From aebd3bd384b0d46007d58125ad67b0cee5209cd5 Mon Sep 17 00:00:00 2001 From: MzUgM <108896003+MzUgM@users.noreply.github.com> Date: Mon, 22 Sep 2025 15:10:55 -0700 Subject: [PATCH 1/2] feat: add amp variables --- README-ENTERPRISE.md | 13 +++++++++---- README.md | 13 +++++++++---- chart/templates/deployment/_icc.yaml | 13 +++++++++++++ chart/templates/serviceaccount.yaml | 2 +- chart/values.yaml | 14 +++++++++----- 5 files changed, 41 insertions(+), 14 deletions(-) diff --git a/README-ENTERPRISE.md b/README-ENTERPRISE.md index d749cee..bdeebbb 100644 --- a/README-ENTERPRISE.md +++ b/README-ENTERPRISE.md @@ -72,13 +72,18 @@ production-ready set of values except for the `secrets` portion. | `services.icc.secrets.control_plane_keys` | TODO | "" | Yes | | `services.icc.secrets.user_manager_session` | TODO | "" | Yes | -#### Elasticache +#### AWS Managed Services + +These managed services are only accessible through IRSA which means ICC must be +running in AWS-managed Kubernetes. As well, [`cloud` must be set to `aws`](#common-parameters). | Name | Description | Default Value | Required | | --- | --- | --- | --- | -| `services.icc.elasticache.role_arn` | The role ARN | "" | No | -| `services.icc.elasticache.region` | Region the cluster is in | "" | No | -| `services.icc.elasticache.cluster_name` | Name of the Elasticache cluster | "" | No | +| `services.icc.aws.role_arn` | The role ARN | "" | No | +| `services.icc.aws.elasticache.region` | Region the cluster is in | "" | No | +| `services.icc.aws.elasticache.cluster_name` | Name of the Elasticache cluster | "" | No | +| `services.icc.aws.amp.region` | Region for AMP is in | "" | No | +| `services.icc.aws.amp.workspace_id` | AMP workspace | "" | No | #### Features diff --git a/README.md b/README.md index 9e5f184..27077ae 100644 --- a/README.md +++ b/README.md @@ -73,13 +73,18 @@ production-ready set of values except for the `secrets` portion. | `services.icc.secrets.control_plane_keys` | Random value to secure sessions | "" | Yes | | `services.icc.secrets.user_manager_session` | Random value to secure sessions | "" | Yes | -#### Elasticache +#### AWS Managed Services + +These managed services are only accessible through IRSA which means ICC must be +running in AWS-managed Kubernetes. As well, [`cloud` must be set to `aws`](#common-parameters). | Name | Description | Default Value | Required | | --- | --- | --- | --- | -| `services.icc.elasticache.role_arn` | The role ARN | "" | No | -| `services.icc.elasticache.region` | Region the cluster is in | "" | No | -| `services.icc.elasticache.cluster_name` | Name of the Elasticache cluster | "" | No | +| `services.icc.aws.role_arn` | The role ARN | "" | No | +| `services.icc.aws.elasticache.region` | Region the cluster is in | "" | No | +| `services.icc.aws.elasticache.cluster_name` | Name of the Elasticache cluster | "" | No | +| `services.icc.aws.amp.region` | Region for AMP is in | "" | No | +| `services.icc.aws.amp.workspace_id` | AMP workspace | "" | No | #### Features diff --git a/chart/templates/deployment/_icc.yaml b/chart/templates/deployment/_icc.yaml index 079f734..926d34b 100644 --- a/chart/templates/deployment/_icc.yaml +++ b/chart/templates/deployment/_icc.yaml @@ -147,6 +147,17 @@ spec: - name: PLT_METRICS_PROMETHEUS_URL value: {{ .prometheus.url }} + {{- with .aws }} + {{- with .amp }} + - name: PLT_METRICS_PROMETHEUS_USE_AMP + value: "true" + - name: PLT_METRICS_AMP_REGION + value: {{ .region }} + - name: PLT_METRICS_AMP_WORKSPACE_ID + value: {{ .workspace_id }} + {{- end }} + {{- end }} + # Compliance - name: PLT_COMPLIANCE_RULES_DIR value: "./rules" @@ -228,6 +239,7 @@ spec: key: "{{ . }}" {{- end }} + {{- with .aws }} {{- with .elasticache }} - name: PLT_APPLICATIONS_CACHE_PROVIDER value: elasticache @@ -238,6 +250,7 @@ spec: - name: PLT_APPLICATIONS_ELASTICACHE_CLUSTERID_PREFIX value: {{ .cluster_name }} {{- end}} + {{- end}} {{- if .command }} command: diff --git a/chart/templates/serviceaccount.yaml b/chart/templates/serviceaccount.yaml index 9f589e2..90b6d7d 100644 --- a/chart/templates/serviceaccount.yaml +++ b/chart/templates/serviceaccount.yaml @@ -7,7 +7,7 @@ metadata: namespace: {{ include "install.namespace" $ }} {{- if eq .Values.cloud "aws"}} annotations: - {{- with .Values.services.icc.elasticache}} + {{- with .Values.services.icc.aws}} eks.amazonaws.com/role-arn: {{ .role_arn }} {{- end}} {{- end}} diff --git a/chart/values.yaml b/chart/values.yaml index 7d8b4fa..e2cb2a5 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -44,12 +44,16 @@ services: monitor: enable: true - # Configure elasticache - # See - #elasticache: + # Configure AWS features + #aws: + # # The role must have policies for all enabled AWS features # role_arn: "" - # region: "" - # cluster_name: "" + # elasticache: + # region: "" + # cluster_name: "" + # amp: + # region: "" + # workspace_id: "" # We have a changelog available at: image: From 3db6c0da0cbbdc536e3dca87d354be5a936d38e6 Mon Sep 17 00:00:00 2001 From: MzUgM <108896003+MzUgM@users.noreply.github.com> Date: Thu, 25 Sep 2025 08:36:42 -0700 Subject: [PATCH 2/2] feat: make sure role arn is accessible --- chart/Chart.yaml | 2 +- chart/templates/deployment/_icc.yaml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/chart/Chart.yaml b/chart/Chart.yaml index df4f8f6..c3dfb69 100644 --- a/chart/Chart.yaml +++ b/chart/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: helm -version: 4.0.0 +version: 4.1.0 kubeVersion: ">= 1.30.0-0" description: Platformatic microservices type: application diff --git a/chart/templates/deployment/_icc.yaml b/chart/templates/deployment/_icc.yaml index 926d34b..37dced9 100644 --- a/chart/templates/deployment/_icc.yaml +++ b/chart/templates/deployment/_icc.yaml @@ -240,6 +240,8 @@ spec: {{- end }} {{- with .aws }} + - name: PLT_AWS_SA_ROLE_ARN + value: {{ .role_arn }} {{- with .elasticache }} - name: PLT_APPLICATIONS_CACHE_PROVIDER value: elasticache