forked from awslabs/data-on-eks
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: Add EMR runtime for flink operator blueprint (awslabs#485)
Co-authored-by: Mithun Mallick <[email protected]>
- Loading branch information
Showing
19 changed files
with
1,560 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,140 @@ | ||
| # EMR-EKS-Flink Blueprint | ||
|
|
||
| Checkout the [documentation website](https://awslabs.github.io/data-on-eks/docs/blueprints/streaming/emr-eks-flink) to deploy this pattern and run sample tests. | ||
|
|
||
| <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK --> | ||
| ## Requirements | ||
|
|
||
| | Name | Version | | ||
| |------|---------| | ||
| | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 | | ||
| | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 | | ||
| | <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.13.0 | | ||
| | <a name="requirement_kubectl"></a> [kubectl](#requirement\_kubectl) | >= 1.14 | | ||
| | <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 | | ||
| | <a name="requirement_random"></a> [random](#requirement\_random) | 3.3.2 | | ||
|
|
||
| ## Providers | ||
|
|
||
| | Name | Version | | ||
| |------|---------| | ||
| | <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.72 | | ||
| | <a name="provider_aws.ecr"></a> [aws.ecr](#provider\_aws.ecr) | >= 3.72 | | ||
| | <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.10 | | ||
|
|
||
| ## Modules | ||
|
|
||
| | Name | Source | Version | | ||
| |------|--------|---------| | ||
| | <a name="module_ebs_csi_driver_irsa"></a> [ebs\_csi\_driver\_irsa](#module\_ebs\_csi\_driver\_irsa) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | ~> 5.20 | | ||
| | <a name="module_eks"></a> [eks](#module\_eks) | terraform-aws-modules/eks/aws | ~> 19.15 | | ||
| | <a name="module_eks_blueprints_addons"></a> [eks\_blueprints\_addons](#module\_eks\_blueprints\_addons) | aws-ia/eks-blueprints-addons/aws | ~> 1.2 | | ||
| | <a name="module_eks_data_addons"></a> [eks\_data\_addons](#module\_eks\_data\_addons) | aws-ia/eks-data-addons/aws | ~> 1.30 | | ||
| | <a name="module_flink_irsa_jobs"></a> [flink\_irsa\_jobs](#module\_flink\_irsa\_jobs) | aws-ia/eks-blueprints-addon/aws | ~> 1.0 | | ||
| | <a name="module_flink_irsa_operator"></a> [flink\_irsa\_operator](#module\_flink\_irsa\_operator) | aws-ia/eks-blueprints-addon/aws | ~> 1.0 | | ||
| | <a name="module_s3_bucket"></a> [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 3.0 | | ||
| | <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | 5.5.1 | | ||
|
|
||
| ## Resources | ||
|
|
||
| | Name | Type | | ||
| |------|------| | ||
| | [aws_cloudwatch_log_group.flink_team_a](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource | | ||
| | [aws_iam_policy.flink](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | | ||
| | [aws_s3_object.checkpoints](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_object) | resource | | ||
| | [aws_s3_object.jobmanager](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_object) | resource | | ||
| | [aws_s3_object.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_object) | resource | | ||
| | [aws_s3_object.savepoints](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_object) | resource | | ||
| | [kubernetes_namespace_v1.flink_team_a](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1) | resource | | ||
| | [aws_ami.x86](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source | | ||
| | [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source | | ||
| | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | | ||
| | [aws_ecrpublic_authorization_token.token](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ecrpublic_authorization_token) | data source | | ||
| | [aws_eks_cluster_auth.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source | | ||
| | [aws_iam_policy_document.flink_sample_job](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | ||
|
|
||
| ## Inputs | ||
|
|
||
| | Name | Description | Type | Default | Required | | ||
| |------|-------------|------|---------|:--------:| | ||
| | <a name="input_eks_cluster_version"></a> [eks\_cluster\_version](#input\_eks\_cluster\_version) | EKS version for the cluster | `string` | `"1.28"` | no | | ||
| | <a name="input_name"></a> [name](#input\_name) | Name of the VPC and EKS Cluster | `string` | `"emr-eks-flink"` | no | | ||
| | <a name="input_region"></a> [region](#input\_region) | Region for deployment | `string` | `"us-west-2"` | no | | ||
|
|
||
| ## Outputs | ||
|
|
||
| | Name | Description | | ||
| |------|-------------| | ||
| | <a name="output_configure_kubectl"></a> [configure\_kubectl](#output\_configure\_kubectl) | Configure kubectl: make sure you're logged in with the correct AWS profile and run the following command to update your kubeconfig | | ||
| | <a name="output_flink_job_execution_role_arn"></a> [flink\_job\_execution\_role\_arn](#output\_flink\_job\_execution\_role\_arn) | IAM linked role for the flink job | | ||
| | <a name="output_flink_operator_bucket"></a> [flink\_operator\_bucket](#output\_flink\_operator\_bucket) | S3 bucket name for Flink operator data,logs,checkpoint and savepoint | | ||
| | <a name="output_flink_operator_role_arn"></a> [flink\_operator\_role\_arn](#output\_flink\_operator\_role\_arn) | IAM linked role for the flink operator | | ||
| <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK --> | ||
| <!-- BEGIN_TF_DOCS --> | ||
| ## Requirements | ||
|
|
||
| | Name | Version | | ||
| |------|---------| | ||
| | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 | | ||
| | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 | | ||
| | <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.13.0 | | ||
| | <a name="requirement_kubectl"></a> [kubectl](#requirement\_kubectl) | >= 1.14 | | ||
| | <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 | | ||
| | <a name="requirement_random"></a> [random](#requirement\_random) | 3.3.2 | | ||
|
|
||
| ## Providers | ||
|
|
||
| | Name | Version | | ||
| |------|---------| | ||
| | <a name="provider_aws"></a> [aws](#provider\_aws) | 5.46.0 | | ||
| | <a name="provider_aws.ecr"></a> [aws.ecr](#provider\_aws.ecr) | 5.46.0 | | ||
| | <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.29.0 | | ||
|
|
||
| ## Modules | ||
|
|
||
| | Name | Source | Version | | ||
| |------|--------|---------| | ||
| | <a name="module_ebs_csi_driver_irsa"></a> [ebs\_csi\_driver\_irsa](#module\_ebs\_csi\_driver\_irsa) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | ~> 5.20 | | ||
| | <a name="module_eks"></a> [eks](#module\_eks) | terraform-aws-modules/eks/aws | ~> 19.15 | | ||
| | <a name="module_eks_blueprints_addons"></a> [eks\_blueprints\_addons](#module\_eks\_blueprints\_addons) | aws-ia/eks-blueprints-addons/aws | ~> 1.2 | | ||
| | <a name="module_eks_data_addons"></a> [eks\_data\_addons](#module\_eks\_data\_addons) | aws-ia/eks-data-addons/aws | ~> 1.30 | | ||
| | <a name="module_flink_irsa_jobs"></a> [flink\_irsa\_jobs](#module\_flink\_irsa\_jobs) | aws-ia/eks-blueprints-addon/aws | ~> 1.0 | | ||
| | <a name="module_flink_irsa_operator"></a> [flink\_irsa\_operator](#module\_flink\_irsa\_operator) | aws-ia/eks-blueprints-addon/aws | ~> 1.0 | | ||
| | <a name="module_s3_bucket"></a> [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 3.0 | | ||
| | <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | 5.5.1 | | ||
|
|
||
| ## Resources | ||
|
|
||
| | Name | Type | | ||
| |------|------| | ||
| | [aws_cloudwatch_log_group.flink_team_a](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource | | ||
| | [aws_iam_policy.flink](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | | ||
| | [aws_s3_object.checkpoints](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_object) | resource | | ||
| | [aws_s3_object.jobmanager](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_object) | resource | | ||
| | [aws_s3_object.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_object) | resource | | ||
| | [aws_s3_object.savepoints](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_object) | resource | | ||
| | [kubernetes_namespace_v1.flink_team_a](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1) | resource | | ||
| | [aws_ami.x86](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source | | ||
| | [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source | | ||
| | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | | ||
| | [aws_ecrpublic_authorization_token.token](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ecrpublic_authorization_token) | data source | | ||
| | [aws_eks_cluster_auth.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source | | ||
| | [aws_iam_policy_document.flink_sample_job](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | ||
|
|
||
| ## Inputs | ||
|
|
||
| | Name | Description | Type | Default | Required | | ||
| |------|-------------|------|---------|:--------:| | ||
| | <a name="input_eks_cluster_version"></a> [eks\_cluster\_version](#input\_eks\_cluster\_version) | EKS version for the cluster | `string` | `"1.28"` | no | | ||
| | <a name="input_name"></a> [name](#input\_name) | Name of the VPC and EKS Cluster | `string` | `"emr-eks-flink"` | no | | ||
| | <a name="input_region"></a> [region](#input\_region) | Region for deployment | `string` | `"us-west-2"` | no | | ||
|
|
||
| ## Outputs | ||
|
|
||
| | Name | Description | | ||
| |------|-------------| | ||
| | <a name="output_configure_kubectl"></a> [configure\_kubectl](#output\_configure\_kubectl) | Configure kubectl: make sure you're logged in with the correct AWS profile and run the following command to update your kubeconfig | | ||
| | <a name="output_flink_job_execution_role_arn"></a> [flink\_job\_execution\_role\_arn](#output\_flink\_job\_execution\_role\_arn) | IAM linked role for the flink job | | ||
| | <a name="output_flink_operator_bucket"></a> [flink\_operator\_bucket](#output\_flink\_operator\_bucket) | S3 bucket name for Flink operator data,logs,checkpoint and savepoint | | ||
| | <a name="output_flink_operator_role_arn"></a> [flink\_operator\_role\_arn](#output\_flink\_operator\_role\_arn) | IAM linked role for the flink operator | | ||
| <!-- END_TF_DOCS --> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,242 @@ | ||
| #--------------------------------------------------------------- | ||
| # IRSA for EBS CSI Driver | ||
| #--------------------------------------------------------------- | ||
| module "ebs_csi_driver_irsa" { | ||
| source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" | ||
| version = "~> 5.20" | ||
| role_name_prefix = format("%s-%s", local.name, "ebs-csi-driver") | ||
| attach_ebs_csi_policy = true | ||
| oidc_providers = { | ||
| main = { | ||
| provider_arn = module.eks.oidc_provider_arn | ||
| namespace_service_accounts = ["kube-system:ebs-csi-controller-sa"] | ||
| } | ||
| } | ||
| tags = local.tags | ||
| } | ||
