From 83aed5f6e9abd002746458163b82d599579a5215 Mon Sep 17 00:00:00 2001 From: Niall Thomson Date: Thu, 31 Aug 2023 19:43:44 +0000 Subject: [PATCH 01/20] Port FSxN lab to new workshop structure --- .../storage/fsxn/.workshop/terraform/addon.tf | 116 ++++++++++++++++++ .../fsxn/.workshop/terraform/locals.tf | 23 ---- .../storage/fsxn/.workshop/terraform/main.tf | 7 -- .../fsxn/.workshop/terraform/outputs.tf | 4 - .../fsxn/.workshop/terraform/variables.tf | 20 --- .../fsxn/.workshop/terraform/versions.tf | 10 -- .../storage/fsxn/deployment/deployment.yaml | 2 +- .../fsxn/deployment/kustomization.yaml | 2 +- .../storage/fsx-for-netapp-ontap/.notest | 0 .../deployment-with-fsxn.md | 6 +- .../fsx-for-netapp-ontap/fsxn-csi-driver.md | 14 +-- .../storage/fsx-for-netapp-ontap/index.md | 10 +- website/docusaurus.config.js | 5 +- 13 files changed, 136 insertions(+), 83 deletions(-) create mode 100644 manifests/modules/fundamentals/storage/fsxn/.workshop/terraform/addon.tf delete mode 100644 manifests/modules/fundamentals/storage/fsxn/.workshop/terraform/locals.tf delete mode 100644 manifests/modules/fundamentals/storage/fsxn/.workshop/terraform/main.tf delete mode 100644 manifests/modules/fundamentals/storage/fsxn/.workshop/terraform/outputs.tf delete mode 100644 manifests/modules/fundamentals/storage/fsxn/.workshop/terraform/variables.tf delete mode 100644 manifests/modules/fundamentals/storage/fsxn/.workshop/terraform/versions.tf delete mode 100644 website/docs/fundamentals/storage/fsx-for-netapp-ontap/.notest diff --git a/manifests/modules/fundamentals/storage/fsxn/.workshop/terraform/addon.tf b/manifests/modules/fundamentals/storage/fsxn/.workshop/terraform/addon.tf new file mode 100644 index 000000000..854a4f6fd --- /dev/null +++ b/manifests/modules/fundamentals/storage/fsxn/.workshop/terraform/addon.tf @@ -0,0 +1,116 @@ +locals { + helm_config = { + name = "trident-operator" + chart = "trident-operator" + repository = "https://netapp.github.io/trident-helm-chart" + version = "23.01.0" + namespace = "trident" + create_namespace = true + values = local.default_helm_values + set = [] + description = "Amazon FSx for NetApp ONTAP CSI storage provisioner using the Trident Operator." + wait = false + } + + default_helm_values = [templatefile("${path.module}/values.yaml", {})] +} + +module "helm_addon" { + source = "github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons/helm-addon?ref=v4.16.0" + manage_via_gitops = false + helm_config = local.helm_config + irsa_config = [] + addon_context = local.addon_context +} + +data "aws_vpc" "selected_vpc_fsx" { + tags = { + created-by = "eks-workshop-v2" + env = local.addon_context.eks_cluster_id + } +} + +data "aws_subnets" "private_subnets_fsx" { + tags = { + created-by = "eks-workshop-v2" + env = local.addon_context.eks_cluster_id + } + + filter { + name = "tag:Name" + values = ["*Private*"] + } +} + +resource "random_string" "fsx_password" { + length = 10 + special = false +} + +data "aws_route_table" "private" { + count = length(data.aws_subnets.private_subnets_fsx.ids) + + vpc_id = data.aws_vpc.selected_vpc_fsx.id + subnet_id = data.aws_subnets.private_subnets_fsx.ids[count.index] +} + +resource "aws_fsx_ontap_file_system" "fsxnassets" { + storage_capacity = 2048 + subnet_ids = slice(data.aws_subnets.private_subnets_fsx.ids, 0, 2) + deployment_type = "MULTI_AZ_1" + throughput_capacity = 512 + preferred_subnet_id = data.aws_subnets.private_subnets_fsx.ids[0] + security_group_ids = [aws_security_group.fsxn.id] + fsx_admin_password = random_string.fsx_password.result + route_table_ids = data.aws_route_table.private.*.id + + tags = merge( + local.tags, + { + Name = "${local.addon_context.eks_cluster_id}-fsxn-assets" + } + ) +} + +resource "aws_fsx_ontap_storage_virtual_machine" "fsxnsvm" { + file_system_id = aws_fsx_ontap_file_system.fsxnassets.id + name = "fsxnsvm" +} + +resource "aws_security_group" "fsxn" { + name_prefix = "security group for fsx access" + vpc_id = data.aws_vpc.selected_vpc_fsx.id + tags = merge( + local.tags, + { + Name = "${local.addon_context.eks_cluster_id}-fsxnsecuritygroup" + } + ) +} + +resource "aws_security_group_rule" "fsxn_inbound" { + description = "allow inbound traffic to eks" + from_port = 0 + protocol = "-1" + to_port = 0 + security_group_id = aws_security_group.fsxn.id + type = "ingress" + cidr_blocks = [data.aws_vpc.selected_vpc_fsx.cidr_block] +} + +resource "aws_security_group_rule" "fsxn_outbound" { + description = "allow outbound traffic to anywhere" + from_port = 0 + protocol = "-1" + security_group_id = aws_security_group.fsxn.id + to_port = 0 + type = "egress" + cidr_blocks = [data.aws_vpc.selected_vpc_fsx.cidr_block] +} + +output "environment" { + value = < Date: Fri, 1 Sep 2023 06:06:50 +0000 Subject: [PATCH 02/20] Bump mocha-junit-reporter from 2.2.0 to 2.2.1 in /test/util Bumps [mocha-junit-reporter](https://github.com/michaelleeallen/mocha-junit-reporter) from 2.2.0 to 2.2.1. - [Release notes](https://github.com/michaelleeallen/mocha-junit-reporter/releases) - [Commits](https://github.com/michaelleeallen/mocha-junit-reporter/compare/v2.2.0...v2.2.1) --- updated-dependencies: - dependency-name: mocha-junit-reporter dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- test/util/package-lock.json | 35 +++++++++++++++++++---------------- test/util/package.json | 2 +- 2 files changed, 20 insertions(+), 17 deletions(-) diff --git a/test/util/package-lock.json b/test/util/package-lock.json index 8e758f02b..99d4ef248 100644 --- a/test/util/package-lock.json +++ b/test/util/package-lock.json @@ -11,7 +11,7 @@ "chai": "^4.3.6", "commander": "^11.0.0", "glob-to-regexp": "^0.4.1", - "mocha-junit-reporter": "^2.0.2", + "mocha-junit-reporter": "^2.2.1", "mochawesome": "^7.0.1", "remark": "^14.0.3", "remark-frontmatter": "^4.0.1", @@ -1917,14 +1917,17 @@ } }, "node_modules/mkdirp": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-1.0.4.tgz", - "integrity": "sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw==", + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-3.0.1.tgz", + "integrity": "sha512-+NsyUUAZDmo6YVHzL/stxSu3t9YS1iljliy3BSDrXJ/dkn1KYdmtZODGGjLcc9XLgVVpH4KshHB8XmZgMhaBXg==", "bin": { - "mkdirp": "bin/cmd.js" + "mkdirp": "dist/cjs/src/bin.js" }, "engines": { "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" } }, "node_modules/mocha": { @@ -1968,13 +1971,13 @@ } }, "node_modules/mocha-junit-reporter": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/mocha-junit-reporter/-/mocha-junit-reporter-2.2.0.tgz", - "integrity": "sha512-W83Ddf94nfLiTBl24aS8IVyFvO8aRDLlCvb+cKb/VEaN5dEbcqu3CXiTe8MQK2DvzS7oKE1RsFTxzN302GGbDQ==", + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/mocha-junit-reporter/-/mocha-junit-reporter-2.2.1.tgz", + "integrity": "sha512-iDn2tlKHn8Vh8o4nCzcUVW4q7iXp7cC4EB78N0cDHIobLymyHNwe0XG8HEHHjc3hJlXm0Vy6zcrxaIhnI2fWmw==", "dependencies": { "debug": "^4.3.4", "md5": "^2.3.0", - "mkdirp": "~1.0.4", + "mkdirp": "^3.0.0", "strip-ansi": "^6.0.1", "xml": "^1.0.1" }, @@ -4424,9 +4427,9 @@ "dev": true }, "mkdirp": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-1.0.4.tgz", - "integrity": "sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw==" + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-3.0.1.tgz", + "integrity": "sha512-+NsyUUAZDmo6YVHzL/stxSu3t9YS1iljliy3BSDrXJ/dkn1KYdmtZODGGjLcc9XLgVVpH4KshHB8XmZgMhaBXg==" }, "mocha": { "version": "10.1.0", @@ -4458,13 +4461,13 @@ } }, "mocha-junit-reporter": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/mocha-junit-reporter/-/mocha-junit-reporter-2.2.0.tgz", - "integrity": "sha512-W83Ddf94nfLiTBl24aS8IVyFvO8aRDLlCvb+cKb/VEaN5dEbcqu3CXiTe8MQK2DvzS7oKE1RsFTxzN302GGbDQ==", + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/mocha-junit-reporter/-/mocha-junit-reporter-2.2.1.tgz", + "integrity": "sha512-iDn2tlKHn8Vh8o4nCzcUVW4q7iXp7cC4EB78N0cDHIobLymyHNwe0XG8HEHHjc3hJlXm0Vy6zcrxaIhnI2fWmw==", "requires": { "debug": "^4.3.4", "md5": "^2.3.0", - "mkdirp": "~1.0.4", + "mkdirp": "^3.0.0", "strip-ansi": "^6.0.1", "xml": "^1.0.1" } diff --git a/test/util/package.json b/test/util/package.json index bc9e1fe91..768687c80 100644 --- a/test/util/package.json +++ b/test/util/package.json @@ -35,7 +35,7 @@ "chai": "^4.3.6", "commander": "^11.0.0", "glob-to-regexp": "^0.4.1", - "mocha-junit-reporter": "^2.0.2", + "mocha-junit-reporter": "^2.2.1", "mochawesome": "^7.0.1", "remark": "^14.0.3", "remark-frontmatter": "^4.0.1", From df7f99bcf0d7e6b563f89b3fbd6f9b0754d9d2c3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Sep 2023 06:07:00 +0000 Subject: [PATCH 03/20] Bump @types/sinon from 10.0.13 to 10.0.16 in /test/util Bumps [@types/sinon](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/sinon) from 10.0.13 to 10.0.16. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/sinon) --- updated-dependencies: - dependency-name: "@types/sinon" dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- test/util/package-lock.json | 14 +++++++------- test/util/package.json | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/test/util/package-lock.json b/test/util/package-lock.json index 8e758f02b..436714fc4 100644 --- a/test/util/package-lock.json +++ b/test/util/package-lock.json @@ -27,7 +27,7 @@ "@types/mocha": "^10.0.1", "@types/mock-fs": "^4.13.1", "@types/node": "^20.3.3", - "@types/sinon": "^10.0.13", + "@types/sinon": "^10.0.16", "@types/unist": "^2.0.6", "@types/yargs": "^17.0.24", "mock-fs": "^5.1.4", @@ -205,9 +205,9 @@ "dev": true }, "node_modules/@types/sinon": { - "version": "10.0.13", - "resolved": "https://registry.npmjs.org/@types/sinon/-/sinon-10.0.13.tgz", - "integrity": "sha512-UVjDqJblVNQYvVNUsj0PuYYw0ELRmgt1Nt5Vk0pT5f16ROGfcKJY8o1HVuMOJOpD727RrGB9EGvoaTQE5tgxZQ==", + "version": "10.0.16", + "resolved": "https://registry.npmjs.org/@types/sinon/-/sinon-10.0.16.tgz", + "integrity": "sha512-j2Du5SYpXZjJVJtXBokASpPRj+e2z+VUhCPHmM6WMfe3dpHu6iVKJMU6AiBcMp/XTAYnEj6Wc1trJUWwZ0QaAQ==", "dev": true, "dependencies": { "@types/sinonjs__fake-timers": "*" @@ -3256,9 +3256,9 @@ "dev": true }, "@types/sinon": { - "version": "10.0.13", - "resolved": "https://registry.npmjs.org/@types/sinon/-/sinon-10.0.13.tgz", - "integrity": "sha512-UVjDqJblVNQYvVNUsj0PuYYw0ELRmgt1Nt5Vk0pT5f16ROGfcKJY8o1HVuMOJOpD727RrGB9EGvoaTQE5tgxZQ==", + "version": "10.0.16", + "resolved": "https://registry.npmjs.org/@types/sinon/-/sinon-10.0.16.tgz", + "integrity": "sha512-j2Du5SYpXZjJVJtXBokASpPRj+e2z+VUhCPHmM6WMfe3dpHu6iVKJMU6AiBcMp/XTAYnEj6Wc1trJUWwZ0QaAQ==", "dev": true, "requires": { "@types/sinonjs__fake-timers": "*" diff --git a/test/util/package.json b/test/util/package.json index bc9e1fe91..f18f1b1e1 100644 --- a/test/util/package.json +++ b/test/util/package.json @@ -21,7 +21,7 @@ "@types/mocha": "^10.0.1", "@types/mock-fs": "^4.13.1", "@types/node": "^20.3.3", - "@types/sinon": "^10.0.13", + "@types/sinon": "^10.0.16", "@types/unist": "^2.0.6", "@types/yargs": "^17.0.24", "mock-fs": "^5.1.4", From 945d01d1b8f9ff8a3ad643f73e67648a5c4e7f21 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Sep 2023 06:51:05 +0000 Subject: [PATCH 04/20] Bump pyyaml from 6.0 to 6.0.1 in /helm Bumps [pyyaml](https://github.com/yaml/pyyaml) from 6.0 to 6.0.1. - [Changelog](https://github.com/yaml/pyyaml/blob/main/CHANGES) - [Commits](https://github.com/yaml/pyyaml/compare/6.0...6.0.1) --- updated-dependencies: - dependency-name: pyyaml dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- helm/src/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/src/requirements.txt b/helm/src/requirements.txt index 05d186da5..f3aef0f1d 100644 --- a/helm/src/requirements.txt +++ b/helm/src/requirements.txt @@ -1,7 +1,7 @@ certifi==2023.7.22 charset-normalizer==3.1.0 idna==3.4 -PyYAML==6.0 +PyYAML==6.0.1 requests==2.31.0 semantic-version==2.10.0 urllib3==2.0.3 From 5bf9f1ab3fc20f655290ca5946883a8dca2d7da5 Mon Sep 17 00:00:00 2001 From: candonov <25967713+candonov@users.noreply.github.com> Date: Fri, 8 Sep 2023 11:38:34 -0700 Subject: [PATCH 05/20] Updating steering.md Six months mark, removing candonov as a maintainer in favor of new maintainers. --- governance/steering.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/governance/steering.md b/governance/steering.md index 4b6a244ec..6ef4ee903 100644 --- a/governance/steering.md +++ b/governance/steering.md @@ -24,7 +24,7 @@ The working groups are led by chairs (6 month terms) and maintainers (6 month te | Infrastructure | [Niall Thomson](https://github.com/niallthomson) | | | Fundamentals | [Sai Vennam](https://github.com/svennam92) | [Bijith Nair](https://github.com/bijithnair), [Tolu Okuboyejo](https://github.com/oktab1), [Hemanth AVS](https://github.com/hemanth-avs) | | Autoscaling | [Sanjeev Ganjihal](https://github.com/sanjeevrg89) | | -| Automation | [Carlos Santana](https://github.com/csantanapr) | [Tsahi Duek](https://github.com/tsahiduek), [Christina Andonov](https://github.com/candonov), [Sébastien Allamand](https://github.com/allamand) | +| Automation | [Carlos Santana](https://github.com/csantanapr) | [Tsahi Duek](https://github.com/tsahiduek), [Sébastien Allamand](https://github.com/allamand) | | Machine Learning | [Masatoshi Hayashi](https://github.com/literalice) | [Benjamin Gardiner](https://github.com/bkgardiner) | | Networking | [Sheetal Joshi](https://github.com/sheetaljoshi) | [Umair Ishaq](https://github.com/umairishaq) | | Observability | [Nirmal Mehta](https://github.com/normalfaults) | [Steven David](https://github.com/StevenDavid) | From 0273d829cc45f01be475e1dda762422fbd93eba2 Mon Sep 17 00:00:00 2001 From: Luis Arcega Date: Thu, 17 Aug 2023 13:16:46 -0500 Subject: [PATCH 06/20] Enable IAM Principal AWS Access Console Automatically for C9 Instance user --- .../observability/base/.workshop/cleanup.sh | 23 ++++ .../base/.workshop/terraform/addon.tf | 118 ++++++++++++++++++ .../base/.workshop/terraform/env.sh | 12 ++ .../docs/observability/resource-view/index.md | 11 +- 4 files changed, 162 insertions(+), 2 deletions(-) create mode 100644 manifests/modules/observability/base/.workshop/cleanup.sh create mode 100644 manifests/modules/observability/base/.workshop/terraform/addon.tf create mode 100755 manifests/modules/observability/base/.workshop/terraform/env.sh diff --git a/manifests/modules/observability/base/.workshop/cleanup.sh b/manifests/modules/observability/base/.workshop/cleanup.sh new file mode 100644 index 000000000..8d478b951 --- /dev/null +++ b/manifests/modules/observability/base/.workshop/cleanup.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +if [[ -v C9_USER ]]; then + + + echo 'Deleting ClusterRole config' + kubectl delete ClusterRoleBinding/eks-console-dashboard-full-access-binding --ignore-not-found=true > /dev/null + kubectl wait --for=delete ClusterRoleBinding/eks-console-dashboard-full-access-binding --timeout=60s > /dev/null + + kubectl delete ClusterRole/eks-console-dashboard-full-access-clusterrole --ignore-not-found=true > /dev/null + kubectl wait --for=delete ClusterRole/eks-console-dashboard-full-access-clusterrole --timeout=60s > /dev/null + + echo "Deleting IAM user/role from RBAC auth-config2" + ACCOUNTID=$(aws sts get-caller-identity | jq -r .Account) + + echo "Removing arn:aws:iam::**:role/${C9_USER} from RBAC" + eksctl delete iamidentitymapping --cluster ${EKS_CLUSTER_NAME} --region ${AWS_REGION} --arn arn:aws:iam::${ACCOUNTID}:role/${C9_USER} -d > /dev/null 2>&1 + + echo "Removing arn:aws:iam::**:user/${C9_USER} from RBAC" + eksctl delete iamidentitymapping --cluster ${EKS_CLUSTER_NAME} --region ${AWS_REGION} --arn arn:aws:iam::${ACCOUNTID}:user/${C9_USER} -d > /dev/null 2>&1 +else + echo "No env C9_USER.. Nothing to delete " +fi diff --git a/manifests/modules/observability/base/.workshop/terraform/addon.tf b/manifests/modules/observability/base/.workshop/terraform/addon.tf new file mode 100644 index 000000000..0138f47a1 --- /dev/null +++ b/manifests/modules/observability/base/.workshop/terraform/addon.tf @@ -0,0 +1,118 @@ +resource "kubernetes_cluster_role" "eks-console-dashboard-full-access-clusterrole" { + metadata { + name = "eks-console-dashboard-full-access-clusterrole" + } + + rule { + api_groups = [""] + resources = ["nodes", "namespaces", "pods", "configmaps", "endpoints", "events", "limitranges", "persistentvolumeclaims", "podtemplates", "replicationcontrollers", "resourcequotas", "secrets", "serviceaccounts", "services"] + verbs = ["get", "list", "watch"] + } + + rule { + api_groups = ["apps"] + resources = ["deployments", "daemonsets", "statefulsets", "replicasets"] + verbs = ["get", "list", "watch"] + } + + rule { + api_groups = ["batch"] + resources = ["jobs","cronjobs"] + verbs = ["get", "list", "watch"] + } + + rule { + api_groups = ["coordination.k8s.io"] + resources = ["leases"] + verbs = ["get", "list", "watch"] + } + + rule { + api_groups = ["discovery.k8s.io"] + resources = ["endpointslices"] + verbs = ["get", "list", "watch"] + } + + rule { + api_groups = ["events.k8s.io"] + resources = ["events"] + verbs = ["get", "list", "watch"] + } + + rule { + api_groups = ["extensions"] + resources = ["daemonsets", "deployments", "ingresses", "networkpolicies", "replicasets"] + verbs = ["get", "list", "watch"] + } + + rule { + api_groups = ["networking.k8s.io"] + resources = ["ingresses", "networkpolicies"] + verbs = ["get", "list", "watch"] + } + + rule { + api_groups = ["policy"] + resources = ["poddisruptionbudgets"] + verbs = ["get", "list", "watch"] + } + + rule { + api_groups = ["rbac.authorization.k8s.io"] + resources = ["rolebindings", "roles"] + verbs = ["get", "list", "watch"] + } + + rule { + api_groups = ["storage.k8s.io"] + resources = ["csistoragecapacities"] + verbs = ["get", "list", "watch"] + } +} + + +resource "kubernetes_cluster_role_binding" "eks-console-dashboard-full-access-binding" { + metadata { + name = "eks-console-dashboard-full-access-binding" + } + + role_ref { + api_group = "rbac.authorization.k8s.io" + kind = "ClusterRole" + name = "eks-console-dashboard-full-access-clusterrole" + } + + subject { + kind = "Group" + name = "eks-console-dashboard-full-access-group" + api_group = "rbac.authorization.k8s.io" + } + +} + +data "external" "env" { + program = ["${path.module}/env.sh"] +} + +resource "terraform_data" "console-iam-rbac-mapping" { +/* + triggers_replace = [ + # The provisioner is executed then the `id` of the EC2 instance changes + kubernetes_cluster_role_binding.eks-console-dashboard-full-access-binding + ] +*/ + provisioner "local-exec" { + command = <<-EOT + echo "Mapping RBAC Permissions" + + eksctl create iamidentitymapping --cluster ${local.addon_context.eks_cluster_id} --region ${data.aws_region.current.id} \ + --arn arn:aws:iam::${local.addon_context.aws_caller_identity_account_id}:user/${data.external.env.result["C9_USER"]} --username console-iam-user --group eks-console-dashboard-full-access-group \ + --no-duplicate-arns + + eksctl create iamidentitymapping --cluster ${local.addon_context.eks_cluster_id} --region ${data.aws_region.current.id} \ + --arn arn:aws:iam::${local.addon_context.aws_caller_identity_account_id}:role/${data.external.env.result["C9_USER"]} --username console-iam-role --group eks-console-dashboard-full-access-group \ + --no-duplicate-arns + + EOT + } +} diff --git a/manifests/modules/observability/base/.workshop/terraform/env.sh b/manifests/modules/observability/base/.workshop/terraform/env.sh new file mode 100755 index 000000000..ab09da874 --- /dev/null +++ b/manifests/modules/observability/base/.workshop/terraform/env.sh @@ -0,0 +1,12 @@ +#!