Skip to content

Latest commit

 

History

History
82 lines (56 loc) · 3.38 KB

README.md

File metadata and controls

82 lines (56 loc) · 3.38 KB
Raw

Runtime Ephemeral Infrastructure

The UDS Runtime IAC is used by the nightly-infra workflow, via uds tasks, to destroy and create ephemeral testing clusters, using the latest nightly-unstable image of UDS Runtime.

How it Works

When the nightly workflow kicks off, it will tofu init using the backend variables defined in the workflow, then destroy the currently running EC2 instance and related infra. After removing the old infra, it will create a new EC2 instance in the UDS CI AWS account, that on startup will do the following:

  1. clone the uds-k3d repo, setting nginx.conf to redirect for the .burning.boats domain
  2. run the default task of uds-k3d, creating the k3d cluster on the instance
  3. setup the kubecontext to be used by uds
  4. pull the .burning.boats tls cert and key from secrets manager
  5. deploy the init and UDS Core packages
  6. deploy the UDS Runtime package

Custom AMI

The ec2 instance is created with a custom AMI. We use packer to define the AMI in runtime.pkr.hcl and build / push it to our AWS accounts.

Only needed if you're updating the AMI

pre-requisites:

Don't forget to authenticate to the AWS account

cd .github/test-infra/packer
packer init runtime.pkr.hcl
packer build runtime.pkr.hcl

NOTE
Please delete old instances of the AMI from whatever AWS account you push too

Development and Testing

NOTE
Please use the UDS Dev AWS Account instead of CI

For local development and testing:

pre-requisites:

  1. Make sure you're terminal is authenticated to the AWS Dev account

  2. Create a state bucket and dynamo table (either via CLI or through UI)

  3. Alter the variables

    • set the region to us-east-1
    • set the permissions boundary arn / name. You can find that under policies in the IAM console.
    • If you want to debug using SSH -- enable ssh and add your public IP.

  4. Comment out the EIP association in main.tf. This EIP is a dedicated EIP in the CI account attached to the runtime-canary.burning.boats domain.

  5. Init and Apply:

    Via uds task from the root level of this repo: uds run -f .github/test-infra/tasks/infra.yaml create-iac

    OR:

    cd .github/test-infra/terraform
tofu init
tofu apply -auto-approve

WARNING
DO NOT PUSH CHANGES TO VARIABLES SUCH AS ENABLING SSH AND PERMISSIONS BOUNDARY INFORMATION

Debug with SSH

If you enabled ssh and added your IP when developing locally, you can access your instance using the runtime-dev.pem that gets dropped in .github/test-infra/terraform.

ssh -i /path/to/runtime-dev.pem ubuntu@<public-ip>

Debug with SSM

The ec2 instance has been configured with SSM for debugging running clusters without needing SSH. To start an SSM session:

Systems Manager > click Session Manager under Node Management > click start session > select runtime-ephemeral-* > click start session