diff --git a/.github/workflows/application-signals-java-beta-e2e-test.yml b/.github/workflows/application-signals-java-beta-e2e-test.yml index f596dd81f..fbd9e47e2 100644 --- a/.github/workflows/application-signals-java-beta-e2e-test.yml +++ b/.github/workflows/application-signals-java-beta-e2e-test.yml @@ -77,19 +77,8 @@ jobs: - name: Set up kubeconfig run: | - aws eks update-kubeconfig --name ${{ inputs.test-java-cluster-name }} --region ${{ env.AWS_DEFAULT_REGION }} --endpoint https://api.beta.us-west-2.wesley.amazonaws.com --kubeconfig /home/runner/.kube/config - echo "Kubeconfig identity below" - aws sts get-caller-identity - pwd - ls - echo "1" - ls ~/ - echo "2" - ls ~/. - sleep 10 - cat ~/.kube/config - sed -i 's#https://.*\.eks\..*\.amazonaws\.com#https://api.beta.us-west-2.wesley.amazonaws.com#g' ~/.kube/config - cat ~/.kube/config + aws eks update-kubeconfig --name ${{ inputs.test-java-cluster-name }} --region ${{ env.AWS_DEFAULT_REGION }} --endpoint https://api.beta.us-west-2.wesley.amazonaws.com + - name: Install eksctl @@ -100,72 +89,38 @@ jobs: echo "${{ github.workspace }}/eksctl" >> $GITHUB_PATH - - - - name: Create role for AWS access from the sample app - id: create_service_account - run: | - #!/bin/bash - - # Variables - CLUSTER_NAME="cw-agent-eks-addon-test-beta-cluster" - REGION="us-west-2" - ACCOUNT_ID=$(aws sts get-caller-identity --query "Account" --output text) - OIDC_PROVIDER=$(aws eks describe-cluster --name $CLUSTER_NAME --region $REGION --query "cluster.identity.oidc.issuer" --output text | sed -e "s/^https:\/\///") - TESTING_ID=${{ env.TESTING_ID }} - SAMPLE_APP_NAMESPACE= sample-app-namespace - - # Create trust policy JSON file - cat < trust-policy.json - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Federated": "arn:aws:iam::$ACCOUNT_ID:oidc-provider/$OIDC_PROVIDER" - }, - "Action": "sts:AssumeRoleWithWebIdentity", - "Condition": { - "StringEquals": { - "$OIDC_PROVIDER:sub": "system:serviceaccount:$SAMPLE_APP_NAMESPACE:service-account-$TESTING_ID" - } - } - } - ] - } - EOF - - # Create IAM role - aws iam create-role --role-name eks-s3-access-$TESTING_ID --assume-role-policy-document file://trust-policy.json - - # Attach policy to the role - aws iam attach-role-policy --role-name eks-s3-access-$TESTING_ID --policy-arn arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess - - # Create service account YAML manifest - cat < service-account.yaml - apiVersion: v1 - kind: ServiceAccount - metadata: - name: service-account-$TESTING_ID - namespace: $SAMPLE_APP_NAMESPACE - annotations: - eks.amazonaws.com/role-arn: arn:aws:iam::$ACCOUNT_ID:role/eks-s3-access-$TESTING_ID - EOF - - # Apply the service account - kubectl apply -f service-account.yaml - - echo "IAM service account created and configured successfully." - - name: Set up terraform uses: hashicorp/setup-terraform@v3 with: terraform_wrapper: false - - name: Deploy sample app via terraform - working-directory: terraform/eks + - name: Checkout the Amazon CloudWatch Agent Operator repository + uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - name: Setup Terraform + uses: hashicorp/setup-terraform@v1 + + - name: Deploy sample app via Terraform + uses: actions/checkout@v2 + with: + fetch-depth: 0 run: | + echo "Current directory: $(pwd)" + echo "Listing files in $(pwd):" + ls -la + + echo "wooo" + cd integration-tests/terraform/pulse + + echo "Contents of main.tf:" + cat main.tf || echo "main.tf not found" + + echo "Contents of variables.tf:" + cat variables.tf || echo "variables.tf not found" + + terraform init terraform validate terraform apply -auto-approve \ @@ -175,7 +130,6 @@ jobs: -var="eks_cluster_name=${{ inputs.test-java-cluster-name }}" \ -var="eks_cluster_context_name=$(kubectl config current-context)" \ -var="test_namespace=${{ env.SAMPLE_APP_NAMESPACE }}" \ - -var="service_account_aws_access=service-account-${{ env.TESTING_ID }}" \ -var="sample_app_image=${{ env.SAMPLE_APP_FRONTEND_SERVICE_IMAGE }}" \ -var="sample_remote_app_image=${{ env.SAMPLE_APP_REMOTE_SERVICE_IMAGE }}" diff --git a/integration-tests/terraform/pulse/kubeconfig.tpl b/integration-tests/terraform/pulse/kubeconfig.tpl new file mode 100644 index 000000000..bbcaa8aed --- /dev/null +++ b/integration-tests/terraform/pulse/kubeconfig.tpl @@ -0,0 +1,18 @@ +apiVersion: v1 +clusters: +- cluster: + certificate-authority-data: ${CA_DATA} + server: ${SERVER_ENDPOINT} + name: ${CLUSTER_NAME} +contexts: +- context: + cluster: ${CLUSTER_NAME} + user: terraform_user + name: ${CLUSTER_NAME} +current-context: ${CLUSTER_NAME} +kind: Config +preferences: {} +users: +- name: terraform_user + user: + token: ${TOKEN} \ No newline at end of file diff --git a/integration-tests/terraform/pulse/main.tf b/integration-tests/terraform/pulse/main.tf new file mode 100644 index 000000000..8c0d98b40 --- /dev/null +++ b/integration-tests/terraform/pulse/main.tf @@ -0,0 +1,289 @@ +# ------------------------------------------------------------------------ +# Copyright 2023 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). +# You may not use this file except in compliance with the License. +# A copy of the License is located at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# or in the "license" file accompanying this file. This file is distributed +# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +# express or implied. See the License for the specific language governing +# permissions and limitations under the License. +# ------------------------------------------------------------------------- + +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + } + + kubernetes = { + source = "hashicorp/kubernetes" + version = ">= 2.16.1" + } + + kubectl = { + source = "gavinbunney/kubectl" + version = ">= 1.7.0" + } + } +} + +provider "aws" { + region = var.aws_region + endpoints { + sts = "https://sts.amazonaws.com" + s3 = "https://s3.amazonaws.com" + } +} + +# get eks cluster +data "aws_eks_cluster" "testing_cluster" { + name = var.eks_cluster_name +} +data "aws_eks_cluster_auth" "testing_cluster" { + name = var.eks_cluster_name +} + +# set up kubectl +provider "kubernetes" { + host = data.aws_eks_cluster.testing_cluster.endpoint + cluster_ca_certificate = base64decode(data.aws_eks_cluster.testing_cluster.certificate_authority[0].data) + token = data.aws_eks_cluster_auth.testing_cluster.token +} + +provider "kubectl" { + // Note: copy from eks module. Please avoid use shorted-lived tokens when running locally. + // For more information: https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs#exec-plugins + host = data.aws_eks_cluster.testing_cluster.endpoint + cluster_ca_certificate = base64decode(data.aws_eks_cluster.testing_cluster.certificate_authority[0].data) + token = data.aws_eks_cluster_auth.testing_cluster.token + load_config_file = false +} + +data "template_file" "kubeconfig_file" { + template = file("./kubeconfig.tpl") + vars = { + CLUSTER_NAME : var.eks_cluster_context_name + CA_DATA : data.aws_eks_cluster.testing_cluster.certificate_authority[0].data + SERVER_ENDPOINT : data.aws_eks_cluster.testing_cluster.endpoint + TOKEN = data.aws_eks_cluster_auth.testing_cluster.token + } +} + +resource "local_file" "kubeconfig" { + content = data.template_file.kubeconfig_file.rendered + filename = "${var.kube_directory_path}/config" +} + +### Setting up the sample app on the cluster + +resource "kubernetes_deployment" "sample_app_deployment" { + + metadata { + name = "sample-app-deployment-${var.test_id}" + namespace = var.test_namespace + } + + spec { + replicas = 1 + selector { + match_labels = { + app = "sample-app" + } + } + template { + metadata { + labels = { + app = "sample-app" + } + annotations = { + # these annotations allow for OTel Java instrumentation + "instrumentation.opentelemetry.io/inject-java" = "true" + } + } + spec { + service_account_name = var.service_account_aws_access + container { + name = "back-end" + image = var.sample_app_image + image_pull_policy = "Always" + env { + #inject the test id to service name for unique App Signals metrics + name = "OTEL_SERVICE_NAME" + value = "sample-application-${var.test_id}" + } + port { + container_port = 8080 + } + } + } + } + } +} + +resource "kubernetes_service" "sample_app_service" { + depends_on = [ kubernetes_deployment.sample_app_deployment ] + + metadata { + name = "sample-app-service" + namespace = var.test_namespace + } + spec { + type = "NodePort" + selector = { + app = "sample-app" + } + port { + protocol = "TCP" + port = 8080 + target_port = 8080 + node_port = 30100 + } + } +} + +resource "kubernetes_ingress_v1" "sample-app-ingress" { + depends_on = [kubernetes_service.sample_app_service] + wait_for_load_balancer = true + metadata { + name = "sample-app-ingress-${var.test_id}" + namespace = var.test_namespace + annotations = { + "kubernetes.io/ingress.class" = "alb" + "alb.ingress.kubernetes.io/scheme" = "internet-facing" + "alb.ingress.kubernetes.io/target-type" = "ip" + } + labels = { + app = "sample-app-ingress" + } + } + spec { + rule { + http { + path { + path = "/" + path_type = "Prefix" + backend { + service { + name = kubernetes_service.sample_app_service.metadata[0].name + port { + number = 8080 + } + } + } + } + } + } + } +} + +# Set up the remote service + +resource "kubernetes_deployment" "sample_remote_app_deployment" { + + metadata { + name = "sample-r-app-deployment-${var.test_id}" + namespace = var.test_namespace + labels = { + app = "remote-app" + } + } + + spec { + replicas = 1 + selector { + match_labels = { + app = "remote-app" + } + } + template { + metadata { + labels = { + app = "remote-app" + } + annotations = { + # these annotations allow for OTel Java instrumentation + "instrumentation.opentelemetry.io/inject-java" = "true" + } + } + spec { + service_account_name = var.service_account_aws_access + container { + name = "back-end" + image = var.sample_remote_app_image + image_pull_policy = "Always" + port { + container_port = 8080 + } + } + } + } + } +} + +resource "kubernetes_service" "sample_remote_app_service" { + depends_on = [ kubernetes_deployment.sample_remote_app_deployment ] + + metadata { + name = "sample-remote-app-service" + namespace = var.test_namespace + } + spec { + type = "NodePort" + selector = { + app = "remote-app" + } + port { + protocol = "TCP" + port = 8080 + target_port = 8080 + node_port = 30101 + } + } +} + +resource "kubernetes_ingress_v1" "sample-remote-app-ingress" { + depends_on = [kubernetes_service.sample_remote_app_service] + wait_for_load_balancer = true + metadata { + name = "sample-remote-app-ingress-${var.test_id}" + namespace = var.test_namespace + annotations = { + "kubernetes.io/ingress.class" = "alb" + "alb.ingress.kubernetes.io/scheme" = "internet-facing" + "alb.ingress.kubernetes.io/target-type" = "ip" + } + labels = { + app = "sample-remote-app-ingress" + } + } + spec { + rule { + http { + path { + path = "/" + path_type = "Prefix" + backend { + service { + name = kubernetes_service.sample_remote_app_service.metadata[0].name + port { + number = 8080 + } + } + } + } + } + } + } +} + +output "sample_app_endpoint" { + value = kubernetes_ingress_v1.sample-app-ingress.status.0.load_balancer.0.ingress.0.hostname +} + +output "sample_remote_app_endpoint" { + value = kubernetes_ingress_v1.sample-remote-app-ingress.status.0.load_balancer.0.ingress.0.hostname +} diff --git a/integration-tests/terraform/pulse/variables.tf b/integration-tests/terraform/pulse/variables.tf new file mode 100644 index 000000000..b54f093a6 --- /dev/null +++ b/integration-tests/terraform/pulse/variables.tf @@ -0,0 +1,50 @@ +# ------------------------------------------------------------------------ +# Copyright 2023 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). +# You may not use this file except in compliance with the License. +# A copy of the License is located at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# or in the "license" file accompanying this file. This file is distributed +# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +# express or implied. See the License for the specific language governing +# permissions and limitations under the License. +# ------------------------------------------------------------------------- + +variable "test_id" { + default = "dummy-123" +} + +variable "kube_directory_path" { + default = "./.kube" +} + +variable "aws_region" { + default = "" +} + +variable "eks_cluster_name" { + default = "" +} + +variable "eks_cluster_context_name" { + default = "." +} + +variable "test_namespace" { + default = "sample-app-namespace" +} + +variable "service_account_aws_access" { + default = "sample-app-service-account" +} + +variable "sample_app_image" { + default = ":" +} + +variable "sample_remote_app_image" { + default = ":" +} \ No newline at end of file