From 0fbfd612d33b130cfc3d47bbcfd3e82599974432 Mon Sep 17 00:00:00 2001 From: Jordan Acosta Date: Sat, 2 Mar 2024 09:32:50 -0800 Subject: [PATCH] fix(aws-eks-tutorial): use alb ingress instead --- .../components/certificate/main.tf | 2 +- .../helm-chart/templates/api_alb.tpl | 44 +++++++++++++++++++ .../helm-chart/templates/api_certificate.tpl | 15 ------- .../helm-chart/templates/api_deployment.tpl | 14 ++++-- .../helm-chart/templates/api_ingress.tpl | 27 ------------ .../helm-chart/templates/api_nlbs.tpl | 31 ------------- .../helm-chart/templates/api_service.tpl | 16 ------- .../components/helm-chart/values.yaml | 7 ++- 8 files changed, 58 insertions(+), 98 deletions(-) create mode 100644 aws-eks-tutorial/components/helm-chart/templates/api_alb.tpl delete mode 100644 aws-eks-tutorial/components/helm-chart/templates/api_certificate.tpl delete mode 100644 aws-eks-tutorial/components/helm-chart/templates/api_ingress.tpl delete mode 100644 aws-eks-tutorial/components/helm-chart/templates/api_nlbs.tpl delete mode 100644 aws-eks-tutorial/components/helm-chart/templates/api_service.tpl diff --git a/aws-eks-tutorial/components/certificate/main.tf b/aws-eks-tutorial/components/certificate/main.tf index 2f71d69..6dcf7c3 100644 --- a/aws-eks-tutorial/components/certificate/main.tf +++ b/aws-eks-tutorial/components/certificate/main.tf @@ -4,5 +4,5 @@ module "certificate" { domain_name = var.domain_name zone_id = var.zone_id - wait_for_validation = false + wait_for_validation = true } diff --git a/aws-eks-tutorial/components/helm-chart/templates/api_alb.tpl b/aws-eks-tutorial/components/helm-chart/templates/api_alb.tpl new file mode 100644 index 0000000..8236008 --- /dev/null +++ b/aws-eks-tutorial/components/helm-chart/templates/api_alb.tpl @@ -0,0 +1,44 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "common.fullname" . }}-api + namespace: {{ .Release.Namespace }} + labels: + {{- include "common.apiLabels" . | nindent 4 }} + annotations: + alb.ingress.kubernetes.io/scheme: internet-facing + alb.ingress.kubernetes.io/target-type: ip + alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' + alb.ingress.kubernetes.io/certificate-arn: {{ .Values.api.nlbs.public_domain_certificate }} + alb.ingress.kubernetes.io/aws-load-balancer-ssl-ports: https + alb.ingress.kubernetes.io/healthcheck-path: /livez + external-dns.alpha.kubernetes.io/hostname: {{ .Values.api.nlbs.public_domain }} +spec: + ingressClassName: alb + rules: + - http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: {{ include "common.fullname" . }}-api + port: + name: http +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.fullname" . }}-api + namespace: {{ .Release.Namespace }} + labels: + {{- include "common.apiLabels" . | nindent 4 }} +spec: + selector: + {{- include "common.apiSelectorLabels" . | nindent 4 }} + type: ClusterIP + ports: + - name: http + port: 8080 + targetPort: http diff --git a/aws-eks-tutorial/components/helm-chart/templates/api_certificate.tpl b/aws-eks-tutorial/components/helm-chart/templates/api_certificate.tpl deleted file mode 100644 index 999bd1f..0000000 --- a/aws-eks-tutorial/components/helm-chart/templates/api_certificate.tpl +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ include "common.fullname" . }}-public - namespace: {{ .Release.Namespace }} - labels: - {{- include "common.apiLabels" . | nindent 4 }} -spec: - secretName: api-ingress-public-tls - dnsNames: - - {{ .Values.api.ingresses.public_domain }} - issuerRef: - name: public-issuer - kind: ClusterIssuer diff --git a/aws-eks-tutorial/components/helm-chart/templates/api_deployment.tpl b/aws-eks-tutorial/components/helm-chart/templates/api_deployment.tpl index 7b9b116..14fa3df 100644 --- a/aws-eks-tutorial/components/helm-chart/templates/api_deployment.tpl +++ b/aws-eks-tutorial/components/helm-chart/templates/api_deployment.tpl @@ -22,10 +22,16 @@ spec: image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" ports: - name: http - containerPort: 8080 - hostPort: 8080 - readinessProbe: null - livenessProbe: null + containerPort: {{ .Values.api.port }} + protocol: TCP + readinessProbe: + httpGet: + path: {{ .Values.api.readiness_probe}} + port: http + livenessProbe: + httpGet: + path: {{ .Values.api.liveness_probe}} + port: http resources: limits: cpu: 100m diff --git a/aws-eks-tutorial/components/helm-chart/templates/api_ingress.tpl b/aws-eks-tutorial/components/helm-chart/templates/api_ingress.tpl deleted file mode 100644 index 96f9873..0000000 --- a/aws-eks-tutorial/components/helm-chart/templates/api_ingress.tpl +++ /dev/null @@ -1,27 +0,0 @@ ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ include "common.fullname" . }}-public - namespace: {{ .Release.Namespace }} - labels: - {{- include "common.apiLabels" . | nindent 4 }} - annotations: - external-dns.alpha.kubernetes.io/hostname: {{ .Values.api.ingresses.public_domain }} - kubernetes.io/ingress.class: nginx -spec: - tls: - - hosts: - - {{ .Values.api.ingresses.public_domain }} - secretName: api-ingress-public-tls - rules: - - host: {{ .Values.api.ingresses.public_domain}} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ include "common.fullname" . }} - port: - number: 8080 diff --git a/aws-eks-tutorial/components/helm-chart/templates/api_nlbs.tpl b/aws-eks-tutorial/components/helm-chart/templates/api_nlbs.tpl deleted file mode 100644 index c3cc983..0000000 --- a/aws-eks-tutorial/components/helm-chart/templates/api_nlbs.tpl +++ /dev/null @@ -1,31 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.fullname" . }}-nlb-public - namespace: {{ .Release.Namespace }} - labels: - {{- include "common.apiLabels" . | nindent 4 }} - - # NOTE: we run the 2.5.* version, please reference annotations here - # https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.5/guide/service/annotations/ - annotations: - service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip - service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing - service.beta.kubernetes.io/aws-load-balancer-target-group-attributes: preserve_client_ip.enabled=false - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: {{ .Values.api.nlbs.public_domain_certificate_arn }} - service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp - external-dns.alpha.kubernetes.io/hostname: {{ .Values.api.nlbs.public_domain }} -spec: - type: LoadBalancer - loadBalancerClass: service.k8s.aws/nlb - allocateLoadBalancerNodePorts: false - externalTrafficPolicy: Local - internalTrafficPolicy: Local - selector: - {{- include "common.apiSelectorLabels" . | nindent 4 }} - ports: - - name: http - port: 8080 - targetPort: 8080 diff --git a/aws-eks-tutorial/components/helm-chart/templates/api_service.tpl b/aws-eks-tutorial/components/helm-chart/templates/api_service.tpl deleted file mode 100644 index e8c93fc..0000000 --- a/aws-eks-tutorial/components/helm-chart/templates/api_service.tpl +++ /dev/null @@ -1,16 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.fullname" . }} - labels: - {{- include "common.apiLabels" . | nindent 4 }} - namespace: {{ .Release.Namespace }} -spec: - clusterIP: None - ports: - - name: http - port: 8080 - targetPort: 8080 - selector: - {{- include "common.apiSelectorLabels" . | nindent 4 }} diff --git a/aws-eks-tutorial/components/helm-chart/values.yaml b/aws-eks-tutorial/components/helm-chart/values.yaml index 5d1f8c7..e9f8838 100644 --- a/aws-eks-tutorial/components/helm-chart/values.yaml +++ b/aws-eks-tutorial/components/helm-chart/values.yaml @@ -15,13 +15,12 @@ serviceAccount: api: port: 8080 - - ingresses: - public_domain: api.INSTALL_PUBLIC_DOMAIN + readinessProbe: /readyz + livenessProbe: /livez nlbs: public_domain: nlb.INSTALL_PUBLIC_DOMAIN - public_domain_certificate: nbl.PUBLIC_DOMAIN_CERTIFICATE + public_domain_certificate: nlb.PUBLIC_DOMAIN_CERTIFICATE autoscaling: minReplicas: 1