Merge pull request 2i2c-org#5055 from GeorgianaElena/update-new-templ…

…ates Ensure new AWS clusters have cost attribution enabled
sgibson91 · Nov 12, 2024 · 287dd83 · 287dd83
2 parents b0dab92 + fc8a564
commit 287dd83
Show file tree

Hide file tree

Showing 4 changed files with 61 additions and 54 deletions.
diff --git a/config/clusters/templates/common/support.values.yaml b/config/clusters/templates/common/support.values.yaml
@@ -27,6 +27,14 @@ grafana:
         hosts:
           - grafana.{{ cluster_name }}.2i2c.cloud
 {% if provider == "aws" %}
+aws-ce-grafana-backend:
+  enabled: true
+  envBasedConfig:
+    clusterName: {{ cluster_name }}
+  serviceAccount:
+    annotations:
+      eks.amazonaws.com/role-arn: <output of `terraform output -raw aws_ce_grafana_backend_k8s_sa_annotation`>
+
 cluster-autoscaler:
   enabled: true
   autoDiscovery:

diff --git a/docs/howto/cost-attribution/aws.md b/docs/howto/cost-attribution/aws.md
@@ -22,6 +22,21 @@ attribute cost to.
 - `alpha.eksctl.io/cluster-name`
 - `kubernetes.io/cluster/<cluster name>`
 
+```{important}
+Currently, on clusters that have a k8s version greater or equal with 1.30,
+terraform managed resources already have the `2i2c.org/cluster-name`
+tag configured via the `default_tags` variable, and eksctl managed resources
+already have the tag configured for node groups via `nodegroup.libsonnet`.
+
+On clusters that have a k8s version less than 1.30, eksctl managed resources,
+the `alpha.eksctl.io/cluster-name` and `kubernetes.io/cluster/<cluster name>`
+tags are present and used instead.
+
+New clusters have _all_ eksctl managed resources configured to be tagged, not
+just the node groups. This isn't important to ensure for existing clusters'
+cost attribution though.
+```
+
 The system also relies on the tag `2i2c:hub-name` to be specified in addition to
 the tags above for any cloud infra tied to specific hubs.
 
@@ -31,21 +46,7 @@ create cloud resources to represent k8s resources (block storage volumes for k8s
 PV resources referencing certain storage classes, and load balancers for k8s
 Service's of type LoadBalancer).
 
-1. _Configure `2i2c.org/cluster-name` tags_
-
-   No configuration is needed.
-
-   ```{note}
-   Terraform managed resources already have the tag configured via the
-   `default_tags` variable, and eksctl managed resources already have the tag
-   configured for node groups via `nodegroup.libsonnet`.
-
-   New clusters have _all_ eksctl managed resources configured to be tagged, not
-   just the node groups. This isn't important to ensure for existing clusters'
-   cost attribution though.
-   ```
-
-2. _Configure `2i2c:hub-name` tags_
+1. _Configure `2i2c:hub-name` tags_
 
    For any resource _specific to a hub_, declare an additional tag
    `2i2c:hub-name=<hub name>`. If this isn't done, they will be listed under a
@@ -54,16 +55,16 @@ Service's of type LoadBalancer).
    The following resources are known to be hub specific in some cases and known
    to incur costs.
 
-   - S3 buckets in terraform
-   - EFS storage in terraform
-   - EBS volumes in terraform
-   - Node groups in eksctl
+   - **S3 buckets** in terraform
+   - **EFS storage** in terraform
+   - **EBS volumes** in terraform
+   - **Node groups** in eksctl
 
    ```{important}
    If EFS, EBS or nodegroups are not split based on the hub they're deployed to
-   and instead they are shared by the entire cluster, then splliting it in order
-   to add the `2i2c:hub-name` tag will be an opt-in feature because it would
-   incur additional cloud costs and startup times for communities.
+   and instead they are shared by the entire cluster, then splitting it in order
+   to add the `2i2c:hub-name` tag is an opt-in feature because the split incurs
+   additional cloud costs and startup times for communities.
 
    See the following GitHub issue for additional context
    https://github.com/2i2c-org/infrastructure/issues/4928#issuecomment-2417091407
@@ -72,29 +73,17 @@ Service's of type LoadBalancer).
    Search and mimic configuration of other clusters to understand how to
    configure the `2i2c:hub-name` tags for specific cloud infra types.
 
