Merge pull request aws-samples#2 from aws-samples/feature/usage-tracking

Feature/usage tracking

Author: shapirov103

.github/workflows/ci.yaml

@@ -12,7 +12,7 @@ jobs:
 
     strategy:
       matrix:
-        node-version: [12.18]
+        node-version: [14]
 
     steps:
     - uses: actions/checkout@v2

bin/main.ts

@@ -16,7 +16,9 @@ new MultiTeamConstruct(app, 'multi-team');
 //-------------------------------------------
 
 import MultiRegionConstruct from '../lib/multi-region-construct'
-new MultiRegionConstruct(app, 'multi-region');
+new MultiRegionConstruct().buildAsync(app, 'multi-region').catch(() => {
+    console.log("Multi region pattern is not setup due to missing secrets for GitHub access and ArgoCD admin pwd.");
+});
 
 
 //-------------------------------------------
@@ -30,13 +32,16 @@ new FargateConstruct(app, 'fargate');
 //-------------------------------------------
 // Multiple clusters with deployment pipeline.
 //-------------------------------------------
-
-import PipelineStack from '../lib/pipeline-stack'
-const account = process.env.CDK_DEFAULT_ACCOUNT
-const region = process.env.CDK_DEFAULT_REGION
-const env = { account, region }
-new PipelineStack(app, 'pipeline', { env });
-
+import PipelineConstruct from '../lib/pipeline-stack';
+const account = process.env.CDK_DEFAULT_ACCOUNT;
+const region = process.env.CDK_DEFAULT_REGION;
+const env = { account, region };
+if(account) {
+    new PipelineConstruct(app, 'pipeline', { env });
+}
+else {
+    console.log("Valid AWS credentials are required to synthesize pipeline stack. Please run 'aws configure'");
+}
 
 //-------------------------------------------
 // Single cluster with Bottlerocket nodes.
@@ -53,5 +58,7 @@ new BottleRocketConstruct(app, 'bottlerocket');
 import CustomClusterConstruct from '../lib/custom-cluster-construct'
 new CustomClusterConstruct(app, 'custom-cluster');
 
+import ScratchpadConstruct from '../lib/scratchpad'
+new ScratchpadConstruct(app, 'scratchpad');
 
 

lib/multi-region-construct/index.ts

@@ -1,8 +1,9 @@
 import * as cdk from '@aws-cdk/core';
 
 // SSP Lib
-import * as ssp from '@shapirov/cdk-eks-blueprint'
-import { ArgoCDAddOn } from '@shapirov/cdk-eks-blueprint';
+import * as ssp from '@shapirov/cdk-eks-blueprint';
+
+import { getSecretValue } from '@shapirov/cdk-eks-blueprint/dist/utils/secrets-manager-utils';
 
 // Team implementations
 import * as team from '../teams'
@@ -15,71 +16,77 @@ import * as team from '../teams'
  * - github-ssh-test - containing SSH key for github authentication (plaintext in AWS Secrets manager)
  * - argo-admin-secret - containing the initial admin secret for ArgoCD (e.g. CLI and UI access)
  */
-export default class MultiRegionConstruct extends cdk.Construct {
-    constructor(scope: cdk.Construct, id: string) {
-        super(scope, id);
+export default class MultiRegionConstruct {
 
-        // Setup platform team
-        const accountID = process.env.CDK_DEFAULT_ACCOUNT!
-        const platformTeam = new team.TeamPlatform(accountID)
-        const teams: Array<ssp.Team> = [
-            platformTeam,
-            new team.TeamTroiSetup,
-            new team.TeamRikerSetup,
-            new team.TeamBurnhamSetup(scope)
-        ];
+    static readonly SECRET_GIT_SSH_KEY = 'github-ssh-key';
+    static readonly SECRET_ARGO_ADMIN_PWD = 'argo-admin-secret';
 
-        // AddOns for the cluster.
-        const addOns: Array<ssp.ClusterAddOn> = [
-            new ssp.NginxAddOn,
-            new ssp.CalicoAddOn,
-            new ssp.MetricsServerAddOn,
-            new ssp.ClusterAutoScalerAddOn,
-            new ssp.ContainerInsightsAddOn,
-        ];
+    async buildAsync(scope: cdk.Construct, id: string) : Promise<ssp.EksBlueprint[]> {
+        // Setup platform team
+        const accountID = process.env.CDK_DEFAULT_ACCOUNT!;
+        const gitUrl = 'https://github.com/aws-samples/ssp-eks-workloads.git';
+        const gitSecureUrl = '[email protected]:aws-samples/ssp-eks-workloads.git';
 
-        const gitUrl = 'https://github.com/aws-samples/ssp-eks-workloads.git'
+        try {
+            await getSecretValue(MultiRegionConstruct.SECRET_GIT_SSH_KEY, 'us-east-2');
+            await getSecretValue(MultiRegionConstruct.SECRET_ARGO_ADMIN_PWD, 'us-west-2');
+        }
+        catch(error) {
+            throw new Error("Both github-ssh-key and argo-admin-secret secrets must be setup for the multi-region pattern to work.");
+        }
+        
+        const blueprint = ssp.EksBlueprint.builder()
+            .account(process.env.CDK_DEFAULT_ACCOUNT!)
+            .addons(new ssp.NginxAddOn,
+                new ssp.CalicoAddOn,
+                new ssp.MetricsServerAddOn,
+                new ssp.ClusterAutoScalerAddOn,
+                new ssp.ContainerInsightsAddOn)
+            .teams( new team.TeamPlatform(accountID),
+                new team.TeamTroiSetup,
+                new team.TeamRikerSetup,
+                new team.TeamBurnhamSetup(scope));
 
-        const devBootstrapArgo = new ArgoCDAddOn({
+        const devBootstrapArgo = new ssp.ArgoCDAddOn({
             bootstrapRepo: {
                 repoUrl: gitUrl,
                 path: 'envs/dev'
             }
         });
 
-        const testBootstrapArgo = new ArgoCDAddOn({
+        const testBootstrapArgo = new ssp.ArgoCDAddOn({
             bootstrapRepo: {
-                repoUrl: '[email protected]:aws-samples/ssp-eks-workloads.git',
+                repoUrl: gitSecureUrl,
                 path: 'envs/test',
-                credentialsSecretName: 'github-ssh-key',
+                credentialsSecretName: MultiRegionConstruct.SECRET_GIT_SSH_KEY,
                 credentialsType: 'SSH'
             },
-        
         });
 
-        const prodBootstrapArgo = new ArgoCDAddOn({
+        const prodBootstrapArgo = new ssp.ArgoCDAddOn({
             bootstrapRepo: {
-                repoUrl: '[email protected]:aws-samples/ssp-eks-workloads.git',
+                repoUrl: gitSecureUrl,
                 path: 'envs/prod',
-                credentialsSecretName: 'github-ssh-key',
+                credentialsSecretName: MultiRegionConstruct.SECRET_GIT_SSH_KEY,
                 credentialsType: 'SSH'
             },
-            adminPasswordSecretName: 'argo-admin-secret',
-        });
-
-        const east1 = 'us-east-1';
-        new ssp.EksBlueprint(scope, { id: `${id}-${east1}`, addOns: addOns.concat(devBootstrapArgo), teams }, {
-            env: { region: east1 }
-        });
-
-        const east2 = 'us-east-2';
-        new ssp.EksBlueprint(scope, { id: `${id}-${east2}`, addOns: addOns.concat(testBootstrapArgo), teams }, {
-            env: { region: east2 }
+            adminPasswordSecretName: MultiRegionConstruct.SECRET_ARGO_ADMIN_PWD,
         });
+        
+        const east1 = await blueprint.clone('us-east-1')
+            .addons(devBootstrapArgo)
+            .buildAsync(scope,  `${id}-us-east-1`);
+        
+        const east2 = await blueprint.clone('us-east-2')
+            .addons(testBootstrapArgo)
+            .buildAsync(scope, `${id}-us-east-2`);
+        
+        const west2 = await blueprint.clone('us-west-2')
+            .addons(prodBootstrapArgo)
+            .buildAsync(scope, `${id}-us-west-2`);
 
-        const west2 = 'us-west-2'
-        new ssp.EksBlueprint(scope, { id: `${id}-${west2}`, addOns: addOns.concat(prodBootstrapArgo), teams }, {
-            env: { region: west2 }
-        });
+        return [ east1, east2, west2 ];
     }
 }
+
+

lib/pipeline-stack/index.ts

@@ -1,82 +1,44 @@
 import * as cdk from '@aws-cdk/core';
-import * as pipelines from '@aws-cdk/pipelines';
-import * as codepipeline from '@aws-cdk/aws-codepipeline';
-import * as actions from '@aws-cdk/aws-codepipeline-actions';
+import { StackProps } from '@aws-cdk/core';
 
 // SSP Lib
 import * as ssp from '@shapirov/cdk-eks-blueprint'
 
 // Team implementations
 import * as team from '../teams'
 
-export default class PipelineStack extends cdk.Stack {
-    constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {
-        super(scope, id)
-
-        const pipeline = this.buildPipeline(this)
-
-        // Dev cluster.
-        const stage1 = new ClusterStage(this, 'blueprint-dev')
-        pipeline.addApplicationStage(stage1);
-
-        // Staging cluster
-        const stage2 = new ClusterStage(this, 'blueprint-staging')
-        pipeline.addApplicationStage(stage2);
-
-        // Production cluster
-        const stageOpts = { manualApprovals: true }
-        const stage3 = new ClusterStage(this, 'blueprint-production')
-        pipeline.addApplicationStage(stage3, stageOpts);
-    }
-
-    private buildPipeline = (scope: cdk.Construct) => {
-        const sourceArtifact = new codepipeline.Artifact();
-        const cloudAssemblyArtifact = new codepipeline.Artifact();
-
-        const sourceAction = new actions.GitHubSourceAction({
-            actionName: 'GitHub',
-            owner: 'aws-quickstart',
-            repo: 'quickstart-ssp-amazon-eks',
-            branch: 'main',
-            output: sourceArtifact,
-            oauthToken: cdk.SecretValue.secretsManager('github-token'),
-        })
-
-        // Use this if you need a build step (if you're not using ts-node
-        // or if you have TypeScript Lambdas that need to be compiled).
-        const synthAction = pipelines.SimpleSynthAction.standardNpmSynth({
-            sourceArtifact,
-            cloudAssemblyArtifact,
-            buildCommand: 'npm run build',
-        })
-
-        return new pipelines.CdkPipeline(scope, 'FactoryPipeline', {
-            pipelineName: 'FactoryPipeline',
-            cloudAssemblyArtifact,
-            sourceAction,
-            synthAction
-        });
-    }
-}
-
-export class ClusterStage extends cdk.Stage {
-    constructor(scope: cdk.Stack, id: string, props?: cdk.StageProps) {
-        super(scope, id, props);
-
-        // Setup platform team
-        const accountID = props?.env?.account
-        const platformTeam = new team.TeamPlatform(accountID!)
-        const teams: Array<ssp.Team> = [platformTeam];
-
-        // AddOns for the cluster.
-        const addOns: Array<ssp.ClusterAddOn> = [
-            new ssp.NginxAddOn,
-            new ssp.ArgoCDAddOn,
-            new ssp.CalicoAddOn,
-            new ssp.MetricsServerAddOn,
-            new ssp.ClusterAutoScalerAddOn,
-            new ssp.ContainerInsightsAddOn,
-        ];
-        new ssp.EksBlueprint(this, { id: 'eks', addOns, teams }, props);
+export default class PipelineConstruct extends cdk.Construct {
+
+    constructor(scope: cdk.Construct, id: string, props?: StackProps) {
+        super(scope, id);
+        const account = process.env.CDK_DEFAULT_ACCOUNT!;
+        const blueprint = ssp.EksBlueprint.builder()
+            .account(account) // the supplied default will fail, but build and synth will pass
+            .region('us-west-1')
+            .addons(new ssp.NginxAddOn,
+                new ssp.ArgoCDAddOn,
+                new ssp.CalicoAddOn,
+                new ssp.MetricsServerAddOn,
+                new ssp.ClusterAutoScalerAddOn,
+                new ssp.ContainerInsightsAddOn)
+            .teams(new team.TeamRikerSetup);
+
+        ssp.CodePipelineStack.builder()
+            .name("ssp-eks-pipeline")
+            .owner("aws-samples")
+            .repository({
+                repoUrl: 'ssp-eks-patterns',
+                credentialsSecretName: 'github-token',
+                branch: 'feature/usage-tracking'
+            })
+            .stage({
+                id: 'us-west-1-managed-ssp',
+                stackBuilder: blueprint.clone('us-west-1')
+            })
+            .stage({
+                id: 'us-east-2-managed-ssp',
+                stackBuilder: blueprint.clone('us-east-2')
+            })
+            .build(scope, "ssp-pipeline-stack", props);
     }
 }

lib/scratchpad/index.ts

@@ -0,0 +1,34 @@
+import * as cdk from '@aws-cdk/core';
+import {KubernetesVersion}  from '@aws-cdk/aws-eks';
+
+// SSP Lib
+import * as ssp from '@shapirov/cdk-eks-blueprint';
+import { EC2ClusterProvider } from '@shapirov/cdk-eks-blueprint';
+
+
+export default class ScratchpadConstruct extends cdk.Construct {
+    constructor(scope: cdk.Construct, id: string) {
+        super(scope, id);
+        // AddOns for the cluster.
+        const addOns: Array<ssp.ClusterAddOn> = [
+            new ssp.AwsLoadBalancerControllerAddOn,
+            new ssp.NginxAddOn,
+            new ssp.MetricsServerAddOn,
+            new ssp.ClusterAutoScalerAddOn
+        ];
+
+        const stackID = `${id}-blueprint`;
+
+        const clusterProvider = new EC2ClusterProvider( {
+            desiredSize: 3,
+            maxSize: 3,
+            version: KubernetesVersion.V1_20
+        });
+
+        new ssp.EksBlueprint(scope, { id: stackID, addOns, clusterProvider }, {
+            env: {
+                region: 'us-east-2',
+            },
+        });
+    }
+}

package.json

@@ -14,12 +14,11 @@
     "lint": "npx eslint . --ext .js,.jsx,.ts,.tsx"
   },
   "devDependencies": {
-    "@aws-cdk/assert": "1.113.0",
     "@types/jest": "^26.0.10",
     "@types/node": "10.17.27",
     "@typescript-eslint/eslint-plugin": "^4.23.0",
     "@typescript-eslint/parser": "^4.23.0",
-    "aws-cdk": "1.113.0",
+    "aws-cdk": "1.119.0",
     "copyfiles": "^2.4.1",
     "eslint": "^7.26.0",
     "jest": "^26.4.2",
@@ -28,8 +27,8 @@
     "typescript": "~3.9.7"
   },
   "dependencies": {
-    "@aws-cdk/core": "1.113.0",
-    "@shapirov/cdk-eks-blueprint": "^0.11.1",
+    "@aws-cdk/core": "1.119.0",
+    "@shapirov/cdk-eks-blueprint": "0.12.0",
     "source-map-support": "^0.5.16"
   }
 }

tsconfig.json

@@ -33,6 +33,7 @@
         "dist"
     ],
     "include": [
-        "lib"
+        "lib",
+        "examples"
     ]
 }