| #--------------------------------------------------------------- | ||
| # EKS Blueprints Kubernetes Addons | ||
| #--------------------------------------------------------------- | ||
| module "eks_blueprints_addons" { | ||
| source = "aws-ia/eks-blueprints-addons/aws" | ||
| version = "~> 1.2" | ||
|
|
||
| cluster_name = module.eks.cluster_name | ||
| cluster_endpoint = module.eks.cluster_endpoint | ||
| cluster_version = module.eks.cluster_version | ||
| oidc_provider_arn = module.eks.oidc_provider_arn | ||
|
|
||
| #--------------------------------------- | ||
| # Amazon EKS Managed Add-ons | ||
| #--------------------------------------- | ||
| eks_addons = { | ||
| aws-ebs-csi-driver = { | ||
| service_account_role_arn = module.ebs_csi_driver_irsa.iam_role_arn | ||
| } | ||
| coredns = { | ||
| preserve = true | ||
| } | ||
| vpc-cni = { | ||
| preserve = true | ||
| } | ||
| kube-proxy = { | ||
| preserve = true | ||
| } | ||
| } | ||
|
|
||
| #--------------------------------------- | ||
| # Install cert-manager | ||
| #--------------------------------------- | ||
| enable_cert_manager = true | ||
| cert_manager = { | ||
| set_values = [ | ||
| { | ||
| name = "extraArgs[0]" | ||
| value = "--enable-certificate-owner-ref=false" | ||
| }, | ||
| ] | ||
| } | ||
|
|
||
| #--------------------------------------- | ||
| # Metrics Server | ||
| #--------------------------------------- | ||
| enable_metrics_server = true | ||
| metrics_server = { | ||
| values = [templatefile("${path.module}/helm-values/metrics-server-values.yaml", {})] | ||
| } | ||
|
|
||
| #--------------------------------------- | ||
| # Cluster Autoscaler | ||
| #--------------------------------------- | ||
| enable_cluster_autoscaler = true | ||
| cluster_autoscaler = { | ||
| create_role = true | ||
| values = [templatefile("${path.module}/helm-values/cluster-autoscaler-values.yaml", { | ||
| aws_region = var.region, | ||
| eks_cluster_id = module.eks.cluster_name | ||
| })] | ||
| } | ||
|
|
||
| #--------------------------------------- | ||
| # Karpenter Autoscaler for EKS Cluster | ||
| #--------------------------------------- | ||
| enable_karpenter = true | ||
| karpenter_enable_spot_termination = true | ||
| karpenter = { | ||
| chart_version = "v0.34.0" | ||
| repository_username = data.aws_ecrpublic_authorization_token.token.user_name | ||
| repository_password = data.aws_ecrpublic_authorization_token.token.password | ||
| } | ||
| karpenter_node = { | ||
| iam_role_name = "${local.name}-karpenter-node" | ||
| iam_role_use_name_prefix = false | ||
| iam_role_additional_policies = { | ||
| AmazonSSMManagedInstanceCore = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" | ||
| } | ||
| } | ||
|
|
||
| #--------------------------------------- | ||
| # CloudWatch metrics for EKS | ||
| #--------------------------------------- | ||
| enable_aws_cloudwatch_metrics = true | ||
| aws_cloudwatch_metrics = { | ||
| values = [templatefile("${path.module}/helm-values/aws-cloudwatch-metrics-values.yaml", {})] | ||
| } | ||
|
|
||
| } | ||
|
|
||
| #--------------------------------------------------------------- | ||
| # Data on EKS Kubernetes Addons | ||
| #--------------------------------------------------------------- | ||
| module "eks_data_addons" { | ||
| depends_on = [module.flink_irsa_jobs, module.flink_irsa_operator] | ||
|
|
||
| source = "aws-ia/eks-data-addons/aws" | ||
| version = "~> 1.30" # ensure to update this to the latest/desired version | ||
| oidc_provider_arn = module.eks.oidc_provider_arn | ||
|
|
||
| #--------------------------------------------------------------- | ||
| # EMR Flink operator | ||
| #--------------------------------------------------------------- | ||
| enable_emr_flink_operator = true | ||
| emr_flink_operator_helm_config = { | ||
| repository = "oci://public.ecr.aws/emr-on-eks" | ||
| operatorExecutionRoleArn = module.flink_irsa_operator.iam_role_arn | ||
| } | ||
|
|
||
| #--------------------------------------------------------------- | ||
| # Karpenter nodepools | ||
| #--------------------------------------------------------------- | ||
| enable_karpenter_resources = true | ||
| karpenter_resources_helm_config = { | ||
| flink-compute-optimized = { | ||
| values = [ | ||
| <<-EOT | ||
| name: flink-compute-optimized | ||
| clusterName: ${module.eks.cluster_name} | ||
| ec2NodeClass: | ||
| karpenterRole: ${split("/", module.eks_blueprints_addons.karpenter.node_iam_role_arn)[1]} | ||
| subnetSelectorTerms: | ||
| tags: | ||
| Name: "${module.eks.cluster_name}-private*" | ||
| securityGroupSelectorTerms: | ||
| tags: | ||
| Name: ${module.eks.cluster_name}-node | ||
| instanceStorePolicy: RAID0 | ||
| nodePool: | ||
| labels: | ||
| - type: karpenter | ||
| - NodeGroupType: FlinkComputeOptimized | ||
| - multiArch: Flink | ||
| nodeClassRef: | ||
| name: flink-compute-optimized | ||
| requirements: | ||
| - key: "karpenter.sh/capacity-type" | ||
| operator: In | ||
| values: ["spot","on-demand"] | ||
| - key: "kubernetes.io/arch" | ||
| operator: In | ||
| values: ["amd64"] | ||
| - key: "karpenter.k8s.aws/instance-category" | ||
| operator: In | ||
| values: ["c"] | ||
| - key: "karpenter.k8s.aws/instance-family" | ||
| operator: In | ||
| values: ["c5d"] | ||
| - key: "karpenter.k8s.aws/instance-cpu" | ||
| operator: In | ||
| values: ["4", "8", "16", "36"] | ||
| - key: "karpenter.k8s.aws/instance-hypervisor" | ||
| operator: In | ||
| values: ["nitro"] | ||
| - key: "karpenter.k8s.aws/instance-generation" | ||
| operator: Gt | ||
| values: ["2"] | ||
| limits: | ||
| cpu: 1000 | ||
| disruption: | ||
| consolidationPolicy: WhenEmpty | ||
| consolidateAfter: 30s | ||
| expireAfter: 720h | ||
| weight: 100 | ||
| EOT | ||
| ] | ||
| } | ||
| flink-graviton-memory-optimized = { | ||
| values = [ | ||
| <<-EOT | ||
| name: flink-graviton-memory-optimized | ||
| clusterName: ${module.eks.cluster_name} | ||
| ec2NodeClass: | ||
| karpenterRole: ${split("/", module.eks_blueprints_addons.karpenter.node_iam_role_arn)[1]} | ||
| subnetSelectorTerms: | ||
| tags: | ||
| Name: "${module.eks.cluster_name}-private*" | ||
| securityGroupSelectorTerms: | ||
| tags: | ||
| Name: ${module.eks.cluster_name}-node | ||
| instanceStorePolicy: RAID0 | ||
| nodePool: | ||
| labels: | ||
| - type: karpenter | ||
| - NodeGroupType: FlinkGravitonMemoryOptimized | ||
| - multiArch: Flink | ||
| requirements: | ||
| - key: "karpenter.sh/capacity-type" | ||
| operator: In | ||
| values: ["spot", "on-demand"] | ||
| - key: "kubernetes.io/arch" | ||
| operator: In | ||
| values: ["arm64"] | ||
| - key: "karpenter.k8s.aws/instance-category" | ||
| operator: In | ||
| values: ["r"] | ||
| - key: "karpenter.k8s.aws/instance-family" | ||
| operator: In | ||
| values: ["r6gd"] | ||
| - key: "karpenter.k8s.aws/instance-cpu" | ||
| operator: In | ||
| values: ["4", "8", "16", "32"] | ||
| - key: "karpenter.k8s.aws/instance-hypervisor" | ||
| operator: In | ||
| values: ["nitro"] | ||
| - key: "karpenter.k8s.aws/instance-generation" | ||
| operator: Gt | ||
| values: ["2"] | ||
| limits: | ||
| cpu: 1000 | ||
| disruption: | ||
| consolidationPolicy: WhenEmpty | ||
| consolidateAfter: 30s | ||
| expireAfter: 720h | ||
| weight: 50 | ||
| EOT | ||
| ] | ||
| } | ||
| } | ||
| } |
Oops, something went wrong.