Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Multiple Cluster pipeline for Conformitron #160

Closed
wants to merge 47 commits into from
Closed

Multiple Cluster pipeline for Conformitron #160

Show file tree
Hide file tree
Changes from 9 commits
Commits
Show all changes
47 commits
Select commit Hold shift + click to select a range
06daad2
initial commit
Howlla Feb 8, 2024
1995c6b
remove argocd repo code
Howlla Feb 8, 2024
01b15c6
argoCD Infra and Flux GitOps
Howlla Feb 9, 2024
134e42e
update application and branch
Howlla Feb 9, 2024
42faa59
update argo addon config owner
Howlla Feb 9, 2024
c20bfb4
update owner of github argo addon
Howlla Feb 9, 2024
087b1cc
creating addons inside for loop
Howlla Feb 10, 2024
24ae202
moving addons creation inside for loop
Howlla Feb 10, 2024
4fb0050
update branch of argo addon
Howlla Feb 12, 2024
8f09934
update branch for argo addon
Howlla Feb 12, 2024
bc4ee93
update flux
Howlla Feb 12, 2024
17d51f4
8 clusters enabled
Howlla Feb 13, 2024
dd6ad3b
sepearte addons
Howlla Feb 14, 2024
8701849
refactor to seperate builder with multiple AMP providers
Howlla Feb 16, 2024
afac52b
external secrets already part of oss pattern
Howlla Feb 16, 2024
cfa3975
Bottlerocket clusters added, eks 1.24 and 1.25 support removed
Howlla Feb 16, 2024
3010f26
coredns version explicitly passed to stop fail for eks1.26
Howlla Feb 16, 2024
c177c71
reorder addon props to pass them correctly
Howlla Feb 16, 2024
b90be5f
documentation added
Howlla Feb 19, 2024
3218659
Merge branch 'conformitronInitiative' into myBranch
Howlla Feb 19, 2024
366a52c
Merge pull request #1 from Howlla/myBranch
Howlla Feb 19, 2024
7ae6b86
mkdocs fix
Howlla Feb 19, 2024
2a870d0
mkdocs update
Howlla Feb 19, 2024
2128938
mkdocs fix formatting for service quotas
Howlla Feb 19, 2024
a57583b
test
Howlla Feb 21, 2024
dfd636d
est
Howlla Feb 21, 2024
742475b
hardcode amg
Howlla Feb 21, 2024
9ac620c
upbound
Howlla Feb 21, 2024
879de8e
downgrade eks for grafana cluster
Howlla Feb 21, 2024
5e83a79
hardcode amp amg
Howlla Feb 21, 2024
70c5268
update https
Howlla Feb 21, 2024
3c5bfe7
ssm agent addon
Howlla Feb 21, 2024
a579793
ssm agent
Howlla Feb 21, 2024
8ddef51
Add files via upload
Howlla Feb 22, 2024
11be402
secrets update
Howlla Feb 23, 2024
da7d68f
docs update
Howlla Feb 23, 2024
1432aac
amp resource provider
Howlla Feb 23, 2024
ae22574
modify kustomizations
Howlla Feb 23, 2024
1dec0b6
Merge branch 'aws-samples:main' into conformitronInitiative
Howlla Feb 23, 2024
2f6f075
Merge branch 'conformitronInitiative' into test123
Howlla Feb 24, 2024
211f0fc
Merge pull request #2 from Howlla/test123
Howlla Feb 24, 2024
e243c87
Final commit with SSM for Grafana
Howlla Feb 24, 2024
8937fff
doc variable name fix
Howlla Feb 24, 2024
dacfd34
fix failing ci cd jobs
Howlla Feb 24, 2024
1fa37be
fix md links
Howlla Feb 24, 2024
cea3bec
dead link multi-cluster
Howlla Feb 24, 2024
e7138c8
adding extra parameter to grafanaMonitoringConstruct for ws Id
Howlla Feb 24, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 13 additions & 0 deletions bin/multi-cluster-conformitron.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
import { configureApp, errorHandler } from '../lib/common/construct-utils';
import { PipelineMultiCluster } from '../lib/multi-cluster-construct';


const app = configureApp();

//-------------------------------------------
// Multiple clusters, multiple regions.
//-------------------------------------------

new PipelineMultiCluster().buildAsync(app).catch((error) => {
errorHandler(app, "Multi cluster pattern is not setup. It may be due to missing secrets: ", error);
});
69 changes: 69 additions & 0 deletions lib/multi-cluster-construct/eksa-secret-stores.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
import * as blueprints from '@aws-quickstart/eks-blueprints';
import * as eks from "aws-cdk-lib/aws-eks";
import { Construct } from 'constructs';
import { dependable } from '@aws-quickstart/eks-blueprints/dist/utils';

export class EksAnywhereSecretsAddon implements blueprints.ClusterAddOn {
id?: string | undefined;
@dependable(blueprints.addons.ExternalsSecretsAddOn.name)
deploy(clusterInfo: blueprints.ClusterInfo): void | Promise<Construct> {
const cluster = clusterInfo.cluster;

const clusterSecretStore = new eks.KubernetesManifest(clusterInfo.cluster, "ClusterSecretStore", {
cluster: cluster,
manifest: [
{
apiVersion: "external-secrets.io/v1beta1",
kind: "ClusterSecretStore",
metadata: {name: "eks-cloud-secret-store"},
Howlla marked this conversation as resolved.
Show resolved Hide resolved
spec: {
provider: {
aws: {
service: "SecretsManager",
region: clusterInfo.cluster.stack.region,
auth: {
jwt: {
serviceAccountRef: {
name: "external-secrets-sa",
namespace: "external-secrets",
},
},
},
},
},
},
},
],
});

const clusterConfigMapStore = new eks.KubernetesManifest(clusterInfo.cluster, "ClusterConfigMap", {
cluster: cluster,
manifest: [
{
apiVersion: "external-secrets.io/v1beta1",
kind: "ClusterSecretStore",
metadata: {name: "eks-cloud-configmap-store"},
Howlla marked this conversation as resolved.
Show resolved Hide resolved
spec: {
provider: {
aws: {
service: "ParameterStore",
region: clusterInfo.cluster.stack.region,
auth: {
jwt: {
serviceAccountRef: {
name: "external-secrets-sa",
namespace: "external-secrets",
},
},
},
},
},
},
},
],
});

clusterConfigMapStore.node.addDependency(clusterSecretStore);
return Promise.resolve(clusterSecretStore);
}
}
1 change: 1 addition & 0 deletions lib/multi-cluster-construct/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
export { PipelineMultiCluster } from './pipeline';
Howlla marked this conversation as resolved.
Show resolved Hide resolved
113 changes: 113 additions & 0 deletions lib/multi-cluster-construct/pipeline.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,113 @@
import * as blueprints from '@aws-quickstart/eks-blueprints';
import * as eks from 'aws-cdk-lib/aws-eks';
import * as ec2 from 'aws-cdk-lib/aws-ec2';
import { Construct } from 'constructs';
import { EksAnywhereSecretsAddon } from './eksa-secret-stores';


/**
* Main multi-cluster deployment pipeline.
*/
export class PipelineMultiCluster {

async buildAsync(scope: Construct) {
// const context = await populateAccountWithContextDefaults();
const account = "810198167072";
Howlla marked this conversation as resolved.
Show resolved Hide resolved
const region = "us-east-2";

console.log(account,region)
// environments IDs consts
const X86_ENV_ID = `eks-x86-${region}`;
const ARM_ENV_ID = `eks-arm-${region}`;

const CLUSTER_VERSIONS = [
eks.KubernetesVersion.V1_24,
eks.KubernetesVersion.V1_25,
eks.KubernetesVersion.V1_26,
eks.KubernetesVersion.V1_27,
]

const addons: Array<blueprints.ClusterAddOn> = [
new blueprints.addons.ExternalsSecretsAddOn(),
Howlla marked this conversation as resolved.
Show resolved Hide resolved
new blueprints.addons.FluxCDAddOn({
Howlla marked this conversation as resolved.
Show resolved Hide resolved
repositories:[{
name: "eks-cloud-addons-conformance",
namespace: "flux-system",
repository: {
repoUrl: 'https://github.com/aws-samples/eks-anywhere-addons',
targetRevision: "main",
},
values: {
},
kustomizations: [
{kustomizationPath: "./eks-anywhere-common/Addons/Core"},
{kustomizationPath: "./eks-anywhere-common/Addons/Partner"},
{kustomizationPath: "./eks-cloud/Addons/Core"},
{kustomizationPath: "./eks-cloud/Addons/Partner"}
],
}],
}),
];

let clusterProps : blueprints.MngClusterProviderProps = {
maxSize : 3,
minSize : 1,
desiredSize: 1
};

const stages : blueprints.StackStage[] = [];

for(const version of CLUSTER_VERSIONS) {
clusterProps.amiType = eks.NodegroupAmiType.AL2_X86_64;
clusterProps.instanceTypes = [ec2.InstanceType.of(ec2.InstanceClass.M5, ec2.InstanceSize.XLARGE)];
const blueprintX86 = blueprints.EksBlueprint.builder()
.account(account)
.version(version)
.clusterProvider(new blueprints.MngClusterProvider(clusterProps))
.useDefaultSecretEncryption(true)
.addOns(...addons);

stages.push({
id: `${X86_ENV_ID}-` + version.version.replace(".", "-"),
stackBuilder : blueprintX86.clone(region)
});


clusterProps.amiType = eks.NodegroupAmiType.AL2_ARM_64;
clusterProps.instanceTypes = [ec2.InstanceType.of(ec2.InstanceClass.M7G, ec2.InstanceSize.XLARGE)];
const blueprintARM = blueprints.EksBlueprint.builder()
.account(account)
.version(version)
.clusterProvider(new blueprints.MngClusterProvider(clusterProps))
.useDefaultSecretEncryption(true)
.addOns(...addons);

stages.push({
id: `${ARM_ENV_ID}-` + version.version.replace(".", "-"),
stackBuilder : blueprintARM.clone(region)
});
}


blueprints.CodePipelineStack.builder()
.application('npx ts-node bin/multi-cluster-conformitron.ts')
.name('multi-cluster-central-pipeline')
.owner('Howlla')
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will have to change when you merge!

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

changes done

.codeBuildPolicies(blueprints.DEFAULT_BUILD_POLICIES)
.repository({
repoUrl: "cdk-eks-blueprints-patterns",
credentialsSecretName: 'github-token',
targetRevision: 'conformitronInitiative',
})
.wave({
id: "prod-test",
stages
})
.build(scope, "multi-cluster-central-pipeline", {
env: {
account: process.env.CDK_DEFAULT_ACCOUNT,
region: process.env.CDK_DEFAULT_REGION,
}
});
}
}