aws-samples / eks-cluster-upgrades-workshop Goto Github PK

View Code? Open in Web Editor NEW

19.0 3.0 121.0 8.41 MB

Source repo of the eks-upgrades workshop

Home Page: https://eks-upgrades-workshop.netlify.app/

License: Apache License 2.0

Shell 28.00% JavaScript 22.59% CSS 3.08% HCL 43.65% Dockerfile 2.69%

kubernetes argo-workflows eks flux2 gitops terraform eks-upgrade

eks-cluster-upgrades-workshop's Introduction

EKS Cluster Upgrades Workshop

‼️ THIS WORKSHOP IS PERFORMING UPGRADES FROM VERSION 1.25 ‼️

‼️ THIS WORKSHOP IS BEING DEPRECATED, THE REPO WILL REMAIN FOR CONSULTING ‼️

This workshop covers best practices that are applicable for both older and newer versions of Kubernetes. We are committed to keeping our content up-to-date with the latest Amazon EKS releases, Let's get started!

Click here to access the workshop

Introduction

The Amazon cluster upgrades workshop is built to provide you with a reference architecture that can help make your Amazon EKS Cluster upgrades less painful and more seamless. To achieve this, we will be using a GitOps strategy with Fluxv2 for components reconciliation and Karpenter for Node Scaling.

Why this architecture?

One of the key benefits of using GitOps is that it enables us to use a mono repository approach for deploying both add-ons and applications. This approach makes the upgrade process much smoother because we have a single location to look at for deprecated API versions and ensure that add-ons are backwards compatible.

By the end of this workshop, you will have a solid understanding of how to use GitOps with Fluxv2 and Karpenter to simplify the EKS Cluster upgrade process. We hope that this will help you to streamline your workflow and ensure that your infrastructure is always up-to-date and functioning smoothly. So, let's dive in and get started!

Navigating the repository

The top level repository can be split is to several areas.

Site content

The workshop content itself is a docusaurus site. All workshop content is written using Markdown and can be found in website.

Learner environment

To spin -up your learn environment, go to website page and follow the instructions to run your docussaurus website.

Locally deploy with terraform:

You will need to fork this repo.

Once forked, execute the install.sh (located in the root of this repo) script and fill te asked questions:

bash ./install.sh

When asked for tf_state_path leave it empty to provision all the components

After that you will need to uncomment lines 5 and 6 of gitops/add-ons/kustomization.yaml file

Then you can push the changes to your desired branch and flux will reconcile the changes

Security

See CONTRIBUTING for more information.

License

This project is licensed under the Apache-2.0 License.

eks-cluster-upgrades-workshop's People

Contributors

Stargazers

Watchers

Forkers

mohade09 fengtaojian allamand brenescoto rodrigobersa hpsvirk tiagoreichert pechung grungedi batscb82 ioz-fb nathaliasegoviam kevintl14 oscar070 scarras21 nayanen hantonel lihannnnn panlm gilvicarjo badrishs imoustak geekaholic rounoff alvinri-amazon perobertson pietro aidapsibr a-harvie mohann10 mylesw42 anandg112 trevorrae tylerasai devillecodes vdhanota orenmazor crogers1p havimaki-agilebits hookehooke l0ris demians12 thanacpr-git b3ll3-psh sugrajah guanwei gaojiandong0214 nitknk dnabic-aws trygve55 utkucan arsenid rsassoon msansan5 rresman84 tim-heaton kreppy iongion skatanski nikolaystoyanov manuel-alcocer k-teo evgeniyz mikeut mtretowski sebol fgarhoy yogendratamang48 ignastraskevicius-projects pawelnisz111 jkrmelj mariogomezc igh08191 antoinebon przemeksr oseasrodrigues msageth3 babywyrm fabiano-gtorres108 lusoal celestelin appendino apamildner lucasrf1984 joe1394 sukant9 enconti fbidanjiri hillipete pitalekunal sharonxiaohanli jzhaven nicoleekpark paulhaven gperez234 antonisnyc94 dougsc mphaven daddysharkfin larry-tewksbury

eks-cluster-upgrades-workshop's Issues

Using CodeCommit instead of GitHub

For the workshop's GitOps sections, we should be using CodeCommit instead of GitHub.

