Use New Fargate Profile For Each Run And Allow More Than One Tests At The Same Time (#416) (#430)

sethAmazon · web-flow · commit 4fb5944ab1bd · 2021-12-13T10:39:17.000-05:00
diff --git a/terraform/eks/container-insights-agent/aoc_service_fargate.yml b/terraform/eks/container-insights-agent/aoc_service_fargate.yml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: adot-collector-service
-  namespace: default
+  namespace: ${Namespace}
   labels:
     app: aws-adot
     component: adot-collector
diff --git a/terraform/eks/container-insights-agent/cluster_role_binding_fargate.yml b/terraform/eks/container-insights-agent/cluster_role_binding_fargate.yml
@@ -5,7 +5,7 @@ metadata:
 subjects:
   - kind: ServiceAccount
     name: adot-collector-service-account
-    namespace: default
+    namespace: ${Namespace}
 roleRef:
   kind: ClusterRole
   name: adotcol-admin-role
diff --git a/terraform/eks/container-insights-agent/config_map_fargate.yml b/terraform/eks/container-insights-agent/config_map_fargate.yml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: adot-collector-config
-  namespace: default
+  namespace: ${Namespace}
   labels:
     app: aws-adot
     component: adot-collector-config
@@ -39,19 +39,19 @@ data:
                 regex: (.+)
                 target_label: __metrics_path__
                 # Changes the default metrics path to kubelet's proxy cadvdisor metrics endpoint
-                replacement: /api/v1/nodes/$${1}/proxy/metrics/cadvisor
+                replacement: /api/v1/nodes/$$${1}/proxy/metrics/cadvisor
             metric_relabel_configs:
               # extract readable container/pod name from id field
               - action: replace
                 source_labels: [id]
                 regex: '^/machine\.slice/machine-rkt\\x2d([^\\]+)\\.+/([^/]+)\.service$'
                 target_label: rkt_container_name
-                replacement: '$${2}-$${1}'
+                replacement: '$$${2}-$$${1}'
               - action: replace
                 source_labels: [id]
                 regex: '^/system\.slice/(.+)\.service$'
                 target_label: systemd_service_name
-                replacement: '$${1}'
+                replacement: '$$${1}'
     processors:
       # rename labels which apply to all metrics and are used in metricstransform/rename processor
       metricstransform/label_1:
diff --git a/terraform/eks/container-insights-agent/logs_sample_fargate.yml b/terraform/eks/container-insights-agent/logs_sample_fargate.yml
@@ -4,7 +4,7 @@ metadata:
   name: flblogproducer2eks
   labels:
     app: flblogproducer2eks
-  namespace: default
+  namespace: ${Namespace}
 spec:
   replicas: 1
   selector:
diff --git a/terraform/eks/container-insights-agent/service_account_fargate.yml b/terraform/eks/container-insights-agent/service_account_fargate.yml
@@ -2,6 +2,6 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: adot-collector-service-account
-  namespace: default
+  namespace: ${Namespace}
   annotations:
     eks.amazonaws.com/role-arn: ${RoleArn}
diff --git a/terraform/eks/container-insights-agent/stateful_set_fargate.yml b/terraform/eks/container-insights-agent/stateful_set_fargate.yml
@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: StatefulSet
 metadata:
   name: adot-collector
-  namespace: default
+  namespace: ${Namespace}
   labels:
     app: aws-adot
     component: adot-collector
diff --git a/terraform/eks/container_insights_agent.tf b/terraform/eks/container_insights_agent.tf
@@ -1,43 +1,49 @@
 data "template_file" "cluster_role_file" {
   template = file("./container-insights-agent/cluster_role.tpl")
   vars = {
-    NAMESPACE = var.deployment_type == "fargate" ? "default" : kubernetes_namespace.aoc_ns.metadata[0].name
+    NAMESPACE = var.deployment_type == "fargate" ? tolist(aws_eks_fargate_profile.test_profile.selector)[0].namespace : kubernetes_namespace.aoc_ns.metadata[0].name
   }
+  depends_on = [aws_eks_fargate_profile.test_profile]
 }
 
