws: + region: '{{.metadata.annotations.aws_region}}' + nameOverride: 'aws-controllers-k8s' + serviceAccount: + name: '{{.metadata.annotations.ack_rds_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.ack_rds_iam_role_arn}}' + ack_s3: + enabled: false + releaseName: ack-s3 + namespace: '{{default "aws-controllers-k8s" (index .metadata.annotations "ack_s3_namespace")}}' + chart: aws-controllers-k8s/s3-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.14" + selector: + matchExpressions: + - key: enable_ack_s3 + operator: In + values: ['true'] + values: + aws: + region: '{{.metadata.annotations.aws_region}}' + nameOverride: 'aws-controllers-k8s' + serviceAccount: + name: '{{.metadata.annotations.ack_s3_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.ack_s3_iam_role_arn}}' + ack_sfn: + enabled: false + releaseName: ack-sfn + namespace: '{{default "aws-controllers-k8s" (index .metadata.annotations "ack_sfn_namespace")}}' + chart: aws-controllers-k8s/sfn-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.13" + selector: + matchExpressions: + - key: enable_ack_sfn + operator: In + values: ['true'] + values: + aws: + region: '{{.metadata.annotations.aws_region}}' + nameOverride: 'aws-controllers-k8s' + serviceAccount: + name: '{{.metadata.annotations.ack_sfn_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.ack_sfn_iam_role_arn}}' diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-default.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-default.yaml index 25a32552..e3079cb3 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-default.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-default.yaml @@ -4,19 +4,19 @@ addons: argocd: chart: argo-cd repoUrl: https://argoproj.github.io/argo-helm - targetRevision: "7.3.11" + targetRevision: "7.4.1" aws_load_balancer_controller: chart: aws-load-balancer-controller repoUrl: https://aws.github.io/eks-charts - targetRevision: "1.7.1" + targetRevision: "1.8.1" gatekeeper: chart: gatekeeper repoUrl: https://open-policy-agent.github.io/gatekeeper/charts - targetRevision: "3.15.0" + targetRevision: "3.16.3" metrics_server: chart: metrics-server repoUrl: https://kubernetes-sigs.github.io/metrics-server - targetRevision: "3.12.0" + targetRevision: "3.12.1" aws_ebs_csi_resources: chart: aws-ebs-csi-classes repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts @@ -100,8 +100,100 @@ addons: aws_velero: chart: velero repoUrl: https://vmware-tanzu.github.io/helm-charts - targetRevision: "2.17.0" + targetRevision: "7.1.4" aws_secrets_store_csi_driver_provider: chart: secrets-store-csi-driver-provider-aws repoUrl: https://aws.github.io/secrets-store-csi-driver-provider-aws - targetRevision: "0.3.6" + targetRevision: "0.3.9" + argo_events: + chart: argo-events + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "2.4.7" + argo_rollouts: + chart: argo-rollouts + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "2.37.3" + argo_workflows: + chart: argo-workflows + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "0.41.14" + cluster_proportional_autoscaler: + chart: cluster-proportional-autoscaler + repoUrl: https://kubernetes-sigs.github.io/cluster-proportional-autoscaler + targetRevision: "1.1.0" + crossplane: + chart: crossplane + repoUrl: https://crossplane.github.io/charts + targetRevision: "1.16.0" + crossplane_helm_provider: + chart: crossplane-helm + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.1.0" + crossplane_kubernetes_provider: + chart: crossplane-kubernetes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.2.0" + gpu_operator: + chart: gpu-operator + repoUrl: https://nvidia.github.io/gpu-operator + targetRevision: "v24.6.0" + ingress_nginx: + chart: ingress-nginx + repoUrl: https://kubernetes.github.io/ingress-nginx + targetRevision: "4.11.1" + keda: + chart: keda + repoUrl: https://kedacore.github.io/charts + targetRevision: "2.15.0" + kube_prometheus_stack: + chart: kube-prometheus-stack + repoUrl: https://prometheus-community.github.io/helm-charts + targetRevision: "61.7.1" + kyverno: + chart: kyverno + repoUrl: https://kyverno.github.io/kyverno + targetRevision: "3.2.6" + prometheus_adapter: + chart: prometheus-adapter + repoUrl: https://prometheus-community.github.io/helm-charts + targetRevision: "4.10.0" + secrets_store_csi_driver: + chart: secrets-store-csi-driver + repoUrl: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts + targetRevision: "1.4.4" + vpa: + chart: vpa + repoUrl: https://charts.fairwinds.com/stable + targetRevision: "4.5.0" + ack_apigatewayv2: + chart: aws-controllers-k8s/apigatewayv2-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.15" + ack_dynamodb: + chart: aws-controllers-k8s/dynamodb-chart + repoUrl: public.ecr.aws + targetRevision: "1.2.13" + ack_prometheusservice: + chart: aws-controllers-k8s/prometheusservice-chart + repoUrl: public.ecr.aws + targetRevision: "1.2.13" + ack_emrcontainers: + chart: aws-controllers-k8s/emrcontainers-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.12" + ack_eventbridge: + chart: aws-controllers-k8s/eventbridge-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.13" + ack_rds: + chart: aws-controllers-k8s/rds-chart + repoUrl: public.ecr.aws + targetRevision: "1.4.3" + ack_s3: + chart: aws-controllers-k8s/s3-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.14" + ack_sfn: + chart: aws-controllers-k8s/sfn-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.13" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.0.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.0.yaml index 7acd1331..34cf95c2 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.0.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.0.yaml @@ -4,19 +4,19 @@ addons: argocd: chart: argo-cd repoUrl: https://argoproj.github.io/argo-helm - targetRevision: "7.3.11" + targetRevision: "7.4.1" aws_load_balancer_controller: chart: aws-load-balancer-controller repoUrl: https://aws.github.io/eks-charts - targetRevision: "1.7.1" + targetRevision: "1.8.1" gatekeeper: chart: gatekeeper repoUrl: https://open-policy-agent.github.io/gatekeeper/charts - targetRevision: "3.15.0" + targetRevision: "3.16.3" metrics_server: chart: metrics-server repoUrl: https://kubernetes-sigs.github.io/metrics-server - targetRevision: "3.12.0" + targetRevision: "3.12.1" aws_ebs_csi_resources: chart: aws-ebs-csi-classes repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts @@ -100,8 +100,100 @@ addons: aws_velero: chart: velero repoUrl: https://vmware-tanzu.github.io/helm-charts - targetRevision: "2.17.0" + targetRevision: "7.1.4" aws_secrets_store_csi_driver_provider: chart: secrets-store-csi-driver-provider-aws repoUrl: https://aws.github.io/secrets-store-csi-driver-provider-aws - targetRevision: "0.3.6" + targetRevision: "0.3.9" + argo_events: + chart: argo-events + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "2.4.7" + argo_rollouts: + chart: argo-rollouts + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "2.37.3" + argo_workflows: + chart: argo-workflows + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "0.41.14" + cluster_proportional_autoscaler: + chart: cluster-proportional-autoscaler + repoUrl: https://kubernetes-sigs.github.io/cluster-proportional-autoscaler + targetRevision: "1.1.0" + crossplane: + chart: crossplane + repoUrl: https://crossplane.github.io/charts + targetRevision: "1.16.0" + crossplane_helm_provider: + chart: crossplane-helm + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.1.0" + crossplane_kubernetes_provider: + chart: crossplane-kubernetes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.2.0" + gpu_operator: + chart: gpu-operator + repoUrl: https://nvidia.github.io/gpu-operator + targetRevision: "v24.6.0" + ingress_nginx: + chart: ingress-nginx + repoUrl: https://kubernetes.github.io/ingress-nginx + targetRevision: "4.11.1" + keda: + chart: keda + repoUrl: https://kedacore.github.io/charts + targetRevision: "2.15.0" + kube_prometheus_stack: + chart: kube-prometheus-stack + repoUrl: https://prometheus-community.github.io/helm-charts + targetRevision: "61.7.1" + kyverno: + chart: kyverno + repoUrl: https://kyverno.github.io/kyverno + targetRevision: "3.2.6" + prometheus_adapter: + chart: prometheus-adapter + repoUrl: https://prometheus-community.github.io/helm-charts + targetRevision: "4.10.0" + secrets_store_csi_driver: + chart: secrets-store-csi-driver + repoUrl: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts + targetRevision: "1.4.4" + vpa: + chart: vpa + repoUrl: https://charts.fairwinds.com/stable + targetRevision: "4.5.0" + ack_apigatewayv2: + chart: aws-controllers-k8s/apigatewayv2-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.15" + ack_dynamodb: + chart: aws-controllers-k8s/dynamodb-chart + repoUrl: public.ecr.aws + targetRevision: "1.2.13" + ack_prometheusservice: + chart: aws-controllers-k8s/prometheusservice-chart + repoUrl: public.ecr.aws + targetRevision: "1.2.13" + ack_emrcontainers: + chart: aws-controllers-k8s/emrcontainers-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.12" + ack_eventbridge: + chart: aws-controllers-k8s/eventbridge-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.13" + ack_rds: + chart: aws-controllers-k8s/rds-chart + repoUrl: public.ecr.aws + targetRevision: "1.4.3" + ack_s3: + chart: aws-controllers-k8s/s3-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.14" + ack_sfn: + chart: aws-controllers-k8s/sfn-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.13" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.1.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.1.yaml index 902be28d..6caa1beb 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.1.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.1.yaml @@ -4,19 +4,19 @@ addons: argocd: chart: argo-cd repoUrl: https://argoproj.github.io/argo-helm - targetRevision: "7.3.11" + targetRevision: "7.4.1" aws_load_balancer_controller: chart: aws-load-balancer-controller repoUrl: https://aws.github.io/eks-charts - targetRevision: "1.7.1" + targetRevision: "1.8.1" gatekeeper: chart: gatekeeper repoUrl: https://open-policy-agent.github.io/gatekeeper/charts - targetRevision: "3.15.0" + targetRevision: "3.16.3" metrics_server: chart: metrics-server repoUrl: https://kubernetes-sigs.github.io/metrics-server - targetRevision: "3.12.0" + targetRevision: "3.12.1" aws_ebs_csi_resources: chart: aws-ebs-csi-classes repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts @@ -100,8 +100,100 @@ addons: aws_velero: chart: velero repoUrl: https://vmware-tanzu.github.io/helm-charts - targetRevision: "2.17.0" + targetRevision: "7.1.4" aws_secrets_store_csi_driver_provider: chart: secrets-store-csi-driver-provider-aws repoUrl: https://aws.github.io/secrets-store-csi-driver-provider-aws - targetRevision: "0.3.6" + targetRevision: "0.3.9" + argo_events: + chart: argo-events + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "2.4.7" + argo_rollouts: + chart: argo-rollouts + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "2.37.3" + argo_workflows: + chart: argo-workflows + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "0.41.14" + cluster_proportional_autoscaler: + chart: cluster-proportional-autoscaler + repoUrl: https://kubernetes-sigs.github.io/cluster-proportional-autoscaler + targetRevision: "1.1.0" + crossplane: + chart: crossplane + repoUrl: https://crossplane.github.io/charts + targetRevision: "1.16.0" + crossplane_helm_provider: + chart: crossplane-helm + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.1.0" + crossplane_kubernetes_provider: + chart: crossplane-kubernetes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.2.0" + gpu_operator: + chart: gpu-operator + repoUrl: https://nvidia.github.io/gpu-operator + targetRevision: "v24.6.0" + ingress_nginx: + chart: ingress-nginx + repoUrl: https://kubernetes.github.io/ingress-nginx + targetRevision: "4.11.1" + keda: + chart: keda + repoUrl: https://kedacore.github.io/charts + targetRevision: "2.15.0" + kube_prometheus_stack: + chart: kube-prometheus-stack + repoUrl: https://prometheus-community.github.io/helm-charts + targetRevision: "61.7.1" + kyverno: + chart: kyverno + repoUrl: https://kyverno.github.io/kyverno + targetRevision: "3.2.6" + prometheus_adapter: + chart: prometheus-adapter + repoUrl: https://prometheus-community.github.io/helm-charts + targetRevision: "4.10.0" + secrets_store_csi_driver: + chart: secrets-store-csi-driver + repoUrl: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts + targetRevision: "1.4.4" + vpa: + chart: vpa + repoUrl: https://charts.fairwinds.com/stable + targetRevision: "4.5.0" + ack_apigatewayv2: + chart: aws-controllers-k8s/apigatewayv2-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.15" + ack_dynamodb: + chart: aws-controllers-k8s/dynamodb-chart + repoUrl: public.ecr.aws + targetRevision: "1.2.13" + ack_prometheusservice: + chart: aws-controllers-k8s/prometheusservice-chart + repoUrl: public.ecr.aws + targetRevision: "1.2.13" + ack_emrcontainers: + chart: aws-controllers-k8s/emrcontainers-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.12" + ack_eventbridge: + chart: aws-controllers-k8s/eventbridge-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.13" + ack_rds: + chart: aws-controllers-k8s/rds-chart + repoUrl: public.ecr.aws + targetRevision: "1.4.3" + ack_s3: + chart: aws-controllers-k8s/s3-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.14" + ack_sfn: + chart: aws-controllers-k8s/sfn-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.13" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.2.