Skip to content

update versions in streaming/kafka #961

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
natict wants to merge 1 commit into
base: main
Choose a base branch
from
Open

update versions in streaming/kafka #961

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 15 additions & 15 deletions streaming/kafka/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,43 +8,43 @@ Checkout the [documentation website](https://awslabs.github.io/data-on-eks/docs/
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.2 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 5.95 |
| <a name="requirement_helm"></a> [helm](#requirement\_helm) | ~> 2.17 |
| <a name="requirement_kubectl"></a> [kubectl](#requirement\_kubectl) | >= 2.0.2 |
| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |
| <a name="requirement_random"></a> [random](#requirement\_random) | >= 3.1 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 6.0 |
| <a name="requirement_helm"></a> [helm](#requirement\_helm) | ~> 2.9 |
| <a name="requirement_kubectl"></a> [kubectl](#requirement\_kubectl) | ~> 2.1 |
| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | ~> 3.0 |
| <a name="requirement_random"></a> [random](#requirement\_random) | ~> 3.8 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 5.95 |
| <a name="provider_aws.virginia"></a> [aws.virginia](#provider\_aws.virginia) | ~> 5.95 |
| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.10 |
| <a name="provider_random"></a> [random](#provider\_random) | >= 3.1 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 6.0 |
| <a name="provider_aws.virginia"></a> [aws.virginia](#provider\_aws.virginia) | ~> 6.0 |
| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | ~> 3.0 |
| <a name="provider_random"></a> [random](#provider\_random) | ~> 3.8 |

## Modules

| Name | Source | Version |
|------|--------|---------|
| <a name="module_amp_ingest_irsa"></a> [amp\_ingest\_irsa](#module\_amp\_ingest\_irsa) | aws-ia/eks-blueprints-addon/aws | ~> 1.0 |
| <a name="module_aws_auth"></a> [aws\_auth](#module\_aws\_auth) | terraform-aws-modules/eks/aws//modules/aws-auth | 20.17.2 |
| <a name="module_ebs_csi_driver_irsa"></a> [ebs\_csi\_driver\_irsa](#module\_ebs\_csi\_driver\_irsa) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | ~> 5.20 |
| <a name="module_eks"></a> [eks](#module\_eks) | terraform-aws-modules/eks/aws | 20.17.2 |
| <a name="module_eks_blueprints_addons"></a> [eks\_blueprints\_addons](#module\_eks\_blueprints\_addons) | aws-ia/eks-blueprints-addons/aws | ~> 1.2 |
| <a name="module_ebs_csi_driver_irsa"></a> [ebs\_csi\_driver\_irsa](#module\_ebs\_csi\_driver\_irsa) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts | ~> 6.4 |
| <a name="module_eks"></a> [eks](#module\_eks) | terraform-aws-modules/eks/aws | ~> 21.0 |
| <a name="module_eks_blueprints_addons"></a> [eks\_blueprints\_addons](#module\_eks\_blueprints\_addons) | aws-ia/eks-blueprints-addons/aws | ~> 1.23 |
| <a name="module_eks_data_addons"></a> [eks\_data\_addons](#module\_eks\_data\_addons) | aws-ia/eks-data-addons/aws | 1.35.0 |
| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 |

## Resources

| Name | Type |
|------|------|
| [aws_eks_access_entry.karpenter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_access_entry) | resource |
| [aws_iam_policy.grafana](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
| [aws_prometheus_workspace.amp](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/prometheus_workspace) | resource |
| [aws_secretsmanager_secret.grafana](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) | resource |
| [aws_secretsmanager_secret_version.grafana](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |
| [kubernetes_annotations.gp2_default](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/annotations) | resource |
| [kubernetes_storage_class.ebs_csi_encrypted_gp3_storage_class](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |
| [kubernetes_storage_class_v1.ebs_csi_encrypted_gp3_storage_class](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class_v1) | resource |
| [random_password.grafana](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
Expand All @@ -58,7 +58,7 @@ Checkout the [documentation website](https://awslabs.github.io/data-on-eks/docs/