 data "template_file" "cluster_role_binding_file" {
   template = file("./container-insights-agent/cluster_role_binding.tpl")
   vars = {
-    NAMESPACE       = var.deployment_type == "fargate" ? "default" : kubernetes_namespace.aoc_ns.metadata[0].name,
+    NAMESPACE       = var.deployment_type == "fargate" ? tolist(aws_eks_fargate_profile.test_profile.selector)[0].namespace : kubernetes_namespace.aoc_ns.metadata[0].name,
     SERVICE_ACCOUNT = kubernetes_service_account.aoc-agent-role.metadata[0].name
   }
+  depends_on = [aws_eks_fargate_profile.test_profile]
 }
 
 data "template_file" "config_map_file" {
   template = file("./container-insights-agent/config_map.tpl")
   vars = {
-    NAMESPACE = var.deployment_type == "fargate" ? "default" : kubernetes_namespace.aoc_ns.metadata[0].name
+    NAMESPACE = var.deployment_type == "fargate" ? tolist(aws_eks_fargate_profile.test_profile.selector)[0].namespace : kubernetes_namespace.aoc_ns.metadata[0].name
   }
+  depends_on = [aws_eks_fargate_profile.test_profile]
 }
 
 data "template_file" "daemonset_file" {
   template = file("./container-insights-agent/daemonset.tpl")
   vars = {
-    NAMESPACE       = var.deployment_type == "fargate" ? "default" : kubernetes_namespace.aoc_ns.metadata[0].name
+    NAMESPACE       = var.deployment_type == "fargate" ? tolist(aws_eks_fargate_profile.test_profile.selector)[0].namespace : kubernetes_namespace.aoc_ns.metadata[0].name
     SERVICE_ACCOUNT = kubernetes_service_account.aoc-agent-role.metadata[0].name
     OTELIMAGE       = module.common.aoc_image
     REGION          = var.region
   }
+  depends_on = [aws_eks_fargate_profile.test_profile]
 }
 
 resource "kubectl_manifest" "service_account" {
   count = var.aoc_base_scenario == "infra" && var.deployment_type == "fargate" ? 1 : 0
-  yaml_body = templatefile("./container-insights-agent/service_account_fargate.tpl",
+  yaml_body = templatefile("./container-insights-agent/service_account_fargate.yml",
     {
-      RoleArn : module.iam_assumable_role_admin.iam_role_arn
+      RoleArn : module.iam_assumable_role_admin.iam_role_arn,
+      Namespace : tolist(aws_eks_fargate_profile.test_profile.selector)[0].namespace
   })
   depends_on = [
-    module.iam_assumable_role_admin
+    module.iam_assumable_role_admin,
+    aws_eks_fargate_profile.test_profile
   ]
 }
 
@@ -46,14 +52,16 @@ resource "kubectl_manifest" "cluster_role" {
 }
 
 resource "kubectl_manifest" "cluster_role_binding" {
-  yaml_body = var.deployment_type == "fargate" ? file("./container-insights-agent/cluster_role_binding_fargate.yml") : data.template_file.cluster_role_binding_file.rendered
+  yaml_body = var.deployment_type == "fargate" ? templatefile("./container-insights-agent/cluster_role_binding_fargate.yml", { Namespace : tolist(aws_eks_fargate_profile.test_profile.selector)[0].namespace }) : data.template_file.cluster_role_binding_file.rendered
   depends_on = [
-    kubectl_manifest.cluster_role
+    kubectl_manifest.cluster_role,
+    aws_eks_fargate_profile.test_profile
   ]
 }
 
 resource "kubectl_manifest" "config_map" {
-  yaml_body = var.deployment_type == "fargate" ? file("./container-insights-agent/config_map_fargate.yml") : data.template_file.config_map_file.rendered
+  yaml_body  = var.deployment_type == "fargate" ? templatefile("./container-insights-agent/config_map_fargate.yml", { Namespace : tolist(aws_eks_fargate_profile.test_profile.selector)[0].namespace }) : data.template_file.config_map_file.rendered
+  depends_on = [aws_eks_fargate_profile.test_profile]
 }
 
 resource "kubectl_manifest" "daemonset" {
@@ -67,25 +75,28 @@ resource "kubectl_manifest" "daemonset" {
 
 resource "kubectl_manifest" "aoc_service_deploy" {
   count     = var.aoc_base_scenario == "infra" && var.deployment_type == "fargate" ? 1 : 0
-  yaml_body = file("./container-insights-agent/aoc_service_fargate.yml")
+  yaml_body = templatefile("./container-insights-agent/aoc_service_fargate.yml", { Namespace : tolist(aws_eks_fargate_profile.test_profile.selector)[0].namespace })
   depends_on = [
-    kubectl_manifest.config_map
+    kubectl_manifest.config_map,
+    aws_eks_fargate_profile.test_profile
   ]
 }
 
 resource "kubectl_manifest" "aoc_fargate_deploy" {
   count = var.aoc_base_scenario == "infra" && var.deployment_type == "fargate" ? 1 : 0
-  yaml_body = templatefile("./container-insights-agent/stateful_set_fargate.tpl",
-  { ClusterName : var.eks_cluster_name, AocRepo : var.aoc_image_repo, AocTag : var.aoc_version })
+  yaml_body = templatefile("./container-insights-agent/stateful_set_fargate.yml",
+  { ClusterName : var.eks_cluster_name, AocRepo : var.aoc_image_repo, AocTag : var.aoc_version, Namespace : tolist(aws_eks_fargate_profile.test_profile.selector)[0].namespace })
   depends_on = [
-    kubectl_manifest.aoc_service_deploy
+    kubectl_manifest.aoc_service_deploy,
+    aws_eks_fargate_profile.test_profile
   ]
 }
 
 resource "kubectl_manifest" "logs_sample_fargate_deploy" {
   count     = var.aoc_base_scenario == "infra" && var.deployment_type == "fargate" ? 1 : 0
-  yaml_body = file("./container-insights-agent/logs_sample_fargate.yml")
+  yaml_body = templatefile("./container-insights-agent/logs_sample_fargate.yml", { Namespace : tolist(aws_eks_fargate_profile.test_profile.selector)[0].namespace })
   depends_on = [
-    kubectl_manifest.aoc_fargate_deploy
+    kubectl_manifest.aoc_fargate_deploy,
+    aws_eks_fargate_profile.test_profile
   ]
 }
diff --git a/terraform/eks/main.tf b/terraform/eks/main.tf
@@ -102,6 +102,54 @@ resource "kubernetes_namespace" "aoc_ns" {
   }
 }
 
+# create a unique fargate namespace for each run
+resource "kubernetes_namespace" "aoc_fargate_ns" {
+  metadata {
+    name = "aoc-fargate-ns-${module.common.testing_id}"
+  }
+}
+
+resource "aws_iam_role" "fargate_profile_file" {
+  name                = "fargate-profile-role-${module.common.testing_id}"
+  managed_policy_arns = ["arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy"]
+
+  # Terraform's "jsonencode" function converts a
+  # Terraform expression result to valid JSON syntax.
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
+        Principal = {
+          Service = "eks-fargate-pods.amazonaws.com"
+        }
+      },
+    ]
+  })
+}
+
+data "aws_subnet_ids" "private_subnets" {
+  vpc_id = data.aws_eks_cluster.testing_cluster.vpc_config[0].vpc_id
+  filter {
+    name   = "mapPublicIpOnLaunch"
+    values = ["false"] # insert values here
+  }
+}
+
+resource "aws_eks_fargate_profile" "test_profile" {
+  cluster_name           = var.eks_cluster_name
+  fargate_profile_name   = "fp-aoc-${module.common.testing_id}"
+  pod_execution_role_arn = aws_iam_role.fargate_profile_file.arn
+  subnet_ids             = data.aws_subnet_ids.private_subnets.ids
+
+  selector {
+    namespace = kubernetes_namespace.aoc_fargate_ns.metadata[0].name
+  }
+
+  depends_on = [aws_iam_role.fargate_profile_file, kubernetes_namespace.aoc_fargate_ns]
+}
+
 resource "kubernetes_service_account" "aoc-role" {
   metadata {
     name      = "aoc-role-${module.common.testing_id}"
@@ -114,14 +162,14 @@ resource "kubernetes_service_account" "aoc-role" {
 resource "kubernetes_service_account" "aoc-fargate-role" {
   metadata {
     name      = "aoc-fargate-role-${module.common.testing_id}"
-    namespace = "default"
+    namespace = tolist(aws_eks_fargate_profile.test_profile.selector)[0].namespace
     annotations = {
       "eks.amazonaws.com/role-arn" : module.iam_assumable_role_admin.iam_role_arn
     }
   }
 
