Skip to content

refactor(addon): switch to universal addon #29

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 54 commits into from
May 20, 2025
Merged

refactor(addon): switch to universal addon #29

merged 54 commits into from
May 20, 2025

Conversation

matejhasul
Copy link
Contributor

@matejhasul matejhasul commented Apr 14, 2025
edited by jaygridley
Loading

Description

Replace template addon with universal addon

Depends on lablabs/terraform-aws-eks-universal-addon#45

Type of change

  • A bug fix (PR prefix fix)
  • A new feature (PR prefix feat)
  • A code change that neither fixes a bug nor adds a feature (PR prefix refactor)
  • Adding missing tests or correcting existing tests (PR prefix test)
  • Changes that do not affect the meaning of the code like white-spaces, formatting, missing semi-colons, etc. (PR prefix style)
  • Changes to our CI configuration files and scripts (PR prefix ci)
  • Documentation only changes (PR prefix docs)

How Has This Been Tested?

Tested on sandbox environment.

  • Deployed lb-controller addon from 2.2.0 with IRSA and tried to update with code from this PR. Plan can be seen below. Changes were then applied and LB functionality was verified - I've created LB service and then checked the targetgroupbindings were created (+ I've checked new LB in AWS console).

Similiar approach was used for pod-identity testing.

TF plan for upgrade (from sandbox-1) with IRSA:

+--------+------------------------------------------------------------------------------------------------------------------------------------------------------------+                                                                                       | CHANGE |                                                                          RESOURCE                                   
                                       |                                                                                       
+--------+------------------------------------------------------------------------------------------------------------------------------------------------------------+                                                                                       
| add    | <prefix>.eks-load-balancer-controller["load-balancer-controller"].module.addon-irsa["aws-load-balancer-controller"].terraform_data.validations |                                                                                       
+        +------------------------------------------------------------------------------------------------------------------------------------------------------------+                                                                                       
|        | <prefix>.eks-load-balancer-controller["load-balancer-controller"].module.addon.terraform_data.validation
s                                      |
+--------+------------------------------------------------------------------------------------------------------------------------------------------------------------+
| update | <prefix>.eks-load-balancer-controller["load-balancer-controller"].module.addon.helm_release.argo_application[0]                                |
+--------+------------------------------------------------------------------------------------------------------------------------------------------------------------+
+--------+--------+
| CHANGE | OUTPUT |
+--------+--------+
| update | addon  |
+--------+--------+

Argo_application update (removing parameters and adding skipCrds):

helm:
  parameters: [] -> null
  null -> skipCrds: false

Plan for upgrade with pod identity enabled instead of irsa:

+--------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| CHANGE |                                                                                     RESOURCE                                                                                     |
+--------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| add    | <prefix>.eks-load-balancer-controller["load-balancer-controller"].module.addon-irsa["aws-load-balancer-controller"].terraform_data.validations                       |
+        +----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|        | <prefix>.eks-load-balancer-controller["load-balancer-controller"].module.addon.terraform_data.validations                                                            |
+--------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| update | <prefix>.eks-load-balancer-controller["load-balancer-controller"].module.addon-irsa["aws-load-balancer-controller"].aws_eks_pod_identity_association.pod_identity[0] |
+        +----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|        | <prefix>.eks-load-balancer-controller["load-balancer-controller"].module.addon.helm_release.argo_application[0]                                                      |
+--------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+--------+--------+
| CHANGE | OUTPUT |
+--------+--------+
| update | addon  |
+--------+--------+

@matejhasul matejhasul self-assigned this Apr 14, 2025
@matejhasul matejhasul requested a review from jaygridley April 25, 2025 07:43
@jaygridley jaygridley mentioned this pull request Apr 25, 2025
Closed
7 tasks
jaygridley
jaygridley requested changes Apr 25, 2025
View reviewed changes
jaygridley
jaygridley reviewed Apr 25, 2025
View reviewed changes
Copy link
Member

@jaygridley jaygridley left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As we discussed we would like to retain EKS Pod Identity support.

@matejhasul matejhasul requested a review from jaygridley April 28, 2025 11:58
jaygridley
jaygridley requested changes Apr 28, 2025
View reviewed changes
@sassdavid
Copy link
Contributor

sassdavid commented Apr 29, 2025
edited
Loading

Hi,

sorry for jumping in here — I just noticed that you’ve recently started using asdf.

Have you heard about mise?
It’s more than just a tool manager; it’s a complete solution for managing your development environment smoothly.

While it primarily helps you manage different versions of various tools — like asdf — it also allows you to manage environment variables and run tasks, making it much more than just a tool installer.
Additionally, mise addresses some of the supply chain risks present in asdf. With asdf, you're often relying on third-party plugins that may execute untrusted code on your system. mise improves on this by using trusted "backends" like the aqua registry and ubi to install tools. When it does need to fall back to the traditional asdf plugin system, it uses forks of those plugins maintained by the mise team, aiming to ensure they are handled more strictly and securely.
It also supports using precompiled binaries for most tools — for example, if your system supports it, you can install a precompiled Python version, saving time and avoiding unnecessary builds.

Please take a look and consider using mise instead of asdf.
You can find more details here and here.

You can also find a more detailed comparison here.

@jaygridley
Copy link
Member

Hello @sassdavid, thanks for introducing mise. Looks as a good alternative. We will evaluate it internally if it would fit our needs.

@matejhasul matejhasul mentioned this pull request May 9, 2025
Merged
7 tasks
@matejhasul matejhasul requested a review from jaygridley May 9, 2025 12:50
@matejhasul
Copy link
Contributor Author

@jaygridley I've tested (and prepared moved resources) only for helm installation method. Should I take care also for 2 remaining methods?

matejhasul added 3 commits May 9, 2025 15:04
@matejhasul
fix(iam): fix condition for irsa policy
2106b0c
@matejhasul
fix(migrations): use old name for irsa-related resources
ba9d7b4 
Resources are just moved to correct destination (into irsa module). It is responsibility of irsa module itself to rename the resources.
@matejhasul
fix(migrations): removed indexes from moved blocks
557dde4 
Not necessary at all
@matejhasul matejhasul changed the title WIP refactor: switch to universal addon refactor(addon): switch to universal addon May 12, 2025
@jaygridley
Copy link
Member

@jaygridley I've tested (and prepared moved resources) only for helm installation method. Should I take care also for 2 remaining methods?

Yes, we should cover all methods

@matejhasul
Copy link
Contributor Author

@jaygridley I've tested (and prepared moved resources) only for helm installation method. Should I take care also for 2 remaining methods?

Yes, we should cover all methods

All installation methods tested with cluster-autoscaler addon -> moved blocks updated accordingly.

jaygridley
jaygridley requested changes May 14, 2025
View reviewed changes
jaygridley
jaygridley reviewed May 14, 2025
View reviewed changes
jaygridley
jaygridley reviewed May 14, 2025
View reviewed changes
@matejhasul matejhasul requested a review from jaygridley May 16, 2025 06:13
@matejhasul matejhasul mentioned this pull request May 16, 2025
Merged
15 tasks
jaygridley
jaygridley approved these changes May 19, 2025
View reviewed changes
Copy link
Member

@jaygridley jaygridley left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@matejhasul matejhasul merged commit 98e775c into main May 20, 2025
5 checks passed
@matejhasul matejhasul deleted the mhs-infra-998 branch May 20, 2025 06:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jaygridley jaygridley jaygridley approved these changes

Assignees

@matejhasul matejhasul

Labels
breaking-change
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@matejhasul @sassdavid @jaygridley