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.2.yaml index 94972268..ff7e5f98 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.2.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.2.yaml @@ -4,19 +4,19 @@ addons: argocd: chart: argo-cd repoUrl: https://argoproj.github.io/argo-helm - targetRevision: "7.3.11" + targetRevision: "7.4.1" aws_load_balancer_controller: chart: aws-load-balancer-controller repoUrl: https://aws.github.io/eks-charts - targetRevision: "1.7.1" + targetRevision: "1.8.1" gatekeeper: chart: gatekeeper repoUrl: https://open-policy-agent.github.io/gatekeeper/charts - targetRevision: "3.15.0" + targetRevision: "3.16.3" metrics_server: chart: metrics-server repoUrl: https://kubernetes-sigs.github.io/metrics-server - targetRevision: "3.12.0" + targetRevision: "3.12.1" aws_ebs_csi_resources: chart: aws-ebs-csi-classes repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts @@ -100,8 +100,100 @@ addons: aws_velero: chart: velero repoUrl: https://vmware-tanzu.github.io/helm-charts - targetRevision: "2.17.0" + targetRevision: "7.1.4" aws_secrets_store_csi_driver_provider: chart: secrets-store-csi-driver-provider-aws repoUrl: https://aws.github.io/secrets-store-csi-driver-provider-aws - targetRevision: "0.3.6" + targetRevision: "0.3.9" + argo_events: + chart: argo-events + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "2.4.7" + argo_rollouts: + chart: argo-rollouts + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "2.37.3" + argo_workflows: + chart: argo-workflows + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "0.41.14" + cluster_proportional_autoscaler: + chart: cluster-proportional-autoscaler + repoUrl: https://kubernetes-sigs.github.io/cluster-proportional-autoscaler + targetRevision: "1.1.0" + crossplane: + chart: crossplane + repoUrl: https://crossplane.github.io/charts + targetRevision: "1.16.0" + crossplane_helm_provider: + chart: crossplane-helm + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.1.0" + crossplane_kubernetes_provider: + chart: crossplane-kubernetes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.2.0" + gpu_operator: + chart: gpu-operator + repoUrl: https://nvidia.github.io/gpu-operator + targetRevision: "v24.6.0" + ingress_nginx: + chart: ingress-nginx + repoUrl: https://kubernetes.github.io/ingress-nginx + targetRevision: "4.11.1" + keda: + chart: keda + repoUrl: https://kedacore.github.io/charts + targetRevision: "2.15.0" + kube_prometheus_stack: + chart: kube-prometheus-stack + repoUrl: https://prometheus-community.github.io/helm-charts + targetRevision: "61.7.1" + kyverno: + chart: kyverno + repoUrl: https://kyverno.github.io/kyverno + targetRevision: "3.2.6" + prometheus_adapter: + chart: prometheus-adapter + repoUrl: https://prometheus-community.github.io/helm-charts + targetRevision: "4.10.0" + secrets_store_csi_driver: + chart: secrets-store-csi-driver + repoUrl: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts + targetRevision: "1.4.4" + vpa: + chart: vpa + repoUrl: https://charts.fairwinds.com/stable + targetRevision: "4.5.0" + ack_apigatewayv2: + chart: aws-controllers-k8s/apigatewayv2-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.15" + ack_dynamodb: + chart: aws-controllers-k8s/dynamodb-chart + repoUrl: public.ecr.aws + targetRevision: "1.2.13" + ack_prometheusservice: + chart: aws-controllers-k8s/prometheusservice-chart + repoUrl: public.ecr.aws + targetRevision: "1.2.13" + ack_emrcontainers: + chart: aws-controllers-k8s/emrcontainers-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.12" + ack_eventbridge: + chart: aws-controllers-k8s/eventbridge-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.13" + ack_rds: + chart: aws-controllers-k8s/rds-chart + repoUrl: public.ecr.aws + targetRevision: "1.4.3" + ack_s3: + chart: aws-controllers-k8s/s3-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.14" + ack_sfn: + chart: aws-controllers-k8s/sfn-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.13" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-default.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-default.yaml index 172b3135..049cc89d 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-default.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-default.yaml @@ -4,19 +4,19 @@ addons: argocd: chart: argo-cd repoUrl: https://argoproj.github.io/argo-helm - targetRevision: "7.3.11" + targetRevision: "7.4.1" aws_load_balancer_controller: chart: aws-load-balancer-controller repoUrl: https://aws.github.io/eks-charts - targetRevision: "1.7.1" + targetRevision: "1.8.1" gatekeeper: chart: gatekeeper repoUrl: https://open-policy-agent.github.io/gatekeeper/charts - targetRevision: "3.15.0" + targetRevision: "3.16.3" metrics_server: chart: metrics-server repoUrl: https://kubernetes-sigs.github.io/metrics-server - targetRevision: "3.12.0" + targetRevision: "3.12.1" aws_ebs_csi_resources: chart: aws-ebs-csi-classes repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts @@ -100,8 +100,100 @@ addons: aws_velero: chart: velero repoUrl: https://vmware-tanzu.github.io/helm-charts - targetRevision: "2.17.0" + targetRevision: "7.1.4" aws_secrets_store_csi_driver_provider: chart: secrets-store-csi-driver-provider-aws repoUrl: https://aws.github.io/secrets-store-csi-driver-provider-aws - targetRevision: "0.3.6" + targetRevision: "0.3.9" + argo_events: + chart: argo-events + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "2.4.7" + argo_rollouts: + chart: argo-rollouts + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "2.37.3" + argo_workflows: + chart: argo-workflows + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "0.41.14" + cluster_proportional_autoscaler: + chart: cluster-proportional-autoscaler + repoUrl: https://kubernetes-sigs.github.io/cluster-proportional-autoscaler + targetRevision: "1.1.0" + crossplane: + chart: crossplane + repoUrl: https://crossplane.github.io/charts + targetRevision: "1.16.0" + crossplane_helm_provider: + chart: crossplane-helm + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.1.0" + crossplane_kubernetes_provider: + chart: crossplane-kubernetes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.2.0" + gpu_operator: + chart: gpu-operator + repoUrl: https://nvidia.github.io/gpu-operator + targetRevision: "v24.6.0" + ingress_nginx: + chart: ingress-nginx + repoUrl: https://kubernetes.github.io/ingress-nginx + targetRevision: "4.11.1" + keda: + chart: keda + repoUrl: https://kedacore.github.io/charts + targetRevision: "2.15.0" + kube_prometheus_stack: + chart: kube-prometheus-stack + repoUrl: https://prometheus-community.github.io/helm-charts + targetRevision: "61.7.1" + kyverno: + chart: kyverno + repoUrl: https://kyverno.github.io/kyverno + targetRevision: "3.2.6" + prometheus_adapter: + chart: prometheus-adapter + repoUrl: https://prometheus-community.github.io/helm-charts + targetRevision: "4.10.0" + secrets_store_csi_driver: + chart: secrets-store-csi-driver + repoUrl: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts + targetRevision: "1.4.4" + vpa: + chart: vpa + repoUrl: https://charts.fairwinds.com/stable + targetRevision: "4.5.0" + ack_apigatewayv2: + chart: aws-controllers-k8s/apigatewayv2-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.15" + ack_dynamodb: + chart: aws-controllers-k8s/dynamodb-chart + repoUrl: public.ecr.aws + targetRevision: "1.2.13" + ack_prometheusservice: + chart: aws-controllers-k8s/prometheusservice-chart + repoUrl: public.ecr.aws + targetRevision: "1.2.13" + ack_emrcontainers: + chart: aws-controllers-k8s/emrcontainers-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.12" + ack_eventbridge: + chart: aws-controllers-k8s/eventbridge-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.13" + ack_rds: + chart: aws-controllers-k8s/rds-chart + repoUrl: public.ecr.aws + targetRevision: "1.4.3" + ack_s3: + chart: aws-controllers-k8s/s3-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.14" + ack_sfn: + chart: aws-controllers-k8s/sfn-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.13" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.0.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.0.yaml index d9b9f0ed..4cdd0b28 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.0.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.0.yaml @@ -4,19 +4,19 @@ addons: argocd: chart: argo-cd repoUrl: https://argoproj.github.io/argo-helm - targetRevision: "7.3.11" + targetRevision: "7.4.1" aws_load_balancer_controller: chart: aws-load-balancer-controller repoUrl: https://aws.github.io/eks-charts - targetRevision: "1.7.1" + targetRevision: "1.8.1" gatekeeper: chart: gatekeeper repoUrl: https://open-policy-agent.github.io/gatekeeper/charts - targetRevision: "3.15.0" + targetRevision: "3.16.3" metrics_server: chart: metrics-server repoUrl: https://kubernetes-sigs.github.io/metrics-server - targetRevision: "3.12.0" + targetRevision: "3.12.1" aws_ebs_csi_resources: chart: aws-ebs-csi-classes repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts @@ -100,8 +100,100 @@ addons: aws_velero: chart: velero repoUrl: https://vmware-tanzu.github.io/helm-charts - targetRevision: "2.17.0" + targetRevision: "7.1.4" aws_secrets_store_csi_driver_provider: chart: secrets-store-csi-driver-provider-aws repoUrl: https://aws.github.io/secrets-store-csi-driver-provider-aws - targetRevision: "0.3.6" + targetRevision: "0.3.9" + argo_events: + chart: argo-events + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "2.4.7" + argo_rollouts: + chart: argo-rollouts + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "2.37.3" + argo_workflows: + chart: argo-workflows + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "0.41.14" + cluster_proportional_autoscaler: + chart: cluster-proportional-autoscaler + repoUrl: https://kubernetes-sigs.github.io/cluster-proportional-autoscaler + targetRevision: "1.1.0" + crossplane: + chart: crossplane + repoUrl: https://crossplane.github.io/charts + targetRevision: "1.16.0" + crossplane_helm_provider: + chart: crossplane-helm + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.1.0" + crossplane_kubernetes_provider: + chart: crossplane-kubernetes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.2.0" + gpu_operator: + chart: gpu-operator + repoUrl: https://nvidia.github.io/gpu-operator + targetRevision: "v24.6.0" + ingress_nginx: + chart: ingress-nginx + repoUrl: https://kubernetes.github.io/ingress-nginx + targetRevision: "4.11.1" + keda: + chart: keda + repoUrl: https://kedacore.github.io/charts + targetRevision: "2.15.0" + kube_prometheus_stack: + chart: kube-prometheus-stack + repoUrl: https://prometheus-community.github.io/helm-charts + targetRevision: "61.7.1" + kyverno: + chart: kyverno + repoUrl: https://kyverno.github.io/kyverno + targetRevision: "3.2.6" + prometheus_adapter: + chart: prometheus-adapter + repoUrl: https://prometheus-community.github.io/helm-charts + targetRevision: "4.10.0" + secrets_store_csi_driver: + chart: secrets-store-csi-driver + repoUrl: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts + targetRevision: "1.4.4" + vpa: + chart: vpa + repoUrl: https://charts.fairwinds.com/stable + targetRevision: "4.5.0" + ack_apigatewayv2: + chart: aws-controllers-k8s/apigatewayv2-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.15" + ack_dynamodb: + chart: aws-controllers-k8s/dynamodb-chart + repoUrl: public.ecr.aws + targetRevision: "1.2.13" + ack_prometheusservice: + chart: aws-controllers-k8s/prometheusservice-chart + repoUrl: public.ecr.aws + targetRevision: "1.2.13" + ack_emrcontainers: + chart: aws-controllers-k8s/emrcontainers-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.12" + ack_eventbridge: + chart: aws-controllers-k8s/eventbridge-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.13" + ack_rds: + chart: aws-controllers-k8s/rds-chart + repoUrl: public.ecr.aws + targetRevision: "1.4.3" + ack_s3: + chart: aws-controllers-k8s/s3-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.14" + ack_sfn: + chart: aws-controllers-k8s/sfn-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.13" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.1.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.1.yaml index e13e7baf..2d9aae6a 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.1.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.1.yaml @@ -4,19 +4,19 @@ addons: argocd: chart: argo-cd repoUrl: https://argoproj.github.io/argo-helm - targetRevision: "7.3.11" + targetRevision: "7.4.1" aws_load_balancer_controller: chart: aws-load-balancer-controller repoUrl: https://aws.github.io/eks-charts - targetRevision: "1.7.1" + targetRevision: "1.8.1" gatekeeper: chart: gatekeeper repoUrl: https://open-policy-agent.github.io/gatekeeper/charts - targetRevision: "3.15.0" + targetRevision: "3.16.3" metrics_server: chart: metrics-server repoUrl: https://kubernetes-sigs.github.io/metrics-server - targetRevision: "3.12.0" + targetRevision: "3.12.1" aws_ebs_csi_resources: chart: aws-ebs-csi-classes repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts @@ -100,8 +100,100 @@ addons: aws_velero: chart: velero repoUrl: https://vmware-tanzu.github.io/helm-charts - targetRevision: "2.17.0" + targetRevision: "7.1.4" aws_secrets_store_csi_driver_provider: chart: secrets-store-csi-driver-provider-aws repoUrl: https://aws.github.io/secrets-store-csi-driver-provider-aws - targetRevision: "0.3.6" + targetRevision: "0.3.9" + argo_events: + chart: argo-events + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "2.4.7" + argo_rollouts: + chart: argo-rollouts + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "2.37.3" + argo_workflows: + chart: argo-workflows + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "0.41.14" + cluster_proportional_autoscaler: + chart: cluster-proportional-autoscaler + repoUrl: https://kubernetes-sigs.github.io/cluster-proportional-autoscaler + targetRevision: "1.1.0" + crossplane: + chart: crossplane + repoUrl: https://crossplane.github.io/charts + targetRevision: "1.16.0" + crossplane_helm_provider: + chart: crossplane-helm + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.1.0" + crossplane_kubernetes_provider: + chart: crossplane-kubernetes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.2.0" + gpu_operator: + chart: gpu-operator + repoUrl: https://nvidia.github.io/gpu-operator + targetRevision: "v24.6.0" + ingress_nginx: + chart: ingress-nginx + repoUrl: https://kubernetes.github.io/ingress-nginx + targetRevision: "4.11.1" + keda: + chart: keda + repoUrl: https://kedacore.github.io/charts + targetRevision: "2.15.0" + kube_prometheus_stack: + chart: kube-prometheus-stack + repoUrl: https://prometheus-community.github.io/helm-charts + targetRevision: "61.7.1" + kyverno: + chart: kyverno + repoUrl: https://kyverno.github.io/kyverno + targetRevision: "3.2.6" + prometheus_adapter: + chart: prometheus-adapter + repoUrl: https://prometheus-community.github.io/helm-charts + targetRevision: "4.10.0" + secrets_store_csi_driver: + chart: secrets-store-csi-driver + repoUrl: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts + targetRevision: "1.4.4" + vpa: + chart: vpa + repoUrl: https://charts.fairwinds.com/stable + targetRevision: "4.5.0" + ack_apigatewayv2: + chart: aws-controllers-k8s/apigatewayv2-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.15" + ack_dynamodb: + chart: aws-controllers-k8s/dynamodb-chart + repoUrl: public.ecr.aws + targetRevision: "1.2.13" + ack_prometheusservice: + chart: aws-controllers-k8s/prometheusservice-chart + repoUrl: public.ecr.aws + targetRevision: "1.2.13" + ack_emrcontainers: + chart: aws-controllers-k8s/emrcontainers-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.12" + ack_eventbridge: + chart: aws-controllers-k8s/eventbridge-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.13" + ack_rds: + chart: aws-controllers-k8s/rds-chart + repoUrl: public.ecr.aws + targetRevision: "1.4.3" + ack_s3: + chart: aws-controllers-k8s/s3-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.14" + ack_sfn: + chart: aws-controllers-k8s/sfn-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.13" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.2.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.2.yaml index 19e207fa..8760c9ba 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.2.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.2.yaml @@ -4,19 +4,19 @@ addons: argocd: chart: argo-cd repoUrl: https://argoproj.github.io/argo-helm - targetRevision: "7.3.11" + targetRevision: "7.4.1" aws_load_balancer_controller: chart: aws-load-balancer-controller repoUrl: https://aws.github.io/eks-charts - targetRevision: "1.7.1" + targetRevision: "1.8.1" gatekeeper: chart: gatekeeper repoUrl: https://open-policy-agent.github.io/gatekeeper/charts - targetRevision: "3.15.0" + targetRevision: "3.16.3" metrics_server: chart: metrics-server repoUrl: https://kubernetes-sigs.github.io/metrics-server - targetRevision: "3.12.0" + targetRevision: "3.12.1" aws_ebs_csi_resources: chart: aws-ebs-csi-classes repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts @@ -100,9 +100,100 @@ addons: aws_velero: chart: velero repoUrl: https://vmware-tanzu.github.io/helm-charts - targetRevision: "2.17.0" + targetRevision: "7.1.4" aws_secrets_store_csi_driver_provider: chart: secrets-store-csi-driver-provider-aws repoUrl: https://aws.github.io/secrets-store-csi-driver-provider-aws - targetRevision: "0.3.6" - + targetRevision: "0.3.9" + argo_events: + chart: argo-events + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "2.4.7" + argo_rollouts: + chart: argo-rollouts + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "2.37.3" + argo_workflows: + chart: argo-workflows + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "0.41.14" + cluster_proportional_autoscaler: + chart: cluster-proportional-autoscaler + repoUrl: https://kubernetes-sigs.github.io/cluster-proportional-autoscaler + targetRevision: "1.1.0" + crossplane: + chart: crossplane + repoUrl: https://crossplane.github.io/charts + targetRevision: "1.16.0" + crossplane_helm_provider: + chart: crossplane-helm + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.1.0" + crossplane_kubernetes_provider: + chart: crossplane-kubernetes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.2.0" + gpu_operator: + chart: gpu-operator + repoUrl: https://nvidia.github.io/gpu-operator + targetRevision: "v24.6.0" + ingress_nginx: + chart: ingress-nginx + repoUrl: https://kubernetes.github.io/ingress-nginx + targetRevision: "4.11.1" + keda: + chart: keda + repoUrl: https://kedacore.github.io/charts + targetRevision: "2.15.0" + kube_prometheus_stack: + chart: kube-prometheus-stack + repoUrl: https://prometheus-community.github.io/helm-charts + targetRevision: "61.7.1" + kyverno: + chart: kyverno + repoUrl: https://kyverno.github.io/kyverno + targetRevision: "3.2.6" + prometheus_adapter: + chart: prometheus-adapter + repoUrl: https://prometheus-community.github.io/helm-charts + targetRevision: "4.10.0" + secrets_store_csi_driver: + chart: secrets-store-csi-driver + repoUrl: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts + targetRevision: "1.4.4" + vpa: + chart: vpa + repoUrl: https://charts.fairwinds.com/stable + targetRevision: "4.5.0" + ack_apigatewayv2: + chart: aws-controllers-k8s/apigatewayv2-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.15" + ack_dynamodb: + chart: aws-controllers-k8s/dynamodb-chart + repoUrl: public.ecr.aws + targetRevision: "1.2.13" + ack_prometheusservice: + chart: aws-controllers-k8s/prometheusservice-chart + repoUrl: public.ecr.aws + targetRevision: "1.2.13" + ack_emrcontainers: + chart: aws-controllers-k8s/emrcontainers-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.12" + ack_eventbridge: + chart: aws-controllers-k8s/eventbridge-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.13" + ack_rds: + chart: aws-controllers-k8s/rds-chart + repoUrl: public.ecr.aws + targetRevision: "1.4.3" + ack_s3: + chart: aws-controllers-k8s/s3-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.14" + ack_sfn: + chart: aws-controllers-k8s/sfn-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.13" From 69842e90344be4831a84cad18453775f0632b9c8 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Wed, 7 Aug 2024 20:39:51 -0400 Subject: [PATCH 