-
Notifications
You must be signed in to change notification settings - Fork 12
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(eks): fix aws load balancer controller in eks construct, update …
…readme
- Loading branch information
1 parent
c361e90
commit 7422762
Showing
4 changed files
with
202 additions
and
44 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,67 +1,118 @@ | ||
# Django CDK Construct | ||
# Django CDK Construct Library | ||
|
||
This is a high-level construct for setting up a Django project on AWS using: | ||
This is a CDK construct library for deploying Django applications on AWS. | ||
|
||
- AWS CDK | ||
- ECS Fargate | ||
- CloudFront | ||
High-level constructs are available for deploying applications with the following AWS compute services: | ||
|
||
- ECS (near complete) | ||
- EKS (in progress) | ||
- Lambda (planned) | ||
|
||
To use one of the constructs you need to provide: | ||
|
||
- A path to the root of your Django project | ||
- The location of the `Dockerfile` used to build your application's image (for EKS and ECS) relative to your Django project's root directory | ||
- The commands used to start the process that run your application: | ||
- web server process (required) | ||
- celery (optional) | ||
- celery beat (optional) | ||
- Options for how to run the application and which additional services your application requires | ||
|
||
This project uses the AWS CDK and is written in TypeScript, so the options for each construct are defined by TypeScript Interfaces. See [API.md](/API.md) for automatically-generated documentation on the interfaces for each construct. | ||
|
||
The construct library is published both to `npm` and `PyPI`, so you can use it in CDK projects that are written in TypeScript or Python. | ||
|
||
## Features | ||
|
||
The constructs provides everything you will need for your backend including: | ||
|
||
- VPC (Subnets, Security Groups, AZs, NAT Gateway) | ||
- Load Balancer | ||
- ACM Certificates (for TLS) | ||
- Route53 Records | ||
- RDS (postgres) | ||
- ElastiCache (redis) | ||
- Celery | ||
- React/Vue SPA Frontend | ||
|
||
## Resources | ||
|
||
https://dev.to/aws-builders/a-beginner-s-guide-to-create-aws-cdk-construct-library-with-projen-5eh4 | ||
## Using the constructs | ||
|
||
### `.projenrc.js` | ||
This repository includes sample CDK applications that use the libraries. | ||
|
||
- Add `cdkDependencies` that will be used in the construct. | ||
### EKS | ||
|
||
Run `npx projen` to propagate changes | ||
Here's an example from `src/integ.django-eks.ts`: | ||
|
||
### Add npm deploy token to GitHub secrets | ||
```ts | ||
import * as cdk from '@aws-cdk/core'; | ||
import { DjangoEks } from './index'; | ||
|
||
- Create an access token on [npmjs.com](https://npmjs.com) | ||
- Add `NPM_TOKEN` to GitHub project secrets | ||
const env = { | ||
region: process.env.AWS_DEFAULT_REGION || 'us-east-1', | ||
account: process.env.AWS_ACCOUNT_ID, | ||
}; | ||
|
||
### Release process | ||
const app = new cdk.App(); | ||
const stack = new cdk.Stack(app, 'DjangoEks', { env }); | ||
|
||
Create a tag `v*` and the run the following: | ||
const construct = new DjangoEks(stack, 'Cdk-Sample-Lib', { | ||
imageDirectory: './test/django-step-by-step/backend', | ||
webCommand: [ | ||
'./scripts/start_prod.sh', | ||
], | ||
}); | ||
|
||
``` | ||
yarn bump --release-as 0.0.3 | ||
/** | ||
* Add tagging for this construct and all child constructs | ||
*/ | ||
cdk.Tags.of(construct).add('stack', 'MyStack'); | ||
``` | ||
|
||
This sample application (and others defined in the `integ.*.ts` files in this repo) can be easily deployed for testing purposes with targets defined in the `Makefile`. To deploy the above application, you can run: | ||
|
||
``` | ||
git push --follow-tags origin main | ||
npm run build | ||
make deploy-eks | ||
``` | ||
|
||
### Deploy a sample application to CDK using the construct locally | ||
Destroy the application with: | ||
|
||
``` | ||
cdk deploy --app="./lib/integ.default.js | ||
make destroy-eks | ||
``` | ||
|
||
### Destroy the sample application | ||
This assumes that you have credentials configured in your AWS CLI with sufficient permissions and that you have [bootstrapped your AWS account](https://docs.aws.amazon.com/cdk/latest/guide/bootstrapping.html). You will also need to have docker CLI configured in order for CDK to build images and push them to ECR. | ||
|
||
``` | ||
cdk destroy --app="./lib/integ.default.js | ||
``` | ||
### ECS | ||
|
||
## Notes on using AWS Load Balancer Controller in EKS | ||
The ECS construct uses the `ApplicationLoadBalancedFargateService` construct from `@aws-cdk/aws-ecs-patterns`. This is a powerful abstraction that handles a lot of the networking requirements for the construct. | ||
|
||
