DEV Community: Welcoming Sloth The latest articles on DEV Community by Welcoming Sloth (@caravaggio). https://dev.to/caravaggio https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F872047%2F75af5fee-c5f5-4b7d-9aa1-2a830e217cf7.jpg DEV Community: Welcoming Sloth https://dev.to/caravaggio en Quickly create a local postgres database with docker Welcoming Sloth Mon, 12 Jun 2023 13:38:37 +0000 https://dev.to/caravaggio/quickly-create-a-local-postgres-database-with-docker-5fc https://dev.to/caravaggio/quickly-create-a-local-postgres-database-with-docker-5fc <p>Here are some quick package.json scripts to create, remove, start, and stop a local docker postgres database.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"scripts"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"db:create"</span><span class="p">:</span><span class="w"> </span><span class="s2">"docker run --name DB_NAME -e POSTGRES_PASSWORD=postgres -p DB_EXTERNAL_PORT:5432 -d postgres"</span><span class="p">,</span><span class="w"> </span><span class="nl">"db:remove"</span><span class="p">:</span><span class="w"> </span><span class="s2">"docker rm DB_NAME"</span><span class="p">,</span><span class="w"> </span><span class="nl">"db:start"</span><span class="p">:</span><span class="w"> </span><span class="s2">"docker start DB_NAME"</span><span class="p">,</span><span class="w"> </span><span class="nl">"db:stop"</span><span class="p">:</span><span class="w"> </span><span class="s2">"docker stop DB_NAME"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Used env vars:<br> <code>DB_NAME</code>: Name for the docker container to create.<br> <code>DB_EXTERNAL_PORT</code>: What local port the database should be accessible from. Use 5432 for default pg port.</p> A dependency to deploy Next apps to GitHub Pages ⚡ Welcoming Sloth Sat, 06 May 2023 17:29:15 +0000 https://dev.to/caravaggio/a-dependency-to-deploy-next-app-to-github-pages-43i4 https://dev.to/caravaggio/a-dependency-to-deploy-next-app-to-github-pages-43i4 <p>Recently I made a small tool named <a href="https://github.com/Tomburgs/neght">neght</a>, heavily inspired by <a href="https://github.com/storybook-eol/storybook-deployer">storybook-deployer</a>, to help developers deploy their static <a href="https://nextjs.org/">Next.js</a> apps to <a href="https://pages.github.com/">GitHub Pages</a>.</p> <h3> Preview </h3> <p><iframe width="710" height="399" src="https://www.youtube.com/embed/TrWWXW6akhA"> </iframe> </p> <h3> What is Neght 💭 </h3> <p>Neght is a tool / dependency you can add to your project to easily deploy it to GitHub Pages. It builds the project in a way that's compatible with GitHub Pages and then pushes it to a designated branch. </p> <h3> How it works 👩‍🔧 </h3> <p>First, configure your Next app to be <a href="https://nextjs.org/docs/pages/building-your-application/deploying/static-exports">static site</a>, which consists of adding <code>output: 'export'</code> to your next config.</p> <p>Then, add <a href="https://www.npmjs.com/package/neght">neght</a> as a dependency (<code>yarn add neght</code>).</p> <p>Finally, add neght as a script to your package.json.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="nl">"scripts"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"build"</span><span class="p">:</span><span class="w"> </span><span class="s2">"next build"</span><span class="p">,</span><span class="w"> </span><span class="nl">"deploy"</span><span class="p">:</span><span class="w"> </span><span class="s2">"neght --script build --branch gh-pages"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>That's it! Now when you run the <code>deploy</code> script neght will take care of building your Next project and pushing it to <code>gh-pages</code> branch of your repository.</p> <p>All that remains for you to do is to make sure that GitHub serves the <code>gh-pages</code> branch through GitHub Pages and you're all done.</p> <h3> Links 🔗 </h3> <p>GitHub: <a href="https://github.com/Tomburgs/neght">https://github.com/Tomburgs/neght</a><br> npm: <a href="https://www.npmjs.com/package/neght">https://www.npmjs.com/package/neght</a></p> webdev node nextjs tooling Generative art, flow fields, and books Welcoming Sloth Wed, 31 Aug 2022 10:45:30 +0000 https://dev.to/caravaggio/generative-art-flow-fields-and-books-1fb3 https://dev.to/caravaggio/generative-art-flow-fields-and-books-1fb3 <h2> Backstory </h2> <p>A few weeks ago, while working on <a href="https://readshape.com">ReadShape</a>, I was faced with a not very surprising issue. Some books don't have covers. Never did, never will.</p> <p>How is this possible? Well, when you walk into a book store of course all the books will have covers, even if just to keep all the paper together. But we live in the digital age, where anyone can publish a book without a publisher and in some cases without using proper grammar. In such cases you will often times encounter books without a cover.</p> <p>This creates a somewhat unique problem. Of course, you can go with a simple solution and just display a cover-not-found.jpeg, but that's not over-engineered enough.</p> <p>This led me down the colorful &amp; artsy path of generative art.</p> <h2> What is generative art? </h2> <p>Essentially, generative art is art which was generated by a machine using an algorithm.</p> <p>The cool thing about it is that it can output wildly different results each time it's ran.</p> <h3> Examples </h3> <p>This is some generative art from Tyler Hobbs titled "Fidenza". Each a different invocation of the same algorithm.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--BnczzrEH--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/h1jec4fp6djwluc4y0lk.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--BnczzrEH--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/h1jec4fp6djwluc4y0lk.png" alt="Fidenza" width="800" height="351"></a></p> <p>Here is a different algorithm from Kjetil Golid titled "Tilework".</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--7sIwGXb3--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/20zkxnswy5s8intmnowj.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--7sIwGXb3--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/20zkxnswy5s8intmnowj.png" alt="Tilework" width="300" height="251"></a></p> <h2> Flow fields </h2> <p>As could be seen from the examples, there's a fair bit of variance in output that each algorithm can produce.</p> <p>In many cases the algorithm needs to produce some amount of overall uniformity. The Fidenza output would not look nearly as good if each line would go in a new direction randomly.</p> <p>To have this overall uniformity often times something called a <a href="https://en.wikipedia.org/wiki/Vector_field">"flow field"</a> (also known as <a href="https://en.wikipedia.org/wiki/Vector_field">"vector field"</a>) is used. Essentially what it does is it creates a grid where each vector contains a direction. </p> <p>It is more easy to understand with the following picture. </p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--yE_wel3p--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/8bfo8kxruc0ek20erg99.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--yE_wel3p--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/8bfo8kxruc0ek20erg99.png" alt="Vector field" width="300" height="300"></a></p> <p>Now that each point sets you going in some direction you simply pick a point and follow the arrows for N steps.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--m2drS4IV--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/1ggcgac2iawacicqmdc8.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--m2drS4IV--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/1ggcgac2iawacicqmdc8.png" alt="Following the vector field" width="300" height="300"></a></p> <p>Generating a flow field is something I won't go into, but if you're curious about learning more have a look at <a href="https://tylerxhobbs.com/essays/2020/flow-fields">this post from Tyler Hobbs</a>.</p> <h2> Book covers </h2> <p>Now, back to why we're going down this rabbit hole in the first place — books.</p> <p>Generative art seems to be just the thing I'm looking for. However, something that still has to be kept in mind is that for my use case, given the same inputs, I always want to return the same output. This is simply so that I could save on my S3 bill and generate these covers on the fly.</p> <p>This means a few things — no random values, no unnecessary dependencies, and it has to be fast.</p> <p>What I ended up doing was creating a murmur hash based on the input arguments, because murmur is fast and always returns a uint32 value. Perfect for doing probability-based decisions, creating rgb values, and good enough for creating a flow field.</p> <p>If you're interested in viewing the source code, have a look here: <a href="https://github.com/ReadShape/covers">https://github.com/ReadShape/covers</a></p> <p>Here are is an example of the outcome</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--_bC1bHPd--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/8d55khxeqeacvjb5mvl2.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--_bC1bHPd--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/8d55khxeqeacvjb5mvl2.png" alt="ReadShape Covers" width="800" height="296"></a></p> <p>It's simple, fast, and contains a good amount of variety. You can play around with it <a href="https://readshape.github.io/covers/?path=/story/cover--controllable">here</a>.</p> <h2> Conclusion </h2> <p>I hope you learned something new today, and hopefully you'll be able to see these covers in action soon on <a href="https://readshape.com">ReadShape</a>.</p> <p>You're also welcome to contribute to the <a href="https://github.com/ReadShape/covers">GitHub repository</a>.</p> <p>— T</p> javascript art react Tasks & Advisory Locks Welcoming Sloth Mon, 11 Jul 2022 19:01:49 +0000 https://dev.to/caravaggio/tasks-advisory-locks-4dol https://dev.to/caravaggio/tasks-advisory-locks-4dol <p><em>This post is on how to utilize postgres advisory locks to create introspectable asynchronous job orchestration between microservices</em></p> <h2> Pretext </h2> <p>Recently I found myself with a task which required creating asynchronous, introspectable, jobs.</p> <p>Now, this issue is nothing new. In fact, there's plenty of really good solutions out there. This can be easily achieved with tools such as kafka, mqs, there's even tools like cadence which take this to the next level.</p> <p>However, while these are all very good solutions, they can also be too much. What if all you have is a single postgres instance? Well, that's the situation I was in, and the solution was fairly simple — advisory locks!</p> <p>Before I go further, let me explain the situation I was in.</p> <h2> Situation </h2> <p>Lets say a user request something from your system which requires some process to be completed in the background.</p> <p>It could take a minute, or an hour, or 3 months. No matter how long the task takes, the point is the response cannot be returned immediately.</p> <h3> In a simple world </h3> <p>In this example the users ask from the system to generate them an invoice.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--zwAovJqf--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/wsx3s7vpn55d9vv0yt2k.jpg" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--zwAovJqf--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/wsx3s7vpn55d9vv0yt2k.jpg" alt="Diagram of task" width="300" height="381"></a></p> <p>Creating a database entry in a tasks table would be simple enough, it's in pending state while being worked on, and deleted or set to done when it's finished.</p> <p>All we really need to do is be able to resume the task if the system running the task crashes or is interrupted.</p> <p>However, we're running in a microservice environment, and that makes everything that used to be simple an <strong>adventure</strong>.</p> <h3> The microservice adventure </h3> <p>So what do we do now? We don't want 20 instances performing the same task at the same time.</p> <p>In reality the "just make a database entry" approach is still valid, but now we need to know whether a process should resume processing any pending tasks once it restarts.</p> <p>Of course, if a service crashes it won't have the chance to update the entry to say "available for pickup".</p> <p>A simple solution, if you're using postgres, is to use advisory locks.</p> <h3> Advisory locks </h3> <blockquote> <p>PostgreSQL provides a means for creating locks that have application-defined meanings. These are called advisory locks, because the system does not enforce their use — it is up to the application to use them correctly.</p> </blockquote> <p>— <a href="https://www.postgresql.org/docs/current/explicit-locking.html#ADVISORY-LOCKS">From Postgres Documentation</a></p> <p>Essentially what advisory locks allow you to do is to create a flag without actually locking any resources.</p> <p>In the case of transaction level advisory locks the lock will go away when you <br> <strong>A.</strong> Commit the transaction<br> <strong>B.</strong> Rollback the transaction (which includes the client disconnecting)</p> <p>This is great for us, because we don't actually want to <em>lock</em> the table, as that would prevent any other tasks from using it. It also means the advisory lock will go away if the process crashes.</p> <p>Here's how we can utilize it</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--MI9_9DuT--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/dwbikcbmc4ruwop07axb.jpg" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--MI9_9DuT--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/dwbikcbmc4ruwop07axb.jpg" alt="Diagram of locks" width="800" height="1273"></a></p> <p>This looks great, but in practice, there's a few gaps we need to fill.</p> <p>One of them is that each advisory lock requires a <code>bigint</code> as its identifier.</p> <p>If your user IDs are already ints, then this is not an issue (you might only want to namespace them). <br> If they are IDs, such as KSUID or UUID then you need to hash them into an int. I won't go into this as there's plenty of existing sources already.</p> <p>We can create a transaction-level lock using the below query<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">SELECT</span> <span class="n">pg_try_advisory_xact_lock</span><span class="p">(</span><span class="mi">42</span><span class="p">)</span> <span class="c1">-- 42 is the User ID</span> </code></pre> </div> <p>Query for checking if a lock exists would look something like this<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">SELECT</span> <span class="k">granted</span> <span class="k">FROM</span> <span class="n">pg_locks</span> <span class="k">WHERE</span> <span class="n">locktype</span> <span class="o">=</span> <span class="s1">'advisory'</span> <span class="k">AND</span> <span class="n">objid</span> <span class="o">=</span> <span class="s1">'42'</span> <span class="c1">-- 42 is the LockID which is our User ID</span> </code></pre> </div> <h3> Resume on restart </h3> <p>The one last thing which remains is to pick up the existing tasks upon startup.</p> <p>It could look something like this.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--QAxtkysj--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/fkornj1hs2ypx8hyt9mh.jpg" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--QAxtkysj--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/fkornj1hs2ypx8hyt9mh.jpg" alt="Final diagram" width="800" height="986"></a></p> <p>Essentially, upon restart, query the database for any tasks in pending state and see if there is an advisory lock for any of them. If there isn't one, that means that no one is processing them and it should be picked up!</p> <h2> That's it! </h2> <p>That's all it takes to create simple, asynchronous, interopable tasks.</p> programming postgres database architecture Pulumi EKS with ALB + RDS Welcoming Sloth Fri, 03 Jun 2022 16:02:11 +0000 https://dev.to/caravaggio/pulumi-eks-with-alb-rds-2hef https://dev.to/caravaggio/pulumi-eks-with-alb-rds-2hef <h2> Introduction </h2> <p>Salutations,</p> <p>I recently needed to set-up aws infrastructure for my startup. </p> <p>Unfortunately, google lacked good up-to-date resources for what I was trying to do.</p> <p>It took a lot of mistakes, hair pulling, and a considerable AWS bill to end up here, which is why I will share my findings with you, so that you don't have to repeat all those same mistakes.</p> <p>Now, this is the app that we're going to deploy:</p> <ul> <li>Microservices <ul> <li>Users Service</li> <li>GraphQL Service (entry point which accepts HTTP calls, will route queries to the appropriate service)</li> </ul> </li> <li>RDS PostgreSQL Instance</li> <li>Kubernetes Ingress + <a href="https://github.com/kubernetes-sigs/aws-load-balancer-controller">AWS Load Balancer Controller</a> </li> </ul> <p>This is purely an API setup, but you could quite easily add frontend to this setup if you wish.</p> <p>We will also add OIDC access control for our cluster, so that the pods could use other AWS services such as S3 &amp; SQS.</p> <h2> Create a VPC &amp; tag the subnets. </h2> <p>First thing's first, we need to create a VPC and tag the subnets.</p> <p>We will be tagging our subnet groups, so that the alb controller will be able to use them. <a href="https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/deploy/subnet_discovery/">You can read more about it here.</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">vpc</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">awsx</span><span class="p">.</span><span class="nx">ec2</span><span class="p">.</span><span class="nx">Vpc</span><span class="p">(</span><span class="dl">'</span><span class="s1">friendly-sloth-vpc</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">numberOfNatGateways</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span> <span class="c1">// We won't be needing NAT gateways.</span> <span class="c1">// Creation args for subnets</span> <span class="na">subnets</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">public</span><span class="dl">'</span><span class="p">,</span> <span class="na">tags</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">kubernetes.io/role/elb</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">1</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">private</span><span class="dl">'</span><span class="p">,</span> <span class="na">tags</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">kubernetes.io/role/internal-elb</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">1</span><span class="dl">'</span><span class="p">,</span> <span class="p">}</span> <span class="p">}</span> <span class="p">],</span> <span class="p">});</span> </code></pre> </div> <h2> Create a security group </h2> <p>Next, let's create a security group for our cluster.</p> <p>We will be allowing all inbound &amp; outbound traffic (which is why <code>fromPort</code> &amp; <code>toPort</code> are <code>-1</code>).</p> <p>You can of course change this to be more strict, just remember to let the HTTP (80 &amp; 443) &amp; DB (5432 for default PGSQL) calls through.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">clusterSecurityGroup</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">aws</span><span class="p">.</span><span class="nx">ec2</span><span class="p">.</span><span class="nx">SecurityGroup</span><span class="p">(</span><span class="dl">'</span><span class="s1">clustersecgrp</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">vpcId</span><span class="p">:</span> <span class="nx">vpc</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">ingress</span><span class="p">:</span> <span class="p">[{</span> <span class="na">protocol</span><span class="p">:</span> <span class="dl">'</span><span class="s1">all</span><span class="dl">'</span><span class="p">,</span> <span class="na">fromPort</span><span class="p">:</span> <span class="o">-</span><span class="mi">1</span><span class="p">,</span> <span class="na">toPort</span><span class="p">:</span> <span class="o">-</span><span class="mi">1</span><span class="p">,</span> <span class="na">cidrBlocks</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">0.0.0.0/0</span><span class="dl">'</span><span class="p">],</span> <span class="p">}],</span> <span class="na">egress</span><span class="p">:</span> <span class="p">[{</span> <span class="na">protocol</span><span class="p">:</span> <span class="dl">'</span><span class="s1">all</span><span class="dl">'</span><span class="p">,</span> <span class="na">fromPort</span><span class="p">:</span> <span class="o">-</span><span class="mi">1</span><span class="p">,</span> <span class="na">toPort</span><span class="p">:</span> <span class="o">-</span><span class="mi">1</span><span class="p">,</span> <span class="na">cidrBlocks</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">0.0.0.0/0</span><span class="dl">'</span><span class="p">],</span> <span class="p">}]</span> <span class="p">});</span> </code></pre> </div> <h2> Create RDS instance </h2> <p>Next, let's create our RDS instance.