Hito 1 Documentation

[manuelver]

Motivation

After the last meeting it was agreed that we should validate the installation carried out by Napptive at hito 1.

Doc Meeting 5/5/23

Acceptance criteria

• [x] Set up your own cluster for testing
• [x] Deploy the whole system following their documentation.
• [x] Approve and validate hito 1

Functionalities

Below there is a list with the functionalities that have been tested.

Action	App	Details	Status	Healthy	Error
Deploy	aws-load-balancer-controller		Fetch repository successfully, Create helm release successfully	true	:white_check_mark:
Deploy	external-dns		Fetch repository successfully, Create helm release successfully	true	:white_check_mark:
Deploy	secret-store-csi-driver		Fetch repository successfully, Create helm release successfully	true	:white_check_mark:
Deploy	aws-for-fluent-bit		Fetch repository successfully, Create helm release successfully	true	:white_check_mark:
Deploy	aws-web-service		Fetch repository successfully, Create helm release successfully	true	:white_check_mark:
addon	fluxcd		Ready:1/1	true	:white_check_mark:
addon	velaux		Ready:1/1	true	:white_check_mark:

Doc

• Creating an Amazon EKS cluster
• Doc kubevela
• KubeVela install doc by Napptive.

Task details

Installation requirements

• Vela v1.6.5
• aws-cli/2.9.1 Python/3.9.11
• eksctl 0.141.0
• kubectl v1.25.4

EKS installation and configuration

Creation of the cluster using eksctl. The EKS version is adjusted to the latest version of the documentation https://github.com/activa-prefapp/documentation/blob/main/environment/kubevela.md?plain=1#LL11C5-L11C5 , although version 1.26 is already available.

eksctl create cluster \
  --name activa-prefapp \
  --region eu-west-1 \
  --version 1.24 \
  --nodegroup-name worker-activa-prefapp \
  --node-type t3.medium \
  --nodes 1

Check OIDC

oidc_id=$(aws eks describe-cluster --name activa-prefapp --query "cluster.identity.oidc.issuer" --output text | cut -d '/' -f 5)

aws iam list-open-id-connect-providers | grep $oidc_id | cut -d "/" -f4

If the above command does not return output you must create OIDC

eksctl utils associate-iam-oidc-provider --cluster activa-prefapp --approve

Amazon VPC CNI

The ipFamily will be ipv4

aws eks describe-cluster --name activa-prefapp | grep ipFamily

Create the role for VPC CNI plugin:

eksctl create iamserviceaccount \
    --name aws-node \
    --namespace kube-system \
    --cluster activa-prefapp \
    --role-name "AmazonEKSVPCCNIRole" \
    --attach-policy-arn arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy \
    --override-existing-serviceaccounts \
    --approve

We restart the existing pods to implement the annotation

kubectl delete pods -n kube-system -l k8s-app=aws-node

We check if the annotations exist:

kubectl describe pod -n kube-system aws-node-jxx12 | grep 'AWS_ROLE_ARN:\|AWS_WEB_IDENTITY_TOKEN_FILE:'

Amazon EBS CSI driver

In this case we already have it created, but in case we do not have a role for EBS driver it is created like this:

eksctl create iamserviceaccount \
  --name ebs-csi-controller-sa \
  --namespace kube-system \
  --cluster activa-prefapp \
  --attach-policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy \
  --approve \
  --role-only \
  --role-name AmazonEKS_EBS_CSI_DriverRole

To add CSI EBS driver

eksctl create addon --name aws-ebs-csi-driver --cluster activa-prefapp --service-account-role-arn arn:aws:iam::041728615317:role/AmazonEKS_EBS_CSI_DriverRole --force

Installation Kubevela

In the documentation there are three ways to install kubevela on k8s:

• From the kubevela CLI:

  vela install

  Applies without problems

• From the chart helm

  helm repo add kubevela https://charts.kubevela.net/core
  
  helm repo update
  
  helm install --create-namespace -n vela-system kubevela kubevela/vela-core --wait

  Failure to deploy core.

Issue in kubevela: https://github.com/kubevela/kubevela/issues/2667

Installation apps

Enable addon

vela addon enable velaux

vela addon enable fluxcd

aws-load-balancer-controller

vela up -f iam-aws-load-balancer.yaml -n kube-system

external-dns

vela up -f external-dns.yaml

The external-dns service gives error

Given this case I try to modify the service, but when I reapply with the 'vela up' command it has no effect.

I manage to apply changes by destroying the deployment with the command 'vela delete ' and redeploying with 'vela up'.

secret-store-csi-driver

vela up -f  secrets-store-csi-driver.yaml

The secrets-store-csi-driver service has the same error as the previous one. Deployment is obtained by changing the parameters in the yaml

aws-for-fluent-bit

kubectl apply -f https://raw.githubusercontent.com/aws-samples/amazon-cloudwatch-container-insights/latest/k8s-deployment-manifest-templates/deployment-mode/daemonset/container-insights-monitoring/cloudwatch-namespace.yaml

kubectl create configmap fluent-bit-cluster-info --from-literal=cluster.name=activa-prefapp --from-literal=http.server='On' --from-literal=http.port=2020 --from-literal=read.head='On' --from-literal=read.tail='Off' --from-literal=logs.region=eu-west-1 -n amazon-cloudwatch

vela up -f aws-fluent-bit.yaml

aws-web-service

vela up -f aws-web-service.yaml

The aws-web-service application has not finished starting up.

Final state

The final state of the applications according to sail is this:

More details

Final helm status

Artefacts

Addons

This could be due to space or node capacity, but the cluster has been provisioned with a minimum node, a desired node and two boundary nodes. It has not scaled up from one node.

[manuelver]

inconsistencies

1. When you delete an artifact that does not exist, from a namespace that does not exist, the output says that it deletes it.

2. Does not apply to helm when updating the chart version.

In this case I have upgraded version 6.17.0 > 6.20.2 and it remains to apply

However, every time I try to apply it remains as one more revision in helm.

3. I have found that it does not reconcile commonsLabels either.

They are applied in the kubevela application:

But not in the chart:

It does detect revisions:

[manuelver]

4. When the application has an error, in this case it is a workflowFailed, if you try to remove it, it has no effect.

The artifacts must be deleted one by one.

[d-vm]

@manuelver you have not updated the status of the last associated reference or the current issue. Have you finished with the checks to close milestone 1?

[manuelver]

@manuelver you have not updated the status of the last associated reference or the current issue. Have you finished with the checks to close milestone 1?

This morning I am doing the last tests to be able to close milestone 1 before this afternoon's meeting.

[manuelver]

Milestone 1 is validated:

• Configure cluster for testing
• Deploy applications with sail.