Skip to content
The CodeSuite Continuous Deployment reference architecture demonstrates how to achieve continuous deployment of an application to a Kubernetes cluster using AWS CodePipeline, AWS CodeCommit, AWS CodeBuild and AWS Lambda.
Branch: master
Clone or download
Pull request Compare This branch is 16 commits ahead, 15 commits behind aws-samples:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github
dist
images
kube-manifests
sample-app
src
templates
.gitignore
LICENSE
NOTICE
README.adoc

README.adoc

CodeSuite - Continuous Deployment Reference Architecture for Kubernetes

The CodeSuite Continuous Deployment reference architecture demonstrates how to achieve continuous deployment of an application to a Kubernetes cluster using AWS CodePipeline, AWS CodeCommit, AWS CodeBuild and AWS Lambda.

The AWS CloudFormation will provision a pipeline which:

  • Monitors for new code (AWS CodeCommit)

  • Builds a Docker container from the repo (AWS CodeBuild)

  • Upload container for later use (AWS ECR)

  • Deploy a staging environment based on production database (AWS Lambda, Portworx, Kubernetes)

  • Deploy to production (AWS Lambda, Kubernetes)

When you deploy the cloudformation stack there will be four parameters that are specific to your Kubernetes cluster. You will need the API endpoint, Certificate Authority Data, Client Certificate Data and Client Key Data. The last of these three are sensitive, the cloudformation parameter is marked with the "NoEcho" property set to true so that the contents are not exposed through cloudformation. In addition those strings are encrypted with the account default KMS key and stored in parameter store. The Lambda function that authenticates to your Kubernetes API endpoint is assigned an IAM role that has permission to access those keys. The Lambda function builds a config file in the tmpfs directory of the Lambda which is in memory so that when the Lambda function terminates the secrets are gone.

Architecture

Pre-Requisites

Kubernetes

A functioning Kubernetes cluster and config file to authenticate to the cluster, by default this is located at ~/.kube/config

If you do not already have a cluster, see aws-workshop-for-kubernetes

Portworx

Portworx offers Kubernetes Storage. Follow the Portworx installation instructions to deploy onto Kubernetes

Clone this repository

git clone https://github.com/aws-samples/aws-kube-codesuite

This creates a directory named aws-kube-codesuite in your current directory, which contains the code we need for this tutorial. Change to this directory.

Application - initial deployment and service Provisioning

kubectl apply -f ./kube-manifests/deploy-first.yml

Find the service endpoint to view the application:

kubectl get svc codesuite-demo -o wide

If you copy and paste the External IP from the codesuite-demo service into a browser you should see the nginx homepage.

Deploy the CloudFormation stack

Note, deploy this stack in the same region as your k8s cluster. Your cluster nodes will require access via an IAM profile to download images from ECR. If you deployed this cluster through KOPS this will be already take care of for you.

Region

Launch Template

N. Virginia (us-east-1)

deploy to aws

Ohio (us-east-2)

deploy to aws

Oregon (us-west-2)

deploy to aws

Ireland (eu-west-1)

deploy to aws

Frankfurt (eu-central-1)

deploy to aws

Singapore (ap-southeast-1)

deploy to aws

Sydney (ap-southeast-2)

deploy to aws

Tokyo (ap-northeast-1)

deploy to aws

Test CI/CD platform

Install credential helper

git config --global credential.helper '!aws codecommit credential-helper $@'
git config --global credential.UseHttpPath true

Clone CodeCommit Repository (url will be in CloudFormation Output), change directories up one level cd .. so that both repositories are at the same directory structure. Check the outputs page for your CloudFormation stack:

git clone <name_of_your_codecommit_repository>

This creates a directory named codesuite-demo in your current directory.

Copy contents from aws-kube-codesuite/sample-app to this repository folder.

cp aws-kube-codesuite/* codesuite-demo/

Make a change to the codesuite-demo/hello.py file and then change into that directory cd codesuite-demo

Add, commit and push:

git add . && git commit -m "test CodeSuite" && git push origin master

To view the pipeline in the AWS console go to the outputs tab for the pipeline cloudformation template and click on the Pipeline URL link:

pipeline-url

You can then see the pipeline move through the various stages:

pipeline

When the staging environment is deployed, you can verify everything is as you expect before promoting to production.

Once the final Lambda stage is complete you should be able to see the new deployment exposed through the same service load balancer.

kubectl get svc codesuite-demo -o wide

Now if you copy and paste the External IP from the codesuite-demo service into a browser you should see the flask page reflecting the changes you applied.

Cleaning up the example resources

To remove all resources created by this example do the following:

  1. Delete the main CloudFormation stack which deletes the substacks and resources.

  2. Manually delete resources which may contain files:

    • S3 bucket: ArtifactBucket

    • S3 bucket: LambdaCopy bucket

    • ECR repository: Repository

  3. Delete the Kubernetes deployment and service

CloudFormation template resources

The following section explains all of the resources created the CloudFormation template provided with this example.

This creates a Lambda function that copies the Lambda code from the central account into the user account.

Deploys a custom resource via Lambda which creates secure string key value pairs for all of the secrets required to authenticate to the Kubernetes cluster.

Resources that compose the deployment pipeline include the CodeBuild project, the CodePipeline pipeline, an S3 bucket for deployment artifacts, and ECR repository for the container images and all necessary IAM roles used by those services.

License Summary

Forked from aws-kube-codesuite.

This sample code is made available under a modified MIT license. See the LICENSE file.

You can’t perform that action at this time.