Updated the versions and ALB naming

aws-samkool · aws-samkool · commit 40f581d666a3 · 2025-01-07T10:13:07.000+01:00
diff --git a/lib/alb_controller_iam_policy.json b/lib/alb_controller_iam_policy.json
@@ -38,7 +38,8 @@
                 "elasticloadbalancing:DescribeTargetGroups",
                 "elasticloadbalancing:DescribeTargetGroupAttributes",
                 "elasticloadbalancing:DescribeTargetHealth",
-                "elasticloadbalancing:DescribeTags"
+                "elasticloadbalancing:DescribeTags",
+                "elasticloadbalancing:DescribeListenerAttributes"
             ],
             "Resource": "*"
         },
diff --git a/lib/posit-eks.ts b/lib/posit-eks.ts
@@ -54,7 +54,7 @@ export class EksStack extends cdk.NestedStack {
         subnetIds: props.vpc.privateSubnets.map(subnet => subnet.subnetId),
         endpointPrivateAccess: true
       },
-      version: '1.29', // eks.KubernetesVersion.V1_28.version
+      version: '1.30',
       logging: {
         clusterLogging: {
           enabledTypes: [
@@ -82,7 +82,6 @@ export class EksStack extends cdk.NestedStack {
       assumedBy: new iam.ServicePrincipal('ec2.amazonaws.com'),
       managedPolicies: [
         iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonEKSWorkerNodePolicy'),
-        // needed at first, otherwise node group doesn't join cluster
         iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonEKS_CNI_Policy'),
         iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonEC2ContainerRegistryReadOnly'),
         iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonSSMManagedInstanceCore'),
diff --git a/scripts/cert-install.sh b/scripts/cert-install.sh
@@ -4,7 +4,7 @@ source "./scripts/utils.sh"
 # Define your domain
 export_env_from_file "./.env"
 if ! aws eks update-kubeconfig --name $EKS_CLUSTER_NAME; then exit; fi
-DOMAIN=$(kubectl get ingress traefik -n traefik -o json | jq -r ".status.loadBalancer.ingress[0].hostname")
+export LB_NAME="${EKS_CLUSTER_NAME}-alb"
 
 # Check if ACM certificate exists for the domain
 certificate_arn=$(aws acm list-certificates --query "CertificateSummaryList[?DomainName=='$DOMAIN'].CertificateArn" --output text)
@@ -13,18 +13,18 @@ if [ -n "$certificate_arn" ]; then
     echo "Certificate already exists for $DOMAIN with ARN: $certificate_arn"
 else
     echo "Certificate doesn't exist for $DOMAIN. Generating one..."
-    openssl genrsa -out "$DOMAIN.key" 2048
-    openssl req -new -key "$DOMAIN.key" -out "$DOMAIN.csr" -subj "/CN=$DOMAIN"
-    openssl x509 -req -days 365 -in "$DOMAIN.csr" -signkey "$DOMAIN.key" -out "$DOMAIN.crt"
-    aws acm import-certificate --certificate fileb://"$DOMAIN.crt" --private-key fileb://"$DOMAIN.key"
+    openssl genrsa -out "$LB_NAME.key" 2048
+    openssl req -new -key "$LB_NAME.key" -out "$LB_NAME.csr" -subj "/CN=$DOMAIN"
+    openssl x509 -req -days 365 -in "$LB_NAME.csr" -signkey "$LB_NAME.key" -out "$LB_NAME.crt"
+    aws acm import-certificate --certificate fileb://"$LB_NAME.crt" --private-key fileb://"$LB_NAME.key"
 
     rm "$DOMAIN.key" "$DOMAIN.csr" "$DOMAIN.crt"
     echo "Certificate has been generated and added to ACM for $DOMAIN"
 fi
 
 #Get ALB from domain name
 certificate_arn=$(aws acm list-certificates --query "CertificateSummaryList[?DomainName=='$DOMAIN'].CertificateArn" --output text)
-alb=$(aws elbv2 describe-load-balancers --query "LoadBalancers[?DNSName=='$DOMAIN'].LoadBalancerArn" --output text)
+alb=$(aws elbv2 describe-load-balancers --names $LB_NAME --query 'LoadBalancers[0].LoadBalancerArn' --output text)
 
 #Get data, copy HTTP Rule directly
 https_listener=$(aws elbv2 describe-listeners --load-balancer-arn $alb --query "Listeners[?Protocol=='HTTPS'].ListenerArn" --output text)
diff --git a/scripts/manifests/aws-lb-controller-ingress.yaml b/scripts/manifests/aws-lb-controller-ingress.yaml
@@ -7,7 +7,7 @@ metadata:
   annotations:
     alb.ingress.kubernetes.io/backend-protocol: HTTP
     alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]'
-    alb.ingress.kubernetes.io/load-balancer-name: posit-sce-alb
+    alb.ingress.kubernetes.io/load-balancer-name: ${LB_NAME}
     alb.ingress.kubernetes.io/scheme: internet-facing
     alb.ingress.kubernetes.io/success-codes: 200-404
     alb.ingress.kubernetes.io/target-type: instance
diff --git a/scripts/manifests/posit-helm-workbench.yaml b/scripts/manifests/posit-helm-workbench.yaml
@@ -65,6 +65,9 @@ config:
       # These settings apply to Jupyter Notebook and JupyterLab IDE sessions
       session-cull-minutes: 60
       session-shutdown-minutes: 5
+    vscode.conf:
+      enabled: 1
+      session-timeout-kill-hours: 12
   profiles:
     launcher.kubernetes.profiles.conf:
       "*":
@@ -76,3 +79,8 @@ config:
         default-mem-mb: "1024"
         max-cpus: "12.0"
         max-mem-mb: "16384"
+prometheus:
+  enabled: false
+  legacy: false
+prometheusExporter:
+  enabled: false
diff --git a/scripts/posit-install.sh b/scripts/posit-install.sh
@@ -27,7 +27,7 @@ load_secrets() {
 
 # Function to check the status of the load balancer
 check_load_balancer_status() {
-    lb_status=$(aws elbv2 describe-load-balancers --names 'posit-sce-alb' --query 'LoadBalancers[0].State.Code' --output text)
+    lb_status=$(aws elbv2 describe-load-balancers --names $LB_NAME --query 'LoadBalancers[0].State.Code' --output text)
     
     # Check if the load balancer is active
     if [ "$lb_status" == "active" ]; then
@@ -78,6 +78,7 @@ NC="\e[0m"
 set_defaults
 export_env_from_file "./.env"
 RDS_PARAMS=$(load_secrets $POSTGRES_SECRET)
+export LB_NAME="${EKS_CLUSTER_NAME}-alb"
 
 # 1.1 Configure EKS Cluster
 printf "${BLUE}------------------------------------------------------${NC} \n"
@@ -122,11 +123,12 @@ envsubst < scripts/manifests/aws-lb-controller-ingress.yaml | kubectl apply -f -
 sleep 5
 check_load_balancer_status
 
-export LB=$(kubectl get ingress traefik -n traefik -o json | jq -r ".status.loadBalancer.ingress[0].hostname")
+export LB_URL=$(aws elbv2 describe-load-balancers --names $LB_NAME --query 'LoadBalancers[0].DNSName' --output text)
+printf "Loadbalancer DNS: ${LB_URL}" 
 if $domain; then
     export DOMAIN=$domain
 else 
-    export DOMAIN=$LB
+    export DOMAIN=$LB_URL
 fi
 
 # 5. Setup POSIT PV's
@@ -165,7 +167,7 @@ printf "${BLUE}------------------------------------------------------${NC} \n"
 printf "${BLUE}Installing & configuring the Workbench helm chart (Max. 30 seconds) ${NC} \n"
 printf "${BLUE}------------------------------------------------------${NC} \n"
 kubectl config set-context --current --namespace=posit-workbench
-envsubst < ./scripts/manifests/posit-helm-workbench.yaml | helm upgrade --install rstudio-workbench-prod rstudio/rstudio-workbench \
+envsubst < ./scripts/manifests/posit-helm-workbench.yaml | helm upgrade --install rstudio-workbench-prod rstudio/rstudio-workbench --version 0.8.9 \
     --set license.key="${PWB_LICENSE}" \
     --set config.secret.'database\.conf'.password="${POSTGRES_PASSWORD}" \
     -f -
