Welcome to the EKS Blueprints Patterns
repository.
This repository contains a number of samples for how you can leverage the Amazon EKS Blueprints. You can think of the patterns as "codified" reference architectures, which can be explained and executed as code in the customer environment.
The individual patterns can be found in the lib
directory. Most of the patterns are self-explanatory, for some more complex examples please use this guide and docs/patterns directory for more information.
Please refer to the Amazon EKS Blueprints Patterns documentation site for complete list of Amazon EKS Blueprints patterns documentation.
Please refer to the Amazon EKS Blueprints Quick Start documentation site for complete project documentation.
Before proceeding, make sure AWS CLI is installed on your machine.
To use the eks-blueprints and patterns module, you must have Node.js and npm installed. You will also use make
and brew
to simplify build and other common actions.
Users can choose this option, if you dont want to run this solution on a mac or ubuntu machine. Please use the dev container configuration in the .devcontainer
folder with devpod or any other dev container environment to create a development environment with dependencies such as Node, NPM, aws-cli, aws-cdk, kubectl, helm dependencies for your local development with cdk-eks-blueprints-patterns
solution.
Follow the below steps to setup and leverage eks-blueprints
and eks-blueprints-patterns
in your Amazon Linux/CentOS/RHEL Linux machine.
Update the package list
Update the package list to ensure you're installing the latest versions.
sudo yum update
Install make
sudo yum install make
Install brew
by following instructions as detailed in docs.brew.sh
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
Add Homebrew to your PATH
test -d ~/.linuxbrew && eval "$(~/.linuxbrew/bin/brew shellenv)"
test -d /home/linuxbrew/.linuxbrew && eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
test -r ~/.bash_profile && echo "eval \"\$($(brew --prefix)/bin/brew shellenv)\"" >> ~/.bash_profile
echo "eval \"\$($(brew --prefix)/bin/brew shellenv)\"" >> ~/.profile
Verify brew installation
brew -v
Install Node.js
and npm
Install Node.js v18 and npm using brew.
```bash
brew install node@18
```
Note: Node.js package includes npm
Set PATH for node@18
```bash
test -r ~/.bash_profile && echo 'export PATH="/home/linuxbrew/.linuxbrew/opt/node@18/bin:$PATH"' >> ~/.bash_profile
echo 'export PATH="/home/linuxbrew/.linuxbrew/opt/node@18/bin:$PATH"' >> ~/.profile
export PATH="/home/linuxbrew/.linuxbrew/opt/node@18/bin:$PATH"
```
Post completing the above, continue from Verify Node.js and npm Installation
Follow the below steps to setup and leverage eks-blueprints
and eks-blueprints-patterns
in your Ubuntu Linux machine.
Update the package list
Update the package list to ensure you're installing the latest versions.
sudo apt update
Install make
sudo apt install make
Install brew
by following instructions as detailed in docs.brew.sh
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
Add Homebrew to your PATH
test -d ~/.linuxbrew && eval "$(~/.linuxbrew/bin/brew shellenv)"
test -d /home/linuxbrew/.linuxbrew && eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
test -r ~/.bash_profile && echo "eval \"\$($(brew --prefix)/bin/brew shellenv)\"" >> ~/.bash_profile
echo "eval \"\$($(brew --prefix)/bin/brew shellenv)\"" >> ~/.profile
Verify brew installation
brew -v
Install Node.js
and npm
Install Node.js v18 and npm using brew.
brew install node@18
Note: Node.js package includes npm
Set PATH for node@18
test -r ~/.bash_profile && echo 'export PATH="/home/linuxbrew/.linuxbrew/opt/node@18/bin:$PATH"' >> ~/.bash_profile
echo 'export PATH="/home/linuxbrew/.linuxbrew/opt/node@18/bin:$PATH"' >> ~/.profile
export PATH="/home/linuxbrew/.linuxbrew/opt/node@18/bin:$PATH"
Post completing the above, continue from Verify Node.js and npm Installation
Follow the below steps to setup and leverage eks-blueprints
and eks-blueprints-patterns
in your local Mac laptop.
Install make
, node
and npm
using brew
brew install make
brew install node@18
Note: Node.js package includes npm
Set PATH for node@18
echo 'export PATH="/opt/homebrew/opt/node@18/bin:$PATH"' >> ~/.zshrc
export PATH="/opt/homebrew/opt/node@18/bin:$PATH"
Node.js
and npm
InstallationCheck the installed version of Node.js:
node -v
The output should be v18.x.x
.
Check the installed version of npm
npm -v
The output should be a version greater than 9.x.x
.
If your npm version is not 9.x.x
or above, update npm with the following command:
sudo npm install -g npm@latest
Verify the installed version by running npm -v
.
Clone cdk-eks-blueprints-patterns
repository
git clone https://github.com/aws-samples/cdk-eks-blueprints-patterns.git
cd cdk-eks-blueprints-patterns
PS: If you are contributing to this repo, please make sure to fork the repo, add your changes and create a PR against it.
Once you have cloned the repo, you can open it using your favourite IDE and run the below commands to install the dependencies and build the existing patterns.
Install project dependencies.
make deps
To view patterns that are available to be deployed, execute the following:
npm i
make build
To list the existing CDK EKS Blueprints patterns
make list
Note: Some patterns have a hard dependency on AWS Secrets (for example GitHub access tokens). Initially you will see errors complaining about lack of the required secrets. It is normal. At the bottom, it will show the list of patterns which can be deployed, in case the pattern you are looking for is not available, it is due to the hard dependency which can be fixed by following the docs specific to those patterns.
To work with patterns use:
$ make pattern <pattern-name> <list | deploy | synth | destroy>
Example:
$ make pattern fargate deploy
Patterns:
bottlerocket
data-at-rest
datadog
dynatrace-operator
ecr-image-scanning
emr
fargate
generative-ai-showcase
generic-cluster-provider
guardduty
jupyterhub
kasten
keptn-control-plane
konveyor
kubecost
kubeflow
kubeshark
multi-region
multi-team
newrelic
nginx
pipeline-multienv-gitops
pipeline-multienv-monitoring
pipeline
rafay
secure-ingress-cognito
snyk
starter
gmaestro
workloads-codecommit
Bootstrap your CDK environment.
npx cdk bootstrap
You can then deploy a specific pattern with the following:
make pattern multi-team deploy
All files are compiled to the dist folder including lib
and bin
directories. For iterative development (e.g. if you make a change to any of the patterns) make sure to run compile:
make compile
The compile
command is optimized to build only modified files and is fast.
To create a new pattern, please follow these steps:
<pattern-name>-construct
. If you plan to create a set of patterns that represent a particular subdomain, e.g. security
or hardening
, please create an issue to discuss it first. If approved, you will be able to create a folder with your subdomain name and group your pattern constructs under it.<Pattern-Name>Construct
. This class is generally placed in index.ts
under your pattern folder.bin/<pattern-name>.ts
. The implementation of this file is very light, and it is done to allow patterns to run independently.Example simple synchronous pattern:
import { configureApp } from "../lib/common/construct-utils";
import FargateConstruct from "../lib/fargate-construct";
new FargateConstruct(configureApp(), "fargate"); // configureApp() will create app and configure loggers and perform other prep steps
Example async pattern:
import { configureApp, errorHandler } from "../lib/common/construct-utils";
const app = configureApp();
new NginxIngressConstruct().buildAsync(app, "nginx").catch((e) => {
errorHandler(
app,
"NGINX Ingress pattern is not setup. This maybe due to missing secrets for ArgoCD admin pwd.",
e
);
});
await prevalidateSecrets(
NginxIngressConstruct.name,
undefined,
SECRET_ARGO_ADMIN_PWD
);
await prevalidateSecrets("my-pattern-name", "us-east-1", "my-secret-name"); //
See Contributing guide for requirements on contribution.
There are cases when the blueprints defined in the patterns have dependencies on existing AWS Resources such as Secrets defined in the account/region. For such cases, you may see errors if such resources are not defined.
For PipelineMultiEnvGitops
please see instructions in this README.
For MultiRegionConstruct
the pattern relies on the following secrets defined:
github-ssh-key
- must contain GitHub SSH private key as a JSON structure containing fields sshPrivateKey
and url
. The secret is expected to be defined in us-east-1
and replicated to us-east-2
and us-west-2
regions. For more information on SSH credentials setup see ArgoCD Secrets Support.
Example Structure:{
"sshPrivateKey": "-----BEGIN THIS IS NOT A REAL PRIVATE KEY-----\nb3BlbnNzaC1rtdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAgEAy82zTTDStK+s0dnaYzE7vLSAcwsiHM8gN\nhq2p5TfcjCcYUWetyu6e/xx5Rh+AwbVvDV5h9QyMw4NJobwuj5PBnhkc3QfwJAO5wOnl7R\nGbehIleWWZLs9qq`DufViQsa0fDwP6JCrqD14aIozg6sJ0Oqi7vQkV+jR0ht/\nuFO1ANXBn2ih0ZpXeHSbPDLeZQjlOBrbGytnCbdvLtfGEsV0WO2oIieWVXJj/zzpKuMmrr\nebPsfwr36nLprOQV6IhDDo\n-----END NOT A REAL PRIVATE KEY-----\n",
"url": "git@github"
}
Note: You can notice explicit \n characters in the sshPrivateKey.
argo-admin-secret
- must contain ArgoCD admin password in Plain Text. The secret is expected to be defined in us-east-1
and replicated to us-east-1
and us-west-2
regions.For `Dynatrace One Agent
dynatrace-tokens
- must contain API_URL, API_TOKEN and PAAS_TOKEN in Plain Text. The secret is expected to be defined in the target region (either directly or through AWS Secrets Manager Replication).For keptn-control-plane
the pattern relies on the following secrets defined:
keptn-secrets
- must contain API_TOKEN and BRIDGE_PASSWORD password in Plain Text. The secret is expected to be defined in us-east-1
region.For newrelic
the pattern relies on the following secrets defined:
newrelic-pixie-keys
- must contain New Relic (required) and Pixie keys (optional). The secret is expected to be defined in the target region (either directly or through AWS Secrets Manager Replication).For more information on defining secrets for ArgoCD, please refer to Blueprints Documentation as well as known issues.
For nginx
please see NGINX Blueprint documentation.
For datadog
the pattern relies on the following secret defined:
apiKeyAWSSecret
- must contain the Datadog API key in Plain Text named datadog-api-key
. The secret is expected to be defined in the target region.For kubeflow
please see Kubeflow documentation.
For secure-ingress-cognito
please see Secure Ingress using Cognito Blueprint documentation.
For GmaestroConstruct
the pattern relies on the following secret defined:
granulate-client-id
- must contain the client_id Plain Text. The secret is expected to be defined in the target region (either directly or through AWS Secrets Manager Replication).
See CONTRIBUTING for more information.
This library is licensed under the MIT-0 License. See the LICENSE file.