85/90] add monitoring Signed-off-by: Carlos Santana --- .../gitops/charts/gitops-bridge/values.yaml | 6 +++--- .../gitops/stacks/k8s-v1.29/addons-default.yaml | 2 +- .../gitops/stacks/k8s-v1.29/addons-v1.0.yaml | 2 +- .../gitops/stacks/k8s-v1.29/addons-v1.1.yaml | 2 +- .../gitops/stacks/k8s-v1.29/addons-v1.2.yaml | 2 +- .../terraform/examples/eks/single-cluster-v2/variables.tf | 5 ++++- 6 files changed, 11 insertions(+), 8 deletions(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml index 0a28ee72..5fed6200 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml @@ -251,16 +251,16 @@ addons: name: '{{.metadata.annotations.aws_fsx_csi_driver_node_service_account}}' annotations: eks.amazonaws.com/role-arn: '{{.metadata.annotations.aws_fsx_csi_driver_iam_role_arn}}' - aws_for_fluent_bit: + aws_for_fluentbit: enabled: false - releaseName: aws-for-fluent-bit + releaseName: aws-for-fluentbit namespace: '{{.metadata.annotations.aws_for_fluent_bit_namespace}}' chart: aws-for-fluent-bit repoUrl: https://aws.github.io/eks-charts targetRevision: "0.1.34" selector: matchExpressions: - - key: enable_aws_for_fluent_bit + - key: enable_aws_for_fluentbit operator: In values: ['true'] values: diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-default.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-default.yaml index e3079cb3..867f8810 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-default.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-default.yaml @@ -41,7 +41,7 @@ addons: chart: aws-fsx-csi-driver repoUrl: https://kubernetes-sigs.github.io/aws-fsx-csi-driver targetRevision: "1.9.0" - aws_for_fluent_bit: + aws_for_fluentbit: chart: aws-for-fluent-bit repoUrl: https://aws.github.io/eks-charts targetRevision: "0.1.34" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.0.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.0.yaml index 34cf95c2..ac73d6ca 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.0.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.0.yaml @@ -41,7 +41,7 @@ addons: chart: aws-fsx-csi-driver repoUrl: https://kubernetes-sigs.github.io/aws-fsx-csi-driver targetRevision: "1.9.0" - aws_for_fluent_bit: + aws_for_fluentbit: chart: aws-for-fluent-bit repoUrl: https://aws.github.io/eks-charts targetRevision: "0.1.34" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.1.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.1.yaml index 6caa1beb..6dd7351d 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.1.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.1.yaml @@ -41,7 +41,7 @@ addons: chart: aws-fsx-csi-driver repoUrl: https://kubernetes-sigs.github.io/aws-fsx-csi-driver targetRevision: "1.9.0" - aws_for_fluent_bit: + aws_for_fluentbit: chart: aws-for-fluent-bit repoUrl: https://aws.github.io/eks-charts targetRevision: "0.1.34" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.2.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.2.yaml index ff7e5f98..d7b955f2 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.2.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.2.yaml @@ -41,7 +41,7 @@ addons: chart: aws-fsx-csi-driver repoUrl: https://kubernetes-sigs.github.io/aws-fsx-csi-driver targetRevision: "1.9.0" - aws_for_fluent_bit: + aws_for_fluentbit: chart: aws-for-fluent-bit repoUrl: https://aws.github.io/eks-charts targetRevision: "0.1.34" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/variables.tf b/argocd/iac/terraform/examples/eks/single-cluster-v2/variables.tf index b22cf212..b368a156 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/variables.tf +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/variables.tf @@ -32,8 +32,11 @@ variable "addons" { enable_aws_ebs_csi_resources = true # generate gp2 and gp3 storage classes for ebs-csi enable_metrics_server = true enable_gatekeeper = true - enable_karpenter = true + enable_karpenter = true enable_argocd = true + enable_kyverno = true + enable_aws_cloudwatch_metrics = true + enable_aws_for_fluentbit = true } } # Addons Git From feff3c9b101c5e958edadae4e613b0ea7d979cbc Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Wed, 7 Aug 2024 20:47:09 -0400 Subject: [PATCH 86/90] fix namespace Signed-off-by: Carlos Santana --- .../gitops/charts/gitops-bridge/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml index 5fed6200..cc881025 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml @@ -190,7 +190,7 @@ addons: aws_cloudwatch_metrics: enabled: false releaseName: aws-cloudwatch-metrics - namespace: '.metadata.annotations.enable_aws_cloudwatch_metrics' + namespace: '.metadata.annotations.aws_cloudwatch_metrics_namespace' chart: aws-cloudwatch-metrics repoUrl: https://aws.github.io/eks-charts targetRevision: "0.0.11" @@ -254,7 +254,7 @@ addons: aws_for_fluentbit: enabled: false releaseName: aws-for-fluentbit - namespace: '{{.metadata.annotations.aws_for_fluent_bit_namespace}}' + namespace: '{{.metadata.annotations.aws_for_fluentbit_namespace}}' chart: aws-for-fluent-bit repoUrl: https://aws.github.io/eks-charts targetRevision: "0.1.34" @@ -569,7 +569,7 @@ addons: velero: enabled: false releaseName: velero - namespace: '{{.metadata.annotations.aws_velero_namespace}}' + namespace: '{{.metadata.annotations.velero_namespace}}' chart: velero repoUrl: https://vmware-tanzu.github.io/helm-charts targetRevision: "7.1.4" From 885445fb35b5d4be66eafe3a465f2fb82b371ce9 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Wed, 7 Aug 2024 20:49:20 -0400 Subject: [PATCH 87/90] fix fluentbit Signed-off-by: Carlos Santana --- .../gitops/stacks/k8s-v1.30/addons-default.yaml | 2 +- .../single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.0.yaml | 2 +- .../single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.1.yaml | 2 +- .../single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.2.yaml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-default.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-default.yaml index 049cc89d..71128892 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-default.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-default.yaml @@ -41,7 +41,7 @@ addons: chart: aws-fsx-csi-driver repoUrl: https://kubernetes-sigs.github.io/aws-fsx-csi-driver targetRevision: "1.9.0" - aws_for_fluent_bit: + aws_for_fluentbit: chart: aws-for-fluent-bit repoUrl: https://aws.github.io/eks-charts targetRevision: "0.1.34" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.0.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.0.yaml index 4cdd0b28..07b7f3a7 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.0.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.0.yaml @@ -41,7 +41,7 @@ addons: chart: aws-fsx-csi-driver repoUrl: https://kubernetes-sigs.github.io/aws-fsx-csi-driver targetRevision: "1.9.0" - aws_for_fluent_bit: + aws_for_fluentbit: chart: aws-for-fluent-bit repoUrl: https://aws.github.io/eks-charts targetRevision: "0.1.34" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.1.