   automount_service_account_token = true
-  depends_on                      = [module.iam_assumable_role_admin]
+  depends_on                      = [module.iam_assumable_role_admin, aws_eks_fargate_profile.test_profile]
 }
 
 module "iam_assumable_role_admin" {
@@ -152,17 +200,19 @@ resource "kubernetes_cluster_role_binding" "aoc-role-binding" {
   subject {
     kind      = "ServiceAccount"
     name      = var.deployment_type == "fargate" ? "aoc-fargate-role-${module.common.testing_id}" : "aoc-role-${module.common.testing_id}"
-    namespace = var.deployment_type == "fargate" ? "default" : kubernetes_namespace.aoc_ns.metadata[0].name
+    namespace = var.deployment_type == "fargate" ? tolist(aws_eks_fargate_profile.test_profile.selector)[0].namespace : kubernetes_namespace.aoc_ns.metadata[0].name
   }
+  depends_on = [aws_eks_fargate_profile.test_profile]
 }
 
 resource "kubernetes_service_account" "aoc-agent-role" {
   metadata {
     name      = "aoc-agent-${module.common.testing_id}"
-    namespace = var.deployment_type == "fargate" ? "default" : kubernetes_namespace.aoc_ns.metadata[0].name
+    namespace = var.deployment_type == "fargate" ? tolist(aws_eks_fargate_profile.test_profile.selector)[0].namespace : kubernetes_namespace.aoc_ns.metadata[0].name
   }
 
   automount_service_account_token = true
+  depends_on                      = [aws_eks_fargate_profile.test_profile]
 }
 
 module "adot_operator" {
@@ -222,5 +272,6 @@ module "validator" {
 
   depends_on = [
     module.aoc_oltp,
-  module.adot_operator]
+    module.adot_operator,
+  kubectl_manifest.logs_sample_fargate_deploy]
 }
diff --git a/terraform/eks/otlp.tf b/terraform/eks/otlp.tf
diff --git a/terraform/eks/prometheus.tf b/terraform/eks/prometheus.tf

Original file line number	Diff line number	Diff line change
`@@ -1,43 +1,49 @@`
`1`	`1`	`data "template_file" "cluster_role_file" {`
`2`	`2`	`template = file("./container-insights-agent/cluster_role.tpl")`
`3`	`3`	`vars = {`
`4`		`- NAMESPACE = var.deployment_type == "fargate" ? "default" : kubernetes_namespace.aoc_ns.metadata[0].name`
	`4`	`+ NAMESPACE = var.deployment_type == "fargate" ? tolist(aws_eks_fargate_profile.test_profile.selector)[0].namespace : kubernetes_namespace.aoc_ns.metadata[0].name`
`5`	`5`	`}`
	`6`	`+ depends_on = [aws_eks_fargate_profile.test_profile]`
`6`	`7`	`}`
`7`	`8`
`8`	`9`	`data "template_file" "cluster_role_binding_file" {`
`9`	`10`	`template = file("./container-insights-agent/cluster_role_binding.tpl")`
`10`	`11`	`vars = {`
`11`		`- NAMESPACE = var.deployment_type == "fargate" ? "default" : kubernetes_namespace.aoc_ns.metadata[0].name,`
	`12`	`+ NAMESPACE = var.deployment_type == "fargate" ? tolist(aws_eks_fargate_profile.test_profile.selector)[0].namespace : kubernetes_namespace.aoc_ns.metadata[0].name,`
`12`	`13`	`SERVICE_ACCOUNT = kubernetes_service_account.aoc-agent-role.metadata[0].name`
`13`	`14`	`}`
	`15`	`+ depends_on = [aws_eks_fargate_profile.test_profile]`
`14`	`16`	`}`
`15`	`17`
`16`	`18`	`data "template_file" "config_map_file" {`
`17`	`19`	`template = file("./container-insights-agent/config_map.tpl")`
`18`	`20`	`vars = {`
`19`		`- NAMESPACE = var.deployment_type == "fargate" ? "default" : kubernetes_namespace.aoc_ns.metadata[0].name`
	`21`	`+ NAMESPACE = var.deployment_type == "fargate" ? tolist(aws_eks_fargate_profile.test_profile.selector)[0].namespace : kubernetes_namespace.aoc_ns.metadata[0].name`
`20`	`22`	`}`
	`23`	`+ depends_on = [aws_eks_fargate_profile.test_profile]`
`21`	`24`	`}`
`22`	`25`
`23`	`26`	`data "template_file" "daemonset_file" {`
`24`	`27`	`template = file("./container-insights-agent/daemonset.tpl")`
`25`	`28`	`vars = {`
`26`		`- NAMESPACE = var.deployment_type == "fargate" ? "default" : kubernetes_namespace.aoc_ns.metadata[0].name`
	`29`	`+ NAMESPACE = var.deployment_type == "fargate" ? tolist(aws_eks_fargate_profile.test_profile.selector)[0].namespace : kubernetes_namespace.aoc_ns.metadata[0].name`
`27`	`30`	`SERVICE_ACCOUNT = kubernetes_service_account.aoc-agent-role.metadata[0].name`
`28`	`31`	`OTELIMAGE = module.common.aoc_image`
`29`	`32`	`REGION = var.region`
`30`	`33`	`}`
	`34`	`+ depends_on = [aws_eks_fargate_profile.test_profile]`
`31`	`35`	`}`
`32`	`36`
`33`	`37`	`resource "kubectl_manifest" "service_account" {`
`34`	`38`	`count = var.aoc_base_scenario == "infra" && var.deployment_type == "fargate" ? 1 : 0`
`35`		`- yaml_body = templatefile("./container-insights-agent/service_account_fargate.tpl",`
	`39`	`+ yaml_body = templatefile("./container-insights-agent/service_account_fargate.yml",`
`36`	`40`	`{`
`37`		`- RoleArn : module.iam_assumable_role_admin.iam_role_arn`
	`41`	`+ RoleArn : module.iam_assumable_role_admin.iam_role_arn,`
	`42`	`+ Namespace : tolist(aws_eks_fargate_profile.test_profile.selector)[0].namespace`
`38`	`43`	`})`
`39`	`44`	`depends_on = [`
`40`		`- module.iam_assumable_role_admin`
	`45`	`+ module.iam_assumable_role_admin,`
	`46`	`+ aws_eks_fargate_profile.test_profile`
`41`	`47`	`]`
`42`	`48`	`}`
`43`	`49`
`@@ -46,14 +52,16 @@ resource "kubectl_manifest" "cluster_role" {`
`46`	`52`	`}`
`47`	`53`
`48`	`54`	`resource "kubectl_manifest" "cluster_role_binding" {`
