diff --git a/Application-Code/backend/Dockerfile b/Application-Code/backend/Dockerfile index b05d6bee8..1db44b03d 100644 --- a/Application-Code/backend/Dockerfile +++ b/Application-Code/backend/Dockerfile @@ -1,6 +1,11 @@ FROM node:14 -WORKDIR /usr/src/app + +WORKDIR /app + COPY package*.json ./ + RUN npm install + COPY . . -CMD ["node", "index.js"] \ No newline at end of file + +CMD ["node","index.js"] diff --git a/Application-Code/frontend/Dockerfile b/Application-Code/frontend/Dockerfile index b004e9665..f8ac1be1e 100644 --- a/Application-Code/frontend/Dockerfile +++ b/Application-Code/frontend/Dockerfile @@ -1,6 +1,11 @@ FROM node:14 -WORKDIR /usr/src/app + +WORKDIR /app + COPY package*.json ./ + RUN npm install + COPY . . -CMD [ "npm", "start" ] + +CMD ["npm","start"] diff --git a/Kubernetes-Manifests-file/.ingress.yaml.swp b/Kubernetes-Manifests-file/.ingress.yaml.swp new file mode 100644 index 000000000..c664b5777 Binary files /dev/null and b/Kubernetes-Manifests-file/.ingress.yaml.swp differ diff --git a/Kubernetes-Manifests-file/Backend/service.yaml b/Kubernetes-Manifests-file/Backend/backend-service.yaml similarity index 100% rename from Kubernetes-Manifests-file/Backend/service.yaml rename to Kubernetes-Manifests-file/Backend/backend-service.yaml diff --git a/Kubernetes-Manifests-file/Backend/deployment.yaml b/Kubernetes-Manifests-file/Backend/deployment.yaml index 39658275f..96820054d 100644 --- a/Kubernetes-Manifests-file/Backend/deployment.yaml +++ b/Kubernetes-Manifests-file/Backend/deployment.yaml @@ -25,7 +25,7 @@ spec: - name: ecr-registry-secret containers: - name: api - image: 407622020962.dkr.ecr.us-east-1.amazonaws.com/backend:latest + image: public.ecr.aws/y4y0r8u9/three-tier-backend:latest imagePullPolicy: Always env: - name: MONGO_CONN_STR @@ -54,4 +54,4 @@ spec: port: 3500 initialDelaySeconds: 5 periodSeconds: 5 - successThreshold: 1 \ No newline at end of file + successThreshold: 1 diff --git a/Kubernetes-Manifests-file/Database/gp2-csi.yaml b/Kubernetes-Manifests-file/Database/gp2-csi.yaml new file mode 100644 index 000000000..516629ee9 --- /dev/null +++ b/Kubernetes-Manifests-file/Database/gp2-csi.yaml @@ -0,0 +1,11 @@ +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: gp2-csi +provisioner: ebs.csi.aws.com +parameters: + type: gp2 +volumeBindingMode: WaitForFirstConsumer +reclaimPolicy: Delete +allowVolumeExpansion: true + diff --git a/Kubernetes-Manifests-file/Database/pvc.yaml b/Kubernetes-Manifests-file/Database/pvc.yaml index 13eb7d2b3..894ad1cbf 100644 --- a/Kubernetes-Manifests-file/Database/pvc.yaml +++ b/Kubernetes-Manifests-file/Database/pvc.yaml @@ -3,10 +3,11 @@ kind: PersistentVolumeClaim metadata: name: mongo-volume-claim namespace: three-tier -spec: - accessModes: +spec: + storageClassName: gp2-csi + accessModes: - ReadWriteOnce - storageClassName: "" resources: requests: - storage: 1Gi \ No newline at end of file + storage: 1Gi + diff --git a/Kubernetes-Manifests-file/Frontend/deployment.yaml b/Kubernetes-Manifests-file/Frontend/deployment.yaml index 5927afe73..4b48bdb74 100644 --- a/Kubernetes-Manifests-file/Frontend/deployment.yaml +++ b/Kubernetes-Manifests-file/Frontend/deployment.yaml @@ -25,10 +25,10 @@ spec: - name: ecr-registry-secret containers: - name: frontend - image: 407622020962.dkr.ecr.us-east-1.amazonaws.com/frontend:latest + image: public.ecr.aws/y4y0r8u9/three-tier-frontend:latest imagePullPolicy: Always env: - name: REACT_APP_BACKEND_URL - value: "http://backend.amanpathakdevops.study/api/tasks" + value: "/api/tasks" ports: - - containerPort: 3000 \ No newline at end of file + - containerPort: 3000 diff --git a/Kubernetes-Manifests-file/Frontend/frontend-service.yaml b/Kubernetes-Manifests-file/Frontend/frontend-service.yaml new file mode 100644 index 000000000..0b0eedaf4 --- /dev/null +++ b/Kubernetes-Manifests-file/Frontend/frontend-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: frontend-service + namespace: three-tier +spec: + type: ClusterIP + selector: + role: frontend + ports: + - port: 80 # ๐Ÿ‘ˆ REQUIRED for Ingress + targetPort: 3000 # ๐Ÿ‘ˆ containerPort + diff --git a/Kubernetes-Manifests-file/Frontend/service.yaml b/Kubernetes-Manifests-file/Frontend/service.yaml deleted file mode 100644 index de2f6df78..000000000 --- a/Kubernetes-Manifests-file/Frontend/service.