Merge branch 'main' into kustomize-patch-fix

.github/workflows/test-automation.yaml

@@ -11,7 +11,13 @@ permissions:
 
 jobs:
   test-module:
+    strategy:
+      fail-fast: false
+      matrix:
+        module:
+        - automation/gitops
+        - automation/controlplanes
     uses: ./.github/workflows/module-test.yaml
     with:
-      module: automation
+      module: ${{ matrix.module }}
     secrets: inherit

.github/workflows/test-cleanup.yaml

@@ -3,8 +3,8 @@ name: Test cleanup
 on:
   workflow_dispatch:
     inputs:
-      buildId:
-        description: 'Build ID'
+      clusterId:
+        description: 'Cluster ID'
         required: true
 
 permissions:
@@ -47,10 +47,9 @@ jobs:
     - name: Cleanup environment
       timeout-minutes: 60
       env:
-        BUILD_ID: ${{ github.event.inputs.buildId }}
+        CLUSTER_ID: ${{ github.event.inputs.clusterId }}
         AWS_REGION: "${{ secrets.AWS_REGION }}"
       run: |
-        export CLUSTER_ID="ci-${BUILD_ID}"
         export CLEANUP_ENVIRONMENT_NAME="$CLUSTER_ID"
         export AWS_DEFAULT_REGION="$AWS_REGION"
         

.gitignore

@@ -31,3 +31,6 @@ env
 *.zip
 
 cdk.out
+
+.envrc
+node_modules

README.md

@@ -1,7 +1,5 @@
 # Amazon Elastic Kubernetes Service Workshop
 
-![Tests](https://github.com/aws-samples/eks-workshop-v2/actions/workflows/ci.yaml/badge.svg?branch=main)
-
 Welcome to the repository for the [Amazon Elastic Kubernetes Services workshop](https://eksworkshop.com). This contains the source for the website content as well as the accompanying infrastructure-as-code to set up a workshop lab environment in your AWS account. Please review the [Introduction](https://www.eksworkshop.com/docs/introduction/) chapter of the workshop for more details.
 
 ## Introduction

docs/cluster_requirements.md

@@ -0,0 +1,32 @@
+# EKS Workshop Cluster Requirements
+
+The workshop provides multiple ways to provision the EKS cluster for the lab exercises, with `eksctl` being the default. In order for the labs to be compatible with all of the provisioning methods there are certain requirements that need to be met. This document records these requirements.
+
+## Global Requirements
+
+The following global requirements must be implemented:
+1. The configuration should be parameterized so that the infrastructure can be installed multiple times in the same AWS account/region
+2. All infrastructure should be tagged with `created-by: eks-workshop-v2` and `env: ${EKS_CLUSTER_NAME}`
+
+## VPC
+
+The VPC for the lab cluster must implement the following:
+1. The default VPC CIDR should be `10.42.0.0/16`
+2. It should have 3 public subnets and 3 private subnets across different availability zones
+3. The public subnet CIDR ranges should be `10.42.0.0/19`, `10.42.32.0/19` and `10.42.64.0/19`
+4. The private subnet CIDR ranges should be `10.42.96.0/19`, `10.42.128.0/19` and `10.42.160.0/19`
+5. The VPC must provide an Internet Gateway and NAT Gateway for internet access from both public and private subnets
+6. The private subnets must have name that includes the string `Private` in it for lookup purposes
+7. The public subnets should be tagged with `kubernetes.io/role/elb: 1`
+
+## EKS Cluster
+
+The EKS cluster for the lab must implement the following:
+1. It should have both public and private EKS control plane endpoints enabled
+2. It should have the VPC CNI EKS Managed Addon installed with the following configuration: `{"env":{"ENABLE_PREFIX_DELEGATION":"true", "ENABLE_POD_ENI":"true", "POD_SECURITY_GROUP_ENFORCING_MODE":"standard"}}`
+3. It should have a single node group, if possible named `default` with the following characteristics:
+    * Desired + Minimum size = 3, Maximum size = 6
+    * Instance type of `m5.large`
+    * Utilizing only the private subnets
+    * An AMI release version explicitly specified that matches the other implementations
+    * The label `workshop-default: 'yes'`

