feat: support EKS Auto Mode and Karpenter

Author: Kenichiro Hiraiwa

Dockerfile

@@ -1,5 +1,5 @@
 # Use an official Python runtime as a parent image
-FROM python:3.9-slim-buster as builder
+FROM python:3.11-slim-buster as builder
 
 # Set environment variables
 ENV PYTHONDONTWRITEBYTECODE=1 \
@@ -9,10 +9,10 @@ ENV PYTHONDONTWRITEBYTECODE=1 \
 WORKDIR /server
 
 # Install system dependencies and Python dependencies
-COPY ./server/requirements.txt /server/
+COPY ./server/general/requirements.txt /server/
 RUN pip wheel --no-cache-dir --no-deps --wheel-dir /server/wheels -r requirements.txt
 
-FROM python:3.9-slim-buster as runner
+FROM python:3.11-slim-buster as runner
 
 WORKDIR /server
 
@@ -23,10 +23,10 @@ RUN pip install --no-cache-dir /server/wheels/* \
     && pip install --no-cache-dir uvicorn
 
 # Copy project
-COPY . /server/
+COPY ./server/general/ /server/
 
 # Expose the port the app runs in
 EXPOSE 8000
 
 # Define the command to start the container
-CMD ["uvicorn", "server.app.main:app", "--host", "0.0.0.0", "--port", "8000"]
+CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000"]

Dockerfile.aws-secrets

@@ -0,0 +1,38 @@
+# Use an official Python runtime as a parent image
+FROM python:3.11-slim-buster as builder
+
+# Set environment variables
+ENV PYTHONDONTWRITEBYTECODE 1
+ENV PYTHONUNBUFFERED 1
+
+# Set work directory
+WORKDIR /server
+
+# Install system dependencies
+RUN apt-get update && apt-get install -y build-essential
+
+# Install Python dependencies
+COPY ./server/aws-secrets/requirements.txt /server/
+RUN pip wheel --no-cache-dir --no-deps --wheel-dir /server/wheels -r requirements.txt
+
+FROM python:3.11-slim-buster as runner
+
+WORKDIR /server
+
+# Install system dependencies
+RUN apt-get update && apt-get install -y netcat
+
+# Install Python dependencies
+COPY --from=builder /server/wheels /server/wheels
+COPY --from=builder /server/requirements.txt .
+RUN pip install --no-cache /server/wheels/*
+RUN pip install uvicorn
+
+# Copy project
+COPY ./server/aws-secrets/ /server/
+
+# Expose the port the app runs in
+EXPOSE 8000
+
+# Define the command to start the container
+CMD uvicorn app.main:app --host 0.0.0.0 --port 8000

Dockerfile.opentelemetry

@@ -0,0 +1,38 @@
+# Use an official Python runtime as a parent image
+FROM python:3.11-slim-buster as builder
+
+# Set environment variables
+ENV PYTHONDONTWRITEBYTECODE 1
+ENV PYTHONUNBUFFERED 1
+
+# Set work directory
+WORKDIR /server
+
+# Install system dependencies
+RUN apt-get update && apt-get install -y build-essential
+
+# Install Python dependencies
+COPY ./server/opentelemetry/requirements.txt /server/
+RUN pip wheel --no-cache-dir --no-deps --wheel-dir /server/wheels -r requirements.txt
+
+FROM python:3.11-slim-buster as runner
+
+WORKDIR /server
+
+# Install system dependencies
+RUN apt-get update && apt-get install -y netcat
+
+# Install Python dependencies
+COPY --from=builder /server/wheels /server/wheels
+COPY --from=builder /server/requirements.txt .
+RUN pip install --no-cache /server/wheels/*
+RUN pip install uvicorn
+
+# Copy project
+COPY ./server/opentelemetry/ /server/
+
+# Expose the port the app runs in
+EXPOSE 8000
+
+# Define the command to start the container
+CMD uvicorn app.main:app --host 0.0.0.0 --port 8000

docker-compose-opentelemetry.yml

@@ -0,0 +1,44 @@
+services:
+  adotcollector:
+    image: public.ecr.aws/aws-observability/aws-otel-collector:latest
+    command: ["--config=/etc/adot-config.yaml"]
+    env_file:
+      - .env
+    volumes:
+      - ./server/opentelemetry/adot-collector-config/adot-config.yaml:/etc/adot-config.yaml
+      - ~/.aws:/home/aoc/.aws
+    networks:
+      - webnet
+  db:
+    image: postgres:15
+    env_file:
+      - .env
+    volumes:
+      - ./server/db/init.sh:/docker-entrypoint-initdb.d/init.sh
+      - postgres_data:/var/lib/postgresql@15/data  # Persist PostgreSQL data
+    networks:
+      - webnet
+    depends_on:
+      - adotcollector
+  web:
+    build:
+      context: .
+      dockerfile: Dockerfile.opentelemetry
+    image: fastapi-microservices:${IMAGE_VERSION}
+    command: uvicorn app.main:app --host 0.0.0.0 --port 8000
+    volumes:
+      - ./server/opentelemetry:/server
+    ports:
+      - 8000:8000
+    depends_on:
+      - db
+    networks:
+      - webnet
+    env_file:
+      - .env
+
+networks:
+  webnet:
+
+volumes:
+  postgres_data:  # Define the volume for PostgreSQL data

