chore: Migrated away from old EKS blueprints repository (#437)

aws-containers · Jan 8, 2024 · e96dba0 · e96dba0
1 parent d15bc7d
commit e96dba0
Show file tree

Hide file tree

Showing 26 changed files with 612 additions and 136 deletions.
diff --git a/deploy/kubernetes/charts/opentelemetry/templates/collector.yaml b/deploy/kubernetes/charts/opentelemetry/templates/collector.yaml
@@ -14,6 +14,7 @@
 # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
 # SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 
+{{- if .Values.collector.create -}}
 apiVersion: opentelemetry.io/v1alpha1
 kind: OpenTelemetryCollector
 metadata:
@@ -43,4 +44,5 @@ spec:
         traces:
           receivers: [otlp]
           processors: []
-          exporters: [awsxray]
+          exporters: [awsxray]
+{{- end }}
diff --git a/deploy/kubernetes/charts/opentelemetry/templates/serviceaccount.yaml b/deploy/kubernetes/charts/opentelemetry/templates/serviceaccount.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.collector.create -}}
 {{- if .Values.collector.serviceAccount.create -}}
 apiVersion: v1
 kind: ServiceAccount
@@ -10,3 +11,4 @@ metadata:
     {{- toYaml . | nindent 4 }}
   {{- end }}
 {{- end }}
+{{- end }}
diff --git a/deploy/kubernetes/charts/opentelemetry/values.yaml b/deploy/kubernetes/charts/opentelemetry/values.yaml
@@ -6,6 +6,8 @@ instrumentation:
   port: 4317
 
 collector:
+  create: true
+
   replicaCount: 1
 
   image:

diff --git a/deploy/kubernetes/charts/ui/templates/service.yaml b/deploy/kubernetes/charts/ui/templates/service.yaml
@@ -4,6 +4,10 @@ metadata:
   name: {{ include "ui.fullname" . }}
   labels:
     {{- include "ui.labels" . | nindent 4 }}
+  {{- with .Values.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 spec:
   type: {{ .Values.service.type }}
   ports:

diff --git a/deploy/terraform/eks/default/README.md b/deploy/terraform/eks/default/README.md
@@ -7,6 +7,7 @@ It provides:
 - EKS cluster and managed node groups in multiple availability zones
 - All application dependencies such as RDS, DynamoDB table, Elasticache etc.
 - Deployment of application component Helm charts
+- (Optional) OpenTelemetry support for logs and traces through AWS Distro for OpenTelemetry
 - (Optional) Istio support
 
 NOTE: This will create resources in your AWS account which will incur costs. You are responsible for these costs, and should understand the resources being created before proceeding.
@@ -54,6 +55,8 @@ ui-lb   LoadBalancer   172.20.196.69   aec46b0c98b974cc28201c38dbba79b6-12345676
 
 Enter the domain name from the `EXTERNAL-IP` column in a web browser to access the application.
 
+Note: It may take several minutes for the load balancer to provision, and you may initially receive an error in the browser.
+
 ## Reference
 
 This section documents the variables and outputs of the Terraform configuration.
@@ -63,7 +66,7 @@ This section documents the variables and outputs of the Terraform configuration.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | `environment_name` | Name of the environment which will be used for all resources created | `string` | `retail-store` | yes |
-| `opentelemetry_enabled` | Flag to enable OpenTelemetry, which will install the AWS Distro for OpenTelemetry addon in the EKS cluster, create an OpenTelemetry collector and configure the application components appropriately | `bool` | `false` | no |
+| `opentelemetry_enabled` | Flag to enable OpenTelemetry, which will install the AWS Distro for OpenTelemetry addon in the EKS cluster, create OpenTelemetry collectors and configure the application components appropriately | `bool` | `false` | no |
 | `istio_enabled` | Flag to enable Istio, which will install Istio in the EKS cluster and configure the application components appropriately | `bool` | `false` | no |
 
