Skip to content

Commit

Permalink
add eks add on for cloudwatch (#844)
Browse files Browse the repository at this point in the history
  • Loading branch information
@jhsinger-klotho
jhsinger-klotho authored Jan 8, 2024
1 parent 30b55c1 commit ada6fc6
Show file tree
Hide file tree
Showing 6 changed files with 196 additions and 132 deletions.
15 changes: 12 additions & 3 deletions pkg/engine2/testdata/k8s_api.dataflow-viz.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,13 @@ resources:
- aws:api_method:rest_api_4:rest_api_4_integration_0_method
- aws:api_resource:rest_api_4:api_resource-0
- aws:api_stage:rest_api_4:api_stage-0
- aws:eks_add_on:amazon-cloudwatch-observability
- aws:eks_node_group:eks_node_group-0
- aws:elastic_ip:subnet-0-route_table-nat_gateway-elastic_ip
- aws:elastic_ip:subnet-1-route_table-nat_gateway-elastic_ip
- aws:iam_oidc_provider:eks_cluster-0
- aws:iam_policy:iam_policy-0
- aws:iam_role:amazon-cloudwatch-observability-iam_role
- aws:iam_role:aws-load-balancer-controller
- aws:iam_role:eks_node_group-0-iam_role
- aws:iam_role:pod2
Expand Down Expand Up @@ -46,11 +48,13 @@ resources:
- aws:api_method:rest_api_4:rest_api_4_integration_0_method
- aws:api_resource:rest_api_4:api_resource-0
- aws:api_stage:rest_api_4:api_stage-0
- aws:eks_add_on:amazon-cloudwatch-observability
- aws:eks_node_group:eks_node_group-0
- aws:elastic_ip:subnet-0-route_table-nat_gateway-elastic_ip
- aws:elastic_ip:subnet-1-route_table-nat_gateway-elastic_ip
- aws:iam_oidc_provider:eks_cluster-0
- aws:iam_policy:iam_policy-0
- aws:iam_role:amazon-cloudwatch-observability-iam_role
- aws:iam_role:aws-load-balancer-controller
- aws:iam_role:eks_node_group-0-iam_role
- aws:iam_role:pod2
Expand Down Expand Up @@ -78,11 +82,13 @@ resources:
- aws:api_method:rest_api_4:rest_api_4_integration_0_method
- aws:api_resource:rest_api_4:api_resource-0
- aws:api_stage:rest_api_4:api_stage-0
- aws:eks_add_on:amazon-cloudwatch-observability
- aws:eks_node_group:eks_node_group-0
- aws:elastic_ip:subnet-0-route_table-nat_gateway-elastic_ip
- aws:elastic_ip:subnet-1-route_table-nat_gateway-elastic_ip
- aws:iam_oidc_provider:eks_cluster-0
- aws:iam_policy:iam_policy-0
- aws:iam_role:amazon-cloudwatch-observability-iam_role
- aws:iam_role:aws-load-balancer-controller
- aws:iam_role:eks_node_group-0-iam_role
- aws:iam_role:pod2
Expand Down Expand Up @@ -110,11 +116,13 @@ resources:
- aws:api_method:rest_api_4:rest_api_4_integration_0_method
- aws:api_resource:rest_api_4:api_resource-0
- aws:api_stage:rest_api_4:api_stage-0
- aws:eks_add_on:amazon-cloudwatch-observability
- aws:eks_node_group:eks_node_group-0
- aws:elastic_ip:subnet-0-route_table-nat_gateway-elastic_ip
- aws:elastic_ip:subnet-1-route_table-nat_gateway-elastic_ip
- aws:iam_oidc_provider:eks_cluster-0
- aws:iam_policy:iam_policy-0
- aws:iam_role:amazon-cloudwatch-observability-iam_role
- aws:iam_role:aws-load-balancer-controller
- aws:iam_role:eks_node_group-0-iam_role
- aws:iam_role:pod2
Expand Down Expand Up @@ -142,19 +150,18 @@ resources:

eks_cluster/eks_cluster-0:
children:
- aws:eks_add_on:amazon-cloudwatch-observability
- aws:eks_add_on:vpc-cni
- aws:eks_node_group:eks_node_group-0
- aws:iam_oidc_provider:eks_cluster-0
- aws:iam_policy:iam_policy-0
- aws:iam_role:ClusterRole-eks_cluster-0
- aws:iam_role:amazon-cloudwatch-observability-iam_role
- aws:iam_role:aws-load-balancer-controller
- aws:iam_role:eks_node_group-0-iam_role
- aws:iam_role:pod2
- aws:security_group:vpc-0:eks_cluster-0-security_group
- aws:target_group:rest-api-4-integbcc77100
- kubernetes:config_map:fluent-bit-cluster-info
- kubernetes:manifest:fluent-bit
- kubernetes:namespace:amazon-cloudwatch
- kubernetes:service:eks_cluster-0:restapi4integration0-pod2
- kubernetes:service_account:eks_cluster-0:aws-load-balancer-controller
- kubernetes:service_account:eks_cluster-0:pod2
Expand All @@ -167,11 +174,13 @@ resources:
- aws:api_method:rest_api_4:rest_api_4_integration_0_method
- aws:api_resource:rest_api_4:api_resource-0
- aws:api_stage:rest_api_4:api_stage-0
- aws:eks_add_on:amazon-cloudwatch-observability
- aws:eks_node_group:eks_node_group-0
- aws:elastic_ip:subnet-0-route_table-nat_gateway-elastic_ip
- aws:elastic_ip:subnet-1-route_table-nat_gateway-elastic_ip
- aws:iam_oidc_provider:eks_cluster-0
- aws:iam_policy:iam_policy-0
- aws:iam_role:amazon-cloudwatch-observability-iam_role
- aws:iam_role:aws-load-balancer-controller
- aws:iam_role:eks_node_group-0-iam_role
- aws:iam_role:pod2
Expand Down
62 changes: 22 additions & 40 deletions pkg/engine2/testdata/k8s_api.expect.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,10 @@ resources:
Deployment: aws:api_deployment:rest_api_4:api_deployment-0
RestApi: aws:rest_api:rest_api_4
StageName: stage
aws:eks_add_on:amazon-cloudwatch-observability:
AddOnName: amazon-cloudwatch-observability
Cluster: aws:eks_cluster:eks_cluster-0
Role: aws:iam_role:amazon-cloudwatch-observability-iam_role
aws:eks_add_on:vpc-cni:
AddOnName: vpc-cni
Cluster: aws:eks_cluster:eks_cluster-0
Expand Down Expand Up @@ -47,48 +51,28 @@ resources:
- --region
- aws:region:region-0#Name
command: aws
kubernetes:manifest:fluent-bit:
Cluster: aws:eks_cluster:eks_cluster-0
FilePath: https://raw.githubusercontent.com/aws-samples/amazon-cloudwatch-container-insights/latest/k8s-deployment-manifest-templates/deployment-mode/daemonset/container-insights-monitoring/fluent-bit/fluent-bit.yaml
aws:api_deployment:rest_api_4:api_deployment-0:
RestApi: aws:rest_api:rest_api_4
Triggers:
rest_api_4_integration_0: rest_api_4_integration_0
rest_api_4_integration_0_method: rest_api_4_integration_0_method
kubernetes:config_map:fluent-bit-cluster-info:
Cluster: aws:eks_cluster:eks_cluster-0
Object:
apiVersion: v1
data:
cluster:
name: aws:eks_cluster:eks_cluster-0#Name
http:
port: "2020"
server: "On"
logs:
region: aws:region:region-0#Name
read:
head: "Off"
tail: "On"
kind: ConfigMap
metadata:
labels:
k8s-app: fluent-bit
name: fluent-bit-cluster-info
namespace: kubernetes:namespace:amazon-cloudwatch
aws:iam_role:amazon-cloudwatch-observability-iam_role:
AssumeRolePolicyDoc:
Statement:
- Action:
- sts:AssumeRoleWithWebIdentity
Effect: Allow
Principal:
Federated:
- aws:iam_oidc_provider:eks_cluster-0#Arn
Version: "2012-10-17"
ManagedPolicies:
- arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy
- arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess
aws:rest_api:rest_api_4:
BinaryMediaTypes:
- application/octet-stream
- image/*
kubernetes:namespace:amazon-cloudwatch:
Cluster: aws:eks_cluster:eks_cluster-0
Object:
apiVersion: v1
kind: Namespace
metadata:
labels:
name: amazon-cloudwatch
name: amazon-cloudwatch
aws:api_resource:rest_api_4:api_resource-0:
FullPath: /{proxy+}
PathPart: '{proxy+}'
Expand Down Expand Up @@ -283,12 +267,12 @@ resources:
- ec2.amazonaws.com
Version: "2012-10-17"
ManagedPolicies:
- arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy
- arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore
- arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
- arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly
- arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
- arn:aws:iam::aws:policy/AWSCloudMapFullAccess
- arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy
- arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore
aws:iam_role:pod2:
AssumeRolePolicyDoc:
Statement:
Expand Down Expand Up @@ -587,22 +571,20 @@ resources:
edges:
aws:api_stage:rest_api_4:api_stage-0 -> aws:api_deployment:rest_api_4:api_deployment-0:
aws:api_stage:rest_api_4:api_stage-0 -> aws:rest_api:rest_api_4:
aws:eks_add_on:amazon-cloudwatch-observability -> aws:eks_cluster:eks_cluster-0:
aws:eks_add_on:amazon-cloudwatch-observability -> aws:iam_role:amazon-cloudwatch-observability-iam_role:
aws:eks_add_on:vpc-cni -> aws:eks_cluster:eks_cluster-0:
aws:security_group_rule:security_group_rule-0 -> aws:vpc:vpc-0:
kubernetes:helm_chart:eks_cluster-0:metricsserver -> aws:eks_cluster:eks_cluster-0:
kubernetes:helm_chart:eks_cluster-0:metricsserver -> aws:eks_node_group:eks_node_group-0:
kubernetes:kube_config:eks_cluster-0-kube_config -> aws:eks_cluster:eks_cluster-0:
kubernetes:manifest:fluent-bit -> aws:eks_cluster:eks_cluster-0:
kubernetes:manifest:fluent-bit -> kubernetes:config_map:fluent-bit-cluster-info:
aws:api_deployment:rest_api_4:api_deployment-0 -> aws:api_integration:rest_api_4:rest_api_4_integration_0:
aws:api_deployment:rest_api_4:api_deployment-0 -> aws:api_method:rest_api_4:rest_api_4_integration_0_method:
aws:api_deployment:rest_api_4:api_deployment-0 -> aws:rest_api:rest_api_4:
kubernetes:config_map:fluent-bit-cluster-info -> aws:eks_cluster:eks_cluster-0:
kubernetes:config_map:fluent-bit-cluster-info -> kubernetes:namespace:amazon-cloudwatch:
aws:iam_role:amazon-cloudwatch-observability-iam_role -> aws:iam_oidc_provider:eks_cluster-0:
aws:rest_api:rest_api_4 -> aws:api_integration:rest_api_4:rest_api_4_integration_0:
aws:rest_api:rest_api_4 -> aws:api_method:rest_api_4:rest_api_4_integration_0_method:
aws:rest_api:rest_api_4 -> aws:api_resource:rest_api_4:api_resource-0:
kubernetes:namespace:amazon-cloudwatch -> aws:eks_cluster:eks_cluster-0:
aws:api_resource:rest_api_4:api_resource-0 -> aws:api_integration:rest_api_4:rest_api_4_integration_0:
aws:api_resource:rest_api_4:api_resource-0 -> aws:api_method:rest_api_4:rest_api_4_integration_0_method:
aws:api_method:rest_api_4:rest_api_4_integration_0_method -> aws:api_integration:rest_api_4:rest_api_4_integration_0:
Expand Down
18 changes: 7 additions & 11 deletions pkg/engine2/testdata/k8s_api.iac-viz.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,9 +97,6 @@ resources:
kubernetes:pod:eks_cluster-0/pod2 -> eks_cluster/eks_cluster-0:
kubernetes:pod:eks_cluster-0/pod2 -> eks_node_group/eks_node_group-0:
kubernetes:pod:eks_cluster-0/pod2 -> kubernetes:service_account:eks_cluster-0/pod2:
kubernetes:namespace/amazon-cloudwatch:

kubernetes:namespace/amazon-cloudwatch -> eks_cluster/eks_cluster-0:
aws:internet_gateway:vpc-0/internet_gateway-0:

aws:internet_gateway:vpc-0/internet_gateway-0 -> vpc/vpc-0:
Expand Down Expand Up @@ -130,10 +127,6 @@ resources:

kubernetes:service:eks_cluster-0/restapi4integration0-pod2 -> eks_cluster/eks_cluster-0:
kubernetes:service:eks_cluster-0/restapi4integration0-pod2 -> kubernetes:pod:eks_cluster-0/pod2:
kubernetes:config_map/fluent-bit-cluster-info:

kubernetes:config_map/fluent-bit-cluster-info -> eks_cluster/eks_cluster-0:
kubernetes:config_map/fluent-bit-cluster-info -> kubernetes:namespace/amazon-cloudwatch:
aws:route_table:vpc-0/subnet-3-route_table:

aws:route_table:vpc-0/subnet-3-route_table -> aws:internet_gateway:vpc-0/internet_gateway-0:
Expand All @@ -152,6 +145,9 @@ resources:
aws:route_table:vpc-0/subnet-0-route_table -> vpc/vpc-0:
iam_policy/iam_policy-0:

iam_role/amazon-cloudwatch-observability-iam_role:

iam_role/amazon-cloudwatch-observability-iam_role -> iam_oidc_provider/eks_cluster-0:
aws:api_deployment:rest_api_4/api_deployment-0:

aws:api_deployment:rest_api_4/api_deployment-0 -> aws:api_integration:rest_api_4/rest_api_4_integration_0:
Expand All @@ -163,10 +159,6 @@ resources:
kubernetes:target_group_binding:eks_cluster-0/restapi4integration0-pod2 -> target_group/rest-api-4-integbcc77100:
kubernetes:target_group_binding:eks_cluster-0/restapi4integration0-pod2 -> kubernetes:helm_chart:eks_cluster-0/aws-load-balancer-controller:
kubernetes:target_group_binding:eks_cluster-0/restapi4integration0-pod2 -> kubernetes:service:eks_cluster-0/restapi4integration0-pod2:
kubernetes:manifest/fluent-bit:

kubernetes:manifest/fluent-bit -> eks_cluster/eks_cluster-0:
kubernetes:manifest/fluent-bit -> kubernetes:config_map/fluent-bit-cluster-info:
kubernetes:kube_config/eks_cluster-0-kube_config:

kubernetes:kube_config/eks_cluster-0-kube_config -> eks_cluster/eks_cluster-0:
Expand Down Expand Up @@ -205,6 +197,10 @@ resources:
eks_add_on/vpc-cni:

eks_add_on/vpc-cni -> eks_cluster/eks_cluster-0:
eks_add_on/amazon-cloudwatch-observability:

eks_add_on/amazon-cloudwatch-observability -> eks_cluster/eks_cluster-0:
eks_add_on/amazon-cloudwatch-observability -> iam_role/amazon-cloudwatch-observability-iam_role:
aws:api_stage:rest_api_4/api_stage-0:

aws:api_stage:rest_api_4/api_stage-0 -> aws:api_deployment:rest_api_4/api_deployment-0:
Expand Down
54 changes: 40 additions & 14 deletions pkg/knowledge_base2/properties/list_property.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -189,12 +189,12 @@ func (l *ListProperty) Validate(resource *construct.Resource, value any, ctx kno
return fmt.Errorf("list value %v is too long. max length is %d", value, *l.MaxLength)
}
}
// Only validate values if its a primitive list, otherwise let the sub properties handle their own validation
if l.ItemProperty != nil {
var errs error
hasSanitized := false
validList := make([]any, len(listVal))
for i, v := range listVal {

validList := make([]any, len(listVal))
var errs error
hasSanitized := false
for i, v := range listVal {
if l.ItemProperty != nil {
err := l.ItemProperty.Validate(resource, v, ctx)
if err != nil {
var sanitizeErr *knowledgebase.SanitizeError
Expand All @@ -207,17 +207,43 @@ func (l *ListProperty) Validate(resource *construct.Resource, value any, ctx kno
} else {
validList[i] = v
}
}
if errs != nil {
return errs
}
if hasSanitized {
return &knowledgebase.SanitizeError{
Input: listVal,
Sanitized: validList,
} else {
vmap, ok := v.(map[string]any)
if !ok {
return fmt.Errorf("invalid value for list index %d in sub properties validation: expected map[string]any got %T", i, v)
}
validIndex := make(map[string]any)
for _, prop := range l.SubProperties() {
val, ok := vmap[prop.Details().Name]
if !ok {
continue
}
err := prop.Validate(resource, val, ctx)
if err != nil {
var sanitizeErr *knowledgebase.SanitizeError
if errors.As(err, &sanitizeErr) {
validIndex[prop.Details().Name] = sanitizeErr.Sanitized
hasSanitized = true
} else {
errs = errors.Join(errs, err)
}
} else {
validIndex[prop.Details().Name] = val
}
}
validList[i] = validIndex
}
}
if errs != nil {
return errs
}
if hasSanitized {
return &knowledgebase.SanitizeError{
Input: listVal,
Sanitized: validList,
}
}

return nil
}

Expand Down
Loading

0 comments on commit ada6fc6

Please sign in to comment.