AWSTemplateFormatVersion: "2010-09-09" Description: "This template deploys a WebSphere Liberty operator into a new EKS cluster in a new VPC. (qs-1tdrmii9l)" Metadata: QuickStartDocumentation: EntrypointName: Deploy with no application Order: 1 LICENSE: Apache License, Version 2.0 AWS::CloudFormation::Interface: ParameterGroups: - Label: default: EKS configuration Parameters: - EKSClusterName - SetupNewECR - AdditionalEKSAdminArns - AvailabilityZones - Label: default: AWS Partner Solution configuration Parameters: - QSS3BucketName - QSS3KeyPrefix - QSS3BucketRegion ParameterLabels: EKSClusterName: default: EKS cluster name QSS3BucketName: default: Partner Solution S3 bucket name QSS3BucketRegion: default: Partner Solution S3 bucket Region QSS3KeyPrefix: default: Partner Solution S3 key prefix AdditionalEKSAdminArns: default: Additional EKS administrator ARNs SetupNewECR: default: Set up new ECR AvailabilityZones: default: Availability Zones Parameters: EKSClusterName: Type: String Description: Name of the new EKS cluster (2-250 characters). The name must start with a letter and contain only lowercase letters, numbers, hyphens, underscores, periods, and forward slashes. MinLength: 2 MaxLength: 250 AllowedPattern: (?:[a-z0-9]+(?:[._-][a-z0-9]+)*/)*[a-z0-9]+(?:[._-][a-z0-9]+)* ConstraintDescription: The name must start with a letter and contain only lowercase letters, numbers, hyphens, underscores, periods, and forward slashes. SetupNewECR: Type: String AllowedValues: ["Yes", "No"] Default: "Yes" Description: >- Choose No if you do not want to set up a new private ECR named -ecr. QSS3BucketName: AllowedPattern: ^[0-9a-z]+([0-9a-z-\.]*[0-9a-z])*$ ConstraintDescription: >- The S3 bucket name can include numbers, lowercase letters, and hyphens (-), but it cannot start or end with a hyphen. Default: aws-quickstart Description: >- Name of the S3 bucket for your copy of the deployment assets. Keep the default name unless you are customizing the template. Changing the name updates code references to point to a new location. MinLength: 3 MaxLength: 63 Type: String QSS3KeyPrefix: Type: String Description: >- S3 key prefix that is used to simulate a folder for your copy of the deployment assets. Keep the default prefix unless you are customizing the template. Changing the prefix updates code references to point to a new location. AllowedPattern: ^([0-9a-zA-Z!-_\.\*'\(\)/]+/)*$ ConstraintDescription: >- The S3 key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), underscores (_), periods (.), asterisks (*), single quotes ('), open parenthesis ((), close parenthesis ()), and forward slashes (/). End the prefix with a forward slash. Default: quickstart-ibm-liberty-eks/ QSS3BucketRegion: Type: String Description: >- AWS Region where the S3 bucket (QSS3BucketName) is hosted. Keep the default Region unless you are customizing the template. Changing the Region updates code references to point to a new location. When using your own bucket, specify the Region. Default: us-east-1 AdditionalEKSAdminArns: Default: "" Description: >- (Optional) One or more IAM user or role ARNs to be granted administrative access to the new EKS cluster. By default, you can access the EKS cluster from boot node only. To enter multiple ARNs, use a comma-delimited list. Example: arn:aws:iam::012345678910:user/myid@example.com, arn:aws:iam::012345678910:user/otherid@example.com. Type: String AvailabilityZones: Description: Availability Zones to use for the subnet in the new VPC. You must select 2 Availability Zones. Type: List Conditions: UsingDefaultBucket: !Equals [!Ref QSS3BucketName, aws-quickstart] SetupECR: !Equals [!Ref SetupNewECR, "Yes"] Resources: IBMLibertyIAMRoleStack: Type: 'AWS::CloudFormation::Stack' Properties: TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/ibm-liberty-iam-role.template.yaml - S3Bucket: !If [UsingDefaultBucket, !Sub 'aws-quickstart-${AWS::Region}', !Ref QSS3BucketName] S3Region: !If [UsingDefaultBucket, !Ref AWS::Region, !Ref QSS3BucketRegion] Parameters: RoleName: !Join [ "", [ "ibm-liberty-", !Ref EKSClusterName, "-", !Ref "AWS::Region", "-role" ] ] IBMLibertyVPCStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template.yaml - S3Bucket: !If [ UsingDefaultBucket, !Sub 'aws-quickstart-${AWS::Region}', !Ref QSS3BucketName ] S3Region: !If [ UsingDefaultBucket, !Ref AWS::Region, !Ref QSS3BucketRegion ] Parameters: AvailabilityZones: !Join [ ',', !Ref AvailabilityZones ] NumberOfAZs: 2 PrivateSubnetATag2: "kubernetes.io/role/internal-elb=" PublicSubnetTag2: "kubernetes.io/role/elb=" IBMLibertyBootNodeStack: Type: 'AWS::CloudFormation::Stack' Properties: TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/ibm-liberty-ec2-bootnode.template.yaml - S3Bucket: !If [UsingDefaultBucket, !Sub 'aws-quickstart-${AWS::Region}', !Ref QSS3BucketName] S3Region: !If [UsingDefaultBucket, !Ref AWS::Region, !Ref QSS3BucketRegion] Parameters: RoleName: !GetAtt IBMLibertyIAMRoleStack.Outputs.RoleName BootNodeName: !Join ["-", [!Ref EKSClusterName, "bootnode"]] EKSClusterName: !Ref EKSClusterName PublicSubnet1ID: !GetAtt 'IBMLibertyVPCStack.Outputs.PublicSubnet1ID' PublicSubnet2ID: !GetAtt 'IBMLibertyVPCStack.Outputs.PublicSubnet2ID' AvailabilityZone1: !Select [0, !Ref AvailabilityZones] AvailabilityZone2: !Select [1, !Ref AvailabilityZones] PrivateSubnet1ID: !GetAtt 'IBMLibertyVPCStack.Outputs.PrivateSubnet1AID' PrivateSubnet2ID: !GetAtt 'IBMLibertyVPCStack.Outputs.PrivateSubnet2AID' IBMLibertyEKSClusterStack: Type: 'AWS::CloudFormation::Stack' Properties: TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/ibm-liberty-create-eks.template.yaml - S3Bucket: !If [UsingDefaultBucket, !Sub 'aws-quickstart-${AWS::Region}', !Ref QSS3BucketName] S3Region: !If [UsingDefaultBucket, !Ref AWS::Region, !Ref QSS3BucketRegion] Parameters: BootNodeInstanceId: !GetAtt IBMLibertyBootNodeStack.Outputs.InstanceId EKSClusterName: !Ref EKSClusterName LaunchType: "EC2" IBMLibertyWorkloadStack: Type: 'AWS::CloudFormation::Stack' DependsOn: - IBMLibertyEKSClusterStack Properties: TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/ibm-liberty-eks-workload.template.yaml - S3Bucket: !If [UsingDefaultBucket, !Sub 'aws-quickstart-${AWS::Region}', !Ref QSS3BucketName] S3Region: !If [UsingDefaultBucket, !Ref AWS::Region, !Ref QSS3BucketRegion] Parameters: BootNodeInstanceId: !GetAtt IBMLibertyBootNodeStack.Outputs.InstanceId BootNodeUser: !GetAtt IBMLibertyBootNodeStack.Outputs.User EKSClusterName: !Ref EKSClusterName LaunchType: "EC2" DeployApp: None MainStackName: !Ref "AWS::StackName" QSS3CodeLocation: !Sub - s3://${S3Bucket}/${QSS3KeyPrefix} - S3Bucket: !If [UsingDefaultBucket, !Sub 'aws-quickstart-${AWS::Region}', !Ref QSS3BucketName] AdditionalEKSAdminArns: !Ref AdditionalEKSAdminArns IBMLibertyECRStack: Type: 'AWS::CloudFormation::Stack' Condition: SetupECR DependsOn: - IBMLibertyEKSClusterStack Properties: TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/ibm-liberty-create-ecr.template.yaml - S3Bucket: !If [UsingDefaultBucket, !Sub 'aws-quickstart-${AWS::Region}', !Ref QSS3BucketName] S3Region: !If [UsingDefaultBucket, !Ref AWS::Region, !Ref QSS3BucketRegion] Parameters: ECRName: !Join ["-", [!Ref EKSClusterName, "ecr"]] Outputs: EKSClusterName: Description: EKS cluster name Value: !Ref EKSClusterName ECRName: Condition: SetupECR Description: ECR name Value: !GetAtt IBMLibertyECRStack.Outputs.ECRName ECRArn: Condition: SetupECR Description: ECR ARN Value: !GetAtt IBMLibertyECRStack.Outputs.ECRArn ECRRepositoryUri: Condition: SetupECR Description: ECR URI Value: !GetAtt IBMLibertyECRStack.Outputs.ECRRepositoryUri BootNodeInstanceId: Description: Boot node EC2 instance ID Value: !GetAtt IBMLibertyBootNodeStack.Outputs.InstanceId BootNodeName: Description: Boot node name Value: !GetAtt IBMLibertyBootNodeStack.Outputs.InstanceName InstallLogsLocation: Description: Install logs location (on boot node) Value: "/opt/ibm/install.log" CloudWatchInstallLogs: Description: Installation logs (in CloudWatch) Value: !GetAtt IBMLibertyWorkloadStack.Outputs.CloudWatchInstallLogs DeploymentProperties: Description: Deployment properties Value: !GetAtt IBMLibertyWorkloadStack.Outputs.DeploymentProperties LibertyAppDeployYaml: Description: CR (Custom Resource) to deploy for WebSphereLibertyApplication Value: !GetAtt IBMLibertyWorkloadStack.Outputs.LibertyAppDeployYaml LibertyAppDeployServiceYaml: Description: CR (Custom Resource) to enable HTTPS access to the WebSphereLibertyApplication Value: !GetAtt IBMLibertyWorkloadStack.Outputs.LibertyAppDeployServiceYaml WLOVersion: Description: The installed version of WebSphere Liberty Operator Value: !GetAtt IBMLibertyWorkloadStack.Outputs.WLOVersion EKSClusterVpcId: Description: The ID of the VPC which was created for your EKS cluster Value: !GetAtt IBMLibertyVPCStack.Outputs.VPCID EKSClusterVpcUrl: Description: URL to manage the VPC which was created for your EKS cluster Value: !Join ["", ["https://", !Ref "AWS::Region", ".console.aws.amazon.com/vpc/home?region=", !Ref "AWS::Region", "#VpcDetails:VpcId=", !GetAtt IBMLibertyVPCStack.Outputs.VPCID]] IAMRoleName: Description: Role name to manage EKS Value: !GetAtt IBMLibertyIAMRoleStack.Outputs.RoleName IAMRoleUrl: Description: The URL to view the IAM role that was used to create the EKS cluster Value: !GetAtt IBMLibertyIAMRoleStack.Outputs.RoleURL