 ### Outputs

diff --git a/deploy/terraform/eks/default/kubernetes.tf b/deploy/terraform/eks/default/kubernetes.tf
@@ -76,9 +76,10 @@ resource "helm_release" "assets" {
   namespace = kubernetes_namespace_v1.assets.metadata[0].name
   values = [
     templatefile("${path.module}/values/assets.yaml", {
-      image_repository      = module.container_images.result.assets.repository
-      image_tag             = module.container_images.result.assets.tag
-      opentelemetry_enabled = var.opentelemetry_enabled
+      image_repository              = module.container_images.result.assets.repository
+      image_tag                     = module.container_images.result.assets.tag
+      opentelemetry_enabled         = var.opentelemetry_enabled
+      opentelemetry_instrumentation = local.opentelemetry_instrumentation
     })
   ]
 }
@@ -103,13 +104,14 @@ resource "helm_release" "catalog" {
 
   values = [
     templatefile("${path.module}/values/catalog.yaml", {
-      image_repository      = module.container_images.result.catalog.repository
-      image_tag             = module.container_images.result.catalog.tag
-      opentelemetry_enabled = var.opentelemetry_enabled
-      database_endpoint     = "${module.dependencies.catalog_db_endpoint}:${module.dependencies.catalog_db_port}"
-      database_username     = module.dependencies.catalog_db_master_username
-      database_password     = module.dependencies.catalog_db_master_password
-      security_group_id     = aws_security_group.catalog.id
+      image_repository              = module.container_images.result.catalog.repository
+      image_tag                     = module.container_images.result.catalog.tag
+      opentelemetry_enabled         = var.opentelemetry_enabled
+      opentelemetry_instrumentation = local.opentelemetry_instrumentation
+      database_endpoint             = "${module.dependencies.catalog_db_endpoint}:${module.dependencies.catalog_db_port}"
+      database_username             = module.dependencies.catalog_db_master_username
+      database_password             = module.dependencies.catalog_db_master_password
+      security_group_id             = aws_security_group.catalog.id
     })
   ]
 }
@@ -134,11 +136,12 @@ resource "helm_release" "carts" {
 
   values = [
     templatefile("${path.module}/values/carts.yaml", {
-      image_repository      = module.container_images.result.cart.repository
-      image_tag             = module.container_images.result.cart.tag
-      opentelemetry_enabled = var.opentelemetry_enabled
-      role_arn              = module.iam_assumable_role_carts.iam_role_arn
-      table_name            = module.dependencies.carts_dynamodb_table_name
+      image_repository              = module.container_images.result.cart.repository
+      image_tag                     = module.container_images.result.cart.tag
+      opentelemetry_enabled         = var.opentelemetry_enabled
+      opentelemetry_instrumentation = local.opentelemetry_instrumentation
+      role_arn                      = module.iam_assumable_role_carts.iam_role_arn
+      table_name                    = module.dependencies.carts_dynamodb_table_name
     })
   ]
 }
@@ -163,12 +166,13 @@ resource "helm_release" "checkout" {
 
   values = [
     templatefile("${path.module}/values/checkout.yaml", {
-      image_repository      = module.container_images.result.checkout.repository
-      image_tag             = module.container_images.result.checkout.tag
-      opentelemetry_enabled = var.opentelemetry_enabled
-      redis_address         = module.dependencies.checkout_elasticache_primary_endpoint
-      redis_port            = module.dependencies.checkout_elasticache_port
-      security_group_id     = aws_security_group.checkout.id
+      image_repository              = module.container_images.result.checkout.repository
+      image_tag                     = module.container_images.result.checkout.tag
+      opentelemetry_enabled         = var.opentelemetry_enabled
+      opentelemetry_instrumentation = local.opentelemetry_instrumentation
+      redis_address                 = module.dependencies.checkout_elasticache_primary_endpoint
+      redis_port                    = module.dependencies.checkout_elasticache_port
+      security_group_id             = aws_security_group.checkout.id
     })
   ]
 }
@@ -193,18 +197,19 @@ resource "helm_release" "orders" {
 
