Skip to content

CSI-1655: added two sample apps #12

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: integration
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,8 @@ node_modules

.cdk.staging
cdk.out

# IDE files
.idea/
.vscode/
################################
1 change: 1 addition & 0 deletions bin/cdk-main.ts
Original file line number Diff line number Diff line change
Expand Up @@ -142,6 +142,7 @@ dev1_eks.stage_deployment_of_my_orgs_baseline_eks_workloads();
dev1_eks.stage_deployment_of_lower_envs_eks_workloads();
dev1_eks.stage_deployment_of_dev_eks_workloads();
//^-- deployment time of ~18.6mins (~15-20mins)
///////////////////////////////////////////////////////////////////////////////////////////

//Example 2: Equivalent to Example 1, just with convenience methods as short hand
//(This format balances usability and debugability)
Expand Down
74 changes: 73 additions & 1 deletion cdk.context.json
Original file line number Diff line number Diff line change
Expand Up @@ -10,5 +10,77 @@
},
"acknowledged-issue-numbers": [
32775
]
],
"availability-zones:account=092464092456:region=ca-central-1": [
"ca-central-1a",
"ca-central-1b",
"ca-central-1d"
],
"ami:account=092464092456:filters.image-type.0=machine:filters.name.0=fck-nat-al2023-*-arm64-ebs:filters.state.0=available:owners.0=568608671756:region=ca-central-1": "ami-045d3a84706b8feeb",
"availability-zones:account=092464092456:region=ap-southeast-2": [
"ap-southeast-2a",
"ap-southeast-2b",
"ap-southeast-2c",
"ap-southeast-2-akl-1a"
],
"ami:account=092464092456:filters.image-type.0=machine:filters.name.0=fck-nat-al2023-*-arm64-ebs:filters.state.0=available:owners.0=568608671756:region=ap-southeast-2": "ami-0799b4d92d35edd4a",
"vpc-provider:account=092464092456:filter.isDefault=false:filter.tag:Name=lower-envs-vpc:filter.vpc-id=vpc-0b0a49daf937ebd4e:region=ap-southeast-2:returnAsymmetricSubnets=true": {
"vpcId": "vpc-0b0a49daf937ebd4e",
"vpcCidrBlock": "10.99.0.0/16",
"ownerAccountId": "092464092456",
"availabilityZones": [],
"subnetGroups": [
{
"name": "Public",
"type": "Public",
"subnets": [
{
"subnetId": "subnet-086ef6db7aa03a0c8",
"cidr": "10.99.0.0/23",
"availabilityZone": "ap-southeast-2a",
"routeTableId": "rtb-0ff297699d4ac7ad7"
},
{
"subnetId": "subnet-0aa59909b88944cae",
"cidr": "10.99.2.0/23",
"availabilityZone": "ap-southeast-2b",
"routeTableId": "rtb-006b3e4abc859c868"
},
{
"subnetId": "subnet-0dd9405e4884934d9",
"cidr": "10.99.4.0/23",
"availabilityZone": "ap-southeast-2c",
"routeTableId": "rtb-098ce61b7fa0c7c14"
}
]
},
{
"name": "Private",
"type": "Private",
"subnets": [
{
"subnetId": "subnet-0c1bbe1320a8d4d4f",
"cidr": "10.99.32.0/19",
"availabilityZone": "ap-southeast-2a",
"routeTableId": "rtb-039cbceea7f95d542"
},
{
"subnetId": "subnet-048c00d9bab4574e1",
"cidr": "10.99.64.0/19",
"availabilityZone": "ap-southeast-2b",
"routeTableId": "rtb-09947c85e71d96615"
},
{
"subnetId": "subnet-0835a3d4741890dfa",
"cidr": "10.99.96.0/19",
"availabilityZone": "ap-southeast-2c",
"routeTableId": "rtb-0f3be7c4448dcd376"
}
]
}
]
},
"key-provider:account=092464092456:aliasName=alias/eks/lower-envs:region=ap-southeast-2": {
"keyId": "53d98ec6-3051-46b6-a9c6-bd1e4dbf8904"
}
}
76 changes: 68 additions & 8 deletions config/eks/dev_eks_config.ts
Original file line number Diff line number Diff line change
@@ -1,35 +1,95 @@
import { Easy_EKS_Config_Data } from '../../lib/Easy_EKS_Config_Data';
import * as cdk from 'aws-cdk-lib';
import * as eks from 'aws-cdk-lib/aws-eks'
import * as iam from 'aws-cdk-lib/aws-iam';
import request from 'sync-request-curl'; //npm install sync-request-curl (cdk requires sync functions, async not allowed)
import {
Apply_Podinfo_Helm_Chart,
Apply_Podinfo_Ingress_YAML,
Podinfo_Helm_Config,
Podinfo_Http_Ingress_Yaml_Generator,
Podinfo_Https_Ingress_Yaml_Generator,
} from "../../lib/Podinfo_Manifests";

//Intended Use:
//EasyEKS Admins: edit this file with config to apply to all dev / sandbox cluster's in your org.

export function apply_config(config: Easy_EKS_Config_Data, stack: cdk.Stack){ //config: is of type Easy_EKS_Config_Data
config.addTag("Environment", "Dev");
export function apply_config(config: Easy_EKS_Config_Data, stack: cdk.Stack) { //config: is of type Easy_EKS_Config_Data
config.addTag("Environment", "Dev");
}//end apply_config()

////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

export function deploy_dependencies(config: Easy_EKS_Config_Data, stack: cdk.Stack, cluster: eks.Cluster){
export function deploy_dependencies(config: Easy_EKS_Config_Data, stack: cdk.Stack, cluster: eks.Cluster) {

}//end deploy_dependencies()

////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

export function deploy_workload_dependencies(config: Easy_EKS_Config_Data, stack: cdk.Stack, cluster: eks.Cluster){
export function deploy_workload_dependencies(config: Easy_EKS_Config_Data, stack: cdk.Stack, cluster: eks.Cluster) {

}//end deploy_workload_dependencies()

////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

export function deploy_workloads(config: Easy_EKS_Config_Data, stack: cdk.Stack, cluster: eks.Cluster){
export function deploy_workloads(config: Easy_EKS_Config_Data, stack: cdk.Stack, cluster: eks.Cluster) {
// Define a BLUE podinfo application with insecure ALB (HTTP)
const BLUE_PODINFO_HELM_CONFIG = {
helm_chart_release: "podinfo-blue",
helm_chart_values: {
ui: {
color: "#0000FF",
message: "This is an insecure application with BLUE background",
},
} as Record<string, any>,
} as Podinfo_Helm_Config

// Deploy a podinfo sample application with BLUE background
Apply_Podinfo_Helm_Chart(cluster, BLUE_PODINFO_HELM_CONFIG);

// Generate HTTP ingress manifest
const http_ingress_yaml = Podinfo_Http_Ingress_Yaml_Generator(BLUE_PODINFO_HELM_CONFIG);

// kubectl apply manifest
Apply_Podinfo_Ingress_YAML(cluster, BLUE_PODINFO_HELM_CONFIG, http_ingress_yaml)

// Define a GREEN podinfo application with secure ALB (HTTPS)
const GREEN_PODINFO_HELM_CONFIG = {
helm_chart_release: "podinfo-green",
helm_chart_values: {
ui: {
color: "#008000",
message: "This is an secure application with GREEN background",
},
} as Record<string, any>,
} as Podinfo_Helm_Config

// Deploy a podinfo sample application with GREEN background
Apply_Podinfo_Helm_Chart(cluster, GREEN_PODINFO_HELM_CONFIG);

// Generate HTTPS ingress manifest
/**
* TODO: due to DNS ACME challenge, we just use the existing ACME's ARN and subdomain
* To make this happen, you need to do:
* 1. Prepare a domain or sub-domain
* 2. Create a certificate in ACM for the domain / sub-domain
* 3. Create CNAME to verify the certificate successfully
* 4. Get the ARN of the certificate
* 5. Deploy the stack
* 6. After ALB is provisioned, create a CNAME record of the domain/sub-domain with the value in the DNS hostname of the ALB
*/
const https_ingress_yaml = Podinfo_Https_Ingress_Yaml_Generator(
GREEN_PODINFO_HELM_CONFIG,
// ACME ARN
"arn:aws:acm:ap-southeast-2:092464092456:certificate/a2e016d5-58fb-4308-b894-f7a21f7df0b8",
// Sub-domain
"kefeng-easyeks.gcp.au-pod-1.cs.doit-playgrounds.dev",
)

}//end deploy_workloads()
// kubectl apply manifest
Apply_Podinfo_Ingress_YAML(cluster, GREEN_PODINFO_HELM_CONFIG, https_ingress_yaml)
}//end deploy_workloads()
138 changes: 138 additions & 0 deletions lib/Podinfo_Manifests.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,138 @@
import * as cdk from 'aws-cdk-lib';
import * as eks from 'aws-cdk-lib/aws-eks';

export interface Podinfo_Helm_Config {
helm_chart_version: string,
helm_chart_release: string,
helm_chart_values?: Record<string, any> | undefined,
}

////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
export const Podinfo_Http_Ingress_Yaml_Generator = (
podinfo_helm_config: Podinfo_Helm_Config,
): Record<string, any> => {
return {
"apiVersion": "networking.k8s.io/v1",
"kind": "Ingress",
"metadata": {
"name": `${podinfo_helm_config.helm_chart_release}-ingress`,
"namespace": "default",
"annotations": {
"kubernetes.io/ingress.class": "alb",
"alb.ingress.kubernetes.io/scheme": "internet-facing",
"alb.ingress.kubernetes.io/target-type": "ip",
"alb.ingress.kubernetes.io/group.name": podinfo_helm_config.helm_chart_release,
"alb.ingress.kubernetes.io/ip-address-type": "dualstack",
"alb.ingress.kubernetes.io/listen-ports": '[{"HTTP": 80}]',
"alb.ingress.kubernetes.io/backend-protocol": "HTTP",

},
"labels": {
"app": podinfo_helm_config.helm_chart_release,
},
},
"spec": {
"rules": [
{
"http": {
"paths": [
{
"path": "/",
"pathType": "Prefix",
"backend": {
"service": {
"name": podinfo_helm_config.helm_chart_release,
"port": {
"number": podinfo_helm_config.helm_chart_values?.port ?? 9898,
},
},
},
},
],
},
},
],
},
} as Record<string, any>;
}

////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
export const Podinfo_Https_Ingress_Yaml_Generator = (
podinfo_helm_config: Podinfo_Helm_Config,
certificateArn: string,
host: string,
): Record<string, any> => {
return {
"apiVersion": "networking.k8s.io/v1",
"kind": "Ingress",
"metadata": {
"name": `${podinfo_helm_config.helm_chart_release}-ingress`,
"namespace": "default",
"annotations": {
"kubernetes.io/ingress.class": "alb",
"alb.ingress.kubernetes.io/scheme": "internet-facing",
"alb.ingress.kubernetes.io/target-type": "ip",
"alb.ingress.kubernetes.io/group.name": podinfo_helm_config.helm_chart_release,
"alb.ingress.kubernetes.io/ip-address-type": "dualstack",
"alb.ingress.kubernetes.io/listen-ports": '[{"HTTP": 80}, {"HTTPS": 443}]',
"alb.ingress.kubernetes.io/backend-protocol": "HTTP",
"alb.ingress.kubernetes.io/actions.ssl-redirect": '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}',
"alb.ingress.kubernetes.io/certificate-arn": certificateArn,
},
"labels": {
"app": podinfo_helm_config.helm_chart_release,
},
},
"spec": {
"rules": [
{
"host": host,
"http": {
"paths": [
{
"path": "/",
"pathType": "Prefix",
"backend": {
"service": {
"name": podinfo_helm_config.helm_chart_release,
"port": {
"number": podinfo_helm_config.helm_chart_values?.port ?? 9898,
},
},
},
},
],
},
},
],
},
} as Record<string, any>;
}
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
export const Apply_Podinfo_Helm_Chart = (cluster: eks.Cluster,
podinfo_helm_config: Podinfo_Helm_Config) => {
const podinfo_helm = cluster.addHelmChart(podinfo_helm_config.helm_chart_release, {
repository: "https://stefanprodan.github.io/podinfo",
chart: "podinfo",
release: podinfo_helm_config.helm_chart_release,
version: podinfo_helm_config.helm_chart_version || "6.9.0",
values: {
...podinfo_helm_config.helm_chart_values,
},
})
podinfo_helm.node.addDependency(cluster.awsAuth);
return podinfo_helm;
} //end function Apply_Podinfo_Helm_Chart

////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
export function Apply_Podinfo_Ingress_YAML(cluster: eks.Cluster,
podinfo_helm_config: Podinfo_Helm_Config,
podinfo_http_ingress_yaml: Record<string, any>) {
// kubectl apply -f
const ingress_manifest = cluster.addManifest(`${podinfo_helm_config.helm_chart_release}-ingress`, podinfo_http_ingress_yaml);
(ingress_manifest.node.defaultChild as cdk.CfnResource).applyRemovalPolicy(cdk.RemovalPolicy.RETAIN);

return ingress_manifest
} //end function Apply_Podinfo_Ingress_YAML
//
// ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
Loading