Merge pull request #46 from aws-observability/feature/existingClusterOpenSourcePattern

Existing Cluster Open Source Observability Pattern

Author: elamaran11

bin/existing-eks-opensource-observability.ts

@@ -0,0 +1,8 @@
+import ExistingEksOpenSourceobservabilityConstruct from '../lib/existing-eks-opensource-observability-construct';
+import { configureApp, errorHandler } from '../lib/common/construct-utils';
+
+const app = configureApp();
+
+new ExistingEksOpenSourceobservabilityConstruct().buildAsync(app, 'existing-eks-opensource').catch((error) => {
+    errorHandler(app, "Existing Cluster Pattern is missing information of existing cluster: " + error);
+});

cdk.json

@@ -22,6 +22,8 @@
     "namespaceworkloads.dashboard.url": "https://raw.githubusercontent.com/aws-observability/aws-observability-accelerator/main/artifacts/grafana-dashboards/eks/infrastructure/namespace-workloads.json",
     "nodeexporter.dashboard.url": "https://raw.githubusercontent.com/aws-observability/aws-observability-accelerator/main/artifacts/grafana-dashboards/eks/infrastructure/nodeexporter-nodes.json",
     "nodes.dashboard.url": "https://raw.githubusercontent.com/aws-observability/aws-observability-accelerator/main/artifacts/grafana-dashboards/eks/infrastructure/nodes.json",
-    "workloads.dashboard.url": "https://raw.githubusercontent.com/aws-observability/aws-observability-accelerator/main/artifacts/grafana-dashboards/eks/infrastructure/workloads.json"
+    "workloads.dashboard.url": "https://raw.githubusercontent.com/aws-observability/aws-observability-accelerator/main/artifacts/grafana-dashboards/eks/infrastructure/workloads.json",
+    "existing.cluster.name": "single-new-eks-observability-accelerator",
+    "existing.kubectl.rolename": "YOUR_KUBECTL_ROLE"
   }
 }

lib/common/observability-builder.ts

@@ -3,25 +3,31 @@ import * as utils from '@aws-quickstart/eks-blueprints/dist/utils';
 import { NestedStack, NestedStackProps } from 'aws-cdk-lib';
 import { Construct } from 'constructs';
 
+export class ObservabilityBuilder extends blueprints.BlueprintBuilder {
+
+    public addNewClusterObservabilityBuilderAddOns(): ObservabilityBuilder {
+        return this.addOns(
+            new blueprints.addons.VpcCniAddOn(),
+            new blueprints.addons.CoreDnsAddOn(),
+            new blueprints.addons.MetricsServerAddOn(),
+            new blueprints.addons.PrometheusNodeExporterAddOn(),
+            new blueprints.addons.KubeStateMetricsAddOn());
+    }
 
+    public addExistingClusterObservabilityBuilderAddOns(): ObservabilityBuilder {
+        return this.addOns(
+            new blueprints.addons.AwsLoadBalancerControllerAddOn(),
+            new blueprints.addons.CertManagerAddOn());
+    }
 
-export class ObservabilityBuilder {
-
-    public static builder(): blueprints.BlueprintBuilder {
-        return new blueprints.BlueprintBuilder()
-            .addOns(
-                new blueprints.NestedStackAddOn({
-                    id: "usage-tracking-addon",
-                    builder: UsageTrackingAddOn.builder(),
-                }),
-                new blueprints.addons.AwsLoadBalancerControllerAddOn(),
-                new blueprints.addons.VpcCniAddOn(),
-                new blueprints.addons.CoreDnsAddOn(),
-                new blueprints.addons.MetricsServerAddOn(),
-                new blueprints.addons.ExternalsSecretsAddOn(),
-                new blueprints.addons.CertManagerAddOn(),
-                new blueprints.addons.PrometheusNodeExporterAddOn(),
-                new blueprints.addons.KubeStateMetricsAddOn());
+    public static builder(): ObservabilityBuilder {
+        const builder = new ObservabilityBuilder();
+        builder.addOns(
+            new blueprints.NestedStackAddOn({
+                id: "usage-tracking-addon",
+                builder: UsageTrackingAddOn.builder(),
+            }));
+        return builder;
     }
 }
 

lib/existing-eks-opensource-observability-construct/grafanaoperatorsecretaddon.ts

@@ -0,0 +1,75 @@
+import 'source-map-support/register';
+import * as blueprints from '@aws-quickstart/eks-blueprints';
+import * as eks from "aws-cdk-lib/aws-eks";
+import { Construct } from 'constructs';
+import { dependable } from '@aws-quickstart/eks-blueprints/dist/utils';
+
+export class GrafanaOperatorSecretAddon implements blueprints.ClusterAddOn {
+    id?: string | undefined;
+    @dependable(blueprints.addons.ExternalsSecretsAddOn.name, blueprints.addons.GrafanaOperatorAddon.name)
+    deploy(clusterInfo: blueprints.ClusterInfo): void | Promise<Construct> {
+        const cluster = clusterInfo.cluster;
+        const secretStore = new eks.KubernetesManifest(clusterInfo.cluster.stack, "ClusterSecretStore", {
+            cluster: cluster,
+            manifest: [
+                {
+                    apiVersion: "external-secrets.io/v1beta1",
+                    kind: "ClusterSecretStore",
+                    metadata: {
+                        name: "ssm-parameter-store",
+                        namespace: "default"
+                    },
+                    spec: {
+                        provider: {
+                            aws: {
+                                service: "ParameterStore",
+                                region: clusterInfo.cluster.stack.region,
+                                auth: {
+                                    jwt: {
+                                        serviceAccountRef: {
+                                            name: "external-secrets-sa",
+                                            namespace: "external-secrets",
+                                        },
+                                    },
+                                },
+                            },
+                        },
+                    },
+                },
+            ],
+        });
+        
+        const externalSecret = new eks.KubernetesManifest(clusterInfo.cluster.stack, "ExternalSecret", {
+            cluster: cluster,
+            manifest: [
+                {
+                    apiVersion: "external-secrets.io/v1beta1",
+                    kind: "ExternalSecret",
+                    metadata: {
+                        name: "external-grafana-admin-credentials",
+                        namespace: "grafana-operator"
+                    },
+                    spec: {
+                        secretStoreRef: {
+                            name: "ssm-parameter-store",
+                            kind: "ClusterSecretStore",
+                        },
+                        target: {
+                            name: "grafana-admin-credentials"
+                        },
+                        data: [
+                            {
+                                secretKey: "GF_SECURITY_ADMIN_APIKEY",
+                                remoteRef: {
+                                    key: "/cdk-accelerator/grafana-api-key"
+                                },
+                            },
+                        ],
+                    },
+                },
+            ],
+        });
+        externalSecret.node.addDependency(secretStore);
+        return Promise.resolve(secretStore);
+    }
+}

lib/existing-eks-opensource-observability-construct/index.ts

@@ -0,0 +1,97 @@
+// import { Construct } from 'constructs';
+import { ImportClusterProvider, utils } from '@aws-quickstart/eks-blueprints';
+import * as blueprints from '@aws-quickstart/eks-blueprints';
+import { GrafanaOperatorSecretAddon } from './grafanaoperatorsecretaddon';
+import * as amp from 'aws-cdk-lib/aws-aps';
+import { ObservabilityBuilder } from '../common/observability-builder';
+import * as cdk from "aws-cdk-lib";
+import * as eks from 'aws-cdk-lib/aws-eks';
+
+export default class ExistingEksOpenSourceobservabilityConstruct {
+    async buildAsync(scope: cdk.App, id: string) {
+        // AddOns for the cluster
+        const stackId = `${id}-observability-accelerator`;
+        const clusterName = utils.valueFromContext(scope, "existing.cluster.name", undefined);
+        const kubectlRoleName = utils.valueFromContext(scope, "existing.kubectl.rolename", undefined);
+
+        const account = process.env.COA_ACCOUNT_ID! || process.env.CDK_DEFAULT_ACCOUNT!;
+        const region = process.env.COA_AWS_REGION! || process.env.CDK_DEFAULT_REGION!;
+        const ampWorkspaceName = process.env.COA_AMP_WORKSPACE_NAME! || 'observability-amp-Workspace';
+        const ampPrometheusEndpoint = (blueprints.getNamedResource(ampWorkspaceName) as unknown as amp.CfnWorkspace).attrPrometheusEndpoint;
+        
+        const amgEndpointUrl = process.env.COA_AMG_ENDPOINT_URL;
+        const sdkCluster = await blueprints.describeCluster(clusterName, region); // get cluster information using EKS APIs
+        const vpcId = sdkCluster.resourcesVpcConfig?.vpcId;
+
+        /**
+         * Assumes the supplied role is registered in the target cluster for kubectl access.
+         */
+
+        const importClusterProvider = new ImportClusterProvider({
+            clusterName: sdkCluster.name!,
+            version: eks.KubernetesVersion.of(sdkCluster.version!),
+            clusterEndpoint: sdkCluster.endpoint,
+            openIdConnectProvider: blueprints.getResource(context =>
+                new blueprints.LookupOpenIdConnectProvider(sdkCluster.identity!.oidc!.issuer!).provide(context)),
+            clusterCertificateAuthorityData: sdkCluster.certificateAuthority?.data,
+            kubectlRoleArn: blueprints.getResource(context => new blueprints.LookupRoleProvider(kubectlRoleName).provide(context)).roleArn,
+            clusterSecurityGroupId: sdkCluster.resourcesVpcConfig?.clusterSecurityGroupId
+        });
+
+        // All Grafana Dashboard URLs from `cdk.json` if presentgi
+        const clusterDashUrl: string = utils.valueFromContext(scope, "cluster.dashboard.url", undefined);
+        const kubeletDashUrl: string = utils.valueFromContext(scope, "kubelet.dashboard.url", undefined);
+        const namespaceWorkloadsDashUrl: string = utils.valueFromContext(scope, "namespaceworkloads.dashboard.url", undefined);
+        const nodeExporterDashUrl: string = utils.valueFromContext(scope, "nodeexporter.dashboard.url", undefined);
+        const nodesDashUrl: string = utils.valueFromContext(scope, "nodes.dashboard.url", undefined);
+        const workloadsDashUrl: string = utils.valueFromContext(scope, "workloads.dashboard.url", undefined);
+
+        Reflect.defineMetadata("ordered", true, blueprints.addons.GrafanaOperatorAddon);
+        const addOns: Array<blueprints.ClusterAddOn> = [
+            new blueprints.addons.CloudWatchLogsAddon({
+                logGroupPrefix: `/aws/eks/${stackId}`,
+                logRetentionDays: 30
+            }),
+            new blueprints.addons.AdotCollectorAddOn(),
+            new blueprints.addons.AmpAddOn({
+                ampPrometheusEndpoint: ampPrometheusEndpoint,
+            }),
+            new blueprints.addons.XrayAdotAddOn(),
+            new blueprints.addons.ExternalsSecretsAddOn(),
+            new blueprints.addons.GrafanaOperatorAddon({
+                version: 'v5.0.0-rc3'
+            }),
+            new blueprints.addons.FluxCDAddOn({
+                bootstrapRepo: {
+                    repoUrl: 'https://github.com/aws-observability/aws-observability-accelerator',
+                    name: "grafana-dashboards",
+                    targetRevision: "main",
+                    path: "./artifacts/grafana-operator-manifests/eks/infrastructure"
+                },
+                fluxTargetNamespace: "grafana-operator",
+                bootstrapValues: {
+                    "AMG_AWS_REGION": region,
+                    "AMP_ENDPOINT_URL": ampPrometheusEndpoint,
+                    "AMG_ENDPOINT_URL": amgEndpointUrl,
+                    "GRAFANA_CLUSTER_DASH_URL" : clusterDashUrl,
+                    "GRAFANA_KUBELET_DASH_URL" : kubeletDashUrl,
+                    "GRAFANA_NSWRKLDS_DASH_URL" : namespaceWorkloadsDashUrl,
+                    "GRAFANA_NODEEXP_DASH_URL" : nodeExporterDashUrl,
+                    "GRAFANA_NODES_DASH_URL" : nodesDashUrl,
+                    "GRAFANA_WORKLOADS_DASH_URL" : workloadsDashUrl
+                },
+            }),
+            new GrafanaOperatorSecretAddon(),
+        ];
+
+        ObservabilityBuilder.builder()
+            .account(account)
+            .region(region)
+            .addExistingClusterObservabilityBuilderAddOns()
+            .clusterProvider(importClusterProvider)
+            .resourceProvider(blueprints.GlobalResources.Vpc, new blueprints.VpcProvider(vpcId)) // this is required with import cluster provider
+            .resourceProvider(ampWorkspaceName, new blueprints.CreateAmpProvider(ampWorkspaceName, ampWorkspaceName))
+            .addOns(...addOns)
+            .build(scope, stackId);
+    }
+}

lib/single-new-eks-awsnative-observability-construct/index.ts

@@ -12,17 +12,20 @@ export default class SingleNewEksClusterAWSNativeobservabilityConstruct {
 
         const addOns: Array<blueprints.ClusterAddOn> = [
             new blueprints.addons.KubeProxyAddOn(),
+            new blueprints.addons.AwsLoadBalancerControllerAddOn(),
+            new blueprints.addons.CertManagerAddOn(),
             new blueprints.addons.CloudWatchLogsAddon({
                 logGroupPrefix: `/aws/eks/${stackId}`,
                 logRetentionDays: 30
             }),
             new blueprints.addons.ContainerInsightsAddOn(),
-            // new blueprints.addons.XrayAddOn()
+            new blueprints.addons.XrayAddOn()
         ];
 
         ObservabilityBuilder.builder()
             .account(account)
             .region(region)
+            .addNewClusterObservabilityBuilderAddOns()
             .addOns(...addOns)
             .build(scope, stackId);
     }

lib/single-new-eks-cluster-construct/index.ts

@@ -11,11 +11,13 @@ export default class SingleNewEksConstruct {
 
         const addOns: Array<blueprints.ClusterAddOn> = [
             new blueprints.addons.KubeProxyAddOn(),
+            new blueprints.addons.ClusterAutoScalerAddOn()
         ];
 
         ObservabilityBuilder.builder()
             .account(account)
             .region(region)
+            .addNewClusterObservabilityBuilderAddOns()
             .addOns(...addOns)
             .build(scope, stackId);
     }

lib/single-new-eks-mixed-observability-construct/index.ts

@@ -20,6 +20,8 @@ export default class SingleNewEksMixedobservabilityConstruct {
 
         const addOns: Array<blueprints.ClusterAddOn> = [
             new blueprints.addons.KubeProxyAddOn(),
+            new blueprints.addons.AwsLoadBalancerControllerAddOn(),
+            new blueprints.addons.CertManagerAddOn(),
             new blueprints.addons.CloudWatchLogsAddon({
                 logGroupPrefix: `/aws/eks/${stackId}`,
                 logRetentionDays: 30
@@ -32,6 +34,7 @@ export default class SingleNewEksMixedobservabilityConstruct {
         ObservabilityBuilder.builder()
             .account(account)
             .region(region)
+            .addNewClusterObservabilityBuilderAddOns()
             .addOns(...addOns)
             .build(scope, stackId);
     }

lib/single-new-eks-opensource-observability-construct/graviton-index.ts

@@ -30,6 +30,8 @@ export default class SingleNewEksGravitonOpenSourceObservabilityConstruct {
         Reflect.defineMetadata("ordered", true, blueprints.addons.GrafanaOperatorAddon);
         const addOns: Array<blueprints.ClusterAddOn> = [
             new blueprints.addons.KubeProxyAddOn("v1.27.1-eksbuild.1"),
+            new blueprints.addons.AwsLoadBalancerControllerAddOn(),
+            new blueprints.addons.CertManagerAddOn(),
             new blueprints.addons.CloudWatchLogsAddon({
                 logGroupPrefix: `/aws/eks/${stackId}`,
                 logRetentionDays: 30
@@ -39,6 +41,7 @@ export default class SingleNewEksGravitonOpenSourceObservabilityConstruct {
                 ampPrometheusEndpoint: ampPrometheusEndpoint,
             }),
             new blueprints.addons.XrayAdotAddOn(),
+            new blueprints.addons.ExternalsSecretsAddOn(),
             new blueprints.addons.GrafanaOperatorAddon({
                 version: 'v5.0.0-rc3'
             }),
@@ -74,6 +77,7 @@ export default class SingleNewEksGravitonOpenSourceObservabilityConstruct {
         ObservabilityBuilder.builder()
             .account(account)
             .region(region)
+            .addNewClusterObservabilityBuilderAddOns()
             .resourceProvider(ampWorkspaceName, new blueprints.CreateAmpProvider(ampWorkspaceName, ampWorkspaceName))
             .clusterProvider(new blueprints.MngClusterProvider(mngProps))
             .addOns(...addOns)

lib/single-new-eks-opensource-observability-construct/index.ts

@@ -32,6 +32,8 @@ export default class SingleNewEksOpenSourceobservabilityConstruct {
         Reflect.defineMetadata("ordered", true, blueprints.addons.GrafanaOperatorAddon);
         const addOns: Array<blueprints.ClusterAddOn> = [
             new blueprints.addons.KubeProxyAddOn(),
+            new blueprints.addons.AwsLoadBalancerControllerAddOn(),
+            new blueprints.addons.CertManagerAddOn(),
             new blueprints.addons.CloudWatchLogsAddon({
                 logGroupPrefix: `/aws/eks/${stackId}`,
                 logRetentionDays: 30
@@ -41,6 +43,7 @@ export default class SingleNewEksOpenSourceobservabilityConstruct {
                 ampPrometheusEndpoint: ampPrometheusEndpoint,
             }),
             new blueprints.addons.XrayAdotAddOn(),
+            new blueprints.addons.ExternalsSecretsAddOn(),
             new blueprints.addons.GrafanaOperatorAddon({
                 version: 'v5.0.0-rc3'
             }),
@@ -70,6 +73,7 @@ export default class SingleNewEksOpenSourceobservabilityConstruct {
         ObservabilityBuilder.builder()
             .account(account)
             .region(region)
+            .addNewClusterObservabilityBuilderAddOns()
             .resourceProvider(ampWorkspaceName, new blueprints.CreateAmpProvider(ampWorkspaceName, ampWorkspaceName))
             .addOns(...addOns)
             .build(scope, stackId);