├── .gitignore ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── LICENSE ├── README.md ├── application-sets ├── Chart.yaml ├── templates │ └── guestbook.yaml └── values.yaml ├── crossplane-argocd-gitops └── envs │ └── dev │ ├── Chart.yaml │ ├── templates │ └── team-spock.yaml │ └── values.yaml ├── envs ├── dev │ ├── Chart.yaml │ ├── templates │ │ ├── team-burnham.yaml │ │ ├── team-carmen.yaml │ │ ├── team-geordie.yaml │ │ ├── team-platform.yaml │ │ └── team-riker.yaml │ └── values.yaml ├── prod │ ├── Chart.yaml │ ├── templates │ │ ├── team-burnham.yaml │ │ ├── team-carmen.yaml │ │ ├── team-geordie.yaml │ │ └── team-riker.yaml │ └── values.yaml └── test │ ├── Chart.yaml │ ├── templates │ ├── team-burnham.yaml │ ├── team-carmen.yaml │ ├── team-geordie.yaml │ └── team-riker.yaml │ └── values.yaml ├── multi-repo ├── argo-app-of-apps │ ├── dev │ │ ├── Chart.yaml │ │ ├── Makefile │ │ ├── templates │ │ │ ├── ecsdemo-crystal.yaml │ │ │ ├── ecsdemo-frontend.yaml │ │ │ └── ecsdemo-nodejs.yaml │ │ ├── test-values.yaml │ │ ├── test_values.yaml │ │ └── values.yaml │ ├── prod │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── ecsdemo-crystal.yaml │ │ │ ├── ecsdemo-frontend.yaml │ │ │ └── ecsdemo-nodejs.yaml │ │ └── values.yaml │ └── test │ │ ├── Chart.yaml │ │ ├── templates │ │ ├── ecsdemo-crystal.yaml │ │ ├── ecsdemo-frontend.yaml │ │ └── ecsdemo-nodejs.yaml │ │ └── values.yaml └── argo-app-projects │ ├── ecsdemo-crystal.yaml │ ├── ecsdemo-frontend.yaml │ └── ecsdemo-nodejs.yaml ├── secure-ingress-cognito └── envs │ ├── dev │ ├── Chart.yaml │ ├── templates │ │ └── team-kirk.yaml │ └── values.yaml │ ├── prod │ ├── Chart.yaml │ ├── templates │ │ └── team-kirk.yaml │ └── values.yaml │ └── test │ ├── Chart.yaml │ ├── templates │ └── team-kirk.yaml │ └── values.yaml ├── security └── envs │ └── dev │ ├── Chart.yaml │ ├── templates │ ├── team-data.yaml │ └── team-platform.yaml │ └── values.yaml └── teams ├── team-burnham ├── dev │ ├── Chart.yaml │ ├── templates │ │ ├── burnham.yaml │ │ ├── deployment.yaml │ │ └── service.yaml │ └── values.yaml ├── prod │ ├── Chart.yaml │ ├── templates │ │ ├── burnham.yaml │ │ ├── deployment.yaml │ │ └── service.yaml │ └── values.yaml └── test │ ├── Chart.yaml │ ├── templates │ ├── burnham.yaml │ ├── deployment.yaml │ └── service.yaml │ └── values.yaml ├── team-danger └── dev │ ├── Chart.yaml │ ├── templates │ └── privileged-pod.yaml │ └── values.yaml ├── team-data └── dev │ ├── Chart.yaml │ ├── templates │ ├── ebs-ecncrypted-storage-pvc.yaml │ └── efs-ecncrypted-storage-pvc.yaml │ └── values.yaml ├── team-geordie ├── dev │ ├── Chart.yaml │ ├── ho11y │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── ho11y.yaml │ │ │ └── ingress.yaml │ │ └── values.yaml │ ├── templates │ │ ├── ho11y-app.yaml │ │ └── yelb-app.yaml │ ├── values.yaml │ └── yelb │ │ ├── Chart.yaml │ │ ├── templates │ │ ├── deployment.yaml │ │ └── ingress.yaml │ │ └── values.yaml ├── prod │ ├── Chart.yaml │ ├── ho11y │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── ho11y.yaml │ │ │ └── ingress.yaml │ │ └── values.yaml │ ├── templates │ │ ├── ho11y-app.yaml │ │ └── yelb-app.yaml │ ├── values.yaml │ └── yelb │ │ ├── Chart.yaml │ │ ├── templates │ │ ├── deployment.yaml │ │ └── ingress.yaml │ │ └── values.yaml └── test │ ├── Chart.yaml │ ├── ho11y │ ├── Chart.yaml │ ├── templates │ │ ├── ho11y.yaml │ │ └── ingress.yaml │ └── values.yaml │ ├── templates │ ├── ho11y-app.yaml │ └── yelb-app.yaml │ ├── values.yaml │ └── yelb │ ├── Chart.yaml │ ├── templates │ ├── deployment.yaml │ └── ingress.yaml │ └── values.yaml ├── team-kirk ├── dev │ ├── Chart.yaml │ ├── templates │ │ └── ingress.yaml │ └── values.yaml ├── prod │ ├── Chart.yaml │ ├── templates │ │ └── ingress.yaml │ └── values.yaml └── test │ ├── Chart.yaml │ ├── templates │ └── ingress.yaml │ └── values.yaml ├── team-platform └── dev │ ├── Chart.yaml │ ├── templates │ ├── ebs-gp2-encrypted-storage-class.yaml │ ├── efs-encrypted-storage-class.yaml │ ├── karpenter-awsnodetemplate.yaml │ ├── karpenter-provisioner-default.yaml │ ├── karpenter-provisioner-taint.yaml │ └── karpenter-provisioner.yaml │ └── values.yaml ├── team-riker ├── dev │ ├── Chart.yaml │ ├── templates │ │ ├── 2048.yaml │ │ ├── deployment.yaml │ │ ├── ingress.yaml │ │ └── service.yaml │ └── values.yaml ├── prod │ ├── Chart.yaml │ ├── templates │ │ ├── deployment.yaml │ │ ├── ingress.yaml │ │ └── service.yaml │ └── values.yaml └── test │ ├── Chart.yaml │ ├── templates │ ├── deployment.yaml │ ├── ingress.yaml │ └── service.yaml │ └── values.yaml ├── team-scan └── dev │ ├── Chart.yaml │ ├── templates │ └── image-push-pod.yaml │ └── values.yaml └── team-spock └── dev ├── Chart.yaml ├── templates ├── clusterA-addon-eks-pod-identity-agent.yaml ├── clusterA-cluster-auth.yaml ├── clusterA-provider-config-helm.yaml ├── clusterA-provider-config-k8s.yaml ├── clusterA-test-helm.yaml ├── clusterA-test-namespace.yaml ├── clusterB-addon-eks-pod-identity-agent.yaml ├── clusterB-cluster-auth.yaml ├── clusterB-provider-config-helm.yaml ├── clusterB-provider-config-k8s.yaml ├── clusterB-test-helm.yaml ├── clusterB-test-namespace.yaml └── common-provider-config-aws.yaml └── values.yaml /.gitignore: -------------------------------------------------------------------------------- 1 | .vscode 2 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | ## Code of Conduct 2 | This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). 3 | For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact 4 | opensource-codeofconduct@amazon.com with any additional questions or comments. 5 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing Guidelines 2 | 3 | Thank you for your interest in contributing to our project. Whether it's a bug report, new feature, correction, or additional 4 | documentation, we greatly value feedback and contributions from our community. 5 | 6 | Please read through this document before submitting any issues or pull requests to ensure we have all the necessary 7 | information to effectively respond to your bug report or contribution. 8 | 9 | 10 | ## Reporting Bugs/Feature Requests 11 | 12 | We welcome you to use the GitHub issue tracker to report bugs or suggest features. 13 | 14 | When filing an issue, please check existing open, or recently closed, issues to make sure somebody else hasn't already 15 | reported the issue. Please try to include as much information as you can. Details like these are incredibly useful: 16 | 17 | * A reproducible test case or series of steps 18 | * The version of our code being used 19 | * Any modifications you've made relevant to the bug 20 | * Anything unusual about your environment or deployment 21 | 22 | 23 | ## Contributing via Pull Requests 24 | Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that: 25 | 26 | 1. You are working against the latest source on the *main* branch. 27 | 2. You check existing open, and recently merged, pull requests to make sure someone else hasn't addressed the problem already. 28 | 3. You open an issue to discuss any significant work - we would hate for your time to be wasted. 29 | 30 | To send us a pull request, please: 31 | 32 | 1. Fork the repository. 33 | 2. Modify the source; please focus on the specific change you are contributing. If you also reformat all the code, it will be hard for us to focus on your change. 34 | 3. Ensure local tests pass. 35 | 4. Commit to your fork using clear commit messages. 36 | 5. Send us a pull request, answering any default questions in the pull request interface. 37 | 6. Pay attention to any automated CI failures reported in the pull request, and stay involved in the conversation. 38 | 39 | GitHub provides additional document on [forking a repository](https://help.github.com/articles/fork-a-repo/) and 40 | [creating a pull request](https://help.github.com/articles/creating-a-pull-request/). 41 | 42 | 43 | ## Finding contributions to work on 44 | Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels (enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any 'help wanted' issues is a great place to start. 45 | 46 | 47 | ## Code of Conduct 48 | This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). 49 | For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact 50 | opensource-codeofconduct@amazon.com with any additional questions or comments. 51 | 52 | 53 | ## Security issue notifications 54 | If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue. 55 | 56 | 57 | ## Licensing 58 | 59 | See the [LICENSE](LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution. 60 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy of 4 | this software and associated documentation files (the "Software"), to deal in 5 | the Software without restriction, including without limitation the rights to 6 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of 7 | the Software, and to permit persons to whom the Software is furnished to do so. 8 | 9 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 10 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS 11 | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR 12 | COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER 13 | IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 14 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # EKS Blueprints Workloads 2 | 3 | Welcome to the EKS Blueprints Workloads repository. 4 | 5 | This repository serves as a sample GitOps configuration repository that is meant to be used with the [Amazon EKS Blueprints CDK Quick Start](https://github.com/aws-quickstart/cdk-eks-blueprints) and [Amazon EKS Blueprints for Terraform](https://github.com/aws-ia/terraform-aws-eks-blueprints). 6 | 7 | ## Documentation 8 | 9 | Please refer to the Amazon EKS Blueprints Quick Start [Getting Started](https://aws-quickstart.github.io/cdk-eks-blueprints/getting-started/) guide for details on how to bootstrap an EKS cluster with the workload configuration contained in this repository. 10 | 11 | ## Usage 12 | 13 | ### Usage for Multi Repository example 14 | 15 | Under the `multi-repo` folder you can find an example of bootstrapping ArgoCD App of Apps application that points to other applications that resides in other git repositories. This way a deployment of every application can be managed independently by the application team in the application's repository. The platform team on the other hand, own this repository (the ArgoCD app of apps configuration) and only need to onboards new applications to the cluster by adding them to the App of Apps chart 16 | 17 | To bootstrap an EKS cluster with the configuration under the `multi-repo` folder, you first have to apply the ArgoCD [Projects](https://argo-cd.readthedocs.io/en/stable/user-guide/projects/) manifests resides in the [argo-app-projects](./multi-repo/argo-app-projects/) folder. These Projects are used by the ArgoCD Applicaitons defined in the [argo-app-of-apps](./multi-repo/argo-app-of-apps/) folder. The projects are used in order to restrict the deployment of an application to a specific target namespace. This way we ensure that even if the application team try to deploy their application to a different namespace (by adding explicit namespace definition to their Kubernetes manifests), ArgoCD will not apply the application manifests because of that restriction. Applying the manifests is done by: 18 | 19 | ```bash 20 | kubectl apply -f multi-repo/argo-app-projects/ 21 | ``` 22 | 23 | Now we can onboard the applications into our cluster: 24 | 25 | ```bash 26 | argocd app create dev-apps \ 27 | --dest-namespace argocd \ 28 | --dest-server https://kubernetes.default.svc \ 29 | --repo https://github.com/aws-samples/eks-blueprints-workloads.git \ 30 | --path "multi-repo/argo-app-of-apps/dev" 31 | ``` 32 | 33 | To sync app configuration and deploy the workloads, run the following. 34 | 35 | ``` 36 | argocd app sync dev-apps 37 | ``` 38 | 39 | ### Usage for Single Repository example 40 | 41 | To bootstrap an EKS cluster with the configuration that is contained in this repository, create a new application in ArgoCD via the following. 42 | 43 | ``` 44 | argocd app create dev-apps \ 45 | --dest-namespace argocd \ 46 | --dest-server https://kubernetes.default.svc \ 47 | --repo https://github.com/aws-samples/eks-blueprints-workloads.git \ 48 | --path "envs/dev" 49 | ``` 50 | 51 | To sync app configuration and deploy the workloads, run the following. 52 | 53 | ``` 54 | argocd app sync dev-apps 55 | ``` 56 | ### Usage for Securing Ingress using Cognito 57 | 58 | `secure-ingress-cognito-*` to be used only when you are using the blueprint pattern named `secure-ingress-blueprint` from the blueprint patterns repository. This workload has been isolated because without Cognito resources this application will fail deploying while using app of apps pattern. 59 | 60 | ## Repo Structure 61 | 62 | The configuration in this repository is organized into two directories: `envs` and `teams`. 63 | 64 | ``` 65 | ├── multirepo 66 | └── argo-app-of-apps 67 | └── dev 68 | └── test 69 | └── prod 70 | └── argo-app-projects 71 | ├── envs 72 | └── teams 73 | ``` 74 | 75 | ### Environments 76 | 77 | The configuration in the `envs` subdirectories represent configuration for a specific EKS environment. In the context of the Amazon EKS Blueprints Quick Start, an environment maps directly to a single EKS Cluster. 78 | 79 | This repository has support for three different environments: `dev`, `test`, and `prod`. Each environment directory is a Helm chart which references the teams that run workloads in each cluster. 80 | 81 | ``` 82 | envs 83 | ├── dev 84 | │   ├── Chart.yaml 85 | │   ├── templates 86 | │   │   ├── team-burnham.yaml 87 | │   │   ├── team-carmen.yaml 88 | │   │   ├── team-riker.yaml 89 | │   └── values.yaml 90 | ├── prod 91 | └── test 92 | ``` 93 | 94 | ### Teams 95 | 96 | The configuration in the `teams` subdirectories represent the individual teams that are running workloads in our EKS clusters. 97 | 98 | Each `team` subdirectory in turn has environment subdirectories. The configuration in those directories are Kubernetes manifests that represent the individual workload that is running for each team and in each environment. 99 | 100 | **NOTE** Some team environment directories may contain additional `yaml` files such as an `ingress.yaml` 101 | 102 | ``` 103 | teams 104 | ├── team-burnham 105 | │ ├── dev 106 | │   │ ├── Chart.yaml 107 | │   │ ├── templates 108 | │   │ │   ├── deployment.yaml 109 | │   │ │   ├── service.yaml 110 | │   │ └── values.yaml 111 | │ ├── prod 112 | │   │ ├── Chart.yaml 113 | │   │ ├── templates 114 | │   │ │   ├── deployment.yaml 115 | │   │ │   ├── service.yaml 116 | │   │ └── values.yaml 117 | │ ├── test 118 | │   │ ├── Chart.yaml 119 | │   │ ├── templates 120 | │   │ │   ├── deployment.yaml 121 | │   │ │   ├── service.yaml 122 | │   │ └── values.yaml 123 | ├── team-spock 124 | │ ├── dev 125 | │   │ ├── Chart.yaml 126 | │   │ ├── templates 127 | │   │ │   ├── common-provider-config-aws.yaml 128 | │   │ │   ├── clusterA-cluster-auth.yaml 129 | │   │ │   ├── clusterA-addon-eks-pod-identity-agent.yaml 130 | │   │ └── values.yaml 131 | ├── team-riker 132 | 133 | ``` 134 | 135 | The `team-spock` is a platform team which implements the CDK EKS Blueprints pattern [GitOps based Multi-cluster add-on and Apps Management using Crossplane and ArgoCD](https://github.com/aws-samples/cdk-eks-blueprints-patterns/blob/main/docs/patterns/crossplane-argocd-gitops.md) 136 | 137 | ## Security 138 | 139 | See [CONTRIBUTING](CONTRIBUTING.md#security-issue-notifications) for more information. 140 | 141 | ## License 142 | 143 | This library is licensed under the MIT-0 License. See the LICENSE file. 144 | -------------------------------------------------------------------------------- /application-sets/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | name: application-sets 4 | description: Application Set example for mult-cluster 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /application-sets/templates/guestbook.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: ApplicationSet 3 | metadata: 4 | name: guestbook 5 | namespace: {{ .Values.argoNamespace | default "argocd" }} 6 | labels: 7 | {{- toYaml .Values.labels | nindent 4 }} 8 | spec: 9 | generators: 10 | - clusters: 11 | selector: 12 | matchLabels: 13 | environment: 'dev' 14 | values: 15 | replicas: "1" 16 | project: {{"'{{metadata.annotations.project}}'"}} 17 | - clusters: 18 | selector: 19 | matchLabels: 20 | environment: 'test' 21 | values: 22 | replicas: "2" 23 | project: {{"'{{metadata.annotations.project}}'"}} 24 | - clusters: 25 | selector: 26 | matchLabels: 27 | environment: 'prod' 28 | values: 29 | replicas: "3" 30 | project: {{"'{{metadata.annotations.project}}'"}} 31 | template: 32 | metadata: 33 | name: {{"'{{name}}-guestbook'"}} 34 | namespace: {{"'{{values.project}}'"}} 35 | finalizers: 36 | - resources-finalizer.argocd.argoproj.io 37 | spec: 38 | project: {{"'{{values.project}}'"}} 39 | source: 40 | repoURL: {{ .Values.spec.source.repoURL }} 41 | # The cluster values field for each generator will be substituted here: 42 | targetRevision: {{ .Values.spec.source.targetRevision }} 43 | path: helm-guestbook 44 | helm: 45 | parameters: 46 | - name: "replicaCount" 47 | value: {{"'{{values.replicas}}'"}} 48 | destination: 49 | server: {{"'{{server}}'"}} 50 | namespace: guestbook 51 | syncPolicy: 52 | automated: 53 | prune: true 54 | syncOptions: 55 | - CreateNamespace=true 56 | -------------------------------------------------------------------------------- /application-sets/values.yaml: -------------------------------------------------------------------------------- 1 | argoNamespace: '' 2 | 3 | labels: 4 | cloud: aws 5 | spec: 6 | source: 7 | repoURL: https://github.com/argoproj/argocd-example-apps 8 | targetRevision: master 9 | -------------------------------------------------------------------------------- /crossplane-argocd-gitops/envs/dev/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | name: eks-crossplane-apps 4 | description: App of apps chart for the deploying using Crossplane on Amazon EKS 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /crossplane-argocd-gitops/envs/dev/templates/team-spock.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: team-spock 5 | namespace: argocd 6 | finalizers: 7 | - resources-finalizer.argocd.argoproj.io 8 | spec: 9 | project: default 10 | destination: 11 | namespace: argocd 12 | server: {{ .Values.spec.destination.server }} 13 | source: 14 | repoURL: {{ .Values.spec.source.repoURL }} 15 | targetRevision: {{ .Values.spec.source.targetRevision }} 16 | path: teams/team-spock/dev 17 | helm: 18 | values: | 19 | {{- toYaml .Values | nindent 8 }} 20 | 21 | syncPolicy: 22 | automated: 23 | prune: true 24 | syncOptions: 25 | - CreateNamespace=true -------------------------------------------------------------------------------- /crossplane-argocd-gitops/envs/dev/values.yaml: -------------------------------------------------------------------------------- 1 | spec: 2 | destination: 3 | server: https://kubernetes.default.svc 4 | source: 5 | repoURL: https://github.com/ajpaws/eks-blueprints-workloads 6 | targetRevision: main 7 | clusterA: 8 | clusterName: 9 | clusterB: 10 | clusterName: 11 | common: 12 | providerConfigAWSName: 13 | eksConnectorRoleName: 14 | accountId: 15 | region: 16 | crossplaneNamespace: 17 | 18 | -------------------------------------------------------------------------------- /envs/dev/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | name: dev-applications 4 | description: App of apps chart for the dev EKS environment. 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /envs/dev/templates/team-burnham.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: team-burnham 5 | namespace: {{ .Values.argoNamespace | default "argocd" }} 6 | labels: 7 | {{- toYaml .Values.labels | nindent 4 }} 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: {{ .Values.argoProject | default "default" }} 12 | destination: 13 | namespace: team-burnham 14 | server: {{ .Values.spec.destination.server }} 15 | source: 16 | repoURL: {{ .Values.spec.source.repoURL }} 17 | targetRevision: {{ .Values.spec.source.targetRevision }} 18 | path: teams/team-burnham/dev 19 | helm: 20 | values: | 21 | {{- toYaml .Values | nindent 8 }} 22 | syncPolicy: 23 | automated: 24 | prune: true 25 | syncOptions: 26 | - CreateNamespace=true 27 | -------------------------------------------------------------------------------- /envs/dev/templates/team-carmen.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: team-carmen 5 | namespace: {{ .Values.argoNamespace | default "argocd" }} 6 | labels: 7 | {{- toYaml .Values.labels | nindent 4 }} 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: {{ .Values.argoProject | default "default" }} 12 | destination: 13 | namespace: team-carmen 14 | server: {{ .Values.spec.destination.server }} 15 | source: 16 | repoURL: https://github.com/CarmenAPuccio/GeoLocationAPI 17 | path: templates 18 | targetRevision: HEAD 19 | syncPolicy: 20 | automated: 21 | prune: true 22 | syncOptions: 23 | - CreateNamespace=true -------------------------------------------------------------------------------- /envs/dev/templates/team-geordie.