Purpose of This Repo

This repos has a sample "Hello World" flask application that we will deploy on EKS cluster using the AWS Codebuild and Codepipeline services. Here is the purpose of each file present in this repo:

├── app.py         # A sample "Hello World" flask application
├── ci-cd-codepipeline.cfn.yml # Cloudformation template to create the Codebuild, and Codepipeline, and related resources. 
├── buildspec.yml  # Codebuild will execute the commands available here. 
├── Dockerfile     # The buildspec has a "docker build" command.
├── deployment.yml # The buildspec has a "kubectl apply -f deployment.yml".   
├── iam-role-policy.json # The Policy for the IAM role that the Codebuild will assume
├── trust.json # The trusted entity details for the  IAM role that the Codebuild will assume
└── aws-auth-patch.yml  # This is an autogenerated file for your reference. 

4. Troubleshoot

When a build fails, you can look at the logs to see the errors. Here is a popular error:

Error: You must be logged in to the server (the server has asked for the client to provide credentials)

The error above infers that the Codebuild could not log into the cluster, possibly because Codebuild does not have sufficient permissions to perform the logging action. In this case, you should check and re-update the cluster's ConfigMap as:

# Download a fresh copy of the configmap
# You can choose a different path or current working directory to save the  auth-patch.yml
kubectl get -n kube-system configmap/aws-auth -o yaml > /tmp/aws-auth-patch.yml
# Open the configmap in an editor, and update the **data --> mapRoles** section as described earlier while creating the cluster
# Update the configmap
kubectl patch configmap/aws-auth -n kube-system --patch "$(cat /tmp/aws-auth-patch.yml)"

You will not be able to trigger a manual build because the Codebuild is set to use the CodePipeline artifact. Triggering it manually may lead to this error:

Build failed to start. The following error occurred: ArtifactsOverride must be set when using artifacts type CodePipelines

The error above could be due to the incorrect parameters used in the ci-cd-codepipeline.cfn.yml file. To verify the existing parameters, look at the CloudFormation console → your Stack → Stack parameters.

Run the app on AWS Cloud

The steps you will follow are:

1. Create an EKS Cluster, IAM Role for CodeBuild, and Authenticate the CodeBuild
   You will start with creating an EKS cluster in your preferred region, using eksctl command. Then, you will create an IAM role that the Codebuild will assume to access your k8s/EKS cluster. This IAM role will have the necessary access permissions (attached JSON policies), and you will also have to add this role to the k8s cluster's configMap.
   
   

2. Deployment to Kubernetes using CodePipeline and CodeBuild

• Generate a Github access token
  Next, you will generate an access-token from your Github account so that whichever service has that token can access the repositories from your Github account. You will share this token with the AWS Codebuild service (programmatically) so that it can build and test your code.
  
  

• Create Codebuild and CodePipeline resources using CloudFormation template
  Create a pipeline watching for commits to your Github repository. You will create the necessary AWS resources using a script, Cloudformation template (.yaml) file, available to you. These resources collectively are called stack. It will automatically create the Codebuild and Codepipeline projects for you.
  
  

• Build and deploy
  Finally, you will trigger the build based on a Github commit.