   values = [
     templatefile("${path.module}/values/orders.yaml", {
-      image_repository       = module.container_images.result.orders.repository
-      image_tag              = module.container_images.result.orders.tag
-      opentelemetry_enabled  = var.opentelemetry_enabled
-      database_endpoint_host = module.dependencies.orders_db_endpoint
-      database_endpoint_port = module.dependencies.orders_db_port
-      database_name          = module.dependencies.orders_db_database_name
-      database_username      = module.dependencies.orders_db_master_username
-      database_password      = module.dependencies.orders_db_master_password
-      rabbitmq_endpoint      = module.dependencies.mq_broker_endpoint
-      rabbitmq_username      = module.dependencies.mq_user
-      rabbitmq_password      = module.dependencies.mq_password
-      security_group_id      = aws_security_group.orders.id
+      image_repository              = module.container_images.result.orders.repository
+      image_tag                     = module.container_images.result.orders.tag
+      opentelemetry_enabled         = var.opentelemetry_enabled
+      opentelemetry_instrumentation = local.opentelemetry_instrumentation
+      database_endpoint_host        = module.dependencies.orders_db_endpoint
+      database_endpoint_port        = module.dependencies.orders_db_port
+      database_name                 = module.dependencies.orders_db_database_name
+      database_username             = module.dependencies.orders_db_master_username
+      database_password             = module.dependencies.orders_db_master_password
+      rabbitmq_endpoint             = module.dependencies.mq_broker_endpoint
+      rabbitmq_username             = module.dependencies.mq_user
+      rabbitmq_password             = module.dependencies.mq_password
+      security_group_id             = aws_security_group.orders.id
     })
   ]
 }
@@ -222,33 +227,49 @@ resource "kubernetes_namespace_v1" "ui" {
 }
 
 resource "helm_release" "ui" {
+  depends_on = [
+    helm_release.catalog,
+    helm_release.carts,
+    helm_release.checkout,
+    helm_release.orders,
+    helm_release.assets
+  ]
+
   name  = "ui"
   chart = "../../../kubernetes/charts/ui"
 
   namespace = kubernetes_namespace_v1.ui.metadata[0].name
 
   values = [
     templatefile("${path.module}/values/ui.yaml", {
-      image_repository      = module.container_images.result.ui.repository
-      image_tag             = module.container_images.result.ui.tag
-      opentelemetry_enabled = var.opentelemetry_enabled
-      istio_enabled         = var.istio_enabled
+      image_repository              = module.container_images.result.ui.repository
+      image_tag                     = module.container_images.result.ui.tag
+      opentelemetry_enabled         = var.opentelemetry_enabled
+      opentelemetry_instrumentation = local.opentelemetry_instrumentation
+      istio_enabled                 = var.istio_enabled
     })
   ]
 }
 
 resource "time_sleep" "restart_pods" {
+  triggers = {
+    opentelemetry_enabled = var.opentelemetry_enabled
+  }
+
   create_duration = "30s"
 
   depends_on = [
-    helm_release.ui,
-    helm_release.opentelemetry
+    helm_release.ui
   ]
 }
 
 resource "null_resource" "restart_pods" {
   depends_on = [time_sleep.restart_pods]
 
+  triggers = {
+    opentelemetry_enabled = var.opentelemetry_enabled
+  }
+
   provisioner "local-exec" {
     interpreter = ["/bin/bash", "-c"]
     environment = {

diff --git a/deploy/terraform/eks/default/main.tf b/deploy/terraform/eks/default/main.tf
@@ -36,27 +36,28 @@ module "dependencies" {
   subnet_ids         = module.vpc.inner.private_subnets
   availability_zones = module.vpc.inner.azs
 
-  catalog_security_group_id  = local.security_groups_active ? aws_security_group.catalog.id: module.retail_app_eks.node_security_group_id
-  orders_security_group_id   = local.security_groups_active ? aws_security_group.orders.id: module.retail_app_eks.node_security_group_id
-  checkout_security_group_id = local.security_groups_active ? aws_security_group.checkout.id: module.retail_app_eks.node_security_group_id
+  catalog_security_group_id  = local.security_groups_active ? aws_security_group.catalog.id : module.retail_app_eks.node_security_group_id
+  orders_security_group_id   = local.security_groups_active ? aws_security_group.orders.id : module.retail_app_eks.node_security_group_id
+  checkout_security_group_id = local.security_groups_active ? aws_security_group.checkout.id : module.retail_app_eks.node_security_group_id
 }
 
 module "retail_app_eks" {
   source = "../../lib/eks"
 
   providers = {
     kubernetes.cluster = kubernetes.cluster
-    kubernetes.addons = kubernetes
+    kubernetes.addons  = kubernetes
 
     helm = helm
   }
 
-  environment_name = var.environment_name
-  cluster_version  = "1.24"
-  vpc_id           = module.vpc.inner.vpc_id
-  vpc_cidr         = module.vpc.inner.vpc_cidr_block
-  subnet_ids       = module.vpc.inner.private_subnets
-  tags             = module.tags.result
+  environment_name      = var.environment_name
+  cluster_version       = "1.24"
+  vpc_id                = module.vpc.inner.vpc_id
+  vpc_cidr              = module.vpc.inner.vpc_cidr_block
+  subnet_ids            = module.vpc.inner.private_subnets
+  opentelemetry_enabled = var.opentelemetry_enabled
+  tags                  = module.tags.result
 
