aws-quickstart · freschri · Jun 3, 2023 · Jun 18, 2023 · Jun 18, 2023 · Jun 20, 2023
@@ -0,0 +1,30 @@
+# Konveyor Amazon EKS Blueprints AddOn
+
+This add-on installs [Konveyor](https://konveyor.github.io/).
+
+Konveyor helps large organizations modernize enterprise java applications to Kubernetes. It serves as a platform providing a view of an organization's applications, allowing Assessment and Analysis capabilities to be executed at scale to help Architects get a better feel of the issues present in application source code in regard to deploying to a new environment such as Kubernetes, or other technologies.
+
+It is structured around the concept of a [Unified Experience](https://github.com/konveyor/enhancements/tree/master/enhancements/unified_experience) to aid multiple personas such as Enterprise Architects who manage modernization engagements as well as the Migrators, or developers who carry out the specific refactoring development work.
+
+Konveyor [is released as an Operator](https://github.com/konveyor/tackle2-operator).
+
+The Konveyor operator deploys the components below:
+
+- [Analysis](https://github.com/windup/windup)
+- [Hub](https://github.com/konveyor/tackle2-hub)
+- [UI](https://github.com/konveyor/tackle2-ui)
+- [Assessments](https://github.com/konveyor/tackle-pathfinder)
+
+
+## Dependencies
+
+The add-on depends on the following components:
+- Operator Lifecycle Manager add-on (_OlmAddOn_)
+- [AWS Load Balancer Controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller/) add-on (_AwsLoadBalancerControllerAddOn_), which will instantiate an [ALB](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/introduction.html) to fulfill the Ingress deployed by this add-on
+- [EBS CSI Driver Amazon EKS add-on](https://aws-quickstart.github.io/cdk-eks-blueprints/addons/ebs-csi-driver/) (_EbsCsiDriverAddOn_), to provide Persistent Volumes (PVs) fulfilling Konveyor's Persistent Volume Claims (PVCs)
+- a subdomain for the Konveyor application
+- a certificate for the subdomain, made available by the either _CreateCertificateProvider_ or _ImportCertificateProvider_, to be assigned to the load balancer
+
+## Setup
+
+For a fully working setup, please see the Konveyor pattern in the EKS Blueprints Pattern [repository](https://github.com/aws-samples/cdk-eks-blueprints-patterns).
@@ -0,0 +1,7 @@
+# Operator Lifecycle Manager Amazon EKS Blueprints AddOn
+
+This add-on installs [Operator Lifecycle Manager](https://olm.operatorframework.io/) (OLM).
+
+## Setup
+
+OLM defines Custom Resource Definitions (CRDs). Operators relying on those CRDs should be deployed once the CRDs are defined, to avoid deployment errors from Kubernetes. To avoid such errors, you can create a KubernetesObjectValue and add a dependency on that. For a working example, please see the Konveyor add-on.
@@ -24,11 +24,13 @@ export * from './fluxcd';
 export * from './grafana-operator';
 export * from './helm-addon';
 export * from './karpenter';
+export * from './konveyor';
 export * from './kube-proxy';
 export * from './kube-state-metrics';
 export * from './metrics-server';
 export * from './nested-stack';
 export * from './nginx';
+export * from './olm';
 export * from './opa-gatekeeper';
 export * from './prometheus-node-exporter';
 export * from './secrets-store';

@@ -0,0 +1,176 @@
+import { ClusterAddOn, ClusterInfo } from "../../spi";
+import { Construct } from 'constructs';
+import { readYamlDocument, loadYaml, dependable } from "../../utils";
+import { KubectlProvider, ManifestDeployment } from "../helm-addon/kubectl-provider";
+import { KubernetesObjectValue } from "aws-cdk-lib/aws-eks";
+import { ICertificate } from "aws-cdk-lib/aws-certificatemanager";
+
+export interface KonveyorAddOnProps {
+    /**
+     * Namespace for Konveyor/Tackle.
+     * @default 'konveyor-operator'
+     */
+    namespace?: string;
+    /**
+     * Konveyor/Tackle name.
+     * @default 'tackle'
+     */
+    konveyorName?: string;
+    /**
+    * See https://github.com/konveyor/tackle2-operator
+    * @default '100Gi'
+    */
+    cacheDataVolumeSize?: string;
+    /**
+    * See https://github.com/konveyor/tackle2-operator
+    *  @default '100Gi'
+    */
+    hubBucketVolumeSize?: string;
+    /**
+    * See https://github.com/konveyor/tackle2-operator
+    *  @default 'false'
+    */
+    rwxSupported?: string;
+    /**
+    * See https://github.com/konveyor/tackle2-operator
+    *  @default 'false'
+    */
+    featureAuthRequired?: string;
+    /**
+    * See https://github.com/konveyor/tackle2-operator
+    *  @default 'true'
+    */
+    featureIsolateNamespace?: string;
+    /**
+    * See https://github.com/konveyor/tackle2-operator
+    *  @default '5Gi'
+    */
+    hubDatabaseVolumeSize?: string;
+    /**
+    * See https://github.com/konveyor/tackle2-operator
+    * @default '1Gi'
+    */
+    keycloakDatabaseDataVolumeSize?: string;
+    /**
+    * See https://github.com/konveyor/tackle2-operator
+    * @default '100Gi'
+    */
+    pathfinderDatabaseDataVolumeSize?: string;
+    /**
+     * Ingress name
+     * @default 'http-ingress'
+     */
+    ingressName?: string;
+    /**
+     * Service name for the Ingress configuration
+     * @default 'tackle-ui'
+     */
+    serviceName?: string;
+    /**
+     * Service port for the Ingress configuration
+     * @default '8080'
+     */
+    servicePort?: number;
+    /**
+     * Certificate resource name for the Ingress HTTPS configuration
+     */
+    certificateResourceName: string;
+    /**
+     * Subdomain to be assigned to the Load Balancer
+     */
+    subdomain: string;
+    /**
+     * URL of the Konveyor Operator Manifest
+     */
+    konveyorOperatorManifestUrl?: string;
+}
+
+/**
+ * Default Konveyor/Tackle properties
+ */
+const defaultProps = {
+    namespace: "konveyor-operator",
+    konveyorName: "tackle",
+    cacheDataVolumeSize: "100Gi",
+    hubBucketVolumeSize: "100Gi",
+    rwxSupported: "false",
+    featureAuthRequired: "false",
+    featureIsolateNamespace: "true",
+    hubDatabaseVolumeSize: "5Gi",
+    keycloakDatabaseDataVolumeSize: "1Gi",
+    pathfinderDatabaseDataVolumeSize: "100Gi",
+    ingressName: "http-ingress",
+    serviceName: "tackle-ui",
+    servicePort: 8080,
+    konveyorOperatorManifestUrl: "https://operatorhub.io/install/konveyor-0.1/konveyor-operator.yaml"
+};
+
+export class KonveyorAddOn implements ClusterAddOn {
+    readonly props: KonveyorAddOnProps;
+
+    constructor(props?: KonveyorAddOnProps) {
+        this.props = { ...defaultProps, ...props } as KonveyorAddOnProps;
+    }
+
+    @dependable('AwsLoadBalancerControllerAddOn')
+    @dependable("EbsCsiDriverAddOn")
+    @dependable("OlmAddOn")
+    deploy(clusterInfo: ClusterInfo): void | Promise<Construct> {
+        const kubectlProvider = new KubectlProvider(clusterInfo);
+
+        // load Konveyor operator from URL
+        /* eslint-disable */
+        const request = require('sync-request');
+        const response = request('GET', this.props.konveyorOperatorManifestUrl);
+        const konveyorOperatorDoc: string = response.getBody().toString();
+        const konveyorOperatorDocReplacedNamespace = konveyorOperatorDoc.replace(/my-konveyor-operator/g, this.props.namespace!);
+        const konveyorOperatorManifest = konveyorOperatorDocReplacedNamespace.split("---").map(e => loadYaml(e));
+
+        const konveyorOperatorDeployment: ManifestDeployment = {
+            name: "konveyor-operator-deployment",
+            namespace: this.props.namespace!,
+            manifest: konveyorOperatorManifest,
+            values: {}
+        };
+
+        const konveyorOperatorStatement = kubectlProvider.addManifest(konveyorOperatorDeployment);
+
+        // wait for OLM to be deployed otherwise CRDs are not found
+        const waitOLMDeployment = new KubernetesObjectValue(konveyorOperatorStatement, 'WaitOLMDeployment', {
+            cluster: clusterInfo.cluster,
+            objectType: "Service",
+            objectName: "operatorhubio-catalog",
+            objectNamespace:"olm",
+            jsonPath: ".metadata.name"
+        });
+
+        konveyorOperatorStatement.node.addDependency(waitOLMDeployment);
+
+        // load Tackle and Ingress resources
+        const doc = readYamlDocument(__dirname + "/tackle-manifest.ytpl");
+        const konveyorManifest = doc.split("---").map(e => loadYaml(e));
+
+        const certificateArn = clusterInfo.getResource<ICertificate>(this.props.certificateResourceName)?.certificateArn;
+        const subdomain = this.props.subdomain;
+        const konveyorManifestDeployment: ManifestDeployment = {
+            name: "konveyor-deployment",
+            namespace: this.props.namespace!,
+            manifest: konveyorManifest,
+            values: { ...this.props, certificateArn, subdomain }
+        };
+
+        const konveyorStatement = kubectlProvider.addManifest(konveyorManifestDeployment);
+
+        // wait for Konveyor to be deployed otherwise CRDs are not found
+        const waitKonveyorOperatorDeployment = new KubernetesObjectValue(konveyorStatement, 'WaitKonveyorOperatorDeployment', {
+          cluster: clusterInfo.cluster,
+          objectType: "CustomResourceDefinition",
+          objectName: "tackles.tackle.konveyor.io",
+          jsonPath: ".spec.group"
+        });
+
+        konveyorStatement.node.addDependency(waitKonveyorOperatorDeployment);
+
+        return Promise.resolve(konveyorStatement);
+    }
+}
@@ -0,0 +1,39 @@
+kind: Tackle
+apiVersion: tackle.konveyor.io/v1alpha1
+metadata:
+  name: "{{konveyorName}}"
+  namespace: "{{namespace}}"
+spec:
+  cache_data_volume_size: "{{cacheDataVolumeSize}}"
+  hub_bucket_volume_size: "{{hubBucketVolumeSize}}"
+  rwx_supported: "{{rwxSupported}}"
+  feature_auth_required: "{{featureAuthRequired}}"
+  feature_isolate_namespace: "{{featureIsolateNamespace}}"
+  hub_database_volume_size: "{{hubDatabaseVolumeSize}}"
+  keycloak_database_data_volume_size: "{{keycloakDatabaseDataVolumeSize}}"
+  pathfinder_database_data_volume_size: "{{pathfinderDatabaseDataVolumeSize}}"
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: "{{ingressName}}"
+  namespace: "{{namespace}}"
+  annotations:      
+    alb.ingress.kubernetes.io/scheme: internet-facing
+    alb.ingress.kubernetes.io/target-type: ip
+    alb.ingress.kubernetes.io/certificate-arn: "{{certificateArn}}"
+spec:
+  ingressClassName: alb
+  tls:
+  - hosts:
+      - "{{subdomain}}"
+  rules:
+  - http:
+      paths:
+        - path: /
+          pathType: Prefix
+          backend:
+            service:
+              name: "{{serviceName}}"
+              port:
+                number: 8080
@@ -0,0 +1,76 @@
+import { ClusterAddOn, ClusterInfo } from "../../spi";
+import { Construct } from 'constructs';
+import { loadYaml } from "../../utils/yaml-utils";
+import { KubectlProvider, ManifestDeployment } from "../helm-addon/kubectl-provider";
+import * as assert from "assert";
+
+const OLMDownloadURL = "https://github.com/operator-framework/operator-lifecycle-manager/releases/download/";
+
+export interface OlmAddOnProps {
+  /**
+  * OLM version
+  */
+  version?: string
+}
+
+/**
+ * Default OLM properties
+ */
+const defaultProps = {
+  version: "v0.21.2"
+};
+
+export class OlmAddOn implements ClusterAddOn {
+    readonly props: OlmAddOnProps;
+    readonly manifestUrls: string[];
+
+    constructor(props?: OlmAddOnProps) {
+      this.props = {...defaultProps, ...props};
+      this.manifestUrls = [
+        OLMDownloadURL+this.props.version+"/crds.yaml",
+        OLMDownloadURL+this.props.version+"/olm.yaml"
+      ];
+    }
+
+    deploy(clusterInfo: ClusterInfo): void | Promise<Construct> {
+      let previousResource: Construct;
+      const resources: Construct[] = [];
+
+      /* eslint-disable */
+      const request = require('sync-request');
+      const kubectlProvider = new KubectlProvider(clusterInfo);
+
+      this.manifestUrls!.map((manifestUrl, urlIndex) => {
+        const response = request('GET', manifestUrl);
+        // workaround: KubectlProvider is based on Lambda, which fails if the manifests are too large, so we:
+        // 1. break the YAMLs
+        // 2. remove descriptions
+        const doc: string = response.getBody().toString();
+        const trimmedDoc = doc.replace(/description:.*[a-zA-Z0-9].*\n/g, 'description: removed\n');
+        const manifests = trimmedDoc.split("---").filter(e=>e.length>0).map(e => loadYaml(e));
+
+        const batchResources = manifests.map((manifest, docIndex) => {
+          const manifestDeployment: ManifestDeployment = {
+            name: "olmIdx"+urlIndex+docIndex,
+            namespace: "olm",
+            manifest: [manifest],
+            values: {}
+          };
+
+          const resource = kubectlProvider.addManifest(manifestDeployment);
+
+          if (previousResource != undefined) {
+            resource.node.addDependency(previousResource);
+          }
+          previousResource = resource;
+          return resource;
+        });
+
+        resources.push(...batchResources);
+      });
+
+      assert(resources.length > 0, "No OLM manifest found");
+
+      return Promise.resolve(resources.at(-1)!);
+    }
+}