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: team-geordie 5 | namespace: {{ .Values.argoNamespace | default "argocd" }} 6 | labels: 7 | {{- toYaml .Values.labels | nindent 4 }} 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: {{ .Values.argoProject | default "default" }} 12 | destination: 13 | namespace: {{ .Values.argoNamespace | default "argocd" }} 14 | server: {{ .Values.destinationServer | default .Values.spec.destination.server }} 15 | source: 16 | repoURL: {{ .Values.spec.source.repoURL }} 17 | targetRevision: {{ .Values.spec.source.targetRevision }} 18 | path: teams/team-geordie/dev 19 | helm: 20 | values: | 21 | {{- toYaml .Values | nindent 8 }} 22 | syncPolicy: 23 | automated: 24 | prune: true 25 | syncOptions: 26 | - CreateNamespace=true 27 | -------------------------------------------------------------------------------- /envs/dev/templates/team-platform.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: team-platform 5 | namespace: argocd 6 | labels: 7 | {{- toYaml .Values.labels | nindent 4 }} 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: default 12 | destination: 13 | namespace: team-platform 14 | server: {{ .Values.spec.destination.server }} 15 | source: 16 | repoURL: {{ .Values.spec.source.repoURL }} 17 | targetRevision: {{ .Values.spec.source.targetRevision }} 18 | path: teams/team-platform/dev 19 | helm: 20 | values: | 21 | {{- toYaml .Values | nindent 8 }} 22 | syncPolicy: 23 | automated: 24 | prune: true 25 | syncOptions: 26 | - CreateNamespace=true 27 | -------------------------------------------------------------------------------- /envs/dev/templates/team-riker.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: team-riker 5 | namespace: {{ .Values.argoNamespace | default "argocd" }} 6 | labels: 7 | {{- toYaml .Values.labels | nindent 4 }} 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: {{ .Values.argoProject | default "default" }} 12 | destination: 13 | namespace: team-riker 14 | server: {{ .Values.spec.destination.server }} 15 | source: 16 | repoURL: {{ .Values.spec.source.repoURL }} 17 | targetRevision: {{ .Values.spec.source.targetRevision }} 18 | path: teams/team-riker/dev 19 | helm: 20 | values: | 21 | {{- toYaml .Values | nindent 8 }} 22 | syncPolicy: 23 | automated: 24 | prune: true 25 | syncOptions: 26 | - CreateNamespace=true -------------------------------------------------------------------------------- /envs/dev/values.yaml: -------------------------------------------------------------------------------- 1 | destinationServer: '' 2 | argoNamespace: '' 3 | argoProject: '' 4 | 5 | labels: 6 | env: dev 7 | spec: 8 | destination: 9 | server: https://kubernetes.default.svc 10 | source: 11 | repoURL: https://github.com/aws-samples/eks-blueprints-workloads 12 | targetRevision: main 13 | 14 | # Thoses default values can be surcharged by Infrastructure as Code 15 | env: dev 16 | clusterName: eks-blueprint-cluster # the name of EKS cluster 17 | blueprint: 'terraform' # cdk | terraform 18 | karpenterInstanceProfile: 19 | ingress: 20 | type: 'alb' # nginx | alb 21 | host: # empty or your domain like dev.example.com 22 | -------------------------------------------------------------------------------- /envs/prod/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | name: prod-applications 4 | description: App of apps chart for the prod EKS environment. 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /envs/prod/templates/team-burnham.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: team-burnham 5 | namespace: {{ .Values.argoNamespace | default "argocd" }} 6 | labels: 7 | {{- toYaml .Values.labels | nindent 4 }} 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: {{ .Values.argoProject | default "default" }} 12 | destination: 13 | namespace: team-burnham 14 | server: {{ .Values.spec.destination.server }} 15 | source: 16 | repoURL: {{ .Values.spec.source.repoURL }} 17 | targetRevision: {{ .Values.spec.source.targetRevision }} 18 | path: teams/team-burnham/prod 19 | helm: 20 | values: | 21 | {{- toYaml .Values | nindent 8 }} 22 | syncPolicy: 23 | automated: 24 | prune: true 25 | syncOptions: 26 | - CreateNamespace=true -------------------------------------------------------------------------------- /envs/prod/templates/team-carmen.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: team-carmen 5 | namespace: {{ .Values.argoNamespace | default "argocd" }} 6 | labels: 7 | {{- toYaml .Values.labels | nindent 4 }} 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: {{ .Values.argoProject | default "default" }} 12 | destination: 13 | namespace: team-carmen 14 | server: {{ .Values.spec.destination.server }} 15 | source: 16 | repoURL: https://github.com/CarmenAPuccio/GeoLocationAPI 17 | path: templates 18 | targetRevision: HEAD 19 | syncPolicy: 20 | automated: 21 | prune: true 22 | syncOptions: 23 | - CreateNamespace=true -------------------------------------------------------------------------------- /envs/prod/templates/team-geordie.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: team-geordie 5 | namespace: {{ .Values.argoNamespace | default "argocd" }} 6 | labels: 7 | {{- toYaml .Values.labels | nindent 4 }} 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: {{ .Values.argoProject | default "default" }} 12 | destination: 13 | namespace: {{ .Values.argoNamespace | default "argocd" }} 14 | server: {{ .Values.destinationServer | default .Values.spec.destination.server }} 15 | source: 16 | repoURL: {{ .Values.spec.source.repoURL }} 17 | targetRevision: {{ .Values.spec.source.targetRevision }} 18 | path: teams/team-geordie/prod 19 | helm: 20 | values: | 21 | {{- toYaml .Values | nindent 8 }} 22 | syncPolicy: 23 | automated: 24 | prune: true 25 | syncOptions: 26 | - CreateNamespace=true 27 | -------------------------------------------------------------------------------- /envs/prod/templates/team-riker.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: team-riker 5 | namespace: {{ .Values.argoNamespace | default "argocd" }} 6 | labels: 7 | {{- toYaml .Values.labels | nindent 4 }} 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: {{ .Values.argoProject | default "default" }} 12 | destination: 13 | namespace: team-riker 14 | server: {{ .Values.spec.destination.server }} 15 | source: 16 | repoURL: {{ .Values.spec.source.repoURL }} 17 | targetRevision: {{ .Values.spec.source.targetRevision }} 18 | path: teams/team-riker/prod 19 | helm: 20 | values: | 21 | {{- toYaml .Values | nindent 8 }} 22 | syncPolicy: 23 | automated: 24 | prune: true 25 | syncOptions: 26 | - CreateNamespace=true -------------------------------------------------------------------------------- /envs/prod/values.yaml: -------------------------------------------------------------------------------- 1 | destinationServer: '' 2 | argoNamespace: '' 3 | argoProject: '' 4 | 5 | labels: 6 | env: prod 7 | spec: 8 | destination: 9 | server: https://kubernetes.default.svc 10 | source: 11 | repoURL: https://github.com/aws-samples/eks-blueprints-workloads 12 | targetRevision: main 13 | 14 | # Thoses default values can be surcharged by Infrastructure as Code 15 | env: prod 16 | clusterName: eks-blueprint-cluster # the name of EKS cluster 17 | blueprint: 'terraform' # cdk | terraform 18 | karpenterInstanceProfile: 19 | ingress: 20 | type: 'alb' # nginx | alb 21 | host: # empty or your domain like dev.example.com -------------------------------------------------------------------------------- /envs/test/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | name: test-applications 4 | description: App of apps chart for the test EKS environment. 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /envs/test/templates/team-burnham.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: team-burnham 5 | namespace: {{ .Values.argoNamespace | default "argocd" }} 6 | labels: 7 | {{- toYaml .Values.labels | nindent 4 }} 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: {{ .Values.argoProject | default "default" }} 12 | destination: 13 | namespace: team-burnham 14 | server: {{ .Values.spec.destination.server }} 15 | source: 16 | repoURL: {{ .Values.spec.source.repoURL }} 17 | targetRevision: {{ .Values.spec.source.targetRevision }} 18 | path: teams/team-burnham/test 19 | helm: 20 | values: | 21 | {{- toYaml .Values | nindent 8 }} 22 | syncPolicy: 23 | automated: 24 | prune: true 25 | syncOptions: 26 | - CreateNamespace=true 27 | -------------------------------------------------------------------------------- /envs/test/templates/team-carmen.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: team-carmen 5 | namespace: {{ .Values.argoNamespace | default "argocd" }} 6 | labels: 7 | {{- toYaml .Values.labels | nindent 4 }} 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: {{ .Values.argoProject | default "default" }} 12 | destination: 13 | namespace: team-carmen 14 | server: {{ .Values.spec.destination.server }} 15 | source: 16 | repoURL: https://github.com/CarmenAPuccio/GeoLocationAPI 17 | path: templates 18 | targetRevision: HEAD 19 | syncPolicy: 20 | automated: 21 | prune: true 22 | syncOptions: 23 | - CreateNamespace=true -------------------------------------------------------------------------------- /envs/test/templates/team-geordie.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: team-geordie 5 | namespace: {{ .Values.argoNamespace | default "argocd" }} 6 | labels: 7 | {{- toYaml .Values.labels | nindent 4 }} 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: {{ .Values.argoProject | default "default" }} 12 | destination: 13 | namespace: {{ .Values.argoNamespace | default "argocd" }} 14 | server: {{ .Values.destinationServer | default .Values.spec.destination.server }} 15 | source: 16 | repoURL: {{ .Values.spec.source.repoURL }} 17 | targetRevision: {{ .Values.spec.source.targetRevision }} 18 | path: teams/team-geordie/test 19 | helm: 20 | values: | 21 | {{- toYaml .Values | nindent 8 }} 22 | syncPolicy: 23 | automated: 24 | prune: true 25 | syncOptions: 26 | - CreateNamespace=true 27 | -------------------------------------------------------------------------------- /envs/test/templates/team-riker.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: team-riker 5 | namespace: {{ .Values.argoNamespace | default "argocd" }} 6 | labels: 7 | {{- toYaml .Values.labels | nindent 4 }} 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: {{ .Values.argoProject | default "default" }} 12 | destination: 13 | namespace: team-riker 14 | server: {{ .Values.spec.destination.server }} 15 | source: 16 | repoURL: {{ .Values.spec.source.repoURL }} 17 | targetRevision: {{ .Values.spec.source.targetRevision }} 18 | path: teams/team-riker/test 19 | helm: 20 | values: | 21 | {{- toYaml .Values | nindent 8 }} 22 | syncPolicy: 23 | automated: 24 | prune: true 25 | syncOptions: 26 | - CreateNamespace=true -------------------------------------------------------------------------------- /envs/test/values.yaml: -------------------------------------------------------------------------------- 1 | destinationServer: '' 2 | argoNamespace: '' 3 | argoProject: '' 4 | 5 | labels: 6 | env: test 7 | spec: 8 | destination: 9 | server: https://kubernetes.default.svc 10 | source: 11 | repoURL: https://github.com/aws-samples/eks-blueprints-workloads 12 | targetRevision: main 13 | 14 | # Thoses default values can be surcharged by Infrastructure as Code 15 | env: test 16 | clusterName: eks-blueprint-cluster # the name of EKS cluster 17 | blueprint: 'terraform' # cdk | terraform 18 | karpenterInstanceProfile: 19 | ingress: 20 | type: 'alb' # nginx | alb 21 | host: # empty or your domain like dev.example.com 22 | -------------------------------------------------------------------------------- /multi-repo/argo-app-of-apps/dev/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | name: dev-applications 4 | description: App of apps chart for the dev EKS environment. 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /multi-repo/argo-app-of-apps/dev/Makefile: -------------------------------------------------------------------------------- 1 | test: 2 | helm template ecsdemo --values=./test-values.yaml --dry-run --debug ./ -------------------------------------------------------------------------------- /multi-repo/argo-app-of-apps/dev/templates/ecsdemo-crystal.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.spec.apps.ecsdemoCrystal.createProject -}} 2 | apiVersion: argoproj.io/v1alpha1 3 | kind: AppProject 4 | metadata: 5 | name: {{ .Values.spec.apps.ecsdemoCrystal.project | default "ecsdemo-crystal" }} 6 | namespace: {{ .Values.argoProjectNamespace | default "argocd" }} 7 | # Finalizer that ensures that project is not deleted until it is not referenced by any application 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | annotations: 11 | argocd.argoproj.io/sync-wave: "1" 12 | spec: 13 | destinations: 14 | - namespace: {{ .Values.spec.apps.ecsdemoCrystal.namespace | default "ecsdemo-crystal" }} 15 | server: {{ .Values.destinationServer | default .Values.spec.destination.server }} 16 | sourceRepos: 17 | - {{ .Values.spec.apps.ecsdemoCrystal.repoURL }} 18 | {{- with .Values.sourceNamespaces }} 19 | sourceNamespaces: 20 | {{- toYaml .| nindent 4 }} 21 | {{- end }} 22 | --- 23 | {{- end }} 24 | apiVersion: argoproj.io/v1alpha1 25 | kind: Application 26 | metadata: 27 | name: {{ .Values.spec.apps.ecsdemoCrystal.name | default "ecsdemo-crystal" }} 28 | namespace: {{ .Values.argoNamespace | default "argocd" }} 29 | labels: 30 | {{- toYaml .Values.labels | nindent 4 }} 31 | finalizers: 32 | - resources-finalizer.argocd.argoproj.io 33 | annotations: 34 | argocd.argoproj.io/sync-wave: "2" 35 | spec: 36 | project: {{ .Values.spec.apps.ecsdemoCrystal.project | default "ecsdemo-crystal" }} 37 | destination: 38 | namespace: {{ .Values.spec.apps.ecsdemoCrystal.namespace | default "ecsdemo-crystal" }} 39 | server: {{ .Values.destinationServer | default .Values.spec.destination.server }} 40 | source: 41 | repoURL: {{ .Values.spec.apps.ecsdemoCrystal.repoURL }} 42 | targetRevision: {{ .Values.spec.apps.ecsdemoCrystal.targetRevision }} 43 | path: {{ .Values.spec.apps.ecsdemoCrystal.path }} 44 | helm: 45 | {{- toYaml .Values.spec.apps.ecsdemoCrystal.helm | nindent 6 }} 46 | syncPolicy: 47 | automated: 48 | prune: true 49 | syncOptions: 50 | - CreateNamespace=false # Created with IaC - # https://github.com/argoproj/argo-cd/issues/7799 51 | -------------------------------------------------------------------------------- /multi-repo/argo-app-of-apps/dev/templates/ecsdemo-frontend.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.spec.apps.ecsdemoFrontend.createProject -}} 2 | apiVersion: argoproj.io/v1alpha1 3 | kind: AppProject 4 | metadata: 5 | name: {{ .Values.spec.apps.ecsdemoFrontend.project | default "ecsdemo-frontend" }} 6 | namespace: {{ .Values.argoProjectNamespace | default "argocd" }} 7 | # Finalizer that ensures that project is not deleted until it is not referenced by any application 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | annotations: 11 | argocd.argoproj.io/sync-wave: "1" 12 | spec: 13 | destinations: 14 | - namespace: {{ .Values.spec.apps.ecsdemoFrontend.namespace | default "ecsdemo-frontend" }} 15 | server: {{ .Values.destinationServer | default .Values.spec.destination.server }} 16 | sourceRepos: 17 | - {{ .Values.spec.apps.ecsdemoFrontend.repoURL }} 18 | {{- with .Values.sourceNamespaces }} 19 | sourceNamespaces: 20 | {{- toYaml .| nindent 4 }} 21 | {{- end }} 22 | --- 23 | {{- end }} 24 | apiVersion: argoproj.io/v1alpha1 25 | kind: Application 26 | metadata: 27 | name: {{ .Values.spec.apps.ecsdemoFrontend.name | default "ecsdemo-frontend" }} 28 | namespace: {{ .Values.argoNamespace | default "argocd" }} 29 | labels: 30 | {{- toYaml .Values.labels | nindent 4 }} 31 | finalizers: 32 | - resources-finalizer.argocd.argoproj.io 33 | annotations: 34 | argocd.argoproj.io/sync-wave: "2" 35 | spec: 36 | project: {{ .Values.spec.apps.ecsdemoFrontend.project | default "ecsdemo-frontend" }} 37 | destination: 38 | namespace: {{ .Values.spec.apps.ecsdemoFrontend.namespace | default "ecsdemo-frontend" }} 39 | server: {{ .Values.destinationServer | default .Values.spec.destination.server }} 40 | source: 41 | repoURL: {{ .Values.spec.apps.ecsdemoFrontend.repoURL }} 42 | targetRevision: {{ .Values.spec.apps.ecsdemoFrontend.targetRevision }} 43 | path: {{ .Values.spec.apps.ecsdemoFrontend.path }} 44 | helm: 45 | {{- toYaml .Values.spec.apps.ecsdemoFrontend.helm | nindent 6 }} 46 | syncPolicy: 47 | automated: 48 | prune: true 49 | syncOptions: 50 | - CreateNamespace=false # Created with IaC - # https://github.com/argoproj/argo-cd/issues/7799 51 | -------------------------------------------------------------------------------- /multi-repo/argo-app-of-apps/dev/templates/ecsdemo-nodejs.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.spec.apps.ecsdemoNodejs.createProject -}} 2 | apiVersion: argoproj.io/v1alpha1 3 | kind: AppProject 4 | metadata: 5 | name: {{ .Values.spec.apps.ecsdemoNodejs.project | default "ecsdemo-nodejs" }} 6 | namespace: {{ .Values.argoProjectNamespace | default "argocd" }} 7 | # Finalizer that ensures that project is not deleted until it is not referenced by any application 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | annotations: 11 | argocd.argoproj.io/sync-wave: "1" 12 | spec: 13 | destinations: 14 | - namespace: {{ .Values.spec.apps.ecsdemoNodejs.namespace | default "ecsdemo-nodejs" }} 15 | server: {{ .Values.destinationServer | default .Values.spec.destination.server }} 16 | sourceRepos: 17 | - {{ .Values.spec.apps.ecsdemoNodejs.repoURL }} 18 | {{- with .Values.sourceNamespaces }} 19 | sourceNamespaces: 20 | {{- toYaml .| nindent 4 }} 21 | {{- end }} 22 | --- 23 | {{- end }} 24 | apiVersion: argoproj.io/v1alpha1 25 | kind: Application 26 | metadata: 27 | name: {{ .Values.spec.apps.ecsdemoNodejs.name | default "ecsdemo-nodejs" }} 28 | namespace: {{ .Values.argoNamespace | default "argocd" }} 29 | labels: 30 | {{- toYaml .Values.labels | nindent 4 }} 31 | finalizers: 32 | - resources-finalizer.argocd.argoproj.io 33 | annotations: 34 | argocd.argoproj.io/sync-wave: "2" 35 | spec: 36 | project: {{ .Values.spec.apps.ecsdemoNodejs.project | default "ecsdemo-nodejs" }} 37 | destination: 38 | namespace: {{ .Values.spec.apps.ecsdemoNodejs.namespace | default "ecsdemo-nodejs" }} 39 | server: {{ .Values.destinationServer | default .Values.spec.destination.server }} 40 | source: 41 | repoURL: {{ .Values.spec.apps.ecsdemoNodejs.repoURL }} 42 | targetRevision: {{ .Values.spec.apps.ecsdemoNodejs.targetRevision }} 43 | path: {{ .Values.spec.apps.ecsdemoNodejs.path }} 44 | helm: 45 | {{- toYaml .Values.spec.apps.ecsdemoNodejs.helm | nindent 6 }} 46 | syncPolicy: 47 | automated: 48 | prune: true 49 | syncOptions: 50 | - CreateNamespace=false # Created with IaC - # https://github.com/argoproj/argo-cd/issues/7799 51 | -------------------------------------------------------------------------------- /multi-repo/argo-app-of-apps/dev/test-values.yaml: -------------------------------------------------------------------------------- 1 | 2 | "clusterName": "eks-blueprint-blue" 3 | "region": "eu-west-1" 4 | "repoUrl": "https://github.com/seb-tmp/eks-blueprints-workloads.git" 5 | "spec": 6 | "apps": 7 | "ecsdemoFrontend": 8 | "image": 9 | "repository": "public.ecr.aws/seb-demo/ecsdemo-frontend" 10 | "tag": "latest" 11 | "ingress": 12 | "annotations": | 13 | "alb.ingress.kubernetes.io/group.name": "ecsdemo" 14 | "alb.ingress.kubernetes.io/listen-ports": "[{\"HTTP\": 443}]" 15 | "alb.ingress.kubernetes.io/scheme": "internet-facing" 16 | "alb.ingress.kubernetes.io/ssl-redirect": "443" 17 | "alb.ingress.kubernetes.io/target-type": "ip" 18 | "external-dns.alpha.kubernetes.io/aws-weight": "100" 19 | "external-dns.alpha.kubernetes.io/set-identifier": "eks-blueprint-blue" 20 | "className": "alb" 21 | "enabled": "true" 22 | "hosts": 23 | - "host": "frontend.eks-blueprint.example.com" 24 | "paths": 25 | - "path": "/" 26 | "pathType": "Prefix" 27 | "replicaCount": "3" 28 | "resources": 29 | "limits": 30 | "cpu": "400m" 31 | "memory": "512Mi" 32 | "requests": 33 | "cpu": "200m" 34 | "memory": "256Mi" 35 | "blueprint": "terraform" 36 | "clusterName": "eks-blueprint-blue" 37 | "karpenterInstanceProfile": "eks-blueprint-blue-managed-ondemand" -------------------------------------------------------------------------------- /multi-repo/argo-app-of-apps/dev/test_values.yaml: -------------------------------------------------------------------------------- 1 | spec: 2 | destination: 3 | server: https://kubernetes.default.svc 4 | # All helm parameters are sent by IaC code (Terraform or CDK) 5 | apps: 6 | ecsdemoFrontend: 7 | repoURL: https://github.com/aws-containers/ecsdemo-frontend.git 8 | targetRevision: main 9 | path: kubernetes/helm/ecsdemo-frontend 10 | ingress: 11 | enabled: 'true' 12 | className: 'alb' 13 | annotations: 14 | 'alb.ingress.kubernetes.io/group.name': 'ecsdemo' 15 | 'alb.ingress.kubernetes.io/scheme': 'internet-facing' 16 | 'alb.ingress.kubernetes.io/target-type': 'ip' 17 | 'external-dns.alpha.kubernetes.io/set-identifier': 'eks-blueprint-blue' 18 | hosts: 19 | host: test.example.com 20 | paths: 21 | path: '/' 22 | pathType: 'Prefix' 23 | ecsdemoNodejs: 24 | repoURL: https://github.com/aws-containers/ecsdemo-nodejs.git 25 | targetRevision: main 26 | path: kubernetes/helm/ecsdemo-nodejs 27 | ecsdemoCrystal: 28 | repoURL: https://github.com/aws-containers/ecsdemo-crystal.git 29 | targetRevision: main 30 | path: kubernetes/helm/ecsdemo-crystal 31 | -------------------------------------------------------------------------------- /multi-repo/argo-app-of-apps/dev/values.yaml: -------------------------------------------------------------------------------- 1 | destinationServer: '' 2 | argoProjectNamespace: '' 3 | argoNamespace: '' 4 | 5 | 6 | labels: 7 | env: dev 8 | spec: 9 | destination: 10 | server: https://kubernetes.default.svc 11 | # All helm parameters can be sent by IaC code (Terraform or CDK) 12 | apps: 13 | ecsdemoFrontend: 14 | createProject: true 15 | #repoURL: git@github.com:aws-containers/ecsdemo-frontend.git 16 | repoURL: https://github.com/aws-containers/ecsdemo-frontend.git 17 | targetRevision: main 18 | path: kubernetes/helm/ecsdemo-frontend 19 | helm: 20 | values: |- 21 | ingress: 22 | enabled: true 23 | annotations: 24 | alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]' 25 | alb.ingress.kubernetes.io/scheme: internet-facing 26 | alb.ingress.kubernetes.io/tags: Environment=dev,Team=ecsdemo-frontend 27 | alb.ingress.kubernetes.io/target-type: ip 28 | className: alb 29 | hosts: 30 | - paths: 31 | - path: / 32 | pathType: Prefix 33 | ecsdemoNodejs: 34 | createProject: true 35 | repoURL: https://github.com/aws-containers/ecsdemo-nodejs.git 36 | #repoURL: git@github.com:aws-containers/ecsdemo-nodejs.git 37 | targetRevision: main 38 | path: kubernetes/helm/ecsdemo-nodejs 39 | helm: 40 | parameters: 41 | - name: replicaCount 42 | value: '3' 43 | ecsdemoCrystal: 44 | createProject: true 45 | repoURL: https://github.com/aws-containers/ecsdemo-crystal.git 46 | #repoURL: git@github.com:aws-containers/ecsdemo-crystal.git 47 | targetRevision: main 48 | path: kubernetes/helm/ecsdemo-crystal 49 | helm: 50 | parameters: 51 | - name: replicaCount 52 | value: '3' -------------------------------------------------------------------------------- /multi-repo/argo-app-of-apps/prod/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | name: prod-applications 4 | description: App of apps chart for the dev EKS environment. 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /multi-repo/argo-app-of-apps/prod/templates/ecsdemo-crystal.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.spec.apps.ecsdemoCrystal.createProject -}} 2 | apiVersion: argoproj.io/v1alpha1 3 | kind: AppProject 4 | metadata: 5 | name: {{ .Values.spec.apps.ecsdemoCrystal.project | default "ecsdemo-crystal" }} 6 | namespace: {{ .Values.argoProjectNamespace | default "argocd" }} 7 | # Finalizer that ensures that project is not deleted until it is not referenced by any application 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | annotations: 11 | argocd.argoproj.io/sync-wave: "1" 12 | spec: 13 | destinations: 14 | - namespace: {{ .Values.spec.apps.ecsdemoCrystal.namespace | default "ecsdemo-crystal" }} 15 | server: {{ .Values.destinationServer | default .Values.spec.destination.server }} 16 | sourceRepos: 17 | - {{ .Values.spec.apps.ecsdemoCrystal.repoURL }} 18 | {{- with .Values.sourceNamespaces }} 19 | sourceNamespaces: 20 | {{- toYaml .| nindent 4 }} 21 | {{- end }} 22 | --- 23 | {{- end }} 24 | apiVersion: argoproj.io/v1alpha1 25 | kind: Application 26 | metadata: 27 | name: {{ .Values.spec.apps.ecsdemoCrystal.name | default "ecsdemo-crystal" }} 28 | namespace: {{ .Values.argoNamespace | default "argocd" }} 29 | labels: 30 | {{- toYaml .Values.labels | nindent 4 }} 31 | finalizers: 32 | - resources-finalizer.argocd.argoproj.io 33 | annotations: 34 | argocd.argoproj.io/sync-wave: "2" 35 | spec: 36 | project: {{ .Values.spec.apps.ecsdemoCrystal.project | default "ecsdemo-crystal" }} 37 | destination: 38 | namespace: {{ .Values.spec.apps.ecsdemoCrystal.namespace | default "ecsdemo-crystal" }} 39 | server: {{ .Values.destinationServer | default .Values.spec.destination.server }} 40 | source: 41 | repoURL: {{ .Values.spec.apps.ecsdemoCrystal.repoURL }} 42 | targetRevision: {{ .Values.spec.apps.ecsdemoCrystal.targetRevision }} 43 | path: {{ .Values.spec.apps.ecsdemoCrystal.path }} 44 | helm: 45 | {{- toYaml .Values.spec.apps.ecsdemoCrystal.helm | nindent 6 }} 46 | syncPolicy: 47 | automated: 48 | prune: true 49 | syncOptions: 50 | - CreateNamespace=false # Created with IaC - # https://github.com/argoproj/argo-cd/issues/7799 51 | -------------------------------------------------------------------------------- /multi-repo/argo-app-of-apps/prod/templates/ecsdemo-frontend.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.spec.apps.ecsdemoFrontend.createProject -}} 2 | apiVersion: argoproj.io/v1alpha1 3 | kind: AppProject 4 | metadata: 5 | name: {{ .Values.spec.apps.ecsdemoFrontend.project | default "ecsdemo-frontend" }} 6 | namespace: {{ .Values.argoProjectNamespace | default "argocd" }} 7 | # Finalizer that ensures that project is not deleted until it is not referenced by any application 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | annotations: 11 | argocd.argoproj.io/sync-wave: "1" 12 | spec: 13 | destinations: 14 | - namespace: {{ .Values.spec.apps.ecsdemoFrontend.namespace | default "ecsdemo-frontend" }} 15 | server: {{ .Values.destinationServer | default .Values.spec.destination.server }} 16 | sourceRepos: 17 | - {{ .Values.spec.apps.ecsdemoFrontend.repoURL }} 18 | {{- with .Values.sourceNamespaces }} 19 | sourceNamespaces: 20 | {{- toYaml .| nindent 4 }} 21 | {{- end }} 22 | --- 23 | {{- end }} 24 | apiVersion: argoproj.io/v1alpha1 25 | kind: Application 26 | metadata: 27 | name: {{ .Values.spec.apps.ecsdemoFrontend.name | default "ecsdemo-frontend" }} 28 | namespace: {{ .Values.argoNamespace | default "argocd" }} 29 | labels: 30 | {{- toYaml .Values.labels | nindent 4 }} 31 | finalizers: 32 | - resources-finalizer.argocd.argoproj.io 33 | annotations: 34 | argocd.argoproj.io/sync-wave: "2" 35 | spec: 36 | project: {{ .Values.spec.apps.ecsdemoFrontend.project | default "ecsdemo-frontend" }} 37 | destination: 38 | namespace: {{ .Values.spec.apps.ecsdemoFrontend.namespace | default "ecsdemo-frontend" }} 39 | server: {{ .Values.destinationServer | default .Values.spec.destination.server }} 40 | source: 41 | repoURL: {{ .Values.spec.apps.ecsdemoFrontend.repoURL }} 42 | targetRevision: {{ .Values.spec.apps.ecsdemoFrontend.targetRevision }} 43 | path: {{ .Values.spec.apps.ecsdemoFrontend.path }} 44 | helm: 45 | {{- toYaml .Values.spec.apps.ecsdemoFrontend.helm | nindent 6 }} 46 | syncPolicy: 47 | automated: 48 | prune: true 49 | syncOptions: 50 | - CreateNamespace=false # Created with IaC - # https://github.com/argoproj/argo-cd/issues/7799 51 | -------------------------------------------------------------------------------- /multi-repo/argo-app-of-apps/prod/templates/ecsdemo-nodejs.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.spec.apps.ecsdemoNodejs.createProject -}} 2 | apiVersion: argoproj.io/v1alpha1 3 | kind: AppProject 4 | metadata: 5 | name: {{ .Values.spec.apps.ecsdemoNodejs.project | default "ecsdemo-nodejs" }} 6 | namespace: {{ .Values.argoProjectNamespace | default "argocd" }} 7 | # Finalizer that ensures that project is not deleted until it is not referenced by any application 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | annotations: 11 | argocd.argoproj.io/sync-wave: "1" 12 | spec: 13 | destinations: 14 | - namespace: {{ .Values.spec.apps.ecsdemoNodejs.namespace | default "ecsdemo-nodejs" }} 15 | server: {{ .Values.destinationServer | default .Values.spec.destination.server }} 16 | sourceRepos: 17 | - {{ .Values.spec.apps.ecsdemoNodejs.repoURL }} 18 | {{- with .Values.sourceNamespaces }} 19 | sourceNamespaces: 20 | {{- toYaml .| nindent 4 }} 21 | {{- end }} 22 | --- 23 | {{- end }} 24 | apiVersion: argoproj.io/v1alpha1 25 | kind: Application 26 | metadata: 27 | name: {{ .Values.spec.apps.ecsdemoNodejs.name | default "ecsdemo-nodejs" }} 28 | namespace: {{ .Values.argoNamespace | default "argocd" }} 29 | labels: 30 | {{- toYaml .Values.labels | nindent 4 }} 31 | finalizers: 32 | - resources-finalizer.argocd.argoproj.io 33 | annotations: 34 | argocd.argoproj.io/sync-wave: "2" 35 | spec: 36 | project: {{ .Values.spec.apps.ecsdemoNodejs.project | default "ecsdemo-nodejs" }} 37 | destination: 38 | namespace: {{ .Values.spec.apps.ecsdemoNodejs.namespace | default "ecsdemo-nodejs" }} 39 | server: {{ .Values.destinationServer | default .Values.spec.destination.server }} 40 | source: 41 | repoURL: {{ .Values.spec.apps.ecsdemoNodejs.repoURL }} 42 | targetRevision: {{ .Values.spec.apps.ecsdemoNodejs.targetRevision }} 43 | path: {{ .Values.spec.apps.ecsdemoNodejs.path }} 44 | helm: 45 | {{- toYaml .Values.spec.apps.ecsdemoNodejs.helm | nindent 6 }} 46 | syncPolicy: 47 | automated: 48 | prune: true 49 | syncOptions: 50 | - CreateNamespace=false # Created with IaC - # https://github.com/argoproj/argo-cd/issues/7799 51 | -------------------------------------------------------------------------------- /multi-repo/argo-app-of-apps/prod/values.yaml: -------------------------------------------------------------------------------- 1 | destinationServer: '' 2 | argoProjectNamespace: '' 3 | argoNamespace: '' 4 | 5 | 6 | labels: 7 | env: prod 8 | spec: 9 | destination: 10 | server: https://kubernetes.default.svc 11 | # All helm parameters can be sent by IaC code (Terraform or CDK) 12 | apps: 13 | ecsdemoFrontend: 14 | createProject: false 15 | #repoURL: git@github.com:aws-containers/ecsdemo-frontend.git 16 | repoURL: https://github.com/aws-containers/ecsdemo-frontend.git 17 | targetRevision: main 18 | path: kubernetes/helm/ecsdemo-frontend 19 | helm: 20 | values: |- 21 | ingress: 22 | enabled: true 23 | annotations: 24 | alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]' 25 | alb.ingress.kubernetes.io/scheme: internet-facing 26 | alb.ingress.kubernetes.io/tags: Environment=dev,Team=ecsdemo-frontend 27 | alb.ingress.kubernetes.io/target-type: ip 28 | className: alb 29 | hosts: 30 | - paths: 31 | - path: / 32 | pathType: Prefix 33 | ecsdemoNodejs: 34 | createProject: false 35 | repoURL: https://github.com/aws-containers/ecsdemo-nodejs.git 36 | #repoURL: git@github.com:aws-containers/ecsdemo-nodejs.git 37 | targetRevision: main 38 | path: kubernetes/helm/ecsdemo-nodejs 39 | helm: 40 | parameters: 41 | - name: replicaCount 42 | value: '3' 43 | ecsdemoCrystal: 44 | createProject: false 45 | repoURL: https://github.com/aws-containers/ecsdemo-crystal.git 46 | #repoURL: git@github.com:aws-containers/ecsdemo-crystal.git 47 | targetRevision: main 48 | path: kubernetes/helm/ecsdemo-crystal 49 | helm: 50 | parameters: 51 | - name: replicaCount 52 | value: '3' -------------------------------------------------------------------------------- /multi-repo/argo-app-of-apps/test/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | name: test-applications 4 | description: App of apps chart for the dev EKS environment. 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /multi-repo/argo-app-of-apps/test/templates/ecsdemo-crystal.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.spec.apps.ecsdemoCrystal.createProject -}} 2 | apiVersion: argoproj.io/v1alpha1 3 | kind: AppProject 4 | metadata: 5 | name: {{ .Values.spec.apps.ecsdemoCrystal.project | default "ecsdemo-crystal" }} 6 | namespace: {{ .Values.argoProjectNamespace | default "argocd" }} 7 | # Finalizer that ensures that project is not deleted until it is not referenced by any application 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | annotations: 11 | argocd.argoproj.io/sync-wave: "1" 12 | spec: 13 | destinations: 14 | - namespace: {{ .Values.spec.apps.ecsdemoCrystal.namespace | default "ecsdemo-crystal" }} 15 | server: {{ .Values.destinationServer | default .Values.spec.destination.server }} 16 | sourceRepos: 17 | - {{ .Values.spec.apps.ecsdemoCrystal.repoURL }} 18 | {{- with .Values.sourceNamespaces }} 19 | sourceNamespaces: 20 | {{- toYaml .| nindent 4 }} 21 | {{- end }} 22 | --- 23 | {{- end }} 24 | apiVersion: argoproj.io/v1alpha1 25 | kind: Application 26 | metadata: 27 | name: {{ .Values.spec.apps.ecsdemoCrystal.name | default "ecsdemo-crystal" }} 28 | namespace: {{ .Values.argoNamespace | default "argocd" }} 29 | labels: 30 | {{- toYaml .Values.labels | nindent 4 }} 31 | finalizers: 32 | - resources-finalizer.argocd.argoproj.io 33 | annotations: 34 | argocd.argoproj.io/sync-wave: "2" 35 | spec: 36 | project: {{ .Values.spec.apps.ecsdemoCrystal.project | default "ecsdemo-crystal" }} 37 | destination: 38 | namespace: {{ .Values.spec.apps.ecsdemoCrystal.namespace | default "ecsdemo-crystal" }} 39 | server: {{ .Values.destinationServer | default .Values.spec.destination.server }} 40 | source: 41 | repoURL: {{ .Values.spec.apps.ecsdemoCrystal.repoURL }} 42 | targetRevision: {{ .Values.spec.apps.ecsdemoCrystal.targetRevision }} 43 | path: {{ .Values.spec.apps.ecsdemoCrystal.path }} 44 | helm: 45 | {{- toYaml .Values.spec.apps.ecsdemoCrystal.helm | nindent 6 }} 46 | syncPolicy: 47 | automated: 48 | prune: true 49 | syncOptions: 50 | - CreateNamespace=false # Created with IaC - # https://github.com/argoproj/argo-cd/issues/7799 51 | -------------------------------------------------------------------------------- /multi-repo/argo-app-of-apps/test/templates/ecsdemo-frontend.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.spec.apps.ecsdemoFrontend.createProject -}} 2 | apiVersion: argoproj.io/v1alpha1 3 | kind: AppProject 4 | metadata: 5 | name: {{ .Values.spec.apps.ecsdemoFrontend.project | default "ecsdemo-frontend" }} 6 | namespace: {{ .Values.argoProjectNamespace | default "argocd" }} 7 | # Finalizer that ensures that project is not deleted until it is not referenced by any application 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | annotations: 11 | argocd.argoproj.io/sync-wave: "1" 12 | spec: 13 | destinations: 14 | - namespace: {{ .Values.spec.apps.ecsdemoFrontend.namespace | default "ecsdemo-frontend" }} 15 | server: {{ .Values.destinationServer | default .Values.spec.destination.server }} 16 | sourceRepos: 17 | - {{ .Values.spec.apps.ecsdemoFrontend.repoURL }} 18 | {{- with .Values.sourceNamespaces }} 19 | sourceNamespaces: 20 | {{- toYaml .| nindent 4 }} 21 | {{- end }} 22 | --- 23 | {{- end }} 24 | apiVersion: argoproj.io/v1alpha1 25 | kind: Application 26 | metadata: 27 | name: {{ .Values.spec.apps.ecsdemoFrontend.name | default "ecsdemo-frontend" }} 28 | namespace: {{ .Values.argoNamespace | default "argocd" }} 29 | labels: 30 | {{- toYaml .Values.labels | nindent 4 }} 31 | finalizers: 32 | - resources-finalizer.argocd.argoproj.io 33 | annotations: 34 | argocd.argoproj.io/sync-wave: "2" 35 | spec: 36 | project: {{ .Values.spec.apps.ecsdemoFrontend.project | default "ecsdemo-frontend" }} 37 | destination: 38 | namespace: {{ .Values.spec.apps.ecsdemoFrontend.namespace | default "ecsdemo-frontend" }} 39 | server: {{ .Values.destinationServer | default .Values.spec.destination.server }} 40 | source: 41 | repoURL: {{ .Values.spec.apps.ecsdemoFrontend.repoURL }} 42 | targetRevision: {{ .Values.spec.apps.ecsdemoFrontend.targetRevision }} 43 | path: {{ .Values.spec.apps.ecsdemoFrontend.path }} 44 | helm: 45 | {{- toYaml .Values.spec.apps.ecsdemoFrontend.helm | nindent 6 }} 46 | syncPolicy: 47 | automated: 48 | prune: true 49 | syncOptions: 50 | - CreateNamespace=false # Created with IaC - # https://github.com/argoproj/argo-cd/issues/7799 51 | -------------------------------------------------------------------------------- /multi-repo/argo-app-of-apps/test/templates/ecsdemo-nodejs.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.spec.apps.ecsdemoNodejs.createProject -}} 2 | apiVersion: argoproj.io/v1alpha1 3 | kind: AppProject 4 | metadata: 5 | name: {{ .Values.spec.apps.ecsdemoNodejs.project | default "ecsdemo-nodejs" }} 6 | namespace: {{ .Values.argoProjectNamespace | default "argocd" }} 7 | # Finalizer that ensures that project is not deleted until it is not referenced by any application 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | annotations: 11 | argocd.argoproj.io/sync-wave: "1" 12 | spec: 13 | destinations: 14 | - namespace: {{ .Values.spec.apps.ecsdemoNodejs.namespace | default "ecsdemo-nodejs" }} 15 | server: {{ .Values.destinationServer | default .Values.spec.destination.server }} 16 | sourceRepos: 17 | - {{ .Values.spec.apps.ecsdemoNodejs.repoURL }} 18 | {{- with .Values.sourceNamespaces }} 19 | sourceNamespaces: 20 | {{- toYaml .| nindent 4 }} 21 | {{- end }} 22 | --- 23 | {{- end }} 24 | apiVersion: argoproj.io/v1alpha1 25 | kind: Application 26 | metadata: 27 | name: {{ .Values.spec.apps.ecsdemoNodejs.name | default "ecsdemo-nodejs" }} 28 | namespace: {{ .Values.argoNamespace | default "argocd" }} 29 | labels: 30 | {{- toYaml .Values.labels | nindent 4 }} 31 | finalizers: 32 | - resources-finalizer.argocd.argoproj.io 33 | annotations: 34 | argocd.argoproj.io/sync-wave: "2" 35 | spec: 36 | project: {{ .Values.spec.apps.ecsdemoNodejs.project | default "ecsdemo-nodejs" }} 37 | destination: 38 | namespace: {{ .Values.spec.apps.ecsdemoNodejs.namespace | default "ecsdemo-nodejs" }} 39 | server: {{ .Values.destinationServer | default .Values.spec.destination.server }} 40 | source: 41 | repoURL: {{ .Values.spec.apps.ecsdemoNodejs.repoURL }} 42 | targetRevision: {{ .Values.spec.apps.ecsdemoNodejs.targetRevision }} 43 | path: {{ .Values.spec.apps.ecsdemoNodejs.path }} 44 | helm: 45 | {{- toYaml .Values.spec.apps.ecsdemoNodejs.helm | nindent 6 }} 46 | syncPolicy: 47 | automated: 48 | prune: true 49 | syncOptions: 50 | - CreateNamespace=false # Created with IaC - # https://github.com/argoproj/argo-cd/issues/7799 51 | -------------------------------------------------------------------------------- /multi-repo/argo-app-of-apps/test/values.yaml: -------------------------------------------------------------------------------- 1 | destinationServer: '' 2 | argoProjectNamespace: '' 3 | argoNamespace: '' 4 | 5 | 6 | labels: 7 | env: test 8 | spec: 9 | destination: 10 | server: https://kubernetes.default.svc 11 | # All helm parameters can be sent by IaC code (Terraform or CDK) 12 | apps: 13 | ecsdemoFrontend: 14 | createProject: false 15 | #repoURL: git@github.com:aws-containers/ecsdemo-frontend.git 16 | repoURL: https://github.com/aws-containers/ecsdemo-frontend.git 17 | targetRevision: main 18 | path: kubernetes/helm/ecsdemo-frontend 19 | helm: 20 | values: |- 21 | ingress: 22 | enabled: true 23 | annotations: 24 | alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]' 25 | alb.ingress.kubernetes.io/scheme: internet-facing 26 | alb.ingress.kubernetes.io/tags: Environment=dev,Team=ecsdemo-frontend 27 | alb.ingress.kubernetes.io/target-type: ip 28 | className: alb 29 | hosts: 30 | - paths: 31 | - path: / 32 | pathType: Prefix 33 | ecsdemoNodejs: 34 | createProject: false 35 | repoURL: https://github.com/aws-containers/ecsdemo-nodejs.git 36 | #repoURL: git@github.com:aws-containers/ecsdemo-nodejs.git 37 | targetRevision: main 38 | path: kubernetes/helm/ecsdemo-nodejs 39 | helm: 40 | parameters: 41 | - name: replicaCount 42 | value: '3' 43 | ecsdemoCrystal: 44 | createProject: false 45 | repoURL: https://github.com/aws-containers/ecsdemo-crystal.git 46 | #repoURL: git@github.com:aws-containers/ecsdemo-crystal.git 47 | targetRevision: main 48 | path: kubernetes/helm/ecsdemo-crystal 49 | helm: 50 | parameters: 51 | - name: replicaCount 52 | value: '3' -------------------------------------------------------------------------------- /multi-repo/argo-app-projects/ecsdemo-crystal.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: AppProject 3 | metadata: 4 | name: ecsdemo-crystal 5 | namespace: argocd 6 | spec: 7 | destinations: 8 | - namespace: ecsdemo-crystal 9 | server: https://kubernetes.default.svc 10 | sourceRepos: 11 | - git@github.com:aws-containers/ecsdemo-crystal.git 12 | -------------------------------------------------------------------------------- /multi-repo/argo-app-projects/ecsdemo-frontend.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: AppProject 3 | metadata: 4 | name: ecsdemo-frontend 5 | namespace: argocd 6 | spec: 7 | destinations: 8 | - namespace: ecsdemo-frontend 9 | server: https://kubernetes.default.svc 10 | sourceRepos: 11 | - git@github.com:aws-containers/ecsdemo-frontend.git 12 | -------------------------------------------------------------------------------- /multi-repo/argo-app-projects/ecsdemo-nodejs.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: AppProject 3 | metadata: 4 | name: ecsdemo-nodejs 5 | namespace: argocd 6 | spec: 7 | destinations: 8 | - namespace: ecsdemo-nodejs 9 | server: https://kubernetes.default.svc 10 | sourceRepos: 11 | - git@github.com:aws-containers/ecsdemo-nodejs.git 12 | -------------------------------------------------------------------------------- /secure-ingress-cognito/envs/dev/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | name: secure-ingress-cognito-dev-applications 4 | description: App of apps chart for the dev EKS environment using Cognito to secure the ingress. 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /secure-ingress-cognito/envs/dev/templates/team-kirk.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: team-kirk 5 | namespace: argocd 6 | labels: 7 | {{- toYaml .Values.labels | nindent 4 }} 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: default 12 | destination: 13 | namespace: kubecost 14 | server: {{ .Values.spec.destination.server }} 15 | source: 16 | repoURL: {{ .Values.spec.source.repoURL }} 17 | targetRevision: {{ .Values.spec.source.targetRevision }} 18 | path: teams/team-kirk/dev 19 | helm: 20 | values: | 21 | {{- toYaml .Values | nindent 8 }} 22 | syncPolicy: 23 | automated: 24 | prune: true 25 | syncOptions: 26 | - CreateNamespace=true -------------------------------------------------------------------------------- /secure-ingress-cognito/envs/dev/values.yaml: -------------------------------------------------------------------------------- 1 | labels: 2 | env: dev 3 | spec: 4 | destination: 5 | server: https://kubernetes.default.svc 6 | source: 7 | repoURL: https://github.com/aws-samples/eks-blueprints-workloads 8 | targetRevision: main 9 | 10 | # Thoses default values can be surcharged by Infrastructure as Code 11 | env: dev 12 | clusterName: eks-blueprint-cluster # the name of EKS cluster 13 | ingress: 14 | type: 'alb' # nginx | alb 15 | host: # empty or your domain like dev.example.com 16 | -------------------------------------------------------------------------------- /secure-ingress-cognito/envs/prod/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | name: secure-ingress-cognito-prod-applications 4 | description: App of apps chart for the dev EKS environment using Cognito to secure the ingress. 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /secure-ingress-cognito/envs/prod/templates/team-kirk.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: team-kirk 5 | namespace: argocd 6 | labels: 7 | {{- toYaml .Values.labels | nindent 4 }} 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: default 12 | destination: 13 | namespace: kubecost 14 | server: {{ .Values.spec.destination.server }} 15 | source: 16 | repoURL: {{ .Values.spec.source.repoURL }} 17 | targetRevision: {{ .Values.spec.source.targetRevision }} 18 | path: teams/team-kirk/prod 19 | helm: 20 | values: | 21 | {{- toYaml .Values | nindent 8 }} 22 | syncPolicy: 23 | automated: 24 | prune: true 25 | syncOptions: 26 | - CreateNamespace=true -------------------------------------------------------------------------------- /secure-ingress-cognito/envs/prod/values.yaml: -------------------------------------------------------------------------------- 1 | labels: 2 | env: prod 3 | spec: 4 | destination: 5 | server: https://kubernetes.default.svc 6 | source: 7 | repoURL: https://github.com/aws-samples/eks-blueprints-workloads 8 | targetRevision: main 9 | 10 | # Thoses default values can be surcharged by Infrastructure as Code 11 | env: prod 12 | clusterName: eks-blueprint-cluster # the name of EKS cluster 13 | ingress: 14 | type: 'alb' # nginx | alb 15 | host: # empty or your domain like dev.example.com -------------------------------------------------------------------------------- /secure-ingress-cognito/envs/test/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | name: secure-ingress-cognito-test-applications 4 | description: App of apps chart for the dev EKS environment using Cognito to secure the ingress. 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /secure-ingress-cognito/envs/test/templates/team-kirk.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: team-kirk 5 | namespace: argocd 6 | labels: 7 | {{- toYaml .Values.labels | nindent 4 }} 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: default 12 | destination: 13 | namespace: kubecost 14 | server: {{ .Values.spec.destination.server }} 15 | source: 16 | repoURL: {{ .Values.spec.source.repoURL }} 17 | targetRevision: {{ .Values.spec.source.targetRevision }} 18 | path: teams/team-kirk/test 19 | helm: 20 | values: | 21 | {{- toYaml .Values | nindent 8 }} 22 | syncPolicy: 23 | automated: 24 | prune: true 25 | syncOptions: 26 | - CreateNamespace=true -------------------------------------------------------------------------------- /secure-ingress-cognito/envs/test/values.yaml: -------------------------------------------------------------------------------- 1 | labels: 2 | env: test 3 | spec: 4 | destination: 5 | server: https://kubernetes.default.svc 6 | source: 7 | repoURL: https://github.com/aws-samples/eks-blueprints-workloads 8 | targetRevision: main 9 | 10 | # Thoses default values can be surcharged by Infrastructure as Code 11 | env: test 12 | clusterName: eks-blueprint-cluster # the name of EKS cluster 13 | ingress: 14 | type: 'alb' # nginx | alb 15 | host: # empty or your domain like dev.example.com 16 | -------------------------------------------------------------------------------- /security/envs/dev/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | name: dev-security 4 | description: App of apps chart for the dev EKS environment using security best practices 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /security/envs/dev/templates/team-data.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: team-data 5 | namespace: argocd 6 | labels: 7 | {{- toYaml .Values.labels | nindent 4 }} 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | destination: 12 | namespace: data 13 | server: {{ .Values.spec.destination.server }} 14 | project: default 15 | source: 16 | path: teams/team-data/dev 17 | repoURL: {{ .Values.spec.source.repoURL }} 18 | targetRevision: {{ .Values.spec.source.targetRevision }} 19 | syncPolicy: 20 | automated: 21 | prune: true 22 | syncOptions: 23 | - CreateNamespace=true 24 | -------------------------------------------------------------------------------- /security/envs/dev/templates/team-platform.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: team-platform 5 | namespace: argocd 6 | labels: 7 | {{- toYaml .Values.labels | nindent 4 }} 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | destination: 12 | namespace: platform 13 | server: {{ .Values.spec.destination.server }} 14 | project: default 15 | source: 16 | path: teams/team-platform/dev 17 | repoURL: {{ .Values.spec.source.repoURL }} 18 | targetRevision: {{ .Values.spec.source.targetRevision }} 19 | helm: 20 | values: | 21 | spec: 22 | efsKmsKey: {{ index .Values.spec "efsKmsKey" }} 23 | efsFileSystemId: {{ index .Values.spec "efsFileSystemId" }} 24 | ebsKmsKey: {{ index .Values.spec "ebsKmsKey" }} 25 | syncPolicy: 26 | automated: 27 | prune: true 28 | syncOptions: 29 | - CreateNamespace=true 30 | -------------------------------------------------------------------------------- /security/envs/dev/values.yaml: -------------------------------------------------------------------------------- 1 | labels: 2 | env: dev 3 | spec: 4 | destination: 5 | server: https://kubernetes.default.svc 6 | source: 7 | repoURL: https://github.com/aws-samples/eks-blueprints-workloads 8 | targetRevision: main 9 | 10 | # Thoses default values can be surcharged by Infrastructure as Code 11 | env: dev 12 | clusterName: eks-blueprint-cluster # the name of EKS cluster 13 | ingress: 14 | type: "alb" # nginx | alb 15 | host: # empty or your domain like dev.example.com 16 | -------------------------------------------------------------------------------- /teams/team-burnham/dev/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | name: team-burnham-dev 4 | description: Team Burnham applications for the Dev environment. 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /teams/team-burnham/dev/templates/burnham.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: burnham-ingress 5 | labels: 6 | app: burnham 7 | {{- toYaml .Values.labels | nindent 4 }} 8 | annotations: 9 | {{ if eq .Values.spec.ingress.type "nginx" }} 10 | #nginx annotations 11 | {{ else }} 12 | alb.ingress.kubernetes.io/scheme: internet-facing 13 | alb.ingress.kubernetes.io/target-type: 'ip' 14 | {{ if .Values.spec.ingress.host }} # we can't use grouping without custom domain 15 | alb.ingress.kubernetes.io/group.name: burnham 16 | alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80,"HTTPS": 443}]' 17 | alb.ingress.kubernetes.io/ssl-redirect: '443' 18 | {{ else }} 19 | alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]' 20 | {{ end }} 21 | alb.ingress.kubernetes.io/backend-protocol: 'HTTP' 22 | alb.ingress.kubernetes.io/tags: Environment={{ .Values.labels.env }},Team=Burnham 23 | {{ end }} 24 | {{ if .Values.spec.ingress.host }} 25 | external-dns.alpha.kubernetes.io/set-identifier: {{ .Values.spec.clusterName }} 26 | external-dns.alpha.kubernetes.io/aws-weight: '{{ .Values.spec.ingress.route53_weight }}' 27 | external-dns.alpha.kubernetes.io/ttl: "10" 28 | {{ end }} 29 | spec: 30 | {{ if eq .Values.spec.ingress.type "nginx" }} 31 | kubernetes.io/ingress.class: "nginx" 32 | {{ else }} 33 | ingressClassName: alb 34 | {{ end }} 35 | rules: 36 | {{ if .Values.spec.ingress.host }} 37 | - host: burnham.{{ .Values.spec.ingress.host }} 38 | {{ else }} 39 | - host: 40 | {{ end }} 41 | http: 42 | paths: 43 | - path: / 44 | pathType: Prefix 45 | backend: 46 | service: 47 | name: burnham 48 | port: 49 | number: 80 50 | --- 51 | apiVersion: v1 52 | kind: Service 53 | metadata: 54 | name: burnham 55 | labels: 56 | app: burnham-ingress-{{ .Values.spec.env }} 57 | spec: 58 | ports: 59 | - port: 80 60 | targetPort: 80 61 | selector: 62 | app: burnham 63 | --- 64 | apiVersion: apps/v1 65 | kind: Deployment 66 | metadata: 67 | name: burnham 68 | labels: 69 | app: burnham 70 | {{- toYaml .Values.labels | nindent 4 }} 71 | spec: 72 | replicas: 3 73 | revisionHistoryLimit: 3 74 | selector: 75 | matchLabels: 76 | app: burnham 77 | template: 78 | metadata: 79 | labels: 80 | app: burnham 81 | seb: test 82 | spec: 83 | containers: 84 | - name: burnham 85 | image: public.ecr.aws/seb-demo/eks-example-go:6d1d832508017919344c62c5eaece159fccffa79 86 | imagePullPolicy: Always 87 | env: 88 | - name: CLUSTER_NAME 89 | value: {{ .Values.spec.clusterName }} 90 | ports: 91 | - containerPort: 80 92 | resources: 93 | limits: 94 | cpu: 500m 95 | memory: 512Mi 96 | requests: 97 | cpu: 250m 98 | memory: 50Mi 99 | {{ if .Values.spec.karpenterInstanceProfile }} 100 | nodeSelector: 101 | team: burnham 102 | type: karpenter 103 | tolerations: 104 | - key: 'burnham' 105 | operator: 'Exists' 106 | effect: 'NoSchedule' 107 | {{ end }} 108 | -------------------------------------------------------------------------------- /teams/team-burnham/dev/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: nginx 5 | labels: 6 | app: burnham 7 | {{- toYaml .Values.labels | nindent 4 }} 8 | spec: 9 | replicas: 1 10 | revisionHistoryLimit: 3 11 | selector: 12 | matchLabels: 13 | app: nginx 14 | template: 15 | metadata: 16 | labels: 17 | app: nginx 18 | spec: 19 | containers: 20 | - name: nginx 21 | image: nginx:1.14.2 22 | ports: 23 | - containerPort: 80 24 | resources: 25 | limits: 26 | cpu: 500m 27 | memory: 512Mi 28 | requests: 29 | cpu: 250m 30 | memory: 50Mi 31 | -------------------------------------------------------------------------------- /teams/team-burnham/dev/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: nginx 5 | labels: 6 | {{- toYaml .Values.labels | nindent 4 }} 7 | spec: 8 | ports: 9 | - port: 80 10 | targetPort: 80 11 | selector: 12 | app: nginx 13 | -------------------------------------------------------------------------------- /teams/team-burnham/dev/values.yaml: -------------------------------------------------------------------------------- 1 | labels: 2 | env: dev 3 | team: burnham 4 | spec: 5 | env: 6 | ingress: 7 | host: 8 | type: alb 9 | -------------------------------------------------------------------------------- /teams/team-burnham/prod/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | name: team-burnham-dev 4 | description: Team Burnham applications for the Dev environment. 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /teams/team-burnham/prod/templates/burnham.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: burnham-ingress 5 | labels: 6 | app: burnham 7 | {{- toYaml .Values.labels | nindent 4 }} 8 | annotations: 9 | {{ if eq .Values.spec.ingress.type "nginx" }} 10 | #nginx annotations 11 | {{ else }} 12 | alb.ingress.kubernetes.io/scheme: internet-facing 13 | alb.ingress.kubernetes.io/target-type: 'ip' 14 | {{ if .Values.spec.ingress.host }} # we can't use grouping without custom domain 15 | alb.ingress.kubernetes.io/group.name: burnham 16 | alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80,"HTTPS": 443}]' 17 | alb.ingress.kubernetes.io/ssl-redirect: '443' 18 | {{ else }} 19 | alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]' 20 | {{ end }} 21 | alb.ingress.kubernetes.io/backend-protocol: 'HTTP' 22 | alb.ingress.kubernetes.io/tags: Environment={{ .Values.labels.env }},Team=Burnham 23 | {{ end }} 24 | {{ if .Values.spec.ingress.host }} 25 | external-dns.alpha.kubernetes.io/set-identifier: {{ .Values.spec.clusterName }} 26 | external-dns.alpha.kubernetes.io/aws-weight: '{{ .Values.spec.ingress.route53_weight }}' 27 | external-dns.alpha.kubernetes.io/ttl: "10" 28 | {{ end }} 29 | spec: 30 | {{ if eq .Values.spec.ingress.type "nginx" }} 31 | kubernetes.io/ingress.class: "nginx" 32 | {{ else }} 33 | ingressClassName: alb 34 | {{ end }} 35 | rules: 36 | {{ if .Values.spec.ingress.host }} 37 | - host: burnham.{{ .Values.spec.ingress.host }} 38 | {{ else }} 39 | - host: 40 | {{ end }} 41 | http: 42 | paths: 43 | - path: / 44 | pathType: Prefix 45 | backend: 46 | service: 47 | name: burnham 48 | port: 49 | number: 80 50 | --- 51 | apiVersion: v1 52 | kind: Service 53 | metadata: 54 | name: burnham 55 | labels: 56 | app: burnham-ingress-{{ .Values.spec.env }} 57 | spec: 58 | ports: 59 | - port: 80 60 | targetPort: 80 61 | selector: 62 | app: burnham 63 | --- 64 | apiVersion: apps/v1 65 | kind: Deployment 66 | metadata: 67 | name: burnham 68 | labels: 69 | app: burnham 70 | {{- toYaml .Values.labels | nindent 4 }} 71 | spec: 72 | replicas: 3 73 | revisionHistoryLimit: 3 74 | selector: 75 | matchLabels: 76 | app: burnham 77 | template: 78 | metadata: 79 | labels: 80 | app: burnham 81 | seb: test 82 | spec: 83 | containers: 84 | - name: burnham 85 | image: public.ecr.aws/seb-demo/eks-example-go:6d1d832508017919344c62c5eaece159fccffa79 86 | imagePullPolicy: Always 87 | env: 88 | - name: CLUSTER_NAME 89 | value: {{ .Values.spec.clusterName }} 90 | ports: 91 | - containerPort: 80 92 | resources: 93 | limits: 94 | cpu: 500m 95 | memory: 512Mi 96 | requests: 97 | cpu: 250m 98 | memory: 50Mi 99 | {{ if .Values.spec.karpenterInstanceProfile }} 100 | nodeSelector: 101 | team: burnham 102 | type: karpenter 103 | tolerations: 104 | - key: 'burnham' 105 | operator: 'Exists' 106 | effect: 'NoSchedule' 107 | {{ end }} 108 | -------------------------------------------------------------------------------- /teams/team-burnham/prod/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: nginx 5 | labels: 6 | app: burnham 7 | {{- toYaml .Values.labels | nindent 4 }} 8 | spec: 9 | replicas: 1 10 | revisionHistoryLimit: 3 11 | selector: 12 | matchLabels: 13 | app: nginx 14 | template: 15 | metadata: 16 | labels: 17 | app: nginx 18 | spec: 19 | containers: 20 | - name: nginx 21 | image: nginx:1.14.2 22 | ports: 23 | - containerPort: 80 24 | resources: 25 | limits: 26 | cpu: 500m 27 | memory: 512Mi 28 | requests: 29 | cpu: 250m 30 | memory: 50Mi 31 | -------------------------------------------------------------------------------- /teams/team-burnham/prod/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: nginx 5 | labels: 6 | {{- toYaml .Values.labels | nindent 4 }} 7 | spec: 8 | ports: 9 | - port: 80 10 | targetPort: 80 11 | selector: 12 | app: nginx 13 | -------------------------------------------------------------------------------- /teams/team-burnham/prod/values.yaml: -------------------------------------------------------------------------------- 1 | labels: 2 | env: dev 3 | team: burnham 4 | spec: 5 | env: 6 | ingress: 7 | host: 8 | type: alb 9 | -------------------------------------------------------------------------------- /teams/team-burnham/test/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | name: team-burnham-dev 4 | description: Team Burnham applications for the Dev environment. 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /teams/team-burnham/test/templates/burnham.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: burnham-ingress 5 | labels: 6 | app: burnham 7 | {{- toYaml .Values.labels | nindent 4 }} 8 | annotations: 9 | {{ if eq .Values.spec.ingress.type "nginx" }} 10 | #nginx annotations 11 | {{ else }} 12 | alb.ingress.kubernetes.io/scheme: internet-facing 13 | alb.ingress.kubernetes.io/target-type: 'ip' 14 | {{ if .Values.spec.ingress.host }} # we can't use grouping without custom domain 15 | alb.ingress.kubernetes.io/group.name: burnham 16 | alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80,"HTTPS": 443}]' 17 | alb.ingress.kubernetes.io/ssl-redirect: '443' 18 | {{ else }} 19 | alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]' 20 | {{ end }} 21 | alb.ingress.kubernetes.io/backend-protocol: 'HTTP' 22 | alb.ingress.kubernetes.io/tags: Environment={{ .Values.labels.env }},Team=Burnham 23 | {{ end }} 24 | {{ if .Values.spec.ingress.host }} 25 | external-dns.alpha.kubernetes.io/set-identifier: {{ .Values.spec.clusterName }} 26 | external-dns.alpha.kubernetes.io/aws-weight: '{{ .Values.spec.ingress.route53_weight }}' 27 | external-dns.alpha.kubernetes.io/ttl: "10" 28 | {{ end }} 29 | spec: 30 | {{ if eq .Values.spec.ingress.type "nginx" }} 31 | kubernetes.io/ingress.class: "nginx" 32 | {{ else }} 33 | ingressClassName: alb 34 | {{ end }} 35 | rules: 36 | {{ if .Values.spec.ingress.host }} 37 | - host: burnham.{{ .Values.spec.ingress.host }} 38 | {{ else }} 39 | - host: 40 | {{ end }} 41 | http: 42 | paths: 43 | - path: / 44 | pathType: Prefix 45 | backend: 46 | service: 47 | name: burnham 48 | port: 49 | number: 80 50 | --- 51 | apiVersion: v1 52 | kind: Service 53 | metadata: 54 | name: burnham 55 | labels: 56 | app: burnham-ingress-{{ .Values.spec.env }} 57 | spec: 58 | ports: 59 | - port: 80 60 | targetPort: 80 61 | selector: 62 | app: burnham 63 | --- 64 | apiVersion: apps/v1 65 | kind: Deployment 66 | metadata: 67 | name: burnham 68 | labels: 69 | app: burnham 70 | {{- toYaml .Values.labels | nindent 4 }} 71 | spec: 72 | replicas: 3 73 | revisionHistoryLimit: 3 74 | selector: 75 | matchLabels: 76 | app: burnham 77 | template: 78 | metadata: 79 | labels: 80 | app: burnham 81 | seb: test 82 | spec: 83 | containers: 84 | - name: burnham 85 | image: public.ecr.aws/seb-demo/eks-example-go:6d1d832508017919344c62c5eaece159fccffa79 86 | imagePullPolicy: Always 87 | env: 88 | - name: CLUSTER_NAME 89 | value: {{ .Values.spec.clusterName }} 90 | ports: 91 | - containerPort: 80 92 | resources: 93 | limits: 94 | cpu: 500m 95 | memory: 512Mi 96 | requests: 97 | cpu: 250m 98 | memory: 50Mi 99 | {{ if .Values.spec.karpenterInstanceProfile }} 100 | nodeSelector: 101 | team: burnham 102 | type: karpenter 103 | tolerations: 104 | - key: 'burnham' 105 | operator: 'Exists' 106 | effect: 'NoSchedule' 107 | {{ end }} 108 | -------------------------------------------------------------------------------- /teams/team-burnham/test/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: nginx 5 | labels: 6 | app: burnham 7 | {{- toYaml .Values.labels | nindent 4 }} 8 | spec: 9 | replicas: 1 10 | revisionHistoryLimit: 3 11 | selector: 12 | matchLabels: 13 | app: nginx 14 | template: 15 | metadata: 16 | labels: 17 | app: nginx 18 | spec: 19 | containers: 20 | - name: nginx 21 | image: nginx:1.14.2 22 | ports: 23 | - containerPort: 80 24 | resources: 25 | limits: 26 | cpu: 500m 27 | memory: 512Mi 28 | requests: 29 | cpu: 250m 30 | memory: 50Mi 31 | -------------------------------------------------------------------------------- /teams/team-burnham/test/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: nginx 5 | labels: 6 | {{- toYaml .Values.labels | nindent 4 }} 7 | spec: 8 | ports: 9 | - port: 80 10 | targetPort: 80 11 | selector: 12 | app: nginx 13 | -------------------------------------------------------------------------------- /teams/team-burnham/test/values.yaml: -------------------------------------------------------------------------------- 1 | labels: 2 | env: dev 3 | team: burnham 4 | spec: 5 | env: 6 | ingress: 7 | host: 8 | type: alb 9 | -------------------------------------------------------------------------------- /teams/team-danger/dev/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | name: team-danger-dev 4 | description: Team Danger applications for the Dev environment. 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /teams/team-danger/dev/templates/privileged-pod.yaml: -------------------------------------------------------------------------------- 1 | # This is a privileged pod that can be used to test runtime findings in Amazon GuardDuty 2 | apiVersion: v1 3 | kind: Pod 4 | metadata: 5 | name: ubuntunetcat 6 | labels: 7 | app: ubuntunetcat 8 | spec: 9 | containers: 10 | - image: redora/ubuntunetcat 11 | command: 12 | - "sleep" 13 | - "60000" 14 | imagePullPolicy: IfNotPresent 15 | name: ubuntunetcat 16 | restartPolicy: Always 17 | -------------------------------------------------------------------------------- /teams/team-danger/dev/values.yaml: -------------------------------------------------------------------------------- 1 | labels: 2 | env: dev 3 | team: danger 4 | spec: 5 | env: 6 | ingress: 7 | host: 8 | region: 9 | type: alb 10 | -------------------------------------------------------------------------------- /teams/team-data/dev/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | name: team-data-dev 4 | description: Team Data applications for the Dev environment. 