[https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/deploy/installation/](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/deploy/installation/) | ||
## projen | ||
|
||
[https://docs.aws.amazon.com/cdk/api/latest/python/aws_cdk.aws_eks/FargateCluster.html](https://docs.aws.amazon.com/cdk/api/latest/python/aws_cdk.aws_eks/FargateCluster.html) | ||
This project uses [projen](https://github.com/projen/projen). | ||
|
||
> The cluster is created with a default Fargate Profile that matches the “default” and “kube-system” namespaces. You can add additional profiles using addFargateProfile. | ||
> projen synthesizes project configuration files such as package.json, tsconfig.json, .gitignore, GitHub Workflows, eslint, jest, etc from a well-typed definition written in JavaScript. | ||
GitHub issue about CDK support for AWS Load Balancer Controller: [https://github.com/aws/aws-cdk/issues/8836](https://github.com/aws/aws-cdk/issues/8836) | ||
## Development | ||
|
||
# https://www.stacksimplify.com/aws-eks/aws-fargate/learn-to-run-kubernetes-workloads-on-aws-eks-and-aws-fargate-serverless-part-1/ | ||
For development of this library, a sample Django application is included as a git submodule in `test/django-step-by-step`. This Django project is used when deploying the application, and can be replaced with your own project for testing purposes. | ||
|
||
## Current Development Efforts | ||
|
||
## EKS Best Practices | ||
This project is under active development. Here are some of the things that I'm curently working on: | ||
|
||
[https://aws.github.io/aws-eks-best-practices/](https://aws.github.io/aws-eks-best-practices/) | ||
- [x] Deploy sample nginx application to test AWS Load Balancer Controller | ||
- [ ] Pass ACM ARN to Ingress annotation | ||
- [ ] Use Fargate Profile to deploy application on Fargate | ||
- [ ] Configure the rest of the Django application components for the EKS construct (web, celery, RDS, ElastiCache, S3 buckets, permissions) | ||
- [ ] Split constructs into `eks`, `ecs` and `common` directories to keep code DRY | ||
- [ ] Build constructs for each component | ||
- [ ] Consider using managed DB services in production environments and in-cluster services for non-production environments (external services) | ||
- [ ] Configure application secrets. | ||
- [ ] Use secrets manager secrets (boto3) for accessing secrets in products | ||
- [ ] Look into logging and observability tools that can be used in the project (EFK, Jaeger, etc.) | ||
- [ ] Go over this Kubernetes checklist: [https://www.weave.works/blog/production-ready-checklist-kubernetes](https://www.weave.works/blog/production-ready-checklist-kubernetes) | ||
- [ ] Add comments to EKS resources docgen | ||
- [ ] Add snapshot tests and refactor the application | ||
- [ ] Add unit tests | ||
- [ ] Consider using cdk8s or cdk8s+ for manifest declarations | ||
- [ ] User the `dockerImageAssets` construct to define the Django project image to be used in the sample application | ||
- [ ] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
export const appIngress = { | ||
apiVersion: 'extensions/v1beta1', | ||
kind: 'Ingress', | ||
metadata: { | ||
name: 'app-ingress', | ||
namespace: 'app', | ||
annotations: { | ||
'kubernetes.io/ingress.class': 'alb', | ||
'alb.ingress.kubernetes.io/scheme': 'internet-facing', | ||
'alb.ingress.kubernetes.io/tags': 'Environment=test', | ||
}, | ||
}, | ||
spec: { | ||
rules: [ | ||
{ | ||
http: { | ||
paths: [ | ||
{ | ||
path: '/', | ||
pathType: 'Prefix', | ||
backend: { | ||
serviceName: 'nginx-service', | ||
servicePort: 80, | ||
}, | ||
}, | ||
], | ||
}, | ||
}, | ||
], | ||
}, | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
export const nginxDeployment = { | ||
apiVersion: 'apps/v1', | ||
kind: 'Deployment', | ||
metadata: { | ||
namespace: 'app', | ||
name: 'nginx-deployment', | ||
labels: { | ||
app: 'nginx', | ||
}, | ||
}, | ||
spec: { | ||
replicas: 1, | ||
selector: { | ||
matchLabels: { | ||
app: 'nginx', | ||
}, | ||
}, | ||
template: { | ||
metadata: { | ||
labels: { | ||
app: 'nginx', | ||
}, | ||
}, | ||
spec: { | ||
containers: [{ | ||
name: 'nginx', | ||
image: 'nginx:1.14.2', | ||
// Resources can be used when working with Fargate profiles in the EKS cluster | ||
// resources: { | ||
// requests: { | ||
// memory: "64Mi", | ||
// cpu: "250m" | ||
// }, | ||
// limits: { | ||
// memory: "128Mi", | ||
// cpu: "500m", | ||
// } | ||
// }, | ||
ports: [{ | ||
containerPort: 80, | ||
}], | ||
}], | ||
}, | ||
}, | ||
}, | ||
}; | ||
|
||
export const nginxService = { | ||
apiVersion: 'v1', | ||
kind: 'Service', | ||
metadata: { | ||
name: 'nginx-service', | ||
namespace: 'app', | ||
}, | ||
spec: { | ||
type: 'NodePort', | ||
selector: { | ||
app: 'nginx', | ||
}, | ||
ports: [ | ||
{ | ||
port: 80, | ||
targetPort: 80, | ||
protocol: 'TCP', | ||
}, | ||
], | ||
}, | ||
}; |