The way we have GitHub as part of the workshop today, specially using legacy tokens, adds to the complexity and maintainability of the workshop as a whole. Switching to CodeCommit would make the workshop more streamlined, easier to get started for customers, more secure and easier to maintain as well.

Feature: Workshop V2

Introduction
- Add new architecture (Showcasing Fargate) and diagrams that we have used on TFC summit
Setup
- Create you EKS cluster
  - Create EKS Cluster, change from eksctl to install.sh script to use terraform
GitOps
- Flux folder structure
  - Modify to add all the needed changes since we've added more manifests
- Flux reconciliation flow
  - Change from create an HPA manifest, (this will be already created).
  - To uncomment lines 5 and 6 in gitops/add-ons/kutomization.yaml, can use sed for that
Karpenter
- Karpenter Node Upgrade [RENAME] Karpenter during upgrades
  - Karpenter will be already running so need to change the output from all commands
- Enabling Karpenter [REMOVE]
  - Should merge this module with previous one and remove this one, since karpenter is already enable we just need to show the nodes that were provisioned by karpenter using labels, and how this is done with taint and tolerations
Validating State [RENAME] Validating APIs
- Validation pipeline with argo-workflows [NEW]
  - Run the pipeline to generate the report
- Pluto [RENAME] Validating Manifests
  - Remove that sed command since all the manifests will be already deployed
  - Merge Kubectl convert here https://eks-upgrades-workshop.netlify.app/docs/validating-state/validating-state4 (Convert deprecated API manifests)
  - Uncomment line 6 from gitops/applications/kustomization.yaml (To enable flux reconcile those manifests)
- Managed Add-on [RENAME] to Add-ons
  - Managed add-ons [NEW]
    - Remove the script usage and use this --> https://eks-upgrades-workshop.netlify.app/docs/upgrade-managed-addons/managed-addons-upgrade2
    - Already perform add-on upgrade --> https://eks-upgrades-workshop.netlify.app/docs/upgrade-managed-addons/managed-addons-upgrade3
  - Self-managed add-ons [NEW]
    - Use this to validate https://eks-upgrades-workshop.netlify.app/docs/validating-state/validating-state2#checking-for-deprecated-apis-within-helm-charts All of our add-ons are deployed using Helm Charts, also remember that is important to verify each add-on documentation.
- Kubectl convert [REMOVE]
- Applying your changes
  - Run the validation pipeline again
Control Plane [RENAME] Upgrade Control Plane
- Introduction
- Performing EKS Control Plane upgrade
  - Change that to use terraform instead of using eksctl
Nodes [RENAME] Upgrade Nodes
- Introduction
  - Add here that we are running all of our infrastructure pods on Fargate, so we don't need to upgrade any node a part from karpenter (Following module), also add links to AWS documentation on how to upgrade both self-managed and managed node groups
- Performing managed node groups upgrade [REMOVE]
Add-ons [REMOVE]
Karpenter Rollout
- PDB in action [REMOVE]
- Rollout nodes agressive PDB
  - Show here PDB kubectl -n default get pdb/nginx-pdb
- Adjusting PDB
- Rollout nodes with right PDB
Conclusion
Cleanup
- Change to terraform destroy

Adjust path to new branch on install.sh script and in environment/cf_path

For testing purposed install.sh is being downloaded from feat/workshop_v2 branch, and also in Environment module, the cloudformation that is being referenced is in feat/workshop_v2 branch. Once is in main, need to change it.

Karpenter node role error on CloudFormation setup

When using the CloudFormation template on self environments, the inline EOF policy created for Karpenter Role nodes fails with:

` [31m│�[0m �[0m�[1m�[31mError: �[0m�[0m�[1m"assume_role_policy" contains an invalid JSON policy: leading space characters are not allowed�[0m �[31m│�[0m �[0m �[31m│�[0m �[0m�[0m with aws_iam_role.karpenter_node_role, �[31m│�[0m �[0m on related_infra.tf line 7, in resource "aws_iam_role" "karpenter_node_role":