diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/README.md b/argocd/iac/terraform/examples/eks/single-cluster-v2/README.md new file mode 100644 index 00000000..d9bbeb81 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/README.md @@ -0,0 +1,161 @@ +# ArgoCD on Amazon EKS + +This pattern shows how to use the new stack platform concept + +This tutorial guides you through deploying an Amazon EKS cluster with addons configured via ArgoCD, employing the [GitOps Bridge Pattern](https://github.com/gitops-bridge-dev). + + +## Prerequisites +Before you begin, make sure you have the following command line tools installed: +- git +- terraform +- kubectl +- argocd + +## Fork the Git Repositories + +### Fork the Addon GitOps Repo +1. Fork the git repository for addons [here](https://github.com/gitops-bridge-dev/gitops-bridge-argocd-control-plane-template). +2. Update the following environment variables to point to your fork by changing the default values: +```shell +export TF_VAR_gitops_addons_org=https://github.com/gitops-bridge-dev +export TF_VAR_gitops_addons_repo=gitops-bridge-argocd-control-plane-template +``` + +### Fork the Workloads GitOps Repo +1. Fork the git repository for this pattern [here](https://github.com/gitops-bridge-dev/gitops-bridge) +2. Update the following environment variables to point to your fork by changing the default values: +```shell +export TF_VAR_gitops_workload_org=https://github.com/gitops-bridge-dev +export TF_VAR_gitops_workload_repo=gitops-bridge +``` + +## Deploy the EKS Cluster +Initialize Terraform and deploy the EKS cluster: +```shell +terraform init +terraform apply -auto-approve +``` +Retrieve `kubectl` config, then execute the output command: +```shell +terraform output -raw configure_kubectl +``` + +Terraform will add GitOps Bridge Metadata to the ArgoCD secret. +The annotations contain metadata for the addons' Helm charts and ArgoCD ApplicationSets. +```shell +kubectl get secret -n argocd -l argocd.argoproj.io/secret-type=cluster -o json | jq '.items[0].metadata.annotations' +``` +The output looks like the following: +```json +{ + "addons_repo_basepath": "", + "addons_repo_path": "bootstrap/control-plane/addons", + "addons_repo_revision": "main", + "addons_repo_url": "https://github.com/gitops-bridge-dev/gitops-bridge-argocd-control-plane-template", + "aws_account_id": "0123456789", + "aws_cluster_name": "getting-started-gitops", + "aws_load_balancer_controller_iam_role_arn": "arn:aws:iam::0123456789:role/alb-controller", + "aws_load_balancer_controller_namespace": "kube-system", + "aws_load_balancer_controller_service_account": "aws-load-balancer-controller-sa", + "aws_region": "us-west-2", + "aws_vpc_id": "vpc-001d3f00151bbb731", + "cluster_name": "in-cluster", + "environment": "dev", + "workload_repo_basepath": "argocd/iac/terraform/examples/eks/", + "workload_repo_path": "getting-started/k8s", + "workload_repo_revision": "main", + "workload_repo_url": "https://github.com/gitops-bridge-dev/gitops-bridge" +} +``` +The labels offer a straightforward way to enable or disable an addon in ArgoCD for the cluster. +```shell +kubectl get secret -n argocd -l argocd.argoproj.io/secret-type=cluster -o json | jq '.items[0].metadata.labels' +``` +The output looks like the following: +```json +{ + "aws_cluster_name": "getting-started-gitops", + "enable_argocd": "true", + "enable_aws_load_balancer_controller": "true", + "enable_metrics_server": "true", + "kubernetes_version": "1.28", +} +``` + +## Deploy the Addons +Bootstrap the addons using ArgoCD: +```shell +kubectl apply -f bootstrap/addons.yaml +``` + +### Monitor GitOps Progress for Addons +Wait until all the ArgoCD applications' `HEALTH STATUS` is `Healthy`. Use Crl+C to exit the `watch` command +```shell +watch kubectl get applications -n argocd +``` + +### Verify the Addons +Verify that the addons are ready: +```shell +kubectl get deployment -n kube-system \ + aws-load-balancer-controller \ + metrics-server +``` + +## Access ArgoCD +Access ArgoCD's UI, run the command from the output: +```shell +terraform output -raw access_argocd +``` + + +## Deploy the Workloads +Deploy a sample application located in [k8s/game-2048.yaml](k8s/game-2048.yaml) using ArgoCD: +```shell +kubectl apply -f bootstrap/workloads.yaml +``` + +### Monitor GitOps Progress for Workloads +Watch until the Workloads ArgoCD Application is `Healthy` +```shell +watch kubectl get -n argocd applications workloads +``` +Wait until the ArgoCD Applications `HEALTH STATUS` is `Healthy`. Crl+C to exit the `watch` command + +### Verify the Application +Verify that the application configuration is present and the pod is running: +```shell +kubectl get -n game-2048 deployments,service,ep,ingress +``` +Wait until the Ingress/game-2048 `MESSAGE` column value is `Successfully reconciled`. Crl+C to exit the `watch` command +```shell +kubectl events -n game-2048 --for ingress/game-2048 --watch +``` + + + +### Access the Application using AWS Load Balancer +Verify the application endpoint health using `curl`: +```shell +curl -I $(kubectl get -n game-2048 ingress game-2048 -o jsonpath='{.status.loadBalancer.ingress[0].hostname}') +``` +The first line of the output should have `HTTP/1.1 200 OK`. + +Retrieve the ingress URL for the application, and access in the browser: +```shell +echo "Application URL: http://$(kubectl get -n game-2048 ingress game-2048 -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')" +``` + + +### Container Metrics +Check the application's CPU and memory metrics: +```shell +kubectl top pods -n game-2048 +``` + +## Destroy the EKS Cluster +To tear down all the resources and the EKS cluster, run the following command: +```shell +./destroy.sh +``` diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/argocd-initial-values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/argocd-initial-values.yaml new file mode 100644 index 00000000..48dd8d45 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/argocd-initial-values.yaml @@ -0,0 +1,8 @@ +global: + tolerations: + - key: "CriticalAddonsOnly" + operator: "Exists" +controller: + env: + - name: ARGOCD_SYNC_WAVE_DELAY + value: '30' diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.tpl.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.tpl.yaml new file mode 100644 index 00000000..c7f4d818 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.tpl.yaml @@ -0,0 +1,58 @@ +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: cluster-addons + namespace: argocd +spec: + syncPolicy: + preserveResourcesOnDeletion: true + goTemplate: true + goTemplateOptions: + - missingkey=error + generators: + - clusters: {} + template: + metadata: + name: cluster-addons + spec: + project: default + source: + repoURL: '{{.metadata.annotations.addons_repo_url}}' + path: '{{.metadata.annotations.addons_repo_basepath}}charts/gitops-bridge' + targetRevision: '{{.metadata.annotations.addons_repo_revision}}' + helm: + valuesObject: + repoURLValuesBasePath: '{{.metadata.annotations.addons_repo_basepath}}' + repoURLValuesRevision: '{{.metadata.annotations.addons_repo_revision}}' + repoURLGitBasePath: '{{.metadata.annotations.addons_repo_basepath}}stacks/' + repoURLGitRevision: '{{.metadata.annotations.addons_repo_revision}}' + useSelector: false + useStack: true + addons: +%{ for key, value in addons ~} +%{ if substr(key, 0, 7) == "enable_" && value == true ~} + ${replace(key, "enable_", "")}: + enabled: ${value} +%{ endif ~} +%{ endfor ~} + ignoreMissingValueFiles: true + valueFiles: + - '{{.metadata.annotations.addons_repo_basepath}}default/addons/gitops-bridge/values.yaml' + - '{{.metadata.annotations.addons_repo_basepath}}environments/{{.metadata.labels.environment}}/gitops-bridge/values.yaml' + - '{{.metadata.annotations.addons_repo_basepath}}clusters/{{.nameNormalized}}/addons/values.yaml' + - '{{.metadata.annotations.addons_repo_basepath}}tenants/{{.metadata.labels.tenant}}/default/addons/gitops-bridge/values.yaml' + - '{{.metadata.annotations.addons_repo_basepath}}tenants/{{.metadata.labels.tenant}}/environments/{{.metadata.labels.environment}}/gitops-bridge/values.yaml' + - '{{.metadata.annotations.addons_repo_basepath}}tenants/{{.metadata.labels.tenant}}/clusters/{{.nameNormalized}}/addons/values.yaml' + destination: + namespace: argocd + name: '{{.name}}' + syncPolicy: + automated: + selfHeal: true + allowEmpty: true + prune: false + retry: + limit: 100 + syncOptions: + - CreateNamespace=true + - ServerSideApply=true # Big CRDs. \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.yaml new file mode 100644 index 00000000..4661fcba --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/addons.yaml @@ -0,0 +1,51 @@ +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: cluster-addons + namespace: argocd +spec: + syncPolicy: + preserveResourcesOnDeletion: true + goTemplate: true + goTemplateOptions: + - missingkey=error + generators: + - clusters: {} + template: + metadata: + name: cluster-addons + spec: + project: default + source: + repoURL: '{{.metadata.annotations.addons_repo_url}}' + path: '{{.metadata.annotations.addons_repo_basepath}}charts/gitops-bridge' + targetRevision: '{{.metadata.annotations.addons_repo_revision}}' + helm: + valuesObject: + repoURLValuesBasePath: '{{.metadata.annotations.addons_repo_basepath}}' + repoURLValuesRevision: '{{.metadata.annotations.addons_repo_revision}}' + repoURLGitBasePath: '{{.metadata.annotations.addons_repo_basepath}}stacks/' + repoURLGitRevision: '{{.metadata.annotations.addons_repo_revision}}' + useSelector: true + useStack: true + ignoreMissingValueFiles: true + valueFiles: + - '{{.metadata.annotations.addons_repo_basepath}}default/addons/gitops-bridge/values.yaml' + - '{{.metadata.annotations.addons_repo_basepath}}environments/{{.metadata.labels.environment}}/gitops-bridge/values.yaml' + - '{{.metadata.annotations.addons_repo_basepath}}clusters/{{.nameNormalized}}/addons/values.yaml' + - '{{.metadata.annotations.addons_repo_basepath}}tenants/{{.metadata.labels.tenant}}/default/addons/gitops-bridge/values.yaml' + - '{{.metadata.annotations.addons_repo_basepath}}tenants/{{.metadata.labels.tenant}}/environments/{{.metadata.labels.environment}}/gitops-bridge/values.yaml' + - '{{.metadata.annotations.addons_repo_basepath}}tenants/{{.metadata.labels.tenant}}/clusters/{{.nameNormalized}}/addons/values.yaml' + destination: + namespace: argocd + name: '{{.name}}' + syncPolicy: + automated: + selfHeal: true + allowEmpty: true + prune: false + retry: + limit: 100 + syncOptions: + - CreateNamespace=true + - ServerSideApply=true # Big CRDs. \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/workloads.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/workloads.yaml new file mode 100644 index 00000000..bfa7c82c --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/bootstrap/workloads.yaml @@ -0,0 +1,35 @@ +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: workloads + namespace: argocd +spec: + syncPolicy: + preserveResourcesOnDeletion: false + generators: + - clusters: {} + template: + metadata: + name: workloads + finalizers: + # This finalizer is for demo purposes, in production remove apps using argocd CLI "argocd app delete workload --cascade" + # When you invoke argocd app delete with --cascade, the finalizer is added automatically. + - resources-finalizer.argocd.argoproj.io + spec: + project: default + source: + repoURL: '{{metadata.annotations.workload_repo_url}}' + path: '{{metadata.annotations.workload_repo_basepath}}' + targetRevision: '{{metadata.annotations.workload_repo_revision}}' + destination: + name: '{{name}}' + syncPolicy: + automated: + selfHeal: true + allowEmpty: true + prune: false + retry: + limit: 100 + syncOptions: + - CreateNamespace=true + - ServerSideApply=true # Big CRDs. diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/destroy.sh b/argocd/iac/terraform/examples/eks/single-cluster-v2/destroy.sh new file mode 100755 index 00000000..4388bfa8 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/destroy.sh @@ -0,0 +1,78 @@ +#!/bin/bash + +set -uo pipefail + +SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +ROOTDIR="$(cd ${SCRIPTDIR}/../..; pwd )" +[[ -n "${DEBUG:-}" ]] && set -x + +scale_down_karpenter_nodes() { + # Get all nodes with the label karpenter.sh/registered=true + nodes=$(kubectl get nodes -l karpenter.sh/registered=true -o jsonpath='{.items[*].metadata.name}') + + # Iterate over each node + for node in $nodes; do + # Get all pods running on the current node + pods=$(kubectl get pods --all-namespaces --field-selector spec.nodeName=$node -o jsonpath='{range .items[*]}{.metadata.namespace}{" "}{.metadata.name}{"\n"}{end}') + + # Iterate over each pod + while IFS= read -r pod; do + namespace=$(echo $pod | awk '{print $1}') + pod_name=$(echo $pod | awk '{print $2}') + + # Get the owner references of the pod + owner_refs=$(kubectl get pod $pod_name -n $namespace -o jsonpath='{.metadata.ownerReferences[*]}') + + # Check if the owner is a ReplicaSet (which is part of a deployment) or a StatefulSet and scale down + if echo $owner_refs | grep -q "ReplicaSet"; then + replicaset_name=$(kubectl get pod $pod_name -n $namespace -o jsonpath='{.metadata.ownerReferences[?(@.kind=="ReplicaSet")].name}') + deployment_name=$(kubectl get replicaset $replicaset_name -n $namespace -o jsonpath='{.metadata.ownerReferences[?(@.kind=="Deployment")].name}') + if [[ $(kubectl get deployment $deployment_name -n $namespace -o jsonpath='{.spec.replicas}') -gt 0 ]]; then + echo kubectl scale deployment $deployment_name -n $namespace --replicas=0 + kubectl scale deployment $deployment_name -n $namespace --replicas=0 + fi + elif echo $owner_refs | grep -q "StatefulSet"; then + statefulset_name=$(kubectl get pod $pod_name -n $namespace -o jsonpath='{.metadata.ownerReferences[?(@.kind=="StatefulSet")].name}') + if [[ $(kubectl get statefulset $statefulset_name -n $namespace -o jsonpath='{.spec.replicas}') -gt 0 ]]; then + echo kubectl scale statefulset $statefulset_name -n $namespace --replicas=0 + kubectl scale statefulset $statefulset_name -n $namespace --replicas=0 + fi + fi + done <<< "$pods" + done + + # Loop through each node and delete it + for node in $nodes; do + echo "Deleting node: $node" + kubectl delete node $node + done + # do a final check to make sure the nodes are gone, loop sleep 60 in between checks + nodes=$(kubectl get nodes -l karpenter.sh/registered=true -o jsonpath='{.items[*].metadata.name}') + while [[ ! -z $nodes ]]; do + echo "Waiting for nodes to be deleted: $nodes" + sleep 60 + nodes=$(kubectl get nodes -l karpenter.sh/registered=true -o jsonpath='{.items[*].metadata.name}') + done + sleep 60 + + +} + +# Delete the Ingress/SVC before removing the addons +TMPFILE=$(mktemp) +terraform -chdir=$SCRIPTDIR output -raw configure_kubectl > "$TMPFILE" +# check if TMPFILE contains the string "No outputs found" +if [[ ! $(cat $TMPFILE) == *"No outputs found"* ]]; then + source "$TMPFILE" + scale_down_karpenter_nodes + kubectl delete ing -A --all + # delete all the kuberneters service of type LoadBalancer, without using jq + kubectl get svc --all-namespaces -o json | grep -E '"type": "LoadBalancer"' | awk '{print "kubectl delete svc " $1 " -n " $2}' | bash + sleep 60 +fi + +terraform destroy -target="module.gitops_bridge_bootstrap" -auto-approve +terraform destroy -target="module.eks_blueprints_addons" -auto-approve +terraform destroy -target="module.eks" -auto-approve +terraform destroy -target="module.vpc" -auto-approve +terraform destroy -auto-approve diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/.helmignore b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/Chart.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/Chart.yaml new file mode 100644 index 00000000..80735ce9 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/Chart.yaml @@ -0,0 +1,19 @@ +apiVersion: v2 +name: gitops-bridge +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 1.0.0 + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/_helpers.tpl b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/_helpers.tpl new file mode 100644 index 00000000..b276184a --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "gitops-bridge.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "gitops-bridge.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "gitops-bridge.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common Helm and Kubernetes labels +*/}} +{{- define "gitops-bridge.labels" -}} +helm.sh/chart: {{ include "gitops-bridge.chart" . }} +app.kubernetes.io/name: {{ include "gitops-bridge.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- if .Values.labels }} +{{ toYaml .Values.labels }} +{{- end }} +{{- end }} + +{{/* +Common Helm and Kubernetes Annotations +*/}} +{{- define "gitops-bridge.annotations" -}} +helm.sh/chart: {{ include "gitops-bridge.chart" . }} +{{- if .Values.annotations }} +{{ toYaml .Values.annotations }} +{{- end }} +{{- end }} + + +{{- define "toValidName" -}} +{{- printf "%s" . | regexReplaceAll "[^a-z0-9.-]" "-" | lower -}} +{{- end -}} \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml new file mode 100644 index 00000000..b1452c5e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/templates/applicationsets.yaml @@ -0,0 +1,225 @@ +{{- $namespace := .Values.namespace }} +{{- $useSelector := .Values.useSelector -}} +{{- $useStack := .Values.useStack -}} +{{- $useStackChart := .Values.useStackChart -}} +{{- $stackGenerator := .Values.stackGenerator -}} +{{- $repoURLGit := .Values.repoURLGit -}} +{{- $repoURLGitRevision := .Values.repoURLGitRevision -}} +{{- $repoURLGitBasePath := .Values.repoURLGitBasePath -}} +{{- $repoURLValues := .Values.repoURLValues -}} +{{- $repoURLValuesRevision := .Values.repoURLValuesRevision -}} +{{- $repoURLValuesBasePath := .Values.repoURLValuesBasePath -}} +{{- $project := .Values.project -}} +{{- $syncPolicy := .Values.syncPolicy -}} +{{- $stackPath := .Values.stackPath -}} +{{- $stackPathPrefix := .Values.stackPathPrefix -}} +{{- $stackPathConfig := .Values.stackPathConfig -}} +{{- $stackPathConfigPrefix := .Values.stackPathConfigPrefix -}} +{{- $valueFiles := .Values.valueFiles -}} +{{- $valuesFilePrefix := .Values.valuesFilePrefix -}} +{{- $useValuesFilePrefix := .Values.useValuesFilePrefix -}} +{{- $syncPolicyAppSet := .Values.syncPolicyAppSet -}} +{{- $goTemplate := .Values.goTemplate -}} +{{- $goTemplateOptions := .Values.goTemplateOptions -}} +{{- $templatePatch := .Values.templatePatch -}} +{{- $applyNestedSelectors := .Values.applyNestedSelectors -}} +{{- $hasapplyNestedSelectors := hasKey .Values "applyNestedSelectors" -}} + +{{- range $name, $addon := .Values.addons }} +{{- if or $useSelector $addon.enabled }} +{{- with $addon -}} +{{- $nameNormalize := printf "%s" $name | replace "_" "-" | trunc 63 | trimSuffix "-" -}} +{{- $addonhasapplyNestedSelectors := hasKey $addon "applyNestedSelectors" -}} +{{- $version := $addon.targetRevision -}} +{{- $versionWithoutV := regexReplaceAll "^v" $version "" -}} +{{- $majorMinor := regexReplaceAll "\\.\\d+$" $versionWithoutV "" }} +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: {{ $nameNormalize }} + namespace: {{ $namespace }} + annotations: + {{- include "gitops-bridge.annotations" $ | nindent 4 }} + {{- if $addon.annotationsAppSet }}{{- toYaml $addon.annotationsAppSet | nindent 4 }}{{- end }} + labels: + {{- include "gitops-bridge.labels" $ | nindent 4 }} + {{- if $addon.labelsAppSet }}{{- toYaml $addon.labelsAppSet | nindent 4 }}{{- end }} +spec: + {{- if $addon.syncPolicyAppSet }} + syncPolicy: + {{- toYaml $addon.syncPolicyAppSet | nindent 4 }} + {{- else }} + syncPolicy: + {{- toYaml $syncPolicyAppSet | nindent 4 }} + {{- end }} + goTemplate: {{ default $goTemplate $addon.goTemplate }} + {{- if $addon.goTemplateOptions }} + goTemplateOptions: + {{ toYaml $addon.goTemplateOptions | nindent 2 }} + {{ else }} + goTemplateOptions: + {{ toYaml $goTemplateOptions }} + {{- end }} + {{- if $addon.ignoreApplicationDifferences }} + ignoreApplicationDifferences: + {{- toYaml $addon.ignoreApplicationDifferences | nindent 2 }} + {{- end }} + {{- if $addon.preservedFields }} + preservedFields: + {{- toYaml $addon.preservedFields | nindent 4 }} + {{- end }} + {{- if $addon.strategy }} + strategy: + {{- toYaml $addon.strategy | nindent 4 }} + {{- end }} + {{- if $addon.templatePatch }} + templatePatch: {{- $addon.templatePatch | toYaml | indent 1 }} + {{- else }} + {{- if $templatePatch }} + templatePatch: {{- $templatePatch | toYaml | indent 1 }} + {{- end }} + {{- end }} + {{- if $addonhasapplyNestedSelectors }} + applyNestedSelectors: {{ $addon.applyNestedSelectors }} + {{- else }} + {{- if $hasapplyNestedSelectors }} + applyNestedSelectors: {{ $applyNestedSelectors }} + {{- end }} + {{- end }} + generators: + {{- if $useStack }} + - matrix: + generators: + - matrix: + generators: + {{- end }} + - clusters: # for reason this is need it as second in the matrix, if not the above extracting .tenants doesn't work + selector: + matchLabels: + argocd.argoproj.io/secret-type: cluster + {{- if and $addon.selector $useSelector }} + {{- toYaml $addon.selector | nindent 16 }} + {{- end }} + {{- if $useStack }} + - git: + repoURL: {{ $repoURLGit }} + revision: {{ $repoURLGitRevision }} + files: + - path: '{{ $repoURLGitBasePath }}{{ $stackPathConfigPrefix }}{{`{{.metadata.labels.kubernetes_version}}`}}/{{ $stackPathConfig }}' + - git: + repoURL: {{ $repoURLGit }} + revision: {{ $repoURLGitRevision }} + files: + - path: '{{ $repoURLGitBasePath }}{{ $stackPathPrefix }}{{`{{.metadata.labels.kubernetes_version}}`}}/{{ $stackPath }}' + {{- end }} + + + template: + metadata: + name: addon-{{ $nameNormalize }}{{ if $useSelector }}-{{`{{.nameNormalized}}`}}{{ end }} + annotations: + argocd.argoproj.io/manifest-generate-paths: {{ with $valueFiles }}{{ range . }}{{ $repoURLValuesBasePath }}{{ if $useValuesFilePrefix }}{{ $valuesFilePrefix }}{{ end }}{{ . }}/{{ $nameNormalize }}/values.yaml;{{ end }}{{ end }} + {{- include "gitops-bridge.annotations" $ | nindent 8 }} + {{- if $addon.annotationsApp }}{{- toYaml $addon.annotationsApp | nindent 8 }}{{- end }} + labels: + {{- include "gitops-bridge.labels" $ | nindent 8 }} + {{- if $addon.labelsApp }}{{- toYaml $addon.labelsApp | nindent 8 }}{{- end }} + component: '{{ $nameNormalize }}' + addon: 'true' + environment: '{{`{{.metadata.labels.environment}}`}}' + cluster: '{{`{{.name}}`}}' + spec: + project: {{ $project }} + sources: + - repoURL: {{ $repoURLValues }} + targetRevision: {{ $repoURLValuesRevision }} + ref: values + {{- if $useStack }} + - repoURL: '{{`{{.addons.`}}{{ $name }}{{`.repoUrl}}`}}' + targetRevision: '{{`{{.addons.`}}{{ $name }}{{`.targetRevision}}`}}' + {{- if $useStackChart }} + chart: '{{`{{.addons.`}}{{ $name }}{{`.chart}}`}}' + {{- else }} + path: '{{`{{.addons.`}}{{ $name }}{{`.path}}`}}' + {{- end }} + {{- else }} + - repoURL: '{{ $addon.repoUrl }}' + targetRevision: '{{ $addon.targetRevision }}' + {{- if $addon.chart }} + chart: '{{ $addon.chart }}' + {{- end }} + {{- if $addon.path }} + path: '{{ $addon.path }}' + {{- end }} + {{- end }} + helm: + releaseName: '{{ $addon.releaseName }}' + ignoreMissingValueFiles: true + {{ with $valueFiles -}} + valueFiles: + {{- range . }} + - '$values/{{ $repoURLValuesBasePath }}{{ if $useValuesFilePrefix }}{{ $valuesFilePrefix }}{{ end }}{{ . }}/{{ $nameNormalize }}/values.yaml' + {{- if $useStack }} + - '$values/{{ $repoURLValuesBasePath }}{{ if $useValuesFilePrefix }}{{ $valuesFilePrefix }}{{ end }}{{ . }}/{{ $nameNormalize }}/{{`{{- $version := .addons.`}}{{ $name }}{{`.targetRevision -}} +{{- $versionWithoutV := regexReplaceAll "^v" $version "" -}} +{{- $majorMinor := regexReplaceAll "\\.\\d+$" $versionWithoutV "" -}}{{- $majorMinor -}}`}}/values.yaml' + {{- else }} + - '$values/{{ $repoURLValuesBasePath }}{{ if $useValuesFilePrefix }}{{ $valuesFilePrefix }}{{ end }}{{ . }}/{{ $nameNormalize }}/{{ $majorMinor }}/values.yaml' + {{- end }} + {{- end }} + {{- end }} + {{- with $addon.values }} + valuesObject: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- if $addon.resources }} + - repoURL: {{ $repoURLValues }} + targetRevision: {{ $repoURLValuesRevision }} + {{- if $addon.resources.path }} + path: '{{ $repoURLValuesBasePath }}{{ $addon.resources.path }}' + {{- end }} + {{- if $addon.resources.chart }} + chart: '{{ $addon.resources.chart }}' + {{- end }} + {{- if $addon.resources.helm }} + helm: + releaseName: '{{ $addon.releaseName }}' + ignoreMissingValueFiles: true + {{ with $valueFiles -}} + valueFiles: + {{- range . }} + - '$values/{{ $repoURLValuesBasePath }}{{ if $useValuesFilePrefix }}{{ $valuesFilePrefix }}{{ end }}{{ . }}/{{ $nameNormalize }}/resources/values.yaml' + {{- if $useStack }} + - '$values/{{ $repoURLValuesBasePath }}{{ if $useValuesFilePrefix }}{{ $valuesFilePrefix }}{{ end }}{{ . }}/{{ $nameNormalize }}/{{`{{- $version := .addons.`}}{{ $name }}{{`.targetRevision -}} +{{- $versionWithoutV := regexReplaceAll "^v" $version "" -}} +{{- $majorMinor := regexReplaceAll "\\.\\d+$" $versionWithoutV "" -}}{{- $majorMinor -}}`}}/values.yaml' + {{- else }} + - '$values/{{ $repoURLValuesBasePath }}{{ if $useValuesFilePrefix }}{{ $valuesFilePrefix }}{{ end }}{{ . }}/{{ $nameNormalize }}/{{ $majorMinor }}/resources/values.yaml' + {{- end }} + {{- end }} + {{- end }} + {{- toYaml $addon.resources.helm | nindent 10 }} + {{- end }} + {{- end }} + destination: + {{- if hasPrefix "." $addon.namespace }} + namespace: '{{`{{`}}{{ $addon.namespace }}{{`}}`}}' + {{- else }} + namespace: '{{ $addon.namespace }}' + {{- end }} + name: '{{`{{.name}}`}}' + {{- if $addon.syncPolicy }} + syncPolicy: + {{- toYaml $addon.syncPolicy | nindent 8 }} + {{ else }} + syncPolicy: + {{- toYaml $syncPolicy | nindent 8 }} + {{- end }} + {{- with $addon.ignoreDifferences }} + ignoreDifferences: + {{- toYaml . | nindent 8 }} + {{- end }} +--- +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml new file mode 100644 index 00000000..49c44aa5 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/gitops-bridge/values.yaml @@ -0,0 +1,964 @@ +syncPolicyAppSet: + preserveResourcesOnDeletion: true +goTemplate: true +goTemplateOptions: ["missingkey=error"] +stackPathPrefix: 'k8s-v' +stackPath: 'addons-{{- $tenant := default dict (index .tenants .metadata.labels.tenant) -}} + {{- $cluster := index (default dict (index $tenant "clusters")) .name -}} + {{- $env := index (default dict (index $tenant "environments")) .metadata.labels.environment -}} + {{- if $cluster -}} + {{ $cluster.addons_version }} + {{- else if $env -}} + {{ $env.addons_version }} + {{- else if $tenant -}} + {{ $tenant.addons_version }} + {{- else -}} + {{ .addons_version }} + {{- end -}}.yaml' +stackPathConfigPrefix: 'k8s-v' +stackPathConfig: 'addons-config.yaml' +repoURLGit: "'{{.metadata.annotations.addons_repo_url}}'" +repoURLGitRevision: HEAD +repoURLGitBasePath: "stacks/" +repoURLValues: "'{{.metadata.annotations.addons_repo_url}}'" +repoURLValuesRevision: HEAD +repoURLValuesBasePath: "" +project: default +namespace: argocd +useSelector: false +useStack: true +useStackChart: true +syncPolicy: + automated: + selfHeal: false + allowEmpty: true + prune: false + retry: + limit: -1 # number of failed sync attempt retries; unlimited number of attempts if less than 0 + backoff: + duration: 5s # the amount to back off. Default unit is seconds, but could also be a duration (e.g. "2m", "1h") + factor: 2 # a factor to multiply the base duration after each failed retry + maxDuration: 10m # the maximum amount of time allowed for the backoff strategy + syncOptions: + - CreateNamespace=true + - ServerSideApply=true # Big CRDs. +valueFiles: + - default/addons + - environments/{{.metadata.labels.environment}}/addons + - clusters/{{.nameNormalized}}/addons +valueFilesResources: + - environments/{{.metadata.labels.environment}}/addons + - clusters/{{.nameNormalized}}/addons +useValuesFilePrefix: false +valuesFilePrefix: tenants/{{.metadata.labels.tenant}}/ +addons: + argocd: + enabled: false + releaseName: argocd + namespace: argocd + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.4.1" + selector: + matchExpressions: + - key: enable_argocd + operator: In + values: ['true'] + aws_load_balancer_controller: + enabled: false + releaseName: aws-load-balancer-controller + aws_load_balancer_controller: + chart: aws-load-balancer-controller + repoUrl: https://aws.github.io/eks-charts + targetRevision: "1.8.1" + namespace: '.metadata.annotations.aws_load_balancer_controller_namespace' + annotationsAppSet: + argocd.argoproj.io/sync-wave: '-1' + selector: + matchExpressions: + - key: enable_aws_load_balancer_controller + operator: In + values: ['true'] + values: + vpcId: '{{.metadata.annotations.aws_vpc_id}}' + clusterName: '{{.metadata.annotations.aws_cluster_name}}' + serviceAccount: + name: '{{.metadata.annotations.aws_load_balancer_controller_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.aws_load_balancer_controller_iam_role_arn}}' + ignoreDifferences: + - kind: Secret + name: aws-load-balancer-tls + jsonPointers: [/data] + - group: admissionregistration.k8s.io + kind: MutatingWebhookConfiguration + jqPathExpressions: ['.webhooks[].clientConfig.caBundle'] + - group: admissionregistration.k8s.io + kind: ValidatingWebhookConfiguration + jqPathExpressions: ['.webhooks[].clientConfig.caBundle'] + gatekeeper: + enabled: false + releaseName: gatekeeper + namespace: gatekeeper-system + chart: gatekeeper + repoUrl: https://open-policy-agent.github.io/gatekeeper/charts + targetRevision: "3.16.3" + selector: + matchExpressions: + - key: enable_gatekeeper + operator: In + values: ['true'] + # resources: + # path: manifests/resources/gatekeeper + resources: + path: charts/resources/gatekeeper + helm: + valuesObject: + environment: '{{.metadata.labels.environment}}' + metrics_server: + enabled: false + releaseName: metrics-server + namespace: kube-system + metrics_server: + chart: metrics-server + repoUrl: https://kubernetes-sigs.github.io/metrics-server + targetRevision: "3.12.1" + selector: + matchExpressions: + - key: enable_metrics_server + operator: In + values: ['true'] + aws_ebs_csi_resources: + enabled: false + releaseName: aws-ebs-csi-classes + chart: aws-ebs-csi-classes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + namespace: kube-system + selector: + matchExpressions: + - key: enable_aws_ebs_csi_resources + operator: In + values: ['true'] + karpenter: + enabled: false + releaseName: karpenter + namespace: '.metadata.annotations.karpenter_namespace' + chart: karpenter/karpenter + repoUrl: public.ecr.aws + targetRevision: "0.37.0" + selector: + matchExpressions: + - key: enable_karpenter + operator: In + values: ['true'] + values: + settings: + clusterName: '{{.metadata.annotations.aws_cluster_name}}' + interruptionQueue: '{{.metadata.annotations.karpenter_sqs_queue_name}}' + serviceAccount: + name: '{{.metadata.annotations.karpenter_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.karpenter_iam_role_arn}}' + resources: + path: charts/resources/karpenter + helm: + valuesObject: + environment: '{{.metadata.labels.environment}}' + clusterName: '{{.metadata.annotations.aws_cluster_name}}' + IamRole: '{{.metadata.annotations.karpenter_node_iam_role_name}}' + securityGroupSelectorTerms: + - tags: + karpenter.sh/discovery: '{{.metadata.annotations.aws_cluster_name}}' + subnetSelectorTerms: + - tags: + karpenter.sh/discovery: '{{.metadata.annotations.aws_cluster_name}}' + volcano: + enabled: false + releaseName: volcano + namespace: volcano-system + chart: volcano + repoUrl: https://volcano-sh.github.io/helm-charts + targetRevision: "1.9.0" + selector: + matchExpressions: + - key: enable_volcano + operator: In + values: ['true'] + annotationsApp: + argocd.argoproj.io/compare-options: "ServerSideDiff=true" # required for volcano https://github.com/argoproj/argo-cd/issues/18548 + aws_cloudwatch_metrics: + enabled: false + releaseName: aws-cloudwatch-metrics + namespace: '.metadata.annotations.aws_cloudwatch_metrics_namespace' + chart: aws-cloudwatch-metrics + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.0.11" + selector: + matchExpressions: + - key: enable_aws_cloudwatch_metrics + operator: In + values: ['true'] + values: + clusterName: '{{.metadata.annotations.aws_cluster_name}}' + serviceAccount: + name: '{{.metadata.annotations.aws_cloudwatch_metrics_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.aws_cloudwatch_metrics_iam_role_arn}}' + aws_efs_csi_driver: + enabled: false + releaseName: aws-efs-csi-driver + namespace: '{{.metadata.annotations.aws_efs_csi_driver_namespace}}' + chart: aws-efs-csi-driver + repoUrl: https://kubernetes-sigs.github.io/aws-efs-csi-driver + targetRevision: "3.0.7" + selector: + matchExpressions: + - key: enable_aws_efs_csi_driver + operator: In + values: ['true'] + values: + controller: + serviceAccount: + name: '{{.metadata.annotations.aws_efs_csi_driver_controller_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.aws_efs_csi_driver_iam_role_arn}}' + node: + serviceAccount: + name: '{{.metadata.annotations.aws_efs_csi_driver_node_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.aws_efs_csi_driver_iam_role_arn}}' + enable_aws_fsx_csi_driver: + enabled: false + releaseName: aws-fsx-csi-driver + namespace: '{{.metadata.annotations.aws_fsx_csi_driver_namespace}}' + chart: aws-fsx-csi-driver + repoUrl: https://kubernetes-sigs.github.io/aws-fsx-csi-driver + targetRevision: "1.9.0" + selector: + matchExpressions: + - key: enable_aws_fsx_csi_driver + operator: In + values: ['true'] + values: + controller: + serviceAccount: + name: '{{.metadata.annotations.aws_fsx_csi_driver_controller_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.aws_fsx_csi_driver_iam_role_arn}}' + node: + serviceAccount: + name: '{{.metadata.annotations.aws_fsx_csi_driver_node_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.aws_fsx_csi_driver_iam_role_arn}}' + aws_for_fluentbit: + enabled: false + releaseName: aws-for-fluentbit + namespace: '{{.metadata.annotations.aws_for_fluentbit_namespace}}' + chart: aws-for-fluent-bit + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.1.34" + selector: + matchExpressions: + - key: enable_aws_for_fluentbit + operator: In + values: ['true'] + values: + cloudWatchLogs: + enabled: true + region: '{{.metadata.annotations.aws_region}}' + logGroupName: '{{.metadata.annotations.aws_for_fluentbit_log_group_name}}' + logGroupTemplate: "{{.metadata.annotations.aws_for_fluentbit_log_group_name}}/workload/$kubernetes['namespace_name']" + logStreamTemplate: "$kubernetes['pod_name'].$kubernetes['container_name']" + logRetentionDays: 90 + serviceAccount: + name: '{{.metadata.annotations.aws_for_fluentbit_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.aws_for_fluentbit_iam_role_arn}}' + aws_fargate_fluentbit: + enabled: false + releaseName: aws-fargate-fluentbit + namespace: 'kube-system' + chart: aws-fargate-fluentbit + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + selector: + matchExpressions: + - key: enable_fargate_fluentbit + operator: In + values: ['true'] + values: + region: '{{.metadata.annotations.aws_region}}' + log_group_name: '{{.metadata.annotations.fargate_fluentbit_log_group_name}}' + log_stream_prefix: '{{.metadata.annotations.fargate_fluentbit_log_stream_prefix}}' + aws_gateway_api_controller: + enabled: false + releaseName: aws-gateway-api-controller + namespace: '{{.metadata.annotations.aws_gateway_api_controller_namespace}}' + chart: aws-gateway-controller-chart + repoUrl: public.ecr.aws + targetRevision: "v1.0.7" + selector: + matchExpressions: + - key: enable_aws_gateway_api_controller + operator: In + values: ['true'] + values: + awsRegion: '{{.metadata.annotations.aws_region}}' + awsAccountId: '{{.metadata.annotations.aws_account_id}}' + clusterVpcId: '{{.metadata.annotations.aws_vpc_id}}' + serviceAccount: + name: '{{.metadata.annotations.aws_gateway_api_controller_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.aws_gateway_api_controller_iam_role_arn}}' + aws_node_termination_handler: + enabled: false + releaseName: aws-node-termination-handler + namespace: '{{.metadata.annotations.aws_node_termination_handler_namespace}}' + chart: aws-node-termination-handler + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.21.0" + selector: + matchExpressions: + - key: enable_aws_node_termination_handler + operator: In + values: ['true'] + values: + awsRegion: '{{.metadata.annotations.aws_region}}' + queueURL: '{{.metadata.annotations.aws_node_termination_handler_sqs_queue_url}}' + enableSqsTerminationDraining: true + serviceAccount: + name: '{{.metadata.annotations.aws_node_termination_handler_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.aws_node_termination_handler_iam_role_arn}}' + aws_argo_workflows_ingress: + enabled: false + releaseName: aws-argo-workflows-ingress + namespace: '{{default "argo-worflows" (index .metadata.annotations "argo_workflows_namespace") }}' + chart: argo-workflows + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "0.41.14" + selector: + matchExpressions: + - key: enable_aws_argo_workflows_ingress + operator: In + values: ['true'] + values: + server: + serviceType: ClusterIP + servicePort: "2746" + servicePortName: http + ingress: + enabled: true + annotations: + alb.ingress.kubernetes.io/scheme: "internet-facing" + alb.ingress.kubernetes.io/target-type: "ip" + alb.ingress.kubernetes.io/backend-protocol: "HTTP" + alb.ingress.kubernetes.io/listen-ports: "[{\"HTTPS\":443}]" + alb.ingress.kubernetes.io/tags: "Environment=hub,GitOps=true" + ingressClassName: "alb" + hosts: '{{.metadata.annotations.argo_workflows_hosts}}' + paths: + - / + pathType: Prefix + tls: + - hosts: '{{.metadata.annotations.argo_workflows_hosts}}' + aws_argocd: + enabled: false + releaseName: argocd + namespace: '{{default "argocd" (index .metadata.annotations "aws_argocd_namespace") }}' + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.4.1" + selector: + matchExpressions: + - key: enable_aws_argocd + operator: In + values: ['true'] + values: + controller: + serviceAccount: + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.argocd_iam_role_arn}}' + server: + serviceAccount: + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.argocd_iam_role_arn}}' + aws_argocd_ingress: + enabled: false + releaseName: argocd + namespace: '{{default "argocd" (index .metadata.annotations "aws_argocd_ingress_namespace") }}' + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.4.1" + selector: + matchExpressions: + - key: enable_aws_argocd_ingress + operator: In + values: ['true'] + values: + global: + domain: '{{.metadata.annotations.argocd_domain}}' + server: + service: + type: "ClusterIP" + ingress: + enabled: true + controller: "aws" + ingressClassName: "alb" + annotations: + alb.ingress.kubernetes.io/scheme: "internet-facing" + alb.ingress.kubernetes.io/target-type: "ip" + alb.ingress.kubernetes.io/backend-protocol: "HTTPS" + alb.ingress.kubernetes.io/listen-ports: "[{\"HTTP\":80},{\"HTTPS\":443}]" + alb.ingress.kubernetes.io/ssl-redirect: "443" + alb.ingress.kubernetes.io/tags: "Environment=hub,GitOps=true" + aws: + serviceType: "ClusterIP" # Instance mode needs type NodePort, IP mode needs type ClusterIP or NodePort + backendProtocolVersion: "GRPC" # This tells AWS to send traffic from the ALB using HTTP2. Can use gRPC as well if you want to leverage gRPC specific features + cert_manager: + enabled: false + releaseName: cert-manager + namespace: '{{.metadata.annotations.cert_manager_namespace}}' + chart: cert-manager + repoUrl: https://charts.jetstack.io + targetRevision: "v1.15.2" + selector: + matchExpressions: + - key: enable_cert_manager + operator: In + values: ['true'] + values: + installCRDs: true + serviceAccount: + name: '{{.metadata.annotations.cert_manager_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.cert_manager_iam_role_arn}}' + cluster_autoscaler: + enabled: false + releaseName: cluster-autoscaler + namespace: '{{.metadata.annotations.cluster_autoscaler_namespace}}' + chart: cluster-autoscaler + repoUrl: https://kubernetes.github.io/autoscaler + targetRevision: "9.37.0" + selector: + matchExpressions: + - key: enable_cluster_autoscaler + operator: In + values: ['true'] + values: + image: + tag: 'v{{.metada.labels.kubernetes_version}}.0' + awsRegion: '{{.metadata.annotations.aws_region}}' + autoDiscovery: + clusterName: '{{.metadata.annotations.aws_cluster_name}}' + rbac: + serviceAccount: + name: '{{.metadata.annotations.cluster_autoscaler_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.cluster_autoscaler_iam_role_arn}}' + aws_crossplane_provider: + enabled: false + releaseName: crossplane-aws + namespace: crossplane-system + chart: crossplane-aws + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "2.2.0" + selector: + matchExpressions: + - key: enable_aws_crossplane_provider + operator: In + values: ['true'] + values: + deploymentRuntimeConfig: + metadata: + role_arn: '{{.metadata.annotations.aws_crossplane_iam_role_arn}}' + provider: + package: + registry: xpkg.upbound.io/crossplane-contrib/provider-aws + version: "v0.49.1" + aws_crossplane_upbound_provider: + enabled: false + releaseName: crossplane-aws-upbound + namespace: crossplane-system + chart: crossplane-aws-upbound + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "3.0.0" + selector: + matchExpressions: + - key: enable_aws_crossplane_upbound_provider + operator: In + values: ['true'] + values: + deploymentRuntimeConfig: + metadata: + role_arn: '{{.metadata.annotations.aws_upbound_crossplane_iam_role_arn}}' + provider: + package: + registry: xpkg.upbound.io/upbound + version: v1.1.0 + providers: + - cloudfront + - cloudwatchlogs + - dynamodb + - ec2 + - eks + - firehose + - iam + - kms + - lambda + - rds + - s3 + - sns + - sqs + external-dns: + enabled: false + releaseName: external-dns + namespace: '{{.metadata.annotations.external_dns_namespace}}' + chart: external-dns + repoUrl: https://kubernetes-sigs.github.io/external-dns + targetRevision: "1.14.5" + selector: + matchExpressions: + - key: enable_external_dns + operator: In + values: ['true'] + values: + provider: aws + serviceAccount: + name: '{{.metadata.annotations.external_dns_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.external_dns_iam_role_arn}}' + domainFilters: '{{.metadata.annotations.external_dns_domain_filters}}' + txtOwnerId: '{{.metadata.annotations.aws_cluster_name}}' + policy: '{{default "upsert-only" (index .metadata.annotations "external_dns_policy")}}' + external_secrets: + enabled: false + releaseName: external-secrets + namespace: '{{.metadata.annotations.external_secrets_namespace}}' + chart: external-secrets + repoUrl: https://charts.external-secrets.io + targetRevision: "0.10.0" + selector: + matchExpressions: + - key: enable_external_secrets + operator: In + values: ['true'] + values: + serviceAccount: + name: '{{.metadata.annotations.external_secrets_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.external_secrets_iam_role_arn}}' + aws_privateca_issuer: + enabled: false + releaseName: privateca-issuer + namespace: '{{.metadata.annotations.aws_privateca_issuer_namespace}}' + chart: aws-privateca-issuer + repoUrl: https://cert-manager.github.io/aws-privateca-issuer + targetRevision: "v1.3.0" + selector: + matchExpressions: + - key: enable_aws_privateca_issuer + operator: In + values: ['true'] + values: + serviceAccount: + name: '{{.metadata.annotations.aws_privateca_issuer_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.aws_privateca_issuer_iam_role_arn}}' + velero: + enabled: false + releaseName: velero + namespace: '{{.metadata.annotations.velero_namespace}}' + chart: velero + repoUrl: https://vmware-tanzu.github.io/helm-charts + targetRevision: "7.1.4" + selector: + matchExpressions: + - key: enable_velero + operator: In + values: ['true'] + values: + configuration: + backupStorageLocation: + - name: default + provider: aws + prefix: '{{.metadata.annotations.velero_backup_s3_bucket_prefix}}' + bucket: '{{.metadata.annotations.velero_backup_s3_bucket_name}}' + config: + region: '{{.metadata.annotations.aws_region}}' + volumeSnapshotLocation: + - name: default + provider: aws + config: + region: '{{.metadata.annotations.aws_region}}' + serviceAccount: + server: + name: '{{.metadata.annotations.velero_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.velero_iam_role_arn}}' + initContainers: + - name: velero-plugin-for-aws + image: velero/velero-plugin-for-aws:v1.10.0 + imagePullPolicy: IfNotPresent + volumeMounts: + - mountPath: /target + name: plugins + aws_secrets_store_csi_driver_provider: + enabled: false + releaseName: secrets-store-csi-driver-provider-aws + namespace: '{{default "kube-system" (index .metadata.annotations "aws_secrets_store_csi_driver_provider_namespace")}}' + chart: secrets-store-csi-driver-provider-aws + repoUrl: https://aws.github.io/secrets-store-csi-driver-provider-aws + targetRevision: "0.3.9" + selector: + matchExpressions: + - key: enable_aws_secrets_store_csi_driver_provider + operator: In + values: ['true'] + argo_events: + enabled: false + releaseName: argo-events + namespace: '{{default "argo-events" (index .metadata.annotations "argo_events_namespace")}}' + chart: argo-events + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "2.4.7" + selector: + matchExpressions: + - key: enable_argo_events + operator: In + values: ['true'] + argo_rollouts: + enabled: false + releaseName: argo-rollouts + namespace: '{{default "argo-rollouts" (index .metadata.annotations "argo_rollouts_namespace")}}' + chart: argo-rollouts + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "2.37.3" + selector: + matchExpressions: + - key: enable_argo_rollouts + operator: In + values: ['true'] + argo_workflows: + enabled: false + releaseName: argo-workflows + namespace: '{{default "argo-workflows" (index .metadata.annotations "argo_workflows_namespace")}}' + chart: argo-workflows + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "0.41.14" + selector: + matchExpressions: + - key: enable_argo_workflows + operator: In + values: ['true'] + cluster_proportional_autoscaler: + enabled: false + releaseName: cluster-proportional-autoscaler + namespace: '{{default "kube-system" (index .metadata.annotations "cluster_proportional_autoscaler_namespace")}}' + chart: cluster-proportional-autoscaler + repoUrl: https://kubernetes-sigs.github.io/cluster-proportional-autoscaler + targetRevision: "1.1.0" + selector: + matchExpressions: + - key: enable_cluster_proportional_autoscaler + operator: In + values: ['true'] + crossplane: + enabled: false + releaseName: crossplane + namespace: '{{default "crossplane-system" (index .metadata.annotations "crossplane_namespace")}}' + chart: crossplane + repoUrl: https://crossplane.github.io/charts + targetRevision: "1.16.0" + selector: + matchExpressions: + - key: enable_crossplane + operator: In + values: ['true'] + ignoreDifferences: + - kind: Deployment + group: apps + jqPathExpressions: + - .spec.template.spec.containers[].env[].valueFrom.resourceFieldRef.divisor + - .spec.template.spec.initContainers[].env[].valueFrom.resourceFieldRef.divisor + crossplane_helm_provider: + enabled: false + releaseName: crossplane-helm + namespace: '{{default "crossplane-system" (index .metadata.annotations "crossplane_helm_namespace")}}' + chart: crossplane-helm + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.1.0" + selector: + matchExpressions: + - key: enable_crossplane_helm_provider + operator: In + values: ['true'] + crossplane_kubernetes_provider: + enabled: false + releaseName: crossplane-kubernetes + namespace: '{{default "crossplane-system" (index .metadata.annotations "crossplane_kubernetes_namespace")}}' + chart: crossplane-kubernetes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.2.0" + selector: + matchExpressions: + - key: enable_crossplane_kubernetes_provider + operator: In + values: ['true'] + gpu_operator: + enabled: false + releaseName: gpu-operator + namespace: '{{default "gpu-operator" (index .metadata.annotations "gpu_operator_namespace")}}' + chart: gpu-operator + repoUrl: https://nvidia.github.io/gpu-operator + targetRevision: "v24.6.0" + selector: + matchExpressions: + - key: enable_gpu_operator + operator: In + values: ['true'] + ingress_nginx: + enabled: false + releaseName: ingress-nginx + namespace: '{{default "ingress-nginx" (index .metadata.annotations "ingress_nginx_namespace")}}' + chart: ingress-nginx + repoUrl: https://kubernetes.github.io/ingress-nginx + targetRevision: "4.11.1" + selector: + matchExpressions: + - key: enable_ingress_nginx + operator: In + values: ['true'] + keda: + enabled: false + releaseName: keda + namespace: '{{default "keda" (index .metadata.annotations "keda_namespace")}}' + chart: keda + repoUrl: https://kedacore.github.io/charts + targetRevision: "2.15.0" + selector: + matchExpressions: + - key: enable_keda + operator: In + values: ['true'] + kube_prometheus_stack: + enabled: false + releaseName: kube-prometheus-stack + namespace: '{{default "kube-prometheus-stack" (index .metadata.annotations "kube_prometheus_stack_namespace")}}' + chart: kube-prometheus-stack + repoUrl: https://prometheus-community.github.io/helm-charts + targetRevision: "61.7.1" + selector: + matchExpressions: + - key: enable_kube_prometheus_stack + operator: In + values: ['true'] + kyverno: + enabled: false + releaseName: kyverno + namespace: '{{default "kyverno" (index .metadata.annotations "kyverno_namespace")}}' + chart: kyverno + repoUrl: https://kyverno.github.io/kyverno + targetRevision: "3.2.6" + selector: + matchExpressions: + - key: enable_kyverno + operator: In + values: ['true'] + prometheus_adapter: + enabled: false + releaseName: prometheus-adapter + namespace: '{{default "prometheus-adapter" (index .metadata.annotations "prometheus_adapter_namespace")}}' + chart: prometheus-adapter + repoUrl: https://prometheus-community.github.io/helm-charts + targetRevision: "4.10.0" + selector: + matchExpressions: + - key: enable_prometheus_adapter + operator: In + values: ['true'] + secrets_store_csi_driver: + enabled: false + releaseName: secrets-store-csi-driver + namespace: '{{default "kube-system" (index .metadata.annotations "secrets_store_csi_driver_namespace")}}' + chart: secrets-store-csi-driver + repoUrl: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts + targetRevision: "1.4.4" + selector: + matchExpressions: + - key: enable_secrets_store_csi_driver + operator: In + values: ['true'] + vpa: + enabled: false + releaseName: vpa + namespace: '{{default "vpa" (index .metadata.annotations "vpa_namespace")}}' + chart: vpa + repoUrl: https://charts.fairwinds.com/stable + targetRevision: "4.5.0" + selector: + matchExpressions: + - key: enable_vpa + operator: In + values: ['true'] + ack_apigatewayv2: + enabled: false + releaseName: ack-apigatewayv2 + namespace: '{{default "aws-controllers-k8s" (index .metadata.annotations "ack_apigatewayv2_namespace")}}' + chart: aws-controllers-k8s/apigatewayv2-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.15" + selector: + matchExpressions: + - key: enable_ack_apigatewayv2 + operator: In + values: ['true'] + values: + aws: + region: '{{.metadata.annotations.aws_region}}' + nameOverride: 'aws-controllers-k8s' + serviceAccount: + name: '{{.metadata.annotations.ack_apigatewayv2_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.ack_apigatewayv2_iam_role_arn}}' + ack_dynamodb: + enabled: false + releaseName: ack-dynamodb + namespace: '{{default "aws-controllers-k8s" (index .metadata.annotations "ack_dynamodb_namespace")}}' + chart: aws-controllers-k8s/dynamodb-chart + repoUrl: public.ecr.aws + targetRevision: "1.2.13" + selector: + matchExpressions: + - key: enable_ack_dynamodb + operator: In + values: ['true'] + values: + aws: + region: '{{.metadata.annotations.aws_region}}' + nameOverride: 'aws-controllers-k8s' + serviceAccount: + name: '{{.metadata.annotations.ack_dynamodb_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.ack_dynamodb_iam_role_arn}}' + ack_prometheusservice: + enabled: false + releaseName: ack-prometheusservice + namespace: '{{default "aws-controllers-k8s" (index .metadata.annotations "ack_prometheusservice_namespace")}}' + chart: aws-controllers-k8s/prometheusservice-chart + repoUrl: public.ecr.aws + targetRevision: "1.2.13" + selector: + matchExpressions: + - key: enable_ack_prometheusservice + operator: In + values: ['true'] + values: + aws: + region: '{{.metadata.annotations.aws_region}}' + nameOverride: 'aws-controllers-k8s' + serviceAccount: + name: '{{.metadata.annotations.ack_prometheusservice_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.ack_prometheusservice_iam_role_arn}}' + ack_emrcontainers: + enabled: false + releaseName: ack-emrcontainers + namespace: '{{default "aws-controllers-k8s" (index .metadata.annotations "ack_emrcontainers_namespace")}}' + chart: aws-controllers-k8s/emrcontainers-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.12" + selector: + matchExpressions: + - key: enable_ack_emrcontainers + operator: In + values: ['true'] + values: + aws: + region: '{{.metadata.annotations.aws_region}}' + nameOverride: 'aws-controllers-k8s' + serviceAccount: + name: '{{.metadata.annotations.ack_emrcontainers_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.ack_emrcontainers_iam_role_arn}}' + ack_eventbridge: + enabled: false + releaseName: ack-eventbridge + namespace: '{{default "aws-controllers-k8s" (index .metadata.annotations "ack_eventbridge_namespace")}}' + chart: aws-controllers-k8s/eventbridge-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.13" + selector: + matchExpressions: + - key: enable_ack_eventbridge + operator: In + values: ['true'] + values: + aws: + region: '{{.metadata.annotations.aws_region}}' + nameOverride: 'aws-controllers-k8s' + serviceAccount: + name: '{{.metadata.annotations.ack_eventbridge_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.ack_eventbridge_iam_role_arn}}' + ack_rds: + enabled: false + releaseName: ack-rds + namespace: '{{default "aws-controllers-k8s" (index .metadata.annotations "ack_rds_namespace")}}' + chart: aws-controllers-k8s/rds-chart + repoUrl: public.ecr.aws + targetRevision: "1.4.3" + selector: + matchExpressions: + - key: enable_ack_rds + operator: In + values: ['true'] + values: + aws: + region: '{{.metadata.annotations.aws_region}}' + nameOverride: 'aws-controllers-k8s' + serviceAccount: + name: '{{.metadata.annotations.ack_rds_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.ack_rds_iam_role_arn}}' + ack_s3: + enabled: false + releaseName: ack-s3 + namespace: '{{default "aws-controllers-k8s" (index .metadata.annotations "ack_s3_namespace")}}' + chart: aws-controllers-k8s/s3-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.14" + selector: + matchExpressions: + - key: enable_ack_s3 + operator: In + values: ['true'] + values: + aws: + region: '{{.metadata.annotations.aws_region}}' + nameOverride: 'aws-controllers-k8s' + serviceAccount: + name: '{{.metadata.annotations.ack_s3_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.ack_s3_iam_role_arn}}' + ack_sfn: + enabled: false + releaseName: ack-sfn + namespace: '{{default "aws-controllers-k8s" (index .metadata.annotations "ack_sfn_namespace")}}' + chart: aws-controllers-k8s/sfn-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.13" + selector: + matchExpressions: + - key: enable_ack_sfn + operator: In + values: ['true'] + values: + aws: + region: '{{.metadata.annotations.aws_region}}' + nameOverride: 'aws-controllers-k8s' + serviceAccount: + name: '{{.metadata.annotations.ack_sfn_service_account}}' + annotations: + eks.amazonaws.com/role-arn: '{{.metadata.annotations.ack_sfn_iam_role_arn}}' diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/.gitkeep b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/.helmignore b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/Chart.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/Chart.yaml new file mode 100644 index 00000000..625ecce4 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/Chart.yaml @@ -0,0 +1,19 @@ +apiVersion: v2 +name: gatekeeper-resources +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 1.0.0 + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/_helpers.tpl b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/_helpers.tpl new file mode 100644 index 00000000..e3237df1 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/_helpers.tpl @@ -0,0 +1,66 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "resources.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "resources.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "resources.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "resources.labels" -}} +helm.sh/chart: {{ include "resources.chart" . }} +{{ include "resources.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "resources.selectorLabels" -}} +app.kubernetes.io/name: {{ include "resources.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "resources.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "resources.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{- define "toValidName" -}} +{{- printf "%s" . | regexReplaceAll "[^a-z0-9.-]" "-" | lower -}} +{{- end -}} \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/templates/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/constraint.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/templates/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/constraint.yaml new file mode 100644 index 00000000..0b7663e2 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/templates/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/constraint.yaml @@ -0,0 +1,14 @@ +apiVersion: constraints.gatekeeper.sh/v1beta1 +kind: K8sDisallowedRepos +metadata: + name: repo-must-not-be-k8s-gcr-io + annotations: + argocd.argoproj.io/sync-wave: "2" + argocd.argoproj.io/sync-options: "SkipDryRunOnMissingResource=true" +spec: + match: + kinds: + - apiGroups: [""] + kinds: ["Pod"] + parameters: + {{- toYaml .Values.disallowedrepos.parameters | nindent 4 }} diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/templates/disallowedrepos/template.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/templates/disallowedrepos/template.yaml new file mode 100644 index 00000000..bb612ca7 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/templates/disallowedrepos/template.yaml @@ -0,0 +1,50 @@ +apiVersion: templates.gatekeeper.sh/v1 +kind: ConstraintTemplate +metadata: + name: k8sdisallowedrepos + annotations: + argocd.argoproj.io/sync-wave: "1" + metadata.gatekeeper.sh/title: "Disallowed Repositories" + metadata.gatekeeper.sh/version: 1.0.0 + description: >- + Disallowed container repositories that begin with a string from the specified list. +spec: + crd: + spec: + names: + kind: K8sDisallowedRepos + validation: + # Schema for the `parameters` field + openAPIV3Schema: + type: object + properties: + repos: + description: The list of prefixes a container image is not allowed to have. + type: array + items: + type: string + targets: + - target: admission.k8s.gatekeeper.sh + rego: | + package k8sdisallowedrepos + + violation[{"msg": msg}] { + container := input.review.object.spec.containers[_] + image := container.image + startswith(image, input.parameters.repos[_]) + msg := sprintf("container <%v> has an invalid image repo <%v>, disallowed repos are %v", [container.name, container.image, input.parameters.repos]) + } + + violation[{"msg": msg}] { + container := input.review.object.spec.initContainers[_] + image := container.image + startswith(image, input.parameters.repos[_]) + msg := sprintf("initContainer <%v> has an invalid image repo <%v>, disallowed repos are %v", [container.name, container.image, input.parameters.repos]) + } + + violation[{"msg": msg}] { + container := input.review.object.spec.ephemeralContainers[_] + image := container.image + startswith(image, input.parameters.repos[_]) + msg := sprintf("ephemeralContainer <%v> has an invalid image repo <%v>, disallowed repos are %v", [container.name, container.image, input.parameters.repos]) + } diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/values.yaml new file mode 100644 index 00000000..5a1d8940 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/gatekeeper/values.yaml @@ -0,0 +1,4 @@ +disallowedrepos: + parameters: + repos: + - "k8s.gcr.io/" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/.helmignore b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/Chart.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/Chart.yaml new file mode 100644 index 00000000..1d0304f5 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: karpenter_nodes +version: 1.0.3 +description: A Helm chart for generating NodeClasses and NodePools for Karpenter +maintainers: + - name: nadavbuc diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/LICENSE b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/LICENSE new file mode 100644 index 00000000..261eeb9e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/README-REPO.md b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/README-REPO.md new file mode 100644 index 00000000..e2f18f43 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/README-REPO.md @@ -0,0 +1,32 @@ +NOTICE: This chart is original from https://github.com/fiverr/public_charts + + +# Fiverr Community Helm Charts + +The code is provided as-is with no warranties. + +## Usage + +[Helm](https://helm.sh) must be installed to use the charts. +Please refer to Helm's [documentation](https://helm.sh/docs/) to get started. + +Once Helm is set up properly, add the repository as follows: + +```console +helm repo add fiverr_public https://opensource.fiverr.com/public_charts/ +``` + +You can then run `helm search repo fiverr_public` to see the charts. + +## License + + +[Apache 2.0 License](https://github.com/fiverr/public_charts/blob/master/LICENSE). + +## Helm charts build status + +![Release Charts](https://github.com/fiverr/public_charts/actions/workflows/release.yml/badge.svg?branch=master) +![Tests](https://github.com/fiverr/public_charts/actions/workflows/test.yml/badge.svg) + +## Charts +[Karpenter Nodes](https://github.com/fiverr/public_charts/tree/master/charts/karpenter_nodes) diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/README.md b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/README.md new file mode 100644 index 00000000..586103a4 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/README.md @@ -0,0 +1,151 @@ +## Fiverr Public Helm Templates - Karpenter Nodes + +### Introduction +This Helm Template is designed to generate NodeClasses and NodePools using [Karpenter](https://karpenter.sh/) in addition to optional HeadRoom. + +The template follows a naming convention which is comprised of the `nodegroup` name and its architecture (amd64, arm64 or multiarch). + +For example `nodes-default-amd64` + +The chart will loop over the `nodegroups` and generate the relevant NodeClasses and NodePools. + +### UserData +The `UserData` field supports templating and your own values. You can take a look at the `userdata_example_values.yaml` file for an example. + +## Working with Helm + +### Setting up +1. Add Repository:
```helm repo add fiverr_public https://opensource.fiverr.com/public_charts/``` +2. Either get the values.yaml file from the repository or pull it with the following command:
```helm show values fiverr_public/karpenter_nodes > values.yaml``` +3. Edit the values.yaml file to your needs. +4. Install the chart:
```helm install karpenter_nodes fiverr_public/karpenter_nodes -f values.yaml``` + + +### Testing Your Changes +After making changes you will probably want to see the new output. Run `helm template` with the relevant example files:
+`helm template . -f values.yaml` + +### Unit Tests +Make sure you have `helm-unittest` plugin installed. [helm-unittest](https://github.com/helm-unittest/helm-unittest) + +Unit tests are written in `tests` directory. To run the tests, use the following command:
+`helm unittest --helm3 karpenter_nodes -f "tests/*_test.yaml"` + + +## Configuration keys +Note - Most of the values can be overridden per nodegroup (If not specified, it will use the default (Global) values) + +| Key Name | Description | Type | Optional? | Optional Per NodeGroup? | +| ------------------------------ | ----------- | ---- | --------- | ----------------------- | +| `ApiVersion` | ApiVersion used in Karpenter's CRD | `String` | × | × | +| `IamRole` | The IAM Role which will be attached to the instance
via instance-profile (not required if `IamInstanceProfile` is specified) | `String` | x | ✓ | +| `IamInstanceProfile` | Existing instance profile To set on the instances
(not required if `IamRole` is specified)| `String` | x | ✓ | +| `amiFamily` | AMIFamily to use (Default to AL2) [Documentation](https://karpenter.sh/docs/concepts/nodeclasses/#specamifamily) | `String` | x | ✓ | +| `amiSelectorTerms` | AMI Selector Terms (This will override `amiFamily`) [Documentation](https://karpenter.sh/docs/concepts/nodeclasses/#specamiselectorterms) | `List(Map)` | x | ✓ | +| `subnetSelectorTerms` | Selector for Subnets [Documentation](https://karpenter.sh/docs/concepts/nodeclasses/#specsubnetselectorterms) | `List(Map)` | x | ✓ | +| `securityGroupSelectorTerms` | Selector for Security Groups [Documentation](https://karpenter.sh/docs/concepts/nodeclasses/#specsecuritygroupselectorterms) | `List(Map)` | x | ✓ | +| `nodeGroupLabelName` | The Name of the label for each nodegroup (default is `nodegroup`) | `String` | x | ✓ | +| `nodeTags` | Tags to add to the instances ``: `` | `Map` | ✓ | ✓ | +| `nodegroups.{}` | each will be used to setup a provisioner and template based on the nodegrup name key | `List[Maps]` | x | ✓ | +| `blockDeviceMappings` | Block Device Mappings [Documentation](https://karpenter.sh/docs/concepts/nodeclasses/#specblockdevicemappings) | `List(Map)` | x | ✓ | +| `detailedMonitoring` | Detailed Monitoring [Documentation](https://karpenter.sh/docs/concepts/nodeclasses/#specdetailedmonitoring) | `Boolean` | x | ✓ | +| `associatePublicIPAddress` | Associate Public IP Address [Documentation](https://karpenter.sh/docs/concepts/nodeclasses/#specassociatepublicipaddress) | `Boolean` | x | ✓ | +| `instanceStorePolicy` | Instance Store Policy [Documentation](https://karpenter.sh/docs/concepts/nodeclasses/#specinstancestorepolicy) | `String` | ✓ | ✓ | +| `metaDataHttpEndpoint` | Metadata HTTP Endpoint [Documentation](https://karpenter.sh/docs/concepts/nodeclasses/#specmetadataoptions) | `String` | x | ✓ | +| `metaDataHttpProtocolIPv6` | Metadata HTTP Protocol IPv6 [Documentation](https://karpenter.sh/docs/concepts/nodeclasses/#specmetadataoptions) | `String` | x | ✓ | +| `metaDataHttpPutResponseHopLimit` | Metadata HTTP Put Response Hop Limit [Documentation](https://karpenter.sh/docs/concepts/nodeclasses/#specmetadataoptions) | `String` | x | ✓ | +| `metaDataHttpTokens` | Metadata HTTP Tokens [Documentation](https://karpenter.sh/docs/concepts/nodeclasses/#specmetadataoptions) | `String` | x | ✓ | +| `userData` | User Data (supports templating and your own values) | `MultilineString` | ✓ | ✓ | +| `instances` | Instance configurations for node types, families and sizing - see below | `Map` | x | ✓ | +| `instances.minGeneration` | The minimum instance generation to use (for example 4 = c4,c5,c6 etc) | `Integer` | x | ✓ | +| `instances.architecture` | `amd64`, `arm64` or `multiarch` for nodegroups which can have combined architectures | `String` | x | ✓ | +| `instances.categories` | Allowed instance categories (c, m, r) | `List(String)` | x | ✓ | +| `instances.cores` | Allowed cores per instance (`"4"`, `"8"`) | `List(String(int))` | x | ✓ | +| `instances.capacityType` | `spot`, `on-demand` (can use both on single provisioner) | `List(String)` | x | ✓ | +| `instances.operatingSystems` | Allowed operating systems (`"linux"`, `"windows"`) | `List(String)` | x | ✓ | +| `instances.instanceTypes` | Explicit list of instance types to use (ie `m7i.xlarge`) This will ignore all sizing related requirements | `List(String)` | x | ✓ | +| `availabilityZones` | Availability Zones to use | `List(String)` | x | ✓ | +| `expireAfter` | Specify how long node should be up before refreshing it [Documentation](https://karpenter.sh/docs/concepts/disruption/#automated-methods) | `String` | x | ✓ | +| `weight` | Specify NodeGroup Weight (default is `1`) | `Integer` | x | ✓ | +| `excludeFamilies` | Exclude specific instance families | `List` | x | ✓ | +| `consolidationPolicy` | Specify how to consolidate nodes [Documentation](https://karpenter.sh/docs/concepts/nodepools/) | `String` | x | ✓ | +| `consolidateAfter` | Specify how long to wait before consolidating nodes [Documentation](https://karpenter.sh/docs/concepts/nodepools/) | `String` | ✓ | ✓ | +| `excludeInstanceSize` | Exclude specific instance sizes | `List` | ✓ | ✓ | +| `headRoom` | Generate Ultra Low Priority Class for Headroom (see below) | `String` | ✓ | x | +| `additionalRequirements` | add NodePool requirements which are not covered by this chart | `List(map)` | ✓ | ✓ | +| `autoTaint` | add NodePool taint with `dedicated` as key and nodegroup name as value (`-` replaced with `_`) | `Boolean(String)` | ✓ | ✓ | +| `cilium` | Add startupTaints for Cilium | `Boolean` | ✓ | ✓ | +| `ciliumEffect` | Set Effect on CiliumStartupTaint (Default `NoExecute`) [Documentation](https://docs.cilium.io/en/stable/installation/taints/) | `String` | ✓ | ✓ | + +### NodeGroup Configuration +| Key Name | Description | Type | Optional? | Optional Per NodeGroup? | +| ------------------------------ | ----------- | ---- | --------- | ----------------------- | +| `nodegroups.{}.labels` | Labels to add to nodes ``: `` | `Map` | ✓ | ✓ | +| `nodegroups.{}.additionalNodeTags` | Additional Tags to add to the instances ``: `` | `Map` | ✓ | ✓ | +| `nodegroups.{}.annotations` | Annotations to add to nodes ``: `` | `Map` | ✓ | ✓ | +| `nodegroups.{}.nodeClassRef` | If you wish to use your own nodeClass, specify it [Documentation](https://karpenter.sh/docs/concepts/nodeclasses/) | `Map` | ✓ | ✓ | +| `nodegroups.{}.taints` | Taints to add to nodes `- `: ``: `` | `List(Map)` | ✓ | ✓ | +| `nodegroups.{}.startupTaints` | startupTaints to add to nodes `- `: ``: `` | `List(Map)` | ✓ | ✓ | +| `nodegroups.{}.limits` | Specify Limits [Documentation](https://karpenter.sh/docs/concepts/nodepools/#speclimits) | `Map` | ✓ | ✓ | +| `nodegroups.{}.capacitySpread` | Set range of capacity spread keys (`integers`), set int for `start` and `end` | `Map` | ✓ | ✓ | +| `nodegroups.{}.excludeFamilies`| Exclude specific instance families | `List` | ✓ | ✓ | +| `nodegroups.{}.budgets` | Specify Disruption Budgets [Documentation](https://karpenter.sh/docs/concepts/disruption/#nodes) | `List` | ✓ | ✓ | +| `nodegroups.{}.*` | Over-write all above which supports it | `Map` | ✓ | ✓ | +| `nodegroups.{}.instances.*` | Explicitly specify instances override, if using defaults specify `instances: {}` | `Map` | ✓ | ✓ | + +### Headroom Configuration +Headroom will create `pause` pods with resources-requests to just keep free amount of resources up and ready for scheduling.
This is useful for scaling up quickly when needed.
+The pods will be configured with ultra-low priority, and will be terminated and recreated on new nodes to free them up for usage if needed. +| Key Name | Description | Type | Optional? | Optional Per NodeGroup? | +| ------------------------------ | ----------- | ---- | --------- | ----------------------- | +| `nodegroups.{}.headRoom` | List of headroom configurations for the nodePool | `List(Map)` | ✓ | ✓ | +| `nodegroups.{}.headRoom.size` | `small`, `medium`, `large`, `xlarge` - see below | `String` | ✓ | ✓ | +| `nodegroups.{}.headRoom.count` | Number of headroom pod replicas to schedule | `Integer` | ✓ | ✓ | +| `nodegroups.{}.headRoom.antiAffinitySpec` | Optional - set antiaffinity to match against running workloads | `LabelSelectorSpec` | ✓ | ✓ | +| `nodegroups.{}.headRoom.nameSpaces` | Specify list of namespaces to match again (default `all`) | `List(String)` | ✓ | ✓ | + +### Headroom Sizing + +| Size | CPU | Ram | +| ----- | --- | --- | +| `small` | 1 | 4Gi | +| `medium` | 2 | 8Gi | +| `large` | 4 | 16Gi | +| `xlarge` | 8 | 32Gi | + +### Kubelet Configuration +[Documentation](https://karpenter.sh/docs/concepts/nodepools/#spectemplatespeckubelet) +Kubelet configuration can be set globally or per nodegroup. The following keys are supported: +| Key Name | Description | Type | Optional? | Optional Per NodeGroup? | +| ------------------------------ | ----------- | ---- | --------- | ----------------------- | +| `kubeletClusterDNS` | Cluster DNS | `List` | ✓ | ✓ | +| `kubeletSystemReservedCpu` | System Reserved CPU | `String` | x | ✓ | +| `kubeletSystemReservedMemory` | System Reserved Memory | `String` | x | ✓ | +| `kubeletSystemReservedEphemeralStorage` | System Reserved Ephemeral Storage | `String` | x | ✓ | +| `kubeletKubeReservedCpu` | Kube Reserved CPU | `String` | x | ✓ | +| `kubeletKubeReservedMemory` | Kube Reserved Memory | `String` | x | ✓ | +| `kubeletKubeReservedEphemeralStorage` | Kube Reserved Ephemeral Storage | `String` | x | ✓ | +| `kubeletEvictionHardMemoryAvailable` | Eviction Hard Memory Available | `String` | x | ✓ | +| `kubeletEvictionHardNodefsAvailable` | Eviction Hard Nodefs Available | `String` | x | ✓ | +| `kubeletEvictionHardNodefsInodesFree` | Eviction Hard Nodefs Inodes Free | `String` | x | ✓ | +| `kubeletEvictionSoftMemoryAvailable` | Eviction Soft Memory Available | `String` | x | ✓ | +| `kubeletEvictionSoftNodefsAvailable` | Eviction Soft Nodefs Available | `String` | x | ✓ | +| `kubeletEvictionSoftNodefsInodesFree` | Eviction Soft Nodefs Inodes Free | `String` | x | ✓ | +| `kubeletEvictionSoftImagefsAvailable` | Eviction Soft Imagefs Available | `String` | x | ✓ | +| `kubeletEvictionSoftImagefsInodesFree` | Eviction Soft Imagefs Inodes Free | `String` | x | ✓ | +| `kubeletEvictionSoftPidAvailable` | Eviction Soft Pid Available | `String` | x | ✓ | +| `kubeletEvictionSoftGracePeriodImagefsAvailable` | Eviction Soft Grace Period Imagefs Available | `String` | x | ✓ | +| `kubeletEvictionSoftGracePeriodImagefsInodesFree` | Eviction Soft Grace Period Imagefs Inodes Free | `String` | x | ✓ | +| `kubeletEvictionSoftGracePeriodMemoryAvailable` | Eviction Soft Grace Period Memory Available | `String` | x | ✓ | +| `kubeletEvictionSoftGracePeriodNodefsAvailable` | Eviction Soft Grace Period Nodefs Available | `String` | x | ✓ | +| `kubeletEvictionSoftGracePeriodNodefsInodesFree` | Eviction Soft Grace Period Nodefs Inodes Free | `String` | x | ✓ | +| `kubeletEvictionSoftGracePeriodPidAvailable` | Eviction Soft Grace Period Pid Available | `String` | x | ✓ | +| `kubeletImageGCHighThresholdPercent` | Image GC High Threshold Percent | `String` | ✓ | ✓ | +| `kubeletImageGCLowThresholdPercent` | Image GC Low Threshold Percent | `String` | ✓ | ✓ | +| `kubeletImageMinimumGCAge` | Image Minimum GC Age | `String` | ✓ | ✓ | +| `kubeletCpuCFSQuota` | CPU CFS Quota | `String` | ✓ | ✓ | +| `kubeletPodsPerCore` | Pods Per Core | `String` | ✓ | ✓ | +| `kubeletMaxPods` | Max Pods | `String` | ✓ | ✓ | + +## Extras +See grafana directory for dashbaords available for you to import into your Grafana instance. diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/examples/argocd_example.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/examples/argocd_example.yaml new file mode 100644 index 00000000..84b2a265 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/examples/argocd_example.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: karpenter-nodes + namespace: argocd +spec: + project: infra + sources: + - repoURL: 'https://opensource.fiverr.com/public_charts/' + chart: karpenter_nodes + targetRevision: 1.0.3 + helm: + valueFiles: + - $values/karpenter_nodes/eks-dev/common.yaml + - $values/karpenter_nodes/eks-dev/nodegroups.yaml + - $values/karpenter_nodes/eks-dev/userdata.yaml + - repoURL: https://github.com/my_values_repo.git + targetRevision: HEAD + ref: values + destination: + server: https://kubernetes diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/examples/common.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/examples/common.yaml new file mode 100644 index 00000000..e508da47 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/examples/common.yaml @@ -0,0 +1,73 @@ +clusterName: "eks-dev" + +subnetSelectorTerms: + - tags: + Name: eks-dev-eu-west-1a + - tags: + Name: eks-dev-eu-west-1b + - tags: + Name: eks-dev-eu-west-1c + +securityGroupSelectorTerms: + - tags: + Name: eks-nodes + - tags: + Name: eks-dev + +availabilityZones: + - eu-west-1a + - eu-west-1b + - eu-west-1c + +excludeInstanceSize: + - metal + +blockDeviceMappings: + - deviceName: /dev/xvda + ebs: + volumeSize: 100Gi + volumeType: gp3 + encrypted: true + deleteOnTermination: true + iops: 3000 + throughput: 125 + +instances: + minGeneration: 4 + architecture: "amd64" + categories: + - m + - r + - c + cores: + - "4" + - "8" + - "12" + - "16" + - "24" + - "32" + - "48" + capacityType: + - spot + + +nodeTags: + team: devops + component: eks-karpenter-nodes + created_by: helm + +amiFamily: AL2 +autoTaint: "true" +excludeFamilies: + - c6a + - m6a + - r6a + - c5a + - m5a + - r5a + - c6ad + - m6ad + - r6ad + - m5ad + - r5ad + - r5ad diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/examples/generate.sh b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/examples/generate.sh new file mode 100755 index 00000000..f9758edf --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/examples/generate.sh @@ -0,0 +1,2 @@ +#!/bin/bash +helm template karpenter-nodes ../ -f common.yaml -f nodegroups.yaml -f userdata.yaml > output/output.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/examples/nodegroups.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/examples/nodegroups.yaml new file mode 100644 index 00000000..2cdf1c01 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/examples/nodegroups.yaml @@ -0,0 +1,108 @@ +nodeGroups: + nodes-default: + autoTaint: "false" + weight: 2 + instances: + categories: + - m + - r + capacitySpread: + start: 1 + end: 5 + nodes-default-od: + autoTaint: "false" + nodeGroupLabel: nodes-default + capacitySpread: + start: 6 + end: 6 + instances: + minGeneration: 5 + categories: + - m + - r + capacityType: + - on-demand + nodeClassRef: + name: nodes-default-amd64 + nodes-workers: + weight: 2 + instances: + categories: + - m + - r + capacitySpread: + start: 1 + end: 5 + nodes-workers-c: + nodeGroupLabel: nodes-workers + capacitySpread: + start: 1 + end: 5 + instances: + categories: + - c + nodeClassRef: + name: nodes-workers-amd64 + nodes-canary: + instances: {} + capacitySpread: + start: 1 + end: 5 + nodes-jobs: + expireAfter: "Never" + instances: + capacityType: + - on-demand + cores: + - "8" + - "16" + consolidationPolicy: "WhenEmpty" + blockDeviceMappings: + - deviceName: /dev/xvda + ebs: + deleteOnTermination: true + encrypted: true + iops: 9000 + throughput: 125 + volumeSize: 500Gi + volumeType: gp3 + nodes-ingress: + registryCache: "false" + expireAfter: "Never" + instances: + architecture: "multiarch" + capacityType: + - on-demand + minGeneration: 7 + cores: + - "8" + nodes-monitoring: + labels: + prometheus-scrape: "true" #Not Real Use-case + additionalNodeTags: + innercomponent: monitoring + expireAfter: "Never" + instances: + architecture: "multiarch" + capacityType: + - on-demand + excludeFamilies: [] + nodes-gpu: + labels: + gpu: "true" + instances: + instanceTypes: + - g5.xlarge + - g5.2xlarge + - g5.4xlarge + categories: + - g + limits: + cpu: "128" + taints: + - key: "dedicated" + value: "gpu" + effect: "NoSchedule" + nodes-cilium-managed: + instances: {} + cilium: true diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/examples/output/output.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/examples/output/output.yaml new file mode 100644 index 00000000..b4d2e88e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/examples/output/output.yaml @@ -0,0 +1,1931 @@ +--- +# Source: karpenter_nodes/templates/priorityclass.yaml +apiVersion: scheduling.k8s.io/v1 +kind: PriorityClass +metadata: + name: karpenter-headroom +value: -1000000 +globalDefault: false +description: "Used for dummy pods to generate headroom in karpenter" +--- +# Source: karpenter_nodes/templates/nodeclass.yaml +apiVersion: karpenter.k8s.aws/v1beta1 +kind: EC2NodeClass +metadata: + name: "nodes-canary-amd64" +spec: + role: eks_nodes_role + amiFamily: AL2 + amiSelectorTerms: + subnetSelectorTerms: + - tags: + Name: eks-dev-eu-west-1a + - tags: + Name: eks-dev-eu-west-1b + - tags: + Name: eks-dev-eu-west-1c + securityGroupSelectorTerms: + - tags: + Name: eks-nodes + - tags: + Name: eks-dev + tags: + cluster: eks-dev + nodegroup: nodes-canary + component: eks-karpenter-nodes + created_by: helm + team: devops + managed_by: karpenter + blockDeviceMappings: + - deviceName: /dev/xvda + ebs: + deleteOnTermination: true + encrypted: true + iops: 3000 + throughput: 125 + volumeSize: 100Gi + volumeType: gp3 + detailedMonitoring: false + associatePublicIPAddress: false + metadataOptions: + httpEndpoint: enabled + httpProtocolIPv6: disabled + httpPutResponseHopLimit: 2 + httpTokens: required + userData: | + CLUSTER_NAME=eks-dev + INSTANCEGROUP=nodes-canary + INSTANCE_ID=`/usr/bin/ec2-metadata --instance-id | awk '{print $2}'` + ID_SUFFIX=`/usr/bin/ec2-metadata --instance-id | awk '{print substr($0,length-5,6)}'` + HOSTNAME="${CLUSTER_NAME}-${INSTANCEGROUP}-$ID_SUFFIX" + hostname $HOSTNAME + echo $HOSTNAME > /etc/hostname + aws ec2 create-tags --resources $INSTANCE_ID --tags=Key=Name,Value=$HOSTNAME + sed -i "s/127.0.0.1 [0-9a-z-]*\s*localhost/127.0.0.1 $HOSTNAME localhost/" /etc/hosts + # Sysctl changes + ## Disable IPv6 + cat < /etc/sysctl.d/10-disable-ipv6.conf + # disable ipv6 config + net.ipv6.conf.all.disable_ipv6 = 1 + net.ipv6.conf.default.disable_ipv6 = 1 + net.ipv6.conf.lo.disable_ipv6 = 1 + EOF + ## Stolen from this guy: https://blog.codeship.com/running-1000-containers-in-docker-swarm/ + cat < /etc/sysctl.d/99-kube-net.conf + # Have a larger connection range available + net.ipv4.ip_local_port_range=1024 65000 + # Reuse closed sockets faster + net.ipv4.tcp_tw_reuse=1 + net.ipv4.tcp_fin_timeout=15 + # The maximum number of "backlogged sockets". Default is 128. + net.core.somaxconn=4096 + net.core.netdev_max_backlog=4096 + # 16MB per socket - which sounds like a lot, + # but will virtually never consume that much. + net.core.rmem_max=16777216 + net.core.wmem_max=16777216 + # Various network tunables + net.ipv4.tcp_max_syn_backlog=20480 + net.ipv4.tcp_max_tw_buckets=400000 + net.ipv4.tcp_no_metrics_save=1 + net.ipv4.tcp_rmem=4096 87380 16777216 + net.ipv4.tcp_syn_retries=2 + net.ipv4.tcp_synack_retries=2 + net.ipv4.tcp_wmem=4096 65536 16777216 + #vm.min_free_kbytes=65536 + # Connection tracking to prevent dropped connections (usually issue on LBs) + net.netfilter.nf_conntrack_max=262144 + net.ipv4.netfilter.ip_conntrack_generic_timeout=120 + net.netfilter.nf_conntrack_tcp_timeout_established=86400 + # ARP cache settings for a highly loaded docker swarm + net.ipv4.neigh.default.gc_thresh1=8096 + net.ipv4.neigh.default.gc_thresh2=12288 + net.ipv4.neigh.default.gc_thresh3=16384 + EOF + systemctl restart systemd-sysctl.service + #Increase RegistryQPS + echo "$(jq '.registryPullQPS=100' /etc/kubernetes/kubelet/kubelet-config.json)" > /etc/kubernetes/kubelet/kubelet-config.json + echo "$(jq '.registryBurst=200' /etc/kubernetes/kubelet/kubelet-config.json)" > /etc/kubernetes/kubelet/kubelet-config.json + mkdir -p /etc/containerd/certs.d/docker.io + cat</etc/containerd/certs.d/docker.io/hosts.toml + server = "https://registry-1.docker.io" + [host."http://registry"] + capabilities = ["pull", "resolve"] + skip_verify = true + EOF +--- +# Source: karpenter_nodes/templates/nodeclass.yaml +apiVersion: karpenter.k8s.aws/v1beta1 +kind: EC2NodeClass +metadata: + name: "nodes-cilium-managed-amd64" +spec: + role: eks_nodes_role + amiFamily: AL2 + amiSelectorTerms: + subnetSelectorTerms: + - tags: + Name: eks-dev-eu-west-1a + - tags: + Name: eks-dev-eu-west-1b + - tags: + Name: eks-dev-eu-west-1c + securityGroupSelectorTerms: + - tags: + Name: eks-nodes + - tags: + Name: eks-dev + tags: + cluster: eks-dev + nodegroup: nodes-cilium-managed + component: eks-karpenter-nodes + created_by: helm + team: devops + managed_by: karpenter + blockDeviceMappings: + - deviceName: /dev/xvda + ebs: + deleteOnTermination: true + encrypted: true + iops: 3000 + throughput: 125 + volumeSize: 100Gi + volumeType: gp3 + detailedMonitoring: false + associatePublicIPAddress: false + metadataOptions: + httpEndpoint: enabled + httpProtocolIPv6: disabled + httpPutResponseHopLimit: 2 + httpTokens: required + userData: | + CLUSTER_NAME=eks-dev + INSTANCEGROUP=nodes-cilium-managed + INSTANCE_ID=`/usr/bin/ec2-metadata --instance-id | awk '{print $2}'` + ID_SUFFIX=`/usr/bin/ec2-metadata --instance-id | awk '{print substr($0,length-5,6)}'` + HOSTNAME="${CLUSTER_NAME}-${INSTANCEGROUP}-$ID_SUFFIX" + hostname $HOSTNAME + echo $HOSTNAME > /etc/hostname + aws ec2 create-tags --resources $INSTANCE_ID --tags=Key=Name,Value=$HOSTNAME + sed -i "s/127.0.0.1 [0-9a-z-]*\s*localhost/127.0.0.1 $HOSTNAME localhost/" /etc/hosts + # Sysctl changes + ## Disable IPv6 + cat < /etc/sysctl.d/10-disable-ipv6.conf + # disable ipv6 config + net.ipv6.conf.all.disable_ipv6 = 1 + net.ipv6.conf.default.disable_ipv6 = 1 + net.ipv6.conf.lo.disable_ipv6 = 1 + EOF + ## Stolen from this guy: https://blog.codeship.com/running-1000-containers-in-docker-swarm/ + cat < /etc/sysctl.d/99-kube-net.conf + # Have a larger connection range available + net.ipv4.ip_local_port_range=1024 65000 + # Reuse closed sockets faster + net.ipv4.tcp_tw_reuse=1 + net.ipv4.tcp_fin_timeout=15 + # The maximum number of "backlogged sockets". Default is 128. + net.core.somaxconn=4096 + net.core.netdev_max_backlog=4096 + # 16MB per socket - which sounds like a lot, + # but will virtually never consume that much. + net.core.rmem_max=16777216 + net.core.wmem_max=16777216 + # Various network tunables + net.ipv4.tcp_max_syn_backlog=20480 + net.ipv4.tcp_max_tw_buckets=400000 + net.ipv4.tcp_no_metrics_save=1 + net.ipv4.tcp_rmem=4096 87380 16777216 + net.ipv4.tcp_syn_retries=2 + net.ipv4.tcp_synack_retries=2 + net.ipv4.tcp_wmem=4096 65536 16777216 + #vm.min_free_kbytes=65536 + # Connection tracking to prevent dropped connections (usually issue on LBs) + net.netfilter.nf_conntrack_max=262144 + net.ipv4.netfilter.ip_conntrack_generic_timeout=120 + net.netfilter.nf_conntrack_tcp_timeout_established=86400 + # ARP cache settings for a highly loaded docker swarm + net.ipv4.neigh.default.gc_thresh1=8096 + net.ipv4.neigh.default.gc_thresh2=12288 + net.ipv4.neigh.default.gc_thresh3=16384 + EOF + systemctl restart systemd-sysctl.service + #Increase RegistryQPS + echo "$(jq '.registryPullQPS=100' /etc/kubernetes/kubelet/kubelet-config.json)" > /etc/kubernetes/kubelet/kubelet-config.json + echo "$(jq '.registryBurst=200' /etc/kubernetes/kubelet/kubelet-config.json)" > /etc/kubernetes/kubelet/kubelet-config.json + mkdir -p /etc/containerd/certs.d/docker.io + cat</etc/containerd/certs.d/docker.io/hosts.toml + server = "https://registry-1.docker.io" + [host."http://registry"] + capabilities = ["pull", "resolve"] + skip_verify = true + EOF +--- +# Source: karpenter_nodes/templates/nodeclass.yaml +apiVersion: karpenter.k8s.aws/v1beta1 +kind: EC2NodeClass +metadata: + name: "nodes-default-amd64" +spec: + role: eks_nodes_role + amiFamily: AL2 + amiSelectorTerms: + subnetSelectorTerms: + - tags: + Name: eks-dev-eu-west-1a + - tags: + Name: eks-dev-eu-west-1b + - tags: + Name: eks-dev-eu-west-1c + securityGroupSelectorTerms: + - tags: + Name: eks-nodes + - tags: + Name: eks-dev + tags: + cluster: eks-dev + nodegroup: nodes-default + component: eks-karpenter-nodes + created_by: helm + team: devops + managed_by: karpenter + blockDeviceMappings: + - deviceName: /dev/xvda + ebs: + deleteOnTermination: true + encrypted: true + iops: 3000 + throughput: 125 + volumeSize: 100Gi + volumeType: gp3 + detailedMonitoring: false + associatePublicIPAddress: false + metadataOptions: + httpEndpoint: enabled + httpProtocolIPv6: disabled + httpPutResponseHopLimit: 2 + httpTokens: required + userData: | + CLUSTER_NAME=eks-dev + INSTANCEGROUP=nodes-default + INSTANCE_ID=`/usr/bin/ec2-metadata --instance-id | awk '{print $2}'` + ID_SUFFIX=`/usr/bin/ec2-metadata --instance-id | awk '{print substr($0,length-5,6)}'` + HOSTNAME="${CLUSTER_NAME}-${INSTANCEGROUP}-$ID_SUFFIX" + hostname $HOSTNAME + echo $HOSTNAME > /etc/hostname + aws ec2 create-tags --resources $INSTANCE_ID --tags=Key=Name,Value=$HOSTNAME + sed -i "s/127.0.0.1 [0-9a-z-]*\s*localhost/127.0.0.1 $HOSTNAME localhost/" /etc/hosts + # Sysctl changes + ## Disable IPv6 + cat < /etc/sysctl.d/10-disable-ipv6.conf + # disable ipv6 config + net.ipv6.conf.all.disable_ipv6 = 1 + net.ipv6.conf.default.disable_ipv6 = 1 + net.ipv6.conf.lo.disable_ipv6 = 1 + EOF + ## Stolen from this guy: https://blog.codeship.com/running-1000-containers-in-docker-swarm/ + cat < /etc/sysctl.d/99-kube-net.conf + # Have a larger connection range available + net.ipv4.ip_local_port_range=1024 65000 + # Reuse closed sockets faster + net.ipv4.tcp_tw_reuse=1 + net.ipv4.tcp_fin_timeout=15 + # The maximum number of "backlogged sockets". Default is 128. + net.core.somaxconn=4096 + net.core.netdev_max_backlog=4096 + # 16MB per socket - which sounds like a lot, + # but will virtually never consume that much. + net.core.rmem_max=16777216 + net.core.wmem_max=16777216 + # Various network tunables + net.ipv4.tcp_max_syn_backlog=20480 + net.ipv4.tcp_max_tw_buckets=400000 + net.ipv4.tcp_no_metrics_save=1 + net.ipv4.tcp_rmem=4096 87380 16777216 + net.ipv4.tcp_syn_retries=2 + net.ipv4.tcp_synack_retries=2 + net.ipv4.tcp_wmem=4096 65536 16777216 + #vm.min_free_kbytes=65536 + # Connection tracking to prevent dropped connections (usually issue on LBs) + net.netfilter.nf_conntrack_max=262144 + net.ipv4.netfilter.ip_conntrack_generic_timeout=120 + net.netfilter.nf_conntrack_tcp_timeout_established=86400 + # ARP cache settings for a highly loaded docker swarm + net.ipv4.neigh.default.gc_thresh1=8096 + net.ipv4.neigh.default.gc_thresh2=12288 + net.ipv4.neigh.default.gc_thresh3=16384 + EOF + systemctl restart systemd-sysctl.service + #Increase RegistryQPS + echo "$(jq '.registryPullQPS=100' /etc/kubernetes/kubelet/kubelet-config.json)" > /etc/kubernetes/kubelet/kubelet-config.json + echo "$(jq '.registryBurst=200' /etc/kubernetes/kubelet/kubelet-config.json)" > /etc/kubernetes/kubelet/kubelet-config.json + mkdir -p /etc/containerd/certs.d/docker.io + cat</etc/containerd/certs.d/docker.io/hosts.toml + server = "https://registry-1.docker.io" + [host."http://registry"] + capabilities = ["pull", "resolve"] + skip_verify = true + EOF +--- +# Source: karpenter_nodes/templates/nodeclass.yaml +apiVersion: karpenter.k8s.aws/v1beta1 +kind: EC2NodeClass +metadata: + name: "nodes-gpu-amd64" +spec: + role: eks_nodes_role + amiFamily: AL2 + amiSelectorTerms: + subnetSelectorTerms: + - tags: + Name: eks-dev-eu-west-1a + - tags: + Name: eks-dev-eu-west-1b + - tags: + Name: eks-dev-eu-west-1c + securityGroupSelectorTerms: + - tags: + Name: eks-nodes + - tags: + Name: eks-dev + tags: + cluster: eks-dev + nodegroup: nodes-gpu + component: eks-karpenter-nodes + created_by: helm + team: devops + managed_by: karpenter + blockDeviceMappings: + - deviceName: /dev/xvda + ebs: + deleteOnTermination: true + encrypted: true + iops: 3000 + throughput: 125 + volumeSize: 100Gi + volumeType: gp3 + detailedMonitoring: false + associatePublicIPAddress: false + metadataOptions: + httpEndpoint: enabled + httpProtocolIPv6: disabled + httpPutResponseHopLimit: 2 + httpTokens: required + userData: | + CLUSTER_NAME=eks-dev + INSTANCEGROUP=nodes-gpu + INSTANCE_ID=`/usr/bin/ec2-metadata --instance-id | awk '{print $2}'` + ID_SUFFIX=`/usr/bin/ec2-metadata --instance-id | awk '{print substr($0,length-5,6)}'` + HOSTNAME="${CLUSTER_NAME}-${INSTANCEGROUP}-$ID_SUFFIX" + hostname $HOSTNAME + echo $HOSTNAME > /etc/hostname + aws ec2 create-tags --resources $INSTANCE_ID --tags=Key=Name,Value=$HOSTNAME + sed -i "s/127.0.0.1 [0-9a-z-]*\s*localhost/127.0.0.1 $HOSTNAME localhost/" /etc/hosts + # Sysctl changes + ## Disable IPv6 + cat < /etc/sysctl.d/10-disable-ipv6.conf + # disable ipv6 config + net.ipv6.conf.all.disable_ipv6 = 1 + net.ipv6.conf.default.disable_ipv6 = 1 + net.ipv6.conf.lo.disable_ipv6 = 1 + EOF + ## Stolen from this guy: https://blog.codeship.com/running-1000-containers-in-docker-swarm/ + cat < /etc/sysctl.d/99-kube-net.conf + # Have a larger connection range available + net.ipv4.ip_local_port_range=1024 65000 + # Reuse closed sockets faster + net.ipv4.tcp_tw_reuse=1 + net.ipv4.tcp_fin_timeout=15 + # The maximum number of "backlogged sockets". Default is 128. + net.core.somaxconn=4096 + net.core.netdev_max_backlog=4096 + # 16MB per socket - which sounds like a lot, + # but will virtually never consume that much. + net.core.rmem_max=16777216 + net.core.wmem_max=16777216 + # Various network tunables + net.ipv4.tcp_max_syn_backlog=20480 + net.ipv4.tcp_max_tw_buckets=400000 + net.ipv4.tcp_no_metrics_save=1 + net.ipv4.tcp_rmem=4096 87380 16777216 + net.ipv4.tcp_syn_retries=2 + net.ipv4.tcp_synack_retries=2 + net.ipv4.tcp_wmem=4096 65536 16777216 + #vm.min_free_kbytes=65536 + # Connection tracking to prevent dropped connections (usually issue on LBs) + net.netfilter.nf_conntrack_max=262144 + net.ipv4.netfilter.ip_conntrack_generic_timeout=120 + net.netfilter.nf_conntrack_tcp_timeout_established=86400 + # ARP cache settings for a highly loaded docker swarm + net.ipv4.neigh.default.gc_thresh1=8096 + net.ipv4.neigh.default.gc_thresh2=12288 + net.ipv4.neigh.default.gc_thresh3=16384 + EOF + systemctl restart systemd-sysctl.service + #Increase RegistryQPS + echo "$(jq '.registryPullQPS=100' /etc/kubernetes/kubelet/kubelet-config.json)" > /etc/kubernetes/kubelet/kubelet-config.json + echo "$(jq '.registryBurst=200' /etc/kubernetes/kubelet/kubelet-config.json)" > /etc/kubernetes/kubelet/kubelet-config.json + mkdir -p /etc/containerd/certs.d/docker.io + cat</etc/containerd/certs.d/docker.io/hosts.toml + server = "https://registry-1.docker.io" + [host."http://registry"] + capabilities = ["pull", "resolve"] + skip_verify = true + EOF +--- +# Source: karpenter_nodes/templates/nodeclass.yaml +apiVersion: karpenter.k8s.aws/v1beta1 +kind: EC2NodeClass +metadata: + name: "nodes-ingress-multiarch" +spec: + role: eks_nodes_role + amiFamily: AL2 + amiSelectorTerms: + subnetSelectorTerms: + - tags: + Name: eks-dev-eu-west-1a + - tags: + Name: eks-dev-eu-west-1b + - tags: + Name: eks-dev-eu-west-1c + securityGroupSelectorTerms: + - tags: + Name: eks-nodes + - tags: + Name: eks-dev + tags: + cluster: eks-dev + nodegroup: nodes-ingress + component: eks-karpenter-nodes + created_by: helm + team: devops + managed_by: karpenter + blockDeviceMappings: + - deviceName: /dev/xvda + ebs: + deleteOnTermination: true + encrypted: true + iops: 3000 + throughput: 125 + volumeSize: 100Gi + volumeType: gp3 + detailedMonitoring: false + associatePublicIPAddress: false + metadataOptions: + httpEndpoint: enabled + httpProtocolIPv6: disabled + httpPutResponseHopLimit: 2 + httpTokens: required + userData: | + CLUSTER_NAME=eks-dev + INSTANCEGROUP=nodes-ingress + INSTANCE_ID=`/usr/bin/ec2-metadata --instance-id | awk '{print $2}'` + ID_SUFFIX=`/usr/bin/ec2-metadata --instance-id | awk '{print substr($0,length-5,6)}'` + HOSTNAME="${CLUSTER_NAME}-${INSTANCEGROUP}-$ID_SUFFIX" + hostname $HOSTNAME + echo $HOSTNAME > /etc/hostname + aws ec2 create-tags --resources $INSTANCE_ID --tags=Key=Name,Value=$HOSTNAME + sed -i "s/127.0.0.1 [0-9a-z-]*\s*localhost/127.0.0.1 $HOSTNAME localhost/" /etc/hosts + # Sysctl changes + ## Disable IPv6 + cat < /etc/sysctl.d/10-disable-ipv6.conf + # disable ipv6 config + net.ipv6.conf.all.disable_ipv6 = 1 + net.ipv6.conf.default.disable_ipv6 = 1 + net.ipv6.conf.lo.disable_ipv6 = 1 + EOF + ## Stolen from this guy: https://blog.codeship.com/running-1000-containers-in-docker-swarm/ + cat < /etc/sysctl.d/99-kube-net.conf + # Have a larger connection range available + net.ipv4.ip_local_port_range=1024 65000 + # Reuse closed sockets faster + net.ipv4.tcp_tw_reuse=1 + net.ipv4.tcp_fin_timeout=15 + # The maximum number of "backlogged sockets". Default is 128. + net.core.somaxconn=4096 + net.core.netdev_max_backlog=4096 + # 16MB per socket - which sounds like a lot, + # but will virtually never consume that much. + net.core.rmem_max=16777216 + net.core.wmem_max=16777216 + # Various network tunables + net.ipv4.tcp_max_syn_backlog=20480 + net.ipv4.tcp_max_tw_buckets=400000 + net.ipv4.tcp_no_metrics_save=1 + net.ipv4.tcp_rmem=4096 87380 16777216 + net.ipv4.tcp_syn_retries=2 + net.ipv4.tcp_synack_retries=2 + net.ipv4.tcp_wmem=4096 65536 16777216 + #vm.min_free_kbytes=65536 + # Connection tracking to prevent dropped connections (usually issue on LBs) + net.netfilter.nf_conntrack_max=262144 + net.ipv4.netfilter.ip_conntrack_generic_timeout=120 + net.netfilter.nf_conntrack_tcp_timeout_established=86400 + # ARP cache settings for a highly loaded docker swarm + net.ipv4.neigh.default.gc_thresh1=8096 + net.ipv4.neigh.default.gc_thresh2=12288 + net.ipv4.neigh.default.gc_thresh3=16384 + EOF + systemctl restart systemd-sysctl.service + #Increase RegistryQPS + echo "$(jq '.registryPullQPS=100' /etc/kubernetes/kubelet/kubelet-config.json)" > /etc/kubernetes/kubelet/kubelet-config.json + echo "$(jq '.registryBurst=200' /etc/kubernetes/kubelet/kubelet-config.json)" > /etc/kubernetes/kubelet/kubelet-config.json +--- +# Source: karpenter_nodes/templates/nodeclass.yaml +apiVersion: karpenter.k8s.aws/v1beta1 +kind: EC2NodeClass +metadata: + name: "nodes-jobs-amd64" +spec: + role: eks_nodes_role + amiFamily: AL2 + amiSelectorTerms: + subnetSelectorTerms: + - tags: + Name: eks-dev-eu-west-1a + - tags: + Name: eks-dev-eu-west-1b + - tags: + Name: eks-dev-eu-west-1c + securityGroupSelectorTerms: + - tags: + Name: eks-nodes + - tags: + Name: eks-dev + tags: + cluster: eks-dev + nodegroup: nodes-jobs + component: eks-karpenter-nodes + created_by: helm + team: devops + managed_by: karpenter + blockDeviceMappings: + - deviceName: /dev/xvda + ebs: + deleteOnTermination: true + encrypted: true + iops: 9000 + throughput: 125 + volumeSize: 500Gi + volumeType: gp3 + detailedMonitoring: false + associatePublicIPAddress: false + metadataOptions: + httpEndpoint: enabled + httpProtocolIPv6: disabled + httpPutResponseHopLimit: 2 + httpTokens: required + userData: | + CLUSTER_NAME=eks-dev + INSTANCEGROUP=nodes-jobs + INSTANCE_ID=`/usr/bin/ec2-metadata --instance-id | awk '{print $2}'` + ID_SUFFIX=`/usr/bin/ec2-metadata --instance-id | awk '{print substr($0,length-5,6)}'` + HOSTNAME="${CLUSTER_NAME}-${INSTANCEGROUP}-$ID_SUFFIX" + hostname $HOSTNAME + echo $HOSTNAME > /etc/hostname + aws ec2 create-tags --resources $INSTANCE_ID --tags=Key=Name,Value=$HOSTNAME + sed -i "s/127.0.0.1 [0-9a-z-]*\s*localhost/127.0.0.1 $HOSTNAME localhost/" /etc/hosts + # Sysctl changes + ## Disable IPv6 + cat < /etc/sysctl.d/10-disable-ipv6.conf + # disable ipv6 config + net.ipv6.conf.all.disable_ipv6 = 1 + net.ipv6.conf.default.disable_ipv6 = 1 + net.ipv6.conf.lo.disable_ipv6 = 1 + EOF + ## Stolen from this guy: https://blog.codeship.com/running-1000-containers-in-docker-swarm/ + cat < /etc/sysctl.d/99-kube-net.conf + # Have a larger connection range available + net.ipv4.ip_local_port_range=1024 65000 + # Reuse closed sockets faster + net.ipv4.tcp_tw_reuse=1 + net.ipv4.tcp_fin_timeout=15 + # The maximum number of "backlogged sockets". Default is 128. + net.core.somaxconn=4096 + net.core.netdev_max_backlog=4096 + # 16MB per socket - which sounds like a lot, + # but will virtually never consume that much. + net.core.rmem_max=16777216 + net.core.wmem_max=16777216 + # Various network tunables + net.ipv4.tcp_max_syn_backlog=20480 + net.ipv4.tcp_max_tw_buckets=400000 + net.ipv4.tcp_no_metrics_save=1 + net.ipv4.tcp_rmem=4096 87380 16777216 + net.ipv4.tcp_syn_retries=2 + net.ipv4.tcp_synack_retries=2 + net.ipv4.tcp_wmem=4096 65536 16777216 + #vm.min_free_kbytes=65536 + # Connection tracking to prevent dropped connections (usually issue on LBs) + net.netfilter.nf_conntrack_max=262144 + net.ipv4.netfilter.ip_conntrack_generic_timeout=120 + net.netfilter.nf_conntrack_tcp_timeout_established=86400 + # ARP cache settings for a highly loaded docker swarm + net.ipv4.neigh.default.gc_thresh1=8096 + net.ipv4.neigh.default.gc_thresh2=12288 + net.ipv4.neigh.default.gc_thresh3=16384 + EOF + systemctl restart systemd-sysctl.service + #Increase RegistryQPS + echo "$(jq '.registryPullQPS=100' /etc/kubernetes/kubelet/kubelet-config.json)" > /etc/kubernetes/kubelet/kubelet-config.json + echo "$(jq '.registryBurst=200' /etc/kubernetes/kubelet/kubelet-config.json)" > /etc/kubernetes/kubelet/kubelet-config.json + mkdir -p /etc/containerd/certs.d/docker.io + cat</etc/containerd/certs.d/docker.io/hosts.toml + server = "https://registry-1.docker.io" + [host."http://registry"] + capabilities = ["pull", "resolve"] + skip_verify = true + EOF +--- +# Source: karpenter_nodes/templates/nodeclass.yaml +apiVersion: karpenter.k8s.aws/v1beta1 +kind: EC2NodeClass +metadata: + name: "nodes-monitoring-multiarch" +spec: + role: eks_nodes_role + amiFamily: AL2 + amiSelectorTerms: + subnetSelectorTerms: + - tags: + Name: eks-dev-eu-west-1a + - tags: + Name: eks-dev-eu-west-1b + - tags: + Name: eks-dev-eu-west-1c + securityGroupSelectorTerms: + - tags: + Name: eks-nodes + - tags: + Name: eks-dev + tags: + cluster: eks-dev + nodegroup: nodes-monitoring + component: eks-karpenter-nodes + created_by: helm + team: devops + innercomponent: monitoring + managed_by: karpenter + blockDeviceMappings: + - deviceName: /dev/xvda + ebs: + deleteOnTermination: true + encrypted: true + iops: 3000 + throughput: 125 + volumeSize: 100Gi + volumeType: gp3 + detailedMonitoring: false + associatePublicIPAddress: false + metadataOptions: + httpEndpoint: enabled + httpProtocolIPv6: disabled + httpPutResponseHopLimit: 2 + httpTokens: required + userData: | + CLUSTER_NAME=eks-dev + INSTANCEGROUP=nodes-monitoring + INSTANCE_ID=`/usr/bin/ec2-metadata --instance-id | awk '{print $2}'` + ID_SUFFIX=`/usr/bin/ec2-metadata --instance-id | awk '{print substr($0,length-5,6)}'` + HOSTNAME="${CLUSTER_NAME}-${INSTANCEGROUP}-$ID_SUFFIX" + hostname $HOSTNAME + echo $HOSTNAME > /etc/hostname + aws ec2 create-tags --resources $INSTANCE_ID --tags=Key=Name,Value=$HOSTNAME + sed -i "s/127.0.0.1 [0-9a-z-]*\s*localhost/127.0.0.1 $HOSTNAME localhost/" /etc/hosts + # Sysctl changes + ## Disable IPv6 + cat < /etc/sysctl.d/10-disable-ipv6.conf + # disable ipv6 config + net.ipv6.conf.all.disable_ipv6 = 1 + net.ipv6.conf.default.disable_ipv6 = 1 + net.ipv6.conf.lo.disable_ipv6 = 1 + EOF + ## Stolen from this guy: https://blog.codeship.com/running-1000-containers-in-docker-swarm/ + cat < /etc/sysctl.d/99-kube-net.conf + # Have a larger connection range available + net.ipv4.ip_local_port_range=1024 65000 + # Reuse closed sockets faster + net.ipv4.tcp_tw_reuse=1 + net.ipv4.tcp_fin_timeout=15 + # The maximum number of "backlogged sockets". Default is 128. + net.core.somaxconn=4096 + net.core.netdev_max_backlog=4096 + # 16MB per socket - which sounds like a lot, + # but will virtually never consume that much. + net.core.rmem_max=16777216 + net.core.wmem_max=16777216 + # Various network tunables + net.ipv4.tcp_max_syn_backlog=20480 + net.ipv4.tcp_max_tw_buckets=400000 + net.ipv4.tcp_no_metrics_save=1 + net.ipv4.tcp_rmem=4096 87380 16777216 + net.ipv4.tcp_syn_retries=2 + net.ipv4.tcp_synack_retries=2 + net.ipv4.tcp_wmem=4096 65536 16777216 + #vm.min_free_kbytes=65536 + # Connection tracking to prevent dropped connections (usually issue on LBs) + net.netfilter.nf_conntrack_max=262144 + net.ipv4.netfilter.ip_conntrack_generic_timeout=120 + net.netfilter.nf_conntrack_tcp_timeout_established=86400 + # ARP cache settings for a highly loaded docker swarm + net.ipv4.neigh.default.gc_thresh1=8096 + net.ipv4.neigh.default.gc_thresh2=12288 + net.ipv4.neigh.default.gc_thresh3=16384 + EOF + systemctl restart systemd-sysctl.service + #Increase RegistryQPS + echo "$(jq '.registryPullQPS=100' /etc/kubernetes/kubelet/kubelet-config.json)" > /etc/kubernetes/kubelet/kubelet-config.json + echo "$(jq '.registryBurst=200' /etc/kubernetes/kubelet/kubelet-config.json)" > /etc/kubernetes/kubelet/kubelet-config.json + mkdir -p /etc/containerd/certs.d/docker.io + cat</etc/containerd/certs.d/docker.io/hosts.toml + server = "https://registry-1.docker.io" + [host."http://registry"] + capabilities = ["pull", "resolve"] + skip_verify = true + EOF +--- +# Source: karpenter_nodes/templates/nodeclass.yaml +apiVersion: karpenter.k8s.aws/v1beta1 +kind: EC2NodeClass +metadata: + name: "nodes-workers-amd64" +spec: + role: eks_nodes_role + amiFamily: AL2 + amiSelectorTerms: + subnetSelectorTerms: + - tags: + Name: eks-dev-eu-west-1a + - tags: + Name: eks-dev-eu-west-1b + - tags: + Name: eks-dev-eu-west-1c + securityGroupSelectorTerms: + - tags: + Name: eks-nodes + - tags: + Name: eks-dev + tags: + cluster: eks-dev + nodegroup: nodes-workers + component: eks-karpenter-nodes + created_by: helm + team: devops + managed_by: karpenter + blockDeviceMappings: + - deviceName: /dev/xvda + ebs: + deleteOnTermination: true + encrypted: true + iops: 3000 + throughput: 125 + volumeSize: 100Gi + volumeType: gp3 + detailedMonitoring: false + associatePublicIPAddress: false + metadataOptions: + httpEndpoint: enabled + httpProtocolIPv6: disabled + httpPutResponseHopLimit: 2 + httpTokens: required + userData: | + CLUSTER_NAME=eks-dev + INSTANCEGROUP=nodes-workers + INSTANCE_ID=`/usr/bin/ec2-metadata --instance-id | awk '{print $2}'` + ID_SUFFIX=`/usr/bin/ec2-metadata --instance-id | awk '{print substr($0,length-5,6)}'` + HOSTNAME="${CLUSTER_NAME}-${INSTANCEGROUP}-$ID_SUFFIX" + hostname $HOSTNAME + echo $HOSTNAME > /etc/hostname + aws ec2 create-tags --resources $INSTANCE_ID --tags=Key=Name,Value=$HOSTNAME + sed -i "s/127.0.0.1 [0-9a-z-]*\s*localhost/127.0.0.1 $HOSTNAME localhost/" /etc/hosts + # Sysctl changes + ## Disable IPv6 + cat < /etc/sysctl.d/10-disable-ipv6.conf + # disable ipv6 config + net.ipv6.conf.all.disable_ipv6 = 1 + net.ipv6.conf.default.disable_ipv6 = 1 + net.ipv6.conf.lo.disable_ipv6 = 1 + EOF + ## Stolen from this guy: https://blog.codeship.com/running-1000-containers-in-docker-swarm/ + cat < /etc/sysctl.d/99-kube-net.conf + # Have a larger connection range available + net.ipv4.ip_local_port_range=1024 65000 + # Reuse closed sockets faster + net.ipv4.tcp_tw_reuse=1 + net.ipv4.tcp_fin_timeout=15 + # The maximum number of "backlogged sockets". Default is 128. + net.core.somaxconn=4096 + net.core.netdev_max_backlog=4096 + # 16MB per socket - which sounds like a lot, + # but will virtually never consume that much. + net.core.rmem_max=16777216 + net.core.wmem_max=16777216 + # Various network tunables + net.ipv4.tcp_max_syn_backlog=20480 + net.ipv4.tcp_max_tw_buckets=400000 + net.ipv4.tcp_no_metrics_save=1 + net.ipv4.tcp_rmem=4096 87380 16777216 + net.ipv4.tcp_syn_retries=2 + net.ipv4.tcp_synack_retries=2 + net.ipv4.tcp_wmem=4096 65536 16777216 + #vm.min_free_kbytes=65536 + # Connection tracking to prevent dropped connections (usually issue on LBs) + net.netfilter.nf_conntrack_max=262144 + net.ipv4.netfilter.ip_conntrack_generic_timeout=120 + net.netfilter.nf_conntrack_tcp_timeout_established=86400 + # ARP cache settings for a highly loaded docker swarm + net.ipv4.neigh.default.gc_thresh1=8096 + net.ipv4.neigh.default.gc_thresh2=12288 + net.ipv4.neigh.default.gc_thresh3=16384 + EOF + systemctl restart systemd-sysctl.service + #Increase RegistryQPS + echo "$(jq '.registryPullQPS=100' /etc/kubernetes/kubelet/kubelet-config.json)" > /etc/kubernetes/kubelet/kubelet-config.json + echo "$(jq '.registryBurst=200' /etc/kubernetes/kubelet/kubelet-config.json)" > /etc/kubernetes/kubelet/kubelet-config.json + mkdir -p /etc/containerd/certs.d/docker.io + cat</etc/containerd/certs.d/docker.io/hosts.toml + server = "https://registry-1.docker.io" + [host."http://registry"] + capabilities = ["pull", "resolve"] + skip_verify = true + EOF +--- +# Source: karpenter_nodes/templates/nodepool.yaml +apiVersion: karpenter.sh/v1beta1 +kind: NodePool +metadata: + name: "nodes-canary-amd64" +spec: + template: + metadata: + labels: + nodegroup: nodes-canary + cluster: eks-dev + spec: + nodeClassRef: + name: nodes-canary-amd64 + taints: + - key: dedicated + effect: NoSchedule + value: nodes_canary + requirements: + - key: "karpenter.k8s.aws/instance-category" + operator: In + values: + - m + - r + - c + - key: "karpenter.k8s.aws/instance-cpu" + operator: In + values: + - "4" + - "8" + - "12" + - "16" + - "24" + - "32" + - "48" + - key: karpenter.k8s.aws/instance-generation + operator: Gt + values: + - "3" + - key: "topology.kubernetes.io/zone" + operator: In + values: + - eu-west-1a + - eu-west-1b + - eu-west-1c + - key: "kubernetes.io/arch" + operator: In + values: + - amd64 + - key: "karpenter.sh/capacity-type" + operator: In + values: + - spot + - key: kubernetes.io/os + operator: In + values: + - linux + - key: "karpenter.k8s.aws/instance-family" + operator: NotIn + values: + - c6a + - m6a + - r6a + - c5a + - m5a + - r5a + - c6ad + - m6ad + - r6ad + - m5ad + - r5ad + - r5ad + - key: "karpenter.k8s.aws/instance-size" + operator: NotIn + values: + - metal + - key: capacity-spread + operator: In + values: + - "1" + - "2" + - "3" + - "4" + - "5" + kubelet: + systemReserved: + cpu: 250m + memory: 200Mi + ephemeral-storage: 2Gi + kubeReserved: + cpu: 250m + memory: 1Gi + ephemeral-storage: 4Gi + evictionHard: + memory.available: 768Mi + nodefs.available: 8% + nodefs.inodesFree: 8% + evictionSoft: + memory.available: 1280Mi + nodefs.available: 10% + nodefs.inodesFree: 15% + imagefs.available: 10% + imagefs.inodesFree: 10% + pid.available: 10% + evictionSoftGracePeriod: + imagefs.available: 10m0s + imagefs.inodesFree: 10m0s + memory.available: 5m0s + nodefs.available: 10m0s + nodefs.inodesFree: 10m0s + pid.available: 2m0s + disruption: + expireAfter: 720h + consolidationPolicy: WhenUnderutilized + weight: 1 +--- +# Source: karpenter_nodes/templates/nodepool.yaml +apiVersion: karpenter.sh/v1beta1 +kind: NodePool +metadata: + name: "nodes-cilium-managed-amd64" +spec: + template: + metadata: + labels: + nodegroup: nodes-cilium-managed + cluster: eks-dev + spec: + nodeClassRef: + name: nodes-cilium-managed-amd64 + taints: + - key: dedicated + effect: NoSchedule + value: nodes_cilium_managed + startupTaints: + - key: node.cilium.io/agent-not-ready + value: "true" + effect: NoExecute + requirements: + - key: "karpenter.k8s.aws/instance-category" + operator: In + values: + - m + - r + - c + - key: "karpenter.k8s.aws/instance-cpu" + operator: In + values: + - "4" + - "8" + - "12" + - "16" + - "24" + - "32" + - "48" + - key: karpenter.k8s.aws/instance-generation + operator: Gt + values: + - "3" + - key: "topology.kubernetes.io/zone" + operator: In + values: + - eu-west-1a + - eu-west-1b + - eu-west-1c + - key: "kubernetes.io/arch" + operator: In + values: + - amd64 + - key: "karpenter.sh/capacity-type" + operator: In + values: + - spot + - key: kubernetes.io/os + operator: In + values: + - linux + - key: "karpenter.k8s.aws/instance-family" + operator: NotIn + values: + - c6a + - m6a + - r6a + - c5a + - m5a + - r5a + - c6ad + - m6ad + - r6ad + - m5ad + - r5ad + - r5ad + - key: "karpenter.k8s.aws/instance-size" + operator: NotIn + values: + - metal + kubelet: + systemReserved: + cpu: 250m + memory: 200Mi + ephemeral-storage: 2Gi + kubeReserved: + cpu: 250m + memory: 1Gi + ephemeral-storage: 4Gi + evictionHard: + memory.available: 768Mi + nodefs.available: 8% + nodefs.inodesFree: 8% + evictionSoft: + memory.available: 1280Mi + nodefs.available: 10% + nodefs.inodesFree: 15% + imagefs.available: 10% + imagefs.inodesFree: 10% + pid.available: 10% + evictionSoftGracePeriod: + imagefs.available: 10m0s + imagefs.inodesFree: 10m0s + memory.available: 5m0s + nodefs.available: 10m0s + nodefs.inodesFree: 10m0s + pid.available: 2m0s + disruption: + expireAfter: 720h + consolidationPolicy: WhenUnderutilized + weight: 1 +--- +# Source: karpenter_nodes/templates/nodepool.yaml +apiVersion: karpenter.sh/v1beta1 +kind: NodePool +metadata: + name: "nodes-default-amd64" +spec: + template: + metadata: + labels: + nodegroup: nodes-default + cluster: eks-dev + spec: + nodeClassRef: + name: nodes-default-amd64 + requirements: + - key: "karpenter.k8s.aws/instance-category" + operator: In + values: + - m + - r + - key: "karpenter.k8s.aws/instance-cpu" + operator: In + values: + - "4" + - "8" + - "12" + - "16" + - "24" + - "32" + - "48" + - key: karpenter.k8s.aws/instance-generation + operator: Gt + values: + - "3" + - key: "topology.kubernetes.io/zone" + operator: In + values: + - eu-west-1a + - eu-west-1b + - eu-west-1c + - key: "kubernetes.io/arch" + operator: In + values: + - amd64 + - key: "karpenter.sh/capacity-type" + operator: In + values: + - spot + - key: kubernetes.io/os + operator: In + values: + - linux + - key: "karpenter.k8s.aws/instance-family" + operator: NotIn + values: + - c6a + - m6a + - r6a + - c5a + - m5a + - r5a + - c6ad + - m6ad + - r6ad + - m5ad + - r5ad + - r5ad + - key: "karpenter.k8s.aws/instance-size" + operator: NotIn + values: + - metal + - key: capacity-spread + operator: In + values: + - "1" + - "2" + - "3" + - "4" + - "5" + kubelet: + systemReserved: + cpu: 250m + memory: 200Mi + ephemeral-storage: 2Gi + kubeReserved: + cpu: 250m + memory: 1Gi + ephemeral-storage: 4Gi + evictionHard: + memory.available: 768Mi + nodefs.available: 8% + nodefs.inodesFree: 8% + evictionSoft: + memory.available: 1280Mi + nodefs.available: 10% + nodefs.inodesFree: 15% + imagefs.available: 10% + imagefs.inodesFree: 10% + pid.available: 10% + evictionSoftGracePeriod: + imagefs.available: 10m0s + imagefs.inodesFree: 10m0s + memory.available: 5m0s + nodefs.available: 10m0s + nodefs.inodesFree: 10m0s + pid.available: 2m0s + disruption: + expireAfter: 720h + consolidationPolicy: WhenUnderutilized + weight: 2 +--- +# Source: karpenter_nodes/templates/nodepool.yaml +apiVersion: karpenter.sh/v1beta1 +kind: NodePool +metadata: + name: "nodes-default-od-amd64" +spec: + template: + metadata: + labels: + nodegroup: nodes-default + cluster: eks-dev + spec: + nodeClassRef: + name: nodes-default-amd64 + requirements: + - key: "karpenter.k8s.aws/instance-category" + operator: In + values: + - m + - r + - key: "karpenter.k8s.aws/instance-cpu" + operator: In + values: + - "4" + - "8" + - "12" + - "16" + - "24" + - "32" + - "48" + - key: karpenter.k8s.aws/instance-generation + operator: Gt + values: + - "4" + - key: "topology.kubernetes.io/zone" + operator: In + values: + - eu-west-1a + - eu-west-1b + - eu-west-1c + - key: "kubernetes.io/arch" + operator: In + values: + - amd64 + - key: "karpenter.sh/capacity-type" + operator: In + values: + - on-demand + - key: kubernetes.io/os + operator: In + values: + - linux + - key: "karpenter.k8s.aws/instance-family" + operator: NotIn + values: + - c6a + - m6a + - r6a + - c5a + - m5a + - r5a + - c6ad + - m6ad + - r6ad + - m5ad + - r5ad + - r5ad + - key: "karpenter.k8s.aws/instance-size" + operator: NotIn + values: + - metal + - key: capacity-spread + operator: In + values: + - "6" + kubelet: + systemReserved: + cpu: 250m + memory: 200Mi + ephemeral-storage: 2Gi + kubeReserved: + cpu: 250m + memory: 1Gi + ephemeral-storage: 4Gi + evictionHard: + memory.available: 768Mi + nodefs.available: 8% + nodefs.inodesFree: 8% + evictionSoft: + memory.available: 1280Mi + nodefs.available: 10% + nodefs.inodesFree: 15% + imagefs.available: 10% + imagefs.inodesFree: 10% + pid.available: 10% + evictionSoftGracePeriod: + imagefs.available: 10m0s + imagefs.inodesFree: 10m0s + memory.available: 5m0s + nodefs.available: 10m0s + nodefs.inodesFree: 10m0s + pid.available: 2m0s + disruption: + expireAfter: 720h + consolidationPolicy: WhenUnderutilized + weight: 1 +--- +# Source: karpenter_nodes/templates/nodepool.yaml +apiVersion: karpenter.sh/v1beta1 +kind: NodePool +metadata: + name: "nodes-gpu-amd64" +spec: + template: + metadata: + labels: + nodegroup: nodes-gpu + cluster: eks-dev + gpu: true + spec: + nodeClassRef: + name: nodes-gpu-amd64 + taints: + - key: dedicated + effect: NoSchedule + value: nodes_gpu + - key: dedicated + value: gpu + effect: NoSchedule + requirements: + - key: "topology.kubernetes.io/zone" + operator: In + values: + - eu-west-1a + - eu-west-1b + - eu-west-1c + - key: "kubernetes.io/arch" + operator: In + values: + - amd64 + - key: "karpenter.sh/capacity-type" + operator: In + values: + - spot + - key: kubernetes.io/os + operator: In + values: + - linux + - key: "karpenter.k8s.aws/instance-family" + operator: NotIn + values: + - c6a + - m6a + - r6a + - c5a + - m5a + - r5a + - c6ad + - m6ad + - r6ad + - m5ad + - r5ad + - r5ad + - key: "karpenter.k8s.aws/instance-size" + operator: NotIn + values: + - metal + - key: node.kubernetes.io/instance-type + operator: In + values: + - g5.xlarge + - g5.2xlarge + - g5.4xlarge + kubelet: + systemReserved: + cpu: 250m + memory: 200Mi + ephemeral-storage: 2Gi + kubeReserved: + cpu: 250m + memory: 1Gi + ephemeral-storage: 4Gi + evictionHard: + memory.available: 768Mi + nodefs.available: 8% + nodefs.inodesFree: 8% + evictionSoft: + memory.available: 1280Mi + nodefs.available: 10% + nodefs.inodesFree: 15% + imagefs.available: 10% + imagefs.inodesFree: 10% + pid.available: 10% + evictionSoftGracePeriod: + imagefs.available: 10m0s + imagefs.inodesFree: 10m0s + memory.available: 5m0s + nodefs.available: 10m0s + nodefs.inodesFree: 10m0s + pid.available: 2m0s + disruption: + expireAfter: 720h + consolidationPolicy: WhenUnderutilized + limits: + cpu: 128 + weight: 1 +--- +# Source: karpenter_nodes/templates/nodepool.yaml +apiVersion: karpenter.sh/v1beta1 +kind: NodePool +metadata: + name: "nodes-ingress-multiarch" +spec: + template: + metadata: + labels: + nodegroup: nodes-ingress + cluster: eks-dev + spec: + nodeClassRef: + name: nodes-ingress-multiarch + taints: + - key: dedicated + effect: NoSchedule + value: nodes_ingress + requirements: + - key: "karpenter.k8s.aws/instance-category" + operator: In + values: + - m + - r + - c + - key: "karpenter.k8s.aws/instance-cpu" + operator: In + values: + - "8" + - key: karpenter.k8s.aws/instance-generation + operator: Gt + values: + - "6" + - key: "topology.kubernetes.io/zone" + operator: In + values: + - eu-west-1a + - eu-west-1b + - eu-west-1c + - key: "kubernetes.io/arch" + operator: In + values: + - amd64 + - arm64 + - key: "karpenter.sh/capacity-type" + operator: In + values: + - on-demand + - key: kubernetes.io/os + operator: In + values: + - linux + - key: "karpenter.k8s.aws/instance-family" + operator: NotIn + values: + - c6a + - m6a + - r6a + - c5a + - m5a + - r5a + - c6ad + - m6ad + - r6ad + - m5ad + - r5ad + - r5ad + - key: "karpenter.k8s.aws/instance-size" + operator: NotIn + values: + - metal + kubelet: + systemReserved: + cpu: 250m + memory: 200Mi + ephemeral-storage: 2Gi + kubeReserved: + cpu: 250m + memory: 1Gi + ephemeral-storage: 4Gi + evictionHard: + memory.available: 768Mi + nodefs.available: 8% + nodefs.inodesFree: 8% + evictionSoft: + memory.available: 1280Mi + nodefs.available: 10% + nodefs.inodesFree: 15% + imagefs.available: 10% + imagefs.inodesFree: 10% + pid.available: 10% + evictionSoftGracePeriod: + imagefs.available: 10m0s + imagefs.inodesFree: 10m0s + memory.available: 5m0s + nodefs.available: 10m0s + nodefs.inodesFree: 10m0s + pid.available: 2m0s + disruption: + expireAfter: Never + consolidationPolicy: WhenUnderutilized + weight: 1 +--- +# Source: karpenter_nodes/templates/nodepool.yaml +apiVersion: karpenter.sh/v1beta1 +kind: NodePool +metadata: + name: "nodes-jobs-amd64" +spec: + template: + metadata: + labels: + nodegroup: nodes-jobs + cluster: eks-dev + spec: + nodeClassRef: + name: nodes-jobs-amd64 + taints: + - key: dedicated + effect: NoSchedule + value: nodes_jobs + requirements: + - key: "karpenter.k8s.aws/instance-category" + operator: In + values: + - m + - r + - c + - key: "karpenter.k8s.aws/instance-cpu" + operator: In + values: + - "8" + - "16" + - key: karpenter.k8s.aws/instance-generation + operator: Gt + values: + - "3" + - key: "topology.kubernetes.io/zone" + operator: In + values: + - eu-west-1a + - eu-west-1b + - eu-west-1c + - key: "kubernetes.io/arch" + operator: In + values: + - amd64 + - key: "karpenter.sh/capacity-type" + operator: In + values: + - on-demand + - key: kubernetes.io/os + operator: In + values: + - linux + - key: "karpenter.k8s.aws/instance-family" + operator: NotIn + values: + - c6a + - m6a + - r6a + - c5a + - m5a + - r5a + - c6ad + - m6ad + - r6ad + - m5ad + - r5ad + - r5ad + - key: "karpenter.k8s.aws/instance-size" + operator: NotIn + values: + - metal + kubelet: + systemReserved: + cpu: 250m + memory: 200Mi + ephemeral-storage: 2Gi + kubeReserved: + cpu: 250m + memory: 1Gi + ephemeral-storage: 4Gi + evictionHard: + memory.available: 768Mi + nodefs.available: 8% + nodefs.inodesFree: 8% + evictionSoft: + memory.available: 1280Mi + nodefs.available: 10% + nodefs.inodesFree: 15% + imagefs.available: 10% + imagefs.inodesFree: 10% + pid.available: 10% + evictionSoftGracePeriod: + imagefs.available: 10m0s + imagefs.inodesFree: 10m0s + memory.available: 5m0s + nodefs.available: 10m0s + nodefs.inodesFree: 10m0s + pid.available: 2m0s + disruption: + expireAfter: Never + consolidationPolicy: WhenEmpty + consolidateAfter: 5m + weight: 1 +--- +# Source: karpenter_nodes/templates/nodepool.yaml +apiVersion: karpenter.sh/v1beta1 +kind: NodePool +metadata: + name: "nodes-monitoring-multiarch" +spec: + template: + metadata: + labels: + nodegroup: nodes-monitoring + cluster: eks-dev + prometheus-scrape: true + spec: + nodeClassRef: + name: nodes-monitoring-multiarch + taints: + - key: dedicated + effect: NoSchedule + value: nodes_monitoring + requirements: + - key: "karpenter.k8s.aws/instance-category" + operator: In + values: + - m + - r + - c + - key: "karpenter.k8s.aws/instance-cpu" + operator: In + values: + - "4" + - "8" + - "12" + - "16" + - "24" + - "32" + - "48" + - key: karpenter.k8s.aws/instance-generation + operator: Gt + values: + - "3" + - key: "topology.kubernetes.io/zone" + operator: In + values: + - eu-west-1a + - eu-west-1b + - eu-west-1c + - key: "kubernetes.io/arch" + operator: In + values: + - amd64 + - arm64 + - key: "karpenter.sh/capacity-type" + operator: In + values: + - on-demand + - key: kubernetes.io/os + operator: In + values: + - linux + - key: "karpenter.k8s.aws/instance-family" + operator: NotIn + values: + - key: "karpenter.k8s.aws/instance-size" + operator: NotIn + values: + - metal + kubelet: + systemReserved: + cpu: 250m + memory: 200Mi + ephemeral-storage: 2Gi + kubeReserved: + cpu: 250m + memory: 1Gi + ephemeral-storage: 4Gi + evictionHard: + memory.available: 768Mi + nodefs.available: 8% + nodefs.inodesFree: 8% + evictionSoft: + memory.available: 1280Mi + nodefs.available: 10% + nodefs.inodesFree: 15% + imagefs.available: 10% + imagefs.inodesFree: 10% + pid.available: 10% + evictionSoftGracePeriod: + imagefs.available: 10m0s + imagefs.inodesFree: 10m0s + memory.available: 5m0s + nodefs.available: 10m0s + nodefs.inodesFree: 10m0s + pid.available: 2m0s + disruption: + expireAfter: Never + consolidationPolicy: WhenUnderutilized + weight: 1 +--- +# Source: karpenter_nodes/templates/nodepool.yaml +apiVersion: karpenter.sh/v1beta1 +kind: NodePool +metadata: + name: "nodes-workers-amd64" +spec: + template: + metadata: + labels: + nodegroup: nodes-workers + cluster: eks-dev + spec: + nodeClassRef: + name: nodes-workers-amd64 + taints: + - key: dedicated + effect: NoSchedule + value: nodes_workers + requirements: + - key: "karpenter.k8s.aws/instance-category" + operator: In + values: + - m + - r + - key: "karpenter.k8s.aws/instance-cpu" + operator: In + values: + - "4" + - "8" + - "12" + - "16" + - "24" + - "32" + - "48" + - key: karpenter.k8s.aws/instance-generation + operator: Gt + values: + - "3" + - key: "topology.kubernetes.io/zone" + operator: In + values: + - eu-west-1a + - eu-west-1b + - eu-west-1c + - key: "kubernetes.io/arch" + operator: In + values: + - amd64 + - key: "karpenter.sh/capacity-type" + operator: In + values: + - spot + - key: kubernetes.io/os + operator: In + values: + - linux + - key: "karpenter.k8s.aws/instance-family" + operator: NotIn + values: + - c6a + - m6a + - r6a + - c5a + - m5a + - r5a + - c6ad + - m6ad + - r6ad + - m5ad + - r5ad + - r5ad + - key: "karpenter.k8s.aws/instance-size" + operator: NotIn + values: + - metal + - key: capacity-spread + operator: In + values: + - "1" + - "2" + - "3" + - "4" + - "5" + kubelet: + systemReserved: + cpu: 250m + memory: 200Mi + ephemeral-storage: 2Gi + kubeReserved: + cpu: 250m + memory: 1Gi + ephemeral-storage: 4Gi + evictionHard: + memory.available: 768Mi + nodefs.available: 8% + nodefs.inodesFree: 8% + evictionSoft: + memory.available: 1280Mi + nodefs.available: 10% + nodefs.inodesFree: 15% + imagefs.available: 10% + imagefs.inodesFree: 10% + pid.available: 10% + evictionSoftGracePeriod: + imagefs.available: 10m0s + imagefs.inodesFree: 10m0s + memory.available: 5m0s + nodefs.available: 10m0s + nodefs.inodesFree: 10m0s + pid.available: 2m0s + disruption: + expireAfter: 720h + consolidationPolicy: WhenUnderutilized + weight: 2 +--- +# Source: karpenter_nodes/templates/nodepool.yaml +apiVersion: karpenter.sh/v1beta1 +kind: NodePool +metadata: + name: "nodes-workers-c-amd64" +spec: + template: + metadata: + labels: + nodegroup: nodes-workers + cluster: eks-dev + spec: + nodeClassRef: + name: nodes-workers-amd64 + taints: + - key: dedicated + effect: NoSchedule + value: nodes_workers + requirements: + - key: "karpenter.k8s.aws/instance-category" + operator: In + values: + - c + - key: "karpenter.k8s.aws/instance-cpu" + operator: In + values: + - "4" + - "8" + - "12" + - "16" + - "24" + - "32" + - "48" + - key: karpenter.k8s.aws/instance-generation + operator: Gt + values: + - "3" + - key: "topology.kubernetes.io/zone" + operator: In + values: + - eu-west-1a + - eu-west-1b + - eu-west-1c + - key: "kubernetes.io/arch" + operator: In + values: + - amd64 + - key: "karpenter.sh/capacity-type" + operator: In + values: + - spot + - key: kubernetes.io/os + operator: In + values: + - linux + - key: "karpenter.k8s.aws/instance-family" + operator: NotIn + values: + - c6a + - m6a + - r6a + - c5a + - m5a + - r5a + - c6ad + - m6ad + - r6ad + - m5ad + - r5ad + - r5ad + - key: "karpenter.k8s.aws/instance-size" + operator: NotIn + values: + - metal + - key: capacity-spread + operator: In + values: + - "1" + - "2" + - "3" + - "4" + - "5" + kubelet: + systemReserved: + cpu: 250m + memory: 200Mi + ephemeral-storage: 2Gi + kubeReserved: + cpu: 250m + memory: 1Gi + ephemeral-storage: 4Gi + evictionHard: + memory.available: 768Mi + nodefs.available: 8% + nodefs.inodesFree: 8% + evictionSoft: + memory.available: 1280Mi + nodefs.available: 10% + nodefs.inodesFree: 15% + imagefs.available: 10% + imagefs.inodesFree: 10% + pid.available: 10% + evictionSoftGracePeriod: + imagefs.available: 10m0s + imagefs.inodesFree: 10m0s + memory.available: 5m0s + nodefs.available: 10m0s + nodefs.inodesFree: 10m0s + pid.available: 2m0s + disruption: + expireAfter: 720h + consolidationPolicy: WhenUnderutilized + weight: 1 diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/examples/userdata.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/examples/userdata.yaml new file mode 100644 index 00000000..bd9ac6f6 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/examples/userdata.yaml @@ -0,0 +1,67 @@ +registry: "https://registry-1.docker.io" +registryCache: "true" +registryHost: "http://registry" + +userData: | + CLUSTER_NAME={{ $.Values.clusterName }} + INSTANCEGROUP={{ .value.nodeGroupLabel | default .key }} + INSTANCE_ID=`/usr/bin/ec2-metadata --instance-id | awk '{print $2}'` + ID_SUFFIX=`/usr/bin/ec2-metadata --instance-id | awk '{print substr($0,length-5,6)}'` + HOSTNAME="${CLUSTER_NAME}-${INSTANCEGROUP}-$ID_SUFFIX" + hostname $HOSTNAME + echo $HOSTNAME > /etc/hostname + aws ec2 create-tags --resources $INSTANCE_ID --tags=Key=Name,Value=$HOSTNAME + sed -i "s/127.0.0.1 [0-9a-z-]*\s*localhost/127.0.0.1 $HOSTNAME localhost/" /etc/hosts + # Sysctl changes + ## Disable IPv6 + cat < /etc/sysctl.d/10-disable-ipv6.conf + # disable ipv6 config + net.ipv6.conf.all.disable_ipv6 = 1 + net.ipv6.conf.default.disable_ipv6 = 1 + net.ipv6.conf.lo.disable_ipv6 = 1 + EOF + ## Stolen from this guy: https://blog.codeship.com/running-1000-containers-in-docker-swarm/ + cat < /etc/sysctl.d/99-kube-net.conf + # Have a larger connection range available + net.ipv4.ip_local_port_range=1024 65000 + # Reuse closed sockets faster + net.ipv4.tcp_tw_reuse=1 + net.ipv4.tcp_fin_timeout=15 + # The maximum number of "backlogged sockets". Default is 128. + net.core.somaxconn=4096 + net.core.netdev_max_backlog=4096 + # 16MB per socket - which sounds like a lot, + # but will virtually never consume that much. + net.core.rmem_max=16777216 + net.core.wmem_max=16777216 + # Various network tunables + net.ipv4.tcp_max_syn_backlog=20480 + net.ipv4.tcp_max_tw_buckets=400000 + net.ipv4.tcp_no_metrics_save=1 + net.ipv4.tcp_rmem=4096 87380 16777216 + net.ipv4.tcp_syn_retries=2 + net.ipv4.tcp_synack_retries=2 + net.ipv4.tcp_wmem=4096 65536 16777216 + #vm.min_free_kbytes=65536 + # Connection tracking to prevent dropped connections (usually issue on LBs) + net.netfilter.nf_conntrack_max=262144 + net.ipv4.netfilter.ip_conntrack_generic_timeout=120 + net.netfilter.nf_conntrack_tcp_timeout_established=86400 + # ARP cache settings for a highly loaded docker swarm + net.ipv4.neigh.default.gc_thresh1=8096 + net.ipv4.neigh.default.gc_thresh2=12288 + net.ipv4.neigh.default.gc_thresh3=16384 + EOF + systemctl restart systemd-sysctl.service + #Increase RegistryQPS + echo "$(jq '.registryPullQPS=100' /etc/kubernetes/kubelet/kubelet-config.json)" > /etc/kubernetes/kubelet/kubelet-config.json + echo "$(jq '.registryBurst=200' /etc/kubernetes/kubelet/kubelet-config.json)" > /etc/kubernetes/kubelet/kubelet-config.json + {{- if eq ( .value.registryCache | default $.Values.registryCache ) "true" }} + mkdir -p /etc/containerd/certs.d/docker.io + cat</etc/containerd/certs.d/docker.io/hosts.toml + server = "{{ .value.registry | default $.Values.registry }}" + [host."{{ .value.registryHost | default $.Values.registryHost }}"] + capabilities = ["pull", "resolve"] + skip_verify = true + EOF + {{- end }} diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/grafana/Karpenter-OverView.json b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/grafana/Karpenter-OverView.json new file mode 100644 index 00000000..0e372b47 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/grafana/Karpenter-OverView.json @@ -0,0 +1,1935 @@ +{ + "__inputs": [ + { + "name": "DS_PROMETHEUS", + "label": "prometheus", + "description": "", + "type": "datasource", + "pluginId": "prometheus", + "pluginName": "Prometheus" + } + ], + "__elements": [], + "__requires": [ + { + "type": "panel", + "id": "bargauge", + "name": "Bar gauge", + "version": "" + }, + { + "type": "grafana", + "id": "grafana", + "name": "Grafana", + "version": "8.4.4" + }, + { + "type": "datasource", + "id": "prometheus", + "name": "Prometheus", + "version": "1.0.0" + }, + { + "type": "panel", + "id": "stat", + "name": "Stat", + "version": "" + }, + { + "type": "panel", + "id": "timeseries", + "name": "Time series", + "version": "" + } + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 1, + "id": null, + "iteration": 1712640887031, + "links": [], + "liveNow": false, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "super-light-purple", + "mode": "fixed" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 40, + "options": { + "colorMode": "background", + "graphMode": "none", + "justifyMode": "center", + "orientation": "vertical", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": { + "titleSize": 40, + "valueSize": 40 + }, + "textMode": "value_and_name" + }, + "pluginVersion": "8.4.4", + "repeat": "CLUSTER", + "repeatDirection": "v", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": false, + "expr": "sum(karpenter_nodeclaims_terminated{reason=\"interruption\",cluster=~\"$CLUSTER\"}) by (nodepool) - (sum(karpenter_nodeclaims_terminated{reason=\"interruption\",cluster=~\"$CLUSTER\"}) by (nodepool) offset $timediff)", + "instant": true, + "interval": "", + "legendFormat": "{{nodepool}}", + "refId": "A" + } + ], + "title": "$CLUSTER Total Interruptions - during $timediff", + "transparent": true, + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 6 + }, + "id": 38, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "mean" + ], + "displayMode": "table", + "placement": "right", + "sortBy": "Max", + "sortDesc": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum(rate(container_cpu_usage_seconds_total{pod=~\"karpenter.*\"})) by (cluster, pod)", + "interval": "", + "legendFormat": "[{{cluster}}]{{pod}}", + "refId": "A" + } + ], + "title": "CPU Usage", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 6 + }, + "id": 39, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "mean" + ], + "displayMode": "table", + "placement": "right", + "sortBy": "Max", + "sortDesc": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum(container_memory_usage_bytes{pod=~\"karpenter.*\"}) by (cluster, pod)", + "interval": "", + "legendFormat": "[{{cluster}}]{{pod}}", + "refId": "A" + } + ], + "title": "Memory Usage", + "type": "timeseries" + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 14 + }, + "id": 22, + "panels": [], + "title": "Cluster Capacity", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 15 + }, + "id": 35, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "mean" + ], + "displayMode": "table", + "placement": "right", + "sortBy": "Max", + "sortDesc": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "repeat": "CLUSTER", + "repeatDirection": "v", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "count(kube_node_labels{cluster=~\"$CLUSTER\",label_karpenter_sh_capacity_type!=\"\"}) by (label_karpenter_sh_nodepool, label_karpenter_sh_capacity_type)", + "interval": "", + "legendFormat": "[{{label_karpenter_sh_capacity_type}}]{{label_karpenter_sh_nodepool}} ", + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "count(kube_node_labels{cluster=~\"$CLUSTER\",label_karpenter_sh_capacity_type!=\"\"}) by ( label_karpenter_sh_capacity_type)", + "hide": false, + "interval": "", + "legendFormat": "TOTAL [{{label_karpenter_sh_capacity_type}}]", + "refId": "B" + } + ], + "title": "Spot/OD by Provisioners - $CLUSTER", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 24 + }, + "id": 30, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "mean" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "sum(karpenter_nodepool_usage) by (cluster, nodepool, resource_type) / sum(karpenter_nodepool_limit) by (cluster, nodepool, resource_type)", + "interval": "", + "legendFormat": "[{{cluster}}] {{nodepool}} {{resource_type}}", + "range": true, + "refId": "A" + } + ], + "title": "NodeGroup Usage Out Of limit", + "type": "timeseries" + }, + { + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 31 + }, + "id": 13, + "title": "Provisioning", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineStyle": { + "fill": "solid" + }, + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "opm" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 32 + }, + "id": 19, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "min", + "max", + "sum" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "sum(increase(karpenter_nodeclaims_created[1m])) by (cluster, nodepool, reason)", + "interval": "", + "legendFormat": "[A][{{cluster}} {{nodepool}}]{{reason}}", + "range": true, + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "- sum(increase(karpenter_nodeclaims_terminated[1m])) by (cluster, reason, nodepool)", + "hide": false, + "interval": "", + "legendFormat": "[R][{{cluster}} {{nodepool}}]{{reason}}", + "range": true, + "refId": "B" + } + ], + "title": "Created/Removed Nodes", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "left", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineStyle": { + "fill": "solid" + }, + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 32 + }, + "id": 20, + "maxDataPoints": 9999999999, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "min", + "max" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true, + "sortBy": "Total", + "sortDesc": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "sum(idelta(karpenter_nodeclaims_terminated{reason=\"interruption\"}[1m])) by (nodepool, cluster)", + "hide": false, + "interval": "", + "legendFormat": "[{{cluster}}] {{nodepool}}", + "range": true, + "refId": "A" + } + ], + "thresholds": [ + { + "colorMode": "critical", + "op": "gt", + "value": 10, + "visible": true + } + ], + "title": "Karpenter Spot Interruptions", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "opm" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 40 + }, + "id": 11, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "mean", + "sum" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "sum(irate(karpenter_cloudprovider_duration_seconds_count{method!=\"GetInstanceTypes\"}[1m])) by (cluster, method) * 60", + "interval": "", + "legendFormat": "{{cluster}} {{method}}", + "range": true, + "refId": "A" + } + ], + "title": "Instance Provisioning Actions", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "opm" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 40 + }, + "id": 9, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "mean", + "max", + "sum" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "sum(increase(karpenter_interruption_actions_performed[1m])) by (action_type,cluster)", + "interval": "", + "legendFormat": "[{{cluster}}]{{action_type}}", + "range": true, + "refId": "A" + } + ], + "title": "Interruption actions", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 48 + }, + "id": 6, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "mean", + "max" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "sum(increase(karpenter_deprovisioning_actions_performed[5m])) by (action)", + "interval": "", + "legendFormat": "{{action}}", + "range": true, + "refId": "A" + } + ], + "title": "Deprovisioning", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 48 + }, + "id": 4, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "mean", + "max" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "histogram_quantile($perc, sum(rate(karpenter_cloudprovider_duration_seconds_bucket{method!