Welcome to the EKS Blueprints Patterns
repository.
This repository contains a number of samples for how you can leverage the Amazon EKS Blueprints. You can think of the patterns as "codified" reference architectures, which can be explained and executed as code in the customer environment.
The individual patterns can be found in the lib
directory. Most of the patterns are self-explanatory, for some more complex examples please use this guide and docs/patterns directory for more information.
Please refer to the Amazon EKS Blueprints Quick Start documentation site for complete project documentation.
Make sure the following pre-requisites are met:
- Node version must be 16.x or above.
$ node -v
v16.13.1
Update (provided Node version manager is installed): n stable
. May require sudo
.
- NPM version must be 8.4 or above:
$ npm -v
8.7.0
Updating npm: npm install -g npm@latest
where latest can also be a specific version above 8.4. May require sudo
.
Install project dependencies.
make deps
To view patterns that are available to be deployed, execute the following:
cdk list
Note: Some patterns have a hard dependency on AWS Secrets (for example GitHub access tokens). Initially you will see errors complaining about lack of the required secrets. It is normal.
Bootstrap your CDK environment.
cdk bootstrap
We can then deploy a specific pattern with the following:
cdk deploy multi-team-blueprint
There are cases when the blueprints defined in the patterns have dependencies on existing AWS Resources such as Secrets defined in the account/region. For such cases, you may see errors if such resources are not defined.
For PipelineMultiEnvGitops
please see instructions in this README.
For MultiRegionConstruct
the pattern relies on the following secrets defined:
github-ssh-key
- must contain GitHub SSH private key as a JSON structure containing fieldssshPrivateKey
andurl
. The secret is expected to be defined inus-east-1
and replicated tous-east-2
andus-west-2
regions. For more information on SSH credentials setup see ArgoCD Secrets Support. Example Structure:
{
"sshPrivateKey": "-----BEGIN THIS IS NOT A REAL PRIVATE KEY-----\nb3BlbnNzaC1rtdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAgEAy82zTTDStK+s0dnaYzE7vLSAcwsiHM8gN\nhq2p5TfcjCcYUWetyu6e/xx5Rh+AwbVvDV5h9QyMw4NJobwuj5PBnhkc3QfwJAO5wOnl7R\nGbehIleWWZLs9qq`DufViQsa0fDwP6JCrqD14aIozg6sJ0Oqi7vQkV+jR0ht/\nuFO1ANXBn2ih0ZpXeHSbPDLeZQjlOBrbGytnCbdvLtfGEsV0WO2oIieWVXJj/zzpKuMmrr\nebPsfwr36nLprOQV6IhDDo\n-----END NOT A REAL PRIVATE KEY-----\n",
"url": "git@github"
}
Note: You can notice explicit \n characters in the sshPrivateKey.
argo-admin-secret
- must contain ArgoCD admin password in Plain Text. The secret is expected to be defined inus-east-1
and replicated tous-east-1
andus-west-2
regions.
For ``Dynatrace One Agent`
dynatrace-tokens
- must contain API_URL, API_TOKEN and PAAS_TOKEN in Plain Text. The secret is expected to be defined in the target region (either directly or through AWS Secrets Manager Replication).
For KeptnConstruct
the pattern relies on the following secrets defined:
keptn-secrets
- must contain API_TOKEN and BRIDGE_PASSWORD password in Plain Text. The secret is expected to be defined inus-east-1
region.
For NewRelicConstruct
the pattern relies on the following secrets defined:
newrelic-pixie-keys
- must contain New Relic (required) and Pixie keys (optional). The secret is expected to be defined in the target region (either directly or through AWS Secrets Manager Replication).
For more information on defining secrets for ArgoCD, please refer to Blueprints Documentation as well as known issues.
For NginxIngressConstruct
please see NGINX Blueprint documentation.
For DatadogConstruct
the pattern relies on the following secret defined:
apiKeyAWSSecret
- must contain the Datadog API key in Plain Text nameddatadog-api-key
. The secret is expected to be defined in the target region.
For KubeflowConstruct
please see Kubeflow documentation.
See CONTRIBUTING for more information.
This library is licensed under the MIT-0 License. See the LICENSE file.