new: kro lab module in Automation section (#1691)

Author: athavr

manifests/modules/automation/controlplanes/kro/.workshop/cleanup.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+set -e
+
+logmessage "Deleting resources created by kro..."
+
+delete-all-if-crd-exists webapplicationdynamodbs.kro.run
+
+delete-all-if-crd-exists webapplications.kro.run
+
+delete-all-if-crd-exists resourcegraphdefinitions.kro.run
+
+kubectl delete crd/webapplicationdynamodbs.kro.run --ignore-not-found
+
+kubectl delete crd/webapplications.kro.run --ignore-not-found
+
+uninstall-helm-chart kro kro-system

manifests/modules/automation/controlplanes/kro/.workshop/manifests/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - nlb.yaml

manifests/modules/automation/controlplanes/kro/.workshop/manifests/nlb.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: ui-nlb
+  annotations:
+    service.beta.kubernetes.io/aws-load-balancer-type: external
+    service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+    service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: instance
+  namespace: ui
+spec:
+  type: LoadBalancer
+  ports:
+    - port: 80
+      targetPort: 8080
+      name: http
+  selector:
+    app.kubernetes.io/name: ui
+    app.kubernetes.io/instance: ui
+    app.kubernetes.io/component: service

manifests/modules/automation/controlplanes/kro/.workshop/terraform/main.tf

@@ -0,0 +1,130 @@
+terraform {
+  required_providers {
+    kubectl = {
+      source  = "gavinbunney/kubectl"
+      version = ">= 1.14"
+    }
+  }
+}
+
+provider "aws" {
+  region = "us-east-1"
+  alias  = "virginia"
+}
+
+data "aws_caller_identity" "current" {}
+data "aws_region" "current" {}
+
+data "aws_ecrpublic_authorization_token" "token" {
+  provider = aws.virginia
+}
+
+
+module "eks_blueprints_addons" {
+  source  = "aws-ia/eks-blueprints-addons/aws"
+  version = "1.22.0"
+
+  enable_aws_load_balancer_controller = true
+  aws_load_balancer_controller = {
+    wait        = true
+    role_name   = "${var.addon_context.eks_cluster_id}-alb-controller"
+    policy_name = "${var.addon_context.eks_cluster_id}-alb-controller"
+  }
+
+  cluster_name      = var.addon_context.eks_cluster_id
+  cluster_endpoint  = var.addon_context.aws_eks_cluster_endpoint
+  cluster_version   = var.eks_cluster_version
+  oidc_provider_arn = var.addon_context.eks_oidc_provider_arn
+
+  eks_addons = {
+    eks-pod-identity-agent = {
+      addon_version = "v1.1.0-eksbuild.1"
+    }
+  }
+
+  observability_tag = null
+}
+
+resource "time_sleep" "blueprints_addons_sleep" {
+  depends_on = [
+    module.eks_blueprints_addons
+  ]
+
+  create_duration  = "15s"
+  destroy_duration = "15s"
+}
+
+resource "kubernetes_manifest" "ui_alb" {
+  depends_on = [time_sleep.blueprints_addons_sleep]
+
+  manifest = {
+    "apiVersion" = "networking.k8s.io/v1"
+    "kind"       = "Ingress"
+    "metadata" = {
+      "name"      = "ui"
+      "namespace" = "ui"
+      "annotations" = {
+        "alb.ingress.kubernetes.io/scheme"           = "internet-facing"
+        "alb.ingress.kubernetes.io/target-type"      = "ip"
+        "alb.ingress.kubernetes.io/healthcheck-path" = "/actuator/health/liveness"
+      }
+    }
+    "spec" = {
+      ingressClassName = "alb",
+      "rules" = [{
+        "http" = {
+          paths = [{
+            path     = "/"
+            pathType = "Prefix"
+            "backend" = {
+              service = {
+                name = "ui"
+                port = {
+                  number = 80
+                }
+              }
+            }
+          }]
+        }
+      }]
+    }
+  }
+}
+
+module "eks_ack_addons" {
+  source = "aws-ia/eks-ack-addons/aws"
+
+  # Cluster Info
+  cluster_name      = var.addon_context.eks_cluster_id
+  cluster_endpoint  = var.addon_context.aws_eks_cluster_endpoint
+  oidc_provider_arn = var.addon_context.eks_oidc_provider_arn
+
+  # ECR Credentials
+  ecrpublic_username = data.aws_ecrpublic_authorization_token.token.user_name
+  ecrpublic_token    = data.aws_ecrpublic_authorization_token.token.password
+
+  # Controllers to enable
+  enable_dynamodb = true
+  enable_iam      = true
+  enable_eks      = true
+  dynamodb = {
+    wait        = true
+    role_name   = "${var.addon_context.eks_cluster_id}-ack-dynamo"
+    policy_name = "${var.addon_context.eks_cluster_id}-ack-dynamo"
+  }
+
+  iam = {
+    wait        = true
+    role_name   = "${var.addon_context.eks_cluster_id}-ack-iam"
+    policy_name = "${var.addon_context.eks_cluster_id}-ack-iam"
+  }
+
+  eks = {
+    wait        = true
+    role_name   = "${var.addon_context.eks_cluster_id}-ack-eks"
+    policy_name = "${var.addon_context.eks_cluster_id}-ack-eks"
+  }
+
+  tags = var.tags
+
+}

manifests/modules/automation/controlplanes/kro/.workshop/terraform/outputs.tf

@@ -0,0 +1,8 @@
+output "environment_variables" {
+  description = "Environment variables to be added to the IDE shell"
+  value = {
+    DYNAMO_ACK_VERSION = var.dynamo_ack_version,
+    KRO_VERSION        = var.kro_version,
+    ACCOUNT_ID         = data.aws_caller_identity.current.account_id
+  }
+}

manifests/modules/automation/controlplanes/kro/.workshop/terraform/templates/nlb.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: ui-nlb
+  annotations:
+    service.beta.kubernetes.io/aws-load-balancer-type: external
+    service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+    service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: instance
+  namespace: ui
+spec:
+  type: LoadBalancer
+  ports:
+    - port: 80
+      targetPort: 8080
+      name: http
+  selector:
+    app.kubernetes.io/name: ui
+    app.kubernetes.io/instance: ui
+    app.kubernetes.io/component: service

manifests/modules/automation/controlplanes/kro/.workshop/terraform/vars.tf

@@ -0,0 +1,49 @@
+# tflint-ignore: terraform_unused_declarations
+variable "eks_cluster_id" {
+  description = "EKS cluster name"
+  type        = string
+}
+
+# tflint-ignore: terraform_unused_declarations
+variable "eks_cluster_version" {
+  description = "EKS cluster version"
+  type        = string
+}
+
+# tflint-ignore: terraform_unused_declarations
+variable "cluster_security_group_id" {
+  description = "EKS cluster security group ID"
+  type        = any
+}
+
+# tflint-ignore: terraform_unused_declarations
+variable "addon_context" {
+  description = "Addon context that can be passed directly to blueprints addon modules"
+  type        = any
+}
+
+# tflint-ignore: terraform_unused_declarations
+variable "tags" {
+  description = "Tags to apply to AWS resources"
+  type        = any
+}
+
+# tflint-ignore: terraform_unused_declarations
+variable "resources_precreated" {
+  description = "Have expensive resources been created already"
+  type        = bool
+}
+
+variable "dynamo_ack_version" {
+  description = "The version of Dynamo ACK to use"
+  type        = string
+  # renovate: datasource=github-releases depName=aws-controllers-k8s/dynamodb-controller
+  default = "1.5.2"
+}
+
+variable "kro_version" {
+  description = "The version of Kro to use"
+  type        = string
+  # renovate: datasource=github-releases depName=kro-run/kro
+  default = "0.4.1"
+}

manifests/modules/automation/controlplanes/kro/app/carts-ddb.yaml

@@ -0,0 +1,22 @@
+apiVersion: kro.run/v1alpha1
+kind: WebApplicationDynamoDB
+metadata:
+  name: carts
+  namespace: carts
+spec:
+  # Basic types
+  appName: carts
+  replicas: 1
+  image: "public.ecr.aws/aws-containers/retail-store-sample-cart:1.2.1"
+  port: 8080
+
+  dynamodb:
+    tableName: "eks-workshop-carts-kro"
+
+  env:
+    RETAIL_CART_PERSISTENCE_PROVIDER: "dynamodb"
+    RETAIL_CART_PERSISTENCE_DYNAMODB_TABLE_NAME: "eks-workshop-carts-kro"
+
+  aws:
+    accountID: ${AWS_ACCOUNT_ID}
+    region: ${AWS_REGION}

manifests/modules/automation/controlplanes/kro/app/carts.yaml

@@ -0,0 +1,18 @@
+apiVersion: kro.run/v1alpha1
+kind: WebApplication
+metadata:
+  name: carts
+  namespace: carts
+spec:
+  # Basic types
+  appName: carts
+  replicas: 1
+  image: "public.ecr.aws/aws-containers/retail-store-sample-cart:1.2.1"
+  port: 8080
+  env:
+    RETAIL_CART_PERSISTENCE_PROVIDER: "in-memory"
+    RETAIL_CART_PERSISTENCE_DYNAMODB_TABLE_NAME: "Items"
+    RETAIL_CART_PERSISTENCE_DYNAMODB_CREATE_TABLE: "false"
+
+  service:
+    enabled: true

manifests/modules/automation/controlplanes/kro/app/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- carts-ddb.yaml