From d5b20dcaafcec5c3c3e808e5e9969a554bb183da Mon Sep 17 00:00:00 2001 From: Steven Davidovitz Date: Tue, 21 Feb 2023 17:13:41 -0800 Subject: [PATCH] remove agent_template.yaml from terraform generation (#129) * remove agent_template.yaml from terraform generation * update terraform bootstrap file * urlescape the artifact url * remove install configurable and agent template creation * remove domino install from deploy test * add BASTION_IP to outputs * add bastion_ip to cdk tf main --- .github/workflows/tests.yml | 51 +------ cdk/domino_cdk/agent.py | 219 --------------------------- cdk/domino_cdk/config/__init__.py | 1 - cdk/domino_cdk/config/base.py | 15 +- cdk/domino_cdk/config/install.py | 61 -------- cdk/domino_cdk/config/template.py | 22 +-- cdk/domino_cdk/domino_stack.py | 21 --- cdk/domino_cdk/util.py | 26 +++- cdk/tests/unit/config/__init__.py | 20 --- cdk/tests/unit/config/test_config.py | 19 --- cdk/tests/unit/test_agent.py | 128 ---------------- terraform/cloudformation.tf | 7 - terraform/legacy.tf | 31 ++++ terraform/variables.tf | 2 +- 14 files changed, 64 insertions(+), 559 deletions(-) delete mode 100644 cdk/domino_cdk/agent.py delete mode 100644 cdk/domino_cdk/config/install.py delete mode 100644 cdk/tests/unit/test_agent.py create mode 100644 terraform/legacy.tf diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index dccb9e17..e6be64c4 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -94,7 +94,8 @@ jobs: for suffix in "" "-terraform"; do filename="domino-cdk$suffix-$DOMINO_CDK_VERSION.tar.gz" aws s3 cp --acl=public-read ./dist/$filename s3://domino-artifacts/cdk/$($DATEDIR)/$filename - echo "Artifact url: https://domino-artifacts.s3.amazonaws.com/cdk/$($DATEDIR)/$filename" + urlfile=$(python -c 'import sys, urllib.parse; print(urllib.parse.quote(sys.stdin.read().strip()))' <<< "$filename") + echo "Artifact url: https://domino-artifacts.s3.amazonaws.com/cdk/$($DATEDIR)/$urlfile" done - name: Deploy CDK if: contains(github.event.pull_request.labels.*.name, 'deploy-test') || github.ref == 'refs/heads/master' @@ -106,47 +107,6 @@ jobs: run: | docker login -u $REGISTRY_USERNAME -p $REGISTRY_PASSWORD quay.io cdk deploy --require-approval never --outputs-file outputs.json - - name: Prepare Domino install - if: contains(github.event.pull_request.labels.*.name, 'deploy-test') || github.ref == 'refs/heads/master' - env: - AWS_ACCESS_KEY_ID: ${{ secrets.DELTA_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.DELTA_ACCESS_KEY }} - run: | - $(jq -r ".[].ekskubeconfigcmd" outputs.json) --kubeconfig ./kubeconfig - jq -r ".[].agentconfig" outputs.json > agent_template.yaml - docker run --rm -v $(pwd):/cdk $DEPLOYER_IMAGE python -m fleetcommand_agent init --full -t /cdk/agent_template.yaml -f /cdk/domino.yml - - name: Install Domino - if: contains(github.event.pull_request.labels.*.name, 'deploy-test') || github.ref == 'refs/heads/master' - env: - AWS_ACCESS_KEY_ID: ${{ secrets.DELTA_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.DELTA_ACCESS_KEY }} - KUBECONFIG: ./kubeconfig - LOG_DIR: k8s-cluster-state - run: | - docker run --rm -v $(pwd):/cdk -v $(pwd)/agent_logs:/domino-deployer/logs -e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY -e KUBECONFIG=/cdk/kubeconfig $DEPLOYER_IMAGE python -m fleetcommand_agent run -f /cdk/domino.yml - - name: Collect diagnostic data - if: always() && (contains(github.event.pull_request.labels.*.name, 'deploy-test') || github.ref == 'refs/heads/master') - env: - AWS_ACCESS_KEY_ID: ${{ secrets.DELTA_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.DELTA_ACCESS_KEY }} - KUBECONFIG: ./kubeconfig - LOG_DIR: k8s-cluster-state - run: | - set +e - curl -Lo /usr/local/bin/kubectl "https://dl.k8s.io/release/v1.23.6/bin/linux/amd64/kubectl" - for ns in domino-platform domino-compute domino-system kube-system; do - mkdir -p $LOG_DIR/$ns - kubectl -n $ns get ing -o yaml > $LOG_DIR/$ns/ingress.txt - kubectl -n $ns get po -o yaml > $LOG_DIR/$ns/pods.txt - kubectl -n $ns describe po > $LOG_DIR/$ns/pods-described.txt - kubectl -n $ns get pvc -o yaml > $LOG_DIR/$ns/pvcs.txt - kubectl -n $ns get svc -o yaml > $LOG_DIR/$ns/svcs.txt - kubectl -n $ns describe svc > $LOG_DIR/$ns/svcs-described.txt - kubectl -n $ns get events > $LOG_DIR/$ns/events.txt - done - kubectl get pv -o yaml > $LOG_DIR/pvs.txt - kubectl get no -o yaml > $LOG_DIR/nodes.txt - kubectl describe no > $LOG_DIR/nodes-described.txt - name: Upload diagnostic data if: always() && (contains(github.event.pull_request.labels.*.name, 'deploy-test') || github.ref == 'refs/heads/master') uses: actions/upload-artifact@v2 @@ -154,13 +114,6 @@ jobs: name: Diagnostic Data path: ./ retention-days: 14 - - name: Uninstall Domino - if: always() && (contains(github.event.pull_request.labels.*.name, 'deploy-test') || github.ref == 'refs/heads/master') - env: - AWS_ACCESS_KEY_ID: ${{ secrets.DELTA_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.DELTA_ACCESS_KEY }} - run: | - docker run --rm -v $(pwd):/cdk -e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY -e KUBECONFIG=/cdk/kubeconfig $DEPLOYER_IMAGE python -m fleetcommand_agent destroy -f /cdk/domino.yml - name: Destroy CDK if: always() && (contains(github.event.pull_request.labels.*.name, 'deploy-test') || github.ref == 'refs/heads/master') env: diff --git a/cdk/domino_cdk/agent.py b/cdk/domino_cdk/agent.py deleted file mode 100644 index e268fa57..00000000 --- a/cdk/domino_cdk/agent.py +++ /dev/null @@ -1,219 +0,0 @@ -from typing import Any, Optional - -from aws_cdk.aws_s3 import Bucket - -from domino_cdk.config import Install -from domino_cdk.util import DominoCdkUtil - - -def generate_install_config( - name: str, - install: Install, - aws_region: str, - eks_cluster_name: str, - pod_cidr: str, - global_node_selectors: dict[str, str], - buckets: dict[str, Bucket], - monitoring_bucket: Optional[Bucket], - efs_fsid: str, - efs_apid: str, - r53_zone_ids: str, - r53_owner_id: str, -) -> dict: - agent_cfg: dict[str, Any] = { - "name": name, - "schema": "1.2", - "hostname": install.hostname, - "pod_cidr": pod_cidr, - "global_node_selectors": global_node_selectors, - "storage_classes": { - "block": { - "create": True, - "name": "dominodisk", - "type": "ebs", - "access_modes": ["ReadWriteOnce"], - "base_path": "", - }, - "shared": { - "create": True, - "name": "dominoshared", - "type": "efs", - "access_modes": ["ReadWriteMany"], - "volume_capacity": "5Ti", - "efs": { - "region": aws_region, - "filesystem_id": efs_fsid, - "access_point_id": efs_apid, - }, - }, - }, - "blob_storage": { - "projects": { - "s3": { - "region": aws_region, - "bucket": buckets["blobs"].bucket_name, - "sse_kms_key_id": None, - }, - }, - "logs": { - "s3": { - "region": aws_region, - "bucket": buckets["logs"].bucket_name, - "sse_kms_key_id": None, - }, - }, - "backups": { - "s3": { - "region": aws_region, - "bucket": buckets["backups"].bucket_name, - "sse_kms_key_id": None, - }, - }, - }, - "autoscaler": { - "cloud_provider": "aws", - "auto_discovery": { - "cluster_name": eks_cluster_name, - }, - "groups": [], - "aws": { - "region": aws_region, - }, - }, - "internal_docker_registry": { - "s3_override": { - "region": aws_region, - "bucket": buckets["registry"].bucket_name, - "sse_kms_key_id": None, - }, - }, - "metrics_server": {"install": True}, - "gpu": {"enabled": True}, - "release_overrides": { - "nginx-ingress": {}, - }, - "version": "0.0.0", - "git": {"storage_class": "dominodisk"}, - "email_notifications": { - "enabled": False, - "server": "", - "port": 465, - "enable_ssl": True, - "from_address": "noone@example.com", - "authentication": {"username": "", "password": ""}, - }, - "telemetry": { - "intercom": {"enabled": False}, - "mixpanel": {"enabled": False, "token": ""}, - }, - "monitoring": {"prometheus_metrics": True}, - } - - if r53_zone_ids: - agent_cfg["external_dns"] = { - "provider": "aws", - "zone_id_filters": r53_zone_ids, - "txt_owner_id": r53_owner_id, - } - - agent_cfg["release_overrides"]["nginx-ingress"]["chart_values"] = { - "controller": { - "kind": "Deployment", - "hostNetwork": False, - "service": { - "enabled": True, - "type": "LoadBalancer", - "annotations": { - "service.beta.kubernetes.io/aws-load-balancer-ssl-negotiation-policy": "ELBSecurityPolicy-TLS-1-2-2017-01", - "service.beta.kubernetes.io/aws-load-balancer-ssl-cert": install.acm_cert_arn or "__FILL__", - "service.beta.kubernetes.io/aws-load-balancer-internal": False, - "service.beta.kubernetes.io/aws-load-balancer-backend-protocol": "tcp", - "service.beta.kubernetes.io/aws-load-balancer-ssl-ports": "443", - "service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout": "3600", # noqa - # "service.beta.kubernetes.io/aws-load-balancer-security-groups": - # "could-propagate-this-instead-of-create" - }, - "loadBalancerSourceRanges": install.access_list, - }, - } - } - - if install.istio_compatible: - agent_cfg["istio"] = { - "enabled": True, - "install": True, - "cni": False, - } - - agent_cfg = DominoCdkUtil.deep_merge( - agent_cfg, - { - "release_overrides": { - "nginx-ingress": { - "chart_values": { - "controller": { - "config": { - "use-proxy-protocol": "false", - # AWS ELBs don't like nginx-ingress's default cipher suite--connections just hang w/ override - "ssl-ciphers": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:AES128-GCM-SHA256:AES128-SHA256:AES256-GCM-SHA384:AES256-SHA256:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA", # noqa - "ssl-protocols": "TLSv1.2 TLSv1.3", - }, - "service": { - "targetPorts": {"http": "http", "https": "https"}, - "annotations": { - "service.beta.kubernetes.io/aws-load-balancer-backend-protocol": "ssl" - }, - }, - } - } - } - }, - }, - ) - - else: - agent_cfg = DominoCdkUtil.deep_merge( - agent_cfg, - { - "release_overrides": { - "nginx-ingress": { - "chart_values": { - "controller": { - "config": { - "use-proxy-protocol": "true", - }, - "service": { - "targetPorts": {"http": "http", "https": "http"}, - "annotations": { - "service.beta.kubernetes.io/aws-load-balancer-proxy-protocol": "*", - }, - }, - } - } - } - } - }, - ) - - if monitoring_bucket: - agent_cfg["release_overrides"]["nginx-ingress"]["chart_values"]["controller"]["service"]["annotations"].update( - { - "service.beta.kubernetes.io/aws-load-balancer-access-log-enabled": "true", - "service.beta.kubernetes.io/aws-load-balancer-access-log-emit-interval": "5", - "service.beta.kubernetes.io/aws-load-balancer-access-log-s3-bucket-name": monitoring_bucket.bucket_name, - "service.beta.kubernetes.io/aws-load-balancer-access-log-s3-bucket-prefix": "ELBAccessLogs", - } - ) - - if install.registry_username: - agent_cfg["helm"] = { - "image_registries": [ - { - "server": "quay.io", - "username": install.registry_username, - "password": install.registry_password, - } - ] - } - - return agent_cfg diff --git a/cdk/domino_cdk/config/__init__.py b/cdk/domino_cdk/config/__init__.py index eaafbb98..f2c2580d 100644 --- a/cdk/domino_cdk/config/__init__.py +++ b/cdk/domino_cdk/config/__init__.py @@ -7,7 +7,6 @@ from domino_cdk.config.base import DominoCDKConfig from domino_cdk.config.efs import EFS from domino_cdk.config.eks import EKS -from domino_cdk.config.install import Install from domino_cdk.config.route53 import Route53 from domino_cdk.config.s3 import S3 from domino_cdk.config.util import IngressRule diff --git a/cdk/domino_cdk/config/base.py b/cdk/domino_cdk/config/base.py index 2313cc1f..5d22e1b1 100644 --- a/cdk/domino_cdk/config/base.py +++ b/cdk/domino_cdk/config/base.py @@ -10,7 +10,6 @@ from domino_cdk.config.acm import ACM from domino_cdk.config.efs import EFS from domino_cdk.config.eks import EKS -from domino_cdk.config.install import Install from domino_cdk.config.route53 import Route53 from domino_cdk.config.s3 import S3 from domino_cdk.config.util import from_loader @@ -41,8 +40,6 @@ class DominoCDKConfig: s3: Optional[S3] = None acm: Optional[ACM] = None - install: Optional[Install] = None - @field_property(tags) def get_tags(self) -> Dict[str, str]: return {**unwrap_property(self).tags, **{"domino-deploy-id": self.name}} @@ -68,9 +65,8 @@ def from_0_0_0(c: dict): if efs is not None: efs = EFS.from_0_0_0(efs) - install = c.pop("install", None) - if install is not None: - install = Install.from_0_0_0(install) + # Install is no longer supported + c.pop("install", None) acm = c.pop("acm", None) if acm is not None: @@ -90,7 +86,6 @@ def from_0_0_0(c: dict): route53=route53, eks=EKS.from_0_0_0(c.pop("eks")), s3=s3, - install=install, acm=acm, ), c, @@ -110,9 +105,8 @@ def from_0_0_1(c: dict): if efs is not None: efs = EFS.from_0_0_0(efs) - install = c.pop("install", None) - if install is not None: - install = Install.from_0_0_1(install) + # Install is no longer supported + c.pop("install", None) acm = c.pop("acm", None) if acm is not None: @@ -132,7 +126,6 @@ def from_0_0_1(c: dict): route53=route53, eks=EKS.from_0_0_1(c.pop("eks")), s3=s3, - install=install, acm=acm, ), c, diff --git a/cdk/domino_cdk/config/install.py b/cdk/domino_cdk/config/install.py deleted file mode 100644 index 46b46811..00000000 --- a/cdk/domino_cdk/config/install.py +++ /dev/null @@ -1,61 +0,0 @@ -from dataclasses import dataclass -from typing import List, Optional - -from domino_cdk.config.util import from_loader - - -@dataclass -class Install: - """ - Values to pass to the Domino Installer (fleetcommand-agent). - - Quay credentials are for Domino's default public registry. - Configuration for custom registries should be done via direct configuration of installer overrides. - - access_list: ["0.0.0.0/0", ...] - List of CIDRs that can access Domino's primary LoadBalancer - acm_cert_arn: ARN - ARN of ACM SSL cert to be used for Domino install - hostname: domino.example.com - Hostname of Domino install - registry_username: some-username - Username for Domino quay.io image repositories - registry_password: some-password - Password for Domino quay.io image repoistories - overrides: - Overrides of Domino Installer (fleetcommand-agent) configuration. - """ - - access_list: List[str] # TODO: What should this variable be? cidr_access_list? loadbalancer_source_ranges? - acm_cert_arn: str - hostname: str - registry_username: str - registry_password: str - overrides: dict - istio_compatible: bool - - @staticmethod - def from_0_0_0(c: dict) -> Optional['Install']: - return from_loader( - "config.install", - Install( - access_list=["0.0.0.0/0"], - acm_cert_arn=None, - hostname=None, - registry_username=None, - registry_password=None, - istio_compatible=False, - overrides=c, - ), - c, - ) - - @staticmethod - def from_0_0_1(c: dict) -> Optional['Install']: - return from_loader( - "config.install", - Install( - access_list=c.pop("access_list"), - acm_cert_arn=c.pop("acm_cert_arn"), - hostname=c.pop("hostname"), - registry_username=c.pop("registry_username"), - registry_password=c.pop("registry_password"), - overrides=c.pop("overrides"), - istio_compatible=c.pop("istio_compatible", False), - ), - c, - ) diff --git a/cdk/domino_cdk/config/template.py b/cdk/domino_cdk/config/template.py index d62f5c62..ee2cb292 100644 --- a/cdk/domino_cdk/config/template.py +++ b/cdk/domino_cdk/config/template.py @@ -1,16 +1,7 @@ from typing import Any, Dict, List, Optional from domino_cdk import __version__ -from domino_cdk.config import ( - EFS, - EKS, - S3, - VPC, - DominoCDKConfig, - IngressRule, - Install, - Route53, -) +from domino_cdk.config import EFS, EKS, S3, VPC, DominoCDKConfig, IngressRule, Route53 from domino_cdk.util import DominoCdkUtil @@ -188,23 +179,12 @@ def add_nodegroups( }, ) - install = Install( - access_list=["0.0.0.0/0"], - acm_cert_arn=acm_cert_arn, - hostname=hostname, - registry_username=registry_username, - registry_password=registry_password, - istio_compatible=istio_compatible, - overrides=overrides, - ) - return DominoCDKConfig( name=name, aws_region=aws_region or fill, aws_account_id=aws_account_id or fill, tags={"domino-infrastructure": "true"}, create_iam_roles_for_service_accounts=False, - install=install, vpc=vpc, efs=efs, route53=route53, diff --git a/cdk/domino_cdk/domino_stack.py b/cdk/domino_cdk/domino_stack.py index 436ab0f1..b29b5a78 100644 --- a/cdk/domino_cdk/domino_stack.py +++ b/cdk/domino_cdk/domino_stack.py @@ -3,7 +3,6 @@ import aws_cdk.aws_s3 as s3 from aws_cdk import core as cdk -from domino_cdk.agent import generate_install_config from domino_cdk.aws_configurator import DominoAwsConfigurator from domino_cdk.config import DominoCDKConfig from domino_cdk.provisioners import ( @@ -147,24 +146,4 @@ def generate_outputs(self): value=r53_owner_id, ) - if self.cfg.install is not None: - agent_cfg = generate_install_config( - name=self.name, - install=self.cfg.install, - aws_region=self.cfg.aws_region, - eks_cluster_name=self.eks_stack.cluster.cluster_name, - pod_cidr=self.vpc_stack.vpc.vpc_cidr_block, - global_node_selectors=self.cfg.eks.global_node_labels, - buckets=self.s3_stack.buckets, - monitoring_bucket=self.s3_stack.monitoring_bucket, - efs_fsid=self.efs_stack.efs.file_system_id, - efs_apid=self.efs_stack.efs_access_point.access_point_id, - r53_zone_ids=r53_zone_ids, - r53_owner_id=r53_owner_id, - ) - - merged_cfg = DominoCdkUtil.deep_merge(agent_cfg, self.cfg.install.overrides) - - cdk.CfnOutput(self, "agent_config", value=DominoCdkUtil.ruamel_dump(merged_cfg)) - cdk.CfnOutput(self, "cdk_config", value=DominoCdkUtil.ruamel_dump(self.cfg.render(True))) diff --git a/cdk/domino_cdk/util.py b/cdk/domino_cdk/util.py index 80f7afa3..ceb38f02 100644 --- a/cdk/domino_cdk/util.py +++ b/cdk/domino_cdk/util.py @@ -115,9 +115,33 @@ def generate_terraform_bootstrap( }, }, "output": { + "BASTION_IP": { + "value": "${module.cdk.BASTION_IP}", + }, + "S3_BUCKET_NAME": { + "value": "${module.cdk.S3_BUCKET_NAME}", + }, + "S3_LOG_SNAPS_BUCKET_NAME": { + "value": "${module.cdk.S3_LOG_SNAPS_BUCKET_NAME}", + }, + "S3_BACKUPS_BUCKET_NAME": { + "value": "${module.cdk.S3_BACKUPS_BUCKET_NAME}", + }, + "S3_REGISTRY_BUCKET_NAME": { + "value": "${module.cdk.S3_REGISTRY_BUCKET_NAME}", + }, + "S3_MONITORING_BUCKET_NAME": { + "value": "${module.cdk.S3_MONITORING_BUCKET_NAME}", + }, + "EXECUTOR_EFS_FS_ID": { + "value": "${module.cdk.EXECUTOR_EFS_FS_ID}", + }, + "EXECUTOR_EFS_AP_ID": { + "value": "${module.cdk.EXECUTOR_EFS_AP_ID}", + }, "cloudformation_outputs": { "value": "${module.cdk.cloudformation_outputs}", - } + }, }, } diff --git a/cdk/tests/unit/config/__init__.py b/cdk/tests/unit/config/__init__.py index 8b84d22a..31a7445d 100644 --- a/cdk/tests/unit/config/__init__.py +++ b/cdk/tests/unit/config/__init__.py @@ -8,7 +8,6 @@ VPC, DominoCDKConfig, IngressRule, - Install, Route53, config_loader, ) @@ -19,15 +18,6 @@ aws_region='__FILL__', aws_account_id='__FILL__', tags={'domino-infrastructure': 'true'}, - install=Install( - access_list=["0.0.0.0/0"], - acm_cert_arn=None, - hostname=None, - registry_username=None, - registry_password=None, - istio_compatible=False, - overrides={}, - ), vpc=VPC( id=None, create=True, @@ -212,7 +202,6 @@ "registry": {"auto_delete_objects": False, "removal_policy_destroy": False}, } }, - "install": {}, } legacy_config = DominoCDKConfig( @@ -220,15 +209,6 @@ aws_region='__FILL__', aws_account_id='__FILL__', tags={'domino-infrastructure': 'true'}, - install=Install( - access_list=["0.0.0.0/0"], - acm_cert_arn=None, - hostname=None, - registry_username=None, - registry_password=None, - istio_compatible=False, - overrides={}, - ), vpc=VPC( id=None, create=True, diff --git a/cdk/tests/unit/config/test_config.py b/cdk/tests/unit/config/test_config.py index 871068d2..c9e9701b 100644 --- a/cdk/tests/unit/config/test_config.py +++ b/cdk/tests/unit/config/test_config.py @@ -130,22 +130,3 @@ def test_dev(self): for b in vars(c.s3.buckets).values(): self.assertTrue(b.auto_delete_objects) self.assertTrue(b.removal_policy_destroy) - - self.assertEqual( - c.install.overrides, - { - "release_overrides": { - "nucleus": { - "chart_values": { - "replicaCount": { - "dispatcher": 1, - "frontend": 1, - }, - "keycloak": { - "createIntegrationTestUser": True, - }, - }, - } - }, - }, - ) diff --git a/cdk/tests/unit/test_agent.py b/cdk/tests/unit/test_agent.py deleted file mode 100644 index 9a11fd17..00000000 --- a/cdk/tests/unit/test_agent.py +++ /dev/null @@ -1,128 +0,0 @@ -from unittest import TestCase - -from aws_cdk.aws_s3 import Bucket -from aws_cdk.core import App, Environment, Stack - -from domino_cdk.agent import generate_install_config -from domino_cdk.config import Install - - -class TestAgent(TestCase): - maxDiff = None - - def setUp(self): - self.app = App() - self.stack = Stack(self.app, "VPC", env=Environment(region="us-west-2", account="1234567890")) - self.buckets = { - "blobs": Bucket(self.stack, "s3-blobs"), - "logs": Bucket(self.stack, "s3-logs"), - "backups": Bucket(self.stack, "s3-backups"), - "registry": Bucket(self.stack, "s3-registry"), - } - - def test_generate_install_config_istio(self): - config = generate_install_config( - "test", - Install( - access_list="0.0.0.0/0", - acm_cert_arn="acm:cert:arn", - hostname="test.example.com", - registry_username=None, - registry_password=None, - overrides={}, - istio_compatible=True, - ), - "us-west-2", - "test-cluster", - "10.0.0.0/16", - {}, - self.buckets, - None, - "fsid-blah", - "apid-blah", - "ZONE-ABC", - "TXTOWNER", - ) - - self.assertEqual(config["istio"], {"enabled": True, "install": True, "cni": False}) - self.assertEqual( - config["release_overrides"]["nginx-ingress"]["chart_values"], - { - "controller": { - "kind": "Deployment", - "hostNetwork": False, - "service": { - "enabled": True, - "type": "LoadBalancer", - "targetPorts": {"http": "http", "https": "https"}, - "annotations": { - "service.beta.kubernetes.io/aws-load-balancer-ssl-negotiation-policy": "ELBSecurityPolicy-TLS-1-2-2017-01", - "service.beta.kubernetes.io/aws-load-balancer-backend-protocol": "ssl", - "service.beta.kubernetes.io/aws-load-balancer-ssl-cert": "acm:cert:arn", - "service.beta.kubernetes.io/aws-load-balancer-internal": False, - "service.beta.kubernetes.io/aws-load-balancer-ssl-ports": "443", - "service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout": "3600", # noqa - }, - "loadBalancerSourceRanges": "0.0.0.0/0", - }, - "config": { - "use-proxy-protocol": "false", - "ssl-ciphers": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:AES128-GCM-SHA256:AES128-SHA256:AES256-GCM-SHA384:AES256-SHA256:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA", # noqa - "ssl-protocols": "TLSv1.2 TLSv1.3", - }, - } - }, - ) - - def test_generate_install_config(self): - config = generate_install_config( - "test", - Install( - access_list="0.0.0.0/0", - acm_cert_arn="acm:cert:arn", - hostname="test.example.com", - registry_username=None, - registry_password=None, - overrides={}, - istio_compatible=False, - ), - "us-west-2", - "test-cluster", - "10.0.0.0/16", - {}, - self.buckets, - None, - "fsid-blah", - "apid-blah", - "ZONE-ABC", - "TXTOWNER", - ) - - self.assertEqual(config.get("istio"), None) - self.assertEqual( - config["release_overrides"]["nginx-ingress"]["chart_values"], - { - "controller": { - "kind": "Deployment", - "hostNetwork": False, - "service": { - "enabled": True, - "type": "LoadBalancer", - "targetPorts": {"http": "http", "https": "http"}, - "annotations": { - "service.beta.kubernetes.io/aws-load-balancer-ssl-negotiation-policy": "ELBSecurityPolicy-TLS-1-2-2017-01", - "service.beta.kubernetes.io/aws-load-balancer-backend-protocol": "tcp", - "service.beta.kubernetes.io/aws-load-balancer-ssl-cert": "acm:cert:arn", - "service.beta.kubernetes.io/aws-load-balancer-internal": False, - "service.beta.kubernetes.io/aws-load-balancer-ssl-ports": "443", - "service.beta.kubernetes.io/aws-load-balancer-proxy-protocol": "*", - "service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout": "3600", # noqa - }, - "loadBalancerSourceRanges": "0.0.0.0/0", - }, - "config": { - "use-proxy-protocol": "true", - }, - } - }, - ) diff --git a/terraform/cloudformation.tf b/terraform/cloudformation.tf index d3089b87..38509030 100644 --- a/terraform/cloudformation.tf +++ b/terraform/cloudformation.tf @@ -28,13 +28,6 @@ output "cloudformation_outputs" { value = aws_cloudformation_stack.cdk_stack.outputs } -resource "local_file" "agent_template" { - content = lookup(aws_cloudformation_stack.cdk_stack.outputs, "agentconfig", "") - filename = abspath("${var.output_dir}/agent_template.yaml") - file_permission = "0600" - depends_on = [aws_cloudformation_stack.cdk_stack] -} - resource "null_resource" "kubeconfig" { provisioner "local-exec" { command = "${lookup(aws_cloudformation_stack.cdk_stack.outputs, "ekskubeconfigcmd", "")} --kubeconfig ${abspath("${var.output_dir}/kubeconfig")} && chmod 600 ${abspath("${var.output_dir}/kubeconfig")}" diff --git a/terraform/legacy.tf b/terraform/legacy.tf new file mode 100644 index 00000000..8442dd27 --- /dev/null +++ b/terraform/legacy.tf @@ -0,0 +1,31 @@ +output "BASTION_IP" { + value = aws_cloudformation_stack.cdk_stack.outputs.bastionpublicip +} + +output "S3_BUCKET_NAME" { + value = aws_cloudformation_stack.cdk_stack.outputs.blobsbucketoutput +} + +output "S3_LOG_SNAPS_BUCKET_NAME" { + value = aws_cloudformation_stack.cdk_stack.outputs.logsbucketoutput +} + +output "S3_BACKUPS_BUCKET_NAME" { + value = aws_cloudformation_stack.cdk_stack.outputs.backupsbucketoutput +} + +output "S3_REGISTRY_BUCKET_NAME" { + value = aws_cloudformation_stack.cdk_stack.outputs.registrybucketoutput +} + +output "S3_MONITORING_BUCKET_NAME" { + value = aws_cloudformation_stack.cdk_stack.outputs.monitoringbucketoutput +} + +output "EXECUTOR_EFS_FS_ID" { + value = aws_cloudformation_stack.cdk_stack.outputs.EFSFilesystemId +} + +output "EXECUTOR_EFS_AP_ID" { + value = aws_cloudformation_stack.cdk_stack.outputs.EFSAccessPointId +} diff --git a/terraform/variables.tf b/terraform/variables.tf index 953d7cb6..e8c4e41b 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -20,7 +20,7 @@ variable "name" { variable "output_dir" { type = string - description = "Output directory for agent_template.yaml and kubeconfig" + description = "Output directory for kubeconfig" } variable "parameters" {