governance/steering.md

@@ -1,49 +1,59 @@
 # Steering Committee and Module Leads
+
 ## Steering Commitee Members
+
 The Steering Committee is a 6 member body, overseeing the governance of the EKS Workshop.
+
 ### Terms end in February 2024
-|Name|Profile|Role|
-|:----|:-------|:----|
-|Sai Vennam|[@svennam92](https://github.com/svennam92)|Principal EKS DA
-|Niall Thomson|[@niallthomson](https://github.com/niallthomson)|Specialist Solution Architect, Containers|
-|Ray Krueger|[@raykrueger](https://github.com/raykrueger)|Principal Container Specialist|
-|Ameet Naik|[@ameetnaik](https://github.com/ameetnaik)|Technical Account Manager|
-|Kamran Habib|[@kmhabib](https://github.com/kmhabib)|Solution Architect (TFC at large)|
-|Theo Salvo|[@buzzsurfr](https://github.com/buzzsurfr)|Container Specialist (TFC core team member)|
+
+| Name          | Profile                                          | Role                                        |
+| :------------ | :----------------------------------------------- | :------------------------------------------ |
+| Sai Vennam    | [@svennam92](https://github.com/svennam92)       | Principal EKS DA                            |
+| Niall Thomson | [@niallthomson](https://github.com/niallthomson) | Specialist Solution Architect, Containers   |
+| Ray Krueger   | [@raykrueger](https://github.com/raykrueger)     | Principal Container Specialist              |
+| Ameet Naik    | [@ameetnaik](https://github.com/ameetnaik)       | Technical Account Manager                   |
+| Kamran Habib  | [@kmhabib](https://github.com/kmhabib)           | Solution Architect (TFC at large)           |
+| Theo Salvo    | [@buzzsurfr](https://github.com/buzzsurfr)       | Container Specialist (TFC core team member) |
 
 ## Working Groups
+
 The working groups are led by chairs (6 month terms) and maintainers (6 month terms).
 
-|Working Group|Chair|Maintainers|
-|:----|:-------|:----|
-|Infrastructure|[Niall Thomson](https://github.com/niallthomson)||
-|Fundamentals|[Sai Vennam](https://github.com/svennam92)|[Hemanth AVS](https://github.com/hemanth-avs)|
-|Autoscaling|[Sanjeev Ganjihal](https://github.com/sanjeevrg89)||
-|Automation|[Carlos Santana](https://github.com/csantanapr)|[Tsahi Duek](https://github.com/tsahiduek), [Christina Andonov](https://github.com/candonov), [Sébastien Allamand](https://github.com/allamand)|
-|Machine Learning|[Masatoshi Hayashi](https://github.com/literalice)||
-|Networking|[Sheetal Joshi](https://github.com/sheetaljoshi)|[Umair Ishaq](https://github.com/umairishaq)|
-|Observability|[Nirmal Mehta](https://github.com/normalfaults)|[Steven David](https://github.com/StevenDavid)|
-|Security|[Rodrigo Bersa](https://github.com/rodrigobersa)| |
-|Storage|[Eric Heinrichs](https://github.com/heinrichse)|[Andrew Peng](https://github.com/pengc99)|
+| Working Group    | Chair                                              | Maintainers                                                                                                                                     |
+| :--------------- | :------------------------------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------------- |
+| Infrastructure   | [Niall Thomson](https://github.com/niallthomson)   |                                                                                                                                                 |
+| Fundamentals     | [Sai Vennam](https://github.com/svennam92)         | [Bijith Nair](https://github.com/bijithnair), [Tolu Okuboyejo](https://github.com/oktab1), [Hemanth AVS](https://github.com/hemanth-avs)        |
+| Autoscaling      | [Sanjeev Ganjihal](https://github.com/sanjeevrg89) |                                                                                                                                                 |
+| Automation       | [Carlos Santana](https://github.com/csantanapr)    | [Tsahi Duek](https://github.com/tsahiduek), [Sébastien Allamand](https://github.com/allamand), [Yuriy Bezsonov](https://github.com/ybezsonov)   |
+| Machine Learning | [Masatoshi Hayashi](https://github.com/literalice) | [Benjamin Gardiner](https://github.com/bkgardiner)                                                                                              |
+| Networking       | [Sheetal Joshi](https://github.com/sheetaljoshi)   | [Umair Ishaq](https://github.com/umairishaq)                                                                                                    |
+| Observability    | [Nirmal Mehta](https://github.com/normalfaults)    | [Steven David](https://github.com/StevenDavid)                                                                                                  |
+| Security         | [Rodrigo Bersa](https://github.com/rodrigobersa)   |                                                                                                                                                 |
+| Storage          | [Eric Heinrichs](https://github.com/heinrichse)    | [Andrew Peng](https://github.com/pengc99)                                                                                                       |
 
 ## Wranglers
+
 Wranglers will work across all topic areas and serve for at least 6 months.
 |Name|Profile|Role|
 |:----|:-------|:----|
 |Math Bruneau|[@ROunofF](https://github.com/ROunofF)|Specialist Solution Architect, Containers|
 
