Welcome to Stack Simplify

Author: stacksimplify

11-NEW-DevOps-with-AWS-Developer-Tools-and-GitHub/README.md

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: aws-auth
+  namespace: kube-system
+data:
+  mapRoles: |
+    - rolearn: arn:aws:iam::180789647333:role/eksctl-eksdemo1-nodegroup-eksdemo1-NodeInstanceRole-Soe7cmvG8sdT
+      username: system:node:{{EC2PrivateDNSName}}
+      groups:
+        - system:bootstrappers
+        - system:nodes

11-NEW-DevOps-with-AWS-Developer-Tools-and-GitHub/aws-auth/aws-auth-base.yml

@@ -0,0 +1,22 @@
+apiVersion: v1
+data:
+  mapRoles: |
+    - rolearn: arn:aws:iam::180789647333:role/EksCodeBuildKubectlRole
+      username: build
+      groups:
+        - system:masters
+    - rolearn: arn:aws:iam::180789647333:role/eksctl-eksdemo1-nodegroup-eksdemo1-NodeInstanceRole-Soe7cmvG8sdT
+      username: system:node:{{EC2PrivateDNSName}}
+      groups:
+        - system:bootstrappers
+        - system:nodes
+kind: ConfigMap
+metadata:
+  annotations:
+    kubectl.kubernetes.io/last-applied-configuration: |
+      {"apiVersion":"v1","data":{"mapRoles":"- rolearn: arn:aws:iam::180789647333:role/eksctl-eksdemo1-nodegroup-eksdemo1-NodeInstanceRole-Soe7cmvG8sdT\n  username: system:node:{{EC2PrivateDNSName}}\n  groups:\n    - system:bootstrappers\n    - system:nodes\n"},"kind":"ConfigMap","metadata":{"annotations":{},"name":"aws-auth","namespace":"kube-system"}}
+  creationTimestamp: "2025-05-10T10:59:51Z"
+  name: aws-auth
+  namespace: kube-system
+  resourceVersion: "1061745"
+  uid: fb75795c-4038-4fec-806d-3a0e805869dc

11-NEW-DevOps-with-AWS-Developer-Tools-and-GitHub/aws-auth/backup-aws-auth-v1.yml

@@ -0,0 +1,2 @@
+FROM nginx
+COPY app1 /usr/share/nginx/html/app1

11-NEW-DevOps-with-AWS-Developer-Tools-and-GitHub/github-files/Dockerfile

@@ -0,0 +1,8 @@
+<!DOCTYPE html>
+<html>
+   <body style="background-color:rgb(228, 250, 210);">
+      <h1>Welcome to Stack Simplify - App Version - V1 </h1>
+      <h3> DevOps for EKS with AWS Developer Tools</h3>
+      <p>Application Name: App1</p>
+   </body>
+</html>

11-NEW-DevOps-with-AWS-Developer-Tools-and-GitHub/github-files/app1/index.html

@@ -0,0 +1,51 @@
+# buildspec-build.yml
+
+version: 0.2
+
+# Environment variables and values used across phases
+env:
+  variables:
+    # ECR URI where Docker image will be pushed
+    IMAGE_URI: "180789647333.dkr.ecr.us-east-1.amazonaws.com/eks-devops"
+  exported-variables:
+    # Variables that will be shared with downstream phases or pipelines
+    - IMAGE_URI
+    - IMAGE_TAG
+
+phases:
+  install:
+    commands:
+      # Install phase (empty here since the CodeBuild image has necessary tools)
+      - echo "Install Phase - Nothing to do using latest Amazon Linux Docker Image"
+
+  pre_build:
+    commands:
+      # Generate a short Docker image tag using GitHub commit SHA (7 characters)
+      - IMAGE_TAG="$(echo $CODEBUILD_RESOLVED_SOURCE_VERSION | cut -c1-7)"
+      - export IMAGE_TAG
+      # Authenticate Docker with ECR using AWS CLI
+      - echo "Logging into Amazon ECR at $IMAGE_URI..."
+      - aws ecr get-login-password | docker login --username AWS --password-stdin $IMAGE_URI
+
+  build:
+    commands:
+      # Build Docker image using Dockerfile in root directory
+      - echo "Building Docker image..."
+      - docker build -t $IMAGE_URI:$IMAGE_TAG .
+
+  post_build:
+    commands:
+      # Push the built Docker image to ECR repository
+      - echo "Pushing Docker image to ECR..."
+      - docker push $IMAGE_URI:$IMAGE_TAG
+      # Export image metadata to be used in the deploy stage
+      - echo "Exporting variables for downstream stages..."
+      - echo "IMAGE_URI=$IMAGE_URI" >> $CODEBUILD_SRC_DIR/exported-vars.env
+      - echo "IMAGE_TAG=$IMAGE_TAG" >> $CODEBUILD_SRC_DIR/exported-vars.env
+
+# Files that will be included as artifacts for the next stage
+artifacts:
+  files:
+    - exported-vars.env
+    - buildspec-deploy.yml
+    - '**/kube-manifests/**/*'