=\"GetInstanceTypes\"}[5m])) by (le, method))", + "interval": "", + "legendFormat": "{{method}}", + "range": true, + "refId": "A" + } + ], + "title": "AWS Requests", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "opm" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 56 + }, + "id": 8, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "mean", + "max" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "sum(irate(karpenter_interruption_received_messages[1m])) by (message_type, cluster) * 60", + "hide": false, + "interval": "", + "legendFormat": "{{cluster}}_{{message_type}}", + "range": true, + "refId": "B" + } + ], + "title": "Interruption messages", + "type": "timeseries" + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 64 + }, + "id": 24, + "panels": [], + "title": "Workers", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 65 + }, + "id": 26, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "mean" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true, + "sortBy": "Mean", + "sortDesc": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "sum(controller_runtime_active_workers{service=\"karpenter\"}) by (cluster, controller) / sum(controller_runtime_max_concurrent_reconciles{service=\"karpenter\"}) by (cluster, controller)", + "legendFormat": "[{{cluster}}] {{controller}}", + "range": true, + "refId": "A" + } + ], + "title": "Workers Utilization", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 65 + }, + "id": 28, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "mean" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true, + "sortBy": "Mean", + "sortDesc": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "sum(rate(controller_runtime_reconcile_errors_total{service=\"karpenter\"}[5m])) by (cluster, controller)", + "legendFormat": "[{{cluster}}] {{controller}}", + "range": true, + "refId": "A" + } + ], + "title": "Reconcile errors rate", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 14, + "w": 12, + "x": 0, + "y": 73 + }, + "id": 50, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "mean" + ], + "displayMode": "table", + "placement": "right" + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "histogram_quantile($perc, rate(controller_runtime_reconcile_time_seconds_bucket{controller=~\"$controller\",cluster=~\"$CLUSTER\"}[10m]))", + "hide": false, + "interval": "", + "legendFormat": "[$perc {{controller}}] {{cluster}}", + "range": true, + "refId": "Minimum" + } + ], + "title": "Controller Reconciliation Latency [$controller]", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "reqps" + }, + "overrides": [] + }, + "gridPos": { + "h": 14, + "w": 12, + "x": 12, + "y": 73 + }, + "id": 54, + "options": { + "displayMode": "gradient", + "minVizHeight": 10, + "minVizWidth": 0, + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showUnfilled": true + }, + "pluginVersion": "8.4.4", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "sum(rate(controller_runtime_reconcile_total{cluster=~\"$CLUSTER\",controller=~\"$controller\"}[10m])) by (controller,cluster)", + "interval": "", + "legendFormat": "[{{cluster}}]{{controller}}", + "range": true, + "refId": "A", + "target": "" + } + ], + "title": "Controller Reconciliation Rate", + "type": "bargauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 87 + }, + "id": 46, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "mean" + ], + "displayMode": "table", + "placement": "right" + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "karpenter_nodes_termination_time_seconds{quantile=\"$quantile\"}", + "hide": false, + "interval": "", + "legendFormat": "[$quantile][{{cluster}}]{{nodepool}}", + "range": true, + "refId": "C" + } + ], + "title": "Node Termination Latency", + "type": "timeseries" + } + ], + "refresh": false, + "schemaVersion": 35, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "current": { + "selected": true, + "text": "0.9", + "value": "0.9" + }, + "hide": 0, + "includeAll": false, + "label": "Percentile", + "multi": false, + "name": "perc", + "options": [ + { + "selected": false, + "text": "0.5", + "value": "0.5" + }, + { + "selected": false, + "text": "0.8", + "value": "0.8" + }, + { + "selected": true, + "text": "0.9", + "value": "0.9" + }, + { + "selected": false, + "text": "1", + "value": "1" + } + ], + "query": "0.5, 0.8, 0.9,1", + "queryValue": "", + "skipUrlSync": false, + "type": "custom" + }, + { + "current": { + "selected": false, + "text": "1d", + "value": "1d" + }, + "hide": 0, + "includeAll": false, + "multi": false, + "name": "timediff", + "options": [ + { + "selected": true, + "text": "1d", + "value": "1d" + }, + { + "selected": false, + "text": "2d", + "value": "2d" + }, + { + "selected": false, + "text": "5d", + "value": "5d" + }, + { + "selected": false, + "text": "7d", + "value": "7d" + }, + { + "selected": false, + "text": "14d", + "value": "14d" + }, + { + "selected": false, + "text": "30d", + "value": "30d" + }, + { + "selected": false, + "text": "60d", + "value": "60d" + }, + { + "selected": false, + "text": "90d", + "value": "90d" + } + ], + "query": "1d,2d,5d,7d,14d,30d,60d,90d", + "queryValue": "", + "skipUrlSync": false, + "type": "custom" + }, + { + "current": {}, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "definition": "label_values(cluster)", + "hide": 0, + "includeAll": true, + "multi": true, + "name": "CLUSTER", + "options": [], + "query": { + "query": "label_values(cluster)", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + }, + { + "current": {}, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "definition": "label_values(karpenter_nodes_termination_time_seconds,quantile)", + "hide": 0, + "includeAll": false, + "multi": false, + "name": "quantile", + "options": [], + "query": { + "query": "label_values(karpenter_nodes_termination_time_seconds,quantile)", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + }, + { + "current": {}, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "definition": "label_values(controller_runtime_reconcile_time_seconds_count, controller)", + "hide": 0, + "includeAll": true, + "multi": true, + "name": "controller", + "options": [], + "query": { + "query": "label_values(controller_runtime_reconcile_time_seconds_count, controller)", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "Karpenter-for-export", + "uid": "ctAxtWaIk", + "version": 12, + "weekStart": "" +} \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/grafana/Karpenter-Per-NodeGroup.json b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/grafana/Karpenter-Per-NodeGroup.json new file mode 100644 index 00000000..014fd68f --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/grafana/Karpenter-Per-NodeGroup.json @@ -0,0 +1,2499 @@ +{ + "__inputs": [ + { + "name": "DS_PROMETHEUS", + "label": "prometheus", + "description": "", + "type": "datasource", + "pluginId": "prometheus", + "pluginName": "Prometheus" + } + ], + "__elements": [], + "__requires": [ + { + "type": "panel", + "id": "bargauge", + "name": "Bar gauge", + "version": "" + }, + { + "type": "grafana", + "id": "grafana", + "name": "Grafana", + "version": "8.4.4" + }, + { + "type": "panel", + "id": "piechart", + "name": "Pie chart", + "version": "" + }, + { + "type": "datasource", + "id": "prometheus", + "name": "Prometheus", + "version": "1.0.0" + }, + { + "type": "panel", + "id": "stat", + "name": "Stat", + "version": "" + }, + { + "type": "panel", + "id": "timeseries", + "name": "Time series", + "version": "" + } + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 1, + "id": null, + "iteration": 1713189648192, + "links": [], + "liveNow": false, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "super-light-purple", + "mode": "fixed" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 4, + "x": 0, + "y": 0 + }, + "id": 32, + "options": { + "colorMode": "background", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": { + "titleSize": 40, + "valueSize": 40 + }, + "textMode": "value_and_name" + }, + "pluginVersion": "8.4.4", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": false, + "expr": "sum(karpenter_nodeclaims_terminated{reason=\"interruption\",cluster=\"$CLUSTER\", nodepool=~\"$NODEPOOL\"}) by (nodepool)", + "instant": true, + "interval": "", + "legendFormat": "{{nodepool}}", + "refId": "A" + } + ], + "title": "Total Interruptions", + "transparent": true, + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 4, + "x": 4, + "y": 0 + }, + "id": 36, + "options": { + "displayLabels": [ + "percent", + "name" + ], + "legend": { + "displayMode": "hidden", + "placement": "bottom" + }, + "pieType": "pie", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "8.4.4", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": false, + "expr": "count(kube_node_labels{cluster=\"$CLUSTER\",label_nodegroup=\"$NODEGROUP\", label_karpenter_sh_capacity_type!=\"\"}) by (label_karpenter_sh_capacity_type)", + "instant": true, + "interval": "", + "legendFormat": "{{label_karpenter_sh_capacity_type}}", + "refId": "A" + } + ], + "title": "LifeCycles", + "transparent": true, + "type": "piechart" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 4, + "x": 8, + "y": 0 + }, + "id": 40, + "options": { + "displayLabels": [ + "percent", + "name" + ], + "legend": { + "displayMode": "hidden", + "placement": "bottom" + }, + "pieType": "pie", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "8.4.4", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": false, + "expr": "count(kube_node_labels{cluster=\"$CLUSTER\",label_nodegroup=\"$NODEGROUP\", label_topology_kubernetes_io_zone!=\"\"}) by (label_topology_kubernetes_io_zone)", + "instant": true, + "interval": "", + "legendFormat": "{{label_topology_kubernetes_io_zone}}", + "refId": "A" + } + ], + "title": "AZ ", + "transparent": true, + "type": "piechart" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "continuous-BlYlRd" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 3, + "x": 12, + "y": 0 + }, + "id": 39, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "8.4.4", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "sum(karpenter_nodepool_usage{cluster=\"$CLUSTER\",nodepool=~\"$NODEPOOL\",resource_type=\"memory\"} / 1024 /1024 / 1024) / \nsum(karpenter_nodepool_usage{cluster=\"$CLUSTER\",nodepool=~\"$NODEPOOL\",resource_type=\"cpu\"}) ", + "format": "table", + "instant": true, + "interval": "", + "legendFormat": "", + "range": true, + "refId": "A" + } + ], + "title": "Memory / CPU Ratio", + "transparent": true, + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "semi-dark-blue", + "value": null + }, + { + "color": "red", + "value": 1536 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 3, + "x": 15, + "y": 0 + }, + "id": 38, + "options": { + "colorMode": "background", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "8.4.4", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "sum(karpenter_nodepool_usage{cluster=\"$CLUSTER\",nodepool=~\"$NODEPOOL\",resource_type=\"cpu\"})", + "format": "table", + "instant": true, + "interval": "", + "legendFormat": "", + "range": true, + "refId": "A" + } + ], + "title": "Total cores $NODEGROUP", + "transparent": true, + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "continuous-BlYlRd" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1536 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 3, + "x": 18, + "y": 0 + }, + "id": 37, + "options": { + "colorMode": "background", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "/^Value$/", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "8.4.4", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "sum(karpenter_nodepool_usage{cluster=\"$CLUSTER\",nodepool=~\"$NODEPOOL\",resource_type=\"memory\"} /1024 /1024 /1024)", + "format": "table", + "instant": true, + "interval": "", + "legendFormat": "", + "range": true, + "refId": "A" + } + ], + "title": "Total Memory (Gb)", + "transparent": true, + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 3, + "x": 21, + "y": 0 + }, + "id": 41, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "8.4.4", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "sum(karpenter_nodepool_usage{cluster=\"$CLUSTER\", nodepool=~\"$NODEPOOL\"}) by (resource_type, nodepool) / sum(karpenter_nodepool_limit{cluster=\"$CLUSTER\", nodepool=~\"$NODEPOOL\"}) by (resource_type, nodepool)", + "instant": false, + "interval": "", + "legendFormat": "{{resource_type}} {{nodepool}}", + "range": true, + "refId": "A" + } + ], + "title": "NodeGroup Usage Out Of limit", + "transparent": true, + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 7, + "x": 0, + "y": 7 + }, + "id": 44, + "options": { + "displayLabels": [ + "percent", + "name" + ], + "legend": { + "displayMode": "table", + "placement": "right", + "values": [ + "value" + ] + }, + "pieType": "pie", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "8.4.4", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": false, + "expr": "count(kube_node_labels{cluster=\"$CLUSTER\",label_nodegroup=\"$NODEGROUP\", label_karpenter_sh_capacity_type!=\"\"}) by (label_node_kubernetes_io_instance_type)", + "instant": true, + "interval": "", + "legendFormat": "{{label_node_kubernetes_io_instance_type}}", + "refId": "A" + } + ], + "title": "Instance Types", + "transparent": true, + "type": "piechart" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "continuous-YlBl" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 500 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 3, + "x": 7, + "y": 7 + }, + "id": 42, + "options": { + "displayMode": "gradient", + "orientation": "vertical", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showUnfilled": true + }, + "pluginVersion": "8.4.4", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "sum(karpenter_nodes_created{cluster=\"$CLUSTER\", nodepool=~\"$NODEPOOL\"}) by (nodepool)", + "format": "time_series", + "instant": false, + "interval": "", + "legendFormat": "Created by {{provisioner}}", + "range": true, + "refId": "A" + } + ], + "title": "Total Created Nodes", + "type": "bargauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 5, + "x": 10, + "y": 7 + }, + "id": 47, + "options": { + "displayLabels": [ + "name" + ], + "legend": { + "displayMode": "hidden", + "placement": "bottom" + }, + "pieType": "pie", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "8.4.4", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "sum(karpenter_nodeclaims_drifted{cluster=\"$CLUSTER\", nodepool=~\"$NODEPOOL\"}) by (type)", + "format": "time_series", + "hide": false, + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{type}}", + "range": true, + "refId": "B" + } + ], + "title": "Drift types", + "type": "piechart" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "continuous-GrYlRd" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 9, + "x": 15, + "y": 7 + }, + "id": 43, + "options": { + "displayMode": "gradient", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showUnfilled": true + }, + "pluginVersion": "8.4.4", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "sum(karpenter_nodeclaims_terminated{cluster=\"$CLUSTER\", nodepool=~\"$NODEPOOL\"}) by (nodepool, reason)", + "format": "time_series", + "hide": false, + "instant": false, + "interval": "", + "legendFormat": "Removed by {{provisioner}} {{reason}}", + "range": true, + "refId": "B" + } + ], + "title": "Total Removed Nodes", + "type": "bargauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "currencyUSD" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 15 + }, + "id": 52, + "interval": "1h", + "options": { + "displayMode": "gradient", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showUnfilled": true + }, + "pluginVersion": "8.4.4", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum_over_time(sum(count(label_replace(kube_node_labels_mixin{cluster=\"$CLUSTER\",label_nodegroup=\"$NODEGROUP\",label_karpenter_sh_capacity_type=\"spot\"}, \"instance_type\", \"$1\", \"label_node_kubernetes_io_instance_type\", \"(.+)\")) by (instance_type) * on (instance_type) max(karpenter_cloudprovider_instance_type_price_estimate{cluster=\"$CLUSTER\",capacity_type=\"spot\"}) by (instance_type))[1d])", + "instant": false, + "interval": "", + "legendFormat": "Day", + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum_over_time(sum(count(label_replace(kube_node_labels_mixin{cluster=\"$CLUSTER\",label_nodegroup=\"$NODEGROUP\",label_karpenter_sh_capacity_type=\"spot\"}, \"instance_type\", \"$1\", \"label_node_kubernetes_io_instance_type\", \"(.+)\")) by (instance_type) * on (instance_type) max(karpenter_cloudprovider_instance_type_price_estimate{cluster=\"$CLUSTER\",capacity_type=\"spot\"}) by (instance_type))[7d])", + "hide": false, + "instant": false, + "interval": "", + "legendFormat": "Week", + "refId": "B" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum_over_time(sum(count(label_replace(kube_node_labels_mixin{cluster=\"$CLUSTER\",label_nodegroup=\"$NODEGROUP\",label_karpenter_sh_capacity_type=\"spot\"}, \"instance_type\", \"$1\", \"label_node_kubernetes_io_instance_type\", \"(.+)\")) by (instance_type) * on (instance_type) max(karpenter_cloudprovider_instance_type_price_estimate{cluster=\"$CLUSTER\",capacity_type=\"spot\"}) by (instance_type))[30d])", + "hide": false, + "instant": false, + "interval": "", + "legendFormat": "Month", + "refId": "C" + } + ], + "title": "Spot Costs on $NODEGROUP", + "type": "bargauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "currencyUSD" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 15 + }, + "id": 53, + "interval": "1h", + "options": { + "displayMode": "gradient", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showUnfilled": true + }, + "pluginVersion": "8.4.4", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum_over_time(sum(count(label_replace(kube_node_labels_mixin{cluster=\"$CLUSTER\",label_nodegroup=\"$NODEGROUP\",label_karpenter_sh_capacity_type=\"on-demand\"}, \"instance_type\", \"$1\", \"label_node_kubernetes_io_instance_type\", \"(.+)\")) by (instance_type) * on (instance_type) max(karpenter_cloudprovider_instance_type_price_estimate{cluster=\"$CLUSTER\",capacity_type=\"on-demand\"}) by (instance_type))[1d])", + "format": "time_series", + "instant": false, + "interval": "", + "legendFormat": "Day", + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum_over_time(sum(count(label_replace(kube_node_labels_mixin{cluster=\"$CLUSTER\",label_nodegroup=\"$NODEGROUP\",label_karpenter_sh_capacity_type=\"on-demand\"}, \"instance_type\", \"$1\", \"label_node_kubernetes_io_instance_type\", \"(.+)\")) by (instance_type) * on (instance_type) max(karpenter_cloudprovider_instance_type_price_estimate{cluster=\"$CLUSTER\",capacity_type=\"on-demand\"}) by (instance_type))[7d])", + "hide": false, + "instant": false, + "interval": "", + "legendFormat": "Week", + "refId": "B" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum_over_time(sum(count(label_replace(kube_node_labels_mixin{cluster=\"$CLUSTER\",label_nodegroup=\"$NODEGROUP\",label_karpenter_sh_capacity_type=\"on-demand\"}, \"instance_type\", \"$1\", \"label_node_kubernetes_io_instance_type\", \"(.+)\")) by (instance_type) * on (instance_type) max(karpenter_cloudprovider_instance_type_price_estimate{cluster=\"$CLUSTER\",capacity_type=\"on-demand\"}) by (instance_type))[30d])", + "hide": false, + "instant": false, + "interval": "", + "legendFormat": "Month", + "refId": "C" + } + ], + "title": "On-Demand Costs on $NODEGROUP", + "type": "bargauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "currencyUSD" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 23 + }, + "id": 49, + "interval": "1h", + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "sum" + ], + "displayMode": "table", + "placement": "right", + "sortBy": "Total", + "sortDesc": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "count(label_replace(kube_node_labels_mixin{cluster=\"$CLUSTER\",label_nodegroup=\"$NODEGROUP\",label_karpenter_sh_capacity_type=\"spot\"}, \"instance_type\", \"$1\", \"label_node_kubernetes_io_instance_type\", \"(.+)\")) by (instance_type) * on (instance_type) max(karpenter_cloudprovider_instance_type_price_estimate{cluster=\"$CLUSTER\",capacity_type=\"spot\"}) by (instance_type)", + "interval": "", + "legendFormat": "{{instance_type}} / Hour", + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum(count(label_replace(kube_node_labels_mixin{cluster=\"$CLUSTER\",label_nodegroup=\"$NODEGROUP\",label_karpenter_sh_capacity_type=\"spot\"}, \"instance_type\", \"$1\", \"label_node_kubernetes_io_instance_type\", \"(.+)\")) by (instance_type) * on (instance_type) max(karpenter_cloudprovider_instance_type_price_estimate{cluster=\"$CLUSTER\",capacity_type=\"spot\"}) by (instance_type))", + "hide": false, + "interval": "", + "legendFormat": "Total Hourly Price", + "refId": "B" + } + ], + "title": "Spot Hourly Pricing for $NODEGROUP", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "currencyUSD" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 23 + }, + "id": 50, + "interval": "1h", + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "sum" + ], + "displayMode": "table", + "placement": "right" + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "count(label_replace(kube_node_labels_mixin{cluster=\"$CLUSTER\",label_nodegroup=\"$NODEGROUP\",label_karpenter_sh_capacity_type=\"on-demand\"}, \"instance_type\", \"$1\", \"label_node_kubernetes_io_instance_type\", \"(.+)\")) by (instance_type) * on (instance_type) max(karpenter_cloudprovider_instance_type_price_estimate{cluster=\"$CLUSTER\",capacity_type=\"on-demand\"}) by (instance_type)", + "interval": "", + "legendFormat": "{{instance_type}} Hourly Price", + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum(count(label_replace(kube_node_labels_mixin{cluster=\"$CLUSTER\",label_nodegroup=\"$NODEGROUP\",label_karpenter_sh_capacity_type=\"on-demand\"}, \"instance_type\", \"$1\", \"label_node_kubernetes_io_instance_type\", \"(.+)\")) by (instance_type) * on (instance_type) max(karpenter_cloudprovider_instance_type_price_estimate{cluster=\"$CLUSTER\",capacity_type=\"on-demand\"}) by (instance_type))", + "hide": false, + "interval": "", + "legendFormat": "Total Hourly Price", + "refId": "B" + } + ], + "title": "On-Demand Hourly Pricing for $NODEGROUP", + "type": "timeseries" + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 31 + }, + "id": 22, + "panels": [], + "title": "NodeGroup Capacity", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineStyle": { + "fill": "solid" + }, + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 32 + }, + "id": 19, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "min", + "max", + "sum" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "sum(increase(karpenter_nodeclaims_created{cluster=\"$CLUSTER\", nodepool=~\"$NODEPOOL\" }[1m])) by (reason)", + "interval": "", + "legendFormat": "[ADD] {{reason}}", + "range": true, + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "- sum(increase(karpenter_nodeclaims_terminated{cluster=\"$CLUSTER\", nodepool=~\"$NODEPOOL\"}[1m])) by (reason)", + "hide": false, + "interval": "", + "legendFormat": "[REM] {{reason}}", + "range": true, + "refId": "B" + } + ], + "title": "Created/Removed Nodes $NODEGROUP", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "left", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineStyle": { + "fill": "solid" + }, + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "Total Counter" + }, + "properties": [ + { + "id": "custom.axisPlacement", + "value": "right" + }, + { + "id": "unit", + "value": "none" + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 32 + }, + "id": 20, + "maxDataPoints": 9999999999, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "min", + "max" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true, + "sortBy": "Total", + "sortDesc": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "sum(increase(karpenter_nodeclaims_terminated{reason=\"interruption\", cluster=\"$CLUSTER\", nodepool=~\"$NODEPOOL\"}[1m])) by (nodepool)", + "hide": false, + "interval": "", + "legendFormat": "{{provisioner}}", + "range": true, + "refId": "B" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum(karpenter_nodeclaims_terminated{reason=\"interruption\", cluster=\"$CLUSTER\", nodepool=~\"$NODEPOOL\"})", + "hide": false, + "interval": "", + "legendFormat": "Total Counter", + "refId": "C" + } + ], + "thresholds": [ + { + "colorMode": "critical", + "op": "gt", + "value": 10, + "visible": true + } + ], + "title": "Karpenter Spot Interruptions", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 40 + }, + "id": 55, + "maxDataPoints": 9999999999, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max" + ], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum(increase(karpenter_nodeclaims_drifted{cluster=\"$CLUSTER\", nodepool=~\"$NODEPOOL\"})) by (type) > 0", + "interval": "", + "legendFormat": "{{type}}", + "refId": "A" + } + ], + "title": "Drift Tracker", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 47 + }, + "id": 15, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "min", + "max", + "mean" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true, + "sortBy": "Max", + "sortDesc": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "sum(karpenter_nodepool_usage{resource_type=\"cpu\", cluster=\"$CLUSTER\", nodepool=~\"$NODEPOOL\"}) by (nodepool)", + "interval": "", + "legendFormat": "{{nodepool}}", + "range": true, + "refId": "A" + } + ], + "title": "Current Provisioned Cores", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 47 + }, + "id": 16, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "min", + "max", + "mean" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "sum(karpenter_nodepool_usage{resource_type=\"memory\", cluster=\"$CLUSTER\", nodepool=~\"$NODEPOOL\"}) by (nodepool)", + "interval": "", + "legendFormat": "{{cluster}} {{nodepool}}", + "range": true, + "refId": "A" + } + ], + "title": "Current Provisioned Memory", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 55 + }, + "id": 57, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max" + ], + "displayMode": "table", + "placement": "right" + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum(karpenter_nodes_total_pod_requests{nodepool=~\"$NODEPOOL\",resource_type=\"cpu\"}) by (nodepool)", + "instant": false, + "interval": "", + "legendFormat": "[{{nodepool}}] Pods", + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum(karpenter_nodes_total_daemon_requests{nodepool=~\"$NODEPOOL\",resource_type=\"cpu\"}) by (nodepool)", + "hide": false, + "instant": false, + "interval": "", + "legendFormat": "[{{nodepool}}] DaemonSets", + "refId": "C" + } + ], + "title": "CPU Requests for Pods and DaemonSets", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 55 + }, + "id": 59, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max" + ], + "displayMode": "table", + "placement": "right" + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum(karpenter_nodes_total_pod_requests{nodepool=~\"$NODEPOOL\",resource_type=\"memory\"}) by (nodepool)", + "instant": false, + "interval": "", + "legendFormat": "[{{nodepool}}] Pods", + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum(karpenter_nodes_total_daemon_requests{nodepool=~\"$NODEPOOL\",resource_type=\"memory\"}) by (nodepool)", + "hide": false, + "instant": false, + "interval": "", + "legendFormat": "[{{nodepool}}] DaemonSets", + "refId": "C" + } + ], + "title": "Memory Requests for Pods and DaemonSets", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 63 + }, + "id": 35, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "mean" + ], + "displayMode": "table", + "placement": "right", + "sortBy": "Max", + "sortDesc": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "count(kube_node_labels{cluster=\"$CLUSTER\",label_nodegroup=\"$NODEGROUP\", label_karpenter_sh_capacity_type!=\"\"}) by (label_karpenter_sh_capacity_type, label_karpenter_sh_nodepool)", + "interval": "", + "legendFormat": "[{{label_karpenter_sh_capacity_type}}]{{label_karpenter_sh_nodepool }}", + "refId": "A" + } + ], + "title": "LifeCycle", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 63 + }, + "id": 30, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "mean" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "sum(karpenter_nodepool_usage{cluster=\"$CLUSTER\", nodepool=~\"$NODEPOOL\"}) by (resource_type) / sum(karpenter_nodepool_limit{cluster=\"$CLUSTER\", nodepool=~\"$NODEPOOL\"}) by (resource_type)", + "interval": "", + "legendFormat": "{{resource_type}}", + "range": true, + "refId": "A" + } + ], + "title": "NodeGroup Usage Out Of limit", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 71 + }, + "id": 45, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "mean" + ], + "displayMode": "table", + "placement": "right", + "sortBy": "Max", + "sortDesc": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "count(kube_node_labels{cluster=\"$CLUSTER\",label_nodegroup=\"$NODEGROUP\", label_karpenter_sh_capacity_type!=\"\"}) by (label_node_kubernetes_io_instance_type)", + "interval": "", + "legendFormat": "{{label_node_kubernetes_io_instance_type}}", + "refId": "A" + } + ], + "title": "Instance Types", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 71 + }, + "id": 46, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "mean" + ], + "displayMode": "table", + "placement": "right", + "sortBy": "Max", + "sortDesc": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "count(kube_node_labels{cluster=\"$CLUSTER\",label_nodegroup=\"$NODEGROUP\", label_karpenter_sh_capacity_type!=\"\"}) by (label_node_kubernetes_io_instance_type,label_karpenter_sh_capacity_type, label_topology_kubernetes_io_zone)", + "interval": "", + "legendFormat": "[{{label_topology_kubernetes_io_zone}}][{{label_karpenter_sh_capacity_type}}]{{label_node_kubernetes_io_instance_type}}", + "refId": "A" + } + ], + "title": "Instance Types, lifecycle and zone", + "type": "timeseries" + } + ], + "refresh": false, + "schemaVersion": 35, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "current": {}, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "definition": "label_values(kube_node_labels,cluster)", + "hide": 0, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "CLUSTER", + "options": [], + "query": { + "query": "label_values(kube_node_labels,cluster)", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + }, + { + "current": {}, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "definition": "label_values(kube_node_labels{cluster=\"$CLUSTER\"},label_nodegroup)", + "hide": 0, + "includeAll": false, + "label": "Node Group", + "multi": false, + "name": "NODEGROUP", + "options": [], + "query": { + "query": "label_values(kube_node_labels{cluster=\"$CLUSTER\"},label_nodegroup)", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + }, + { + "current": {}, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "definition": "label_values(kube_node_labels{cluster=\"$CLUSTER\",label_nodegroup=\"$NODEGROUP\"},label_karpenter_sh_nodepool)", + "hide": 0, + "includeAll": true, + "label": "NodePool", + "multi": true, + "name": "NODEPOOL", + "options": [], + "query": { + "query": "label_values(kube_node_labels{cluster=\"$CLUSTER\",label_nodegroup=\"$NODEGROUP\"},label_karpenter_sh_nodepool)", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "Karpenter Per Node - Export", + "uid": "5DCs2Z-Sk", + "version": 2, + "weekStart": "" +} diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/_helpers.tpl b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/_helpers.tpl new file mode 100644 index 00000000..cdbf84a2 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/_helpers.tpl @@ -0,0 +1,21 @@ +{{/*Define headroom sizes*/}} +{{- define "headroom.sizing" -}} +{{- range $key, $val := .Args }} +{{- if eq $val "small" }} +cpu: "1" +memory: "4Gi" +{{- end }} +{{- if eq $val "medium" }} +cpu: "2" +memory: "8Gi" +{{- end }} +{{- if eq $val "large" }} +cpu: "4" +memory: "16Gi" +{{- end }} +{{- if eq $val "xlarge" }} +cpu: "8" +memory: "32Gi" +{{- end }} +{{- end }} +{{- end }} diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/headroom.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/headroom.yaml new file mode 100644 index 00000000..e312dfb7 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/headroom.yaml @@ -0,0 +1,64 @@ +{{- range $k, $v := .Values.nodeGroups }} +{{- range $nhr := $v.headRoom }} +{{ $data := + dict "sv" $nhr.size +}} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: headroom-{{ $k }}-{{ $v.instances.architecture | default $.Values.instances.architecture }}-{{ $nhr.size }} + namespace: {{ $.Values.headRoomNamespace | default "karpenter" }} + labels: + k8s-app: headroom-{{ $k }}-{{ $v.instances.architecture | default $.Values.instances.architecture }}-{{ $nhr.size }} +spec: + replicas: {{ $nhr.count | default 1}} + selector: + matchLabels: + k8s-app: headroom-{{ $k }}-{{ $v.instances.architecture | default $.Values.instances.architecture }}-{{ $nhr.size }} + template: + metadata: + labels: + k8s-app: headroom-{{ $k }}-{{ $v.instances.architecture | default $.Values.instances.architecture }}-{{ $nhr.size }} + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: karpenter.sh/nodepool + operator: In + values: + - {{ $k }}-{{ $v.instances.architecture | default $.Values.instances.architecture }} + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: k8s-app + operator: In + values: + - headroom-{{ $k }}-{{ $v.instances.architecture | default $.Values.instances.architecture }}-{{ $nhr.size }} + {{- if hasKey $nhr "antiAffinitySpec" }} + {{- $nhr.antiAffinitySpec | toYaml | nindent 14 }} + {{- end }} + topologyKey: kubernetes.io/hostname + {{- if hasKey $nhr "nameSpaces" }} + namespaces: + - {{ $.Values.headRoomNamespace | default "karpenter" }} + {{- range $nhr.nameSpaces }} + - {{ . }} + {{- end }} + {{- else }} + namespaces: {} + {{- end }} + tolerations: + - operator: Exists + containers: + - name: pause + image: registry.k8s.io/pause + resources: + requests: + {{- include "headroom.sizing" (merge (dict "Args" $data) . ) | indent 12 }} + priorityClassName: karpenter-headroom +{{- end }} +{{- end }} diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/nodeclass.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/nodeclass.yaml new file mode 100644 index 00000000..33ef1d53 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/nodeclass.yaml @@ -0,0 +1,83 @@ +{{- range $k, $v := $.Values.nodeGroups }} +{{- $_ := set $ "key" $k }} +{{- $_ := set $ "value" $v }} +{{- if not (hasKey $v "nodeClassRef") }} +--- +apiVersion: karpenter.k8s.aws/{{ $.Values.ApiVersion }} +kind: EC2NodeClass +metadata: + name: "{{ $k }}-{{ $v.instances.architecture | default $.Values.instances.architecture }}" + annotations: + argocd.argoproj.io/sync-options: "SkipDryRunOnMissingResource=true" + {{- if hasKey $v "annotations" }} + {{- range $annotationName, $annotationValue := $v.annotations }} + {{ $annotationName }}: {{ $annotationValue }} + {{- end }} + {{- end }} +spec: + {{- if hasKey $v "IamRole" }} + role: {{ $v.IamRole }} + {{- else if hasKey $v "IamInstanceProfile" }} + instanceProfile: {{ $v.IamInstanceProfile }} + {{- else if hasKey $.Values "IamRole" }} + role: {{ $.Values.IamRole }} + {{- else if hasKey $.Values "IamInstanceProfile" }} + instanceProfile: {{ $.Values.IamInstanceProfile }} + {{- else }} + {{- fail "nodeClass error: Either IamRole or IamInstanceProfile must be defined" }} + {{- end }} + amiFamily: {{ $v.amiFamily | default $.Values.amiFamily }} + {{- if or (hasKey $v "amiSelectorTerms") (hasKey $.Values "amiSelectorTerms") }} + amiSelectorTerms: + {{- toYaml ($v.amiSelectorTerms | default $.Values.amiSelectorTerms) | nindent 4 }} + {{- end }} + subnetSelectorTerms: + {{- if hasKey $v "subnetSelectorTerms" }} + {{- toYaml $v.subnetSelectorTerms | nindent 4 }} + {{- else }} + {{- toYaml $.Values.subnetSelectorTerms | nindent 4 }} + {{- end }} + securityGroupSelectorTerms: + {{- if hasKey $v "securityGroupSelectorTerms" }} + {{- toYaml $v.securityGroupSelectorTerms | nindent 4 }} + {{- else }} + {{- toYaml $.Values.securityGroupSelectorTerms | nindent 4 }} + {{- end }} + tags: + cluster: {{ $.Values.clusterName }} + {{ $.Values.nodeGroupLabelName }}: {{ $v.nodeGroupLabel | default $k }} + {{- if or (hasKey $v "nodeTags") (hasKey $.Values "nodeTags") }} + {{- toYaml ($v.nodeTags | default $.Values.nodeTags) | nindent 4 }} + {{- end }} + {{- if hasKey $v "additionalNodeTags" }} + {{- toYaml $v.additionalNodeTags | nindent 4 }} + {{- end }} + managed_by: karpenter + blockDeviceMappings: + {{- if hasKey $v "blockDeviceMappings" }} + {{- toYaml $v.blockDeviceMappings | nindent 4 }} + {{- else }} + {{- toYaml $.Values.blockDeviceMappings | nindent 4 }} + {{- end }} + {{- if hasKey $v "instanceStorePolicy" }} + instanceStorePolicy: {{ $v.instanceStorePolicy }} + {{- else if hasKey $.Values "instanceStorePolicy" }} + instanceStorePolicy: {{ $.Values.instanceStorePolicy }} + {{- end }} + detailedMonitoring: {{ $v.detailedMonitoring | default $.Values.detailedMonitoring }} + associatePublicIPAddress: {{ $v.associatePublicIPAddress | default $.Values.associatePublicIPAddress }} + metadataOptions: + httpEndpoint: {{ $v.metaDataHttpEndpoint | default $.Values.metaDataHttpEndpoint }} + httpProtocolIPv6: {{ $v.metaDataHttpProtocolIPv6 | default $.Values.metaDataHttpProtocolIPv6 }} + httpPutResponseHopLimit: {{ $v.metaDataHttpPutResponseHopLimit | default $.Values.metaDataHttpPutResponseHopLimit }} + httpTokens: {{ $v.metaDataHttpTokens | default $.Values.metaDataHttpTokens }} + {{- if or (hasKey $v "userData") (hasKey $.Values "userData") }} + userData: | + {{- if hasKey $v "userData" }} + {{- tpl $v.userData $ | nindent 4 }} + {{- else if hasKey $.Values "userData" }} + {{- tpl $.Values.userData $ | nindent 4 }} + {{- end }} + {{- end}} +{{- end }} +{{- end }} diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/nodepool.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/nodepool.yaml new file mode 100644 index 00000000..b24756d0 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/nodepool.yaml @@ -0,0 +1,223 @@ +{{- range $k, $v := $.Values.nodeGroups }} +--- +apiVersion: karpenter.sh/{{ $.Values.ApiVersion }} +kind: NodePool +metadata: + name: "{{ $k }}-{{ $v.instances.architecture | default $.Values.instances.architecture }}" +spec: + template: + metadata: + labels: + {{ $.Values.nodeGroupLabelName }}: {{ $v.nodeGroupLabel | default $k }} + cluster: {{ $.Values.clusterName }} + {{- if hasKey $v "labels" }} + {{- range $labelName, $labelValue := $v.labels }} + {{ $labelName }}: {{ $labelValue }} + {{- end }} + {{- end }} + annotations: + argocd.argoproj.io/sync-options: "SkipDryRunOnMissingResource=true" + {{- if hasKey $v "annotations" }} + {{- range $annotationName, $annotationValue := $v.annotations }} + {{ $annotationName }}: {{ $annotationValue }} + {{- end }} + {{- end }} + spec: + nodeClassRef: + {{- if hasKey $v "nodeClassRef" }} + {{- $v.nodeClassRef | toYaml | nindent 8 }} + {{- else }} + name: {{ $k }}-{{ $v.instances.architecture | default $.Values.instances.architecture }} + {{- end }} + {{- if or (hasKey $v "taints") (eq ($v.autoTaint | default $.Values.autoTaint) "true") }} + taints: + {{- if eq ($v.autoTaint | default $.Values.autoTaint) "true" }} + - key: dedicated + effect: NoSchedule + value: {{ ($v.nodeGroupLabel | default $k) | replace "-" "_" }} + {{- end }} + {{- if hasKey $v "taints" }} + {{- range $v.taints }} + - key: {{ .key }} + value: {{ .value }} + effect: {{ .effect }} + {{- end }} + {{- end }} + {{- end }} + {{- if or (hasKey $v "startupTaints") ($v.cilium | default $.Values.cilium) }} + startupTaints: + {{- if hasKey $v "startupTaints" }} + {{- range $v.startupTaints }} + - key: {{ .key }} + value: {{ .value }} + effect: {{ .effect }} + {{- end }} + {{- end }} + {{- if $v.cilium | default $.Values.cilium }} + - key: node.cilium.io/agent-not-ready + value: "true" + effect: {{ $v.ciliumEffect | default $.Values.ciliumEffect }} + {{- end }} + {{- end }} + requirements: + {{- if not (hasKey $v.instances "instanceTypes") }} + - key: "karpenter.k8s.aws/instance-category" + operator: In + values: + {{- range $v.instances.categories | default $.Values.instances.categories }} + - {{ . }} + {{- end }} + - key: "karpenter.k8s.aws/instance-cpu" + operator: In + values: + {{- range $v.instances.cores | default $.Values.instances.cores }} + - {{ . | quote }} + {{- end }} + - key: karpenter.k8s.aws/instance-generation + operator: Gt + values: + - {{ sub ($v.instances.minGeneration | default $.Values.instances.minGeneration) 1 | quote }} + {{- end }} + - key: "kubernetes.io/arch" + operator: In + values: + {{- if eq ($v.instances.architecture | default $.Values.instances.architecture) "multiarch" }} + - amd64 + - arm64 + {{- else }} + - {{ $v.instances.architecture | default $.Values.instances.architecture }} + {{- end }} + - key: "karpenter.sh/capacity-type" + operator: In + values: + {{- range $v.instances.capacityType | default $.Values.instances.capacityType }} + - {{ . }} + {{- end }} + - key: kubernetes.io/os + operator: In + values: + {{- range $v.instances.operatingSystems | default $.Values.instances.operatingSystems }} + - {{ . }} + {{- end }} + {{- if or (hasKey $.Values "excludeFamilies") (hasKey $v "excludeFamilies") }} + - key: "karpenter.k8s.aws/instance-family" + operator: NotIn + values: + {{- if hasKey $v "excludeFamilies" }} + {{- range $v.excludeFamilies }} + - {{ . }} + {{- end }} + {{- else }} + {{- range $.Values.excludeFamilies }} + - {{ . }} + {{- end }} + {{- end }} + {{- end }} + {{- if or (hasKey $.Values "excludeInstanceSize") (hasKey $v "excludeInstanceSize") }} + - key: "karpenter.k8s.aws/instance-size" + operator: NotIn + values: + {{- if hasKey $v "excludeInstanceSize" }} + {{- range $v .excludeInstanceSize }} + - {{ . }} + {{- end }} + {{- else }} + {{- range $.Values.excludeInstanceSize }} + - {{ . }} + {{- end }} + {{- end }} + {{- end }} + {{- if hasKey $v "capacitySpread" }} + - key: capacity-spread + operator: In + values: + {{- range untilStep (int $v.capacitySpread.start) (int (add1 $v.capacitySpread.end)) 1 }} + - "{{ . }}" + {{- end }} + {{- end }} + {{- if hasKey $v.instances "instanceTypes" }} + - key: node.kubernetes.io/instance-type + operator: In + values: + {{- range $v.instances.instanceTypes }} + - {{ . -}} + {{- end }} + {{- end }} + {{- if or (hasKey $.Values "additionalRequirements") (hasKey $v "additionalRequirements") }} + {{- toYaml ($v.additionalRequirements | default $.Values.additionalRequirements) | nindent 8 }} + {{- end }} + kubelet: + {{- if or (hasKey $v "kubeletClusterDNS") (hasKey $.Values "kubeletClusterDNS") }} + clusterDNS: + {{- if hasKey $v "kubeletClusterDNS" }} + {{- range $v.kubeletClusterDNS }} + - {{ . }} + {{- end }} + {{- else }} + {{- range $.Values.kubeletClusterDNS }} + - {{ . }} + {{- end }} + {{- end }} + {{- end }} + systemReserved: + cpu: {{ $v.kubeletSystemReservedCpu | default $.Values.kubeletSystemReservedCpu }} + memory: {{ $v.kubeletSystemReservedMemory | default $.Values.kubeletSystemReservedMemory }} + ephemeral-storage: {{ $v.kubeletSystemReservedEphemeralStorage | default $.Values.kubeletSystemReservedEphemeralStorage }} + kubeReserved: + cpu: {{ $v.kubeletKubeReservedCpu | default $.Values.kubeletKubeReservedCpu }} + memory: {{ $v.kubeletKubeReservedMemory | default $.Values.kubeletKubeReservedMemory }} + ephemeral-storage: {{ $v.kubeletKubeReservedEphemeralStorage | default $.Values.kubeletKubeReservedEphemeralStorage }} + evictionHard: + memory.available: {{ $v.kubeletEvictionHardMemoryAvailable | default $.Values.kubeletEvictionHardMemoryAvailable }} + nodefs.available: {{ $v.kubeletEvictionHardNodefsAvailable | default $.Values.kubeletEvictionHardNodefsAvailable }} + nodefs.inodesFree: {{ $v.kubeletEvictionHardNodefsInodesFree | default $.Values.kubeletEvictionHardNodefsInodesFree }} + evictionSoft: + memory.available: {{ $v.kubeletEvictionSoftMemoryAvailable | default $.Values.kubeletEvictionSoftMemoryAvailable }} + nodefs.available: {{ $v.kubeletEvictionSoftNodefsAvailable | default $.Values.kubeletEvictionSoftNodefsAvailable }} + nodefs.inodesFree: {{ $v.kubeletEvictionSoftNodefsInodesFree | default $.Values.kubeletEvictionSoftNodefsInodesFree }} + imagefs.available: {{ $v.kubeletEvictionSoftImagefsAvailable | default $.Values.kubeletEvictionSoftImagefsAvailable }} + imagefs.inodesFree: {{ $v.kubeletEvictionSoftImagefsInodesFree | default $.Values.kubeletEvictionSoftImagefsInodesFree }} + pid.available: {{ $v.kubeletEvictionSoftPidAvailable | default $.Values.kubeletEvictionSoftPidAvailable }} + evictionSoftGracePeriod: + imagefs.available: {{ $v.kubeletEvictionSoftGracePeriodImagefsAvailable | default $.Values.kubeletEvictionSoftGracePeriodImagefsAvailable }} + imagefs.inodesFree: {{ $v.kubeletEvictionSoftGracePeriodImagefsInodesFree | default $.Values.kubeletEvictionSoftGracePeriodImagefsInodesFree }} + memory.available: {{ $v.kubeletEvictionSoftGracePeriodMemoryAvailable | default $.Values.kubeletEvictionSoftGracePeriodMemoryAvailable }} + nodefs.available: {{ $v.kubeletEvictionSoftGracePeriodNodefsAvailable | default $.Values.kubeletEvictionSoftGracePeriodNodefsAvailable }} + nodefs.inodesFree: {{ $v.kubeletEvictionSoftGracePeriodNodefsInodesFree | default $.Values.kubeletEvictionSoftGracePeriodNodefsInodesFree }} + pid.available: {{ $v.kubeletEvictionSoftGracePeriodPidAvailable | default $.Values.kubeletEvictionSoftGracePeriodPidAvailable }} + {{- if or (hasKey $v "kubeletImageGCHighThresholdPercent") (hasKey $.Values "kubeletImageGCHighThresholdPercent") }} + imageGCHighThresholdPercent: {{ $v.kubeletImageGCHighThresholdPercent | default $.Values.kubeletImageGCHighThresholdPercent }} + {{- end }} + {{- if or (hasKey $v "kubeletImageGCLowThresholdPercent") (hasKey $.Values "kubeletImageGCLowThresholdPercent") }} + imageGCLowThresholdPercent: {{ $v.kubeletImageGCLowThresholdPercent | default $.Values.kubeletImageGCLowThresholdPercent }} + {{- end }} + {{- if or (hasKey $v "kubeletImageMinimumGCAge") (hasKey $.Values "kubeletImageMinimumGCAge") }} + imageMinimumGCAge: {{ $v.kubeletImageMinimumGCAge | default $.Values.kubeletImageMinimumGCAge }} + {{- end }} + {{- if or (hasKey $v "kubeletCpuCFSQuota") (hasKey $.Values "kubeletCpuCFSQuota") }} + cpuCFSQuota: {{ $v.kubeletCpuCFSQuota | default $.Values.kubeletCpuCFSQuota }} + {{- end }} + {{- if or (hasKey $v "kubeletPodsPerCore") (hasKey $.Values "kubeletPodsPerCore") }} + podsPerCore: {{ $v.kubeletPodsPerCore | default $.Values.kubeletPodsPerCore }} + {{- end }} + {{- if or (hasKey $v "kubeletMaxPods") (hasKey $.Values "kubeletMaxPods") }} + maxPods: {{ $v.kubeletMaxPods | default $.Values.kubeletMaxPods }} + {{- end }} + disruption: + expireAfter: {{ $v.expireAfter | default $.Values.expireAfter }} + consolidationPolicy: {{$v.consolidationPolicy | default $.Values.consolidationPolicy}} + {{- if eq ($v.consolidationPolicy | default $.Values.consolidationPolicy) "WhenEmpty" }} + consolidateAfter: {{ $v.consolidateAfter | default $.Values.consolidateAfter }} + {{- end }} + {{- if $v.budgets }} + budgets: + {{- toYaml $v.budgets | nindent 6 }} + {{- end }} + {{- if hasKey $v "limits" }} + limits: + {{- range $limitName, $limitValue := $v.limits }} + {{ $limitName }}: {{ $limitValue }} + {{- end }} + {{- end }} + weight: {{ $v.weight | default $.Values.weight }} +{{- end }} diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/priorityclass.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/priorityclass.yaml new file mode 100644 index 00000000..f3b75b7c --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/templates/priorityclass.yaml @@ -0,0 +1,9 @@ +{{- if .Values.headRoom -}} +apiVersion: scheduling.k8s.io/v1 +kind: PriorityClass +metadata: + name: karpenter-headroom +value: -1000000 +globalDefault: false +description: "Used for dummy pods to generate headroom in karpenter" +{{- end -}} diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/headroom_nodes_default_test.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/headroom_nodes_default_test.yaml new file mode 100644 index 00000000..134bb3fd --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/headroom_nodes_default_test.yaml @@ -0,0 +1,55 @@ +suite: test headroom nodes-default +templates: + - headroom.yaml + +values: + - values.yaml + +tests: + - it: Verify nodes-default metadata + documentIndex: 0 + asserts: + - isKind: + of: Deployment + - equal: + path: metadata.name + value: headroom-nodes-default-amd64-small + - equal: + path: metadata.labels.k8s-app + value: headroom-nodes-default-amd64-small + + - it: Verify nodes-default affinity + documentIndex: 0 + asserts: + - equal: + path: spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].key + value: karpenter.sh/nodepool + - equal: + path: spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].operator + value: In + - equal: + path: spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[0] + value: nodes-default-amd64 + - equal: + path: spec.template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].labelSelector.matchExpressions[0].key + value: k8s-app + - equal: + path: spec.template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].labelSelector.matchExpressions[0].operator + value: In + - equal: + path: spec.template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].labelSelector.matchExpressions[0].values[0] + value: headroom-nodes-default-amd64-small + - equal: + path: spec.template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].namespaces + value: {} + + - it: Verify nodes-default Requests + documentIndex: 0 + asserts: + - equal: + path: spec.template.spec.containers[0].resources.requests.cpu + value: "1" + - equal: + path: spec.template.spec.containers[0].resources.requests.memory + value: 4Gi + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/headroom_nodes_workers_test.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/headroom_nodes_workers_test.yaml new file mode 100644 index 00000000..bea2ff0c --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/headroom_nodes_workers_test.yaml @@ -0,0 +1,73 @@ +suite: test headroom nodes-workers +templates: + - headroom.yaml + +values: + - values.yaml + +tests: + - it: Verify nodes-workers metadata + documentIndex: 1 + asserts: + - isKind: + of: Deployment + - equal: + path: metadata.name + value: headroom-nodes-workers-arm64-xlarge + - equal: + path: metadata.labels.k8s-app + value: headroom-nodes-workers-arm64-xlarge + + - it: Verify nodes-workers affinity + documentIndex: 1 + asserts: + - equal: + path: spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].key + value: karpenter.sh/nodepool + - equal: + path: spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].operator + value: In + - equal: + path: spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[0] + value: nodes-workers-arm64 + - equal: + path: spec.template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].labelSelector.matchExpressions[0].key + value: k8s-app + - equal: + path: spec.template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].labelSelector.matchExpressions[0].operator + value: In + - equal: + path: spec.template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].labelSelector.matchExpressions[0].values[0] + value: headroom-nodes-workers-arm64-xlarge + - equal: + path: spec.template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].labelSelector.matchExpressions[1].key + value: testlabel2 + - equal: + path: spec.template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].labelSelector.matchExpressions[1].operator + value: In + - equal: + path: spec.template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].labelSelector.matchExpressions[1].values[0] + value: value1 + - equal: + path: spec.template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].labelSelector.matchExpressions[1].values[1] + value: value2 + - equal: + path: spec.template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].namespaces[0] + value: karpenter + - equal: + path: spec.template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].namespaces[1] + value: default + - equal: + path: spec.template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].namespaces[2] + value: kube-system + + - it: Verify nodes-workers Requests + documentIndex: 1 + asserts: + - equal: + path: spec.template.spec.containers[0].resources.requests.cpu + value: "8" + - equal: + path: spec.template.spec.containers[0].resources.requests.memory + value: 32Gi + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/nodeclass_test.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/nodeclass_test.yaml new file mode 100644 index 00000000..3c0a0e92 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/nodeclass_test.yaml @@ -0,0 +1,148 @@ +suite: test nodeclasses +templates: + - nodeclass.yaml +values: + - values.yaml +tests: + - it: should only render 2 nodeclasses + asserts: + - hasDocuments: + count: 2 + - it: Verify nodes-default + documentIndex: 0 + asserts: + - isKind: + of: EC2NodeClass + - equal: + path: metadata.name + value: nodes-default-amd64 + - equal: + path: spec.role + value: eks_nodes_role + - isNull: + path: spec.instanceProfile + - equal: + path: spec.amiFamily + value: AL2 + - equal: + path: spec.subnetSelectorTerms[0].tags.Name + value: eks-subnet-1 + - equal: + path: spec.securityGroupSelectorTerms[1].tags.Name + value: my-security-group-2 + - equal: + path: spec.tags.nodegroup + value: nodes-default + - equal: + path: spec.tags.component + value: eks-karpenter-nodes + - equal: + path: spec.tags.cluster + value: eks-dev + - equal: + path: spec.blockDeviceMappings[0].deviceName + value: /dev/xvda + - equal: + path: spec.blockDeviceMappings[0].ebs.volumeSize + value: 100Gi + - isNull: + path: spec.instanceStorePolicy + - equal: + path: spec.metadataOptions.httpTokens + value: required + - equal: + path: spec.metadataOptions.httpEndpoint + value: enabled + - equal: + path: spec.metadataOptions.httpProtocolIPv6 + value: disabled + - equal: + path: spec.metadataOptions.httpPutResponseHopLimit + value: 2 + - equal: + path: spec.detailedMonitoring + value: false + - equal: + path: spec.associatePublicIPAddress + value: false + + + - it: Verify nodes-workers + documentIndex: 1 + asserts: + - isKind: + of: EC2NodeClass + - equal: + path: metadata.name + value: nodes-workers-arm64 + - isNull: + path: spec.role + - equal: + path: spec.instanceProfile + value: arn:aws:blablablabla + - equal: + path: spec.amiFamily + value: BottleRocket + - equal: + path: spec.amiSelectorTerms[0].tags.environment + value: test + - equal: + path: spec.amiSelectorTerms[1].name + value: my-ami + - equal: + path: spec.amiSelectorTerms[2].id + value: ami-123 + - equal: + path: spec.subnetSelectorTerms[0].tags.Name + value: eks-subnet-workers-1 + - equal: + path: spec.securityGroupSelectorTerms[1].tags.Name + value: my-security-group-workers-2 + - equal: + path: spec.tags.nodegroup + value: nodes-workers + - equal: + path: spec.tags.component + value: eks-karpenter-nodes + - equal: + path: spec.tags.cluster + value: eks-dev + - equal: + path: spec.tags.testtag1 + value: tag1 + - equal: + path: spec.tags.testtag2 + value: tag2 + - equal: + path: spec.blockDeviceMappings[0].deviceName + value: /dev/xvda + - equal: + path: spec.blockDeviceMappings[0].ebs.volumeSize + value: 150Gi + - equal: + path: spec.instanceStorePolicy + value: test + - equal: + path: spec.metadataOptions.httpTokens + value: required + - equal: + path: spec.metadataOptions.httpEndpoint + value: enabled + - equal: + path: spec.metadataOptions.httpProtocolIPv6 + value: disabled + - equal: + path: spec.metadataOptions.httpPutResponseHopLimit + value: 2 + - equal: + path: spec.userData + value: | + echo "Nodepool name is nodes-workers" + - equal: + path: spec.detailedMonitoring + value: true + - equal: + path: spec.associatePublicIPAddress + value: true + + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/nodepool_nodes_default_test.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/nodepool_nodes_default_test.yaml new file mode 100644 index 00000000..473ef5f7 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/nodepool_nodes_default_test.yaml @@ -0,0 +1,158 @@ +suite: test nodepool - nodes-default +templates: + - nodepool.yaml +values: + - values.yaml + +tests: + - it: Verify nodes-default metadata + documentIndex: 0 + asserts: + - isKind: + of: NodePool + - equal: + path: metadata.name + value: nodes-default-amd64 + - equal: + path: spec.template.metadata.labels.cluster + value: eks-dev + - equal: + path: spec.template.metadata.labels.nodegroup + value: nodes-default + - equal: + path: spec.template.metadata.labels.testlabel1 + value: label1 + - equal: + path: spec.template.metadata.labels.testlabel2 + value: label2 + - equal: + path: spec.template.spec.nodeClassRef.name + value: nodes-default-amd64 + - equal: + path: spec.template.spec.taints[0].key + value: testtaint1 + - equal: + path: spec.template.spec.taints[0].value + value: taint1 + - equal: + path: spec.template.spec.taints[0].effect + value: NoSchedule + - equal: + path: spec.template.spec.taints[1].key + value: testtaint2 + - equal: + path: spec.template.spec.taints[1].value + value: taint2 + - equal: + path: spec.template.spec.taints[1].effect + value: NoSchedule + + + - it: Verify nodes-default requirements + documentIndex: 0 + asserts: + - equal: + path: spec.template.spec.requirements[0].key + value: "karpenter.k8s.aws/instance-category" + - notContains: + path: spec.template.spec.requirements[0].values + content: t + - equal: + path: spec.template.spec.requirements[0].values[0] + value: m + - equal: + path: spec.template.spec.requirements[0].values[2] + value: c + - equal: + path: spec.template.spec.requirements[1].key + value: "karpenter.k8s.aws/instance-cpu" + - equal: + path: spec.template.spec.requirements[1].values[0] + value: "4" + - equal: + path: spec.template.spec.requirements[1].values[2] + value: "16" + - equal: + path: spec.template.spec.requirements[2].key + value: "karpenter.k8s.aws/instance-generation" + - equal: + path: spec.template.spec.requirements[2].operator + value: "Gt" + - equal: + path: spec.template.spec.requirements[2].values[0] + value: "6" + - equal: + path: spec.template.spec.requirements[3].key + value: "topology.kubernetes.io/zone" + - equal: + path: spec.template.spec.requirements[3].values[0] + value: "eu-west-1a" + - equal: + path: spec.template.spec.requirements[3].values[2] + value: "eu-west-1c" + - equal: + path: spec.template.spec.requirements[4].key + value: "kubernetes.io/arch" + - equal: + path: spec.template.spec.requirements[4].values[0] + value: "amd64" + - equal: + path: spec.template.spec.requirements[5].key + value: "karpenter.sh/capacity-type" + - equal: + path: spec.template.spec.requirements[5].values[0] + value: "spot" + - equal: + path: spec.template.spec.requirements[5].values[1] + value: "on-demand" + - equal: + path: spec.template.spec.requirements[6].key + value: "kubernetes.io/os" + - equal: + path: spec.template.spec.requirements[6].values[0] + value: "linux" + - equal: + path: spec.template.spec.requirements[7].key + value: "karpenter.k8s.aws/instance-family" + - equal: + path: spec.template.spec.requirements[7].values[0] + value: "c6a" + - equal: + path: spec.template.spec.requirements[8].key + value: "karpenter.k8s.aws/instance-size" + - equal: + path: spec.template.spec.requirements[8].operator + value: NotIn + - equal: + path: spec.template.spec.requirements[8].values[0] + value: metal + + - it: Verify nodes-default kubelet + documentIndex: 0 + asserts: + - equal: + path: spec.template.spec.kubelet.systemReserved.cpu + value: 250m + - equal: + path: spec.template.spec.kubelet.kubeReserved.ephemeral-storage + value: 4Gi + + - it: Verify nodes-default Options + documentIndex: 0 + asserts: + - equal: + path: spec.disruption.expireAfter + value: 720h + - equal: + path: spec.disruption.consolidationPolicy + value: WhenUnderutilized + - isNull: + path: spec.disruption.consolidateAfter + - isNull: + path: spec.disruption.budgets + - isNull: + path: spec.limits + - equal: + path: spec.weight + value: 1 + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/nodepool_nodes_explicittypes_test.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/nodepool_nodes_explicittypes_test.yaml new file mode 100644 index 00000000..565e6dba --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/nodepool_nodes_explicittypes_test.yaml @@ -0,0 +1,63 @@ +suite: test nodepool - nodes-explicittypes +templates: + - nodepool.yaml +values: + - values.yaml + +tests: + - it: Verify nodes-explicittypes metadata + documentIndex: 1 + asserts: + - isKind: + of: NodePool + - equal: + path: metadata.name + value: nodes-explicittypes-amd64 + - equal: + path: spec.template.metadata.labels.cluster + value: eks-dev + - equal: + path: spec.template.metadata.labels.nodegroup + value: nodes-explicittypes + - equal: + path: spec.template.spec.nodeClassRef.name + value: default + + - it: Verify nodes-explicittypes requirements + documentIndex: 1 + asserts: + - equal: + path: spec.template.spec.requirements[0].key + value: "topology.kubernetes.io/zone" + - equal: + path: spec.template.spec.requirements[1].key + value: "kubernetes.io/arch" + - equal: + path: spec.template.spec.requirements[2].key + value: "karpenter.sh/capacity-type" + - equal: + path: spec.template.spec.requirements[3].key + value: "kubernetes.io/os" + - equal: + path: spec.template.spec.requirements[4].key + value: "karpenter.k8s.aws/instance-size" + - equal: + path: spec.template.spec.requirements[5].key + value: "node.kubernetes.io/instance-type" + - equal: + path: spec.template.spec.requirements[5].values[0] + value: t3a.large + - equal: + path: spec.template.spec.requirements[5].values[1] + value: t3a.xlarge + - isNull: + path: spec.template.spec.requirements[6] + - equal: + path: spec.template.spec.startupTaints[0].key + value: "node.cilium.io/agent-not-ready" + - equal: + path: spec.template.spec.startupTaints[0].value + value: "true" + - equal: + path: spec.template.spec.startupTaints[0].effect + value: NoExecute diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/nodepool_nodes_noclass_test.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/nodepool_nodes_noclass_test.yaml new file mode 100644 index 00000000..798230d8 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/nodepool_nodes_noclass_test.yaml @@ -0,0 +1,97 @@ +suite: test nodepool - nodes-noclass +templates: + - nodepool.yaml +values: + - values.yaml + +tests: + - it: Verify nodes-noclass metadata + documentIndex: 2 + asserts: + - isKind: + of: NodePool + - equal: + path: metadata.name + value: nodes-noclass-amd64 + - equal: + path: spec.template.metadata.labels.cluster + value: eks-dev + - equal: + path: spec.template.metadata.labels.nodegroup + value: nodes-noclass + - equal: + path: spec.template.spec.nodeClassRef.name + value: default + + - it: Verify nodes-noclass requirements + documentIndex: 2 + asserts: + - equal: + path: spec.template.spec.requirements[0].key + value: "karpenter.k8s.aws/instance-category" + - notContains: + path: spec.template.spec.requirements[0].values + content: t + - equal: + path: spec.template.spec.requirements[0].values[0] + value: m + - equal: + path: spec.template.spec.requirements[0].values[2] + value: c + - equal: + path: spec.template.spec.requirements[1].key + value: "karpenter.k8s.aws/instance-cpu" + - equal: + path: spec.template.spec.requirements[1].values[0] + value: "4" + - equal: + path: spec.template.spec.requirements[1].values[2] + value: "16" + - equal: + path: spec.template.spec.requirements[2].key + value: "karpenter.k8s.aws/instance-generation" + - equal: + path: spec.template.spec.requirements[2].operator + value: "Gt" + - equal: + path: spec.template.spec.requirements[2].values[0] + value: "4" + - equal: + path: spec.template.spec.requirements[3].key + value: "topology.kubernetes.io/zone" + - equal: + path: spec.template.spec.requirements[3].values[0] + value: "eu-west-1a" + - equal: + path: spec.template.spec.requirements[3].values[2] + value: "eu-west-1c" + - equal: + path: spec.template.spec.requirements[4].key + value: "kubernetes.io/arch" + - equal: + path: spec.template.spec.requirements[4].values[0] + value: "amd64" + - equal: + path: spec.template.spec.requirements[5].key + value: "karpenter.sh/capacity-type" + - equal: + path: spec.template.spec.requirements[5].values[0] + value: "spot" + - equal: + path: spec.template.spec.requirements[5].values[1] + value: "on-demand" + - equal: + path: spec.template.spec.requirements[6].key + value: "kubernetes.io/os" + - equal: + path: spec.template.spec.requirements[6].values[0] + value: "linux" + - equal: + path: spec.template.spec.startupTaints[0].key + value: "node.cilium.io/agent-not-ready" + - equal: + path: spec.template.spec.startupTaints[0].value + value: "true" + - equal: + path: spec.template.spec.startupTaints[0].effect + value: NoSchedule diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/nodepool_nodes_workers_test.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/nodepool_nodes_workers_test.yaml new file mode 100644 index 00000000..33f897dd --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/nodepool_nodes_workers_test.yaml @@ -0,0 +1,211 @@ +suite: test nodepool - nodes-workers +templates: + - nodepool.yaml +values: + - values.yaml + +tests: + - it: Verify nodes-workers metadata + documentIndex: 3 + asserts: + - isKind: + of: NodePool + - equal: + path: metadata.name + value: nodes-workers-arm64 + - equal: + path: spec.template.metadata.labels.cluster + value: eks-dev + - equal: + path: spec.template.metadata.labels.nodegroup + value: nodes-workers + - isNull: + path: spec.template.metadata.labels.testlabel1 + - equal: + path: spec.template.metadata.annotations.testannotation1 + value: annotation1 + - equal: + path: spec.template.metadata.annotations.testannotation2 + value: annotation2 + - equal: + path: spec.template.spec.nodeClassRef.name + value: nodes-workers-arm64 + - equal: + path: spec.template.spec.startupTaints[0].key + value: testtaint1 + - equal: + path: spec.template.spec.startupTaints[0].value + value: taint1 + - equal: + path: spec.template.spec.startupTaints[0].effect + value: NoSchedule + - equal: + path: spec.template.spec.startupTaints[1].key + value: testtaint2 + - equal: + path: spec.template.spec.startupTaints[1].value + value: taint2 + - equal: + path: spec.template.spec.startupTaints[1].effect + value: NoSchedule + - equal: + path: spec.template.spec.taints[0].key + value: dedicated + - equal: + path: spec.template.spec.taints[0].value + value: nodes_workers + - equal: + path: spec.template.spec.taints[0].effect + value: NoSchedule + + - it: Verify nodes-workers requirements + documentIndex: 3 + asserts: + - equal: + path: spec.template.spec.requirements[0].key + value: "karpenter.k8s.aws/instance-category" + - notContains: + path: spec.template.spec.requirements[0].values + content: m + - equal: + path: spec.template.spec.requirements[0].values[0] + value: t + - equal: + path: spec.template.spec.requirements[0].values[1] + value: x + - equal: + path: spec.template.spec.requirements[1].key + value: "karpenter.k8s.aws/instance-cpu" + - equal: + path: spec.template.spec.requirements[1].values[0] + value: "2" + - equal: + path: spec.template.spec.requirements[1].values[1] + value: "6" + - equal: + path: spec.template.spec.requirements[2].key + value: "karpenter.k8s.aws/instance-generation" + - equal: + path: spec.template.spec.requirements[2].operator + value: "Gt" + - equal: + path: spec.template.spec.requirements[2].values[0] + value: "4" + - equal: + path: spec.template.spec.requirements[3].key + value: "topology.kubernetes.io/zone" + - equal: + path: spec.template.spec.requirements[3].values[0] + value: "eu-west-1g" + - equal: + path: spec.template.spec.requirements[4].key + value: "kubernetes.io/arch" + - equal: + path: spec.template.spec.requirements[4].values[0] + value: "arm64" + - equal: + path: spec.template.spec.requirements[5].key + value: "karpenter.sh/capacity-type" + - equal: + path: spec.template.spec.requirements[5].values[0] + value: "on-demand" + - equal: + path: spec.template.spec.requirements[6].key + value: "kubernetes.io/os" + - equal: + path: spec.template.spec.requirements[6].values[0] + value: "linux" + - equal: + path: spec.template.spec.requirements[7].key + value: "karpenter.k8s.aws/instance-family" + - equal: + path: spec.template.spec.requirements[7].operator + value: "NotIn" + - equal: + path: spec.template.spec.requirements[7].values[0] + value: "m6a" + - equal: + path: spec.template.spec.requirements[8].key + value: "karpenter.k8s.aws/instance-size" + - equal: + path: spec.template.spec.requirements[8].operator + value: NotIn + - equal: + path: spec.template.spec.requirements[8].values[0] + value: metal + - equal: + path: spec.template.spec.requirements[9].key + value: "capacity-spread" + - equal: + path: spec.template.spec.requirements[9].values[0] + value: "1" + - equal: + path: spec.template.spec.requirements[9].values[4] + value: "5" + # additional requirements + - equal: + path: spec.template.spec.requirements[10].key + value: "karpenter.k8s.aws/instance-local-nvme" + - equal: + path: spec.template.spec.requirements[10].operator + value: "Exists" + - equal: + path: spec.template.spec.requirements[11].key + value: "karpenter.k8s.aws/other" + - equal: + path: spec.template.spec.requirements[11].operator + value: "In" + - equal: + path: spec.template.spec.requirements[11].values[1] + value: "value2" + + + - it: Verify nodes-workers kubelet + documentIndex: 3 + asserts: + - equal: + path: spec.template.spec.kubelet.systemReserved.cpu + value: 750m + - equal: + path: spec.template.spec.kubelet.kubeReserved.ephemeral-storage + value: 4Gi + - equal: + path: spec.template.spec.kubelet.clusterDNS[0] + value: "1.1.1.1" + - equal: + path: spec.template.spec.kubelet.clusterDNS[1] + value: "2.2.2.2" + + - it: Verify nodes-workers Options + documentIndex: 3 + asserts: + - equal: + path: spec.disruption.expireAfter + value: 720h + - equal: + path: spec.disruption.consolidationPolicy + value: WhenEmpty + - equal: + path: spec.disruption.consolidateAfter + value: 10m + - equal: + path: spec.disruption.budgets[0].nodes + value: "5" + - equal: + path: spec.disruption.budgets[1].nodes + value: "0" + - equal: + path: spec.disruption.budgets[1].schedule + value: "@daily" + - equal: + path: spec.disruption.budgets[1].duration + value: "10m" + - equal: + path: spec.limits.cpu + value: 100 + - equal: + path: spec.limits.memory + value: "384Gi" + - equal: + path: spec.weight + value: 3 diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/priorityclass_test.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/priorityclass_test.yaml new file mode 100644 index 00000000..e99f836e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/priorityclass_test.yaml @@ -0,0 +1,21 @@ +suite: test priorityclass +templates: + - priorityclass.yaml + +values: + - values.yaml +tests: + - it: Verify priorityclass + documentIndex: 0 + asserts: + - isKind: + of: PriorityClass + - equal: + path: metadata.name + value: karpenter-headroom + - equal: + path: value + value: -1000000 + - equal: + path: globalDefault + value: false diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/values.yaml new file mode 100644 index 00000000..2382c102 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/tests/values.yaml @@ -0,0 +1,168 @@ +#Nodegroups and customizeable overwrites +nodeGroups: + nodes-default: + instances: + minGeneration: 7 + budget: + - nodes: "2" + headRoom: + - size: small + count: 2 + labels: + testlabel1: label1 + testlabel2: label2 + taints: + - key: testtaint1 + effect: NoSchedule + value: taint1 + - key: testtaint2 + effect: NoSchedule + value: taint2 + excludeFamilies: + - c6a + + nodes-noclass: + instances: {} + nodeClassRef: + name: default + cilium: true + ciliumEffect: "NoSchedule" + + nodes-workers: + additionalNodeTags: + testtag1: tag1 + testtag2: tag2 + annotations: + testannotation1: annotation1 + testannotation2: annotation2 + weight: 3 + amiFamily: BottleRocket + consolidationPolicy: "WhenEmpty" + consolidateAfter: "10m" + blockDeviceMappings: + - deviceName: /dev/xvda + ebs: + volumeSize: 150Gi + volumeType: gp3 + encrypted: false + deleteOnTermination: true + iops: 3000 + throughput: 125 + IamInstanceProfile: "arn:aws:blablablabla" + detailedMonitoring: true + associatePublicIPAddress: true + excludeFamilies: + - m6a + headRoom: + - size: xlarge + count: 4 + antiAffinitySpec: + - key: testlabel2 + operator: In + values: + - value1 + - value2 + nameSpaces: + - default + - kube-system + additionalRequirements: + - key: "karpenter.k8s.aws/instance-local-nvme" + operator: "Exists" + - key: "karpenter.k8s.aws/other" + operator: "In" + values: + - "value1" + - "value2" + budgets: + - nodes: "5" + - nodes: "0" + schedule: "@daily" + duration: 10m + amiSelectorTerms: + - tags: + environment: test + - name: my-ami + - id: ami-123 + instances: + architecture: "arm64" + minGeneration: 5 + categories: + - t + - x + cores: + - "2" + - "6" + capacityType: + - on-demand + subnetSelectorTerms: + - tags: + Name: "eks-subnet-workers-1" + - tags: + Name: "eks-subnet-workers-2" + - tags: + Name: "eks-subnet-workers-3" + securityGroupSelectorTerms: + - tags: + Name: "my-security-group-workers-1" + - tags: + Name: "my-security-group-workers-2" + - tags: + Name: "my-security-group-workers-3" + availabilityZones: + - eu-west-1g + instanceStorePolicy: "test" + kubeletSystemReservedCpu: 750m + kubeletClusterDNS: + - "1.1.1.1" + - "2.2.2.2" + userData: | + echo "Nodepool name is {{ default .key }}" + capacitySpread: + start: 1 + end: 5 + limits: + cpu: "100" + memory: "384Gi" + startupTaints: + - key: testtaint1 + effect: NoSchedule + value: taint1 + - key: testtaint2 + effect: NoSchedule + value: taint2 + autoTaint: "true" + + nodes-explicittypes: + instances: + instanceTypes: + - t3a.large + - t3a.xlarge + nodeClassRef: + name: default + cilium: true + +#Default cluster Settings +clusterName: "eks-dev" +subnetSelectorTerms: +- tags: + Name: "eks-subnet-1" +- tags: + Name: "eks-subnet-2" +- tags: + Name: "eks-subnet-3" + +securityGroupSelectorTerms: +- tags: + Name: "my-security-group-1" +- tags: + Name: "my-security-group-2" +- tags: + Name: "my-security-group-3" + +availabilityZones: +- eu-west-1a +- eu-west-1b +- eu-west-1c + +excludeInstanceSize: +- metal diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/values.yaml new file mode 100644 index 00000000..5cf3695e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter/values.yaml @@ -0,0 +1,145 @@ + ## Global Configuration + + # Karpenter API Version in CRD +ApiVersion: v1beta1 + + # Nodes Configuration +clusterName: "eks-cluster" # My Cluster Name +amiFamily: AL2 # Bottlerocket #AL2023, Can be overridden by amiSelectorTerms +IamRole: eks_nodes_role + +subnetSelectorTerms: [] + # - tags: + # cluster: eks-cluster + # karpenter.sh/discovery/eks-cluster: '*' + # - id: subnet-id + ## Reusing same Tag Name + # - tags: + # Name: "eks-subnet-1" + # - tags: + # Name: "eks-subnet-2" + +securityGroupSelectorTerms: [] + # - tags: + # cluster: eks-cluster + # karpenter.sh/discovery/eks-cluster: '*' + # - name: my-security-group + # - id: sg-063d7acfb4b06c82c + ## Reusing same Tag Name + # - tags: + # Name: "my-security-group-1" + # - tags: + # Name: "my-security-group-2" + +nodeGroupLabelName: nodegroup + +nodeTags: + team: devops + component: eks-karpenter-nodes + +availabilityZones: [] + + # MetaData Options +metaDataHttpEndpoint: enabled +metaDataHttpProtocolIPv6: disabled +metaDataHttpPutResponseHopLimit: 2 +metaDataHttpTokens: required + + # Storage +blockDeviceMappings: + - deviceName: /dev/xvda + ebs: + volumeSize: 100Gi + volumeType: gp3 + encrypted: false + deleteOnTermination: true + iops: 3000 + throughput: 125 + +detailedMonitoring: false +associatePublicIPAddress: false + # Consolidation Options +expireAfter: "720h" +consolidationPolicy: "WhenUnderutilized" +consolidateAfter: "5m" + + # Default Instance Sizing +instances: + minGeneration: 5 + architecture: "amd64" + categories: + - m + - r + - c + cores: + - "4" + - "8" + - "16" + capacityType: + - spot + - on-demand + operatingSystems: + - linux + +autoTaint: "false" + ## Exclude weak types of AMD instances + # excludeFamilies: + # - c6a + # - m6a + # - r6a + # - c5a + # - m5a + # - r5a + # - c6ad + # - m6ad + # - r6ad + # - m5ad + # - r5ad + # - r5ad + + ## Exclude Expensive types like Metal + # excludeInstanceSize: + # - metal + + # Kubelet Configuration paramemters + # kubeletClusterDNS: [] +kubeletSystemReservedCpu: 250m +kubeletSystemReservedMemory: 200Mi +kubeletSystemReservedEphemeralStorage: 2Gi +kubeletKubeReservedCpu: 250m +kubeletKubeReservedMemory: 1Gi +kubeletKubeReservedEphemeralStorage: 4Gi +kubeletEvictionHardMemoryAvailable: 768Mi +kubeletEvictionHardNodefsAvailable: 8% +kubeletEvictionHardNodefsInodesFree: 8% +kubeletEvictionSoftMemoryAvailable: 1280Mi +kubeletEvictionSoftNodefsAvailable: 10% +kubeletEvictionSoftNodefsInodesFree: 15% +kubeletEvictionSoftImagefsAvailable: 10% +kubeletEvictionSoftImagefsInodesFree: 10% +kubeletEvictionSoftPidAvailable: 10% +kubeletEvictionSoftGracePeriodImagefsAvailable: 10m0s +kubeletEvictionSoftGracePeriodImagefsInodesFree: 10m0s +kubeletEvictionSoftGracePeriodMemoryAvailable: 5m0s +kubeletEvictionSoftGracePeriodNodefsAvailable: 10m0s +kubeletEvictionSoftGracePeriodNodefsInodesFree: 10m0s +kubeletEvictionSoftGracePeriodPidAvailable: 2m0s + # kubeletImageGCHighThresholdPercent: 85 + # kubeletImageGCLowThresholdPercent: 80 + # kubeletImageMinimumGCAge: 2m0s + # kubeletCpuCFSQuota: true + # kubeletPodsPerCore: 5 + # kubeletMaxPods: 110 +weight: 1 + ## Create Low Priority Class For Generating Headroom +headRoom: false + + # PlaceHolder fo NodeGroups +nodeGroups: {} + +# additionalRequirements: +# - key: "karpenter.k8s.aws/instance-local-nvme" +# operator: "Exists" + +cilium: false +ciliumEffect: "NoExecute" # "NoSchedule" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter_old/.helmignore b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter_old/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter_old/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter_old/.keep b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter_old/.keep new file mode 100644 index 00000000..e69de29b diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter_old/Chart.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter_old/Chart.yaml new file mode 100644 index 00000000..ecfa8278 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter_old/Chart.yaml @@ -0,0 +1,19 @@ +apiVersion: v2 +name: karpenter-resources +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 1.0.0 + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter_old/_helpers.tpl b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter_old/_helpers.tpl new file mode 100644 index 00000000..e3237df1 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter_old/_helpers.tpl @@ -0,0 +1,66 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "resources.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "resources.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "resources.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "resources.labels" -}} +helm.sh/chart: {{ include "resources.chart" . }} +{{ include "resources.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "resources.selectorLabels" -}} +app.kubernetes.io/name: {{ include "resources.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "resources.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "resources.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{- define "toValidName" -}} +{{- printf "%s" . | regexReplaceAll "[^a-z0-9.-]" "-" | lower -}} +{{- end -}} \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter_old/templates/nodeclass.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter_old/templates/nodeclass.yaml new file mode 100644 index 00000000..0f7b50dd --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter_old/templates/nodeclass.yaml @@ -0,0 +1,28 @@ +apiVersion: karpenter.k8s.aws/v1beta1 +kind: EC2NodeClass +metadata: + name: default + annotations: + argocd.argoproj.io/sync-wave: "1" +spec: + amiFamily: {{ .Values.amiFamily | default .Values.global.amiFamily | quote }} + role: {{ .Values.nodeRole | default .Values.global.nodeRole | quote }} + securityGroupSelectorTerms: + - tags: + karpenter.sh/discovery: {{ .Values.clusterName | default .Values.global.clusterName | quote }} + subnetSelectorTerms: + - tags: + karpenter.sh/discovery: {{ .Values.clusterName | default .Values.global.clusterName | quote }} + blockDeviceMappings: + # Root device + - deviceName: /dev/xvda + ebs: + volumeSize: 10Gi + volumeType: gp3 + encrypted: true + # Data device: Container resources such as images and logs + - deviceName: /dev/xvdb + ebs: + volumeSize: {{ .Values.volumeSize | default .Values.global.volumeSize | quote }} + volumeType: gp3 + encrypted: true diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter_old/templates/pool.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter_old/templates/pool.yaml new file mode 100644 index 00000000..4d97870f --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter_old/templates/pool.yaml @@ -0,0 +1,187 @@ +{{- $environment := .Values.environment | default .Values.global.environment -}} +{{- if eq $environment "production" -}} +apiVersion: karpenter.sh/v1beta1 +kind: NodePool +metadata: + name: on-demand + annotations: + argocd.argoproj.io/sync-wave: "2" +spec: + disruption: + consolidationPolicy: WhenUnderutilized + expireAfter: 720h0m0s + limits: + cpu: 1k + template: + metadata: + labels: + bottlerocket.aws/updater-interface-version: 2.0.0 + spec: + nodeClassRef: + apiVersion: karpenter.k8s.aws/v1beta1 + kind: EC2NodeClass + name: default + requirements: + - key: capacity-spread + operator: In + values: + - "1" + - "2" + - key: karpenter.sh/capacity-type + operator: In + values: + - on-demand + - key: kubernetes.io/arch + operator: In + values: + - amd64 + #- arm64 + - key: karpenter.k8s.aws/instance-cpu + operator: In + values: + - "8" + - "16" + - "32" + - "48" + - "64" + - key: karpenter.k8s.aws/instance-category + operator: In + values: + - c + - m + - r + - key: karpenter.k8s.aws/instance-generation + operator: Gt + values: + - "4" + - key: kubernetes.io/os + operator: In + values: + - linux + {{- with .Values.startupTaints }} + startupTaints: + {{- toYaml . | nindent 6 }} + {{ end }} +--- +apiVersion: karpenter.sh/v1beta1 +kind: NodePool +metadata: + name: default + annotations: + argocd.argoproj.io/sync-wave: "2" +spec: + disruption: + consolidationPolicy: WhenUnderutilized + expireAfter: 720h0m0s + limits: + cpu: 1k + template: + metadata: + labels: + bottlerocket.aws/updater-interface-version: 2.0.0 + spec: + nodeClassRef: + apiVersion: karpenter.k8s.aws/v1beta1 + kind: EC2NodeClass + name: default + requirements: + - key: capacity-spread + operator: In + values: + - "3" + - key: karpenter.sh/capacity-type + operator: In + values: + - on-demand + - spot + - key: kubernetes.io/arch + operator: In + values: + - amd64 + #- arm64 + - key: karpenter.k8s.aws/instance-cpu + operator: In + values: + - "8" + - "16" + - "32" + - "48" + - "64" + - key: karpenter.k8s.aws/instance-category + operator: In + values: + - c + - m + - r + - key: karpenter.k8s.aws/instance-generation + operator: Gt + values: + - "4" + - key: kubernetes.io/os + operator: In + values: + - linux + {{- with .Values.startupTaints }} + startupTaints: + {{- toYaml . | nindent 6 }} + {{ end }} +{{- else -}} +apiVersion: karpenter.sh/v1beta1 +kind: NodePool +metadata: + name: default + annotations: + argocd.argoproj.io/sync-wave: "2" +spec: + disruption: + consolidationPolicy: WhenUnderutilized + expireAfter: 720h0m0s + limits: + cpu: 1k + template: + metadata: + labels: + bottlerocket.aws/updater-interface-version: 2.0.0 + spec: + nodeClassRef: + apiVersion: karpenter.k8s.aws/v1beta1 + kind: EC2NodeClass + name: default + requirements: + - key: karpenter.sh/capacity-type + operator: In + values: + - spot + - on-demand + - key: kubernetes.io/arch + operator: In + values: + - amd64 + #- arm64 + - key: karpenter.k8s.aws/instance-cpu + operator: In + values: + - "8" + - "16" + - "32" + - "48" + - "64" + - key: karpenter.k8s.aws/instance-category + operator: In + values: + - c + - m + - r + - key: karpenter.k8s.aws/instance-generation + operator: Gt + values: + - "4" + - key: kubernetes.io/os + operator: In + values: + - linux + {{- with .Values.startupTaints }} + startupTaints: + {{- toYaml . | nindent 6 }} + {{ end }} +{{- end -}} \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter_old/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter_old/values.yaml new file mode 100644 index 00000000..cd08fefe --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/charts/resources/karpenter_old/values.yaml @@ -0,0 +1,12 @@ +global: + clusterName: "foo" + volumeSize: "10Gi" + nodeRole: "karpenter" + amiFamily: Bottlerocket + environment: "production" +# clusterName: "foo" +# volumeSize: "10Gi" +# nodeRole: "karpenter" +# amiFamily: Bottlerocket +# environment: "production" + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/ack/.gitkeep b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/ack/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/argocd/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/argocd/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/argocd/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/argocd/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/argocd/values.yaml new file mode 100644 index 00000000..dd923a71 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/argocd/values.yaml @@ -0,0 +1,227 @@ +global: + tolerations: + - key: "CriticalAddonsOnly" + operator: "Exists" + +controller: + replicas: 1 # Additional replicas will cause sharding of managed clusters across number of replicas. + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + env: + - name: ARGOCD_K8S_CLIENT_QPS #required for Crossplane too many CRDs https://github.com/argoproj/argo-cd/pull/448 + value: '300' + +repoServer: + autoscaling: + enabled: true + minReplicas: 1 + resources: # Adjust based on your specific use case (required for HPA) + requests: + cpu: '100m' + memory: '256Mi' + limits: + cpu: '200m' + memory: '512Mi' + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + +applicationSet: + replicaCount: 1 # The controller doesn't scale horizontally, is active-standby replicas + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + +server: + autoscaling: + enabled: true + minReplicas: 1 + resources: # Adjust based on your specific use case (required for HPA) + requests: + cpu: '100m' + memory: '256Mi' + limits: + cpu: '200m' + memory: '512Mi' + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + service: + type: LoadBalancer + annotations: + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing + +configs: + repositories: + # Required when using helm repository with oci formal like karpenter and aws-gateway-api-controller + aws-public-ecr: + name: aws-public-ecr + type: helm + url: public.ecr.aws + enableOCI: 'true' + cm: + application.resourceTrackingMethod: 'annotation' #use annotation for tracking required for Crossplane + resource.exclusions: | + - kinds: + - ProviderConfigUsage + apiGroups: + - "*" + resource.customizations: | + "awsblueprints.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + "*.aws.upbound.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + "*.aws.crossplane.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + +# -- Array of extra K8s manifests to deploy +## Note: Supports use of custom Helm templates +## It gets handle in this form inside the argo-cd chart +# {{ range .Values.extraObjects }} +# --- +# {{ if typeIs "string" . }} +# {{- tpl . $ }} +# {{- else }} +# {{- tpl (toYaml .) $ }} +# {{- end }} +# {{ end }} +extraObjects: + - | + apiVersion: argoproj.io/v1alpha1 + kind: AppProject + metadata: + name: default + namespace: {{ $.Release.Namespace | quote }} + annotations: + source: gitops-bridge + spec: + clusterResourceWhitelist: + - group: '*' + kind: '*' + sourceRepos: + - '*' + destinations: + - namespace: '*' + name: '*' + server: '*' diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/aws-load-balancer-controller/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/aws-load-balancer-controller/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/aws-load-balancer-controller/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/aws-load-balancer-controller/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/aws-load-balancer-controller/values.yaml new file mode 100644 index 00000000..869cc182 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/aws-load-balancer-controller/values.yaml @@ -0,0 +1,4 @@ +# values for the addon +tolerations: +- key: "CriticalAddonsOnly" + operator: "Exists" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/gatekeeper/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/gatekeeper/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/gatekeeper/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/gatekeeper/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/gatekeeper/values.yaml new file mode 100644 index 00000000..d7ab2b2e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/gatekeeper/values.yaml @@ -0,0 +1,2 @@ +# values for the addon + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/gitops-bridge/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/gitops-bridge/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/karpenter/resources/.keep b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/karpenter/resources/.keep new file mode 100644 index 00000000..e69de29b diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/karpenter/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/karpenter/resources/values.yaml new file mode 100644 index 00000000..bf1d26d1 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/karpenter/resources/values.yaml @@ -0,0 +1,3 @@ +# karpenter resources like nodepool and nodeclass +environment: dev + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/karpenter/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/karpenter/values.yaml new file mode 100644 index 00000000..d7ab2b2e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/karpenter/values.yaml @@ -0,0 +1,2 @@ +# values for the addon + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/metrics-server/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/metrics-server/resources/values.yaml new file mode 100644 index 00000000..204c5a57 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/metrics-server/resources/values.yaml @@ -0,0 +1 @@ +# values for the resources of the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/metrics-server/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/metrics-server/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/addons/metrics-server/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/capi/.gitkeep b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/capi/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/crossplane/.gitkeep b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster1/crossplane/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/ack/.gitkeep b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/ack/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/argocd/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/argocd/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/argocd/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/argocd/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/argocd/values.yaml new file mode 100644 index 00000000..dd923a71 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/argocd/values.yaml @@ -0,0 +1,227 @@ +global: + tolerations: + - key: "CriticalAddonsOnly" + operator: "Exists" + +controller: + replicas: 1 # Additional replicas will cause sharding of managed clusters across number of replicas. + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + env: + - name: ARGOCD_K8S_CLIENT_QPS #required for Crossplane too many CRDs https://github.com/argoproj/argo-cd/pull/448 + value: '300' + +repoServer: + autoscaling: + enabled: true + minReplicas: 1 + resources: # Adjust based on your specific use case (required for HPA) + requests: + cpu: '100m' + memory: '256Mi' + limits: + cpu: '200m' + memory: '512Mi' + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + +applicationSet: + replicaCount: 1 # The controller doesn't scale horizontally, is active-standby replicas + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + +server: + autoscaling: + enabled: true + minReplicas: 1 + resources: # Adjust based on your specific use case (required for HPA) + requests: + cpu: '100m' + memory: '256Mi' + limits: + cpu: '200m' + memory: '512Mi' + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + service: + type: LoadBalancer + annotations: + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing + +configs: + repositories: + # Required when using helm repository with oci formal like karpenter and aws-gateway-api-controller + aws-public-ecr: + name: aws-public-ecr + type: helm + url: public.ecr.aws + enableOCI: 'true' + cm: + application.resourceTrackingMethod: 'annotation' #use annotation for tracking required for Crossplane + resource.exclusions: | + - kinds: + - ProviderConfigUsage + apiGroups: + - "*" + resource.customizations: | + "awsblueprints.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + "*.aws.upbound.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + "*.aws.crossplane.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + +# -- Array of extra K8s manifests to deploy +## Note: Supports use of custom Helm templates +## It gets handle in this form inside the argo-cd chart +# {{ range .Values.extraObjects }} +# --- +# {{ if typeIs "string" . }} +# {{- tpl . $ }} +# {{- else }} +# {{- tpl (toYaml .) $ }} +# {{- end }} +# {{ end }} +extraObjects: + - | + apiVersion: argoproj.io/v1alpha1 + kind: AppProject + metadata: + name: default + namespace: {{ $.Release.Namespace | quote }} + annotations: + source: gitops-bridge + spec: + clusterResourceWhitelist: + - group: '*' + kind: '*' + sourceRepos: + - '*' + destinations: + - namespace: '*' + name: '*' + server: '*' diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/aws-load-balancer-controller/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/aws-load-balancer-controller/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/aws-load-balancer-controller/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/aws-load-balancer-controller/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/aws-load-balancer-controller/values.yaml new file mode 100644 index 00000000..869cc182 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/aws-load-balancer-controller/values.yaml @@ -0,0 +1,4 @@ +# values for the addon +tolerations: +- key: "CriticalAddonsOnly" + operator: "Exists" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/gatekeeper/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/gatekeeper/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/gatekeeper/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/gatekeeper/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/gatekeeper/values.yaml new file mode 100644 index 00000000..d7ab2b2e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/gatekeeper/values.yaml @@ -0,0 +1,2 @@ +# values for the addon + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/gitops-bridge/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/gitops-bridge/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/karpenter/resources/.keep b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/karpenter/resources/.keep new file mode 100644 index 00000000..e69de29b diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/karpenter/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/karpenter/resources/values.yaml new file mode 100644 index 00000000..bf1d26d1 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/karpenter/resources/values.yaml @@ -0,0 +1,3 @@ +# karpenter resources like nodepool and nodeclass +environment: dev + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/karpenter/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/karpenter/values.yaml new file mode 100644 index 00000000..d7ab2b2e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/karpenter/values.yaml @@ -0,0 +1,2 @@ +# values for the addon + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/metrics-server/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/metrics-server/resources/values.yaml new file mode 100644 index 00000000..204c5a57 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/metrics-server/resources/values.yaml @@ -0,0 +1 @@ +# values for the resources of the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/metrics-server/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/metrics-server/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/addons/metrics-server/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/capi/.gitkeep b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/capi/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/crossplane/.gitkeep b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/clusters/cluster2/crossplane/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/argocd/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/argocd/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/argocd/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/argocd/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/argocd/values.yaml new file mode 100644 index 00000000..979aefba --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/argocd/values.yaml @@ -0,0 +1,228 @@ +global: + tolerations: + - key: "CriticalAddonsOnly" + operator: "Exists" + +controller: + replicas: 1 # Additional replicas will cause sharding of managed clusters across number of replicas. + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + env: + - name: ARGOCD_K8S_CLIENT_QPS #required for Crossplane too many CRDs https://github.com/argoproj/argo-cd/pull/448 + value: '300' + - name: ARGOCD_SYNC_WAVE_DELAY + value: '30' +repoServer: + autoscaling: + enabled: true + minReplicas: 1 + resources: # Adjust based on your specific use case (required for HPA) + requests: + cpu: '100m' + memory: '256Mi' + limits: + cpu: '200m' + memory: '512Mi' + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + +applicationSet: + replicaCount: 1 # The controller doesn't scale horizontally, is active-standby replicas + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + +server: + autoscaling: + enabled: true + minReplicas: 1 + resources: # Adjust based on your specific use case (required for HPA) + requests: + cpu: '100m' + memory: '256Mi' + limits: + cpu: '200m' + memory: '512Mi' + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + service: + type: LoadBalancer + annotations: + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing + +configs: + repositories: + # Required when using helm repository with oci formal like karpenter and aws-gateway-api-controller + aws-public-ecr: + name: aws-public-ecr + type: helm + url: public.ecr.aws + enableOCI: 'true' + cm: + application.resourceTrackingMethod: 'annotation' #use annotation for tracking required for Crossplane + resource.exclusions: | + - kinds: + - ProviderConfigUsage + apiGroups: + - "*" + resource.customizations: | + "awsblueprints.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + "*.aws.upbound.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + "*.aws.crossplane.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + +# -- Array of extra K8s manifests to deploy +## Note: Supports use of custom Helm templates +## It gets handle in this form inside the argo-cd chart +# {{ range .Values.extraObjects }} +# --- +# {{ if typeIs "string" . }} +# {{- tpl . $ }} +# {{- else }} +# {{- tpl (toYaml .) $ }} +# {{- end }} +# {{ end }} +extraObjects: + - | + apiVersion: argoproj.io/v1alpha1 + kind: AppProject + metadata: + name: default + namespace: {{ $.Release.Namespace | quote }} + annotations: + source: gitops-bridge + spec: + clusterResourceWhitelist: + - group: '*' + kind: '*' + sourceRepos: + - '*' + destinations: + - namespace: '*' + name: '*' + server: '*' diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/aws-cloudwatch-metrics/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/aws-cloudwatch-metrics/values.yaml new file mode 100644 index 00000000..507271f8 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/aws-cloudwatch-metrics/values.yaml @@ -0,0 +1,3 @@ +tolerations: +- key: "CriticalAddonsOnly" + operator: "Exists" \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/aws-for-fluentbit/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/aws-for-fluentbit/values.yaml new file mode 100644 index 00000000..dd388d7d --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/aws-for-fluentbit/values.yaml @@ -0,0 +1,3 @@ +tolerations: +- key: "CriticalAddonsOnly" + operator: "Exists" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/aws-load-balancer-controller/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/aws-load-balancer-controller/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/aws-load-balancer-controller/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/aws-load-balancer-controller/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/aws-load-balancer-controller/values.yaml new file mode 100644 index 00000000..869cc182 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/aws-load-balancer-controller/values.yaml @@ -0,0 +1,4 @@ +# values for the addon +tolerations: +- key: "CriticalAddonsOnly" + operator: "Exists" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/gatekeeper/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/gatekeeper/resources/values.yaml new file mode 100644 index 00000000..204c5a57 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/gatekeeper/resources/values.yaml @@ -0,0 +1 @@ +# values for the resources of the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/gatekeeper/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/gatekeeper/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/gatekeeper/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/gitops-bridge/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/gitops-bridge/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/karpenter/resources/.keep b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/karpenter/resources/.keep new file mode 100644 index 00000000..e69de29b diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/karpenter/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/karpenter/resources/values.yaml new file mode 100644 index 00000000..6b57637c --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/karpenter/resources/values.yaml @@ -0,0 +1,54 @@ +# karpenter resources like nodepool and nodeclass +environment: dev + +nodeGroups: + nodes-default: + instances: + categories: + - c + - m + - r + +instances: + minGeneration: 5 + architecture: "amd64" + categories: + - m + - r + cores: + - "4" + - "8" + - "16" + capacityType: + - spot + - on-demand + operatingSystems: + - linux + minGeneration: 5 + + +clusterName: in-cluster +IamRole: myRole +amiFamily: Bottlerocket +securityGroupSelectorTerms: +- tags: + karpenter.sh/discovery: 'in-cluster' +subnetSelectorTerms: +- tags: + karpenter.sh/discovery: 'in-cluster' +nodeTags: + component: gitops-bridge + team: gitops-bridge +blockDeviceMappings: +- deviceName: /dev/xvda + ebs: + volumeSize: 10Gi + volumeType: gp3 + encrypted: true +- deviceName: /dev/xvdb + ebs: + volumeSize: 20Gi + volumeType: gp3 + encrypted: true + + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/karpenter/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/karpenter/values.yaml new file mode 100644 index 00000000..d7ab2b2e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/karpenter/values.yaml @@ -0,0 +1,2 @@ +# values for the addon + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/metrics-server/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/metrics-server/resources/values.yaml new file mode 100644 index 00000000..204c5a57 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/metrics-server/resources/values.yaml @@ -0,0 +1 @@ +# values for the resources of the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/metrics-server/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/metrics-server/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/metrics-server/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/volcano/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/volcano/resources/values.yaml new file mode 100644 index 00000000..204c5a57 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/volcano/resources/values.yaml @@ -0,0 +1 @@ +# values for the resources of the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/volcano/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/volcano/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/default/addons/volcano/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/argocd/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/argocd/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/argocd/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/argocd/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/argocd/values.yaml new file mode 100644 index 00000000..dd923a71 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/argocd/values.yaml @@ -0,0 +1,227 @@ +global: + tolerations: + - key: "CriticalAddonsOnly" + operator: "Exists" + +controller: + replicas: 1 # Additional replicas will cause sharding of managed clusters across number of replicas. + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + env: + - name: ARGOCD_K8S_CLIENT_QPS #required for Crossplane too many CRDs https://github.com/argoproj/argo-cd/pull/448 + value: '300' + +repoServer: + autoscaling: + enabled: true + minReplicas: 1 + resources: # Adjust based on your specific use case (required for HPA) + requests: + cpu: '100m' + memory: '256Mi' + limits: + cpu: '200m' + memory: '512Mi' + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + +applicationSet: + replicaCount: 1 # The controller doesn't scale horizontally, is active-standby replicas + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + +server: + autoscaling: + enabled: true + minReplicas: 1 + resources: # Adjust based on your specific use case (required for HPA) + requests: + cpu: '100m' + memory: '256Mi' + limits: + cpu: '200m' + memory: '512Mi' + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + service: + type: LoadBalancer + annotations: + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing + +configs: + repositories: + # Required when using helm repository with oci formal like karpenter and aws-gateway-api-controller + aws-public-ecr: + name: aws-public-ecr + type: helm + url: public.ecr.aws + enableOCI: 'true' + cm: + application.resourceTrackingMethod: 'annotation' #use annotation for tracking required for Crossplane + resource.exclusions: | + - kinds: + - ProviderConfigUsage + apiGroups: + - "*" + resource.customizations: | + "awsblueprints.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + "*.aws.upbound.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + "*.aws.crossplane.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + +# -- Array of extra K8s manifests to deploy +## Note: Supports use of custom Helm templates +## It gets handle in this form inside the argo-cd chart +# {{ range .Values.extraObjects }} +# --- +# {{ if typeIs "string" . }} +# {{- tpl . $ }} +# {{- else }} +# {{- tpl (toYaml .) $ }} +# {{- end }} +# {{ end }} +extraObjects: + - | + apiVersion: argoproj.io/v1alpha1 + kind: AppProject + metadata: + name: default + namespace: {{ $.Release.Namespace | quote }} + annotations: + source: gitops-bridge + spec: + clusterResourceWhitelist: + - group: '*' + kind: '*' + sourceRepos: + - '*' + destinations: + - namespace: '*' + name: '*' + server: '*' diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/aws-load-balancer-controller/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/aws-load-balancer-controller/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/aws-load-balancer-controller/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/aws-load-balancer-controller/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/aws-load-balancer-controller/values.yaml new file mode 100644 index 00000000..869cc182 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/aws-load-balancer-controller/values.yaml @@ -0,0 +1,4 @@ +# values for the addon +tolerations: +- key: "CriticalAddonsOnly" + operator: "Exists" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/gatekeeper/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/gatekeeper/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/gatekeeper/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/gatekeeper/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/gatekeeper/values.yaml new file mode 100644 index 00000000..d7ab2b2e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/gatekeeper/values.yaml @@ -0,0 +1,2 @@ +# values for the addon + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/gitops-bridge/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/gitops-bridge/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/karpenter/resources/.keep b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/karpenter/resources/.keep new file mode 100644 index 00000000..e69de29b diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/karpenter/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/karpenter/resources/values.yaml new file mode 100644 index 00000000..bf1d26d1 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/karpenter/resources/values.yaml @@ -0,0 +1,3 @@ +# karpenter resources like nodepool and nodeclass +environment: dev + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/karpenter/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/karpenter/values.yaml new file mode 100644 index 00000000..d7ab2b2e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/karpenter/values.yaml @@ -0,0 +1,2 @@ +# values for the addon + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/metrics-server/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/metrics-server/resources/values.yaml new file mode 100644 index 00000000..204c5a57 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/metrics-server/resources/values.yaml @@ -0,0 +1 @@ +# values for the resources of the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/metrics-server/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/metrics-server/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/metrics-server/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/volcano/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/volcano/resources/values.yaml new file mode 100644 index 00000000..204c5a57 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/volcano/resources/values.yaml @@ -0,0 +1 @@ +# values for the resources of the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/volcano/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/volcano/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/control-plane/addons/volcano/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/argocd/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/argocd/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/argocd/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/argocd/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/argocd/values.yaml new file mode 100644 index 00000000..dd923a71 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/argocd/values.yaml @@ -0,0 +1,227 @@ +global: + tolerations: + - key: "CriticalAddonsOnly" + operator: "Exists" + +controller: + replicas: 1 # Additional replicas will cause sharding of managed clusters across number of replicas. + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + env: + - name: ARGOCD_K8S_CLIENT_QPS #required for Crossplane too many CRDs https://github.com/argoproj/argo-cd/pull/448 + value: '300' + +repoServer: + autoscaling: + enabled: true + minReplicas: 1 + resources: # Adjust based on your specific use case (required for HPA) + requests: + cpu: '100m' + memory: '256Mi' + limits: + cpu: '200m' + memory: '512Mi' + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + +applicationSet: + replicaCount: 1 # The controller doesn't scale horizontally, is active-standby replicas + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + +server: + autoscaling: + enabled: true + minReplicas: 1 + resources: # Adjust based on your specific use case (required for HPA) + requests: + cpu: '100m' + memory: '256Mi' + limits: + cpu: '200m' + memory: '512Mi' + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + service: + type: LoadBalancer + annotations: + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing + +configs: + repositories: + # Required when using helm repository with oci formal like karpenter and aws-gateway-api-controller + aws-public-ecr: + name: aws-public-ecr + type: helm + url: public.ecr.aws + enableOCI: 'true' + cm: + application.resourceTrackingMethod: 'annotation' #use annotation for tracking required for Crossplane + resource.exclusions: | + - kinds: + - ProviderConfigUsage + apiGroups: + - "*" + resource.customizations: | + "awsblueprints.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + "*.aws.upbound.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + "*.aws.crossplane.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + +# -- Array of extra K8s manifests to deploy +## Note: Supports use of custom Helm templates +## It gets handle in this form inside the argo-cd chart +# {{ range .Values.extraObjects }} +# --- +# {{ if typeIs "string" . }} +# {{- tpl . $ }} +# {{- else }} +# {{- tpl (toYaml .) $ }} +# {{- end }} +# {{ end }} +extraObjects: + - | + apiVersion: argoproj.io/v1alpha1 + kind: AppProject + metadata: + name: default + namespace: {{ $.Release.Namespace | quote }} + annotations: + source: gitops-bridge + spec: + clusterResourceWhitelist: + - group: '*' + kind: '*' + sourceRepos: + - '*' + destinations: + - namespace: '*' + name: '*' + server: '*' diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/aws-load-balancer-controller/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/aws-load-balancer-controller/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/aws-load-balancer-controller/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/aws-load-balancer-controller/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/aws-load-balancer-controller/values.yaml new file mode 100644 index 00000000..869cc182 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/aws-load-balancer-controller/values.yaml @@ -0,0 +1,4 @@ +# values for the addon +tolerations: +- key: "CriticalAddonsOnly" + operator: "Exists" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/gatekeeper/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/gatekeeper/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/gatekeeper/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/gatekeeper/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/gatekeeper/values.yaml new file mode 100644 index 00000000..d7ab2b2e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/gatekeeper/values.yaml @@ -0,0 +1,2 @@ +# values for the addon + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/gitops-bridge/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/gitops-bridge/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/karpenter/resources/.keep b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/karpenter/resources/.keep new file mode 100644 index 00000000..e69de29b diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/karpenter/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/karpenter/resources/values.yaml new file mode 100644 index 00000000..bf1d26d1 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/karpenter/resources/values.yaml @@ -0,0 +1,3 @@ +# karpenter resources like nodepool and nodeclass +environment: dev + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/karpenter/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/karpenter/values.yaml new file mode 100644 index 00000000..d7ab2b2e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/karpenter/values.yaml @@ -0,0 +1,2 @@ +# values for the addon + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/metrics-server/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/metrics-server/resources/values.yaml new file mode 100644 index 00000000..204c5a57 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/metrics-server/resources/values.yaml @@ -0,0 +1 @@ +# values for the resources of the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/metrics-server/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/metrics-server/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/metrics-server/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/volcano/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/volcano/resources/values.yaml new file mode 100644 index 00000000..204c5a57 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/volcano/resources/values.yaml @@ -0,0 +1 @@ +# values for the resources of the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/volcano/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/volcano/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/dev/addons/volcano/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/argocd/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/argocd/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/argocd/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/argocd/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/argocd/values.yaml new file mode 100644 index 00000000..dd923a71 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/argocd/values.yaml @@ -0,0 +1,227 @@ +global: + tolerations: + - key: "CriticalAddonsOnly" + operator: "Exists" + +controller: + replicas: 1 # Additional replicas will cause sharding of managed clusters across number of replicas. + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + env: + - name: ARGOCD_K8S_CLIENT_QPS #required for Crossplane too many CRDs https://github.com/argoproj/argo-cd/pull/448 + value: '300' + +repoServer: + autoscaling: + enabled: true + minReplicas: 1 + resources: # Adjust based on your specific use case (required for HPA) + requests: + cpu: '100m' + memory: '256Mi' + limits: + cpu: '200m' + memory: '512Mi' + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + +applicationSet: + replicaCount: 1 # The controller doesn't scale horizontally, is active-standby replicas + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + +server: + autoscaling: + enabled: true + minReplicas: 1 + resources: # Adjust based on your specific use case (required for HPA) + requests: + cpu: '100m' + memory: '256Mi' + limits: + cpu: '200m' + memory: '512Mi' + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + service: + type: LoadBalancer + annotations: + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing + +configs: + repositories: + # Required when using helm repository with oci formal like karpenter and aws-gateway-api-controller + aws-public-ecr: + name: aws-public-ecr + type: helm + url: public.ecr.aws + enableOCI: 'true' + cm: + application.resourceTrackingMethod: 'annotation' #use annotation for tracking required for Crossplane + resource.exclusions: | + - kinds: + - ProviderConfigUsage + apiGroups: + - "*" + resource.customizations: | + "awsblueprints.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + "*.aws.upbound.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + "*.aws.crossplane.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + +# -- Array of extra K8s manifests to deploy +## Note: Supports use of custom Helm templates +## It gets handle in this form inside the argo-cd chart +# {{ range .Values.extraObjects }} +# --- +# {{ if typeIs "string" . }} +# {{- tpl . $ }} +# {{- else }} +# {{- tpl (toYaml .) $ }} +# {{- end }} +# {{ end }} +extraObjects: + - | + apiVersion: argoproj.io/v1alpha1 + kind: AppProject + metadata: + name: default + namespace: {{ $.Release.Namespace | quote }} + annotations: + source: gitops-bridge + spec: + clusterResourceWhitelist: + - group: '*' + kind: '*' + sourceRepos: + - '*' + destinations: + - namespace: '*' + name: '*' + server: '*' diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/aws-load-balancer-controller/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/aws-load-balancer-controller/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/aws-load-balancer-controller/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/aws-load-balancer-controller/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/aws-load-balancer-controller/values.yaml new file mode 100644 index 00000000..869cc182 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/aws-load-balancer-controller/values.yaml @@ -0,0 +1,4 @@ +# values for the addon +tolerations: +- key: "CriticalAddonsOnly" + operator: "Exists" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/gatekeeper/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/gatekeeper/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/gatekeeper/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/gatekeeper/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/gatekeeper/values.yaml new file mode 100644 index 00000000..d7ab2b2e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/gatekeeper/values.yaml @@ -0,0 +1,2 @@ +# values for the addon + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/gitops-bridge/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/gitops-bridge/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/karpenter/resources/.keep b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/karpenter/resources/.keep new file mode 100644 index 00000000..e69de29b diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/karpenter/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/karpenter/resources/values.yaml new file mode 100644 index 00000000..bf1d26d1 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/karpenter/resources/values.yaml @@ -0,0 +1,3 @@ +# karpenter resources like nodepool and nodeclass +environment: dev + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/karpenter/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/karpenter/values.yaml new file mode 100644 index 00000000..d7ab2b2e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/karpenter/values.yaml @@ -0,0 +1,2 @@ +# values for the addon + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/metrics-server/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/metrics-server/resources/values.yaml new file mode 100644 index 00000000..204c5a57 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/metrics-server/resources/values.yaml @@ -0,0 +1 @@ +# values for the resources of the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/metrics-server/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/metrics-server/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/metrics-server/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/volcano/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/volcano/resources/values.yaml new file mode 100644 index 00000000..204c5a57 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/volcano/resources/values.yaml @@ -0,0 +1 @@ +# values for the resources of the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/volcano/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/volcano/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/prod/addons/volcano/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/argocd/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/argocd/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/argocd/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/argocd/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/argocd/values.yaml new file mode 100644 index 00000000..dd923a71 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/argocd/values.yaml @@ -0,0 +1,227 @@ +global: + tolerations: + - key: "CriticalAddonsOnly" + operator: "Exists" + +controller: + replicas: 1 # Additional replicas will cause sharding of managed clusters across number of replicas. + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + env: + - name: ARGOCD_K8S_CLIENT_QPS #required for Crossplane too many CRDs https://github.com/argoproj/argo-cd/pull/448 + value: '300' + +repoServer: + autoscaling: + enabled: true + minReplicas: 1 + resources: # Adjust based on your specific use case (required for HPA) + requests: + cpu: '100m' + memory: '256Mi' + limits: + cpu: '200m' + memory: '512Mi' + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + +applicationSet: + replicaCount: 1 # The controller doesn't scale horizontally, is active-standby replicas + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + +server: + autoscaling: + enabled: true + minReplicas: 1 + resources: # Adjust based on your specific use case (required for HPA) + requests: + cpu: '100m' + memory: '256Mi' + limits: + cpu: '200m' + memory: '512Mi' + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + service: + type: LoadBalancer + annotations: + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing + +configs: + repositories: + # Required when using helm repository with oci formal like karpenter and aws-gateway-api-controller + aws-public-ecr: + name: aws-public-ecr + type: helm + url: public.ecr.aws + enableOCI: 'true' + cm: + application.resourceTrackingMethod: 'annotation' #use annotation for tracking required for Crossplane + resource.exclusions: | + - kinds: + - ProviderConfigUsage + apiGroups: + - "*" + resource.customizations: | + "awsblueprints.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + "*.aws.upbound.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + "*.aws.crossplane.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + +# -- Array of extra K8s manifests to deploy +## Note: Supports use of custom Helm templates +## It gets handle in this form inside the argo-cd chart +# {{ range .Values.extraObjects }} +# --- +# {{ if typeIs "string" . }} +# {{- tpl . $ }} +# {{- else }} +# {{- tpl (toYaml .) $ }} +# {{- end }} +# {{ end }} +extraObjects: + - | + apiVersion: argoproj.io/v1alpha1 + kind: AppProject + metadata: + name: default + namespace: {{ $.Release.Namespace | quote }} + annotations: + source: gitops-bridge + spec: + clusterResourceWhitelist: + - group: '*' + kind: '*' + sourceRepos: + - '*' + destinations: + - namespace: '*' + name: '*' + server: '*' diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/aws-load-balancer-controller/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/aws-load-balancer-controller/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/aws-load-balancer-controller/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/aws-load-balancer-controller/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/aws-load-balancer-controller/values.yaml new file mode 100644 index 00000000..869cc182 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/aws-load-balancer-controller/values.yaml @@ -0,0 +1,4 @@ +# values for the addon +tolerations: +- key: "CriticalAddonsOnly" + operator: "Exists" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/gatekeeper/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/gatekeeper/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/gatekeeper/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/gatekeeper/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/gatekeeper/values.yaml new file mode 100644 index 00000000..d7ab2b2e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/gatekeeper/values.yaml @@ -0,0 +1,2 @@ +# values for the addon + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/gitops-bridge/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/gitops-bridge/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/gitops-bridge/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/karpenter/resources/.keep b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/karpenter/resources/.keep new file mode 100644 index 00000000..e69de29b diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/karpenter/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/karpenter/resources/values.yaml new file mode 100644 index 00000000..bf1d26d1 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/karpenter/resources/values.yaml @@ -0,0 +1,3 @@ +# karpenter resources like nodepool and nodeclass +environment: dev + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/karpenter/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/karpenter/values.yaml new file mode 100644 index 00000000..d7ab2b2e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/karpenter/values.yaml @@ -0,0 +1,2 @@ +# values for the addon + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/metrics-server/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/metrics-server/resources/values.yaml new file mode 100644 index 00000000..204c5a57 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/metrics-server/resources/values.yaml @@ -0,0 +1 @@ +# values for the resources of the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/metrics-server/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/metrics-server/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/metrics-server/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/volcano/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/volcano/resources/values.yaml new file mode 100644 index 00000000..204c5a57 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/volcano/resources/values.yaml @@ -0,0 +1 @@ +# values for the resources of the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/volcano/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/volcano/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/environments/staging/addons/volcano/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/.keep b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/.keep new file mode 100644 index 00000000..e69de29b diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/disallowedrepos/kustomization.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/disallowedrepos/kustomization.yaml new file mode 100644 index 00000000..475a5391 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/disallowedrepos/kustomization.yaml @@ -0,0 +1,3 @@ +resources: + - template.yaml + - samples/repo-must-not-be-k8s-gcr-io/constraint.yaml diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/constraint.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/constraint.yaml new file mode 100644 index 00000000..3da15a5d --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/constraint.yaml @@ -0,0 +1,12 @@ +apiVersion: constraints.gatekeeper.sh/v1beta1 +kind: K8sDisallowedRepos +metadata: + name: repo-must-not-be-k8s-gcr-io +spec: + match: + kinds: + - apiGroups: [""] + kinds: ["Pod"] + parameters: + repos: + - "k8s.gcr.io/" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/disallowed_all.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/disallowed_all.yaml new file mode 100644 index 00000000..ec4bfc90 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/disallowed_all.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Pod +metadata: + name: kustomize-disallowed +spec: + initContainers: + - name: kustomize + image: k8s.gcr.io/kustomize/kustomize:v3.8.9 + containers: + - name: kustomize + image: k8s.gcr.io/kustomize/kustomize:v3.8.9 + ephemeralContainers: + - name: kustomize + image: k8s.gcr.io/kustomize/kustomize:v3.8.9 diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_allowed.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_allowed.yaml new file mode 100644 index 00000000..145d903f --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_allowed.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Pod +metadata: + name: kustomize-allowed +spec: + containers: + - name: kustomize + image: registry.k8s.io/kustomize/kustomize:v3.8.9 diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_both.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_both.yaml new file mode 100644 index 00000000..860e00d7 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_both.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Pod +metadata: + name: kustomize-disallowed +spec: + initContainers: + - name: kustomizeinit + image: k8s.gcr.io/kustomize/kustomize:v3.8.9 + containers: + - name: kustomize + image: k8s.gcr.io/kustomize/kustomize:v3.8.9 diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_container.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_container.yaml new file mode 100644 index 00000000..efae1b41 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_container.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Pod +metadata: + name: kustomize-disallowed +spec: + containers: + - name: kustomize + image: k8s.gcr.io/kustomize/kustomize:v3.8.9 + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_initcontainer.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_initcontainer.yaml new file mode 100644 index 00000000..93a419d6 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/disallowedrepos/samples/repo-must-not-be-k8s-gcr-io/example_disallowed_initcontainer.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Pod +metadata: + name: kustomize-disallowed +spec: + initContainers: + - name: kustomizeinit + image: k8s.gcr.io/kustomize/kustomize:v3.8.9 + containers: + - name: kustomize + image: registry.k8s.io/kustomize/kustomize:v3.8.9 diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/disallowedrepos/suite.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/disallowedrepos/suite.yaml new file mode 100644 index 00000000..bcc77de9 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/disallowedrepos/suite.yaml @@ -0,0 +1,43 @@ +kind: Suite +apiVersion: test.gatekeeper.sh/v1alpha1 +metadata: + name: disallowedrepos +tests: +- name: repo-must-not-be-k8s-gcr-io + template: template.yaml + constraint: samples/repo-must-not-be-k8s-gcr-io/constraint.yaml + cases: + - name: example-allowed + object: samples/repo-must-not-be-k8s-gcr-io/example_allowed.yaml + assertions: + - violations: no + - name: container-disallowed + object: samples/repo-must-not-be-k8s-gcr-io/example_disallowed_container.yaml + assertions: + - violations: yes + message: container + - name: initcontainer-disallowed + object: samples/repo-must-not-be-k8s-gcr-io/example_disallowed_initcontainer.yaml + assertions: + - violations: 1 + message: initContainer + - violations: 0 + message: container + - name: both-disallowed + object: samples/repo-must-not-be-k8s-gcr-io/example_disallowed_both.yaml + assertions: + - violations: 2 + - message: initContainer + violations: 1 + - message: container + violations: 1 + - name: all-disallowed + object: samples/repo-must-not-be-k8s-gcr-io/disallowed_all.yaml + assertions: + - violations: 3 + - message: initContainer + violations: 1 + - message: container + violations: 1 + - message: ephemeralContainer + violations: 1 diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/disallowedrepos/template.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/disallowedrepos/template.yaml new file mode 100644 index 00000000..c4a27225 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/disallowedrepos/template.yaml @@ -0,0 +1,49 @@ +apiVersion: templates.gatekeeper.sh/v1 +kind: ConstraintTemplate +metadata: + name: k8sdisallowedrepos + annotations: + metadata.gatekeeper.sh/title: "Disallowed Repositories" + metadata.gatekeeper.sh/version: 1.0.0 + description: >- + Disallowed container repositories that begin with a string from the specified list. +spec: + crd: + spec: + names: + kind: K8sDisallowedRepos + validation: + # Schema for the `parameters` field + openAPIV3Schema: + type: object + properties: + repos: + description: The list of prefixes a container image is not allowed to have. + type: array + items: + type: string + targets: + - target: admission.k8s.gatekeeper.sh + rego: | + package k8sdisallowedrepos + + violation[{"msg": msg}] { + container := input.review.object.spec.containers[_] + image := container.image + startswith(image, input.parameters.repos[_]) + msg := sprintf("container <%v> has an invalid image repo <%v>, disallowed repos are %v", [container.name, container.image, input.parameters.repos]) + } + + violation[{"msg": msg}] { + container := input.review.object.spec.initContainers[_] + image := container.image + startswith(image, input.parameters.repos[_]) + msg := sprintf("initContainer <%v> has an invalid image repo <%v>, disallowed repos are %v", [container.name, container.image, input.parameters.repos]) + } + + violation[{"msg": msg}] { + container := input.review.object.spec.ephemeralContainers[_] + image := container.image + startswith(image, input.parameters.repos[_]) + msg := sprintf("ephemeralContainer <%v> has an invalid image repo <%v>, disallowed repos are %v", [container.name, container.image, input.parameters.repos]) + } diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/kustomization.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/kustomization.yaml new file mode 100644 index 00000000..af6fe332 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/manifests/resources/gatekeeper/kustomization.yaml @@ -0,0 +1,21 @@ +resources: +- disallowedrepos +# commonAnnotations: +# argocd.argoproj.io/sync-wave: "1" +# argocd.argoproj.io/sync-options: "SkipDryRunOnMissingResource=true" +patches: + - target: + kind: ConstraintTemplate + patch: |- + - op: add + path: /metadata/annotations/argocd.argoproj.io~1sync-wave + value: "1" + - target: + group: constraints.gatekeeper.sh + patch: |- + - op: add + path: /metadata/annotations/argocd.argoproj.io~1sync-wave + value: "2" + - op: add + path: /metadata/annotations/argocd.argoproj.io~1sync-options + value: "SkipDryRunOnMissingResource=true" \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-config.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-config.yaml new file mode 100644 index 00000000..81ec1138 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-config.yaml @@ -0,0 +1,14 @@ +addons_version: "default" # this can be also be a version like v1.5 +tenants: + tenant1: + addons_version: v1.2 + environments: + dev: + addons_version: v1.1 + staging: + addons_version: v1.1 + prod: + addons_version: v1.0 + clusters: + cluster1: + addons_version: v1.0 diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-default.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-default.yaml new file mode 100644 index 00000000..867f8810 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-default.yaml @@ -0,0 +1,199 @@ +file: stack-k8sv1.29-addons-default.yaml +kubernetes_version: "1.29" +addons: + argocd: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.4.1" + aws_load_balancer_controller: + chart: aws-load-balancer-controller + repoUrl: https://aws.github.io/eks-charts + targetRevision: "1.8.1" + gatekeeper: + chart: gatekeeper + repoUrl: https://open-policy-agent.github.io/gatekeeper/charts + targetRevision: "3.16.3" + metrics_server: + chart: metrics-server + repoUrl: https://kubernetes-sigs.github.io/metrics-server + targetRevision: "3.12.1" + aws_ebs_csi_resources: + chart: aws-ebs-csi-classes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + karpenter: + chart: karpenter/karpenter + repoUrl: public.ecr.aws + targetRevision: "0.37.0" + volcano: + chart: volcano + repoUrl: https://volcano-sh.github.io/helm-charts + targetRevision: "1.9.0" + aws_cloudwatch_metrics: + chart: aws-cloudwatch-metrics + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.0.11" + aws_efs_csi_driver: + chart: aws-efs-csi-driver + repoUrl: https://kubernetes-sigs.github.io/aws-efs-csi-driver + targetRevision: "3.0.7" + enable_aws_fsx_csi_driver: + chart: aws-fsx-csi-driver + repoUrl: https://kubernetes-sigs.github.io/aws-fsx-csi-driver + targetRevision: "1.9.0" + aws_for_fluentbit: + chart: aws-for-fluent-bit + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.1.34" + aws_fargate_fluentbit: + chart: aws-fargate-fluentbit + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + aws_gateway_api_controller: + chart: aws-gateway-controller-chart + repoUrl: public.ecr.aws + targetRevision: "v1.0.7" + aws_node_termination_handler: + chart: aws-node-termination-handler + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.21.0" + aws_argo_workflows_ingress: + chart: argo-workflows + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "0.41.14" + aws_argocd: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.4.1" + aws_argocd_ingress: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.4.1" + cert_manager: + chart: cert-manager + repoUrl: https://charts.jetstack.io + targetRevision: "v1.15.2" + cluster_autoscaler: + chart: cluster-autoscaler + repoUrl: https://kubernetes.github.io/autoscaler + targetRevision: "9.37.0" + aws_crossplane_provider: + chart: crossplane-aws + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "2.2.0" + aws_crossplane_upbound_provider: + chart: crossplane-aws-upbound + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "3.0.0" + external-dns: + chart: external-dns + repoUrl: https://kubernetes-sigs.github.io/external-dns + targetRevision: "1.14.5" + external_secrets: + chart: external-secrets + repoUrl: https://charts.external-secrets.io + targetRevision: "0.10.0" + privateca_issuer: + chart: aws-privateca-issuer + repoUrl: https://cert-manager.github.io/aws-privateca-issuer + targetRevision: "v1.3.0" + aws_velero: + chart: velero + repoUrl: https://vmware-tanzu.github.io/helm-charts + targetRevision: "7.1.4" + aws_secrets_store_csi_driver_provider: + chart: secrets-store-csi-driver-provider-aws + repoUrl: https://aws.github.io/secrets-store-csi-driver-provider-aws + targetRevision: "0.3.9" + argo_events: + chart: argo-events + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "2.4.7" + argo_rollouts: + chart: argo-rollouts + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "2.37.3" + argo_workflows: + chart: argo-workflows + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "0.41.14" + cluster_proportional_autoscaler: + chart: cluster-proportional-autoscaler + repoUrl: https://kubernetes-sigs.github.io/cluster-proportional-autoscaler + targetRevision: "1.1.0" + crossplane: + chart: crossplane + repoUrl: https://crossplane.github.io/charts + targetRevision: "1.16.0" + crossplane_helm_provider: + chart: crossplane-helm + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.1.0" + crossplane_kubernetes_provider: + chart: crossplane-kubernetes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.2.0" + gpu_operator: + chart: gpu-operator + repoUrl: https://nvidia.github.io/gpu-operator + targetRevision: "v24.6.0" + ingress_nginx: + chart: ingress-nginx + repoUrl: https://kubernetes.github.io/ingress-nginx + targetRevision: "4.11.1" + keda: + chart: keda + repoUrl: https://kedacore.github.io/charts + targetRevision: "2.15.0" + kube_prometheus_stack: + chart: kube-prometheus-stack + repoUrl: https://prometheus-community.github.io/helm-charts + targetRevision: "61.7.1" + kyverno: + chart: kyverno + repoUrl: https://kyverno.github.io/kyverno + targetRevision: "3.2.6" + prometheus_adapter: + chart: prometheus-adapter + repoUrl: https://prometheus-community.github.io/helm-charts + targetRevision: "4.10.0" + secrets_store_csi_driver: + chart: secrets-store-csi-driver + repoUrl: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts + targetRevision: "1.4.4" + vpa: + chart: vpa + repoUrl: https://charts.fairwinds.com/stable + targetRevision: "4.5.0" + ack_apigatewayv2: + chart: aws-controllers-k8s/apigatewayv2-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.15" + ack_dynamodb: + chart: aws-controllers-k8s/dynamodb-chart + repoUrl: public.ecr.aws + targetRevision: "1.2.13" + ack_prometheusservice: + chart: aws-controllers-k8s/prometheusservice-chart + repoUrl: public.ecr.aws + targetRevision: "1.2.13" + ack_emrcontainers: + chart: aws-controllers-k8s/emrcontainers-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.12" + ack_eventbridge: + chart: aws-controllers-k8s/eventbridge-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.13" + ack_rds: + chart: aws-controllers-k8s/rds-chart + repoUrl: public.ecr.aws + targetRevision: "1.4.3" + ack_s3: + chart: aws-controllers-k8s/s3-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.14" + ack_sfn: + chart: aws-controllers-k8s/sfn-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.13" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.0.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.0.yaml new file mode 100644 index 00000000..ac73d6ca --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.0.yaml @@ -0,0 +1,199 @@ +file: stack-k8sv1.29-addonsv1.0.yaml +kubernetes_version: "1.29" +addons: + argocd: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.4.1" + aws_load_balancer_controller: + chart: aws-load-balancer-controller + repoUrl: https://aws.github.io/eks-charts + targetRevision: "1.8.1" + gatekeeper: + chart: gatekeeper + repoUrl: https://open-policy-agent.github.io/gatekeeper/charts + targetRevision: "3.16.3" + metrics_server: + chart: metrics-server + repoUrl: https://kubernetes-sigs.github.io/metrics-server + targetRevision: "3.12.1" + aws_ebs_csi_resources: + chart: aws-ebs-csi-classes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + karpenter: + chart: karpenter/karpenter + repoUrl: public.ecr.aws + targetRevision: "0.37.0" + volcano: + chart: volcano + repoUrl: https://volcano-sh.github.io/helm-charts + targetRevision: "1.9.0" + aws_cloudwatch_metrics: + chart: aws-cloudwatch-metrics + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.0.11" + aws_efs_csi_driver: + chart: aws-efs-csi-driver + repoUrl: https://kubernetes-sigs.github.io/aws-efs-csi-driver + targetRevision: "3.0.7" + enable_aws_fsx_csi_driver: + chart: aws-fsx-csi-driver + repoUrl: https://kubernetes-sigs.github.io/aws-fsx-csi-driver + targetRevision: "1.9.0" + aws_for_fluentbit: + chart: aws-for-fluent-bit + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.1.34" + aws_fargate_fluentbit: + chart: aws-fargate-fluentbit + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + aws_gateway_api_controller: + chart: aws-gateway-controller-chart + repoUrl: public.ecr.aws + targetRevision: "v1.0.7" + aws_node_termination_handler: + chart: aws-node-termination-handler + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.21.0" + aws_argo_workflows_ingress: + chart: argo-workflows + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "0.41.14" + aws_argocd: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.4.1" + aws_argocd_ingress: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.4.1" + cert_manager: + chart: cert-manager + repoUrl: https://charts.jetstack.io + targetRevision: "v1.15.2" + cluster_autoscaler: + chart: cluster-autoscaler + repoUrl: https://kubernetes.github.io/autoscaler + targetRevision: "9.37.0" + aws_crossplane_provider: + chart: crossplane-aws + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "2.2.0" + aws_crossplane_upbound_provider: + chart: crossplane-aws-upbound + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "3.0.0" + external-dns: + chart: external-dns + repoUrl: https://kubernetes-sigs.github.io/external-dns + targetRevision: "1.14.5" + external_secrets: + chart: external-secrets + repoUrl: https://charts.external-secrets.io + targetRevision: "0.10.0" + privateca_issuer: + chart: aws-privateca-issuer + repoUrl: https://cert-manager.github.io/aws-privateca-issuer + targetRevision: "v1.3.0" + aws_velero: + chart: velero + repoUrl: https://vmware-tanzu.github.io/helm-charts + targetRevision: "7.1.4" + aws_secrets_store_csi_driver_provider: + chart: secrets-store-csi-driver-provider-aws + repoUrl: https://aws.github.io/secrets-store-csi-driver-provider-aws + targetRevision: "0.3.9" + argo_events: + chart: argo-events + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "2.4.7" + argo_rollouts: + chart: argo-rollouts + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "2.37.3" + argo_workflows: + chart: argo-workflows + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "0.41.14" + cluster_proportional_autoscaler: + chart: cluster-proportional-autoscaler + repoUrl: https://kubernetes-sigs.github.io/cluster-proportional-autoscaler + targetRevision: "1.1.0" + crossplane: + chart: crossplane + repoUrl: https://crossplane.github.io/charts + targetRevision: "1.16.0" + crossplane_helm_provider: + chart: crossplane-helm + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.1.0" + crossplane_kubernetes_provider: + chart: crossplane-kubernetes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.2.0" + gpu_operator: + chart: gpu-operator + repoUrl: https://nvidia.github.io/gpu-operator + targetRevision: "v24.6.0" + ingress_nginx: + chart: ingress-nginx + repoUrl: https://kubernetes.github.io/ingress-nginx + targetRevision: "4.11.1" + keda: + chart: keda + repoUrl: https://kedacore.github.io/charts + targetRevision: "2.15.0" + kube_prometheus_stack: + chart: kube-prometheus-stack + repoUrl: https://prometheus-community.github.io/helm-charts + targetRevision: "61.7.1" + kyverno: + chart: kyverno + repoUrl: https://kyverno.github.io/kyverno + targetRevision: "3.2.6" + prometheus_adapter: + chart: prometheus-adapter + repoUrl: https://prometheus-community.github.io/helm-charts + targetRevision: "4.10.0" + secrets_store_csi_driver: + chart: secrets-store-csi-driver + repoUrl: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts + targetRevision: "1.4.4" + vpa: + chart: vpa + repoUrl: https://charts.fairwinds.com/stable + targetRevision: "4.5.0" + ack_apigatewayv2: + chart: aws-controllers-k8s/apigatewayv2-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.15" + ack_dynamodb: + chart: aws-controllers-k8s/dynamodb-chart + repoUrl: public.ecr.aws + targetRevision: "1.2.13" + ack_prometheusservice: + chart: aws-controllers-k8s/prometheusservice-chart + repoUrl: public.ecr.aws + targetRevision: "1.2.13" + ack_emrcontainers: + chart: aws-controllers-k8s/emrcontainers-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.12" + ack_eventbridge: + chart: aws-controllers-k8s/eventbridge-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.13" + ack_rds: + chart: aws-controllers-k8s/rds-chart + repoUrl: public.ecr.aws + targetRevision: "1.4.3" + ack_s3: + chart: aws-controllers-k8s/s3-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.14" + ack_sfn: + chart: aws-controllers-k8s/sfn-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.13" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.1.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.1.yaml new file mode 100644 index 00000000..6dd7351d --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.1.yaml @@ -0,0 +1,199 @@ +file: stack-k8sv1.29-addonsv1.1.yaml +kubernetes_version: "1.29" +addons: + argocd: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.4.1" + aws_load_balancer_controller: + chart: aws-load-balancer-controller + repoUrl: https://aws.github.io/eks-charts + targetRevision: "1.8.1" + gatekeeper: + chart: gatekeeper + repoUrl: https://open-policy-agent.github.io/gatekeeper/charts + targetRevision: "3.16.3" + metrics_server: + chart: metrics-server + repoUrl: https://kubernetes-sigs.github.io/metrics-server + targetRevision: "3.12.1" + aws_ebs_csi_resources: + chart: aws-ebs-csi-classes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + karpenter: + chart: karpenter/karpenter + repoUrl: public.ecr.aws + targetRevision: "0.37.0" + volcano: + chart: volcano + repoUrl: https://volcano-sh.github.io/helm-charts + targetRevision: "1.9.0" + aws_cloudwatch_metrics: + chart: aws-cloudwatch-metrics + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.0.11" + aws_efs_csi_driver: + chart: aws-efs-csi-driver + repoUrl: https://kubernetes-sigs.github.io/aws-efs-csi-driver + targetRevision: "3.0.7" + enable_aws_fsx_csi_driver: + chart: aws-fsx-csi-driver + repoUrl: https://kubernetes-sigs.github.io/aws-fsx-csi-driver + targetRevision: "1.9.0" + aws_for_fluentbit: + chart: aws-for-fluent-bit + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.1.34" + aws_fargate_fluentbit: + chart: aws-fargate-fluentbit + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + aws_gateway_api_controller: + chart: aws-gateway-controller-chart + repoUrl: public.ecr.aws + targetRevision: "v1.0.7" + aws_node_termination_handler: + chart: aws-node-termination-handler + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.21.0" + aws_argo_workflows_ingress: + chart: argo-workflows + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "0.41.14" + aws_argocd: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.4.1" + aws_argocd_ingress: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.4.1" + cert_manager: + chart: cert-manager + repoUrl: https://charts.jetstack.io + targetRevision: "v1.15.2" + cluster_autoscaler: + chart: cluster-autoscaler + repoUrl: https://kubernetes.github.io/autoscaler + targetRevision: "9.37.0" + aws_crossplane_provider: + chart: crossplane-aws + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "2.2.0" + aws_crossplane_upbound_provider: + chart: crossplane-aws-upbound + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "3.0.0" + external-dns: + chart: external-dns + repoUrl: https://kubernetes-sigs.github.io/external-dns + targetRevision: "1.14.5" + external_secrets: + chart: external-secrets + repoUrl: https://charts.external-secrets.io + targetRevision: "0.10.0" + privateca_issuer: + chart: aws-privateca-issuer + repoUrl: https://cert-manager.github.io/aws-privateca-issuer + targetRevision: "v1.3.0" + aws_velero: + chart: velero + repoUrl: https://vmware-tanzu.github.io/helm-charts + targetRevision: "7.1.4" + aws_secrets_store_csi_driver_provider: + chart: secrets-store-csi-driver-provider-aws + repoUrl: https://aws.github.io/secrets-store-csi-driver-provider-aws + targetRevision: "0.3.9" + argo_events: + chart: argo-events + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "2.4.7" + argo_rollouts: + chart: argo-rollouts + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "2.37.3" + argo_workflows: + chart: argo-workflows + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "0.41.14" + cluster_proportional_autoscaler: + chart: cluster-proportional-autoscaler + repoUrl: https://kubernetes-sigs.github.io/cluster-proportional-autoscaler + targetRevision: "1.1.0" + crossplane: + chart: crossplane + repoUrl: https://crossplane.github.io/charts + targetRevision: "1.16.0" + crossplane_helm_provider: + chart: crossplane-helm + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.1.0" + crossplane_kubernetes_provider: + chart: crossplane-kubernetes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.2.0" + gpu_operator: + chart: gpu-operator + repoUrl: https://nvidia.github.io/gpu-operator + targetRevision: "v24.6.0" + ingress_nginx: + chart: ingress-nginx + repoUrl: https://kubernetes.github.io/ingress-nginx + targetRevision: "4.11.1" + keda: + chart: keda + repoUrl: https://kedacore.github.io/charts + targetRevision: "2.15.0" + kube_prometheus_stack: + chart: kube-prometheus-stack + repoUrl: https://prometheus-community.github.io/helm-charts + targetRevision: "61.7.1" + kyverno: + chart: kyverno + repoUrl: https://kyverno.github.io/kyverno + targetRevision: "3.2.6" + prometheus_adapter: + chart: prometheus-adapter + repoUrl: https://prometheus-community.github.io/helm-charts + targetRevision: "4.10.0" + secrets_store_csi_driver: + chart: secrets-store-csi-driver + repoUrl: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts + targetRevision: "1.4.4" + vpa: + chart: vpa + repoUrl: https://charts.fairwinds.com/stable + targetRevision: "4.5.0" + ack_apigatewayv2: + chart: aws-controllers-k8s/apigatewayv2-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.15" + ack_dynamodb: + chart: aws-controllers-k8s/dynamodb-chart + repoUrl: public.ecr.aws + targetRevision: "1.2.13" + ack_prometheusservice: + chart: aws-controllers-k8s/prometheusservice-chart + repoUrl: public.ecr.aws + targetRevision: "1.2.13" + ack_emrcontainers: + chart: aws-controllers-k8s/emrcontainers-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.12" + ack_eventbridge: + chart: aws-controllers-k8s/eventbridge-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.13" + ack_rds: + chart: aws-controllers-k8s/rds-chart + repoUrl: public.ecr.aws + targetRevision: "1.4.3" + ack_s3: + chart: aws-controllers-k8s/s3-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.14" + ack_sfn: + chart: aws-controllers-k8s/sfn-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.13" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.2.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.2.yaml new file mode 100644 index 00000000..d7b955f2 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.29/addons-v1.2.yaml @@ -0,0 +1,199 @@ +file: stack-k8sv1.29-addonsv1.2.yaml +kubernetes_version: "1.29" +addons: + argocd: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.4.1" + aws_load_balancer_controller: + chart: aws-load-balancer-controller + repoUrl: https://aws.github.io/eks-charts + targetRevision: "1.8.1" + gatekeeper: + chart: gatekeeper + repoUrl: https://open-policy-agent.github.io/gatekeeper/charts + targetRevision: "3.16.3" + metrics_server: + chart: metrics-server + repoUrl: https://kubernetes-sigs.github.io/metrics-server + targetRevision: "3.12.1" + aws_ebs_csi_resources: + chart: aws-ebs-csi-classes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + karpenter: + chart: karpenter/karpenter + repoUrl: public.ecr.aws + targetRevision: "0.37.0" + volcano: + chart: volcano + repoUrl: https://volcano-sh.github.io/helm-charts + targetRevision: "1.9.0" + aws_cloudwatch_metrics: + chart: aws-cloudwatch-metrics + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.0.11" + aws_efs_csi_driver: + chart: aws-efs-csi-driver + repoUrl: https://kubernetes-sigs.github.io/aws-efs-csi-driver + targetRevision: "3.0.7" + enable_aws_fsx_csi_driver: + chart: aws-fsx-csi-driver + repoUrl: https://kubernetes-sigs.github.io/aws-fsx-csi-driver + targetRevision: "1.9.0" + aws_for_fluentbit: + chart: aws-for-fluent-bit + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.1.34" + aws_fargate_fluentbit: + chart: aws-fargate-fluentbit + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + aws_gateway_api_controller: + chart: aws-gateway-controller-chart + repoUrl: public.ecr.aws + targetRevision: "v1.0.7" + aws_node_termination_handler: + chart: aws-node-termination-handler + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.21.0" + aws_argo_workflows_ingress: + chart: argo-workflows + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "0.41.14" + aws_argocd: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.4.1" + aws_argocd_ingress: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.4.1" + cert_manager: + chart: cert-manager + repoUrl: https://charts.jetstack.io + targetRevision: "v1.15.2" + cluster_autoscaler: + chart: cluster-autoscaler + repoUrl: https://kubernetes.github.io/autoscaler + targetRevision: "9.37.0" + aws_crossplane_provider: + chart: crossplane-aws + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "2.2.0" + aws_crossplane_upbound_provider: + chart: crossplane-aws-upbound + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "3.0.0" + external-dns: + chart: external-dns + repoUrl: https://kubernetes-sigs.github.io/external-dns + targetRevision: "1.14.5" + external_secrets: + chart: external-secrets + repoUrl: https://charts.external-secrets.io + targetRevision: "0.10.0" + privateca_issuer: + chart: aws-privateca-issuer + repoUrl: https://cert-manager.github.io/aws-privateca-issuer + targetRevision: "v1.3.0" + aws_velero: + chart: velero + repoUrl: https://vmware-tanzu.github.io/helm-charts + targetRevision: "7.1.4" + aws_secrets_store_csi_driver_provider: + chart: secrets-store-csi-driver-provider-aws + repoUrl: https://aws.github.io/secrets-store-csi-driver-provider-aws + targetRevision: "0.3.9" + argo_events: + chart: argo-events + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "2.4.7" + argo_rollouts: + chart: argo-rollouts + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "2.37.3" + argo_workflows: + chart: argo-workflows + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "0.41.14" + cluster_proportional_autoscaler: + chart: cluster-proportional-autoscaler + repoUrl: https://kubernetes-sigs.github.io/cluster-proportional-autoscaler + targetRevision: "1.1.0" + crossplane: + chart: crossplane + repoUrl: https://crossplane.github.io/charts + targetRevision: "1.16.0" + crossplane_helm_provider: + chart: crossplane-helm + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.1.0" + crossplane_kubernetes_provider: + chart: crossplane-kubernetes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.2.0" + gpu_operator: + chart: gpu-operator + repoUrl: https://nvidia.github.io/gpu-operator + targetRevision: "v24.6.0" + ingress_nginx: + chart: ingress-nginx + repoUrl: https://kubernetes.github.io/ingress-nginx + targetRevision: "4.11.1" + keda: + chart: keda + repoUrl: https://kedacore.github.io/charts + targetRevision: "2.15.0" + kube_prometheus_stack: + chart: kube-prometheus-stack + repoUrl: https://prometheus-community.github.io/helm-charts + targetRevision: "61.7.1" + kyverno: + chart: kyverno + repoUrl: https://kyverno.github.io/kyverno + targetRevision: "3.2.6" + prometheus_adapter: + chart: prometheus-adapter + repoUrl: https://prometheus-community.github.io/helm-charts + targetRevision: "4.10.0" + secrets_store_csi_driver: + chart: secrets-store-csi-driver + repoUrl: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts + targetRevision: "1.4.4" + vpa: + chart: vpa + repoUrl: https://charts.fairwinds.com/stable + targetRevision: "4.5.0" + ack_apigatewayv2: + chart: aws-controllers-k8s/apigatewayv2-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.15" + ack_dynamodb: + chart: aws-controllers-k8s/dynamodb-chart + repoUrl: public.ecr.aws + targetRevision: "1.2.13" + ack_prometheusservice: + chart: aws-controllers-k8s/prometheusservice-chart + repoUrl: public.ecr.aws + targetRevision: "1.2.13" + ack_emrcontainers: + chart: aws-controllers-k8s/emrcontainers-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.12" + ack_eventbridge: + chart: aws-controllers-k8s/eventbridge-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.13" + ack_rds: + chart: aws-controllers-k8s/rds-chart + repoUrl: public.ecr.aws + targetRevision: "1.4.3" + ack_s3: + chart: aws-controllers-k8s/s3-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.14" + ack_sfn: + chart: aws-controllers-k8s/sfn-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.13" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-config.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-config.yaml new file mode 100644 index 00000000..d7ce4231 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-config.yaml @@ -0,0 +1,14 @@ +addons_version: "default" # this can be also be a version like v1.5 +tenants: + tenant1: + addons_version: v1.2 + environments: + dev: + addons_version: v1.1 + staging: + addons_version: v1.1 + prod: + addons_version: v1.0 + clusters: + cluster1: + addons_version: v1.1 diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-default.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-default.yaml new file mode 100644 index 00000000..71128892 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-default.yaml @@ -0,0 +1,199 @@ +file: stack-k8sv1.30-addons-default.yaml +kubernetes_version: "1.30" +addons: + argocd: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.4.1" + aws_load_balancer_controller: + chart: aws-load-balancer-controller + repoUrl: https://aws.github.io/eks-charts + targetRevision: "1.8.1" + gatekeeper: + chart: gatekeeper + repoUrl: https://open-policy-agent.github.io/gatekeeper/charts + targetRevision: "3.16.3" + metrics_server: + chart: metrics-server + repoUrl: https://kubernetes-sigs.github.io/metrics-server + targetRevision: "3.12.1" + aws_ebs_csi_resources: + chart: aws-ebs-csi-classes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + karpenter: + chart: karpenter/karpenter + repoUrl: public.ecr.aws + targetRevision: "0.37.0" + volcano: + chart: volcano + repoUrl: https://volcano-sh.github.io/helm-charts + targetRevision: "1.9.0" + aws_cloudwatch_metrics: + chart: aws-cloudwatch-metrics + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.0.11" + aws_efs_csi_driver: + chart: aws-efs-csi-driver + repoUrl: https://kubernetes-sigs.github.io/aws-efs-csi-driver + targetRevision: "3.0.7" + enable_aws_fsx_csi_driver: + chart: aws-fsx-csi-driver + repoUrl: https://kubernetes-sigs.github.io/aws-fsx-csi-driver + targetRevision: "1.9.0" + aws_for_fluentbit: + chart: aws-for-fluent-bit + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.1.34" + aws_fargate_fluentbit: + chart: aws-fargate-fluentbit + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + aws_gateway_api_controller: + chart: aws-gateway-controller-chart + repoUrl: public.ecr.aws + targetRevision: "v1.0.7" + aws_node_termination_handler: + chart: aws-node-termination-handler + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.21.0" + aws_argo_workflows_ingress: + chart: argo-workflows + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "0.41.14" + aws_argocd: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.4.1" + aws_argocd_ingress: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.4.1" + cert_manager: + chart: cert-manager + repoUrl: https://charts.jetstack.io + targetRevision: "v1.15.2" + cluster_autoscaler: + chart: cluster-autoscaler + repoUrl: https://kubernetes.github.io/autoscaler + targetRevision: "9.37.0" + aws_crossplane_provider: + chart: crossplane-aws + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "2.2.0" + aws_crossplane_upbound_provider: + chart: crossplane-aws-upbound + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "3.0.0" + external-dns: + chart: external-dns + repoUrl: https://kubernetes-sigs.github.io/external-dns + targetRevision: "1.14.5" + external_secrets: + chart: external-secrets + repoUrl: https://charts.external-secrets.io + targetRevision: "0.10.0" + privateca_issuer: + chart: aws-privateca-issuer + repoUrl: https://cert-manager.github.io/aws-privateca-issuer + targetRevision: "v1.3.0" + aws_velero: + chart: velero + repoUrl: https://vmware-tanzu.github.io/helm-charts + targetRevision: "7.1.4" + aws_secrets_store_csi_driver_provider: + chart: secrets-store-csi-driver-provider-aws + repoUrl: https://aws.github.io/secrets-store-csi-driver-provider-aws + targetRevision: "0.3.9" + argo_events: + chart: argo-events + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "2.4.7" + argo_rollouts: + chart: argo-rollouts + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "2.37.3" + argo_workflows: + chart: argo-workflows + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "0.41.14" + cluster_proportional_autoscaler: + chart: cluster-proportional-autoscaler + repoUrl: https://kubernetes-sigs.github.io/cluster-proportional-autoscaler + targetRevision: "1.1.0" + crossplane: + chart: crossplane + repoUrl: https://crossplane.github.io/charts + targetRevision: "1.16.0" + crossplane_helm_provider: + chart: crossplane-helm + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.1.0" + crossplane_kubernetes_provider: + chart: crossplane-kubernetes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.2.0" + gpu_operator: + chart: gpu-operator + repoUrl: https://nvidia.github.io/gpu-operator + targetRevision: "v24.6.0" + ingress_nginx: + chart: ingress-nginx + repoUrl: https://kubernetes.github.io/ingress-nginx + targetRevision: "4.11.1" + keda: + chart: keda + repoUrl: https://kedacore.github.io/charts + targetRevision: "2.15.0" + kube_prometheus_stack: + chart: kube-prometheus-stack + repoUrl: https://prometheus-community.github.io/helm-charts + targetRevision: "61.7.1" + kyverno: + chart: kyverno + repoUrl: https://kyverno.github.io/kyverno + targetRevision: "3.2.6" + prometheus_adapter: + chart: prometheus-adapter + repoUrl: https://prometheus-community.github.io/helm-charts + targetRevision: "4.10.0" + secrets_store_csi_driver: + chart: secrets-store-csi-driver + repoUrl: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts + targetRevision: "1.4.4" + vpa: + chart: vpa + repoUrl: https://charts.fairwinds.com/stable + targetRevision: "4.5.0" + ack_apigatewayv2: + chart: aws-controllers-k8s/apigatewayv2-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.15" + ack_dynamodb: + chart: aws-controllers-k8s/dynamodb-chart + repoUrl: public.ecr.aws + targetRevision: "1.2.13" + ack_prometheusservice: + chart: aws-controllers-k8s/prometheusservice-chart + repoUrl: public.ecr.aws + targetRevision: "1.2.13" + ack_emrcontainers: + chart: aws-controllers-k8s/emrcontainers-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.12" + ack_eventbridge: + chart: aws-controllers-k8s/eventbridge-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.13" + ack_rds: + chart: aws-controllers-k8s/rds-chart + repoUrl: public.ecr.aws + targetRevision: "1.4.3" + ack_s3: + chart: aws-controllers-k8s/s3-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.14" + ack_sfn: + chart: aws-controllers-k8s/sfn-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.13" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.0.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.0.yaml new file mode 100644 index 00000000..07b7f3a7 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.0.yaml @@ -0,0 +1,199 @@ +file: stack-k8sv1.30-addonsv1.0.yaml +kubernetes_version: "1.30" +addons: + argocd: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.4.1" + aws_load_balancer_controller: + chart: aws-load-balancer-controller + repoUrl: https://aws.github.io/eks-charts + targetRevision: "1.8.1" + gatekeeper: + chart: gatekeeper + repoUrl: https://open-policy-agent.github.io/gatekeeper/charts + targetRevision: "3.16.3" + metrics_server: + chart: metrics-server + repoUrl: https://kubernetes-sigs.github.io/metrics-server + targetRevision: "3.12.1" + aws_ebs_csi_resources: + chart: aws-ebs-csi-classes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + karpenter: + chart: karpenter/karpenter + repoUrl: public.ecr.aws + targetRevision: "0.37.0" + volcano: + chart: volcano + repoUrl: https://volcano-sh.github.io/helm-charts + targetRevision: "1.9.0" + aws_cloudwatch_metrics: + chart: aws-cloudwatch-metrics + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.0.11" + aws_efs_csi_driver: + chart: aws-efs-csi-driver + repoUrl: https://kubernetes-sigs.github.io/aws-efs-csi-driver + targetRevision: "3.0.7" + enable_aws_fsx_csi_driver: + chart: aws-fsx-csi-driver + repoUrl: https://kubernetes-sigs.github.io/aws-fsx-csi-driver + targetRevision: "1.9.0" + aws_for_fluentbit: + chart: aws-for-fluent-bit + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.1.34" + aws_fargate_fluentbit: + chart: aws-fargate-fluentbit + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + aws_gateway_api_controller: + chart: aws-gateway-controller-chart + repoUrl: public.ecr.aws + targetRevision: "v1.0.7" + aws_node_termination_handler: + chart: aws-node-termination-handler + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.21.0" + aws_argo_workflows_ingress: + chart: argo-workflows + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "0.41.14" + aws_argocd: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.4.1" + aws_argocd_ingress: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.4.1" + cert_manager: + chart: cert-manager + repoUrl: https://charts.jetstack.io + targetRevision: "v1.15.2" + cluster_autoscaler: + chart: cluster-autoscaler + repoUrl: https://kubernetes.github.io/autoscaler + targetRevision: "9.37.0" + aws_crossplane_provider: + chart: crossplane-aws + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "2.2.0" + aws_crossplane_upbound_provider: + chart: crossplane-aws-upbound + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "3.0.0" + external-dns: + chart: external-dns + repoUrl: https://kubernetes-sigs.github.io/external-dns + targetRevision: "1.14.5" + external_secrets: + chart: external-secrets + repoUrl: https://charts.external-secrets.io + targetRevision: "0.10.0" + privateca_issuer: + chart: aws-privateca-issuer + repoUrl: https://cert-manager.github.io/aws-privateca-issuer + targetRevision: "v1.3.0" + aws_velero: + chart: velero + repoUrl: https://vmware-tanzu.github.io/helm-charts + targetRevision: "7.1.4" + aws_secrets_store_csi_driver_provider: + chart: secrets-store-csi-driver-provider-aws + repoUrl: https://aws.github.io/secrets-store-csi-driver-provider-aws + targetRevision: "0.3.9" + argo_events: + chart: argo-events + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "2.4.7" + argo_rollouts: + chart: argo-rollouts + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "2.37.3" + argo_workflows: + chart: argo-workflows + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "0.41.14" + cluster_proportional_autoscaler: + chart: cluster-proportional-autoscaler + repoUrl: https://kubernetes-sigs.github.io/cluster-proportional-autoscaler + targetRevision: "1.1.0" + crossplane: + chart: crossplane + repoUrl: https://crossplane.github.io/charts + targetRevision: "1.16.0" + crossplane_helm_provider: + chart: crossplane-helm + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.1.0" + crossplane_kubernetes_provider: + chart: crossplane-kubernetes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.2.0" + gpu_operator: + chart: gpu-operator + repoUrl: https://nvidia.github.io/gpu-operator + targetRevision: "v24.6.0" + ingress_nginx: + chart: ingress-nginx + repoUrl: https://kubernetes.github.io/ingress-nginx + targetRevision: "4.11.1" + keda: + chart: keda + repoUrl: https://kedacore.github.io/charts + targetRevision: "2.15.0" + kube_prometheus_stack: + chart: kube-prometheus-stack + repoUrl: https://prometheus-community.github.io/helm-charts + targetRevision: "61.7.1" + kyverno: + chart: kyverno + repoUrl: https://kyverno.github.io/kyverno + targetRevision: "3.2.6" + prometheus_adapter: + chart: prometheus-adapter + repoUrl: https://prometheus-community.github.io/helm-charts + targetRevision: "4.10.0" + secrets_store_csi_driver: + chart: secrets-store-csi-driver + repoUrl: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts + targetRevision: "1.4.4" + vpa: + chart: vpa + repoUrl: https://charts.fairwinds.com/stable + targetRevision: "4.5.0" + ack_apigatewayv2: + chart: aws-controllers-k8s/apigatewayv2-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.15" + ack_dynamodb: + chart: aws-controllers-k8s/dynamodb-chart + repoUrl: public.ecr.aws + targetRevision: "1.2.13" + ack_prometheusservice: + chart: aws-controllers-k8s/prometheusservice-chart + repoUrl: public.ecr.aws + targetRevision: "1.2.13" + ack_emrcontainers: + chart: aws-controllers-k8s/emrcontainers-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.12" + ack_eventbridge: + chart: aws-controllers-k8s/eventbridge-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.13" + ack_rds: + chart: aws-controllers-k8s/rds-chart + repoUrl: public.ecr.aws + targetRevision: "1.4.3" + ack_s3: + chart: aws-controllers-k8s/s3-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.14" + ack_sfn: + chart: aws-controllers-k8s/sfn-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.13" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.1.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.1.yaml new file mode 100644 index 00000000..55666c37 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.1.yaml @@ -0,0 +1,199 @@ +file: stack-k8sv1.30-addonsv1.1.yaml +kubernetes_version: "1.30" +addons: + argocd: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.4.1" + aws_load_balancer_controller: + chart: aws-load-balancer-controller + repoUrl: https://aws.github.io/eks-charts + targetRevision: "1.8.1" + gatekeeper: + chart: gatekeeper + repoUrl: https://open-policy-agent.github.io/gatekeeper/charts + targetRevision: "3.16.3" + metrics_server: + chart: metrics-server + repoUrl: https://kubernetes-sigs.github.io/metrics-server + targetRevision: "3.12.1" + aws_ebs_csi_resources: + chart: aws-ebs-csi-classes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + karpenter: + chart: karpenter/karpenter + repoUrl: public.ecr.aws + targetRevision: "0.37.0" + volcano: + chart: volcano + repoUrl: https://volcano-sh.github.io/helm-charts + targetRevision: "1.9.0" + aws_cloudwatch_metrics: + chart: aws-cloudwatch-metrics + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.0.11" + aws_efs_csi_driver: + chart: aws-efs-csi-driver + repoUrl: https://kubernetes-sigs.github.io/aws-efs-csi-driver + targetRevision: "3.0.7" + enable_aws_fsx_csi_driver: + chart: aws-fsx-csi-driver + repoUrl: https://kubernetes-sigs.github.io/aws-fsx-csi-driver + targetRevision: "1.9.0" + aws_for_fluentbit: + chart: aws-for-fluent-bit + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.1.34" + aws_fargate_fluentbit: + chart: aws-fargate-fluentbit + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + aws_gateway_api_controller: + chart: aws-gateway-controller-chart + repoUrl: public.ecr.aws + targetRevision: "v1.0.7" + aws_node_termination_handler: + chart: aws-node-termination-handler + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.21.0" + aws_argo_workflows_ingress: + chart: argo-workflows + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "0.41.14" + aws_argocd: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.4.1" + aws_argocd_ingress: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.4.1" + cert_manager: + chart: cert-manager + repoUrl: https://charts.jetstack.io + targetRevision: "v1.15.2" + cluster_autoscaler: + chart: cluster-autoscaler + repoUrl: https://kubernetes.github.io/autoscaler + targetRevision: "9.37.0" + aws_crossplane_provider: + chart: crossplane-aws + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "2.2.0" + aws_crossplane_upbound_provider: + chart: crossplane-aws-upbound + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "3.0.0" + external-dns: + chart: external-dns + repoUrl: https://kubernetes-sigs.github.io/external-dns + targetRevision: "1.14.5" + external_secrets: + chart: external-secrets + repoUrl: https://charts.external-secrets.io + targetRevision: "0.10.0" + privateca_issuer: + chart: aws-privateca-issuer + repoUrl: https://cert-manager.github.io/aws-privateca-issuer + targetRevision: "v1.3.0" + aws_velero: + chart: velero + repoUrl: https://vmware-tanzu.github.io/helm-charts + targetRevision: "7.1.4" + aws_secrets_store_csi_driver_provider: + chart: secrets-store-csi-driver-provider-aws + repoUrl: https://aws.github.io/secrets-store-csi-driver-provider-aws + targetRevision: "0.3.9" + argo_events: + chart: argo-events + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "2.4.7" + argo_rollouts: + chart: argo-rollouts + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "2.37.3" + argo_workflows: + chart: argo-workflows + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "0.41.14" + cluster_proportional_autoscaler: + chart: cluster-proportional-autoscaler + repoUrl: https://kubernetes-sigs.github.io/cluster-proportional-autoscaler + targetRevision: "1.1.0" + crossplane: + chart: crossplane + repoUrl: https://crossplane.github.io/charts + targetRevision: "1.16.0" + crossplane_helm_provider: + chart: crossplane-helm + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.1.0" + crossplane_kubernetes_provider: + chart: crossplane-kubernetes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.2.0" + gpu_operator: + chart: gpu-operator + repoUrl: https://nvidia.github.io/gpu-operator + targetRevision: "v24.6.0" + ingress_nginx: + chart: ingress-nginx + repoUrl: https://kubernetes.github.io/ingress-nginx + targetRevision: "4.11.1" + keda: + chart: keda + repoUrl: https://kedacore.github.io/charts + targetRevision: "2.15.0" + kube_prometheus_stack: + chart: kube-prometheus-stack + repoUrl: https://prometheus-community.github.io/helm-charts + targetRevision: "61.7.1" + kyverno: + chart: kyverno + repoUrl: https://kyverno.github.io/kyverno + targetRevision: "3.2.6" + prometheus_adapter: + chart: prometheus-adapter + repoUrl: https://prometheus-community.github.io/helm-charts + targetRevision: "4.10.0" + secrets_store_csi_driver: + chart: secrets-store-csi-driver + repoUrl: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts + targetRevision: "1.4.4" + vpa: + chart: vpa + repoUrl: https://charts.fairwinds.com/stable + targetRevision: "4.5.0" + ack_apigatewayv2: + chart: aws-controllers-k8s/apigatewayv2-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.15" + ack_dynamodb: + chart: aws-controllers-k8s/dynamodb-chart + repoUrl: public.ecr.aws + targetRevision: "1.2.13" + ack_prometheusservice: + chart: aws-controllers-k8s/prometheusservice-chart + repoUrl: public.ecr.aws + targetRevision: "1.2.13" + ack_emrcontainers: + chart: aws-controllers-k8s/emrcontainers-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.12" + ack_eventbridge: + chart: aws-controllers-k8s/eventbridge-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.13" + ack_rds: + chart: aws-controllers-k8s/rds-chart + repoUrl: public.ecr.aws + targetRevision: "1.4.3" + ack_s3: + chart: aws-controllers-k8s/s3-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.14" + ack_sfn: + chart: aws-controllers-k8s/sfn-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.13" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.2.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.2.yaml new file mode 100644 index 00000000..058967f6 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/stacks/k8s-v1.30/addons-v1.2.yaml @@ -0,0 +1,199 @@ +file: stack-k8sv1.30-addonsv1.2.yaml +kubernetes_version: "1.30" +addons: + argocd: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.4.1" + aws_load_balancer_controller: + chart: aws-load-balancer-controller + repoUrl: https://aws.github.io/eks-charts + targetRevision: "1.8.1" + gatekeeper: + chart: gatekeeper + repoUrl: https://open-policy-agent.github.io/gatekeeper/charts + targetRevision: "3.16.3" + metrics_server: + chart: metrics-server + repoUrl: https://kubernetes-sigs.github.io/metrics-server + targetRevision: "3.12.1" + aws_ebs_csi_resources: + chart: aws-ebs-csi-classes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + karpenter: + chart: karpenter/karpenter + repoUrl: public.ecr.aws + targetRevision: "0.37.0" + volcano: + chart: volcano + repoUrl: https://volcano-sh.github.io/helm-charts + targetRevision: "1.9.0" + aws_cloudwatch_metrics: + chart: aws-cloudwatch-metrics + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.0.11" + aws_efs_csi_driver: + chart: aws-efs-csi-driver + repoUrl: https://kubernetes-sigs.github.io/aws-efs-csi-driver + targetRevision: "3.0.7" + enable_aws_fsx_csi_driver: + chart: aws-fsx-csi-driver + repoUrl: https://kubernetes-sigs.github.io/aws-fsx-csi-driver + targetRevision: "1.9.0" + aws_for_fluentbit: + chart: aws-for-fluent-bit + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.1.34" + aws_fargate_fluentbit: + chart: aws-fargate-fluentbit + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.0.0" + aws_gateway_api_controller: + chart: aws-gateway-controller-chart + repoUrl: public.ecr.aws + targetRevision: "v1.0.7" + aws_node_termination_handler: + chart: aws-node-termination-handler + repoUrl: https://aws.github.io/eks-charts + targetRevision: "0.21.0" + aws_argo_workflows_ingress: + chart: argo-workflows + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "0.41.14" + aws_argocd: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.4.1" + aws_argocd_ingress: + chart: argo-cd + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "7.4.1" + cert_manager: + chart: cert-manager + repoUrl: https://charts.jetstack.io + targetRevision: "v1.15.2" + cluster_autoscaler: + chart: cluster-autoscaler + repoUrl: https://kubernetes.github.io/autoscaler + targetRevision: "9.37.0" + aws_crossplane_provider: + chart: crossplane-aws + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "2.2.0" + aws_crossplane_upbound_provider: + chart: crossplane-aws-upbound + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "3.0.0" + external-dns: + chart: external-dns + repoUrl: https://kubernetes-sigs.github.io/external-dns + targetRevision: "1.14.5" + external_secrets: + chart: external-secrets + repoUrl: https://charts.external-secrets.io + targetRevision: "0.10.0" + privateca_issuer: + chart: aws-privateca-issuer + repoUrl: https://cert-manager.github.io/aws-privateca-issuer + targetRevision: "v1.3.0" + aws_velero: + chart: velero + repoUrl: https://vmware-tanzu.github.io/helm-charts + targetRevision: "7.1.4" + aws_secrets_store_csi_driver_provider: + chart: secrets-store-csi-driver-provider-aws + repoUrl: https://aws.github.io/secrets-store-csi-driver-provider-aws + targetRevision: "0.3.9" + argo_events: + chart: argo-events + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "2.4.7" + argo_rollouts: + chart: argo-rollouts + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "2.37.3" + argo_workflows: + chart: argo-workflows + repoUrl: https://argoproj.github.io/argo-helm + targetRevision: "0.41.14" + cluster_proportional_autoscaler: + chart: cluster-proportional-autoscaler + repoUrl: https://kubernetes-sigs.github.io/cluster-proportional-autoscaler + targetRevision: "1.1.0" + crossplane: + chart: crossplane + repoUrl: https://crossplane.github.io/charts + targetRevision: "1.16.0" + crossplane_helm_provider: + chart: crossplane-helm + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.1.0" + crossplane_kubernetes_provider: + chart: crossplane-kubernetes + repoUrl: https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts + targetRevision: "1.2.0" + gpu_operator: + chart: gpu-operator + repoUrl: https://nvidia.github.io/gpu-operator + targetRevision: "v24.6.0" + ingress_nginx: + chart: ingress-nginx + repoUrl: https://kubernetes.github.io/ingress-nginx + targetRevision: "4.11.1" + keda: + chart: keda + repoUrl: https://kedacore.github.io/charts + targetRevision: "2.15.0" + kube_prometheus_stack: + chart: kube-prometheus-stack + repoUrl: https://prometheus-community.github.io/helm-charts + targetRevision: "61.7.1" + kyverno: + chart: kyverno + repoUrl: https://kyverno.github.io/kyverno + targetRevision: "3.2.6" + prometheus_adapter: + chart: prometheus-adapter + repoUrl: https://prometheus-community.github.io/helm-charts + targetRevision: "4.10.0" + secrets_store_csi_driver: + chart: secrets-store-csi-driver + repoUrl: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts + targetRevision: "1.4.4" + vpa: + chart: vpa + repoUrl: https://charts.fairwinds.com/stable + targetRevision: "4.5.0" + ack_apigatewayv2: + chart: aws-controllers-k8s/apigatewayv2-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.15" + ack_dynamodb: + chart: aws-controllers-k8s/dynamodb-chart + repoUrl: public.ecr.aws + targetRevision: "1.2.13" + ack_prometheusservice: + chart: aws-controllers-k8s/prometheusservice-chart + repoUrl: public.ecr.aws + targetRevision: "1.2.13" + ack_emrcontainers: + chart: aws-controllers-k8s/emrcontainers-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.12" + ack_eventbridge: + chart: aws-controllers-k8s/eventbridge-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.13" + ack_rds: + chart: aws-controllers-k8s/rds-chart + repoUrl: public.ecr.aws + targetRevision: "1.4.3" + ack_s3: + chart: aws-controllers-k8s/s3-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.14" + ack_sfn: + chart: aws-controllers-k8s/sfn-chart + repoUrl: public.ecr.aws + targetRevision: "1.0.13" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/argocd/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/argocd/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/argocd/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/argocd/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/argocd/values.yaml new file mode 100644 index 00000000..dd923a71 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/argocd/values.yaml @@ -0,0 +1,227 @@ +global: + tolerations: + - key: "CriticalAddonsOnly" + operator: "Exists" + +controller: + replicas: 1 # Additional replicas will cause sharding of managed clusters across number of replicas. + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + env: + - name: ARGOCD_K8S_CLIENT_QPS #required for Crossplane too many CRDs https://github.com/argoproj/argo-cd/pull/448 + value: '300' + +repoServer: + autoscaling: + enabled: true + minReplicas: 1 + resources: # Adjust based on your specific use case (required for HPA) + requests: + cpu: '100m' + memory: '256Mi' + limits: + cpu: '200m' + memory: '512Mi' + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + +applicationSet: + replicaCount: 1 # The controller doesn't scale horizontally, is active-standby replicas + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + +server: + autoscaling: + enabled: true + minReplicas: 1 + resources: # Adjust based on your specific use case (required for HPA) + requests: + cpu: '100m' + memory: '256Mi' + limits: + cpu: '200m' + memory: '512Mi' + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + service: + type: LoadBalancer + annotations: + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing + +configs: + repositories: + # Required when using helm repository with oci formal like karpenter and aws-gateway-api-controller + aws-public-ecr: + name: aws-public-ecr + type: helm + url: public.ecr.aws + enableOCI: 'true' + cm: + application.resourceTrackingMethod: 'annotation' #use annotation for tracking required for Crossplane + resource.exclusions: | + - kinds: + - ProviderConfigUsage + apiGroups: + - "*" + resource.customizations: | + "awsblueprints.