-
 ## Emeritus
-|Name|Profile|Role|
-|:----|:-------|:----|
-|Jeremy Cowan|[@jicowan](https://github.com/jicowan)|EKS DA manager|
+
+| Name         | Profile                                | Role           |
+| :----------- | :------------------------------------- | :------------- |
+| Jeremy Cowan | [@jicowan](https://github.com/jicowan) | EKS DA manager |
 
 ## Meetings
+
 ### Schedule and Cadence
+
 The steering committee will host a public meeting every third Thursday of the month at 9AM CT. <!--update with Chime link-->
 
 ### Resources
-* <!--add links to meeting notes and recordings-->
+
+- <!--add links to meeting notes and recordings-->
 
 ## Contact
-* Mailing List: <[email protected]>
+
+- Mailing List: <[email protected]>

helm/src/requirements.txt

@@ -1,7 +1,7 @@
 certifi==2023.7.22
-charset-normalizer==3.1.0
+charset-normalizer==3.3.0
 idna==3.4
-PyYAML==6.0
+PyYAML==6.0.1
 requests==2.31.0
 semantic-version==2.10.0
-urllib3==2.0.2
+urllib3==2.0.6

lab/bin/use-cluster

@@ -35,4 +35,10 @@ EKS_IP_FAMILY=ipv4
 set +a
 EOT
 
-aws eks update-kubeconfig --name $cluster_name > /dev/null
+aws eks update-kubeconfig --name $cluster_name > /dev/null 2>&1
+
+if [[ -v C9_USER ]]; then
+  echo "Granting C9_USER access to the cluster via the AWS Console ${C9_USER}"
+  eksctl create iamidentitymapping --cluster $cluster_name --arn arn:aws:iam::${AWS_ACCOUNT_ID}:user/${C9_USER} --username console-iam-user --group system:masters > /dev/null
+  eksctl create iamidentitymapping --cluster $cluster_name --arn arn:aws:iam::${AWS_ACCOUNT_ID}:role/${C9_USER} --username console-iam-role --group system:masters > /dev/null
+fi

lab/cfn/eks-workshop-ide-cfn.yaml

@@ -44,6 +44,10 @@ Parameters:
     Type: String
     Description: Name of the Cloud9 instance
     Default: "none"
+  Cloud9Subnet:
+    Type: String
+    Description: If you want Cloud9 in a specific subnet
+    Default: "none"
   ResourcesPrecreated: 
     Type: String
     Description: Whether lab infrastructure has been pre-provisioned
@@ -55,6 +59,7 @@ Parameters:
 Conditions: 
   Create3rdPartyResources: !Equals [ !Ref EksWorkshopC9EnvType, 3rdParty ]
   IsCloud9NotNamed: !Equals [ !Ref Cloud9Name, none ]
+  IsCloud9SubnetSpecified: !Not [ !Equals [ !Ref Cloud9Subnet, none ]]
 
 Resources:
   EksWorkshopC9Role:
@@ -124,12 +129,8 @@ Resources:
             Resource: "*"
 
   EksWorkshopC9BootstrapInstanceLambda:
-    Description: Bootstrap Cloud9 instance
     Type: Custom::EksWorkshopC9BootstrapInstanceLambda
     DependsOn:
-    - EksWorkshopC9BootstrapInstanceLambdaFunction
-    - EksWorkshopC9Instance
-    - EksWorkshopC9InstanceProfile
     - EksWorkshopC9LambdaExecutionRole
     Properties:
       ServiceToken:
@@ -159,6 +160,10 @@ Resources:
         - EksWorkshopC9LambdaExecutionRole
         - Arn
       Runtime: python3.9
+      Environment:
+        Variables:
+          DiskSize:
+            Ref: EksWorkshopC9InstanceVolumeSize
       MemorySize: 256
       Timeout: '600'
       Code:
@@ -170,10 +175,12 @@ Resources:
           import time
           import traceback
           import cfnresponse
+          import logging
+          logger = logging.getLogger(__name__)
           
           def lambda_handler(event, context):
               print(event.values())
-              # logger.info('context: {}'.format(context))
+              logger.info('context: {}'.format(context))
               responseData = {}
 
               status = cfnresponse.SUCCESS
@@ -189,25 +196,25 @@ Resources:
           
