v0.1 (#1) (#2)

v0.1

Author: engel80

.gitignore

@@ -1,23 +1,7 @@
-# Compiled class file
-*.class
-
-# Log file
+node_modules
+*cdk.out*
+*cdk.context.json*
 *.log
+*.DS_Store*
 
-# BlueJ files
-*.ctxt
-
-# Mobile Tools for Java (J2ME)
-.mtj.tmp/
-
-# Package Files #
-*.jar
-*.war
-*.nar
-*.ear
-*.zip
-*.tar.gz
-*.rar
-
-# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
-hs_err_pid*
+*internal*

README.md

@@ -1,2 +1,136 @@
-# cdk-eks-blueprints
-EKS Blueprints Sample Code
+# CDK EKS Blueprints Sample
+
+## Prequisets
+
+```bash
+npm install -g [email protected]
+
+# install packages in the root folder
+npm install
+
+export CDK_DEFAULT_ACCOUNT=123456789012
+export CDK_DEFAULT_REGION=us-east-1
+```
+
+Use the `cdk` command-line toolkit to interact with your project:
+
+ * `cdk deploy`: deploys your app into an AWS account
+ * `cdk synth`: synthesizes an AWS CloudFormation template for your app
+ * `cdk diff`: compares your app with the deployed stack
+ * `cdk watch`: deployment every time a file change is detected
+
+## CDK Stack Time Taken
+
+| Stack                         | Time    |
+|-------------------------------|---------|
+| VPC                           | 3m      |
+| EKS cluster                   | 21m  (38 Stacks)   |
+| Total                         | 24m     | 
+
+# Install
+
+## Step 1: VPC
+
+The VPC ID will be saved into the SSM parameter store to refer from other stacks.
+
+Parameter Name : `/cdk-eks-gpu-cluster/vpc-id`
+
+Use the `-c vpcId` context parameter if you want to use the existing VPC.
+
+```bash
+cd vpc
+cdk bootstrap
+cdk deploy
+```
+
+[vpc/lib/vpc-stack.ts](./vpc/lib/vpc-stack.ts)
+
+## Step 2: EKS cluster and add-on with Blueprints
+
+2 CDK stacks are created eks-blueprint-demo and `eks-blueprint-demo-dev`.
+
+```bash
+cd ../blueprints
+cdk bootstrap
+cdk deploy eks-blueprint-demo-dev
+
+# or define your VPC id with context parameter
+cdk deploy eks-blueprint-demo-dev -c vpcId=<vpc-id>
+```
+
+Cluster Name: [blueprints/lib/cluster-config.ts](./blueprints/lib/cluster-config.ts)
+
+[blueprints/lib/cluster-stack.ts](./blueprints/lib/cluster-stack.ts)
+
+```bash
+Outputs:
+eks-blueprint-demo-dev.Cluster = eks-blueprint-demo
+eks-blueprint-demo-dev.ClusterArn = arn:aws:eks:us-east-1:123456789012:cluster/eks-blueprint-demo
+eks-blueprint-demo-dev.ClusterCertificateAuthorityData = xxxxxxxx
+eks-blueprint-demo-dev.ClusterEncryptionConfigKeyArn = 
+eks-blueprint-demo-dev.ClusterEndpoint = https://123456789012.gr7.us-east-1.eks.amazonaws.com
+eks-blueprint-demo-dev.ClusterName = eks-blueprint-demo
+eks-blueprint-demo-dev.ClusterSecurityGroupId = sg-0123456789abc
+eks-blueprint-demo-dev.VPC = vpc-0123456789abc
+eks-blueprint-demo-dev.eksclusterConfigCommand515C0544 = aws eks update-kubeconfig --name eks-blueprint-demo --region us-east-1 --role-arn arn:aws:iam::123456789012:role/eks-blueprint-demo-dev-iamrole10180D71-D83FQPH1BRW3
+eks-blueprint-demo-dev.eksclusterGetTokenCommand3C33A2A5 = aws eks get-token --cluster-name eks-blueprint-demo --region us-east-1 --role-arn arn:aws:iam::123456789012:role/eks-blueprint-demo-dev-iamrole10180D71-D83FQPH1BRW3
+```
+
+Pods
+
+![K9s Pod](./screenshots/pod.png?raw=true)
+
+Services
+
+![K9s Service](./screenshots/service.png?raw=true)
+
+```bash
+eksctl create iamidentitymapping --cluster <cluster-name> --arn arn:aws:iam::<account-id>:role/<role-name> --group system:masters --username admin --region us-east-1
+```
+
+## Step 3: Kubernetes Dashboard
+
+```bash
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.1/aio/deploy/recommended.yaml
+
+kubectl apply -f k8s-dabboard/eks-admin-service-account.yaml
+
+kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep eks-admin | awk '{print $1}')
+
+kubectl proxy
+```
+
+[Dashboard Login](http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/#/login)
+
+## Step 4: Deploy Sample RESTFul API
+
+```bash
+cd app
+
+docker build -t sample-rest-api .
+
+docker tag sample-rest-api:latest <account>.dkr.ecr.<region>.amazonaws.com/sample-rest-api:latest
+
+aws ecr get-login-password --region <region> | docker login --username AWS --password-stdin <account>.dkr.ecr.<region>.amazonaws.com
+
+docker push <account>.dkr.ecr.<region>.amazonaws.com/sample-rest-api:latest
+
+```
+
+```bash
+kubectl apply -f ./app/sample-rest-api.yaml
+```
+
+[app/sample-rest-api.yaml](./app/sample-rest-api.yaml)
+
+# Uninstall
+
+```bash
+kubectl delete -f ./app/sample-rest-api.yaml
+```
+
+# Reference
+
+https://github.com/aws-quickstart/cdk-eks-blueprints
+
+https://aws-quickstart.github.io/cdk-eks-blueprints

app/Dockerfile

@@ -0,0 +1,14 @@
+FROM python:3.9-alpine
+
+VOLUME ./:app/
+
+COPY requirements.txt requirements.txt
+RUN pip install -r requirements.txt
+
+COPY . /app/
+
+WORKDIR /app
+
+EXPOSE 8080
+
+CMD ["gunicorn", "flask_api:app", "--bind", "0.0.0.0:8080"]

app/flask_api.py

@@ -0,0 +1,39 @@
+from flask import Flask
+from flask import request
+
+app = Flask(__name__)
+
+@app.route("/")
+def ping_root():
+    return returnRequests()
+
+@app.route("/<string:path1>")
+def ping_path1(path1):
+    return returnRequests()
+
+@app.route("/<string:path1>/<string:path2>")
+def ping_path2(path1, path2):
+    return returnRequests()
+
+@app.route("/<string:path1>/<string:path2>/<string:path3>")
+def ping_path3(path1, path2, path3):
+    return returnRequests()
+
+@app.route("/<string:path1>/<string:path2>/<string:path3>/<string:path4>")
+def ping_path4(path1, path2, path3, path4):
+    return returnRequests()
+ 
+@app.route("/<string:path1>/<string:path2>/<string:path3>/<string:path4>/<string:path5>")
+def ping_path5(path1, path2, path3, path4, path5):
+    return returnRequests()
+
+def returnRequests():
+    return {
+        "host": request.host,
+        "url": request.url,
+        "method": request.method,
+        "message": "Hello, World"
+    }
+
+if __name__ == '__main__':
+    app.run(host='0.0.0.0', port=8080)

app/gunicorn.config.py

@@ -0,0 +1,2 @@
+import multiprocessing
+workers = multiprocessing.cpu_count() * 2 + 1

app/requirements.txt

@@ -0,0 +1,2 @@
+flask
+gunicorn

app/sample-rest-api.yaml

@@ -0,0 +1,80 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: sample-rest-api
+  namespace: default
+  annotations:
+    app: 'sample-rest-api'
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: sample-rest-api
+  template:
+    metadata:
+      labels:
+        app: sample-rest-api
+    spec:
+      containers:
+        - name: sample-rest-api
+          image: <account>.dkr.ecr.<region>.amazonaws.com/sample-rest-api:latest
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 8000
+          resources:
+            requests:
+              cpu: 1
+              memory: "1024Mi"
+          env:
+          - name: env
+            value: "dev"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: sample-rest-api
+  annotations:
+    app: 'sample-rest-api'
+    alb.ingress.kubernetes.io/healthcheck-path: "/ping"
+spec:
+  selector:
+    app: sample-rest-api
+  type: NodePort
+  ports:
+    - port: 8000
+      targetPort: 8000
+      protocol: TCP
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: "sample-rest-api-ingress"
+  namespace: default
+  annotations:
+    app: 'sample-rest-api'
+    kubernetes.io/ingress.class: alb
+    alb.ingress.kubernetes.io/scheme: internet-facing
+    alb.ingress.kubernetes.io/target-type: ip
+    alb.ingress.kubernetes.io/load-balancer-name: sample-rest-api
+    alb.ingress.kubernetes.io/load-balancer-attributes: idle_timeout.timeout_seconds=30
+    alb.ingress.kubernetes.io/target-group-attributes: deregistration_delay.timeout_seconds=10
+    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
+    # alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:<region>:<account-id>:certificate/<id>
+    # alb.ingress.kubernetes.io/ssl-redirect: '443'
+    alb.ingress.kubernetes.io/tags: env=dev
+    alb.ingress.kubernetes.io/healthcheck-interval-seconds: '16'
+    alb.ingress.kubernetes.io/healthcheck-timeout-seconds: '15'
+    alb.ingress.kubernetes.io/healthy-threshold-count: '2'
+    alb.ingress.kubernetes.io/unhealthy-threshold-count: '5'
+spec:
+  rules:
+  - http:
+        paths:
+          - path: /*
+            pathType: ImplementationSpecific
+            backend:
+              service:
+                name: "sample-rest-api"
+                port:
+                  number: 8000

blueprints/.DS_Store

@@ -0,0 +1,16 @@
+#!/usr/bin/env node
+import * as cdk from 'aws-cdk-lib';
+
+import EksBlueprintStack from '../lib/cluster-stack';
+
+import { CLUSTER_NAME } from '../lib/cluster-config';
+
+const app = new cdk.App();
+const env = {
+    account: process.env.CDK_DEFAULT_ACCOUNT,
+    region: process.env.CDK_DEFAULT_REGION,
+    stage: app.node.tryGetContext('stage') || 'local'
+};
+
+new EksBlueprintStack(app, { id: `${CLUSTER_NAME}` }, { env });
+

blueprints/bin/index.ts

@@ -0,0 +1,32 @@
+{
+  "app": "npx ts-node --prefer-ts-exts bin/index.ts",
+  "watch": {
+    "include": [
+      "**"
+    ],
+    "exclude": [
+      "README.md",
+      "cdk*.json",
+      "**/*.d.ts",
+      "**/*.js",
+      "tsconfig.json",
+      "package*.json",
+      "yarn.lock",
+      "node_modules",
+      "test"
+    ]
+  },
+  "context": {
+    "@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId": true,
+    "@aws-cdk/core:stackRelativeExports": true,
+    "@aws-cdk/aws-rds:lowercaseDbIdentifier": true,
+    "@aws-cdk/aws-lambda:recognizeVersionProps": true,
+    "@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021": true,
+    "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": true,
+    "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": true,
+    "@aws-cdk/core:target-partitions": [
+      "aws",
+      "aws-cn"
+    ]
+  }
+}

blueprints/cdk.json

@@ -0,0 +1,8 @@
+module.exports = {
+  testEnvironment: 'node',
+  roots: ['<rootDir>/test'],
+  testMatch: ['**/*.test.ts'],
+  transform: {
+    '^.+\\.tsx?$': 'ts-jest'
+  }
+};

blueprints/jest.config.js

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+
+export const CLUSTER_NAME = 'eks-blueprint-demo';