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + "*.aws.upbound.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + "*.aws.crossplane.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + +# -- Array of extra K8s manifests to deploy +## Note: Supports use of custom Helm templates +## It gets handle in this form inside the argo-cd chart +# {{ range .Values.extraObjects }} +# --- +# {{ if typeIs "string" . }} +# {{- tpl . $ }} +# {{- else }} +# {{- tpl (toYaml .) $ }} +# {{- end }} +# {{ end }} +extraObjects: + - | + apiVersion: argoproj.io/v1alpha1 + kind: AppProject + metadata: + name: default + namespace: {{ $.Release.Namespace | quote }} + annotations: + source: gitops-bridge + spec: + clusterResourceWhitelist: + - group: '*' + kind: '*' + sourceRepos: + - '*' + destinations: + - namespace: '*' + name: '*' + server: '*' diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/aws-load-balancer-controller/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/aws-load-balancer-controller/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/aws-load-balancer-controller/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/aws-load-balancer-controller/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/aws-load-balancer-controller/values.yaml new file mode 100644 index 00000000..869cc182 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/aws-load-balancer-controller/values.yaml @@ -0,0 +1,4 @@ +# values for the addon +tolerations: +- key: "CriticalAddonsOnly" + operator: "Exists" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/gatekeeper/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/gatekeeper/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/gatekeeper/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/gatekeeper/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/gatekeeper/values.yaml new file mode 100644 index 00000000..d7ab2b2e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/gatekeeper/values.yaml @@ -0,0 +1,2 @@ +# values for the addon + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/karpenter/resources/.keep b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/karpenter/resources/.keep new file mode 100644 index 00000000..e69de29b diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/karpenter/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/karpenter/resources/values.yaml new file mode 100644 index 00000000..bf1d26d1 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/karpenter/resources/values.yaml @@ -0,0 +1,3 @@ +# karpenter resources like nodepool and nodeclass +environment: dev + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/karpenter/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/karpenter/values.yaml new file mode 100644 index 00000000..d7ab2b2e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/karpenter/values.yaml @@ -0,0 +1,2 @@ +# values for the addon + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/volcano/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/volcano/resources/values.yaml new file mode 100644 index 00000000..204c5a57 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/volcano/resources/values.yaml @@ -0,0 +1 @@ +# values for the resources of the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/volcano/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/volcano/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/clusters/cluster1/addons/volcano/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/default/addons/volcano/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/default/addons/volcano/resources/values.yaml new file mode 100644 index 00000000..204c5a57 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/default/addons/volcano/resources/values.yaml @@ -0,0 +1 @@ +# values for the resources of the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/default/addons/volcano/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/default/addons/volcano/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/default/addons/volcano/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/argocd/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/argocd/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/argocd/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/argocd/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/argocd/values.yaml new file mode 100644 index 00000000..dd923a71 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/argocd/values.yaml @@ -0,0 +1,227 @@ +global: + tolerations: + - key: "CriticalAddonsOnly" + operator: "Exists" + +controller: + replicas: 1 # Additional replicas will cause sharding of managed clusters across number of replicas. + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + env: + - name: ARGOCD_K8S_CLIENT_QPS #required for Crossplane too many CRDs https://github.com/argoproj/argo-cd/pull/448 + value: '300' + +repoServer: + autoscaling: + enabled: true + minReplicas: 1 + resources: # Adjust based on your specific use case (required for HPA) + requests: + cpu: '100m' + memory: '256Mi' + limits: + cpu: '200m' + memory: '512Mi' + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + +applicationSet: + replicaCount: 1 # The controller doesn't scale horizontally, is active-standby replicas + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + +server: + autoscaling: + enabled: true + minReplicas: 1 + resources: # Adjust based on your specific use case (required for HPA) + requests: + cpu: '100m' + memory: '256Mi' + limits: + cpu: '200m' + memory: '512Mi' + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + service: + type: LoadBalancer + annotations: + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing + +configs: + repositories: + # Required when using helm repository with oci formal like karpenter and aws-gateway-api-controller + aws-public-ecr: + name: aws-public-ecr + type: helm + url: public.ecr.aws + enableOCI: 'true' + cm: + application.resourceTrackingMethod: 'annotation' #use annotation for tracking required for Crossplane + resource.exclusions: | + - kinds: + - ProviderConfigUsage + apiGroups: + - "*" + resource.customizations: | + "awsblueprints.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + "*.aws.upbound.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + "*.aws.crossplane.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + +# -- Array of extra K8s manifests to deploy +## Note: Supports use of custom Helm templates +## It gets handle in this form inside the argo-cd chart +# {{ range .Values.extraObjects }} +# --- +# {{ if typeIs "string" . }} +# {{- tpl . $ }} +# {{- else }} +# {{- tpl (toYaml .) $ }} +# {{- end }} +# {{ end }} +extraObjects: + - | + apiVersion: argoproj.io/v1alpha1 + kind: AppProject + metadata: + name: default + namespace: {{ $.Release.Namespace | quote }} + annotations: + source: gitops-bridge + spec: + clusterResourceWhitelist: + - group: '*' + kind: '*' + sourceRepos: + - '*' + destinations: + - namespace: '*' + name: '*' + server: '*' diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/aws-load-balancer-controller/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/aws-load-balancer-controller/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/aws-load-balancer-controller/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/aws-load-balancer-controller/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/aws-load-balancer-controller/values.yaml new file mode 100644 index 00000000..869cc182 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/aws-load-balancer-controller/values.yaml @@ -0,0 +1,4 @@ +# values for the addon +tolerations: +- key: "CriticalAddonsOnly" + operator: "Exists" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/gatekeeper/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/gatekeeper/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/gatekeeper/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/gatekeeper/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/gatekeeper/values.yaml new file mode 100644 index 00000000..d7ab2b2e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/gatekeeper/values.yaml @@ -0,0 +1,2 @@ +# values for the addon + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/karpenter/resources/.keep b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/karpenter/resources/.keep new file mode 100644 index 00000000..e69de29b diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/karpenter/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/karpenter/resources/values.yaml new file mode 100644 index 00000000..bf1d26d1 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/karpenter/resources/values.yaml @@ -0,0 +1,3 @@ +# karpenter resources like nodepool and nodeclass +environment: dev + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/karpenter/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/karpenter/values.yaml new file mode 100644 index 00000000..d7ab2b2e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/karpenter/values.yaml @@ -0,0 +1,2 @@ +# values for the addon + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/volcano/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/volcano/resources/values.yaml new file mode 100644 index 00000000..204c5a57 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/volcano/resources/values.yaml @@ -0,0 +1 @@ +# values for the resources of the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/volcano/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/volcano/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/dev/addons/volcano/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/argocd/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/argocd/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/argocd/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/argocd/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/argocd/values.yaml new file mode 100644 index 00000000..dd923a71 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/argocd/values.yaml @@ -0,0 +1,227 @@ +global: + tolerations: + - key: "CriticalAddonsOnly" + operator: "Exists" + +controller: + replicas: 1 # Additional replicas will cause sharding of managed clusters across number of replicas. + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + env: + - name: ARGOCD_K8S_CLIENT_QPS #required for Crossplane too many CRDs https://github.com/argoproj/argo-cd/pull/448 + value: '300' + +repoServer: + autoscaling: + enabled: true + minReplicas: 1 + resources: # Adjust based on your specific use case (required for HPA) + requests: + cpu: '100m' + memory: '256Mi' + limits: + cpu: '200m' + memory: '512Mi' + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + +applicationSet: + replicaCount: 1 # The controller doesn't scale horizontally, is active-standby replicas + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + +server: + autoscaling: + enabled: true + minReplicas: 1 + resources: # Adjust based on your specific use case (required for HPA) + requests: + cpu: '100m' + memory: '256Mi' + limits: + cpu: '200m' + memory: '512Mi' + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + service: + type: LoadBalancer + annotations: + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing + +configs: + repositories: + # Required when using helm repository with oci formal like karpenter and aws-gateway-api-controller + aws-public-ecr: + name: aws-public-ecr + type: helm + url: public.ecr.aws + enableOCI: 'true' + cm: + application.resourceTrackingMethod: 'annotation' #use annotation for tracking required for Crossplane + resource.exclusions: | + - kinds: + - ProviderConfigUsage + apiGroups: + - "*" + resource.customizations: | + "awsblueprints.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + "*.aws.upbound.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + "*.aws.crossplane.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + +# -- Array of extra K8s manifests to deploy +## Note: Supports use of custom Helm templates +## It gets handle in this form inside the argo-cd chart +# {{ range .Values.extraObjects }} +# --- +# {{ if typeIs "string" . }} +# {{- tpl . $ }} +# {{- else }} +# {{- tpl (toYaml .) $ }} +# {{- end }} +# {{ end }} +extraObjects: + - | + apiVersion: argoproj.io/v1alpha1 + kind: AppProject + metadata: + name: default + namespace: {{ $.Release.Namespace | quote }} + annotations: + source: gitops-bridge + spec: + clusterResourceWhitelist: + - group: '*' + kind: '*' + sourceRepos: + - '*' + destinations: + - namespace: '*' + name: '*' + server: '*' diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/aws-load-balancer-controller/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/aws-load-balancer-controller/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/aws-load-balancer-controller/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/aws-load-balancer-controller/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/aws-load-balancer-controller/values.yaml new file mode 100644 index 00000000..869cc182 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/aws-load-balancer-controller/values.yaml @@ -0,0 +1,4 @@ +# values for the addon +tolerations: +- key: "CriticalAddonsOnly" + operator: "Exists" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/gatekeeper/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/gatekeeper/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/gatekeeper/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/gatekeeper/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/gatekeeper/values.yaml new file mode 100644 index 00000000..d7ab2b2e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/gatekeeper/values.yaml @@ -0,0 +1,2 @@ +# values for the addon + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/karpenter/resources/.keep b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/karpenter/resources/.keep new file mode 100644 index 00000000..e69de29b diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/karpenter/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/karpenter/resources/values.yaml new file mode 100644 index 00000000..bf1d26d1 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/karpenter/resources/values.yaml @@ -0,0 +1,3 @@ +# karpenter resources like nodepool and nodeclass +environment: dev + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/karpenter/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/karpenter/values.yaml new file mode 100644 index 00000000..d7ab2b2e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/karpenter/values.yaml @@ -0,0 +1,2 @@ +# values for the addon + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/volcano/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/volcano/resources/values.yaml new file mode 100644 index 00000000..204c5a57 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/volcano/resources/values.yaml @@ -0,0 +1 @@ +# values for the resources of the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/volcano/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/volcano/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/prod/addons/volcano/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/argocd/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/argocd/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/argocd/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/argocd/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/argocd/values.yaml new file mode 100644 index 00000000..dd923a71 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/argocd/values.yaml @@ -0,0 +1,227 @@ +global: + tolerations: + - key: "CriticalAddonsOnly" + operator: "Exists" + +controller: + replicas: 1 # Additional replicas will cause sharding of managed clusters across number of replicas. + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + env: + - name: ARGOCD_K8S_CLIENT_QPS #required for Crossplane too many CRDs https://github.com/argoproj/argo-cd/pull/448 + value: '300' + +repoServer: + autoscaling: + enabled: true + minReplicas: 1 + resources: # Adjust based on your specific use case (required for HPA) + requests: + cpu: '100m' + memory: '256Mi' + limits: + cpu: '200m' + memory: '512Mi' + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + +applicationSet: + replicaCount: 1 # The controller doesn't scale horizontally, is active-standby replicas + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + +server: + autoscaling: + enabled: true + minReplicas: 1 + resources: # Adjust based on your specific use case (required for HPA) + requests: + cpu: '100m' + memory: '256Mi' + limits: + cpu: '200m' + memory: '512Mi' + metrics: + enabled: true + service: + annotations: + prometheus.io/scrape: true + service: + type: LoadBalancer + annotations: + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing + +configs: + repositories: + # Required when using helm repository with oci formal like karpenter and aws-gateway-api-controller + aws-public-ecr: + name: aws-public-ecr + type: helm + url: public.ecr.aws + enableOCI: 'true' + cm: + application.resourceTrackingMethod: 'annotation' #use annotation for tracking required for Crossplane + resource.exclusions: | + - kinds: + - ProviderConfigUsage + apiGroups: + - "*" + resource.customizations: | + "awsblueprints.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + "*.aws.upbound.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + "*.aws.crossplane.io/*": + health.lua: | + health_status = { + status = "Progressing", + message = "Provisioning ..." + } + + if obj.status == nil or obj.status.conditions == nil then + return health_status + end + + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + health_status.message = "Resource is up-to-date." + return health_status + end + end + + if condition.type == "LastAsyncOperation" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + + if condition.type == "Synced" then + if condition.status == "False" then + health_status.status = "Degraded" + health_status.message = condition.message + return health_status + end + end + end + + return health_status + + +# -- Array of extra K8s manifests to deploy +## Note: Supports use of custom Helm templates +## It gets handle in this form inside the argo-cd chart +# {{ range .Values.extraObjects }} +# --- +# {{ if typeIs "string" . }} +# {{- tpl . $ }} +# {{- else }} +# {{- tpl (toYaml .) $ }} +# {{- end }} +# {{ end }} +extraObjects: + - | + apiVersion: argoproj.io/v1alpha1 + kind: AppProject + metadata: + name: default + namespace: {{ $.Release.Namespace | quote }} + annotations: + source: gitops-bridge + spec: + clusterResourceWhitelist: + - group: '*' + kind: '*' + sourceRepos: + - '*' + destinations: + - namespace: '*' + name: '*' + server: '*' diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/aws-load-balancer-controller/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/aws-load-balancer-controller/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/aws-load-balancer-controller/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/aws-load-balancer-controller/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/aws-load-balancer-controller/values.yaml new file mode 100644 index 00000000..869cc182 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/aws-load-balancer-controller/values.yaml @@ -0,0 +1,4 @@ +# values for the addon +tolerations: +- key: "CriticalAddonsOnly" + operator: "Exists" diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/gatekeeper/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/gatekeeper/resources/values.yaml new file mode 100644 index 00000000..451fd509 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/gatekeeper/resources/values.yaml @@ -0,0 +1 @@ +# resources for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/gatekeeper/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/gatekeeper/values.yaml new file mode 100644 index 00000000..d7ab2b2e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/gatekeeper/values.yaml @@ -0,0 +1,2 @@ +# values for the addon + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/karpenter/resources/.keep b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/karpenter/resources/.keep new file mode 100644 index 00000000..e69de29b diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/karpenter/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/karpenter/resources/values.yaml new file mode 100644 index 00000000..bf1d26d1 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/karpenter/resources/values.yaml @@ -0,0 +1,3 @@ +# karpenter resources like nodepool and nodeclass +environment: dev + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/karpenter/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/karpenter/values.yaml new file mode 100644 index 00000000..d7ab2b2e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/karpenter/values.yaml @@ -0,0 +1,2 @@ +# values for the addon + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/volcano/resources/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/volcano/resources/values.yaml new file mode 100644 index 00000000..204c5a57 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/volcano/resources/values.yaml @@ -0,0 +1 @@ +# values for the resources of the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/volcano/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/volcano/values.yaml new file mode 100644 index 00000000..c4adc795 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/tenants/tenant1/environments/staging/addons/volcano/values.yaml @@ -0,0 +1 @@ +# values for the addon diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/apps/game-2048/game-2048.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/apps/game-2048/game-2048.yaml new file mode 100644 index 00000000..7f5e2d34 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/apps/game-2048/game-2048.yaml @@ -0,0 +1,54 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: game-2048 +spec: + selector: + matchLabels: + app.kubernetes.io/name: game-2048 + template: + metadata: + labels: + app.kubernetes.io/name: game-2048 + spec: + containers: + - image: public.ecr.aws/l6m2t8p7/docker-2048 + name: game-2048 + ports: + - containerPort: 80 + name: http +--- +apiVersion: v1 +kind: Service +metadata: + name: game-2048 +spec: + ports: + - name: http + port: 80 + targetPort: http + protocol: TCP + type: ClusterIP + selector: + app.kubernetes.io/name: game-2048 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: game-2048 + annotations: + alb.ingress.kubernetes.io/scheme: internet-facing + alb.ingress.kubernetes.io/target-type: ip +spec: + ingressClassName: alb + rules: + - http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: game-2048 + port: + name: http + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/namespaces/game-2048/values.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/namespaces/game-2048/values.yaml new file mode 100644 index 00000000..4589405b --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/namespaces/game-2048/values.yaml @@ -0,0 +1,51 @@ +name: tenant1 +labels: + environment: dev +networkPolicies: + enabled: true + egress: + deny: + all: + enabled: true + allow: + dns: + enabled: true + ingress: + deny: + all: + enabled: false +namespaces: + game-2048: + labels: + additionalLabels: + app.kubernetes.io/created-by: eks-workshop + limitRanges: + - name: default + labels: + app.kubernetes.io/created-by: eks-workshop + limits: + - default: # this section defines default limits + cpu: 500m + defaultRequest: # this section defines default requests + cpu: 500m + max: # max and min define the limit range + cpu: "2" + min: + cpu: 100m + type: Container + resourceQuotas: + - name: default + labels: + app.kubernetes.io/created-by: eks-workshop + spec: + hard: + cpu: "5000" + memory: 200Gi + pods: "20" + scopeSelector: + matchExpressions: + - operator : In + scopeName: PriorityClass + values: ["high"] + + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/workloads.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/workloads.yaml new file mode 100644 index 00000000..1ab3a8a7 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/workloads.yaml @@ -0,0 +1,60 @@ +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: workload-namespaces + namespace: argocd +spec: + syncPolicy: + preserveResourcesOnDeletion: true + goTemplate: true + goTemplateOptions: + - missingkey=error + generators: + - matrix: + generators: + - clusters: + selector: + matchLabels: + argocd.argoproj.io/secret-type: cluster + - git: + repoURL: '{{.metadata.annotations.workload_repo_url}}' + revision: '{{.metadata.annotations.workload_repo_revision}}' + directories: + - path: '{{.metadata.annotations.workload_repo_basepath}}namespaces/*' + + template: + metadata: + name: 'namespaces-{{.path.basename}}' + labels: + environment: '{{.metadata.labels.environment}}' + component: '{{.path.basename}}' + workloads: 'true' + spec: + project: 'default' + sources: + - repoURL: '{{.metadata.annotations.workload_repo_url}}' + targetRevision: '{{.metadata.annotations.workload_repo_revision}}' + ref: values + - chart: team + repoURL: 'https://gitops-bridge-dev.github.io/gitops-bridge-helm-charts' + targetRevision: '2.0.0' + helm: + releaseName: 'teams' + ignoreMissingValueFiles: true + valueFiles: + - '$values/{{.path.path}}/values.yaml' + - repoURL: '{{.metadata.annotations.workload_repo_url}}' + path: '{{.metadata.annotations.workload_repo_basepath}}apps/{{.path.basename}}' + targetRevision: '{{.metadata.annotations.workload_repo_revision}}' + destination: + namespace: '{{.path.basename}}' + name: '{{.name}}' + syncPolicy: + automated: + selfHeal: false + allowEmpty: true + prune: true + retry: + backoff: + duration: 1m + limit: -1 \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf b/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf new file mode 100644 index 00000000..22b01ce0 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/main.tf @@ -0,0 +1,325 @@ +provider "aws" { + region = local.region +} +data "aws_caller_identity" "current" {} +data "aws_availability_zones" "available" {} + +provider "helm" { + kubernetes { + host = module.eks.cluster_endpoint + cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data) + + exec { + api_version = "client.authentication.k8s.io/v1beta1" + command = "aws" + # This requires the awscli to be installed locally where Terraform is executed + args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name, "--region", local.region] + } + } +} + +provider "kubernetes" { + host = module.eks.cluster_endpoint + cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data) + + exec { + api_version = "client.authentication.k8s.io/v1beta1" + command = "aws" + # This requires the awscli to be installed locally where Terraform is executed + args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name, "--region", local.region] + } +} + +locals { + name = "getting-started" + region = var.region + + environment = var.environment + tenant = var.tenant + + cluster_version = var.kubernetes_version + + vpc_cidr = var.vpc_cidr + azs = slice(data.aws_availability_zones.available.names, 0, 3) + + gitops_addons_url = "${var.gitops_addons_org}/${var.gitops_addons_repo}" + gitops_addons_basepath = var.gitops_addons_basepath + gitops_addons_path = var.gitops_addons_path + gitops_addons_revision = var.gitops_addons_revision + + gitops_workload_url = "${var.gitops_workload_org}/${var.gitops_workload_repo}" + gitops_workload_basepath = var.gitops_workload_basepath + gitops_workload_path = var.gitops_workload_path + gitops_workload_revision = var.gitops_workload_revision + + aws_addons = { + enable_cert_manager = try(var.addons.enable_cert_manager, false) + enable_aws_efs_csi_driver = try(var.addons.enable_aws_efs_csi_driver, false) + enable_aws_fsx_csi_driver = try(var.addons.enable_aws_fsx_csi_driver, false) + enable_aws_cloudwatch_metrics = try(var.addons.enable_aws_cloudwatch_metrics, false) + enable_aws_privateca_issuer = try(var.addons.enable_aws_privateca_issuer, false) + enable_cluster_autoscaler = try(var.addons.enable_cluster_autoscaler, false) + enable_external_dns = try(var.addons.enable_external_dns, false) + enable_external_secrets = try(var.addons.enable_external_secrets, false) + enable_aws_load_balancer_controller = try(var.addons.enable_aws_load_balancer_controller, false) + enable_fargate_fluentbit = try(var.addons.enable_fargate_fluentbit, false) + enable_aws_for_fluentbit = try(var.addons.enable_aws_for_fluentbit, false) + enable_aws_node_termination_handler = try(var.addons.enable_aws_node_termination_handler, false) + enable_karpenter = try(var.addons.enable_karpenter, false) + enable_velero = try(var.addons.enable_velero, false) + enable_aws_gateway_api_controller = try(var.addons.enable_aws_gateway_api_controller, false) + enable_aws_ebs_csi_resources = try(var.addons.enable_aws_ebs_csi_resources, false) + enable_aws_secrets_store_csi_driver_provider = try(var.addons.enable_aws_secrets_store_csi_driver_provider, false) + enable_ack_apigatewayv2 = try(var.addons.enable_ack_apigatewayv2, false) + enable_ack_dynamodb = try(var.addons.enable_ack_dynamodb, false) + enable_ack_s3 = try(var.addons.enable_ack_s3, false) + enable_ack_rds = try(var.addons.enable_ack_rds, false) + enable_ack_prometheusservice = try(var.addons.enable_ack_prometheusservice, false) + enable_ack_emrcontainers = try(var.addons.enable_ack_emrcontainers, false) + enable_ack_sfn = try(var.addons.enable_ack_sfn, false) + enable_ack_eventbridge = try(var.addons.enable_ack_eventbridge, false) + } + oss_addons = { + enable_argocd = try(var.addons.enable_argocd, true) + enable_argo_rollouts = try(var.addons.enable_argo_rollouts, false) + enable_argo_events = try(var.addons.enable_argo_events, false) + enable_argo_workflows = try(var.addons.enable_argo_workflows, false) + enable_cluster_proportional_autoscaler = try(var.addons.enable_cluster_proportional_autoscaler, false) + enable_gatekeeper = try(var.addons.enable_gatekeeper, false) + enable_gpu_operator = try(var.addons.enable_gpu_operator, false) + enable_ingress_nginx = try(var.addons.enable_ingress_nginx, false) + enable_keda = try(var.addons.enable_keda, false) + enable_kyverno = try(var.addons.enable_kyverno, false) + enable_kube_prometheus_stack = try(var.addons.enable_kube_prometheus_stack, false) + enable_metrics_server = try(var.addons.enable_metrics_server, false) + enable_prometheus_adapter = try(var.addons.enable_prometheus_adapter, false) + enable_secrets_store_csi_driver = try(var.addons.enable_secrets_store_csi_driver, false) + enable_vpa = try(var.addons.enable_vpa, false) + } + addons = merge( + local.aws_addons, + local.oss_addons, + { tenant = local.tenant }, + { kubernetes_version = local.cluster_version }, + { aws_cluster_name = module.eks.cluster_name } + ) + + addons_metadata = merge( + { + aws_karpenter_role_name = "${module.eks.cluster_name}-karpenter" + }, + module.eks_blueprints_addons.gitops_metadata, + { + aws_cluster_name = module.eks.cluster_name + aws_region = local.region + aws_account_id = data.aws_caller_identity.current.account_id + aws_vpc_id = module.vpc.vpc_id + }, + { + addons_repo_url = local.gitops_addons_url + addons_repo_basepath = local.gitops_addons_basepath + addons_repo_path = local.gitops_addons_path + addons_repo_revision = local.gitops_addons_revision + }, + { + workload_repo_url = local.gitops_workload_url + workload_repo_basepath = local.gitops_workload_basepath + workload_repo_path = local.gitops_workload_path + workload_repo_revision = local.gitops_workload_revision + } + ) + + argocd_apps = { + addons = var.enable_addon_selector ? file("${path.module}/bootstrap/addons.yaml"): templatefile("${path.module}/bootstrap/addons.tpl.yaml", {addons: local.addons}) + workloads = file("${path.module}/bootstrap/workloads.yaml") + } + + tags = { + Blueprint = local.name + GithubRepo = "github.com/gitops-bridge-dev/gitops-bridge" + } +} + +################################################################################ +# GitOps Bridge: Bootstrap +################################################################################ +module "gitops_bridge_bootstrap" { + source = "gitops-bridge-dev/gitops-bridge/helm" + + cluster = { + cluster_name = module.eks.cluster_name + environment = local.environment + metadata = local.addons_metadata + addons = local.addons + } + + apps = local.argocd_apps + argocd = { + name = "argocd" + values = [file("${path.module}/argocd-initial-values.yaml")] + chart_version= "7.3.11" + } + +} + +################################################################################ +# EKS Blueprints Addons +################################################################################ +module "eks_blueprints_addons" { + source = "aws-ia/eks-blueprints-addons/aws" + version = "~> 1.0" + + cluster_name = module.eks.cluster_name + cluster_endpoint = module.eks.cluster_endpoint + cluster_version = module.eks.cluster_version + oidc_provider_arn = module.eks.oidc_provider_arn + + # Using GitOps Bridge + create_kubernetes_resources = false + + # EKS Blueprints Addons + enable_cert_manager = local.aws_addons.enable_cert_manager + enable_aws_efs_csi_driver = local.aws_addons.enable_aws_efs_csi_driver + enable_aws_fsx_csi_driver = local.aws_addons.enable_aws_fsx_csi_driver + enable_aws_cloudwatch_metrics = local.aws_addons.enable_aws_cloudwatch_metrics + enable_aws_privateca_issuer = local.aws_addons.enable_aws_privateca_issuer + enable_cluster_autoscaler = local.aws_addons.enable_cluster_autoscaler + enable_external_dns = local.aws_addons.enable_external_dns + enable_external_secrets = local.aws_addons.enable_external_secrets + enable_aws_load_balancer_controller = local.aws_addons.enable_aws_load_balancer_controller + enable_fargate_fluentbit = local.aws_addons.enable_fargate_fluentbit + enable_aws_for_fluentbit = local.aws_addons.enable_aws_for_fluentbit + enable_aws_node_termination_handler = local.aws_addons.enable_aws_node_termination_handler + enable_karpenter = local.aws_addons.enable_karpenter + enable_velero = local.aws_addons.enable_velero + enable_aws_gateway_api_controller = local.aws_addons.enable_aws_gateway_api_controller + + karpenter_node = { + # Use static name so that it matches what is defined in `karpenter.yaml` example manifest + iam_role_use_name_prefix = false + } + + tags = local.tags +} + +################################################################################ +# EKS Cluster +################################################################################ +#tfsec:ignore:aws-eks-enable-control-plane-logging +module "eks" { + source = "terraform-aws-modules/eks/aws" + version = "~> 19.13" + + cluster_name = local.name + cluster_version = local.cluster_version + cluster_endpoint_public_access = true + + vpc_id = module.vpc.vpc_id + subnet_ids = module.vpc.private_subnets + + manage_aws_auth_configmap = true + aws_auth_roles = local.aws_addons.enable_karpenter ? [ + # We need to add in the Karpenter node IAM role for nodes launched by Karpenter + { + rolearn = module.eks_blueprints_addons.karpenter.node_iam_role_arn + username = "system:node:{{EC2PrivateDNSName}}" + groups = [ + "system:bootstrappers", + "system:nodes", + ] + } + ] : [] + + eks_managed_node_groups = { + initial = { + instance_types = ["t3.medium"] + + min_size = 1 + max_size = 3 + desired_size = 2 + taints = local.aws_addons.enable_karpenter ? { + dedicated = { + key = "CriticalAddonsOnly" + operator = "Exists" + effect = "NO_SCHEDULE" + } + } : {} + } + } + # EKS Addons + cluster_addons = { + coredns = {} + kube-proxy = {} + vpc-cni = { + # Specify the VPC CNI addon should be deployed before compute to ensure + # the addon is configured before data plane compute resources are created + # See README for further details + before_compute = true + most_recent = true # To ensure access to the latest settings provided + configuration_values = jsonencode({ + env = { + # Reference docs https://docs.aws.amazon.com/eks/latest/userguide/cni-increase-ip-addresses.html + ENABLE_PREFIX_DELEGATION = "true" + WARM_PREFIX_TARGET = "1" + }, + enableNetworkPolicy : "true" + }) + } + aws-ebs-csi-driver = { + service_account_role_arn = module.ebs_csi_driver_irsa.iam_role_arn + } + } + node_security_group_tags = { + # security group that Karpenter should utilize with the following tag + # (i.e. - at most, only one security group should have this tag in your account) + "karpenter.sh/discovery" = local.name + } + tags = local.tags +} +module "ebs_csi_driver_irsa" { + source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" + version = "~> 5.20" + + role_name_prefix = "${module.eks.cluster_name}-ebs-csi-" + + attach_ebs_csi_policy = true + + oidc_providers = { + main = { + provider_arn = module.eks.oidc_provider_arn + namespace_service_accounts = ["kube-system:ebs-csi-controller-sa"] + } + } + + tags = local.tags +} + +################################################################################ +# Supporting Resources +################################################################################ +module "vpc" { + source = "terraform-aws-modules/vpc/aws" + version = "~> 5.0" + + name = local.name + cidr = local.vpc_cidr + + azs = local.azs + private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)] + public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)] + + enable_nat_gateway = true + single_nat_gateway = true + + public_subnet_tags = { + "kubernetes.io/role/elb" = 1 + } + + private_subnet_tags = { + "kubernetes.io/role/internal-elb" = 1 + # Tags subnets for Karpenter auto-discovery + "karpenter.sh/discovery" = local.name + } + + tags = local.tags +} diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/outputs.tf b/argocd/iac/terraform/examples/eks/single-cluster-v2/outputs.tf new file mode 100644 index 00000000..e890d752 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/outputs.tf @@ -0,0 +1,33 @@ +output "configure_kubectl" { + description = "Configure kubectl: make sure you're logged in with the correct AWS profile and run the following command to update your kubeconfig" + value = <<-EOT + export KUBECONFIG="/tmp/${module.eks.cluster_name}" + aws eks --region ${local.region} update-kubeconfig --name ${module.eks.cluster_name} + EOT +} + +output "configure_argocd" { + description = "Terminal Setup" + value = <<-EOT + export KUBECONFIG="/tmp/${module.eks.cluster_name}" + aws eks --region ${local.region} update-kubeconfig --name ${module.eks.cluster_name} + export ARGOCD_OPTS="--port-forward --port-forward-namespace argocd --grpc-web" + kubectl config set-context --current --namespace argocd + argocd login --port-forward --username admin --password $(argocd admin initial-password | head -1) + echo "ArgoCD Username: admin" + echo "ArgoCD Password: $(kubectl get secrets argocd-initial-admin-secret -n argocd --template="{{index .data.password | base64decode}}")" + echo Port Forward: http://localhost:8080 + kubectl port-forward -n argocd svc/argocd-server 8080:80 + EOT +} + +output "access_argocd" { + description = "ArgoCD Access" + value = <<-EOT + export KUBECONFIG="/tmp/${module.eks.cluster_name}" + aws eks --region ${local.region} update-kubeconfig --name ${module.eks.cluster_name} + echo "ArgoCD Username: admin" + echo "ArgoCD Password: $(kubectl get secrets argocd-initial-admin-secret -n argocd --template="{{index .data.password | base64decode}}")" + echo "ArgoCD URL: https://$(kubectl get svc -n argocd argocd-server -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')" + EOT +} diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/test-boot-strap-addons/addons.tpl.yaml b/argocd/iac/terraform/examples/eks/single-cluster-v2/test-boot-strap-addons/addons.tpl.yaml new file mode 100644 index 00000000..d85d7ae0 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/test-boot-strap-addons/addons.tpl.yaml @@ -0,0 +1,57 @@ +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: cluster-addons + namespace: argocd +spec: + syncPolicy: + preserveResourcesOnDeletion: true + goTemplate: true + goTemplateOptions: + - missingkey=error + generators: + - clusters: {} + template: + metadata: + name: cluster-addons + spec: + project: default + source: + repoURL: '{{.metadata.annotations.addons_repo_url}}' + path: '{{.metadata.annotations.addons_repo_basepath}}charts/gitops-bridge' + targetRevision: '{{.metadata.annotations.addons_repo_revision}}' + helm: + valuesObject: + repoURLValuesBasePath: '{{.metadata.annotations.addons_repo_basepath}}' + repoURLValuesRevision: '{{.metadata.annotations.addons_repo_revision}}' + repoURLGitBasePath: '{{.metadata.annotations.addons_repo_basepath}}stacks/' + repoURLGitRevision: '{{.metadata.annotations.addons_repo_revision}}' + useSelector: false + addons: +%{ for key, value in addons ~} +%{ if substr(key, 0, 7) == "enable_" && value == true ~} + ${replace(key, "enable_", "")}: + enabled: ${value} +%{ endif ~} +%{ endfor ~} + ignoreMissingValueFiles: true + valueFiles: + - '{{.metadata.annotations.addons_repo_basepath}}default/addons/gitops-bridge/values.yaml' + - '{{.metadata.annotations.addons_repo_basepath}}environments/{{.metadata.labels.environment}}/gitops-bridge/values.yaml' + - '{{.metadata.annotations.addons_repo_basepath}}clusters/{{.nameNormalized}}/addons/values.yaml' + - '{{.metadata.annotations.addons_repo_basepath}}tenants/{{.metadata.labels.tenant}}/default/addons/gitops-bridge/values.yaml' + - '{{.metadata.annotations.addons_repo_basepath}}tenants/{{.metadata.labels.tenant}}/environments/{{.metadata.labels.environment}}/gitops-bridge/values.yaml' + - '{{.metadata.annotations.addons_repo_basepath}}tenants/{{.metadata.labels.tenant}}/clusters/{{.nameNormalized}}/addons/values.yaml' + destination: + namespace: argocd + name: '{{.name}}' + syncPolicy: + automated: + selfHeal: true + allowEmpty: true + prune: false + retry: + limit: 100 + syncOptions: + - CreateNamespace=true + - ServerSideApply=true # Big CRDs. \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/test-boot-strap-addons/main.tf b/argocd/iac/terraform/examples/eks/single-cluster-v2/test-boot-strap-addons/main.tf new file mode 100644 index 00000000..a7aac3dd --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/test-boot-strap-addons/main.tf @@ -0,0 +1,26 @@ +variable "addons" { + description = "Kubernetes addons" + type = any + default = { + enable_aws_load_balancer_controller = true + enable_aws_ebs_csi_resources = true # generate gp2 and gp3 storage classes for ebs-csi + enable_metrics_server = true + enable_gatekeeper = true + enable_karpenter = true + enable_argocd = true + enable_foobar = true + } +} + +locals { + addons = var.addons +} + +locals { + appset = templatefile("${path.module}/addons.tpl.yaml", {addons: local.addons}) +} + +output "appset" { + value = local.appset +} + diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/variables.tf b/argocd/iac/terraform/examples/eks/single-cluster-v2/variables.tf new file mode 100644 index 00000000..b368a156 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/variables.tf @@ -0,0 +1,100 @@ +variable "vpc_cidr" { + description = "VPC CIDR" + type = string + default = "10.0.0.0/16" +} +variable "region" { + description = "AWS region" + type = string + default = "us-west-2" +} +variable "kubernetes_version" { + description = "Kubernetes version" + type = string + default = "1.30" +} +variable "environment" { + description = "Environment" + type = string + default = "dev" +} +variable "tenant" { + description = "Tenant for addon stacks" + type = string + default = "tenant1" # make it empty string if you don't want to use tenant +} + +variable "addons" { + description = "Kubernetes addons" + type = any + default = { + enable_aws_load_balancer_controller = true + enable_aws_ebs_csi_resources = true # generate gp2 and gp3 storage classes for ebs-csi + enable_metrics_server = true + enable_gatekeeper = true + enable_karpenter = true + enable_argocd = true + enable_kyverno = true + enable_aws_cloudwatch_metrics = true + enable_aws_for_fluentbit = true + } +} +# Addons Git +variable "gitops_addons_org" { + description = "Git repository org/user contains for addons" + type = string + default = "https://github.com/gitops-bridge-dev" +} +variable "gitops_addons_repo" { + description = "Git repository contains for addons" + type = string + default = "gitops-bridge" +} +variable "gitops_addons_revision" { + description = "Git repository revision/branch/ref for addons" + type = string + default = "single-cluster-v2" +} +variable "gitops_addons_basepath" { + description = "Git repository base path for addons" + type = string + default = "argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/" +} +variable "gitops_addons_path" { + description = "Git repository path for addons" + type = string + default = "" +} + +# Workloads Git +variable "gitops_workload_org" { + description = "Git repository org/user contains for workload" + type = string + default = "https://github.com/gitops-bridge-dev" +} +variable "gitops_workload_repo" { + description = "Git repository contains for workload" + type = string + default = "gitops-bridge" +} +variable "gitops_workload_revision" { + description = "Git repository revision/branch/ref for workload" + type = string + default = "single-cluster-v2" +} +variable "gitops_workload_basepath" { + description = "Git repository base path for workload" + type = string + default = "argocd/iac/terraform/examples/eks/single-cluster-v2/gitops/workloads/" +} +variable "gitops_workload_path" { + description = "Git repository path for workload" + type = string + default = "single-cluster-v2/k8s" +} + +variable "enable_addon_selector" { + description = "select addons using cluster selector" + type = bool + default = false +} \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/single-cluster-v2/versions.tf b/argocd/iac/terraform/examples/eks/single-cluster-v2/versions.tf new file mode 100644 index 00000000..2de60d58 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/single-cluster-v2/versions.tf @@ -0,0 +1,25 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 4.67.0" + } + helm = { + source = "hashicorp/helm" + version = ">= 2.10.1" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = "2.22.0" + } + } + + # ## Used for end-to-end testing on project; update to suit your needs + # backend "s3" { + # bucket = "terraform-ssp-github-actions-state" + # region = "us-west-2" + # key = "e2e/ipv4-prefix-delegation/terraform.tfstate" + # } +}