`49`		`- yaml_body = var.deployment_type == "fargate" ? file("./container-insights-agent/cluster_role_binding_fargate.yml") : data.template_file.cluster_role_binding_file.rendered`
	`55`	`+ yaml_body = var.deployment_type == "fargate" ? templatefile("./container-insights-agent/cluster_role_binding_fargate.yml", { Namespace : tolist(aws_eks_fargate_profile.test_profile.selector)[0].namespace }) : data.template_file.cluster_role_binding_file.rendered`
`50`	`56`	`depends_on = [`
`51`		`- kubectl_manifest.cluster_role`
	`57`	`+ kubectl_manifest.cluster_role,`
	`58`	`+ aws_eks_fargate_profile.test_profile`
`52`	`59`	`]`
`53`	`60`	`}`
`54`	`61`
`55`	`62`	`resource "kubectl_manifest" "config_map" {`
`56`		`- yaml_body = var.deployment_type == "fargate" ? file("./container-insights-agent/config_map_fargate.yml") : data.template_file.config_map_file.rendered`
	`63`	`+ yaml_body = var.deployment_type == "fargate" ? templatefile("./container-insights-agent/config_map_fargate.yml", { Namespace : tolist(aws_eks_fargate_profile.test_profile.selector)[0].namespace }) : data.template_file.config_map_file.rendered`
	`64`	`+ depends_on = [aws_eks_fargate_profile.test_profile]`
`57`	`65`	`}`
`58`	`66`
`59`	`67`	`resource "kubectl_manifest" "daemonset" {`
`@@ -67,25 +75,28 @@ resource "kubectl_manifest" "daemonset" {`
`67`	`75`
`68`	`76`	`resource "kubectl_manifest" "aoc_service_deploy" {`
`69`	`77`	`count = var.aoc_base_scenario == "infra" && var.deployment_type == "fargate" ? 1 : 0`
`70`		`- yaml_body = file("./container-insights-agent/aoc_service_fargate.yml")`
	`78`	`+ yaml_body = templatefile("./container-insights-agent/aoc_service_fargate.yml", { Namespace : tolist(aws_eks_fargate_profile.test_profile.selector)[0].namespace })`
`71`	`79`	`depends_on = [`
`72`		`- kubectl_manifest.config_map`
	`80`	`+ kubectl_manifest.config_map,`
	`81`	`+ aws_eks_fargate_profile.test_profile`
`73`	`82`	`]`
`74`	`83`	`}`
`75`	`84`
`76`	`85`	`resource "kubectl_manifest" "aoc_fargate_deploy" {`
`77`	`86`	`count = var.aoc_base_scenario == "infra" && var.deployment_type == "fargate" ? 1 : 0`
`78`		`- yaml_body = templatefile("./container-insights-agent/stateful_set_fargate.tpl",`
`79`		`- { ClusterName : var.eks_cluster_name, AocRepo : var.aoc_image_repo, AocTag : var.aoc_version })`
	`87`	`+ yaml_body = templatefile("./container-insights-agent/stateful_set_fargate.yml",`
	`88`	`+ { ClusterName : var.eks_cluster_name, AocRepo : var.aoc_image_repo, AocTag : var.aoc_version, Namespace : tolist(aws_eks_fargate_profile.test_profile.selector)[0].namespace })`
`80`	`89`	`depends_on = [`
`81`		`- kubectl_manifest.aoc_service_deploy`
	`90`	`+ kubectl_manifest.aoc_service_deploy,`
	`91`	`+ aws_eks_fargate_profile.test_profile`
`82`	`92`	`]`
`83`	`93`	`}`
`84`	`94`
`85`	`95`	`resource "kubectl_manifest" "logs_sample_fargate_deploy" {`
`86`	`96`	`count = var.aoc_base_scenario == "infra" && var.deployment_type == "fargate" ? 1 : 0`
`87`		`- yaml_body = file("./container-insights-agent/logs_sample_fargate.yml")`
	`97`	`+ yaml_body = templatefile("./container-insights-agent/logs_sample_fargate.yml", { Namespace : tolist(aws_eks_fargate_profile.test_profile.selector)[0].namespace })`
`88`	`98`	`depends_on = [`
`89`		`- kubectl_manifest.aoc_fargate_deploy`
	`99`	`+ kubectl_manifest.aoc_fargate_deploy,`
	`100`	`+ aws_eks_fargate_profile.test_profile`
`90`	`101`	`]`
`91`	`102`	`}`