/bin/sh + +# env.sh + +# Change the contents of this output to get the environment variables +# of interest. The output must be valid JSON, with strings for both +# keys and values. +cat < Date: Tue, 12 Sep 2023 08:26:07 -0500 Subject: [PATCH 07/20] - Added support for varible C9_USER, injected by Cloud9 to the execution of the container - Added functionality to verify if C9_USER exist, it will grant access to the EKS via WS Console Access --- hack/run-tests.sh | 2 +- hack/shell.sh | 2 +- lab/bin/use-cluster | 8 +++++++- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/hack/run-tests.sh b/hack/run-tests.sh index 3d97b3e46..deba21509 100755 --- a/hack/run-tests.sh +++ b/hack/run-tests.sh @@ -54,5 +54,5 @@ echo "Running test suite..." $CONTAINER_CLI run $background_args \ -v $SCRIPT_DIR/../website/docs:/content \ -v $SCRIPT_DIR/../manifests:/manifests \ - -e 'EKS_CLUSTER_NAME' -e 'AWS_REGION' \ + -e 'EKS_CLUSTER_NAME' -e 'AWS_REGION' -e 'C9_USER' \ $aws_credential_args $container_image -g "{$module,$module/**}" --hook-timeout 1200 --timeout 1200 ${AWS_EKS_WORKSHOP_TEST_FLAGS} diff --git a/hack/shell.sh b/hack/shell.sh index e15a3a5a5..f677db7dd 100644 --- a/hack/shell.sh +++ b/hack/shell.sh @@ -44,5 +44,5 @@ echo "Starting shell in container..." $CONTAINER_CLI run --rm -it \ -v $SCRIPT_DIR/../manifests:/manifests \ - -e 'EKS_CLUSTER_NAME' -e 'AWS_REGION' \ + -e 'EKS_CLUSTER_NAME' -e 'AWS_REGION' -e 'C9_USER' \ $aws_credential_args $container_image $shell_command \ No newline at end of file diff --git a/lab/bin/use-cluster b/lab/bin/use-cluster index 2b2849e5d..e9d5a5893 100644 --- a/lab/bin/use-cluster +++ b/lab/bin/use-cluster @@ -35,4 +35,10 @@ EKS_IP_FAMILY=ipv4 set +a EOT -aws eks update-kubeconfig --name $cluster_name > /dev/null +aws eks update-kubeconfig --name $cluster_name > /dev/null 2>&1 + +if [[ -v C9_USER ]]; then + echo "Granting C9_USER access to the cluster via the AWS Console ${C9_USER}" + eksctl create iamidentitymapping --cluster $cluster_name --arn arn:aws:iam::${AWS_ACCOUNT_ID}:user/${C9_USER} --username console-iam-user --group system:masters --no-duplicate-arns -d > /dev/null 2>&1 + eksctl create iamidentitymapping --cluster $cluster_name --arn arn:aws:iam::${AWS_ACCOUNT_ID}:role/${C9_USER} --username console-iam-role --group system:masters --no-duplicate-arns -d > /dev/null 2>&1 +fi \ No newline at end of file From 551e8e78a58baf1c63d9906cf229ac747835bff5 Mon Sep 17 00:00:00 2001 From: candonov <25967713+candonov@users.noreply.github.com> Date: Wed, 13 Sep 2023 08:26:51 -0700 Subject: [PATCH 08/20] Adding Yuriy as maintainer --- governance/steering.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/governance/steering.md b/governance/steering.md index 6ef4ee903..125ecbe7d 100644 --- a/governance/steering.md +++ b/governance/steering.md @@ -24,7 +24,7 @@ The working groups are led by chairs (6 month terms) and maintainers (6 month te | Infrastructure | [Niall Thomson](https://github.com/niallthomson) | | | Fundamentals | [Sai Vennam](https://github.com/svennam92) | [Bijith Nair](https://github.com/bijithnair), [Tolu Okuboyejo](https://github.com/oktab1), [Hemanth AVS](https://github.com/hemanth-avs) | | Autoscaling | [Sanjeev Ganjihal](https://github.com/sanjeevrg89) | | -| Automation | [Carlos Santana](https://github.com/csantanapr) | [Tsahi Duek](https://github.com/tsahiduek), [Sébastien Allamand](https://github.com/allamand) | +| Automation | [Carlos Santana](https://github.com/csantanapr) | [Tsahi Duek](https://github.com/tsahiduek), [Sébastien Allamand](https://github.com/allamand), [Yuriy Bezsonov](https://github.com/ybezsonov) | | Machine Learning | [Masatoshi Hayashi](https://github.com/literalice) | [Benjamin Gardiner](https://github.com/bkgardiner) | | Networking | [Sheetal Joshi](https://github.com/sheetaljoshi) | [Umair Ishaq](https://github.com/umairishaq) | | Observability | [Nirmal Mehta](https://github.com/normalfaults) | [Steven David](https://github.com/StevenDavid) | From 72958826c0cf8481196afa585d4f2873935556bf Mon Sep 17 00:00:00 2001 From: Mathieu Bruneau Date: Thu, 14 Sep 2023 14:08:52 +0000 Subject: [PATCH 09/20] [Bug]: https://github.com/aws-samples/eks-workshop-v2/tree/stable/manifests/modules/observability/pod-logging/.workshop/terraform Fixes #666 --- website/docs/observability/logging/pod-logging/index.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/website/docs/observability/logging/pod-logging/index.md b/website/docs/observability/logging/pod-logging/index.md index 3d188b9f4..e15beac26 100644 --- a/website/docs/observability/logging/pod-logging/index.md +++ b/website/docs/observability/logging/pod-logging/index.md @@ -14,8 +14,7 @@ $ prepare-environment observability/logging/pods This will make the following changes to your lab environment: - Install AWS for Fluent Bit in the Amazon EKS cluster -You can view the Terraform that applies these changes [here](https://github.com/VAR::MANIFESTS_OWNER/VAR::MANIFESTS_REPOSITORY/tree/VAR::MANIFESTS_REF/manifests/modules/observability/pod-logging/.workshop/terraform). - +You can view the Terraform that applies these changes [here](https://github.com/VAR::MANIFESTS_OWNER/VAR::MANIFESTS_REPOSITORY/tree/VAR::MANIFESTS_REF/manifests/modules/observability/logging/pods/.workshop/terraform). ::: According to the [Twelve-Factor App manifesto](https://12factor.net/), which provides the gold standard for architecting modern applications, containerized applications should output their [logs to stdout and stderr](https://12factor.net/logs). This is also considered best practice in Kubernetes and cluster level log collection systems are built on this premise. From 9db604bafd7106ba7050a40c2571166b1cd57fea Mon Sep 17 00:00:00 2001 From: Luis Arcega Date: Thu, 21 Sep 2023 15:03:43 -0500 Subject: [PATCH 10/20] removing unnecessary resources --- hack/run-tests.sh | 2 +- hack/shell.sh | 2 +- .../observability/base/.workshop/cleanup.sh | 23 ---- .../base/.workshop/terraform/addon.tf | 118 ------------------ .../base/.workshop/terraform/env.sh | 12 -- 5 files changed, 2 insertions(+), 155 deletions(-) delete mode 100644 manifests/modules/observability/base/.workshop/cleanup.sh delete mode 100644 manifests/modules/observability/base/.workshop/terraform/addon.tf delete mode 100755 manifests/modules/observability/base/.workshop/terraform/env.sh diff --git a/hack/run-tests.sh b/hack/run-tests.sh index deba21509..3d97b3e46 100755 --- a/hack/run-tests.sh +++ b/hack/run-tests.sh @@ -54,5 +54,5 @@ echo "Running test suite..." $CONTAINER_CLI run $background_args \ -v $SCRIPT_DIR/../website/docs:/content \ -v $SCRIPT_DIR/../manifests:/manifests \ - -e 'EKS_CLUSTER_NAME' -e 'AWS_REGION' -e 'C9_USER' \ + -e 'EKS_CLUSTER_NAME' -e 'AWS_REGION' \ $aws_credential_args $container_image -g "{$module,$module/**}" --hook-timeout 1200 --timeout 1200 ${AWS_EKS_WORKSHOP_TEST_FLAGS} diff --git a/hack/shell.sh b/hack/shell.sh index f677db7dd..e15a3a5a5 100644 --- a/hack/shell.sh +++ b/hack/shell.sh @@ -44,5 +44,5 @@ echo "Starting shell in container..." $CONTAINER_CLI run --rm -it \ -v $SCRIPT_DIR/../manifests:/manifests \ - -e 'EKS_CLUSTER_NAME' -e 'AWS_REGION' -e 'C9_USER' \ + -e 'EKS_CLUSTER_NAME' -e 'AWS_REGION' \ $aws_credential_args $container_image $shell_command \ No newline at end of file diff --git a/manifests/modules/observability/base/.workshop/cleanup.sh b/manifests/modules/observability/base/.workshop/cleanup.sh deleted file mode 100644 index 8d478b951..000000000 --- a/manifests/modules/observability/base/.workshop/cleanup.