</p> <p>We will need to create a subnet group for it.<br> I will be creating it on the private subnets (because I am very secure). </p> <p>You can also make it use the public subnets to be able to access it from outside the VPC. Just remember to set the database then to <code>publiclyAccessible: true</code> as well (please don't do this for prod).<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">dbSubnetGroup</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">aws</span><span class="p">.</span><span class="nx">rds</span><span class="p">.</span><span class="nx">SubnetGroup</span><span class="p">(</span><span class="dl">'</span><span class="s1">dbsubnet-group</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">subnetIds</span><span class="p">:</span> <span class="nx">vpc</span><span class="p">.</span><span class="nx">privateSubnetIds</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">rds</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">aws</span><span class="p">.</span><span class="nx">rds</span><span class="p">.</span><span class="nx">Instance</span><span class="p">(</span><span class="dl">'</span><span class="s1">friendly-sloth-db</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">instanceClass</span><span class="p">:</span> <span class="dl">'</span><span class="s1">db.t2.micro</span><span class="dl">'</span><span class="p">,</span> <span class="na">engine</span><span class="p">:</span> <span class="dl">'</span><span class="s1">postgres</span><span class="dl">'</span><span class="p">,</span> <span class="na">engineVersion</span><span class="p">:</span> <span class="dl">'</span><span class="s1">14.2</span><span class="dl">'</span><span class="p">,</span> <span class="na">dbName</span><span class="p">:</span> <span class="dl">'</span><span class="s1">sloths-db</span><span class="dl">'</span><span class="p">,</span> <span class="na">username</span><span class="p">:</span> <span class="dl">'</span><span class="s1">sloth</span><span class="dl">'</span><span class="p">,</span> <span class="na">password</span><span class="p">:</span> <span class="dl">'</span><span class="s1">verysecuresloth</span><span class="dl">'</span><span class="p">,</span> <span class="na">allocatedStorage</span><span class="p">:</span> <span class="mi">20</span><span class="p">,</span> <span class="na">deletionProtection</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">dbSubnetGroupName</span><span class="p">:</span> <span class="nx">dbSubnetGroup</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="c1">// assign it to subnet</span> <span class="na">vpcSecurityGroupIds</span><span class="p">:</span> <span class="p">[</span><span class="nx">clusterSecurityGroup</span><span class="p">.</span><span class="nx">id</span><span class="p">],</span> <span class="c1">// add it to cluster's security group</span> <span class="p">});</span> </code></pre> </div> <h2> Create the cluster + service account </h2> <p>Lets create the cluster</p> <p>Remember to set <code>createOidcProvider: true</code> so that we can give the cluster permission to use other AWS services.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">cluster</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">eks</span><span class="p">.</span><span class="nx">Cluster</span><span class="p">(</span><span class="dl">'</span><span class="s1">sloth-cluster</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">vpcId</span><span class="p">:</span> <span class="nx">vpc</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">publicSubnetIds</span><span class="p">:</span> <span class="nx">vpc</span><span class="p">.</span><span class="nx">publicSubnetIds</span><span class="p">,</span> <span class="na">clusterSecurityGroup</span><span class="p">:</span> <span class="nx">clusterSecurityGroup</span><span class="p">,</span> <span class="na">createOidcProvider</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">clusterOidcProvider</span> <span class="o">=</span> <span class="nx">cluster</span><span class="p">.</span><span class="nx">core</span><span class="p">.</span><span class="nx">oidcProvider</span><span class="p">;</span> </code></pre> </div> <p>Next, lets create a kubernetes namespace<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="k">namespace</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">k8s</span><span class="p">.</span><span class="nx">core</span><span class="p">.</span><span class="nx">v1</span><span class="p">.</span><span class="nx">Namespace</span><span class="p">(</span> <span class="dl">'</span><span class="s1">sloth-kubes</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">metadata</span><span class="p">:</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">sloth-kubes</span><span class="dl">'</span> <span class="p">}</span> <span class="p">},</span> <span class="p">{</span> <span class="na">provider</span><span class="p">:</span> <span class="nx">cluster</span><span class="p">.</span><span class="nx">provider</span> <span class="p">},</span> <span class="p">);</span> </code></pre> </div> <p>Now, permission time! (service account)<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">saName</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">sloth-service-account</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">saAssumeRolePolicy</span> <span class="o">=</span> <span class="nx">pulumi</span> <span class="p">.</span><span class="nx">all</span><span class="p">([</span><span class="nx">clusterOidcProvider</span><span class="p">?.</span><span class="nx">url</span><span class="p">,</span> <span class="nx">clusterOidcProvider</span><span class="p">?.</span><span class="nx">arn</span><span class="p">,</span> <span class="k">namespace</span><span class="p">.</span><span class="nx">metadata</span><span class="p">.</span><span class="nx">name</span><span class="p">])</span> <span class="p">.</span><span class="nx">apply</span><span class="p">(([</span><span class="nx">url</span><span class="p">,</span> <span class="nx">arn</span><span class="p">,</span> <span class="k">namespace</span><span class="p">])</span> <span class="o">=&gt;</span> <span class="p">(</span> <span class="nx">aws</span><span class="p">.</span><span class="nx">iam</span><span class="p">.</span><span class="nx">getPolicyDocument</span><span class="p">({</span> <span class="na">statements</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="na">actions</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">sts:AssumeRoleWithWebIdentity</span><span class="dl">'</span><span class="p">],</span> <span class="na">conditions</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="na">test</span><span class="p">:</span> <span class="dl">'</span><span class="s1">StringEquals</span><span class="dl">'</span><span class="p">,</span> <span class="na">variable</span><span class="p">:</span> <span class="s2">`</span><span class="p">${</span><span class="nx">url</span><span class="p">.</span><span class="nx">replace</span><span class="p">(</span><span class="dl">'</span><span class="s1">https://</span><span class="dl">'</span><span class="p">,</span> <span class="dl">''</span><span class="p">)}</span><span class="s2">:sub`</span><span class="p">,</span> <span class="na">values</span><span class="p">:</span> <span class="p">[</span><span class="s2">`system:serviceaccount:</span><span class="p">${</span><span class="k">namespace</span><span class="p">}</span><span class="s2">:</span><span class="p">${</span><span class="nx">saName</span><span class="p">}</span><span class="s2">`</span><span class="p">],</span> <span class="p">},</span> <span class="p">{</span> <span class="na">test</span><span class="p">:</span> <span class="dl">'</span><span class="s1">StringEquals</span><span class="dl">'</span><span class="p">,</span> <span class="na">variable</span><span class="p">:</span> <span class="s2">`</span><span class="p">${</span><span class="nx">url</span><span class="p">.</span><span class="nx">replace</span><span class="p">(</span><span class="dl">'</span><span class="s1">https://</span><span class="dl">'</span><span class="p">,</span> <span class="dl">''</span><span class="p">)}</span><span class="s2">:aud`</span><span class="p">,</span> <span class="na">values</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">sts.amazonaws.com</span><span class="dl">'</span><span class="p">]</span> <span class="p">},</span> <span class="p">],</span> <span class="na">effect</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Allow</span><span class="dl">'</span><span class="p">,</span> <span class="na">principals</span><span class="p">:</span> <span class="p">[{</span> <span class="na">identifiers</span><span class="p">:</span> <span class="p">[</span><span class="nx">arn</span><span class="p">],</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Federated</span><span class="dl">'</span> <span class="p">}],</span> <span class="p">},</span> <span class="p">],</span> <span class="p">})</span> <span class="p">));</span> <span class="kd">const</span> <span class="nx">saRole</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">aws</span><span class="p">.</span><span class="nx">iam</span><span class="p">.</span><span class="nx">Role</span><span class="p">(</span><span class="nx">saName</span><span class="p">,</span> <span class="p">{</span> <span class="na">assumeRolePolicy</span><span class="p">:</span> <span class="nx">saAssumeRolePolicy</span><span class="p">.</span><span class="nx">json</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">saPolicy</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">aws</span><span class="p">.</span><span class="nx">iam</span><span class="p">.</span><span class="nx">Policy</span><span class="p">(</span><span class="dl">'</span><span class="s1">policy</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">description</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Allow EKS access to resources</span><span class="dl">'</span><span class="p">,</span> <span class="na">policy</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nx">stringify</span><span class="p">({</span> <span class="na">Version</span><span class="p">:</span> <span class="dl">'</span><span class="s1">2012-10-17</span><span class="dl">'</span><span class="p">,</span> <span class="na">Statement</span><span class="p">:</span> <span class="p">[{</span> <span class="na">Action</span><span class="p">:</span> <span class="p">[</span> <span class="c1">// Configure which services the SA should have access to.</span> <span class="c1">// Make it more strict / loose however you see fit.</span> <span class="dl">'</span><span class="s1">ec2:*</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">sqs:*</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">s3:*</span><span class="dl">'</span><span class="p">,</span> <span class="p">],</span> <span class="na">Effect</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Allow</span><span class="dl">'</span><span class="p">,</span> <span class="na">Resource</span><span class="p">:</span> <span class="dl">'</span><span class="s1">*</span><span class="dl">'</span><span class="p">,</span> <span class="p">}],</span> <span class="p">}),</span> <span class="p">});</span> <span class="c1">// Attach the policy to the role</span> <span class="k">new</span> <span class="nx">aws</span><span class="p">.</span><span class="nx">iam</span><span class="p">.</span><span class="nx">RolePolicyAttachment</span><span class="p">(</span><span class="nx">saName</span><span class="p">,</span> <span class="p">{</span> <span class="na">policyArn</span><span class="p">:</span> <span class="nx">saPolicy</span><span class="p">.</span><span class="nx">arn</span><span class="p">,</span> <span class="na">role</span><span class="p">:</span> <span class="nx">saRole</span><span class="p">,</span> <span class="p">});</span> <span class="c1">// Create the kubernetes service account itself</span> <span class="kd">const</span> <span class="nx">serviceAccount</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">k8s</span><span class="p">.</span><span class="nx">core</span><span class="p">.</span><span class="nx">v1</span><span class="p">.</span><span class="nx">ServiceAccount</span><span class="p">(</span> <span class="nx">saName</span><span class="p">,</span> <span class="p">{</span> <span class="na">metadata</span><span class="p">:</span> <span class="p">{</span> <span class="na">namespace</span><span class="p">:</span> <span class="k">namespace</span><span class="p">.</span><span class="nx">metadata</span><span class="p">.</span><span class="nx">name</span><span class="p">,</span> <span class="na">name</span><span class="p">:</span> <span class="nx">saName</span><span class="p">,</span> <span class="na">annotations</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">eks.amazonaws.com/role-arn</span><span class="dl">'</span><span class="p">:</span> <span class="nx">saRole</span><span class="p">.</span><span class="nx">arn</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">{</span> <span class="na">provider</span><span class="p">:</span> <span class="nx">cluster</span><span class="p">.</span><span class="nx">provider</span> <span class="p">}</span> <span class="p">);</span> </code></pre> </div> <h2> Create ingress controller </h2> <p>Now for the fun bit — let's create AWS ALB ingress controller.