Merge pull request #114 from awslabs/fluentbit-investigation

Spark Live UI added

Author: vara-bonthu

analytics/terraform/emr-eks-karpenter/README.md

@@ -54,7 +54,7 @@ Checkout the [documentation website](https://awslabs.github.io/data-on-eks/docs/
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_eks_cluster_version"></a> [eks\_cluster\_version](#input\_eks\_cluster\_version) | EKS Cluster version | `string` | `"1.24"` | no |
-| <a name="input_enable_yunikorn"></a> [enable\_yunikorn](#input\_enable\_yunikorn) | Enable YuniKorn Scheduler | `bool` | `true` | no |
+| <a name="input_enable_yunikorn"></a> [enable\_yunikorn](#input\_enable\_yunikorn) | Enable YuniKorn Scheduler | `bool` | `false` | no |
 | <a name="input_name"></a> [name](#input\_name) | Name of the VPC and EKS Cluster | `string` | `"emr-eks-karpenter"` | no |
 | <a name="input_private_subnets"></a> [private\_subnets](#input\_private\_subnets) | Private Subnets CIDRs. 16382 IPs per Subnet | `list(string)` | <pre>[<br>  "10.1.0.0/18",<br>  "10.1.64.0/18",<br>  "10.1.128.0/18"<br>]</pre> | no |
 | <a name="input_public_subnets"></a> [public\_subnets](#input\_public\_subnets) | Public Subnets CIDRs. 4094 IPs per Subnet | `list(string)` | <pre>[<br>  "10.1.192.0/20",<br>  "10.1.208.0/20",<br>  "10.1.224.0/20"<br>]</pre> | no |
@@ -70,4 +70,5 @@ Checkout the [documentation website](https://awslabs.github.io/data-on-eks/docs/
 | <a name="output_emr_on_eks_role_arn"></a> [emr\_on\_eks\_role\_arn](#output\_emr\_on\_eks\_role\_arn) | IAM execution role arn for EMR on EKS |
 | <a name="output_emr_on_eks_role_id"></a> [emr\_on\_eks\_role\_id](#output\_emr\_on\_eks\_role\_id) | IAM execution role ID for EMR on EKS |
 | <a name="output_emrcontainers_virtual_cluster_id"></a> [emrcontainers\_virtual\_cluster\_id](#output\_emrcontainers\_virtual\_cluster\_id) | EMR Containers Virtual cluster ID |
+| <a name="output_emrcontainers_virtual_cluster_name"></a> [emrcontainers\_virtual\_cluster\_name](#output\_emrcontainers\_virtual\_cluster\_name) | EMR Containers Virtual cluster name |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

analytics/terraform/emr-eks-karpenter/addons.tf

@@ -49,10 +49,15 @@ module "eks_blueprints_kubernetes_addons" {
   }
 
   #---------------------------------------
-  # Cluster Autoscaler
+  # Karpenter Autoscaler for EKS Cluster
   #---------------------------------------
   enable_karpenter = true
   karpenter_helm_config = {
+    name                = "karpenter"
+    chart               = "karpenter"
+    repository          = "oci://public.ecr.aws/karpenter"
+    version             = local.karpenter_helm_chart_version
+    namespace           = local.karpenter_namespace
     repository_username = data.aws_ecrpublic_authorization_token.token.user_name
     repository_password = data.aws_ecrpublic_authorization_token.token.password
   }
@@ -234,3 +239,28 @@ resource "kubectl_manifest" "karpenter_provisioner" {
 