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_eks_cluster_version"></a> [eks\_cluster\_version](#input\_eks\_cluster\_version) | EKS Cluster version | `string` | `"1.33"` | no |
| <a name="input_eks_cluster_version"></a> [eks\_cluster\_version](#input\_eks\_cluster\_version) | EKS Cluster version | `string` | `"1.35"` | no |
| <a name="input_eks_data_plane_subnet_secondary_cidr"></a> [eks\_data\_plane\_subnet\_secondary\_cidr](#input\_eks\_data\_plane\_subnet\_secondary\_cidr) | Secondary CIDR blocks. 32766 IPs per Subnet per Subnet/AZ for EKS Node and Pods | `list(string)` | <pre>[<br/> "100.64.0.0/17",<br/> "100.64.128.0/17"<br/>]</pre> | no |
| <a name="input_enable_amazon_prometheus"></a> [enable\_amazon\_prometheus](#input\_enable\_amazon\_prometheus) | Enable AWS Managed Prometheus service | `bool` | `true` | no |
| <a name="input_name"></a> [name](#input\_name) | Name of the VPC and EKS Cluster | `string` | `"kafka-on-eks"` | no |
Expand Down
32 changes: 12 additions & 20 deletions streaming/kafka/addons.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ resource "kubernetes_annotations" "gp2_default" {
depends_on = [module.eks]
}

resource "kubernetes_storage_class" "ebs_csi_encrypted_gp3_storage_class" {
resource "kubernetes_storage_class_v1" "ebs_csi_encrypted_gp3_storage_class" {
metadata {
name = "gp3"
annotations = {
Expand All @@ -41,15 +41,16 @@ resource "kubernetes_storage_class" "ebs_csi_encrypted_gp3_storage_class" {
#---------------------------------------------------------------

module "ebs_csi_driver_irsa" {
source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
version = "~> 5.20"
source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts"
version = "~> 6.4"

role_name_prefix = "${module.eks.cluster_name}-ebs-csi-driver-"
name = "${module.eks.cluster_name}-ebs-csi-driver-"
use_name_prefix = true

attach_ebs_csi_policy = true

oidc_providers = {
main = {
this = {
provider_arn = module.eks.oidc_provider_arn
namespace_service_accounts = ["kube-system:ebs-csi-controller-sa"]
}
Expand All @@ -63,7 +64,7 @@ module "ebs_csi_driver_irsa" {
#---------------------------------------------------------------
module "eks_blueprints_addons" {
source = "aws-ia/eks-blueprints-addons/aws"
version = "~> 1.2"
version = "~> 1.23"

cluster_name = module.eks.cluster_name
cluster_endpoint = module.eks.cluster_endpoint
Expand All @@ -75,16 +76,7 @@ module "eks_blueprints_addons" {
#---------------------------------------
eks_addons = {
aws-ebs-csi-driver = {
service_account_role_arn = module.ebs_csi_driver_irsa.iam_role_arn
}
coredns = {
preserve = true
}
vpc-cni = {
preserve = true
}
kube-proxy = {
preserve = true
service_account_role_arn = module.ebs_csi_driver_irsa.arn
}
}

Expand All @@ -108,7 +100,7 @@ module "eks_blueprints_addons" {
#---------------------------------------
enable_karpenter = true
karpenter = {
chart_version = "1.6.2" # Compatible with Kubernetes 1.33
chart_version = "1.8.6" # Latest version compatible with Kubernetes 1.35
repository_username = data.aws_ecrpublic_authorization_token.token.user_name
repository_password = data.aws_ecrpublic_authorization_token.token.password
timeout = 600 # 10 minutes
Expand Down Expand Up @@ -143,7 +135,7 @@ module "eks_blueprints_addons" {
amp_irsa = module.amp_ingest_irsa[0].iam_role_arn
amp_remotewrite_url = "https://aps-workspaces.${local.region}.amazonaws.com/workspaces/${aws_prometheus_workspace.amp[0].id}/api/v1/remote_write"
amp_url = "https://aps-workspaces.${local.region}.amazonaws.com/workspaces/${aws_prometheus_workspace.amp[0].id}"
storage_class_type = kubernetes_storage_class.ebs_csi_encrypted_gp3_storage_class.id
storage_class_type = kubernetes_storage_class_v1.ebs_csi_encrypted_gp3_storage_class.id
}) : templatefile("${path.module}/helm-values/kube-prometheus.yaml", {})
]
chart_version = "48.1.1"
Expand Down Expand Up @@ -194,7 +186,7 @@ resource "aws_secretsmanager_secret_version" "grafana" {
#---------------------------------------------------------------
module "eks_data_addons" {
source = "aws-ia/eks-data-addons/aws"
version = "1.35.0" # Updated for better Kubernetes 1.33 support
version = "1.35.0" # Updated for better Kubernetes 1.35 support

oidc_provider_arn = module.eks.oidc_provider_arn
#---------------------------------------------------------------
Expand All @@ -206,7 +198,7 @@ module "eks_data_addons" {
operating_system = "linux"
node_group_type = "core"
})],
version = "0.46.0" # Latest version with EKS 1.33 compatibility
version = "0.50.0" # Latest version with EKS 1.35 compatibility
timeout = 900 # 15 minutes
wait = true
wait_for_jobs = true
Expand Down
41 changes: 20 additions & 21 deletions streaming/kafka/eks.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,13 @@
#---------------------------------------------------------------
module "eks" {
source = "terraform-aws-modules/eks/aws"
version = "20.17.2"
version = "~> 21.0"

cluster_name = local.name
cluster_version = local.cluster_version
name = local.name
kubernetes_version = local.cluster_version

#WARNING: Avoid using this option (cluster_endpoint_public_access = true) in preprod or prod accounts. This feature is designed for sandbox accounts, simplifying cluster deployment and testing.
cluster_endpoint_public_access = true
endpoint_public_access = true

vpc_id = module.vpc.vpc_id
# Filtering only Secondary CIDR private subnets starting with "100.". Subnet IDs where the EKS Control Plane ENIs will be created
Expand All @@ -21,11 +21,22 @@ module "eks" {
authentication_mode = "API_AND_CONFIG_MAP"
enable_cluster_creator_admin_permissions = true

addons = {
coredns = {}
eks-pod-identity-agent = {
before_compute = true
}
kube-proxy = {}
vpc-cni = {
before_compute = true
}
}

#---------------------------------------
# Note: This can further restricted to specific required for each Add-on and your application
#---------------------------------------
# Extend cluster security group rules
cluster_security_group_additional_rules = {
security_group_additional_rules = {
ingress_nodes_ephemeral_ports_tcp = {
description = "Nodes on ephemeral ports"
protocol = "tcp"
Expand Down Expand Up @@ -95,20 +106,8 @@ module "eks" {
})
}

module "aws_auth" {
source = "terraform-aws-modules/eks/aws//modules/aws-auth"
version = "20.17.2"

manage_aws_auth_configmap = true

aws_auth_roles = [
{
rolearn = module.eks_blueprints_addons.karpenter.node_iam_role_arn
username = "system:node:{{EC2PrivateDNSName}}"
groups = [
"system:bootstrappers",
"system:nodes",
]
}
]
resource "aws_eks_access_entry" "karpenter" {
cluster_name = module.eks.cluster_name
principal_arn = module.eks_blueprints_addons.karpenter.node_iam_role_arn
type = "EC2_LINUX"
}
2 changes: 1 addition & 1 deletion streaming/kafka/helm-values/strimzi-kafka-values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ watchAnyNamespace: true

defaultImageRegistry: quay.io
defaultImageRepository: strimzi
defaultImageTag: 0.46.0
defaultImageTag: 0.50.0

