generated from aws-ia/terraform-repo-template
-
Notifications
You must be signed in to change notification settings - Fork 124
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore: Sync changes from Blueprints examples refactoring (ALB control…
…ler + Fargate FluentBit) (#163)
- Loading branch information
1 parent
a4ef628
commit b625dd0
Showing
19 changed files
with
1,116 additions
and
167 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
name: Publish docs via GitHub Pages | ||
on: | ||
push: | ||
branches: | ||
- main | ||
paths: | ||
- "docs/**" | ||
- "mkdocs.yml" | ||
- README.md | ||
|
||
release: | ||
types: | ||
- published | ||
|
||
env: | ||
PYTHON_VERSION: 3.x | ||
|
||
jobs: | ||
build: | ||
name: Deploy docs | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout main | ||
uses: actions/checkout@v3 | ||
with: | ||
fetch-depth: 0 | ||
|
||
- name: Set up Python ${{ env.PYTHON_VERSION }} | ||
uses: actions/setup-python@v3 | ||
with: | ||
python-version: ${{ env.PYTHON_VERSION }} | ||
|
||
- name: Install dependencies | ||
run: | | ||
python -m pip install --upgrade pip | ||
pip install mike=1.1.2 mkdocs-material==9.1.4 mkdocs-include-markdown-plugin==4.0.4 | ||
- name: git config | ||
run: | | ||
git config --local user.email "action@github.com" | ||
git config --local user.name "GitHub Action" | ||
- name: mike deploy main | ||
if: contains(github.ref, 'refs/heads/main') | ||
run: | | ||
mike deploy --push main | ||
- name: mike deploy new version | ||
if: contains(github.ref, 'refs/tags/v') && !github.event.release.prerelease | ||
run: | | ||
VERSION=${GITHUB_REF/refs\/tags\//} | ||
mike deploy --rebase --push --update-aliases "${VERSION}" latest |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
# AWS CloudWatch Metrics | ||
|
||
Use CloudWatch Container Insights to collect, aggregate, and summarize metrics and logs from your containerized applications and microservices. CloudWatch automatically collects metrics for many resources, such as CPU, memory, disk, and network. Container Insights also provides diagnostic information, such as container restart failures, to help you isolate issues and resolve them quickly. You can also set CloudWatch alarms on metrics that Container Insights collects. | ||
|
||
Container Insights collects data as performance log events using embedded metric format. These performance log events are entries that use a structured JSON schema that enables high-cardinality data to be ingested and stored at scale. From this data, CloudWatch creates aggregated metrics at the cluster, node, pod, task, and service level as CloudWatch metrics. The metrics that Container Insights collects are available in CloudWatch automatic dashboards, and also viewable in the Metrics section of the CloudWatch console. | ||
|
||
## Usage | ||
|
||
[aws-cloudwatch-metrics](https://github.com/aws-ia/terraform-aws-eks-blueprints/tree/main/modules/kubernetes-addons/aws-cloudwatch-metrics) can be deployed by enabling the add-on via the following. | ||
|
||
```hcl | ||
enable_aws_cloudwatch_metrics = true | ||
``` | ||
|
||
You can also customize the Helm chart that deploys `aws-cloudwatch-metrics` via the following configuration: | ||
|
||
|
||
```hcl | ||
enable_aws_cloudwatch_metrics = true | ||
aws_cloudwatch_metrics_irsa_policies = ["IAM Policies"] | ||
aws_cloudwatch_metrics = { | ||
role_policies = ["IAM Policies"] # extra policies in addition of CloudWatchAgentServerPolicy | ||
name = "aws-cloudwatch-metrics" | ||
repository = "https://aws.github.io/eks-charts" | ||
chart_version = "0.0.9" | ||
namespace = "amazon-cloudwatch" | ||
values = [templatefile("${path.module}/values.yaml", {})] # The value `clusterName` is already set to the EKS cluster name, no need to specify here | ||
} | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
# AWS EFS CSI Driver | ||
|
||
This add-on deploys the [AWS EFS CSI driver](https://docs.aws.amazon.com/eks/latest/userguide/efs-csi.html) into an EKS cluster. | ||
|
||
## Usage | ||
|
||
The [AWS EFS CSI driver](https://github.com/aws-ia/terraform-aws-eks-blueprints/tree/main/modules/kubernetes-addons/aws-efs-csi-driver) can be deployed by enabling the add-on via the following. Check out the full [example](https://github.com/aws-ia/terraform-aws-eks-blueprints/blob/main/examples/stateful/main.tf) to deploy an EKS Cluster with EFS backing the dynamic provisioning of persistent volumes. | ||
|
||
```hcl | ||
enable_aws_efs_csi_driver = true | ||
``` | ||
|
||
Once deployed, you will be able to see a number of supporting resources in the `kube-system` namespace. | ||
|
||
```sh | ||
$ kubectl get deployment efs-csi-controller -n kube-system | ||
|
||
NAME READY UP-TO-DATE AVAILABLE AGE | ||
efs-csi-controller 2/2 2 2 4m29s | ||
``` | ||
|
||
```sh | ||
$ kubectl get daemonset efs-csi-node -n kube-system | ||
|
||
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE | ||
efs-csi-node 3 3 3 3 3 beta.kubernetes.io/os=linux 4m32s | ||
``` | ||
|
||
You can optionally customize the Helm chart that deploys the driver via the following configuration. | ||
|
||
```hcl | ||
enable_aws_efs_csi_driver = true | ||
# Optional aws_efs_csi_driver_helm_config | ||
aws_efs_csi_driver = { | ||
repository = "https://kubernetes-sigs.github.io/aws-efs-csi-driver/" | ||
chart_version = "2.4.1" | ||
} | ||
aws_efs_csi_driver { | ||
role_policies = ["<ADDITIONAL_IAM_POLICY_ARN>"] | ||
} | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,86 @@ | ||
# AWS Load Balancer Controller. | ||
|
||
[AWS Load Balancer Controller ](https://kubernetes-sigs.github.io/aws-load-balancer-controller/) is a controller to help manage Elastic Load Balancers for a Kubernetes cluster. This Add-on deploys this controller in an Amazon EKS Cluster. | ||
|
||
## Usage | ||
|
||
In order to deploy the AWS Load Balancer Controller Addon via [EKS Blueprints Addons](https://github.com/aws-ia/terraform-aws-eks-blueprints-addons), reference the following parameters under the `module.eks_blueprints_addons`. | ||
|
||
```hcl | ||
module "eks_blueprints_addons" { | ||
enable_aws_load_balancer_controller = true | ||
aws_load_balancer_controller = { | ||
set = [ | ||
{ | ||
name = "vpcId" | ||
value = module.vpc.vpc_id | ||
}, | ||
{ | ||
name = "podDisruptionBudget.maxUnavailable" | ||
value = 1 | ||
}, | ||
] | ||
} | ||
``` | ||
### Helm Chart customization | ||
|
||
It's possible to customize your deployment using the Helm Chart parameters inside the `aws_load_balancer_controller` configuration block: | ||
|
||
```hcl | ||
aws_load_balancer_controller = { | ||
set = [ | ||
{ | ||
name = "vpcId" | ||
value = module.vpc.vpc_id | ||
}, | ||
{ | ||
name = "podDisruptionBudget.maxUnavailable" | ||
value = 1 | ||
}, | ||
{ | ||
name = "resources.requests.cpu" | ||
value = 100m | ||
}, | ||
{ | ||
name = "resources.requests.memory" | ||
value = 128Mi | ||
}, | ||
] | ||
} | ||
} | ||
``` | ||
|
||
You can find all available Helm Chart parameter values [here](https://github.com/kubernetes-sigs/aws-load-balancer-controller/blob/main/helm/aws-load-balancer-controller/values.yaml). | ||
|
||
|
||
## Validate | ||
|
||
1. To validate the deployment, check if the `aws-load-balancer-controller` Pods were created in the `kube-system` Namespace, as the following example. | ||
|
||
```sh | ||
kubectl -n kube-system get pods | grep aws-load-balancer-controller | ||
NAMESPACE NAME READY STATUS RESTARTS AGE | ||
kube-system aws-load-balancer-controller-6cbdb58654-fvskt 1/1 Running 0 26m | ||
kube-system aws-load-balancer-controller-6cbdb58654-sc7dk 1/1 Running 0 26m | ||
