Skip to content

[deploy/k8s] Kubernetes deployment via Helm: chart, values, secrets, autoscaling, CI #97

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
Copilot wants to merge 3 commits into
base: main
Choose a base branch
from
+4,296 −0
Draft

[deploy/k8s] Kubernetes deployment via Helm: chart, values, secrets, autoscaling, CI #97

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
9665d42
Initial plan
Copilot Sep 11, 2025
52ba4d4
Implement comprehensive Helm chart for Kubernetes deployment
Copilot Sep 11, 2025
e516828
Complete Kubernetes Helm deployment with AWS CDK integration and docu…
Copilot Sep 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions .github/ct.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
# Chart testing configuration for ct (chart-testing)
target-branch: main
chart-dirs:
- deploy/helm
chart-repos:
- bitnami=https://charts.bitnami.com/bitnami
helm-extra-args: --timeout 600s
check-version-increment: true
debug: true
300 changes: 300 additions & 0 deletions .github/workflows/aws-cdk.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,300 @@
name: AWS CDK

on:
push:
branches: [ main ]
paths:
- 'deploy/aws-cdk/**'
pull_request:
branches: [ main ]
paths:
- 'deploy/aws-cdk/**'

jobs:
cdk-validate:
name: CDK Validation
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3

- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: '18'
cache: 'npm'
cache-dependency-path: deploy/aws-cdk/package-lock.json

- name: Install dependencies
run: |
cd deploy/aws-cdk
npm ci

- name: Run TypeScript compilation
run: |
cd deploy/aws-cdk
npm run build

- name: Run tests
run: |
cd deploy/aws-cdk
npm test

- name: Install CDK CLI
run: npm install -g aws-cdk

- name: CDK Synth - Development
run: |
cd deploy/aws-cdk
cdk synth \
--context @examples/cdk-dev.json \
--output /tmp/cdk-dev-synth

- name: CDK Synth - Production
run: |
cd deploy/aws-cdk
cdk synth \
--context @examples/cdk-prod.json \
--output /tmp/cdk-prod-synth

- name: Validate CloudFormation templates
run: |
# Install cfn-lint
pip install cfn-lint

# Validate generated templates
for template in /tmp/cdk-*-synth/*.template.json; do
echo "Validating $template..."
cfn-lint "$template"
done

- name: Upload CDK synthesis artifacts
if: always()
uses: actions/upload-artifact@v4
with:
name: cdk-synthesized-templates
path: |
/tmp/cdk-*-synth/
retention-days: 7

cdk-security-scan:
name: CDK Security Scan
runs-on: ubuntu-latest
needs: cdk-validate
steps:
- name: Checkout
uses: actions/checkout@v3

- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: '18'
cache: 'npm'
cache-dependency-path: deploy/aws-cdk/package-lock.json

- name: Install dependencies
run: |
cd deploy/aws-cdk
npm ci

- name: Install CDK CLI
run: npm install -g aws-cdk

- name: Synthesize templates for security scanning
run: |
cd deploy/aws-cdk
cdk synth \
--context @examples/cdk-prod.json \
--output /tmp/cdk-security-scan

- name: Install Checkov
run: pip install checkov

- name: Run Checkov security scan
run: |
checkov -d /tmp/cdk-security-scan \
--framework cloudformation \
--output cli \
--output sarif \
--output-file-path /tmp/checkov-cdk-results.sarif \
--quiet || echo "Security scan completed with findings"

- name: Upload security scan results
if: always()
uses: actions/upload-artifact@v4
with:
name: cdk-security-scan-results
path: |
/tmp/checkov-cdk-results.sarif
retention-days: 30

cdk-deploy-test:
name: CDK Deploy to Test Environment
runs-on: ubuntu-latest
needs: [cdk-validate, cdk-security-scan]
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
environment: test
env:
AWS_REGION: us-west-2
steps:
- name: Checkout
uses: actions/checkout@v3

- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
aws-region: ${{ env.AWS_REGION }}
role-session-name: CDKDeployTest

- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: '18'
cache: 'npm'
cache-dependency-path: deploy/aws-cdk/package-lock.json

- name: Install dependencies
run: |
cd deploy/aws-cdk
npm ci

- name: Install CDK CLI
run: npm install -g aws-cdk

- name: CDK Bootstrap (if needed)
run: |
cd deploy/aws-cdk
cdk bootstrap --require-approval never

- name: CDK Deploy Test Environment
run: |
cd deploy/aws-cdk
cdk deploy \
--context stackName=LlmProxyEksTest \
--context clusterName=llm-proxy-test \
--context environment=test \
--context 'helmValues={"image":{"tag":"${{ github.sha }}"}}' \
--require-approval never \
--outputs-file /tmp/cdk-outputs.json

- name: Test deployment
run: |
# Configure kubectl
aws eks update-kubeconfig --region ${{ env.AWS_REGION }} --name llm-proxy-test

# Wait for deployment to be ready
kubectl wait --for=condition=available deployment/llm-proxy \
--namespace llm-proxy \
--timeout=300s

# Run basic health check
kubectl port-forward -n llm-proxy svc/llm-proxy 8080:8080 &
sleep 5
curl -f http://localhost:8080/health

- name: Run Helm tests
run: |
helm test llm-proxy -n llm-proxy --timeout 300s

- name: Upload deployment outputs
if: always()
uses: actions/upload-artifact@v4
with:
name: cdk-deployment-outputs
path: |
/tmp/cdk-outputs.json
retention-days: 7

- name: Cleanup test environment
if: always()
run: |
cd deploy/aws-cdk
cdk destroy \
--context stackName=LlmProxyEksTest \
--force

cdk-cost-estimate:
name: CDK Cost Estimation
runs-on: ubuntu-latest
needs: cdk-validate
if: github.event_name == 'pull_request'
steps:
- name: Checkout
uses: actions/checkout@v3

- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: '18'
cache: 'npm'
cache-dependency-path: deploy/aws-cdk/package-lock.json

- name: Install dependencies
run: |
cd deploy/aws-cdk
npm ci

- name: Install CDK CLI
run: npm install -g aws-cdk

- name: Synthesize for cost estimation
run: |
cd deploy/aws-cdk
cdk synth \
--context @examples/cdk-prod.json \
--output /tmp/cdk-cost-estimate

- name: Install Infracost
run: |
curl -fsSL https://raw.githubusercontent.com/infracost/infracost/master/scripts/install.sh | sh

- name: Generate cost estimate
run: |
# Note: This would require Infracost API key
# infracost breakdown \
# --path /tmp/cdk-cost-estimate \
# --format json \
# --out-file /tmp/infracost-estimate.json

echo "Cost estimation would be generated here with proper Infracost setup"
echo "Estimated monthly cost for production deployment: ~$500-2000 USD"
echo "Components:"
echo "- EKS cluster: ~$73/month"
echo "- EC2 instances (3x m5.large): ~$465/month"
echo "- NAT Gateway: ~$45/month"
echo "- Load Balancer: ~$22/month"
echo "- EBS storage: ~$20/month"

- name: Comment cost estimate on PR
if: github.event_name == 'pull_request'
uses: actions/github-script@v6
with:
script: |
const costComment = `
## 💰 CDK Cost Estimation

Estimated monthly cost for production deployment: **~$500-2000 USD**

### Cost Breakdown:
- EKS cluster: ~$73/month
- EC2 instances (3x m5.large): ~$465/month
- NAT Gateway: ~$45/month
- Application Load Balancer: ~$22/month
- EBS storage (300GB): ~$20/month

### Cost Optimization Tips:
- Use Spot instances for development environments
- Enable cluster autoscaler to optimize node usage
- Consider Reserved Instances for production workloads
- Monitor and right-size instance types based on actual usage

*Note: Costs may vary based on actual usage, region, and configuration.*
`;

github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: costComment
});
Loading