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.1.yaml index 2d9aae6a..55666c37 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.1.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.1.yaml @@ -41,7 +41,7 @@ addons: chart: aws-fsx-csi-driver repoUrl: https://kubernetes-sigs.github.io/aws-fsx-csi-driver targetRevision: "1.9.0" - aws_for_fluent_bit: + aws_for_fluentbit: chart: aws-for-fluent-bit repoUrl: https://aws.github.io/eks-charts targetRevision: "0.1.34" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.2.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.2.yaml index 8760c9ba..058967f6 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.2.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.2.yaml @@ -41,7 +41,7 @@ addons: chart: aws-fsx-csi-driver repoUrl: https://kubernetes-sigs.github.io/aws-fsx-csi-driver targetRevision: "1.9.0" - aws_for_fluent_bit: + aws_for_fluentbit: chart: aws-for-fluent-bit repoUrl: https://aws.github.io/eks-charts targetRevision: "0.1.34" From 0f436e8fa8e10f510c0eb77fee4462304edda216 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Wed, 7 Aug 2024 21:06:32 -0400 Subject: [PATCH 88/90] update fluent Signed-off-by: Carlos Santana --- .../single-cluster-v2/gitops/charts/gitops-bridge/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml index cc881025..49c44aa5 100644 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml @@ -268,8 +268,8 @@ addons: enabled: true region: '{{.metadata.annotations.aws_region}}' logGroupName: '{{.metadata.annotations.aws_for_fluentbit_log_group_name}}' - logGroupTemplate: '{{.metadata.annotations.aws_for_fluentbit_log_group_name}}/workload/$kubernetes["namespace_name"]' - logStreamTemplate: '$kubernetes["pod_name"].$kubernetes["container_name"]' + logGroupTemplate: "{{.metadata.annotations.aws_for_fluentbit_log_group_name}}/workload/$kubernetes['namespace_name']" + logStreamTemplate: "$kubernetes['pod_name'].$kubernetes['container_name']" logRetentionDays: 90 serviceAccount: name: '{{.metadata.annotations.aws_for_fluentbit_service_account}}' From f81e96bdaf236b849fb82302ba6fa75c221f5899 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Wed, 7 Aug 2024 22:31:51 -0400 Subject: [PATCH 89/90] add tolerations Signed-off-by: Carlos Santana --- .../gitops/default/addons/aws-cloudwatch-metrics/values.yaml | 3 +++ .../gitops/default/addons/aws-for-fluentbit/values.yaml | 3 +++ 2 files changed, 6 insertions(+) create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/aws-cloudwatch-metrics/values.yaml create mode 100644 argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/aws-for-fluentbit/values.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/aws-cloudwatch-metrics/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/aws-cloudwatch-metrics/values.yaml new file mode 100644 index 00000000..507271f8 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/aws-cloudwatch-metrics/values.yaml @@ -0,0 +1,3 @@ +tolerations: +- key: "CriticalAddonsOnly" + operator: "Exists" \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/aws-for-fluentbit/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/aws-for-fluentbit/values.yaml new file mode 100644 index 00000000..dd388d7d --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/aws-for-fluentbit/values.yaml @@ -0,0 +1,3 @@ +tolerations: +- key: "CriticalAddonsOnly" + operator: "Exists" From f686cd74e77915b44e9be4332b26638349253767 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Thu, 8 Aug 2024 13:56:24 -0400 Subject: [PATCH 90/90] update destroy Signed-off-by: Carlos Santana --- .../examples/eks/single-cluster-v2/destroy.sh | 173 +----------------- 1 file changed, 4 insertions(+), 169 deletions(-) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/destroy.sh b/argocd/iac/terraform/examples/eks/single-cluster-v2/destroy.sh index 960df2e7..4388bfa8 100755 --- a/argocd/iac/terraform/examples/eks/single-cluster-v2/destroy.sh +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/destroy.sh @@ -28,11 +28,13 @@ scale_down_karpenter_nodes() { replicaset_name=$(kubectl get pod $pod_name -n $namespace -o jsonpath='{.metadata.ownerReferences[?(@.kind=="ReplicaSet")].name}') deployment_name=$(kubectl get replicaset $replicaset_name -n $namespace -o jsonpath='{.metadata.ownerReferences[?(@.kind=="Deployment")].name}') if [[ $(kubectl get deployment $deployment_name -n $namespace -o jsonpath='{.spec.replicas}') -gt 0 ]]; then + echo kubectl scale deployment $deployment_name -n $namespace --replicas=0 kubectl scale deployment $deployment_name -n $namespace --replicas=0 fi elif echo $owner_refs | grep -q "StatefulSet"; then statefulset_name=$(kubectl get pod $pod_name -n $namespace -o jsonpath='{.metadata.ownerReferences[?(@.kind=="StatefulSet")].name}') if [[ $(kubectl get statefulset $statefulset_name -n $namespace -o jsonpath='{.spec.replicas}') -gt 0 ]]; then + echo kubectl scale statefulset $statefulset_name -n $namespace --replicas=0 kubectl scale statefulset $statefulset_name -n $namespace --replicas=0 fi fi @@ -51,14 +53,11 @@ scale_down_karpenter_nodes() { sleep 60 nodes=$(kubectl get nodes -l karpenter.sh/registered=true -o jsonpath='{.items[*].metadata.name}') done + sleep 60 } -# We must destroy the karpenter node before we destroy the EKS cluster - -exit 0 - # Delete the Ingress/SVC before removing the addons TMPFILE=$(mktemp) terraform -chdir=$SCRIPTDIR output -raw configure_kubectl > "$TMPFILE" @@ -68,122 +67,7 @@ if [[ ! $(cat $TMPFILE) == *"No outputs found"* ]]; then scale_down_karpenter_nodes kubectl delete ing -A --all # delete all the kuberneters service of type LoadBalancer, without using jq - kubectl get svc --all-namespaces -o json | grep -E '"type": "LoadBalancer"' | awk '{print "echo kubectl delete svc " $1 " -n " $2}' | bash - sleep 60 -fi - -terraform destroy -target="module.gitops_bridge_bootstrap" -auto-approve -terraform destroy -target="module.eks_blueprints_addons" -auto-approve -terraform destroy -target="module.eks" -auto-approve -terraform destroy -target="module.vpc" -auto-approve -terraform destroy -auto-approve - -# Delete the Ingress/SVC before removing the addons -TMPFILE=$(mktemp) -terraform -chdir=$SCRIPTDIR output -raw configure_kubectl > "$TMPFILE" -# check if TMPFILE contains the string "No outputs found" -if [[ ! $(cat $TMPFILE) == *"No outputs found"* ]]; then - source "$TMPFILE" - kubectl scale deploy -n game-2048 game-2048 --replicas=0 - kubectl scale deploy -n gatekeeper-system gatekeeper-audit --replicas=0 - kubectl scale deploy -n gatekeeper-system gatekeeper-controller-manager --replicas=0 - kubectl scale deploy -n kube-system metrics-server --replicas=0 - sleep 60 - kubectl delete nodes -l karpenter.sh/registered=true - kubectl delete -n game-2048 ing game-2048 - kubectl delete -n argocd svc argocd-server - sleep 60 -fi - -terraform destroy -target="module.gitops_bridge_bootstrap" -auto-approve -terraform destroy -target="module.eks_blueprints_addons" -auto-approve -terraform destroy -target="module.eks" -auto-approve -terraform destroy -target="module.vpc" -auto-approve -terraform destroy -auto-approve - -# Delete the Ingress/SVC before removing the addons -TMPFILE=$(mktemp) -terraform -chdir=$SCRIPTDIR output -raw configure_kubectl > "$TMPFILE" -# check if TMPFILE contains the string "No outputs found" -if [[ ! $(cat $TMPFILE) == *"No outputs found"* ]]; then - source "$TMPFILE" - kubectl scale deploy -n game-2048 game-2048 --replicas=0 - kubectl scale deploy -n gatekeeper-system gatekeeper-audit --replicas=0 - kubectl scale deploy -n gatekeeper-system gatekeeper-controller-manager --replicas=0 - kubectl scale deploy -n kube-system metrics-server --replicas=0 - sleep 60 - kubectl delete nodes -l karpenter.sh/registered=true - kubectl delete -n game-2048 ing game-2048 - kubectl delete -n argocd svc argocd-server - sleep 60 -fi - -terraform destroy -target="module.gitops_bridge_bootstrap" -auto-approve -terraform destroy -target="module.eks_blueprints_addons" -auto-approve -terraform destroy -target="module.eks" -auto-approve -terraform destroy -target="module.vpc" -auto-approve -terraform destroy -auto-approve - -# Delete the Ingress/SVC before removing the addons -TMPFILE=$(mktemp) -terraform -chdir=$SCRIPTDIR output -raw configure_kubectl > "$TMPFILE" -# check if TMPFILE contains the string "No outputs found" -if [[ ! $(cat $TMPFILE) == *"No outputs found"* ]]; then - source "$TMPFILE" - kubectl scale deploy -n game-2048 game-2048 --replicas=0 - kubectl scale deploy -n gatekeeper-system gatekeeper-audit --replicas=0 - kubectl scale deploy -n gatekeeper-system gatekeeper-controller-manager --replicas=0 - kubectl scale deploy -n kube-system metrics-server --replicas=0 - sleep 60 - kubectl delete nodes -l karpenter.sh/registered=true - kubectl delete -n game-2048 ing game-2048 - kubectl delete -n argocd svc argocd-server - sleep 60 -fi - -terraform destroy -target="module.gitops_bridge_bootstrap" -auto-approve -terraform destroy -target="module.eks_blueprints_addons" -auto-approve -terraform destroy -target="module.eks" -auto-approve -terraform destroy -target="module.vpc" -auto-approve -terraform destroy -auto-approve - -# Delete the Ingress/SVC before removing the addons -TMPFILE=$(mktemp) -terraform -chdir=$SCRIPTDIR output -raw configure_kubectl > "$TMPFILE" -# check if TMPFILE contains the string "No outputs found" -if [[ ! $(cat $TMPFILE) == *"No outputs found"* ]]; then - source "$TMPFILE" - kubectl scale deploy -n game-2048 game-2048 --replicas=0 - kubectl scale deploy -n gatekeeper-system gatekeeper-audit --replicas=0 - kubectl scale deploy -n gatekeeper-system gatekeeper-controller-manager --replicas=0 - kubectl scale deploy -n kube-system metrics-server --replicas=0 - sleep 60 - kubectl delete nodes -l karpenter.sh/registered=true - kubectl delete -n game-2048 ing game-2048 - kubectl delete -n argocd svc argocd-server - sleep 60 -fi - -terraform destroy -target="module.gitops_bridge_bootstrap" -auto-approve -terraform destroy -target="module.eks_blueprints_addons" -auto-approve -terraform destroy -target="module.eks" -auto-approve -terraform destroy -target="module.vpc" -auto-approve -terraform destroy -auto-approve - -# Delete the Ingress/SVC before removing the addons -TMPFILE=$(mktemp) -terraform -chdir=$SCRIPTDIR output -raw configure_kubectl > "$TMPFILE" -# check if TMPFILE contains the string "No outputs found" -if [[ ! $(cat $TMPFILE) == *"No outputs found"* ]]; then - source "$TMPFILE" - kubectl scale deploy -n game-2048 game-2048 --replicas=0 - kubectl scale deploy -n gatekeeper-system gatekeeper-audit --replicas=0 - kubectl scale deploy -n gatekeeper-system gatekeeper-controller-manager --replicas=0 - kubectl scale deploy -n kube-system metrics-server --replicas=0 - sleep 60 - kubectl delete nodes -l karpenter.sh/registered=true - kubectl delete -n game-2048 ing game-2048 - kubectl delete -n argocd svc argocd-server + kubectl get svc --all-namespaces -o json | grep -E '"type": "LoadBalancer"' | awk '{print "kubectl delete svc " $1 " -n " $2}' | bash sleep 60 fi @@ -192,52 +76,3 @@ terraform destroy -target="module.eks_blueprints_addons" -auto-approve terraform destroy -target="module.eks" -auto-approve terraform destroy -target="module.vpc" -auto-approve terraform destroy -auto-approve - -# Delete the Ingress/SVC before removing the addons -TMPFILE=$(mktemp) -terraform -chdir=$SCRIPTDIR output -raw configure_kubectl > "$TMPFILE" -# check if TMPFILE contains the string "No outputs found" -if [[ ! $(cat $TMPFILE) == *"No outputs found"* ]]; then - source "$TMPFILE" - kubectl scale deploy -n game-2048 game-2048 --replicas=0 - kubectl scale deploy -n gatekeeper-system gatekeeper-audit --replicas=0 - kubectl scale deploy -n gatekeeper-system gatekeeper-controller-manager --replicas=0 - kubectl scale deploy -n kube-system metrics-server --replicas=0 - sleep 60 - kubectl delete nodes -l karpenter.sh/registered=true - kubectl delete -n game-2048 ing game-2048 - kubectl delete -n argocd svc argocd-server - sleep 60 -fi - -terraform destroy -target="module.gitops_bridge_bootstrap" -auto-approve -terraform destroy -target="module.eks_blueprints_addons" -auto-approve -terraform destroy -target="module.eks" -auto-approve -terraform destroy -target="module.vpc" -auto-approve -terraform destroy -auto-approve - -# Delete the Ingress/SVC before removing the addons -TMPFILE=$(mktemp) -terraform -chdir=$SCRIPTDIR output -raw configure_kubectl > "$TMPFILE" -# check if TMPFILE contains the string "No outputs found" -if [[ ! $(cat $TMPFILE) == *"No outputs found"* ]]; then - source "$TMPFILE" - kubectl scale deploy -n game-2048 game-2048 --replicas=0 - kubectl scale deploy -n gatekeeper-system gatekeeper-audit --replicas=0 - kubectl scale deploy -n gatekeeper-system gatekeeper-controller-manager --replicas=0 - kubectl scale deploy -n kube-system metrics-server --replicas=0 - sleep 60 - kubectl delete nodes -l karpenter.sh/registered=true - kubectl delete -n game-2048 ing game-2048 - kubectl delete -n argocd svc argocd-server - sleep 60 -fi - -terraform destroy -target="module.gitops_bridge_bootstrap" -auto-approve -terraform destroy -target="module.eks_blueprints_addons" -auto-approve -terraform destroy -target="module.eks" -auto-approve -terraform destroy -target="module.vpc" -auto-approve -terraform destroy -auto-approve - - -