Merge pull request #17 from doitintl/integration

Integration

Author: neoakris

bin/cdk-main.ts

@@ -93,14 +93,29 @@ const low_cost_EMEA_stack_config: cdk.StackProps = {
 //Note: 'lower-envs-vpc' is both the VPC name and the CloudFormation Stack Name
 
 const lower_envs_vpc = new Opinionated_VPC(cdk_state, 'lower-envs-vpc', low_co2_AMER_stack_config);
-//Note: About the below lower_envs_vpc.apply_*_config() functions
-//      The order in which you call these functions matters, because some functions set
-//      values in a way that's intended to be overridable. This is why it's
-//      recommended to follow the below order of application (global -> my_org -> env)
-lower_envs_vpc.apply_global_baseline_vpc_config();
-lower_envs_vpc.apply_my_orgs_baseline_vpc_config();
-lower_envs_vpc.apply_lower_envs_vpc_config();
-lower_envs_vpc.deploy_vpc_construct_into_this_objects_stack();
+lower_envs_vpc.stage_deployment_of_opinionated_vpc_for_lower_envs();
+// ^-- This applys global_baseline_vpc_config, then my_orgs_baseline_vpc_config, then lower_envs_vpc_config
+//     Then stages deployment of vpc construct into lower_envs_vpc.stack
+//     Actual Deployment happens when user runs `cdk deploy lower-envs-vpc`
+
+// const higher_envs_vpc = new Opinionated_VPC(cdk_state, 'higher-envs-vpc', low_cost_AMER_stack_config);
+// higher_envs_vpc.stage_deployment_of_opinionated_vpc_for_higher_envs();
+/* ^-- This is commented out by default for 2 reasons:
+       1. Every uncommented staged deployment makes `cdk list` take longer to finish
+          (Things run faster if you wait to uncomment deployable stacks until needed.)
+       2. It won't work until cdk bootstrap is run in the configured stack's region.
+          (us-east-2 is associated with low_cost_AMER_stack_config)
+
+Commands to bootstrap: 
+Note: It's recommended to copy paste each command one at a time, & read output between runs.
+```bash
+export AWS_REGION=us-east-2
+export AWS_ACCOUNT=$(aws sts get-caller-identity | jq .Account | tr -d '"')
+echo $AWS_REGION
+echo $AWS_ACCOUNT
+cdk bootstrap aws://$AWS_ACCOUNT/$AWS_REGION
+```
+*/
 ///////////////////////////////////////////////////////////////////////////////////////////
 
 
@@ -113,32 +128,46 @@ dev1_eks.apply_global_baseline_eks_config();
 dev1_eks.apply_my_orgs_baseline_eks_config();
 dev1_eks.apply_lower_envs_eks_config();
 dev1_eks.apply_dev_eks_config();
-dev1_eks.deploy_eks_construct_into_this_objects_stack();
-dev1_eks.deploy_global_baseline_eks_dependencies();
-dev1_eks.deploy_my_orgs_baseline_eks_dependencies();
-dev1_eks.deploy_lower_envs_eks_dependencies();
-dev1_eks.deploy_dev_eks_dependencies();
-dev1_eks.deploy_global_baseline_eks_workload_dependencies();
-dev1_eks.deploy_my_orgs_baseline_eks_workload_dependencies();
-dev1_eks.deploy_lower_envs_eks_workload_dependencies();
-dev1_eks.deploy_dev_eks_workload_dependencies();
-dev1_eks.deploy_global_baseline_eks_workloads();
-dev1_eks.deploy_my_orgs_baseline_eks_workloads();
-dev1_eks.deploy_lower_envs_eks_workloads();
-dev1_eks.deploy_dev_eks_workloads();
+dev1_eks.stage_deployment_of_eks_construct_into_this_objects_stack();
+dev1_eks.stage_deployment_of_global_baseline_eks_dependencies();
+dev1_eks.stage_deployment_of_my_orgs_baseline_eks_dependencies();
+dev1_eks.stage_deployment_of_lower_envs_eks_dependencies();
+dev1_eks.stage_deployment_of_dev_eks_dependencies();
+dev1_eks.stage_deployment_of_global_baseline_eks_workload_dependencies();
+dev1_eks.stage_deployment_of_my_orgs_baseline_eks_workload_dependencies();
+dev1_eks.stage_deployment_of_lower_envs_eks_workload_dependencies();
+dev1_eks.stage_deployment_of_dev_eks_workload_dependencies();
+dev1_eks.stage_deployment_of_global_baseline_eks_workloads();
+dev1_eks.stage_deployment_of_my_orgs_baseline_eks_workloads();
+dev1_eks.stage_deployment_of_lower_envs_eks_workloads();
+dev1_eks.stage_deployment_of_dev_eks_workloads();
 //^-- deployment time of ~18.6mins (~15-20mins)
 
