Merge pull request #3 from dpgonaws/master

AWS deployment automation V2

.env

@@ -1,32 +1,31 @@
-  # MANDATORY INPUT - AWS account Id
-  ACCOUNT="<aws-account-id>"
+ # MANDATORY INPUT - AWS account Id
+  ACCOUNT="abc123"
 
-  # AWS region to deploy services, default "ap-south-1"
-  REGION=""
+# AWS region to deploy services, default "ap-south-1"
+ REGION="ap-south-1"
 
-  # AWS Availability Zone count, default 2
-  MAX_AZS=
+# AWS Availability Zone count, default 2
+MAX_AZS=2
 
-  # VPC CIDR, change it as per your environment, default 10.70.0.0/16
-  CIDR="" 
+# VPC CIDR, change it as per your environment, default 10.70.0.0/16
+CIDR="10.20.0.0/16" 
 
-  # MANDATORY INPUT - Database password
-  RDS_PASSWORD="Default@321"
+# MANDATORY INPUT - Database password
+# Constraints: At least 8 printable ASCII characters. Can't contain any of the following: / (slash), '(single quote), "(double quote) and @ (at sign).
+RDS_PASSWORD=""
 
-  # Database user name, default "postgres"
-  RDS_USER=""
+# Database user name, default "postgres"
+RDS_USER="postgres"
 
-  # EKS cluster name, default "sunbird-rc"
-  EKS_CLUSTER_NAME = ""
+# EKS cluster name, default "sbrc2"
+EKS_CLUSTER_NAME = "ekscluster-sbrc2"
 
-  # MANDATORY INPUT - Amazon EKS mastersRole, to be associated with the system:masters RBAC group, giving super-user access to the cluster.
-  ROLE_ARN = "arn:aws:iam::365975017663:user/mozammil"
+# MANDATORY INPUT - Amazon EKS mastersRole, to be associated with the system:masters RBAC group, giving super-user access to the cluster.
+ROLE_ARN = "arn:aws:iam::abc2123:role/abc123"
+
+# Modules to be insalled as part of this deployment
+# RC --> both R and C modules of SunBird RC 2.0 (Default)
+# R --> only R part of SunBird RC 2.0
+# C --> Only C part of SunBird RC 2.0
+SUNBIRD_RC_MODULES_CHOICE = 'RC'
 
-  # MANDATORY INPUT - Unique S3 bucket name for storing registory contents through MinIO   
-  BUCKET_NAME=""
-
-  # Keycloak admin password, used during initial UI login, default "admin@123"
-  KEYCLOAK_ADMIN_PASSWORD= ""
-
-  # Keycloak password to UI login, default "admin@123"
-  KEYCLOAK_DEFAULT_USER_PASSWORD= ""

README.md

@@ -1,39 +1,32 @@
-# Sunbird RC, one-click deployment on AWS
+# Sunbird RC 2.0, one-click deployment on AWS
+
 
 ### Description
-Sunbird RC is an interoperable and unified registry infrastructure that needs to be established to enable "live," "reusable," and "trustworthy" registries as a "single source of truth" to address the three core issues mentioned. To learn more about Sunbird RC, please visit [https://docs.sunbirdrc.dev/](https://docs.sunbirdrc.dev/).
+Sunbird RC 2.0 is an interoperable and unified registry infrastructure that needs to be established to enable "live," "reusable," and "trustworthy" registries as a "single source of truth" to address the three core issues mentioned. To learn more about Sunbird RC, please visit [SunbirdRC 2.0](https://docs.sunbirdrc.dev/).
 
 ### Packaging overview
-This packaging initiative offers a practical approach to increase the adoption, streamline deployment and management of Sunbird RC building blocks on AWS by providing a reference architecture and one-click deployment automation scripts. It allows builders to manage AWS resource provisioning and application deployment in a programmatic and repeatable way.
+This packaging initiative offers a practical approach to increase the adoption, streamline deployment and management of Sunbird RC 2.0 building blocks on AWS by providing a reference architecture and one-click deployment automation scripts. It allows builders to manage AWS resource provisioning and application deployment in a programmatic and repeatable way.
 
-This repository contains the source code and configuration for deploying Sunbird RC stack that leverages the power of Amazon Web Services (AWS) **[Cloud Development Kit (CDK)](https://aws.amazon.com/cdk)** for infrastructure provisioning and **[Helm](https://helm.sh)** for deploying services within an Amazon Elastic Kubernetes Service (EKS) cluster.  
+This repository contains the source code and configuration for deploying Sunbird RC 2.0 stack that leverages the power of Amazon Web Services (AWS) **[Cloud Development Kit (CDK)](https://aws.amazon.com/cdk)** for infrastructure provisioning and **[Helm](https://helm.sh)** for deploying services within an Amazon Elastic Kubernetes Service (EKS) cluster.  
 
-### SunBird RC Deployment
-The Sunbird RC one-click deployment packaging offers two mode of deployments on the AWS cloud, catering to different deployment scenarios.
+### Sunbird RC 2.0 Deployment
+The Sunbird RC 2.0 one-click deployment packaging offers two mode of deployments on the AWS cloud, catering to different deployment scenarios.
 
 #### Mode One: AWS CDK + Helm
-This mode offers a comprehensive solution for users who prefer a one-click deployment approach to provisioning AWS infrastructure and deploying the Sunbird RC application stack.
+This mode offers a comprehensive solution for users who prefer a one-click deployment approach to provisioning AWS infrastructure and deploying the Sunbird RC 2.0 application stack.
 
-* [AWS CDK One Click Deployment](documentation/01-Deployment-CDK-Sunbird.md)
+* [AWS CDK One Click Deployment](documentation/01-Deployment-CDK-Sunbirdrc2.md)
 
 #### Mode Two: Direct Helm Chart Invocation
-An alternative deployment approach accommodates users with existing essential AWS infrastructure components like Amazon RDS Postgres and an Amazon EKS cluster. This mode enables the direct installation of the Sunbird RC Helm chart without relying on AWS CDK scripts. Alternatively, you can combine both methods, utilizing CDK for provisioning specific services like the EKS cluster.
+An alternative deployment approach accommodates users with existing essential AWS infrastructure components like Amazon RDS Postgres and an Amazon EKS cluster. This mode enables the direct installation of the Sunbird RC 2.0 Helm chart without relying on AWS CDK scripts. Alternatively, you can combine both methods, utilizing CDK for provisioning specific services like the EKS cluster.
 
-* [Helm Chart Deployment](documentation/02-Deployment-Helm-Sunbird.md)
+* [Helm Chart Deployment](documentation/02-Deployment-Helm-Sunbirdrc2.md)
 
-### Sunbird RC reference architecture
-Required AWS services to operate the core Sunbird RC registry services:
+### Sunbird RC 2.0 reference architecture
+Required AWS services to operate the core Sunbird RC 2.0 registry services:
 * Amazon VPC
 * Amazon RDS for PostgreSQL Serverless V2
 * Amazon Elastic Kubernetes Service (Amazon EKS)
-* AWS Fargate
-* Amazon S3
 * Elastic Load Balancing (ELB)
-* Amazon API Gateway
-
-Auxiliary components (ideal for production-grade deployments):
-* Amazon ElastiCache Redis Engine
-* Amazon OpenSearch Elasticsearch 
-* Amazon MSK
 
-![Architecture](documentation/Sunbird-RC-AWS-Reference-Architecture.jpg)
+![Architecture](documentation/imgs/Sunbird-RC-2-AWS-Reference-Architecture.png)

bin/sunbirdrc2-cdk.ts

@@ -0,0 +1,131 @@
+#!/usr/bin/env node
+import 'source-map-support/register';
+import * as cdk from 'aws-cdk-lib';
+import { StackProps } from "aws-cdk-lib";
+import { ConfigProps, getConfig } from "../lib/config";
+
+//AWS Stacks
+import { vpcStack } from "../lib/vpc-stack";
+import { rdsStack } from "../lib/rds-stack";
+import { eksec2Stack } from "../lib/eks-ec2-stack";
+import { helmvaultStack } from "../lib/helm-vault-stack";
+import { sunbirdrc2helmStack } from "../lib/sunbirdrc2-helm-stack";
+import { helmvaultinitStack } from "../lib/helm-vaultInit-stack.";
+
+
+const config = getConfig();
+const app = new cdk.App();
+
+type AwsEnvStackProps = StackProps & {
+    config: ConfigProps;
+};
+
+const MY_AWS_ENV_STACK_PROPS: AwsEnvStackProps = {
+    env: {
+        region: config.REGION,
+        account: config.ACCOUNT,
+    },
+    config: config,
+};
+
+// Provision required VPC network & subnets
+const infra = new vpcStack(app, "vpcstacksbrc2", MY_AWS_ENV_STACK_PROPS);
+
+// Provision target RDS data store
+const rds = new rdsStack(app, "rdsstacksbrc2", {
+    env: {
+        region: config.REGION,
+        account: config.ACCOUNT,
+    },
+    config: config,
+    vpc: infra.vpc,
+    rdsuser: config.RDS_USER,
+    rdspassword: config.RDS_PASSWORD,
+});
+
+// Provision target EKS with Fargate Cluster within the VPC
+const eksCluster = new eksec2Stack(app, "eksstacksbrc2", {
+    env: {
+        region: config.REGION,
+        account: config.ACCOUNT,
+    },
+    config: config,
+    vpc: infra.vpc,
+});
+
+const moduleChoice = config.SUNBIRD_RC_MODULES_CHOICE;
+const credentialingChartName = "sunbird-c-charts"
+var rcchatName = "sunbird_rc_charts";
+var rcSignatureProviderName = "dev.sunbirdrc.registry.service.impl.SignatureV2ServiceImpl";
+
+
+switch (moduleChoice) {
+    case "R":
+        rcchatName = "sunbird-r-charts";
+        rcSignatureProviderName = "dev.sunbirdrc.registry.service.impl.SignatureV1ServiceImpl";
+        break;
+    case "C":
+        rcchatName = "sunbird-c-charts";
+        break;
+}
+
+// Run HELM charts for the Vault applications in the provisioned EKS cluster
+const vaultHHelm = new helmvaultStack(app, "vaulthelmstacksbrc2", {
+    env: {
+        region: config.REGION,
+        account: config.ACCOUNT,
+    },
+    config: config,
+    eksCluster: eksCluster.eksCluster
+
+});
+
+// Run HELM charts for the Vault init applications in the provisioned EKS cluster
+const vaultInitHelm = new helmvaultinitStack(app, "vaultinithelmstacksbrc2", {
+    env: {
+        region: config.REGION,
+        account: config.ACCOUNT,
+    },
+    config: config,
+    eksCluster: eksCluster.eksCluster
+
+});
+
+//add dependency on Vault Helm
+vaultInitHelm.addDependency(vaultHHelm);
+
+
+// Run HELM charts for the RC2 applications in the provisioned EKS cluster
+const sunbirdRCHelm = new sunbirdrc2helmStack(app, "sunbirdrc2helmStacksbrc2", {
+    env: {
+        region: config.REGION,
+        account: config.ACCOUNT,
+    },
+    config: config,
+    vpc: infra.vpc,
+    rdssecret: rds.rdsSecret,
+    rdsHost: rds.rdsHost,
+    RDS_PASSWORD: config.RDS_PASSWORD,
+    RDS_USER: config.RDS_USER,
+    eksCluster: eksCluster.eksCluster,
+    moduleChoice: config.SUNBIRD_RC_MODULES_CHOICE,
+    chartName: rcchatName,
+    signatureProviderName: rcSignatureProviderName,
+
+});
+
+
+switch (moduleChoice) {
+    case "RC":
+        sunbirdRCHelm.addDependency(vaultInitHelm);
+        break;
+    case "C":
+        sunbirdRCHelm.addDependency(vaultInitHelm);
+        break;
+};
+
+
+
+
+
+

cdk.context.json

@@ -3,72 +3,5 @@
     "ap-south-1a",
     "ap-south-1b",
     "ap-south-1c"
-  ],
-  "vpc-provider:account=370803901956:filter.vpc-id=vpc-09c0c359d8d0537c7:region=ap-south-1:returnAsymmetricSubnets=true": {
-    "vpcId": "vpc-09c0c359d8d0537c7",
-    "vpcCidrBlock": "10.40.0.0/16",
-    "ownerAccountId": "370803901956",
-    "availabilityZones": [],
-    "subnetGroups": [
-      {
-        "name": "db-pvt-",
-        "type": "Isolated",
-        "subnets": [
-          {
-            "subnetId": "subnet-0dc56e08eb35ccdfd",
-            "cidr": "10.40.4.0/24",
-            "availabilityZone": "ap-south-1a",
-            "routeTableId": "rtb-010b84e958d95a4d4"
-          },
-          {
-            "subnetId": "subnet-06839112bd8b610cd",
-            "cidr": "10.40.5.0/24",
-            "availabilityZone": "ap-south-1b",
-            "routeTableId": "rtb-0c1f4ea78f0a25dd9"
-          }
-        ]
-      },
-      {
-        "name": "public-",
-        "type": "Public",
-        "subnets": [
-          {
-            "subnetId": "subnet-0b88badfa7d4ac407",
-            "cidr": "10.40.0.0/24",
-            "availabilityZone": "ap-south-1a",
-            "routeTableId": "rtb-0ea51f861e2e591dc"
-          },
-          {
-            "subnetId": "subnet-0a906b8d151a34ea0",
-            "cidr": "10.40.1.0/24",
-            "availabilityZone": "ap-south-1b",
-            "routeTableId": "rtb-0517aa9616c4a7644"
-          }
-        ]
-      },
-      {
-        "name": "app-pvt-",
-        "type": "Private",
-        "subnets": [
-          {
-            "subnetId": "subnet-007418f5efbbd1b25",
-            "cidr": "10.40.2.0/24",
-            "availabilityZone": "ap-south-1a",
-            "routeTableId": "rtb-0888be67d39443026"
-          },
-          {
-            "subnetId": "subnet-030ff6831bd99da9a",
-            "cidr": "10.40.3.0/24",
-            "availabilityZone": "ap-south-1b",
-            "routeTableId": "rtb-0399029fd23906b88"
-          }
-        ]
-      }
-    ]
-  },
-  "availability-zones:account=365975017663:region=ap-south-1": [
-    "ap-south-1a",
-    "ap-south-1b",
-    "ap-south-1c"
   ]
 }