Merge pull request #27 from andrewlod/terraform

AWS architecture QoL improvements

.github/workflows/deploy-eks.yml

@@ -74,4 +74,5 @@ jobs:
       run: |
         cat kubernetes/aws/rds-service.yml | sed "s/\$RDS_ENDPOINT/$RDS_ENDPOINT/g" | kubectl apply -f -  && \
         cat kubernetes/aws/deployment.yml | envsubst | kubectl apply -f - && \
-        kubectl apply -f kubernetes/aws/service.yml
+        kubectl apply -f kubernetes/aws/service.yml && \
+        kubectl apply -f kubernetes/aws/ingress.yml

README.md

@@ -120,9 +120,7 @@ This section describes features that are either work-in-progress or will be impl
 
 | Feature | Status |
 |---------|--------|
-| Kubernetes Configuration | 🚧 |
 | CI/CD with AWS CodeBuild/CodePipeline | ❌ |
-| Terraform to deploy necessary AWS infrastructure | ❌ |
 
 ## Authors
 - Andre Wlodkovski - [@andrewlod](https://github.com/andrewlod)

terraform/README.md

@@ -8,7 +8,6 @@ aws eks update-kubeconfig --region $AWS_REGION --name authentication-cluster-tes
 
 # After fargate profile has been created
 kubectl rollout restart deployment coredns -n kube-system
-
-kubectl apply -f kubernetes/aws/ingress.yml
 ```
 
+![Authentication API Architecture](./assets/architecture.png)

terraform/assets/architecture.drawio

@@ -0,0 +1,74 @@
+<mxfile host="65bd71144e">
+    <diagram id="90pEl0gNgN8dAmgOiBZB" name="Page-1">
+        <mxGraphModel dx="1622" dy="537" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="850" pageHeight="1100" math="0" shadow="0">
+            <root>
+                <mxCell id="0"/>
+                <mxCell id="1" parent="0"/>
+                <mxCell id="3" value="" style="rounded=0;whiteSpace=wrap;html=1;fillColor=none;dashed=1;dashPattern=8 8;" vertex="1" parent="1">
+                    <mxGeometry x="240" y="130" width="1070" height="690" as="geometry"/>
+                </mxCell>
+                <mxCell id="5" value="Private Subnet" style="sketch=0;outlineConnect=0;gradientColor=none;html=1;whiteSpace=wrap;fontSize=12;fontStyle=0;shape=mxgraph.aws4.group;grIcon=mxgraph.aws4.group_subnet;strokeColor=#879196;fillColor=none;verticalAlign=top;align=left;spacingLeft=30;fontColor=#879196;dashed=0;dashPattern=8 8;" vertex="1" parent="1">
+                    <mxGeometry x="600" y="180" width="670" height="610" as="geometry"/>
+                </mxCell>
+                <mxCell id="17" value="" style="rounded=0;whiteSpace=wrap;html=1;dashed=1;dashPattern=8 8;fillColor=none;" vertex="1" parent="1">
+                    <mxGeometry x="760" y="308" width="330" height="322" as="geometry"/>
+                </mxCell>
+                <mxCell id="2" value="" style="outlineConnect=0;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;shape=mxgraph.aws3.virtual_private_cloud;fillColor=#F58534;gradientColor=none;" vertex="1" parent="1">
+                    <mxGeometry x="200" y="100" width="79.5" height="54" as="geometry"/>
+                </mxCell>
+                <mxCell id="4" value="Public Subnet" style="sketch=0;outlineConnect=0;gradientColor=none;html=1;whiteSpace=wrap;fontSize=12;fontStyle=0;shape=mxgraph.aws4.group;grIcon=mxgraph.aws4.group_subnet;strokeColor=#879196;fillColor=none;verticalAlign=top;align=left;spacingLeft=30;fontColor=#879196;dashed=0;dashPattern=8 8;" vertex="1" parent="1">
+                    <mxGeometry x="260" y="180" width="320" height="610" as="geometry"/>
+                </mxCell>