nodeSelector:
kubernetes.io/os: ${operating_system}
Expand Down
2 changes: 1 addition & 1 deletion streaming/kafka/helper.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -157,7 +157,7 @@ case "$1" in
--bootstrap-server cluster-kafka-bootstrap:9092
;;
send-messages-to-kafka-failover-topic-from-producer)
kubectl -n kafka run kafka-producer -ti --image=quay.io/strimzi/kafka:0.43.0-kafka-3.8.0 --rm=true --restart=Never -- bin/kafka-console-producer.sh --bootstrap-server cluster-kafka-bootstrap:9092 --topic test-topic-failover
kubectl -n kafka run kafka-producer -ti --image=quay.io/strimzi/kafka:0.50.0-kafka-4.1.1 --rm=true --restart=Never -- bin/kafka-console-producer.sh --bootstrap-server cluster-kafka-bootstrap:9092 --topic test-topic-failover
;;
read-messages-from-kafka-failover-topic-consumer)
kubectl exec -it kafka-cli -n kafka -- bin/kafka-console-consumer.sh \
Expand Down
34 changes: 14 additions & 20 deletions streaming/kafka/kafka-manifests/kafka-cluster.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
apiVersion: kafka.strimzi.io/v1beta2
apiVersion: kafka.strimzi.io/v1
kind: Kafka
metadata:
name: cluster
Expand All @@ -8,8 +8,8 @@ metadata:
strimzi.io/node-pools: enabled
spec:
kafka:
version: 3.9.0
metadataVersion: 3.9-IV0
version: 4.1.1
metadataVersion: 4.1-IV0
listeners:
- name: plain
port: 9092
Expand All @@ -25,24 +25,9 @@ spec:
transaction.state.log.min.isr: 2
default.replication.factor: 3
min.insync.replicas: 2
resources:
requests:
memory: 58Gi
cpu: "6"
limits:
memory: 64Gi
cpu: "8"
jvmOptions:
"-Xmx": "6g"
"-Xms": "4g"
storage:
type: jbod
volumes:
- id: 0
type: persistent-claim
size: 1000Gi
class: gp3
deleteClaim: false
template:
pod:
tolerations:
Expand Down Expand Up @@ -267,7 +252,7 @@ data:
name: kafka_cruisecontrol_$1_$2
type: GAUGE
---
apiVersion: kafka.strimzi.io/v1beta2
apiVersion: kafka.strimzi.io/v1
kind: KafkaNodePool
metadata:
name: controller
Expand All @@ -284,10 +269,11 @@ spec:
- id: 0
type: persistent-claim
size: 100Gi
class: gp3
kraftMetadata: shared
deleteClaim: false
---
apiVersion: kafka.strimzi.io/v1beta2
apiVersion: kafka.strimzi.io/v1
kind: KafkaNodePool
metadata:
name: broker
Expand All @@ -304,5 +290,13 @@ spec:
- id: 0
type: persistent-claim
size: 100Gi
class: gp3
kraftMetadata: shared
deleteClaim: false
resources:
requests:
memory: 58Gi
cpu: "6"
limits:
memory: 64Gi
cpu: "8"
2 changes: 1 addition & 1 deletion streaming/kafka/kafka-manifests/kafka-rebalance.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
apiVersion: kafka.strimzi.io/v1beta2
apiVersion: kafka.strimzi.io/v1
kind: KafkaRebalance
metadata:
name: my-rebalance
Expand Down
2 changes: 1 addition & 1 deletion streaming/kafka/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ variable "name" {
variable "eks_cluster_version" {
description = "EKS Cluster version"
type = string
default = "1.33"
default = "1.35"
}

# VPC
Expand Down
10 changes: 5 additions & 5 deletions streaming/kafka/versions.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,23 +4,23 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.95"
version = "~> 6.0"
}
kubernetes = {
source = "hashicorp/kubernetes"
version = ">= 2.10"
version = "~> 3.0"
}
helm = {
source = "hashicorp/helm"
version = "~> 2.17"
version = "~> 2.9" # upgrading to helm v3 depends on https://github.com/aws-ia/terraform-aws-eks-blueprints-addons/issues/452
}
kubectl = {
source = "alekc/kubectl"
version = ">= 2.0.2"
version = "~> 2.1"
}
random = {
source = "hashicorp/random"
version = ">= 3.1"
version = "~> 3.8"
}
}
}