Merge pull request #23 from doitintl/splitting_into_3_phases

Did some manual testing before merging to main.

Author: neoakris

.gitignore

@@ -7,4 +7,8 @@ node_modules
 
 .cdk.staging
 cdk.out
+
+# IDE files
+.idea/
+.vscode/
 ################################

bin/cdk-main.ts

@@ -11,6 +11,7 @@ TS(TypeScript) import syntax that means:
 * The "named import" can be arbtirarily named.
 * Items in the named import can be referenced with the dot operator.
 */
+import { ensure_existance_of_kubectl_helm_lambda_deployer_role_used_by_easy_eks } from '../lib/Utilities';
 import { Opinionated_VPC } from '../lib/Opinionated_VPC';
 import { Easy_EKS } from '../lib/Easy_EKS'; //AWS EKS L2 construct based cluster
 /*     ^--_This---^ 
@@ -24,6 +25,16 @@ TS import syntax that means:
 ////////////////////////////////////////////////////////////////////////////////////////////
 
 
+////////////////////////////////////////////////////////////////////////////////////////////
+ensure_existance_of_kubectl_helm_lambda_deployer_role_used_by_easy_eks();
+// ^-- This uses aws cli and node.js shell to ensure a dependency IAM role exists.
+//     Note: 
+//     When a user first runs "cdk list" or "cdk deploy *"
+//     The code will auto-runs (without requesting permission/input from the user)
+//     This is for UX reasons, as cdk failures will occur if it's not pre-existing.
+////////////////////////////////////////////////////////////////////////////////////////////
+
+
 ////////////////////////////////////////////////////////////////////////////////////////////
 // IMPORTANT NOTE: For Conceptual Understanding and Comprehension:
 const cdk_state = new cdk.App(); //<-- Root AWS "Construct"
@@ -128,28 +139,36 @@ dev1_eks.apply_global_baseline_eks_config();
 dev1_eks.apply_my_orgs_baseline_eks_config();
 dev1_eks.apply_lower_envs_eks_config();
 dev1_eks.apply_dev_eks_config();
-dev1_eks.stage_deployment_of_eks_construct_into_this_objects_stack();
-dev1_eks.stage_deployment_of_global_baseline_eks_dependencies();
-dev1_eks.stage_deployment_of_my_orgs_baseline_eks_dependencies();
-dev1_eks.stage_deployment_of_lower_envs_eks_dependencies();
-dev1_eks.stage_deployment_of_dev_eks_dependencies();
-dev1_eks.stage_deployment_of_global_baseline_eks_workload_dependencies();
-dev1_eks.stage_deployment_of_my_orgs_baseline_eks_workload_dependencies();
-dev1_eks.stage_deployment_of_lower_envs_eks_workload_dependencies();
-dev1_eks.stage_deployment_of_dev_eks_workload_dependencies();
+dev1_eks.stage_deployment_of_eks_cluster();
+dev1_eks.stage_deployment_of_global_baseline_eks_addons();
+dev1_eks.stage_deployment_of_my_orgs_baseline_eks_addons();
+dev1_eks.stage_deployment_of_lower_envs_eks_addons();
+dev1_eks.stage_deployment_of_dev_eks_addons();
+//^-- `cdk deploy dev1-eks-cluster has a deployment time of ~17mins
+///////////////////////////////////////////////////////////////////////
+dev1_eks.stage_deployment_of_global_baseline_eks_essentials();
+dev1_eks.stage_deployment_of_my_orgs_baseline_eks_essentials();
+dev1_eks.stage_deployment_of_lower_envs_eks_essentials();
+dev1_eks.stage_deployment_of_dev_eks_essentials();
+//^-- `cdk deploy dev1-eks-essentials has a deployment time of ~2mins
+///////////////////////////////////////////////////////////////////////
 dev1_eks.stage_deployment_of_global_baseline_eks_workloads();
 dev1_eks.stage_deployment_of_my_orgs_baseline_eks_workloads();
 dev1_eks.stage_deployment_of_lower_envs_eks_workloads();
 dev1_eks.stage_deployment_of_dev_eks_workloads();
-//^-- deployment time of ~18.6mins (~15-20mins)
+//^-- `cdk deploy dev1-eks-workloads has a deployment time of ~1min
+
+
+
+///////////////////////////////////////////////////////////////////////////////////////////
 
 //Example 2: Equivalent to Example 1, just with convenience methods as short hand
 //(This format balances usability and debugability)
 const dev2_eks = new Easy_EKS(cdk_state, 'dev2-eks', low_co2_AMER_stack_config);
 dev2_eks.apply_dev_baseline_config(); //<-- convenience method #1
-dev2_eks.stage_deployment_of_eks_construct_into_this_objects_stack();
-dev2_eks.stage_deployment_of_dev_baseline_dependencies(); //<-- convenience method #2
-dev2_eks.stage_deployment_of_dev_baseline_workload_dependencies(); //<-- convenience method #3
+dev2_eks.stage_deployment_of_eks_cluster();
+dev2_eks.stage_deployment_of_dev_baseline_addons(); //<-- convenience method #2
+dev2_eks.stage_deployment_of_dev_baseline_essentials(); //<-- convenience method #3
 dev2_eks.stage_deployment_of_dev_baseline_workloads(); //<-- convenience method #4
 
 //Example 3: Equivalent to Examples 1 & 2, just shorter

cdk.context.json

@@ -1,14 +1 @@
-{
-  "availability-zones:account=905418347382:region=ca-central-1": [
-    "ca-central-1a",
-    "ca-central-1b",
-    "ca-central-1d"
-  ],
-  "ami:account=905418347382:filters.image-type.0=machine:filters.name.0=fck-nat-al2023-*-arm64-ebs:filters.state.0=available:owners.0=568608671756:region=ca-central-1": "ami-045d3a84706b8feeb",
-  "key-provider:account=905418347382:aliasName=alias/eks/lower-envs:region=ca-central-1": {
-    "keyId": "2c710e12-cad3-42f5-a92f-e7d7980aebea"
-  },
-  "acknowledged-issue-numbers": [
-    32775
-  ]
-}
+{}

config/eks/dev_eks_config.ts

@@ -1,31 +1,55 @@
 import { Easy_EKS_Config_Data } from '../../lib/Easy_EKS_Config_Data';
 import * as cdk from 'aws-cdk-lib';
 import * as eks from 'aws-cdk-lib/aws-eks'
-import * as iam from 'aws-cdk-lib/aws-iam';
-import request from 'sync-request-curl'; //npm install sync-request-curl (cdk requires sync functions, async not allowed)
+import {
+  Apply_Podinfo_Helm_Chart,
+  Apply_Podinfo_Http_Alb_YAML,
+  Apply_Podinfo_Https_Alb_YAML,
+  Podinfo_Helm_Config,
+} from "../../lib/Podinfo_Manifests";
+
 //Intended Use: 
 //EasyEKS Admins: edit this file with config to apply to all dev / sandbox cluster's in your org.
 
-export function apply_config(config: Easy_EKS_Config_Data, stack: cdk.Stack){ //config: is of type Easy_EKS_Config_Data
-    config.addTag("Environment", "Dev");
+export function apply_config(config: Easy_EKS_Config_Data, stack: cdk.Stack) { //config: is of type Easy_EKS_Config_Data
+  config.addTag("Environment", "Dev");
 }//end apply_config()
 
 ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 
-export function deploy_dependencies(config: Easy_EKS_Config_Data, stack: cdk.Stack, cluster: eks.Cluster){
+export function deploy_addons(config: Easy_EKS_Config_Data, stack: cdk.Stack, cluster: eks.Cluster) {
+
+    // v-- most won't need this, so commented out by default
+    // const pvc_snapshot_controller = new eks.CfnAddon(stack, 'snapshot-controller', {
+    //     clusterName: cluster.clusterName,
+    //     addonName: 'snapshot-controller',
+    //     addonVersion: 'v8.2.0-eksbuild.1', //v--query for latest
+    //     // aws eks describe-addon-versions --kubernetes-version=1.31 --addon-name=snapshot-controller --query='addons[].addonVersions[].addonVersion' | jq '.[0]'
+    //     resolveConflicts: 'OVERWRITE',
+    //     configurationValues: '{}',
+    // });
 
-}//end deploy_dependencies()
+}//end deploy_addons()
 
 ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 
-export function deploy_workload_dependencies(config: Easy_EKS_Config_Data, stack: cdk.Stack, cluster: eks.Cluster){
+export function deploy_essentials(config: Easy_EKS_Config_Data, stack: cdk.Stack, cluster: eks.ICluster){
+
+}//end deploy_essentials()
+
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+
+export function deploy_workloads(config: Easy_EKS_Config_Data, stack: cdk.Stack, cluster: eks.ICluster) {
+
     // This is an example of a workload that uses a PersistentVolumeClaim with a storage class that is encrypted
     // with AWS KMS key.
-    // IMPORTANT: if the cdk insfrastructure is destroyed it will leave the volume orphans, and they will 
+    // IMPORTANT: if the cdk insfrastructure is destroyed it will leave the volume orphans, and they will
     // need to be manually deleted.
     let name="test-claim-gp3";
     let size="10Gi";
@@ -91,13 +115,64 @@ export function deploy_workload_dependencies(config: Easy_EKS_Config_Data, stack
         overwrite: true,
         prune: true,
     });
-    pvc_demo_construct.node.addDependency(cluster.awsAuth);
-}//end deploy_workload_dependencies()
 
-////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
-////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
-////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 
-export function deploy_workloads(config: Easy_EKS_Config_Data, stack: cdk.Stack, cluster: eks.Cluster){
 
-}//end deploy_workloads()
+
+
+
+  // Define a BLUE podinfo application with insecure ALB (HTTP)
+  const BLUE_PODINFO_HELM_CONFIG = {
+    helm_chart_release: "podinfo-blue",
+    helm_chart_values: {
+      ui: {
+        color: "#0000FF",
+        message: "This is an insecure application with BLUE background",
+      },
+    } as Record<string, any>,
+  } as Podinfo_Helm_Config
+
+  // Deploy a podinfo sample application with BLUE background
+  // Apply_Podinfo_Helm_Chart(cluster, config, stack, BLUE_PODINFO_HELM_CONFIG);
+
+  // Provisioning HTTP ALB, which includes HTTP ALB, Listener, Target Group, etc.
+  // Apply_Podinfo_Http_Alb_YAML(cluster, config, stack, BLUE_PODINFO_HELM_CONFIG)
+
+  // Define a GREEN podinfo application with secure ALB (HTTPS)
+  const GREEN_PODINFO_HELM_CONFIG = {
+    helm_chart_release: "podinfo-green",
+    helm_chart_values: {
+      ui: {
+        color: "#008000",
+        message: "This is an secure application with GREEN background",
+      },
+    } as Record<string, any>,
+  } as Podinfo_Helm_Config
+
+  // Deploy a podinfo sample application with GREEN background
+  // Apply_Podinfo_Helm_Chart(cluster, config, stack, GREEN_PODINFO_HELM_CONFIG);
+
+  // Generate HTTPS ingress manifest
+  /**
+   * TODO: due to DNS ACME challenge, we just use the existing ACME's ARN and subdomain
+   * To make this happen, you need to do:
+   * 1. Prepare a domain or sub-domain
+   * 2. Create a certificate in ACM for the domain / sub-domain
+   * 3. Create CNAME to verify the certificate successfully
+   * 4. Get the ARN of the certificate
+   * 5. Deploy the stack
+   * 6. After ALB is provisioned, create a CNAME record of the domain/sub-domain with the value in the DNS hostname of the ALB
+   */
+  // const https_ingress_yaml = Podinfo_Https_Ingress_Yaml_Generator(
+  //   GREEN_PODINFO_HELM_CONFIG,
+  //   // ACME ARN
+  //   "arn:aws:acm:ap-southeast-2:092464092456:certificate/a2e016d5-58fb-4308-b894-f7a21f7df0b8",
+  //   // Sub-domain
+  //   "kefeng-easyeks.gcp.au-pod-1.cs.doit-playgrounds.dev",
+  // )
+
+  // kubectl apply manifest
+//   Apply_Podinfo_Https_Alb_YAML(cluster, config, stack,
+//     GREEN_PODINFO_HELM_CONFIG,
+//     "arn:aws:acm:ap-southeast-2:092464092456:certificate/a2e016d5-58fb-4308-b894-f7a21f7df0b8")
+}//end deploy_workloads()

config/eks/global_baseline_eks_config.ts

@@ -16,14 +16,15 @@ export function apply_config(config: Easy_EKS_Config_Data, stack: cdk.Stack){ //
     //    More details:
     //      - https://docs.aws.amazon.com/eks/latest/userguide/eks-using-tags.html#tag-restrictions
     //      - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#tag-restrictions
-    
+    config.addClusterAdminARN(`arn:aws:iam::${process.env.CDK_DEFAULT_ACCOUNT}:role/kubectl-helm-lambda-deployer-role-used-by-easy-eks`);
+    //^-- cdk-main.ts calls a Utility.ts library that uses aws cli to ensure this role exists (cdk errors would occur if it wasn't pre-existing.)
 }//end apply_config()
 
 ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 
-export function deploy_dependencies(config: Easy_EKS_Config_Data, stack: cdk.Stack, cluster: eks.Cluster){
+export function deploy_addons(config: Easy_EKS_Config_Data, stack: cdk.Stack, cluster: eks.Cluster){
 
     /*To see official names of all eks add-ons:
     aws eks describe-addon-versions  \
@@ -42,20 +43,20 @@ export function deploy_dependencies(config: Easy_EKS_Config_Data, stack: cdk.Sta
     // but if you manually update in GUI it'll stay updated
     ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 
-}//end deploy_dependencies()
+}//end deploy_addons()
 
 ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 
-export function deploy_workload_dependencies(config: Easy_EKS_Config_Data, stack: cdk.Stack, cluster: eks.Cluster){
+export function deploy_essentials(config: Easy_EKS_Config_Data, stack: cdk.Stack, cluster: eks.ICluster){
 
-}//end deploy_workload_dependencies()
+}//end deploy_essentials()
 
 ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 
-export function deploy_workloads(config: Easy_EKS_Config_Data, stack: cdk.Stack, cluster: eks.Cluster){
+export function deploy_workloads(config: Easy_EKS_Config_Data, stack: cdk.Stack, cluster: eks.ICluster){
 
 }//end deploy_workloads()