Merge branch 'main' into main

.github/PULL_REQUEST_TEMPLATE.md

@@ -7,6 +7,6 @@ Fixes #
 #### Quality checks
 
 - [ ] My content adheres to the style guidelines
-- [ ] I ran `make test` or `make e2e-test` and it was successful
+- [ ] I ran `make test module="<module>"` it was successful (see https://github.com/aws-samples/eks-workshop-v2/blob/main/docs/automated_tests.md)
 
 By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

.github/dependabot.yml

@@ -1,10 +1,6 @@
 version: 2
 
 updates:
-  - package-ecosystem: pip
-    directory: "/helm"
-    schedule:
-      interval: monthly
   - package-ecosystem: "terraform" 
     directory: "/terraform/modules/cluster" 
     schedule:

.github/workflows/test-aiml.yaml

@@ -0,0 +1,17 @@
+name: Test - AIML
+
+on:
+  workflow_dispatch:
+  schedule:
+  - cron: '0 7 * * 3'
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  test-module:
+    uses: ./.github/workflows/module-test.yaml
+    with:
+      module: aiml
+    secrets: inherit

cluster/terraform/eks.tf

@@ -0,0 +1,48 @@
+module "eks" {
+  source  = "terraform-aws-modules/eks/aws"
+  version = "~> 19.16"
+
+  cluster_name                   = var.cluster_name
+  cluster_version                = var.cluster_version
+  cluster_endpoint_public_access = true
+
+  cluster_addons = {
+    vpc-cni = {
+      before_compute = true
+      most_recent    = true
+      configuration_values = jsonencode({
+        env = {
+          ENABLE_POD_ENI                    = "true"
+          ENABLE_PREFIX_DELEGATION          = "true"
+          POD_SECURITY_GROUP_ENFORCING_MODE = "standard"
+        }
+      })
+    }
+  }
+
+  vpc_id     = module.vpc.vpc_id
+  subnet_ids = module.vpc.private_subnets
+
+  create_cluster_security_group = false
+  create_node_security_group    = false
+
+  eks_managed_node_groups = {
+    default = {
+      instance_types       = ["m5.large"]
+      force_update_version = true
+      release_version      = var.ami_release_version
+
+      min_size     = 3
+      max_size     = 6
+      desired_size = 3
+
+      labels = {
+        workshop-default = "yes"
+      }
+    }
+  }
+
+  tags = merge(local.tags, {
+    "karpenter.sh/discovery" = var.cluster_name
+  })
+}

cluster/terraform/main.tf

@@ -0,0 +1,6 @@
+locals {
+  tags = {
+    created-by = "eks-workshop-v2"
+    env        = var.cluster_name
+  }
+}

cluster/terraform/providers.tf

@@ -0,0 +1,16 @@
+provider "aws" {
+  default_tags {
+    tags = local.tags
+  }
+}
+
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.67.0"
+    }
+  }
+
+  required_version = ">= 1.4.2"
+}

cluster/terraform/variables.tf

@@ -0,0 +1,22 @@
+variable "cluster_name" {
+  type    = string
+  default = "eks-workshop"
+}
+
+variable "cluster_version" {
+  description = "EKS cluster version."
+  type        = string
+  default     = "1.25"
+}
+
+variable "ami_release_version" {
+  description = "Default EKS AMI release version for node groups"
+  type        = string
+  default     = " 1.25.6-20230304"
+}
+
+variable "vpc_cidr" {
+  description = "Defines the CIDR block used on Amazon VPC created for Amazon EKS."
+  type        = string
+  default     = "10.42.0.0/16"
+}

cluster/terraform/vpc.tf

@@ -0,0 +1,45 @@
+locals {
+  private_subnets = [for k, v in local.azs : cidrsubnet(var.vpc_cidr, 3, k + 3)]
+  public_subnets  = [for k, v in local.azs : cidrsubnet(var.vpc_cidr, 3, k)]
+  azs             = slice(data.aws_availability_zones.available.names, 0, 3)
+}
+
+data "aws_availability_zones" "available" {
+  state = "available"
+}
+
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "~> 5.1"
+
+  name = var.cluster_name
+  cidr = var.vpc_cidr
+
+  azs                   = local.azs
+  public_subnets        = local.public_subnets
+  private_subnets       = local.private_subnets
+  public_subnet_suffix  = "SubnetPublic"
+  private_subnet_suffix = "SubnetPrivate"
+
+  enable_nat_gateway   = true
+  create_igw           = true
+  enable_dns_hostnames = true
+  single_nat_gateway   = true
+
+  # Manage so we can name
+  manage_default_network_acl    = true
+  default_network_acl_tags      = { Name = "${var.cluster_name}-default" }
+  manage_default_route_table    = true
+  default_route_table_tags      = { Name = "${var.cluster_name}-default" }
+  manage_default_security_group = true
+  default_security_group_tags   = { Name = "${var.cluster_name}-default" }
+
+  public_subnet_tags  = merge(local.tags, {
+    "kubernetes.io/role/elb" = "1"
+  })
+  private_subnet_tags = merge(local.tags, {
+    "karpenter.sh/discovery" = var.cluster_name
+  })
+
+  tags = local.tags
+}