-3. _Apply changes_
+2. _Apply changes_
 
    1. If you changed anything in terraform, apply those changes.
    2. If you changed anything in eksctl, apply those changed by re-creating
       those resources.
-   3. If the eksctl cluster is listed and unchecked in this [github reference
-      issue], and versioned older than k8s 1.29 or older, it needs to have its
-      node groups re-created to get the implicitly configured
-      `2i2c.org/cluster-name` tag unless you've not already just done this to
-      apply a `2i2c:hub-name` tag.
-
-      Reference our [documentation on doing node group
-      upgrades](upgrade-cluster:aws:node-groups) for details.
-   4. Update the [github reference issue] and ensure the checkbox is ticked for
-      this cluster.
-
-   [github reference issue]: https://github.com/2i2c-org/infrastructure/issues/4885
 
 ### 2. Enable cost allocation tags
 
 Enabling cost allocation tags via terraform can be done for standalone AWS
-accounts, but not for member accounts part of an organization. Due to this,
-we'll provide separate ways of doing this depending on the situation.
+accounts, but not for member accounts part of an organization that we don't manage.
+Due to this, we'll provide separate ways of doing this depending on the situation.
 
 `````{tab-set}
 
@@ -194,7 +183,7 @@ storage disks dynamically provisioned in case that's relevant in the future.
 You can optionally backfill billing data to tags having been around for a while
 but not enabled as cost allocation tags.
 
-You can do request this to be done once a day, and it takes a several hours to
+You can request this to be done once a day, and it takes a several hours to
 process the request. Make a request through the AWS web console by navigating to
 "Cost allocation tags" under "Billing and Cost Management", then from there
 click the "Backfill tags" button.

diff --git a/docs/hub-deployment-guide/deploy-support/configure-support.md b/docs/hub-deployment-guide/deploy-support/configure-support.md
@@ -16,26 +16,32 @@ need to recreate them, only update them if required.
 
 In the `infrastructure` repo, the full filepath should be: `config/clusters/<cluster_name>/support.values.yaml`.
 
-Checkout the template support values file in `config/clusters/templates/common/support.values.yaml` for an example configuration. If the cluster is running on GCP or AWS, the deployer should have been generated this file already.
+If the cluster is running on GCP or AWS, the deployer should have been generated this file already.
 
-If you are deploying the support chart on an Azure cluster, you **must** manually create such a file using the template mentioned above. Also, you must set an annotation for `ingress-nginx`'s k8s Service resource by including the following in your `support.values.yaml` file:
+1. If you are deploying the support chart on an AWS cluster, you **must** also manually update the `aws-ce-grafana-backend` service account annotation in the `support.values.yaml` with the output of thew following command:
 
-```yaml
-ingress-nginx:
-  controller:
-    service:
-      annotations:
-        # This annotation is a requirement for use in Azure provided
-        # LoadBalancer.
-        #
-        # ref: https://learn.microsoft.com/en-us/azure/aks/ingress-basic?tabs=azure-cli#basic-configuration
-        # ref: https://github.com/Azure/AKS/blob/master/CHANGELOG.md#release-2022-09-11
-        # ref: https://github.com/Azure/AKS/issues/2907#issuecomment-1109759262
-        # ref: https://github.com/kubernetes/ingress-nginx/issues/8501#issuecomment-1108428615
-        #
-        service.beta.kubernetes.io/azure-load-balancer-health-probe-request-path: /healthz
+```bash
+terraform output -raw aws_ce_grafana_backend_k8s_sa_annotation
 ```
 
+2. If you are deploying the support chart on an Azure cluster, you **must** manually create such a file using the template at `config/clusters/templates/common/support.values.yaml`. Also, you must set an annotation for `ingress-nginx`'s k8s Service resource by including the following in your `support.values.yaml` file:
+
+  ```yaml
+  ingress-nginx:
+    controller:
+      service:
+        annotations:
+          # This annotation is a requirement for use in Azure provided
+          # LoadBalancer.
+          #
+          # ref: https://learn.microsoft.com/en-us/azure/aks/ingress-basic?tabs=azure-cli#basic-configuration
+          # ref: https://github.com/Azure/AKS/blob/master/CHANGELOG.md#release-2022-09-11
+          # ref: https://github.com/Azure/AKS/issues/2907#issuecomment-1109759262
+          # ref: https://github.com/kubernetes/ingress-nginx/issues/8501#issuecomment-1108428615
+          #
+          service.beta.kubernetes.io/azure-load-balancer-health-probe-request-path: /healthz
+  ```
+
 ## Edit your `cluster.yaml` file
 
 Add the following config as a top-level key to your `cluster.yaml` file.

diff --git a/terraform/aws/projects/template.tfvars b/terraform/aws/projects/template.tfvars
@@ -7,12 +7,15 @@ region                 = "{{ cluster_region }}"
 cluster_name           = "{{ cluster_name }}"
 cluster_nodes_location = "{{ cluster_region }}a"
 
+enable_aws_ce_grafana_backend_iam = true
+
 # Tip: uncomment and fill the missing info in the lines below if you want
 #       to setup scratch buckets for the hubs on this cluster.
 #
 #user_buckets = {
 #  "scratch-staging" : {
 #    "delete_after" : 7,
+#    "tags" : { "2i2c:hub-name" : "staging" },
 #  },
 #  # Tip: add more scratch buckets below, if this cluster will be multi-tenant
 #}
@@ -28,3 +31,4 @@ cluster_nodes_location = "{{ cluster_region }}a"
 #  },
 #  # Tip: add more namespaces below, if this cluster will be multi-tenant
 #}
+