+                <mxCell id="6" value="RDS&lt;br&gt;PostgreSQL" style="sketch=0;points=[[0,0,0],[0.25,0,0],[0.5,0,0],[0.75,0,0],[1,0,0],[0,1,0],[0.25,1,0],[0.5,1,0],[0.75,1,0],[1,1,0],[0,0.25,0],[0,0.5,0],[0,0.75,0],[1,0.25,0],[1,0.5,0],[1,0.75,0]];outlineConnect=0;fontColor=#232F3E;gradientColor=#4D72F3;gradientDirection=north;fillColor=#3334B9;strokeColor=#ffffff;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;shape=mxgraph.aws4.resourceIcon;resIcon=mxgraph.aws4.rds;dashPattern=8 8;" vertex="1" parent="1">
+                    <mxGeometry x="1140" y="436" width="78" height="78" as="geometry"/>
+                </mxCell>
+                <mxCell id="7" value="EC2&lt;br&gt;Bastion" style="sketch=0;points=[[0,0,0],[0.25,0,0],[0.5,0,0],[0.75,0,0],[1,0,0],[0,1,0],[0.25,1,0],[0.5,1,0],[0.75,1,0],[1,1,0],[0,0.25,0],[0,0.5,0],[0,0.75,0],[1,0.25,0],[1,0.5,0],[1,0.75,0]];outlineConnect=0;fontColor=#232F3E;gradientColor=#F78E04;gradientDirection=north;fillColor=#D05C17;strokeColor=#ffffff;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;shape=mxgraph.aws4.resourceIcon;resIcon=mxgraph.aws4.ec2;dashPattern=8 8;" vertex="1" parent="1">
+                    <mxGeometry x="381" y="230" width="78" height="78" as="geometry"/>
+                </mxCell>
+                <mxCell id="10" style="edgeStyle=elbowEdgeStyle;html=1;" edge="1" parent="1" source="8" target="9">
+                    <mxGeometry relative="1" as="geometry"/>
+                </mxCell>
+                <mxCell id="8" value="NAT&lt;br&gt;Gateway" style="sketch=0;outlineConnect=0;fontColor=#232F3E;gradientColor=none;fillColor=#4D27AA;strokeColor=none;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;pointerEvents=1;shape=mxgraph.aws4.nat_gateway;dashPattern=8 8;" vertex="1" parent="1">
+                    <mxGeometry x="381" y="670" width="78" height="78" as="geometry"/>
+                </mxCell>
+                <mxCell id="9" value="Internet&lt;br&gt;Gateway" style="sketch=0;outlineConnect=0;fontColor=#232F3E;gradientColor=none;fillColor=#4D27AA;strokeColor=none;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;pointerEvents=1;shape=mxgraph.aws4.internet_gateway;dashPattern=8 8;" vertex="1" parent="1">
+                    <mxGeometry x="200" y="420" width="78" height="78" as="geometry"/>
+                </mxCell>
+                <mxCell id="13" style="edgeStyle=orthogonalEdgeStyle;html=1;" edge="1" parent="1" source="11" target="8">
+                    <mxGeometry relative="1" as="geometry">
+                        <Array as="points">
+                            <mxPoint x="540" y="709"/>
+                            <mxPoint x="540" y="709"/>
+                        </Array>
+                    </mxGeometry>
+                </mxCell>
+                <mxCell id="11" value="Route&lt;br&gt;Table" style="sketch=0;outlineConnect=0;fontColor=#232F3E;gradientColor=none;fillColor=#4D27AA;strokeColor=none;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;pointerEvents=1;shape=mxgraph.aws4.route_table;dashPattern=8 8;" vertex="1" parent="1">
+                    <mxGeometry x="620" y="670" width="78" height="76" as="geometry"/>
+                </mxCell>
+                <mxCell id="14" value="" style="sketch=0;points=[[0,0,0],[0.25,0,0],[0.5,0,0],[0.75,0,0],[1,0,0],[0,1,0],[0.25,1,0],[0.5,1,0],[0.75,1,0],[1,1,0],[0,0.25,0],[0,0.5,0],[0,0.75,0],[1,0.25,0],[1,0.5,0],[1,0.75,0]];outlineConnect=0;fontColor=#232F3E;gradientColor=#F78E04;gradientDirection=north;fillColor=#D05C17;strokeColor=#ffffff;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;shape=mxgraph.aws4.resourceIcon;resIcon=mxgraph.aws4.eks;dashPattern=8 8;" vertex="1" parent="1">
+                    <mxGeometry x="720" y="270" width="78" height="78" as="geometry"/>
+                </mxCell>
+                <mxCell id="15" value="AWS&lt;br&gt;Fargate" style="sketch=0;points=[[0,0,0],[0.25,0,0],[0.5,0,0],[0.75,0,0],[1,0,0],[0,1,0],[0.25,1,0],[0.5,1,0],[0.75,1,0],[1,1,0],[0,0.25,0],[0,0.5,0],[0,0.75,0],[1,0.25,0],[1,0.5,0],[1,0.75,0]];outlineConnect=0;fontColor=#232F3E;gradientColor=#F78E04;gradientDirection=north;fillColor=#D05C17;strokeColor=#ffffff;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;shape=mxgraph.aws4.resourceIcon;resIcon=mxgraph.aws4.fargate;dashPattern=8 8;" vertex="1" parent="1">
+                    <mxGeometry x="990" y="320" width="78" height="78" as="geometry"/>
+                </mxCell>
+                <mxCell id="20" style="edgeStyle=elbowEdgeStyle;html=1;entryX=0.005;entryY=0.63;entryDx=0;entryDy=0;entryPerimeter=0;" edge="1" parent="1" source="16" target="19">
+                    <mxGeometry relative="1" as="geometry"/>
+                </mxCell>
+                <mxCell id="21" value="Via ALB Ingress&lt;br&gt;Controller" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" vertex="1" connectable="0" parent="20">
+                    <mxGeometry x="0.2286" y="-2" relative="1" as="geometry">
+                        <mxPoint x="-31" y="16" as="offset"/>
+                    </mxGeometry>
+                </mxCell>
+                <mxCell id="16" value="Application Load&lt;br&gt;Balancer" style="outlineConnect=0;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;shape=mxgraph.aws3.application_load_balancer;fillColor=#F58534;gradientColor=none;dashPattern=8 8;" vertex="1" parent="1">
+                    <mxGeometry x="381" y="439" width="69" height="72" as="geometry"/>
+                </mxCell>
+                <mxCell id="18" value="Elastic Kubernetes Service" style="text;html=1;strokeColor=none;fillColor=none;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;dashed=1;dashPattern=8 8;" vertex="1" parent="1">
+                    <mxGeometry x="798" y="308" width="171" height="42" as="geometry"/>
+                </mxCell>
+                <mxCell id="19" value="Authentication&lt;br&gt;API Pod" style="sketch=0;html=1;dashed=0;whitespace=wrap;fillColor=#2875E2;strokeColor=#ffffff;points=[[0.005,0.63,0],[0.1,0.2,0],[0.9,0.2,0],[0.5,0,0],[0.995,0.63,0],[0.72,0.99,0],[0.5,1,0],[0.28,0.99,0]];verticalLabelPosition=bottom;align=center;verticalAlign=top;shape=mxgraph.kubernetes.icon;prIcon=pod;dashPattern=8 8;" vertex="1" parent="1">
+                    <mxGeometry x="900" y="445" width="50" height="48" as="geometry"/>
+                </mxCell>
+            </root>
+        </mxGraphModel>
+    </diagram>
+</mxfile>

terraform/ec2.tf

@@ -0,0 +1,29 @@
+resource "aws_key_pair" "bastion_key_pair" {
+  key_name_prefix = "authentication-bastion-"
+  public_key      = var.bastion_ssh_public_key
+}
+
+resource "aws_instance" "instance" {
+  ami                         = var.bastion_ami
+  instance_type               = "t2.nano"
+  associate_public_ip_address = true
+  subnet_id                   = values(aws_subnet.public_subnets)[0].id
+  vpc_security_group_ids      = [aws_security_group.public_sg.id]
+  key_name                    = aws_key_pair.bastion_key_pair.key_name
+
+  tags = {
+    "Environment"   = var.infra_env
+    "Name"          = "authentication-bastion-${var.infra_env}"
+    "Project"       = "authentication-app"
+    "ManagedBy"     = "terraform"
+    "Organization"  = "andrewlod"
+  }
+
+  volume_tags = {
+    "Environment"   = var.infra_env
+    "Name"          = "authentication-bastion-volume-${var.infra_env}"
+    "Project"       = "authentication-app"
+    "ManagedBy"     = "terraform"
+    "Organization"  = "andrewlod"
+  }
+}

terraform/eks.tf

@@ -0,0 +1,134 @@
+
+
+# EKS Resources
+resource "aws_ecrpublic_repository" "ecr_authentication_api" {
+  repository_name = "authentication-api"
+
+  tags = {
+    "Environment"   = var.infra_env
+    "Name"          = "authentication-api"
+    "Project"       = "authentication-app"
+    "ManagedBy"     = "terraform"
+    "Organization"  = "andrewlod"
+  }
+}
+
+resource "aws_eks_cluster" "authentication_cluster" {
+  name = "authentication-cluster-${var.infra_env}"
+  role_arn = aws_iam_role.eks_cluster_role.arn
+
+  vpc_config {
+    security_group_ids = [aws_security_group.public_sg.id, aws_security_group.private_sg.id]
+    subnet_ids = local.public_subnet_ids
+  }
+
+  tags = {
+    "Environment"   = var.infra_env
+    "Name"          = "authentication-cluster-${var.infra_env}"
+    "Project"       = "authentication-app"
+    "ManagedBy"     = "terraform"
+    "Organization"  = "andrewlod"
+  }
+}
+
+resource "aws_eks_fargate_profile" "auth_cluster_fargate_profile" {
+  fargate_profile_name = "authentication-cluster-profile-${var.infra_env}"
+  cluster_name = aws_eks_cluster.authentication_cluster.name
+  pod_execution_role_arn = aws_iam_role.eks_fargate_execution_role.arn
+  subnet_ids = local.private_subnet_ids
+
+  selector {
+    namespace = "default"
+  }
+
+  selector {
+    namespace = "kube-system"
+  }
+
+  selector {
+    namespace = "kube-public"
+  }
+
+  selector {
+    namespace = "kube-node-lease"
+  }
+}
+
+## Helm
+provider "helm" {
+  kubernetes {
+    host                   = aws_eks_cluster.authentication_cluster.endpoint
+    cluster_ca_certificate = base64decode(aws_eks_cluster.authentication_cluster.certificate_authority[0].data)
+    exec {
+      api_version = "client.authentication.k8s.io/v1beta1"
+      args        = ["eks", "get-token", "--cluster-name", aws_eks_cluster.authentication_cluster.id]
+      command     = "aws"
+    }
+  }
+}
+
+resource "helm_release" "metrics-server" {
+  name = "metrics-server"
+
+  repository = "https://kubernetes-sigs.github.io/metrics-server/"
+  chart      = "metrics-server"
+  namespace  = "kube-system"
+  version    = "3.8.2"
+
+  set {
+    name  = "metrics.enabled"
+    value = false
+  }
+
+  depends_on = [aws_eks_fargate_profile.auth_cluster_fargate_profile]
+}
+
+resource "helm_release" "aws_load_balancer_ingress_controller" {
+  name = "aws-load-balancer-ingress-controller"
+
+  repository = "https://aws.github.io/eks-charts"
+  chart      = "aws-load-balancer-controller"
+  namespace  = "kube-system"
+  version    = "1.4.1"
+
+  set {
+    name  = "clusterName"
+    value = aws_eks_cluster.authentication_cluster.id
+  }
+
+  set {
+    name  = "image.tag"
+    value = "v2.4.2"
+  }
+
+  set {
+    name  = "replicaCount"
+    value = 1
+  }
+
+  set {
+    name  = "serviceAccount.name"
+    value = "alb-ingress-controller"
+  }
+
+  set {
+    name  = "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"
+    value = aws_iam_role.eks_alb_ingress_controller_role.arn
+  }
+
+  # EKS Fargate specific
+  set {
+    name  = "region"
+    value = var.aws_region
+  }
+
+  set {
+    name  = "vpcId"
+    value = aws_vpc.main_vpc.id
+  }
+
+  depends_on = [
+    aws_eks_fargate_profile.auth_cluster_fargate_profile,
+    aws_iam_role.eks_alb_ingress_controller_role
+  ]
+}