Skip to content

Commit

Permalink
fmt tf
Browse files Browse the repository at this point in the history
  • Loading branch information
@movence
movence committed Apr 3, 2024
1 parent a3f04c7 commit d857383
Showing 1 changed file with 37 additions and 42 deletions.
79 changes: 37 additions & 42 deletions terraform/eks/daemon/gpu/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -173,11 +173,11 @@ resource "local_file" "ca_key" {
}

resource "tls_self_signed_cert" "ca_cert" {
private_key_pem = tls_private_key.private_key.private_key_pem
private_key_pem = tls_private_key.private_key.private_key_pem
is_ca_certificate = true
subject {
common_name = "dcgm-exporter-service.amazon-cloudwatch.svc"
organization = "Amazon CloudWatch Agent"
common_name = "dcgm-exporter-service.amazon-cloudwatch.svc"
organization = "Amazon CloudWatch Agent"
}
validity_period_hours = 24
allowed_uses = [
Expand All @@ -191,7 +191,7 @@ resource "tls_self_signed_cert" "ca_cert" {
}

resource "local_file" "ca_cert_file" {
content = tls_self_signed_cert.ca_cert.cert_pem
content = tls_self_signed_cert.ca_cert.cert_pem
filename = "${path.module}/certs/ca.cert"
}

Expand All @@ -200,23 +200,23 @@ resource "tls_private_key" "server_private_key" {
}

resource "local_file" "server_key" {
content = tls_private_key.server_private_key.private_key_pem
content = tls_private_key.server_private_key.private_key_pem
filename = "${path.module}/certs/server.key"
}

resource "tls_cert_request" "local_csr" {
private_key_pem = tls_private_key.server_private_key.private_key_pem
dns_names = ["localhost", "127.0.0.1", "dcgm-exporter-service.amazon-cloudwatch.svc"]
dns_names = ["localhost", "127.0.0.1", "dcgm-exporter-service.amazon-cloudwatch.svc"]
subject {
common_name = "dcgm-exporter-service.amazon-cloudwatch.svc"
organization = "Amazon CloudWatch Agent"
common_name = "dcgm-exporter-service.amazon-cloudwatch.svc"
organization = "Amazon CloudWatch Agent"
}
}

resource "tls_locally_signed_cert" "server_cert" {
cert_request_pem = tls_cert_request.local_csr.cert_request_pem
ca_private_key_pem = tls_private_key.private_key.private_key_pem
ca_cert_pem = tls_self_signed_cert.ca_cert.cert_pem
cert_request_pem = tls_cert_request.local_csr.cert_request_pem
ca_private_key_pem = tls_private_key.private_key.private_key_pem
ca_cert_pem = tls_self_signed_cert.ca_cert.cert_pem
validity_period_hours = 12
allowed_uses = [
"digital_signature",
Expand All @@ -233,12 +233,12 @@ resource "local_file" "server_cert_file" {

resource "kubernetes_secret" "agent_cert" {
metadata {
name = "amazon-cloudwatch-observability-agent-cert"
name = "amazon-cloudwatch-observability-agent-cert"
namespace = "amazon-cloudwatch"
}
data = {
"ca.crt" = tls_self_signed_cert.ca_cert.cert_pem #filebase64(local_file.ca_cert_file.filename)
"tls.crt" = tls_locally_signed_cert.server_cert.cert_pem #filebase64(local_file.server_cert_file.filename)
"ca.crt" = tls_self_signed_cert.ca_cert.cert_pem #filebase64(local_file.ca_cert_file.filename)
"tls.crt" = tls_locally_signed_cert.server_cert.cert_pem #filebase64(local_file.server_cert_file.filename)
"tls.key" = tls_private_key.server_private_key.private_key_pem #filebase64(local_file.server_key.filename)
}
}
Expand Down Expand Up @@ -275,16 +275,16 @@ resource "kubernetes_daemonset" "exporter" {
metadata {
labels = {
"name" : "dcgm-exporter"
"k8s-app": "dcgm-exporter"
"k8s-app" : "dcgm-exporter"
}
}
spec {
node_selector = {
"kubernetes.io/os" : "linux"
}
container {
name = "dcgm-exporter"
image = "httpd:2.4-alpine"
name = "dcgm-exporter"
image = "httpd:2.4-alpine"
resources {
limits = {
"cpu" : "50m",
Expand All @@ -296,7 +296,7 @@ resource "kubernetes_daemonset" "exporter" {
}
}
port {
name = "metrics"
name = "metrics"
container_port = 9400
host_port = 9400
protocol = "TCP"
Expand All @@ -307,28 +307,23 @@ resource "kubernetes_daemonset" "exporter" {
]
args = [
"/bin/echo 'DCGM_FI_DEV_GPU_UTIL{PodName=\"pod1\",gpu=\"0\",UUID=\"uuid0\",device=\"nvidia0\",modelName=\"Tesla T4\",Hostname=\"hostname1\",container=\"main\",namespace=\"amazon-cloudwatch\",pod=\"pod1-hash\"} 1\nDCGM_FI_DEV_FB_FREE{PodName=\"pod1\",gpu=\"0\",UUID=\"uuid0\",device=\"nvidia0\",modelName=\"Tesla T4\",Hostname=\"hostname1\",container=\"main\",namespace=\"amazon-cloudwatch\",pod=\"pod1-hash\"} 1\nDCGM_FI_DEV_FB_USED{PodName=\"pod1\",gpu=\"0\",UUID=\"uuid0\",device=\"nvidia0\",modelName=\"Tesla T4\",Hostname=\"hostname1\",container=\"main\",namespace=\"amazon-cloudwatch\",pod=\"pod1-hash\"} 1\nDCGM_FI_DEV_FB_TOTAL{PodName=\"pod1\",gpu=\"0\",UUID=\"uuid0\",device=\"nvidia0\",modelName=\"Tesla T4\",Hostname=\"hostname1\",container=\"main\",namespace=\"amazon-cloudwatch\",pod=\"pod1-hash\"} 1\nDCGM_FI_DEV_FB_USED_PERCENT{PodName=\"pod1\",gpu=\"0\",UUID=\"uuid0\",device=\"nvidia0\",modelName=\"Tesla T4\",Hostname=\"hostname1\",container=\"main\",namespace=\"amazon-cloudwatch\",pod=\"pod1-hash\"} 1\nDCGM_FI_DEV_GPU_TEMP{PodName=\"pod1\",gpu=\"0\",UUID=\"uuid0\",device=\"nvidia0\",modelName=\"Tesla T4\",Hostname=\"hostname1\",container=\"main\",namespace=\"amazon-cloudwatch\",pod=\"pod1-hash\"} 1\nDCGM_FI_DEV_POWER_USAGE{PodName=\"pod1\",gpu=\"0\",UUID=\"uuid0\",device=\"nvidia0\",modelName=\"Tesla T4\",Hostname=\"hostname1\",container=\"main\",namespace=\"amazon-cloudwatch\",pod=\"pod1-hash\"} 1' >> /usr/local/apache2/htdocs/metrics && sed -i -e \"s/hostname1/$HOST_NAME/g\" /usr/local/apache2/htdocs/metrics && httpd-foreground -k restart"
# /bin/mkdir -p /var/www
# /bin/printf 'DCGM_FI_DEV_GPU_UTIL{gpu=\"0\",UUID=\"uuid0\",device=\"nvidia0\",modelName=\"Tesla T4\",Hostname=\"hostname1\",container=\"main\",namespace=\"amazon-cloudwatch\",pod=\"pod1-hash\"} 1\nDCGM_FI_DEV_FB_FREE{gpu=\"0\",UUID=\"uuid0\",device=\"nvidia0\",modelName=\"Tesla T4\",Hostname=\"hostname1\",container=\"main\",namespace=\"amazon-cloudwatch\",pod=\"pod1-hash\"} 1\nDCGM_FI_DEV_FB_USED{gpu=\"0\",UUID=\"uuid0\",device=\"nvidia0\",modelName=\"Tesla T4\",Hostname=\"hostname1\",container=\"main\",namespace=\"amazon-cloudwatch\",pod=\"pod1-hash\"} 1\nDCGM_FI_DEV_FB_TOTAL{gpu=\"0\",UUID=\"uuid0\",device=\"nvidia0\",modelName=\"Tesla T4\",Hostname=\"hostname1\",container=\"main\",namespace=\"amazon-cloudwatch\",pod=\"pod1-hash\"} 1\nDCGM_FI_DEV_FB_USED_PERCENT{gpu=\"0\",UUID=\"uuid0\",device=\"nvidia0\",modelName=\"Tesla T4\",Hostname=\"hostname1\",container=\"main\",namespace=\"amazon-cloudwatch\",pod=\"pod1-hash\"} 1\nDCGM_FI_DEV_GPU_TEMP{gpu=\"0\",UUID=\"uuid0\",device=\"nvidia0\",modelName=\"Tesla T4\",Hostname=\"hostname1\",container=\"main\",namespace=\"amazon-cloudwatch\",pod=\"pod1-hash\"} 1\nDCGM_FI_DEV_POWER_USAGE{gpu=\"0\",UUID=\"uuid0\",device=\"nvidia0\",modelName=\"Tesla T4\",Hostname=\"hostname1\",container=\"main\",namespace=\"amazon-cloudwatch\",pod=\"pod1-hash\"} 1\ntest' >> /usr/local/apache2/htdocs
# sed -i -e \"s/hostname1/$HOST_NAME/g\" /usr/local/apache2/htdocs
# /bin/httpd -f -v -h /var/www -p 9400
#"/bin/mkdir -p /var/www && /bin/printf 'DCGM_FI_DEV_GPU_UTIL{gpu=\"0\",UUID=\"uuid0\",device=\"nvidia0\",modelName=\"Tesla T4\",Hostname=\"hostname1\",container=\"main\",namespace=\"amazon-cloudwatch\",pod=\"pod1-hash\"} 1\nDCGM_FI_DEV_FB_FREE{gpu=\"0\",UUID=\"uuid0\",device=\"nvidia0\",modelName=\"Tesla T4\",Hostname=\"hostname1\",container=\"main\",namespace=\"amazon-cloudwatch\",pod=\"pod1-hash\"} 1\nDCGM_FI_DEV_FB_USED{gpu=\"0\",UUID=\"uuid0\",device=\"nvidia0\",modelName=\"Tesla T4\",Hostname=\"hostname1\",container=\"main\",namespace=\"amazon-cloudwatch\",pod=\"pod1-hash\"} 1\nDCGM_FI_DEV_FB_TOTAL{gpu=\"0\",UUID=\"uuid0\",device=\"nvidia0\",modelName=\"Tesla T4\",Hostname=\"hostname1\",container=\"main\",namespace=\"amazon-cloudwatch\",pod=\"pod1-hash\"} 1\nDCGM_FI_DEV_FB_USED_PERCENT{gpu=\"0\",UUID=\"uuid0\",device=\"nvidia0\",modelName=\"Tesla T4\",Hostname=\"hostname1\",container=\"main\",namespace=\"amazon-cloudwatch\",pod=\"pod1-hash\"} 1\nDCGM_FI_DEV_GPU_TEMP{gpu=\"0\",UUID=\"uuid0\",device=\"nvidia0\",modelName=\"Tesla T4\",Hostname=\"hostname1\",container=\"main\",namespace=\"amazon-cloudwatch\",pod=\"pod1-hash\"} 1\nDCGM_FI_DEV_POWER_USAGE{gpu=\"0\",UUID=\"uuid0\",device=\"nvidia0\",modelName=\"Tesla T4\",Hostname=\"hostname1\",container=\"main\",namespace=\"amazon-cloudwatch\",pod=\"pod1-hash\"} 1\ntest' >> /usr/local/apache2/htdocs && sed -i -e \"s/hostname1/$HOST_NAME/g\" /usr/local/apache2/htdocs && /bin/httpd -f -v -h /var/www -p 9400"
]
volume_mount {
mount_path = "/etc/amazon-cloudwatch-observability-dcgm-cert"
name = "dcgmtls"
read_only = true
read_only = true
}
volume_mount {
mount_path = "/usr/local/apache2/conf/httpd.conf"
sub_path = "httpd.conf"
sub_path = "httpd.conf"
name = "httpdconfig"
read_only = true
read_only = true
}
volume_mount {
mount_path = "/usr/local/apache2/conf/extra/httpd-ssl.conf"
sub_path = "httpd-ssl.conf"
sub_path = "httpd-ssl.conf"
name = "httpdconfig"
read_only = true
read_only = true
}
env {
name = "HOST_IP"
Expand Down Expand Up @@ -360,11 +355,11 @@ resource "kubernetes_daemonset" "exporter" {
secret {
secret_name = "amazon-cloudwatch-observability-agent-cert"
items {
key = "tls.crt"
key = "tls.crt"
path = "server.crt"
}
items {
key = "tls.key"
key = "tls.key"
path = "server.key"
}
}
Expand All @@ -390,13 +385,13 @@ resource "kubernetes_service" "exporter" {
kubernetes_daemonset.exporter
]
metadata {
name = "dcgm-exporter-service"
name = "dcgm-exporter-service"
namespace = "amazon-cloudwatch"
labels = {
"k8s-app": "dcgm-exporter-service"
"k8s-app" : "dcgm-exporter-service"
}
annotations = {
"prometheus.io/scrape": "true"
"prometheus.io/scrape" : "true"
}
}
spec {
Expand Down Expand Up @@ -520,7 +515,7 @@ resource "kubernetes_daemonset" "service" {
volume_mount {
mount_path = "/etc/amazon-cloudwatch-observability-agent-cert"
name = "agenttls"
read_only = true
read_only = true
}
}
volume {
Expand Down Expand Up @@ -570,7 +565,7 @@ resource "kubernetes_daemonset" "service" {
secret {
secret_name = "amazon-cloudwatch-observability-agent-cert"
items {
key = "ca.crt"
key = "ca.crt"
path = "tls-ca.crt"
}
}
Expand All @@ -586,9 +581,9 @@ resource "kubernetes_daemonset" "service" {
# Template Files
##########################################
locals {
httpd_config = "../../../../${var.test_dir}/resources/httpd.conf"
httpd_config = "../../../../${var.test_dir}/resources/httpd.conf"
httpd_ssl_config = "../../../../${var.test_dir}/resources/httpd-ssl.conf"
cwagent_config = fileexists("../../../../${var.test_dir}/resources/config.json") ? "../../../../${var.test_dir}/resources/config.json" : "../default_resources/default_amazon_cloudwatch_agent.json"
cwagent_config = fileexists("../../../../${var.test_dir}/resources/config.json") ? "../../../../${var.test_dir}/resources/config.json" : "../default_resources/default_amazon_cloudwatch_agent.json"
}

data "template_file" "cwagent_config" {
Expand All @@ -613,11 +608,11 @@ resource "kubernetes_config_map" "cwagentconfig" {

data "template_file" "httpd_config" {
template = file(local.httpd_config)
vars = {}
vars = {}
}
data "template_file" "httpd_ssl_config" {
template = file(local.httpd_ssl_config)
vars = {}
vars = {}
}

resource "kubernetes_config_map" "httpdconfig" {
Expand Down Expand Up @@ -680,13 +675,13 @@ resource "kubernetes_cluster_role" "clusterrole" {
api_groups = [""]
}
rule {
verbs = ["list", "watch"]
resources = ["services"]
verbs = ["list", "watch"]
resources = ["services"]
api_groups = [""]
}
rule {
non_resource_urls = ["/metrics"]
verbs = ["get", "list", "watch"]
verbs = ["get", "list", "watch"]
}
}

Expand Down

0 comments on commit d857383

Please sign in to comment.