   istio_enabled = var.istio_enabled
-}
+}
diff --git a/deploy/terraform/eks/default/opentelemetry.tf b/deploy/terraform/eks/default/opentelemetry.tf
@@ -1,38 +1,38 @@
-module "iam_assumable_role_adot_xray" {
-  source                        = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc"
-  version                       = "~> v5.5.0"
-  create_role                   = true
-  role_name                     = "${var.environment_name}-opentelemetry-collector"
-  provider_url                  = module.retail_app_eks.eks_oidc_issuer_url
-  role_policy_arns              = ["arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess"]
-  oidc_fully_qualified_subjects = ["system:serviceaccount:opentelemetry:opentelemetry-collector"]
-
-  tags = module.tags.result
-}
-
-resource "kubernetes_namespace_v1" "opentelemetry" {
+resource "kubectl_manifest" "otel_instrumentation" {
   count = var.opentelemetry_enabled ? 1 : 0
 
   depends_on = [
-    null_resource.addons_blocker
+    time_sleep.workloads
   ]
-
-  metadata {
-    name = "opentelemetry"
-  }
-}
 
-resource "helm_release" "opentelemetry" {
-  count = var.opentelemetry_enabled ? 1 : 0
-
-  name       = "opentelemetry"
-  chart      = "../../../kubernetes/charts/opentelemetry"
-
-  namespace  = kubernetes_namespace_v1.opentelemetry[0].metadata[0].name
+  yaml_body = yamlencode({
+    "apiVersion" = "opentelemetry.io/v1alpha1"
+    "kind"       = "Instrumentation"
+    "metadata" = {
+      "name"      = "default-instrumentation"
+      "namespace" = "${module.retail_app_eks.adot_namespace}"
+    }
+    "spec" = {
+      "env" = [
+        {
+          "name"  = "OTEL_JAVAAGENT_ENABLED"
+          "value" = "true"
+        },
+      ]
+      "exporter" = {
+        "endpoint" = "http://adot-col-otlp-ingest-collector.${module.retail_app_eks.adot_namespace}:4317"
+      }
+      "propagators" = [
+        "tracecontext",
+        "baggage",
+      ]
+      "sampler" = {
+        "type" = "always_on"
+      }
+    }
+  })
+}
 
-  values = [
-    templatefile("${path.module}/values/opentelemetry.yaml", { 
-      adot_xray_role_arn = module.iam_assumable_role_adot_xray.iam_role_arn
-    })
-  ]
-}
+locals {
+  opentelemetry_instrumentation = var.opentelemetry_enabled ? "${module.retail_app_eks.adot_namespace}/${yamldecode(kubectl_manifest.otel_instrumentation[0].yaml_body_parsed).metadata.name}" : ""
+}
diff --git a/deploy/terraform/eks/default/output.tf b/deploy/terraform/eks/default/output.tf
@@ -1,4 +1,4 @@
 output "configure_kubectl" {
   description = "Command to update kubeconfig for this cluster"
   value       = module.retail_app_eks.configure_kubectl
-}
+}
diff --git a/deploy/terraform/eks/default/providers.tf b/deploy/terraform/eks/default/providers.tf
@@ -1,15 +1,16 @@
 terraform {
   required_providers {
     aws = {
-      source  = "hashicorp/aws"
+      source = "hashicorp/aws"
     }
     kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = "2.16.1"
+      source = "hashicorp/kubernetes"
     }
     helm = {
-      source  = "hashicorp/helm"
-      version = "2.9.0"
+      source = "hashicorp/helm"
+    }
+    kubectl = {
+      source = "gavinbunney/kubectl"
     }
   }
 }
@@ -31,6 +32,14 @@ provider "kubernetes" {
   token                  = data.aws_eks_cluster_auth.cluster.token
 }
 
+provider "kubectl" {
+  apply_retry_count      = 10
+  host                   = module.retail_app_eks.cluster_endpoint
+  cluster_ca_certificate = base64decode(module.retail_app_eks.cluster_certificate_authority_data)
+  load_config_file       = false
+  token                  = data.aws_eks_cluster_auth.this.token
+}
+
 provider "helm" {
   kubernetes {
     host                   = module.retail_app_eks.cluster_endpoint