   depends_on = [module.eks_blueprints_kubernetes_addons]
 }
+
+#------------------------------------------------------------------------------------------------------------
+# Karpenter-CRD Helm Chart for upgrades - Custom Resource Definition (CRD) Upgrades
+# https://gallery.ecr.aws/karpenter/karpenter-crd
+# Checkout the user guide https://karpenter.sh/preview/upgrade-guide/
+# https://github.com/aws/karpenter/tree/main/charts/karpenter-crd
+#------------------------------------------------------------------------------------------------------------
+# README:
+# Karpenter ships with a few Custom Resource Definitions (CRDs). These CRDs are published:
+# As an independent helm chart karpenter-crd - source that can be used by Helm to manage the lifecycle of these CRDs.
+# To upgrade or install karpenter-crd run:
+# helm upgrade --install karpenter-crd oci://public.ecr.aws/karpenter/karpenter-crd --version vx.y.z --namespace karpenter --create-namespace
+#------------------------------------------------------------------------------------------------------------
+#resource "helm_release" "karpenter_crd" {
+#  namespace        = local.karpenter_namespace
+#  create_namespace = true
+#  name             = "karpenter"
+#  repository       = "oci://public.ecr.aws/karpenter/karpenter-crd"
+#  chart            = "karpenter-crd"
+#  version          = "v0.24.0"
+#  repository_username = data.aws_ecrpublic_authorization_token.token.user_name
+#  repository_password = data.aws_ecrpublic_authorization_token.token.password
+#
+#  depends_on = [module.eks_blueprints_kubernetes_addons.karpenter]
+#}

analytics/terraform/emr-eks-karpenter/examples/karpenter-memory-provisioner/execute_emr_eks_job.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-if [ $# -ne 4 ];
+if [ $# -ne 3 ];
 then
   echo "$0: Missing arguments EMR_VIRTUAL_CLUSTER_NAME, S3_BUCKET_NAME and EMR_JOB_EXECUTION_ROLE_ARN"
   echo "USAGE: ./execute_emr_eks_job.sh '<EMR_VIRTUAL_CLUSTER_NAME>' '<s3://ENTER_BUCKET_NAME>' '<EMR_JOB_EXECUTION_ROLE_ARN>'"
@@ -80,7 +80,7 @@ if [[ $EMR_VIRTUAL_CLUSTER_ID != "" ]]; then
         "entryPointArguments": ["'"$INPUT_DATA_S3_PATH"'",
           "'"$OUTPUT_DATA_S3_PATH"'"
         ],
-        "sparkSubmitParameters": "--conf spark.executor.instances=10"
+        "sparkSubmitParameters": "--conf spark.executor.instances=2"
       }
    }' \
     --configuration-overrides '{

analytics/terraform/emr-eks-karpenter/examples/karpenter-yunikorn-gangscheduling/execute_emr_eks_job.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-if [ $# -ne 4 ];
+if [ $# -ne 3 ];
 then
   echo "$0: Missing arguments EMR_VIRTUAL_CLUSTER_NAME, S3_BUCKET_NAME and EMR_JOB_EXECUTION_ROLE_ARN"
   echo "USAGE: ./execute_emr_eks_job.sh '<EMR_VIRTUAL_CLUSTER_NAME>' '<s3://ENTER_BUCKET_NAME>' '<EMR_JOB_EXECUTION_ROLE_ARN>'"

analytics/terraform/emr-eks-karpenter/locals.tf

@@ -2,11 +2,12 @@ locals {
   name   = var.name
   region = var.region
 
-  vpc_cidr        = var.vpc_cidr
-  azs             = slice(data.aws_availability_zones.available.names, 0, 3)
-  core_node_group = "core-node-group"
-  vpc_endpoints   = ["autoscaling", "ecr.api", "ecr.dkr", "ec2", "ec2messages", "elasticloadbalancing", "sts", "kms", "logs", "ssm", "ssmmessages"]
-
+  vpc_cidr                     = var.vpc_cidr
+  azs                          = slice(data.aws_availability_zones.available.names, 0, 3)
+  core_node_group              = "core-node-group"
+  vpc_endpoints                = ["autoscaling", "ecr.api", "ecr.dkr", "ec2", "ec2messages", "elasticloadbalancing", "sts", "kms", "logs", "ssm", "ssmmessages"]
+  karpenter_helm_chart_version = "v0.25.0"
+  karpenter_namespace          = "karpenter"
   tags = merge(var.tags, {
     Blueprint  = local.name
     GithubRepo = "github.com/awslabs/data-on-eks"

analytics/terraform/emr-eks-karpenter/outputs.tf

@@ -9,7 +9,7 @@ output "emrcontainers_virtual_cluster_id" {
 }
 
 output "emrcontainers_virtual_cluster_name" {
-  description = "EMR Containers Virtual cluster NAME"
+  description = "EMR Containers Virtual cluster name"
   value       = aws_emrcontainers_virtual_cluster.this.name
 }
 

analytics/terraform/emr-eks-karpenter/provisioners/spark-compute-optimized-provisioner.yaml

@@ -44,7 +44,7 @@ metadata:
   namespace: karpenter
 spec:
   subnetSelector:
-    Name: "${eks_cluster_id}-private*"       # required
+    Name: "${eks_cluster_id}-private*"       # or karpenter.sh/discovery/${eks_cluster_id}: '*'
   launchTemplate: "${launch_template_name}"  # optional, see Launch Template documentation
   tags:
     InstanceType: "spark-compute-optimized"   # optional, add tags for your own use

analytics/terraform/emr-eks-karpenter/variables.tf

@@ -41,7 +41,7 @@ variable "private_subnets" {
 }
 
 variable "enable_yunikorn" {
-  default     = true
+  default     = false
   description = "Enable YuniKorn Scheduler"
   type        = bool
 }

analytics/terraform/spark-k8s-operator/addons.tf

@@ -15,6 +15,27 @@ module "eks_blueprints_kubernetes_addons" {
   enable_amazon_eks_kube_proxy         = true
   enable_amazon_eks_aws_ebs_csi_driver = true
 
+  enable_aws_load_balancer_controller = true
+  aws_load_balancer_controller_helm_config = {
+    name        = "aws-load-balancer-controller"
+    chart       = "aws-load-balancer-controller"
+    repository  = "https://aws.github.io/eks-charts"
+    version     = "1.4.7"
+    namespace   = "kube-system"
+    description = "aws-load-balancer-controller Helm Chart for ingress resources"
+  }
+
+  enable_ingress_nginx = true
+  ingress_nginx_helm_config = {
+    name        = "ingress-nginx"
+    chart       = "ingress-nginx"
+    repository  = "https://kubernetes.github.io/ingress-nginx"
+    version     = "4.5.2"
+    description = "The NGINX HelmChart Ingress Controller deployment configuration"
+    values      = [templatefile("${path.module}/helm-values/nginx-values.yaml", {})]
+  }
+
+
   #---------------------------------------------------------------
   # Metrics Server
   #---------------------------------------------------------------
@@ -138,7 +159,7 @@ module "eks_blueprints_kubernetes_addons" {
     name                            = "aws-for-fluent-bit"
     chart                           = "aws-for-fluent-bit"
     repository                      = "https://aws.github.io/eks-charts"
-    version                         = "0.1.21"
+    version                         = "0.1.22"
     namespace                       = "logging"
     timeout                         = "300"
     aws_for_fluent_bit_cw_log_group = "/${module.eks_blueprints.eks_cluster_id}/worker-fluentbit-logs" # Optional
@@ -147,6 +168,7 @@ module "eks_blueprints_kubernetes_addons" {
       region                    = data.aws_region.current.id
       aws_for_fluent_bit_cw_log = "/${module.eks_blueprints.eks_cluster_id}/worker-fluentbit-logs"
       s3_bucket_name            = aws_s3_bucket.this.id
+      cluster_name              = module.eks_blueprints.eks_cluster_id
     })]
     set = [
       {
@@ -302,11 +324,11 @@ resource "aws_s3_bucket_public_access_block" "this" {
   ignore_public_acls      = true
 }
 
-# Creating an s3 bucket prefix. Ensure you copy analytics event logs under this path to visualize the dags
+# Creating an s3 bucket prefix. Ensure you copy Spark History event logs under this path to visualize the dags
 resource "aws_s3_object" "this" {
   bucket       = aws_s3_bucket.this.id
   acl          = "private"
-  key          = "logs/"
+  key          = "${module.eks_blueprints.eks_cluster_id}/event-history-logs/"
   content_type = "application/x-directory"
 
   depends_on = [

analytics/terraform/spark-k8s-operator/helm-values/aws-for-fluentbit-values.yaml

@@ -7,26 +7,77 @@ global:
 hostNetwork: true
 dnsPolicy: ClusterFirstWithHostNet
 
-# NOTE: extraFilters config for using Kubelet to get the Metadata instead of talking to API server for large clusters
+#----------------------------------------------------------#
+# PARSERS for k8s-custom-tag abd crio
+# NOTE: Read this link for more details about WHY CRIO parser used -> https://docs.fluentbit.io/manual/installation/kubernetes#container-runtime-interface-cri-parser
+# e.g., k8s log line for crio ->
+# 2023-02-19T21:28:48.495311051Z  stdout                      F                 Unsetting extraneous env vars (UTC): 21:28:48
+# ^(?<time>[^ ]+)                 (?<stream>stdout|stderr)    (?<logtag>P|F)    (?<log>.*)$
+#----------------------------------------------------------#
+service:
+  parsersFiles:
+    - /fluent-bit/parsers/parsers.conf
+  extraParsers: |
+    [PARSER]
+        Name    k8s-custom-tag
+        Format  regex
+        Regex   ^(?<namespace_name>[^_]+)\.(?<container_name>.+)\.(?<pod_name>[a-z0-9](?:[-a-z0-9]*[a-z0-9])?(?:\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*)\.(?<docker_id>[a-z0-9]{64})-$
+
+    [PARSER]
+        Name          crio
+        Format        Regex
+        Regex         ^(?<time>[^ ]+) (?<stream>stdout|stderr) (?<logtag>P|F) (?<log>.*)$
+        Time_Key      time
+        Time_Format   %Y-%m-%dT%H:%M:%S.%L%z
+
+#----------------------------------------------------------#
+# FILTER logs with k8s-custom-tag parser
+# Tag_regex -> Use this to verify the regex https://rubular.com/
+#----------------------------------------------------------#
+input:
+  enabled: true
+  tag: kube.<namespace_name>.<container_name>.<pod_name>.<docker_id>-
+  path: "/var/log/containers/*.log"
+  db: "/var/log/flb_kube.db"
+  parser: crio
+  memBufLimit: 5MB
+  skipLongLines: "On"
+  refreshInterval: 10
+  extraInputs: |
+    Tag_Regex         (?<pod_name>[a-z0-9](?:[-a-z0-9]*[a-z0-9])?(?:\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*)_(?<namespace_name>[^_]+)_(?<container_name>.+)-(?<docker_id>[a-z0-9]{64})\.log$
+
+#----------------------------------------------------------#
+# FILTER logs with k8s-custom-tag parser
+#----------------------------------------------------------#
+# NOTE: The Kubernetes filter will enrich the logs with Kubernetes metadata, specifically labels and annotations.
+#       The filter only goes to the API Server when it cannot find the cached info, otherwise it uses the cache.
+#----------------------------------------------------------#
 filter:
+  enabled: true
   name: "kubernetes"
   match: "kube.*"
   kubeURL: "https://kubernetes.default.svc.cluster.local:443"
   mergeLog: "On"
   mergeLogKey: "log_processed"
   keepLog: "On"
   k8sLoggingParser: "On"
-  k8sLoggingExclude: "Off"
+  k8sLoggingExclude: "On"
   bufferSize: "0"
   extraFilters: |
-    Kube_Tag_Prefix     application.var.log.containers.
-    Labels              Off
-    Annotations         Off
+    Kube_Tag_Prefix     kube.
+    Regex_Parser        k8s-custom-tag
     Use_Kubelet         true
     Kubelet_Port        10250
+    Annotations         Off
     Kube_CA_File        /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
     Kube_Token_File     /var/run/secrets/kubernetes.io/serviceaccount/token
 
+#  extraFilters: |
+#    Labels              Off
+
+#----------------------------------------------------------#
+# OUTPUT logs to CloudWatch
+#----------------------------------------------------------#
 cloudWatch:
   enabled: true
   match: "*"
@@ -40,6 +91,8 @@ cloudWatch:
   autoCreateGroup: false
   endpoint:
   credentialsEndpoint:  {}
+  # extraOutputs: |
+  #   ...
 
 firehose:
   enabled: false
@@ -50,23 +103,36 @@ kinesis:
 elasticsearch:
   enabled: false
 
+
+#----------------------------------------------------------#
+# OUTPUT logs to S3
+#----------------------------------------------------------#
 # Use this config to write logs to an S3 bucket.
 # Pre-req
 #  1/ S3 bucket for logging
 #  2/ Additional IAM policy for FluentBit add-on IRSA config
 #  3/ Add this to Terraform to pass additional IAM policy "aws_for_fluentbit_irsa_policies = ["<ENTER_NEW_IAM_POLICY_FOR_S3>"]"
-
+#----------------------------------------------------------#
 additionalOutputs: |
   [OUTPUT]
       Name                            s3
       Match                           *
       region                          ${region}
       bucket                          ${s3_bucket_name}
       total_file_size                 100M
-      s3_key_format                   /fluentbit-logs/$TAG[4]/year=%Y/month=%m/day=%d/hour=%H/
-      s3_key_format_tag_delimiters    ._
+      s3_key_format                   /${cluster_name}/application-logs/year=%Y/month=%m/day=%d/$TAG[1]/$TAG[2]/$TAG[3]/$TAG[3]_%H%M%S_$UUID.log
+      s3_key_format_tag_delimiters    ..
       store_dir                       /home/ec2-user/buffer
       upload_timeout                  10m
+      workers                         2
+
+#----------------------------------------------------------#
+# Use below when compression is enabled for S3 logs with gzip. Multipart upload cannot be used with gzip compression
+#  use_put_object On
+#  content_type application/json
+#  compression gzip
+#  preserve_data_ordering On
+#----------------------------------------------------------#
 
 serviceAccount:
   create: true
@@ -88,3 +154,18 @@ updateStrategy:
 
 nodeSelector:
   kubernetes.io/os: linux
+
+volumes:
+  - name: varlog
+    hostPath:
+      path: /var/log
+  - name: varlibdockercontainers
+    hostPath:
+      path: /var/lib/docker/containers
+
+volumeMounts:
+  - name: varlog
+    mountPath: /var/log
+  - name: varlibdockercontainers
+    mountPath: /var/lib/docker/containers
+    readOnly: true

analytics/terraform/spark-k8s-operator/helm-values/nginx-values.yaml

@@ -0,0 +1,35 @@
+controller:
+  service:
+    # For more annotations https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/guide/service/annotations/
+    annotations:
+      service.beta.kubernetes.io/aws-load-balancer-ip-address-type: ipv4
+      service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+      service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip
+      service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
+      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
+      service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true'
+      service.beta.kubernetes.io/aws-load-balancer-type: nlb
+
+#------------------------------------
+# FUTURE WORK TO ENABLE ROUTE53, ACM
+#------------------------------------
+#      external-dns.alpha.kubernetes.io/hostname: kubernetes-example.com.
+#  AWS route53-mapper
+#controller:
+#  service:
+#    labels:
+#      dns: "route53"
+#    annotations:
+#      domainName: "kubernetes-example.com"
+
+#  AWS L7 ELB with SSL Termination
+#controller:
+#  service:
+#    targetPorts:
+#      http: http
+#      https: http
+#    annotations:
+#      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:XX-XXXX-X:XXXXXXXXX:certificate/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX
+#      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
+#      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
+#      service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600'

analytics/terraform/spark-k8s-operator/helm-values/spark-k8s-operator-values.yaml

@@ -26,3 +26,16 @@ resources:
 batchScheduler:
   # -- Enable batch scheduler for spark jobs scheduling. If enabled, users can specify batch scheduler name in spark application
   enable: true
+
+#------------------------------------
+# THIS WILL CREATE SERVICE AND INGRESS OBJECT FOR EACH SPARK APPLICATION
+#------------------------------------
+uiService:
+  # -- Enable UI service creation for Spark application
+  enable: true
+# -- Ingress URL format.
+# Requires the UI service to be enabled by setting `uiService.enable` to true.
+# 1/ Enable ingressUrlFormat to create an Ingress object for each Spark Job submitted using Spark Operator
+# 2/ This setup also requires ingres-nginx to be deployed with NLB as LB with IP based routing.
+# 3. Enter the NLB DNS name or enter Custom Domain name from route53 below which points to the NLB
+#ingressUrlFormat: '<ENTER_NLB_DNS_NAME/CUSTOM_DOMAIN_NAME>/{{$appName}}'