docker-compose.yml

@@ -1,22 +1,20 @@
-version: '3.8'
-
 services:
   db:
-    image: postgres:13
+    image: postgres:15
     env_file:
       - .env
     volumes:
       - ./server/db/init.sh:/docker-entrypoint-initdb.d/init.sh
-      - postgres_data:/var/lib/postgresql/data  # Persist PostgreSQL data
+      - postgres_data:/var/lib/postgresql@15/data  # Persist PostgreSQL data
     networks:
       - webnet
 
   web:
     build: .
     image: fastapi-microservices:${IMAGE_VERSION}
-    command: uvicorn server.app.main:app --host 0.0.0.0 --port 8000
+    command: uvicorn app.main:app --host 0.0.0.0 --port 8000
     volumes:
-      - .:/server
+      - ./server/general:/server
     ports:
       - 8000:8000
     depends_on:
@@ -30,4 +28,4 @@ networks:
   webnet:
 
 volumes:
-  postgres_data:  # Define the volume for PostgreSQL data
+  postgres_data:  # Define the volume for PostgreSQL data

eks/aws-secrets/deploy-app-with-secrets-manager.yaml

@@ -0,0 +1,63 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: fastapi-service
+  namespace: my-cool-app
+spec:
+  selector:
+    app: fastapi-app
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8000
+  type: NodePort
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: fastapi-deployment
+  namespace: my-cool-app
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: fastapi-app
+  template:
+    metadata:
+      labels:
+        app: fastapi-app
+    spec:
+      containers:
+      - name: web
+        image: 012345678901.dkr.ecr.us-west-2.amazonaws.com/fastapi-microservices:1.0
+        ports:
+        - containerPort: 8000
+        resources:
+          requests:
+            cpu: "200m"
+            memory: "200Mi"
+          limits:
+            cpu: "1000m"
+            memory: "1000Mi"
+      serviceAccount: fastapi-deployment-sa
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: fastapi-ingress
+  namespace: my-cool-app
+  annotations:
+    alb.ingress.kubernetes.io/scheme: internet-facing
+    alb.ingress.kubernetes.io/target-type: ip
+spec:
+  ingressClassName: alb
+  rules:
+  - http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: fastapi-service
+            port:
+              number: 80

eks/create-automode-python.yaml

@@ -0,0 +1,36 @@
+apiVersion: eksctl.io/v1alpha5
+kind: ClusterConfig
+
+# The metadata section is for specifying essential details about your EKS cluster.
+metadata:
+  # name: The name of your EKS cluster.
+  name: automode-quickstart
+  # region: The AWS region where your EKS cluster will be created.
+  region: us-west-2
+  # version: The Kubernetes version to use for your EKS cluster.
+  version: "1.32"
+
+autoModeConfig:
+  # enabled: The cluster enables Auto Mode.
+  enabled: true
+
+# The IAM section is for managing IAM roles and service accounts for your cluster.
+iam:
+  # withOIDC: Enable the creation of the OIDC provider associated with the cluster to allow for IAM Roles for Service Accounts (IRSA).
+  withOIDC: true
+  serviceAccounts:
+  - metadata:
+      name: adot-collector
+      # this is to create the namespace my-cool-app
+      namespace: my-cool-app
+      labels: {aws-usage: "application"}
+    attachPolicyARNs:
+    - "arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess"
+
+# The cloudWatch section is for configuring logging for your cluster.
+cloudWatch:
+ clusterLogging:
+   # enableTypes: Which types of logs to enable. '*' represents all types.
+   enableTypes: ["*"]
+   # logRetentionInDays: The number of days to retain log events.
+   logRetentionInDays: 30

eks/create-fargate-python.yaml

@@ -7,9 +7,9 @@ metadata:
   # name: The name of your EKS cluster.
   name: managednode-quickstart
   # region: The AWS region where your EKS cluster will be created.
-  region: us-east-1
+  region: us-west-2
   # version: The Kubernetes version to use for your EKS cluster.
-  version: "1.29"
+  version: "1.32"
 
 # The IAM section is for managing IAM roles and service accounts for your cluster.
 iam:
@@ -28,7 +28,7 @@ iam:
       namespace: my-cool-app
       labels: {aws-usage: "application"}
     attachPolicyARNs:
-    - "arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess"      
+    - "arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess"
 
 # The managedNodeGroups section is for configuring your EKS managed node groups.
 managedNodeGroups:

eks/create-mng-python.yaml

@@ -29,7 +29,7 @@ spec:
     spec:
       containers:
       - name: web
-        image: 012345678901.dkr.ecr.us-east-1.amazonaws.com/fastapi-microservices:1.0
+        image: 012345678901.dkr.ecr.us-west-2.amazonaws.com/fastapi-microservices:1.0
         ports:
         - containerPort: 8000
         envFrom: