doitintl · neoakris · May 6, 2025 · May 5, 2025 · May 5, 2025 · May 5, 2025
diff --git a/.flox/env/manifest.lock b/.flox/env/manifest.lock
diff --git a/.flox/env/manifest.toml b/.flox/env/manifest.toml
@@ -1,30 +1,26 @@
 version = 1  # Visit flox.dev/docs/concepts/manifest/
 
 [install]    # (List of packages installed in environment)
-aws = { pkg-path = "awscli2", version = "2.17.42" }
-aws_cdk_dependency_ts = { pkg-path = "typescript", version = "5.6.2" }
-aws_cdk_dependency_nodejs = { pkg-path = "nodejs", version = "20.17.0" } #(v20 = LTS, long term support)
-cdk = { pkg-path = "nodePackages.aws-cdk", version = "2.159.1", pkg-group = "aws-cdk" } 
+aws = { pkg-path = "awscli2", version = "2.26.4" }
+aws_cdk_dependency_ts = { pkg-path = "typescript", version = "5.8.2" }
+aws_cdk_dependency_nodejs = { pkg-path = "nodejs", version = "22.14.0" } #(v22 = LTS, long term support)
+cdk = { pkg-path = "nodePackages.aws-cdk", version = "2.1004.0", pkg-group = "aws-cdk" } 
 jq = { pkg-path = "jq", version = "1.7.1" }
 # Note: pkg-group isolates dependencies to prevent conflict
 # Note: a cdk specific NixOS pgk bug exists https://github.com/NixOS/nixpkgs/issues/236151
 # cdk init app --language typescript
 # ^-- fails, workaround--v 
-# npx aws-cdk@2.133.0 init app --language typescript
+# npx aws-cdk@2.1004.0 init app --language typescript
 
 # If there's ever a need to update pinned versions of above dependencies in the future
 # cd to the root of this git repo (where /.flox/ exists)
 # Then run the following commands to see available versions
 # flox show awscli2 
-# flox show nodejs
 # flox show typescript
+# flox show nodejs
 # flox show nodePackages.aws-cdk
 # flox show jq
 ##################################################################################
-# ^-- While you're at it try to update the node.js packages
-# npm install cdk@2.159.1
-# npm audit fix
-##################################################################################
 
 
 

diff --git a/Dockerfile b/Dockerfile
@@ -25,7 +25,7 @@ ENV AWS_PAGER=""
 WORKDIR /app
 # ^-- configure default working directory
 
-COPY cdk.json package.json package-lock.json tsconfig.json /app
+COPY cdk.json cdk.context.json package.json package-lock.json tsconfig.json /app
 RUN npm install
 ENV PATH="/app/node_modules/.bin:$PATH"
 # ^-- package.json & package-lock.json tell npm install what dependencies to install

diff --git a/README.md b/README.md
@@ -2,9 +2,9 @@
 
 ## What is Easy EKS?
 An opinionated bundling of automation & Infrastructure as code that aims to:
-1. Make it easy to provision EKS clusters that are production ready by default.
-2. Maintain a heavily standardized opinionated set of IaC, which makes automation easier.
-3. Apply a helm like design pattern to AWS CDK.
+1. Make it easy to provision EKS clusters that are nearly production ready by default.
+2. Maintain a heavily standardized opinionated set of IaC, which makes automation maintainable.
+3. Apply useful design patterns from Helm and Kustomize to IaC based on AWS CDK.
 
 ## What is the current status of Easy EKS?
 Pre-Alpha

diff --git a/cdk.context.json b/cdk.context.json
@@ -5,95 +5,10 @@
     "ca-central-1d"
   ],
   "ami:account=905418347382:filters.image-type.0=machine:filters.name.0=fck-nat-al2023-*-arm64-ebs:filters.state.0=available:owners.0=568608671756:region=ca-central-1": "ami-045d3a84706b8feeb",
-  "vpc-provider:account=905418347382:filter.isDefault=false:filter.tag:Name=lower-envs-vpc:region=ca-central-1:returnAsymmetricSubnets=true": {
-    "vpcId": "vpc-0f79593fc83da0b82",
-    "vpcCidrBlock": "10.99.0.0/16",
-    "ownerAccountId": "905418347382",
-    "availabilityZones": [],
-    "subnetGroups": [
-      {
-        "name": "Private",
-        "type": "Private",
-        "subnets": [
-          {
-            "subnetId": "subnet-05cc9568f5db856f2",
-            "cidr": "10.99.32.0/19",
-            "availabilityZone": "ca-central-1a",
-            "routeTableId": "rtb-02272b1ca2d8ad552"
-          },
-          {
-            "subnetId": "subnet-0cc493d68888b47ca",
-            "cidr": "10.99.64.0/19",
-            "availabilityZone": "ca-central-1b",
-            "routeTableId": "rtb-0cdc4e773fe8cfc21"
-          },
-          {
-            "subnetId": "subnet-00e3b357b26ccd5d0",
-            "cidr": "10.99.96.0/19",
-            "availabilityZone": "ca-central-1d",
-            "routeTableId": "rtb-08efc0ea91ffab31d"
-          }
-        ]
-      },
-      {
-        "name": "Public",
-        "type": "Public",
-        "subnets": [
-          {
-            "subnetId": "subnet-071ff1ffe0c3dd854",
-            "cidr": "10.99.0.0/23",
-            "availabilityZone": "ca-central-1a",
-            "routeTableId": "rtb-0981fc558ab2004b2"
-          },
-          {
-            "subnetId": "subnet-0ade167af81ba5fc2",
-            "cidr": "10.99.2.0/23",
-            "availabilityZone": "ca-central-1b",
-            "routeTableId": "rtb-069a562753013d2c2"
-          },
-          {
-            "subnetId": "subnet-060c40cdf18bc529e",
-            "cidr": "10.99.4.0/23",
-            "availabilityZone": "ca-central-1d",
-            "routeTableId": "rtb-05f3c194a62bd6451"
-          }
-        ]
-      }
-    ]
-  },
   "key-provider:account=905418347382:aliasName=alias/eks/lower-envs:region=ca-central-1": {
     "keyId": "2c710e12-cad3-42f5-a92f-e7d7980aebea"
   },
-  "vpc-provider:account=905418347382:filter.isDefault=false:filter.tag:Name=lower-envs-vpc:filter.vpc-id=vpc-0f79593fc83da0b82:region=ca-central-1:returnAsymmetricSubnets=true": {
-    "vpcId": "vpc-0f79593fc83da0b82",
-    "vpcCidrBlock": "10.99.0.0/16",
-    "ownerAccountId": "905418347382",
-    "availabilityZones": [],
-    "subnetGroups": [
-      {
-        "name": "Private",
-        "type": "Private",
-        "subnets": [
-          {
-            "subnetId": "subnet-05cc9568f5db856f2",
-            "cidr": "10.99.32.0/19",
-            "availabilityZone": "ca-central-1a",
-            "routeTableId": "rtb-010c7b9bdb7d1d475"
-          },
-          {
-            "subnetId": "subnet-0cc493d68888b47ca",
-            "cidr": "10.99.64.0/19",
-            "availabilityZone": "ca-central-1b",
-            "routeTableId": "rtb-010c7b9bdb7d1d475"
-          },
-          {
-            "subnetId": "subnet-00e3b357b26ccd5d0",
-            "cidr": "10.99.96.0/19",
-            "availabilityZone": "ca-central-1d",
-            "routeTableId": "rtb-010c7b9bdb7d1d475"
-          }
-        ]
-      }
-    ]
-  }
+  "acknowledged-issue-numbers": [
+    32775
+  ]
 }
diff --git a/config/eks/higher_envs_eks_config.ts b/config/eks/higher_envs_eks_config.ts
@@ -14,10 +14,15 @@ export function apply_config(config: Easy_EKS_Config_Data, stack: cdk.Stack){ //
     //config.setVpcById("vpc-0dbcacb511f9bac4e", config, stack); //Alternative pre-existing VPC deployment option
     config.setBaselineMNGSize(2);
     config.setBaselineMNGType(eks.CapacityType.ON_DEMAND);
-    //config.addClusterAdminARN(`arn:aws:iam::${process.env.CDK_DEFAULT_ACCOUNT!}:user/example`);
-    //^--Important Note: identity referenced in ARN must exist or the deployment will fail
-    //         This allows you to create a explicit list of ARNS (representing IAM roles or users)
-    //         That act as EKS Admins of all higher environments.
+    if(process.env.CDK_DEFAULT_ACCOUNT==="111122223333"){
+        config.addClusterAdminARN(`arn:aws:iam::111122223333:user/example`); 
+        /* Note: 
+           config.addClusterAdminARN('...:user/example') should only be used in an if statement,
+           Because the identity referenced in ARN must exist or the deployment will fail
+           This allows you to create a explicit list of ARNs (representing IAM roles or users)
+           That act as EKS Admins of all higher environments.
+        */
+    }
     /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 
 
@@ -27,7 +32,7 @@ export function apply_config(config: Easy_EKS_Config_Data, stack: cdk.Stack){ //
     config.setKubectlLayer(new KubectlV31Layer(stack, 'kubectl'));
     config.addEKSAddon('kube-proxy', { //spelling matters for all addons
         addonName: 'kube-proxy', //spelling matter & should match above
-        addonVersion: 'v1.31.3-eksbuild.2', //Commented out for default (it won't be latest)
+        addonVersion: 'v1.31.7-eksbuild.7', //Note you can comment this out, but you'll get default instead of latest.
         // Use this to look up latest
         // aws eks describe-addon-versions --kubernetes-version=1.31 --addon-name=kube-proxy --query='addons[].addonVersions[].addonVersion' | jq '.[0]'
         resolveConflicts: 'OVERWRITE',

diff --git a/config/eks/lower_envs_eks_config.ts b/config/eks/lower_envs_eks_config.ts
@@ -14,10 +14,15 @@ export function apply_config(config: Easy_EKS_Config_Data, stack: cdk.Stack){ //
     //config.setVpcById("vpc-0dbcacb511f9bac4e", config, stack); //Alternative pre-existing VPC deployment option
     config.setBaselineMNGSize(2);
     config.setBaselineMNGType(eks.CapacityType.SPOT);
-    //config.addClusterAdminARN(`arn:aws:iam::${process.env.CDK_DEFAULT_ACCOUNT!}:user/example`);
-    //^--Important Note: identity referenced in ARN must exist or the deployment will fail
-    //         This allows you to create a explicit list of ARNS (representing IAM roles or users)
-    //         That act as EKS Admins of all lower environments.
+    if(process.env.CDK_DEFAULT_ACCOUNT==="111122223333"){
+        config.addClusterAdminARN(`arn:aws:iam::111122223333:user/example`); 
+        /* Note: 
+           config.addClusterAdminARN('...:user/example') should only be used in an if statement,
+           Because the identity referenced in ARN must exist or the deployment will fail
+           This allows you to create a explicit list of ARNs (representing IAM roles or users)
+           That act as EKS Admins of all lower environments.
+        */
+    }
     /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 
 
@@ -27,7 +32,7 @@ export function apply_config(config: Easy_EKS_Config_Data, stack: cdk.Stack){ //
     config.setKubectlLayer(new KubectlV31Layer(stack, 'kubectl'));
     config.addEKSAddon('kube-proxy', { //spelling matters for all addons
         addonName: 'kube-proxy', //spelling matter & should match above
-        addonVersion: 'v1.31.3-eksbuild.2', //Commented out for default (it won't be latest)
+        addonVersion: 'v1.31.7-eksbuild.7', //Note you can comment this out, but you'll get default instead of latest.
         // Use this to look up latest
         // aws eks describe-addon-versions --kubernetes-version=1.31 --addon-name=kube-proxy --query='addons[].addonVersions[].addonVersion' | jq '.[0]'
         resolveConflicts: 'OVERWRITE',

diff --git a/docs/04_Prerequisites/Recommended_Long-Term_Setup.md b/docs/04_Prerequisites/Recommended_Long-Term_Setup.md
@@ -70,21 +70,14 @@
 cat /etc/os-release
 uname -r
 # ^-- The above commands say we're on an rpm based x86_64 distro of Amazon Linux 2023 
-wget https://downloads.flox.dev/by-env/stable/rpm/flox-1.3.2.x86_64-linux.rpm
+wget https://downloads.flox.dev/by-env/stable/rpm/flox-1.4.1.x86_64-linux.rpm
 sudo rpm --import https://downloads.flox.dev/by-env/stable/rpm/flox-archive-keyring.asc
 sudo rpm -ivh ~/flox-*.rpm
 flox --version
 rm ~/flox-*.rpm
-# 1.3.2
+# 1.4.1
 ```
 
-4. Install node.js modules
-```shell
-# flox [flox.dev]
-# [admin@workstation:~/easyeks]
-npm install
-# ^-- will populate a /node_modules/, based on package.json
-```
 
 --------------------------------------------------------------------------------------------------------------
 
@@ -107,7 +100,7 @@ npm install
 ## Phase 3: Git Repo Setup
 
 ### Phase 3A: Git Repo Setup (Generic Overview)
-2. Gain the ability to clone a private git repo (here's an example based on private github)
+1. Gain the ability to clone a private git repo (here's an example based on private github)
    1. create a classic readonly GitHub Token to clone private doit repo  
       * https://github.com/settings/tokens/new  
       * note = test <-- note this value represents TOKEN_NAME
@@ -119,7 +112,7 @@ npm install
       `ghp_jwiZWtzLWNkay1xdWlja3N0YXJ0CgwMjQtMD`
 
 ### Phase 3B: Git Repo Setup (Detailed Instructions for Private GitHub Repo)
-3. Copy Paste Commands (one line at a time) to clone private github repo from AWS Cloud Shell  
+1. Copy Paste Commands (one line at a time) to clone private github repo from AWS Cloud Shell  
 ```shell
 # [ec2-user@ec2-bastion-with-iam-admin-role:~]
 sudo dnf update -y
@@ -130,19 +123,22 @@ export TOKEN_PASS="ghp_jwiZWtzLWNkay1xdWlja3N0YXJ0CgwMjQtMD"
 cd ~
 git clone https://$TOKEN_NAME:$TOKEN_PASS@github.com/doitintl/easyeks.git
 cd ~/easyeks
+cdk context --clear
+# ^-- resets cdk.context.json to {}
+# (Technically not necessary, done for the sake of housekeeping / keeping things tidy.)
 ```
 
 --------------------------------------------------------------------------------------------------------------
 
 ## Phase 4: CDK Bootstrap
-5. Change current working directory to the repo, which has a .flox folder
+1. Change current working directory to the repo, which has a .flox folder
 ```shell
-#[ec2-user@ec2-bastion-with-iam-admin-role:~]#
-ls -lah ~/easyeks | grep .flox
+#[ec2-user@ec2-bastion-with-iam-admin-role:~/easyeks]#
 cd ~/easyeks
+ls -lah | grep .flox
 ```
 
-6. Run flox activate in that folder
+1. Run flox activate in that folder
 ```shell
 #[ec2-user@ec2-bastion-with-iam-admin-role:~/easyeks]#
 flox activate
@@ -156,13 +152,15 @@ cdk --version
 npm --version
 ```
 
-* Bootstrap cdk
+1. Install node.js modules
 ```shell
-export AWS_REGION=ca-central-1
-cdk bootstrap
+# flox [flox.dev]
+# [admin@workstation:~/easyeks]
+npm install
+# ^-- will populate a /node_modules/, based on package.json
 ```
 
-7. CDK Bootstrap and Deploy
+1. Bootstrap CDK
 ```shell
 #[ec2-user@ec2-bastion-with-iam-admin-role:~/easyeks]#
 aws sts get-caller-identity
@@ -171,8 +169,16 @@ export AWS_REGION="ca-central-1"
 # ^-- recommend add a region to ~/.bashrc, or `aws configure`
 export AWS_ACCOUNT_ID=$(aws sts get-caller-identity | jq .Account | tr -d '\"')
 echo $AWS_ACCOUNT_ID
-cdk bootstrap aws://$AWS_ACCOUNT_ID/ca-central-1
+time cdk bootstrap aws://$AWS_ACCOUNT_ID/$AWS_REGION
 # ^-- bootstraps the region, after which you'll see a Stack name of "CDKToolkit"
 #     in AWS Web GUI Console > CloudFormation > Stacks (for that region)
 #     Note you can only deploy into region's that have been bootstrapped
 ```
+
+1. Deploy cdk stacks
+```shell
+#[ec2-user@ec2-bastion-with-iam-admin-role:~/easyeks]#
+time cdk list
+time cdk deploy lower-envs-vpc
+time cdk deploy dev1-eks
+```
diff --git a/docs/09_Project_Goals_and_Target_Audience/Project_Goals.md b/docs/09_Project_Goals_and_Target_Audience/Project_Goals.md
@@ -1,5 +1,5 @@
 # Easy EKS's Project Goals
-Easy EKS = EKS + Apps + Config + Infrastructure as Code + Automation + Docs.
+Easy EKS = EKS + Kube Apps + Config + Infrastructure as Code + Automation + Docs.
 
 ## 1. Make a standardized baseline distribution of EKS
 * Standardization is a prerequisite for: