diff --git a/.github/ISSUE_TEMPLATE/bug-report.yaml b/.github/ISSUE_TEMPLATE/bug-report.yaml index 4ffe62ffc..342d2844f 100644 --- a/.github/ISSUE_TEMPLATE/bug-report.yaml +++ b/.github/ISSUE_TEMPLATE/bug-report.yaml @@ -13,7 +13,7 @@ body: - Workshop Studio validations: required: true - + - type: textarea id: problem attributes: diff --git a/.github/ISSUE_TEMPLATE/lab-proposal.yaml b/.github/ISSUE_TEMPLATE/lab-proposal.yaml index 5e818bd09..fbe890951 100644 --- a/.github/ISSUE_TEMPLATE/lab-proposal.yaml +++ b/.github/ISSUE_TEMPLATE/lab-proposal.yaml @@ -8,28 +8,28 @@ body: label: Outline the high level topic of the lab validations: required: true - + - type: textarea id: rationale attributes: label: Provide the flow of the lab exercise, including what sample application components will be used validations: required: true - + - type: textarea id: infrastructure attributes: label: What additional AWS infrastructure or EKS addons/components will need to be created or installed to support this lab? validations: required: true - + - type: textarea id: cloud9 attributes: label: What additional software or configuration will be required in the Cloud9 IDE? validations: required: true - + - type: textarea id: sample-enhancements attributes: diff --git a/.github/dependabot.yml b/.github/dependabot.yml index fe720ad9f..671bc441e 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,34 +1,34 @@ version: 2 updates: - - package-ecosystem: "terraform" - directory: "/terraform/modules/cluster" + - package-ecosystem: "terraform" + directory: "/terraform/modules/cluster" schedule: interval: "weekly" ignore: # EKS blueprints upgrades will be handled separately - - dependency-name: '*terraform-aws-eks-blueprints*' - - package-ecosystem: "terraform" - directory: "/terraform/modules/ide" + - dependency-name: "*terraform-aws-eks-blueprints*" + - package-ecosystem: "terraform" + directory: "/terraform/modules/ide" schedule: interval: "weekly" ignore: # EKS blueprints upgrades will be handled separately - - dependency-name: '*terraform-aws-eks-blueprints*' - - package-ecosystem: "terraform" - directory: "/terraform/modules/addons/descheduler" + - dependency-name: "*terraform-aws-eks-blueprints*" + - package-ecosystem: "terraform" + directory: "/terraform/modules/addons/descheduler" schedule: interval: "weekly" ignore: # EKS blueprints upgrades will be handled separately - - dependency-name: '*terraform-aws-eks-blueprints*' + - dependency-name: "*terraform-aws-eks-blueprints*" - package-ecosystem: npm directory: "/website" schedule: interval: monthly ignore: # Let backstage-cli do these version bumps - - dependency-name: '@docusaurus*' + - dependency-name: "@docusaurus*" - package-ecosystem: npm directory: "/test/util" schedule: diff --git a/.github/labeler.yml b/.github/labeler.yml index b1251fafa..b4d975122 100644 --- a/.github/labeler.yml +++ b/.github/labeler.yml @@ -1,27 +1,27 @@ content/introduction: -- environment/modules/introduction/**/* -- website/docs/introduction/**/* + - environment/modules/introduction/**/* + - website/docs/introduction/**/* content/fundamentals: -- environment/modules/fundamentals/**/* -- website/docs/fundamentals/**/* + - environment/modules/fundamentals/**/* + - website/docs/fundamentals/**/* content/autoscaling: -- environment/modules/autoscaling/**/* -- website/docs/autoscaling/**/* + - environment/modules/autoscaling/**/* + - website/docs/autoscaling/**/* content/security: -- environment/modules/security/**/* -- website/docs/security/**/* + - environment/modules/security/**/* + - website/docs/security/**/* content/networking: -- environment/modules/networking/**/* -- website/docs/networking/**/* + - environment/modules/networking/**/* + - website/docs/networking/**/* content/observability: -- environment/modules/observability/**/* -- website/docs/observability/**/* + - environment/modules/observability/**/* + - website/docs/observability/**/* content/cost-optimization: -- environment/modules/costoptimization/**/* -- website/docs/costoptimization/**/* + - environment/modules/costoptimization/**/* + - website/docs/costoptimization/**/* diff --git a/.github/workflows/e2e-dispatch.yaml b/.github/workflows/e2e-dispatch.yaml index 899ec0664..65df55f92 100644 --- a/.github/workflows/e2e-dispatch.yaml +++ b/.github/workflows/e2e-dispatch.yaml @@ -4,20 +4,20 @@ on: workflow_dispatch: inputs: module: - description: 'Top level module to test' + description: "Top level module to test" required: true - default: 'fundamentals' + default: "fundamentals" type: choice options: - - fundamentals/managed-node-groups - - fundamentals/fargate - - fundamentals/exposing - - fundamentals/storage - - security - - networking - - autoscaling - - observability - - automation + - fundamentals/managed-node-groups + - fundamentals/fargate + - fundamentals/exposing + - fundamentals/storage + - security + - networking + - autoscaling + - observability + - automation permissions: id-token: write @@ -28,100 +28,100 @@ jobs: name: run-tests runs-on: ubuntu-latest steps: - - name: Check out code - uses: actions/checkout@v2 - - name: Install utilities - run: | - sudo apt install -y gettext + - name: Check out code + uses: actions/checkout@v2 + - name: Install utilities + run: | + sudo apt install -y gettext - mkdir -p ${HOME}/.local/bin - wget https://github.com/jckuester/awsweeper/releases/download/v0.12.0/awsweeper_0.12.0_linux_amd64.tar.gz - tar zxf awsweeper_0.12.0_linux_amd64.tar.gz - mv awsweeper_0.12.0_linux_amd64/awsweeper ${HOME}/.local/bin + mkdir -p ${HOME}/.local/bin + wget https://github.com/jckuester/awsweeper/releases/download/v0.12.0/awsweeper_0.12.0_linux_amd64.tar.gz + tar zxf awsweeper_0.12.0_linux_amd64.tar.gz + mv awsweeper_0.12.0_linux_amd64/awsweeper ${HOME}/.local/bin - wget https://github.com/eksctl-io/eksctl/releases/download/v0.150.0/eksctl_Linux_amd64.tar.gz - tar zxf eksctl_Linux_amd64.tar.gz - mv eksctl ${HOME}/.local/bin + wget https://github.com/eksctl-io/eksctl/releases/download/v0.150.0/eksctl_Linux_amd64.tar.gz + tar zxf eksctl_Linux_amd64.tar.gz + mv eksctl ${HOME}/.local/bin - chmod +x ${HOME}/.local/bin/* + chmod +x ${HOME}/.local/bin/* - echo "${HOME}/.local/bin" >> $GITHUB_PATH - - name: Get AWS credentials - uses: aws-actions/configure-aws-credentials@v1.6.1 - with: - role-to-assume: ${{ secrets.AWS_ROLE_ARN }} - role-duration-seconds: 3600 - aws-region: ${{ secrets.AWS_REGION }} - role-session-name: GithubActionsSession - - name: Set cluster ID - env: - RUN_ID: "${{ github.run_id }}" - AWS_REGION: "${{ secrets.AWS_REGION }}" - run: | - CLUSTER_ID="ci-${RUN_ID}" - echo "CLUSTER_ID=$CLUSTER_ID" >> $GITHUB_ENV - - name: Create infrastructure - id: create-infrastructure - env: - AWS_REGION: "${{ secrets.AWS_REGION }}" - run: | - make create-infrastructure environment="$CLUSTER_ID" - - name: Refresh AWS credentials - if: always() - uses: aws-actions/configure-aws-credentials@v1.6.1 - with: - role-to-assume: ${{ secrets.AWS_ROLE_ARN }} - role-duration-seconds: 3600 - aws-region: ${{ secrets.AWS_REGION }} - role-session-name: GithubActionsSession - - name: Run tests - Module - env: - DOCKER_BUILDKIT: 1 - DEV_MODE: 1 - MODULE: ${{ inputs.module }} - AWS_REGION: "${{ secrets.AWS_REGION }}" - ASSUME_ROLE: "${{ secrets.AWS_ROLE_ARN }}" - run: | - export AWS_DEFAULT_REGION="$AWS_REGION" - make test environment="$CLUSTER_ID" module="$MODULE" - - name: Refresh AWS credentials - if: always() - uses: aws-actions/configure-aws-credentials@v1.6.1 - with: - role-to-assume: ${{ secrets.AWS_ROLE_ARN }} - role-duration-seconds: 3600 - aws-region: ${{ secrets.AWS_REGION }} - role-session-name: GithubActionsSession - - name: Run tests - Cleanup - if: always() - env: - DOCKER_BUILDKIT: 1 - DEV_MODE: 1 - AWS_REGION: "${{ secrets.AWS_REGION }}" - ASSUME_ROLE: "${{ secrets.AWS_ROLE_ARN }}" - run: | - export AWS_DEFAULT_REGION="$AWS_REGION" - make test environment="$CLUSTER_ID" module="cleanup" - - name: Refresh AWS credentials - if: always() - uses: aws-actions/configure-aws-credentials@v1.6.1 - with: - role-to-assume: ${{ secrets.AWS_ROLE_ARN }} - role-duration-seconds: 3600 - aws-region: ${{ secrets.AWS_REGION }} - role-session-name: GithubActionsSession - - name: Cleanup environment - if: always() - env: - AWS_REGION: "${{ secrets.AWS_REGION }}" - run: | - export CLEANUP_ENVIRONMENT_NAME="$CLUSTER_ID" - export AWS_DEFAULT_REGION="$AWS_REGION" - - envsubst < hack/lib/filter.yml > filter.yml + echo "${HOME}/.local/bin" >> $GITHUB_PATH + - name: Get AWS credentials + uses: aws-actions/configure-aws-credentials@v1.6.1 + with: + role-to-assume: ${{ secrets.AWS_ROLE_ARN }} + role-duration-seconds: 3600 + aws-region: ${{ secrets.AWS_REGION }} + role-session-name: GithubActionsSession + - name: Set cluster ID + env: + RUN_ID: "${{ github.run_id }}" + AWS_REGION: "${{ secrets.AWS_REGION }}" + run: | + CLUSTER_ID="ci-${RUN_ID}" + echo "CLUSTER_ID=$CLUSTER_ID" >> $GITHUB_ENV + - name: Create infrastructure + id: create-infrastructure + env: + AWS_REGION: "${{ secrets.AWS_REGION }}" + run: | + make create-infrastructure environment="$CLUSTER_ID" + - name: Refresh AWS credentials + if: always() + uses: aws-actions/configure-aws-credentials@v1.6.1 + with: + role-to-assume: ${{ secrets.AWS_ROLE_ARN }} + role-duration-seconds: 3600 + aws-region: ${{ secrets.AWS_REGION }} + role-session-name: GithubActionsSession + - name: Run tests - Module + env: + DOCKER_BUILDKIT: 1 + DEV_MODE: 1 + MODULE: ${{ inputs.module }} + AWS_REGION: "${{ secrets.AWS_REGION }}" + ASSUME_ROLE: "${{ secrets.AWS_ROLE_ARN }}" + run: | + export AWS_DEFAULT_REGION="$AWS_REGION" + make test environment="$CLUSTER_ID" module="$MODULE" + - name: Refresh AWS credentials + if: always() + uses: aws-actions/configure-aws-credentials@v1.6.1 + with: + role-to-assume: ${{ secrets.AWS_ROLE_ARN }} + role-duration-seconds: 3600 + aws-region: ${{ secrets.AWS_REGION }} + role-session-name: GithubActionsSession + - name: Run tests - Cleanup + if: always() + env: + DOCKER_BUILDKIT: 1 + DEV_MODE: 1 + AWS_REGION: "${{ secrets.AWS_REGION }}" + ASSUME_ROLE: "${{ secrets.AWS_ROLE_ARN }}" + run: | + export AWS_DEFAULT_REGION="$AWS_REGION" + make test environment="$CLUSTER_ID" module="cleanup" + - name: Refresh AWS credentials + if: always() + uses: aws-actions/configure-aws-credentials@v1.6.1 + with: + role-to-assume: ${{ secrets.AWS_ROLE_ARN }} + role-duration-seconds: 3600 + aws-region: ${{ secrets.AWS_REGION }} + role-session-name: GithubActionsSession + - name: Cleanup environment + if: always() + env: + AWS_REGION: "${{ secrets.AWS_REGION }}" + run: | + export CLEANUP_ENVIRONMENT_NAME="$CLUSTER_ID" + export AWS_DEFAULT_REGION="$AWS_REGION" - cat filter.yml + envsubst < hack/lib/filter.yml > filter.yml - awsweeper --force filter.yml + cat filter.yml - make destroy-infrastructure environment="$CLUSTER_ID" + awsweeper --force filter.yml + + make destroy-infrastructure environment="$CLUSTER_ID" diff --git a/.github/workflows/markdownlint.yaml b/.github/workflows/markdownlint.yaml deleted file mode 100644 index 50a6770fa..000000000 --- a/.github/workflows/markdownlint.yaml +++ /dev/null @@ -1,30 +0,0 @@ -name: Markdownlint - -on: - workflow_dispatch: - pull_request: - branches: - - main - paths: - - website/** - -permissions: - contents: read - pull-requests: write - -jobs: - markdownlint-cli: - name: markdownlint-cli - runs-on: ubuntu-latest - steps: - - name: Check out code - uses: actions/checkout@v2 - with: - submodules: recursive - - name: markdownlint-github-pr-review - uses: reviewdog/action-markdownlint@v0 - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - filter_mode: nofilter - reporter: github-check - markdownlint_flags: website/docs/**/*.md diff --git a/.github/workflows/module-test.yaml b/.github/workflows/module-test.yaml index a981d249d..f6efb70c1 100644 --- a/.github/workflows/module-test.yaml +++ b/.github/workflows/module-test.yaml @@ -5,10 +5,10 @@ on: inputs: module: type: string - default: '-' + default: "-" glob: type: string - default: '-' + default: "-" permissions: id-token: write @@ -20,102 +20,102 @@ jobs: name: run-tests runs-on: ubuntu-latest steps: - - name: Check out code - uses: actions/checkout@v2 - - name: Install utilities - run: | - sudo apt install -y gettext + - name: Check out code + uses: actions/checkout@v2 + - name: Install utilities + run: | + sudo apt install -y gettext - mkdir -p ${HOME}/.local/bin - wget -q https://github.com/jckuester/awsweeper/releases/download/v0.12.0/awsweeper_0.12.0_linux_amd64.tar.gz - tar zxf awsweeper_0.12.0_linux_amd64.tar.gz - mv awsweeper_0.12.0_linux_amd64/awsweeper ${HOME}/.local/bin + mkdir -p ${HOME}/.local/bin + wget -q https://github.com/jckuester/awsweeper/releases/download/v0.12.0/awsweeper_0.12.0_linux_amd64.tar.gz + tar zxf awsweeper_0.12.0_linux_amd64.tar.gz + mv awsweeper_0.12.0_linux_amd64/awsweeper ${HOME}/.local/bin - wget -q https://github.com/eksctl-io/eksctl/releases/download/v0.169.0/eksctl_Linux_amd64.tar.gz - tar zxf eksctl_Linux_amd64.tar.gz - mv eksctl ${HOME}/.local/bin + wget -q https://github.com/eksctl-io/eksctl/releases/download/v0.169.0/eksctl_Linux_amd64.tar.gz + tar zxf eksctl_Linux_amd64.tar.gz + mv eksctl ${HOME}/.local/bin - chmod +x ${HOME}/.local/bin/* + chmod +x ${HOME}/.local/bin/* - echo "${HOME}/.local/bin" >> $GITHUB_PATH - - name: Set cluster ID - env: - RUN_ID: "${{ github.job }}" - AWS_REGION: "${{ secrets.AWS_REGION }}" - run: | - CLUSTER_ID=$(echo $RANDOM | md5sum | head -c 8) - echo "Using cluster ID ${CLUSTER_ID}" - echo "CLUSTER_ID=$CLUSTER_ID" >> $GITHUB_ENV - - name: Get AWS credentials - uses: aws-actions/configure-aws-credentials@v1.6.1 - with: - role-to-assume: ${{ secrets.AWS_ROLE_ARN }} - role-duration-seconds: 3600 - aws-region: ${{ secrets.AWS_REGION }} - role-session-name: GithubActionsSession-${{ env.CLUSTER_ID }} - - name: Create infrastructure - id: create-infrastructure - env: - AWS_REGION: "${{ secrets.AWS_REGION }}" - run: | - make create-infrastructure environment="$CLUSTER_ID" - - name: Refresh AWS credentials - if: always() - uses: aws-actions/configure-aws-credentials@v1.6.1 - with: - role-to-assume: ${{ secrets.AWS_ROLE_ARN }} - role-duration-seconds: 3600 - aws-region: ${{ secrets.AWS_REGION }} - role-session-name: GithubActionsSession-${{ env.CLUSTER_ID }} - - name: Run tests - Module - env: - DOCKER_BUILDKIT: 1 - DEV_MODE: 1 - MODULE: ${{ inputs.module }} - GLOB: ${{ inputs.glob }} - AWS_REGION: "${{ secrets.AWS_REGION }}" - ASSUME_ROLE: "${{ secrets.AWS_ROLE_ARN }}" - run: | - export AWS_DEFAULT_REGION="$AWS_REGION" - make test environment="$CLUSTER_ID" module="$MODULE" glob="$GLOB" - - name: Refresh AWS credentials - if: always() - uses: aws-actions/configure-aws-credentials@v1.6.1 - with: - role-to-assume: ${{ secrets.AWS_ROLE_ARN }} - role-duration-seconds: 3600 - aws-region: ${{ secrets.AWS_REGION }} - role-session-name: GithubActionsSession-${{ env.CLUSTER_ID }} - - name: Run tests - Cleanup - if: always() - env: - DOCKER_BUILDKIT: 1 - DEV_MODE: 1 - AWS_REGION: "${{ secrets.AWS_REGION }}" - ASSUME_ROLE: "${{ secrets.AWS_ROLE_ARN }}" - run: | - export AWS_DEFAULT_REGION="$AWS_REGION" - make test environment="$CLUSTER_ID" module="cleanup" - - name: Refresh AWS credentials - if: always() - uses: aws-actions/configure-aws-credentials@v1.6.1 - with: - role-to-assume: ${{ secrets.AWS_ROLE_ARN }} - role-duration-seconds: 3600 - aws-region: ${{ secrets.AWS_REGION }} - role-session-name: GithubActionsSession-${{ env.CLUSTER_ID }} - - name: Cleanup environment - if: always() - env: - AWS_REGION: "${{ secrets.AWS_REGION }}" - run: | - export CLEANUP_ENVIRONMENT_NAME="eks-workshop-$CLUSTER_ID" - export AWS_DEFAULT_REGION="$AWS_REGION" - - envsubst < hack/lib/filter.yml > filter.yml + echo "${HOME}/.local/bin" >> $GITHUB_PATH + - name: Set cluster ID + env: + RUN_ID: "${{ github.job }}" + AWS_REGION: "${{ secrets.AWS_REGION }}" + run: | + CLUSTER_ID=$(echo $RANDOM | md5sum | head -c 8) + echo "Using cluster ID ${CLUSTER_ID}" + echo "CLUSTER_ID=$CLUSTER_ID" >> $GITHUB_ENV + - name: Get AWS credentials + uses: aws-actions/configure-aws-credentials@v1.6.1 + with: + role-to-assume: ${{ secrets.AWS_ROLE_ARN }} + role-duration-seconds: 3600 + aws-region: ${{ secrets.AWS_REGION }} + role-session-name: GithubActionsSession-${{ env.CLUSTER_ID }} + - name: Create infrastructure + id: create-infrastructure + env: + AWS_REGION: "${{ secrets.AWS_REGION }}" + run: | + make create-infrastructure environment="$CLUSTER_ID" + - name: Refresh AWS credentials + if: always() + uses: aws-actions/configure-aws-credentials@v1.6.1 + with: + role-to-assume: ${{ secrets.AWS_ROLE_ARN }} + role-duration-seconds: 3600 + aws-region: ${{ secrets.AWS_REGION }} + role-session-name: GithubActionsSession-${{ env.CLUSTER_ID }} + - name: Run tests - Module + env: + DOCKER_BUILDKIT: 1 + DEV_MODE: 1 + MODULE: ${{ inputs.module }} + GLOB: ${{ inputs.glob }} + AWS_REGION: "${{ secrets.AWS_REGION }}" + ASSUME_ROLE: "${{ secrets.AWS_ROLE_ARN }}" + run: | + export AWS_DEFAULT_REGION="$AWS_REGION" + make test environment="$CLUSTER_ID" module="$MODULE" glob="$GLOB" + - name: Refresh AWS credentials + if: always() + uses: aws-actions/configure-aws-credentials@v1.6.1 + with: + role-to-assume: ${{ secrets.AWS_ROLE_ARN }} + role-duration-seconds: 3600 + aws-region: ${{ secrets.AWS_REGION }} + role-session-name: GithubActionsSession-${{ env.CLUSTER_ID }} + - name: Run tests - Cleanup + if: always() + env: + DOCKER_BUILDKIT: 1 + DEV_MODE: 1 + AWS_REGION: "${{ secrets.AWS_REGION }}" + ASSUME_ROLE: "${{ secrets.AWS_ROLE_ARN }}" + run: | + export AWS_DEFAULT_REGION="$AWS_REGION" + make test environment="$CLUSTER_ID" module="cleanup" + - name: Refresh AWS credentials + if: always() + uses: aws-actions/configure-aws-credentials@v1.6.1 + with: + role-to-assume: ${{ secrets.AWS_ROLE_ARN }} + role-duration-seconds: 3600 + aws-region: ${{ secrets.AWS_REGION }} + role-session-name: GithubActionsSession-${{ env.CLUSTER_ID }} + - name: Cleanup environment + if: always() + env: + AWS_REGION: "${{ secrets.AWS_REGION }}" + run: | + export CLEANUP_ENVIRONMENT_NAME="eks-workshop-$CLUSTER_ID" + export AWS_DEFAULT_REGION="$AWS_REGION" - cat filter.yml + envsubst < hack/lib/filter.yml > filter.yml - awsweeper --force filter.yml + cat filter.yml - make destroy-infrastructure environment="$CLUSTER_ID" + awsweeper --force filter.yml + + make destroy-infrastructure environment="$CLUSTER_ID" diff --git a/.github/workflows/preview-prod.yaml b/.github/workflows/preview-prod.yaml index a54999834..a63863957 100644 --- a/.github/workflows/preview-prod.yaml +++ b/.github/workflows/preview-prod.yaml @@ -2,7 +2,7 @@ name: Publish Prod on: workflow_dispatch: - + permissions: contents: write @@ -11,14 +11,14 @@ jobs: name: deploy runs-on: ubuntu-latest steps: - - name: Check out code - uses: actions/checkout@v2 - - name: Set Git config - run: | + - name: Check out code + uses: actions/checkout@v2 + - name: Set Git config + run: | git config user.name 'github-actions[bot]' git config user.email 'github-actions[bot]@users.noreply.github.com' - - name: Update stable branch - run: | + - name: Update stable branch + run: | git fetch --unshallow git checkout stable git pull diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index a89a6722e..568f33288 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -11,30 +11,30 @@ jobs: build: runs-on: ubuntu-latest steps: - - name: Check out code - uses: actions/checkout@v2 - with: - submodules: recursive - - name: Use Node.js - uses: actions/setup-node@v3 - with: - node-version: 18 - - name: Release - working-directory: releaser - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - MILESTONE_NUMBER: "${{ github.event.milestone.number }}" - run: | - npm install - npm run exec - - name: Set Git config - run: | + - name: Check out code + uses: actions/checkout@v2 + with: + submodules: recursive + - name: Use Node.js + uses: actions/setup-node@v3 + with: + node-version: 18 + - name: Release + working-directory: releaser + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + MILESTONE_NUMBER: "${{ github.event.milestone.number }}" + run: | + npm install + npm run exec + - name: Set Git config + run: | git config user.name 'github-actions[bot]' git config user.email 'github-actions[bot]@users.noreply.github.com' - - name: Update stable branch - run: | + - name: Update stable branch + run: | git fetch --unshallow git checkout stable git pull git merge --no-ff main -m "Publish to stable" - git push \ No newline at end of file + git push diff --git a/.github/workflows/test-aiml.yaml b/.github/workflows/test-aiml.yaml index 6d61f892b..5d42cdf2c 100644 --- a/.github/workflows/test-aiml.yaml +++ b/.github/workflows/test-aiml.yaml @@ -3,7 +3,7 @@ name: Test - AIML on: workflow_dispatch: schedule: - - cron: '0 7 * * 3' + - cron: "0 7 * * 3" permissions: id-token: write diff --git a/.github/workflows/test-automation.yaml b/.github/workflows/test-automation.yaml index ca959c64f..bb6b5c660 100644 --- a/.github/workflows/test-automation.yaml +++ b/.github/workflows/test-automation.yaml @@ -3,7 +3,7 @@ name: Test - Automation on: workflow_dispatch: schedule: - - cron: '0 7 * * 5' + - cron: "0 7 * * 5" permissions: id-token: write @@ -15,9 +15,9 @@ jobs: fail-fast: false matrix: module: - - automation/gitops - - automation/controlplanes + - automation/gitops + - automation/controlplanes uses: ./.github/workflows/module-test.yaml with: module: ${{ matrix.module }} - secrets: inherit \ No newline at end of file + secrets: inherit diff --git a/.github/workflows/test-autoscaling.yaml b/.github/workflows/test-autoscaling.yaml index fe1aa34c5..3b3b64e5e 100644 --- a/.github/workflows/test-autoscaling.yaml +++ b/.github/workflows/test-autoscaling.yaml @@ -3,7 +3,7 @@ name: Test - Autoscaling on: workflow_dispatch: schedule: - - cron: '0 7 * * 2' + - cron: "0 7 * * 2" permissions: id-token: write @@ -14,4 +14,4 @@ jobs: uses: ./.github/workflows/module-test.yaml with: module: autoscaling - secrets: inherit \ No newline at end of file + secrets: inherit diff --git a/.github/workflows/test-cleanup.yaml b/.github/workflows/test-cleanup.yaml index f5a1071aa..2cff9b3f9 100644 --- a/.github/workflows/test-cleanup.yaml +++ b/.github/workflows/test-cleanup.yaml @@ -4,7 +4,7 @@ on: workflow_dispatch: inputs: clusterId: - description: 'Cluster ID' + description: "Cluster ID" required: true permissions: @@ -16,47 +16,47 @@ jobs: name: cleanup runs-on: ubuntu-latest steps: - - name: Check out code - uses: actions/checkout@v2 - - uses: actions/setup-node@v2 - with: - node-version: '17' - - name: Install utilities - run: | - sudo apt install -y gettext - - mkdir -p ${HOME}/.local/bin - wget https://github.com/jckuester/awsweeper/releases/download/v0.12.0/awsweeper_0.12.0_linux_amd64.tar.gz - tar zxf awsweeper_0.12.0_linux_amd64.tar.gz - mv awsweeper_0.12.0_linux_amd64/awsweeper ${HOME}/.local/bin - - wget https://github.com/eksctl-io/eksctl/releases/download/v0.169.0/eksctl_Linux_amd64.tar.gz - tar zxf eksctl_Linux_amd64.tar.gz - mv eksctl ${HOME}/.local/bin - - chmod +x ${HOME}/.local/bin/* - - echo "${HOME}/.local/bin" >> $GITHUB_PATH - - name: Get AWS credentials - uses: aws-actions/configure-aws-credentials@v1.6.1 - with: - role-to-assume: ${{ secrets.AWS_ROLE_ARN }} - role-duration-seconds: 3600 - aws-region: ${{ secrets.AWS_REGION }} - role-session-name: GithubActionsSession - - name: Cleanup environment - timeout-minutes: 60 - env: - CLUSTER_ID: ${{ github.event.inputs.clusterId }} - AWS_REGION: "${{ secrets.AWS_REGION }}" - run: | - export CLEANUP_ENVIRONMENT_NAME="$CLUSTER_ID" - export AWS_DEFAULT_REGION="$AWS_REGION" - - envsubst < hack/lib/filter.yml > filter.yml - - cat filter.yml - - awsweeper --force filter.yml - - make destroy-infrastructure environment="$CLUSTER_ID" + - name: Check out code + uses: actions/checkout@v2 + - uses: actions/setup-node@v2 + with: + node-version: "17" + - name: Install utilities + run: | + sudo apt install -y gettext + + mkdir -p ${HOME}/.local/bin + wget https://github.com/jckuester/awsweeper/releases/download/v0.12.0/awsweeper_0.12.0_linux_amd64.tar.gz + tar zxf awsweeper_0.12.0_linux_amd64.tar.gz + mv awsweeper_0.12.0_linux_amd64/awsweeper ${HOME}/.local/bin + + wget https://github.com/eksctl-io/eksctl/releases/download/v0.169.0/eksctl_Linux_amd64.tar.gz + tar zxf eksctl_Linux_amd64.tar.gz + mv eksctl ${HOME}/.local/bin + + chmod +x ${HOME}/.local/bin/* + + echo "${HOME}/.local/bin" >> $GITHUB_PATH + - name: Get AWS credentials + uses: aws-actions/configure-aws-credentials@v1.6.1 + with: + role-to-assume: ${{ secrets.AWS_ROLE_ARN }} + role-duration-seconds: 3600 + aws-region: ${{ secrets.AWS_REGION }} + role-session-name: GithubActionsSession + - name: Cleanup environment + timeout-minutes: 60 + env: + CLUSTER_ID: ${{ github.event.inputs.clusterId }} + AWS_REGION: "${{ secrets.AWS_REGION }}" + run: | + export CLEANUP_ENVIRONMENT_NAME="$CLUSTER_ID" + export AWS_DEFAULT_REGION="$AWS_REGION" + + envsubst < hack/lib/filter.yml > filter.yml + + cat filter.yml + + awsweeper --force filter.yml + + make destroy-infrastructure environment="$CLUSTER_ID" diff --git a/.github/workflows/test-cloudformation.yaml b/.github/workflows/test-cloudformation.yaml index 3fb8a6b2f..7d499fec3 100644 --- a/.github/workflows/test-cloudformation.yaml +++ b/.github/workflows/test-cloudformation.yaml @@ -3,7 +3,7 @@ name: Test - CloudFormation on: workflow_dispatch: schedule: - - cron: '0 0 * * *' + - cron: "0 0 * * *" permissions: id-token: write @@ -15,38 +15,38 @@ jobs: name: run-tests runs-on: ubuntu-latest steps: - - name: Check out code - uses: actions/checkout@v2 - - name: Set cluster ID - env: - RUN_ID: "${{ github.job }}" - AWS_REGION: "${{ secrets.AWS_REGION }}" - run: | - CLUSTER_ID=$(echo $RANDOM | md5sum | head -c 8) - echo "Using cluster ID ${CLUSTER_ID}" - echo "CLUSTER_ID=$CLUSTER_ID" >> $GITHUB_ENV - - name: Set branch name - run: echo "TEST_BRANCH=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_ENV - - name: Get AWS credentials - uses: aws-actions/configure-aws-credentials@v1.6.1 - with: - role-to-assume: ${{ secrets.AWS_ROLE_ARN }} - role-duration-seconds: 3600 - aws-region: ${{ secrets.AWS_REGION }} - role-session-name: GithubActionsSession-${{ env.CLUSTER_ID }} - - name: Deploy - id: deploy - env: - AWS_REGION: "${{ secrets.AWS_REGION }}" - run: | - aws cloudformation deploy --stack-name cfn-test-${CLUSTER_ID}-${TEST_BRANCH} \ - --template-file ./lab/cfn/eks-workshop-ide-cfn.yaml \ - --parameter-overrides RepositoryRef=${TEST_BRANCH} \ - --capabilities CAPABILITY_NAMED_IAM - - name: Cleanup - if: always() - env: - AWS_REGION: "${{ secrets.AWS_REGION }}" - run: | - aws cloudformation delete-stack --stack-name cfn-test-${CLUSTER_ID}-${TEST_BRANCH} - aws cloudformation wait stack-delete-complete --stack-name cfn-test-${CLUSTER_ID}-${TEST_BRANCH} \ No newline at end of file + - name: Check out code + uses: actions/checkout@v2 + - name: Set cluster ID + env: + RUN_ID: "${{ github.job }}" + AWS_REGION: "${{ secrets.AWS_REGION }}" + run: | + CLUSTER_ID=$(echo $RANDOM | md5sum | head -c 8) + echo "Using cluster ID ${CLUSTER_ID}" + echo "CLUSTER_ID=$CLUSTER_ID" >> $GITHUB_ENV + - name: Set branch name + run: echo "TEST_BRANCH=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_ENV + - name: Get AWS credentials + uses: aws-actions/configure-aws-credentials@v1.6.1 + with: + role-to-assume: ${{ secrets.AWS_ROLE_ARN }} + role-duration-seconds: 3600 + aws-region: ${{ secrets.AWS_REGION }} + role-session-name: GithubActionsSession-${{ env.CLUSTER_ID }} + - name: Deploy + id: deploy + env: + AWS_REGION: "${{ secrets.AWS_REGION }}" + run: | + aws cloudformation deploy --stack-name cfn-test-${CLUSTER_ID}-${TEST_BRANCH} \ + --template-file ./lab/cfn/eks-workshop-ide-cfn.yaml \ + --parameter-overrides RepositoryRef=${TEST_BRANCH} \ + --capabilities CAPABILITY_NAMED_IAM + - name: Cleanup + if: always() + env: + AWS_REGION: "${{ secrets.AWS_REGION }}" + run: | + aws cloudformation delete-stack --stack-name cfn-test-${CLUSTER_ID}-${TEST_BRANCH} + aws cloudformation wait stack-delete-complete --stack-name cfn-test-${CLUSTER_ID}-${TEST_BRANCH} diff --git a/.github/workflows/test-fundamentals.yaml b/.github/workflows/test-fundamentals.yaml index 58ccae9b9..7b0bd38b8 100644 --- a/.github/workflows/test-fundamentals.yaml +++ b/.github/workflows/test-fundamentals.yaml @@ -3,7 +3,7 @@ name: Test - Fundamentals on: workflow_dispatch: schedule: - - cron: '0 7 * * 1' + - cron: "0 7 * * 1" permissions: id-token: write @@ -15,11 +15,11 @@ jobs: fail-fast: false matrix: module: - - fundamentals/managed-node-groups - - fundamentals/fargate - - fundamentals/exposing - - fundamentals/storage + - fundamentals/managed-node-groups + - fundamentals/fargate + - fundamentals/exposing + - fundamentals/storage uses: ./.github/workflows/module-test.yaml with: module: ${{ matrix.module }} - secrets: inherit \ No newline at end of file + secrets: inherit diff --git a/.github/workflows/test-introduction.yaml b/.github/workflows/test-introduction.yaml index 05ffff1ca..3fdad915f 100644 --- a/.github/workflows/test-introduction.yaml +++ b/.github/workflows/test-introduction.yaml @@ -3,7 +3,7 @@ name: Test - Introduction on: workflow_dispatch: schedule: - - cron: '0 7 * * 2' + - cron: "0 7 * * 2" permissions: id-token: write @@ -14,4 +14,4 @@ jobs: uses: ./.github/workflows/module-test.yaml with: module: introduction - secrets: inherit \ No newline at end of file + secrets: inherit diff --git a/.github/workflows/test-networking.yaml b/.github/workflows/test-networking.yaml index 5a80a9838..8fcfe486c 100644 --- a/.github/workflows/test-networking.yaml +++ b/.github/workflows/test-networking.yaml @@ -3,7 +3,7 @@ name: Test - Networking on: workflow_dispatch: schedule: - - cron: '0 7 * * 3' + - cron: "0 7 * * 3" permissions: id-token: write @@ -14,4 +14,4 @@ jobs: uses: ./.github/workflows/module-test.yaml with: module: networking - secrets: inherit \ No newline at end of file + secrets: inherit diff --git a/.github/workflows/test-observability.yaml b/.github/workflows/test-observability.yaml index 59a90b53e..2d003b06c 100644 --- a/.github/workflows/test-observability.yaml +++ b/.github/workflows/test-observability.yaml @@ -3,7 +3,7 @@ name: Test - Observability on: workflow_dispatch: schedule: - - cron: '0 7 * * 4' + - cron: "0 7 * * 4" permissions: id-token: write @@ -19,4 +19,4 @@ jobs: uses: ./.github/workflows/module-test.yaml with: module: observability/opensearch - secrets: inherit \ No newline at end of file + secrets: inherit diff --git a/.github/workflows/test-security.yaml b/.github/workflows/test-security.yaml index 3daf3334a..7de8b14a5 100644 --- a/.github/workflows/test-security.yaml +++ b/.github/workflows/test-security.yaml @@ -3,7 +3,7 @@ name: Test - Security on: workflow_dispatch: schedule: - - cron: '0 7 * * 4' + - cron: "0 7 * * 4" permissions: id-token: write @@ -14,4 +14,4 @@ jobs: uses: ./.github/workflows/module-test.yaml with: module: security - secrets: inherit \ No newline at end of file + secrets: inherit diff --git a/.github/workflows/test-util-ci.yml b/.github/workflows/test-util-ci.yml index 978f09440..deb7fe857 100644 --- a/.github/workflows/test-util-ci.yml +++ b/.github/workflows/test-util-ci.yml @@ -4,33 +4,33 @@ on: workflow_dispatch: pull_request: branches: - - main + - main paths: - - test/util/** + - test/util/** jobs: test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - name: Use Node.js ${{ env.node_version }} - uses: actions/setup-node@v3 - with: - node-version: ${{ env.node_version }} - registry-url: 'https://registry.npmjs.org' - - name: Install NPM packages - working-directory: test/util - run: npm ci - - name: Build - working-directory: test/util - run: npm run build - - name: Run unit tests - working-directory: test/util - run: | - npm test - - name: Run test content - working-directory: test/util - run: | - npm run exec -- test ./test-content + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: Use Node.js ${{ env.node_version }} + uses: actions/setup-node@v3 + with: + node-version: ${{ env.node_version }} + registry-url: "https://registry.npmjs.org" + - name: Install NPM packages + working-directory: test/util + run: npm ci + - name: Build + working-directory: test/util + run: npm run build + - name: Run unit tests + working-directory: test/util + run: | + npm test + - name: Run test content + working-directory: test/util + run: | + npm run exec -- test ./test-content diff --git a/.markdownlintrc b/.markdownlintrc deleted file mode 100644 index 106b4b42a..000000000 --- a/.markdownlintrc +++ /dev/null @@ -1,19 +0,0 @@ -{ - // Enable all markdownlint rules - "default": true, - - // Disable line length check - "MD013": false, - - // Disable dollar sign in bash check - "MD014": false, - - // Disable files needing to end with single newline - "MD047": false, - - // Disable detection of inline HTML since we use JSX - "MD033": false, - - // Disable bare URL detection - "MD034": false -} diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 939ded7b5..2328637d8 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -19,3 +19,8 @@ repos: - "--args=--only=terraform_module_pinned_source" - "--args=--only=terraform_naming_convention" - "--args=--only=terraform_workspace_remote" + + - repo: https://github.com/pre-commit/mirrors-prettier + rev: "v3.1.0" + hooks: + - id: prettier diff --git a/.prettierignore b/.prettierignore new file mode 100644 index 000000000..81f257f7c --- /dev/null +++ b/.prettierignore @@ -0,0 +1,7 @@ +.git/ +.vscode +.docusaurus +test-output +dist +lab-timing-data.json +_application.yaml \ No newline at end of file diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index 5b627cfa6..ec98f2b76 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -1,4 +1,5 @@ ## Code of Conduct + This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact opensource-codeofconduct@amazon.com with any additional questions or comments. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 47689f443..768112698 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,7 +1,9 @@ # Contributing Guidelines -We're so excited to have you join us and help make the EKS Workshop project even better! Whether you're adding new content, code samples, or improving what's already here, there are just a few guidelines to follow. + +We're so excited to have you join us and help make the EKS Workshop project even better! Whether you're adding new content, code samples, or improving what's already here, there are just a few guidelines to follow. ## Goal and Target Audience + It's important to note that our [open-source software (OSS) community](https://aws.amazon.com/what-is/open-source/) values our content most because it's openly governed and vendor-neutral in its guidance. Unless a vendor's product or service has an open source component and/or is widely recognized as a standard, we limit contributions to open source guidance and best practices, exclusively. ## Reporting Bugs/Feature Requests @@ -11,16 +13,16 @@ We welcome you to use the GitHub issue tracker to report bugs or suggest feature When filing an issue, please check existing open, or recently closed, issues to make sure somebody else hasn't already reported the issue. Please try to include as much information as you can. Details like these are incredibly useful: -* A reproducible test case or series of steps -* The version of our code being used -* Any modifications you've made relevant to the bug -* Anything unusual about your environment or deployment - +- A reproducible test case or series of steps +- The version of our code being used +- Any modifications you've made relevant to the bug +- Anything unusual about your environment or deployment ## Contributing via Pull Requests + Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that: -1. You are working against the latest source on the *main* branch. +1. You are working against the latest source on the _main_ branch. 2. You check existing open, and recently merged, pull requests to make sure someone else hasn't addressed the problem already. 3. You open an issue to discuss any significant work - we would hate for your time to be wasted. @@ -30,27 +32,26 @@ To send us a pull request, please: 2. Modify the source; please focus on the specific change you are contributing. If you also reformat all the code, it will be hard for us to focus on your change. 3. Ensure local tests pass. 4. Ensure code files are formatted using language provided tools such as `terraform fmt`. -4. Commit to your fork using clear commit messages. -5. Send us a pull request, answering any default questions in the pull request interface. -6. Pay attention to any automated CI failures reported in the pull request, and stay involved in the conversation. +5. Commit to your fork using clear commit messages. +6. Send us a pull request, answering any default questions in the pull request interface. +7. Pay attention to any automated CI failures reported in the pull request, and stay involved in the conversation. GitHub provides additional document on [forking a repository](https://help.github.com/articles/fork-a-repo/) and [creating a pull request](https://help.github.com/articles/creating-a-pull-request/). - ## Finding contributions to work on -Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels (enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any 'help wanted' issues is a great place to start. +Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels (enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any 'help wanted' issues is a great place to start. ## Code of Conduct + This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact opensource-codeofconduct@amazon.com with any additional questions or comments. - ## Security issue notifications -If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue. +If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue. ## Licensing diff --git a/Makefile b/Makefile index e6c7be030..0a20fcf95 100644 --- a/Makefile +++ b/Makefile @@ -49,7 +49,3 @@ create-infrastructure: .PHONY: destroy-infrastructure destroy-infrastructure: bash hack/destroy-infrastructure.sh $(environment) - -.PHONY: lint-markdown -lint-markdown: - bash hack/markdownlint.sh diff --git a/README.md b/README.md index 4e8654da5..1bec29e7d 100644 --- a/README.md +++ b/README.md @@ -7,11 +7,11 @@ Welcome to the repository for the [Amazon Elastic Kubernetes Services workshop]( The Amazon EKS Workshop is built to help users learn about Amazon EKS features and integrations with popular open-source projects. The workshop is abstracted into high-level learning modules, including Networking, Security, DevOps Automation, and more. These are further broken down into standalone labs focusing on a particular feature, tool, or use-case. To ensure a consistent and predictable learning experience, the Amazon EKS Workshop closely adheres to the following tenets: **Tenets**: -* **Modular**: The workshop is made up of standalone modules that can be individually completed, allowing you to start at any module and easily switch between them. -* **Consistent sample app**: The workshop uses the same sample retail store application across all modules: AWS Containers Retail Sample. -* **Amazon EKS-focused**: Although the workshop covers some Kubernetes basics, it primarily focuses on familiarizing the user with concepts directly related to Amazon EKS. -* **Continuously tested**: We automatically test the infrastructure provisioning and CLI steps in the workshop, allowing us to keep the workshop updated and tracking the latest versions of Amazon EKS. +- **Modular**: The workshop is made up of standalone modules that can be individually completed, allowing you to start at any module and easily switch between them. +- **Consistent sample app**: The workshop uses the same sample retail store application across all modules: AWS Containers Retail Sample. +- **Amazon EKS-focused**: Although the workshop covers some Kubernetes basics, it primarily focuses on familiarizing the user with concepts directly related to Amazon EKS. +- **Continuously tested**: We automatically test the infrastructure provisioning and CLI steps in the workshop, allowing us to keep the workshop updated and tracking the latest versions of Amazon EKS. ## Navigating the repository @@ -36,15 +36,17 @@ There are several tools that are required to run the workshop such as `kubectl` ## Community ### Governance -* Steering Committee: [governance/steering.md](governance/steering.md) -* Governance model: [governance/model.md](governance/model.md) -* Tenets: [governance/tenets.md](governance/tenets.md) + +- Steering Committee: [governance/steering.md](governance/steering.md) +- Governance model: [governance/model.md](governance/model.md) +- Tenets: [governance/tenets.md](governance/tenets.md) ### Meetings + 2nd Thursday every month at 8am PT (3pm UTC) -* Meeting link: [Chime Web Meeting Link](https://chime.aws/8607878433) -* Agenda, Notes, and calendar invites: [Google Doc](https://docs.google.com/document/d/1hYjhBhPvLVMf7gunooM-kE0wptMjMIORCmI2BOedCWI/edit?usp=sharing) +- Meeting link: [Chime Web Meeting Link](https://chime.aws/8607878433) +- Agenda, Notes, and calendar invites: [Google Doc](https://docs.google.com/document/d/1hYjhBhPvLVMf7gunooM-kE0wptMjMIORCmI2BOedCWI/edit?usp=sharing) ## Security diff --git a/cluster/eksctl/cluster.yaml b/cluster/eksctl/cluster.yaml index d0ef68b9d..939e82c3b 100644 --- a/cluster/eksctl/cluster.yaml +++ b/cluster/eksctl/cluster.yaml @@ -7,7 +7,7 @@ availabilityZones: metadata: name: ${EKS_CLUSTER_NAME} region: ${AWS_REGION} - version: '1.29' + version: "1.29" tags: karpenter.sh/discovery: ${EKS_CLUSTER_NAME} created-by: eks-workshop-v2 @@ -22,7 +22,7 @@ vpc: addons: - name: vpc-cni version: 1.14.1 - configurationValues: "{\"env\":{\"ENABLE_PREFIX_DELEGATION\":\"true\", \"ENABLE_POD_ENI\":\"true\", \"POD_SECURITY_GROUP_ENFORCING_MODE\":\"standard\"},\"enableNetworkPolicy\": \"true\"}" + configurationValues: '{"env":{"ENABLE_PREFIX_DELEGATION":"true", "ENABLE_POD_ENI":"true", "POD_SECURITY_GROUP_ENFORCING_MODE":"standard"},"enableNetworkPolicy": "true"}' resolveConflicts: overwrite managedNodeGroups: - name: default @@ -35,4 +35,4 @@ managedNodeGroups: updateConfig: maxUnavailablePercentage: 50 labels: - workshop-default: 'yes' + workshop-default: "yes" diff --git a/docs/authoring_content.md b/docs/authoring_content.md index 076de0871..69ab68f05 100644 --- a/docs/authoring_content.md +++ b/docs/authoring_content.md @@ -5,6 +5,7 @@ This guide outlines how to author content for the workshop, whether adding new c ## Pre-requisites The following pre-requisites are necessary to work on the content: + - Access to an AWS account - Installed locally: - Docker @@ -17,6 +18,7 @@ The following pre-requisites are necessary to work on the content: ## Create a work branch The first step is to create a working branch to create the content. There are two ways to do this depending on your access level: + 1. If you have `write` access to this repository you can clone it locally create a new branch directly 2. Otherwise fork the repository, clone it and create a new branch @@ -59,10 +61,12 @@ If the component you require is not already supported by EKS Blueprints you can In order to keep up with new versions of Helm charts being published there is an automated mechanism used to monitor all Helm charts used in the workshop content that will raise PRs when new versions are published. In addition to adding a component to Terraform as outlined in the previous section you must also do the following: + - Edit the file `helm/charts.yaml` and specify the Helm repository, chart name etc. - Edit the file `terraform/modules/cluster/helm_versions.tf.json` and specify the initial version, note the map name must match the `name` field from `charts.yaml` for your chart. By default the automated system will look for the latest version of any charts added, but you can control this by using the `constraint` field, which uses the [NPM semantic versioning](https://docs.npmjs.com/about-semantic-versioning) constraint syntax. Please use this sparingly, as any constraints used will require additional maintenance overhead to keep updated. This should mainly be used for charts where: + - The latest chart versions are incompatible with the version of EKS in the content - The content requires significant changes to bring it inline with a new version @@ -82,6 +86,7 @@ Example constraint in `helm/charts.yaml`: Any content changes are expected to be accompanied by the any corresponding infrastructure changes in the same Pull Request. All Terraform configuration resides in the `terraform` directory, and is structured as follows: + - `modules/cluster` contains resources related to VPC, EKS and those used by workloads in EKS (IAM roles) - `modules/ide` contains resources related to the Cloud9 IDE and its bootstrapping - `cluster-only` is a small wrapper around `modules/cluster` @@ -122,17 +127,20 @@ make destroy-infrastructure When in the process of creating the content its likely you'll need to be fairly interactive in testing commands etc. For this theres a mechanism to easily create an interactive shell with access to the EKS cluster created by the Terraform, as well as including all the necessary tools and utilities without installing them locally. To use this utility you must: + - Already have created the workshop infrastructure as outlined in the section above - Have some AWS credentials available in your current shell session (ie. you `aws` CLI must work) The shell session created will have AWS credentials injected, so you will immediately be able to use the `aws` CLI and `kubectl` commands with no further configuration: If using [finch CLI](https://github.com/runfinch/finch) instead of `docker` CLI you need to set two environment variable `CONTAINER_CLI` or run `make` with the variable set like `CONTAINER_CLI=finch make shell` here how to set the variable in the terminal session for every command. + ```bash export CONTAINER_CLI=finch ``` Run the `make shell` + ```bash ➜ eks-workshop-v2 git:(main) ✗ make shell bash hack/shell.sh diff --git a/docs/automated_tests.md b/docs/automated_tests.md index f9b1a70cd..85ed0be04 100644 --- a/docs/automated_tests.md +++ b/docs/automated_tests.md @@ -11,6 +11,7 @@ This section documents running the tests locally as well as via PRs. You should run the tests locally before raising a PR, this can be done with some convenience scripts. To use this utility you must: + - Have some AWS credentials available in your current shell session (ie. you `aws` CLI must work) First, ensure you have the workshop infrastructure running in your AWS account: @@ -105,6 +106,7 @@ make destroy-infrastructure **Note:** This section is for repository maintainers By default the end-to-end tests will not run against a PR because: + - The PR should be reviewed first - Tests take time to execute so only selective modules should be run @@ -226,14 +228,13 @@ $ sleep 150 Here is a complete list of the available annotations: -| Annotation | Description | Default | -|-------------|--------------|---------| -| test | This script block should be executed as a test | true | -| timeout | Time limit in seconds before the script block will be marked as failed | 120 | -| hook | Name of the hook to execute for this script section | | -| hookTimeout | Time limit in seconds for the hooks to complete before the script block will be marked as failed | 300 | -| expectError | Ignore any errors that occur when the script block is executed | false | - +| Annotation | Description | Default | +| ----------- | ------------------------------------------------------------------------------------------------ | ------- | +| test | This script block should be executed as a test | true | +| timeout | Time limit in seconds before the script block will be marked as failed | 120 | +| hook | Name of the hook to execute for this script section | | +| hookTimeout | Time limit in seconds for the hooks to complete before the script block will be marked as failed | 300 | +| expectError | Ignore any errors that occur when the script block is executed | false | ### What if my module can't be tested? diff --git a/docs/cluster_requirements.md b/docs/cluster_requirements.md index 5ed61a1d7..aeda9329b 100644 --- a/docs/cluster_requirements.md +++ b/docs/cluster_requirements.md @@ -5,12 +5,14 @@ The workshop provides multiple ways to provision the EKS cluster for the lab exe ## Global Requirements The following global requirements must be implemented: + 1. The configuration should be parameterized so that the infrastructure can be installed multiple times in the same AWS account/region 2. All infrastructure should be tagged with `created-by: eks-workshop-v2` and `env: ${EKS_CLUSTER_NAME}` ## VPC The VPC for the lab cluster must implement the following: + 1. The default VPC CIDR should be `10.42.0.0/16` 2. It should have 3 public subnets and 3 private subnets across different availability zones 3. The public subnet CIDR ranges should be `10.42.0.0/19`, `10.42.32.0/19` and `10.42.64.0/19` @@ -22,11 +24,12 @@ The VPC for the lab cluster must implement the following: ## EKS Cluster The EKS cluster for the lab must implement the following: + 1. It should have both public and private EKS control plane endpoints enabled 2. It should have the VPC CNI EKS Managed Addon installed with the following configuration: `{"env":{"ENABLE_PREFIX_DELEGATION":"true", "ENABLE_POD_ENI":"true", "POD_SECURITY_GROUP_ENFORCING_MODE":"standard"}}` 3. It should have a single node group, if possible named `default` with the following characteristics: - * Desired + Minimum size = 3, Maximum size = 6 - * Instance type of `m5.large` - * Utilizing only the private subnets - * An AMI release version explicitly specified that matches the other implementations - * The label `workshop-default: 'yes'` + - Desired + Minimum size = 3, Maximum size = 6 + - Instance type of `m5.large` + - Utilizing only the private subnets + - An AMI release version explicitly specified that matches the other implementations + - The label `workshop-default: 'yes'` diff --git a/docs/eks_version_upgrades.md b/docs/eks_version_upgrades.md index 0ddd9a64d..992c28b0d 100644 --- a/docs/eks_version_upgrades.md +++ b/docs/eks_version_upgrades.md @@ -28,6 +28,7 @@ The name of the release expected by the EKS API for this AMI would be: ``` This is a combination of: + - the `k8s` value (`1.25.6`) - the date string without the `v` (`20230304`) @@ -39,4 +40,4 @@ There are various places that reference the Kubernetes versions (Kubernetes, kub 1. IDE installer: `lab/scripts/installer.sh` 1. eksctl: `cluster/eksctl/cluster.yaml` 1. Terraform: `cluster/terraform/variables.tf` -1. Common kubectl: `hack/lib/kubectl-version.sh` \ No newline at end of file +1. Common kubectl: `hack/lib/kubectl-version.sh` diff --git a/docs/faq.md b/docs/faq.md index c2246ff63..a993135c3 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -6,15 +6,15 @@ The error looks similar to this: ``` │ Error: could not download chart: failed to download "oci://public.ecr.aws/kubecost/cost-analyzer" at version "1.96.0" -│ +│ │ with module.cluster.module.eks-blueprints-kubernetes-addons.module.kubecost[0].module.helm_addon.helm_release.addon[0], │ on .terraform/modules/cluster.eks-blueprints-kubernetes-addons/modules/kubernetes-addons/helm-addon/main.tf line 1, in resource "helm_release" "addon": │ 1: resource "helm_release" "addon" { -│ +│ ╵ ``` -This is likely due to expired credentials from previously interacting with ECR Public. +This is likely due to expired credentials from previously interacting with ECR Public. Run `docker logout public.ecr.aws`, `helm registry logout public.ecr.aws` and then re-run `make create-infrastructure`. ### Q: Destroying my infrastructure failed and now I have AWS resources left over, what can I do? diff --git a/docs/releases.md b/docs/releases.md index 110e8532f..ded76d81b 100644 --- a/docs/releases.md +++ b/docs/releases.md @@ -1,6 +1,6 @@ # EKS Workshop - Releases -The EKS Workshop will publish a new version on the last Friday of each month containing all PRs merged to the `main` branch during that time. This will update the content on https://eksworkshop.com and publish a new version to Workshop Studio for AWS events. The changes for the release each month will be publish as a GitHub Release with a corresponding changelog. +The EKS Workshop will publish a new version on the last Friday of each month containing all PRs merged to the `main` branch during that time. This will update the content on https://eksworkshop.com and publish a new version to Workshop Studio for AWS events. The changes for the release each month will be publish as a GitHub Release with a corresponding changelog. There may be releases published off-schedule for specific events like re:Invent and Kubecon, as well as updates made during the month for critical bug fixes. @@ -9,6 +9,7 @@ Each release will have a corresponding GitHub milestone associated with it to tr ## Milestones GitHub allows the associating of both issues and pull requests to milestones for tracking. In general the pattern for this repository is: + 1. Associate with an issue if it exists while PR is being developed 2. Replacing the issue with the PR in the milestone once created @@ -28,12 +29,12 @@ feat: This is my pull request The following types will be recognized by the release notes generator: -| Type | Release Notes Section | Purpose | -| ----------- | --------------------- | ------------------------------------------------------------------------------------------ | -| new | New labs | A net-new lab has been added in this PR | -| update | Updated labs | The content of an existing lab has changed | -| fix | Fixes | A simple fix that has not changed the flow/structure of a lab | -| feat | Features | Adds or updates functionality not related to a specific lab (for example website, testing) | +| Type | Release Notes Section | Purpose | +| ------ | --------------------- | ------------------------------------------------------------------------------------------ | +| new | New labs | A net-new lab has been added in this PR | +| update | Updated labs | The content of an existing lab has changed | +| fix | Fixes | A simple fix that has not changed the flow/structure of a lab | +| feat | Features | Adds or updates functionality not related to a specific lab (for example website, testing) | The generator will also pick up `content/` labels applied to the PRs to categorize PRs according to the top level module that they are related to. For example `content/security` would result in: @@ -46,6 +47,7 @@ This is not relevant to all PRs so only use this capability where it makes sense ## Triggering a release Closing a milestone will automatically trigger its corresponding release process through GitHub actions. This will: + 1. Generate release notes 2. Create a tag prefixed with `release-` -3. Create a GitHub release referencing (1) and (2) \ No newline at end of file +3. Create a GitHub release referencing (1) and (2) diff --git a/docs/reviewer_checklist.md b/docs/reviewer_checklist.md index 19a482b1b..e684ab988 100644 --- a/docs/reviewer_checklist.md +++ b/docs/reviewer_checklist.md @@ -33,4 +33,4 @@ See style guide for expanded explanations. ## Misc - [ ] Generated lab timing has been created (new lab) or updated (updated lab) if needed -- [ ] All Terraform resources created have dynamic names \ No newline at end of file +- [ ] All Terraform resources created have dynamic names diff --git a/docs/style_guide.md b/docs/style_guide.md index 23589a19d..91d5332ec 100644 --- a/docs/style_guide.md +++ b/docs/style_guide.md @@ -122,7 +122,7 @@ $ kubectl exec -it deployment/example -- bash [root@b32a35acd6b6 /]$ curl localhost:8080 Hello! [root@b32a35acd6b6 /]$ exit -$ +$ ``` It is preferable to use this: @@ -141,7 +141,6 @@ Sometimes it is tempting to execute a long-running command in one window and ins 2. Contextual information like environment variables can get lost in new windows 3. It is more difficult to test - ### Referencing external manifests or components If something like a manifest hosted externally is to be referenced by content it should be pinned as explicitly as possible to prevent changes to these files causing uncontrolled changes to the content experience, or worse breaking it entirely. @@ -165,6 +164,7 @@ Notice we changed from referring to `master` to referring to the tag `v0.0.86`. ### Referencing existing AWS infrastructure in content It is common in workshop content to reference various AWS infrastructure that has been build by the Terraform configuration provided. Some examples of this include: + - Getting the cluster name to reference in a Kubernetes manifest - Modifying EKS managed node group configuration by name @@ -195,6 +195,7 @@ Note blocks are available ### Badges To mark your module as an independent module that users can begin with, place the following in the header of your markdown file: + ``` --- ... @@ -203,6 +204,7 @@ sidebar_custom_props: {"module": true} ``` To mark your module as informational, with no actionable steps, place the following in the header of your markdown file: + ``` --- ... diff --git a/docs/ui_components.md b/docs/ui_components.md index 57582dea2..41554d18d 100644 --- a/docs/ui_components.md +++ b/docs/ui_components.md @@ -9,6 +9,7 @@ Docusaurus provides the framework for building the front-end of the workshop con The terminal window component is designed to display commands that participants should run, as well as optionally it associated output. It provides the following features: + - Supports multi-line commands using `\` - Scrolls for content too large to display - 'Click to copy' function which copies the command to the clipboard when clicking anywhere on the component (ignoring output) diff --git a/governance/model.md b/governance/model.md index f7126d668..c46c99a4c 100644 --- a/governance/model.md +++ b/governance/model.md @@ -4,41 +4,41 @@ The EKS workshop will adhere to the following principles: -* The workshop is an open source project: we will allow and encourage contributions from the community at large. -* Welcoming and respectful: we will respect all contributions from the community and will strive to cultivate a friendly and welcoming atmosphere. -* Transparency: all work on the project will be done in public. -* Merit: ideas and contributions will be accepted on their merits and align with the project’s goals and objectives. +- The workshop is an open source project: we will allow and encourage contributions from the community at large. +- Welcoming and respectful: we will respect all contributions from the community and will strive to cultivate a friendly and welcoming atmosphere. +- Transparency: all work on the project will be done in public. +- Merit: ideas and contributions will be accepted on their merits and align with the project’s goals and objectives. ## Steering committee -The steering committee will have at least 1 representative from the following AWS communities: +The steering committee will have at least 1 representative from the following AWS communities: -* Container Specialist SA -* Technical Account Manager (TAM) -* Professional Services -* TFC at large +- Container Specialist SA +- Technical Account Manager (TAM) +- Professional Services +- TFC at large -Committee members will represent the interests of their cohort at committee meetings and will serve for no longer than 1 year. When their term expires or they leave their post, the cohort they represent will nominate a replacement. The steering committee will then vote to accept or reject the nominee submitted. Steering committee members will be AWS employees. +Committee members will represent the interests of their cohort at committee meetings and will serve for no longer than 1 year. When their term expires or they leave their post, the cohort they represent will nominate a replacement. The steering committee will then vote to accept or reject the nominee submitted. Steering committee members will be AWS employees. The steering committee will be responsible for the overall governance of the project. This includes ongoing management and oversight of the project, adhering to the guiding principles, creating and dissolving working groups as necessary, and deciding which topics are included in the workshop. The work of the steering committee may not always be public. -The steering committee will also be responsible for communicating project wide changes, i.e. changes that can potentially affect all of the working groups, e.g. changes to the style guide, tenets, etc. +The steering committee will also be responsible for communicating project wide changes, i.e. changes that can potentially affect all of the working groups, e.g. changes to the style guide, tenets, etc. The steering committee will select the chairs and maintainers of each working group. To nominate new chairs/wranglers/maintainers, raise a PR to [steering.md](steering.md). Nominations will require approval from atleast two current steering committee members. ## Working groups -Working groups will be formed for each major topic in the workshop. Each workgroup will have a least 1 chair and at least 1 maintainer. The working groups are be responsible for creating and maintaining the workshop module(s) associated with a particular topic, for example, security, observability, etc. If a chair or maintainer leaves before their terms expires, they are responsible for finding their replacement. +Working groups will be formed for each major topic in the workshop. Each workgroup will have a least 1 chair and at least 1 maintainer. The working groups are be responsible for creating and maintaining the workshop module(s) associated with a particular topic, for example, security, observability, etc. If a chair or maintainer leaves before their terms expires, they are responsible for finding their replacement. Each working group will be assigned a steering committee liaison who will serve as their primary point of contact and escalation for the steering committee. The liaison will periodically receive status updates from the working group chairs. ### Working group chairs -Each working group will be led by at least 1 chair who will serve in that role for at least 6 months. The chairs will serve as project managers for the workshop modules in their topic area. Responsibilities include recruiting members from the broader community to develop workshop modules, creating and assigning tasks, setting and maintaining a high quality bar for all releases, and periodically reporting progress/status to the steering committee. +Each working group will be led by at least 1 chair who will serve in that role for at least 6 months. The chairs will serve as project managers for the workshop modules in their topic area. Responsibilities include recruiting members from the broader community to develop workshop modules, creating and assigning tasks, setting and maintaining a high quality bar for all releases, and periodically reporting progress/status to the steering committee. If working group chairs want make significant changes, impose new processes or conventions, they can present those proposals to the steering committee for approval. If there are doubts about how to proceed, these too, may be escalated to the steering committee for further guidance. -The chair is reponsible for finding maintainers for their working group. If a maintainer leaves the project before their term expires, the chair will work with the maintainer to find a suitable replacement. Finding PR and issue wranglers is also the reponsibility of the chair. +The chair is reponsible for finding maintainers for their working group. If a maintainer leaves the project before their term expires, the chair will work with the maintainer to find a suitable replacement. Finding PR and issue wranglers is also the reponsibility of the chair. ### Working group maintainers @@ -50,7 +50,7 @@ If a topic area encompasses multiple sub-topics and the work to create and maint ## Shadowing -AWS employees who wish to chair a working group or become a maintainer will be given the opportunity to shadow the current chair and maintainer. As a shadow, employees will be required to attend all working group meetings and/or schedule recurring meetings to observe how the role is performed. Employees who shadow for at least 2 months will be eligible to become chairs and maintainers when the current term expires. +AWS employees who wish to chair a working group or become a maintainer will be given the opportunity to shadow the current chair and maintainer. As a shadow, employees will be required to attend all working group meetings and/or schedule recurring meetings to observe how the role is performed. Employees who shadow for at least 2 months will be eligible to become chairs and maintainers when the current term expires. ## Wranglers @@ -58,4 +58,4 @@ Wranglers will be responsible for resolving, commenting on, and/or triaging issu ## Cross-working group collaboration -As mentioned in the workshop tenets, “It should be possible to run any given set of content modules in any order without dependencies on other modules.” This is in place to allow module updates to be released independently of modules overseen by different working groups. If there is a need for cross-working group collaboration, the working groups will coordinate with each other and come to a mutually agreed upon solution. In some cases, it make made sense to form a separate working group for joint work. +As mentioned in the workshop tenets, “It should be possible to run any given set of content modules in any order without dependencies on other modules.” This is in place to allow module updates to be released independently of modules overseen by different working groups. If there is a need for cross-working group collaboration, the working groups will coordinate with each other and come to a mutually agreed upon solution. In some cases, it make made sense to form a separate working group for joint work. diff --git a/governance/steering.md b/governance/steering.md index 8636e82c8..1a868d0f2 100644 --- a/governance/steering.md +++ b/governance/steering.md @@ -6,27 +6,27 @@ The Steering Committee is a 6 member body, overseeing the governance of the EKS ### Terms end in February 2025 -| Name | Profile | Role | -| :------------ | :----------------------------------------------- | :------------------------------------------ | -| Sai Vennam | [@svennam92](https://github.com/svennam92) | Principal EKS DA | -| Niall Thomson | [@niallthomson](https://github.com/niallthomson) | Specialist Solution Architect, Containers | -| Ray Krueger | [@raykrueger](https://github.com/raykrueger) | Principal Container Specialist | +| Name | Profile | Role | +| :------------ | :----------------------------------------------- | :---------------------------------------- | +| Sai Vennam | [@svennam92](https://github.com/svennam92) | Principal EKS DA | +| Niall Thomson | [@niallthomson](https://github.com/niallthomson) | Specialist Solution Architect, Containers | +| Ray Krueger | [@raykrueger](https://github.com/raykrueger) | Principal Container Specialist | ## Working Groups The working groups are led by chairs (6 month terms) and maintainers (6 month terms). -| Working Group | Chair | Maintainers | -| :--------------- | :------------------------------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------------- | -| Infrastructure | [Niall Thomson](https://github.com/niallthomson) | | -| Fundamentals | [Sai Vennam](https://github.com/svennam92) | [Bijith Nair](https://github.com/bijithnair), [Tolu Okuboyejo](https://github.com/oktab1), [Hemanth AVS](https://github.com/hemanth-avs) | -| Autoscaling | _Open_ | | -| Automation | [Carlos Santana](https://github.com/csantanapr) | [Tsahi Duek](https://github.com/tsahiduek), [Sébastien Allamand](https://github.com/allamand), [Yuriy Bezsonov](https://github.com/ybezsonov) | -| Machine Learning | [Benjamin Gardiner](https://github.com/bkgardiner) | [Masatoshi Hayashi](https://github.com/literalice) | -| Networking | [Sheetal Joshi](https://github.com/sheetaljoshi) | | -| Observability | [Steven David](https://github.com/StevenDavid) | | -| Security | [Rodrigo Bersa](https://github.com/rodrigobersa) | | -| Storage | [Eric Heinrichs](https://github.com/heinrichse) | [Andrew Peng](https://github.com/pengc99) | +| Working Group | Chair | Maintainers | +| :--------------- | :------------------------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------- | +| Infrastructure | [Niall Thomson](https://github.com/niallthomson) | | +| Fundamentals | [Sai Vennam](https://github.com/svennam92) | [Bijith Nair](https://github.com/bijithnair), [Tolu Okuboyejo](https://github.com/oktab1), [Hemanth AVS](https://github.com/hemanth-avs) | +| Autoscaling | _Open_ | | +| Automation | [Carlos Santana](https://github.com/csantanapr) | [Tsahi Duek](https://github.com/tsahiduek), [Sébastien Allamand](https://github.com/allamand), [Yuriy Bezsonov](https://github.com/ybezsonov) | +| Machine Learning | [Benjamin Gardiner](https://github.com/bkgardiner) | [Masatoshi Hayashi](https://github.com/literalice) | +| Networking | [Sheetal Joshi](https://github.com/sheetaljoshi) | | +| Observability | [Steven David](https://github.com/StevenDavid) | | +| Security | [Rodrigo Bersa](https://github.com/rodrigobersa) | | +| Storage | [Eric Heinrichs](https://github.com/heinrichse) | [Andrew Peng](https://github.com/pengc99) | ## Wranglers diff --git a/governance/tenets.md b/governance/tenets.md index 9bf24c05d..e7cfc66c4 100644 --- a/governance/tenets.md +++ b/governance/tenets.md @@ -1,16 +1,21 @@ # EKS Workshop Program Tenets ### Customer Obsession + The priorities of content and modes of use of the workshop should be centered around how EKS customers and users interact with the services. ### Service Differentiation + The modules that make up the core EKS workshop should be focused on features that differentiate EKS from open source or other Kubernetes distributions or offerings. The aim of this workshop is not to provide education on general Kubernetes concepts or wider ecosystem projects unless it is how they specifically intersect with the EKS service. ### Open Content + We aim to develop the workshop content in an open environment as much as possible to promote inclusion and collaboration, whether inside or outside Amazon. This encompasses public access to the content as well as contribution. ### Content Flexibility + It should be possible to run any given set of content modules in any order without dependencies on other modules. This allows modules to be selected “a la carte” and prevents cascading issues between content. ### Stability + Workshop content that does not function, negatively affects both the confidence of those delivering customer workshops and the public perception of those using the content on their own time. We strive to produce content in a manner that remains stable and functional, and mechanisms that detect issues as early as possible. diff --git a/hack/markdownlint.sh b/hack/markdownlint.sh deleted file mode 100755 index 18fd7b5ed..000000000 --- a/hack/markdownlint.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -module=$1 - -if [ -z "$module" ]; then - path="**" -else - path="${module}/**" -fi - -docker run -v $PWD:/workdir ghcr.io/igorshubovych/markdownlint-cli:latest "website/docs/${path}/*.md" diff --git a/lab/cfn/eks-workshop-ide-cfn.yaml b/lab/cfn/eks-workshop-ide-cfn.yaml index 3eee38ba9..532b46a6a 100644 --- a/lab/cfn/eks-workshop-ide-cfn.yaml +++ b/lab/cfn/eks-workshop-ide-cfn.yaml @@ -1,5 +1,5 @@ --- -AWSTemplateFormatVersion: '2010-09-09' +AWSTemplateFormatVersion: "2010-09-09" Description: Creates a Cloud9 IDE for the EKS workshop Parameters: EksWorkshopC9InstanceType: @@ -12,35 +12,35 @@ Parameters: - t3.small - t3.medium ConstraintDescription: Must be a valid Cloud9 instance type - EksWorkshopC9EnvType: + EksWorkshopC9EnvType: Description: Environment type. Default: self Type: String - AllowedValues: + AllowedValues: - self - 3rdParty ConstraintDescription: must specify self or 3rdParty. - WorkshopOwnerArn: + WorkshopOwnerArn: Type: String Description: The Arn of the Cloud9 Owner to be set if 3rdParty deployment. Default: "" - EksWorkshopC9InstanceVolumeSize: + EksWorkshopC9InstanceVolumeSize: Type: Number - Description: The Size in GB of the Cloud9 Instance Volume. + Description: The Size in GB of the Cloud9 Instance Volume. Default: 30 - RepositoryOwner: + RepositoryOwner: Type: String Description: The owner of the GitHub repository to be used to bootstrap Cloud9 Default: "aws-samples" - RepositoryName: + RepositoryName: Type: String Description: The name of the GitHub repository to be used to bootstrap Cloud9 Default: "eks-workshop-v2" - RepositoryRef: + RepositoryRef: Type: String Description: The Git reference to be used to bootstrap Cloud9 Default: "main" - Cloud9Name: + Cloud9Name: Type: String Description: Name of the Cloud9 instance Default: "none" @@ -48,11 +48,11 @@ Parameters: Type: String Description: If you want Cloud9 in a specific subnet Default: "none" - ResourcesPrecreated: + ResourcesPrecreated: Type: String Description: Whether lab infrastructure has been pre-provisioned Default: "false" - AllowedValues: + AllowedValues: - "false" - "true" UpdateTrigger: @@ -64,89 +64,89 @@ Parameters: Description: Analytics endpoint used for AWS events Default: "" -Conditions: - Create3rdPartyResources: !Equals [ !Ref EksWorkshopC9EnvType, 3rdParty ] - IsCloud9NotNamed: !Equals [ !Ref Cloud9Name, none ] - IsCloud9SubnetSpecified: !Not [ !Equals [ !Ref Cloud9Subnet, none ]] +Conditions: + Create3rdPartyResources: !Equals [!Ref EksWorkshopC9EnvType, 3rdParty] + IsCloud9NotNamed: !Equals [!Ref Cloud9Name, none] + IsCloud9SubnetSpecified: !Not [!Equals [!Ref Cloud9Subnet, none]] Resources: EksWorkshopC9Role: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: - Version: '2012-10-17' + Version: "2012-10-17" Statement: - - Effect: Allow - Principal: - Service: - - ec2.amazonaws.com - - ssm.amazonaws.com - Action: - - sts:AssumeRole + - Effect: Allow + Principal: + Service: + - ec2.amazonaws.com + - ssm.amazonaws.com + Action: + - sts:AssumeRole ManagedPolicyArns: - - arn:aws:iam::aws:policy/AdministratorAccess - - arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore + - arn:aws:iam::aws:policy/AdministratorAccess + - arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore Path: "/" EksWorkshopC9LambdaExecutionRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: - Version: '2012-10-17' + Version: "2012-10-17" Statement: - - Effect: Allow - Principal: - Service: - - lambda.amazonaws.com - Action: - - sts:AssumeRole - Path: "/" - Policies: - - PolicyName: - Fn::Join: - - '' - - - EksWorkshopC9LambdaPolicy- - - Ref: AWS::Region - PolicyDocument: - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - logs:CreateLogGroup - - logs:CreateLogStream - - logs:PutLogEvents - Resource: arn:aws:logs:*:*:* - Effect: Allow + Principal: + Service: + - lambda.amazonaws.com Action: - - cloudformation:DescribeStacks - - cloudformation:DescribeStackEvents - - cloudformation:DescribeStackResource - - cloudformation:DescribeStackResources - - ec2:DescribeInstances - - ec2:AssociateIamInstanceProfile - - ec2:ModifyInstanceAttribute - - ec2:ReplaceIamInstanceProfileAssociation - - ec2:DescribeIamInstanceProfileAssociations - - ec2:DescribeVolumes - - ec2:ModifyVolume - - ec2:DescribeVolumesModifications - - ec2:RebootInstances - - iam:ListInstanceProfiles - - iam:PassRole - - ssm:DescribeInstanceInformation - - ssm:SendCommand - - ssm:GetCommandInvocation - Resource: "*" + - sts:AssumeRole + Path: "/" + Policies: + - PolicyName: + Fn::Join: + - "" + - - EksWorkshopC9LambdaPolicy- + - Ref: AWS::Region + PolicyDocument: + Version: "2012-10-17" + Statement: + - Effect: Allow + Action: + - logs:CreateLogGroup + - logs:CreateLogStream + - logs:PutLogEvents + Resource: arn:aws:logs:*:*:* + - Effect: Allow + Action: + - cloudformation:DescribeStacks + - cloudformation:DescribeStackEvents + - cloudformation:DescribeStackResource + - cloudformation:DescribeStackResources + - ec2:DescribeInstances + - ec2:AssociateIamInstanceProfile + - ec2:ModifyInstanceAttribute + - ec2:ReplaceIamInstanceProfileAssociation + - ec2:DescribeIamInstanceProfileAssociations + - ec2:DescribeVolumes + - ec2:ModifyVolume + - ec2:DescribeVolumesModifications + - ec2:RebootInstances + - iam:ListInstanceProfiles + - iam:PassRole + - ssm:DescribeInstanceInformation + - ssm:SendCommand + - ssm:GetCommandInvocation + Resource: "*" EksWorkshopC9BootstrapInstanceLambda: Type: Custom::EksWorkshopC9BootstrapInstanceLambda DependsOn: - - EksWorkshopC9LambdaExecutionRole + - EksWorkshopC9LambdaExecutionRole Properties: ServiceToken: Fn::GetAtt: - - EksWorkshopC9BootstrapInstanceLambdaFunction - - Arn + - EksWorkshopC9BootstrapInstanceLambdaFunction + - Arn REGION: Ref: AWS::Region Cloud9Name: !GetAtt EksWorkshopC9Instance.Name @@ -156,8 +156,8 @@ Resources: Ref: EksWorkshopC9InstanceProfile LabIdeInstanceProfileArn: Fn::GetAtt: - - EksWorkshopC9InstanceProfile - - Arn + - EksWorkshopC9InstanceProfile + - Arn SsmDocument: Ref: EksWorkshopC9SSMDocument UpdateTrigger: @@ -169,15 +169,15 @@ Resources: Handler: index.lambda_handler Role: Fn::GetAtt: - - EksWorkshopC9LambdaExecutionRole - - Arn + - EksWorkshopC9LambdaExecutionRole + - Arn Runtime: python3.12 Environment: Variables: DiskSize: Ref: EksWorkshopC9InstanceVolumeSize MemorySize: 256 - Timeout: '900' + Timeout: "900" Code: ZipFile: | from __future__ import print_function @@ -189,7 +189,7 @@ Resources: import cfnresponse import logging logger = logging.getLogger(__name__) - + def lambda_handler(event, context): print(event.values()) print('context: {}'.format(context)) @@ -205,12 +205,12 @@ Resources: # Open AWS clients ec2 = boto3.client('ec2') ssm = boto3.client('ssm') - + # Get the InstanceId of the Cloud9 IDE instance = ec2.describe_instances(Filters=[{'Name': 'tag:Name','Values': ['aws-cloud9-'+event['ResourceProperties']['Cloud9Name']+'-'+event['ResourceProperties']['EnvironmentId']]}])['Reservations'][0]['Instances'][0] print('instance: {}'.format(instance)) instance_id = instance['InstanceId'] - + # Create the IamInstanceProfile request object iam_instance_profile = { 'Arn': event['ResourceProperties']['LabIdeInstanceProfileArn'], @@ -221,7 +221,7 @@ Resources: time.sleep(10) print('Waiting for the instance to be ready...') - + # Wait for Instance to become ready before adding Role instance_state = instance['State']['Name'] print('Instance is currently in state'.format(instance_state)) @@ -333,7 +333,7 @@ Resources: 'MaxAttempts': 30 } ) - + responseData = {'Success': 'Started bootstrapping for instance: '+instance_id} cfnresponse.send(event, context, status, responseData, 'CustomResourcePhysicalID') @@ -344,40 +344,40 @@ Resources: finally: cfnresponse.send(event, context, status, responseData, 'CustomResourcePhysicalID') - EksWorkshopC9SSMDocument: + EksWorkshopC9SSMDocument: Type: AWS::SSM::Document - Properties: + Properties: DocumentType: Command DocumentFormat: YAML - Content: - schemaVersion: '2.2' + Content: + schemaVersion: "2.2" description: Bootstrap Cloud9 Instance mainSteps: - - action: aws:runShellScript - name: EksWorkshopC9bootstrap - inputs: - runCommand: - - !Sub | - set -e - - export AWS_REGION="${AWS::Region}" - export REPOSITORY_OWNER="${RepositoryOwner}" - export REPOSITORY_NAME="${RepositoryName}" - export REPOSITORY_REF="${RepositoryRef}" - export CLOUD9_ENVIRONMENT_ID="${EksWorkshopC9Instance}" - export RESOURCES_PRECREATED="${ResourcesPrecreated}" - export ANALYTICS_ENDPOINT="${AnalyticsEndpoint}" - - curl -fsSL https://raw.githubusercontent.com/${RepositoryOwner}/${RepositoryName}/${RepositoryRef}/lab/scripts/installer.sh | bash - - sudo -E -H -u ec2-user bash -c "curl -fsSL https://raw.githubusercontent.com/${RepositoryOwner}/${RepositoryName}/${RepositoryRef}/lab/scripts/setup.sh | bash" + - action: aws:runShellScript + name: EksWorkshopC9bootstrap + inputs: + runCommand: + - !Sub | + set -e + + export AWS_REGION="${AWS::Region}" + export REPOSITORY_OWNER="${RepositoryOwner}" + export REPOSITORY_NAME="${RepositoryName}" + export REPOSITORY_REF="${RepositoryRef}" + export CLOUD9_ENVIRONMENT_ID="${EksWorkshopC9Instance}" + export RESOURCES_PRECREATED="${ResourcesPrecreated}" + export ANALYTICS_ENDPOINT="${AnalyticsEndpoint}" + + curl -fsSL https://raw.githubusercontent.com/${RepositoryOwner}/${RepositoryName}/${RepositoryRef}/lab/scripts/installer.sh | bash + + sudo -E -H -u ec2-user bash -c "curl -fsSL https://raw.githubusercontent.com/${RepositoryOwner}/${RepositoryName}/${RepositoryRef}/lab/scripts/setup.sh | bash" EksWorkshopC9InstanceProfile: Type: AWS::IAM::InstanceProfile Properties: Path: "/" Roles: - - Ref: EksWorkshopC9Role + - Ref: EksWorkshopC9Role EksWorkshopC9Instance: Type: AWS::Cloud9::EnvironmentEC2 @@ -387,10 +387,16 @@ Resources: AutomaticStopTimeMinutes: 3600 InstanceType: Ref: EksWorkshopC9InstanceType - SubnetId: !If [ IsCloud9SubnetSpecified, !Ref Cloud9Subnet, !Ref "AWS::NoValue" ] - Name: !If [ IsCloud9NotNamed, !Ref AWS::StackName, !Ref Cloud9Name ] - OwnerArn: !If [ Create3rdPartyResources, !Ref WorkshopOwnerArn, !Ref "AWS::NoValue" ] - Tags: + SubnetId: + !If [IsCloud9SubnetSpecified, !Ref Cloud9Subnet, !Ref "AWS::NoValue"] + Name: !If [IsCloud9NotNamed, !Ref AWS::StackName, !Ref Cloud9Name] + OwnerArn: + !If [ + Create3rdPartyResources, + !Ref WorkshopOwnerArn, + !Ref "AWS::NoValue", + ] + Tags: - Key: SSMBootstrap Value: Active @@ -398,10 +404,10 @@ Outputs: Cloud9RoleArn: Description: The ARN of the IAM role assigned to the Cloud9 instance Value: !GetAtt EksWorkshopC9Role.Arn - + Cloud9InstanceName: Description: Name of the Cloud9 EC2 instance - Value: !Sub 'aws-cloud9-${EksWorkshopC9Instance.Name}-${EksWorkshopC9Instance}' + Value: !Sub "aws-cloud9-${EksWorkshopC9Instance.Name}-${EksWorkshopC9Instance}" Cloud9Url: - Value: !Sub 'https://${AWS::Region}.console.aws.amazon.com/cloud9/ide/${EksWorkshopC9Instance}?region=${AWS::Region}' + Value: !Sub "https://${AWS::Region}.console.aws.amazon.com/cloud9/ide/${EksWorkshopC9Instance}?region=${AWS::Region}" diff --git a/manifests/base-application/assets/configMap.yaml b/manifests/base-application/assets/configMap.yaml index 5a9b4943a..47a44413c 100644 --- a/manifests/base-application/assets/configMap.yaml +++ b/manifests/base-application/assets/configMap.yaml @@ -3,4 +3,4 @@ kind: ConfigMap metadata: name: assets data: - PORT: '8080' + PORT: "8080" diff --git a/manifests/base-application/assets/deployment.yaml b/manifests/base-application/assets/deployment.yaml index db20c50cb..5d42c17b3 100644 --- a/manifests/base-application/assets/deployment.yaml +++ b/manifests/base-application/assets/deployment.yaml @@ -25,8 +25,7 @@ spec: app.kubernetes.io/created-by: eks-workshop spec: serviceAccountName: assets - securityContext: - {} + securityContext: {} containers: - name: assets envFrom: @@ -35,7 +34,7 @@ spec: securityContext: capabilities: drop: - - ALL + - ALL readOnlyRootFilesystem: false image: "public.ecr.aws/aws-containers/retail-store-sample-assets:0.4.0" imagePullPolicy: IfNotPresent diff --git a/manifests/base-application/assets/kustomization.yaml b/manifests/base-application/assets/kustomization.yaml index 1d4b51ba4..03f01f164 100644 --- a/manifests/base-application/assets/kustomization.yaml +++ b/manifests/base-application/assets/kustomization.yaml @@ -2,8 +2,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: assets resources: -- namespace.yaml -- configMap.yaml -- serviceAccount.yaml -- service.yaml -- deployment.yaml + - namespace.yaml + - configMap.yaml + - serviceAccount.yaml + - service.yaml + - deployment.yaml diff --git a/manifests/base-application/carts/deployment.yaml b/manifests/base-application/carts/deployment.yaml index 79560c8cf..0e275ff32 100644 --- a/manifests/base-application/carts/deployment.yaml +++ b/manifests/base-application/carts/deployment.yaml @@ -40,7 +40,7 @@ spec: securityContext: capabilities: drop: - - ALL + - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 diff --git a/manifests/base-application/carts/kustomization.yaml b/manifests/base-application/carts/kustomization.yaml index c0e36b727..40a2c197e 100644 --- a/manifests/base-application/carts/kustomization.yaml +++ b/manifests/base-application/carts/kustomization.yaml @@ -2,10 +2,10 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: carts resources: -- namespace.yaml -- configMap.yaml -- serviceAccount.yaml -- service.yaml -- service-db.yaml -- deployment.yaml -- deployment-db.yaml + - namespace.yaml + - configMap.yaml + - serviceAccount.yaml + - service.yaml + - service-db.yaml + - deployment.yaml + - deployment-db.yaml diff --git a/manifests/base-application/catalog/deployment.yaml b/manifests/base-application/catalog/deployment.yaml index f118ecfb2..c7c655bcd 100644 --- a/manifests/base-application/catalog/deployment.yaml +++ b/manifests/base-application/catalog/deployment.yaml @@ -46,7 +46,7 @@ spec: securityContext: capabilities: drop: - - ALL + - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 diff --git a/manifests/base-application/catalog/kustomization.yaml b/manifests/base-application/catalog/kustomization.yaml index 0676efe2b..390b24a89 100644 --- a/manifests/base-application/catalog/kustomization.yaml +++ b/manifests/base-application/catalog/kustomization.yaml @@ -2,11 +2,11 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: catalog resources: -- namespace.yaml -- secrets.yaml -- configMap.yaml -- serviceAccount.yaml -- service.yaml -- service-mysql.yaml -- deployment.yaml -- statefulset-mysql.yaml + - namespace.yaml + - secrets.yaml + - configMap.yaml + - serviceAccount.yaml + - service.yaml + - service-mysql.yaml + - deployment.yaml + - statefulset-mysql.yaml diff --git a/manifests/base-application/catalog/statefulset-mysql.yaml b/manifests/base-application/catalog/statefulset-mysql.yaml index d4a71071a..81f5d6e65 100644 --- a/manifests/base-application/catalog/statefulset-mysql.yaml +++ b/manifests/base-application/catalog/statefulset-mysql.yaml @@ -15,7 +15,7 @@ spec: serviceName: mysql template: metadata: - labels: + labels: app.kubernetes.io/name: catalog app.kubernetes.io/instance: catalog app.kubernetes.io/component: mysql @@ -25,7 +25,7 @@ spec: containers: - name: mysql image: "public.ecr.aws/docker/library/mysql:5.7" - args: + args: - "--ignore-db-dir=lost+found" imagePullPolicy: IfNotPresent env: diff --git a/manifests/base-application/checkout/deployment.yaml b/manifests/base-application/checkout/deployment.yaml index f9aef5edb..76f0eb110 100644 --- a/manifests/base-application/checkout/deployment.yaml +++ b/manifests/base-application/checkout/deployment.yaml @@ -35,7 +35,7 @@ spec: securityContext: capabilities: drop: - - ALL + - ALL readOnlyRootFilesystem: true image: "public.ecr.aws/aws-containers/retail-store-sample-checkout:0.4.0" imagePullPolicy: IfNotPresent diff --git a/manifests/base-application/checkout/kustomization.yaml b/manifests/base-application/checkout/kustomization.yaml index aea1ab45b..80c73ad03 100644 --- a/manifests/base-application/checkout/kustomization.yaml +++ b/manifests/base-application/checkout/kustomization.yaml @@ -2,10 +2,10 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: checkout resources: -- namespace.yaml -- configMap.yaml -- serviceAccount.yaml -- service.yaml -- service-redis.yaml -- deployment.yaml -- deployment-redis.yaml + - namespace.yaml + - configMap.yaml + - serviceAccount.yaml + - service.yaml + - service-redis.yaml + - deployment.yaml + - deployment-redis.yaml diff --git a/manifests/base-application/kustomization.yaml b/manifests/base-application/kustomization.yaml index 81b07ea7f..4699c96d3 100644 --- a/manifests/base-application/kustomization.yaml +++ b/manifests/base-application/kustomization.yaml @@ -1,11 +1,11 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- rabbitmq -- catalog -- carts -- checkout -- assets -- orders -- ui -- other + - rabbitmq + - catalog + - carts + - checkout + - assets + - orders + - ui + - other diff --git a/manifests/base-application/orders/deployment-mysql.yaml b/manifests/base-application/orders/deployment-mysql.yaml index f367a2c2c..424d4687c 100644 --- a/manifests/base-application/orders/deployment-mysql.yaml +++ b/manifests/base-application/orders/deployment-mysql.yaml @@ -22,19 +22,19 @@ spec: app.kubernetes.io/team: database spec: containers: - - name: mysql - image: "public.ecr.aws/docker/library/mysql:5.7" - imagePullPolicy: IfNotPresent - env: - - name: MYSQL_ROOT_PASSWORD - value: my-secret-pw - - name: MYSQL_DATABASE - value: orders - - name: MYSQL_USER - value: orders_user - - name: MYSQL_PASSWORD - value: default_password - ports: - name: mysql - containerPort: 3306 - protocol: TCP + image: "public.ecr.aws/docker/library/mysql:5.7" + imagePullPolicy: IfNotPresent + env: + - name: MYSQL_ROOT_PASSWORD + value: my-secret-pw + - name: MYSQL_DATABASE + value: orders + - name: MYSQL_USER + value: orders_user + - name: MYSQL_PASSWORD + value: default_password + ports: + - name: mysql + containerPort: 3306 + protocol: TCP diff --git a/manifests/base-application/orders/deployment.yaml b/manifests/base-application/orders/deployment.yaml index c4ee49214..706e97fcc 100644 --- a/manifests/base-application/orders/deployment.yaml +++ b/manifests/base-application/orders/deployment.yaml @@ -68,7 +68,7 @@ spec: securityContext: capabilities: drop: - - ALL + - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 diff --git a/manifests/base-application/orders/kustomization.yaml b/manifests/base-application/orders/kustomization.yaml index 5c80e6d92..0f75b6a39 100644 --- a/manifests/base-application/orders/kustomization.yaml +++ b/manifests/base-application/orders/kustomization.yaml @@ -2,11 +2,11 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: orders resources: -- namespace.yaml -- secrets.yaml -- configMap.yaml -- serviceAccount.yaml -- service.yaml -- service-mysql.yaml -- deployment.yaml -- deployment-mysql.yaml + - namespace.yaml + - secrets.yaml + - configMap.yaml + - serviceAccount.yaml + - service.yaml + - service-mysql.yaml + - deployment.yaml + - deployment-mysql.yaml diff --git a/manifests/base-application/other/kustomization.yaml b/manifests/base-application/other/kustomization.yaml index 6d3e3ab84..9a1ee9c39 100644 --- a/manifests/base-application/other/kustomization.yaml +++ b/manifests/base-application/other/kustomization.yaml @@ -2,5 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: other resources: -- namespace.yaml -- configMap.yaml + - namespace.yaml + - configMap.yaml diff --git a/manifests/base-application/rabbitmq/generated.yaml b/manifests/base-application/rabbitmq/generated.yaml index 3c7665e7f..b803f9219 100644 --- a/manifests/base-application/rabbitmq/generated.yaml +++ b/manifests/base-application/rabbitmq/generated.yaml @@ -44,7 +44,7 @@ metadata: type: Opaque data: rabbitmq-password: "d282NkZHRjV0RWFJNDU0RA==" - + rabbitmq-erlang-cookie: "WnFkT1lqR0cyZ29NVWdiaUFwbHRDendabkRrZ0ZqVjU=" --- # Source: rabbitmq/templates/role.yaml @@ -111,7 +111,7 @@ spec: - name: http-stats port: 15672 targetPort: stats - selector: + selector: app.kubernetes.io/name: rabbitmq app.kubernetes.io/instance: rabbitmq publishNotReadyAddresses: true @@ -148,7 +148,7 @@ spec: port: 15672 targetPort: stats nodePort: null - selector: + selector: app.kubernetes.io/name: rabbitmq app.kubernetes.io/instance: rabbitmq --- @@ -184,11 +184,10 @@ spec: checksum/config: 2fa2279885865096b88ff79633d02eb6a6e68056a9a64c1b01495731a39d9bec checksum/secret: 65d9a269c4e154b96c8fdc577f211b071f303fb47edf8a0f4c5b0cfe0f2594c7 spec: - serviceAccountName: rabbitmq affinity: podAffinity: - + podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: @@ -201,7 +200,7 @@ spec: topologyKey: kubernetes.io/hostname weight: 1 nodeAffinity: - + securityContext: fsGroup: 1001 terminationGracePeriodSeconds: 120 diff --git a/manifests/base-application/rabbitmq/kustomization.yaml b/manifests/base-application/rabbitmq/kustomization.yaml index 017fae524..ac22b72c6 100644 --- a/manifests/base-application/rabbitmq/kustomization.yaml +++ b/manifests/base-application/rabbitmq/kustomization.yaml @@ -2,7 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: rabbitmq resources: -- namespace.yaml -- generated.yaml - + - namespace.yaml + - generated.yaml # helm template -n rabbitmq rabbitmq bitnami/rabbitmq --set image.registry=public.ecr.aws > generated.yaml diff --git a/manifests/base-application/ui/deployment.yaml b/manifests/base-application/ui/deployment.yaml index 9fea15711..fa8a59ccc 100644 --- a/manifests/base-application/ui/deployment.yaml +++ b/manifests/base-application/ui/deployment.yaml @@ -38,9 +38,9 @@ spec: securityContext: capabilities: add: - - NET_BIND_SERVICE + - NET_BIND_SERVICE drop: - - ALL + - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 diff --git a/manifests/base-application/ui/kustomization.yaml b/manifests/base-application/ui/kustomization.yaml index 44c4c01f3..651d98de2 100644 --- a/manifests/base-application/ui/kustomization.yaml +++ b/manifests/base-application/ui/kustomization.yaml @@ -2,8 +2,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: ui resources: -- namespace.yaml -- configMap.yaml -- serviceAccount.yaml -- service.yaml -- deployment.yaml + - namespace.yaml + - configMap.yaml + - serviceAccount.yaml + - service.yaml + - deployment.yaml diff --git a/manifests/modules/aiml/inferentia/base/kustomization.yaml b/manifests/modules/aiml/inferentia/base/kustomization.yaml index 12686469f..e155dce9d 100644 --- a/manifests/modules/aiml/inferentia/base/kustomization.yaml +++ b/manifests/modules/aiml/inferentia/base/kustomization.yaml @@ -1,5 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- serviceaccount.yaml -- namespace.yaml + - serviceaccount.yaml + - namespace.yaml diff --git a/manifests/modules/aiml/inferentia/base/serviceaccount.yaml b/manifests/modules/aiml/inferentia/base/serviceaccount.yaml index 808d4ea95..010aa4b5f 100644 --- a/manifests/modules/aiml/inferentia/base/serviceaccount.yaml +++ b/manifests/modules/aiml/inferentia/base/serviceaccount.yaml @@ -4,4 +4,4 @@ metadata: name: inference namespace: aiml annotations: - eks.amazonaws.com/role-arn: ${AIML_NEURON_ROLE_ARN} \ No newline at end of file + eks.amazonaws.com/role-arn: ${AIML_NEURON_ROLE_ARN} diff --git a/manifests/modules/aiml/inferentia/compiler/compiler.yaml b/manifests/modules/aiml/inferentia/compiler/compiler.yaml index ec634eb0b..77f92c8e3 100644 --- a/manifests/modules/aiml/inferentia/compiler/compiler.yaml +++ b/manifests/modules/aiml/inferentia/compiler/compiler.yaml @@ -7,10 +7,10 @@ metadata: namespace: aiml spec: containers: - - command: - - sh - - -c - - sleep infinity - image: ${AIML_DL_IMAGE} - name: compiler - serviceAccountName: inference \ No newline at end of file + - command: + - sh + - -c + - sleep infinity + image: ${AIML_DL_IMAGE} + name: compiler + serviceAccountName: inference diff --git a/manifests/modules/aiml/inferentia/compiler/kustomization.yaml b/manifests/modules/aiml/inferentia/compiler/kustomization.yaml index b21f22d87..35744e523 100644 --- a/manifests/modules/aiml/inferentia/compiler/kustomization.yaml +++ b/manifests/modules/aiml/inferentia/compiler/kustomization.yaml @@ -1,5 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../base -- compiler.yaml + - ../base + - compiler.yaml diff --git a/manifests/modules/aiml/inferentia/inference/inference.yaml b/manifests/modules/aiml/inferentia/inference/inference.yaml index 9c34e1197..524c79624 100644 --- a/manifests/modules/aiml/inferentia/inference/inference.yaml +++ b/manifests/modules/aiml/inferentia/inference/inference.yaml @@ -7,14 +7,14 @@ metadata: role: inference spec: containers: - - command: - - sh - - -c - - sleep infinity - image: ${AIML_DL_IMAGE} - name: inference - resources: - limits: - # HIGHLIGHT - aws.amazon.com/neuron: 1 + - command: + - sh + - -c + - sleep infinity + image: ${AIML_DL_IMAGE} + name: inference + resources: + limits: + # HIGHLIGHT + aws.amazon.com/neuron: 1 serviceAccountName: inference diff --git a/manifests/modules/aiml/inferentia/inference/kustomization.yaml b/manifests/modules/aiml/inferentia/inference/kustomization.yaml index cf198caab..4e65db763 100644 --- a/manifests/modules/aiml/inferentia/inference/kustomization.yaml +++ b/manifests/modules/aiml/inferentia/inference/kustomization.yaml @@ -1,5 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../base -- inference.yaml + - ../base + - inference.yaml diff --git a/manifests/modules/aiml/inferentia/nodepool/kustomization.yaml b/manifests/modules/aiml/inferentia/nodepool/kustomization.yaml index 440044552..c138d36f4 100644 --- a/manifests/modules/aiml/inferentia/nodepool/kustomization.yaml +++ b/manifests/modules/aiml/inferentia/nodepool/kustomization.yaml @@ -1,5 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../base -- nodepool.yaml + - ../base + - nodepool.yaml diff --git a/manifests/modules/aiml/inferentia/nodepool/nodepool.yaml b/manifests/modules/aiml/inferentia/nodepool/nodepool.yaml index d2ba5d0d7..06e386d39 100644 --- a/manifests/modules/aiml/inferentia/nodepool/nodepool.yaml +++ b/manifests/modules/aiml/inferentia/nodepool/nodepool.yaml @@ -15,15 +15,15 @@ spec: nodeClassRef: name: aiml requirements: - - key: karpenter.sh/capacity-type - operator: In - values: - - on-demand - - key: karpenter.k8s.aws/instance-family - operator: In - values: - # HIGHLIGHT - - inf1 + - key: karpenter.sh/capacity-type + operator: In + values: + - on-demand + - key: karpenter.k8s.aws/instance-family + operator: In + values: + # HIGHLIGHT + - inf1 --- apiVersion: karpenter.k8s.aws/v1beta1 kind: EC2NodeClass @@ -32,17 +32,17 @@ metadata: spec: amiFamily: AL2 blockDeviceMappings: - - deviceName: /dev/xvda - ebs: - deleteOnTermination: true - volumeSize: 100Gi - volumeType: gp3 + - deviceName: /dev/xvda + ebs: + deleteOnTermination: true + volumeSize: 100Gi + volumeType: gp3 role: ${KARPENTER_NODE_ROLE} securityGroupSelectorTerms: - - tags: - karpenter.sh/discovery: ${EKS_CLUSTER_NAME} + - tags: + karpenter.sh/discovery: ${EKS_CLUSTER_NAME} subnetSelectorTerms: - - tags: - karpenter.sh/discovery: ${EKS_CLUSTER_NAME} + - tags: + karpenter.sh/discovery: ${EKS_CLUSTER_NAME} tags: - app.kubernetes.io/created-by: eks-workshop \ No newline at end of file + app.kubernetes.io/created-by: eks-workshop diff --git a/manifests/modules/automation/controlplanes/ack/.workshop/manifests/kustomization.yaml b/manifests/modules/automation/controlplanes/ack/.workshop/manifests/kustomization.yaml index b430d0f3a..8815f1789 100644 --- a/manifests/modules/automation/controlplanes/ack/.workshop/manifests/kustomization.yaml +++ b/manifests/modules/automation/controlplanes/ack/.workshop/manifests/kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- nlb.yaml + - nlb.yaml diff --git a/manifests/modules/automation/controlplanes/ack/.workshop/manifests/nlb.yaml b/manifests/modules/automation/controlplanes/ack/.workshop/manifests/nlb.yaml index e56524651..5e457ff07 100644 --- a/manifests/modules/automation/controlplanes/ack/.workshop/manifests/nlb.yaml +++ b/manifests/modules/automation/controlplanes/ack/.workshop/manifests/nlb.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: ui-nlb annotations: - service.beta.kubernetes.io/aws-load-balancer-type: external + service.beta.kubernetes.io/aws-load-balancer-type: external service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: instance namespace: ui diff --git a/manifests/modules/automation/controlplanes/ack/dynamodb/deployment.yaml b/manifests/modules/automation/controlplanes/ack/dynamodb/deployment.yaml index f96d4eb6a..68e24ce37 100644 --- a/manifests/modules/automation/controlplanes/ack/dynamodb/deployment.yaml +++ b/manifests/modules/automation/controlplanes/ack/dynamodb/deployment.yaml @@ -11,4 +11,4 @@ spec: envFrom: - configMapRef: name: carts-ack - serviceAccountName: carts-ack \ No newline at end of file + serviceAccountName: carts-ack diff --git a/manifests/modules/automation/controlplanes/ack/dynamodb/dynamodb-ack-configmap.yaml b/manifests/modules/automation/controlplanes/ack/dynamodb/dynamodb-ack-configmap.yaml index d7a29599f..57723d5f0 100644 --- a/manifests/modules/automation/controlplanes/ack/dynamodb/dynamodb-ack-configmap.yaml +++ b/manifests/modules/automation/controlplanes/ack/dynamodb/dynamodb-ack-configmap.yaml @@ -5,4 +5,4 @@ metadata: namespace: carts data: CARTS_DYNAMODB_TABLENAME: "${EKS_CLUSTER_NAME}-carts-ack" - CARTS_DYNAMODB_ENDPOINT: https://dynamodb.${AWS_REGION}.amazonaws.com \ No newline at end of file + CARTS_DYNAMODB_ENDPOINT: https://dynamodb.${AWS_REGION}.amazonaws.com diff --git a/manifests/modules/automation/controlplanes/ack/dynamodb/dynamodb-create.yaml b/manifests/modules/automation/controlplanes/ack/dynamodb/dynamodb-create.yaml index d151f7d0d..86b744849 100644 --- a/manifests/modules/automation/controlplanes/ack/dynamodb/dynamodb-create.yaml +++ b/manifests/modules/automation/controlplanes/ack/dynamodb/dynamodb-create.yaml @@ -9,17 +9,17 @@ spec: keyType: HASH attributeDefinitions: - attributeName: id - attributeType: 'S' + attributeType: "S" - attributeName: customerId - attributeType: 'S' + attributeType: "S" billingMode: PAY_PER_REQUEST tableName: "${EKS_CLUSTER_NAME}-carts-ack" globalSecondaryIndexes: - indexName: idx_global_customerId keySchema: - - attributeName: customerId - keyType: HASH - - attributeName: id - keyType: RANGE + - attributeName: customerId + keyType: HASH + - attributeName: id + keyType: RANGE projection: - projectionType: 'ALL' \ No newline at end of file + projectionType: "ALL" diff --git a/manifests/modules/automation/controlplanes/ack/dynamodb/kustomization.yaml b/manifests/modules/automation/controlplanes/ack/dynamodb/kustomization.yaml index f50af0c3c..9f25793c9 100644 --- a/manifests/modules/automation/controlplanes/ack/dynamodb/kustomization.yaml +++ b/manifests/modules/automation/controlplanes/ack/dynamodb/kustomization.yaml @@ -1,8 +1,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../../../../../base-application/carts -- dynamodb-ack-configmap.yaml -- dynamodb-create.yaml + - ../../../../../base-application/carts + - dynamodb-ack-configmap.yaml + - dynamodb-create.yaml patches: -- path: deployment.yaml \ No newline at end of file + - path: deployment.yaml diff --git a/manifests/modules/automation/controlplanes/ack/mq/fieldexports/kustomization.yaml b/manifests/modules/automation/controlplanes/ack/mq/fieldexports/kustomization.yaml index 88388c6e5..095bfcaf5 100644 --- a/manifests/modules/automation/controlplanes/ack/mq/fieldexports/kustomization.yaml +++ b/manifests/modules/automation/controlplanes/ack/mq/fieldexports/kustomization.yaml @@ -1,19 +1,19 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization configMapGenerator: -- name: mq-ack-options - envs: - - mq-ack-options.env + - name: mq-ack-options + envs: + - mq-ack-options.env vars: -- name: ORDERS_PASSWORD - objref: - kind: ConfigMap - name: mq-ack-options - apiVersion: v1 - fieldref: - fieldpath: data.ORDERS_PASSWORD + - name: ORDERS_PASSWORD + objref: + kind: ConfigMap + name: mq-ack-options + apiVersion: v1 + fieldref: + fieldpath: data.ORDERS_PASSWORD configurations: - env-var-transformer.yaml resources: -- mq-configmap-orders.yaml -- mq-fieldexports-orders.yaml + - mq-configmap-orders.yaml + - mq-fieldexports-orders.yaml diff --git a/manifests/modules/automation/controlplanes/ack/mq/k8s/kustomization.yaml b/manifests/modules/automation/controlplanes/ack/mq/k8s/kustomization.yaml index 047e18f81..6f1445133 100644 --- a/manifests/modules/automation/controlplanes/ack/mq/k8s/kustomization.yaml +++ b/manifests/modules/automation/controlplanes/ack/mq/k8s/kustomization.yaml @@ -1,26 +1,26 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization configMapGenerator: -- name: mq-ack-options - envs: - - mq-ack-options.env + - name: mq-ack-options + envs: + - mq-ack-options.env vars: -- name: VPC_ID - objref: - kind: ConfigMap - name: mq-ack-options - apiVersion: v1 - fieldref: - fieldpath: data.VPC_ID -- name: VPC_PRIVATE_SUBNET_ID_3 - objref: - kind: ConfigMap - name: mq-ack-options - apiVersion: v1 - fieldref: - fieldpath: data.VPC_PRIVATE_SUBNET_ID_3 + - name: VPC_ID + objref: + kind: ConfigMap + name: mq-ack-options + apiVersion: v1 + fieldref: + fieldpath: data.VPC_ID + - name: VPC_PRIVATE_SUBNET_ID_3 + objref: + kind: ConfigMap + name: mq-ack-options + apiVersion: v1 + fieldref: + fieldpath: data.VPC_PRIVATE_SUBNET_ID_3 configurations: - env-var-transformer.yaml resources: -- mq-security-group.yaml -- mq-broker.yaml + - mq-security-group.yaml + - mq-broker.yaml diff --git a/manifests/modules/automation/controlplanes/ack/mq/k8s/mq-broker.yaml b/manifests/modules/automation/controlplanes/ack/mq/k8s/mq-broker.yaml index 82a706c08..865d2ae0f 100644 --- a/manifests/modules/automation/controlplanes/ack/mq/k8s/mq-broker.yaml +++ b/manifests/modules/automation/controlplanes/ack/mq/k8s/mq-broker.yaml @@ -19,7 +19,7 @@ spec: consoleAccess: true username: admin subnetIDs: - - ${VPC_PRIVATE_SUBNET_ID_3} + - ${VPC_PRIVATE_SUBNET_ID_3} securityGroupRefs: - - from: + - from: name: mq-eks-workshop diff --git a/manifests/modules/automation/controlplanes/ack/mq/k8s/mq-security-group.yaml b/manifests/modules/automation/controlplanes/ack/mq/k8s/mq-security-group.yaml index 8bb79b6f0..67147f563 100644 --- a/manifests/modules/automation/controlplanes/ack/mq/k8s/mq-security-group.yaml +++ b/manifests/modules/automation/controlplanes/ack/mq/k8s/mq-security-group.yaml @@ -8,8 +8,8 @@ spec: name: mq-eks-workshop vpcID: ${VPC_ID} ingressRules: - - ipProtocol: tcp - ipRanges: - - cidrIP: "0.0.0.0/0" - fromPort: 5671 - toPort: 5671 + - ipProtocol: tcp + ipRanges: + - cidrIP: "0.0.0.0/0" + fromPort: 5671 + toPort: 5671 diff --git a/manifests/modules/automation/controlplanes/ack/mq/roles/kustomization.yaml b/manifests/modules/automation/controlplanes/ack/mq/roles/kustomization.yaml index 0719c74b2..c66f9cd9d 100644 --- a/manifests/modules/automation/controlplanes/ack/mq/roles/kustomization.yaml +++ b/manifests/modules/automation/controlplanes/ack/mq/roles/kustomization.yaml @@ -1,25 +1,25 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization configMapGenerator: -- name: mq-ack-options - envs: - - mq-ack-options.env + - name: mq-ack-options + envs: + - mq-ack-options.env vars: -- name: AWS_ACCOUNT_ID - objref: - kind: ConfigMap - name: mq-ack-options - apiVersion: v1 - fieldref: - fieldpath: data.AWS_ACCOUNT_ID -- name: OIDC_PROVIDER - objref: - kind: ConfigMap - name: mq-ack-options - apiVersion: v1 - fieldref: - fieldpath: data.OIDC_PROVIDER + - name: AWS_ACCOUNT_ID + objref: + kind: ConfigMap + name: mq-ack-options + apiVersion: v1 + fieldref: + fieldpath: data.AWS_ACCOUNT_ID + - name: OIDC_PROVIDER + objref: + kind: ConfigMap + name: mq-ack-options + apiVersion: v1 + fieldref: + fieldpath: data.OIDC_PROVIDER configurations: - env-var-transformer.yaml resources: -- mq-iam-role.yaml + - mq-iam-role.yaml diff --git a/manifests/modules/automation/controlplanes/ack/rds/application/kustomization.yaml b/manifests/modules/automation/controlplanes/ack/rds/application/kustomization.yaml index abd9e8934..c9b9006a2 100644 --- a/manifests/modules/automation/controlplanes/ack/rds/application/kustomization.yaml +++ b/manifests/modules/automation/controlplanes/ack/rds/application/kustomization.yaml @@ -1,7 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../../../../../../base-application/catalog -- nlb.yaml + - ../../../../../../base-application/catalog + - nlb.yaml patches: -- path: deployment.yaml + - path: deployment.yaml diff --git a/manifests/modules/automation/controlplanes/ack/rds/application/nlb.yaml b/manifests/modules/automation/controlplanes/ack/rds/application/nlb.yaml index e56524651..5e457ff07 100644 --- a/manifests/modules/automation/controlplanes/ack/rds/application/nlb.yaml +++ b/manifests/modules/automation/controlplanes/ack/rds/application/nlb.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: ui-nlb annotations: - service.beta.kubernetes.io/aws-load-balancer-type: external + service.beta.kubernetes.io/aws-load-balancer-type: external service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: instance namespace: ui diff --git a/manifests/modules/automation/controlplanes/ack/rds/fieldexports/env-var-transformer.yaml b/manifests/modules/automation/controlplanes/ack/rds/fieldexports/env-var-transformer.yaml index 88a1ba336..03d350488 100644 --- a/manifests/modules/automation/controlplanes/ack/rds/fieldexports/env-var-transformer.yaml +++ b/manifests/modules/automation/controlplanes/ack/rds/fieldexports/env-var-transformer.yaml @@ -1,7 +1,7 @@ varReference: -- apiVersion: v1 - kind: Secret - path: stringData/password -- apiVersion: services.k8s.aws/v1alpha1 - kind: FieldExport - path: spec/from/resource/name + - apiVersion: v1 + kind: Secret + path: stringData/password + - apiVersion: services.k8s.aws/v1alpha1 + kind: FieldExport + path: spec/from/resource/name diff --git a/manifests/modules/automation/controlplanes/ack/rds/fieldexports/kustomization.yaml b/manifests/modules/automation/controlplanes/ack/rds/fieldexports/kustomization.yaml index 62abc004d..e81416acc 100644 --- a/manifests/modules/automation/controlplanes/ack/rds/fieldexports/kustomization.yaml +++ b/manifests/modules/automation/controlplanes/ack/rds/fieldexports/kustomization.yaml @@ -1,26 +1,26 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization configMapGenerator: -- name: rds-ack-options - envs: - - rds-ack-options.env + - name: rds-ack-options + envs: + - rds-ack-options.env vars: -- name: EKS_CLUSTER_NAME - objref: - kind: ConfigMap - name: rds-ack-options - apiVersion: v1 - fieldref: - fieldpath: data.EKS_CLUSTER_NAME -- name: CATALOG_PASSWORD - objref: - kind: ConfigMap - name: rds-ack-options - apiVersion: v1 - fieldref: - fieldpath: data.CATALOG_PASSWORD + - name: EKS_CLUSTER_NAME + objref: + kind: ConfigMap + name: rds-ack-options + apiVersion: v1 + fieldref: + fieldpath: data.EKS_CLUSTER_NAME + - name: CATALOG_PASSWORD + objref: + kind: ConfigMap + name: rds-ack-options + apiVersion: v1 + fieldref: + fieldpath: data.CATALOG_PASSWORD configurations: - env-var-transformer.yaml resources: -- rds-secret.yaml -- rds-fieldexports.yaml + - rds-secret.yaml + - rds-fieldexports.yaml diff --git a/manifests/modules/automation/controlplanes/ack/rds/k8s/env-var-transformer.yaml b/manifests/modules/automation/controlplanes/ack/rds/k8s/env-var-transformer.yaml index 682988498..47c53ae3e 100644 --- a/manifests/modules/automation/controlplanes/ack/rds/k8s/env-var-transformer.yaml +++ b/manifests/modules/automation/controlplanes/ack/rds/k8s/env-var-transformer.yaml @@ -1,44 +1,44 @@ varReference: -- apiVersion: ec2.services.k8s.aws/v1alpha1 - kind: SecurityGroup - path: spec/vpcID - value: rds-ack-options -- apiVersion: ec2.services.k8s.aws/v1alpha1 - kind: SecurityGroup - path: metadata/name - value: rds-ack-options -- apiVersion: ec2.services.k8s.aws/v1alpha1 - kind: SecurityGroup - path: spec/name - value: rds-ack-options -- apiVersion: ec2.services.k8s.aws/v1alpha1 - kind: SecurityGroup - path: spec/ingressRules[]/ipRanges[]/cidrIP -- apiVersion: rds.services.k8s.aws/v1alpha1 - kind: DBSubnetGroup - path: spec/subnetIDs - value: rds-ack-options -- apiVersion: rds.services.k8s.aws/v1alpha1 - kind: DBSubnetGroup - path: metadata/name - value: rds-ack-options -- apiVersion: rds.services.k8s.aws/v1alpha1 - kind: DBSubnetGroup - path: spec/name - value: rds-ack-options -- apiVersion: rds.services.k8s.aws/v1alpha1 - kind: DBInstance - path: spec/dbSubnetGroupRef/from/name - value: rds-ack-options -- apiVersion: rds.services.k8s.aws/v1alpha1 - kind: DBInstance - path: metadata/name - value: rds-ack-options -- apiVersion: rds.services.k8s.aws/v1alpha1 - kind: DBInstance - path: spec/dbInstanceIdentifier - value: rds-ack-options -- apiVersion: rds.services.k8s.aws/v1alpha1 - kind: DBInstance - path: spec/vpcSecurityGroupRefs[]/from/name - value: rds-ack-options + - apiVersion: ec2.services.k8s.aws/v1alpha1 + kind: SecurityGroup + path: spec/vpcID + value: rds-ack-options + - apiVersion: ec2.services.k8s.aws/v1alpha1 + kind: SecurityGroup + path: metadata/name + value: rds-ack-options + - apiVersion: ec2.services.k8s.aws/v1alpha1 + kind: SecurityGroup + path: spec/name + value: rds-ack-options + - apiVersion: ec2.services.k8s.aws/v1alpha1 + kind: SecurityGroup + path: spec/ingressRules[]/ipRanges[]/cidrIP + - apiVersion: rds.services.k8s.aws/v1alpha1 + kind: DBSubnetGroup + path: spec/subnetIDs + value: rds-ack-options + - apiVersion: rds.services.k8s.aws/v1alpha1 + kind: DBSubnetGroup + path: metadata/name + value: rds-ack-options + - apiVersion: rds.services.k8s.aws/v1alpha1 + kind: DBSubnetGroup + path: spec/name + value: rds-ack-options + - apiVersion: rds.services.k8s.aws/v1alpha1 + kind: DBInstance + path: spec/dbSubnetGroupRef/from/name + value: rds-ack-options + - apiVersion: rds.services.k8s.aws/v1alpha1 + kind: DBInstance + path: metadata/name + value: rds-ack-options + - apiVersion: rds.services.k8s.aws/v1alpha1 + kind: DBInstance + path: spec/dbInstanceIdentifier + value: rds-ack-options + - apiVersion: rds.services.k8s.aws/v1alpha1 + kind: DBInstance + path: spec/vpcSecurityGroupRefs[]/from/name + value: rds-ack-options diff --git a/manifests/modules/automation/controlplanes/ack/rds/k8s/kustomization.yaml b/manifests/modules/automation/controlplanes/ack/rds/k8s/kustomization.yaml index e6f75a8a1..860168862 100644 --- a/manifests/modules/automation/controlplanes/ack/rds/k8s/kustomization.yaml +++ b/manifests/modules/automation/controlplanes/ack/rds/k8s/kustomization.yaml @@ -1,55 +1,55 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization configMapGenerator: -- name: rds-ack-options - envs: - - rds-ack-options.env + - name: rds-ack-options + envs: + - rds-ack-options.env vars: -- name: EKS_CLUSTER_NAME - objref: - kind: ConfigMap - name: rds-ack-options - apiVersion: v1 - fieldref: - fieldpath: data.EKS_CLUSTER_NAME -- name: VPC_ID - objref: - kind: ConfigMap - name: rds-ack-options - apiVersion: v1 - fieldref: - fieldpath: data.VPC_ID -- name: VPC_CIDR - objref: - kind: ConfigMap - name: rds-ack-options - apiVersion: v1 - fieldref: - fieldpath: data.VPC_CIDR -- name: VPC_PRIVATE_SUBNET_ID_3 - objref: - kind: ConfigMap - name: rds-ack-options - apiVersion: v1 - fieldref: - fieldpath: data.VPC_PRIVATE_SUBNET_ID_3 -- name: VPC_PRIVATE_SUBNET_ID_1 - objref: - kind: ConfigMap - name: rds-ack-options - apiVersion: v1 - fieldref: - fieldpath: data.VPC_PRIVATE_SUBNET_ID_1 -- name: VPC_PRIVATE_SUBNET_ID_2 - objref: - kind: ConfigMap - name: rds-ack-options - apiVersion: v1 - fieldref: - fieldpath: data.VPC_PRIVATE_SUBNET_ID_2 + - name: EKS_CLUSTER_NAME + objref: + kind: ConfigMap + name: rds-ack-options + apiVersion: v1 + fieldref: + fieldpath: data.EKS_CLUSTER_NAME + - name: VPC_ID + objref: + kind: ConfigMap + name: rds-ack-options + apiVersion: v1 + fieldref: + fieldpath: data.VPC_ID + - name: VPC_CIDR + objref: + kind: ConfigMap + name: rds-ack-options + apiVersion: v1 + fieldref: + fieldpath: data.VPC_CIDR + - name: VPC_PRIVATE_SUBNET_ID_3 + objref: + kind: ConfigMap + name: rds-ack-options + apiVersion: v1 + fieldref: + fieldpath: data.VPC_PRIVATE_SUBNET_ID_3 + - name: VPC_PRIVATE_SUBNET_ID_1 + objref: + kind: ConfigMap + name: rds-ack-options + apiVersion: v1 + fieldref: + fieldpath: data.VPC_PRIVATE_SUBNET_ID_1 + - name: VPC_PRIVATE_SUBNET_ID_2 + objref: + kind: ConfigMap + name: rds-ack-options + apiVersion: v1 + fieldref: + fieldpath: data.VPC_PRIVATE_SUBNET_ID_2 configurations: - env-var-transformer.yaml resources: -- rds-security-group.yaml -- rds-dbgroup.yaml -- rds-instance.yaml + - rds-security-group.yaml + - rds-dbgroup.yaml + - rds-instance.yaml diff --git a/manifests/modules/automation/controlplanes/ack/rds/k8s/rds-dbgroup.yaml b/manifests/modules/automation/controlplanes/ack/rds/k8s/rds-dbgroup.yaml index 0960e01fa..d6451d319 100644 --- a/manifests/modules/automation/controlplanes/ack/rds/k8s/rds-dbgroup.yaml +++ b/manifests/modules/automation/controlplanes/ack/rds/k8s/rds-dbgroup.yaml @@ -7,6 +7,6 @@ spec: description: DBSubnet group name: ${EKS_CLUSTER_NAME}-catalog-ack subnetIDs: - - ${VPC_PRIVATE_SUBNET_ID_1} - - ${VPC_PRIVATE_SUBNET_ID_2} - - ${VPC_PRIVATE_SUBNET_ID_3} + - ${VPC_PRIVATE_SUBNET_ID_1} + - ${VPC_PRIVATE_SUBNET_ID_2} + - ${VPC_PRIVATE_SUBNET_ID_3} diff --git a/manifests/modules/automation/controlplanes/ack/rds/k8s/rds-instance.yaml b/manifests/modules/automation/controlplanes/ack/rds/k8s/rds-instance.yaml index 3c2c7476d..12539ac96 100644 --- a/manifests/modules/automation/controlplanes/ack/rds/k8s/rds-instance.yaml +++ b/manifests/modules/automation/controlplanes/ack/rds/k8s/rds-instance.yaml @@ -10,11 +10,11 @@ spec: engine: mysql engineVersion: "8.0" masterUsername: "admin" - dbSubnetGroupRef: - from: + dbSubnetGroupRef: + from: name: ${EKS_CLUSTER_NAME}-catalog-ack vpcSecurityGroupRefs: - - from: + - from: name: ${EKS_CLUSTER_NAME}-catalog-ack masterUserPassword: namespace: catalog diff --git a/manifests/modules/automation/controlplanes/ack/rds/k8s/rds-security-group.yaml b/manifests/modules/automation/controlplanes/ack/rds/k8s/rds-security-group.yaml index 89145a5da..e5d94901a 100644 --- a/manifests/modules/automation/controlplanes/ack/rds/k8s/rds-security-group.yaml +++ b/manifests/modules/automation/controlplanes/ack/rds/k8s/rds-security-group.yaml @@ -8,8 +8,8 @@ spec: name: ${EKS_CLUSTER_NAME}-catalog-ack vpcID: ${VPC_ID} ingressRules: - - ipProtocol: tcp - ipRanges: - - cidrIP: "${VPC_CIDR}" - fromPort: 3306 - toPort: 3306 + - ipProtocol: tcp + ipRanges: + - cidrIP: "${VPC_CIDR}" + fromPort: 3306 + toPort: 3306 diff --git a/manifests/modules/automation/controlplanes/crossplane/.workshop/manifests/kustomization.yaml b/manifests/modules/automation/controlplanes/crossplane/.workshop/manifests/kustomization.yaml index b430d0f3a..8815f1789 100644 --- a/manifests/modules/automation/controlplanes/crossplane/.workshop/manifests/kustomization.yaml +++ b/manifests/modules/automation/controlplanes/crossplane/.workshop/manifests/kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- nlb.yaml + - nlb.yaml diff --git a/manifests/modules/automation/controlplanes/crossplane/.workshop/manifests/nlb.yaml b/manifests/modules/automation/controlplanes/crossplane/.workshop/manifests/nlb.yaml index e56524651..5e457ff07 100644 --- a/manifests/modules/automation/controlplanes/crossplane/.workshop/manifests/nlb.yaml +++ b/manifests/modules/automation/controlplanes/crossplane/.workshop/manifests/nlb.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: ui-nlb annotations: - service.beta.kubernetes.io/aws-load-balancer-type: external + service.beta.kubernetes.io/aws-load-balancer-type: external service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: instance namespace: ui diff --git a/manifests/modules/automation/controlplanes/crossplane/.workshop/terraform/templates/crossplane.yaml b/manifests/modules/automation/controlplanes/crossplane/.workshop/terraform/templates/crossplane.yaml index a46257d4e..6ea74f8dd 100644 --- a/manifests/modules/automation/controlplanes/crossplane/.workshop/terraform/templates/crossplane.yaml +++ b/manifests/modules/automation/controlplanes/crossplane/.workshop/terraform/templates/crossplane.yaml @@ -15,4 +15,4 @@ resourcesRBACManager: cpu: 100m memory: 512Mi nodeSelector: - kubernetes.io/os: linux \ No newline at end of file + kubernetes.io/os: linux diff --git a/manifests/modules/automation/controlplanes/crossplane/application/deployment.yaml b/manifests/modules/automation/controlplanes/crossplane/application/deployment.yaml index dd5636350..1120bb1e9 100644 --- a/manifests/modules/automation/controlplanes/crossplane/application/deployment.yaml +++ b/manifests/modules/automation/controlplanes/crossplane/application/deployment.yaml @@ -11,4 +11,4 @@ spec: envFrom: - configMapRef: name: carts-crossplane - serviceAccountName: carts-crossplane \ No newline at end of file + serviceAccountName: carts-crossplane diff --git a/manifests/modules/automation/controlplanes/crossplane/application/dynamodb-crossplane-configmap.yaml b/manifests/modules/automation/controlplanes/crossplane/application/dynamodb-crossplane-configmap.yaml index d3b30298c..e7627b2d3 100644 --- a/manifests/modules/automation/controlplanes/crossplane/application/dynamodb-crossplane-configmap.yaml +++ b/manifests/modules/automation/controlplanes/crossplane/application/dynamodb-crossplane-configmap.yaml @@ -4,4 +4,4 @@ metadata: name: carts-crossplane namespace: carts data: - CARTS_DYNAMODB_TABLENAME: "${EKS_CLUSTER_NAME}-carts-crossplane" \ No newline at end of file + CARTS_DYNAMODB_TABLENAME: "${EKS_CLUSTER_NAME}-carts-crossplane" diff --git a/manifests/modules/automation/controlplanes/crossplane/application/kustomization.yaml b/manifests/modules/automation/controlplanes/crossplane/application/kustomization.yaml index 07975d9de..ff1b2a2ce 100644 --- a/manifests/modules/automation/controlplanes/crossplane/application/kustomization.yaml +++ b/manifests/modules/automation/controlplanes/crossplane/application/kustomization.yaml @@ -1,7 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../../../../../base-application/carts -- dynamodb-crossplane-configmap.yaml + - ../../../../../base-application/carts + - dynamodb-crossplane-configmap.yaml patches: -- path: deployment.yaml + - path: deployment.yaml diff --git a/manifests/modules/automation/controlplanes/crossplane/compositions/claim/claim.yaml b/manifests/modules/automation/controlplanes/crossplane/compositions/claim/claim.yaml index 7dc63a8d1..fb8859849 100644 --- a/manifests/modules/automation/controlplanes/crossplane/compositions/claim/claim.yaml +++ b/manifests/modules/automation/controlplanes/crossplane/compositions/claim/claim.yaml @@ -10,4 +10,4 @@ spec: - name: customerId type: S globalSecondaryIndex: - - name: idx_global_customerId \ No newline at end of file + - name: idx_global_customerId diff --git a/manifests/modules/automation/controlplanes/crossplane/compositions/composition/definition.yaml b/manifests/modules/automation/controlplanes/crossplane/compositions/composition/definition.yaml index cbb0ec3fb..d5a368de9 100644 --- a/manifests/modules/automation/controlplanes/crossplane/compositions/composition/definition.yaml +++ b/manifests/modules/automation/controlplanes/crossplane/compositions/composition/definition.yaml @@ -32,8 +32,8 @@ spec: deletionPolicy: description: Defaults to Delete enum: - - Delete - - Orphan + - Delete + - Orphan type: string name: type: string @@ -42,14 +42,14 @@ spec: default: aws-provider-config region: type: string - default: '' + default: "" tags: additionalProperties: type: string description: Key-value map of resource tags. type: object required: - - region + - region type: object dynamoConfig: properties: @@ -60,13 +60,13 @@ spec: type: string type: enum: - - B #binary - - N #number - - S #string + - B #binary + - N #number + - S #string type: string required: - - name - - type + - name + - type type: object type: array hashKey: @@ -79,14 +79,14 @@ spec: readCapacity: type: number writeCapacity: - type: number + type: number globalSecondaryIndex: items: properties: hashKey: type: string name: - type: string + type: string rangeKey: type: string readCapacity: @@ -108,7 +108,7 @@ spec: items: properties: name: - type: string + type: string rangeKey: type: string projectionType: @@ -125,10 +125,10 @@ spec: - nonKeyAttributes type: array required: - - attribute + - attribute type: object required: - - dynamoConfig + - dynamoConfig status: type: object description: TableStatus defines the observed state of Table @@ -140,4 +140,4 @@ spec: description: Indicates this table's Name type: string required: - - spec + - spec diff --git a/manifests/modules/automation/controlplanes/crossplane/compositions/composition/kustomization.yaml b/manifests/modules/automation/controlplanes/crossplane/compositions/composition/kustomization.yaml index 9ebe7cd51..b6dd37fd7 100644 --- a/manifests/modules/automation/controlplanes/crossplane/compositions/composition/kustomization.yaml +++ b/manifests/modules/automation/controlplanes/crossplane/compositions/composition/kustomization.yaml @@ -1,5 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- definition.yaml -- table.yaml + - definition.yaml + - table.yaml diff --git a/manifests/modules/automation/controlplanes/crossplane/compositions/composition/table.yaml b/manifests/modules/automation/controlplanes/crossplane/compositions/composition/table.yaml index f0000b33d..d8dd54649 100644 --- a/manifests/modules/automation/controlplanes/crossplane/compositions/composition/table.yaml +++ b/manifests/modules/automation/controlplanes/crossplane/compositions/composition/table.yaml @@ -45,7 +45,7 @@ spec: writeConnectionSecretToRef: name: cartsdynamo namespace: crossplane-system - region: '' + region: "" providerConfigRef: name: aws-provider-config patches: @@ -75,7 +75,7 @@ spec: toFieldPath: spec.forProvider.rangeKey - type: FromCompositeFieldPath fromFieldPath: spec.dynamoConfig.readCapacity - toFieldPath: spec.forProvider.readCapacity + toFieldPath: spec.forProvider.readCapacity - type: FromCompositeFieldPath fromFieldPath: spec.dynamoConfig.writeCapacity toFieldPath: spec.forProvider.writeCapacity @@ -87,7 +87,7 @@ spec: toFieldPath: spec.forProvider.globalSecondaryIndex[0].hashKey - type: FromCompositeFieldPath fromFieldPath: spec.dynamoConfig.globalSecondaryIndex[0].projectionType - toFieldPath: spec.forProvider.globalSecondaryIndex[0].projectionType + toFieldPath: spec.forProvider.globalSecondaryIndex[0].projectionType policy: mergeOptions: keepMapValues: true diff --git a/manifests/modules/automation/controlplanes/crossplane/managed/kustomization.yaml b/manifests/modules/automation/controlplanes/crossplane/managed/kustomization.yaml index e79e74da5..a4fa7ac60 100644 --- a/manifests/modules/automation/controlplanes/crossplane/managed/kustomization.yaml +++ b/manifests/modules/automation/controlplanes/crossplane/managed/kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- table.yaml \ No newline at end of file + - table.yaml diff --git a/manifests/modules/automation/controlplanes/crossplane/managed/table.yaml b/manifests/modules/automation/controlplanes/crossplane/managed/table.yaml index b7891d209..7a27760a1 100644 --- a/manifests/modules/automation/controlplanes/crossplane/managed/table.yaml +++ b/manifests/modules/automation/controlplanes/crossplane/managed/table.yaml @@ -4,7 +4,7 @@ metadata: name: "${EKS_CLUSTER_NAME}-carts-crossplane" labels: testing.upbound.io/example-name: dynamodb - annotations: + annotations: crossplane.io/external-name: "${EKS_CLUSTER_NAME}-carts-crossplane" spec: forProvider: @@ -19,7 +19,7 @@ spec: - hashKey: customerId name: idx_global_customerId projectionType: ALL - region: '' + region: "" tags: namespace: carts providerConfigRef: diff --git a/manifests/modules/automation/gitops/argocd/app-of-apps/templates/application.yaml b/manifests/modules/automation/gitops/argocd/app-of-apps/templates/application.yaml index ae54fe9f2..536555c76 100644 --- a/manifests/modules/automation/gitops/argocd/app-of-apps/templates/application.yaml +++ b/manifests/modules/automation/gitops/argocd/app-of-apps/templates/application.yaml @@ -1 +1 @@ -{{- include "application" . -}} +{ { - include "application" . - } } diff --git a/manifests/modules/automation/gitops/argocd/apps-kustomization/assets/kustomization.yaml b/manifests/modules/automation/gitops/argocd/apps-kustomization/assets/kustomization.yaml index e612b6afc..8a76179a1 100644 --- a/manifests/modules/automation/gitops/argocd/apps-kustomization/assets/kustomization.yaml +++ b/manifests/modules/automation/gitops/argocd/apps-kustomization/assets/kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- https://github.com/aws-samples/eks-workshop-v2/manifests/base-application/assets?ref=stable + - https://github.com/aws-samples/eks-workshop-v2/manifests/base-application/assets?ref=stable diff --git a/manifests/modules/automation/gitops/argocd/apps-kustomization/carts/kustomization.yaml b/manifests/modules/automation/gitops/argocd/apps-kustomization/carts/kustomization.yaml index 14745bab7..fe65df79d 100644 --- a/manifests/modules/automation/gitops/argocd/apps-kustomization/carts/kustomization.yaml +++ b/manifests/modules/automation/gitops/argocd/apps-kustomization/carts/kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- https://github.com/aws-samples/eks-workshop-v2/manifests/base-application/carts?ref=stable + - https://github.com/aws-samples/eks-workshop-v2/manifests/base-application/carts?ref=stable diff --git a/manifests/modules/automation/gitops/argocd/apps-kustomization/catalog/kustomization.yaml b/manifests/modules/automation/gitops/argocd/apps-kustomization/catalog/kustomization.yaml index e53ef4d28..79908eb3b 100644 --- a/manifests/modules/automation/gitops/argocd/apps-kustomization/catalog/kustomization.yaml +++ b/manifests/modules/automation/gitops/argocd/apps-kustomization/catalog/kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- https://github.com/aws-samples/eks-workshop-v2/manifests/base-application/catalog?ref=stable + - https://github.com/aws-samples/eks-workshop-v2/manifests/base-application/catalog?ref=stable diff --git a/manifests/modules/automation/gitops/argocd/apps-kustomization/checkout/kustomization.yaml b/manifests/modules/automation/gitops/argocd/apps-kustomization/checkout/kustomization.yaml index 4db7fbb7d..0412382a0 100644 --- a/manifests/modules/automation/gitops/argocd/apps-kustomization/checkout/kustomization.yaml +++ b/manifests/modules/automation/gitops/argocd/apps-kustomization/checkout/kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- https://github.com/aws-samples/eks-workshop-v2/manifests/base-application/checkout?ref=stable + - https://github.com/aws-samples/eks-workshop-v2/manifests/base-application/checkout?ref=stable diff --git a/manifests/modules/automation/gitops/argocd/apps-kustomization/orders/kustomization.yaml b/manifests/modules/automation/gitops/argocd/apps-kustomization/orders/kustomization.yaml index c14de68e0..8932747ca 100644 --- a/manifests/modules/automation/gitops/argocd/apps-kustomization/orders/kustomization.yaml +++ b/manifests/modules/automation/gitops/argocd/apps-kustomization/orders/kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- https://github.com/aws-samples/eks-workshop-v2/manifests/base-application/orders?ref=stable + - https://github.com/aws-samples/eks-workshop-v2/manifests/base-application/orders?ref=stable diff --git a/manifests/modules/automation/gitops/argocd/apps-kustomization/other/kustomization.yaml b/manifests/modules/automation/gitops/argocd/apps-kustomization/other/kustomization.yaml index 8857e26a4..f58f62f58 100644 --- a/manifests/modules/automation/gitops/argocd/apps-kustomization/other/kustomization.yaml +++ b/manifests/modules/automation/gitops/argocd/apps-kustomization/other/kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- https://github.com/aws-samples/eks-workshop-v2/manifests/base-application/other?ref=stable + - https://github.com/aws-samples/eks-workshop-v2/manifests/base-application/other?ref=stable diff --git a/manifests/modules/automation/gitops/argocd/apps-kustomization/rabbitmq/kustomization.yaml b/manifests/modules/automation/gitops/argocd/apps-kustomization/rabbitmq/kustomization.yaml index 6e7df129e..e3ee5e12b 100644 --- a/manifests/modules/automation/gitops/argocd/apps-kustomization/rabbitmq/kustomization.yaml +++ b/manifests/modules/automation/gitops/argocd/apps-kustomization/rabbitmq/kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- https://github.com/aws-samples/eks-workshop-v2/manifests/base-application/rabbitmq?ref=stable + - https://github.com/aws-samples/eks-workshop-v2/manifests/base-application/rabbitmq?ref=stable diff --git a/manifests/modules/automation/gitops/argocd/apps-kustomization/ui/kustomization.yaml b/manifests/modules/automation/gitops/argocd/apps-kustomization/ui/kustomization.yaml index 1a46e9e6e..f799a3c3c 100644 --- a/manifests/modules/automation/gitops/argocd/apps-kustomization/ui/kustomization.yaml +++ b/manifests/modules/automation/gitops/argocd/apps-kustomization/ui/kustomization.yaml @@ -1,8 +1,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -# HIGHLIGHT -- https://github.com/aws-samples/eks-workshop-v2/manifests/base-application/ui?ref=stable + # HIGHLIGHT + - https://github.com/aws-samples/eks-workshop-v2/manifests/base-application/ui?ref=stable patches: -# HIGHLIGHT -- path: deployment-patch.yaml + # HIGHLIGHT + - path: deployment-patch.yaml diff --git a/manifests/modules/automation/gitops/argocd/kustomization.yaml b/manifests/modules/automation/gitops/argocd/kustomization.yaml index f6bc5d066..269f21ce4 100644 --- a/manifests/modules/automation/gitops/argocd/kustomization.yaml +++ b/manifests/modules/automation/gitops/argocd/kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ui + - ui diff --git a/manifests/modules/automation/gitops/argocd/update-application/kustomization.yaml b/manifests/modules/automation/gitops/argocd/update-application/kustomization.yaml index acb213436..73be3a0b7 100644 --- a/manifests/modules/automation/gitops/argocd/update-application/kustomization.yaml +++ b/manifests/modules/automation/gitops/argocd/update-application/kustomization.yaml @@ -1,8 +1,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../../../../../base-application/ui + - ../../../../../base-application/ui # HIGHLIGHT patches: -# HIGHLIGHT -- path: deployment-patch.yaml + # HIGHLIGHT + - path: deployment-patch.yaml diff --git a/manifests/modules/automation/gitops/flux/apps-kustomization.yaml b/manifests/modules/automation/gitops/flux/apps-kustomization.yaml index f6bc5d066..269f21ce4 100644 --- a/manifests/modules/automation/gitops/flux/apps-kustomization.yaml +++ b/manifests/modules/automation/gitops/flux/apps-kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ui + - ui diff --git a/manifests/modules/automation/gitops/flux/ci-ingress/ingress.yaml b/manifests/modules/automation/gitops/flux/ci-ingress/ingress.yaml index 1960e96cf..521dbf7c1 100644 --- a/manifests/modules/automation/gitops/flux/ci-ingress/ingress.yaml +++ b/manifests/modules/automation/gitops/flux/ci-ingress/ingress.yaml @@ -10,12 +10,12 @@ metadata: spec: ingressClassName: alb rules: - - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: ui - port: - number: 80 + - http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: ui + port: + number: 80 diff --git a/manifests/modules/automation/gitops/flux/ci-ingress/kustomization.yaml b/manifests/modules/automation/gitops/flux/ci-ingress/kustomization.yaml index bd43e8a71..972f3ed06 100644 --- a/manifests/modules/automation/gitops/flux/ci-ingress/kustomization.yaml +++ b/manifests/modules/automation/gitops/flux/ci-ingress/kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ingress.yaml + - ingress.yaml diff --git a/manifests/modules/automation/gitops/flux/imagepolicy.yaml b/manifests/modules/automation/gitops/flux/imagepolicy.yaml index b2b3a2ba7..5033e1750 100644 --- a/manifests/modules/automation/gitops/flux/imagepolicy.yaml +++ b/manifests/modules/automation/gitops/flux/imagepolicy.yaml @@ -10,7 +10,7 @@ spec: name: ui filterTags: # HIGHLIGHT - pattern: '^i[a-fA-F0-9]' + pattern: "^i[a-fA-F0-9]" policy: alphabetical: # HIGHLIGHT diff --git a/manifests/modules/automation/gitops/flux/imageupdateautomation.yaml b/manifests/modules/automation/gitops/flux/imageupdateautomation.yaml index cbb130359..153945197 100644 --- a/manifests/modules/automation/gitops/flux/imageupdateautomation.yaml +++ b/manifests/modules/automation/gitops/flux/imageupdateautomation.yaml @@ -14,7 +14,7 @@ spec: author: email: fluxcdbot@users.noreply.github.com name: fluxcdbot - messageTemplate: '{{range .Updated.Images}}{{println .}}{{end}}' + messageTemplate: "{{range .Updated.Images}}{{println .}}{{end}}" push: branch: main # HIGHLIGHT diff --git a/manifests/modules/automation/gitops/flux/ui-kustomization.yaml b/manifests/modules/automation/gitops/flux/ui-kustomization.yaml index 44c4c01f3..651d98de2 100644 --- a/manifests/modules/automation/gitops/flux/ui-kustomization.yaml +++ b/manifests/modules/automation/gitops/flux/ui-kustomization.yaml @@ -2,8 +2,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: ui resources: -- namespace.yaml -- configMap.yaml -- serviceAccount.yaml -- service.yaml -- deployment.yaml + - namespace.yaml + - configMap.yaml + - serviceAccount.yaml + - service.yaml + - deployment.yaml diff --git a/manifests/modules/autoscaling/compute/cluster-autoscaler/kustomization.yaml b/manifests/modules/autoscaling/compute/cluster-autoscaler/kustomization.yaml index dc8862526..238bdd70e 100644 --- a/manifests/modules/autoscaling/compute/cluster-autoscaler/kustomization.yaml +++ b/manifests/modules/autoscaling/compute/cluster-autoscaler/kustomization.yaml @@ -1,9 +1,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../../../../base-application/ + - ../../../../base-application/ patches: -- path: deployment.yaml - target: - kind: Deployment - labelSelector: app.kubernetes.io/type=app + - path: deployment.yaml + target: + kind: Deployment + labelSelector: app.kubernetes.io/type=app diff --git a/manifests/modules/autoscaling/compute/karpenter/nodepool/kustomization.yaml b/manifests/modules/autoscaling/compute/karpenter/nodepool/kustomization.yaml index da23f4528..02e134676 100644 --- a/manifests/modules/autoscaling/compute/karpenter/nodepool/kustomization.yaml +++ b/manifests/modules/autoscaling/compute/karpenter/nodepool/kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- nodepool.yaml + - nodepool.yaml diff --git a/manifests/modules/autoscaling/compute/karpenter/scale/kustomization.yaml b/manifests/modules/autoscaling/compute/karpenter/scale/kustomization.yaml index 42835f535..9c2d28b0c 100644 --- a/manifests/modules/autoscaling/compute/karpenter/scale/kustomization.yaml +++ b/manifests/modules/autoscaling/compute/karpenter/scale/kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- deployment.yaml + - deployment.yaml diff --git a/manifests/modules/autoscaling/compute/overprovisioning/scale/kustomization.yaml b/manifests/modules/autoscaling/compute/overprovisioning/scale/kustomization.yaml index 604361cbb..cf7c88b7e 100644 --- a/manifests/modules/autoscaling/compute/overprovisioning/scale/kustomization.yaml +++ b/manifests/modules/autoscaling/compute/overprovisioning/scale/kustomization.yaml @@ -1,9 +1,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../../../../../base-application + - ../../../../../base-application patches: -- path: deployment.yaml - target: - kind: Deployment - labelSelector: app.kubernetes.io/type=app + - path: deployment.yaml + target: + kind: Deployment + labelSelector: app.kubernetes.io/type=app diff --git a/manifests/modules/autoscaling/compute/overprovisioning/setup/deployment-pause.yaml b/manifests/modules/autoscaling/compute/overprovisioning/setup/deployment-pause.yaml index 6c5f59bb8..a293e2636 100644 --- a/manifests/modules/autoscaling/compute/overprovisioning/setup/deployment-pause.yaml +++ b/manifests/modules/autoscaling/compute/overprovisioning/setup/deployment-pause.yaml @@ -15,8 +15,8 @@ spec: spec: priorityClassName: pause-pods containers: - - name: reserve-resources - image: registry.k8s.io/pause - resources: - requests: - memory: "6.5Gi" + - name: reserve-resources + image: registry.k8s.io/pause + resources: + requests: + memory: "6.5Gi" diff --git a/manifests/modules/autoscaling/compute/overprovisioning/setup/kustomization.yaml b/manifests/modules/autoscaling/compute/overprovisioning/setup/kustomization.yaml index 8a70d1b14..22aef27b3 100644 --- a/manifests/modules/autoscaling/compute/overprovisioning/setup/kustomization.yaml +++ b/manifests/modules/autoscaling/compute/overprovisioning/setup/kustomization.yaml @@ -1,6 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- priorityclass-default.yaml -- priorityclass-pause.yaml -- deployment-pause.yaml + - priorityclass-default.yaml + - priorityclass-pause.yaml + - deployment-pause.yaml diff --git a/manifests/modules/autoscaling/compute/overprovisioning/setup/priorityclass-default.yaml b/manifests/modules/autoscaling/compute/overprovisioning/setup/priorityclass-default.yaml index dcf749f02..72d52f8a7 100644 --- a/manifests/modules/autoscaling/compute/overprovisioning/setup/priorityclass-default.yaml +++ b/manifests/modules/autoscaling/compute/overprovisioning/setup/priorityclass-default.yaml @@ -1,7 +1,7 @@ apiVersion: scheduling.k8s.io/v1 kind: PriorityClass metadata: - name: default + name: default value: 0 globalDefault: true description: "Default Priority class." diff --git a/manifests/modules/autoscaling/compute/overprovisioning/setup/priorityclass-pause.yaml b/manifests/modules/autoscaling/compute/overprovisioning/setup/priorityclass-pause.yaml index e7365824d..7ae94c809 100644 --- a/manifests/modules/autoscaling/compute/overprovisioning/setup/priorityclass-pause.yaml +++ b/manifests/modules/autoscaling/compute/overprovisioning/setup/priorityclass-pause.yaml @@ -1,7 +1,7 @@ apiVersion: scheduling.k8s.io/v1 kind: PriorityClass metadata: - name: pause-pods + name: pause-pods value: -1 globalDefault: false description: "Priority class used by pause-pods for overprovisioning." diff --git a/manifests/modules/autoscaling/workloads/cpa/deployment.yaml b/manifests/modules/autoscaling/workloads/cpa/deployment.yaml index 9e3f4d20c..441914a3b 100644 --- a/manifests/modules/autoscaling/workloads/cpa/deployment.yaml +++ b/manifests/modules/autoscaling/workloads/cpa/deployment.yaml @@ -18,28 +18,28 @@ spec: securityContext: seccompProfile: type: RuntimeDefault - supplementalGroups: [ 65534 ] + supplementalGroups: [65534] fsGroup: 65534 nodeSelector: kubernetes.io/os: linux containers: - - name: autoscaler - # HIGHLIGHT - image: registry.k8s.io/cpa/cluster-proportional-autoscaler:1.8.5 - resources: - requests: - cpu: "20m" - memory: "10Mi" - command: - - /cluster-proportional-autoscaler - - --namespace=kube-system - - --configmap=dns-autoscaler - - --target=Deployment/coredns + - name: autoscaler # HIGHLIGHT - - --default-params={"linear":{"nodesPerReplica":2,"min":2,"max":6,"preventSinglePointFailure":true,"includeUnschedulableNodes":true}} - - --logtostderr=true - - --v=2 + image: registry.k8s.io/cpa/cluster-proportional-autoscaler:1.8.5 + resources: + requests: + cpu: "20m" + memory: "10Mi" + command: + - /cluster-proportional-autoscaler + - --namespace=kube-system + - --configmap=dns-autoscaler + - --target=Deployment/coredns + # HIGHLIGHT + - --default-params={"linear":{"nodesPerReplica":2,"min":2,"max":6,"preventSinglePointFailure":true,"includeUnschedulableNodes":true}} + - --logtostderr=true + - --v=2 tolerations: - - key: "CriticalAddonsOnly" - operator: "Exists" + - key: "CriticalAddonsOnly" + operator: "Exists" serviceAccountName: dns-autoscaler diff --git a/manifests/modules/autoscaling/workloads/cpa/kustomization.yaml b/manifests/modules/autoscaling/workloads/cpa/kustomization.yaml index 706083873..31b4961ce 100644 --- a/manifests/modules/autoscaling/workloads/cpa/kustomization.yaml +++ b/manifests/modules/autoscaling/workloads/cpa/kustomization.yaml @@ -1,6 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../../../../base-application/other -- others.yaml -- deployment.yaml + - ../../../../base-application/other + - others.yaml + - deployment.yaml diff --git a/manifests/modules/autoscaling/workloads/hpa/kustomization.yaml b/manifests/modules/autoscaling/workloads/hpa/kustomization.yaml index ee509fc82..b2870fdda 100644 --- a/manifests/modules/autoscaling/workloads/hpa/kustomization.yaml +++ b/manifests/modules/autoscaling/workloads/hpa/kustomization.yaml @@ -1,7 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../../../../base-application -- hpa.yaml + - ../../../../base-application + - hpa.yaml patches: -- path: deployment.yaml + - path: deployment.yaml diff --git a/manifests/modules/exposing/ingress/creating-ingress/ingress.yaml b/manifests/modules/exposing/ingress/creating-ingress/ingress.yaml index 1960e96cf..521dbf7c1 100644 --- a/manifests/modules/exposing/ingress/creating-ingress/ingress.yaml +++ b/manifests/modules/exposing/ingress/creating-ingress/ingress.yaml @@ -10,12 +10,12 @@ metadata: spec: ingressClassName: alb rules: - - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: ui - port: - number: 80 + - http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: ui + port: + number: 80 diff --git a/manifests/modules/exposing/ingress/creating-ingress/kustomization.yaml b/manifests/modules/exposing/ingress/creating-ingress/kustomization.yaml index bd43e8a71..972f3ed06 100644 --- a/manifests/modules/exposing/ingress/creating-ingress/kustomization.yaml +++ b/manifests/modules/exposing/ingress/creating-ingress/kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ingress.yaml + - ingress.yaml diff --git a/manifests/modules/exposing/ingress/multiple-ingress/ingress-catalog.yaml b/manifests/modules/exposing/ingress/multiple-ingress/ingress-catalog.yaml index c43234249..2fb2464aa 100644 --- a/manifests/modules/exposing/ingress/multiple-ingress/ingress-catalog.yaml +++ b/manifests/modules/exposing/ingress/multiple-ingress/ingress-catalog.yaml @@ -13,12 +13,12 @@ metadata: spec: ingressClassName: alb rules: - - http: - paths: - - path: /catalogue - pathType: Prefix - backend: - service: - name: catalog - port: - number: 80 + - http: + paths: + - path: /catalogue + pathType: Prefix + backend: + service: + name: catalog + port: + number: 80 diff --git a/manifests/modules/exposing/ingress/multiple-ingress/ingress-ui.yaml b/manifests/modules/exposing/ingress/multiple-ingress/ingress-ui.yaml index ada56e4c6..62d754d88 100644 --- a/manifests/modules/exposing/ingress/multiple-ingress/ingress-ui.yaml +++ b/manifests/modules/exposing/ingress/multiple-ingress/ingress-ui.yaml @@ -14,12 +14,12 @@ metadata: spec: ingressClassName: alb rules: - - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: ui - port: - number: 80 + - http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: ui + port: + number: 80 diff --git a/manifests/modules/exposing/ingress/multiple-ingress/kustomization.yaml b/manifests/modules/exposing/ingress/multiple-ingress/kustomization.yaml index a84e17583..e999f2ee7 100644 --- a/manifests/modules/exposing/ingress/multiple-ingress/kustomization.yaml +++ b/manifests/modules/exposing/ingress/multiple-ingress/kustomization.yaml @@ -1,5 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ingress-catalog.yaml -- ingress-ui.yaml + - ingress-catalog.yaml + - ingress-ui.yaml diff --git a/manifests/modules/exposing/load-balancer/ip-mode/kustomization.yaml b/manifests/modules/exposing/load-balancer/ip-mode/kustomization.yaml index 1dbffc85a..5087f2a9d 100644 --- a/manifests/modules/exposing/load-balancer/ip-mode/kustomization.yaml +++ b/manifests/modules/exposing/load-balancer/ip-mode/kustomization.yaml @@ -1,6 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../nlb + - ../nlb patches: -- path: nlb.yaml + - path: nlb.yaml diff --git a/manifests/modules/exposing/load-balancer/nlb/kustomization.yaml b/manifests/modules/exposing/load-balancer/nlb/kustomization.yaml index b430d0f3a..8815f1789 100644 --- a/manifests/modules/exposing/load-balancer/nlb/kustomization.yaml +++ b/manifests/modules/exposing/load-balancer/nlb/kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- nlb.yaml + - nlb.yaml diff --git a/manifests/modules/exposing/load-balancer/nlb/nlb.yaml b/manifests/modules/exposing/load-balancer/nlb/nlb.yaml index e56524651..5e457ff07 100644 --- a/manifests/modules/exposing/load-balancer/nlb/nlb.yaml +++ b/manifests/modules/exposing/load-balancer/nlb/nlb.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: ui-nlb annotations: - service.beta.kubernetes.io/aws-load-balancer-type: external + service.beta.kubernetes.io/aws-load-balancer-type: external service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: instance namespace: ui diff --git a/manifests/modules/fundamentals/affinity/checkout-redis/checkout-redis.yaml b/manifests/modules/fundamentals/affinity/checkout-redis/checkout-redis.yaml index e73f1e1d4..8ad5f471d 100644 --- a/manifests/modules/fundamentals/affinity/checkout-redis/checkout-redis.yaml +++ b/manifests/modules/fundamentals/affinity/checkout-redis/checkout-redis.yaml @@ -11,10 +11,10 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app.kubernetes.io/component - operator: In - values: - - redis - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: app.kubernetes.io/component + operator: In + values: + - redis + topologyKey: kubernetes.io/hostname diff --git a/manifests/modules/fundamentals/affinity/checkout-redis/kustomization.yaml b/manifests/modules/fundamentals/affinity/checkout-redis/kustomization.yaml index a368db8ee..2e5341868 100644 --- a/manifests/modules/fundamentals/affinity/checkout-redis/kustomization.yaml +++ b/manifests/modules/fundamentals/affinity/checkout-redis/kustomization.yaml @@ -1,7 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../checkout + - ../checkout patches: -- path: checkout-redis.yaml -- path: checkout.yaml + - path: checkout-redis.yaml + - path: checkout.yaml diff --git a/manifests/modules/fundamentals/affinity/checkout/checkout.yaml b/manifests/modules/fundamentals/affinity/checkout/checkout.yaml index 7a22cec48..47f69b888 100644 --- a/manifests/modules/fundamentals/affinity/checkout/checkout.yaml +++ b/manifests/modules/fundamentals/affinity/checkout/checkout.yaml @@ -9,23 +9,23 @@ spec: affinity: podAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app.kubernetes.io/component - operator: In - values: - - redis - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: app.kubernetes.io/component + operator: In + values: + - redis + topologyKey: kubernetes.io/hostname podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app.kubernetes.io/component - operator: In - values: - - service - - key: app.kubernetes.io/instance - operator: In - values: - - checkout - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: app.kubernetes.io/component + operator: In + values: + - service + - key: app.kubernetes.io/instance + operator: In + values: + - checkout + topologyKey: kubernetes.io/hostname diff --git a/manifests/modules/fundamentals/affinity/checkout/kustomization.yaml b/manifests/modules/fundamentals/affinity/checkout/kustomization.yaml index 1b14905b8..e521b3ecc 100644 --- a/manifests/modules/fundamentals/affinity/checkout/kustomization.yaml +++ b/manifests/modules/fundamentals/affinity/checkout/kustomization.yaml @@ -1,6 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../../../../base-application/checkout/ + - ../../../../base-application/checkout/ patches: -- path: checkout.yaml + - path: checkout.yaml diff --git a/manifests/modules/fundamentals/fargate/enabling/deployment.yaml b/manifests/modules/fundamentals/fargate/enabling/deployment.yaml index aa9fa1d22..fef158804 100644 --- a/manifests/modules/fundamentals/fargate/enabling/deployment.yaml +++ b/manifests/modules/fundamentals/fargate/enabling/deployment.yaml @@ -6,4 +6,4 @@ spec: template: metadata: labels: - fargate: 'yes' + fargate: "yes" diff --git a/manifests/modules/fundamentals/fargate/enabling/kustomization.yaml b/manifests/modules/fundamentals/fargate/enabling/kustomization.yaml index e54dbdcea..35f499f92 100644 --- a/manifests/modules/fundamentals/fargate/enabling/kustomization.yaml +++ b/manifests/modules/fundamentals/fargate/enabling/kustomization.yaml @@ -1,6 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../../../../base-application/checkout + - ../../../../base-application/checkout patches: -- path: deployment.yaml + - path: deployment.yaml diff --git a/manifests/modules/fundamentals/fargate/profile/fargate.yaml b/manifests/modules/fundamentals/fargate/profile/fargate.yaml index f2d5162e1..c3e438940 100644 --- a/manifests/modules/fundamentals/fargate/profile/fargate.yaml +++ b/manifests/modules/fundamentals/fargate/profile/fargate.yaml @@ -6,13 +6,13 @@ metadata: region: $AWS_REGION fargateProfiles: -- name: checkout-profile - selectors: - - namespace: checkout - labels: - fargate: 'yes' - subnets: - - $PRIVATE_SUBNET_1 - - $PRIVATE_SUBNET_2 - - $PRIVATE_SUBNET_3 - podExecutionRoleARN: $FARGATE_IAM_PROFILE_ARN \ No newline at end of file + - name: checkout-profile + selectors: + - namespace: checkout + labels: + fargate: "yes" + subnets: + - $PRIVATE_SUBNET_1 + - $PRIVATE_SUBNET_2 + - $PRIVATE_SUBNET_3 + podExecutionRoleARN: $FARGATE_IAM_PROFILE_ARN diff --git a/manifests/modules/fundamentals/fargate/scaling/kustomization.yaml b/manifests/modules/fundamentals/fargate/scaling/kustomization.yaml index 5991aea92..ff629a4d4 100644 --- a/manifests/modules/fundamentals/fargate/scaling/kustomization.yaml +++ b/manifests/modules/fundamentals/fargate/scaling/kustomization.yaml @@ -1,6 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../sizing + - ../sizing patches: -- path: deployment.yaml + - path: deployment.yaml diff --git a/manifests/modules/fundamentals/fargate/sizing/deployment.yaml b/manifests/modules/fundamentals/fargate/sizing/deployment.yaml index cbdc890df..4991671ee 100644 --- a/manifests/modules/fundamentals/fargate/sizing/deployment.yaml +++ b/manifests/modules/fundamentals/fargate/sizing/deployment.yaml @@ -9,7 +9,7 @@ spec: - name: checkout resources: requests: - cpu: '1' + cpu: "1" memory: 2.5G limits: memory: 2.5G diff --git a/manifests/modules/fundamentals/fargate/sizing/kustomization.yaml b/manifests/modules/fundamentals/fargate/sizing/kustomization.yaml index 76afd0570..8380a2b6f 100644 --- a/manifests/modules/fundamentals/fargate/sizing/kustomization.yaml +++ b/manifests/modules/fundamentals/fargate/sizing/kustomization.yaml @@ -1,6 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../enabling + - ../enabling patches: -- path: deployment.yaml + - path: deployment.yaml diff --git a/manifests/modules/fundamentals/mng/graviton/nodegroup.yaml b/manifests/modules/fundamentals/mng/graviton/nodegroup.yaml index 461a1d7af..1994fd1f0 100644 --- a/manifests/modules/fundamentals/mng/graviton/nodegroup.yaml +++ b/manifests/modules/fundamentals/mng/graviton/nodegroup.yaml @@ -8,13 +8,13 @@ metadata: managedNodeGroups: - name: graviton instanceTypes: - # HIGHLIGHT - - t4g.medium + # HIGHLIGHT + - t4g.medium minSize: 1 maxSize: 3 desiredCapacity: 1 privateNetworking: true subnets: - - $PRIMARY_SUBNET_1 - - $PRIMARY_SUBNET_2 - - $PRIMARY_SUBNET_3 \ No newline at end of file + - $PRIMARY_SUBNET_1 + - $PRIMARY_SUBNET_2 + - $PRIMARY_SUBNET_3 diff --git a/manifests/modules/fundamentals/mng/graviton/nodeselector-w-toleration/deployment.yaml b/manifests/modules/fundamentals/mng/graviton/nodeselector-w-toleration/deployment.yaml index 79bfef58b..19523e477 100644 --- a/manifests/modules/fundamentals/mng/graviton/nodeselector-w-toleration/deployment.yaml +++ b/manifests/modules/fundamentals/mng/graviton/nodeselector-w-toleration/deployment.yaml @@ -6,8 +6,8 @@ spec: template: spec: tolerations: - - key: "frontend" - operator: "Exists" - effect: "NoExecute" + - key: "frontend" + operator: "Exists" + effect: "NoExecute" nodeSelector: kubernetes.io/arch: arm64 diff --git a/manifests/modules/fundamentals/mng/graviton/nodeselector-w-toleration/kustomization.yaml b/manifests/modules/fundamentals/mng/graviton/nodeselector-w-toleration/kustomization.yaml index f3561eda2..3bec1c799 100644 --- a/manifests/modules/fundamentals/mng/graviton/nodeselector-w-toleration/kustomization.yaml +++ b/manifests/modules/fundamentals/mng/graviton/nodeselector-w-toleration/kustomization.yaml @@ -1,6 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../../../../../base-application/ui + - ../../../../../base-application/ui patches: -- path: deployment.yaml + - path: deployment.yaml diff --git a/manifests/modules/fundamentals/mng/graviton/nodeselector-wo-toleration/kustomization.yaml b/manifests/modules/fundamentals/mng/graviton/nodeselector-wo-toleration/kustomization.yaml index f3561eda2..3bec1c799 100644 --- a/manifests/modules/fundamentals/mng/graviton/nodeselector-wo-toleration/kustomization.yaml +++ b/manifests/modules/fundamentals/mng/graviton/nodeselector-wo-toleration/kustomization.yaml @@ -1,6 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../../../../../base-application/ui + - ../../../../../base-application/ui patches: -- path: deployment.yaml + - path: deployment.yaml diff --git a/manifests/modules/fundamentals/mng/spot/deployment/kustomization.yaml b/manifests/modules/fundamentals/mng/spot/deployment/kustomization.yaml index 90a5cec2d..0f47580e1 100644 --- a/manifests/modules/fundamentals/mng/spot/deployment/kustomization.yaml +++ b/manifests/modules/fundamentals/mng/spot/deployment/kustomization.yaml @@ -1,6 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../../../../../base-application/catalog + - ../../../../../base-application/catalog patches: -- path: deployment.yaml + - path: deployment.yaml diff --git a/manifests/modules/fundamentals/storage/ebs/kustomization.yaml b/manifests/modules/fundamentals/storage/ebs/kustomization.yaml index 62b4221b2..338d72657 100644 --- a/manifests/modules/fundamentals/storage/ebs/kustomization.yaml +++ b/manifests/modules/fundamentals/storage/ebs/kustomization.yaml @@ -1,14 +1,14 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../../../../base-application/catalog -- statefulset-mysql.yaml -- service-mysql.yaml + - ../../../../base-application/catalog + - statefulset-mysql.yaml + - service-mysql.yaml patches: -- path: deployment.yaml - target: - group: apps - version: v1 - kind: Deployment - name: catalog - namespace: catalog + - path: deployment.yaml + target: + group: apps + version: v1 + kind: Deployment + name: catalog + namespace: catalog diff --git a/manifests/modules/fundamentals/storage/ebs/statefulset-mysql.yaml b/manifests/modules/fundamentals/storage/ebs/statefulset-mysql.yaml index 28e5b5f8a..2f8f3edc1 100644 --- a/manifests/modules/fundamentals/storage/ebs/statefulset-mysql.yaml +++ b/manifests/modules/fundamentals/storage/ebs/statefulset-mysql.yaml @@ -16,7 +16,7 @@ spec: serviceName: mysql template: metadata: - labels: + labels: app.kubernetes.io/name: catalog app.kubernetes.io/instance: catalog app.kubernetes.io/component: mysql-ebs @@ -26,7 +26,7 @@ spec: containers: - name: mysql image: "public.ecr.aws/docker/library/mysql:5.7" - args: + args: - "--ignore-db-dir=lost+found" imagePullPolicy: IfNotPresent env: @@ -60,4 +60,4 @@ spec: storageClassName: gp2 resources: requests: - storage: 30Gi + storage: 30Gi diff --git a/manifests/modules/fundamentals/storage/efs/deployment/deployment.yaml b/manifests/modules/fundamentals/storage/efs/deployment/deployment.yaml index e9952253b..619507061 100644 --- a/manifests/modules/fundamentals/storage/efs/deployment/deployment.yaml +++ b/manifests/modules/fundamentals/storage/efs/deployment/deployment.yaml @@ -7,17 +7,18 @@ spec: template: spec: initContainers: - - name: copy - image: "public.ecr.aws/aws-containers/retail-store-sample-assets:0.4.0" - command: ["/bin/sh", "-c", "cp -R /usr/share/nginx/html/assets/* /efsvolume"] - volumeMounts: - - name: efsvolume - mountPath: /efsvolume + - name: copy + image: "public.ecr.aws/aws-containers/retail-store-sample-assets:0.4.0" + command: + ["/bin/sh", "-c", "cp -R /usr/share/nginx/html/assets/* /efsvolume"] + volumeMounts: + - name: efsvolume + mountPath: /efsvolume containers: - - name: assets - volumeMounts: - - name: efsvolume - mountPath: /usr/share/nginx/html/assets + - name: assets + volumeMounts: + - name: efsvolume + mountPath: /usr/share/nginx/html/assets volumes: - name: efsvolume persistentVolumeClaim: diff --git a/manifests/modules/fundamentals/storage/efs/deployment/kustomization.yaml b/manifests/modules/fundamentals/storage/efs/deployment/kustomization.yaml index 124538dd8..e2ab7b1c9 100644 --- a/manifests/modules/fundamentals/storage/efs/deployment/kustomization.yaml +++ b/manifests/modules/fundamentals/storage/efs/deployment/kustomization.yaml @@ -1,7 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../../../../../base-application/assets -- efspvclaim.yaml + - ../../../../../base-application/assets + - efspvclaim.yaml patches: -- path: deployment.yaml + - path: deployment.yaml diff --git a/manifests/modules/fundamentals/storage/efs/storageclass/efsstorageclass.yaml b/manifests/modules/fundamentals/storage/efs/storageclass/efsstorageclass.yaml index 77c961dd7..51b2e1add 100644 --- a/manifests/modules/fundamentals/storage/efs/storageclass/efsstorageclass.yaml +++ b/manifests/modules/fundamentals/storage/efs/storageclass/efsstorageclass.yaml @@ -6,4 +6,4 @@ provisioner: efs.csi.aws.com parameters: provisioningMode: efs-ap fileSystemId: ${EFS_ID} - directoryPerms: "700" \ No newline at end of file + directoryPerms: "700" diff --git a/manifests/modules/fundamentals/storage/efs/storageclass/kustomization.yaml b/manifests/modules/fundamentals/storage/efs/storageclass/kustomization.yaml index dea85421c..22ed0e87b 100644 --- a/manifests/modules/fundamentals/storage/efs/storageclass/kustomization.yaml +++ b/manifests/modules/fundamentals/storage/efs/storageclass/kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - efsstorageclass.yaml \ No newline at end of file + - efsstorageclass.yaml diff --git a/manifests/modules/fundamentals/storage/fsxn/.workshop/terraform/values.yaml b/manifests/modules/fundamentals/storage/fsxn/.workshop/terraform/values.yaml index 0234f41de..fe2fc1740 100644 --- a/manifests/modules/fundamentals/storage/fsxn/.workshop/terraform/values.yaml +++ b/manifests/modules/fundamentals/storage/fsxn/.workshop/terraform/values.yaml @@ -28,11 +28,9 @@ affinity: {} # tridentNodePluginNodeSelector additional nodeSelectors for Pods running the Trident Node CSI Plugin. # tridentNodePluginNodeSelector : {} -# tridentNodePluginTolerations overrides tolerations for Pods running the Trident Node CSI Plugin. +# tridentNodePluginTolerations overrides tolerations for Pods running the Trident Node CSI Plugin. # tridentNodePluginTolerations: [] - - # imageRegistry identifies the registry for the trident-operator, trident, and other images. Leave empty to accept the default. imageRegistry: "" @@ -45,8 +43,7 @@ imagePullSecrets: [] # kubeletDir allows overriding the host location of kubelet's internal state. (default "/var/lib/kubelet"). kubeletDir: "" - -# operatorLogLevel allows the log level of the Trident operator to be set to one of these: +# operatorLogLevel allows the log level of the Trident operator to be set to one of these: # trace, debug, info, warn, error, fatal. # operatorLogLevel: "info" @@ -59,7 +56,6 @@ operatorImage: "" # operatorImageTag allows overriding the tag of the trident-operator image. operatorImageTag: "" - # tridentIPv6 allows enabling Trident to work in IPv6 clusters. tridentIPv6: false @@ -122,4 +118,4 @@ windows: false enableForceDetach: false # excludePodSecurityPolicy excludes the operator pod security policy from creation. -excludePodSecurityPolicy: false \ No newline at end of file +excludePodSecurityPolicy: false diff --git a/manifests/modules/fundamentals/storage/fsxn/backend/fsxn-backend-nas.yaml b/manifests/modules/fundamentals/storage/fsxn/backend/fsxn-backend-nas.yaml index b42de7c55..03918f424 100644 --- a/manifests/modules/fundamentals/storage/fsxn/backend/fsxn-backend-nas.yaml +++ b/manifests/modules/fundamentals/storage/fsxn/backend/fsxn-backend-nas.yaml @@ -10,6 +10,6 @@ spec: managementLIF: ${FSXN_IP} svm: fsxnsvm autoExportPolicy: true - autoExportCIDRs: ["10.42.0.0/16","100.64.0.0/16"] + autoExportCIDRs: ["10.42.0.0/16", "100.64.0.0/16"] credentials: name: backend-fsxn-ontap-nas-secret diff --git a/manifests/modules/fundamentals/storage/fsxn/backend/fsxn-secret.yaml b/manifests/modules/fundamentals/storage/fsxn/backend/fsxn-secret.yaml index 9c6f583cb..93bd0e1ec 100644 --- a/manifests/modules/fundamentals/storage/fsxn/backend/fsxn-secret.yaml +++ b/manifests/modules/fundamentals/storage/fsxn/backend/fsxn-secret.yaml @@ -6,4 +6,4 @@ metadata: type: Opaque stringData: username: fsxadmin - password: ${FSXN_ADMIN_PASSWORD} \ No newline at end of file + password: ${FSXN_ADMIN_PASSWORD} diff --git a/manifests/modules/fundamentals/storage/fsxn/backend/kustomization.yaml b/manifests/modules/fundamentals/storage/fsxn/backend/kustomization.yaml index c83699c67..76cf67261 100755 --- a/manifests/modules/fundamentals/storage/fsxn/backend/kustomization.yaml +++ b/manifests/modules/fundamentals/storage/fsxn/backend/kustomization.yaml @@ -1,5 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- fsxn-secret.yaml -- fsxn-backend-nas.yaml \ No newline at end of file + - fsxn-secret.yaml + - fsxn-backend-nas.yaml diff --git a/manifests/modules/fundamentals/storage/fsxn/deployment/deployment.yaml b/manifests/modules/fundamentals/storage/fsxn/deployment/deployment.yaml index 351fccd9e..ea08bf7a8 100644 --- a/manifests/modules/fundamentals/storage/fsxn/deployment/deployment.yaml +++ b/manifests/modules/fundamentals/storage/fsxn/deployment/deployment.yaml @@ -7,17 +7,22 @@ spec: template: spec: initContainers: - - name: copy - image: "public.ecr.aws/aws-containers/retail-store-sample-assets:0.4.0" - command: ["/bin/sh", "-c", "cp -R /usr/share/nginx/html/assets/* /fsxnvolume"] - volumeMounts: - - name: fsxnvolume - mountPath: /fsxnvolume + - name: copy + image: "public.ecr.aws/aws-containers/retail-store-sample-assets:0.4.0" + command: + [ + "/bin/sh", + "-c", + "cp -R /usr/share/nginx/html/assets/* /fsxnvolume", + ] + volumeMounts: + - name: fsxnvolume + mountPath: /fsxnvolume containers: - - name: assets - volumeMounts: - - name: fsxnvolume - mountPath: /usr/share/nginx/html/assets + - name: assets + volumeMounts: + - name: fsxnvolume + mountPath: /usr/share/nginx/html/assets volumes: - name: fsxnvolume persistentVolumeClaim: diff --git a/manifests/modules/fundamentals/storage/fsxn/deployment/kustomization.yaml b/manifests/modules/fundamentals/storage/fsxn/deployment/kustomization.yaml index dcb1dcc5e..8c542f7fe 100644 --- a/manifests/modules/fundamentals/storage/fsxn/deployment/kustomization.yaml +++ b/manifests/modules/fundamentals/storage/fsxn/deployment/kustomization.yaml @@ -1,7 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../../../../../base-application/assets -- fsxnpvclaim.yaml + - ../../../../../base-application/assets + - fsxnpvclaim.yaml patches: -- path: deployment.yaml + - path: deployment.yaml diff --git a/manifests/modules/fundamentals/storage/fsxn/storageclass/fsxnstorageclass.yaml b/manifests/modules/fundamentals/storage/fsxn/storageclass/fsxnstorageclass.yaml index 335c2f1e0..b9cc136a9 100644 --- a/manifests/modules/fundamentals/storage/fsxn/storageclass/fsxnstorageclass.yaml +++ b/manifests/modules/fundamentals/storage/fsxn/storageclass/fsxnstorageclass.yaml @@ -5,4 +5,4 @@ metadata: provisioner: csi.trident.netapp.io parameters: backendType: "ontap-nas" -allowVolumeExpansion: True \ No newline at end of file +allowVolumeExpansion: True diff --git a/manifests/modules/fundamentals/storage/fsxn/storageclass/kustomization.yaml b/manifests/modules/fundamentals/storage/fsxn/storageclass/kustomization.yaml index 4b00fda0f..c08c2f75f 100755 --- a/manifests/modules/fundamentals/storage/fsxn/storageclass/kustomization.yaml +++ b/manifests/modules/fundamentals/storage/fsxn/storageclass/kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- fsxnstorageclass.yaml \ No newline at end of file + - fsxnstorageclass.yaml diff --git a/manifests/modules/introduction/kustomize/kustomization.yaml b/manifests/modules/introduction/kustomize/kustomization.yaml index ba2cad32c..5dd2dae09 100644 --- a/manifests/modules/introduction/kustomize/kustomization.yaml +++ b/manifests/modules/introduction/kustomize/kustomization.yaml @@ -1,6 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../../../base-application/checkout + - ../../../base-application/checkout patches: -- path: deployment.yaml + - path: deployment.yaml diff --git a/manifests/modules/networking/custom-networking/provision/kustomization.yaml b/manifests/modules/networking/custom-networking/provision/kustomization.yaml index 0099d5678..7b012d28b 100644 --- a/manifests/modules/networking/custom-networking/provision/kustomization.yaml +++ b/manifests/modules/networking/custom-networking/provision/kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- eniconfigs.yaml + - eniconfigs.yaml diff --git a/manifests/modules/networking/custom-networking/sampleapp/kustomization.yaml b/manifests/modules/networking/custom-networking/sampleapp/kustomization.yaml index 1b14905b8..e521b3ecc 100644 --- a/manifests/modules/networking/custom-networking/sampleapp/kustomization.yaml +++ b/manifests/modules/networking/custom-networking/sampleapp/kustomization.yaml @@ -1,6 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../../../../base-application/checkout/ + - ../../../../base-application/checkout/ patches: -- path: checkout.yaml + - path: checkout.yaml diff --git a/manifests/modules/networking/network-policies/apply-network-policies/allow-catalog-ingress-db.yaml b/manifests/modules/networking/network-policies/apply-network-policies/allow-catalog-ingress-db.yaml index cdac78c0a..ca51ad118 100644 --- a/manifests/modules/networking/network-policies/apply-network-policies/allow-catalog-ingress-db.yaml +++ b/manifests/modules/networking/network-policies/apply-network-policies/allow-catalog-ingress-db.yaml @@ -5,7 +5,7 @@ metadata: name: allow-catalog-ingress-db spec: podSelector: - matchLabels: + matchLabels: app.kubernetes.io/name: catalog app.kubernetes.io/component: mysql ingress: @@ -13,4 +13,4 @@ spec: - podSelector: matchLabels: app.kubernetes.io/name: catalog - app.kubernetes.io/component: service \ No newline at end of file + app.kubernetes.io/component: service diff --git a/manifests/modules/networking/network-policies/apply-network-policies/allow-catalog-ingress-webservice.yaml b/manifests/modules/networking/network-policies/apply-network-policies/allow-catalog-ingress-webservice.yaml index 1c5d35dd5..fe402c3a3 100644 --- a/manifests/modules/networking/network-policies/apply-network-policies/allow-catalog-ingress-webservice.yaml +++ b/manifests/modules/networking/network-policies/apply-network-policies/allow-catalog-ingress-webservice.yaml @@ -5,14 +5,14 @@ metadata: name: allow-catalog-ingress-webservice spec: podSelector: - matchLabels: + matchLabels: app.kubernetes.io/name: catalog app.kubernetes.io/component: service ingress: - from: - namespaceSelector: matchLabels: - kubernetes.io/metadata.name: ui + kubernetes.io/metadata.name: ui podSelector: matchLabels: - app.kubernetes.io/name: ui \ No newline at end of file + app.kubernetes.io/name: ui diff --git a/manifests/modules/networking/network-policies/apply-network-policies/allow-order-ingress-fail-debug.yaml b/manifests/modules/networking/network-policies/apply-network-policies/allow-order-ingress-fail-debug.yaml index b57af3145..61341b3dc 100644 --- a/manifests/modules/networking/network-policies/apply-network-policies/allow-order-ingress-fail-debug.yaml +++ b/manifests/modules/networking/network-policies/apply-network-policies/allow-order-ingress-fail-debug.yaml @@ -5,11 +5,11 @@ metadata: name: allow-orders-ingress-webservice spec: podSelector: - matchLabels: + matchLabels: app.kubernetes.io/name: orders app.kubernetes.io/component: service ingress: - from: - - podSelector: - matchLabels: - app.kubernetes.io/name: ui \ No newline at end of file + - podSelector: + matchLabels: + app.kubernetes.io/name: ui diff --git a/manifests/modules/networking/network-policies/apply-network-policies/allow-order-ingress-success-debug.yaml b/manifests/modules/networking/network-policies/apply-network-policies/allow-order-ingress-success-debug.yaml index 13c727bcb..827414316 100644 --- a/manifests/modules/networking/network-policies/apply-network-policies/allow-order-ingress-success-debug.yaml +++ b/manifests/modules/networking/network-policies/apply-network-policies/allow-order-ingress-success-debug.yaml @@ -5,14 +5,14 @@ metadata: name: allow-orders-ingress-webservice spec: podSelector: - matchLabels: + matchLabels: app.kubernetes.io/name: orders app.kubernetes.io/component: service ingress: - from: - - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: ui - podSelector: - matchLabels: - app.kubernetes.io/name: ui \ No newline at end of file + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: ui + podSelector: + matchLabels: + app.kubernetes.io/name: ui diff --git a/manifests/modules/networking/network-policies/apply-network-policies/allow-ui-egress.yaml b/manifests/modules/networking/network-policies/apply-network-policies/allow-ui-egress.yaml index c5f628ae9..00bea9286 100644 --- a/manifests/modules/networking/network-policies/apply-network-policies/allow-ui-egress.yaml +++ b/manifests/modules/networking/network-policies/apply-network-policies/allow-ui-egress.yaml @@ -5,17 +5,17 @@ metadata: name: allow-ui-egress spec: podSelector: - matchLabels: + matchLabels: app.kubernetes.io/name: ui policyTypes: - Egress egress: - to: - - namespaceSelector: + - namespaceSelector: matchLabels: podSelector: - matchLabels: + matchLabels: app.kubernetes.io/component: service - - namespaceSelector: + - namespaceSelector: matchLabels: - kubernetes.io/metadata.name: kube-system \ No newline at end of file + kubernetes.io/metadata.name: kube-system diff --git a/manifests/modules/networking/network-policies/apply-network-policies/default-deny.yaml b/manifests/modules/networking/network-policies/apply-network-policies/default-deny.yaml index e0af223dc..52cfd1e31 100644 --- a/manifests/modules/networking/network-policies/apply-network-policies/default-deny.yaml +++ b/manifests/modules/networking/network-policies/apply-network-policies/default-deny.yaml @@ -6,4 +6,4 @@ spec: podSelector: matchLabels: {} policyTypes: - - Egress \ No newline at end of file + - Egress diff --git a/manifests/modules/networking/network-policies/setup/ingress.yaml b/manifests/modules/networking/network-policies/setup/ingress.yaml index 66edbe46d..f8c230b02 100644 --- a/manifests/modules/networking/network-policies/setup/ingress.yaml +++ b/manifests/modules/networking/network-policies/setup/ingress.yaml @@ -10,12 +10,12 @@ metadata: spec: ingressClassName: alb rules: - - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: ui - port: - number: 80 + - http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: ui + port: + number: 80 diff --git a/manifests/modules/networking/network-policies/setup/kustomization.yaml b/manifests/modules/networking/network-policies/setup/kustomization.yaml index 69c9e22ed..774589711 100644 --- a/manifests/modules/networking/network-policies/setup/kustomization.yaml +++ b/manifests/modules/networking/network-policies/setup/kustomization.yaml @@ -2,4 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization bases: resources: -- ingress.yaml + - ingress.yaml diff --git a/manifests/modules/networking/prefix/deployment-pause.yaml b/manifests/modules/networking/prefix/deployment-pause.yaml index b3b301a25..dd20fe253 100644 --- a/manifests/modules/networking/prefix/deployment-pause.yaml +++ b/manifests/modules/networking/prefix/deployment-pause.yaml @@ -14,5 +14,5 @@ spec: run: pause-pods-prefix spec: containers: - - name: reserve-resources - image: registry.k8s.io/pause + - name: reserve-resources + image: registry.k8s.io/pause diff --git a/manifests/modules/networking/prefix/kustomization.yaml b/manifests/modules/networking/prefix/kustomization.yaml index 989283325..56b36f29b 100644 --- a/manifests/modules/networking/prefix/kustomization.yaml +++ b/manifests/modules/networking/prefix/kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- deployment-pause.yaml + - deployment-pause.yaml diff --git a/manifests/modules/networking/securitygroups-for-pods/rds/catalog-configMap.yaml b/manifests/modules/networking/securitygroups-for-pods/rds/catalog-configMap.yaml index af2df4f8d..d45737fc3 100644 --- a/manifests/modules/networking/securitygroups-for-pods/rds/catalog-configMap.yaml +++ b/manifests/modules/networking/securitygroups-for-pods/rds/catalog-configMap.yaml @@ -5,4 +5,4 @@ metadata: namespace: catalog data: DB_ENDPOINT: ${CATALOG_RDS_ENDPOINT} - DB_READ_ENDPOINT: ${CATALOG_RDS_ENDPOINT} \ No newline at end of file + DB_READ_ENDPOINT: ${CATALOG_RDS_ENDPOINT} diff --git a/manifests/modules/networking/securitygroups-for-pods/rds/kustomization.yaml b/manifests/modules/networking/securitygroups-for-pods/rds/kustomization.yaml index 73c268716..2c855927e 100644 --- a/manifests/modules/networking/securitygroups-for-pods/rds/kustomization.yaml +++ b/manifests/modules/networking/securitygroups-for-pods/rds/kustomization.yaml @@ -1,8 +1,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../../../../base-application/catalog -- nlb.yaml + - ../../../../base-application/catalog + - nlb.yaml patches: -- path: catalog-configMap.yaml -- path: secrets.yaml + - path: catalog-configMap.yaml + - path: secrets.yaml diff --git a/manifests/modules/networking/securitygroups-for-pods/rds/nlb.yaml b/manifests/modules/networking/securitygroups-for-pods/rds/nlb.yaml index e56524651..5e457ff07 100644 --- a/manifests/modules/networking/securitygroups-for-pods/rds/nlb.yaml +++ b/manifests/modules/networking/securitygroups-for-pods/rds/nlb.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: ui-nlb annotations: - service.beta.kubernetes.io/aws-load-balancer-type: external + service.beta.kubernetes.io/aws-load-balancer-type: external service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: instance namespace: ui diff --git a/manifests/modules/networking/securitygroups-for-pods/sg/kustomization.yaml b/manifests/modules/networking/securitygroups-for-pods/sg/kustomization.yaml index 8f20b0a91..8fca817a6 100644 --- a/manifests/modules/networking/securitygroups-for-pods/sg/kustomization.yaml +++ b/manifests/modules/networking/securitygroups-for-pods/sg/kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- policy.yaml \ No newline at end of file + - policy.yaml diff --git a/manifests/modules/networking/securitygroups-for-pods/sg/policy.yaml b/manifests/modules/networking/securitygroups-for-pods/sg/policy.yaml index d31463cbe..9cbef4d41 100644 --- a/manifests/modules/networking/securitygroups-for-pods/sg/policy.yaml +++ b/manifests/modules/networking/securitygroups-for-pods/sg/policy.yaml @@ -9,4 +9,4 @@ spec: app.kubernetes.io/component: service securityGroups: groupIds: - - ${CATALOG_SG_ID} + - ${CATALOG_SG_ID} diff --git a/manifests/modules/networking/vpc-lattice/.workshop/manifests/kustomization.yaml b/manifests/modules/networking/vpc-lattice/.workshop/manifests/kustomization.yaml index b430d0f3a..8815f1789 100644 --- a/manifests/modules/networking/vpc-lattice/.workshop/manifests/kustomization.yaml +++ b/manifests/modules/networking/vpc-lattice/.workshop/manifests/kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- nlb.yaml + - nlb.yaml diff --git a/manifests/modules/networking/vpc-lattice/.workshop/manifests/nlb.yaml b/manifests/modules/networking/vpc-lattice/.workshop/manifests/nlb.yaml index 91b5a0cad..925e24eb4 100644 --- a/manifests/modules/networking/vpc-lattice/.workshop/manifests/nlb.yaml +++ b/manifests/modules/networking/vpc-lattice/.workshop/manifests/nlb.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: ui-nlb annotations: - service.beta.kubernetes.io/aws-load-balancer-type: external + service.beta.kubernetes.io/aws-load-balancer-type: external service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip namespace: ui diff --git a/manifests/modules/networking/vpc-lattice/abtesting/deploymentv2.yaml b/manifests/modules/networking/vpc-lattice/abtesting/deploymentv2.yaml index 557975f54..a3a3f43d8 100644 --- a/manifests/modules/networking/vpc-lattice/abtesting/deploymentv2.yaml +++ b/manifests/modules/networking/vpc-lattice/abtesting/deploymentv2.yaml @@ -7,6 +7,6 @@ spec: spec: containers: - name: checkout - env: - - name: SHIPPING_NAME_PREFIX - value: "Lattice " + env: + - name: SHIPPING_NAME_PREFIX + value: "Lattice " diff --git a/manifests/modules/networking/vpc-lattice/abtesting/kustomization.yaml b/manifests/modules/networking/vpc-lattice/abtesting/kustomization.yaml index 29311e3d1..9e8940c83 100644 --- a/manifests/modules/networking/vpc-lattice/abtesting/kustomization.yaml +++ b/manifests/modules/networking/vpc-lattice/abtesting/kustomization.yaml @@ -4,7 +4,7 @@ namespace: checkoutv2 resources: - ../../../../base-application/checkout patches: -- path: deploymentv2.yaml -- path: servicev2.yaml -- path: delete-deployment-redis.yaml -- path: delete-service-redis.yaml + - path: deploymentv2.yaml + - path: servicev2.yaml + - path: delete-deployment-redis.yaml + - path: delete-service-redis.yaml diff --git a/manifests/modules/networking/vpc-lattice/abtesting/nlb.yaml b/manifests/modules/networking/vpc-lattice/abtesting/nlb.yaml index e56524651..5e457ff07 100644 --- a/manifests/modules/networking/vpc-lattice/abtesting/nlb.yaml +++ b/manifests/modules/networking/vpc-lattice/abtesting/nlb.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: ui-nlb annotations: - service.beta.kubernetes.io/aws-load-balancer-type: external + service.beta.kubernetes.io/aws-load-balancer-type: external service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: instance namespace: ui diff --git a/manifests/modules/networking/vpc-lattice/abtesting/servicev2.yaml b/manifests/modules/networking/vpc-lattice/abtesting/servicev2.yaml index 67a3d845e..01fc181bb 100644 --- a/manifests/modules/networking/vpc-lattice/abtesting/servicev2.yaml +++ b/manifests/modules/networking/vpc-lattice/abtesting/servicev2.yaml @@ -7,4 +7,4 @@ spec: - port: 80 targetPort: 8080 protocol: TCP - name: http \ No newline at end of file + name: http diff --git a/manifests/modules/networking/vpc-lattice/controller/eks-workshop-gw.yaml b/manifests/modules/networking/vpc-lattice/controller/eks-workshop-gw.yaml index e72e0ccc8..088e7537b 100644 --- a/manifests/modules/networking/vpc-lattice/controller/eks-workshop-gw.yaml +++ b/manifests/modules/networking/vpc-lattice/controller/eks-workshop-gw.yaml @@ -6,6 +6,6 @@ metadata: spec: gatewayClassName: amazon-vpc-lattice listeners: - - name: http - protocol: HTTP - port: 80 + - name: http + protocol: HTTP + port: 80 diff --git a/manifests/modules/networking/vpc-lattice/controller/kustomization.yaml b/manifests/modules/networking/vpc-lattice/controller/kustomization.yaml index 9d70be51d..fe10276c1 100644 --- a/manifests/modules/networking/vpc-lattice/controller/kustomization.yaml +++ b/manifests/modules/networking/vpc-lattice/controller/kustomization.yaml @@ -1,6 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- deploy-namesystem.yaml -- gatewayclass.yaml -- latticegw.yaml + - deploy-namesystem.yaml + - gatewayclass.yaml + - latticegw.yaml diff --git a/manifests/modules/networking/vpc-lattice/routes/checkout-route.yaml b/manifests/modules/networking/vpc-lattice/routes/checkout-route.yaml index 82d5f2f1a..31a948800 100644 --- a/manifests/modules/networking/vpc-lattice/routes/checkout-route.yaml +++ b/manifests/modules/networking/vpc-lattice/routes/checkout-route.yaml @@ -5,17 +5,17 @@ metadata: namespace: checkout spec: parentRefs: - - name: ${EKS_CLUSTER_NAME} - sectionName: http + - name: ${EKS_CLUSTER_NAME} + sectionName: http rules: - - backendRefs: - - name: checkout - namespace: checkout - kind: Service - port: 80 - weight: 25 - - name: checkout - namespace: checkoutv2 - kind: Service - port: 80 - weight: 75 \ No newline at end of file + - backendRefs: + - name: checkout + namespace: checkout + kind: Service + port: 80 + weight: 25 + - name: checkout + namespace: checkoutv2 + kind: Service + port: 80 + weight: 75 diff --git a/manifests/modules/networking/vpc-lattice/target-group-policy/kustomization.yaml b/manifests/modules/networking/vpc-lattice/target-group-policy/kustomization.yaml index 11d6a3098..ef5f64fbe 100644 --- a/manifests/modules/networking/vpc-lattice/target-group-policy/kustomization.yaml +++ b/manifests/modules/networking/vpc-lattice/target-group-policy/kustomization.yaml @@ -1,5 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- target-group-policy.yaml -- target-group-policy-v2.yaml + - target-group-policy.yaml + - target-group-policy-v2.yaml diff --git a/manifests/modules/networking/vpc-lattice/target-group-policy/target-group-policy-v2.yaml b/manifests/modules/networking/vpc-lattice/target-group-policy/target-group-policy-v2.yaml index 2d4949408..ce14e3ab0 100644 --- a/manifests/modules/networking/vpc-lattice/target-group-policy/target-group-policy-v2.yaml +++ b/manifests/modules/networking/vpc-lattice/target-group-policy/target-group-policy-v2.yaml @@ -20,4 +20,4 @@ spec: port: 8080 protocol: HTTP protocolVersion: HTTP1 - statusMatch: "200" \ No newline at end of file + statusMatch: "200" diff --git a/manifests/modules/networking/vpc-lattice/target-group-policy/target-group-policy.yaml b/manifests/modules/networking/vpc-lattice/target-group-policy/target-group-policy.yaml index 6685de9f2..e7c0595e7 100644 --- a/manifests/modules/networking/vpc-lattice/target-group-policy/target-group-policy.yaml +++ b/manifests/modules/networking/vpc-lattice/target-group-policy/target-group-policy.yaml @@ -20,4 +20,4 @@ spec: port: 8080 protocol: HTTP protocolVersion: HTTP1 - statusMatch: "200" \ No newline at end of file + statusMatch: "200" diff --git a/manifests/modules/networking/vpc-lattice/ui/configmap.yaml b/manifests/modules/networking/vpc-lattice/ui/configmap.yaml index 9a2371ffd..ec6ce5750 100644 --- a/manifests/modules/networking/vpc-lattice/ui/configmap.yaml +++ b/manifests/modules/networking/vpc-lattice/ui/configmap.yaml @@ -4,4 +4,4 @@ metadata: name: ui namespace: ui data: - ENDPOINTS_CHECKOUT: "${CHECKOUT_ROUTE_DNS}" \ No newline at end of file + ENDPOINTS_CHECKOUT: "${CHECKOUT_ROUTE_DNS}" diff --git a/manifests/modules/networking/vpc-lattice/ui/kustomization.yaml b/manifests/modules/networking/vpc-lattice/ui/kustomization.yaml index ca7491939..9a01892d7 100644 --- a/manifests/modules/networking/vpc-lattice/ui/kustomization.yaml +++ b/manifests/modules/networking/vpc-lattice/ui/kustomization.yaml @@ -1,6 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../../../../base-application/ui + - ../../../../base-application/ui patches: -- path: configmap.yaml \ No newline at end of file + - path: configmap.yaml diff --git a/manifests/modules/observability/container-insights/adot/clusterrole.yaml b/manifests/modules/observability/container-insights/adot/clusterrole.yaml index 10b4a1c7f..e2563b4f4 100644 --- a/manifests/modules/observability/container-insights/adot/clusterrole.yaml +++ b/manifests/modules/observability/container-insights/adot/clusterrole.yaml @@ -24,11 +24,11 @@ rules: - apiGroups: [""] resources: ["configmaps"] resourceNames: ["otel-container-insight-clusterleader"] - verbs: ["get","update", "create"] + verbs: ["get", "update", "create"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] - verbs: ["create","get", "update"] + verbs: ["create", "get", "update"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] resourceNames: ["otel-container-insight-clusterleader"] - verbs: ["get","update", "create"] + verbs: ["get", "update", "create"] diff --git a/manifests/modules/observability/container-insights/adot/kustomization.yaml b/manifests/modules/observability/container-insights/adot/kustomization.yaml index c16f635e3..c6ae77912 100644 --- a/manifests/modules/observability/container-insights/adot/kustomization.yaml +++ b/manifests/modules/observability/container-insights/adot/kustomization.yaml @@ -2,7 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: other resources: -- clusterrole.yaml -- clusterrolebinding.yaml -- serviceaccount.yaml -- opentelemetrycollector.yaml + - clusterrole.yaml + - clusterrolebinding.yaml + - serviceaccount.yaml + - opentelemetrycollector.yaml diff --git a/manifests/modules/observability/container-insights/adot/opentelemetrycollector.yaml b/manifests/modules/observability/container-insights/adot/opentelemetrycollector.yaml index 51efbc9be..d081fcb73 100644 --- a/manifests/modules/observability/container-insights/adot/opentelemetrycollector.yaml +++ b/manifests/modules/observability/container-insights/adot/opentelemetrycollector.yaml @@ -8,9 +8,9 @@ spec: mode: daemonset serviceAccount: adot-collector-ci tolerations: - - effect: NoSchedule - key: systemComponent - operator: Exists + - effect: NoSchedule + key: systemComponent + operator: Exists config: | extensions: health_check: @@ -108,7 +108,7 @@ spec: processors: batch/metrics: timeout: 60s - + exporters: awsemf/performance: namespace: ContainerInsights @@ -206,56 +206,56 @@ spec: extensions: [health_check,pprof, zpages, sigv4auth] env: - - name: K8S_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: HOST_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: K8S_NAMESPACE - valueFrom: + - name: K8S_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: HOST_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: K8S_NAMESPACE + valueFrom: fieldRef: fieldPath: metadata.namespace volumeMounts: - - name: rootfs - mountPath: /rootfs - readOnly: true - - name: dockersock - mountPath: /var/run/docker.sock - readOnly: true - - name: containerdsock - mountPath: /run/containerd/containerd.sock - - name: varlibdocker - mountPath: /var/lib/docker - readOnly: true - - name: sys - mountPath: /sys - readOnly: true - - name: devdisk - mountPath: /dev/disk - readOnly: true + - name: rootfs + mountPath: /rootfs + readOnly: true + - name: dockersock + mountPath: /var/run/docker.sock + readOnly: true + - name: containerdsock + mountPath: /run/containerd/containerd.sock + - name: varlibdocker + mountPath: /var/lib/docker + readOnly: true + - name: sys + mountPath: /sys + readOnly: true + - name: devdisk + mountPath: /dev/disk + readOnly: true volumes: - - name: rootfs - hostPath: - path: / - - name: dockersock - hostPath: - path: /var/run/docker.sock - - name: varlibdocker - hostPath: - path: /var/lib/docker - - name: containerdsock - hostPath: - path: /run/containerd/containerd.sock - - name: sys - hostPath: - path: /sys - - name: devdisk - hostPath: - path: /dev/disk/ \ No newline at end of file + - name: rootfs + hostPath: + path: / + - name: dockersock + hostPath: + path: /var/run/docker.sock + - name: varlibdocker + hostPath: + path: /var/lib/docker + - name: containerdsock + hostPath: + path: /run/containerd/containerd.sock + - name: sys + hostPath: + path: /sys + - name: devdisk + hostPath: + path: /dev/disk/ diff --git a/manifests/modules/observability/kubecost/.workshop/terraform/values.yaml b/manifests/modules/observability/kubecost/.workshop/terraform/values.yaml index a083a82da..1a9d9d6eb 100644 --- a/manifests/modules/observability/kubecost/.workshop/terraform/values.yaml +++ b/manifests/modules/observability/kubecost/.workshop/terraform/values.yaml @@ -2,4 +2,4 @@ service: type: LoadBalancer annotations: service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing - service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: instance \ No newline at end of file + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: instance diff --git a/manifests/modules/observability/opensearch/.workshop/terraform/lambda/logs-to-opensearch.js b/manifests/modules/observability/opensearch/.workshop/terraform/lambda/logs-to-opensearch.js index a20a7cc30..50c75b1d0 100644 --- a/manifests/modules/observability/opensearch/.workshop/terraform/lambda/logs-to-opensearch.js +++ b/manifests/modules/observability/opensearch/.workshop/terraform/lambda/logs-to-opensearch.js @@ -1,67 +1,76 @@ /* -* This Lambda function is used as part of a CloudWatch Logs subscription -* to export EKS Control Plane Logs to OpenSearch. It retrieves and caches the -* OpenSearch coordinates from SSM Parameter Store. -* -* The original code was generated using the steps described here: -* https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_OpenSearch_Stream.html -* The generated code has been modified to: -* - Retrieve the OpenSearch endpoint from SSM Parameter Store -* - Use the AWS Lambda extension to cache the OpenSearch endpoint -* - Use the OPENSEARCH_INDEX_NAME environment variable as the destination OpenSearch index -*/ + * This Lambda function is used as part of a CloudWatch Logs subscription + * to export EKS Control Plane Logs to OpenSearch. It retrieves and caches the + * OpenSearch coordinates from SSM Parameter Store. + * + * The original code was generated using the steps described here: + * https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_OpenSearch_Stream.html + * The generated code has been modified to: + * - Retrieve the OpenSearch endpoint from SSM Parameter Store + * - Use the AWS Lambda extension to cache the OpenSearch endpoint + * - Use the OPENSEARCH_INDEX_NAME environment variable as the destination OpenSearch index + */ // v1.1.2 -var http = require('http'); -var https = require('https'); -var zlib = require('zlib'); -var crypto = require('crypto'); +var http = require("http"); +var https = require("https"); +var zlib = require("zlib"); +var crypto = require("crypto"); -// Retrieve OpenSearch host from the SSM Parameter Store using +// Retrieve OpenSearch host from the SSM Parameter Store using // the AWS Parameters and Secrets Lambda Extension async function getOpenSearchHost() { - const path = '/systemsmanager/parameters/get/?name=' + encodeURIComponent(process.env.OPENSEARCH_HOST_PARAMETER_PATH); - const requestParams = { - hostname: 'localhost', - port: 2773, - path: path, - headers: { - 'X-Aws-Parameters-Secrets-Token': process.env.AWS_SESSION_TOKEN - }, - method: 'GET' - }; - return new Promise((resolve, reject) => { - const req = http.request(requestParams, res => { - if (res.statusCode < 200 || res.statusCode >= 300) { - return reject(new Error(`Status Code: ${res.statusCode}`)); - } - const data = []; - res.on('data', chunk => { - data.push(chunk); - }); - res.on('end', () => { - // Parse the parameter received from Lambda extension - var endpoint = null; - var str = Buffer.concat(data).toString(); - try { - var j = JSON.parse (str); - endpoint = j.Parameter.Value; - console.log("OpenSearch Endpoint = " + endpoint); - resolve(endpoint); - } - catch (err) { - console.log("Error retrieving OpenSearch host from SSM using path " + - process.env.OPENSEARCH_HOST_PARAMETER_PATH + "\n" + err); - reject(err); - } - }); - }); - req.on('error', err => { - console.log("Error retrieving OpenSearch host from SSM using path " + - process.env.OPENSEARCH_HOST_PARAMETER_PATH + "\n" + err); - reject(err) - }); - req.end(); + const path = + "/systemsmanager/parameters/get/?name=" + + encodeURIComponent(process.env.OPENSEARCH_HOST_PARAMETER_PATH); + const requestParams = { + hostname: "localhost", + port: 2773, + path: path, + headers: { + "X-Aws-Parameters-Secrets-Token": process.env.AWS_SESSION_TOKEN, + }, + method: "GET", + }; + return new Promise((resolve, reject) => { + const req = http.request(requestParams, (res) => { + if (res.statusCode < 200 || res.statusCode >= 300) { + return reject(new Error(`Status Code: ${res.statusCode}`)); + } + const data = []; + res.on("data", (chunk) => { + data.push(chunk); + }); + res.on("end", () => { + // Parse the parameter received from Lambda extension + var endpoint = null; + var str = Buffer.concat(data).toString(); + try { + var j = JSON.parse(str); + endpoint = j.Parameter.Value; + console.log("OpenSearch Endpoint = " + endpoint); + resolve(endpoint); + } catch (err) { + console.log( + "Error retrieving OpenSearch host from SSM using path " + + process.env.OPENSEARCH_HOST_PARAMETER_PATH + + "\n" + + err, + ); + reject(err); + } + }); + }); + req.on("error", (err) => { + console.log( + "Error retrieving OpenSearch host from SSM using path " + + process.env.OPENSEARCH_HOST_PARAMETER_PATH + + "\n" + + err, + ); + reject(err); }); + req.end(); + }); } // Set this to true if you want to debug why data isn't making it to @@ -69,249 +78,273 @@ async function getOpenSearchHost() { // to CloudWatch Logs. var logFailedResponses = true; -exports.handler = async function(input, context) { - // Obtain OpenSearch endpoint from SSM Parameter Store - var endpoint = await getOpenSearchHost(); +exports.handler = async function (input, context) { + // Obtain OpenSearch endpoint from SSM Parameter Store + var endpoint = await getOpenSearchHost(); - // decode input from base64 - var zippedInput = new Buffer.from(input.awslogs.data, 'base64'); + // decode input from base64 + var zippedInput = new Buffer.from(input.awslogs.data, "base64"); - // decompress the input - zlib.gunzip(zippedInput, function(error, buffer) { - if (error) { context.fail(error); return; } + // decompress the input + zlib.gunzip(zippedInput, function (error, buffer) { + if (error) { + context.fail(error); + return; + } - // parse the input from JSON - var awslogsData = JSON.parse(buffer.toString('utf8')); + // parse the input from JSON + var awslogsData = JSON.parse(buffer.toString("utf8")); - // transform the input to Elasticsearch documents - var elasticsearchBulkData = transform(awslogsData); + // transform the input to Elasticsearch documents + var elasticsearchBulkData = transform(awslogsData); - // skip control messages - if (!elasticsearchBulkData) { - console.log('Received a control message'); - context.succeed('Control message handled successfully'); - return; - } + // skip control messages + if (!elasticsearchBulkData) { + console.log("Received a control message"); + context.succeed("Control message handled successfully"); + return; + } - // post documents to the Amazon Elasticsearch Service - post(elasticsearchBulkData, endpoint, function(error, success, statusCode, failedItems) { - console.log('Response: ' + JSON.stringify({ - "statusCode": statusCode - })); - - if (error) { - logFailure(error, failedItems); - context.fail(JSON.stringify(error)); - } else { - console.log('Success: ' + JSON.stringify(success)); - context.succeed('Success'); - } - }); - }); + // post documents to the Amazon Elasticsearch Service + post( + elasticsearchBulkData, + endpoint, + function (error, success, statusCode, failedItems) { + console.log( + "Response: " + + JSON.stringify({ + statusCode: statusCode, + }), + ); + + if (error) { + logFailure(error, failedItems); + context.fail(JSON.stringify(error)); + } else { + console.log("Success: " + JSON.stringify(success)); + context.succeed("Success"); + } + }, + ); + }); }; function transform(payload) { - if (payload.messageType === 'CONTROL_MESSAGE') { - return null; - } - - var bulkRequestBody = ''; - - payload.logEvents.forEach(function(logEvent) { - // Name of OpenSearch Index to store logs - var indexName = process.env.OPENSEARCH_INDEX_NAME; - - var source = buildSource(logEvent.message, logEvent.extractedFields); - source['@id'] = logEvent.id; - source['@timestamp'] = new Date(1 * logEvent.timestamp).toISOString(); - source['@message'] = logEvent.message; - source['@owner'] = payload.owner; - source['@log_group'] = payload.logGroup; - source['@log_stream'] = payload.logStream; - - var action = { "index": {} }; - action.index._index = indexName; - action.index._id = logEvent.id; - - bulkRequestBody += [ - JSON.stringify(action), - JSON.stringify(source), - ].join('\n') + '\n'; - }); - return bulkRequestBody; + if (payload.messageType === "CONTROL_MESSAGE") { + return null; + } + + var bulkRequestBody = ""; + + payload.logEvents.forEach(function (logEvent) { + // Name of OpenSearch Index to store logs + var indexName = process.env.OPENSEARCH_INDEX_NAME; + + var source = buildSource(logEvent.message, logEvent.extractedFields); + source["@id"] = logEvent.id; + source["@timestamp"] = new Date(1 * logEvent.timestamp).toISOString(); + source["@message"] = logEvent.message; + source["@owner"] = payload.owner; + source["@log_group"] = payload.logGroup; + source["@log_stream"] = payload.logStream; + + var action = { index: {} }; + action.index._index = indexName; + action.index._id = logEvent.id; + + bulkRequestBody += + [JSON.stringify(action), JSON.stringify(source)].join("\n") + "\n"; + }); + return bulkRequestBody; } function buildSource(message, extractedFields) { - if (extractedFields) { - var source = {}; + if (extractedFields) { + var source = {}; - for (var key in extractedFields) { - if (extractedFields.hasOwnProperty(key) && extractedFields[key]) { - var value = extractedFields[key]; + for (var key in extractedFields) { + if (extractedFields.hasOwnProperty(key) && extractedFields[key]) { + var value = extractedFields[key]; - if (isNumeric(value)) { - source[key] = 1 * value; - continue; - } - - var jsonSubString = extractJson(value); - if (jsonSubString !== null) { - source['$' + key] = JSON.parse(jsonSubString); - } + if (isNumeric(value)) { + source[key] = 1 * value; + continue; + } - source[key] = value; - } + var jsonSubString = extractJson(value); + if (jsonSubString !== null) { + source["$" + key] = JSON.parse(jsonSubString); } - return source; - } - var jsonSubString = extractJson(message); - if (jsonSubString !== null) { - return JSON.parse(jsonSubString); + source[key] = value; + } } + return source; + } + + var jsonSubString = extractJson(message); + if (jsonSubString !== null) { + return JSON.parse(jsonSubString); + } - return {}; + return {}; } function extractJson(message) { - var jsonStart = message.indexOf('{'); - if (jsonStart < 0) return null; - var jsonSubString = message.substring(jsonStart); - return isValidJson(jsonSubString) ? jsonSubString : null; + var jsonStart = message.indexOf("{"); + if (jsonStart < 0) return null; + var jsonSubString = message.substring(jsonStart); + return isValidJson(jsonSubString) ? jsonSubString : null; } function isValidJson(message) { - try { - JSON.parse(message); - } catch (e) { return false; } - return true; + try { + JSON.parse(message); + } catch (e) { + return false; + } + return true; } function isNumeric(n) { - return !isNaN(parseFloat(n)) && isFinite(n); + return !isNaN(parseFloat(n)) && isFinite(n); } function post(body, endpoint, callback) { - var requestParams = buildRequest(endpoint, body); - - var request = https.request(requestParams, function(response) { - var responseBody = ''; - response.on('data', function(chunk) { - responseBody += chunk; - }); - - response.on('end', function() { - var info = JSON.parse(responseBody); - var failedItems; - var success; - var error; - - if (response.statusCode >= 200 && response.statusCode < 299) { - failedItems = info.items.filter(function(x) { - return x.index.status >= 300; - }); - - success = { - "attemptedItems": info.items.length, - "successfulItems": info.items.length - failedItems.length, - "failedItems": failedItems.length - }; - } - - if (response.statusCode !== 200 || info.errors === true) { - // prevents logging of failed entries, but allows logging - // of other errors such as access restrictions - delete info.items; - error = { - statusCode: response.statusCode, - responseBody: info - }; - } - - callback(error, success, response.statusCode, failedItems); - }); - }).on('error', function(e) { - callback(e); + var requestParams = buildRequest(endpoint, body); + + var request = https + .request(requestParams, function (response) { + var responseBody = ""; + response.on("data", function (chunk) { + responseBody += chunk; + }); + + response.on("end", function () { + var info = JSON.parse(responseBody); + var failedItems; + var success; + var error; + + if (response.statusCode >= 200 && response.statusCode < 299) { + failedItems = info.items.filter(function (x) { + return x.index.status >= 300; + }); + + success = { + attemptedItems: info.items.length, + successfulItems: info.items.length - failedItems.length, + failedItems: failedItems.length, + }; + } + + if (response.statusCode !== 200 || info.errors === true) { + // prevents logging of failed entries, but allows logging + // of other errors such as access restrictions + delete info.items; + error = { + statusCode: response.statusCode, + responseBody: info, + }; + } + + callback(error, success, response.statusCode, failedItems); + }); + }) + .on("error", function (e) { + callback(e); }); - request.end(requestParams.body); + request.end(requestParams.body); } function buildRequest(endpoint, body) { - var endpointParts = endpoint.match(/^([^\.]+)\.?([^\.]*)\.?([^\.]*)\.amazonaws\.com$/); - var region = endpointParts[2]; - var service = endpointParts[3]; - var datetime = (new Date()).toISOString().replace(/[:\-]|\.\d{3}/g, ''); - var date = datetime.substr(0, 8); - var kDate = hmac('AWS4' + process.env.AWS_SECRET_ACCESS_KEY, date); - var kRegion = hmac(kDate, region); - var kService = hmac(kRegion, service); - var kSigning = hmac(kService, 'aws4_request'); - - var request = { - host: endpoint, - method: 'POST', - path: '/_bulk', - body: body, - headers: { - 'Content-Type': 'application/json', - 'Host': endpoint, - 'Content-Length': Buffer.byteLength(body), - 'X-Amz-Security-Token': process.env.AWS_SESSION_TOKEN, - 'X-Amz-Date': datetime - } - }; - - var canonicalHeaders = Object.keys(request.headers) - .sort(function(a, b) { return a.toLowerCase() < b.toLowerCase() ? -1 : 1; }) - .map(function(k) { return k.toLowerCase() + ':' + request.headers[k]; }) - .join('\n'); - - var signedHeaders = Object.keys(request.headers) - .map(function(k) { return k.toLowerCase(); }) - .sort() - .join(';'); - - var canonicalString = [ - request.method, - request.path, '', - canonicalHeaders, '', - signedHeaders, - hash(request.body, 'hex'), - ].join('\n'); - - var credentialString = [ date, region, service, 'aws4_request' ].join('/'); - - var stringToSign = [ - 'AWS4-HMAC-SHA256', - datetime, - credentialString, - hash(canonicalString, 'hex') - ] .join('\n'); - - request.headers.Authorization = [ - 'AWS4-HMAC-SHA256 Credential=' + process.env.AWS_ACCESS_KEY_ID + '/' + credentialString, - 'SignedHeaders=' + signedHeaders, - 'Signature=' + hmac(kSigning, stringToSign, 'hex') - ].join(', '); - - return request; + var endpointParts = endpoint.match( + /^([^\.]+)\.?([^\.]*)\.?([^\.]*)\.amazonaws\.com$/, + ); + var region = endpointParts[2]; + var service = endpointParts[3]; + var datetime = new Date().toISOString().replace(/[:\-]|\.\d{3}/g, ""); + var date = datetime.substr(0, 8); + var kDate = hmac("AWS4" + process.env.AWS_SECRET_ACCESS_KEY, date); + var kRegion = hmac(kDate, region); + var kService = hmac(kRegion, service); + var kSigning = hmac(kService, "aws4_request"); + + var request = { + host: endpoint, + method: "POST", + path: "/_bulk", + body: body, + headers: { + "Content-Type": "application/json", + Host: endpoint, + "Content-Length": Buffer.byteLength(body), + "X-Amz-Security-Token": process.env.AWS_SESSION_TOKEN, + "X-Amz-Date": datetime, + }, + }; + + var canonicalHeaders = Object.keys(request.headers) + .sort(function (a, b) { + return a.toLowerCase() < b.toLowerCase() ? -1 : 1; + }) + .map(function (k) { + return k.toLowerCase() + ":" + request.headers[k]; + }) + .join("\n"); + + var signedHeaders = Object.keys(request.headers) + .map(function (k) { + return k.toLowerCase(); + }) + .sort() + .join(";"); + + var canonicalString = [ + request.method, + request.path, + "", + canonicalHeaders, + "", + signedHeaders, + hash(request.body, "hex"), + ].join("\n"); + + var credentialString = [date, region, service, "aws4_request"].join("/"); + + var stringToSign = [ + "AWS4-HMAC-SHA256", + datetime, + credentialString, + hash(canonicalString, "hex"), + ].join("\n"); + + request.headers.Authorization = [ + "AWS4-HMAC-SHA256 Credential=" + + process.env.AWS_ACCESS_KEY_ID + + "/" + + credentialString, + "SignedHeaders=" + signedHeaders, + "Signature=" + hmac(kSigning, stringToSign, "hex"), + ].join(", "); + + return request; } function hmac(key, str, encoding) { - return crypto.createHmac('sha256', key).update(str, 'utf8').digest(encoding); + return crypto.createHmac("sha256", key).update(str, "utf8").digest(encoding); } function hash(str, encoding) { - return crypto.createHash('sha256').update(str, 'utf8').digest(encoding); + return crypto.createHash("sha256").update(str, "utf8").digest(encoding); } function logFailure(error, failedItems) { - if (logFailedResponses) { - console.log('Error: ' + JSON.stringify(error, null, 2)); + if (logFailedResponses) { + console.log("Error: " + JSON.stringify(error, null, 2)); - if (failedItems && failedItems.length > 0) { - console.log("Failed Items: " + - JSON.stringify(failedItems, null, 2)); - } + if (failedItems && failedItems.length > 0) { + console.log("Failed Items: " + JSON.stringify(failedItems, null, 2)); } + } } diff --git a/manifests/modules/observability/oss-metrics/adot/kustomization.yaml b/manifests/modules/observability/oss-metrics/adot/kustomization.yaml index c16f635e3..c6ae77912 100644 --- a/manifests/modules/observability/oss-metrics/adot/kustomization.yaml +++ b/manifests/modules/observability/oss-metrics/adot/kustomization.yaml @@ -2,7 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: other resources: -- clusterrole.yaml -- clusterrolebinding.yaml -- serviceaccount.yaml -- opentelemetrycollector.yaml + - clusterrole.yaml + - clusterrolebinding.yaml + - serviceaccount.yaml + - opentelemetrycollector.yaml diff --git a/manifests/modules/observability/oss-metrics/adot/opentelemetrycollector.yaml b/manifests/modules/observability/oss-metrics/adot/opentelemetrycollector.yaml index 72e63bbd1..df977810f 100644 --- a/manifests/modules/observability/oss-metrics/adot/opentelemetrycollector.yaml +++ b/manifests/modules/observability/oss-metrics/adot/opentelemetrycollector.yaml @@ -111,4 +111,4 @@ spec: pipelines: metrics: receivers: [prometheus] - exporters: [logging, prometheusremotewrite] \ No newline at end of file + exporters: [logging, prometheusremotewrite] diff --git a/manifests/modules/observability/oss-metrics/adot/serviceaccount.yaml b/manifests/modules/observability/oss-metrics/adot/serviceaccount.yaml index 636a05a7c..3890415d5 100644 --- a/manifests/modules/observability/oss-metrics/adot/serviceaccount.yaml +++ b/manifests/modules/observability/oss-metrics/adot/serviceaccount.yaml @@ -3,4 +3,4 @@ kind: ServiceAccount metadata: name: adot-collector annotations: - eks.amazonaws.com/role-arn: ${ADOT_IAM_ROLE} \ No newline at end of file + eks.amazonaws.com/role-arn: ${ADOT_IAM_ROLE} diff --git a/manifests/modules/security/Guardduty/mount/privileged-pod-example.yaml b/manifests/modules/security/Guardduty/mount/privileged-pod-example.yaml index d1943f71a..6ca500c1c 100644 --- a/manifests/modules/security/Guardduty/mount/privileged-pod-example.yaml +++ b/manifests/modules/security/Guardduty/mount/privileged-pod-example.yaml @@ -4,17 +4,17 @@ metadata: name: ubuntu-privileged spec: containers: - - name: ubuntu-privileged - image: ubuntu - ports: - - containerPort: 22 - securityContext: - privileged: true - volumeMounts: - - mountPath: /host-etc - name: host-etc + - name: ubuntu-privileged + image: ubuntu + ports: + - containerPort: 22 + securityContext: + privileged: true + volumeMounts: + - mountPath: /host-etc + name: host-etc volumes: - - name: host-etc - hostPath: - path: /etc - restartPolicy: Never \ No newline at end of file + - name: host-etc + hostPath: + path: /etc + restartPolicy: Never diff --git a/manifests/modules/security/eks-pod-identity/dynamo/carts-configMap.yaml b/manifests/modules/security/eks-pod-identity/dynamo/carts-configMap.yaml index a8c53c96d..0692c4f95 100644 --- a/manifests/modules/security/eks-pod-identity/dynamo/carts-configMap.yaml +++ b/manifests/modules/security/eks-pod-identity/dynamo/carts-configMap.yaml @@ -6,4 +6,4 @@ metadata: labels: app: carts data: - CARTS_DYNAMODB_TABLENAME: ${CARTS_DYNAMODB_TABLENAME} \ No newline at end of file + CARTS_DYNAMODB_TABLENAME: ${CARTS_DYNAMODB_TABLENAME} diff --git a/manifests/modules/security/eks-pod-identity/dynamo/kustomization.yaml b/manifests/modules/security/eks-pod-identity/dynamo/kustomization.yaml index 3e19ea101..9fb7659b0 100644 --- a/manifests/modules/security/eks-pod-identity/dynamo/kustomization.yaml +++ b/manifests/modules/security/eks-pod-identity/dynamo/kustomization.yaml @@ -1,11 +1,11 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../../../../base-application/carts + - ../../../../base-application/carts configMapGenerator: -- name: carts - namespace: carts - env: config.properties - behavior: replace - options: - disableNameSuffixHash: true + - name: carts + namespace: carts + env: config.properties + behavior: replace + options: + disableNameSuffixHash: true diff --git a/manifests/modules/security/irsa/dynamo/carts-configMap.yaml b/manifests/modules/security/irsa/dynamo/carts-configMap.yaml index a8c53c96d..0692c4f95 100644 --- a/manifests/modules/security/irsa/dynamo/carts-configMap.yaml +++ b/manifests/modules/security/irsa/dynamo/carts-configMap.yaml @@ -6,4 +6,4 @@ metadata: labels: app: carts data: - CARTS_DYNAMODB_TABLENAME: ${CARTS_DYNAMODB_TABLENAME} \ No newline at end of file + CARTS_DYNAMODB_TABLENAME: ${CARTS_DYNAMODB_TABLENAME} diff --git a/manifests/modules/security/irsa/dynamo/kustomization.yaml b/manifests/modules/security/irsa/dynamo/kustomization.yaml index 3e19ea101..9fb7659b0 100644 --- a/manifests/modules/security/irsa/dynamo/kustomization.yaml +++ b/manifests/modules/security/irsa/dynamo/kustomization.yaml @@ -1,11 +1,11 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../../../../base-application/carts + - ../../../../base-application/carts configMapGenerator: -- name: carts - namespace: carts - env: config.properties - behavior: replace - options: - disableNameSuffixHash: true + - name: carts + namespace: carts + env: config.properties + behavior: replace + options: + disableNameSuffixHash: true diff --git a/manifests/modules/security/irsa/service-account/kustomization.yaml b/manifests/modules/security/irsa/service-account/kustomization.yaml index ea3c5ac84..e7658f3dc 100644 --- a/manifests/modules/security/irsa/service-account/kustomization.yaml +++ b/manifests/modules/security/irsa/service-account/kustomization.yaml @@ -1,6 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../dynamo + - ../dynamo patches: -- path: carts-serviceAccount.yaml + - path: carts-serviceAccount.yaml diff --git a/manifests/modules/security/kyverno/baseline-policy/baseline-policy.yaml b/manifests/modules/security/kyverno/baseline-policy/baseline-policy.yaml index 47cbe7d08..cdd43bf17 100644 --- a/manifests/modules/security/kyverno/baseline-policy/baseline-policy.yaml +++ b/manifests/modules/security/kyverno/baseline-policy/baseline-policy.yaml @@ -6,13 +6,13 @@ spec: background: true validationFailureAction: Enforce rules: - - name: baseline - match: - any: - - resources: - kinds: - - Pod - validate: - podSecurity: - level: baseline - version: latest \ No newline at end of file + - name: baseline + match: + any: + - resources: + kinds: + - Pod + validate: + podSecurity: + level: baseline + version: latest diff --git a/manifests/modules/security/kyverno/images/restrict-registries.yaml b/manifests/modules/security/kyverno/images/restrict-registries.yaml index e32ef91fd..f23283bdd 100644 --- a/manifests/modules/security/kyverno/images/restrict-registries.yaml +++ b/manifests/modules/security/kyverno/images/restrict-registries.yaml @@ -6,15 +6,15 @@ spec: validationFailureAction: Enforce background: true rules: - - name: validate-registries - match: - any: - - resources: - kinds: - - Pod - validate: - message: "Unknown Image registry." - pattern: - spec: - containers: - - image: "public.ecr.aws/*" \ No newline at end of file + - name: validate-registries + match: + any: + - resources: + kinds: + - Pod + validate: + message: "Unknown Image registry." + pattern: + spec: + containers: + - image: "public.ecr.aws/*" diff --git a/manifests/modules/security/kyverno/simple-policy/add-labels-mutation-policy.yaml b/manifests/modules/security/kyverno/simple-policy/add-labels-mutation-policy.yaml index c887a2963..ba389a24f 100644 --- a/manifests/modules/security/kyverno/simple-policy/add-labels-mutation-policy.yaml +++ b/manifests/modules/security/kyverno/simple-policy/add-labels-mutation-policy.yaml @@ -4,14 +4,14 @@ metadata: name: add-labels spec: rules: - - name: add-labels - match: - any: - - resources: - kinds: - - Pod - mutate: - patchStrategicMerge: - metadata: - labels: - CostCenter: IT \ No newline at end of file + - name: add-labels + match: + any: + - resources: + kinds: + - Pod + mutate: + patchStrategicMerge: + metadata: + labels: + CostCenter: IT diff --git a/manifests/modules/security/kyverno/simple-policy/require-labels-policy.yaml b/manifests/modules/security/kyverno/simple-policy/require-labels-policy.yaml index d7b933089..2732a633e 100644 --- a/manifests/modules/security/kyverno/simple-policy/require-labels-policy.yaml +++ b/manifests/modules/security/kyverno/simple-policy/require-labels-policy.yaml @@ -5,15 +5,15 @@ metadata: spec: validationFailureAction: Enforce rules: - - name: check-team - match: - any: - - resources: - kinds: - - Pod - validate: - message: "Label 'CostCenter' is required to deploy the Pod" - pattern: - metadata: - labels: - CostCenter: "?*" \ No newline at end of file + - name: check-team + match: + any: + - resources: + kinds: + - Pod + validate: + message: "Label 'CostCenter' is required to deploy the Pod" + pattern: + metadata: + labels: + CostCenter: "?*" diff --git a/manifests/modules/security/kyverno/simple-policy/ui-labeled/deployment.yaml b/manifests/modules/security/kyverno/simple-policy/ui-labeled/deployment.yaml index 76f943991..20e130dcf 100644 --- a/manifests/modules/security/kyverno/simple-policy/ui-labeled/deployment.yaml +++ b/manifests/modules/security/kyverno/simple-policy/ui-labeled/deployment.yaml @@ -4,6 +4,6 @@ metadata: name: ui spec: template: - metadata: + metadata: labels: - CostCenter: IT \ No newline at end of file + CostCenter: IT diff --git a/manifests/modules/security/kyverno/simple-policy/ui-labeled/kustomization.yaml b/manifests/modules/security/kyverno/simple-policy/ui-labeled/kustomization.yaml index f3561eda2..3bec1c799 100644 --- a/manifests/modules/security/kyverno/simple-policy/ui-labeled/kustomization.yaml +++ b/manifests/modules/security/kyverno/simple-policy/ui-labeled/kustomization.yaml @@ -1,6 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../../../../../base-application/ui + - ../../../../../base-application/ui patches: -- path: deployment.yaml + - path: deployment.yaml diff --git a/manifests/modules/security/pss-psa/base/kustomization.yaml b/manifests/modules/security/pss-psa/base/kustomization.yaml index 9ad5b0394..0f17c12ab 100644 --- a/manifests/modules/security/pss-psa/base/kustomization.yaml +++ b/manifests/modules/security/pss-psa/base/kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../../../../base-application/assets + - ../../../../base-application/assets diff --git a/manifests/modules/security/pss-psa/baseline-namespace/deployment.yaml b/manifests/modules/security/pss-psa/baseline-namespace/deployment.yaml index 94c46b2f8..cb1902197 100644 --- a/manifests/modules/security/pss-psa/baseline-namespace/deployment.yaml +++ b/manifests/modules/security/pss-psa/baseline-namespace/deployment.yaml @@ -7,6 +7,6 @@ spec: spec: containers: - name: assets - securityContext: + securityContext: privileged: true runAsUser: 0 diff --git a/manifests/modules/security/pss-psa/baseline-namespace/kustomization.yaml b/manifests/modules/security/pss-psa/baseline-namespace/kustomization.yaml index df0507813..5341d95d2 100644 --- a/manifests/modules/security/pss-psa/baseline-namespace/kustomization.yaml +++ b/manifests/modules/security/pss-psa/baseline-namespace/kustomization.yaml @@ -1,7 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../base + - ../base patches: -- path: namespace.yaml -- path: deployment.yaml + - path: namespace.yaml + - path: deployment.yaml diff --git a/manifests/modules/security/pss-psa/baseline-workload/kustomization.yaml b/manifests/modules/security/pss-psa/baseline-workload/kustomization.yaml index 31bb5387b..93d061419 100644 --- a/manifests/modules/security/pss-psa/baseline-workload/kustomization.yaml +++ b/manifests/modules/security/pss-psa/baseline-workload/kustomization.yaml @@ -1,6 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../base + - ../base patches: -- path: namespace.yaml + - path: namespace.yaml diff --git a/manifests/modules/security/pss-psa/privileged-workload/deployment.yaml b/manifests/modules/security/pss-psa/privileged-workload/deployment.yaml index 94c46b2f8..cb1902197 100644 --- a/manifests/modules/security/pss-psa/privileged-workload/deployment.yaml +++ b/manifests/modules/security/pss-psa/privileged-workload/deployment.yaml @@ -7,6 +7,6 @@ spec: spec: containers: - name: assets - securityContext: + securityContext: privileged: true runAsUser: 0 diff --git a/manifests/modules/security/pss-psa/privileged-workload/kustomization.yaml b/manifests/modules/security/pss-psa/privileged-workload/kustomization.yaml index 9dd9aecbc..11f37a017 100644 --- a/manifests/modules/security/pss-psa/privileged-workload/kustomization.yaml +++ b/manifests/modules/security/pss-psa/privileged-workload/kustomization.yaml @@ -1,6 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../base + - ../base patches: -- path: deployment.yaml + - path: deployment.yaml diff --git a/manifests/modules/security/pss-psa/restricted-namespace/kustomization.yaml b/manifests/modules/security/pss-psa/restricted-namespace/kustomization.yaml index 31bb5387b..93d061419 100644 --- a/manifests/modules/security/pss-psa/restricted-namespace/kustomization.yaml +++ b/manifests/modules/security/pss-psa/restricted-namespace/kustomization.yaml @@ -1,6 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../base + - ../base patches: -- path: namespace.yaml + - path: namespace.yaml diff --git a/manifests/modules/security/pss-psa/restricted-workload/deployment.yaml b/manifests/modules/security/pss-psa/restricted-workload/deployment.yaml index b150e619c..fffd6dd23 100644 --- a/manifests/modules/security/pss-psa/restricted-workload/deployment.yaml +++ b/manifests/modules/security/pss-psa/restricted-workload/deployment.yaml @@ -7,7 +7,7 @@ spec: spec: containers: - name: assets - securityContext: + securityContext: runAsNonRoot: true runAsUser: 999 allowPrivilegeEscalation: false diff --git a/manifests/modules/security/pss-psa/restricted-workload/kustomization.yaml b/manifests/modules/security/pss-psa/restricted-workload/kustomization.yaml index df0507813..5341d95d2 100644 --- a/manifests/modules/security/pss-psa/restricted-workload/kustomization.yaml +++ b/manifests/modules/security/pss-psa/restricted-workload/kustomization.yaml @@ -1,7 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../base + - ../base patches: -- path: namespace.yaml -- path: deployment.yaml + - path: namespace.yaml + - path: deployment.yaml diff --git a/manifests/modules/security/sealed-secrets/kustomization.yaml b/manifests/modules/security/sealed-secrets/kustomization.yaml index 42374c606..f2135fff7 100644 --- a/manifests/modules/security/sealed-secrets/kustomization.yaml +++ b/manifests/modules/security/sealed-secrets/kustomization.yaml @@ -1,6 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../../../base-application/catalog -patches: -- path: deployment.yaml + - ../../../base-application/catalog +patches: + - path: deployment.yaml diff --git a/manifests/modules/security/secrets-manager/cluster-secret-store.yaml b/manifests/modules/security/secrets-manager/cluster-secret-store.yaml index 85e6a1596..833013aff 100644 --- a/manifests/modules/security/secrets-manager/cluster-secret-store.yaml +++ b/manifests/modules/security/secrets-manager/cluster-secret-store.yaml @@ -11,4 +11,4 @@ spec: jwt: serviceAccountRef: name: "external-secrets-sa" - namespace: "external-secrets" \ No newline at end of file + namespace: "external-secrets" diff --git a/manifests/modules/security/secrets-manager/external-secrets/deployment.yaml b/manifests/modules/security/secrets-manager/external-secrets/deployment.yaml index 2f9552a49..225f36c7b 100644 --- a/manifests/modules/security/secrets-manager/external-secrets/deployment.yaml +++ b/manifests/modules/security/secrets-manager/external-secrets/deployment.yaml @@ -18,4 +18,4 @@ spec: valueFrom: secretKeyRef: name: catalog-external-secret - key: password \ No newline at end of file + key: password diff --git a/manifests/modules/security/secrets-manager/external-secrets/external-secret.yaml b/manifests/modules/security/secrets-manager/external-secrets/external-secret.yaml index 6eb5fd4fc..79466d102 100644 --- a/manifests/modules/security/secrets-manager/external-secrets/external-secret.yaml +++ b/manifests/modules/security/secrets-manager/external-secrets/external-secret.yaml @@ -9,5 +9,5 @@ spec: name: "cluster-secret-store" kind: ClusterSecretStore dataFrom: - - extract: - key: "$SECRET_NAME" \ No newline at end of file + - extract: + key: "$SECRET_NAME" diff --git a/manifests/modules/security/secrets-manager/external-secrets/kustomization.yaml b/manifests/modules/security/secrets-manager/external-secrets/kustomization.yaml index 0b36f4e86..3b23d29c9 100644 --- a/manifests/modules/security/secrets-manager/external-secrets/kustomization.yaml +++ b/manifests/modules/security/secrets-manager/external-secrets/kustomization.yaml @@ -1,7 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../../../../base-application/catalog -- external-secret.yaml -patches: -- path: deployment.yaml + - ../../../../base-application/catalog + - external-secret.yaml +patches: + - path: deployment.yaml diff --git a/manifests/modules/security/secrets-manager/mounting-secrets/deployment.yaml b/manifests/modules/security/secrets-manager/mounting-secrets/deployment.yaml index 953b517b1..7f6141dd9 100644 --- a/manifests/modules/security/secrets-manager/mounting-secrets/deployment.yaml +++ b/manifests/modules/security/secrets-manager/mounting-secrets/deployment.yaml @@ -24,9 +24,9 @@ spec: mountPath: "/etc/catalog-secret" readOnly: true volumes: - - name: catalog-secret - csi: - driver: secrets-store.csi.k8s.io - readOnly: true - volumeAttributes: - secretProviderClass: catalog-spc \ No newline at end of file + - name: catalog-secret + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: catalog-spc diff --git a/manifests/modules/security/secrets-manager/mounting-secrets/kustomization.yaml b/manifests/modules/security/secrets-manager/mounting-secrets/kustomization.yaml index 12054335b..cf01f6721 100644 --- a/manifests/modules/security/secrets-manager/mounting-secrets/kustomization.yaml +++ b/manifests/modules/security/secrets-manager/mounting-secrets/kustomization.yaml @@ -1,7 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../../../../base-application/catalog -patches: -- path: deployment.yaml -- path: serviceaccount.yaml \ No newline at end of file + - ../../../../base-application/catalog +patches: + - path: deployment.yaml + - path: serviceaccount.yaml diff --git a/manifests/modules/security/secrets-manager/secret-provider-class.yaml b/manifests/modules/security/secrets-manager/secret-provider-class.yaml index 0d90d6db1..cd3c71175 100644 --- a/manifests/modules/security/secrets-manager/secret-provider-class.yaml +++ b/manifests/modules/security/secrets-manager/secret-provider-class.yaml @@ -7,18 +7,18 @@ spec: provider: aws parameters: objects: | - - objectName: "$SECRET_NAME" - objectType: "secretsmanager" - jmesPath: - - path: username - objectAlias: username - - path: password - objectAlias: password - secretObjects: + - objectName: "$SECRET_NAME" + objectType: "secretsmanager" + jmesPath: + - path: username + objectAlias: username + - path: password + objectAlias: password + secretObjects: - secretName: catalog-secret type: Opaque data: - objectName: username key: username - objectName: password - key: password \ No newline at end of file + key: password diff --git a/releaser/index.js b/releaser/index.js index 15421af01..f406be910 100644 --- a/releaser/index.js +++ b/releaser/index.js @@ -1,44 +1,49 @@ import { Octokit } from "@octokit/rest"; -const CATEGORIES = [{ - title: "## 🚀 New labs", - label: 'new' -}, { - title: "## ✨ Updated labs", - label: 'update' -}, { - title: "## 🐛 Fixes", - label: 'fix' -}, { - title: "## 🧪 Features", - label: 'feat' -}]; - -const CONTENT_LABEL_PREFIX = 'content/' +const CATEGORIES = [ + { + title: "## 🚀 New labs", + label: "new", + }, + { + title: "## ✨ Updated labs", + label: "update", + }, + { + title: "## 🐛 Fixes", + label: "fix", + }, + { + title: "## 🧪 Features", + label: "feat", + }, +]; + +const CONTENT_LABEL_PREFIX = "content/"; function parseRepositoryString(repository) { - let repositoryParts = repository.split('/'); + let repositoryParts = repository.split("/"); - if(repositoryParts.length !== 2) { + if (repositoryParts.length !== 2) { throw new Error(`Repository ${repository} is not valid`); } - return { owner: repositoryParts[0], repo: repositoryParts[1]}; + return { owner: repositoryParts[0], repo: repositoryParts[1] }; } function generateMarkdown(entries) { - let output = ''; + let output = ""; CATEGORIES.forEach((c) => { let categoryOutput = `${c.title} `; - if(entries[c.title]) { + if (entries[c.title]) { let categoryEntries = entries[c.title]; - if(categoryEntries.length > 0) { + if (categoryEntries.length > 0) { categoryEntries.forEach((e) => { - categoryOutput += `- ${e.title} by [@${e.author.login}](${e.author.url}) ([#${e.number}](${e.url}))\n` + categoryOutput += `- ${e.title} by [@${e.author.login}](${e.author.url}) ([#${e.number}](${e.url}))\n`; }); output += `${categoryOutput} \n`; @@ -50,18 +55,18 @@ function generateMarkdown(entries) { } async function main() { - let repository = process.env.GITHUB_REPOSITORY - let sha = process.env.GITHUB_SHA - let milestoneNumber = process.env.MILESTONE_NUMBER + let repository = process.env.GITHUB_REPOSITORY; + let sha = process.env.GITHUB_SHA; + let milestoneNumber = process.env.MILESTONE_NUMBER; - let auth = process.env.GITHUB_TOKEN + let auth = process.env.GITHUB_TOKEN; let { owner, repo } = parseRepositoryString(repository); - let tagName = `release-${Math.floor(Date.now() / 1000)}` + let tagName = `release-${Math.floor(Date.now() / 1000)}`; const octokit = new Octokit({ - auth + auth, }); let entries = {}; @@ -77,42 +82,51 @@ async function main() { { owner, repo, - state: 'closed' + state: "closed", }, )) { response.data.forEach((e) => { - if(e.milestone) { - if(e.milestone.number == milestoneNumber) { - const contentLabels = e.labels.filter((e) => e.name.indexOf(CONTENT_LABEL_PREFIX) == 0); - let contentArea = ''; - - if(contentLabels.length > 0) { - let contentAreaLabel = contentLabels[0].name.substring(CONTENT_LABEL_PREFIX.length); - contentArea = `[${contentAreaLabel.charAt(0).toUpperCase() + contentAreaLabel.slice(1)}] ` + if (e.milestone) { + if (e.milestone.number == milestoneNumber) { + const contentLabels = e.labels.filter( + (e) => e.name.indexOf(CONTENT_LABEL_PREFIX) == 0, + ); + let contentArea = ""; + + if (contentLabels.length > 0) { + let contentAreaLabel = contentLabels[0].name.substring( + CONTENT_LABEL_PREFIX.length, + ); + contentArea = `[${ + contentAreaLabel.charAt(0).toUpperCase() + + contentAreaLabel.slice(1) + }] `; } CATEGORIES.forEach((c) => { let targetPrefix = `${c.label}:`; - if(e.title.indexOf(targetPrefix) == 0) { - if(!entries[c.title]) { + if (e.title.indexOf(targetPrefix) == 0) { + if (!entries[c.title]) { entries[c.title] = []; } entries[c.title].push({ number: e.number, - title: `${contentArea}${e.title.substring(targetPrefix.length + 1)}`, + title: `${contentArea}${e.title.substring( + targetPrefix.length + 1, + )}`, url: e.html_url, author: { login: e.user.login, url: e.user.html_url, - } + }, }); } - }) + }); } } - }) + }); } let output = generateMarkdown(entries); @@ -129,8 +143,8 @@ async function main() { repo, tag_name: tagName, name: milestone.data.title, - body: output + body: output, }); } -await main(); \ No newline at end of file +await main(); diff --git a/renovate.json b/renovate.json index a8cd1abb3..4955d51e7 100644 --- a/renovate.json +++ b/renovate.json @@ -1,8 +1,6 @@ { "$schema": "https://docs.renovatebot.com/renovate-schema.json", - "extends": [ - "config:recommended" - ], + "extends": ["config:recommended"], "schedule": ["on the first day of the month"], "enabledManagers": ["custom.regex"], "customManagers": [ diff --git a/test/timings/src/index.ts b/test/timings/src/index.ts index 838f18a2e..cc64a71a0 100644 --- a/test/timings/src/index.ts +++ b/test/timings/src/index.ts @@ -1,30 +1,34 @@ -import { Gatherer } from "./lib/gatherer.js" -import * as xml2js from "xml2js" -import * as xpath from "xml2js-xpath" -import path from 'path' +import { Gatherer } from "./lib/gatherer.js"; +import * as xml2js from "xml2js"; +import * as xpath from "xml2js-xpath"; +import path from "path"; import fs from "fs"; async function xml2json(xml: string): Promise { return new Promise((resolve, reject) => { - xml2js.parseString(xml, function(err, json) { - if(err) { + xml2js.parseString(xml, function (err, json) { + if (err) { reject(err); - } - else { + } else { resolve(json); } }); }); } -if(process.argv.length < 3) { - console.log('Error: You must provide a module name'); +if (process.argv.length < 3) { + console.log("Error: You must provide a module name"); process.exit(1); } let module = process.argv[2]; -let json = await xml2json(fs.readFileSync('../../test-output/test-report.xml', { encoding: 'utf8', flag: 'r' })); +let json = await xml2json( + fs.readFileSync("../../test-output/test-report.xml", { + encoding: "utf8", + flag: "r", + }), +); let gatherer = new Gatherer(); @@ -32,15 +36,17 @@ let dir = path.resolve(`../../website/docs/${module}`); let results = await gatherer.gather(dir); -let dataFilePath = '../../website/lab-timing-data.json'; +let dataFilePath = "../../website/lab-timing-data.json"; -let data: {[k: string]: any} = JSON.parse(fs.readFileSync(dataFilePath, 'utf-8')); +let data: { [k: string]: any } = JSON.parse( + fs.readFileSync(dataFilePath, "utf-8"), +); -for(let i = 0; i < results.length; i++) { +for (let i = 0; i < results.length; i++) { let lab = results[i]; - if(lab.estimatedLabTimeSeconds == 0) { - let namePath = 'EKS Workshop '+lab.parts.join(' ')+ ' ' + lab.title; + if (lab.estimatedLabTimeSeconds == 0) { + let namePath = "EKS Workshop " + lab.parts.join(" ") + " " + lab.title; var matches = xpath.find(json, `//testcase[@classname='${namePath}']`); @@ -48,28 +54,34 @@ for(let i = 0; i < results.length; i++) { let failed = false; - matches.forEach(function(value) { - if(value.failure) { + matches.forEach(function (value) { + if (value.failure) { failed = true; } - total_lab += Math.round(parseFloat(value['$'].time)) - }) + total_lab += Math.round(parseFloat(value["$"].time)); + }); - if(failed) { + if (failed) { continue; } lab.estimatedLabTimeSeconds = total_lab; - } - else { - console.log(`Using pre-computed estimate for ${lab.title} - ${lab.estimatedLabTimeSeconds}`) + } else { + console.log( + `Using pre-computed estimate for ${lab.title} - ${lab.estimatedLabTimeSeconds}`, + ); } - let file = path.relative(path.resolve(dir, '..'), lab.file); + let file = path.relative(path.resolve(dir, ".."), lab.file); console.log(`Updating lab timing data for '${lab.title}'`); - data[file] = {title: lab.title, directory: path.relative(path.resolve(dir, '..'), lab.directory), file, executionTimeSeconds: lab.estimatedLabTimeSeconds} + data[file] = { + title: lab.title, + directory: path.relative(path.resolve(dir, ".."), lab.directory), + file, + executionTimeSeconds: lab.estimatedLabTimeSeconds, + }; } -fs.writeFileSync(dataFilePath, JSON.stringify(data, null, 4)); \ No newline at end of file +fs.writeFileSync(dataFilePath, JSON.stringify(data, null, 4)); diff --git a/test/timings/src/lib/gatherer.ts b/test/timings/src/lib/gatherer.ts index 51630ee1f..d64c3d399 100644 --- a/test/timings/src/lib/gatherer.ts +++ b/test/timings/src/lib/gatherer.ts @@ -1,20 +1,25 @@ -import fs from 'fs'; -import path from 'path' -import YAML from 'yaml' -import {unified} from 'unified' -import remarkParse from 'remark-parse' -import remarkFrontmatter, { Root } from 'remark-frontmatter' -import remarkGfm from 'remark-gfm' +import fs from "fs"; +import path from "path"; +import YAML from "yaml"; +import { unified } from "unified"; +import remarkParse from "remark-parse"; +import remarkFrontmatter, { Root } from "remark-frontmatter"; +import remarkGfm from "remark-gfm"; export class Lab { - constructor(public title: string, public parts: string[], public directory: string, public file: string, public estimatedLabTimeSeconds: number) { - } + constructor( + public title: string, + public parts: string[], + public directory: string, + public file: string, + public estimatedLabTimeSeconds: number, + ) {} } export class Gatherer { - static TITLE_KEY: string = 'title'; + static TITLE_KEY: string = "title"; - static INDEX_PAGES : Array = ['_index.md', 'index.en.md', 'index.md'] + static INDEX_PAGES: Array = ["_index.md", "index.en.md", "index.md"]; private parser = unified() .use(remarkParse) @@ -22,53 +27,64 @@ export class Gatherer { .use(remarkFrontmatter); public async gather(directory: string): Promise { - let result : Lab[] = []; + let result: Lab[] = []; - if(!fs.existsSync(directory)) { - throw new Error(`Directory '${directory}' not found`) + if (!fs.existsSync(directory)) { + throw new Error(`Directory '${directory}' not found`); } - await this.walk(directory, result, []) + await this.walk(directory, result, []); return Promise.resolve(result); } - private async walk(directory: string, results: Lab[], titleParts: string[], currentLab?: Lab) { + private async walk( + directory: string, + results: Lab[], + titleParts: string[], + currentLab?: Lab, + ) { const files = fs.readdirSync(directory); - let title = 'Unknown' + let title = "Unknown"; - let newTitleParts = [...titleParts] + let newTitleParts = [...titleParts]; - if(files.includes("index.md")) { - const file = `${directory}/index.md` + if (files.includes("index.md")) { + const file = `${directory}/index.md`; - const data = await fs.promises.readFile(file, 'utf8'); + const data = await fs.promises.readFile(file, "utf8"); - const parsed = await this.parser.parse(data) + const parsed = await this.parser.parse(data); - const { children } = parsed - let child = children[0] + const { children } = parsed; + let child = children[0]; - if(child) { - if (child.type === 'yaml') { - let value = child.value + if (child) { + if (child.type === "yaml") { + let value = child.value; - let obj = YAML.parse(value) - title = obj[Gatherer.TITLE_KEY] + let obj = YAML.parse(value); + title = obj[Gatherer.TITLE_KEY]; - if(!currentLab) { - if(obj['sidebar_custom_props']) { - let props = obj['sidebar_custom_props'] + if (!currentLab) { + if (obj["sidebar_custom_props"]) { + let props = obj["sidebar_custom_props"]; - if(props['module']) { + if (props["module"]) { let estimatedLabTimeSeconds = 0; - if(props['estimatedLabTimeSeconds']) { - estimatedLabTimeSeconds = props['estimatedLabTimeSeconds']; + if (props["estimatedLabTimeSeconds"]) { + estimatedLabTimeSeconds = props["estimatedLabTimeSeconds"]; } - currentLab = new Lab(title, titleParts, directory, file, estimatedLabTimeSeconds); + currentLab = new Lab( + title, + titleParts, + directory, + file, + estimatedLabTimeSeconds, + ); results.push(currentLab); return; @@ -81,7 +97,7 @@ export class Gatherer { newTitleParts.push(title); - for(const item of files) { + for (const item of files) { let itemPath = path.join(directory, item); let stats = fs.statSync(itemPath); diff --git a/test/timings/tsconfig.build.json b/test/timings/tsconfig.build.json index 80f360a77..e1083c15e 100644 --- a/test/timings/tsconfig.build.json +++ b/test/timings/tsconfig.build.json @@ -3,7 +3,5 @@ "compilerOptions": { "rootDir": "src" }, - "exclude": [ - "tests/**" - ] + "exclude": ["tests/**"] } diff --git a/test/util/README.md b/test/util/README.md index d0d9cf53f..80411e614 100644 --- a/test/util/README.md +++ b/test/util/README.md @@ -5,6 +5,7 @@ Its common for technical documentation to be authored using Markdown files, and This framework can consume a set of Markdown documents, parse out the `code` blocks and execute these as a suite of unit tests. Its features include: + - Intelligently parses `bash` code blocks to extract commands that start with `$`, taking in to account multi-line commands and `heredoc` segments - Recursively parse all Markdown documents in a directory structure - Order complex sets of content correctly with Frontmatter metadata (`weight`) @@ -168,13 +169,13 @@ $ sleep 150 Here is a complete list of the available annotations: -| Annotation | Description | Default | -|-------------|--------------|---------| -| test | This script block should be executed as a test | true | -| timeout | Time limit in seconds before the script block will be marked as failed | 120 | -| hook | Name of the hook to execute for this script section | | -| hookTimeout | Time limit in seconds for the hooks to complete before the script block will be marked as failed | 300 | -| expectError | Ignore any errors that occur when the script block is executed | false | +| Annotation | Description | Default | +| ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------- | +| test | This script block should be executed as a test | true | +| timeout | Time limit in seconds before the script block will be marked as failed | 120 | +| hook | Name of the hook to execute for this script section | | +| hookTimeout | Time limit in seconds for the hooks to complete before the script block will be marked as failed | 300 | +| expectError | Ignore any errors that occur when the script block is executed | false | | raw | By default a script block will be smartly interpreted to extract commands and distinguish this from sample output. Enabling this flag will executed the entire script block, assuming there is no output, and will not look for `$` as a prefix for commands | false | ## Hooks @@ -248,4 +249,4 @@ after() { } "$@" -``` \ No newline at end of file +``` diff --git a/test/util/src/cli.ts b/test/util/src/cli.ts index e576496c9..acd8b3dfa 100644 --- a/test/util/src/cli.ts +++ b/test/util/src/cli.ts @@ -4,47 +4,88 @@ import { Command } from "commander"; import { MarkdownSh } from "./lib/markdownsh.js"; interface Opts { - glob: string, - debug: boolean, - dryRun: boolean, - timeout: number, - hookTimeout: number, - bail: boolean, - beforeEach: string, - output: string, - outputPath: string, + glob: string; + debug: boolean; + dryRun: boolean; + timeout: number; + hookTimeout: number; + bail: boolean; + beforeEach: string; + output: string; + outputPath: string; } -const testCommand = new Command('test'); -testCommand.argument('', 'file path to Markdown content') - .description('Runs a test suite against the given content path') - .option('-g, --glob ', 'Glob for tests to include ex. content/chapter1/*', '') - .option('-d, --debug', 'Enable debug output') - .option('--dry-run', 'Run test but do not execute scripts') - .option('-t, --timeout ', 'Timeout for the test run in seconds', (value) => parseInt(value), 800) - .option('--hook-timeout ', 'Default timeout for hooks to complete in seconds', (value) => parseInt(value), 300) - .option('-o, --output ', 'Output format to use', '') - .option('--output-path ', 'File path for output', '') - .option('-w, --work-dir ', 'Path to working directory where commands will be executed', '') - .option('--before-each ', 'Command that will be run in each shell before executing a test case', '') - .option('-b, --bail', 'Bail after the first test failure') +const testCommand = new Command("test"); +testCommand + .argument("", "file path to Markdown content") + .description("Runs a test suite against the given content path") + .option( + "-g, --glob ", + "Glob for tests to include ex. content/chapter1/*", + "", + ) + .option("-d, --debug", "Enable debug output") + .option("--dry-run", "Run test but do not execute scripts") + .option( + "-t, --timeout ", + "Timeout for the test run in seconds", + (value) => parseInt(value), + 800, + ) + .option( + "--hook-timeout ", + "Default timeout for hooks to complete in seconds", + (value) => parseInt(value), + 300, + ) + .option("-o, --output ", "Output format to use", "") + .option("--output-path ", "File path for output", "") + .option( + "-w, --work-dir ", + "Path to working directory where commands will be executed", + "", + ) + .option( + "--before-each ", + "Command that will be run in each shell before executing a test case", + "", + ) + .option("-b, --bail", "Bail after the first test failure") .action(async (path, options: Opts) => { - let markdownSh = new MarkdownSh(options.glob, options.debug) - await markdownSh.test(path, options.dryRun, options.timeout, options.hookTimeout, options.bail, options.output, options.outputPath, options.beforeEach) - }) + let markdownSh = new MarkdownSh(options.glob, options.debug); + await markdownSh.test( + path, + options.dryRun, + options.timeout, + options.hookTimeout, + options.bail, + options.output, + options.outputPath, + options.beforeEach, + ); + }); -const planCommand = new Command('plan') - .description('Shows what markdown.sh will parse for a given set of Markdown without executing') - .argument('', 'file path to Markdown content') - .option('-g, --glob ', 'Glob for tests to include ex. content/chapter1/*', '') +const planCommand = new Command("plan") + .description( + "Shows what markdown.sh will parse for a given set of Markdown without executing", + ) + .argument("", "file path to Markdown content") + .option( + "-g, --glob ", + "Glob for tests to include ex. content/chapter1/*", + "", + ) .action(async (path, options: Opts) => { - let markdownSh = new MarkdownSh(options.glob, options.debug) - await markdownSh.plan(path) + let markdownSh = new MarkdownSh(options.glob, options.debug); + await markdownSh.plan(path); }); const program = new Command(); program - .description('Automated test framework for Markdown that contains shell scripts') - .addCommand(testCommand).addCommand(planCommand); + .description( + "Automated test framework for Markdown that contains shell scripts", + ) + .addCommand(testCommand) + .addCommand(planCommand); await program.parse(); diff --git a/test/util/src/lib/gatherer/gatherer.ts b/test/util/src/lib/gatherer/gatherer.ts index 4bd91151a..fd200b6f8 100644 --- a/test/util/src/lib/gatherer/gatherer.ts +++ b/test/util/src/lib/gatherer/gatherer.ts @@ -1,15 +1,21 @@ -import fs from 'fs'; -import path from 'path' -import YAML from 'yaml' -import {unified} from 'unified' -import remarkParse from 'remark-parse' -import remarkFrontmatter from 'remark-frontmatter' -import remarkGfm from 'remark-gfm' -import { Root } from 'remark-frontmatter/lib'; +import fs from "fs"; +import path from "path"; +import YAML from "yaml"; +import { unified } from "unified"; +import remarkParse from "remark-parse"; +import remarkFrontmatter from "remark-frontmatter"; +import remarkGfm from "remark-gfm"; +import { Root } from "remark-frontmatter/lib"; export class Category { - constructor(public title: string, public weight: number, public children: Array, public pages: Array, public run: boolean, public path: string) { - } + constructor( + public title: string, + public weight: number, + public children: Array, + public pages: Array, + public run: boolean, + public path: string, + ) {} addChild(child: Category) { this.children.push(child); @@ -21,29 +27,40 @@ export class Category { } export class Page { - constructor(public title: string, public file: string, public weight: number, public isIndex: boolean, public scripts: Array + ); } diff --git a/website/src/theme/MDXComponents.js b/website/src/theme/MDXComponents.js index 77c376dc6..b2b7d6cbe 100644 --- a/website/src/theme/MDXComponents.js +++ b/website/src/theme/MDXComponents.js @@ -1,13 +1,13 @@ -import React from 'react'; +import React from "react"; // Import the original mapper -import MDXComponents from '@theme-original/MDXComponents'; -import Terminal from '@site/src/components/Terminal'; -import BrowserWindow from '@site/src/components/BrowserWindow' -import Tabs from '@theme/Tabs'; -import TabItem from '@theme/TabItem'; -import CodeBlock from '@theme/CodeBlock'; -import Kustomization from '@site/src/components/Kustomization'; -import LaunchButton from '@site/src/components/LaunchButton'; +import MDXComponents from "@theme-original/MDXComponents"; +import Terminal from "@site/src/components/Terminal"; +import BrowserWindow from "@site/src/components/BrowserWindow"; +import Tabs from "@theme/Tabs"; +import TabItem from "@theme/TabItem"; +import CodeBlock from "@theme/CodeBlock"; +import Kustomization from "@site/src/components/Kustomization"; +import LaunchButton from "@site/src/components/LaunchButton"; export default { // Re-use the default mapping @@ -16,5 +16,5 @@ export default { terminal: Terminal, browser: BrowserWindow, kustomization: Kustomization, - launchButton: LaunchButton + launchButton: LaunchButton, };