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /teams/team-data/dev/templates/ebs-ecncrypted-storage-pvc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: gp2-encrypted-pvc 5 | spec: 6 | accessModes: 7 | - ReadWriteOnce 8 | resources: 9 | requests: 10 | storage: 10Gi 11 | storageClassName: gp2-encrypted 12 | --- 13 | apiVersion: v1 14 | kind: Pod 15 | metadata: 16 | name: ebs-encryption-app 17 | spec: 18 | containers: 19 | - name: app 20 | image: centos 21 | command: ["/bin/sh"] 22 | args: ["-c", "while true; do echo $(date -u) >> /example/out.txt; sleep 5; done"] 23 | volumeMounts: 24 | - name: persistent-storage 25 | mountPath: /example 26 | volumes: 27 | - name: persistent-storage 28 | persistentVolumeClaim: 29 | claimName: gp2-encrypted-pvc -------------------------------------------------------------------------------- /teams/team-data/dev/templates/efs-ecncrypted-storage-pvc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: efs-encrypted-claim 5 | spec: 6 | accessModes: 7 | - ReadWriteMany 8 | storageClassName: efs-encrypted 9 | resources: 10 | requests: 11 | storage: 10Gi 12 | --- 13 | apiVersion: v1 14 | kind: Pod 15 | metadata: 16 | name: efs-encryption-app 17 | spec: 18 | containers: 19 | - name: app 20 | image: centos 21 | command: ["/bin/sh"] 22 | args: ["-c", "while true; do echo $(date -u) >> /example/out.txt; sleep 5; done"] 23 | volumeMounts: 24 | - name: persistent-storage 25 | mountPath: /example 26 | volumes: 27 | - name: persistent-storage 28 | persistentVolumeClaim: 29 | claimName: efs-encrypted-claim -------------------------------------------------------------------------------- /teams/team-data/dev/values.yaml: -------------------------------------------------------------------------------- 1 | labels: 2 | env: dev 3 | team: data 4 | spec: 5 | env: 6 | ingress: 7 | host: 8 | region: 9 | type: alb 10 | -------------------------------------------------------------------------------- /teams/team-geordie/dev/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | name: monapps 4 | description: Charts of Monitoring Apps for the dev EKS environment. 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /teams/team-geordie/dev/ho11y/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | name: ho11y 4 | description: Charts of Monitoring Apps for the dev EKS environment. 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /teams/team-geordie/dev/ho11y/templates/ho11y.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: ho11y 5 | --- 6 | apiVersion: apps/v1 7 | kind: Deployment 8 | metadata: 9 | name: frontend 10 | namespace: geordie 11 | spec: 12 | selector: 13 | matchLabels: 14 | app: frontend 15 | replicas: 1 16 | template: 17 | metadata: 18 | labels: 19 | app: frontend 20 | spec: 21 | containers: 22 | - name: ho11y 23 | image: public.ecr.aws/z0a4o2j5/ho11y:latest 24 | ports: 25 | - containerPort: 8765 26 | env: 27 | - name: DISABLE_OM 28 | value: "on" 29 | - name: HO11Y_LOG_DEST 30 | value: "stdout" 31 | - name: OTEL_RESOURCE_ATTRIB 32 | value: "frontend" 33 | - name: OTEL_EXPORTER_OTLP_ENDPOINT 34 | value: "otel-collector-xray-collector.default.svc.cluster.local:4317" 35 | - name: HO11Y_INJECT_FAILURE 36 | value: "enabled" 37 | - name: DOWNSTREAM0 38 | value: "http://downstream0" 39 | - name: DOWNSTREAM1 40 | value: "http://downstream1" 41 | imagePullPolicy: Always 42 | --- 43 | apiVersion: apps/v1 44 | kind: Deployment 45 | metadata: 46 | name: downstream0 47 | namespace: geordie 48 | spec: 49 | selector: 50 | matchLabels: 51 | app: downstream0 52 | replicas: 1 53 | template: 54 | metadata: 55 | labels: 56 | app: downstream0 57 | spec: 58 | containers: 59 | - name: ho11y 60 | image: public.ecr.aws/mhausenblas/ho11y:stable 61 | ports: 62 | - containerPort: 8765 63 | env: 64 | - name: DISABLE_OM 65 | value: "on" 66 | - name: HO11Y_LOG_DEST 67 | value: "stdout" 68 | - name: OTEL_RESOURCE_ATTRIB 69 | value: "downstream0" 70 | - name: OTEL_EXPORTER_OTLP_ENDPOINT 71 | value: "otel-collector-xray-collector.default.svc.cluster.local:4317" 72 | - name: DOWNSTREAM0 73 | value: "https://mhausenblas.info/" 74 | imagePullPolicy: Always 75 | --- 76 | apiVersion: apps/v1 77 | kind: Deployment 78 | metadata: 79 | name: downstream1 80 | namespace: geordie 81 | spec: 82 | selector: 83 | matchLabels: 84 | app: downstream1 85 | replicas: 1 86 | template: 87 | metadata: 88 | labels: 89 | app: downstream1 90 | spec: 91 | containers: 92 | - name: ho11y 93 | image: public.ecr.aws/mhausenblas/ho11y:stable 94 | ports: 95 | - containerPort: 8765 96 | env: 97 | - name: DISABLE_OM 98 | value: "on" 99 | - name: HO11Y_LOG_DEST 100 | value: "stdout" 101 | - name: OTEL_RESOURCE_ATTRIB 102 | value: "downstream1" 103 | - name: OTEL_EXPORTER_OTLP_ENDPOINT 104 | value: "otel-collector-xray-collector.default.svc.cluster.local:4317" 105 | - name: DOWNSTREAM0 106 | value: "https://o11y.news/2021-03-01/" 107 | - name: DOWNSTREAM1 108 | value: "DUMMY:187kB:42ms" 109 | - name: DOWNSTREAM2 110 | value: "DUMMY:13kB:2ms" 111 | imagePullPolicy: Always 112 | --- 113 | apiVersion: v1 114 | kind: Service 115 | metadata: 116 | name: frontend 117 | namespace: geordie 118 | annotations: 119 | scrape: "true" 120 | spec: 121 | type: LoadBalancer 122 | ports: 123 | - port: 80 124 | targetPort: 8765 125 | selector: 126 | app: frontend 127 | --- 128 | apiVersion: v1 129 | kind: Service 130 | metadata: 131 | name: downstream0 132 | namespace: geordie 133 | annotations: 134 | scrape: "true" 135 | spec: 136 | ports: 137 | - port: 80 138 | targetPort: 8765 139 | selector: 140 | app: downstream0 141 | --- 142 | apiVersion: v1 143 | kind: Service 144 | metadata: 145 | name: downstream1 146 | namespace: geordie 147 | annotations: 148 | scrape: "true" 149 | spec: 150 | ports: 151 | - port: 80 152 | targetPort: 8765 153 | selector: 154 | app: downstream1 155 | --- 156 | -------------------------------------------------------------------------------- /teams/team-geordie/dev/ho11y/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | namespace: geordie 5 | name: ho11y-ingress 6 | annotations: 7 | {{ if eq .Values.spec.ingress.type "alb" }} 8 | #rewrite does not exist yet in ALB 9 | #https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues/1571 10 | #so commenting grouping feature 11 | #alb.ingress.kubernetes.io/group.name: geordie 12 | alb.ingress.kubernetes.io/scheme: internet-facing 13 | alb.ingress.kubernetes.io/target-type: ip 14 | {{ if .Values.spec.ingress.host }} 15 | alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80,"HTTPS": 443}]' 16 | alb.ingress.kubernetes.io/ssl-redirect: '443' 17 | {{ else }} 18 | alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]' 19 | {{ end }} 20 | alb.ingress.kubernetes.io/tags: Environment={{ .Values.labels.env }},Team=Geordie 21 | {{ else }} 22 | kubernetes.io/ingress.class: "nginx" 23 | {{ end }} 24 | {{ if .Values.spec.ingress.host }} 25 | external-dns.alpha.kubernetes.io/set-identifier: {{ .Values.spec.clusterName }} 26 | external-dns.alpha.kubernetes.io/aws-weight: '{{ .Values.spec.ingress.route53_weight }}' 27 | external-dns.alpha.kubernetes.io/ttl: "10" 28 | {{ end }} 29 | spec: 30 | {{ if eq .Values.spec.ingress.type "nginx" }} 31 | ingressClassName: nginx 32 | {{ else }} 33 | ingressClassName: alb 34 | {{ end }} 35 | rules: 36 | {{ if .Values.spec.ingress.host }} 37 | - host: ho11y.{{ .Values.spec.ingress.host }} 38 | {{ else }} 39 | - host: 40 | {{ end }} 41 | http: 42 | paths: 43 | - path: / 44 | pathType: Prefix 45 | backend: 46 | service: 47 | name: frontend 48 | port: 49 | number: 80 -------------------------------------------------------------------------------- /teams/team-geordie/dev/ho11y/values.yaml: -------------------------------------------------------------------------------- 1 | labels: 2 | env: dev 3 | team: geordie 4 | spec: 5 | destination: 6 | server: https://kubernetes.default.svc 7 | source: 8 | repoURL: https://github.com/aws-samples/eks-blueprints-workloads 9 | targetRevision: main -------------------------------------------------------------------------------- /teams/team-geordie/dev/templates/ho11y-app.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: ho11y 5 | # namespace is specified as namespace destination in env/{dev,test,prod}/team-geordie.yaml 6 | finalizers: 7 | - resources-finalizer.argocd.argoproj.io 8 | spec: 9 | project: {{ .Values.argoProject | default "default" }} 10 | destination: 11 | namespace: geordie 12 | server: {{ .Values.spec.destination.server }} 13 | source: 14 | repoURL: {{ .Values.spec.source.repoURL }} 15 | targetRevision: {{ .Values.spec.source.targetRevision }} 16 | path: teams/team-geordie/dev/ho11y 17 | helm: 18 | values: | 19 | {{- toYaml .Values | nindent 8 }} 20 | syncPolicy: 21 | automated: 22 | prune: true 23 | syncOptions: 24 | - CreateNamespace=true -------------------------------------------------------------------------------- /teams/team-geordie/dev/templates/yelb-app.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: yelb 5 | # namespace is specified as namespace destination in env/{dev,test,prod}/team-geordie.yaml 6 | finalizers: 7 | - resources-finalizer.argocd.argoproj.io 8 | spec: 9 | project: {{ .Values.argoProject | default "default" }} 10 | destination: 11 | namespace: geordie 12 | server: {{ .Values.spec.destination.server }} 13 | source: 14 | repoURL: {{ .Values.spec.source.repoURL }} 15 | targetRevision: {{ .Values.spec.source.targetRevision }} 16 | path: teams/team-geordie/dev/yelb 17 | helm: 18 | values: | 19 | {{- toYaml .Values | nindent 8 }} 20 | syncPolicy: 21 | automated: 22 | prune: true 23 | syncOptions: 24 | - CreateNamespace=true -------------------------------------------------------------------------------- /teams/team-geordie/dev/values.yaml: -------------------------------------------------------------------------------- 1 | argoProject: '' 2 | 3 | labels: 4 | env: dev 5 | team: geordie 6 | spec: 7 | destination: 8 | server: https://kubernetes.default.svc 9 | source: 10 | repoURL: https://github.com/aws-samples/eks-blueprints-workloads 11 | targetRevision: main 12 | ingress: 13 | host: 14 | type: -------------------------------------------------------------------------------- /teams/team-geordie/dev/yelb/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: Yelb! The only hub for healthy food recommendations 4 | name: yelb 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /teams/team-geordie/dev/yelb/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | namespace: geordie 5 | name: redis-server 6 | labels: 7 | app: redis-server 8 | tier: cache 9 | spec: 10 | type: ClusterIP 11 | ports: 12 | - port: 6379 13 | selector: 14 | app: redis-server 15 | tier: cache 16 | --- 17 | apiVersion: v1 18 | kind: Service 19 | metadata: 20 | namespace: geordie 21 | name: yelb-db 22 | labels: 23 | app: yelb-db 24 | tier: backenddb 25 | spec: 26 | type: ClusterIP 27 | ports: 28 | - port: 5432 29 | selector: 30 | app: yelb-db 31 | tier: backenddb 32 | --- 33 | apiVersion: v1 34 | kind: Service 35 | metadata: 36 | namespace: geordie 37 | name: yelb-appserver 38 | labels: 39 | app: yelb-appserver 40 | tier: middletier 41 | spec: 42 | type: ClusterIP 43 | ports: 44 | - port: 4567 45 | selector: 46 | app: yelb-appserver 47 | tier: middletier 48 | --- 49 | apiVersion: v1 50 | kind: Service 51 | metadata: 52 | namespace: geordie 53 | name: yelb-ui 54 | labels: 55 | app: yelb-ui 56 | tier: frontend 57 | spec: 58 | type: LoadBalancer 59 | ports: 60 | - port: 80 61 | protocol: TCP 62 | targetPort: 80 63 | selector: 64 | app: yelb-ui 65 | tier: frontend 66 | --- 67 | apiVersion: apps/v1 68 | kind: Deployment 69 | metadata: 70 | namespace: geordie 71 | name: yelb-ui 72 | spec: 73 | replicas: 1 74 | selector: 75 | matchLabels: 76 | app: yelb-ui 77 | tier: frontend 78 | template: 79 | metadata: 80 | labels: 81 | app: yelb-ui 82 | tier: frontend 83 | spec: 84 | containers: 85 | - name: yelb-ui 86 | image: mreferre/yelb-ui:0.7 87 | ports: 88 | - containerPort: 80 89 | --- 90 | apiVersion: apps/v1 91 | kind: Deployment 92 | metadata: 93 | namespace: geordie 94 | name: redis-server 95 | spec: 96 | selector: 97 | matchLabels: 98 | app: redis-server 99 | tier: cache 100 | replicas: 1 101 | template: 102 | metadata: 103 | labels: 104 | app: redis-server 105 | tier: cache 106 | spec: 107 | containers: 108 | - name: redis-server 109 | image: redis:4.0.2 110 | ports: 111 | - containerPort: 6379 112 | --- 113 | apiVersion: apps/v1 114 | kind: Deployment 115 | metadata: 116 | namespace: geordie 117 | name: yelb-db 118 | spec: 119 | replicas: 1 120 | selector: 121 | matchLabels: 122 | app: yelb-db 123 | tier: backenddb 124 | template: 125 | metadata: 126 | labels: 127 | app: yelb-db 128 | tier: backenddb 129 | spec: 130 | containers: 131 | - name: yelb-db 132 | image: mreferre/yelb-db:0.5 133 | ports: 134 | - containerPort: 5432 135 | --- 136 | apiVersion: apps/v1 137 | kind: Deployment 138 | metadata: 139 | namespace: geordie 140 | name: yelb-appserver 141 | spec: 142 | replicas: 1 143 | selector: 144 | matchLabels: 145 | app: yelb-appserver 146 | tier: middletier 147 | template: 148 | metadata: 149 | labels: 150 | app: yelb-appserver 151 | tier: middletier 152 | spec: 153 | containers: 154 | - name: yelb-appserver 155 | image: mreferre/yelb-appserver:0.5 156 | ports: 157 | - containerPort: 4567 158 | --- 159 | -------------------------------------------------------------------------------- /teams/team-geordie/dev/yelb/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | namespace: geordie 5 | name: yelb-ingress 6 | annotations: 7 | {{ if eq .Values.spec.ingress.type "alb" }} 8 | #rewrite does not exist yet in ALB 9 | #https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues/1571 10 | #so commenting grouping feature 11 | #alb.ingress.kubernetes.io/group.name: geordie 12 | alb.ingress.kubernetes.io/scheme: internet-facing 13 | alb.ingress.kubernetes.io/target-type: ip 14 | {{ if .Values.spec.ingress.host }} 15 | alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80,"HTTPS": 443}]' 16 | alb.ingress.kubernetes.io/ssl-redirect: '443' 17 | {{ else }} 18 | alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]' 19 | {{ end }} 20 | alb.ingress.kubernetes.io/tags: Environment={{ .Values.labels.env }},Team=Geordie 21 | {{ else }} 22 | kubernetes.io/ingress.class: "nginx" 23 | {{ end }} 24 | {{ if .Values.spec.ingress.host }} 25 | external-dns.alpha.kubernetes.io/set-identifier: {{ .Values.spec.clusterName }} 26 | external-dns.alpha.kubernetes.io/aws-weight: '{{ .Values.spec.ingress.route53_weight }}' 27 | external-dns.alpha.kubernetes.io/ttl: "10" 28 | {{ end }} 29 | labels: 30 | app: yelb-ui 31 | spec: 32 | {{ if eq .Values.spec.ingress.type "nginx" }} 33 | ingressClassName: nginx 34 | {{ else }} 35 | ingressClassName: alb 36 | {{ end }} 37 | rules: 38 | {{ if .Values.spec.ingress.host }} 39 | - host: yelb.{{ .Values.spec.ingress.host }} 40 | {{ else }} 41 | - host: 42 | {{ end }} 43 | http: 44 | paths: 45 | - path: / 46 | pathType: Prefix 47 | backend: 48 | service: 49 | name: yelb-ui 50 | port: 51 | number: 80 -------------------------------------------------------------------------------- /teams/team-geordie/dev/yelb/values.yaml: -------------------------------------------------------------------------------- 1 | labels: 2 | env: dev 3 | team: geordie 4 | spec: 5 | destination: 6 | server: https://kubernetes.default.svc 7 | source: 8 | repoURL: https://github.com/aws-samples/eks-blueprints-workloads 9 | targetRevision: main -------------------------------------------------------------------------------- /teams/team-geordie/prod/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | name: monapps 4 | description: Charts of Monitoring Apps for the prod EKS environment. 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /teams/team-geordie/prod/ho11y/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | name: ho11y 4 | description: Charts of Monitoring Apps for the prod EKS environment. 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /teams/team-geordie/prod/ho11y/templates/ho11y.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: ho11y 5 | --- 6 | apiVersion: apps/v1 7 | kind: Deployment 8 | metadata: 9 | name: frontend 10 | namespace: geordie 11 | spec: 12 | selector: 13 | matchLabels: 14 | app: frontend 15 | replicas: 1 16 | template: 17 | metadata: 18 | labels: 19 | app: frontend 20 | spec: 21 | containers: 22 | - name: ho11y 23 | image: public.ecr.aws/z0a4o2j5/ho11y:latest 24 | ports: 25 | - containerPort: 8765 26 | env: 27 | - name: DISABLE_OM 28 | value: "on" 29 | - name: HO11Y_LOG_DEST 30 | value: "stdout" 31 | - name: OTEL_RESOURCE_ATTRIB 32 | value: "frontend" 33 | - name: OTEL_EXPORTER_OTLP_ENDPOINT 34 | value: "otel-collector-xray-collector.default.svc.cluster.local:4317" 35 | - name: HO11Y_INJECT_FAILURE 36 | value: "enabled" 37 | - name: DOWNSTREAM0 38 | value: "http://downstream0" 39 | - name: DOWNSTREAM1 40 | value: "http://downstream1" 41 | imagePullPolicy: Always 42 | --- 43 | apiVersion: apps/v1 44 | kind: Deployment 45 | metadata: 46 | name: downstream0 47 | namespace: geordie 48 | spec: 49 | selector: 50 | matchLabels: 51 | app: downstream0 52 | replicas: 1 53 | template: 54 | metadata: 55 | labels: 56 | app: downstream0 57 | spec: 58 | containers: 59 | - name: ho11y 60 | image: public.ecr.aws/mhausenblas/ho11y:stable 61 | ports: 62 | - containerPort: 8765 63 | env: 64 | - name: DISABLE_OM 65 | value: "on" 66 | - name: HO11Y_LOG_DEST 67 | value: "stdout" 68 | - name: OTEL_RESOURCE_ATTRIB 69 | value: "downstream0" 70 | - name: OTEL_EXPORTER_OTLP_ENDPOINT 71 | value: "otel-collector-xray-collector.default.svc.cluster.local:4317" 72 | - name: DOWNSTREAM0 73 | value: "https://mhausenblas.info/" 74 | imagePullPolicy: Always 75 | --- 76 | apiVersion: apps/v1 77 | kind: Deployment 78 | metadata: 79 | name: downstream1 80 | namespace: geordie 81 | spec: 82 | selector: 83 | matchLabels: 84 | app: downstream1 85 | replicas: 1 86 | template: 87 | metadata: 88 | labels: 89 | app: downstream1 90 | spec: 91 | containers: 92 | - name: ho11y 93 | image: public.ecr.aws/mhausenblas/ho11y:stable 94 | ports: 95 | - containerPort: 8765 96 | env: 97 | - name: DISABLE_OM 98 | value: "on" 99 | - name: HO11Y_LOG_DEST 100 | value: "stdout" 101 | - name: OTEL_RESOURCE_ATTRIB 102 | value: "downstream1" 103 | - name: OTEL_EXPORTER_OTLP_ENDPOINT 104 | value: "otel-collector-xray-collector.default.svc.cluster.local:4317" 105 | - name: DOWNSTREAM0 106 | value: "https://o11y.news/2021-03-01/" 107 | - name: DOWNSTREAM1 108 | value: "DUMMY:187kB:42ms" 109 | - name: DOWNSTREAM2 110 | value: "DUMMY:13kB:2ms" 111 | imagePullPolicy: Always 112 | --- 113 | apiVersion: v1 114 | kind: Service 115 | metadata: 116 | name: frontend 117 | namespace: geordie 118 | annotations: 119 | scrape: "true" 120 | spec: 121 | type: LoadBalancer 122 | ports: 123 | - port: 80 124 | targetPort: 8765 125 | selector: 126 | app: frontend 127 | --- 128 | apiVersion: v1 129 | kind: Service 130 | metadata: 131 | name: downstream0 132 | namespace: geordie 133 | annotations: 134 | scrape: "true" 135 | spec: 136 | ports: 137 | - port: 80 138 | targetPort: 8765 139 | selector: 140 | app: downstream0 141 | --- 142 | apiVersion: v1 143 | kind: Service 144 | metadata: 145 | name: downstream1 146 | namespace: geordie 147 | annotations: 148 | scrape: "true" 149 | spec: 150 | ports: 151 | - port: 80 152 | targetPort: 8765 153 | selector: 154 | app: downstream1 155 | --- 156 | -------------------------------------------------------------------------------- /teams/team-geordie/prod/ho11y/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | namespace: geordie 5 | name: ho11y-ingress 6 | annotations: 7 | {{ if eq .Values.spec.ingress.type "alb" }} 8 | #rewrite does not exist yet in ALB 9 | #https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues/1571 10 | #so commenting grouping feature 11 | #alb.ingress.kubernetes.io/group.name: geordie 12 | alb.ingress.kubernetes.io/scheme: internet-facing 13 | alb.ingress.kubernetes.io/target-type: ip 14 | {{ if .Values.spec.ingress.host }} 15 | alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80,"HTTPS": 443}]' 16 | alb.ingress.kubernetes.io/ssl-redirect: '443' 17 | {{ else }} 18 | alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]' 19 | {{ end }} 20 | alb.ingress.kubernetes.io/tags: Environment={{ .Values.labels.env }},Team=Geordie 21 | {{ else }} 22 | kubernetes.io/ingress.class: "nginx" 23 | {{ end }} 24 | {{ if .Values.spec.ingress.host }} 25 | external-dns.alpha.kubernetes.io/set-identifier: {{ .Values.spec.clusterName }} 26 | external-dns.alpha.kubernetes.io/aws-weight: '{{ .Values.spec.ingress.route53_weight }}' 27 | external-dns.alpha.kubernetes.io/ttl: "10" 28 | {{ end }} 29 | spec: 30 | {{ if eq .Values.spec.ingress.type "nginx" }} 31 | ingressClassName: nginx 32 | {{ else }} 33 | ingressClassName: alb 34 | {{ end }} 35 | rules: 36 | {{ if .Values.spec.ingress.host }} 37 | - host: ho11y.{{ .Values.spec.ingress.host }} 38 | {{ else }} 39 | - host: 40 | {{ end }} 41 | http: 42 | paths: 43 | - path: / 44 | pathType: Prefix 45 | backend: 46 | service: 47 | name: frontend 48 | port: 49 | number: 80 -------------------------------------------------------------------------------- /teams/team-geordie/prod/ho11y/values.yaml: -------------------------------------------------------------------------------- 1 | labels: 2 | env: prod 3 | team: geordie 4 | spec: 5 | destination: 6 | server: https://kubernetes.default.svc 7 | source: 8 | repoURL: https://github.com/aws-samples/eks-blueprints-workloads 9 | targetRevision: main 10 | -------------------------------------------------------------------------------- /teams/team-geordie/prod/templates/ho11y-app.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: ho11y 5 | # namespace is specified as namespace destination in env/{dev,test,prod}/team-geordie.yaml 6 | finalizers: 7 | - resources-finalizer.argocd.argoproj.io 8 | spec: 9 | project: {{ .Values.argoProject | default "default" }} 10 | destination: 11 | namespace: geordie 12 | server: {{ .Values.spec.destination.server }} 13 | source: 14 | repoURL: {{ .Values.spec.source.repoURL }} 15 | targetRevision: {{ .Values.spec.source.targetRevision }} 16 | path: teams/team-geordie/prod/ho11y 17 | helm: 18 | values: | 19 | {{- toYaml .Values | nindent 8 }} 20 | syncPolicy: 21 | automated: 22 | prune: true 23 | syncOptions: 24 | - CreateNamespace=true -------------------------------------------------------------------------------- /teams/team-geordie/prod/templates/yelb-app.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: yelb 5 | # namespace is specified as namespace destination in env/{dev,test,prod}/team-geordie.yaml 6 | finalizers: 7 | - resources-finalizer.argocd.argoproj.io 8 | spec: 9 | project: {{ .Values.argoProject | default "default" }} 10 | destination: 11 | namespace: geordie 12 | server: {{ .Values.spec.destination.server }} 13 | source: 14 | repoURL: {{ .Values.spec.source.repoURL }} 15 | targetRevision: {{ .Values.spec.source.targetRevision }} 16 | path: teams/team-geordie/prod/yelb 17 | helm: 18 | values: | 19 | {{- toYaml .Values | nindent 8 }} 20 | syncPolicy: 21 | automated: 22 | prune: true 23 | syncOptions: 24 | - CreateNamespace=true -------------------------------------------------------------------------------- /teams/team-geordie/prod/values.yaml: -------------------------------------------------------------------------------- 1 | argoProject: '' 2 | 3 | labels: 4 | env: prod 5 | team: geordie 6 | spec: 7 | destination: 8 | server: https://kubernetes.default.svc 9 | source: 10 | repoURL: https://github.com/aws-samples/eks-blueprints-workloads 11 | targetRevision: main -------------------------------------------------------------------------------- /teams/team-geordie/prod/yelb/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: Yelb! The only hub for healthy food recommendations 4 | name: yelb 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /teams/team-geordie/prod/yelb/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | namespace: geordie 5 | name: redis-server 6 | labels: 7 | app: redis-server 8 | tier: cache 9 | spec: 10 | type: ClusterIP 11 | ports: 12 | - port: 6379 13 | selector: 14 | app: redis-server 15 | tier: cache 16 | --- 17 | apiVersion: v1 18 | kind: Service 19 | metadata: 20 | namespace: geordie 21 | name: yelb-db 22 | labels: 23 | app: yelb-db 24 | tier: backenddb 25 | spec: 26 | type: ClusterIP 27 | ports: 28 | - port: 5432 29 | selector: 30 | app: yelb-db 31 | tier: backenddb 32 | --- 33 | apiVersion: v1 34 | kind: Service 35 | metadata: 36 | namespace: geordie 37 | name: yelb-appserver 38 | labels: 39 | app: yelb-appserver 40 | tier: middletier 41 | spec: 42 | type: ClusterIP 43 | ports: 44 | - port: 4567 45 | selector: 46 | app: yelb-appserver 47 | tier: middletier 48 | --- 49 | apiVersion: v1 50 | kind: Service 51 | metadata: 52 | namespace: geordie 53 | name: yelb-ui 54 | labels: 55 | app: yelb-ui 56 | tier: frontend 57 | spec: 58 | type: LoadBalancer 59 | ports: 60 | - port: 80 61 | protocol: TCP 62 | targetPort: 80 63 | selector: 64 | app: yelb-ui 65 | tier: frontend 66 | --- 67 | apiVersion: apps/v1 68 | kind: Deployment 69 | metadata: 70 | namespace: geordie 71 | name: yelb-ui 72 | spec: 73 | replicas: 1 74 | selector: 75 | matchLabels: 76 | app: yelb-ui 77 | tier: frontend 78 | template: 79 | metadata: 80 | labels: 81 | app: yelb-ui 82 | tier: frontend 83 | spec: 84 | containers: 85 | - name: yelb-ui 86 | image: mreferre/yelb-ui:0.7 87 | ports: 88 | - containerPort: 80 89 | --- 90 | apiVersion: apps/v1 91 | kind: Deployment 92 | metadata: 93 | namespace: geordie 94 | name: redis-server 95 | spec: 96 | selector: 97 | matchLabels: 98 | app: redis-server 99 | tier: cache 100 | replicas: 1 101 | template: 102 | metadata: 103 | labels: 104 | app: redis-server 105 | tier: cache 106 | spec: 107 | containers: 108 | - name: redis-server 109 | image: redis:4.0.2 110 | ports: 111 | - containerPort: 6379 112 | --- 113 | apiVersion: apps/v1 114 | kind: Deployment 115 | metadata: 116 | namespace: geordie 117 | name: yelb-db 118 | spec: 119 | replicas: 1 120 | selector: 121 | matchLabels: 122 | app: yelb-db 123 | tier: backenddb 124 | template: 125 | metadata: 126 | labels: 127 | app: yelb-db 128 | tier: backenddb 129 | spec: 130 | containers: 131 | - name: yelb-db 132 | image: mreferre/yelb-db:0.5 133 | ports: 134 | - containerPort: 5432 135 | --- 136 | apiVersion: apps/v1 137 | kind: Deployment 138 | metadata: 139 | namespace: geordie 140 | name: yelb-appserver 141 | spec: 142 | replicas: 1 143 | selector: 144 | matchLabels: 145 | app: yelb-appserver 146 | tier: middletier 147 | template: 148 | metadata: 149 | labels: 150 | app: yelb-appserver 151 | tier: middletier 152 | spec: 153 | containers: 154 | - name: yelb-appserver 155 | image: mreferre/yelb-appserver:0.5 156 | ports: 157 | - containerPort: 4567 158 | --- 159 | -------------------------------------------------------------------------------- /teams/team-geordie/prod/yelb/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | namespace: geordie 5 | name: yelb-ingress 6 | annotations: 7 | {{ if eq .Values.spec.ingress.type "alb" }} 8 | #rewrite does not exist yet in ALB 9 | #https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues/1571 10 | #so commenting grouping feature 11 | #alb.ingress.kubernetes.io/group.name: geordie 12 | alb.ingress.kubernetes.io/scheme: internet-facing 13 | alb.ingress.kubernetes.io/target-type: ip 14 | {{ if .Values.spec.ingress.host }} 15 | alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80,"HTTPS": 443}]' 16 | alb.ingress.kubernetes.io/ssl-redirect: '443' 17 | {{ else }} 18 | alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]' 19 | {{ end }} 20 | alb.ingress.kubernetes.io/tags: Environment={{ .Values.labels.env }},Team=Geordie 21 | {{ else }} 22 | kubernetes.io/ingress.class: "nginx" 23 | {{ end }} 24 | {{ if .Values.spec.ingress.host }} 25 | external-dns.alpha.kubernetes.io/set-identifier: {{ .Values.spec.clusterName }} 26 | external-dns.alpha.kubernetes.io/aws-weight: '{{ .Values.spec.ingress.route53_weight }}' 27 | external-dns.alpha.kubernetes.io/ttl: "10" 28 | {{ end }} 29 | labels: 30 | app: yelb-ui 31 | spec: 32 | {{ if eq .Values.spec.ingress.type "nginx" }} 33 | ingressClassName: nginx 34 | {{ else }} 35 | ingressClassName: alb 36 | {{ end }} 37 | rules: 38 | {{ if .Values.spec.ingress.host }} 39 | - host: yelb.{{ .Values.spec.ingress.host }} 40 | {{ else }} 41 | - host: 42 | {{ end }} 43 | http: 44 | paths: 45 | - path: / 46 | pathType: Prefix 47 | backend: 48 | service: 49 | name: yelb-ui 50 | port: 51 | number: 80 -------------------------------------------------------------------------------- /teams/team-geordie/prod/yelb/values.yaml: -------------------------------------------------------------------------------- 1 | labels: 2 | env: prod 3 | team: geordie 4 | spec: 5 | destination: 6 | server: https://kubernetes.default.svc 7 | source: 8 | repoURL: https://github.com/aws-samples/eks-blueprints-workloads 9 | targetRevision: main -------------------------------------------------------------------------------- /teams/team-geordie/test/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | name: monapps 4 | description: Charts of Monitoring Apps for the test EKS environment. 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /teams/team-geordie/test/ho11y/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | name: ho11y 4 | description: Charts of Monitoring Apps for the test EKS environment. 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /teams/team-geordie/test/ho11y/templates/ho11y.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: ho11y 5 | --- 6 | apiVersion: apps/v1 7 | kind: Deployment 8 | metadata: 9 | name: frontend 10 | namespace: geordie 11 | spec: 12 | selector: 13 | matchLabels: 14 | app: frontend 15 | replicas: 1 16 | template: 17 | metadata: 18 | labels: 19 | app: frontend 20 | spec: 21 | containers: 22 | - name: ho11y 23 | image: public.ecr.aws/z0a4o2j5/ho11y:latest 24 | ports: 25 | - containerPort: 8765 26 | env: 27 | - name: DISABLE_OM 28 | value: "on" 29 | - name: HO11Y_LOG_DEST 30 | value: "stdout" 31 | - name: OTEL_RESOURCE_ATTRIB 32 | value: "frontend" 33 | - name: OTEL_EXPORTER_OTLP_ENDPOINT 34 | value: "otel-collector-xray-collector.default.svc.cluster.local:4317" 35 | - name: HO11Y_INJECT_FAILURE 36 | value: "enabled" 37 | - name: DOWNSTREAM0 38 | value: "http://downstream0" 39 | - name: DOWNSTREAM1 40 | value: "http://downstream1" 41 | imagePullPolicy: Always 42 | --- 43 | apiVersion: apps/v1 44 | kind: Deployment 45 | metadata: 46 | name: downstream0 47 | namespace: geordie 48 | spec: 49 | selector: 50 | matchLabels: 51 | app: downstream0 52 | replicas: 1 53 | template: 54 | metadata: 55 | labels: 56 | app: downstream0 57 | spec: 58 | containers: 59 | - name: ho11y 60 | image: public.ecr.aws/mhausenblas/ho11y:stable 61 | ports: 62 | - containerPort: 8765 63 | env: 64 | - name: DISABLE_OM 65 | value: "on" 66 | - name: HO11Y_LOG_DEST 67 | value: "stdout" 68 | - name: OTEL_RESOURCE_ATTRIB 69 | value: "downstream0" 70 | - name: OTEL_EXPORTER_OTLP_ENDPOINT 71 | value: "otel-collector-xray-collector.default.svc.cluster.local:4317" 72 | - name: DOWNSTREAM0 73 | value: "https://mhausenblas.info/" 74 | imagePullPolicy: Always 75 | --- 76 | apiVersion: apps/v1 77 | kind: Deployment 78 | metadata: 79 | name: downstream1 80 | namespace: geordie 81 | spec: 82 | selector: 83 | matchLabels: 84 | app: downstream1 85 | replicas: 1 86 | template: 87 | metadata: 88 | labels: 89 | app: downstream1 90 | spec: 91 | containers: 92 | - name: ho11y 93 | image: public.ecr.aws/mhausenblas/ho11y:stable 94 | ports: 95 | - containerPort: 8765 96 | env: 97 | - name: DISABLE_OM 98 | value: "on" 99 | - name: HO11Y_LOG_DEST 100 | value: "stdout" 101 | - name: OTEL_RESOURCE_ATTRIB 102 | value: "downstream1" 103 | - name: OTEL_EXPORTER_OTLP_ENDPOINT 104 | value: "otel-collector-xray-collector.default.svc.cluster.local:4317" 105 | - name: DOWNSTREAM0 106 | value: "https://o11y.news/2021-03-01/" 107 | - name: DOWNSTREAM1 108 | value: "DUMMY:187kB:42ms" 109 | - name: DOWNSTREAM2 110 | value: "DUMMY:13kB:2ms" 111 | imagePullPolicy: Always 112 | --- 113 | apiVersion: v1 114 | kind: Service 115 | metadata: 116 | name: frontend 117 | namespace: geordie 118 | annotations: 119 | scrape: "true" 120 | spec: 121 | type: LoadBalancer 122 | ports: 123 | - port: 80 124 | targetPort: 8765 125 | selector: 126 | app: frontend 127 | --- 128 | apiVersion: v1 129 | kind: Service 130 | metadata: 131 | name: downstream0 132 | namespace: geordie 133 | annotations: 134 | scrape: "true" 135 | spec: 136 | ports: 137 | - port: 80 138 | targetPort: 8765 139 | selector: 140 | app: downstream0 141 | --- 142 | apiVersion: v1 143 | kind: Service 144 | metadata: 145 | name: downstream1 146 | namespace: geordie 147 | annotations: 148 | scrape: "true" 149 | spec: 150 | ports: 151 | - port: 80 152 | targetPort: 8765 153 | selector: 154 | app: downstream1 155 | --- 156 | -------------------------------------------------------------------------------- /teams/team-geordie/test/ho11y/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | namespace: geordie 5 | name: ho11y-ingress 6 | annotations: 7 | {{ if eq .Values.spec.ingress.type "alb" }} 8 | #rewrite does not exist yet in ALB 9 | #https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues/1571 10 | #so commenting grouping feature 11 | #alb.ingress.kubernetes.io/group.name: geordie 12 | alb.ingress.kubernetes.io/scheme: internet-facing 13 | alb.ingress.kubernetes.io/target-type: ip 14 | {{ if .Values.spec.ingress.host }} 15 | alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80,"HTTPS": 443}]' 16 | alb.ingress.kubernetes.io/ssl-redirect: '443' 17 | {{ else }} 18 | alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]' 19 | {{ end }} 20 | alb.ingress.kubernetes.io/tags: Environment={{ .Values.labels.env }},Team=Geordie 21 | {{ else }} 22 | kubernetes.io/ingress.class: "nginx" 23 | {{ end }} 24 | {{ if .Values.spec.ingress.host }} 25 | external-dns.alpha.kubernetes.io/set-identifier: {{ .Values.spec.clusterName }} 26 | external-dns.alpha.kubernetes.io/aws-weight: '{{ .Values.spec.ingress.route53_weight }}' 27 | external-dns.alpha.kubernetes.io/ttl: "10" 28 | {{ end }} 29 | spec: 30 | {{ if eq .Values.spec.ingress.type "nginx" }} 31 | ingressClassName: nginx 32 | {{ else }} 33 | ingressClassName: alb 34 | {{ end }} 35 | rules: 36 | {{ if .Values.spec.ingress.host }} 37 | - host: ho11y.{{ .Values.spec.ingress.host }} 38 | {{ else }} 39 | - host: 40 | {{ end }} 41 | http: 42 | paths: 43 | - path: / 44 | pathType: Prefix 45 | backend: 46 | service: 47 | name: frontend 48 | port: 49 | number: 80 -------------------------------------------------------------------------------- /teams/team-geordie/test/ho11y/values.yaml: -------------------------------------------------------------------------------- 1 | labels: 2 | env: test 3 | team: geordie 4 | spec: 5 | destination: 6 | server: https://kubernetes.default.svc 7 | source: 8 | repoURL: https://github.com/aws-samples/eks-blueprints-workloads 9 | targetRevision: main -------------------------------------------------------------------------------- /teams/team-geordie/test/templates/ho11y-app.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: ho11y 5 | # namespace is specified as namespace destination in env/{dev,test,prod}/team-geordie.yaml 6 | finalizers: 7 | - resources-finalizer.argocd.argoproj.io 8 | spec: 9 | project: {{ .Values.argoProject | default "default" }} 10 | destination: 11 | namespace: geordie 12 | server: {{ .Values.spec.destination.server }} 13 | source: 14 | repoURL: {{ .Values.spec.source.repoURL }} 15 | targetRevision: {{ .Values.spec.source.targetRevision }} 16 | path: teams/team-geordie/test/ho11y 17 | helm: 18 | values: | 19 | {{- toYaml .Values | nindent 8 }} 20 | syncPolicy: 21 | automated: 22 | prune: true 23 | syncOptions: 24 | - CreateNamespace=true -------------------------------------------------------------------------------- /teams/team-geordie/test/templates/yelb-app.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: yelb 5 | # namespace is specified as namespace destination in env/{dev,test,prod}/team-geordie.yaml 6 | finalizers: 7 | - resources-finalizer.argocd.argoproj.io 8 | spec: 9 | project: {{ .Values.argoProject | default "default" }} 10 | destination: 11 | namespace: geordie 12 | server: {{ .Values.spec.destination.server }} 13 | source: 14 | repoURL: {{ .Values.spec.source.repoURL }} 15 | targetRevision: {{ .Values.spec.source.targetRevision }} 16 | path: teams/team-geordie/test/yelb 17 | helm: 18 | values: | 19 | {{- toYaml .Values | nindent 8 }} 20 | syncPolicy: 21 | automated: 22 | prune: true 23 | syncOptions: 24 | - CreateNamespace=true -------------------------------------------------------------------------------- /teams/team-geordie/test/values.yaml: -------------------------------------------------------------------------------- 1 | argoProject: '' 2 | 3 | labels: 4 | env: test 5 | team: geordie 6 | spec: 7 | destination: 8 | server: https://kubernetes.default.svc 9 | source: 10 | repoURL: https://github.com/aws-samples/eks-blueprints-workloads 11 | targetRevision: main -------------------------------------------------------------------------------- /teams/team-geordie/test/yelb/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: Yelb! The only hub for healthy food recommendations 4 | name: yelb 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /teams/team-geordie/test/yelb/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | namespace: geordie 5 | name: redis-server 6 | labels: 7 | app: redis-server 8 | tier: cache 9 | spec: 10 | type: ClusterIP 11 | ports: 12 | - port: 6379 13 | selector: 14 | app: redis-server 15 | tier: cache 16 | --- 17 | apiVersion: v1 18 | kind: Service 19 | metadata: 20 | namespace: geordie 21 | name: yelb-db 22 | labels: 23 | app: yelb-db 24 | tier: backenddb 25 | spec: 26 | type: ClusterIP 27 | ports: 28 | - port: 5432 29 | selector: 30 | app: yelb-db 31 | tier: backenddb 32 | --- 33 | apiVersion: v1 34 | kind: Service 35 | metadata: 36 | namespace: geordie 37 | name: yelb-appserver 38 | labels: 39 | app: yelb-appserver 40 | tier: middletier 41 | spec: 42 | type: ClusterIP 43 | ports: 44 | - port: 4567 45 | selector: 46 | app: yelb-appserver 47 | tier: middletier 48 | --- 49 | apiVersion: v1 50 | kind: Service 51 | metadata: 52 | namespace: geordie 53 | name: yelb-ui 54 | labels: 55 | app: yelb-ui 56 | tier: frontend 57 | spec: 58 | type: LoadBalancer 59 | ports: 60 | - port: 80 61 | protocol: TCP 62 | targetPort: 80 63 | selector: 64 | app: yelb-ui 65 | tier: frontend 66 | --- 67 | apiVersion: apps/v1 68 | kind: Deployment 69 | metadata: 70 | namespace: geordie 71 | name: yelb-ui 72 | spec: 73 | replicas: 1 74 | selector: 75 | matchLabels: 76 | app: yelb-ui 77 | tier: frontend 78 | template: 79 | metadata: 80 | labels: 81 | app: yelb-ui 82 | tier: frontend 83 | spec: 84 | containers: 85 | - name: yelb-ui 86 | image: mreferre/yelb-ui:0.7 87 | ports: 88 | - containerPort: 80 89 | --- 90 | apiVersion: apps/v1 91 | kind: Deployment 92 | metadata: 93 | namespace: geordie 94 | name: redis-server 95 | spec: 96 | selector: 97 | matchLabels: 98 | app: redis-server 99 | tier: cache 100 | replicas: 1 101 | template: 102 | metadata: 103 | labels: 104 | app: redis-server 105 | tier: cache 106 | spec: 107 | containers: 108 | - name: redis-server 109 | image: redis:4.0.2 110 | ports: 111 | - containerPort: 6379 112 | --- 113 | apiVersion: apps/v1 114 | kind: Deployment 115 | metadata: 116 | namespace: geordie 117 | name: yelb-db 118 | spec: 119 | replicas: 1 120 | selector: 121 | matchLabels: 122 | app: yelb-db 123 | tier: backenddb 124 | template: 125 | metadata: 126 | labels: 127 | app: yelb-db 128 | tier: backenddb 129 | spec: 130 | containers: 131 | - name: yelb-db 132 | image: mreferre/yelb-db:0.5 133 | ports: 134 | - containerPort: 5432 135 | --- 136 | apiVersion: apps/v1 137 | kind: Deployment 138 | metadata: 139 | namespace: geordie 140 | name: yelb-appserver 141 | spec: 142 | replicas: 1 143 | selector: 144 | matchLabels: 145 | app: yelb-appserver 146 | tier: middletier 147 | template: 148 | metadata: 149 | labels: 150 | app: yelb-appserver 151 | tier: middletier 152 | spec: 153 | containers: 154 | - name: yelb-appserver 155 | image: mreferre/yelb-appserver:0.5 156 | ports: 157 | - containerPort: 4567 158 | --- 159 | -------------------------------------------------------------------------------- /teams/team-geordie/test/yelb/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | namespace: geordie 5 | name: yelb-ingress 6 | annotations: 7 | {{ if eq .Values.spec.ingress.type "alb" }} 8 | #rewrite does not exist yet in ALB 9 | #https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues/1571 10 | #so commenting grouping feature 11 | #alb.ingress.kubernetes.io/group.name: geordie 12 | alb.ingress.kubernetes.io/scheme: internet-facing 13 | alb.ingress.kubernetes.io/target-type: ip 14 | {{ if .Values.spec.ingress.host }} 15 | alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80,"HTTPS": 443}]' 16 | alb.ingress.kubernetes.io/ssl-redirect: '443' 17 | {{ else }} 18 | alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]' 19 | {{ end }} 20 | alb.ingress.kubernetes.io/tags: Environment={{ .Values.labels.env }},Team=Geordie 21 | {{ else }} 22 | kubernetes.io/ingress.class: "nginx" 23 | {{ end }} 24 | {{ if .Values.spec.ingress.host }} 25 | external-dns.alpha.kubernetes.io/set-identifier: {{ .Values.spec.clusterName }} 26 | external-dns.alpha.kubernetes.io/aws-weight: '{{ .Values.spec.ingress.route53_weight }}' 27 | external-dns.alpha.kubernetes.io/ttl: "10" 28 | {{ end }} 29 | labels: 30 | app: yelb-ui 31 | spec: 32 | {{ if eq .Values.spec.ingress.type "nginx" }} 33 | ingressClassName: nginx 34 | {{ else }} 35 | ingressClassName: alb 36 | {{ end }} 37 | rules: 38 | {{ if .Values.spec.ingress.host }} 39 | - host: yelb.{{ .Values.spec.ingress.host }} 40 | {{ else }} 41 | - host: 42 | {{ end }} 43 | http: 44 | paths: 45 | - path: / 46 | pathType: Prefix 47 | backend: 48 | service: 49 | name: yelb-ui 50 | port: 51 | number: 80 -------------------------------------------------------------------------------- /teams/team-geordie/test/yelb/values.yaml: -------------------------------------------------------------------------------- 1 | labels: 2 | env: test 3 | team: geordie 4 | spec: 5 | destination: 6 | server: https://kubernetes.default.svc 7 | source: 8 | repoURL: https://github.com/aws-samples/eks-blueprints-workloads 9 | targetRevision: main -------------------------------------------------------------------------------- /teams/team-kirk/dev/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | name: team-kirk-dev 4 | description: Team Kirk applications for the Dev environment. 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /teams/team-kirk/dev/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: kirk-ingress 5 | namespace: kubecost 6 | labels: 7 | app: kubecost 8 | {{- toYaml .Values.labels | nindent 4 }} 9 | annotations: 10 | kubernetes.io/ingress.class: alb 11 | alb.ingress.kubernetes.io/scheme: internet-facing 12 | alb.ingress.kubernetes.io/tags: Environment=dev,Project=cognito 13 | external-dns.alpha.kubernetes.io/hostname: {{ .Values.spec.ingress.host }} 14 | alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' 15 | alb.ingress.kubernetes.io/ssl-redirect: '443' 16 | alb.ingress.kubernetes.io/auth-type: cognito 17 | alb.ingress.kubernetes.io/auth-scope: openid 18 | alb.ingress.kubernetes.io/auth-session-timeout: '3600' 19 | alb.ingress.kubernetes.io/auth-session-cookie: AWSELBAuthSessionCookie 20 | alb.ingress.kubernetes.io/auth-on-unauthenticated-request: authenticate 21 | alb.ingress.kubernetes.io/auth-idp-cognito: '{"UserPoolArn": {{ .Values.spec.ingress.cognitoUserPoolArn | quote }},"UserPoolClientId":{{ .Values.spec.ingress.cognitoUserPoolAppId | quote }},"UserPoolDomain":"{{ .Values.spec.ingress.cognitoDomainName }}.auth.