feat!: add cluster autoscaler to cluster

wandb · Aug 23, 2024 · c57b969 · c57b969
1 parent e8a118a
commit c57b969
Show file tree

Hide file tree

Showing 6 changed files with 114 additions and 1 deletion.
diff --git a/main.tf b/main.tf
@@ -410,4 +410,3 @@ module "wandb" {
     }
   }
 }
-
diff --git a/modules/app_eks/cluster-autoscaler/ClusterAutoscaler.json b/modules/app_eks/cluster-autoscaler/ClusterAutoscaler.json
@@ -0,0 +1,34 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "autoscaling:DescribeAutoScalingGroups",
+        "autoscaling:DescribeAutoScalingInstances",
+        "autoscaling:DescribeLaunchConfigurations",
+        "autoscaling:DescribeScalingActivities",
+        "ec2:DescribeImages",
+        "ec2:DescribeInstanceTypes",
+        "ec2:DescribeLaunchTemplateVersions",
+        "ec2:GetInstanceTypesFromInstanceRequirements",
+        "eks:DescribeNodegroup"
+      ],
+      "Resource": ["*"]
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "autoscaling:SetDesiredCapacity",
+        "autoscaling:TerminateInstanceInAutoScalingGroup"
+      ],
+      "Resource": ["*"],
+      "Condition": {
+        "StringEquals": {
+          "aws:ResourceTag/k8s.io/cluster-autoscaler/enabled": "true",
+          "aws:ResourceTag/k8s.io/cluster-autoscaler/${namespace}": "owned"
+        }
+      }
+    }
+  ]
+}
diff --git a/modules/app_eks/cluster-autoscaler/cluster_autoscaler.tf b/modules/app_eks/cluster-autoscaler/cluster_autoscaler.tf
@@ -0,0 +1,29 @@
+data "aws_region" "current" {}
+
+resource "helm_release" "cluster-autoscaler" {
+  chart = "cluster-autoscaler"
+  name  = "cluster-autoscaler"
+  repository = "https://kubernetes.github.io/autoscaler"
+  namespace = "cluster-autoscaler"
+  create_namespace = true
+
+  set {
+    name  = "fullnameOverride"
+    value = "cluster-autoscaler"
+  }
+
+  set {
+    name  = "autoDiscovery.clusterName"
+    value = var.namespace
+  }
+
+  set {
+    name  = "awsRegion"
+    value = data.aws_region.current.name
+  }
+
+  set {
+    name  = "rbac.serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"
+    value = aws_iam_role.default.arn
+  }
+}
diff --git a/modules/app_eks/cluster-autoscaler/iam.tf b/modules/app_eks/cluster-autoscaler/iam.tf
@@ -0,0 +1,32 @@
+data "aws_iam_policy_document" "default" {
+  statement {
+    actions = ["sts:AssumeRoleWithWebIdentity"]
+    effect  = "Allow"
+
+    condition {
+      test     = "StringLike"
+      variable = "${replace(var.oidc_provider.url, "https://", "")}:sub"
+      values   = ["system:serviceaccount:cluster-autoscaler:*"]
+    }
+
+    principals {
+      identifiers = [var.oidc_provider.arn]
+      type        = "Federated"
+    }
+  }
+}
+
+resource "aws_iam_role" "default" {
+  assume_role_policy = data.aws_iam_policy_document.default.json
+  name               = "${var.namespace}-cluster-autoscaler"
+}
+
+resource "aws_iam_policy" "default" {
+  policy = templatefile("NodeTerminationHandler.json", { namespace = var.namespace })
+  name   = "${var.namespace}-cluster-autoscaler"
+}
+
+resource "aws_iam_role_policy_attachment" "default" {
+  role       = aws_iam_role.default.name
+  policy_arn = aws_iam_policy.default.arn
+}
diff --git a/modules/app_eks/cluster-autoscaler/variables.tf b/modules/app_eks/cluster-autoscaler/variables.tf
@@ -0,0 +1,10 @@
+variable "namespace" {
+  type = string
+}
+
+variable "oidc_provider" {
+  type = object({
+    arn = string
+    url = string
+  })
+}
diff --git a/modules/app_eks/main.tf b/modules/app_eks/main.tf
@@ -137,3 +137,12 @@ module "external_dns" {
 
   depends_on = [module.eks]
 }
+
+module "cluster-autoscaler" {
+  source = "./cluster-autoscaler"
+
+  namespace     = var.namespace
+  oidc_provider = aws_iam_openid_connect_provider.eks
+
+  depends_on = [module.eks]
+}