From eacaff2e2f7978b97f26e4569999431b9e6214a9 Mon Sep 17 00:00:00 2001
From: Erik Sundell <erik.i.sundell@gmail.com>
Date: Fri, 20 Sep 2024 15:52:50 +0200
Subject: [PATCH 1/4] aws-ce-grafana-backend: docs and comment updates
---
.../mounted-files/README.md | 20 +++++++------------
.../mounted-files/query.py | 2 ++
2 files changed, 9 insertions(+), 13 deletions(-)
diff --git a/helm-charts/aws-ce-grafana-backend/mounted-files/README.md b/helm-charts/aws-ce-grafana-backend/mounted-files/README.md
index b2d10626aa..c48aa8285e 100644
--- a/helm-charts/aws-ce-grafana-backend/mounted-files/README.md
+++ b/helm-charts/aws-ce-grafana-backend/mounted-files/README.md
@@ -1,17 +1,12 @@
# About code files
-The code is meant to help serve grafana with JSON with cost related data,
-initially only from AWS.
+The code is meant to help serve grafana with JSON with cost related data from
+AWS Cost Explorer API. It doesn't doesn't rely to other k8s services, so it can
+deploy and be tested by itself.
-## De-coupled from other k8s services
-
-This software doesn't rely to other k8s services, so it can deploy and be tested
-by itself.
-
-## Bundling into Dockerfile vs. mounting in Helm chart
-
-By mounting the code files, development iterations running the code in k8s
-becomes faster.
+The code files in this folders are mounted instead of built into the image in
+order to quicken up development iterations running the code in k8s becomes
+faster.
## Development
@@ -47,13 +42,12 @@ helm upgrade --install --create-namespace -n ce-test --values ce-test-config.yam
# restarts.
kubectl port-forward -n ce-test service/ce-test 8080:http
-# visit http://localhost:8080/aws
+# visit http://localhost:8080/total-costs and other urls
```
### Testing image changes in k8s
```bash
-
cd helm-charts
# before doing this: commit the image change, and stash other changes
diff --git a/helm-charts/aws-ce-grafana-backend/mounted-files/query.py b/helm-charts/aws-ce-grafana-backend/mounted-files/query.py
index 9c79775490..46e4ad935b 100644
--- a/helm-charts/aws-ce-grafana-backend/mounted-files/query.py
+++ b/helm-charts/aws-ce-grafana-backend/mounted-files/query.py
@@ -76,6 +76,8 @@ def query_hub_names(from_date, to_date):
# },
# }
#
+ # The empty string is replaced with "shared"
+ #
hub_names = [t or "shared" for t in response["Tags"]]
return hub_names
From a75d89a3ff683e6d1409f74e8024f80a785461fe Mon Sep 17 00:00:00 2001
From: Erik Sundell <erik.i.sundell@gmail.com>
Date: Fri, 20 Sep 2024 15:53:48 +0200
Subject: [PATCH 2/4] openscapes: enable aws-ce-grafana-backend via support
chart
---
config/clusters/openscapes/support.values.yaml | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/config/clusters/openscapes/support.values.yaml b/config/clusters/openscapes/support.values.yaml
index d5e44b2bf9..5390d780bc 100644
--- a/config/clusters/openscapes/support.values.yaml
+++ b/config/clusters/openscapes/support.values.yaml
@@ -40,3 +40,11 @@ grafana:
auth.github:
enabled: true
allowed_organizations: 2i2c-org NASA-Openscapes
+
+aws-ce-grafana-backend:
+ enabled: true
+ envBasedConfig:
+ clusterName: openscapeshub
+ serviceAccount:
+ annotations:
+ eks.amazonaws.com/role-arn: arn:aws:iam::783616723547:role/aws_ce_grafana_backend_iam_role
From b8daa1610ea634722417f98f6bd98f3ed40711cd Mon Sep 17 00:00:00 2001
From: Erik Sundell <erik.i.sundell@gmail.com>
Date: Fri, 20 Sep 2024 17:09:13 +0200
Subject: [PATCH 3/4] aws-ce-grafana-backend: update hardcoded ce-test
namespace to support namespace
---
helm-charts/aws-ce-grafana-backend/mounted-files/README.md | 2 +-
terraform/aws/aws-ce-grafana-backend-iam.tf | 4 +---
2 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/helm-charts/aws-ce-grafana-backend/mounted-files/README.md b/helm-charts/aws-ce-grafana-backend/mounted-files/README.md
index c48aa8285e..acb49d2878 100644
--- a/helm-charts/aws-ce-grafana-backend/mounted-files/README.md
+++ b/helm-charts/aws-ce-grafana-backend/mounted-files/README.md
@@ -24,7 +24,7 @@ python -m flask --app=webserver run --port=8080
### Testing Python changes in k8s
-This is currently being developed in the openscapes cluster. It depends on a k8s
+This was initially developed in the openscapes cluster. It depends on a k8s
ServiceAccount coupled to an IAM Role there as well.