11-NEW-DevOps-with-AWS-Developer-Tools-and-GitHub/github-files/buildspec-build.yml

@@ -0,0 +1,64 @@
+# buildspec-deploy.yml
+
+version: 0.2
+
+# Environment variables required for EKS authentication
+env:
+  variables:
+    # Name of the EKS cluster
+    EKS_CLUSTER_NAME: "eksdemo1"
+    # IAM Role ARN used to assume access to EKS for kubectl
+    EKS_KUBECTL_ROLE_ARN: "arn:aws:iam::180789647333:role/EksCodeBuildKubectlRole"
+
+phases:
+  install:
+    commands:
+      # Install dependencies/tools (if any)
+      - echo "Install Phase - Installing tools and dependencies"
+
+  pre_build:
+    commands:
+      # Print info about environment setup
+      - echo "Setting up IMAGE_URI and IMAGE_TAG from previous stage..."
+      # List files to verify presence of artifacts
+      - echo "Listing all files in workspace for debugging:"
+      - ls -R .
+      # Source exported variables (IMAGE_URI and IMAGE_TAG)
+      - echo "Sourcing env variables from file"
+      - source ./exported-vars.env
+      - echo "IMAGE_URI=$IMAGE_URI"
+      - echo "IMAGE_TAG=$IMAGE_TAG"
+      # Replace placeholder in Kubernetes YAML with actual image URI and tag
+      - echo "Updating container image in the Kubernetes Deployment YAML file..."
+      - sed -i 's@CONTAINER_IMAGE@'"$IMAGE_URI:$IMAGE_TAG"'@' kube-manifests/01-DEVOPS-Nginx-Deployment.yml
+      - echo "Updated deployment manifest content:"
+      - cat kube-manifests/01-DEVOPS-Nginx-Deployment.yml
+
+  build:
+    commands:
+      # Assume IAM role to gain temporary credentials for kubectl access
+      - echo "Assuming IAM Role to access EKS cluster..."
+      - CREDENTIALS=$(aws sts assume-role --role-arn $EKS_KUBECTL_ROLE_ARN --role-session-name codebuild-kubectl --duration-seconds 900)
+      - export AWS_ACCESS_KEY_ID=$(echo $CREDENTIALS | jq -r '.Credentials.AccessKeyId')
+      - export AWS_SECRET_ACCESS_KEY=$(echo $CREDENTIALS | jq -r '.Credentials.SecretAccessKey')
+      - export AWS_SESSION_TOKEN=$(echo $CREDENTIALS | jq -r '.Credentials.SessionToken')
+      # Setup kubeconfig to interact with the EKS cluster
+      - echo "Updating kubeconfig with EKS cluster credentials..."
+      - aws eks update-kubeconfig --name $EKS_CLUSTER_NAME
+      # Deploy application manifests to EKS
+      - echo "Applying Kubernetes manifests..."
+      - kubectl apply -f kube-manifests/
+      # Wait for deployment rollout to complete
+      - echo "Waiting for deployment rollout to complete..."
+      - kubectl rollout status deployment/eks-devops-deployment --timeout=180s
+
+  post_build:
+    commands:
+      # Verification steps to ensure everything is deployed correctly
+      - echo "Verifying Kubernetes resources created:"
+      - echo "Pods Status:"
+      - kubectl get pods -o wide
+      - echo "Services Status:"
+      - kubectl get svc -o wide
+      - echo "Ingress Status:"
+      - kubectl get ingress -o wide

11-NEW-DevOps-with-AWS-Developer-Tools-and-GitHub/github-files/buildspec-deploy.yml

@@ -0,0 +1,21 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: eks-devops-deployment
+  labels:
+    app: eks-devops
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: eks-devops
+  template:
+    metadata:
+      labels:
+        app: eks-devops
+    spec:
+      containers:
+        - name: eks-devops
+          image: CONTAINER_IMAGE
+          ports:
+            - containerPort: 80

11-NEW-DevOps-with-AWS-Developer-Tools-and-GitHub/github-files/kube-manifests/01-DEVOPS-Nginx-Deployment.yml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: eks-devops-nodeport-service
+  labels:
+    app: eks-devops
+  annotations:    
+#Important Note:  Need to add health check path annotations in service level if we are planning to use multiple targets in a load balancer    
+    alb.ingress.kubernetes.io/healthcheck-path: /app1/index.html    
+spec:
+  type: NodePort
+  selector:
+    app: eks-devops
+  ports:
+    - port: 80
+      targetPort: 80

11-NEW-DevOps-with-AWS-Developer-Tools-and-GitHub/github-files/kube-manifests/02-DEVOPS-Nginx-NodePortService.yml

@@ -0,0 +1,40 @@
+# Annotations Reference: https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/guide/ingress/annotations/
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ingress-externaldns-demo
+  annotations:
+    # Load Balancer Name
+    alb.ingress.kubernetes.io/load-balancer-name: externaldns-ingress
+    # Ingress Core Settings
+    alb.ingress.kubernetes.io/scheme: internet-facing
+    # Health Check Settings
+    alb.ingress.kubernetes.io/healthcheck-protocol: HTTP 
+    alb.ingress.kubernetes.io/healthcheck-port: traffic-port
+    #Important Note:  Need to add health check path annotations in service level if we are planning to use multiple targets in a load balancer    
+    alb.ingress.kubernetes.io/healthcheck-interval-seconds: '15'
+    alb.ingress.kubernetes.io/healthcheck-timeout-seconds: '5'
+    alb.ingress.kubernetes.io/success-codes: '200'
+    alb.ingress.kubernetes.io/healthy-threshold-count: '2'
+    alb.ingress.kubernetes.io/unhealthy-threshold-count: '2'   
+    ## SSL Settings
+    alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}, {"HTTP":80}]'
+    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:180789647333:certificate/895af13a-cdd1-48ca-b399-2b91da0bdc01
+    #alb.ingress.kubernetes.io/ssl-policy: ELBSecurityPolicy-TLS-1-1-2017-01 #Optional (Picks default if not used)    
+    # SSL Redirect Setting
+    alb.ingress.kubernetes.io/ssl-redirect: '443'
+    # External DNS - For creating a Record Set in Route53
+    external-dns.alpha.kubernetes.io/hostname: myapp1.stacksimplify.com
+spec:
+  ingressClassName: my-aws-ingress-class   # Ingress Class                  
+  defaultBackend:
+    service:
+      name: eks-devops-nodeport-service
+      port:
+        number: 80     
+
+# Important Note-1: In path based routing order is very important, if we are going to use  "/*", try to use it at the end of all rules.                                                            
+# 1. If  "spec.ingressClassName: my-aws-ingress-class" not specified, will reference default ingress class on this kubernetes cluster
+# 2. Default Ingress class is nothing but for which ingress class we have the annotation `ingressclass.kubernetes.io/is-default-class: "true"`
+      
+