<br> We will make pulumi use a helm chart from the <a href="https://github.com/kubernetes-sigs/aws-load-balancer-controller">official aws alb repository</a>.</p> <p>First, however, more policies!<br> You can get the iam policy from the alb repository<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-o</span> iam-policy.json https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/main/docs/install/iam_policy.json </code></pre> </div> <p>I created a separate util called <code>createIngressControllerPolicy</code> which looks like this<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kd">const</span> <span class="nx">createIngressControllerPolicy</span> <span class="o">=</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">(</span> <span class="k">new</span> <span class="nx">aws</span><span class="p">.</span><span class="nx">iam</span><span class="p">.</span><span class="nx">Policy</span><span class="p">(</span> <span class="dl">'</span><span class="s1">ingress-ctrl-policy</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">policy</span><span class="p">:</span> <span class="p">{</span> <span class="c1">// The JSON you got from above.</span> <span class="p">}</span> <span class="p">}</span> <span class="p">);</span> <span class="p">);</span> </code></pre> </div> <p>Now, we can attach it to the same service account role<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">ingressControllerPolicy</span> <span class="o">=</span> <span class="nx">createIngressControllerPolicy</span><span class="p">();</span> <span class="k">new</span> <span class="nx">aws</span><span class="p">.</span><span class="nx">iam</span><span class="p">.</span><span class="nx">RolePolicyAttachment</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">saName</span><span class="p">}</span><span class="s2">-ingress-ctrl`</span><span class="p">,</span> <span class="p">{</span> <span class="na">policyArn</span><span class="p">:</span> <span class="nx">ingressControllerPolicy</span><span class="p">.</span><span class="nx">arn</span><span class="p">,</span> <span class="na">role</span><span class="p">:</span> <span class="nx">saRole</span><span class="p">,</span> <span class="p">});</span> </code></pre> </div> <p>Now that we're done with policies, let's create an ingress class which will connect the controller with the ingress.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">albIngressClass</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">k8s</span><span class="p">.</span><span class="nx">networking</span><span class="p">.</span><span class="nx">v1</span><span class="p">.</span><span class="nx">IngressClass</span><span class="p">(</span><span class="dl">'</span><span class="s1">alb-ingress-class</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">metadata</span><span class="p">:</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">sloth-alb</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="na">spec</span><span class="p">:</span> <span class="p">{</span> <span class="na">controller</span><span class="p">:</span> <span class="dl">'</span><span class="s1">ingress.k8s.aws/alb</span><span class="dl">'</span><span class="p">,</span> <span class="p">}</span> <span class="p">},</span> <span class="p">{</span> <span class="na">provider</span><span class="p">:</span> <span class="nx">cluster</span><span class="p">.</span><span class="nx">provider</span> <span class="p">});</span> </code></pre> </div> <p>Now, the promised controller!<br> We will create the controller from a helm chart. We will programmatically create it from the repository using Pulumi.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Important! Use k8s.helm.v3.Release instead of k8s.helm.v3.Chart.</span> <span class="c1">// Otherwise, you will run into all sorts of issues.</span> <span class="kd">const</span> <span class="nx">alb</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">k8s</span><span class="p">.</span><span class="nx">helm</span><span class="p">.</span><span class="nx">v3</span><span class="p">.</span><span class="nx">Release</span><span class="p">(</span> <span class="dl">'</span><span class="s1">alb</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">namespace</span><span class="p">:</span> <span class="k">namespace</span><span class="p">.</span><span class="nx">metadata</span><span class="p">.</span><span class="nx">name</span><span class="p">,</span> <span class="na">repositoryOpts</span><span class="p">:</span> <span class="p">{</span> <span class="na">repo</span><span class="p">:</span> <span class="dl">'</span><span class="s1">https://aws.github.io/eks-charts</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="na">chart</span><span class="p">:</span> <span class="dl">'</span><span class="s1">aws-load-balancer-controller</span><span class="dl">'</span><span class="p">,</span> <span class="na">version</span><span class="p">:</span> <span class="dl">'</span><span class="s1">1.4.2</span><span class="dl">'</span><span class="p">,</span> <span class="na">values</span><span class="p">:</span> <span class="p">{</span> <span class="c1">// @doc https://github.com/kubernetes-sigs/aws-load-balancer-controller/tree/main/helm/aws-load-balancer-controller#configuration</span> <span class="na">vpcId</span><span class="p">:</span> <span class="nx">vpc</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">region</span><span class="p">:</span> <span class="dl">'</span><span class="s1">eu-central-1</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// Change to the region of the VPC. Since EU is the best region, we're going with that.</span> <span class="na">clusterName</span><span class="p">:</span> <span class="nx">cluster</span><span class="p">.</span><span class="nx">eksCluster</span><span class="p">.</span><span class="nx">name</span><span class="p">,</span> <span class="na">ingressClass</span><span class="p">:</span> <span class="nx">albIngressClass</span><span class="p">.</span><span class="nx">metadata</span><span class="p">.</span><span class="nx">name</span><span class="p">,</span> <span class="c1">// Important! Disable ingress class annotations as they are deprecated.</span> <span class="c1">// We're using a proper ingress class, so we don't need this.</span> <span class="c1">// @see https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/guide/ingress/ingress_class/</span> <span class="na">disableIngressClassAnnotation</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">createIngressClassResource</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="c1">// Don't need it, since we already made one.</span> <span class="na">serviceAccount</span><span class="p">:</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="nx">serviceAccount</span><span class="p">.</span><span class="nx">metadata</span><span class="p">.</span><span class="nx">name</span><span class="p">,</span> <span class="na">create</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="c1">// Don't need it, since we already made one.</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">{</span> <span class="na">provider</span><span class="p">:</span> <span class="nx">cluster</span><span class="p">.</span><span class="nx">provider</span> <span class="p">}</span> <span class="p">);</span> </code></pre> </div> <h2> Kubernetes services </h2> <p>Now, lets set up kubernetes deployments &amp; services for our <code>Users</code> &amp; <code>GraphQL</code> API.</p> <p>Since both are fairly similar, we will create a utility for it.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">type</span> <span class="nx">KubeServiceOpts</span> <span class="o">=</span> <span class="p">{</span> <span class="na">image</span><span class="p">:</span> <span class="nx">docker</span><span class="p">.</span><span class="nx">Image</span><span class="p">,</span> <span class="nx">serviceType</span><span class="p">?:</span> <span class="nx">ServiceSpecType</span><span class="p">;</span> <span class="p">};</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">createKubeService</span> <span class="o">=</span> <span class="p">(</span><span class="nx">name</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">opts</span><span class="p">:</span> <span class="nx">KubeServiceOpts</span><span class="p">):</span> <span class="p">{</span> <span class="nl">deployment</span><span class="p">:</span> <span class="nx">k8s</span><span class="p">.</span><span class="nx">apps</span><span class="p">.</span><span class="nx">v1</span><span class="p">.</span><span class="nx">Deployment</span><span class="p">,</span> <span class="nx">service</span><span class="p">:</span> <span class="nx">k8s</span><span class="p">.</span><span class="nx">core</span><span class="p">.</span><span class="nx">v1</span><span class="p">.</span><span class="nx">Service</span><span class="p">,</span> <span class="p">}</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">image</span><span class="p">,</span> <span class="nx">serviceType</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">opts</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">appLabels</span> <span class="o">=</span> <span class="p">{</span> <span class="na">app</span><span class="p">:</span> <span class="nx">name</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">defaultPort</span> <span class="o">=</span> <span class="mi">4200</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">deployment</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">k8s</span><span class="p">.</span><span class="nx">apps</span><span class="p">.</span><span class="nx">v1</span><span class="p">.</span><span class="nx">Deployment</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">name</span><span class="p">}</span><span class="s2">-dep`</span><span class="p">,</span> <span class="p">{</span> <span class="na">metadata</span><span class="p">:</span> <span class="p">{</span> <span class="na">namespace</span><span class="p">:</span> <span class="k">namespace</span><span class="p">.</span><span class="nx">metadata</span><span class="p">.</span><span class="nx">name</span><span class="p">,</span> <span class="na">labels</span><span class="p">:</span> <span class="nx">appLabels</span><span class="p">,</span> <span class="p">},</span> <span class="na">spec</span><span class="p">:</span> <span class="p">{</span> <span class="na">replicas</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span> <span class="na">selector</span><span class="p">:</span> <span class="p">{</span> <span class="na">matchLabels</span><span class="p">:</span> <span class="nx">appLabels</span> <span class="p">},</span> <span class="na">template</span><span class="p">:</span> <span class="p">{</span> <span class="na">metadata</span><span class="p">:</span> <span class="p">{</span> <span class="na">labels</span><span class="p">:</span> <span class="nx">appLabels</span> <span class="p">},</span> <span class="na">spec</span><span class="p">:</span> <span class="p">{</span> <span class="na">serviceAccountName</span><span class="p">:</span> <span class="nx">serviceAccount</span><span class="p">.</span><span class="nx">metadata</span><span class="p">.</span><span class="nx">name</span><span class="p">,</span> <span class="na">containers</span><span class="p">:</span> <span class="p">[{</span> <span class="nx">name</span><span class="p">,</span> <span class="na">image</span><span class="p">:</span> <span class="nx">image</span><span class="p">.</span><span class="nx">imageName</span><span class="p">,</span> <span class="na">ports</span><span class="p">:</span> <span class="p">[{</span> <span class="na">name</span><span class="p">:</span> <span class="s2">`</span><span class="p">${</span><span class="nx">name</span><span class="p">}</span><span class="s2">-port`</span><span class="p">,</span> <span class="na">containerPort</span><span class="p">:</span> <span class="nx">defaultPort</span><span class="p">,</span> <span class="p">}],</span> <span class="na">env</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">AWS_DEFAULT_REGION</span><span class="dl">'</span><span class="p">,</span> <span class="na">value</span><span class="p">:</span> <span class="dl">'</span><span class="s1">eu-central-1</span><span class="dl">'</span> <span class="p">},</span> <span class="c1">// Again, best region there is.</span> <span class="p">]</span> <span class="p">}],</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">{</span> <span class="na">provider</span><span class="p">:</span> <span class="nx">cluster</span><span class="p">.</span><span class="nx">provider</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">service</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">k8s</span><span class="p">.</span><span class="nx">core</span><span class="p">.</span><span class="nx">v1</span><span class="p">.</span><span class="nx">Service</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">name</span><span class="p">}</span><span class="s2">-svc`</span><span class="p">,</span> <span class="p">{</span> <span class="na">metadata</span><span class="p">:</span> <span class="p">{</span> <span class="nx">name</span><span class="p">,</span> <span class="na">namespace</span><span class="p">:</span> <span class="k">namespace</span><span class="p">.</span><span class="nx">metadata</span><span class="p">.</span><span class="nx">name</span><span class="p">,</span> <span class="na">labels</span><span class="p">:</span> <span class="nx">appLabels</span><span class="p">,</span> <span class="p">},</span> <span class="na">spec</span><span class="p">:</span> <span class="p">{</span> <span class="p">...(</span><span class="nx">serviceType</span> <span class="o">&amp;&amp;</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="nx">serviceType</span> <span class="p">}),</span> <span class="na">selector</span><span class="p">:</span> <span class="nx">appLabels</span><span class="p">,</span> <span class="na">ports</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="s2">`</span><span class="p">${</span><span class="nx">name</span><span class="p">}</span><span class="s2">-http`</span><span class="p">,</span> <span class="na">port</span><span class="p">:</span> <span class="mi">80</span><span class="p">,</span> <span class="na">targetPort</span><span class="p">:</span> <span class="nx">defaultPort</span><span class="p">,</span> <span class="p">},</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="s2">`</span><span class="p">${</span><span class="nx">name</span><span class="p">}</span><span class="s2">-https`</span><span class="p">,</span> <span class="na">port</span><span class="p">:</span> <span class="mi">443</span><span class="p">,</span> <span class="na">targetPort</span><span class="p">:</span> <span class="nx">defaultPort</span><span class="p">,</span> <span class="p">}</span> <span class="p">]</span> <span class="p">},</span> <span class="p">},</span> <span class="p">{</span> <span class="na">provider</span><span class="p">:</span> <span class="nx">cluster</span><span class="p">.</span><span class="nx">provider</span> <span class="p">});</span> <span class="k">return</span> <span class="p">{</span> <span class="nx">deployment</span><span class="p">,</span> <span class="nx">service</span> <span class="p">};</span> <span class="p">};</span> </code></pre> </div> <p>Now, lets use it<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">createKubeService</span><span class="p">(</span><span class="dl">'</span><span class="s1">graphql</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">serviceType</span><span class="p">:</span> <span class="dl">'</span><span class="s1">NodePort</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// ALB needs the service which will be receiving the traffic to be of type `NodePort`.</span> <span class="na">image</span><span class="p">:</span> <span class="nx">myGraphqlServiceImage</span><span class="p">,</span> <span class="p">});</span> <span class="nx">createKubeService</span><span class="p">(</span><span class="dl">'</span><span class="s1">users</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">image</span><span class="p">:</span> <span class="nx">myUsersServiceImage</span><span class="p">,</span> <span class="p">});</span> </code></pre> </div> <h2> Finally, the ingress itself! </h2> <p>Now, for the final part, lets create the ingress itself!<br> Now that we have our ingress controller &amp; services, we can go ahead and create the ingress itself.</p> <p>We will be using only HTTP in this example, to use HTTPS you will need a certificate which you can specify with the annotation <code>alb.ingress.kubernetes.io/certificate-arn</code>. Then, specify the https ports for the paths.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">apiIngress</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">k8s</span><span class="p">.</span><span class="nx">networking</span><span class="p">.</span><span class="nx">v1</span><span class="p">.</span><span class="nx">Ingress</span><span class="p">(</span><span class="dl">'</span><span class="s1">api-ingress</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">metadata</span><span class="p">:</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">api-ingress</span><span class="dl">'</span><span class="p">,</span> <span class="na">namespace</span><span class="p">:</span> <span class="k">namespace</span><span class="p">.</span><span class="nx">metadata</span><span class="p">.</span><span class="nx">name</span><span class="p">,</span> <span class="na">labels</span><span class="p">:</span> <span class="p">{</span> <span class="na">app</span><span class="p">:</span> <span class="dl">'</span><span class="s1">api</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="na">annotations</span><span class="p">:</span> <span class="p">{</span> <span class="c1">// @doc https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/guide/ingress/annotations/#annotations</span> <span class="dl">'</span><span class="s1">alb.ingress.kubernetes.io/target-type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">ip</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">alb.ingress.kubernetes.io/scheme</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">internet-facing</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">alb.ingress.kubernetes.io/backend-protocol</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">HTTP</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="na">spec</span><span class="p">:</span> <span class="p">{</span> <span class="c1">// Important! Connect it to our Ingress Class.</span> <span class="na">ingressClassName</span><span class="p">:</span> <span class="nx">albIngressClass</span><span class="p">.</span><span class="nx">metadata</span><span class="p">.</span><span class="nx">name</span><span class="p">,</span> <span class="na">rules</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="na">http</span><span class="p">:</span> <span class="p">{</span> <span class="na">paths</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="na">pathType</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Prefix</span><span class="dl">'</span><span class="p">,</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/graphql</span><span class="dl">'</span><span class="p">,</span> <span class="na">backend</span><span class="p">:</span> <span class="p">{</span> <span class="na">service</span><span class="p">:</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">graphql</span><span class="dl">'</span><span class="p">,</span> <span class="na">port</span><span class="p">:</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">graphql-http</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// We named our service ports in `createKubeService` function.</span> <span class="p">}</span> <span class="p">},</span> <span class="p">}</span> <span class="p">},</span> <span class="p">]</span> <span class="p">}</span> <span class="p">}</span> <span class="p">],</span> <span class="p">}</span> <span class="p">},</span> <span class="p">{</span> <span class="na">provider</span><span class="p">:</span> <span class="nx">cluster</span><span class="p">.</span><span class="nx">provider</span><span class="p">,</span> <span class="p">});</span> </code></pre> </div> <h2> That's it! </h2> <p>Now we can export the url for our load balancer to see it in the console when we deploy.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kd">const</span> <span class="nx">url</span> <span class="o">=</span> <span class="nx">apiIngress</span><span class="p">.</span><span class="nx">status</span><span class="p">.</span><span class="nx">loadBalancer</span><span class="p">.</span><span class="nx">ingress</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="nx">hostname</span> </code></pre> </div> kubernetes aws docker devops