Skip to content

Commit

Permalink
Merge branch 'main' into fix/override-instance-profile-name
Browse files Browse the repository at this point in the history
  • Loading branch information
@bryantbiggs
bryantbiggs committed Feb 2, 2024
2 parents 6292fed + a408617 commit d98f892
Show file tree
Hide file tree
Showing 4 changed files with 215 additions and 27 deletions.
23 changes: 12 additions & 11 deletions docs/addons/karpenter.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,27 +46,28 @@ fargate-ip-10-0-45-112.us-west-2.compute.internal Ready <none> 2m33s v1

```sh
kubectl apply -f - <<EOF
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: inflate
name: inflate
spec:
replicas: 0
selector:
replicas: 0
selector:
matchLabels:
app: inflate
template:
app: inflate
template:
metadata:
labels:
labels:
app: inflate
spec:
terminationGracePeriodSeconds: 0
containers:
terminationGracePeriodSeconds: 0
containers:
- name: inflate
image: public.ecr.aws/eks-distro/kubernetes/pause:3.7
resources:
image: public.ecr.aws/eks-distro/kubernetes/pause:3.7
resources:
requests:
cpu: 1
cpu: 1
EOF
```

Expand Down
188 changes: 178 additions & 10 deletions docs/amazon-eks-addons.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,10 +100,10 @@ You can supply custom configuration values to each addon via the `configuration_

```sh
aws eks describe-addon-configuration \
--addon-name coredns \
--addon-version v1.8.7-eksbuild.2 \
--query 'configurationSchema' \
--output text | jq
--addon-name coredns \
--addon-version v1.10.1-eksbuild.2 \
--query 'configurationSchema' \
--output text | jq
```

Which returns the formatted JSON schema like below:
Expand All @@ -116,6 +116,63 @@ Which returns the formatted JSON schema like below:
"Coredns": {
"additionalProperties": false,
"properties": {
"affinity": {
"default": {
"affinity": {
"nodeAffinity": {
"requiredDuringSchedulingIgnoredDuringExecution": {
"nodeSelectorTerms": [
{
"matchExpressions": [
{
"key": "kubernetes.io/os",
"operator": "In",
"values": [
"linux"
]
},
{
"key": "kubernetes.io/arch",
"operator": "In",
"values": [
"amd64",
"arm64"
]
}
]
}
]
}
},
"podAntiAffinity": {
"preferredDuringSchedulingIgnoredDuringExecution": [
{
"podAffinityTerm": {
"labelSelector": {
"matchExpressions": [
{
"key": "k8s-app",
"operator": "In",
"values": [
"kube-dns"
]
}
]
},
"topologyKey": "kubernetes.io/hostname"
},
"weight": 100
}
]
}
}
},
"description": "Affinity of the coredns pods",
"type": [
"object",
"null"
]
},
"computeType": {
"type": "string"
},
Expand All @@ -134,6 +191,27 @@ Which returns the formatted JSON schema like below:
},
"resources": {
"$ref": "#/definitions/Resources"
},
"tolerations": {
"default": [
{
"key": "CriticalAddonsOnly",
"operator": "Exists"
},
{
"key": "node-role.kubernetes.io/master",
"operator": "NoSchedule"
}
],
"description": "Tolerations of the coredns pod",
"items": {
"type": "object"
},
"type": "array"
},
"topologySpreadConstraints": {
"description": "The coredns pod topology spread constraints",
"type": "array"
}
},
"title": "Coredns",
Expand Down Expand Up @@ -178,11 +256,104 @@ module "eks_blueprints_addons" {
# ... truncated for brevity
eks_addons = {
coredns = {
coredns = {
most_recent = true
configuration_values = jsonencode({
replicaCount = 4
tolerations = [
{
key = "dedicated",
operator = "Equal",
effect = "NoSchedule",
value = "orchestration-seb"
}
]
topologySpreadConstraints = [
{
maxSkew = 1
topologyKey = "topology.kubernetes.io/zone"
whenUnsatisfiable = "ScheduleAnyway"
labelSelector = {
matchLabels = {
k8s-app: "kube-dns"
}
}
}
]
affinity = {
nodeAffinity = {
requiredDuringSchedulingIgnoredDuringExecution = {
nodeSelectorTerms = [
{
matchExpressions = [
{
key = "kubernetes.io/os"
operator = "In"
values = ["linux"]
},
{
key = "kubernetes.io/arch"
operator = "In"
values = ["amd64"]
}
]
}]
}
}
podAffinity = {
requiredDuringSchedulingIgnoredDuringExecution = [{
labelSelector = {
matchExpressions = [
{
key = "k8s-app"
operator = "NotIn"
values = ["kube-dns"]
}
]
}
topologyKey = "kubernetes.io/hostname"
}
]
}
podAntiAffinity = {
preferredDuringSchedulingIgnoredDuringExecution = [{
podAffinityTerm = {
labelSelector = {
matchExpressions = [
{
key = "k8s-app"
operator = "In"
values = ["kube-dns"]
}
]
}
topologyKey = "kubernetes.io/hostname"
}
weight = 100
}
]
requiredDuringSchedulingIgnoredDuringExecution = [{
labelSelector = {
matchExpressions = [
{
key = "k8s-app"
operator = "In"
values = ["kube-dns"]
}
]
}
topologyKey = "kubernetes.io/hostname"
}
]
}
}
resources = {
limits = {
cpu = "100m"
Expand All @@ -191,10 +362,7 @@ module "eks_blueprints_addons" {
requests = {
cpu = "100m"
memory = "150Mi"
}
}
})
})
}
}
}
```
5 changes: 3 additions & 2 deletions docs/aws-partner-addons.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,5 +10,6 @@ The following addons are provided by [AWS Partners](https://aws.amazon.com/partn
| [Sysdig](https://github.com/sysdiglabs/terraform-eksblueprints-sysdig-addon) | Sysdig CNAPP helps you stop cloud and container security attacks with no wasted time. |
| [Tetrate Istio](https://github.com/tetratelabs/terraform-eksblueprints-tetrate-istio-addon) | Tetrate Istio Distro is an open source project from Tetrate that provides vetted builds of Istio tested against all major cloud platforms. |
| [NetApp ONTAP Astra Trident](https://github.com/NetApp/terraform-aws-netapp-fsxn-eks-addon) | NetApp's Astra Trident provides dynamic storage orchestration for FSx for NetApp ONTAP using a Container Storage Interface (CSI) compliant driver. |
| [Kong Konnect Gateway](https://github.com/Kong/terraform-aws-eks-blueprint-konnect-runtime-instance) | Kong Gateway is the fastest and most adopted API gateway that integrates with Kong Konnect, the end-to-end SaaS API lifecycle management platform. |
| [Kong Konnect Kong Ingress Controller](https://github.com/Kong/terraform-aws-eks-blueprint-konnect-kic) | Kong Ingress Controller combines the powerful features of the widely popular Kong Gateway with Kubernetes in a truly Kubernetes-native manner and now integrated with Kong Konnect, the end-to-end SaaS API lifecycle management platform. |
| [Kong Konnect - Kong Gateway](https://github.com/Kong/terraform-aws-eks-blueprint-konnect-runtime-instance) | Kong Gateway is the fastest and most adopted API gateway that integrates with Kong Konnect, the end-to-end SaaS API lifecycle management platform. |
| [Kong Konnect - Kong Ingress Controller](https://github.com/Kong/terraform-aws-eks-blueprint-konnect-kic) | Kong Ingress Controller combines the powerful features of the widely popular Kong Gateway with Kubernetes in a truly Kubernetes-native manner and now integrated with Kong Konnect, the end-to-end SaaS API lifecycle management platform. |
| [Kong Konnect - Kong Mesh Manager](https://github.com/Kong/terraform-aws-eks-blueprint-konnect-kic) | Kong Mesh is the most flexible, enterprise-proven, service-to-service connectivity solution for developing modern applications that drive compelling digital experiences for an organization’s customers. |
26 changes: 22 additions & 4 deletions main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2538,8 +2538,19 @@ data "aws_iam_policy_document" "fargate_fluentbit" {
resources = var.fargate_fluentbit.s3_bucket_arns
}
}
}

dynamic "statement" {
for_each = try(var.fargate_fluentbit.send_to_firehose, false) ? [1] : []

content {
sid = "FirehoseEvent"
actions = [
"firehose:PutRecordBatch"
]
resources = lookup(var.fargate_fluentbit, "firehose_arns", ["*"])
}
}
}
# Help on Fargate Logging with Fluentbit and CloudWatch
# https://docs.aws.amazon.com/eks/latest/userguide/fargate-logging.html
resource "kubernetes_namespace_v1" "aws_observability" {
Expand Down Expand Up @@ -2840,8 +2851,8 @@ data "aws_iam_policy_document" "karpenter" {

condition {
test = "StringLike"
variable = "ec2:ResourceTag/${try(var.karpenter.irsa_tag_key, "Name")}"
values = try(var.karpenter.irsa_tag_values, ["*karpenter*", "*compute.internal", "*ec2.internal"])
variable = "ec2:ResourceTag/kubernetes.io/cluster/${var.cluster_name}"
values = ["*"]
}
}

Expand Down Expand Up @@ -3567,7 +3578,14 @@ data "aws_iam_policy_document" "aws_gateway_api_controller" {
"iam:CreateServiceLinkedRole",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:DescribeTags"
"ec2:DescribeTags",
"ec2:DescribeSecurityGroups",
"logs:CreateLogDelivery",
"logs:GetLogDelivery",
"logs:UpdateLogDelivery",
"logs:DeleteLogDelivery",
"logs:ListLogDeliveries",
"tag:GetResources"
]
resources = ["*"]
}
Expand Down

0 comments on commit d98f892

Please sign in to comment.