feat(eks): fix aws load balancer controller in eks construct, update …

…readme
briancaffey · May 31, 2021 · 7422762 · 7422762
1 parent c361e90
commit 7422762
Show file tree

Hide file tree

Showing 4 changed files with 202 additions and 44 deletions.
diff --git a/README.md b/README.md
@@ -1,67 +1,118 @@
-# Django CDK Construct
+# Django CDK Construct Library
 
-This is a high-level construct for setting up a Django project on AWS using:
+This is a CDK construct library for deploying Django applications on AWS.
 
-- AWS CDK
-- ECS Fargate
-- CloudFront
+High-level constructs are available for deploying applications with the following AWS compute services:
+
+- ECS (near complete)
+- EKS (in progress)
+- Lambda (planned)
+
+To use one of the constructs you need to provide:
+
+- A path to the root of your Django project
+- The location of the `Dockerfile` used to build your application's image (for EKS and ECS) relative to your Django project's root directory
+- The commands used to start the process that run your application:
+    - web server process (required)
+    - celery (optional)
+    - celery beat (optional)
+- Options for how to run the application and which additional services your application requires 
+
+This project uses the AWS CDK and is written in TypeScript, so the options for each construct are defined by TypeScript Interfaces. See [API.md](/API.md) for automatically-generated documentation on the interfaces for each construct.
+
+The construct library is published both to `npm` and `PyPI`, so you can use it in CDK projects that are written in TypeScript or Python.
+
+## Features
+
+The constructs provides everything you will need for your backend including: 
+
+- VPC (Subnets, Security Groups, AZs, NAT Gateway)
+- Load Balancer
+- ACM Certificates (for TLS)
+- Route53 Records
 - RDS (postgres)
 - ElastiCache (redis)
-- Celery
-- React/Vue SPA Frontend
-
-## Resources
 
-https://dev.to/aws-builders/a-beginner-s-guide-to-create-aws-cdk-construct-library-with-projen-5eh4
+## Using the constructs
 
-### `.projenrc.js`
+This repository includes sample CDK applications that use the libraries. 
 
-- Add `cdkDependencies` that will be used in the construct.
+### EKS
 
-Run `npx projen` to propagate changes
+Here's an example from `src/integ.django-eks.ts`:
 
-### Add npm deploy token to GitHub secrets
+```ts
+import * as cdk from '@aws-cdk/core';
+import { DjangoEks } from './index';
 
-- Create an access token on [npmjs.com](https://npmjs.com)
-- Add `NPM_TOKEN` to GitHub project secrets
+const env = {
+  region: process.env.AWS_DEFAULT_REGION || 'us-east-1',
+  account: process.env.AWS_ACCOUNT_ID,
+};
 
-### Release process
+const app = new cdk.App();
+const stack = new cdk.Stack(app, 'DjangoEks', { env });
 
-Create a tag `v*` and the run the following:
+const construct = new DjangoEks(stack, 'Cdk-Sample-Lib', {
+  imageDirectory: './test/django-step-by-step/backend',
+  webCommand: [
+    './scripts/start_prod.sh',
+  ],
+});
 
-```
-yarn bump --release-as 0.0.3
+/**
+ * Add tagging for this construct and all child constructs
+ */
+cdk.Tags.of(construct).add('stack', 'MyStack');
 ```
 
+This sample application (and others defined in the `integ.*.ts` files in this repo) can be easily deployed for testing purposes with targets defined in the `Makefile`. To deploy the above application, you can run:
+
 ```
-git push --follow-tags origin main
+npm run build
+make deploy-eks
 ```
 
-### Deploy a sample application to CDK using the construct locally
+Destroy the application with: 
 
 ```
-cdk deploy --app="./lib/integ.default.js
+make destroy-eks
 ```
 
-### Destroy the sample application
+This assumes that you have credentials configured in your AWS CLI with sufficient permissions and that you have [bootstrapped your AWS account](https://docs.aws.amazon.com/cdk/latest/guide/bootstrapping.html). You will also need to have docker CLI configured in order for CDK to build images and push them to ECR.
 
-```
-cdk destroy --app="./lib/integ.default.js
-```
+### ECS
 
-## Notes on using AWS Load Balancer Controller in EKS
+The ECS construct uses the `ApplicationLoadBalancedFargateService` construct from `@aws-cdk/aws-ecs-patterns`. This is a powerful abstraction that handles a lot of the networking requirements for the construct. 
 
-[https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/deploy/installation/](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/deploy/installation/)
+## projen
 
-[https://docs.aws.amazon.com/cdk/api/latest/python/aws_cdk.aws_eks/FargateCluster.html](https://docs.aws.amazon.com/cdk/api/latest/python/aws_cdk.aws_eks/FargateCluster.html)
+This project uses [projen](https://github.com/projen/projen).
 
-> The cluster is created with a default Fargate Profile that matches the “default” and “kube-system” namespaces. You can add additional profiles using addFargateProfile.
+> projen synthesizes project configuration files such as package.json, tsconfig.json, .gitignore, GitHub Workflows, eslint, jest, etc from a well-typed definition written in JavaScript.
 
-GitHub issue about CDK support for AWS Load Balancer Controller: [https://github.com/aws/aws-cdk/issues/8836](https://github.com/aws/aws-cdk/issues/8836)
+## Development
 
-# https://www.stacksimplify.com/aws-eks/aws-fargate/learn-to-run-kubernetes-workloads-on-aws-eks-and-aws-fargate-serverless-part-1/
+For development of this library, a sample Django application is included as a git submodule in `test/django-step-by-step`. This Django project is used when deploying the application, and can be replaced with your own project for testing purposes.
 
+## Current Development Efforts
 
-## EKS Best Practices
+This project is under active development. Here are some of the things that I'm curently working on:
 
-[https://aws.github.io/aws-eks-best-practices/](https://aws.github.io/aws-eks-best-practices/)
+- [x] Deploy sample nginx application to test AWS Load Balancer Controller
+- [ ] Pass ACM ARN to Ingress annotation
+- [ ] Use Fargate Profile to deploy application on Fargate
+- [ ] Configure the rest of the Django application components for the EKS construct (web, celery, RDS, ElastiCache, S3 buckets, permissions)
+- [ ] Split constructs into `eks`, `ecs` and `common` directories to keep code DRY
+- [ ] Build constructs for each component
+- [ ] Consider using managed DB services in production environments and in-cluster services for non-production environments (external services) 
+- [ ] Configure application secrets. 
+- [ ] Use secrets manager secrets (boto3) for accessing secrets in products
+- [ ] Look into logging and observability tools that can be used in the project (EFK, Jaeger, etc.)
+- [ ] Go over this Kubernetes checklist: [https://www.weave.works/blog/production-ready-checklist-kubernetes](https://www.weave.works/blog/production-ready-checklist-kubernetes)
+- [ ] Add comments to EKS resources docgen
+- [ ] Add snapshot tests and refactor the application
+- [ ] Add unit tests
+- [ ] Consider using cdk8s or cdk8s+ for manifest declarations
+- [ ] User the `dockerImageAssets` construct to define the Django project image to be used in the sample application
+- [ ] 
diff --git a/src/django-eks.ts b/src/django-eks.ts
@@ -8,7 +8,13 @@ import * as s3 from '@aws-cdk/aws-s3';
 import * as cdk from '@aws-cdk/core';
 // import { RdsPostgresInstance } from './database';
 // import { ElastiCacheCluster } from './elasticache';
+
+// k8s manifests
+import { appIngress } from './ingress';
+import { nginxDeployment, nginxService } from './nginx';
