feat: New pattern EKS AutoMode custom nodepools (#2085)

Co-authored-by: Apoorva Kulkarni <kuapoorv@amazon.com>

Author: abencomoc

docs/patterns/eks-automode/eks-automode-custom-nodepools.md

@@ -0,0 +1,7 @@
+---
+title: EKS AutoMode - Custom NodePools
+---
+
+{%
+   include-markdown "../../../patterns/eks-automode/automode-custom-nodepools/README.md"
+%}

patterns/eks-automode/automode-custom-nodepools/README.md

@@ -0,0 +1,91 @@
+EKS Auto Mode with custom NodePool and NodeClass
+---
+
+This pattern deploys an EKS Auto Mode cluster with custom NodeClass and NodePool objects.
+
+By default, EKS Auto Mode has two built-in NodePools to cover general compute needs. However, users often need to further customize the compute options available for different types of workloads, and segregate specific workloads onto special types of EC2 compute options (ex: amd64, arm64, GPU, etc).
+
+This pattern provides an easy way to create EKS Auto Mode clusters with custom NodePools.
+
+**Main features of this pattern**
+
+- Creates an EKS Auto Mode cluster
+  - Default Auto Mode NodePools are disabled
+- Deploys different custom NodeClass and NodePool objects, which allow fine-grained configuration of compute parameters for different use cases
+  - amd64
+  - arm64
+  - gpu
+- Creates node IAM role and EKS Access Entry for custom NodePools
+- Installs default configuration to enable EBS and ELB provisioning in Auto Mode
+  - EBS storage class
+  - AWS LB ingress class
+
+**Custom NodePool and NodeClass**
+
+NodeClass and NodePool yaml manifests are provided under folder `eks-automode-config/`
+
+NodeClass:
+
+- `nodeclass-basic.yaml` - minimum (default) EBS configuration
+- `nodeclass-ebs-optimized.yaml` - optimized EBS configuration for IOPS, Size, and Throughput
+
+NodePool:
+
+- `nodepool-graviton.yaml` - instance families "c","r","m" using Graviton processors (arm64 architecture).
+- `nodepool-amd64.yaml` - instance families "c","r","m" using amd64 architecture.
+
+Terraform file `eks-automode-config.tf` applies NodeClass and NodePool objects. It also creates the node IAM role and EKS Access Entry for custom nodes, and applies default EBS storage class and AWS LB ingress class.
+
+To add new Node Pools and Node Classes, just add theis yaml files to the folder and update file `eks-automode-config.tf` with the added yaml file names.
+
+Deploy
+---
+Apply terraform files:
+
+```bash
+terraform apply
+```
+
+Validate
+---
+Deploy the sample application provided in this pattern to use custom NodePools to provision nodes in the cluster.
+
+```bash
+kubectl create ns sample-app
+kubectl apply -n sample-app -f sample-app.yaml
+```
+
+This application creates StatefulSet pods using `amd64` Node Pool, and provisions EBS volumes and ALB as part of the deployment.
+
+Note that Node Pools use label `NodeGroupType: amd64` and Taint `key: amd64`. The pod yaml definition includes relevant values for nodeSelector and Tolerations, to select the desired Node Pool that will provision nodes to run the pod.
+
+```bash
+$ kubectl get nodes,pods,pvc,ingress -n sample-app
+NAME                       STATUS   ROLES    AGE   VERSION
+node/i-08347a1b1ae4f01c4   Ready    <none>   13m   v1.31.4-eks-0f56d01
+
+NAME          READY   STATUS    RESTARTS   AGE
+pod/httpd-0   1/1     Running   0          13m
+pod/httpd-1   1/1     Running   0          12m
+
+NAME                                       STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   VOLUMEATTRIBUTESCLASS   AGE
+persistentvolumeclaim/httpd-logs-httpd-0   Bound    pvc-8eec1429-850a-4b7c-bc78-cd399d583091   10Gi       RWO            auto-ebs-sc    <unset>                 18m
+persistentvolumeclaim/httpd-logs-httpd-1   Bound    pvc-d86f1913-49fd-4a3f-b7a5-01da69e3ac20   10Gi       RWO            auto-ebs-sc    <unset>                 12m
+
+NAME                                      CLASS   HOSTS   ADDRESS                                                                  PORTS   AGE
+ingress.networking.k8s.io/httpd-ingress   alb     *       k8s-sampleap-httpding-58bda13bc0-763023517.us-east-1.elb.amazonaws.com   80      13m
+```
+
+Destroy
+---
+First, remove the sample app and/or any other application that you deployed ot the cluster:
+
+```bash
+kubectl delete -n sample-app -f sample-app.yaml
+```
+
+Then, destroy the infrastructure created with terraform:
+
+```bash
+terraform destroy
+```

patterns/eks-automode/automode-custom-nodepools/eks-automode-config.tf

@@ -0,0 +1,51 @@
+# Yaml manifests are provided under folder ./eks-automode-config/
+locals {
+  storageclass_yamls = [
+    "ebs-storageclass.yaml"
+  ]
+  ingressclass_yamls = [
+    "alb-ingressclass.yaml",
+    "alb-ingressclassParams.yaml"
+  ]
+  custom_nodeclass_yamls = [
+    "nodeclass-basic.yaml",
+    "nodeclass-ebs-optimized.yaml"
+  ]
+  custom_nodepool_yamls = [
+    "nodepool-amd64.yaml",
+    "nodepool-graviton.yaml"
+  ]
+}
+
+# Apply default storage class for EKS AutoMode. EBS CSI Driver runs on AWS side, managed by AWS.
+resource "kubectl_manifest" "storageclass_yamls" {
+  for_each = toset(local.storageclass_yamls)
+
+  yaml_body = file("${path.module}/eks-automode-config/${each.value}")
+}
+
+# Apply default ingress class for EKS AutoMode plus ingress class paramters. AWS Load Balancer Controller runs on AWS side, managed by AWS.
+resource "kubectl_manifest" "ingressclass_yamls" {
+  for_each = toset(local.ingressclass_yamls)
+
+  yaml_body = file("${path.module}/eks-automode-config/${each.value}")
+}
+
+# Apply custom nodeclass objects
+resource "kubectl_manifest" "custom_nodeclass" {
+  for_each = toset(local.custom_nodeclass_yamls)
+
+  yaml_body = templatefile("${path.module}/eks-automode-config/${each.value}", {
+    node_iam_role_name = aws_iam_role.custom_nodeclass_role.name
+    cluster_name       = module.eks.cluster_name
+  })
+
+}
+
+# Apply custom nodepool objects
+resource "kubectl_manifest" "custom_nodepool" {
+  for_each = toset(local.custom_nodepool_yamls)
+
+  yaml_body = file("${path.module}/eks-automode-config/${each.value}")
+
+}

patterns/eks-automode/automode-custom-nodepools/eks-automode-config/alb-ingressclass.yaml

@@ -0,0 +1,15 @@
+apiVersion: networking.k8s.io/v1
+kind: IngressClass
+metadata:
+  name: alb
+  annotations:
+    # Use this annotation to set an IngressClass as Default
+    # If an Ingress doesn't specify a class, it will use the Default
+    ingressclass.kubernetes.io/is-default-class: "true"
+spec:
+  # Configures the IngressClass to use EKS Auto Mode
+  controller: eks.amazonaws.com/alb
+  parameters:
+    apiGroup: eks.amazonaws.com
+    kind: IngressClassParams
+    name: alb

patterns/eks-automode/automode-custom-nodepools/eks-automode-config/alb-ingressclassParams.yaml

@@ -0,0 +1,6 @@
+apiVersion: eks.amazonaws.com/v1
+kind: IngressClassParams
+metadata:
+  name: alb
+spec:
+  scheme: internet-facing

patterns/eks-automode/automode-custom-nodepools/eks-automode-config/ebs-storageclass.yaml

@@ -0,0 +1,11 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: auto-ebs-sc
+  annotations:
+    storageclass.kubernetes.io/is-default-class: "true"
+provisioner: ebs.csi.eks.amazonaws.com
+volumeBindingMode: WaitForFirstConsumer
+parameters:
+  type: gp3
+  encrypted: "true"

patterns/eks-automode/automode-custom-nodepools/eks-automode-config/nodeclass-basic.yaml

@@ -0,0 +1,20 @@
+apiVersion: eks.amazonaws.com/v1
+kind: NodeClass
+metadata:
+  name: basic
+spec:
+  # Use role name here
+  role: "${node_iam_role_name}"
+  subnetSelectorTerms:
+    - tags:
+        Name: "${cluster_name}-private*"
+  securityGroupSelectorTerms:
+    - tags:
+        Name: "${cluster_name}-node"
+  ephemeralStorage:
+    size: "80Gi"    # Range: 1-9000Gi or 1-64000G or 1-58Ti or 1-64T
+    iops: 3000      # Range: 3000-16000
+    throughput: 125 # Range: 125-1000
+  tags:
+    Environment: "production"
+    Team: "platform"

patterns/eks-automode/automode-custom-nodepools/eks-automode-config/nodeclass-ebs-optimized.yaml

@@ -0,0 +1,20 @@
+apiVersion: eks.amazonaws.com/v1
+kind: NodeClass
+metadata:
+  name: ebs-optimized
+spec:
+  # Use role name here
+  role: "${node_iam_role_name}"
+  subnetSelectorTerms:
+    - tags:
+        Name: "${cluster_name}-private*"
+  securityGroupSelectorTerms:
+    - tags:
+        Name: "${cluster_name}-node"
+  ephemeralStorage:
+    size: "100Gi"    # Range: 1-9000Gi or 1-64000G or 1-58Ti or 1-64T
+    iops: 5000      # Range: 3000-16000
+    throughput: 125 # Range: 125-1000
+  tags:
+    Environment: "dev"
+    Team: "data-engineering"

patterns/eks-automode/automode-custom-nodepools/eks-automode-config/nodepool-amd64.yaml

@@ -0,0 +1,40 @@
+apiVersion: karpenter.sh/v1
+kind: NodePool
+metadata:
+  name: amd64
+spec:
+  template:
+    metadata:
+      labels:
+        type: karpenter
+        provisioner: amd64
+        NodeGroupType: amd64
+    spec:
+      taints:
+        - key: amd64
+          effect: NoSchedule
+      requirements:
+        - key: "karpenter.sh/capacity-type"
+          operator: In
+          values: ["on-demand"]
+        - key: "kubernetes.io/arch"
+          operator: In
+          values: ["amd64"]
+        - key: "eks.amazonaws.com/instance-category"
+          operator: In
+          values: ["c", "m", "r"]
+        - key: "eks.amazonaws.com/instance-cpu"
+          operator: In
+          values: ["4", "8", "16", "32"]
+        - key: "eks.amazonaws.com/instance-hypervisor"
+          operator: In
+          values: ["nitro"]
+        - key: "eks.amazonaws.com/instance-generation"
+          operator: Gt
+          values: ["4"]
+      nodeClassRef:
+        name: ebs-optimized
+        group: eks.amazonaws.com
+        kind: NodeClass
+  limits:
+    cpu: 1000

patterns/eks-automode/automode-custom-nodepools/eks-automode-config/nodepool-graviton.yaml

@@ -0,0 +1,40 @@
+apiVersion: karpenter.sh/v1
+kind: NodePool
+metadata:
+  name: graviton
+spec:
+  template:
+    metadata:
+      labels:
+        type: karpenter
+        provisioner: graviton
+        NodeGroupType: Graviton
+    spec:
+      taints:
+        - key: graviton
+          effect: NoSchedule
+      requirements:
+        - key: "karpenter.sh/capacity-type"
+          operator: In
+          values: ["on-demand"]
+        - key: "kubernetes.io/arch"
+          operator: In
+          values: ["arm64"]
+        - key: "eks.amazonaws.com/instance-category"
+          operator: In
+          values: ["c", "m", "r"]
+        - key: "eks.amazonaws.com/instance-cpu"
+          operator: In
+          values: ["4", "8", "16", "32"]
+        - key: "eks.amazonaws.com/instance-hypervisor"
+          operator: In
+          values: ["nitro"]
+        - key: "eks.amazonaws.com/instance-generation"
+          operator: Gt
+          values: ["4"]
+      nodeClassRef:
+        name: ebs-optimized
+        group: eks.amazonaws.com
+        kind: NodeClass
+  limits:
+    cpu: 1000