This is the project repo for the fourth of five projects in the Udacity Full Stack Nanodegree: Server Deployment, Containerization, and Testing.
The purpose of this project was to containerize and deploy a Flask API to a Kubernetes cluster using Docker, AWS EKS, CodePipeline, and CodeBuild.
The Flask app that will be used for this project consists of a simple API with three endpoints:
GET '/'
: This is a simple health check, which returns the response 'Healthy'.POST '/auth'
: This takes a email and password as json arguments and returns a JWT based on a custom secret.GET '/contents'
: This requires a valid JWT, and returns the un-encrpyted contents of that token.
The app relies on a secret set as the environment variable JWT_SECRET
to produce a JWT. The built-in Flask server is adequate for local development, but not production, so Gunicorn server was used when deploying on AWS.
- Clone this repo to serve the project.
- Docker Engine
- AWS Account
- You can create an AWS account by signing up here.
Completing the project involves several steps:
- Write a Dockerfile for a simple Flask API
- Build and test the container locally
- Create an EKS cluster
- Create cluster in the default region
eksctl create cluster --name simple-jwt-api
- Create a cluster in a specific region, such as us-east-2
eksctl create cluster --name simple-jwt-api --region=us-east-2
- Get AWS Account ID
aws sts get-caller-identity --query Account --output text
- Update
conifgmap/aws-auth
with AWS ID and necessary permisisons
- Store a secret using AWS Parameter Store
- Put secret into AWS Parameter Store
aws ssm put-parameter --name JWT_SECRET --overwrite --value "YourJWTSecret" --type SecureString
- Once you receive project reviews, consider deleting the variable from parameter-store:
aws ssm delete-parameter --name JWT_SECRET
- Create a CodePipeline pipeline triggered by GitHub checkins
- Use the AWS MAnagement Console to navigate to CloudFormation and upload
ci-cd-codepipeline.cfn.yml
and create the stack - be sure to generate and supply your Github access token
- also be sure to check the IAM checkbox on the last page, or else CFN will not have necessary permisions
- Create a CodeBuild stage which will build, test, and deploy your code
- make an edit and commit your change
- After a minute or two, check to see if the build was initiated
For more detail about each of these steps, see the project lesson here.