{{ .Values.spec.ingress.region }}.amazoncognito.com"}' 22 | alb.ingress.kubernetes.io/certificate-arn: {{ .Values.spec.ingress.certificateArn }} 23 | alb.ingress.kubernetes.io/target-type: 'ip' 24 | spec: 25 | rules: 26 | {{ if .Values.spec.ingress.host }} 27 | - host: {{ .Values.spec.ingress.host }} 28 | {{ else }} 29 | - host: 30 | {{ end }} 31 | http: 32 | paths: 33 | - path: / 34 | pathType: Prefix 35 | backend: 36 | service: 37 | name: kubecost-cost-analyzer-cost-analyzer 38 | port: 39 | number: 9090 -------------------------------------------------------------------------------- /teams/team-kirk/dev/values.yaml: -------------------------------------------------------------------------------- 1 | labels: 2 | env: dev 3 | team: kirk 4 | spec: 5 | env: 6 | ingress: 7 | host: 8 | cognitoUserPoolArn: 9 | cognitoUserPoolAppId: 10 | cognitoDomainName: 11 | certificateArn: 12 | region: 13 | type: alb 14 | -------------------------------------------------------------------------------- /teams/team-kirk/prod/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | name: team-kirk-prod 4 | description: Team Kirk applications for the Prod environment. 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /teams/team-kirk/prod/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: kirk-ingress 5 | namespace: kubecost 6 | labels: 7 | app: kubecost 8 | {{- toYaml .Values.labels | nindent 4 }} 9 | annotations: 10 | kubernetes.io/ingress.class: alb 11 | alb.ingress.kubernetes.io/scheme: internet-facing 12 | alb.ingress.kubernetes.io/tags: Environment=Prod,Project=cognito 13 | external-dns.alpha.kubernetes.io/hostname: {{ .Values.spec.ingress.host }} 14 | alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' 15 | alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' 16 | alb.ingress.kubernetes.io/auth-type: cognito 17 | alb.ingress.kubernetes.io/auth-scope: openid 18 | alb.ingress.kubernetes.io/auth-session-timeout: '3600' 19 | alb.ingress.kubernetes.io/auth-session-cookie: AWSELBAuthSessionCookie 20 | alb.ingress.kubernetes.io/auth-on-unauthenticated-request: authenticate 21 | alb.ingress.kubernetes.io/auth-idp-cognito: '{"UserPoolArn": {{ .Values.spec.ingress.cognitoUserPoolArn | quote }},"UserPoolClientId":{{ .Values.spec.ingress.cognitoUserPoolAppId | quote }},"UserPoolDomain":"{{ .Values.spec.ingress.cognitoDomainName }}.auth.{{ .Values.spec.ingress.region }}.amazoncognito.com"}' 22 | alb.ingress.kubernetes.io/target-type: 'ip' 23 | spec: 24 | rules: 25 | {{ if .Values.spec.ingress.host }} 26 | - host: {{ .Values.spec.ingress.host }} 27 | {{ else }} 28 | - host: 29 | {{ end }} 30 | http: 31 | paths: 32 | - path: / 33 | pathType: Prefix 34 | backend: 35 | service: 36 | name: kubecost-cost-analyzer-cost-analyzer 37 | port: 38 | number: 9090 -------------------------------------------------------------------------------- /teams/team-kirk/prod/values.yaml: -------------------------------------------------------------------------------- 1 | labels: 2 | env: prod 3 | team: kirk 4 | spec: 5 | env: 6 | ingress: 7 | host: 8 | cognitoUserPoolArn: 9 | cognitoUserPoolAppId: 10 | cognitoDomainName: 11 | region: 12 | type: alb 13 | -------------------------------------------------------------------------------- /teams/team-kirk/test/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | name: team-kirk-test 4 | description: Team Kirk applications for the Test environment. 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /teams/team-kirk/test/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: kirk-ingress 5 | namespace: kubecost 6 | labels: 7 | app: kubecost 8 | {{- toYaml .Values.labels | nindent 4 }} 9 | annotations: 10 | kubernetes.io/ingress.class: alb 11 | alb.ingress.kubernetes.io/scheme: internet-facing 12 | alb.ingress.kubernetes.io/tags: Environment=test,Project=cognito 13 | external-dns.alpha.kubernetes.io/hostname: {{ .Values.spec.ingress.host }} 14 | alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' 15 | alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' 16 | alb.ingress.kubernetes.io/auth-type: cognito 17 | alb.ingress.kubernetes.io/auth-scope: openid 18 | alb.ingress.kubernetes.io/auth-session-timeout: '3600' 19 | alb.ingress.kubernetes.io/auth-session-cookie: AWSELBAuthSessionCookie 20 | alb.ingress.kubernetes.io/auth-on-unauthenticated-request: authenticate 21 | alb.ingress.kubernetes.io/auth-idp-cognito: '{"UserPoolArn": {{ .Values.spec.ingress.cognitoUserPoolArn | quote }},"UserPoolClientId":{{ .Values.spec.ingress.cognitoUserPoolAppId | quote }},"UserPoolDomain":"{{ .Values.spec.ingress.cognitoDomainName }}.auth.{{ .Values.spec.ingress.region }}.amazoncognito.com"}' 22 | alb.ingress.kubernetes.io/target-type: 'ip' 23 | spec: 24 | rules: 25 | {{ if .Values.spec.ingress.host }} 26 | - host: {{ .Values.spec.ingress.host }} 27 | {{ else }} 28 | - host: 29 | {{ end }} 30 | http: 31 | paths: 32 | - path: / 33 | pathType: Prefix 34 | backend: 35 | service: 36 | name: kubecost-cost-analyzer-cost-analyzer 37 | port: 38 | number: 9090 -------------------------------------------------------------------------------- /teams/team-kirk/test/values.yaml: -------------------------------------------------------------------------------- 1 | labels: 2 | env: test 3 | team: kirk 4 | spec: 5 | env: 6 | ingress: 7 | host: 8 | cognitoUserPoolArn: 9 | cognitoUserPoolAppId: 10 | cognitoDomainName: 11 | region: 12 | type: alb 13 | -------------------------------------------------------------------------------- /teams/team-platform/dev/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | name: team-platform-dev 4 | description: Team Platform used to synchronized core manifests 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /teams/team-platform/dev/templates/ebs-gp2-encrypted-storage-class.yaml: -------------------------------------------------------------------------------- 1 | kind: StorageClass 2 | apiVersion: storage.k8s.io/v1 3 | metadata: 4 | name: gp2-encrypted 5 | annotations: 6 | storageclass.kubernetes.io/is-default-class: "true" 7 | provisioner: kubernetes.io/aws-ebs 8 | parameters: 9 | type: gp2 10 | fsType: ext4 11 | encrypted: "true" 12 | {{ if .Values.spec.ebsKmsKey }} 13 | kmsKeyId: {{ .Values.spec.ebsKmsKey }} # The KMS key ID to use for encryption, otherwise the default key (AWS-managed) is used 14 | {{ end }} 15 | -------------------------------------------------------------------------------- /teams/team-platform/dev/templates/efs-encrypted-storage-class.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: storage.k8s.io/v1 2 | kind: StorageClass 3 | metadata: 4 | name: efs-encrypted 5 | annotations: 6 | storageclass.kubernetes.io/is-default-class: "true" 7 | provisioner: efs.csi.aws.com 8 | mountOptions: 9 | - tls 10 | parameters: 11 | fileSystemId: {{ .Values.spec.efsFileSystemId }} 12 | provisioningMode: efs-ap 13 | directoryPerms: "700" 14 | gidRangeStart: "1000" # optional 15 | gidRangeEnd: "2000" # optional 16 | {{ if .Values.spec.efsKmsKey }} 17 | kmsKeyId: {{ .Values.spec.efsKmsKey }} 18 | {{ end }} 19 | -------------------------------------------------------------------------------- /teams/team-platform/dev/templates/karpenter-awsnodetemplate.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.spec.karpenterInstanceProfile }} 2 | apiVersion: karpenter.k8s.aws/v1alpha1 3 | kind: AWSNodeTemplate 4 | metadata: 5 | name: karpenter-bottlerocket 6 | labels: 7 | {{- toYaml .Values.labels | nindent 4 }} 8 | spec: 9 | amiFamily: Bottlerocket 10 | instanceProfile: '{{ .Values.spec.karpenterInstanceProfile }}' 11 | subnetSelector: 12 | kubernetes.io/cluster/{{ .Values.spec.clusterName }}: '*' 13 | #aws:cloudformation:stack-name: '{{ .Values.spec.clusterName }}' # If created with CDK 14 | kubernetes.io/role/internal-elb: '1' # to select only private subnets 15 | securityGroupSelector: 16 | karpenter.sh/discovery: '{{ .Values.spec.clusterName }}' 17 | #aws:eks:cluster-name: '{{ .Values.spec.clusterName }}' # Choose only security groups of nodes 18 | userData: | 19 | [settings.kubernetes] 20 | kube-api-qps = 30 21 | [settings.kubernetes.eviction-hard] 22 | "memory.available" = "20%" 23 | # amiSelector: 24 | # karpenter.sh/discovery: my-cluster 25 | tags: 26 | karpenter.sh/cluster_name: {{.Values.spec.clusterName}} 27 | karpenter.sh/provisioner: burnham 28 | metadataOptions: 29 | httpEndpoint: enabled 30 | httpProtocolIPv6: disabled 31 | httpPutResponseHopLimit: 2 # 1 For harden securituy on ImDSv2; if 1 it breaks cloudWatch Metrics who cannot get instance ID 32 | httpTokens: required 33 | --- 34 | apiVersion: karpenter.k8s.aws/v1alpha1 35 | kind: AWSNodeTemplate 36 | metadata: 37 | name: karpenter-default 38 | labels: 39 | {{- toYaml .Values.labels | nindent 4 }} 40 | spec: 41 | instanceProfile: '{{ .Values.spec.karpenterInstanceProfile }}' 42 | subnetSelector: 43 | kubernetes.io/cluster/{{ .Values.spec.clusterName }}: '*' 44 | kubernetes.io/role/internal-elb: '1' # to select only private subnets 45 | securityGroupSelector: 46 | karpenter.sh/discovery: '{{ .Values.spec.clusterName }}' 47 | #aws:eks:cluster-name: '{{ .Values.spec.clusterName }}' # Choose only security groups of nodes 48 | tags: 49 | karpenter.sh/cluster_name: {{.Values.spec.clusterName}} 50 | karpenter.sh/provisioner: default 51 | metadataOptions: 52 | httpEndpoint: enabled 53 | httpProtocolIPv6: disabled 54 | httpPutResponseHopLimit: 2 # https://aws.github.io/aws-eks-best-practices/security/docs/iam/#when-your-application-needs-access-to-imds-use-imdsv2-and-increase-the-hop-limit-on-ec2-instances-to-2 55 | httpTokens: required 56 | {{ end }} 57 | -------------------------------------------------------------------------------- /teams/team-platform/dev/templates/karpenter-provisioner-default.yaml: -------------------------------------------------------------------------------- 1 | 2 | {{ if .Values.spec.karpenterInstanceProfile }} 3 | apiVersion: karpenter.sh/v1alpha5 4 | kind: Provisioner 5 | metadata: 6 | name: default 7 | labels: 8 | {{- toYaml .Values.labels | nindent 4 }} 9 | spec: 10 | consolidation: 11 | enabled: false 12 | ttlSecondsAfterEmpty: 10 # mutual exclusive with consolitation 13 | requirements: 14 | # - key: karpenter.k8s.aws/instance-family 15 | # operator: NotIn 16 | # values: 17 | # - a1 18 | # - c1 19 | # - c3 20 | # - inf1 21 | # - t3 22 | # - t2 23 | # - key: karpenter.k8s.aws/instance-cpu 24 | # operator: Lt 25 | # values: 26 | # - '33' 27 | 28 | # Default values 29 | - key: kubernetes.io/os 30 | operator: In 31 | values: 32 | - linux 33 | - key: karpenter.k8s.aws/instance-category 34 | operator: In 35 | values: 36 | - c 37 | - m 38 | - r 39 | - key: karpenter.k8s.aws/instance-generation 40 | operator: Gt 41 | values: 42 | - '2' 43 | 44 | - key: 'kubernetes.io/arch' 45 | operator: In 46 | values: ['amd64'] 47 | - key: karpenter.sh/capacity-type 48 | operator: In 49 | values: ['on-demand'] 50 | providerRef: 51 | name: karpenter-default 52 | 53 | ttlSecondsUntilExpired: 2592000 # 30 Days = 60 * 60 * 24 * 30 Seconds; 54 | # Priority given to the provisioner when the scheduler considers which provisioner 55 | # to select. Higher weights indicate higher priority when comparing provisioners. 56 | # Specifying no weight is equivalent to specifying a weight of 0. 57 | weight: 1 58 | limits: 59 | resources: 60 | cpu: '20k' 61 | labels: 62 | billing-team: default 63 | team: default 64 | type: karpenter 65 | # taints: 66 | # - key: karpenter 67 | # value: 'true' 68 | # effect: NoSchedule 69 | 70 | # Karpenter provides the ability to specify a few additional Kubelet args. 71 | # These are all optional and provide support for additional customization and use cases. 72 | kubeletConfiguration: 73 | #clusterDNS: ["10.0.1.100"] 74 | containerRuntime: containerd 75 | systemReserved: 76 | cpu: '1' 77 | memory: 5Gi 78 | ephemeral-storage: 2Gi 79 | maxPods: 110 80 | {{ end }} -------------------------------------------------------------------------------- /teams/team-platform/dev/templates/karpenter-provisioner-taint.yaml: -------------------------------------------------------------------------------- 1 | 2 | {{ if .Values.spec.karpenterInstanceProfile }} 3 | apiVersion: karpenter.sh/v1alpha5 4 | kind: Provisioner 5 | metadata: 6 | name: taint 7 | labels: 8 | {{- toYaml .Values.labels | nindent 4 }} 9 | spec: 10 | consolidation: 11 | enabled: true 12 | #ttlSecondsAfterEmpty: 10 # mutual exclusive with consolitation 13 | requirements: 14 | - key: karpenter.k8s.aws/instance-family 15 | operator: NotIn 16 | values: 17 | - a1 18 | - c1 19 | - c3 20 | - inf1 21 | - t3 22 | - t2 23 | # - key: karpenter.k8s.aws/instance-cpu 24 | # operator: Lt 25 | # values: 26 | # - '33' 27 | 28 | # Default values 29 | - key: kubernetes.io/os 30 | operator: In 31 | values: 32 | - linux 33 | # - key: karpenter.k8s.aws/instance-category 34 | # operator: In 35 | # values: 36 | # - c 37 | # - m 38 | # - r 39 | - key: karpenter.k8s.aws/instance-generation 40 | operator: Gt 41 | values: 42 | - '2' 43 | 44 | - key: 'kubernetes.io/arch' 45 | operator: In 46 | values: ['amd64'] 47 | - key: karpenter.sh/capacity-type 48 | operator: In 49 | values: ['on-demand', 'spot'] 50 | #values: ['on-demand'] 51 | providerRef: 52 | name: karpenter-default 53 | 54 | ttlSecondsUntilExpired: 2592000 # 30 Days = 60 * 60 * 24 * 30 Seconds; 55 | # Priority given to the provisioner when the scheduler considers which provisioner 56 | # to select. Higher weights indicate higher priority when comparing provisioners. 57 | # Specifying no weight is equivalent to specifying a weight of 0. 58 | weight: 1 59 | limits: 60 | resources: 61 | cpu: '40k' 62 | #cpu: '0' 63 | labels: 64 | billing-team: default 65 | team: platform 66 | type: karpenter 67 | taints: 68 | - key: karpenter 69 | value: 'true' 70 | effect: NoSchedule 71 | 72 | # Karpenter provides the ability to specify a few additional Kubelet args. 73 | # These are all optional and provide support for additional customization and use cases. 74 | kubeletConfiguration: 75 | #clusterDNS: ["10.0.1.100"] 76 | containerRuntime: containerd 77 | systemReserved: 78 | cpu: '1' 79 | memory: 5Gi 80 | ephemeral-storage: 2Gi 81 | #maxPods: 110 82 | {{ end }} 83 | -------------------------------------------------------------------------------- /teams/team-platform/dev/templates/karpenter-provisioner.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.spec.karpenterInstanceProfile }} 2 | apiVersion: karpenter.k8s.aws/v1alpha1 3 | kind: AWSNodeTemplate 4 | metadata: 5 | name: karpenter-bottlerocket 6 | labels: 7 | {{- toYaml .Values.labels | nindent 4 }} 8 | spec: 9 | amiFamily: Bottlerocket 10 | instanceProfile: '{{ .Values.spec.karpenterInstanceProfile }}' 11 | subnetSelector: 12 | kubernetes.io/cluster/{{ .Values.spec.clusterName }}: '*' 13 | #aws:cloudformation:stack-name: '{{ .Values.spec.clusterName }}' # If created with CDK 14 | kubernetes.io/role/internal-elb: '1' # to select only private subnets 15 | securityGroupSelector: 16 | aws:eks:cluster-name: '{{ .Values.spec.clusterName }}' # Choose only security groups of nodes 17 | userData: | 18 | [settings.kubernetes] 19 | kube-api-qps = 30 20 | [settings.kubernetes.eviction-hard] 21 | "memory.available" = "20%" 22 | # amiSelector: 23 | # karpenter.sh/discovery: my-cluster 24 | tags: 25 | karpenter.sh/cluster_name: {{.Values.spec.clusterName}} 26 | karpenter.sh/provisioner: burnham 27 | metadataOptions: 28 | httpEndpoint: enabled 29 | httpProtocolIPv6: disabled 30 | httpPutResponseHopLimit: 2 # 1 For harden securituy on ImDSv2; if 1 it breaks cloudWatch Metrics who cannot get instance ID 31 | httpTokens: required 32 | --- 33 | apiVersion: karpenter.k8s.aws/v1alpha1 34 | kind: AWSNodeTemplate 35 | metadata: 36 | name: karpenter-default 37 | labels: 38 | {{- toYaml .Values.labels | nindent 4 }} 39 | spec: 40 | instanceProfile: '{{ .Values.spec.karpenterInstanceProfile }}' 41 | subnetSelector: 42 | kubernetes.io/cluster/{{ .Values.spec.clusterName }}: '*' 43 | kubernetes.io/role/internal-elb: '1' # to select only private subnets 44 | securityGroupSelector: 45 | aws:eks:cluster-name: '{{ .Values.spec.clusterName }}' # Choose only security groups of nodes 46 | tags: 47 | karpenter.sh/cluster_name: {{.Values.spec.clusterName}} 48 | karpenter.sh/provisioner: default 49 | metadataOptions: 50 | httpEndpoint: enabled 51 | httpProtocolIPv6: disabled 52 | httpPutResponseHopLimit: 2 # 1 For harden securituy on ImDSv2; if 1 it breaks cloudWatch Metrics who cannot get instance ID 53 | httpTokens: required 54 | --- 55 | apiVersion: karpenter.sh/v1alpha5 56 | kind: Provisioner 57 | metadata: 58 | name: burnham 59 | labels: 60 | {{- toYaml .Values.labels | nindent 4 }} 61 | spec: 62 | consolidation: 63 | enabled: true 64 | requirements: 65 | # We can select which instance type we want with the In Operator 66 | # - key: 'node.kubernetes.io/instance-type' 67 | # operator: In 68 | # values: ['m5.xlarge', 'm5a.xlarge', 'm5ad.xlarge', 'm5d.xlarge', 't2.xlarge', 't3.xlarge', 't3a.xlarge'] 69 | # 70 | # We can filster instance sizes we don't want with the NotIn operator 71 | - key: karpenter.k8s.aws/instance-size 72 | operator: NotIn 73 | values: [nano, micro, small, 24xlarge, 32xlarge, 48xlarge] 74 | - key: 'kubernetes.io/arch' 75 | operator: In 76 | values: ['amd64'] 77 | - key: karpenter.sh/capacity-type 78 | operator: In 79 | #values: ['on-demand', 'spot'] 80 | values: ['on-demand'] 81 | providerRef: 82 | name: karpenter-default 83 | ttlSecondsUntilExpired: 2592000 # 30 Days = 60 * 60 * 24 * 30 Seconds; 84 | # Priority given to the provisioner when the scheduler considers which provisioner 85 | # to select. Higher weights indicate higher priority when comparing provisioners. 86 | # Specifying no weight is equivalent to specifying a weight of 0. 87 | weight: 10 88 | limits: 89 | resources: 90 | cpu: '200' 91 | labels: 92 | billing-team: burnham 93 | team: burnham 94 | type: karpenter 95 | taints: 96 | - key: burnham 97 | value: 'true' 98 | effect: NoSchedule 99 | --- 100 | apiVersion: karpenter.sh/v1alpha5 101 | kind: Provisioner 102 | metadata: 103 | name: default 104 | labels: 105 | {{- toYaml .Values.labels | nindent 4 }} 106 | spec: 107 | consolidation: 108 | enabled: true 109 | #ttlSecondsAfterEmpty: 60 # mutual exclusive with consolitation 110 | requirements: 111 | - key: karpenter.k8s.aws/instance-family 112 | operator: NotIn 113 | values: 114 | - a1 115 | - c1 116 | - c3 117 | - inf1 118 | - t3 119 | - t2 120 | - key: karpenter.k8s.aws/instance-cpu 121 | operator: Lt 122 | values: 123 | - '33' 124 | - key: 'kubernetes.io/arch' 125 | operator: In 126 | values: ['amd64'] 127 | - key: karpenter.sh/capacity-type 128 | operator: In 129 | values: ['on-demand'] 130 | providerRef: 131 | name: karpenter-default 132 | 133 | ttlSecondsUntilExpired: 2592000 # 30 Days = 60 * 60 * 24 * 30 Seconds; 134 | # Priority given to the provisioner when the scheduler considers which provisioner 135 | # to select. Higher weights indicate higher priority when comparing provisioners. 136 | # Specifying no weight is equivalent to specifying a weight of 0. 137 | weight: 1 138 | limits: 139 | resources: 140 | cpu: '2k' 141 | labels: 142 | billing-team: default 143 | team: default 144 | type: karpenter 145 | # taints: 146 | # - key: karpenter 147 | # value: 'true' 148 | # effect: NoSchedule 149 | 150 | # Karpenter provides the ability to specify a few additional Kubelet args. 151 | # These are all optional and provide support for additional customization and use cases. 152 | kubeletConfiguration: 153 | #clusterDNS: ["10.0.1.100"] 154 | containerRuntime: containerd 155 | systemReserved: 156 | cpu: '1' 157 | memory: 5Gi 158 | ephemeral-storage: 2Gi 159 | #maxPods: 20 160 | {{ end }} -------------------------------------------------------------------------------- /teams/team-platform/dev/values.yaml: -------------------------------------------------------------------------------- 1 | labels: 2 | env: dev 3 | team: platform 4 | spec: 5 | env: 6 | ingress: 7 | host: 8 | region: 9 | type: alb 10 | -------------------------------------------------------------------------------- /teams/team-riker/dev/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | name: team-riker-dev 4 | description: Team Riker applications for the Dev environment. 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /teams/team-riker/dev/templates/2048.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: deployment-2048 5 | labels: 6 | app: "2048" 7 | {{- toYaml .Values.labels | nindent 4 }} 8 | spec: 9 | selector: 10 | matchLabels: 11 | app.kubernetes.io/name: app-2048 12 | replicas: 3 13 | strategy: 14 | rollingUpdate: 15 | maxSurge: 25% 16 | maxUnavailable: 25% 17 | type: RollingUpdate 18 | template: 19 | metadata: 20 | labels: 21 | app.kubernetes.io/name: app-2048 22 | spec: 23 | automountServiceAccountToken: false 24 | containers: 25 | - image: public.ecr.aws/l6m2t8p7/docker-2048:latest 26 | imagePullPolicy: Always 27 | name: app-2048 28 | ports: 29 | - containerPort: 80 30 | protocol: TCP 31 | resources: 32 | limits: 33 | cpu: 500m 34 | memory: 512Mi 35 | requests: 36 | cpu: 250m 37 | memory: 50Mi 38 | dnsPolicy: ClusterFirst 39 | restartPolicy: Always 40 | schedulerName: default-scheduler 41 | securityContext: {} 42 | shareProcessNamespace: false 43 | terminationGracePeriodSeconds: 30 44 | {{ if .Values.spec.karpenterInstanceProfile }} 45 | nodeSelector: 46 | team: default 47 | type: karpenter 48 | tolerations: 49 | - key: 'karpenter' 50 | operator: 'Exists' 51 | effect: 'NoSchedule' 52 | {{ end }} 53 | topologySpreadConstraints: 54 | - maxSkew: 1 55 | topologyKey: topology.kubernetes.io/zone 56 | whenUnsatisfiable: DoNotSchedule 57 | labelSelector: 58 | matchLabels: 59 | app.kubernetes.io/name: app-2048 60 | --- 61 | apiVersion: v1 62 | kind: Service 63 | metadata: 64 | namespace: team-riker 65 | name: service-2048 66 | labels: 67 | app: "2048" 68 | {{- toYaml .Values.labels | nindent 4 }} 69 | spec: 70 | ports: 71 | - port: 80 72 | targetPort: 80 73 | protocol: TCP 74 | type: NodePort 75 | selector: 76 | app.kubernetes.io/name: app-2048 77 | --- 78 | apiVersion: networking.k8s.io/v1 79 | kind: Ingress 80 | metadata: 81 | namespace: team-riker 82 | name: ingress-2048 83 | labels: 84 | app: "2048" 85 | {{- toYaml .Values.labels | nindent 4 }} 86 | annotations: 87 | {{ if eq .Values.spec.ingress.type "nginx" }} 88 | kubernetes.io/ingress.class: "nginx" 89 | {{ else }} 90 | alb.ingress.kubernetes.io/scheme: internet-facing 91 | alb.ingress.kubernetes.io/target-type: ip 92 | {{ if .Values.spec.ingress.host }} 93 | alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80,"HTTPS": 443}]' 94 | alb.ingress.kubernetes.io/ssl-redirect: '443' 95 | {{ else }} 96 | alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]' 97 | {{ end }} 98 | alb.ingress.kubernetes.io/tags: Environment={{ .Values.labels.env }},Team=Riker 99 | {{ end }} 100 | {{ if .Values.spec.ingress.host }} 101 | external-dns.alpha.kubernetes.io/set-identifier: {{ .Values.spec.clusterName }} 102 | external-dns.alpha.kubernetes.io/aws-weight: '{{ .Values.spec.ingress.route53_weight }}' 103 | external-dns.alpha.kubernetes.io/ttl: "10" 104 | {{ end }} 105 | spec: 106 | {{ if eq .Values.spec.ingress.type "nginx" }} 107 | kubernetes.io/ingress.class: "nginx" 108 | {{ else }} 109 | ingressClassName: alb 110 | {{ end }} 111 | rules: 112 | {{ if .Values.spec.ingress.host }} 113 | - host: 2048.{{ .Values.spec.ingress.host }} 114 | {{ else }} 115 | - host: 116 | {{ end }} 117 | http: 118 | paths: 119 | - path: / 120 | pathType: Prefix 121 | backend: 122 | service: 123 | name: service-2048 124 | port: 125 | number: 80 126 | -------------------------------------------------------------------------------- /teams/team-riker/dev/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: guestbook-ui 5 | labels: 6 | app: guestbook-ui 7 | {{- toYaml .Values.labels | nindent 4 }} 8 | spec: 9 | replicas: 1 10 | revisionHistoryLimit: 3 11 | selector: 12 | matchLabels: 13 | app: guestbook-ui 14 | template: 15 | metadata: 16 | labels: 17 | app: guestbook-ui 18 | spec: 19 | containers: 20 | - image: gcr.io/heptio-images/ks-guestbook-demo:0.2 21 | name: guestbook-ui 22 | ports: 23 | - containerPort: 80 24 | resources: 25 | requests: 26 | memory: '50Mi' 27 | cpu: '50m' 28 | limits: 29 | memory: '50Mi' 30 | cpu: '50m' 31 | securityContext: 32 | privileged: false 33 | #readOnlyRootFilesystem: false # guestbook neet to write to /var/run/apache2/apache2.pid 34 | allowPrivilegeEscalation: false 35 | -------------------------------------------------------------------------------- /teams/team-riker/dev/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: riker-ingress 5 | # namespace is specified as namespace destination in env/{dev,test,prod}/team-riker.yaml 6 | labels: 7 | app: guestbook-ui 8 | {{- toYaml .Values.labels | nindent 4 }} 9 | annotations: 10 | {{ if eq .Values.spec.ingress.type "nginx" }} 11 | kubernetes.io/ingress.class: "nginx" 12 | {{ else }} 13 | #rewrite does not exist yet in ALB 14 | #https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues/1571 15 | #so commenting grouping feature 16 | #alb.ingress.kubernetes.io/group.name: riker 17 | alb.ingress.kubernetes.io/scheme: internet-facing 18 | alb.ingress.kubernetes.io/target-type: ip 19 | {{ if .Values.spec.ingress.host }} 20 | alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80,"HTTPS": 443}]' 21 | alb.ingress.kubernetes.io/ssl-redirect: '443' 22 | {{ else }} 23 | alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]' 24 | {{ end }} 25 | alb.ingress.kubernetes.io/tags: Environment={{ .Values.labels.env }},Team=Riker 26 | {{ end }} 27 | {{ if .Values.spec.ingress.host }} 28 | external-dns.alpha.kubernetes.io/set-identifier: {{ .Values.spec.clusterName }} 29 | external-dns.alpha.kubernetes.io/aws-weight: '{{ .Values.spec.ingress.route53_weight }}' 30 | {{ end }} 31 | spec: 32 | {{ if eq .Values.spec.ingress.type "nginx" }} 33 | ingressClassName: nginx 34 | {{ else }} 35 | ingressClassName: alb 36 | {{ end }} 37 | rules: 38 | {{ if .Values.spec.ingress.host }} 39 | - host: guestbook-ui.{{ .Values.spec.ingress.host }} 40 | {{ else }} 41 | - host: 42 | {{ end }} 43 | http: 44 | paths: 45 | - path: / 46 | pathType: Prefix 47 | backend: 48 | service: 49 | name: guestbook-ui 50 | port: 51 | number: 80 52 | -------------------------------------------------------------------------------- /teams/team-riker/dev/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: guestbook-ui 5 | labels: 6 | app: guestbook-ui 7 | {{- toYaml .Values.labels | nindent 4 }} 8 | spec: 9 | ports: 10 | - port: 80 11 | targetPort: 80 12 | selector: 13 | app: guestbook-ui 14 | -------------------------------------------------------------------------------- /teams/team-riker/dev/values.yaml: -------------------------------------------------------------------------------- 1 | labels: 2 | env: dev 3 | team: riker 4 | spec: 5 | env: 6 | ingress: 7 | host: 8 | type: alb 9 | -------------------------------------------------------------------------------- /teams/team-riker/prod/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | name: team-riker-prod 4 | description: Team Riker applications for the Prod environment. 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /teams/team-riker/prod/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: guestbook-ui 5 | labels: 6 | app: guestbook-ui 7 | {{- toYaml .Values.labels | nindent 4 }} 8 | spec: 9 | replicas: 1 10 | revisionHistoryLimit: 3 11 | selector: 12 | matchLabels: 13 | app: guestbook-ui 14 | template: 15 | metadata: 16 | labels: 17 | app: guestbook-ui 18 | spec: 19 | containers: 20 | - image: gcr.io/heptio-images/ks-guestbook-demo:0.2 21 | name: guestbook-ui 22 | ports: 23 | - containerPort: 80 24 | -------------------------------------------------------------------------------- /teams/team-riker/prod/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: riker-ingress 5 | # namespace is specified as namespace destination in env/{dev,test,prod}/team-riker.yaml 6 | labels: 7 | app: guestbook-ui 8 | {{- toYaml .Values.labels | nindent 4 }} 9 | annotations: 10 | {{ if eq .Values.spec.ingress.type "nginx" }} 11 | kubernetes.io/ingress.class: "nginx" 12 | {{ else }} 13 | #rewrite does not exist yet in ALB 14 | #https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues/1571 15 | #so commenting grouping feature 16 | #alb.ingress.kubernetes.io/group.name: riker 17 | alb.ingress.kubernetes.io/scheme: internet-facing 18 | alb.ingress.kubernetes.io/target-type: ip 19 | {{ if .Values.spec.ingress.host }} 20 | alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80,"HTTPS": 443}]' 21 | alb.ingress.kubernetes.io/ssl-redirect: '443' 22 | {{ else }} 23 | alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]' 24 | {{ end }} 25 | alb.ingress.kubernetes.io/tags: Environment={{ .Values.labels.env }},Team=Riker 26 | {{ end }} 27 | {{ if .Values.spec.ingress.host }} 28 | external-dns.alpha.kubernetes.io/set-identifier: {{ .Values.spec.clusterName }} 29 | external-dns.alpha.kubernetes.io/aws-weight: '{{ .Values.spec.ingress.route53_weight }}' 30 | {{ end }} 31 | spec: 32 | {{ if eq .Values.spec.ingress.type "nginx" }} 33 | ingressClassName: nginx 34 | {{ else }} 35 | ingressClassName: alb 36 | {{ end }} 37 | rules: 38 | {{ if .Values.spec.ingress.host }} 39 | - host: guestbook-ui.{{ .Values.spec.ingress.host }} 40 | {{ else }} 41 | - host: 42 | {{ end }} 43 | http: 44 | paths: 45 | - path: / 46 | pathType: Prefix 47 | backend: 48 | service: 49 | name: guestbook-ui 50 | port: 51 | number: 80 52 | -------------------------------------------------------------------------------- /teams/team-riker/prod/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: guestbook-ui 5 | labels: 6 | app: guestbook-ui 7 | {{- toYaml .Values.labels | nindent 4 }} 8 | spec: 9 | ports: 10 | - port: 80 11 | targetPort: 80 12 | selector: 13 | app: guestbook-ui 14 | -------------------------------------------------------------------------------- /teams/team-riker/prod/values.yaml: -------------------------------------------------------------------------------- 1 | labels: 2 | env: prod 3 | team: riker 4 | spec: 5 | env: 6 | ingress: 7 | host: 8 | type: alb 9 | -------------------------------------------------------------------------------- /teams/team-riker/test/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | name: team-riker-test 4 | description: Team Riker applications for the Dev environment. 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /teams/team-riker/test/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: guestbook-ui 5 | labels: 6 | app: guestbook-ui 7 | {{- toYaml .Values.labels | nindent 4 }} 8 | spec: 9 | replicas: 1 10 | revisionHistoryLimit: 3 11 | selector: 12 | matchLabels: 13 | app: guestbook-ui 14 | template: 15 | metadata: 16 | labels: 17 | app: guestbook-ui 18 | spec: 19 | containers: 20 | - image: gcr.io/heptio-images/ks-guestbook-demo:0.2 21 | name: guestbook-ui 22 | ports: 23 | - containerPort: 80 24 | -------------------------------------------------------------------------------- /teams/team-riker/test/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: riker-ingress 5 | # namespace is specified as namespace destination in env/{dev,test,prod}/team-riker.yaml 6 | labels: 7 | app: guestbook-ui 8 | {{- toYaml .Values.labels | nindent 4 }} 9 | annotations: 10 | {{ if eq .Values.spec.ingress.type "nginx" }} 11 | kubernetes.io/ingress.class: "nginx" 12 | {{ else }} 13 | #rewrite does not exist yet in ALB 14 | #https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues/1571 15 | #so commenting grouping feature 16 | #alb.ingress.kubernetes.io/group.name: riker 17 | alb.ingress.kubernetes.io/scheme: internet-facing 18 | alb.ingress.kubernetes.io/target-type: ip 19 | {{ if .Values.spec.ingress.host }} 20 | alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80,"HTTPS": 443}]' 21 | alb.ingress.kubernetes.io/ssl-redirect: '443' 22 | {{ else }} 23 | alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]' 24 | {{ end }} 25 | alb.ingress.kubernetes.io/tags: Environment={{ .Values.labels.env }},Team=Riker 26 | {{ end }} 27 | {{ if .Values.spec.ingress.host }} 28 | external-dns.alpha.kubernetes.io/set-identifier: {{ .Values.spec.clusterName }} 29 | external-dns.alpha.kubernetes.io/aws-weight: '{{ .Values.spec.ingress.route53_weight }}' 30 | {{ end }} 31 | spec: 32 | {{ if eq .Values.spec.ingress.type "nginx" }} 33 | ingressClassName: nginx 34 | {{ else }} 35 | ingressClassName: alb 36 | {{ end }} 37 | rules: 38 | {{ if .Values.spec.ingress.host }} 39 | - host: guestbook-ui.{{ .Values.spec.ingress.host }} 40 | {{ else }} 41 | - host: 42 | {{ end }} 43 | http: 44 | paths: 45 | - path: / 46 | pathType: Prefix 47 | backend: 48 | service: 49 | name: guestbook-ui 50 | port: 51 | number: 80 52 | -------------------------------------------------------------------------------- /teams/team-riker/test/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: guestbook-ui 5 | labels: 6 | app: guestbook-ui 7 | {{- toYaml .Values.labels | nindent 4 }} 8 | spec: 9 | ports: 10 | - port: 80 11 | targetPort: 80 12 | selector: 13 | app: guestbook-ui 14 | -------------------------------------------------------------------------------- /teams/team-riker/test/values.yaml: -------------------------------------------------------------------------------- 1 | labels: 2 | env: test 3 | team: riker 4 | spec: 5 | env: 6 | ingress: 7 | host: 8 | type: alb 9 | -------------------------------------------------------------------------------- /teams/team-scan/dev/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | name: team-scan-dev 4 | description: Team Scan applications for the Dev environment. 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /teams/team-scan/dev/templates/image-push-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: ecr-pod 5 | namespace: scan 6 | spec: 7 | serviceAccountName: team-scan-sa 8 | containers: 9 | - name: app 10 | image: quay.io/skopeo/stable:latest 11 | command: ["/bin/sh"] 12 | args: 13 | - "-c" 14 | - 'yum update -y && yum install unzip less -y && curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" && unzip awscliv2.zip && ./aws/install && aws ecr get-login-password --region {{ .Values.spec.region }} | skopeo login --username AWS --password-stdin {{ (split "/" .Values.spec.repositoryUri)._0 }} && skopeo copy docker://centos:8 docker://{{ .Values.spec.repositoryUri }}:latest && sleep 3600' 15 | -------------------------------------------------------------------------------- /teams/team-scan/dev/values.yaml: -------------------------------------------------------------------------------- 1 | labels: 2 | env: dev 3 | team: scan 4 | spec: 5 | env: 6 | ingress: 7 | host: 8 | region: 9 | type: alb 10 | -------------------------------------------------------------------------------- /teams/team-spock/dev/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | name: team-spock-dev 4 | description: Team spock applications for the Dev environment. 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /teams/team-spock/dev/templates/clusterA-addon-eks-pod-identity-agent.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: eks.aws.upbound.io/v1beta1 3 | kind: Addon 4 | metadata: 5 | name: addon-eks-pod-identity-agent-{{ .Values.clusterA.clusterName }} 6 | spec: 7 | forProvider: 8 | addonName: eks-pod-identity-agent 9 | region: {{ .Values.common.region }} 10 | clusterName: {{ .Values.clusterA.clusterName }} 11 | providerConfigRef: 12 | name: {{ .Values.common.providerConfigAWSName }} 13 | -------------------------------------------------------------------------------- /teams/team-spock/dev/templates/clusterA-cluster-auth.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: eks.aws.upbound.io/v1beta1 3 | kind: ClusterAuth 4 | metadata: 5 | name: cluster-auth-{{ .Values.clusterA.clusterName }} 6 | spec: 7 | forProvider: 8 | region: {{ .Values.common.region }} 9 | clusterName: {{ .Values.clusterA.clusterName }} 10 | providerConfigRef: 11 | name: {{ .Values.common.providerConfigAWSName }} 12 | writeConnectionSecretToRef: 13 | namespace: {{ .Values.common.crossplaneNamespace }} 14 | name: kubecontext-{{ .Values.clusterA.clusterName }} 15 | -------------------------------------------------------------------------------- /teams/team-spock/dev/templates/clusterA-provider-config-helm.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: helm.crossplane.io/v1beta1 3 | kind: ProviderConfig 4 | metadata: 5 | name: provider-config-helm-{{ .Values.clusterA.clusterName }} 6 | spec: 7 | credentials: 8 | source: Secret 9 | secretRef: 10 | name: kubecontext-{{ .Values.clusterA.clusterName }} 11 | namespace: {{ .Values.common.crossplaneNamespace }} 12 | key: kubeconfig -------------------------------------------------------------------------------- /teams/team-spock/dev/templates/clusterA-provider-config-k8s.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kubernetes.crossplane.io/v1alpha1 3 | kind: ProviderConfig 4 | metadata: 5 | name: provider-config-k8s-{{ .Values.clusterA.clusterName }} 6 | spec: 7 | credentials: 8 | source: Secret 9 | secretRef: 10 | name: kubecontext-{{ .Values.clusterA.clusterName }} 11 | namespace: {{ .Values.common.crossplaneNamespace }} 12 | key: kubeconfig 13 | -------------------------------------------------------------------------------- /teams/team-spock/dev/templates/clusterA-test-helm.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: helm.crossplane.io/v1beta1 2 | kind: Release 3 | metadata: 4 | name: test-helm-{{ .Values.clusterA.clusterName }} 5 | spec: 6 | forProvider: 7 | chart: 8 | name: nginx 9 | repository: https://charts.bitnami.com/bitnami 10 | version: 17.0.1 11 | namespace: default 12 | providerConfigRef: 13 | name: provider-config-helm-{{ .Values.clusterA.clusterName }} -------------------------------------------------------------------------------- /teams/team-spock/dev/templates/clusterA-test-namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kubernetes.crossplane.io/v1alpha2 2 | kind: Object 3 | metadata: 4 | name: test-namespace-{{ .Values.clusterA.clusterName }} 5 | spec: 6 | forProvider: 7 | manifest: 8 | apiVersion: v1 9 | kind: Namespace 10 | metadata: 11 | labels: 12 | name: test-namespace-{{ .Values.clusterA.clusterName }} 13 | providerConfigRef: 14 | name: provider-config-k8s-{{ .Values.clusterA.clusterName }} -------------------------------------------------------------------------------- /teams/team-spock/dev/templates/clusterB-addon-eks-pod-identity-agent.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: eks.aws.upbound.io/v1beta1 3 | kind: Addon 4 | metadata: 5 | name: addon-eks-pod-identity-agent-{{ .Values.clusterB.clusterName }} 6 | spec: 7 | forProvider: 8 | addonName: eks-pod-identity-agent 9 | region: {{ .Values.common.region }} 10 | clusterName: {{ .Values.clusterB.clusterName }} 11 | providerConfigRef: 12 | name: {{ .Values.common.providerConfigAWSName }} 13 | -------------------------------------------------------------------------------- /teams/team-spock/dev/templates/clusterB-cluster-auth.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: eks.aws.upbound.io/v1beta1 3 | kind: ClusterAuth 4 | metadata: 5 | name: cluster-auth-{{ .Values.clusterB.clusterName }} 6 | spec: 7 | forProvider: 8 | region: {{ .Values.common.region }} 9 | clusterName: {{ .Values.clusterB.clusterName }} 10 | providerConfigRef: 11 | name: {{ .Values.common.providerConfigAWSName }} 12 | writeConnectionSecretToRef: 13 | namespace: {{ .Values.common.crossplaneNamespace }} 14 | name: kubecontext-{{ .Values.clusterB.clusterName }} 15 | -------------------------------------------------------------------------------- /teams/team-spock/dev/templates/clusterB-provider-config-helm.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: helm.crossplane.io/v1beta1 3 | kind: ProviderConfig 4 | metadata: 5 | name: provider-config-helm-{{ .Values.clusterB.clusterName }} 6 | spec: 7 | credentials: 8 | source: Secret 9 | secretRef: 10 | name: kubecontext-{{ .Values.clusterB.clusterName }} 11 | namespace: {{ .Values.common.crossplaneNamespace }} 12 | key: kubeconfig -------------------------------------------------------------------------------- /teams/team-spock/dev/templates/clusterB-provider-config-k8s.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kubernetes.crossplane.io/v1alpha1 3 | kind: ProviderConfig 4 | metadata: 5 | name: provider-config-k8s-{{ .Values.clusterB.clusterName }} 6 | spec: 7 | credentials: 8 | source: Secret 9 | secretRef: 10 | name: kubecontext-{{ .Values.clusterB.clusterName }} 11 | namespace: {{ .Values.common.crossplaneNamespace }} 12 | key: kubeconfig 13 | -------------------------------------------------------------------------------- /teams/team-spock/dev/templates/clusterB-test-helm.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: helm.crossplane.io/v1beta1 2 | kind: Release 3 | metadata: 4 | name: test-helm-{{ .Values.clusterB.clusterName }} 5 | spec: 6 | forProvider: 7 | chart: 8 | name: nginx 9 | repository: https://charts.bitnami.com/bitnami 10 | version: 17.0.1 11 | namespace: default 12 | providerConfigRef: 13 | name: provider-config-helm-{{ .Values.clusterB.clusterName }} -------------------------------------------------------------------------------- /teams/team-spock/dev/templates/clusterB-test-namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kubernetes.crossplane.io/v1alpha2 2 | kind: Object 3 | metadata: 4 | name: test-namespace-{{ .Values.clusterB.clusterName }} 5 | spec: 6 | forProvider: 7 | manifest: 8 | apiVersion: v1 9 | kind: Namespace 10 | metadata: 11 | labels: 12 | name: test-namespace-{{ .Values.clusterB.clusterName }} 13 | providerConfigRef: 14 | name: provider-config-k8s-{{ .Values.clusterB.clusterName }} -------------------------------------------------------------------------------- /teams/team-spock/dev/templates/common-provider-config-aws.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aws.upbound.io/v1beta1 2 | kind: ProviderConfig 3 | metadata: 4 | name: {{ .Values.common.providerConfigAWSName }} 5 | spec: 6 | credentials: 7 | source: IRSA 8 | assumeRoleChain: 9 | - roleARN: "arn:aws:iam::{{ int .Values.common.accountId }}:role/{{ .Values.common.eksConnectorRoleName }}" 10 | -------------------------------------------------------------------------------- /teams/team-spock/dev/values.yaml: -------------------------------------------------------------------------------- 1 | clusterA: 2 | clusterName: 3 | clusterB: 4 | clusterName: 5 | common: 6 | providerConfigAWSName: 7 | eksConnectorRoleName: 8 | accountId: 9 | region: 10 | crossplaneNamespace: 11 | --------------------------------------------------------------------------------