``` | ||
|
||
2. Create a Kubernetes Ingress, using the `alb` IngressClass, pointing to an existing Service. In this example we'll use a Service called `example-svc`. | ||
|
||
```sh | ||
kubectl create ingress example-ingress --class alb --rule="/*=example-svc:80" \ | ||
--annotation alb.ingress.kubernetes.io/scheme=internet-facing \ | ||
--annotation alb.ingress.kubernetes.io/target-type=ip | ||
``` | ||
|
||
```sh | ||
kubectl get ingress | ||
NAME CLASS HOSTS ADDRESS PORTS AGE | ||
example-ingress alb * k8s-example-ingress-7e0d6f03e7-1234567890.us-west-2.elb.amazonaws.com 80 4m9s | ||
``` | ||
|
||
## Resources | ||
|
||
[GitHub Repo](https://github.com/kubernetes-sigs/aws-load-balancer-controller/) | ||
[Helm Chart](https://github.com/kubernetes-sigs/aws-load-balancer-controller/tree/main/helm/aws-load-balancer-controller) | ||
[AWS Docs](https://docs.aws.amazon.com/eks/latest/userguide/aws-load-balancer-controller.html) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
# AWS Private CA (PCA) Issuer | ||
|
||
[AWS Private CA](https://aws.amazon.com/private-ca/) is an AWS service that can setup and manage private CAs, as well as issue private certifiates. This Add-on deployes the AWS Private CA Issuer as an [external issuer](https://cert-manager.io/docs/configuration/external/) to **cert-manager** that signs off certificate requests using AWS Private CA in an Amazon EKS Cluster. | ||
|
||
## Usage | ||
|
||
### Pre-requisites | ||
|
||
To deploy the AWS PCA, you need to install cert-manager first, refer to this [documentation](https://github.com/aws-ia/terraform-aws-eks-blueprints-addons/docs/cert-manager.md) to do it through EKS Blueprints Addons. | ||
|
||
### Deployment | ||
|
||
With **cert-manager** deployed in place, you can deploy the AWS Private CA Issuer Add-on via [EKS Blueprints Addons](https://github.com/aws-ia/terraform-aws-eks-blueprints-addons), reference the following parameters under the `module.eks_blueprints_addons`. | ||
|
||
```hcl | ||
module "eks_blueprints_addons" { | ||
enable_cert_manager = true | ||
enable_aws_privateca_issuer = true | ||
aws_privateca_issuer = { | ||
acmca_arn = aws_acmpca_certificate_authority.this.arn | ||
} | ||
} | ||
``` | ||
|
||
### Helm Chart customization | ||
|
||
It's possible to customize your deployment using the Helm Chart parameters inside the `aws_load_balancer_controller` configuration block: | ||
|
||
```hcl | ||
aws_privateca_issuer = { | ||
acmca_arn = aws_acmpca_certificate_authority.this.arn | ||
namespace = "aws-privateca-issuer" | ||
create_namespace = true | ||
} | ||
``` | ||
|
||
You can find all available Helm Chart parameter values [here](https://github.com/cert-manager/aws-privateca-issuer/blob/main/charts/aws-pca-issuer/values.yaml). | ||
|
||
## Validation | ||
|
||
1. List all the pods running in `aws-privateca-issuer` and `cert-manager` Namespace. | ||
|
||
```sh | ||
kubectl get pods -n aws-privateca-issuer | ||
kubectl get pods -n cert-manager | ||
``` | ||
|
||
2. Check the `certificate` status in it should be in `Ready` state, and be pointing to a `secret` created in the same Namespace. | ||
|
||
```sh | ||
kubectl get certificate -o wide | ||
NAME READY SECRET ISSUER STATUS AGE | ||
example True example-clusterissuer tls-with-aws-pca-issuer Certificate is up to date and has not expired 41m | ||
|
||
kubectl get secret example-clusterissuer | ||
NAME TYPE DATA AGE | ||
example-clusterissuer kubernetes.io/tls 3 43m | ||
``` | ||
|
||
## Resources | ||
|
||
[GitHub Repo](https://github.com/cert-manager/aws-privateca-issuer) | ||
[Helm Chart](https://github.com/cert-manager/aws-privateca-issuer/tree/main/charts/aws-pca-issuer) | ||
[AWS Docs](https://docs.aws.amazon.com/privateca/latest/userguide/PcaKubernetes.html) |
Oops, something went wrong.