From 95def33db96c55a640fba4df5bdfbcc3a179d8ac Mon Sep 17 00:00:00 2001 From: Justin Brooks Date: Mon, 8 Jan 2024 10:28:42 -0500 Subject: [PATCH 01/13] feat!: Init operator (#154) * operator module * pass license * Update main.tf * fix: Allow for inbound-cidrs for the ALB * Disabling otel per DD potential Conflict * Revert "fix: Allow for inbound-cidrs for the ALB" This reverts commit 3cb558b0f481ebef424fedb07861d5744ee34c83. * fixing a bug, can't quote the list of CIDRs * fxing MR mistake * Update main.tf * Add extra envs * testing tf change * removing test tf change * adding efs-csi-driver for weave * adding efs-csi-driver policy for weave * adding efs-csi-driver policy for weave and fmting * namespacing fix * fixing arn * updating policy * updates for weave EFS storage class * remove debug block * fix a provider error * removing name * updating sg name * refactor to app-eks * adding aws_security_group_rule * adding aws_security_group_rule * adding aws_security_group_rule * weird spacing issue * weird spacing issue * Fix bucket kms key arn for external buckets * fixing the username->user typo --------- Co-authored-by: Zachary Blasczyk Co-authored-by: Zachary Blasczyk <77289967+wandb-zacharyblasczyk@users.noreply.github.com> --- main.tf | 130 ++++++++++--------- modules/app_eks/efs.tf | 41 ++++++ modules/app_eks/external_dns/external_dns.tf | 4 +- modules/app_eks/external_dns/variables.tf | 2 +- modules/app_eks/iam-policy-docs.tf | 2 +- modules/app_eks/iam-role-attachments.tf | 5 + modules/app_eks/lb_controller/controller.tf | 2 +- modules/app_eks/lb_controller/variables.tf | 2 +- modules/app_eks/main.tf | 18 +-- modules/app_eks/outputs.tf | 13 +- modules/file_storage/outputs.tf | 2 +- modules/networking/main.tf | 4 +- outputs.tf | 1 - variables.tf | 13 +- 14 files changed, 155 insertions(+), 84 deletions(-) create mode 100644 modules/app_eks/efs.tf diff --git a/main.tf b/main.tf index 4cb49865b..6729136ae 100644 --- a/main.tf +++ b/main.tf @@ -183,62 +183,74 @@ module "redis" { kms_key_arn = local.kms_key_arn } -# Comming soon! -# module "wandb" { -# source = "wandb/wandb/helm" -# version = "1.2.0" - -# depends_on = [ -# module.database, -# module.app_eks, -# module.redis, -# ] - -# operator_chart_version = "1.1.0" -# controller_image_tag = "1.10.1" - -# spec = { -# values = { -# global = { -# host = local.url -# license = var.license - -# bucket = { -# provider = "s3" -# name = local.bucket_name -# region = data.aws_s3_bucket.file_storage.region -# kmsKey = local.kms_key_arn -# } - -# mysql = { -# host = module.database.endpoint -# password = module.database.password -# username = module.database.username -# database = module.database.database_name -# port = module.database.port -# } - -# redis = { -# host = module.redis.0.host -# port = "${module.redis.0.port}?tls=true" -# } -# } - -# ingress = { -# class = "alb" - -# annotations = { -# "alb.ingress.kubernetes.io/load-balancer-name" = "${var.namespace}-alb-k8s" -# "alb.ingress.kubernetes.io/inbound-cidrs" = "0.0.0.0/0" -# "alb.ingress.kubernetes.io/scheme" = "internet-facing" -# "alb.ingress.kubernetes.io/target-type" = "ip" -# "alb.ingress.kubernetes.io/listen-ports" = "[{\\\"HTTPS\\\": 443}]" -# "alb.ingress.kubernetes.io/certificate-arn" = local.acm_certificate_arn -# } -# } - -# mysql = { install = false } -# redis = { install = false } -# } -# } -# } +module "wandb" { + source = "wandb/wandb/helm" + version = "1.2.0" + + depends_on = [ + module.database, + module.app_eks, + module.redis, + ] + operator_chart_version = "1.1.0" + controller_image_tag = "1.10.1" + + spec = { + values = { + global = { + host = local.url + license = var.license + + extraEnv = var.other_wandb_env + + bucket = { + provider = "s3" + name = local.bucket_name + region = data.aws_s3_bucket.file_storage.region + kmsKey = local.use_external_bucket ? var.bucket_kms_key_arn : local.kms_key_arn + } + + mysql = { + host = module.database.endpoint + password = module.database.password + user = module.database.username + database = module.database.database_name + port = module.database.port + } + + redis = { + host = module.redis.0.host + port = "${module.redis.0.port}?tls=true" + } + } + + ingress = { + class = "alb" + + annotations = { + "alb.ingress.kubernetes.io/load-balancer-name" = "${var.namespace}-alb-k8s" + "alb.ingress.kubernetes.io/inbound-cidrs" = <<-EOF + ${join("\\,", var.allowed_inbound_cidr)} + EOF + "alb.ingress.kubernetes.io/scheme" = "internet-facing" + "alb.ingress.kubernetes.io/target-type" = "ip" + "alb.ingress.kubernetes.io/listen-ports" = "[{\\\"HTTPS\\\": 443}]" + "alb.ingress.kubernetes.io/certificate-arn" = local.acm_certificate_arn + } + } + + mysql = { install = false } + redis = { install = false } + + weave = { + persistence = { + provider = "efs" + efs = { + fileSystemId = module.app_eks.efs_id + } + + } + } + } + } +} diff --git a/modules/app_eks/efs.tf b/modules/app_eks/efs.tf new file mode 100644 index 000000000..1cfcbe47e --- /dev/null +++ b/modules/app_eks/efs.tf @@ -0,0 +1,41 @@ +resource "random_pet" "efs" { + length = 2 +} + +resource "aws_efs_file_system" "storage_class" { + creation_token = "${var.namespace}-${random_pet.efs.id}" + encrypted = true + performance_mode = "generalPurpose" + throughput_mode = "elastic" +} + +resource "aws_efs_backup_policy" "storage_class" { + file_system_id = aws_efs_file_system.storage_class.id + + backup_policy { + status = "DISABLED" + } +} + +resource "aws_security_group" "storage_class_nfs" { + name = "${var.namespace}-${random_pet.efs.id}" + description = "Security group for NFS traffic" + vpc_id = var.network_id +} + +resource "aws_security_group_rule" "nfs_ingress" { + description = "NFS inbound" + type = "ingress" + from_port = 2049 + to_port = 2049 + protocol = "tcp" + security_group_id = aws_security_group.storage_class_nfs.id + source_security_group_id = aws_security_group.primary_workers.id +} + +resource "aws_efs_mount_target" "storage_class" { + for_each = { for subnet in var.network_private_subnets : subnet => subnet } + file_system_id = aws_efs_file_system.storage_class.id + subnet_id = each.value + security_groups = [aws_security_group.storage_class_nfs.id] +} diff --git a/modules/app_eks/external_dns/external_dns.tf b/modules/app_eks/external_dns/external_dns.tf index 15f826aeb..f71aefd3e 100644 --- a/modules/app_eks/external_dns/external_dns.tf +++ b/modules/app_eks/external_dns/external_dns.tf @@ -21,7 +21,7 @@ resource "helm_release" "external_dns" { } set { - name = "domainFilters[0]" + name = "domainFilters[0]" value = var.fqdn } @@ -29,4 +29,4 @@ resource "helm_release" "external_dns" { name = "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn" value = aws_iam_role.default.arn } -} \ No newline at end of file +} diff --git a/modules/app_eks/external_dns/variables.tf b/modules/app_eks/external_dns/variables.tf index 4e33cb7fa..0626c3d25 100644 --- a/modules/app_eks/external_dns/variables.tf +++ b/modules/app_eks/external_dns/variables.tf @@ -1,5 +1,5 @@ variable "namespace" { - type = string + type = string } variable "oidc_provider" { diff --git a/modules/app_eks/iam-policy-docs.tf b/modules/app_eks/iam-policy-docs.tf index 5399aef06..4e7f27b48 100644 --- a/modules/app_eks/iam-policy-docs.tf +++ b/modules/app_eks/iam-policy-docs.tf @@ -68,7 +68,7 @@ data "aws_iam_policy_document" "secrets_manager" { "secretsmanager:GetSecretValue", "secretsmanager:DeleteSecretVersion" ] - effect = "Allow" + effect = "Allow" resources = ["arn:aws:secretsmanager:*:${data.aws_caller_identity.current.account_id}:secret:${var.namespace}*"] } } diff --git a/modules/app_eks/iam-role-attachments.tf b/modules/app_eks/iam-role-attachments.tf index 938ad34b6..e82fe63b1 100644 --- a/modules/app_eks/iam-role-attachments.tf +++ b/modules/app_eks/iam-role-attachments.tf @@ -28,6 +28,11 @@ resource "aws_iam_role_policy_attachment" "eks_cni" { policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy" } +resource "aws_iam_role_policy_attachment" "eks_efs" { + role = aws_iam_role.node.name + policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEFSCSIDriverPolicy" +} + resource "aws_iam_role_policy_attachment" "eks_worker_node" { role = aws_iam_role.node.name policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy" diff --git a/modules/app_eks/lb_controller/controller.tf b/modules/app_eks/lb_controller/controller.tf index e6a572f04..eff2042c6 100644 --- a/modules/app_eks/lb_controller/controller.tf +++ b/modules/app_eks/lb_controller/controller.tf @@ -3,7 +3,7 @@ resource "helm_release" "aws_load_balancer_controller" { repository = "https://aws.github.io/eks-charts" chart = "aws-load-balancer-controller" namespace = "kube-system" - version = "1.6.1" + version = "1.6.2" set { name = "clusterName" diff --git a/modules/app_eks/lb_controller/variables.tf b/modules/app_eks/lb_controller/variables.tf index be3e27a47..49fe5944b 100644 --- a/modules/app_eks/lb_controller/variables.tf +++ b/modules/app_eks/lb_controller/variables.tf @@ -1,5 +1,5 @@ variable "namespace" { - type = string + type = string } variable "oidc_provider" { diff --git a/modules/app_eks/main.tf b/modules/app_eks/main.tf index d58211b4e..063ff7295 100644 --- a/modules/app_eks/main.tf +++ b/modules/app_eks/main.tf @@ -15,6 +15,16 @@ resource "aws_eks_addon" "eks" { ] } +resource "aws_eks_addon" "efs" { + cluster_name = module.eks.cluster_id + addon_name = "aws-efs-csi-driver" + addon_version = "v1.7.1-eksbuild.1" # Ensure this version is compatible + resolve_conflicts = "OVERWRITE" + depends_on = [ + module.eks + ] +} + # removed due to conflict with # AWS Load Balancer Controller # being installed with Helm. @@ -25,14 +35,6 @@ resource "aws_eks_addon" "eks" { # depends_on = [module.eks] #} -locals { - managed_policy_arns = concat([ - "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy", - "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy", - "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly", - ], var.eks_policy_arns) -} - module "eks" { source = "terraform-aws-modules/eks/aws" version = "~> 17.23" diff --git a/modules/app_eks/outputs.tf b/modules/app_eks/outputs.tf index 0bf3c8b6b..304b51db8 100644 --- a/modules/app_eks/outputs.tf +++ b/modules/app_eks/outputs.tf @@ -1,12 +1,19 @@ +output "autoscaling_group_names" { + value = { for name, value in module.eks.node_groups : name => lookup(lookup(lookup(value, "resources")[0], "autoscaling_groups")[0], "name") } +} output "cluster_id" { value = module.eks.cluster_id description = "ID of the created EKS cluster" } -output "autoscaling_group_names" { - value = { for name, value in module.eks.node_groups : name => lookup(lookup(lookup(value, "resources")[0], "autoscaling_groups")[0], "name") } +output "efs_id" { + value = aws_efs_file_system.storage_class.id } output "node_role" { value = aws_iam_role.node -} \ No newline at end of file +} + +output "primary_workers_security_group_id" { + value = aws_security_group.primary_workers.id +} diff --git a/modules/file_storage/outputs.tf b/modules/file_storage/outputs.tf index 3e6815e5b..9beae402f 100644 --- a/modules/file_storage/outputs.tf +++ b/modules/file_storage/outputs.tf @@ -20,4 +20,4 @@ output "bucket_queue_name" { output "bucket_queue_arn" { value = var.create_queue ? aws_sqs_queue.file_storage.0.arn : null -} \ No newline at end of file +} diff --git a/modules/networking/main.tf b/modules/networking/main.tf index 328f234b6..21382052d 100644 --- a/modules/networking/main.tf +++ b/modules/networking/main.tf @@ -30,10 +30,10 @@ module "vpc" { single_nat_gateway = false private_subnet_tags = { - "kubernetes.io/role/internal-elb" = "1" + "kubernetes.io/role/internal-elb" = "1" } public_subnet_tags = { - "kubernetes.io/role/elb" = "1" + "kubernetes.io/role/elb" = "1" } } diff --git a/outputs.tf b/outputs.tf index 5d9a20efb..43e880484 100644 --- a/outputs.tf +++ b/outputs.tf @@ -55,4 +55,3 @@ output "url" { value = local.url description = "The URL to the W&B application" } - diff --git a/variables.tf b/variables.tf index 8d2278d6c..12404d438 100644 --- a/variables.tf +++ b/variables.tf @@ -327,8 +327,13 @@ variable "elasticache_node_type" { # ########################################## # # Weights & Biases # # ########################################## -# variable "license" { -# type = string -# description = "Weights & Biases license key." -# } +variable "license" { + type = string + description = "Weights & Biases license key." +} +variable "other_wandb_env" { + type = map(any) + description = "Extra environment variables for W&B" + default = {} +} \ No newline at end of file From a9aab6705ab8e069f95e6984ec18025d1e26ddfa Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Mon, 8 Jan 2024 15:29:10 +0000 Subject: [PATCH 02/13] chore(release): version 4.0.0 [skip ci] MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## [4.0.0](https://github.com/wandb/terraform-aws-wandb/compare/v3.4.2...v4.0.0) (2024-01-08) ### ⚠ BREAKING CHANGES * Init operator (#154) ### Features * Init operator ([#154](https://github.com/wandb/terraform-aws-wandb/issues/154)) ([95def33](https://github.com/wandb/terraform-aws-wandb/commit/95def33db96c55a640fba4df5bdfbcc3a179d8ac)) --- CHANGELOG.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index e3d4f8d3f..2badd1b8f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,17 @@ All notable changes to this project will be documented in this file. +## [4.0.0](https://github.com/wandb/terraform-aws-wandb/compare/v3.4.2...v4.0.0) (2024-01-08) + + +### ⚠ BREAKING CHANGES + +* Init operator (#154) + +### Features + +* Init operator ([#154](https://github.com/wandb/terraform-aws-wandb/issues/154)) ([95def33](https://github.com/wandb/terraform-aws-wandb/commit/95def33db96c55a640fba4df5bdfbcc3a179d8ac)) + ### [3.4.2](https://github.com/wandb/terraform-aws-wandb/compare/v3.4.1...v3.4.2) (2023-12-07) From 5d24bda4fead8d79b3e06d488ecb824980a3d15b Mon Sep 17 00:00:00 2001 From: Justin Brooks Date: Tue, 9 Jan 2024 11:30:17 -0500 Subject: [PATCH 03/13] fix: Disable gorilla glue tasks (#161) --- main.tf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/main.tf b/main.tf index 6729136ae..3cd8819cc 100644 --- a/main.tf +++ b/main.tf @@ -239,6 +239,12 @@ module "wandb" { } } + app = { + extraEnv = { + "GORILLA_GLUE_LIST" = "true" + } + } + mysql = { install = false } redis = { install = false } From 5851b09e1cde7b49f9351d6df0b7ee9748acf056 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Tue, 9 Jan 2024 16:30:50 +0000 Subject: [PATCH 04/13] chore(release): version 4.0.1 [skip ci] ### [4.0.1](https://github.com/wandb/terraform-aws-wandb/compare/v4.0.0...v4.0.1) (2024-01-09) ### Bug Fixes * Disable gorilla glue tasks ([#161](https://github.com/wandb/terraform-aws-wandb/issues/161)) ([5d24bda](https://github.com/wandb/terraform-aws-wandb/commit/5d24bda4fead8d79b3e06d488ecb824980a3d15b)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2badd1b8f..029ea4e14 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +### [4.0.1](https://github.com/wandb/terraform-aws-wandb/compare/v4.0.0...v4.0.1) (2024-01-09) + + +### Bug Fixes + +* Disable gorilla glue tasks ([#161](https://github.com/wandb/terraform-aws-wandb/issues/161)) ([5d24bda](https://github.com/wandb/terraform-aws-wandb/commit/5d24bda4fead8d79b3e06d488ecb824980a3d15b)) + ## [4.0.0](https://github.com/wandb/terraform-aws-wandb/compare/v3.4.2...v4.0.0) (2024-01-08) From 1e47177a0017ef694e7667781111d9ce2d375f2b Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk <77289967+wandb-zacharyblasczyk@users.noreply.github.com> Date: Tue, 9 Jan 2024 15:46:46 -0600 Subject: [PATCH 05/13] fix: EFS index vs subnet for_each (#163) --- examples/public-dns-external/main.tf | 4 ++-- modules/app_eks/efs.tf | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/examples/public-dns-external/main.tf b/examples/public-dns-external/main.tf index a6b3b6c2b..e7965f1f0 100644 --- a/examples/public-dns-external/main.tf +++ b/examples/public-dns-external/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-west-2" + region = "us-west-2" default_tags { tags = { @@ -36,7 +36,7 @@ module "wandb_infra" { zone_id = var.zone_id subdomain = var.subdomain - # license = var.wandb_license + license = var.wandb_license bucket_name = var.bucket_name bucket_kms_key_arn = var.bucket_kms_key_arn diff --git a/modules/app_eks/efs.tf b/modules/app_eks/efs.tf index 1cfcbe47e..e8963a9e4 100644 --- a/modules/app_eks/efs.tf +++ b/modules/app_eks/efs.tf @@ -34,7 +34,8 @@ resource "aws_security_group_rule" "nfs_ingress" { } resource "aws_efs_mount_target" "storage_class" { - for_each = { for subnet in var.network_private_subnets : subnet => subnet } + for_each = { for index, subnet in var.network_private_subnets : index => subnet } + file_system_id = aws_efs_file_system.storage_class.id subnet_id = each.value security_groups = [aws_security_group.storage_class_nfs.id] From a5a7bf2357cc94e457302ec86777e45fbf346607 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Tue, 9 Jan 2024 21:47:12 +0000 Subject: [PATCH 06/13] chore(release): version 4.0.2 [skip ci] ### [4.0.2](https://github.com/wandb/terraform-aws-wandb/compare/v4.0.1...v4.0.2) (2024-01-09) ### Bug Fixes * EFS index vs subnet for_each ([#163](https://github.com/wandb/terraform-aws-wandb/issues/163)) ([1e47177](https://github.com/wandb/terraform-aws-wandb/commit/1e47177a0017ef694e7667781111d9ce2d375f2b)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 029ea4e14..c6664067e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +### [4.0.2](https://github.com/wandb/terraform-aws-wandb/compare/v4.0.1...v4.0.2) (2024-01-09) + + +### Bug Fixes + +* EFS index vs subnet for_each ([#163](https://github.com/wandb/terraform-aws-wandb/issues/163)) ([1e47177](https://github.com/wandb/terraform-aws-wandb/commit/1e47177a0017ef694e7667781111d9ce2d375f2b)) + ### [4.0.1](https://github.com/wandb/terraform-aws-wandb/compare/v4.0.0...v4.0.1) (2024-01-09) From 4ccf34ea217f7efdda1a98c295b7c2697b5e89d1 Mon Sep 17 00:00:00 2001 From: Justin Brooks Date: Tue, 9 Jan 2024 18:31:01 -0500 Subject: [PATCH 07/13] docs: Add migraiton section (#164) * Update README.md * docs: update readme.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md --- README.md | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/README.md b/README.md index 9b0df313e..e35a84f96 100644 --- a/README.md +++ b/README.md @@ -217,3 +217,28 @@ Upgrades must be executed in step-wise fashion from one version to the next. You | [url](#output\_url) | The URL to the W&B application | + +## Migrations + +#### Upgrading from 3.x -> 4.x + +- If egress access for retrieving the wandb/controller image is not available, Terraform apply may experience failures. +- It's necessary to supply a license variable within the module, as shown: + +```hcl +module "wandb" { + version = "4.x" + + # ... + license = "" + # ... +} +``` + +### Upgrading from 2.x -> 3.x + +- No changes required by you + +### Upgrading from 1.x -> 2.x + +- ~>4.0 version required for AWS Provider From ffa3778fe05da8681a828ce84f3f8291bb8fe5bd Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk <77289967+wandb-zacharyblasczyk@users.noreply.github.com> Date: Tue, 9 Jan 2024 21:00:14 -0600 Subject: [PATCH 08/13] feat: Adding flags to switch between LB (#159) * This PR will allow us to pass custom domain filters, allow external dns to control r53 records, deploy the operator phase2 --------- Co-authored-by: Justin Brooks --- main.tf | 22 +++++++++++--------- modules/app_eks/external_dns/external_dns.tf | 7 +++++++ variables.tf | 21 ++++++++++++++++++- 3 files changed, 39 insertions(+), 11 deletions(-) diff --git a/main.tf b/main.tf index 3cd8819cc..5c783f267 100644 --- a/main.tf +++ b/main.tf @@ -108,6 +108,7 @@ module "acm" { locals { acm_certificate_arn = local.create_certificate ? module.acm.acm_certificate_arn : var.acm_certificate_arn url = local.acm_certificate_arn == null ? "http://${local.fqdn}" : "https://${local.fqdn}" + domain_filter = var.custom_domain_filter == null || var.custom_domain_filter == "" ? local.fqdn : var.custom_domain_filter internal_app_port = 32543 } @@ -115,7 +116,7 @@ locals { module "app_eks" { source = "./modules/app_eks" - fqdn = local.fqdn + fqdn = local.domain_filter namespace = var.namespace kms_key_arn = local.kms_key_arn @@ -153,7 +154,7 @@ module "app_lb" { acm_certificate_arn = local.acm_certificate_arn zone_id = var.zone_id - fqdn = local.fqdn + fqdn = var.enable_dummy_dns ? "old.${local.fqdn}" : local.fqdn extra_fqdn = var.extra_fqdn allowed_inbound_cidr = var.allowed_inbound_cidr allowed_inbound_ipv6_cidr = var.allowed_inbound_ipv6_cidr @@ -228,18 +229,20 @@ module "wandb" { class = "alb" annotations = { - "alb.ingress.kubernetes.io/load-balancer-name" = "${var.namespace}-alb-k8s" - "alb.ingress.kubernetes.io/inbound-cidrs" = <<-EOF + "alb.ingress.kubernetes.io/load-balancer-name" = "${var.namespace}-alb-k8s" + "alb.ingress.kubernetes.io/inbound-cidrs" = <<-EOF ${join("\\,", var.allowed_inbound_cidr)} EOF - "alb.ingress.kubernetes.io/scheme" = "internet-facing" - "alb.ingress.kubernetes.io/target-type" = "ip" - "alb.ingress.kubernetes.io/listen-ports" = "[{\\\"HTTPS\\\": 443}]" - "alb.ingress.kubernetes.io/certificate-arn" = local.acm_certificate_arn + "external-dns.alpha.kubernetes.io/hostname" = var.enable_operator_alb ? local.fqdn : "" + "external-dns.alpha.kubernetes.io/ingress-hostname-source" = "annotation-only" + "alb.ingress.kubernetes.io/scheme" = "internet-facing" + "alb.ingress.kubernetes.io/target-type" = "ip" + "alb.ingress.kubernetes.io/listen-ports" = "[{\\\"HTTPS\\\": 443}]" + "alb.ingress.kubernetes.io/certificate-arn" = local.acm_certificate_arn } } - app = { + app = var.enable_operator_alb ? {} : { extraEnv = { "GORILLA_GLUE_LIST" = "true" } @@ -254,7 +257,6 @@ module "wandb" { efs = { fileSystemId = module.app_eks.efs_id } - } } } diff --git a/modules/app_eks/external_dns/external_dns.tf b/modules/app_eks/external_dns/external_dns.tf index f71aefd3e..00651b1ec 100644 --- a/modules/app_eks/external_dns/external_dns.tf +++ b/modules/app_eks/external_dns/external_dns.tf @@ -25,8 +25,15 @@ resource "helm_release" "external_dns" { value = var.fqdn } + set { + name = "policy" + value = "sync" + } + set { name = "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn" value = aws_iam_role.default.arn } + + } diff --git a/variables.tf b/variables.tf index 12404d438..16ebc42da 100644 --- a/variables.tf +++ b/variables.tf @@ -91,6 +91,12 @@ variable "external_dns" { description = "Using external DNS. A `subdomain` must also be specified if this value is true." } +variable "custom_domain_filter" { + description = "A custom domain filter to be used by external-dns instead of the default FQDN. If not set, the local FQDN is used." + type = string + default = null +} + # Sometimes domain name and zone name dont match, so lets explicitly ask for # both. Also is just life easier to have both even though in most cause it may # be redundant info. @@ -111,6 +117,19 @@ variable "subdomain" { description = "Subdomain for accessing the Weights & Biases UI. Default creates record at Route53 Route." } +variable "enable_dummy_dns" { + type = bool + default = false + description = "Boolean indicating whether or not to enable dummy DNS for the old alb" +} + + +variable "enable_operator_alb" { + type = bool + default = false + description = "Boolean indicating whether to use operatore ALB (true) or not (false)." +} + variable "extra_fqdn" { type = list(string) default = [] @@ -336,4 +355,4 @@ variable "other_wandb_env" { type = map(any) description = "Extra environment variables for W&B" default = {} -} \ No newline at end of file +} From 833eabd7b23f7a0766d95b658a095f065908deb6 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Wed, 10 Jan 2024 03:00:42 +0000 Subject: [PATCH 09/13] chore(release): version 4.1.0 [skip ci] ## [4.1.0](https://github.com/wandb/terraform-aws-wandb/compare/v4.0.2...v4.1.0) (2024-01-10) ### Features * Adding flags to switch between LB ([#159](https://github.com/wandb/terraform-aws-wandb/issues/159)) ([ffa3778](https://github.com/wandb/terraform-aws-wandb/commit/ffa3778fe05da8681a828ce84f3f8291bb8fe5bd)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c6664067e..deed0e675 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [4.1.0](https://github.com/wandb/terraform-aws-wandb/compare/v4.0.2...v4.1.0) (2024-01-10) + + +### Features + +* Adding flags to switch between LB ([#159](https://github.com/wandb/terraform-aws-wandb/issues/159)) ([ffa3778](https://github.com/wandb/terraform-aws-wandb/commit/ffa3778fe05da8681a828ce84f3f8291bb8fe5bd)) + ### [4.0.2](https://github.com/wandb/terraform-aws-wandb/compare/v4.0.1...v4.0.2) (2024-01-09) From f236b3b8c5f7d3fcece1a1d302276bde6bdd75d5 Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk <77289967+wandb-zacharyblasczyk@users.noreply.github.com> Date: Thu, 11 Jan 2024 16:08:33 -0600 Subject: [PATCH 10/13] fix: Update redis connection ttl (#165) * feat: update redis connection ttl --------- Co-authored-by: Yogesh Garg --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 5c783f267..180724847 100644 --- a/main.tf +++ b/main.tf @@ -221,7 +221,7 @@ module "wandb" { redis = { host = module.redis.0.host - port = "${module.redis.0.port}?tls=true" + port = "${module.redis.0.port}?tls=true&ttlInSeconds=604800" } } From 4b1193fd4caa4e68c050b074474771ee775a66dd Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Thu, 11 Jan 2024 22:08:56 +0000 Subject: [PATCH 11/13] chore(release): version 4.1.1 [skip ci] ### [4.1.1](https://github.com/wandb/terraform-aws-wandb/compare/v4.1.0...v4.1.1) (2024-01-11) ### Bug Fixes * Update redis connection ttl ([#165](https://github.com/wandb/terraform-aws-wandb/issues/165)) ([f236b3b](https://github.com/wandb/terraform-aws-wandb/commit/f236b3b8c5f7d3fcece1a1d302276bde6bdd75d5)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index deed0e675..31b8f75a4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +### [4.1.1](https://github.com/wandb/terraform-aws-wandb/compare/v4.1.0...v4.1.1) (2024-01-11) + + +### Bug Fixes + +* Update redis connection ttl ([#165](https://github.com/wandb/terraform-aws-wandb/issues/165)) ([f236b3b](https://github.com/wandb/terraform-aws-wandb/commit/f236b3b8c5f7d3fcece1a1d302276bde6bdd75d5)) + ## [4.1.0](https://github.com/wandb/terraform-aws-wandb/compare/v4.0.2...v4.1.0) (2024-01-10) From 85bd266f5f0ce003f2d4e69f796a41df0ff9fb9c Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk <77289967+wandb-zacharyblasczyk@users.noreply.github.com> Date: Tue, 16 Jan 2024 13:47:53 -0600 Subject: [PATCH 12/13] fix: Max LB name length (#166) * fix: Max LB name length --------- Co-authored-by: Justin Brooks --- main.tf | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 180724847..4e06ee65d 100644 --- a/main.tf +++ b/main.tf @@ -184,6 +184,11 @@ module "redis" { kms_key_arn = local.kms_key_arn } +locals { + max_lb_name_length = 32 - length("-alb-k8s") + lb_name_truncated = "${substr(var.namespace, 0, local.max_lb_name_length)}-alb-k8s" +} + module "wandb" { source = "wandb/wandb/helm" version = "1.2.0" @@ -229,7 +234,7 @@ module "wandb" { class = "alb" annotations = { - "alb.ingress.kubernetes.io/load-balancer-name" = "${var.namespace}-alb-k8s" + "alb.ingress.kubernetes.io/load-balancer-name" = local.lb_name_truncated "alb.ingress.kubernetes.io/inbound-cidrs" = <<-EOF ${join("\\,", var.allowed_inbound_cidr)} EOF From 3a7767fe7a56840ce68b01ff466f6aee13a81a0b Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Tue, 16 Jan 2024 19:48:20 +0000 Subject: [PATCH 13/13] chore(release): version 4.1.2 [skip ci] ### [4.1.2](https://github.com/wandb/terraform-aws-wandb/compare/v4.1.1...v4.1.2) (2024-01-16) ### Bug Fixes * Max LB name length ([#166](https://github.com/wandb/terraform-aws-wandb/issues/166)) ([85bd266](https://github.com/wandb/terraform-aws-wandb/commit/85bd266f5f0ce003f2d4e69f796a41df0ff9fb9c)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 31b8f75a4..6cb5f7460 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +### [4.1.2](https://github.com/wandb/terraform-aws-wandb/compare/v4.1.1...v4.1.2) (2024-01-16) + + +### Bug Fixes + +* Max LB name length ([#166](https://github.com/wandb/terraform-aws-wandb/issues/166)) ([85bd266](https://github.com/wandb/terraform-aws-wandb/commit/85bd266f5f0ce003f2d4e69f796a41df0ff9fb9c)) + ### [4.1.1](https://github.com/wandb/terraform-aws-wandb/compare/v4.1.0...v4.1.1) (2024-01-11)