From 0fec1045cf1bce0d92ffc30c0eb87a39d67ed939 Mon Sep 17 00:00:00 2001 From: Jeff Nelson Date: Thu, 2 Feb 2023 22:38:04 +0000 Subject: [PATCH] cherry-pick #2251, #2226, #2187, #2201, #1794 --- .github/workflows/release.yaml | 7 +- Makefile | 10 ++- charts/aws-vpc-cni/README.md | 1 - charts/aws-vpc-cni/templates/daemonset.yaml | 4 +- charts/cni-metrics-helper/Chart.yaml | 34 ++++----- charts/cni-metrics-helper/README.md | 81 +++++++++++++++++++++ charts/cni-metrics-helper/values.yaml | 3 + scripts/generate-cni-yaml.sh | 6 +- scripts/sync-to-config-folder.sh | 5 +- scripts/sync-to-eks-charts.sh | 16 ++-- scripts/upload-resources-to-github.sh | 1 - 11 files changed, 129 insertions(+), 39 deletions(-) create mode 100644 charts/cni-metrics-helper/README.md diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 4d01c48719..e2f391eea4 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,6 +1,8 @@ name: VPC CNI Release -on: [push, workflow_dispatch] +on: + release: + types: [published] permissions: contents: read @@ -11,11 +13,12 @@ env: jobs: release: - if: github.event_name == 'push' && contains(github.ref, 'refs/tags/') runs-on: ubuntu-latest steps: - name: Checkout latest commit in the PR uses: actions/checkout@v3 + with: + ref: "refs/tags/{{ github.event.release.tag_name }}" - name: Set up Go uses: actions/setup-go@v3 with: diff --git a/Makefile b/Makefile index 6609ee1d92..b9f5d1569c 100644 --- a/Makefile +++ b/Makefile @@ -39,7 +39,7 @@ METRICS_IMAGE = amazon/cni-metrics-helper METRICS_IMAGE_NAME = $(METRICS_IMAGE)$(IMAGE_ARCH_SUFFIX):$(VERSION) METRICS_IMAGE_DIST = $(DESTDIR)/$(subst /,_,$(METRICS_IMAGE_NAME)).tar.gz REPO_FULL_NAME=aws/amazon-vpc-cni-k8s -HELM_CHART_NAME ?= "aws-vpc-cni" +HELM_CHART_NAMES ?= "aws-vpc-cni" "cni-metrics-helper" # TEST_IMAGE is the testing environment container image. TEST_IMAGE = amazon-k8s-cni-test TEST_IMAGE_NAME = $(TEST_IMAGE)$(IMAGE_ARCH_SUFFIX):$(VERSION) @@ -341,10 +341,14 @@ generate-limits: ## Generate limit file go code go run $(VENDOR_OVERRIDE_FLAG) scripts/gen_vpc_ip_limits.go ekscharts-sync: - ${MAKEFILE_PATH}/scripts/sync-to-eks-charts.sh -b ${HELM_CHART_NAME} -r ${REPO_FULL_NAME} + for HELM_CHART_NAME in $(HELM_CHART_NAMES) ; do \ + ${MAKEFILE_PATH}/scripts/sync-to-eks-charts.sh -b $$HELM_CHART_NAME -r ${REPO_FULL_NAME} ; \ + done ekscharts-sync-release: - ${MAKEFILE_PATH}/scripts/sync-to-eks-charts.sh -b ${HELM_CHART_NAME} -r ${REPO_FULL_NAME} -n -y + for HELM_CHART_NAME in $(HELM_CHART_NAMES) ; do \ + ${MAKEFILE_PATH}/scripts/sync-to-eks-charts.sh -b $$HELM_CHART_NAME -r ${REPO_FULL_NAME} -n -y ; \ + done upload-resources-to-github: ${MAKEFILE_PATH}/scripts/upload-resources-to-github.sh diff --git a/charts/aws-vpc-cni/README.md b/charts/aws-vpc-cni/README.md index a7bb122b9d..cd22b15999 100644 --- a/charts/aws-vpc-cni/README.md +++ b/charts/aws-vpc-cni/README.md @@ -91,7 +91,6 @@ WARNING: Substitute YOUR_HELM_RELEASE_NAME_HERE with the name of your helm relea set -euo pipefail -# don't import the crd. Helm cant manage the lifecycle of it anyway. for kind in daemonSet clusterRole clusterRoleBinding serviceAccount; do echo "setting annotations and labels on $kind/aws-node" kubectl -n kube-system annotate --overwrite $kind aws-node meta.helm.sh/release-name=YOUR_HELM_RELEASE_NAME_HERE diff --git a/charts/aws-vpc-cni/templates/daemonset.yaml b/charts/aws-vpc-cni/templates/daemonset.yaml index 261480ad5c..a78fdad500 100644 --- a/charts/aws-vpc-cni/templates/daemonset.yaml +++ b/charts/aws-vpc-cni/templates/daemonset.yaml @@ -91,8 +91,8 @@ spec: - mountPath: /host/etc/cni/net.d name: cni-net-dir {{- if .Values.cniConfig.enabled }} - # the dockerfile copies the baked in config to this location, lets overwrite it with ours - # the entrypoint.sh script will then copy our config to /host/etc/cni/net.d on boot + # The dockerfile copies the baked in config to this location, so overwrite it with ours. + # The entrypoint process will then copy our config to /host/etc/cni/net.d on boot. - name: cni-config mountPath: /app/10-aws.conflist subPath: 10-aws.conflist diff --git a/charts/cni-metrics-helper/Chart.yaml b/charts/cni-metrics-helper/Chart.yaml index 81393fbbea..b3cf0693a3 100644 --- a/charts/cni-metrics-helper/Chart.yaml +++ b/charts/cni-metrics-helper/Chart.yaml @@ -1,23 +1,19 @@ apiVersion: v2 name: cni-metrics-helper -description: A Helm chart for Kubernetes - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) version: 0.1.16 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. appVersion: v1.12.2 +description: A Helm chart for the AWS VPC CNI Metrics Helper +icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png +home: https://github.com/aws/amazon-vpc-cni-k8s +sources: + - https://github.com/aws/amazon-vpc-cni-k8s +keywords: + - eks + - cni + - networking + - vpc +maintainers: + - name: Jayanth Varavani + url: https://github.com/jayanthvn + email: jayanthvn@users.noreply.github.com +engine: gotpl diff --git a/charts/cni-metrics-helper/README.md b/charts/cni-metrics-helper/README.md new file mode 100644 index 0000000000..eb5a1bf081 --- /dev/null +++ b/charts/cni-metrics-helper/README.md @@ -0,0 +1,81 @@ +# CNI METRICS HELPER + +This chart provides a Kubernetes deployment for the Amazon VPC CNI Metrics Helper, which is used to collect metrics for the Amazon VPC CNI plugin for Kubernetes. + +## Prerequisites + +- Kubernetes 1.11+ running on AWS +- Helm 3.0+ + +## Installing the Chart + +First add the EKS repository to Helm: + +```shell +helm repo add eks https://aws.github.io/eks-charts +``` + +To install the chart with the release name `cni-metrics-helper` and default configuration: + +```shell +$ helm install cni-metrics-helper --namespace kube-system eks/cni-metrics-helper +``` + +To install manually, clone the Amazon VPC CNI for Kubernetes repository to your local machine: + +```shell +$ git clone https://github.com/aws/amazon-vpc-cni-k8s.git +``` + +Use the helm install command to install the chart into your Kubernetes cluster: + +```shell +$ helm install cni-metrics-helper --namespace kube-system ./charts/cni-metrics-helper +``` + +To uninstall: + +```shell +$ helm uninstall cni-metrics-helper --namespace kube-system +``` + +## Configuration + +The following table lists the configurable parameters for this chart and their default values. + +| Parameter | Description | Default | +|------------------------------|---------------------------------------------------------------|--------------------| +| fullnameOverride | Override the fullname of the chart | cni-metrics-helper | +| image.region | ECR repository region to use. Should match your cluster | us-west-2 | +| image.tag | Image tag | v1.12.2 | +| image.account | ECR repository account number | 602401143452 | +| image.domain | ECR repository domain | amazonaws.com | +| env.USE_CLOUDWATCH | Whether to export CNI metrics to CloudWatch | true | +| env.AWS_CLUSTER_ID | ID of the cluster to use when exporting metrics to CloudWatch | default | +| env.AWS_VPC_K8S_CNI_LOGLEVEL | Log verbosity level (ie. FATAL, ERROR, WARN, INFO, DEBUG) | INFO | +| serviceAccount.name | The name of the ServiceAccount to use | nil | +| serviceAccount.create | Specifies whether a ServiceAccount should be created | true | +| serviceAccount.annotations | Specifies the annotations for ServiceAccount | {} | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install` or provide a YAML file containing the values for the above parameters: + +```shell +$ helm install cni-metrics-handler --namespace kube-system eks/cni-metrics-handler --values values.yaml +``` + +Manual install: +```shell +$ helm install cni-metrics-helper --namespace kube-system ./charts/cni-metrics-helper --values values.yaml +``` + +## Resources + +| Parameter | Description | Default | +|---------------------------|------------------------------------------------|---------| +| resources | Resources for the pods. | `{}` | + +For example, to set a CPU limit of 200m and a memory limit of 256Mi for the cni-metrics-helper pods, you can use the following command: + +```shell +$ helm install cni-metrics-helper ./charts/cni-metrics-helper --namespace kube-system --set resources.limits.cpu=200m,resources.limits.memory=256Mi +``` diff --git a/charts/cni-metrics-helper/values.yaml b/charts/cni-metrics-helper/values.yaml index 5c7ee72d77..af3f6cd605 100644 --- a/charts/cni-metrics-helper/values.yaml +++ b/charts/cni-metrics-helper/values.yaml @@ -13,6 +13,7 @@ image: env: USE_CLOUDWATCH: "true" AWS_CLUSTER_ID: "" + AWS_VPC_K8S_CNI_LOGLEVEL: "INFO" fullnameOverride: "cni-metrics-helper" @@ -24,3 +25,5 @@ serviceAccount: name: annotations: {} # eks.amazonaws.com/role-arn: arn:aws:iam::AWS_ACCOUNT_ID:role/IAM_ROLE_NAME + +resources: {} diff --git a/scripts/generate-cni-yaml.sh b/scripts/generate-cni-yaml.sh index 5ee261a01c..24c4fb1e0c 100755 --- a/scripts/generate-cni-yaml.sh +++ b/scripts/generate-cni-yaml.sh @@ -4,7 +4,7 @@ set -euo pipefail SCRIPTPATH="$( cd "$(dirname "$0")" ; pwd -P )" PLATFORM=$(uname | tr '[:upper:]' '[:lower:]') -HELM_VERSION="3.6.3" +HELM_VERSION="3.11.0" NAMESPACE="kube-system" MAKEFILEPATH=$SCRIPTPATH/../Makefile @@ -94,7 +94,7 @@ jq -c '.[]' $REGIONS_FILE | while read i; do mv $BUILD_DIR/helm_annotations_removed.yaml $NEW_METRICS_RESOURCES_YAML done -$BUILD_DIR/helm template --include-crds \ +$BUILD_DIR/helm template aws-vpc-cni --include-crds \ --namespace $NAMESPACE \ --output-dir $INDV_RESOURCES_DIR/ \ $SCRIPTPATH/../charts/aws-vpc-cni/ @@ -104,7 +104,7 @@ for i in $INDV_RESOURCES_DIR/aws-vpc-cni/templates/*; do mv $BUILD_DIR/helm_annotations_removed.yaml $i done -$BUILD_DIR/helm template \ +$BUILD_DIR/helm template cni-metrics-helper \ --namespace $NAMESPACE \ --output-dir $INDV_RESOURCES_DIR/ \ $SCRIPTPATH/../charts/cni-metrics-helper/ diff --git a/scripts/sync-to-config-folder.sh b/scripts/sync-to-config-folder.sh index 06368c0568..c6310fdd85 100755 --- a/scripts/sync-to-config-folder.sh +++ b/scripts/sync-to-config-folder.sh @@ -2,7 +2,6 @@ set -euo pipefail set +x - SCRIPTPATH="$( cd "$(dirname "$0")" ; pwd -P )" BUILD_DIR="${SCRIPTPATH}/../build" @@ -17,7 +16,7 @@ BINARY_BASE="" INCLUDE_NOTES=0 MANUAL_VERIFY=1 -GH_CLI_VERSION="0.10.1" +GH_CLI_VERSION="2.22.1" GH_CLI_CONFIG_PATH="${HOME}/.config/gh/config.yml" KERNEL=$(uname -s | tr '[:upper:]' '[:lower:]') OS="${KERNEL}" @@ -180,4 +179,4 @@ git push -u origin "${FORK_RELEASE_BRANCH}":$RELEASE_BRANCH gh pr create --title "🥳 ${BINARY_BASE} ${VERSION} Automated manifest sync! 🥑" \ --body "${PR_BODY}" --repo ${REPO} --base ${RELEASE_BRANCH} -echo "✅ Manifest folder PR created for $RELEASE_BRANCH" +echo "Manifest folder PR created for ${RELEASE_BRANCH}" diff --git a/scripts/sync-to-eks-charts.sh b/scripts/sync-to-eks-charts.sh index 3d86dfa676..18d9706c89 100755 --- a/scripts/sync-to-eks-charts.sh +++ b/scripts/sync-to-eks-charts.sh @@ -6,13 +6,12 @@ SCRIPTPATH="$( cd "$(dirname "$0")" ; pwd -P )" BUILD_DIR="${SCRIPTPATH}/../build" REPO="aws/amazon-vpc-cni-k8s" -HELM_CHART_NAME="aws-vpc-cni" +HELM_CHART_NAME=${HELM_CHART_NAME:-'aws-vpc-cni'} HELM_CHART_BASE_BIR="${SCRIPTPATH}/../charts" CHARTS_REPO="aws/eks-charts" CHARTS_REPO_NAME=$(echo ${CHARTS_REPO} | cut -d'/' -f2) -HELM_CHART_DIR="${HELM_CHART_BASE_BIR}/${HELM_CHART_NAME}" PR_ID=$(uuidgen | cut -d '-' -f1) SYNC_DIR="${BUILD_DIR}/eks-charts-sync" @@ -22,7 +21,7 @@ BINARY_BASE="" INCLUDE_NOTES=0 MANUAL_VERIFY=1 -GH_CLI_VERSION="0.10.1" +GH_CLI_VERSION="2.22.1" GH_CLI_CONFIG_PATH="${HOME}/.config/gh/config.yml" KERNEL=$(uname -s | tr '[:upper:]' '[:lower:]') OS="${KERNEL}" @@ -30,7 +29,7 @@ if [[ "${KERNEL}" == "darwin" ]]; then OS="macOS" fi -VERSION=$(make -s -f "${SCRIPTPATH}/../Makefile" version) +VERSION=$(echo $(make -s -f "${SCRIPTPATH}/../Makefile" version) | cut -d'-' -f1) USAGE=$(cat << EOM Usage: sync-to-eks-charts -r @@ -54,6 +53,7 @@ while getopts b:r:ny opt; do REPO="$OPTARG" ;; b ) # binary basename + HELM_CHART_NAME="$OPTARG" BINARY_BASE="$OPTARG" ;; n ) # Include release notes @@ -74,6 +74,13 @@ if [[ -n "${BINARY_BASE}" ]]; then HELM_CHART_NAME=${BINARY_BASE} fi +if [[ "$HELM_CHART_NAME" =~ ^(aws-vpc-cni|cni-metrics-helper)$ ]]; then + echo "starting to sync chart $HELM_CHART_NAME" +else + echo "invalid chart name, quit the script" + exit 0 +fi + if [[ -z "${REPO}" ]]; then echo "Repo (-r) must be specified if no \"make repo-full-name\" target exists" fi @@ -123,7 +130,6 @@ cd "${FORK_DIR}" git remote set-url origin https://"${GITHUB_USERNAME}":"${GITHUB_TOKEN}"@github.com/"${GITHUB_USERNAME}"/"${CHARTS_REPO_NAME}".git DEFAULT_BRANCH=$(git rev-parse --abbrev-ref HEAD | tr -d '\n') - if diff -x ".*" -r "$HELM_CHART_DIR/" "${FORK_DIR}/stable/${HELM_CHART_NAME}/" &> /dev/null ; then echo " ✅ Charts already in sync; no updates needed" exit diff --git a/scripts/upload-resources-to-github.sh b/scripts/upload-resources-to-github.sh index 4ed62bc0a9..2fed020a55 100755 --- a/scripts/upload-resources-to-github.sh +++ b/scripts/upload-resources-to-github.sh @@ -6,7 +6,6 @@ set -euo pipefail SCRIPTPATH="$( cd "$(dirname "$0")" ; pwd -P )" VERSION=$(make -s -f $SCRIPTPATH/../Makefile version) BUILD_DIR=$SCRIPTPATH/../build/cni-rel-yamls/$VERSION -BINARY_DIR=$SCRIPTPATH/../build/bin CNI_TAR_RESOURCES_FILE=$BUILD_DIR/cni_individual-resources.tar METRICS_TAR_RESOURCES_FILE=$BUILD_DIR/cni_metrics_individual-resources.tar