Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ApplicationTeam: Deployment does not create namespace for ApplicationTeam #675

Closed
vahiwe opened this issue May 8, 2023 · 9 comments
Closed

ApplicationTeam: Deployment does not create namespace for ApplicationTeam #675

vahiwe opened this issue May 8, 2023 · 9 comments
Labels
bug Something isn't working

Comments

@vahiwe
Copy link

vahiwe commented May 8, 2023

Describe the bug

When a new cluster is provisioned using the example codebase, the ApplicationTeam resources are not created.

Expected Behavior

On creation the ApplicationTeam should do the following:

  • Create a namespace
  • Register quotas
  • Register IAM users for cross-account access
  • Create a shared role for cluster access. Alternatively, an existing role can be supplied.
  • Register provided users/role in the awsAuth map for kubectl and console access to the cluster and namespace.
  • (Optionally) read all additional manifests (e.g., network policies, OPA policies, others) stored in a provided directory, and applies them.

Current Behavior

No changes are detected on cdk deploy.

Reproduction Steps

https://aws-quickstart.github.io/cdk-eks-blueprints/getting-started/

https://aws-quickstart.github.io/cdk-eks-blueprints/teams/teams/

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.77.0

EKS Blueprints Version

1.7.2

Node.js Version

18.12.1

Environment details (OS name and version, etc.)

Mac OS

Other information

No response
@vahiwe vahiwe added the bug Something isn't working label May 8, 2023
@shapirov103
Copy link
Collaborator

shapirov103 commented May 8, 2023
edited
Loading

@vahiwe I am taking a look now, however, just making sure you saw this note if you modified any of the existing patterns: https://github.com/aws-samples/cdk-eks-blueprints-patterns#developer-flow

Wanted to make sure you ran make compile before you attempted to deploy the modified pattern. There are too many patterns atm, hence compiling ahead speeds up commands like cdk list or cdk deploy. We will look to refactor the repo to make it more usable given the number of stacks.

@vahiwe
Copy link
Author

vahiwe commented May 8, 2023

Okay, Thanks @shapirov103

This is what my starter code looks like currently for context

class TeamAwesome extends ApplicationTeam {
    constructor(app: App) {
        super({
            name: "team-awesome",
            users: [
                new ArnPrincipal(`arn:aws:iam::${account}:user/xxxxxx`),
            ],
            namespaceLabels: {
                appName: "example",
            },
            namespaceHardLimits: {
                "requests.cpu"   : "1000m",
                "requests.memory" : "4Gi",
                "limits.cpu"      : "2000m",
                "limits.memory"   : "8Gi",
            }
        });
    }
}

class TeamCool extends PlatformTeam {
    constructor(app: App) {
        super({
            name: "team-cool",
            users: [
                new ArnPrincipal(`arn:aws:iam::${account}:user/xxxxx`)
            ]
        });
    }
}


const teams: Array<blueprints.Team> = [
    new TeamAwesome(app),
    new TeamCool(app),
];

blueprints.EksBlueprint.builder()
    .account(account)
    .region(region)
    .addOns(...addOns)
    .teams(...teams)
    .build(app, 'eks-blueprint');

My intention is to use the cdk blueprint to create teams and manage access to the cluster as described in the docs. I believe I am not modifying any of the existing patterns. Simply extending them.

@shapirov103
Copy link
Collaborator

@vahiwe that looks very much as designed, so no issue there. However, if add any new code, or extend (the way you did), compile should be run ahead of deploy.
BTW, after running make compile and then deploy, are you still not getting the team related resources?

@vahiwe
Copy link
Author

vahiwe commented May 8, 2023

Hello @shapirov103, I'm still not getting the team related resources even after running make compile. I copied the Makefile over to my project and ran it.

@keithharvey
Copy link

keithharvey commented Jun 7, 2023
edited
Loading

I'm seeing the same exact behavior in 1.8.1. I see 0 effect from modifying that teams call with various configurations, even after make compile

@shapirov103
Copy link
Collaborator

shapirov103 commented Jun 8, 2023
edited
Loading

@keithharvey we are trying to reproduce this issue, unfortunately unsuccessfully.

  1. Do you also see the reported behavior when no namespaces were created?
  2. If yes, can you check in the target cloudformation stack (in AWS Console, under Cloud Formation/Stacks in the target region) and verify that the resource that corresponds to the team namespace was created (or report the status)?
  3. When you say "no changes", what specifically do you modify? Labels? Quotas?

@keithharvey
Copy link

keithharvey commented Jun 26, 2023
edited
Loading

  1. Yes
  2. I've switched to a different technique but have this branched and can check soon
  3. I mean the cdk registers 0 changes as taking place after a deploy. The aws-auth configmap does not update

@shapirov103
Copy link
Collaborator

@keithharvey is your blueprint somewhere on GitHub that you can share with us? 0 changes detected implies, that you already ran the stack with that name.

  1. Do you have other blueprints with the same name in your cdk.App?
  2. Are you creating the blueprint with no teams, run it, then add the teams?

The test example that we used is here:

$ node -v
v18.16.1

$ npm -v
9.7.2

$ cdk --version
2.83.1 (build 006b542)

code:

#!/usr/bin/env node
import 'source-map-support/register';
import * as blueprints from "@aws-quickstart/eks-blueprints";
import * as cdk from "aws-cdk-lib";
import * as iam from "aws-cdk-lib/aws-iam";

const app =  new cdk.App();

const account = process.env.CDK_DEFAULT_ACCOUNT;

class TeamAwesome extends blueprints.ApplicationTeam {
    constructor(app: cdk.App) {
        super({
            name: "team-awesome",
            users: [
                new iam.ArnPrincipal(`arn:aws:iam::${account}:user/xxxxxx`),
            ],
            namespaceLabels: {
                appName: "example",
            },
            namespaceHardLimits: {
                "requests.cpu"   : "1000m",
                "requests.memory" : "4Gi",
                "limits.cpu"      : "2000m",
                "limits.memory"   : "8Gi",
            }
        });
    }
}

class TeamCool extends blueprints.PlatformTeam {
    constructor(app: cdk.App) {
        super({
            name: "team-cool",
            users: [
                new iam.ArnPrincipal(`arn:aws:iam::${account}:user/xxxxx`)
            ]
        });
    }
}


const teams: Array<blueprints.Team> = [
    new TeamAwesome(app),
    new TeamCool(app),
];


blueprints.EksBlueprint.builder()
    .account(account)
    .region("us-east-1")
    .addOns(new blueprints.AwsLoadBalancerControllerAddOn)
    .teams(...teams)
    .build(app, 'eks-blueprint-with-teams');

@elamaran11
Copy link
Collaborator

@vahiwe Closing this issue as there is movement for 4 months and we have not heardback. Please reach back if you still face the issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@keithharvey @vahiwe @elamaran11 @shapirov103