 //Example 2: Equivalent to Example 1, just with convenience methods as short hand
 //(This format balances usability and debugability)
 const dev2_eks = new Easy_EKS(cdk_state, 'dev2-eks', low_co2_AMER_stack_config);
 dev2_eks.apply_dev_baseline_config(); //<-- convenience method #1
-dev2_eks.deploy_eks_construct_into_this_objects_stack(); //<-- creates eks cluster
-dev2_eks.deploy_dev_baseline_dependencies(); //<-- convenience method #2
-dev2_eks.deploy_dev_baseline_workload_dependencies(); //<-- convenience method #3
-dev2_eks.deploy_dev_baseline_workloads(); //<-- convenience method #4
+dev2_eks.stage_deployment_of_eks_construct_into_this_objects_stack();
+dev2_eks.stage_deployment_of_dev_baseline_dependencies(); //<-- convenience method #2
+dev2_eks.stage_deployment_of_dev_baseline_workload_dependencies(); //<-- convenience method #3
+dev2_eks.stage_deployment_of_dev_baseline_workloads(); //<-- convenience method #4
 
 //Example 3: Equivalent to Examples 1 & 2, just shorter
 //(This format optimizes usability, but can make debugability slightly harder)
 const dev3_eks = new Easy_EKS(cdk_state, 'dev3-eks', low_co2_AMER_stack_config);
-dev3_eks.deploy_opinionated_dev(); //<-- convenience method #5
+dev3_eks.stage_deployment_of_opinionated_eks_cluster_for_dev_envs(); //<-- convenience method #5
+
+///////////////////////////////////////////////////////////////////////////////////////////
+// const test1_eks = new Easy_EKS(cdk_state, 'test1-eks', low_co2_AMER_stack_config);
+// test1_eks.stage_deployment_of_opinionated_eks_cluster_for_test_envs();
+// ^-- This is commented out, because: 
+//     Every uncommented staged deployment makes `cdk list` take longer to finish
+//     (Things run faster if you wait to uncomment deployable stacks until you need them.)
+///////////////////////////////////////////////////////////////////////////////////////////
+// const stage1_eks = new Easy_EKS(cdk_state, 'stage1-eks', low_cost_AMER_stack_config);
+// stage1_eks.stage_deployment_of_opinionated_eks_cluster_for_stage_envs();
+// const prod1_eks = new Easy_EKS(cdk_state, 'prod1-eks', low_cost_AMER_stack_config);
+// prod1_eks.stage_deployment_of_opinionated_eks_cluster_for_prod_envs();
+// ^-- These are commented out, because: 
+//     In addition to the above reason, they also depend on higher-envs-vpc being deployed
 ///////////////////////////////////////////////////////////////////////////////////////////

config/eks/dev_eks_config.ts

@@ -4,7 +4,7 @@ import * as eks from 'aws-cdk-lib/aws-eks'
 import * as iam from 'aws-cdk-lib/aws-iam';
 import request from 'sync-request-curl'; //npm install sync-request-curl (cdk requires sync functions, async not allowed)
 //Intended Use: 
-//EasyEKS Admins: edit this file with config to apply to all dev cluster's in your org.
+//EasyEKS Admins: edit this file with config to apply to all dev / sandbox cluster's in your org.
 