The image shouldn't need to be rebuilt unless additional dependencies needs to
diff --git a/terraform/aws/aws-ce-grafana-backend-iam.tf b/terraform/aws/aws-ce-grafana-backend-iam.tf
index 6209d4f8e1..6d0771f25b 100644
--- a/terraform/aws/aws-ce-grafana-backend-iam.tf
+++ b/terraform/aws/aws-ce-grafana-backend-iam.tf
@@ -13,11 +13,9 @@ resource "aws_iam_role" "aws_ce_grafana_backend_iam_role" {
Federated = "arn:${data.aws_partition.current.partition}:iam::${data.aws_caller_identity.current.account_id}:oidc-provider/${replace(data.aws_eks_cluster.cluster.identity[0].oidc[0].issuer, "https://", "")}"
},
- # FIXME: Below we have a string including ce-test:ce-test, it should be support:<k8s secret name>
-
Condition = {
StringEquals = {
- "${replace(data.aws_eks_cluster.cluster.identity[0].oidc[0].issuer, "https://", "")}:sub" = "system:serviceaccount:ce-test:ce-test"
+ "${replace(data.aws_eks_cluster.cluster.identity[0].oidc[0].issuer, "https://", "")}:sub" = "system:serviceaccount:support:aws-ce-grafana-backend"
}
},
}]
From 1130b12243b222850718cae0fd5b21a1b5460d0f Mon Sep 17 00:00:00 2001
From: Erik Sundell <erik.i.sundell@gmail.com>
Date: Fri, 20 Sep 2024 17:29:23 +0200
Subject: [PATCH 4/4] aws-ce-grafana-backend: misc cleanup of testing shortcuts
---
.../ce-test-config.yaml | 7 -----
.../mounted-files/README.md | 26 +++++++++++++++++--
2 files changed, 24 insertions(+), 9 deletions(-)
delete mode 100644 helm-charts/aws-ce-grafana-backend/ce-test-config.yaml
diff --git a/helm-charts/aws-ce-grafana-backend/ce-test-config.yaml b/helm-charts/aws-ce-grafana-backend/ce-test-config.yaml
deleted file mode 100644
index 73ff8e30d9..0000000000
--- a/helm-charts/aws-ce-grafana-backend/ce-test-config.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
-fullnameOverride: ce-test
-serviceAccount:
- annotations:
- eks.amazonaws.com/role-arn: arn:aws:iam::783616723547:role/aws_ce_grafana_backend_iam_role
-
-envBasedConfig:
- clusterName: openscapeshub
diff --git a/helm-charts/aws-ce-grafana-backend/mounted-files/README.md b/helm-charts/aws-ce-grafana-backend/mounted-files/README.md
index acb49d2878..43011a9844 100644
--- a/helm-charts/aws-ce-grafana-backend/mounted-files/README.md
+++ b/helm-charts/aws-ce-grafana-backend/mounted-files/README.md
@@ -31,20 +31,42 @@ The image shouldn't need to be rebuilt unless additional dependencies needs to
be installed etc, so if you've only made code changes, you can do the following
to re-deploy.
+During development, a procedure like below can be used to iterate faster than by
+using the deployer.
+
```bash
deployer use-cluster-credentials openscapes
cd helm-charts/aws-ce-grafana-backend
-helm upgrade --install --create-namespace -n ce-test --values ce-test-config.yaml ce-test .
+helm upgrade --install --create-namespace -n support --values my-test-config.yaml aws-ce-grafana-backend .
# note that port-forward to a service is just a way to port-forward to a pod
# behind the service, so you need to do the port-forwarding again if the pod
# restarts.
-kubectl port-forward -n ce-test service/ce-test 8080:http
+kubectl port-forward -n support service/aws-ce-grafana-backend 8080:http
# visit http://localhost:8080/total-costs and other urls
```
+It assumes that you have a `my-test-config.yaml` file looking like this:
+
+```yaml
+serviceAccount:
+ annotations:
+ # can be setup via terraform by setting the variable
+ # enable_aws_ce_grafana_backend_iam = true
+ #
+ # note that the terraform managed IAM Role's assume policy is
+ # only granting a k8s ServiceAccount in "support" namespace
+ # named "aws-ce-grafana-backend" rights to assume it
+ #
+ eks.amazonaws.com/role-arn: arn:aws:iam::783616723547:role/aws_ce_grafana_backend_iam_role
+envBasedConfig:
+ # note that this must be the AWS EKS cluster resource name,
+ # not what we call the cluster
+ clusterName: openscapeshub
+```
+
### Testing image changes in k8s
```bash