-
Notifications
You must be signed in to change notification settings - Fork 0
/
helm-wordpress-deploy-RDS.yml
245 lines (243 loc) · 9.2 KB
/
helm-wordpress-deploy-RDS.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
AWSTemplateFormatVersion: '2010-09-09'
Description: This Cloudformation template shows you how to use Cloudformation to deploy
WordPress using Helm charts. You will be deploying this into the "Amazon EKS QuickStart"
which is a qre-requist. "https://docs.aws.amazon.com/quickstart/latest/amazon-eks-architecture/welcome.html" **WARNING** You will be billed for the AWS resources used if you create a stack from this template.
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
- Label:
default: Wordpress
Parameters:
- wordpressUsername
- wordpressPassword
- Label:
default: Kube Cluster
Parameters:
- KubeClusterName
- KubeConfigPath
- KubeGetLambdaArn
- KubeConfigKmsContext
- HelmLambdaArn
- Namespace
- Name
- Label:
default: MariaDB (RDS)
Parameters:
- DBMasterUsername
- DBMasterUserPassword
- DBName
- Subnet1ID
- Subnet2ID
- VPCID
- NodeGroupSecurityGroupId
- BastionSecurityGroupId
ParameterLabels:
wordpressUsername:
default: Wordpress Username
wordpressPassword:
default: Wordpress Password
KubeClusterName:
default: EKS Kube Cluster Name
KubeConfigPath:
default: Kube Config Path
KubeGetLambdaArn:
default: Kube Get Lambda ARN
KubeConfigKmsContext:
default: Kube KMS Context
HelmLambdaArn:
default: EKS Stack Helm ARN
Namespace:
default: Kube Namespace for this function
Name:
default: Kube Name for this function
DBMasterUsername:
default: MariaDB Master User Name
DBMasterUserPassword:
default: MariaDB Master User Password
DBName:
default: MariaDB Database Name
Subnet1ID:
default: Private Subnet One
Subnet2ID:
default: Private Subnet Two
VPCID:
default: EKS Stack VPC ID
NodeGroupSecurityGroupId:
default: Node SecurityGroup ID
BastionSecurityGroupId:
default: Bastion SecurityGroup ID
Parameters:
wordpressUsername:
AllowedPattern: ^[a-z][a-z0-9_]*$
ConstraintDescription: User name parameter must be lowercase, begin with a letter,
contain only alphanumeric characters or underscores, and be less than 60 characters.
Default: admin
Description: 'The user name that is associated with the master user account for
Wordpress. The user name must contain fewer than 60 alphanumeric
characters or underscores, and must be lowercase and begin with a letter. '
MaxLength: '60'
MinLength: '1'
Type: String
wordpressPassword:
Description: 'The password that is associated with the master user account for
Wordpress. The password must contain 8 to 64 printable ASCII
characters, excluding: /, ", \'', \ and @. It must contain one uppercase letter,
one lowercase letter, and one number.'
MaxLength: '64'
NoEcho: 'true'
Type: String
HelmLambdaArn:
Description: 'Get this from the EKSStack outputs section in CloudFormation.'
Type: String
KubeClusterName:
Description: 'This is the "EKSClusterName" you get from the EKSStack outputs section in CloudFormation.'
Type: String
KubeConfigPath:
Description: 'Get this from the EKSStack outputs section in CloudFormation.'
Type: String
KubeGetLambdaArn:
Description: 'Get this from the EKSStack outputs section in CloudFormation.'
Type: String
KubeConfigKmsContext:
Description: 'This is using the default from the AWS EKS Quick Start, if you modified
this context when deploying. You need to use the modified KMS context here.'
Type: String
Default: "EKSQuickStart"
Namespace:
Description: 'Modify to use a custom Namespace. The Namespace up to 63 characters
long. The characters allowed in names are: digits (0-9), lower case letters (a-z),
and underscore(s)(cannot start or end with)'
Type: String
Default: "example-helm-rds"
Name:
Description: 'Modify to use a custom Names. The Names up to 253 characters
long. The characters allowed in names are: digits (0-9), lower case letters (a-z), -,
and ..'
Type: String
Default: "myrelease-rds"
DBMasterUsername:
AllowedPattern: '[a-zA-Z][a-zA-Z0-9]*'
ConstraintDescription: must begin with a letter and contain only alphanumeric characters.
Default: mariadb
Description: "The database admin account username"
MaxLength: '16'
MinLength: '1'
NoEcho: 'true'
Type: String
DBMasterUserPassword:
AllowedPattern: '(?=^.{6,255}$)((?=.*\\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.*'
ConstraintDescription: "Min 8 chars. Must include 1 uppercase, 1 lowercase, 1 number, 1 (non / @ \" ') symbol"
Description: "Password for the master ('mariadb') account. Password must meeting the following: Min 8 chars. Must include 1 uppercase, 1 lowercase, 1 number, 1 (non / @ \" ') symbol."
MinLength: 8
MaxLength: 128
NoEcho: true
Type: String
DBName:
AllowedPattern: '[a-zA-Z][a-zA-Z0-9]*'
ConstraintDescription: must begin with a letter and contain only alphanumeric characters. Cannot be longer than 64 charcters.
Default: wordpress
Description: "The database name to create."
MaxLength: '64'
MinLength: '1'
Type: String
Subnet1ID:
Description: 'Get Private Subnet 1 ID from the VPCStack outputs section in CloudFormation.'
Type: AWS::EC2::Subnet::Id
Subnet2ID:
Description: 'Get Private Subnet 2 ID from the VPCStack outputs section in CloudFormation.'
Type: AWS::EC2::Subnet::Id
NodeGroupSecurityGroupId:
Description: 'Get NodeGroupSecurityGroupId from the EKSStack outputs section in CloudFormation.'
Type: String
BastionSecurityGroupId:
Description: 'Get BastionSecurityGroupId from the EKSStack outputs section in CloudFormation.'
Type: String
VPCID:
Type: AWS::EC2::VPC::Id
Description: 'Get VCP ID from the VPCStack outputs section in CloudFormation.'
Resources:
DBEC2SecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Open database for access
VpcId: !Ref VPCID
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '3306'
ToPort: '3306'
SourceSecurityGroupId: !Ref NodeGroupSecurityGroupId
Description: "This rule is needed to allow RDS from the Node Instances."
DBInboundRule:
Type: "AWS::EC2::SecurityGroupIngress"
Properties:
Description: "This rule is needed to allow RDS from the Bastion Instance."
GroupId: !GetAtt DBEC2SecurityGroup.GroupId
IpProtocol: tcp
FromPort: '3306'
ToPort: '3306'
SourceSecurityGroupId: !Ref BastionSecurityGroupId
DBSubnetGroup:
Type: "AWS::RDS::DBSubnetGroup"
Properties:
DBSubnetGroupDescription: "Subnets available for the MariaDB database instance"
SubnetIds:
- !Ref Subnet1ID
- !Ref Subnet2ID
WPDB:
Type: AWS::RDS::DBInstance
Properties:
AllocatedStorage: 10
AutoMinorVersionUpgrade: true
BackupRetentionPeriod: 7
DBInstanceClass: db.m5.large
# In the next line of code the '-DB' delimeter is used to get the root stack name for database identifier
# 'AWS::StackName' produces MASTER_STACK_NAME-DB (as DB is the name of the nested stack resource).
DBInstanceIdentifier: !Sub ["${RootStack}-db", RootStack: !Select [0, !Split ['-DB', !Ref 'AWS::StackName']]]
DBSubnetGroupName: !Ref DBSubnetGroup
Engine: mariadb
EngineVersion: 10.3
MasterUsername: !Ref DBMasterUsername
MasterUserPassword: !Ref DBMasterUserPassword
MultiAZ: false
StorageEncrypted: true
StorageType: gp2
DBName: !Ref DBName
Tags:
- Key: Name
Value: !Sub ["${StackName} Confluence MariaDB Database", StackName: !Ref 'AWS::StackName']
VPCSecurityGroups:
- !GetAtt DBEC2SecurityGroup.GroupId
HelmExample:
Type: "Custom::Helm"
Version: '1.0'
Properties:
ServiceToken: !Ref HelmLambdaArn
KubeConfigPath: !Ref KubeConfigPath
KubeConfigKmsContext: !Ref KubeConfigKmsContext
KubeClusterName: !Ref KubeClusterName
Namespace: !Ref Namespace
Chart: stable/wordpress
Name: !Ref Name
Values:
wordpressUsername: !Ref wordpressUsername
wordpressPassword: !Ref wordpressPassword
mariadb.enabled: false
externalDatabase.host: !GetAtt WPDB.Endpoint.Address
externalDatabase.user: !Ref DBMasterUsername
externalDatabase.password: !Ref DBMasterUserPassword
externalDatabase.database: !Ref DBName
externalDatabase.port: 3306
WPElbHostName:
DependsOn: HelmExample
Type: "Custom::KubeGet"
Version: '1.0'
Properties:
ServiceToken: !Ref KubeGetLambdaArn
KubeConfigPath: !Ref KubeConfigPath
KubeConfigKmsContext: !Ref KubeConfigKmsContext
Namespace: !Ref Namespace
Name: !Sub 'service/${Name}-wordpress'
JsonPath: '{.status.loadBalancer.ingress[0].hostname}'
Outputs:
WPElbHostName:
Value: !Ref WPElbHostName