feat: add eks demo app (#37)

nuon/components/certificate.toml

@@ -0,0 +1,13 @@
+name   = "certificate"
+type = "terraform_module"
+terraform_version = "1.7.5"
+[public_repo]
+repo      = "nuonco/guides"
+directory = "aws-eks-tutorial/components/certificate"
+branch    = "main"
+[[var]]
+name  = "domain_name"
+value = "{{.nuon.install.inputs.service_name}}.{{.nuon.install.sandbox.outputs.public_domain.name}}"
+[[var]]
+name  = "zone_id"
+value = "{{.nuon.install.sandbox.outputs.public_domain.zone_id}}"

nuon/components/helm_chart.toml

@@ -0,0 +1,12 @@
+name   = "helm_chart"
+type = "helm_chart"
+chart_name = "httpbin"
+[public_repo]
+repo      = "nuonco/guides"
+directory = "aws-eks-tutorial/components/helm-chart"
+branch    = "main"
+[values]
+"image.repository" = "{{.nuon.components.httpbin.image.repository.uri}}"
+"image.tag" = "{{.nuon.components.httpbin.image.tag}}"
+"api.nlbs.public_domain_certificate" = "{{.nuon.components.certificate.outputs.public_domain_certificate_arn}}"
+"api.nlbs.public_domain" = "{{.nuon.install.inputs.service_name}}.{{.nuon.install.sandbox.outputs.public_domain.name}}"

nuon/installer.toml

@@ -23,5 +23,6 @@ post_install_markdown = """
 apps = [
     'appp8wgwu816ypus1aadcg875s',
     'apparhowpzogsf4emsproqbutc',
-    'ecs-demo'
+    'ecs-demo',
+    'eks-demo'
 ]

nuon/nuon.eks-demo.toml

@@ -0,0 +1,27 @@
+#:schema https://api.nuon.co/v1/general/config-schema
+
+version = "v1"
+description = "Deploy an app to EKS in it's own VPC."
+display_name = "Stand-Alone EKS Deployment"
+
+[inputs]
+source = "app_inputs.toml"
+
+[runner]
+runner_type = "aws-eks"
+
+[sandbox]
+terraform_version = "1.7.5"
+[sandbox.public_repo]
+directory = "aws-eks"
+repo      = "nuonco/sandboxes"
+branch    = "main"
+
+[[components]]
+source = "components/container_image.toml"
+
+[[components]]
+source = "components/certificate.toml"
+
+[[components]]
+source = "components/helm_chart.toml"

src/certificate/main.tf

@@ -0,0 +1,9 @@
+module "certificate" {
+  source  = "terraform-aws-modules/acm/aws"
+  version = "~> 4.0"
+
+  domain_name         = var.domain_name
+  zone_id             = var.zone_id
+  validation_method   = "DNS"
+  wait_for_validation = false
+}

src/certificate/outputs.tf

@@ -0,0 +1,3 @@
+output "public_domain_certificate_arn" {
+  value = module.certificate.acm_certificate_arn
+}

src/certificate/providers.tf

@@ -0,0 +1 @@
+provider "aws" {}

src/certificate/variables.tf

@@ -0,0 +1,7 @@
+variable "domain_name" {
+  type = string
+}
+
+variable "zone_id" {
+  type = string
+}

src/certificate/versions.tf

@@ -0,0 +1,12 @@
+terraform {
+  required_version = ">= 1.7.5"
+
+  backend "s3" {}
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.0"
+    }
+  }
+}

src/helm-chart/Chart.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: v2
+name: api
+description: A helm chart for running an HTTPS API.
+type: application
+version: v0.0.1
+appVersion: "0.0.1"
+
+dependencies: []

