From 49012a2edb4dadfb2ed227600f88c8404075f4a1 Mon Sep 17 00:00:00 2001 From: Andre Wlodkovski Date: Thu, 4 Apr 2024 18:23:53 -0300 Subject: [PATCH 1/4] Create RDS EKS ExternalName service --- .github/workflows/deploy-eks.yml | 2 ++ kubernetes/aws/rds-service.yml | 13 +++++++++++++ 2 files changed, 15 insertions(+) create mode 100644 kubernetes/aws/rds-service.yml diff --git a/.github/workflows/deploy-eks.yml b/.github/workflows/deploy-eks.yml index 4c325ad..b0c3420 100644 --- a/.github/workflows/deploy-eks.yml +++ b/.github/workflows/deploy-eks.yml @@ -70,6 +70,8 @@ jobs: - name: Deploy to EKS env: IMAGE_NAME: "${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:latest" + RDS_ENDPOINT: "${{ secrets.RDS_ENDPOINT }}" run: | + cat kubernetes/aws/rds-service.yml | sed "s/\$RDS_ENDPOINT/$RDS_ENDPOINT/g" | kubectl apply -f - && \ cat kubernetes/aws/deployment.yml | envsubst | kubectl apply -f - && \ kubectl apply -f kubernetes/aws/service.yml \ No newline at end of file diff --git a/kubernetes/aws/rds-service.yml b/kubernetes/aws/rds-service.yml new file mode 100644 index 0000000..13e3a37 --- /dev/null +++ b/kubernetes/aws/rds-service.yml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: rds-service + name: rds-service +spec: + externalName: $RDS_ENDPOINT + selector: + app: rds-service + type: ExternalName +status: + loadBalancer: {} \ No newline at end of file From 0b466c63ac3f5dc94b69d53320a2d29b4ae17939 Mon Sep 17 00:00:00 2001 From: Andre Wlodkovski Date: Thu, 4 Apr 2024 18:24:14 -0300 Subject: [PATCH 2/4] Add identifier to RDS database on Terraform --- terraform/main.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/terraform/main.tf b/terraform/main.tf index f9974b5..c8c9f8c 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -249,7 +249,8 @@ resource "aws_db_subnet_group" "authentication_db_sng" { resource "aws_db_instance" "authentication_db" { allocated_storage = var.db_storage - db_name = "${var.db_name}${var.infra_env}" + identifier = "${var.db_name}-${var.infra_env}" + db_name = var.db_schema_name engine = "postgres" engine_version = "16.2" instance_class = var.db_instance_type From 2b2755f8ec0cf4052cc3197973fd28189fbace3f Mon Sep 17 00:00:00 2001 From: Andre Wlodkovski Date: Thu, 4 Apr 2024 20:13:11 -0300 Subject: [PATCH 3/4] Add system namespaces to Fargate profile --- terraform/main.tf | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/terraform/main.tf b/terraform/main.tf index c8c9f8c..030a186 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -379,4 +379,16 @@ resource "aws_eks_fargate_profile" "auth_cluster_fargate_profile" { selector { namespace = "default" } + + selector { + namespace = "kube-system" + } + + selector { + namespace = "kube-public" + } + + selector { + namespace = "kube-node-lease" + } } \ No newline at end of file From c51419f7d86baed97d5119baa3f61d949ef1564f Mon Sep 17 00:00:00 2001 From: Andre Wlodkovski Date: Thu, 4 Apr 2024 20:13:28 -0300 Subject: [PATCH 4/4] Add ALB Ingress Controller manifests --- kubernetes/aws/alb-ingress-controller-yml | 25 +++++++++++ kubernetes/aws/eks-cluster-role.yml | 52 +++++++++++++++++++++++ kubernetes/aws/ingress.yml | 30 ++++++------- 3 files changed, 90 insertions(+), 17 deletions(-) create mode 100644 kubernetes/aws/alb-ingress-controller-yml create mode 100644 kubernetes/aws/eks-cluster-role.yml diff --git a/kubernetes/aws/alb-ingress-controller-yml b/kubernetes/aws/alb-ingress-controller-yml new file mode 100644 index 0000000..a9ee902 --- /dev/null +++ b/kubernetes/aws/alb-ingress-controller-yml @@ -0,0 +1,25 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/name: alb-ingress-controller + name: alb-ingress-controller + namespace: kube-system +spec: + selector: + matchLabels: + app.kubernetes.io/name: alb-ingress-controller + template: + metadata: + labels: + app.kubernetes.io/name: alb-ingress-controller + spec: + containers: + - name: alb-ingress-controller + args: + - --ingress-class=alb + - --cluster-name=$CLUSTER_NAME + - --aws-vpc-id=$VPC_ID + - --aws-region=$AWS_REGION + image: docker.io/amazon/aws-alb-ingress-controller:v1.1.6 + serviceAccountName: alb-ingress-controller \ No newline at end of file diff --git a/kubernetes/aws/eks-cluster-role.yml b/kubernetes/aws/eks-cluster-role.yml new file mode 100644 index 0000000..68ba069 --- /dev/null +++ b/kubernetes/aws/eks-cluster-role.yml @@ -0,0 +1,52 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: alb-ingress-controller + name: alb-ingress-controller +rules: + - apiGroups: + - "" + - extensions + resources: + - configmaps + - endpoints + - events + - ingresses + - ingresses/status + - services + verbs: + - create + - get + - list + - update + - watch + - patch + - apiGroups: + - "" + - extensions + resources: + - nodes + - pods + - secrets + - services + - namespaces + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: alb-ingress-controller + name: alb-ingress-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: alb-ingress-controller +subjects: + - kind: ServiceAccount + name: alb-ingress-controller + namespace: kube-system \ No newline at end of file diff --git a/kubernetes/aws/ingress.yml b/kubernetes/aws/ingress.yml index 8cc0df5..b0acdf3 100644 --- a/kubernetes/aws/ingress.yml +++ b/kubernetes/aws/ingress.yml @@ -1,21 +1,17 @@ -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - labels: - app.kubernetes.io/component: controller - name: nginx - annotations: - ingressclass.kubernetes.io/is-default-class: "true" -spec: - controller: k8s.io/ingress-nginx ---- -apiVersion: networking.k8s.io/v1 +apiVersion: extensions/v1beta1 kind: Ingress metadata: + annotations: + alb.ingress.kubernetes.io/scheme: internet-facing + kubernetes.io/ingress.class: alb name: authentication-api-ingress + labels: + app: authentication-api-ingress spec: - defaultBackend: - service: - name: authentication-api-service - port: - number: 80 \ No newline at end of file + rules: + - http: + paths: + - backend: + serviceName: authentication-api-service + servicePort: 80 + path: /* \ No newline at end of file