AWSTemplateFormatVersion: "2010-09-09" Description: Deploy a Boomi Molecule workload into an existing kubernetes cluster (qs-1r813c2of). Parameters: ClusterName: Type: String Description: Name of the EKS cluster to join BoomiUsername: Description: The email account associated with the Boomi account. Type: String NoEcho: true BoomiPassword: Description: The password associated with the Boomi account. Type: String NoEcho: true Default: '' BoomiAccountID: Description: The Boomi account ID that you want to associate with the new Molecule cluster. Type: String NoEcho: true BoomiMFAInstallToken: Description: An MFA installation token generated by your Boomi administrator. Type: String NoEcho: true Default: '' BoomiMFAAPIToken: Description: An MFA API token generated by your Boomi administrator. Type: String NoEcho: true Default: '' LoadBalancerType: Type: String Default: ALB AllowedValues: - ALB - NLB Description: EKS Service Load Balancer Type. WorkloadNamespace: Default: "eks-boomi-molecule" Type: String Description: The Kubernetes namespace to use when provisioning the workload. MoleculeClusterName: Description: The name for the Boomi Molecule cluster. Type: String AllowedPattern: "[a-zA-Z0-9_-]*" Default: Boomi-Molecule-EKS Conditions: InstallTokenProvided: !And - !Not [!Equals [!Ref BoomiMFAInstallToken, '']] - !Not [!Equals [!Ref BoomiMFAAPIToken, '']] InstallPasswordProvided: !And - !Equals [!Ref BoomiMFAInstallToken, ''] - !Equals [!Ref BoomiMFAAPIToken, ''] NetworkLoadBalancer: !Equals [!Ref LoadBalancerType, NLB] ApplicationLoadBalancer: !Equals [!Ref LoadBalancerType, ALB] Resources: KubeManifestSecretPassword: Type: "AWSQS::Kubernetes::Resource" Condition: InstallPasswordProvided DependsOn: - EKSClusterNamespace Properties: # The lambda function that executes the manifest against the cluster. This is created in one of the parent stacks ClusterName: !Ref ClusterName Namespace: !Ref WorkloadNamespace # Kubernetes manifest Manifest: !Sub | apiVersion: v1 kind: Secret metadata: name: "boomi-secret" type: Opaque stringData: username: ${BoomiUsername} password: ${BoomiPassword} account: ${BoomiAccountID} KubeManifestSecret: Type: "AWSQS::Kubernetes::Resource" Condition: InstallTokenProvided DependsOn: - EKSClusterNamespace Properties: # The lambda function that executes the manifest against the cluster. This is created in one of the parent stacks ClusterName: !Ref ClusterName Namespace: !Ref WorkloadNamespace # Kubernetes manifest Manifest: !Sub | apiVersion: v1 kind: Secret metadata: name: "boomi-secret" type: Opaque stringData: account: ${BoomiAccountID} token: ${BoomiMFAInstallToken} EKSMetricsServer: Type: 'AWSQS::Kubernetes::Helm' Properties: ClusterID: !Ref ClusterName Namespace: kube-system Chart: charts/metrics-server Repository: https://charts.bitnami.com/bitnami Values: #image.repository: k8s.gcr.io/metrics-server/metrics-server #image.tag: v0.4.1 serviceAccount.name: metrics-server serviceAccount.create: true EKSClusterNamespace: Type: AWSQS::Kubernetes::Resource DependsOn: - EKSMetricsServer Properties: # The lambda function that executes the manifest against the cluster. This is created in one of the parent stacks ClusterName: !Ref ClusterName Namespace: default # Kubernetes manifest URL Manifest: | apiVersion: v1 kind: Namespace metadata: name: eks-boomi-molecule labels: name: eks-boomi-molecule KubeManifestMoleculeNLBSerivice: Condition: NetworkLoadBalancer Type: "AWSQS::Kubernetes::Resource" DependsOn: - EKSMetricsServer - EKSClusterNamespace Properties: # The lambda function that executes the manifest against the cluster. This is created in one of the parent stacks ClusterName: !Ref ClusterName Namespace: !Ref WorkloadNamespace # Kubernetes manifest URL Manifest: !Sub | apiVersion: v1 kind: Service metadata: name: molecule-service annotations: service.beta.kubernetes.io/aws-load-balancer-type: nlb labels: app: molecule spec: selector: app: molecule type: LoadBalancer ports: - name: https protocol: TCP port: 443 targetPort: 9090 - name: http protocol: TCP port: 80 targetPort: 9090 KubeManifestMoleculeALBSerivice: Condition: ApplicationLoadBalancer Type: AWSQS::Kubernetes::Resource DependsOn: - EKSMetricsServer - EKSClusterNamespace Properties: # The lambda function that executes the manifest against the cluster. This is created in one of the parent stacks ClusterName: !Ref ClusterName Namespace: !Ref WorkloadNamespace Manifest: | apiVersion: v1 kind: Service metadata: name: molecule-service labels: app: molecule spec: type: NodePort selector: app: molecule ports: - name: https protocol: TCP port: 443 targetPort: 9090 - name: http protocol: TCP port: 80 targetPort: 9090 KubeManifestMoleculeIngress: Condition: ApplicationLoadBalancer Type: AWSQS::Kubernetes::Resource DependsOn: - KubeManifestMoleculeALBSerivice - EKSClusterNamespace Properties: ClusterName: !Ref ClusterName Namespace: !Ref WorkloadNamespace Manifest: !Sub | apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: molecule-ingress annotations: # trigger the alb-ingress-controller kubernetes.io/ingress.class: alb # set ALB parameters alb.ingress.kubernetes.io/target-type: ip alb.ingress.kubernetes.io/scheme: internet-facing alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80}]' alb.ingress.kubernetes.io/ssl-policy: ELBSecurityPolicy-TLS-1-2-Ext-2018-06 alb.ingress.kubernetes.io/load-balancer-attributes: routing.http2.enabled=true # allow 404s on the health check alb.ingress.kubernetes.io/healthcheck-path: "/_admin/status" alb.ingress.kubernetes.io/success-codes: "200,404" spec: # forward all requests to nginx-ingress-controller rules: - http: paths: - path: /* pathType: Prefix backend: service: name: molecule-service port: number: 443 KubeManifestMoleculeStatefulSetPassword: Type: AWSQS::Kubernetes::Resource Condition: InstallPasswordProvided DependsOn: - EKSMetricsServer - EFSPVC Properties: # The lambda function that executes the manifest against the cluster. This is created in one of the parent stacks ClusterName: !Ref ClusterName Namespace: !Ref WorkloadNamespace # Kubernetes manifest URL Manifest: !Sub | apiVersion: apps/v1 kind: StatefulSet metadata: name: molecule labels: app: molecule spec: selector: matchLabels: app: molecule serviceName: "molecule-service" replicas: 3 template: metadata: labels: app: molecule spec: terminationGracePeriodSeconds: 60 volumes: - name: molecule-storage persistentVolumeClaim: claimName: molecule-storage securityContext: fsGroup: 1000 containers: - image: boomi/molecule:4.2.0 imagePullPolicy: Always name: atom-node ports: - containerPort: 9090 protocol: TCP - containerPort: 9093 protocol: TCP lifecycle: preStop: exec: command: - sh - /home/boomi/scaledown.sh resources: limits: cpu: "2000m" memory: "4000Mi" requests: cpu: "2000m" memory: "4000Mi" volumeMounts: - name: molecule-storage mountPath: "/mnt/boomi" readinessProbe: periodSeconds: 10 initialDelaySeconds: 10 httpGet: path: /_admin/readiness port: 9090 livenessProbe: periodSeconds: 60 httpGet: path: /_admin/liveness port: 9090 env: - name: BOOMI_ATOMNAME value: ${MoleculeClusterName} - name: ATOM_LOCALHOSTID valueFrom: fieldRef: fieldPath: metadata.name - name: BOOMI_ACCOUNTID valueFrom: secretKeyRef: name: boomi-secret key: account - name: BOOMI_USERNAME valueFrom: secretKeyRef: name: boomi-secret key: username - name: BOOMI_PASSWORD valueFrom: secretKeyRef: name: boomi-secret key: password - name: CONTAINER_PROPERTIES_OVERRIDES value: "com.boomi.container.debug=true" KubeManifestMoleculeStatefulSet: Type: AWSQS::Kubernetes::Resource Condition: InstallTokenProvided DependsOn: - EKSMetricsServer - EFSPVC Properties: # The lambda function that executes the manifest against the cluster. This is created in one of the parent stacks ClusterName: !Ref ClusterName Namespace: !Ref WorkloadNamespace # Kubernetes manifest URL Manifest: !Sub | apiVersion: apps/v1 kind: StatefulSet metadata: name: molecule labels: app: molecule spec: selector: matchLabels: app: molecule serviceName: "molecule-service" replicas: 3 template: metadata: labels: app: molecule spec: terminationGracePeriodSeconds: 60 volumes: - name: molecule-storage persistentVolumeClaim: claimName: molecule-storage securityContext: fsGroup: 1000 containers: - image: boomi/molecule:4.2.0 imagePullPolicy: Always name: atom-node ports: - containerPort: 9090 protocol: TCP - containerPort: 9093 protocol: TCP lifecycle: preStop: exec: command: - sh - /home/boomi/scaledown.sh resources: limits: cpu: "2000m" memory: "4000Mi" requests: cpu: "2000m" memory: "4000Mi" volumeMounts: - name: molecule-storage mountPath: "/mnt/boomi" readinessProbe: periodSeconds: 10 initialDelaySeconds: 10 httpGet: path: /_admin/readiness port: 9090 livenessProbe: periodSeconds: 60 httpGet: path: /_admin/liveness port: 9090 env: - name: BOOMI_ATOMNAME value: ${MoleculeClusterName} - name: ATOM_LOCALHOSTID valueFrom: fieldRef: fieldPath: metadata.name - name: BOOMI_ACCOUNTID valueFrom: secretKeyRef: name: boomi-secret key: account - name: INSTALL_TOKEN valueFrom: secretKeyRef: name: boomi-secret key: token - name: CONTAINER_PROPERTIES_OVERRIDES value: "com.boomi.container.debug=true" KubeManifestHPAPassword: Type: AWSQS::Kubernetes::Resource Condition: InstallPasswordProvided DependsOn: - KubeManifestMoleculeStatefulSetPassword - EKSClusterNamespace Properties: # The lambda function that executes the manifest against the cluster. This is created in one of the parent stacks ClusterName: !Ref ClusterName Namespace: !Ref WorkloadNamespace # Kubernetes manifest URL Manifest: | apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: molecule-hpa labels: app: molecule spec: scaleTargetRef: apiVersion: apps/v1beta1 kind: StatefulSet name: molecule minReplicas: 3 maxReplicas: 200 ## Kubernetes v1.18 dependent. # behavior: # scaleDown: # stabilizationWindowSeconds: 60 ## metrics: - type: Resource resource: name: cpu target: type: Utilization averageUtilization: 60 KubeManifestHPA: Type: AWSQS::Kubernetes::Resource Condition: InstallTokenProvided DependsOn: - KubeManifestMoleculeStatefulSet - EKSClusterNamespace Properties: # The lambda function that executes the manifest against the cluster. This is created in one of the parent stacks ClusterName: !Ref ClusterName Namespace: !Ref WorkloadNamespace # Kubernetes manifest URL Manifest: | apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: molecule-hpa labels: app: molecule spec: scaleTargetRef: apiVersion: apps/v1beta1 kind: StatefulSet name: molecule minReplicas: 3 maxReplicas: 200 ## Kubernetes v1.18 dependent. # behavior: # scaleDown: # stabilizationWindowSeconds: 60 ## metrics: - type: Resource resource: name: cpu target: type: Utilization averageUtilization: 60 EFSPVC: Type: AWSQS::Kubernetes::Resource DependsOn: - EKSMetricsServer - EKSClusterNamespace Properties: # The lambda function that executes the manifest against the cluster. This is created in one of the parent stacks ClusterName: !Ref ClusterName Namespace: !Ref WorkloadNamespace # Kubernetes manifest URL Manifest: | apiVersion: v1 kind: PersistentVolumeClaim metadata: name: molecule-storage spec: accessModes: - ReadWriteMany resources: requests: storage: 1Gi storageClassName: efs-sc volumeMode: Filesystem