chore:use nested stack for ecr repos (#1)

* chore:use nested stack for ecr repos * ecr nested stack works for single repo * chore: add ecrRepoNames input and loop over repos * chore: hardcode repos and create imagePullSecret * chore: add pullsecret without yaml manifest --------- Co-authored-by: Srihas Konduru <[email protected]>
garden-io · Apr 3, 2023 · a2c3ea7 · a2c3ea7
1 parent 2a72d99
commit a2c3ea7
Show file tree

Hide file tree

Showing 7 changed files with 250 additions and 1,102 deletions.
diff --git a/cluster.ts b/cluster.ts
@@ -1,62 +1,94 @@
-import * as blueprints from '@aws-quickstart/eks-blueprints';
-import { GlobalResources, utils, ImportHostedZoneProvider} from '@aws-quickstart/eks-blueprints';
-import { Construct } from 'constructs';
-import { TeamPlatform } from './teams';
-import * as cdk from 'aws-cdk-lib'
-import * as ecr from 'aws-cdk-lib/aws-ecr'
-import { ECRRegistry } from './ecr';
+import * as blueprints from "@aws-quickstart/eks-blueprints";
+import {
+  GlobalResources,
+  utils,
+  ImportHostedZoneProvider,
+} from "@aws-quickstart/eks-blueprints";
+import { Construct } from "constructs";
+import { TeamPlatform } from "./teams";
+import * as cdk from "aws-cdk-lib";
+import * as eks from "aws-cdk-lib/aws-eks";
+import * as iam from "aws-cdk-lib/aws-iam";
+import { ECRRepository } from "./ecr";
+import { KubernetesVersion } from "aws-cdk-lib/aws-eks";
+import { DeployImagePullSecret } from "./pullsecret";
 
 //const burnhamManifestDir = './lib/teams/team-burnham/'
 //const rikerManifestDir = './lib/teams/team-riker/'
 //const teamManifestDirList = [burnhamManifestDir, rikerManifestDir]
 
 const accountID = process.env.CDK_DEFAULT_ACCOUNT!;
-const gitUrl = 'https://github.com/aws-samples/eks-blueprints-workloads.git';
-
+const gitUrl = "https://github.com/aws-samples/eks-blueprints-workloads.git";
 
 /**
  * See docs/patterns/nginx.md for mode details on the setup.
  */
-export default class DevCluster extends cdk.Stack{
-
-    async buildAsync(scope: Construct, id: string) {
-        const teams: Array<blueprints.Team> = [
-            new TeamPlatform(accountID)
-        ];
-
-        const subdomain: string = utils.valueFromContext(scope, "dev.marketplace", "sys.garden");
-
-        blueprints.HelmAddOn.validateHelmVersions = false;
-
-
-        await blueprints.EksBlueprint.builder()
-            .account("049586690729")
-            .region("eu-central-1")
-            .teams(...teams)
-            .resourceProvider(GlobalResources.HostedZone ,new ImportHostedZoneProvider('Z028702323WOQ31QJAJJP', subdomain))
-            .resourceProvider(GlobalResources.Certificate, new blueprints.CreateCertificateProvider('wildcard-cert', "*.dev.marketplace.sys.garden", GlobalResources.HostedZone))
-            .addOns(
-                new blueprints.VpcCniAddOn(),
-                new blueprints.CoreDnsAddOn(),
-                new blueprints.CertManagerAddOn,
-                new blueprints.AwsLoadBalancerControllerAddOn,
-                new blueprints.ExternalDnsAddOn({
-                    hostedZoneResources: [blueprints.GlobalResources.HostedZone] // you can add more if you register resource providers
-                }),
-                new blueprints.NginxAddOn({
-                    version: "0.15.2",
-                    internetFacing: true,
-                    backendProtocol: "tcp",
-                    externalDnsHostname: subdomain,
-                    crossZoneEnabled: false,
-                    certificateResourceName: GlobalResources.Certificate,
-                }),
-                new blueprints.SecretsStoreAddOn({ rotationPollInterval: "120s" }),
-                new blueprints.ClusterAutoScalerAddOn)
-            .buildAsync(scope, `${id}-eks`);
-
-            blueprints.HelmAddOn.validateHelmVersions = false;
-    }
-}
+export default class DevCluster extends cdk.Stack {
+  async eksCluster(scope: Construct, id: string) {
+    const repoNames: string[] = ["api", "result", "vote", "worker"];
+    // new ECRRepository(repoNames, this, 'garden-repo')
+
+    const teams: Array<blueprints.Team> = [new TeamPlatform(accountID)];
 
+    const subdomain: string = utils.valueFromContext(
+      scope,
+      "dev.marketplace",
+      "sys.garden"
+    );
 
+    blueprints.HelmAddOn.validateHelmVersions = false;
+
+    const cluster = await blueprints.EksBlueprint.builder()
+      .account("049586690729")
+      .region("eu-central-1")
+      .version(KubernetesVersion.V1_24)
+      .teams(...teams)
+      .resourceProvider(
+        GlobalResources.HostedZone,
+        new ImportHostedZoneProvider("Z028702323WOQ31QJAJJP", subdomain)
+      )
+      .resourceProvider(
+        GlobalResources.Certificate,
+        new blueprints.CreateCertificateProvider(
+          "wildcard-cert",
+          "*.dev.marketplace.sys.garden",
+          GlobalResources.HostedZone
+        )
+      )
+      .addOns(
+        new blueprints.VpcCniAddOn(),
+        new blueprints.CoreDnsAddOn(),
+        new blueprints.CertManagerAddOn(),
+        new blueprints.AwsLoadBalancerControllerAddOn(),
+        new blueprints.ExternalDnsAddOn({
+          hostedZoneResources: [blueprints.GlobalResources.HostedZone], // you can add more if you register resource providers
+        }),
+        new blueprints.NginxAddOn({
+          version: "0.15.2",
+          internetFacing: true,
+          backendProtocol: "tcp",
+          externalDnsHostname: subdomain,
+          crossZoneEnabled: false,
+          certificateResourceName: GlobalResources.Certificate,
+        }),
+        new blueprints.SecretsStoreAddOn({ rotationPollInterval: "120s" }),
+        new blueprints.ClusterAutoScalerAddOn(),
+        new DeployImagePullSecret(),
+        new blueprints.NestedStackAddOn({
+          builder: ECRRepository.builder(),
+          id: "ecr-nested-stack"
+        })
+      )
+      .buildAsync(scope, `${id}`);
+
+    blueprints.HelmAddOn.validateHelmVersions = false;
+    cluster
+      .getClusterInfo()
+      .nodeGroups?.at(0)
+      ?.role?.addManagedPolicy(
+        iam.ManagedPolicy.fromAwsManagedPolicyName(
+          "AmazonEC2ContainerRegistryPowerUser"
+        )
+      );
+  }
+}
diff --git a/ecr.ts b/ecr.ts
@@ -1,15 +1,33 @@
-import * as cdk from 'aws-cdk-lib';
-import * as ecr from 'aws-cdk-lib/aws-ecr';
-import { Construct } from 'constructs';
+import * as cdk from "aws-cdk-lib";
+import * as ecr from "aws-cdk-lib/aws-ecr";
+import { Construct } from "constructs";
+import * as blueprints from "@aws-quickstart/eks-blueprints";
 
-export class ECRRegistry extends cdk.Stack {
-    public readonly ecrRepo: ecr.Repository
-    constructor(scope: Construct, id: string, props?: cdk.StackProps) {
-        super(scope, id, props);
-
-        this.ecrRepo = new ecr.Repository(this, 'backend', {
-            encryption: ecr.RepositoryEncryption.KMS,
-            imageScanOnPush: true,
-        });
+export class ECRRepository extends cdk.NestedStack {
+  readonly ecrRepos: ecr.Repository[];
+  readonly ecrRepoNames: string[];
+  public static builder(): blueprints.NestedStackBuilder {
+    return {
+      build(scope: Construct, id: string, props: cdk.NestedStackProps) {
+        return new ECRRepository(scope, id, props);
+      },
+    };
+  }
+  constructor(scope: Construct, id: string, props: cdk.NestedStackProps) {
+    super(scope, id, props);
+    this.ecrRepos = []
+    this.ecrRepoNames = ["api", "vote", "worker", "result"]
+    for (var repo of this.ecrRepoNames) {
+      this.ecrRepos.push(new ecr.Repository(this, repo, {
+          repositoryName: `garden-demo/${repo}`,
+          encryption: ecr.RepositoryEncryption.KMS,
+          imageScanOnPush: true,
+      }));
+      this.ecrRepos.push(new ecr.Repository(this, `${repo}/cache`, {
+          repositoryName: `garden-demo/${repo}/cache`,
+          encryption: ecr.RepositoryEncryption.KMS,
+          imageScanOnPush: true,
+      }));
     }
-}
+  }
+}
diff --git a/main.ts b/main.ts
@@ -1,17 +1,14 @@
-import * as cdk from 'aws-cdk-lib';
-import { logger } from '@aws-quickstart/eks-blueprints/dist/utils';
-import { HelmAddOn } from '@aws-quickstart/eks-blueprints';
+import * as cdk from "aws-cdk-lib";
+import { logger } from "@aws-quickstart/eks-blueprints/dist/utils";
+import { HelmAddOn } from "@aws-quickstart/eks-blueprints";
+import DevCluster from "./cluster";
 
 const app = new cdk.App();
 const account = "049586690729";
 const region = "eu-central-1";
 const env: cdk.Environment = { account: account, region: region };
 HelmAddOn.validateHelmVersions = false;
 
-import DevCluster from './cluster';
-new DevCluster().buildAsync(app, 'dev-cluster').catch(() => {
-    logger.info("Error setting up dev cluster");
+new DevCluster().eksCluster(app, `dev-cluster`).catch(() => {
+  logger.info("Error setting up dev cluster");
 });
-
-import { ECRRegistry } from './ecr';
-new ECRRegistry(app, 'dev-cluster-ecr');