 import { ApplicationVpc } from './vpc';
+
+
 // eslint-disable-next-line
 const request = require('sync-request');
 // eslint-disable-next-line
@@ -147,21 +153,18 @@ export class DjangoEks extends cdk.Construct {
       prune: true,
     });
 
-    // The following is basically trying to do:
+    // The following is equivalent to:
     // helm repo add eks https://aws.github.io/eks-charts
     // helm install aws-load-balancer-controller eks/aws-load-balancer-controller -n kube-system --set clusterName=<cluster-name> --set serviceAccount.create=false --set serviceAccount.name=aws-load-balancer-controller
-    // but it is failing saying that the version and release cannot be found in
-    // the repository (https://aws.github.io/eks-chart)
-    // TODO: Fix this
+
     new eks.HelmChart(scope, 'alb-ingress-controller', {
       cluster: this.cluster,
       wait: true,
-      // Not sure if this value is needed
-      release: 'aws-load-balancer-controller',
-      // I'm not sure if the `eks/` prefix is needed here
-      chart: 'eks/aws-load-balancer-controller',
+      chart: 'aws-load-balancer-controller',
       repository: 'https://aws.github.io/eks-charts',
-      version: '2.2.0',
+      // Note: the chart version 1.2.0 will install version 2.2.0 of the Helm Chart
+      // https://github.com/aws/eks-charts/blob/master/stable/aws-load-balancer-controller/Chart.yaml
+      version: '1.2.0',
       namespace: 'kube-system',
       values: {
         clusterName: this.cluster.clusterName,
@@ -171,5 +174,10 @@ export class DjangoEks extends cdk.Construct {
         },
       },
     });
+
+    // sample nginx deployment and service for demonstration
+    this.cluster.addManifest('nginx-deployment', nginxDeployment);
+    this.cluster.addManifest('nginx-service', nginxService);
+    this.cluster.addManifest('app-ingresss', appIngress);
   }
 }
diff --git a/src/ingress/index.ts b/src/ingress/index.ts
@@ -0,0 +1,31 @@
+export const appIngress = {
+  apiVersion: 'extensions/v1beta1',
+  kind: 'Ingress',
+  metadata: {
+    name: 'app-ingress',
+    namespace: 'app',
+    annotations: {
+      'kubernetes.io/ingress.class': 'alb',
+      'alb.ingress.kubernetes.io/scheme': 'internet-facing',
+      'alb.ingress.kubernetes.io/tags': 'Environment=test',
+    },
+  },
+  spec: {
+    rules: [
+      {
+        http: {
+          paths: [
+            {
+              path: '/',
+              pathType: 'Prefix',
+              backend: {
+                serviceName: 'nginx-service',
+                servicePort: 80,
+              },
+            },
+          ],
+        },
+      },
+    ],
+  },
+};
diff --git a/src/nginx/index.ts b/src/nginx/index.ts
@@ -0,0 +1,68 @@
+export const nginxDeployment = {
+  apiVersion: 'apps/v1',
+  kind: 'Deployment',
+  metadata: {
+    namespace: 'app',
+    name: 'nginx-deployment',
+    labels: {
+      app: 'nginx',
+    },
+  },
+  spec: {
+    replicas: 1,
+    selector: {
+      matchLabels: {
+        app: 'nginx',
+      },
+    },
+    template: {
+      metadata: {
+        labels: {
+          app: 'nginx',
+        },
+      },
+      spec: {
+        containers: [{
+          name: 'nginx',
+          image: 'nginx:1.14.2',
+          // Resources can be used when working with Fargate profiles in the EKS cluster
+          // resources: {
+          //   requests: {
+          //     memory: "64Mi",
+          //     cpu: "250m"
+          //   },
+          //   limits: {
+          //     memory: "128Mi",
+          //     cpu: "500m",
+          //   }
+          // },
+          ports: [{
+            containerPort: 80,
+          }],
+        }],
+      },
+    },
+  },
+};
+
+export const nginxService = {
+  apiVersion: 'v1',
+  kind: 'Service',
+  metadata: {
+    name: 'nginx-service',
+    namespace: 'app',
+  },
+  spec: {
+    type: 'NodePort',
+    selector: {
+      app: 'nginx',
+    },
+    ports: [
+      {
+        port: 80,
+        targetPort: 80,
+        protocol: 'TCP',
+      },
+    ],
+  },
+};