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash - -if [[ -v C9_USER ]]; then - - - echo 'Deleting ClusterRole config' - kubectl delete ClusterRoleBinding/eks-console-dashboard-full-access-binding --ignore-not-found=true > /dev/null - kubectl wait --for=delete ClusterRoleBinding/eks-console-dashboard-full-access-binding --timeout=60s > /dev/null - - kubectl delete ClusterRole/eks-console-dashboard-full-access-clusterrole --ignore-not-found=true > /dev/null - kubectl wait --for=delete ClusterRole/eks-console-dashboard-full-access-clusterrole --timeout=60s > /dev/null - - echo "Deleting IAM user/role from RBAC auth-config2" - ACCOUNTID=$(aws sts get-caller-identity | jq -r .Account) - - echo "Removing arn:aws:iam::**:role/${C9_USER} from RBAC" - eksctl delete iamidentitymapping --cluster ${EKS_CLUSTER_NAME} --region ${AWS_REGION} --arn arn:aws:iam::${ACCOUNTID}:role/${C9_USER} -d > /dev/null 2>&1 - - echo "Removing arn:aws:iam::**:user/${C9_USER} from RBAC" - eksctl delete iamidentitymapping --cluster ${EKS_CLUSTER_NAME} --region ${AWS_REGION} --arn arn:aws:iam::${ACCOUNTID}:user/${C9_USER} -d > /dev/null 2>&1 -else - echo "No env C9_USER.. Nothing to delete " -fi diff --git a/manifests/modules/observability/base/.workshop/terraform/addon.tf b/manifests/modules/observability/base/.workshop/terraform/addon.tf deleted file mode 100644 index 0138f47a1..000000000 --- a/manifests/modules/observability/base/.workshop/terraform/addon.tf +++ /dev/null @@ -1,118 +0,0 @@ -resource "kubernetes_cluster_role" "eks-console-dashboard-full-access-clusterrole" { - metadata { - name = "eks-console-dashboard-full-access-clusterrole" - } - - rule { - api_groups = [""] - resources = ["nodes", "namespaces", "pods", "configmaps", "endpoints", "events", "limitranges", "persistentvolumeclaims", "podtemplates", "replicationcontrollers", "resourcequotas", "secrets", "serviceaccounts", "services"] - verbs = ["get", "list", "watch"] - } - - rule { - api_groups = ["apps"] - resources = ["deployments", "daemonsets", "statefulsets", "replicasets"] - verbs = ["get", "list", "watch"] - } - - rule { - api_groups = ["batch"] - resources = ["jobs","cronjobs"] - verbs = ["get", "list", "watch"] - } - - rule { - api_groups = ["coordination.k8s.io"] - resources = ["leases"] - verbs = ["get", "list", "watch"] - } - - rule { - api_groups = ["discovery.k8s.io"] - resources = ["endpointslices"] - verbs = ["get", "list", "watch"] - } - - rule { - api_groups = ["events.k8s.io"] - resources = ["events"] - verbs = ["get", "list", "watch"] - } - - rule { - api_groups = ["extensions"] - resources = ["daemonsets", "deployments", "ingresses", "networkpolicies", "replicasets"] - verbs = ["get", "list", "watch"] - } - - rule { - api_groups = ["networking.k8s.io"] - resources = ["ingresses", "networkpolicies"] - verbs = ["get", "list", "watch"] - } - - rule { - api_groups = ["policy"] - resources = ["poddisruptionbudgets"] - verbs = ["get", "list", "watch"] - } - - rule { - api_groups = ["rbac.authorization.k8s.io"] - resources = ["rolebindings", "roles"] - verbs = ["get", "list", "watch"] - } - - rule { - api_groups = ["storage.k8s.io"] - resources = ["csistoragecapacities"] - verbs = ["get", "list", "watch"] - } -} - - -resource "kubernetes_cluster_role_binding" "eks-console-dashboard-full-access-binding" { - metadata { - name = "eks-console-dashboard-full-access-binding" - } - - role_ref { - api_group = "rbac.authorization.k8s.io" - kind = "ClusterRole" - name = "eks-console-dashboard-full-access-clusterrole" - } - - subject { - kind = "Group" - name = "eks-console-dashboard-full-access-group" - api_group = "rbac.authorization.k8s.io" - } - -} - -data "external" "env" { - program = ["${path.module}/env.sh"] -} - -resource "terraform_data" "console-iam-rbac-mapping" { -/* - triggers_replace = [ - # The provisioner is executed then the `id` of the EC2 instance changes - kubernetes_cluster_role_binding.eks-console-dashboard-full-access-binding - ] -*/ - provisioner "local-exec" { - command = <<-EOT - echo "Mapping RBAC Permissions" - - eksctl create iamidentitymapping --cluster ${local.addon_context.eks_cluster_id} --region ${data.aws_region.current.id} \ - --arn arn:aws:iam::${local.addon_context.aws_caller_identity_account_id}:user/${data.external.env.result["C9_USER"]} --username console-iam-user --group eks-console-dashboard-full-access-group \ - --no-duplicate-arns - - eksctl create iamidentitymapping --cluster ${local.addon_context.eks_cluster_id} --region ${data.aws_region.current.id} \ - --arn arn:aws:iam::${local.addon_context.aws_caller_identity_account_id}:role/${data.external.env.result["C9_USER"]} --username console-iam-role --group eks-console-dashboard-full-access-group \ - --no-duplicate-arns - - EOT - } -} diff --git a/manifests/modules/observability/base/.workshop/terraform/env.sh b/manifests/modules/observability/base/.workshop/terraform/env.sh deleted file mode 100755 index ab09da874..000000000 --- a/manifests/modules/observability/base/.workshop/terraform/env.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/sh - -# env.sh - -# Change the contents of this output to get the environment variables -# of interest. The output must be valid JSON, with strings for both -# keys and values. -cat < Date: Thu, 21 Sep 2023 15:03:43 -0500 Subject: [PATCH 11/20] removing unnecessary resources --- website/docs/observability/resource-view/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/observability/resource-view/index.md b/website/docs/observability/resource-view/index.md index 514d0d70e..e3004c42b 100644 --- a/website/docs/observability/resource-view/index.md +++ b/website/docs/observability/resource-view/index.md @@ -8,7 +8,7 @@ sidebar_custom_props: {"module": true} Prepare your environment for this section: ```bash timeout=300 wait=30 -$ prepare-environment observability/base +$ prepare-environment ``` This will make the following changes to your lab environment: From dcd69c9df194f565b163b9d4a9ada32fbd52bb82 Mon Sep 17 00:00:00 2001 From: Niall Thomson Date: Mon, 25 Sep 2023 20:26:10 +0000 Subject: [PATCH 12/20] Removed unnecessary statements in resource view intro --- website/docs/observability/resource-view/index.md | 5 ----- 1 file changed, 5 deletions(-) diff --git a/website/docs/observability/resource-view/index.md b/website/docs/observability/resource-view/index.md index e3004c42b..ec9d20109 100644 --- a/website/docs/observability/resource-view/index.md +++ b/website/docs/observability/resource-view/index.md @@ -11,11 +11,6 @@ Prepare your environment for this section: $ prepare-environment ``` -This will make the following changes to your lab environment: -- Creates an additional kubernetes