🧟 Revive the Dead #112
Draft
🧟 Revive the Dead #112
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- We only have the GSA ISE AMI for K8S v1.21... since AWS doesn't allow us to create anything older than v1.23, we need to request new AMIs from GSA ISE, related issues: - GSA/data.gov#3812 - GSA/data.gov#3808 - GSA/data.gov#3761 - Fargate is a lot easier to use for @Jin-Sun-tts's proof of concept :)
- Reference for k8s docker image: https://hub.docker.com/r/alpine/k8s/tags?page=1&name=1.23
we're going to try to use just fargate and then maybe do a combo support of fargate + managed node groups with variable inputs
apparent, this changed?? aws/aws-cli#6920 (comment)
might have breaking changes to consider, primarily aws provider
- Description: The ID of the EKS cluster. Note: currently a value is returned only for local EKS clusters created on Outposts - Description: The name of the EKS cluster
This was maybe defaulting to true in an older version of eks module.. I think this configuration is safe because we are specifying a subset of public cidrs to allow access
This works with the newer version of kubectl, aws cli, eks and k8s - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_cluster#arn - aws cli install: https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html - kubectl version: aws/aws-cli#6920 (comment) - - gravitational/teleport#23032 - https://docs.aws.amazon.com/eks/latest/userguide/create-kubeconfig.html
- k8s v1.28 utilized newer version of the networking api, which forced a newer version of the alb controller (and by extension, the helm chart that deploys that controller) - ANSWER: kubernetes-sigs/aws-load-balancer-controller#2495 (comment) - This is a temp fix on a PR until the full initial revamp is complete
- ERROR: │ Error: unable to build kubernetes objects from release manifest: resource mapping not found for name: 'ingress-nginx-controller' namespace: 'kube-system' from '': no matches for kind 'HorizontalPodAutoscaler' in version 'autoscaling/v2beta2' │ ensure CRDs are installed first - Solution: took a chance and just updated the chart version
This was referenced Oct 7, 2023
- Revive Fargate configuration for karpenter + EFS from old commits - Update calico ... v3.26.2 adding missing files
The data resource should not need to depend on anything.. maybe the issue is changes within the eks module... the resources aren't properly linked anymore.. although... the better fix might be using the module.eks variable and see if there have been improvements that make the cluster referable directly from there??
69 tasks
This seems like the better answer to the last commit concern
The data is base64encoded already, so just decode it and it is the PEM data itself
This looks to be working. It is an upgrade because the autoscaler-provisioner is deprecated. It might not be working because of fargate configuration that still needs some fine-tuning (in terms of spinning up new nodes). However, the helm chart deploys. I haven't hit a blocker that is definitive that we can't use fargate. This requires more investigation. References: - https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/cloudprovider/aws/README.md#auto-discovery-setup - https://github.com/kubernetes/autoscaler/blob/master/charts/cluster-autoscaler/Chart.yaml - https://artifacthub.io/packages/helm/cluster-autoscaler/cluster-autoscaler
- Calico and Starboard don't work, so just comment them out so that terraform can apply mostly cleanly. There is still an issue about running terrraform apply. I think terraform appy needs to be run multiple times because coredns cannot provision effectively because fargate isn't ready?? It should be some depends_on to be added someplace, but mentioning since it's important for brokerpak operations - Lots of design choices to be made. The hardest thing is iteration speed and having the time, energy and resources to do the work. However, I'll actively make comments on things to try if people get stuck working on this.
Moment of truth with this push haha..
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Related to
Checklist:
terraform applyrequirement#cg-contributorsBackground:
In an attempt to leverage k8s for airflow development, the
datagov-brokerpak-eksrepo needs to be on a supported version of k8s. At the time of writing, there are130 resourcesmanaged by this terraform code. Most of it is documented in our cleanup documentation. These 130 resources are managed through57 terraform resourcesand4 terraform modules(eks,aws_load_balancer_controller,vpcandiam_assumable_role_karpenter). Within these resources, Helm charts are used to create many more intangible resources inside of k8s. Referencing all of the documentation and understanding how to make updates to this is important and requires time and effort.Many resources were only included because we knew it was dependency, either through direct documentation or trial and error. I'm trying to cover everything before 10/12; however, I suspect that there will be additional work to do. See notes below on the status of current efforts.
Notes:
module.eksresource, you MUST delete the current cluster and reprovision from scratch, since the tags interfere with talking to the kubernetes control plane.Misc Notes:
eksmoduleReferences:
autoscaler-provisionertocluster-provisionerdocs