governance/steering.md

@@ -11,9 +11,6 @@ The Steering Committee is a 6 member body, overseeing the governance of the EKS
 | Sai Vennam    | [@svennam92](https://github.com/svennam92)       | Principal EKS DA                            |
 | Niall Thomson | [@niallthomson](https://github.com/niallthomson) | Specialist Solution Architect, Containers   |
 | Ray Krueger   | [@raykrueger](https://github.com/raykrueger)     | Principal Container Specialist              |
-| Ameet Naik    | [@ameetnaik](https://github.com/ameetnaik)       | Technical Account Manager                   |
-| Kamran Habib  | [@kmhabib](https://github.com/kmhabib)           | Solution Architect (TFC at large)           |
-| Theo Salvo    | [@buzzsurfr](https://github.com/buzzsurfr)       | Container Specialist (TFC core team member) |
 
 ## Working Groups
 
@@ -23,10 +20,10 @@ The working groups are led by chairs (6 month terms) and maintainers (6 month te
 | :--------------- | :------------------------------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------------- |
 | Infrastructure   | [Niall Thomson](https://github.com/niallthomson)   |                                                                                                                                                 |
 | Fundamentals     | [Sai Vennam](https://github.com/svennam92)         | [Bijith Nair](https://github.com/bijithnair), [Tolu Okuboyejo](https://github.com/oktab1), [Hemanth AVS](https://github.com/hemanth-avs)        |
-| Autoscaling      | [Sanjeev Ganjihal](https://github.com/sanjeevrg89) |                                                                                                                                                 |
+| Autoscaling      | _Open_ |                                                                                                                                                 |
 | Automation       | [Carlos Santana](https://github.com/csantanapr)    | [Tsahi Duek](https://github.com/tsahiduek), [Sébastien Allamand](https://github.com/allamand), [Yuriy Bezsonov](https://github.com/ybezsonov)   |
-| Machine Learning | [Masatoshi Hayashi](https://github.com/literalice) | [Benjamin Gardiner](https://github.com/bkgardiner)                                                                                              |
-| Networking       | [Sheetal Joshi](https://github.com/sheetaljoshi)   | [Umair Ishaq](https://github.com/umairishaq)                                                                                                    |
+| Machine Learning | [Benjamin Gardiner](https://github.com/bkgardiner) | [Masatoshi Hayashi](https://github.com/literalice)                                                                                              |
+| Networking       | [Sheetal Joshi](https://github.com/sheetaljoshi)   |                                                                                                    |
 | Observability    | [Nirmal Mehta](https://github.com/normalfaults)    | [Steven David](https://github.com/StevenDavid)                                                                                                  |
 | Security         | [Rodrigo Bersa](https://github.com/rodrigobersa)   |                                                                                                                                                 |
 | Storage          | [Eric Heinrichs](https://github.com/heinrichse)    | [Andrew Peng](https://github.com/pengc99)                                                                                                       |

hack/shell.sh

@@ -44,5 +44,6 @@ echo "Starting shell in container..."
 
 $CONTAINER_CLI run --rm -it \
   -v $SCRIPT_DIR/../manifests:/manifests \
+  -v $SCRIPT_DIR/../cluster:/cluster \
   -e 'EKS_CLUSTER_NAME' -e 'AWS_REGION' \
   $aws_credential_args $container_image $shell_command

lab/bin/reset-environment

@@ -52,6 +52,8 @@ fi
 
 kubectl delete pod load-generator --ignore-not-found > /dev/null
 
+kubectl delete namespace other --ignore-not-found > /dev/null
+
 kubectl apply -k $base_path --prune --all \
   --prune-whitelist=autoscaling/v1/HorizontalPodAutoscaler \
   --prune-whitelist=core/v1/Service \
@@ -87,7 +89,7 @@ RESOURCES_PRECREATED=${RESOURCES_PRECREATED:-""}
 
 echo "Cleaning up previous lab infrastructure..."
 
-tf_dir=$(realpath --relative-to='$PWD' '/eks-workshop/terraform')
+tf_dir=$(realpath --relative-to="$PWD" '/eks-workshop/terraform')
 
 terraform -chdir="$tf_dir" init -upgrade > /tmp/terraform-destroy-init.log
 terraform -chdir="$tf_dir" destroy --auto-approve > /tmp/terraform-destroy.log