From 1fe4c79e034976af561fcc23a099e8ed3dac17e4 Mon Sep 17 00:00:00 2001
From: Sudhanshu Kulshrestha <48475411+SudKul@users.noreply.github.com>
Date: Wed, 11 May 2022 20:17:37 +0530
Subject: [PATCH] Update the starter code (#41)
---
Dockerfile | 14 ++++++++
README.md | 66 +++++++++++++++++++++++++++++++++-----
aws-auth-patch.yml | 18 ++++-------
buildspec.yml | 31 ++++++++++++++----
ci-cd-codepipeline.cfn.yml | 2 +-
iam-role-policy.json | 8 +++++
requirements.txt | 7 +++-
trust.json | 12 +++++++
8 files changed, 130 insertions(+), 28 deletions(-)
create mode 100644 Dockerfile
create mode 100644 iam-role-policy.json
create mode 100644 trust.json
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000000..ec526b0736
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,14 @@
+# Use the `python:3.7` as a source image from the Amazon ECR Public Gallery
+# We are not using `python:3.7.2-slim` from Dockerhub because it has put a pull rate limit.
+FROM public.ecr.aws/sam/build-python3.7:latest
+
+# Set up an app directory for your code
+COPY . /app
+WORKDIR /app
+
+# Install `pip` and needed Python packages from `requirements.txt`
+RUN pip install --upgrade pip
+RUN pip install -r requirements.txt
+
+# Define an entrypoint which will run the main app using the Gunicorn WSGI server.
+ENTRYPOINT ["gunicorn", "-b", ":8080", "main:APP"]
diff --git a/README.md b/README.md
index d1bd6b86e0..947692587d 100755
--- a/README.md
+++ b/README.md
@@ -12,17 +12,67 @@ The Flask app that will be used for this project consists of a simple API with t
The app relies on a secret set as the environment variable `JWT_SECRET` to produce a JWT. The built-in Flask server is adequate for local development, but not production, so you will be using the production-ready [Gunicorn](https://gunicorn.org/) server when deploying the app.
+
+
+## Prerequisites
+
+* Docker Desktop - Installation instructions for all OSes can be found here.
+* Git: Download and install Git for your system.
+* Code editor: You can download and install VS code here.
+* AWS Account
+* Python version between 3.7 and 3.9. Check the current version using:
+```bash
+# Mac/Linux/Windows
+python --version
+```
+You can download a specific release version from here.
+
+* Python package manager - PIP 19.x or higher. PIP is already installed in Python 3 >=3.4 downloaded from python.org . However, you can upgrade to a specific version, say 20.2.3, using the command:
+```bash
+# Mac/Linux/Windows Check the current version
+pip --version
+# Mac/Linux
+pip install --upgrade pip==20.2.3
+# Windows
+python -m pip install --upgrade pip==20.2.3
+```
+* Terminal
+ * Mac/Linux users can use the default terminal.
+ * Windows users can use either the GitBash terminal or WSL.
+* Command line utilities:
+ * AWS CLI installed and configured using the `aws configure` command. Another important configuration is the region. Do not use the us-east-1 because the cluster creation may fails mostly in us-east-1. Let's change the default region to:
+ ```bash
+ aws configure set region us-east-2
+ ```
+ Ensure to create all your resources in a single region.
+ * EKSCTL installed in your system. Follow the instructions [available here](https://docs.aws.amazon.com/eks/latest/userguide/eksctl.html#installing-eksctl) or here to download and install `eksctl` utility.
+ * The KUBECTL installed in your system. Installation instructions for kubectl can be found here.
+
+
## Initial setup
-1. Fork this project to your Github account.
-2. Locally clone your forked version to begin working on the project.
-## Dependencies
+1. Fork the Server and Deployment Containerization Github repo to your Github account.
+1. Locally clone your forked version to begin working on the project.
+```bash
+git clone https://github.com/SudKul/cd0157-Server-Deployment-and-Containerization.git
+cd cd0157-Server-Deployment-and-Containerization/
+```
+1. These are the files relevant for the current project:
+```bash
+.
+├── Dockerfile
+├── README.md
+├── aws-auth-patch.yml #ToDo
+├── buildspec.yml #ToDo
+├── ci-cd-codepipeline.cfn.yml #ToDo
+├── iam-role-policy.json #ToDo
+├── main.py
+├── requirements.txt
+├── simple_jwt_api.yml
+├── test_main.py #ToDo
+└── trust.json #ToDo
+```
-- Docker Engine
- - Installation instructions for all OSes can be found [here](https://docs.docker.com/install/).
- - For Mac users, if you have no previous Docker Toolbox installation, you can install Docker Desktop for Mac. If you already have a Docker Toolbox installation, please read [this](https://docs.docker.com/docker-for-mac/docker-toolbox/) before installing.
- - AWS Account
- - You can create an AWS account by signing up [here](https://aws.amazon.com/#).
## Project Steps
diff --git a/aws-auth-patch.yml b/aws-auth-patch.yml
index b6d9b9c26c..4c3b0e0f26 100644
--- a/aws-auth-patch.yml
+++ b/aws-auth-patch.yml
@@ -4,22 +4,18 @@
apiVersion: v1
data:
mapRoles: |
- - groups:
- - system:masters
- rolearn: arn:aws:iam::644752792305:role/UdacityFlaskDeployCBKubectlRole
- username: build
- groups:
- system:bootstrappers
- system:nodes
- rolearn: arn:aws:iam::644752792305:role/eksctl-simple-jwt-api-nodegroup-n-NodeInstanceRole-17C402QC9VF6L
+ rolearn: arn:aws:iam::519002666132:role/eksctl-simple-jwt-api-nodegroup-n-NodeInstanceRole-1DBHED9TMYRZZ
username: system:node:{{EC2PrivateDNSName}}
- mapUsers: |
- []
+ - system:masters
+ rolearn: arn:aws:iam::519002666132:role/UdacityFlaskDeployCBKubectlRole
+ username: build
kind: ConfigMap
metadata:
- creationTimestamp: "2021-02-26T07:40:38Z"
+ creationTimestamp: "2022-05-11T11:16:26Z"
name: aws-auth
namespace: kube-system
- resourceVersion: "5992"
- selfLink: /api/v1/namespaces/kube-system/configmaps/aws-auth
- uid: 5bf363cb-504c-4289-93ce-74257aff0de4
+ resourceVersion: "1631"
+ uid: 86402a4e-a9ff-4721-8c24-f0c4258f7440
diff --git a/buildspec.yml b/buildspec.yml
index fd54b14792..63e53d247f 100644
--- a/buildspec.yml
+++ b/buildspec.yml
@@ -11,13 +11,24 @@ phases:
- nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://127.0.0.1:2375 --storage-driver=overlay2&
- timeout 15 sh -c "until docker info; do echo .; sleep 1; done"
- curl -sS -o aws-iam-authenticator https://amazon-eks.s3-us-west-2.amazonaws.com/1.10.3/2018-07-26/bin/linux/amd64/aws-iam-authenticator
- # Get latest stable release kubectl
- - curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl
- # Command for specific kubectl version:
- #- curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.18.0/bin/linux/amd64/kubectl
- - chmod +x ./kubectl ./aws-iam-authenticator
- - echo `kubectl version`
- - export PATH=$PWD/:$PATH
+ # Download the latest stable release kubectl
+ # - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+ # You must use a kubectl version that is within one minor version difference of your Amazon EKS cluster control plane.
+ # For example, a 1.21 kubectl client works with Kubernetes 1.20, 1.21 and 1.22 clusters.
+ # Ref: https://docs.aws.amazon.com/eks/latest/userguide/install-kubectl.html OR https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/
+ # To download a specific version v1.22.0 on Linux, use:
+ - curl -LO https://dl.k8s.io/release/v1.23.6/bin/linux/amd64/kubectl
+ # Download the kubectl checksum file
+ - curl -LO "https://dl.k8s.io/v1.23.6/bin/linux/amd64/kubectl.sha256"
+ # Validate the kubectl binary against the checksum file
+ - echo "$(cat kubectl.sha256) kubectl" | sha256sum --check
+ # Install kubectl
+ - chmod +x ./kubectl ./aws-iam-authenticator
+ # - mkdir -p $HOME/bin && cp ./kubectl $HOME/bin/kubectl && export PATH=$PATH:$HOME/bin
+ - export PATH=$PWD/:$PATH
+ - python --version
+ - echo 'export PATH=$PWD/:$PATH' >> $HOME/.bashrc
+ - echo `kubectl version --short --client`
- python -m pip install --upgrade --force pip
- apt-get update && apt-get -y install jq && pip install --upgrade awscli
pre_build:
@@ -26,6 +37,7 @@ phases:
- sed -i 's@CONTAINER_IMAGE@'"$REPOSITORY_URI:$TAG"'@' simple_jwt_api.yml
- $(aws ecr get-login --no-include-email)
- export KUBECONFIG=$HOME/.kube/config
+ - echo `ls -l`
build:
commands:
- docker build --tag $REPOSITORY_URI:$TAG .
@@ -33,8 +45,13 @@ phases:
post_build:
commands:
- docker push $REPOSITORY_URI:$TAG
+ - echo $EKS_CLUSTER_NAME
+ - echo $EKS_KUBECTL_ROLE_ARN
- aws eks update-kubeconfig --name $EKS_CLUSTER_NAME --role-arn $EKS_KUBECTL_ROLE_ARN
- kubectl apply -f simple_jwt_api.yml
- printf '[{"name":"simple_jwt_api","imageUri":"%s"}]' $REPOSITORY_URI:$TAG > build.json
artifacts:
files: build.json
+env:
+ parameter-store:
+ JWT_SECRET: JWT_SECRET
diff --git a/ci-cd-codepipeline.cfn.yml b/ci-cd-codepipeline.cfn.yml
index 14b705a580..c0f4d9d31b 100755
--- a/ci-cd-codepipeline.cfn.yml
+++ b/ci-cd-codepipeline.cfn.yml
@@ -17,7 +17,7 @@ Parameters:
GitSourceRepo:
Type: String
Description: GitHub source repository - must contain a Dockerfile and buildspec.yml in the base
- Default: FSND-Deploy-Flask-App-to-Kubernetes-Using-EKS
+ Default: cd0157-Server-Deployment-and-Containerization
MinLength: 1
MaxLength: 100
ConstraintDescription: You must enter a GitHub repository name
diff --git a/iam-role-policy.json b/iam-role-policy.json
new file mode 100644
index 0000000000..b0c1222d9b
--- /dev/null
+++ b/iam-role-policy.json
@@ -0,0 +1,8 @@
+{
+ "Version": "2012-10-17",
+ "Statement":[{
+ "Effect": "Allow",
+ "Action": ["eks:Describe*", "ssm:GetParameters"],
+ "Resource":"*"
+ }]
+}
diff --git a/requirements.txt b/requirements.txt
index 33052c2577..111531cfe5 100755
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,4 +1,9 @@
pyjwt==1.7.1
flask==1.1.2
+Jinja2<3.0.0
+MarkupSafe<2.0.0
+ruamel.yaml==0.16.5
+itsdangerous==2.0.1
+werkzeug==2.0.3
gunicorn==20.0.4
-pytest==6.2.2
+pytest==6.2.2
\ No newline at end of file
diff --git a/trust.json b/trust.json
new file mode 100644
index 0000000000..f934cf3a3f
--- /dev/null
+++ b/trust.json
@@ -0,0 +1,12 @@
+{
+ "Version": "2012-10-17",
+ "Statement": [
+ {
+ "Effect": "Allow",
+ "Principal": {
+ "AWS": "arn:aws:iam::519002666132:root"
+ },
+ "Action": "sts:AssumeRole"
+ }
+ ]
+}