                       # Get the InstanceId of the Cloud9 IDE
                       instance = ec2.describe_instances(Filters=[{'Name': 'tag:Name','Values': ['aws-cloud9-'+event['ResourceProperties']['Cloud9Name']+'-'+event['ResourceProperties']['EnvironmentId']]}])['Reservations'][0]['Instances'][0]
-                      # logger.info('instance: {}'.format(instance))
+                      logger.info('instance: {}'.format(instance))
                       instance_id = instance['InstanceId']
           
                       # Create the IamInstanceProfile request object
                       iam_instance_profile = {
                           'Arn': event['ResourceProperties']['LabIdeInstanceProfileArn'],
                           'Name': event['ResourceProperties']['LabIdeInstanceProfileName']
                       }
-                      # logger.info('iam_instance_profile: {}'.format(iam_instance_profile))
+                      logger.info('iam_instance_profile: {}'.format(iam_instance_profile))
 
                       time.sleep(10)
           
                       # Wait for Instance to become ready before adding Role
                       instance_state = instance['State']['Name']
-                      # logger.info('instance_state: {}'.format(instance_state))
+                      logger.info('instance_state: {}'.format(instance_state))
                       while instance_state != 'running':
                           time.sleep(5)
                           instance_state = ec2.describe_instances(InstanceIds=[instance_id])
-                          # logger.info('instance_state: {}'.format(instance_state))
+                          logger.info('instance_state: {}'.format(instance_state))
 
                       associations = ec2.describe_iam_instance_profile_associations(
                           Filters=[
@@ -230,8 +237,11 @@ Resources:
 
                       block_device = ec2.describe_volumes(VolumeIds=[block_volume_id])['Volumes'][0]
 
-                      if block_device['Size'] != 30:
-                        ec2.modify_volume(VolumeId=block_volume_id,Size=30)
+                      DiskSize = int(os.environ['DiskSize'])
+                      if block_device['Size'] < DiskSize:
+                        ec2.modify_volume(VolumeId=block_volume_id,Size=DiskSize)
+                        logger.info('Modifying block volume: {}'.format(block_volume_id))
+                        time.sleep(10)
 
                       for i in range(1, 30):
                         response = ssm.describe_instance_information(Filters=[{'Key': 'InstanceIds', 'Values': [instance_id]}])
@@ -286,34 +296,6 @@ Resources:
             - !Sub |
                 set -e
       
-                STR=$(cat /etc/os-release)
-                SUB="VERSION_ID=\"2\""
-
-                marker_file="/root/resized.mark"
-
-                if [[ ! -f "$marker_file" ]]; then
-                  if [ $(readlink -f /dev/xvda) = "/dev/xvda" ]
-                  then
-                    sudo growpart /dev/xvda 1
-                    if [[ "$STR" == *"$SUB"* ]]
-                    then
-                      sudo xfs_growfs -d /
-                    else
-                      sudo resize2fs /dev/xvda1
-                    fi
-                  else
-                    sudo growpart /dev/nvme0n1 1
-                    if [[ "$STR" == *"$SUB"* ]]
-                    then
-                      sudo xfs_growfs -d /
-                    else
-                      sudo resize2fs /dev/nvme0n1p1
-                    fi
-                  fi
-                fi
-
-                touch $marker_file
-
                 export AWS_REGION="${AWS::Region}"
                 export REPOSITORY_OWNER="${RepositoryOwner}"
                 export REPOSITORY_NAME="${RepositoryName}"
@@ -325,6 +307,9 @@ Resources:
 
                 sudo -E -H -u ec2-user bash -c "curl -fsSL https://raw.githubusercontent.com/${RepositoryOwner}/${RepositoryName}/${RepositoryRef}/lab/scripts/setup.sh | bash"
 
+                echo 'Rebooting...'
+                reboot
+
   EksWorkshopC9InstanceProfile:
     Type: AWS::IAM::InstanceProfile
     Properties:
@@ -333,14 +318,14 @@ Resources:
       - Ref: EksWorkshopC9Role
 
   EksWorkshopC9Instance:
-    Description: "-"
     Type: AWS::Cloud9::EnvironmentEC2
     Properties:
       Description: AWS Cloud9 instance for EKS Workshop
       ImageId: amazonlinux-2-x86_64
       AutomaticStopTimeMinutes: 3600
       InstanceType:
         Ref: EksWorkshopC9InstanceType
+      SubnetId: !If [ IsCloud9SubnetSpecified, !Ref Cloud9Subnet, !Ref "AWS::NoValue" ]
       Name: !If [ IsCloud9NotNamed, !Ref AWS::StackName, !Ref Cloud9Name ]
       OwnerArn: !If [ Create3rdPartyResources, !Ref WorkshopOwnerArn, !Ref "AWS::NoValue" ]
       Tags: