diff --git a/.circleci/config.yml b/.circleci/config.yml index 9f6da35f6..e12a3f87c 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,174 +1,92 @@ version: 2.1 -# Inline dd agent orb definition -orbs: - dd-agent: - commands: - setup: - description: "Installs and starts the Datadog Agent" - parameters: - api_key: - type: env_var_name - description: The name of the environmental variable containing the API key - default: DD_API_KEY - agent_major_version: - type: string - description: The major version of the agent to use - default: "7" - site: - type: string - description: The datadog site to send data to. If the environment variable DD_SITE is set that will take preference. - default: "datadoghq.com" - steps: - - run: - environment: - PARAM_DD_API_KEY: <> - PARAM_DD_AGENT_MAJOR_VERSION: <> - PARAM_DD_SITE: <> - name: Install and start the Datadog Agent - working_directory: /tmp - command: | - Install() { - PARAM_DD_API_KEY=$(eval echo "\$$PARAM_DD_API_KEY") - - if [[ -n "${DD_SITE}" ]]; then - PARAM_DD_SITE=${DD_SITE} - fi - - DD_API_KEY=${PARAM_DD_API_KEY} DD_AGENT_MAJOR_VERSION=${PARAM_DD_AGENT_MAJOR_VERSION} DD_SITE=${PARAM_DD_SITE} \ - DD_HOSTNAME="none" DD_INSTALL_ONLY="true" DD_APM_ENABLED="true" \ - bash -c "$(curl -L https://s3.amazonaws.com/dd-agent/scripts/install_script.sh)" - - if [ "$UID" = "0" ]; then export SUDO=''; else export SUDO='sudo'; fi - $SUDO find /etc/datadog-agent/conf.d/ -iname "*.yaml.default" -delete - $SUDO service datadog-agent start - - set +e - attempts=0 - - until [[ $attempts -eq 10 ]] || $SUDO datadog-agent health; do - attempts=$((attempts+1)) - sleep_time=$(( attempts*5 < 30 ? attempts*5 : 30 )) - echo "Waiting for agent to start up sleeping for ${sleep_time} seconds" - sleep $sleep_time - done - - if [[ $attempts -eq 10 ]]; then - echo "Could not start the agent" - exit 1 - else - echo "Agent is ready" - fi - } - - # Will not run if sourced for bats-core tests. - # View src/tests for more information. - ORB_TEST_ENV="bats-core" - if [ "${0#*$ORB_TEST_ENV}" == "$0" ]; then - Install - fi - stop: - description: "Gracefully stop the Datadog Agent" - steps: - - run: - when: always - name: Gracefully stop the Datadog Agent - command: | - StopAgent() { - if [ "$UID" = "0" ]; then export SUDO=''; else export SUDO='sudo'; fi - $SUDO service datadog-agent stop - } - - - # Will not run if sourced for bats-core tests. - # View src/tests for more information. - ORB_TEST_ENV="bats-core" - if [ "${0#*$ORB_TEST_ENV}" == "$0" ]; then - StopAgent - fi - # workflow jobs definition jobs: prepare_env: # job to prepare build environment docker: - - image: ${AWS_ACCOUNT_ID}.dkr.ecr.us-west-2.amazonaws.com/devops/ci/base:latest + - image: 411466821576.dkr.ecr.us-west-2.amazonaws.com/devops/ci/packer:0.0.1 working_directory: ~/aws_ecr_ami steps: - checkout: path: ~/aws_ecr_ami - - dd-agent/setup - - run: - name: Prepare env for build - command: echo 'export BUILD_TAG="${CIRCLE_BRANCH}-${CIRCLE_BUILD_NUM}-$(git rev-parse --verify HEAD | cut -c1-8)"' >> ${BASH_ENV} - persist_to_workspace: root: "~" paths: - aws_ecr_ami - - dd-agent/stop validate: - # job to validate aws ecr ami image docker: - - image: ${AWS_ACCOUNT_ID}.dkr.ecr.us-west-2.amazonaws.com/devops/ci/base:latest + - image: 411466821576.dkr.ecr.us-west-2.amazonaws.com/devops/ci/packer:0.0.1 steps: - attach_workspace: at: . - - dd-agent/setup - run: name: Packer Validate command: cd aws_ecr_ami && make -e -j2 all-validate - - dd-agent/stop build: - # job to build aws ecr ami image docker: - - image: ${AWS_ACCOUNT_ID}.dkr.ecr.us-west-2.amazonaws.com/devops/ci/base:latest + - image: 411466821576.dkr.ecr.us-west-2.amazonaws.com/devops/ci/packer:0.0.1 steps: - attach_workspace: at: . - - dd-agent/setup + - run: + name: Prepare BUILD_TAG env + command: | + NORMALIZED_BRANCH_NAME=$(echo ${CIRCLE_BRANCH} | sed 's/[^a-zA-Z0-9]/-/g' | cut -c 1-50) + echo "export BUILD_TAG=${NORMALIZED_BRANCH_NAME}-${CIRCLE_BUILD_NUM}-${CIRCLE_SHA1::7}" >> ${BASH_ENV} - run: name: Packer build # AWS sometimes take really long to finish ami build. - # By default, Crircle CI have 10 minutes timeout without response, + # By default, Circle CI have 10 minutes timeout without response, # so we must extend that timeout limit to be sure that ami build can pass no_output_timeout: 60m command: cd aws_ecr_ami && make -e -j2 all - - dd-agent/stop - mock-test: - # Mock test to trigger integration with datadog - docker: - - image: ${AWS_ACCOUNT_ID}.dkr.ecr.us-west-2.amazonaws.com/devops/ci/base:latest - steps: - - attach_workspace: - at: . - - dd-agent/setup - - run: - name: Dummy test - command: | - python3 -m venv venv - source venv/bin/activate - pip install pytest ddtrace - DD_SERVICE=${DD_SERVICE} DD_ENV=${DD_ENV} pytest test.py --ddtrace - - dd-agent/stop workflows: aws_eks_ami: jobs: - prepare_env: - context: CICD + context: AWS_OPERATIONS_DEV_0 - validate: - context: CICD + name: validate main + context: + - AWS_OPERATIONS_0 + - PACKER_OPERATIONS_0 + filters: + branches: + only: + - main + requires: + - prepare_env + - validate: + name: validate dev + context: + - AWS_OPERATIONS_DEV_0 + - PACKER_OPERATIONS_DEV_0 + filters: + branches: + only: + - dev requires: - prepare_env - build: - context: CICD + name: build main + context: + - AWS_OPERATIONS_0 + - PACKER_OPERATIONS_0 requires: - - validate + - validate main filters: branches: only: - - master - - mock-test: - context: CICD + - main + - build: + name: build dev + context: + - AWS_OPERATIONS_DEV_0 + - PACKER_OPERATIONS_DEV_0 requires: - - validate - - build + - validate dev + filters: + branches: + only: + - dev diff --git a/Makefile b/Makefile index a20596403..ab32a295c 100644 --- a/Makefile +++ b/Makefile @@ -11,6 +11,21 @@ PACKER_BINARY = docker run -v /mnt/credentials:/root/.aws/credentials \ 876270261134.dkr.ecr.us-west-2.amazonaws.com/devops/packer:1.6.1 PACKER_VARIABLES := aws_region ami_name binary_bucket_name binary_bucket_region kubernetes_version kubernetes_build_date kernel_version docker_version containerd_version runc_version cni_plugin_version source_ami_id source_ami_owners source_ami_filter_name arch instance_type security_group_id additional_yum_repos pull_cni_from_github sonobuoy_e2e_registry build_tag encrypted +ifndef VPC_ID + $(error VPC_ID is undefined) +endif + +ifndef SUBNET_ID + $(error SUBNET_ID is undefined) +endif + +ifndef AMI_USERS + $(error AMI_USERS is undefined) +endif + +ifndef KMS_KEY_ID + $(error KMS_KEY_ID is undefined) +endif #PACKER_BINARY ?= packer #PACKER_VARIABLES := aws_region ami_name binary_bucket_name binary_bucket_region kubernetes_version kubernetes_build_date kernel_version docker_version containerd_version runc_version cni_plugin_version source_ami_id source_ami_owners source_ami_filter_name arch instance_type security_group_id additional_yum_repos pull_cni_from_github sonobuoy_e2e_registry @@ -43,9 +58,11 @@ T_YELLOW := \e[0;33m T_RESET := \e[0m .PHONY: all 1.18 1.19 1.20 1.21 1.22 -all: 1.21 -all-validate: 1.21 +all: 1.22-build + +all-validate: 1.22-validate + .PHONY: k8s k8s: validate @@ -70,16 +87,24 @@ k8s: validate 1.20-build: $(MAKE) ci-build kubernetes_version=1.20.11 kubernetes_build_date=2021-11-10 pull_cni_from_github=true -.PHONY: 1.21 -1.21: +.PHONY: 1.21-validate +1.21-validate: + $(MAKE) ci-validate kubernetes_version=1.21.14 kubernetes_build_date=2022-10-31 pull_cni_from_github=true + +.PHONY: 1.21-build +1.21-build: $(MAKE) ci-build kubernetes_version=1.21.14 kubernetes_build_date=2022-10-31 pull_cni_from_github=true -.PHONY: 1.22 -1.22: - $(MAKE) ci-build kubernetes_version=1.22.6 kubernetes_build_date=2022-03-09 pull_cni_from_github=true +.PHONY: 1.22-validate +1.22-validate: + $(MAKE) ci-validate kubernetes_version=1.22.17 kubernetes_build_date=2023-01-30 pull_cni_from_github=true + +.PHONY: 1.22-build +1.22-build: + $(MAKE) ci-build kubernetes_version=1.22.17 kubernetes_build_date=2023-01-30 pull_cni_from_github=true # Circle CI pipeline -.PHONY: ci-valiedate +.PHONY: ci-validate ci-validate: $(P) validate $(foreach packerVar,$(PACKER_VARIABLES), $(if $($(packerVar)),--var $(packerVar)='$($(packerVar))',)) eks-worker-al2.json diff --git a/eks-worker-al2.json b/eks-worker-al2.json index 78dc24183..6616d2bbf 100644 --- a/eks-worker-al2.json +++ b/eks-worker-al2.json @@ -4,7 +4,7 @@ "ami_name": null, "creator": "{{env `USER`}}", "encrypted": "false", - "kms_key_id": "", + "kms_key_id": "{{env `KMS_KEY_ID`}}", "aws_access_key_id": "{{env `AWS_ACCESS_KEY_ID`}}", "aws_secret_access_key": "{{env `AWS_SECRET_ACCESS_KEY`}}", "aws_session_token": "{{env `AWS_SESSION_TOKEN`}}", @@ -15,7 +15,7 @@ "kernel_version": "", "docker_version": "20.10.17-1.amzn2.0.1", "containerd_version": "1.6.6-1.amzn2.0.2", - "runc_version": "1.1.3-1.amzn2.0.2", + "runc_version": "1.1.4-1.amzn2", "cni_plugin_version": "v0.8.6", "pull_cni_from_github": "true", "source_ami_id": "", @@ -30,10 +30,11 @@ "temporary_security_group_source_cidrs": "", "security_group_id": "", "associate_public_ip_address": "", - "subnet_id": "", + "vpc_id": "{{env `VPC_ID`}}", + "subnet_id": "{{env `SUBNET_ID`}}", "remote_folder": "", "launch_block_device_mappings_volume_size": "4", - "ami_users": "", + "ami_users": "{{env `AMI_USERS`}}", "additional_yum_repos": "", "sonobuoy_e2e_registry": "" }, @@ -84,12 +85,21 @@ "encrypt_boot": "{{user `encrypted`}}", "kms_key_id": "{{user `kms_key_id`}}", "run_tags": { - "creator": "{{user `creator`}}" + "creator": "{{user `creator`}}", + "Creator": "Packer" }, + "run_volume_tags":{ + "Creator": "Packer" + }, + "snapshot_tags": { + "Creator": "Packer" + }, + "vpc_id": "{{user `vpc_id`}}", "subnet_id": "{{user `subnet_id`}}", "tags": { "Name": "{{user `ami_name`}}", "created": "{{timestamp}}", + "Creator": "Packer", "docker_version": "{{ user `docker_version`}}", "containerd_version": "{{ user `containerd_version`}}", "source_ami_id": "{{ user `source_ami_id`}}",