 export function apply_config(config: Easy_EKS_Config_Data, stack: cdk.Stack){ //config: is of type Easy_EKS_Config_Data
     config.addTag("Environment", "Dev");
@@ -23,7 +23,75 @@ export function deploy_dependencies(config: Easy_EKS_Config_Data, stack: cdk.Sta
 ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 
 export function deploy_workload_dependencies(config: Easy_EKS_Config_Data, stack: cdk.Stack, cluster: eks.Cluster){
-
+    // This is an example of a workload that uses a PersistentVolumeClaim with a storage class that is encrypted
+    // with AWS KMS key.
+    // IMPORTANT: if the cdk insfrastructure is destroyed it will leave the volume orphans, and they will 
+    // need to be manually deleted.
+    let name="test-claim-gp3";
+    let size="10Gi";
+    const volume_claim_gp3 = {
+        "apiVersion": "v1",
+        "kind": "PersistentVolumeClaim",
+        "metadata": {
+            "name": `${name}`,
+            "namespace": "default"
+        },
+        "spec": {
+            "accessModes": [
+                "ReadWriteOnce"
+            ],
+            "storageClassName": "kms-encrypted-gp3",
+            "resources": {
+                "requests": {
+                    "storage": `${size}`
+                }
+            }
+        }
+    }
+    const pod_using_volume_claim = {
+        "apiVersion": "v1",
+        "kind": "Pod",
+        "metadata": {
+            "name": "app"
+        },
+        "spec": {
+            "containers": [
+                {
+                    "name": "app",
+                    "image": "ubuntu:latest",
+                    "command": [
+                        "/bin/sh"
+                    ],
+                    "args": [
+                        "-c",
+                        "while true; do echo $(date -u) >> /data/out.txt; sleep 5; done"
+                    ],
+                    "volumeMounts": [
+                        {
+                            "name": "persistent-storage",
+                            "mountPath": "/data"
+                        }
+                    ]
+                }
+            ],
+            "volumes": [
+                {
+                    "name": "persistent-storage",
+                    "persistentVolumeClaim": {
+                        "claimName": `${name}`
+                    }
+                }
+            ]
+        }
+    }
+    const pvc_demo_construct = new eks.KubernetesManifest(stack, "persistentVolumeClaimManifest",
+    {
+        cluster: cluster,
+        manifest: [volume_claim_gp3, pod_using_volume_claim],
+        overwrite: true,
+        prune: true,
+    });
+    pvc_demo_construct.node.addDependency(cluster.awsAuth);
 }//end deploy_workload_dependencies()
 
 ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

config/eks/global_baseline_eks_config.ts

@@ -9,28 +9,14 @@ import request from 'sync-request-curl'; //npm install sync-request-curl (cdk re
 
 //export function apply_config(config: Easy_EKS_Config_Data, stack: cdk.Stack, cluster: eks.Cluster){ //config: is of type Easy_EKS_Config_Data
 export function apply_config(config: Easy_EKS_Config_Data, stack: cdk.Stack){ //config: is of type Easy_EKS_Config_Data    
-    config.addTag("AWS Tag Allowed Characters", "letters numbers + - = . _ : / @ WebSiteLinks");
-    config.addTag("AWS Tag Forbidden Characters", "Hashtag Comma SingleQuote DoubleQuote Parenthesis QuestionMark Asterisk Ampersand https://docs.aws.amazon.com/codeguru/latest/bugbust-ug/limits-tags.html");
     config.addTag("IaC Tooling used for Provisioning and Management of this EKS Cluster", "cdk: a CLI tool that stands for AWS Cloud Development Kit.");
     config.addTag("Upstream Methodology Docs", "https://github.com/doitintl/easyeks");
-    //^-- NOTE: hashtag(#)   comma(,)   singlequote(')   doublequote(\")   parenthesis()   and more are not valid tag values
-    //    https://docs.aws.amazon.com/codeguru/latest/bugbust-ug/limits-tags.html
-    /*Note it's possible when updating tags, that you could see 
-    An error like AWS::EKS::Nodegroup "Update is not supported for the following properties"
-    If that happens temporarily edit the following line in Easy_EKS.ts
-    this.cluster.addNodegroupCapacity(`default_MNG`, default_MNG);
-    to
-    this.cluster.addNodegroupCapacity(`default_MNG-1`, default_MNG);
-    redeploy and it'll go through
-    then rename it back
-    Note: 
-    After setting default_MNG-1, you may see ...is in UPDATE_ROLLBACK_FAILED state and can not be updated
-    If so, go to CloudFormation -> stack -> Stack actions -> continue update rollback for stack - Advanced troubleshooting
-    --> resources to skip - optional (check the box) --> Continue update rollback. 
-    (wait 10 sec, then retry cdk deploy stack)
-    */
-    ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
-
+    //^-- NOTE: AWS tag restrictions vary by service, but generally only letters, numbers, spaces, and the following characters are allowed: + - = . _ : / @
+    //    Tags are validated by the validateTag() function in lib/Utilities.ts before deployment
+    //    More details:
+    //      - https://docs.aws.amazon.com/eks/latest/userguide/eks-using-tags.html#tag-restrictions
+    //      - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#tag-restrictions
+    
 }//end apply_config()
 
 ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

config/eks/my_orgs_baseline_eks_config.ts

@@ -268,6 +268,35 @@ export function deploy_workload_dependencies(config: Easy_EKS_Config_Data, stack
             },
         }`, //end aws-ebs-csi-driver configurationValues override
     });
+    // adding gp3 storage class
+    const storage_class_gp3_manifest = {
+        "apiVersion": "storage.k8s.io/v1",
+        "kind": "StorageClass",
+        "metadata": {
+            "name": "kms-encrypted-gp3",
+            "annotations": {
+                "storageclass.kubernetes.io/is-default-class": "true"
+            }
+        },
+        "provisioner": "ebs.csi.aws.com",
+        "volumeBindingMode": "WaitForFirstConsumer",
+        "allowVolumeExpansion": true,
+        "reclaimPolicy": "Delete",
+        "parameters": {
+            "type": "gp3",
+            "encrypted": "true",
+            //"kmsKeyId": `${config.kmsKey.keyArn}` //commentig it out as while we test the logic to add permissions to customer's KMS key
+        }
+    }
+    const storage_class_gp3_construct = new eks.KubernetesManifest(stack, "StorageClassManifest",
+        {
+            cluster: cluster,
+            manifest: [storage_class_gp3_manifest],
+            overwrite: true,
+            prune: true,   
+        }
+    );
+    storage_class_gp3_construct.node.addDependency(cluster.awsAuth);
     ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 
     // v-- most won't need this, disabling by default

config/eks/prod_eks_config.ts

@@ -0,0 +1,35 @@
+import { Easy_EKS_Config_Data } from '../../lib/Easy_EKS_Config_Data';
+import * as cdk from 'aws-cdk-lib';
+import * as eks from 'aws-cdk-lib/aws-eks'
+import * as iam from 'aws-cdk-lib/aws-iam';
+import request from 'sync-request-curl'; //npm install sync-request-curl (cdk requires sync functions, async not allowed)
+//Intended Use: 
+//EasyEKS Admins: edit this file with config to apply to all Prod / Production cluster's in your org.
+
+export function apply_config(config: Easy_EKS_Config_Data, stack: cdk.Stack){ //config: is of type Easy_EKS_Config_Data
+    config.addTag("Environment", "Prod");
+}//end apply_config()
+
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+
+export function deploy_dependencies(config: Easy_EKS_Config_Data, stack: cdk.Stack, cluster: eks.Cluster){
+
+}//end deploy_dependencies()
+
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+
+export function deploy_workload_dependencies(config: Easy_EKS_Config_Data, stack: cdk.Stack, cluster: eks.Cluster){
+
+}//end deploy_workload_dependencies()
+
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+
+export function deploy_workloads(config: Easy_EKS_Config_Data, stack: cdk.Stack, cluster: eks.Cluster){
+
+}//end deploy_workloads()

config/eks/stage_eks_config.ts

@@ -0,0 +1,35 @@
+import { Easy_EKS_Config_Data } from '../../lib/Easy_EKS_Config_Data';
+import * as cdk from 'aws-cdk-lib';
+import * as eks from 'aws-cdk-lib/aws-eks'
+import * as iam from 'aws-cdk-lib/aws-iam';
+import request from 'sync-request-curl'; //npm install sync-request-curl (cdk requires sync functions, async not allowed)
+//Intended Use: 
+//EasyEKS Admins: edit this file with config to apply to all Stage / Staging / Pre-Production / UAT (User Acceptance Testing) cluster's in your org.
+
+export function apply_config(config: Easy_EKS_Config_Data, stack: cdk.Stack){ //config: is of type Easy_EKS_Config_Data
+    config.addTag("Environment", "Stage");
+}//end apply_config()
+
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+
+export function deploy_dependencies(config: Easy_EKS_Config_Data, stack: cdk.Stack, cluster: eks.Cluster){
+
+}//end deploy_dependencies()
+
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+
+export function deploy_workload_dependencies(config: Easy_EKS_Config_Data, stack: cdk.Stack, cluster: eks.Cluster){
+
+}//end deploy_workload_dependencies()
+
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+
+export function deploy_workloads(config: Easy_EKS_Config_Data, stack: cdk.Stack, cluster: eks.Cluster){
+
+}//end deploy_workloads()