new: Learning Paths merging into main: Developer and Operator + Kubernetes Basic section. (#1785)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: M A <1267879+idontlikej@users.noreply.github.com>
Co-authored-by: Raj Athavale <58447454+athavr@users.noreply.github.com>
Co-authored-by: Raj Athavale <athavr@amazon.com>
Co-authored-by: Niall Thomson <thomson.niall@gmail.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Parth Pandit <34379542+parth-pandit@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: rrepka <46093591+r-repka@users.noreply.github.com>
Co-authored-by: Sai Vennam <svennam92@gmail.com>

Author: 11 people

.github/workflows/test-fastpaths.yaml

@@ -3,7 +3,7 @@ name: Test - Fastpaths
 on:
   workflow_dispatch:
   schedule:
-    - cron: "0 17 * * 5"
+    - cron: "0 7 * * 5"
 
 permissions:
   id-token: write

Makefile

@@ -4,15 +4,28 @@ environment=''
 shell_command=''
 shell_simple_command=''
 glob='-'
+cluster='all'
 
 .PHONY: install
 install:
 	yarn install
 
+.PHONY: build
+build: install
+	yarn build
+
+.PHONY: warning
+warning:
+	@echo "Note: 'make serve' now does a full static build. For dev mode, use 'make start' instead."
+
 .PHONY: serve
-serve: install
+serve: warning build
 	yarn serve
 
+.PHONY: start
+start: install
+	yarn start
+
 .PHONY: tf-fmt
 tf-fmt:
 	cd ./terraform && terraform fmt --recursive
@@ -37,13 +50,17 @@ reset-environment:
 delete-environment:
 	bash hack/shell.sh $(environment) delete-environment
 
+.PHONY: pre-provision
+pre-provision:
+	bash hack/pre-provision-resources.sh $(environment) $(action)
+
 .PHONY: create-infrastructure
 create-infrastructure:
-	bash hack/create-infrastructure.sh $(environment)
+	bash hack/create-infrastructure.sh $(environment) $(cluster)
 
 .PHONY: destroy-infrastructure
 destroy-infrastructure:
-	bash hack/destroy-infrastructure.sh $(environment)
+	bash hack/destroy-infrastructure.sh $(environment) $(cluster)
 
 .PHONY: deploy-ide
 deploy-ide:
@@ -55,4 +72,5 @@ destroy-ide:
 
 .PHONY: lint
 lint:
-	yarn lint
+	yarn lint
+

cluster/eksctl/access-entries.yaml

@@ -0,0 +1,6 @@
+  accessEntries:
+    - principalARN: ${RESOURCE_CODEBUILD_ROLE_ARN}
+      accessPolicies:
+        - policyARN: "arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy"
+          accessScope:
+            type: cluster

cluster/eksctl/cluster-auto.yaml

@@ -0,0 +1,25 @@
+apiVersion: eksctl.io/v1alpha5
+kind: ClusterConfig
+availabilityZones:
+  - ${AWS_REGION}a
+  - ${AWS_REGION}b
+  - ${AWS_REGION}c
+metadata:
+  name: ${EKS_CLUSTER_AUTO_NAME}
+  region: ${AWS_REGION}
+  version: "1.33"
+  tags:
+    karpenter.sh/discovery: ${EKS_CLUSTER_AUTO_NAME}
+    created-by: eks-workshop-v2
+    env: ${EKS_CLUSTER_AUTO_NAME}
+vpc:
+  cidr: 10.43.0.0/16
+  clusterEndpoints:
+    privateAccess: true
+    publicAccess: true
+autoModeConfig:
+  enabled: true
+  nodePools: [general-purpose, system]
+accessConfig:
+  authenticationMode: API
+  bootstrapClusterCreatorAdminPermissions: true

cluster/eksctl/cluster.yaml

@@ -40,4 +40,7 @@ remoteNetworkConfig:
   remoteNodeNetworks:
     - cidrs: ["10.52.0.0/16"]
   remotePodNetworks:
-    - cidrs: ["10.53.0.0/16"]
+    - cidrs: ["10.53.0.0/16"]
+accessConfig:
+  authenticationMode: API
+  bootstrapClusterCreatorAdminPermissions: true

docs/style_guide.md

@@ -64,6 +64,14 @@ sidebar_custom_props: { "explore": "https://<external link here>" }
 ---
 ```
 
+To mark your module as optional:
+```
+---
+...
+sidebar_custom_props:  { "optional": "true" }
+---
+```
+
 ### Navigating the AWS console
 
 There are instances where the user needs to navigate to specific screens in the AWS console. It is preferable to provide a link to the exact screen if possible, or a close as can be done.

hack/create-infrastructure.sh

@@ -1,9 +1,13 @@
 #!/bin/bash
 
 environment=$1
+cluster=${2:-all}
+export USE_CURRENT_USER=${USE_CURRENT_USER:-1} # We don't want to change the ARN in exec
+echo "Creating infrastructure for environment ${environment} and cluster ${cluster}"
 
 set -Eeuo pipefail
 set -u
+set -x
 
 SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
 
@@ -13,12 +17,30 @@ bash $SCRIPT_DIR/update-iam-role.sh $environment
 
 sleep 5
 
+pids=()
+
 cluster_exists=0
 aws eks describe-cluster --name "${EKS_CLUSTER_NAME}" &> /dev/null || cluster_exists=$?
 
-if [ $cluster_exists -eq 0 ]; then
+if [ $cluster_exists -ne 0 ] && [[ "$cluster" == "standard" || "$cluster" == "all" ]]; then
+  echo "Creating cluster ${EKS_CLUSTER_NAME}"
+  bash $SCRIPT_DIR/exec.sh "${environment}" 'cat /cluster/eksctl/cluster.yaml /cluster/eksctl/access-entries.yaml | envsubst | eksctl create cluster -f -' &
+  pids+=($!)
+else
   echo "Cluster ${EKS_CLUSTER_NAME} already exists"
+fi
+
+auto_cluster_exists=0
+aws eks describe-cluster --name "${EKS_CLUSTER_AUTO_NAME}" &> /dev/null || auto_cluster_exists=$?
+
+if [ $auto_cluster_exists -ne 0 ] && [[ "$cluster" == "auto" || "$cluster" == "all" ]]; then
+  echo "Creating auto mode cluster ${EKS_CLUSTER_AUTO_NAME}"
+  bash $SCRIPT_DIR/exec.sh "${environment}" 'cat /cluster/eksctl/cluster-auto.yaml /cluster/eksctl/access-entries.yaml | envsubst | eksctl create cluster -f -' &
+  pids+=($!)
 else
-  echo "Creating cluster ${EKS_CLUSTER_NAME}"
-  bash $SCRIPT_DIR/exec.sh "${environment}" 'cat /cluster/eksctl/cluster.yaml | envsubst | eksctl create cluster -f -'
-fi
+  echo "Auto mode cluster ${EKS_CLUSTER_AUTO_NAME} already exists"
+fi
+
+for pid in "${pids[@]}"; do
+  wait "$pid" || exit 1
+done

hack/deploy-ide-cfn.sh

@@ -10,13 +10,21 @@ outfile=$(mktemp)
 
 bash $SCRIPT_DIR/build-ide-cfn.sh $outfile
 
+REPOSITORY_OWNER=${REPOSITORY_OWNER:-"aws-samples"}
+REPOSITORY_NAME=${REPOSITORY_NAME:-"eks-workshop-v2"}
+REPOSITORY_REF=${REPOSITORY_REF:-"main"}
+
 source $SCRIPT_DIR/lib/resolve-source-ip.sh
 
 STACK_NAME="$EKS_CLUSTER_NAME-cfn"
 
 aws cloudformation deploy --stack-name "$STACK_NAME" \
   --capabilities CAPABILITY_NAMED_IAM --disable-rollback --template-file $outfile \
-  --parameter-overrides InboundCIDR="$INBOUND_CIDRS"
+  --parameter-overrides \
+    RepositoryOwner="$REPOSITORY_OWNER" \
+    RepositoryName="$REPOSITORY_NAME" \
+    RepositoryRef="$REPOSITORY_REF" \
+    InboundCIDR="$INBOUND_CIDRS"
 
 if [ -z "$CI" ]; then
   IDE_URL=$(aws cloudformation describe-stacks --stack-name "$STACK_NAME" \
@@ -28,4 +36,4 @@ if [ -z "$CI" ]; then
   echo ""
   echo "IDE URL:      $IDE_URL"
   echo "IDE Password: $IDE_PASSWORD"
-fi
+fi

hack/destroy-infrastructure.sh

@@ -1,24 +1,43 @@
 #!/bin/bash
 
 environment=$1
+cluster=${2:-all}
+echo "Destroying infrastructure for environment ${environment} and cluster ${cluster}"
 
 set -Eeuo pipefail
 set -u
 
 SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
-
+export USE_CURRENT_USER=${USE_CURRENT_USER:-1};
 source $SCRIPT_DIR/lib/common-env.sh
 
 cluster_exists=0
 aws eks describe-cluster --name "${EKS_CLUSTER_NAME}" &> /dev/null || cluster_exists=$?
 
-if [ $cluster_exists -eq 0 ]; then
+if [ $cluster_exists -eq 0 ] && [[ "$cluster" == "standard" || "$cluster" == "all" ]]; then
   echo "Deleting cluster ${EKS_CLUSTER_NAME}"
   bash $SCRIPT_DIR/shell.sh "${environment}" 'delete-environment' || true
+  bash $SCRIPT_DIR/exec.sh "${environment}" 'eksctl delete cluster --name ${EKS_CLUSTER_NAME} --region ${AWS_REGION} --wait --force --disable-nodegroup-eviction --timeout 45m'&
+else
+  echo "Cluster ${EKS_CLUSTER_NAME} does not exist or skipped"
+fi
 
-  bash $SCRIPT_DIR/exec.sh "${environment}" 'eksctl delete cluster --name ${EKS_CLUSTER_NAME} --region ${AWS_REGION} --wait --force --disable-nodegroup-eviction --timeout 45m'
+export EKS_CLUSTER_AUTO_NAME="${EKS_CLUSTER_AUTO_NAME}"
+auto_cluster_exists=0
+aws eks describe-cluster --name "${EKS_CLUSTER_AUTO_NAME}" &> /dev/null || auto_cluster_exists=$?
+
+if [ $auto_cluster_exists -eq 0 ] && [[ "$cluster" == "auto" || "$cluster" == "all" ]]; then
+  echo "Deleting auto mode cluster ${EKS_CLUSTER_AUTO_NAME}"
+  #bash $SCRIPT_DIR/shell.sh "${environment}" 'delete-environment' || true # Needed ?
+  bash $SCRIPT_DIR/exec.sh "${environment}" 'eksctl delete cluster --name ${EKS_CLUSTER_AUTO_NAME} --region ${AWS_REGION} --wait --force --disable-nodegroup-eviction --timeout 45m'
 else
-  echo "Cluster ${EKS_CLUSTER_NAME} does not exist"
+  echo "Auto mode cluster ${EKS_CLUSTER_AUTO_NAME} does not exist or skipped"
 fi
 
-aws cloudformation delete-stack --stack-name ${EKS_CLUSTER_NAME}-ide-role || true
+wait
+
+# Only delete ide-role if all clusters are deleted
+if [ "$cluster" == "all" ]; then
+  aws cloudformation delete-stack --stack-name ${EKS_CLUSTER_NAME}-ide-role || true
+  echo "Deleted role"
+fi

hack/exec.sh

@@ -19,9 +19,19 @@ container_image='eks-workshop-environment'
 
 (cd $SCRIPT_DIR/../lab && $CONTAINER_CLI build -q -t $container_image .)
 
-if [ -z "$SKIP_CREDENTIALS" ]; then
+
+if [ "${SKIP_CREDENTIALS:-0}" = "0" ] && [ "${USE_CURRENT_USER:-0}" = "0" ]; then
+  echo "Passing temp AWS credentials"
   source $SCRIPT_DIR/lib/generate-aws-creds.sh
+elif [ "${USE_CURRENT_USER:-0}" != "0" ]; then
+  if [ -z "$AWS_ACCESS_KEY_ID" ]; then
+    echo "No AWS_ACCESS_KEY_ID found, please check your AWS credentials"
+    exit 1
+  fi
+  echo "Using USE_CURRENT_USER"
+  aws_credential_args="-e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY -e AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN:-}"
 else
+  echo "Using DEFAULT no credentials passed"
   aws_credential_args=""
 fi
 
@@ -31,5 +41,6 @@ $CONTAINER_CLI run --rm \
   -v $SCRIPT_DIR/../manifests:/manifests \
   -v $SCRIPT_DIR/../cluster:/cluster \
   --entrypoint /bin/bash \
-  -e 'EKS_CLUSTER_NAME' -e 'AWS_REGION' -e 'AWS_CONTAINER_CREDENTIALS_RELATIVE_URI' \
+  -e "RESET_NO_DELETE=true" \
+  -e 'EKS_CLUSTER_NAME' -e 'EKS_CLUSTER_AUTO_NAME'  -e 'AWS_REGION' -e 'AWS_CONTAINER_CREDENTIALS_RELATIVE_URI' -e RESOURCE_CODEBUILD_ROLE_ARN \
   $aws_credential_args $container_image -c "$shell_command"