Simple_Web_App

Folder Structure

.
├── Application
│   ├── Docker
│   │   ├── Dockerfile
│   │   ├── SimpleWeb
│   │   │   ├── db.php
│   │   │   ├── index.php
│   │   │   └── test.php
│   │   └── build.sh
│   └── k8s
│       ├── configmap.yaml
│       ├── deployment.yaml
│       ├── namespace.yaml
│       └── service.yaml
├── README.md
├── backend.tf
├── kubeconfig_simple-web-app-eks
├── main.tf
├── modules
│   ├── ECR
│   │   ├── main.tf
│   │   ├── outputs.tf
│   │   └── variables.tf
│   ├── EKS
│   │   ├── main.tf
│   │   ├── outputs.tf
│   │   └── variables.tf
│   ├── KMS
│   │   ├── iam.tf
│   │   ├── main.tf
│   │   ├── outputs.tf
│   │   └── variables.tf
│   ├── RDS
│   │   ├── main.tf
│   │   ├── outputs.tf
│   │   └── variables.tf
│   └── VPC
│       ├── main.tf
│       ├── outputs.tf
│       └── variables.tf
└── variables.tf

Running the solution

The solution is divided into 2 parts:

• Infrasturcture
• Application

Prerequisites

The solution assumes that the following have been installed on your system:

• kubectl > 1.11
• terraform > 0.13
• docker
• awscli 2.x

Furthermore you will need to have access to an AWS environment.

Optional: An S3 bucket to store the tfstate file. If you dont want to create one or you dont have on the please comment or delete the backed.tf

Terraform inputs required

Requirements

Name	Version
kubernetes	~> 1.11

Providers

No provider.

Inputs

Name	Description	Type	Default	Required
application_name	The application name	string	"SimpleWebApp"	no
aws_account_id	The AWS account id	number	"723949785394"	no
cidr_block_target_vpc	CIDR block of the VPC	string	"10.0.0.0/16"	no
cluster_name	EKS cluster name	string	"simple-web-app-eks"	no
db_name	The name of the database	string	"swa"	no
environment	The environment we will be deploying to, i.e sandbox,test,uat,prod	string	"sandbox"	no
identifier	What will the RDS instance be called	string	"swa"	no
map_accounts	Additional AWS account numbers to add to the aws-auth configmap.	list(string)	[]	no
map_roles	Additional IAM roles to add to the aws-auth configmap.	list(object({ rolearn = string username = string groups = list(string) }))	[]	no
map_users	Additional IAM users to add to the aws-auth configmap.	list(object({ userarn = string username = string groups = list(string) }))	[ { "groups": [ "system:masters" ], "userarn": "arn:aws:iam::723949785394:user/tschizas", "username": "tschizas" } ]	no
region	Where we will be deploying to	string	"eu-west-2"	no
tags	Default Tags to be used on all created resources	object( { application = string automanage = bool backup_retention = string backup_schedule = string metadata = string owner = string } )	{ "application": "Simple Web App", "automanage": true, "backup_retention": "N/A", "backup_schedule": "N/A", "metadata": "N/A", "owner": "Thomas" }	no
target_vpc_id	The target VPC ID where the instances will be deployed to	string	""	no
vpc_tags	n/a	object( { Name = string } )	{ "Name": "" }	no

Outputs

Name	Description
azs	List of availability zones
config_map_aws_auth	A kubernetes configuration to authenticate to this EKS cluster.
db_instance_backend_endpoint	RDS Outputs
db_instance_backend_name	n/a
db_instance_backend_port	n/a
db_instance_backend_resource_id	n/a
db_instance_backend_sg_id	n/a
db_instance_backend_username	n/a
db_instance_id	n/a
db_subnet_group_id	DB Subnet Group ID
name	The VPC name
nat_public_ips	List of public Elastic IPs created for AWS NAT Gateway
private_subnets	List of IDs of private subnets
public_subnets	List of IDs of public subnets
rds_kms_key_arn	The RDS KMS Key arn
rds_kms_key_id	The RDS KMS Key ID
repository_url	The ECR repo URL
vpc_cidr_block	The CIDR block of the VPC
vpc_id	The ID of the VPC

Run the infrastructure

• Login to AWS via SSO or export the profile you are using
• Update any variables on main.tf. If you want to run this on a local state you will need to either delete or comment out the backend.tf as this assumes that an S3 bucket is created.
• Run terraform init; this will initialise all the required modules
• Run terraform plan; this will plan and show you the resources that will be created
• Run terraform apply; this will create the resources. Please note that these resources are billable

Deploy the application

• Navigate to the Application folder
• Optional: Update the the db.php with the correct value for the database test (should you wish to use this)
• Run the build.sh script and pass the ECR url
• Copy the kubeconfig_* details into your .kube/config this will give you access to EKS
• Navigate to the k8s folder and run kubectl apply -f . this will apply all the files in that folder

Further Improvements

Backend

I believe I could have used [Aurora Serverless][https://aws.amazon.com/rds/aurora/serverless/], as it would have been less costly and far easier to manage.

K8s deployment

I would have much prefered to create a Helm chart for the application as this way we could have used a template to deploy it anywhere with only minor changes. Furthermore, I am not a great fan of having passwords in plain sight so I would have used secrets (ideally Vault or equivelent) to store the db username & password to be consumed by the application.

Testing

• Run a busybox and do a curl on the LB on the port to ensure the website is running
• Terratest that the DB & EKS are provisioned correctly (private subnets) and cannot be accessed externaly

CI/CD

Ideally this (along with the previous) should be run through a CI/CD process