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: frontend - namespace: three-tier -spec: - ports: - - port: 3000 - protocol: TCP - type: ClusterIP - selector: - role: frontend \ No newline at end of file diff --git a/Kubernetes-Manifests-file/iam_policy.json b/Kubernetes-Manifests-file/iam_policy.json new file mode 100644 index 000000000..761d0e733 --- /dev/null +++ b/Kubernetes-Manifests-file/iam_policy.json @@ -0,0 +1,251 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "iam:CreateServiceLinkedRole" + ], + "Resource": "*", + "Condition": { + "StringEquals": { + "iam:AWSServiceName": "elasticloadbalancing.amazonaws.com" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeInternetGateways", + "ec2:DescribeVpcs", + "ec2:DescribeVpcPeeringConnections", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeTags", + "ec2:GetCoipPoolUsage", + "ec2:DescribeCoipPools", + "ec2:GetSecurityGroupsForVpc", + "ec2:DescribeIpamPools", + "ec2:DescribeRouteTables", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeListenerCertificates", + "elasticloadbalancing:DescribeSSLPolicies", + "elasticloadbalancing:DescribeRules", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetGroupAttributes", + "elasticloadbalancing:DescribeTargetHealth", + "elasticloadbalancing:DescribeTags", + "elasticloadbalancing:DescribeTrustStores", + "elasticloadbalancing:DescribeListenerAttributes", + "elasticloadbalancing:DescribeCapacityReservation" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "cognito-idp:DescribeUserPoolClient", + "acm:ListCertificates", + "acm:DescribeCertificate", + "iam:ListServerCertificates", + "iam:GetServerCertificate", + "waf-regional:GetWebACL", + "waf-regional:GetWebACLForResource", + "waf-regional:AssociateWebACL", + "waf-regional:DisassociateWebACL", + "wafv2:GetWebACL", + "wafv2:GetWebACLForResource", + "wafv2:AssociateWebACL", + "wafv2:DisassociateWebACL", + "shield:GetSubscriptionState", + "shield:DescribeProtection", + "shield:CreateProtection", + "shield:DeleteProtection" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateSecurityGroup" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateTags" + ], + "Resource": "arn:aws:ec2:*:*:security-group/*", + "Condition": { + "StringEquals": { + "ec2:CreateAction": "CreateSecurityGroup" + }, + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Resource": "arn:aws:ec2:*:*:security-group/*", + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "true", + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress", + "ec2:DeleteSecurityGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:CreateLoadBalancer", + "elasticloadbalancing:CreateTargetGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:CreateListener", + "elasticloadbalancing:DeleteListener", + "elasticloadbalancing:CreateRule", + "elasticloadbalancing:DeleteRule" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:RemoveTags" + ], + "Resource": [ + "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*" + ], + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "true", + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:RemoveTags" + ], + "Resource": [ + "arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*" + ] + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:ModifyLoadBalancerAttributes", + "elasticloadbalancing:SetIpAddressType", + "elasticloadbalancing:SetSecurityGroups", + "elasticloadbalancing:SetSubnets", + "elasticloadbalancing:DeleteLoadBalancer", + "elasticloadbalancing:ModifyTargetGroup", + "elasticloadbalancing:ModifyTargetGroupAttributes", + "elasticloadbalancing:DeleteTargetGroup", + "elasticloadbalancing:ModifyListenerAttributes", + "elasticloadbalancing:ModifyCapacityReservation", + "elasticloadbalancing:ModifyIpPools" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:AddTags" + ], + "Resource": [ + "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*" + ], + "Condition": { + "StringEquals": { + "elasticloadbalancing:CreateAction": [ + "CreateTargetGroup", + "CreateLoadBalancer" + ] + }, + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:DeregisterTargets" + ], + "Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*" + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:SetWebAcl", + "elasticloadbalancing:ModifyListener", + "elasticloadbalancing:AddListenerCertificates", + "elasticloadbalancing:RemoveListenerCertificates", + "elasticloadbalancing:ModifyRule", + "elasticloadbalancing:SetRulePriorities" + ], + "Resource": "*" + } + ] +} diff --git a/Kubernetes-Manifests-file/ingress.yaml b/Kubernetes-Manifests-file/ingress1.yaml similarity index 76% rename from Kubernetes-Manifests-file/ingress.yaml rename to Kubernetes-Manifests-file/ingress1.yaml index 69686261c..190740b0e 100644 --- a/Kubernetes-Manifests-file/ingress.yaml +++ b/Kubernetes-Manifests-file/ingress1.yaml @@ -10,21 +10,20 @@ metadata: spec: ingressClassName: alb rules: - - host: backend.amanpathakdevops.study - http: + - http: paths: - path: /api pathType: Prefix backend: service: name: api - port: + port: number: 3500 - path: / pathType: Prefix backend: service: - name: frontend - port: - number: 3000 - \ No newline at end of file + name: frontend-service + port: + number: 80 + diff --git a/README.md b/README.md index f46896f2e..7f0e632c0 100644 --- a/README.md +++ b/README.md @@ -147,5 +147,113 @@ Go to EC2 console, access security group section and delete security groups crea ## Support For any queries or issues, please open an issue in the repository. +## Fixed storage drivers for latest K8s +โœ… CORRECT FIX (EKS Way) + +You must install the AWS EBS CSI Driver and use ebs.csi.aws.com. + +๐Ÿš€ Step 1: Install EBS CSI Driver (REQUIRED) + +Run this (recommended for EKS): + +eksctl utils associate-iam-oidc-provider \ + --region us-east-1 \ + --cluster \ + --approve + + +Then install the addon: + +eksctl create addon \ + --name aws-ebs-csi-driver \ + --cluster \ + --region us-east-1 + + +โœ… This installs the controller + node drivers + +Verify: + +kubectl get pods -n kube-system | grep ebs + + +You should see: + +ebs-csi-controller-xxxx Running +ebs-csi-node-xxxx Running + +๐Ÿ”ง Step 2: Create a CSI-based StorageClass (IMPORTANT) + +Create gp2-csi.yaml: + +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: gp2-csi +provisioner: ebs.csi.aws.com +parameters: + type: gp2 +volumeBindingMode: WaitForFirstConsumer +reclaimPolicy: Delete +allowVolumeExpansion: true + + +Apply it: + +kubectl apply -f gp2-csi.yaml + +๐Ÿงน Step 3: Recreate PVC (MANDATORY) + +Delete old PVC: + +kubectl delete pvc mongo-volume-claim -n three-tier + + +Update mongo-pvc.yaml: + +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mongo-volume-claim + namespace: three-tier +spec: + storageClassName: gp2-csi + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + + +Apply: + +kubectl apply -f mongo-pvc.yaml + +๐Ÿ”„ Step 4: Restart MongoDB Pod +kubectl delete pod -n three-tier -l app=mongodb + + +Watch it live: + +kubectl get pods -n three-tier -w + + +You will now see: + +Pending โ†’ ContainerCreating โ†’ Running + +โœ… Final Verification +kubectl get pvc -n three-tier +kubectl get pods -n three-tier + + +Expected: + +mongo-volume-claim Bound +mongodb-xxxxx 1/1 Running + + +## No need doamin in Values i added backend service + --- Happy Learning! ๐Ÿš€๐Ÿ‘จโ€๐Ÿ’ป๐Ÿ‘ฉโ€๐Ÿ’ป