Skip to content

Instantly share code, notes, and snippets.

@timmyers
Created October 8, 2019 10:25
Show Gist options
  • Save timmyers/7ffbb5856c8337725bff43626e2f0ab2 to your computer and use it in GitHub Desktop.
Save timmyers/7ffbb5856c8337725bff43626e2f0ab2 to your computer and use it in GitHub Desktop.
import * as pulumi from '@pulumi/pulumi';
import * as awsx from "@pulumi/awsx";
import * as aws from "@pulumi/aws";
import * as k8s from '@pulumi/kubernetes';
import * as fs from 'fs';
const infrastructureStack = new pulumi.StackReference('infrastructure', { name: 'dev' });
const k8sProvider = new k8s.Provider('infrastructure', { kubeconfig: infrastructureStack.getOutput('outputs') });
const defaultOpts = { provider: k8sProvider };
const namespace = new k8s.core.v1.Namespace('traffic-mirror', {
metadata: { name: 'traffic-mirror' },
}, defaultOpts);
const appName = 'traffic-mirror';
const namespaceMetadata = { namespace: namespace.metadata.name };
const appLabels = { app: appName };
const labelsMetadata = { labels: appLabels };
const repo = new awsx.ecr.Repository(`infura/traffic-mirror`, {});
const image = repo.buildAndPushImage({
context: '../',
extraOptions: ['--network', 'host'],
});
const deployment = new k8s.apps.v1.Deployment(appName, {
metadata: { ...namespaceMetadata, ...labelsMetadata },
spec: {
selector: { matchLabels: appLabels },
strategy: {
type: 'RollingUpdate',
rollingUpdate: {
maxUnavailable: 1,
},
},
template: {
metadata: labelsMetadata,
spec: {
containers: [{
name: appName,
image,
ports: [{ containerPort: 80 }, { containerPort: 9000 }],
resources: {
requests: {
cpu: '1',
memory: '1Gi',
},
limits: {
cpu: '2',
memory: '2Gi',
},
},
env: [{
name: 'PORT',
value: '80',
}, {
name: 'DD_AGENT_HOST',
valueFrom: {
fieldRef: {
fieldPath: 'status.hostIP',
},
},
}]
}],
affinity: {
podAntiAffinity: {
preferredDuringSchedulingIgnoredDuringExecution: [{
weight: 1,
podAffinityTerm: {
topologyKey: 'kubernetes.io/hostname',
labelSelector: {
matchLabels: appLabels,
},
},
}],
},
},
},
},
},
}, defaultOpts);
const autoscaler = new k8s.autoscaling.v2beta2.HorizontalPodAutoscaler(appName, {
metadata: { ...namespaceMetadata, ...labelsMetadata },
spec: {
minReplicas: 2,
maxReplicas: 20,
scaleTargetRef: {
apiVersion: 'apps/v1',
kind: 'Deployment',
name: deployment.metadata.name,
},
metrics: [{
type: 'Resource',
resource: {
name: 'cpu',
target: {
type: 'Utilization',
averageUtilization: 80,
},
},
}],
},
}, defaultOpts);
const pdb = new k8s.policy.v1beta1.PodDisruptionBudget(appName, {
metadata: { ...namespaceMetadata, ...labelsMetadata },
spec: {
selector: {
matchLabels: appLabels,
},
maxUnavailable: 1,
},
}, defaultOpts);
const service = new k8s.core.v1.Service(appName, {
metadata: {
...namespaceMetadata,
...labelsMetadata,
annotations: {
'service.beta.kubernetes.io/aws-load-balancer-type': 'nlb',
'service.beta.kubernetes.io/aws-load-balancer-internal': '0.0.0.0/0'
},
},
spec: {
type: 'LoadBalancer',
selector: appLabels,
ports: [{
name: 'http',
port: 80,
}, {
name: 'prometheus',
port: 9000,
}],
},
});
const serviceMonitor = new k8s.apiextensions.CustomResource(appName, {
apiVersion: 'monitoring.coreos.com/v1',
kind: 'ServiceMonitor',
metadata: { ...namespaceMetadata, labels: { release: 'prometheus'} },
spec: {
endpoints: [{
port: 'prometheus',
}],
selector: {
matchLabels: appLabels,
},
},
}, defaultOpts);
fs.readdir('./dashboards', (err, files) => {
files.forEach((file, i) => {
const name = file.substr(0, file.length - 5).toLowerCase()
const dashboard = new k8s.core.v1.ConfigMap(name, {
metadata: {
namespace: 'kube-system',
labels: { grafana_dashboard: '1' },
},
data: { [file]: fs.readFileSync(`./dashboards/${file}`).toString() },
}, defaultOpts);
});
});
// DNS traffic-mirror.infura.cloud created manually
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment