Update the EFA integration test to create cluster that generates real metrics and tests new EFA metrics #622
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ribute using { ... }.
…t attribute using { ... }.
…t attribute using { ... }.
…ch Observability addon
This reverts commit 4fbf9a1.
…isable KMS key creation
- Create dedicated VPC (10.0.0.0/16) for EFA integration test - Add public subnets (10.0.1.0/24, 10.0.2.0/24) for control plane - Add private subnets (10.0.10.0/24, 10.0.11.0/24) for worker nodes - Configure NAT Gateway for outbound internet access from private subnets - Deploy EKS node group in private subnets for security - Add proper routing tables and security groups
- Change Kubernetes version from 1.33 to 1.31 (has GPU AMI support) - Use AL2_x86_64_GPU AMI type for EFA workloads - Fixes SSM parameter not found error for 1.33 GPU AMI
- Add null_resource validator to run Go tests after EKS deployment - Enable cluster_endpoint_public_access for kubectl and validator access - Validator runs up to 10 attempts with 60s intervals
- Replace node group IAM policy with proper Pod Identity associations - Create dedicated IAM role with CloudWatchAgentServerPolicy - Add Pod Identity associations for cloudwatch-agent and fluent-bit service accounts - Remove unnecessary AWSXRayDaemonWriteAccess policy - Follow AWS recommended approach for EKS addon permissions
movence
reviewed
Nov 21, 2025
… remove unnecessary configs - Use var.k8s_version instead of hardcoded '1.31' - Use var.ami_type instead of hardcoded 'AL2_x86_64_GPU' to support AL2023_x86_64_NVIDIA - Remove endpoint_public_access and enabled_log_types as they are not required - Keep enable_cluster_creator_admin_permissions as it is required for cluster access
This reverts commit 7c75b77.
…o v5 - Add missing AWS provider configuration - Downgrade from AWS provider v6.22.0 to v5.x to avoid tag handling bug - Fixes panic: Value Conversion Error with unknown tag values
otherwise we get ``` null_resource.kubectl (local-exec): E1121 17:22:06.055143 2841 memcache.go:265] "Unhandled Error" err="couldn't get current server API group list: Get \"https://2E...15AA.gr7.us-west-2.eks.amazonaws.com/api?timeout=32s\": dial tcp 10.0.1.142:443: i/o timeout" ```
This reverts commit 494d32c.
movence
approved these changes
Dec 10, 2025
duhminick
approved these changes
Dec 10, 2025
| # VPC Endpoints for private subnet access | ||
| resource "aws_vpc_endpoint" "ecr_dkr" { | ||
| vpc_id = aws_vpc.efa_test_vpc.id | ||
| service_name = "com.amazonaws.us-west-2.ecr.dkr" |
Contributor
There was a problem hiding this comment.
nit: we could do service_name = "com.amazonaws.${var.region}.ecr.dkr"
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Updates the EFA integration test to match the actual metrics being published to CloudWatch.
Previously we mocked the EFA sysfs files, but it didn't work because the mock was incomplete - missing the GID file needed for MAC address lookup and EC2 API calls.
Now, we create an EKS cluster that has EFA enabled and validate those metrics.
Testing
https://github.com/aws/amazon-cloudwatch-agent/actions/runs/19522425520/job/55954299359round 2 testing, incorporating @movence's comments: https://github.com/aws/amazon-cloudwatch-agent/actions/runs/19579639336/job/56074086384
Related
amazon-contributing/opentelemetry-collector-contrib#385
aws/amazon-cloudwatch-agent#1941