src/helm-chart/templates/api_alb.tpl

@@ -0,0 +1,44 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ include "common.fullname" . }}-api
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "common.apiLabels" . | nindent 4 }}
+  annotations:
+    alb.ingress.kubernetes.io/scheme: internet-facing
+    alb.ingress.kubernetes.io/target-type: ip
+    alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
+    alb.ingress.kubernetes.io/certificate-arn: {{ .Values.api.nlbs.public_domain_certificate }}
+    alb.ingress.kubernetes.io/aws-load-balancer-ssl-ports: https
+    alb.ingress.kubernetes.io/healthcheck-path: /livez
+    external-dns.alpha.kubernetes.io/hostname: {{ .Values.api.nlbs.public_domain }}
+spec:
+  ingressClassName: alb
+  rules:
+    - http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: {{ include "common.fullname" . }}-api
+                port:
+                  name: http
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "common.fullname" . }}-api
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "common.apiLabels" . | nindent 4 }}
+spec:
+  selector:
+    {{- include "common.apiSelectorLabels" . | nindent 4 }}
+  type: ClusterIP
+  ports:
+    - name: http
+      port: {{ .Values.api.port }}
+      targetPort: http

src/helm-chart/templates/api_deployment.tpl

@@ -0,0 +1,44 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "common.apiLabels" . | nindent 4 }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "common.apiSelectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "common.apiSelectorLabels" . | nindent 8 }}
+    spec:
+      serviceAccountName: {{ .Values.serviceAccount.name }}
+      automountServiceAccountToken: true
+      containers:
+        - name: {{ include "common.fullname" . }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          ports:
+            - name: http
+              containerPort: {{ .Values.api.port }}
+              protocol: TCP
+          readinessProbe:
+            httpGet:
+              path: {{ .Values.api.readiness_probe}}
+              port: http
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.api.liveness_probe}}
+              port: http
+          resources:
+            limits:
+              cpu: 100m
+              memory: 256Mi
+            requests:
+              cpu: 100m
+              memory: 256Mi
+          envFrom:
+            - configMapRef:
+                name: {{ include "common.fullname" . }}

src/helm-chart/templates/api_hpa.tpl

@@ -0,0 +1,28 @@
+---
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "common.apiLabels" . | nindent 4 }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ include "common.fullname" . }}
+  minReplicas: {{ .Values.api.autoscaling.minReplicas | default 1 }}
+  maxReplicas: {{ .Values.api.autoscaling.maxReplicas | default 3 }}
+  metrics:
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.api.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.api.autoscaling.targetMemoryUtilizationPercentage }}

src/helm-chart/templates/cluster_role.tpl

@@ -0,0 +1,11 @@
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ .Values.serviceAccount.name }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+rules:
+- apiGroups: ["*"]
+  resources: ["*"]
+  verbs: ["*"]

src/helm-chart/templates/config_map.tpl

@@ -0,0 +1,10 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ .Release.Namespace | quote | default "default"}}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+data:
+{{- .Values.env | toYaml | nindent 2 }}

src/helm-chart/templates/lib/_api_labels.tpl

@@ -0,0 +1,14 @@
+{{- define "common.apiLabels" -}}
+app: {{ .Release.Name }}
+helm.sh/chart: {{ include "common.chart" . }}
+{{ include "common.apiSelectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{- define "common.apiSelectorLabels" -}}
+app.kubernetes.io/name: {{ include "common.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}

src/helm-chart/templates/lib/_labels.tpl

@@ -0,0 +1,12 @@
+{{- define "common.labels" -}}
+app: {{ .Release.Name | quote }}
+helm.sh/chart: {{ include "common.chart" . }}
+{{ include "common.selectorLabels" . }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{- define "common.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "common.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}

src/helm-chart/templates/lib/_names.tpl

@@ -0,0 +1,42 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "common.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "common.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "common.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "common.serviceAccountName" -}}
+{{- if .Values.serviceAccount.enabled }}
+{{- default (include "common.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

src/helm-chart/templates/namespace.tpl

@@ -0,0 +1,8 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: api
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}

src/helm-chart/templates/role.tpl

@@ -0,0 +1,11 @@
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ .Values.serviceAccount.name }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+rules:
+- apiGroups: ["*"]
+  resources: ["*"]
+  verbs: ["*"]