Update the starter code (#41)

Dockerfile

@@ -0,0 +1,14 @@
+# Use the `python:3.7` as a source image from the Amazon ECR Public Gallery
+# We are not using `python:3.7.2-slim` from Dockerhub because it has put a  pull rate limit. 
+FROM public.ecr.aws/sam/build-python3.7:latest
+
+# Set up an app directory for your code
+COPY . /app
+WORKDIR /app
+
+# Install `pip` and needed Python packages from `requirements.txt`
+RUN pip install --upgrade pip
+RUN pip install -r requirements.txt
+
+# Define an entrypoint which will run the main app using the Gunicorn WSGI server.
+ENTRYPOINT ["gunicorn", "-b", ":8080", "main:APP"]

README.md

@@ -12,17 +12,67 @@ The Flask app that will be used for this project consists of a simple API with t
 
 The app relies on a secret set as the environment variable `JWT_SECRET` to produce a JWT. The built-in Flask server is adequate for local development, but not production, so you will be using the production-ready [Gunicorn](https://gunicorn.org/) server when deploying the app.
 
+
+
+## Prerequisites
+
+* Docker Desktop - Installation instructions for all OSes can be found <a href="https://docs.docker.com/install/" target="_blank">here</a>.
+* Git: <a href="https://git-scm.com/downloads" target="_blank">Download and install Git</a> for your system. 
+* Code editor: You can <a href="https://code.visualstudio.com/download" target="_blank">download and install VS code</a> here.
+* AWS Account
+* Python version between 3.7 and 3.9. Check the current version using:
+```bash
+#  Mac/Linux/Windows 
+python --version
+```
+You can download a specific release version from <a href="https://www.python.org/downloads/" target="_blank">here</a>.
+
+* Python package manager - PIP 19.x or higher. PIP is already installed in Python 3 >=3.4 downloaded from python.org . However, you can upgrade to a specific version, say 20.2.3, using the command:
+```bash
+#  Mac/Linux/Windows Check the current version
+pip --version
+# Mac/Linux
+pip install --upgrade pip==20.2.3
+# Windows
+python -m pip install --upgrade pip==20.2.3
+```
+* Terminal
+   * Mac/Linux users can use the default terminal.
+   * Windows users can use either the GitBash terminal or WSL. 
+* Command line utilities:
+  * AWS CLI installed and configured using the `aws configure` command. Another important configuration is the region. Do not use the us-east-1 because the cluster creation may fails mostly in us-east-1. Let's change the default region to:
+  ```bash
+  aws configure set region us-east-2  
+  ```
+  Ensure to create all your resources in a single region. 
+  * EKSCTL installed in your system. Follow the instructions [available here](https://docs.aws.amazon.com/eks/latest/userguide/eksctl.html#installing-eksctl) or <a href="https://eksctl.io/introduction/#installation" target="_blank">here</a> to download and install `eksctl` utility. 
+  * The KUBECTL installed in your system. Installation instructions for kubectl can be found <a href="https://kubernetes.io/docs/tasks/tools/install-kubectl/" target="_blank">here</a>. 
+
+
 ## Initial setup
-1. Fork this project to your Github account.
-2. Locally clone your forked version to begin working on the project.
 
-## Dependencies
+1. Fork the <a href="https://github.com/udacity/cd0157-Server-Deployment-and-Containerization" target="_blank">Server and Deployment Containerization Github repo</a> to your Github account.
+1. Locally clone your forked version to begin working on the project.
+```bash
+git clone https://github.com/SudKul/cd0157-Server-Deployment-and-Containerization.git
+cd cd0157-Server-Deployment-and-Containerization/
+```
+1. These are the files relevant for the current project:
+```bash
+.
+├── Dockerfile 
+├── README.md
+├── aws-auth-patch.yml #ToDo
+├── buildspec.yml      #ToDo
+├── ci-cd-codepipeline.cfn.yml #ToDo
+├── iam-role-policy.json  #ToDo
+├── main.py
+├── requirements.txt
+├── simple_jwt_api.yml
+├── test_main.py  #ToDo
+└── trust.json     #ToDo 
+```
 
-- Docker Engine
-    - Installation instructions for all OSes can be found [here](https://docs.docker.com/install/).
-    - For Mac users, if you have no previous Docker Toolbox installation, you can install Docker Desktop for Mac. If you already have a Docker Toolbox installation, please read [this](https://docs.docker.com/docker-for-mac/docker-toolbox/) before installing.
- - AWS Account
-     - You can create an AWS account by signing up [here](https://aws.amazon.com/#).
      
 ## Project Steps
 

aws-auth-patch.yml

@@ -4,22 +4,18 @@
 apiVersion: v1
 data:
   mapRoles: |
-    - groups:
-      - system:masters
-      rolearn: arn:aws:iam::644752792305:role/UdacityFlaskDeployCBKubectlRole
-      username: build      
     - groups:
       - system:bootstrappers
       - system:nodes
-      rolearn: arn:aws:iam::644752792305:role/eksctl-simple-jwt-api-nodegroup-n-NodeInstanceRole-17C402QC9VF6L
+      rolearn: arn:aws:iam::519002666132:role/eksctl-simple-jwt-api-nodegroup-n-NodeInstanceRole-1DBHED9TMYRZZ
       username: system:node:{{EC2PrivateDNSName}}
-  mapUsers: |
-    []
+      - system:masters
+      rolearn: arn:aws:iam::519002666132:role/UdacityFlaskDeployCBKubectlRole
+      username: build
 kind: ConfigMap
 metadata:
-  creationTimestamp: "2021-02-26T07:40:38Z"
+  creationTimestamp: "2022-05-11T11:16:26Z"
   name: aws-auth
   namespace: kube-system
-  resourceVersion: "5992"
-  selfLink: /api/v1/namespaces/kube-system/configmaps/aws-auth
-  uid: 5bf363cb-504c-4289-93ce-74257aff0de4
+  resourceVersion: "1631"
+  uid: 86402a4e-a9ff-4721-8c24-f0c4258f7440

buildspec.yml

@@ -11,13 +11,24 @@ phases:
       - nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://127.0.0.1:2375 --storage-driver=overlay2&
       - timeout 15 sh -c "until docker info; do echo .; sleep 1; done"
       - curl -sS -o aws-iam-authenticator https://amazon-eks.s3-us-west-2.amazonaws.com/1.10.3/2018-07-26/bin/linux/amd64/aws-iam-authenticator
-      # Get latest stable release kubectl
-      - curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl
-        # Command for specific kubectl version:
-        #- curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.18.0/bin/linux/amd64/kubectl
-      - chmod +x ./kubectl ./aws-iam-authenticator
-      - echo `kubectl version`
-      - export PATH=$PWD/:$PATH
+      # Download the latest stable release kubectl      
+      # - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+      # You must use a kubectl version that is within one minor version difference of your Amazon EKS cluster control plane. 
+      # For example, a 1.21 kubectl client works with Kubernetes 1.20, 1.21 and 1.22 clusters.
+      # Ref: https://docs.aws.amazon.com/eks/latest/userguide/install-kubectl.html OR https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/
+      # To download a specific version v1.22.0 on Linux, use:
+      - curl -LO https://dl.k8s.io/release/v1.23.6/bin/linux/amd64/kubectl
+      # Download the kubectl checksum file
+      - curl -LO "https://dl.k8s.io/v1.23.6/bin/linux/amd64/kubectl.sha256"
+      # Validate the kubectl binary against the checksum file
+      - echo "$(cat kubectl.sha256)  kubectl" | sha256sum --check
+      # Install kubectl
+      - chmod +x ./kubectl ./aws-iam-authenticator      
+      # - mkdir -p $HOME/bin && cp ./kubectl $HOME/bin/kubectl && export PATH=$PATH:$HOME/bin
+      - export PATH=$PWD/:$PATH  
+      - python --version
+      - echo 'export PATH=$PWD/:$PATH' >> $HOME/.bashrc
+      - echo `kubectl version --short --client`
       - python -m pip install --upgrade --force pip
       - apt-get update && apt-get -y install jq  && pip install --upgrade awscli
   pre_build:
@@ -26,15 +37,21 @@ phases:
         - sed -i 's@CONTAINER_IMAGE@'"$REPOSITORY_URI:$TAG"'@' simple_jwt_api.yml
         - $(aws ecr get-login --no-include-email)
         - export KUBECONFIG=$HOME/.kube/config
+        - echo `ls -l`
   build:
     commands:
       - docker build --tag $REPOSITORY_URI:$TAG .
 
   post_build:
     commands:
       - docker push $REPOSITORY_URI:$TAG
+      - echo $EKS_CLUSTER_NAME
+      - echo $EKS_KUBECTL_ROLE_ARN
       - aws eks update-kubeconfig --name $EKS_CLUSTER_NAME --role-arn $EKS_KUBECTL_ROLE_ARN
       - kubectl apply -f simple_jwt_api.yml 
       - printf '[{"name":"simple_jwt_api","imageUri":"%s"}]' $REPOSITORY_URI:$TAG > build.json
 artifacts:
   files: build.json
+env:
+  parameter-store:         
+    JWT_SECRET: JWT_SECRET

ci-cd-codepipeline.cfn.yml

@@ -17,7 +17,7 @@ Parameters:
   GitSourceRepo:
     Type: String
     Description: GitHub source repository - must contain a Dockerfile and buildspec.yml in the base
-    Default: FSND-Deploy-Flask-App-to-Kubernetes-Using-EKS
+    Default: cd0157-Server-Deployment-and-Containerization
     MinLength: 1
     MaxLength: 100
     ConstraintDescription: You must enter a GitHub repository name

iam-role-policy.json

@@ -0,0 +1,8 @@
+{
+    "Version": "2012-10-17",
+    "Statement":[{
+        "Effect": "Allow",
+        "Action": ["eks:Describe*", "ssm:GetParameters"],
+        "Resource":"*"
+    }]
+}

requirements.txt

@@ -1,4 +1,9 @@
 pyjwt==1.7.1
 flask==1.1.2
+Jinja2<3.0.0
+MarkupSafe<2.0.0
+ruamel.yaml==0.16.5
+itsdangerous==2.0.1
+werkzeug==2.0.3
 gunicorn==20.0.4
-pytest==6.2.2
+pytest==6.2.2

trust.json

@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Principal": {
+                "AWS": "arn:aws:iam::519002666132:root"
+            },
+            "Action": "sts:AssumeRole"
+        }
+    ]
+}