ClusterRole with the name "eks-console-dashboard-full-access-clusterrole" -- Creates a Kubernetes ClusterRoleBinding with the name "eks-console-dashboard-full-access-binding" -- Mapps the Cloud9 IAM User/ Role to the ClusterRoleBinding ad RBAC group, to grant access the AWS console to view Kubernetes resources. - You can view the Terraform that applies these changes [here](https://github.com/VAR::MANIFESTS_OWNER/VAR::MANIFESTS_REPOSITORY/tree/VAR::MANIFESTS_REF/manifests/modules/observability/base/.workshop/terraform). ::: From 64ef398856f476f9518a7a4daa768e4133b5b427 Mon Sep 17 00:00:00 2001 From: Niall Thomson Date: Mon, 25 Sep 2023 21:45:23 +0000 Subject: [PATCH 13/20] Minor changes to use-cluster setting C9_USER --- lab/bin/use-cluster | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lab/bin/use-cluster b/lab/bin/use-cluster index e9d5a5893..f2cceff15 100644 --- a/lab/bin/use-cluster +++ b/lab/bin/use-cluster @@ -38,7 +38,7 @@ EOT aws eks update-kubeconfig --name $cluster_name > /dev/null 2>&1 if [[ -v C9_USER ]]; then - echo "Granting C9_USER access to the cluster via the AWS Console ${C9_USER}" - eksctl create iamidentitymapping --cluster $cluster_name --arn arn:aws:iam::${AWS_ACCOUNT_ID}:user/${C9_USER} --username console-iam-user --group system:masters --no-duplicate-arns -d > /dev/null 2>&1 - eksctl create iamidentitymapping --cluster $cluster_name --arn arn:aws:iam::${AWS_ACCOUNT_ID}:role/${C9_USER} --username console-iam-role --group system:masters --no-duplicate-arns -d > /dev/null 2>&1 + echo "Granting C9_USER access to the cluster via the AWS Console ${C9_USER}" + eksctl create iamidentitymapping --cluster $cluster_name --arn arn:aws:iam::${AWS_ACCOUNT_ID}:user/${C9_USER} --username console-iam-user --group system:masters > /dev/null + eksctl create iamidentitymapping --cluster $cluster_name --arn arn:aws:iam::${AWS_ACCOUNT_ID}:role/${C9_USER} --username console-iam-role --group system:masters > /dev/null fi \ No newline at end of file From 5b7fef840e1adc00c535f19e7eb54e8e28231217 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 Sep 2023 22:45:33 +0000 Subject: [PATCH 14/20] Bump get-func-name from 2.0.0 to 2.0.2 in /test/util Bumps [get-func-name](https://github.com/chaijs/get-func-name) from 2.0.0 to 2.0.2. - [Release notes](https://github.com/chaijs/get-func-name/releases) - [Commits](https://github.com/chaijs/get-func-name/commits/v2.0.2) --- updated-dependencies: - dependency-name: get-func-name dependency-type: indirect ... Signed-off-by: dependabot[bot] --- test/util/package-lock.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/test/util/package-lock.json b/test/util/package-lock.json index 8e758f02b..8525d1a41 100644 --- a/test/util/package-lock.json +++ b/test/util/package-lock.json @@ -783,9 +783,9 @@ } }, "node_modules/get-func-name": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/get-func-name/-/get-func-name-2.0.0.tgz", - "integrity": "sha512-Hm0ixYtaSZ/V7C8FJrtZIuBBI+iSgL+1Aq82zSu8VQNB4S3Gk8e7Qs3VwBDJAhmRZcFqkl3tQu36g/Foh5I5ig==", + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/get-func-name/-/get-func-name-2.0.2.tgz", + "integrity": "sha512-8vXOvuE167CtIc3OyItco7N/dpRtBbYOsPsXCz7X/PMnlGjYjSGuZJgM1Y7mmew7BKf9BqvLX2tnOVy1BBUsxQ==", "engines": { "node": "*" } @@ -3675,9 +3675,9 @@ "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==" }, "get-func-name": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/get-func-name/-/get-func-name-2.0.0.tgz", - "integrity": "sha512-Hm0ixYtaSZ/V7C8FJrtZIuBBI+iSgL+1Aq82zSu8VQNB4S3Gk8e7Qs3VwBDJAhmRZcFqkl3tQu36g/Foh5I5ig==" + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/get-func-name/-/get-func-name-2.0.2.tgz", + "integrity": "sha512-8vXOvuE167CtIc3OyItco7N/dpRtBbYOsPsXCz7X/PMnlGjYjSGuZJgM1Y7mmew7BKf9BqvLX2tnOVy1BBUsxQ==" }, "glob": { "version": "7.2.0", From 17ddaa950a84b06705bb67571ecd07b388a3602f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 1 Oct 2023 06:15:36 +0000 Subject: [PATCH 15/20] Bump charset-normalizer from 3.1.0 to 3.3.0 in /helm Bumps [charset-normalizer](https://github.com/Ousret/charset_normalizer) from 3.1.0 to 3.3.0. - [Release notes](https://github.com/Ousret/charset_normalizer/releases) - [Changelog](https://github.com/Ousret/charset_normalizer/blob/master/CHANGELOG.md) - [Commits](https://github.com/Ousret/charset_normalizer/compare/3.1.0...3.3.0) --- updated-dependencies: - dependency-name: charset-normalizer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- helm/src/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/src/requirements.txt b/helm/src/requirements.txt index 05d186da5..73d6e11a5 100644 --- a/helm/src/requirements.txt +++ b/helm/src/requirements.txt @@ -1,5 +1,5 @@ certifi==2023.7.22 -charset-normalizer==3.1.0 +charset-normalizer==3.3.0 idna==3.4 PyYAML==6.0 requests==2.31.0 From a1ddaf48577cbd15ceaf0edbd28d0640e1b066c2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 1 Oct 2023 06:23:56 +0000 Subject: [PATCH 16/20] Bump chai and @types/chai in /test/util Bumps [chai](https://github.com/chaijs/chai) and [@types/chai](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/chai). These dependencies needed to be updated together. Updates `chai` from 4.3.7 to 4.3.10 - [Release notes](https://github.com/chaijs/chai/releases) - [Changelog](https://github.com/chaijs/chai/blob/4.x.x/History.md) - [Commits](https://github.com/chaijs/chai/compare/v4.3.7...v4.3.10) Updates `@types/chai` from 4.3.5 to 4.3.6 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/chai) --- updated-dependencies: - dependency-name: chai dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: "@types/chai" dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- test/util/package-lock.json | 90 ++++++++++++++++++++----------------- test/util/package.json | 4 +- 2 files changed, 50 insertions(+), 44 deletions(-) diff --git a/test/util/package-lock.json b/test/util/package-lock.json index 8e758f02b..4c93ce1d4 100644 --- a/test/util/package-lock.json +++ b/test/util/package-lock.json @@ -8,7 +8,7 @@ "name": "framework", "version": "0.0.1", "dependencies": { - "chai": "^4.3.6", + "chai": "^4.3.10", "commander": "^11.0.0", "glob-to-regexp": "^0.4.1", "mocha-junit-reporter": "^2.0.2", @@ -21,7 +21,7 @@ "yaml": "^2.3.1" }, "devDependencies": { - "@types/chai": "^4.3.5", + "@types/chai": "^4.3.6", "@types/glob-to-regexp": "^0.4.1", "@types/mdast": "^3.0.11", "@types/mocha": "^10.0.1", @@ -144,9 +144,9 @@ "dev": true }, "node_modules/@types/chai": { - "version": "4.3.5", - "resolved": "https://registry.npmjs.org/@types/chai/-/chai-4.3.5.tgz", - "integrity": "sha512-mEo1sAde+UCE6b2hxn332f1g1E8WfYRu6p5SvTKr2ZKC1f7gFJXk4h5PyGP9Dt6gCaG8y8XhwnXWC6Iy2cmBng==", + "version": "4.3.6", + "resolved": "https://registry.npmjs.org/@types/chai/-/chai-4.3.6.tgz", + "integrity": "sha512-VOVRLM1mBxIRxydiViqPcKn6MIxZytrbMpd6RJLIWKxUNr3zux8no0Oc7kJx0WAPIitgZ0gkrDS+btlqQpubpw==", "dev": true }, "node_modules/@types/debug": { @@ -411,17 +411,17 @@ } }, "node_modules/chai": { - "version": "4.3.7", - "resolved": "https://registry.npmjs.org/chai/-/chai-4.3.7.tgz", - "integrity": "sha512-HLnAzZ2iupm25PlN0xFreAlBA5zaBSv3og0DdeGA4Ar6h6rJ3A0rolRUKJhSF2V10GZKDgWF/VmAEsNWjCRB+A==", + "version": "4.3.10", + "resolved": "https://registry.npmjs.org/chai/-/chai-4.3.10.tgz", + "integrity": "sha512-0UXG04VuVbruMUYbJ6JctvH0YnC/4q3/AkT18q4NaITo91CUm0liMS9VqzT9vZhVQ/1eqPanMWjBM+Juhfb/9g==", "dependencies": { "assertion-error": "^1.1.0", - "check-error": "^1.0.2", - "deep-eql": "^4.1.2", - "get-func-name": "^2.0.0", - "loupe": "^2.3.1", + "check-error": "^1.0.3", + "deep-eql": "^4.1.3", + "get-func-name": "^2.0.2", + "loupe": "^2.3.6", "pathval": "^1.1.1", - "type-detect": "^4.0.5" + "type-detect": "^4.0.8" }, "engines": { "node": ">=4" @@ -471,9 +471,12 @@ } }, "node_modules/check-error": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/check-error/-/check-error-1.0.2.tgz", - "integrity": "sha512-BrgHpW9NURQgzoNyjfq0Wu6VFO6D7IZEmJNdtgNqpzGG8RuNFHt2jQxWlAs4HMe119chBnv+34syEZtc6IhLtA==", + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/check-error/-/check-error-1.0.3.tgz", + "integrity": "sha512-iKEoDYaRmd1mxM90a2OEfWhjsjPpYPuQ+lMYsoxB126+t8fw7ySEO48nmDg5COTjxDI65/Y2OWpeEHk3ZOe8zg==", + "dependencies": { + "get-func-name": "^2.0.2" + }, "engines": { "node": "*" } @@ -613,9 +616,9 @@ } }, "node_modules/deep-eql": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/deep-eql/-/deep-eql-4.1.2.tgz", - "integrity": "sha512-gT18+YW4CcW/DBNTwAmqTtkJh7f9qqScu2qFVlx7kCoeY9tlBu9cUcr7+I+Z/noG8INehS3xQgLpTtd/QUTn4w==", + "version": "4.1.3", + "resolved": "https://registry.npmjs.org/deep-eql/-/deep-eql-4.1.3.tgz", + "integrity": "sha512-WaEtAOpRA1MQ0eohqZjpGD8zdI0Ovsm8mmFhaDN8dvDZzyoUMcYDnf5Y6iu7HTXxf8JDS23qWa4a+hKCDyOPzw==", "dependencies": { "type-detect": "^4.0.0" }, @@ -783,9 +786,9 @@ } }, "node_modules/get-func-name": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/get-func-name/-/get-func-name-2.0.0.tgz", - "integrity": "sha512-Hm0ixYtaSZ/V7C8FJrtZIuBBI+iSgL+1Aq82zSu8VQNB4S3Gk8e7Qs3VwBDJAhmRZcFqkl3tQu36g/Foh5I5ig==", + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/get-func-name/-/get-func-name-2.0.2.tgz", + "integrity": "sha512-8vXOvuE167CtIc3OyItco7N/dpRtBbYOsPsXCz7X/PMnlGjYjSGuZJgM1Y7mmew7BKf9BqvLX2tnOVy1BBUsxQ==", "engines": { "node": "*" } @@ -3195,9 +3198,9 @@ "dev": true }, "@types/chai": { - "version": "4.3.5", - "resolved": "https://registry.npmjs.org/@types/chai/-/chai-4.3.5.tgz", - "integrity": "sha512-mEo1sAde+UCE6b2hxn332f1g1E8WfYRu6p5SvTKr2ZKC1f7gFJXk4h5PyGP9Dt6gCaG8y8XhwnXWC6Iy2cmBng==", + "version": "4.3.6", + "resolved": "https://registry.npmjs.org/@types/chai/-/chai-4.3.6.tgz", + "integrity": "sha512-VOVRLM1mBxIRxydiViqPcKn6MIxZytrbMpd6RJLIWKxUNr3zux8no0Oc7kJx0WAPIitgZ0gkrDS+btlqQpubpw==", "dev": true }, "@types/debug": { @@ -3412,17 +3415,17 @@ "integrity": "sha512-eyrF0jiFpY+3drT6383f1qhkbGsLSifNAjA61IUjZjmLCWjItY6LB9ft9YhoDgwfmclB2zhu51Lc7+95b8NRAg==" }, "chai": { - "version": "4.3.7", - "resolved": "https://registry.npmjs.org/chai/-/chai-4.3.7.tgz", - "integrity": "sha512-HLnAzZ2iupm25PlN0xFreAlBA5zaBSv3og0DdeGA4Ar6h6rJ3A0rolRUKJhSF2V10GZKDgWF/VmAEsNWjCRB+A==", + "version": "4.3.10", + "resolved": "https://registry.npmjs.org/chai/-/chai-4.3.10.tgz", + "integrity": "sha512-0UXG04VuVbruMUYbJ6JctvH0YnC/4q3/AkT18q4NaITo91CUm0liMS9VqzT9vZhVQ/1eqPanMWjBM+Juhfb/9g==", "requires": { "assertion-error": "^1.1.0", - "check-error": "^1.0.2", - "deep-eql": "^4.1.2", - "get-func-name": "^2.0.0", - "loupe": "^2.3.1", + "check-error": "^1.0.3", + "deep-eql": "^4.1.3", + "get-func-name": "^2.0.2", + "loupe": "^2.3.6", "pathval": "^1.1.1", - "type-detect": "^4.0.5" + "type-detect": "^4.0.8" } }, "chalk": { @@ -3455,9 +3458,12 @@ "integrity": "sha512-yrLQ/yVUFXkzg7EDQsPieE/53+0RlaWTs+wBrvW36cyilJ2SaDWfl4Yj7MtLTXleV9uEKefbAGUPv2/iWSooRA==" }, "check-error": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/check-error/-/check-error-1.0.2.tgz", - "integrity": "sha512-BrgHpW9NURQgzoNyjfq0Wu6VFO6D7IZEmJNdtgNqpzGG8RuNFHt2jQxWlAs4HMe119chBnv+34syEZtc6IhLtA==" + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/check-error/-/check-error-1.0.3.tgz", + "integrity": "sha512-iKEoDYaRmd1mxM90a2OEfWhjsjPpYPuQ+lMYsoxB126+t8fw7ySEO48nmDg5COTjxDI65/Y2OWpeEHk3ZOe8zg==", + "requires": { + "get-func-name": "^2.0.2" + } }, "chokidar": { "version": "3.5.3", @@ -3555,9 +3561,9 @@ } }, "deep-eql": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/deep-eql/-/deep-eql-4.1.2.tgz", - "integrity": "sha512-gT18+YW4CcW/DBNTwAmqTtkJh7f9qqScu2qFVlx7kCoeY9tlBu9cUcr7+I+Z/noG8INehS3xQgLpTtd/QUTn4w==", + "version": "4.1.3", + "resolved": "https://registry.npmjs.org/deep-eql/-/deep-eql-4.1.3.tgz", + "integrity": "sha512-WaEtAOpRA1MQ0eohqZjpGD8zdI0Ovsm8mmFhaDN8dvDZzyoUMcYDnf5Y6iu7HTXxf8JDS23qWa4a+hKCDyOPzw==", "requires": { "type-detect": "^4.0.0" } @@ -3675,9 +3681,9 @@ "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==" }, "get-func-name": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/get-func-name/-/get-func-name-2.0.0.tgz", - "integrity": "sha512-Hm0ixYtaSZ/V7C8FJrtZIuBBI+iSgL+1Aq82zSu8VQNB4S3Gk8e7Qs3VwBDJAhmRZcFqkl3tQu36g/Foh5I5ig==" + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/get-func-name/-/get-func-name-2.0.2.tgz", + "integrity": "sha512-8vXOvuE167CtIc3OyItco7N/dpRtBbYOsPsXCz7X/PMnlGjYjSGuZJgM1Y7mmew7BKf9BqvLX2tnOVy1BBUsxQ==" }, "glob": { "version": "7.2.0", diff --git a/test/util/package.json b/test/util/package.json index bc9e1fe91..d342fc04b 100644 --- a/test/util/package.json +++ b/test/util/package.json @@ -15,7 +15,7 @@ "keywords": [], "author": "", "devDependencies": { - "@types/chai": "^4.3.5", + "@types/chai": "^4.3.6", "@types/glob-to-regexp": "^0.4.1", "@types/mdast": "^3.0.11", "@types/mocha": "^10.0.1", @@ -32,7 +32,7 @@ "typescript": "^5.1.6" }, "dependencies": { - "chai": "^4.3.6", + "chai": "^4.3.10", "commander": "^11.0.0", "glob-to-regexp": "^0.4.1", "mocha-junit-reporter": "^2.0.2", From f06d503133df98787c0e4c987619b15803a07f15 Mon Sep 17 00:00:00 2001 From: jaradtke-aws Date: Mon, 2 Oct 2023 14:18:40 -0400 Subject: [PATCH 17/20] Update Page Layout and add Tips about Clean Up --- .../introduction/setup/your-account/using-eksctl.md | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/website/docs/introduction/setup/your-account/using-eksctl.md b/website/docs/introduction/setup/your-account/using-eksctl.md index 182b4ad53..c3d30ccc1 100644 --- a/website/docs/introduction/setup/your-account/using-eksctl.md +++ b/website/docs/introduction/setup/your-account/using-eksctl.md @@ -32,11 +32,17 @@ This generally takes 20 minutes. Once the cluster is created run this command to $ use-cluster $EKS_CLUSTER_NAME ``` +## Next Steps + Now that the cluster is ready, head to the [Getting Started](/docs/introduction/getting-started) module or skip ahead to any module in the workshop with the top navigation bar. Once you're completed with the workshop, follow the steps below to clean-up your environment. -## Cleaning Up +## Cleaning Up (steps once you are done with the Workshop) + +:::tip +The following demonstrates how you will later clean up resources once you are done using the EKS Cluster you created in previous steps to complete the modules. +::: -Before deleting the Cloud9 environment we need to clean up the cluster that we set up above. +Before deleting the Cloud9 environment we need to clean up the cluster that we set up in previous steps. First use `delete-environment` to ensure that the sample application and any left-over lab infrastructure is removed: @@ -48,4 +54,4 @@ Next delete the cluster with `eksctl`: ```bash test=false $ eksctl delete cluster $EKS_CLUSTER_NAME --wait -``` \ No newline at end of file +``` From 4bb2383381f058aeb9d06cc16f6325ceb6169ae7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Oct 2023 00:00:22 +0000 Subject: [PATCH 18/20] Bump urllib3 from 2.0.3 to 2.0.6 in /helm/src Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.0.3 to 2.0.6. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](https://github.com/urllib3/urllib3/compare/2.0.3...2.0.6) --- updated-dependencies: - dependency-name: urllib3 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- helm/src/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/src/requirements.txt b/helm/src/requirements.txt index 05d186da5..7bc7758ec 100644 --- a/helm/src/requirements.txt +++ b/helm/src/requirements.txt @@ -4,4 +4,4 @@ idna==3.4 PyYAML==6.0 requests==2.31.0 semantic-version==2.10.0 -urllib3==2.0.3 +urllib3==2.0.6 From ab1f184cf5f80787db51dd4fff31d82e88b5510f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 7 Oct 2023 04:46:57 +0000 Subject: [PATCH 19/20] Bump postcss from 8.4.16 to 8.4.31 in /website Bumps [postcss](https://github.com/postcss/postcss) from 8.4.16 to 8.4.31. - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/postcss/postcss/compare/8.4.16...8.4.31) --- updated-dependencies: - dependency-name: postcss dependency-type: indirect ... Signed-off-by: dependabot[bot] --- website/package-lock.json | 38 ++++++++++++++++++++++++-------------- 1 file changed, 24 insertions(+), 14 deletions(-) diff --git a/website/package-lock.json b/website/package-lock.json index fb2aeec30..75ff51c3c 100644 --- a/website/package-lock.json +++ b/website/package-lock.json @@ -8031,9 +8031,15 @@ } }, "node_modules/nanoid": { - "version": "3.3.4", - "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz", - "integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==", + "version": "3.3.6", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.6.tgz", + "integrity": "sha512-BGcqMMJuToF7i1rt+2PWSNVnWIkGCU78jBG3RxO/bZlnZPK2Cmi2QaffxGO/2RvWi9sL+FAiRiXMgsyxQ1DIDA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], "bin": { "nanoid": "bin/nanoid.cjs" }, @@ -8587,9 +8593,9 @@ } }, "node_modules/postcss": { - "version": "8.4.16", - "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.16.tgz", - "integrity": "sha512-ipHE1XBvKzm5xI7hiHCZJCSugxvsdq2mPnsq5+UF+VHCjiBvtDrlxJfMBToWaP9D5XlgNmcFGqoHmUn0EYEaRQ==", + "version": "8.4.31", + "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.31.tgz", + "integrity": "sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ==", "funding": [ { "type": "opencollective", @@ -8598,10 +8604,14 @@ { "type": "tidelift", "url": "https://tidelift.com/funding/github/npm/postcss" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" } ], "dependencies": { - "nanoid": "^3.3.4", + "nanoid": "^3.3.6", "picocolors": "^1.0.0", "source-map-js": "^1.0.2" }, @@ -18419,9 +18429,9 @@ } }, "nanoid": { - "version": "3.3.4", - "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz", - "integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==" + "version": "3.3.6", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.6.tgz", + "integrity": "sha512-BGcqMMJuToF7i1rt+2PWSNVnWIkGCU78jBG3RxO/bZlnZPK2Cmi2QaffxGO/2RvWi9sL+FAiRiXMgsyxQ1DIDA==" }, "negotiator": { "version": "0.6.3", @@ -18814,11 +18824,11 @@ } }, "postcss": { - "version": "8.4.16", - "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.16.tgz", - "integrity": "sha512-ipHE1XBvKzm5xI7hiHCZJCSugxvsdq2mPnsq5+UF+VHCjiBvtDrlxJfMBToWaP9D5XlgNmcFGqoHmUn0EYEaRQ==", + "version": "8.4.31", + "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.31.tgz", + "integrity": "sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ==", "requires": { - "nanoid": "^3.3.4", + "nanoid": "^3.3.6", "picocolors": "^1.0.0", "source-map-js": "^1.0.2" } From 1524932fc9e63eeb671a65c33e94306ff99d7e4b Mon Sep 17 00:00:00 2001 From: Niall Thomson Date: Mon, 9 Oct 2023 03:37:08 +0000 Subject: [PATCH 20/20] Use correct credentials for FsXN --- .../storage/fsxn/.workshop/terraform/addon.tf | 26 +++---------------- .../storage/fsxn/backend/config.env | 3 ++- .../fsxn/backend/env-var-transformer.yaml | 4 ++- .../storage/fsxn/backend/fsxn-secret.yaml | 2 +- .../storage/fsxn/backend/kustomization.yaml | 7 +++++ 5 files changed, 16 insertions(+), 26 deletions(-) diff --git a/manifests/modules/fundamentals/storage/fsxn/.workshop/terraform/addon.tf b/manifests/modules/fundamentals/storage/fsxn/.workshop/terraform/addon.tf index 854a4f6fd..99379c5ad 100644 --- a/manifests/modules/fundamentals/storage/fsxn/.workshop/terraform/addon.tf +++ b/manifests/modules/fundamentals/storage/fsxn/.workshop/terraform/addon.tf @@ -1,26 +1,5 @@ -locals { - helm_config = { - name = "trident-operator" - chart = "trident-operator" - repository = "https://netapp.github.io/trident-helm-chart" - version = "23.01.0" - namespace = "trident" - create_namespace = true - values = local.default_helm_values - set = [] - description = "Amazon FSx for NetApp ONTAP CSI storage provisioner using the Trident Operator." - wait = false - } - - default_helm_values = [templatefile("${path.module}/values.yaml", {})] -} - -module "helm_addon" { - source = "github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons/helm-addon?ref=v4.16.0" - manage_via_gitops = false - helm_config = local.helm_config - irsa_config = [] - addon_context = local.addon_context +module "fsxn_driver" { + source = "github.com/NetApp/terraform-aws-netapp-fsxn-eks-addon.git?ref=v1.0" } data "aws_vpc" "selected_vpc_fsx" { @@ -111,6 +90,7 @@ resource "aws_security_group_rule" "fsxn_outbound" { output "environment" { value = <