From 029d29c373cb47738e692434a657fc058215c911 Mon Sep 17 00:00:00 2001
From: Valentin Widmer <widmerva@amazon.com>
Date: Tue, 3 Oct 2023 21:56:34 +0700
Subject: [PATCH] Fix conflicting namespaces

---
 .../charts/backend/templates/ns.yaml          |  4 --
 .../charts/client/templates/deploy.yaml       | 27 ++++++++---
 .../charts/client/templates/ns.yaml           |  6 ---
 .../charts/frontend/templates/ns.yaml         |  4 --
 .../charts/management-ui/templates/ns.yaml    |  6 ---
 patterns/aws-vpc-cni-network-policy/main.tf   | 48 +++++++++++++++++--
 .../aws-vpc-cni-network-policy/versions.tf    |  4 ++
 7 files changed, 67 insertions(+), 32 deletions(-)
 delete mode 100644 patterns/aws-vpc-cni-network-policy/demo-application/charts/backend/templates/ns.yaml
 delete mode 100644 patterns/aws-vpc-cni-network-policy/demo-application/charts/client/templates/ns.yaml
 delete mode 100644 patterns/aws-vpc-cni-network-policy/demo-application/charts/frontend/templates/ns.yaml
 delete mode 100644 patterns/aws-vpc-cni-network-policy/demo-application/charts/management-ui/templates/ns.yaml

diff --git a/patterns/aws-vpc-cni-network-policy/demo-application/charts/backend/templates/ns.yaml b/patterns/aws-vpc-cni-network-policy/demo-application/charts/backend/templates/ns.yaml
deleted file mode 100644
index 2920a0c838..0000000000
--- a/patterns/aws-vpc-cni-network-policy/demo-application/charts/backend/templates/ns.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
-kind: Namespace
-apiVersion: v1
-metadata:
-  name: stars
\ No newline at end of file
diff --git a/patterns/aws-vpc-cni-network-policy/demo-application/charts/client/templates/deploy.yaml b/patterns/aws-vpc-cni-network-policy/demo-application/charts/client/templates/deploy.yaml
index 00c8dca7fe..8d763dcede 100644
--- a/patterns/aws-vpc-cni-network-policy/demo-application/charts/client/templates/deploy.yaml
+++ b/patterns/aws-vpc-cni-network-policy/demo-application/charts/client/templates/deploy.yaml
@@ -1,11 +1,24 @@
-apiVersion: v1
-kind: Service
+apiVersion: apps/v1
+kind: Deployment
 metadata:
-  name: client
+  name: client 
   namespace: client
 spec:
-  ports:
-  - port: 9000 
-    targetPort: 9000
+  replicas: 1
   selector:
-    role: client 
\ No newline at end of file
+    matchLabels:
+      role: client
+  template:
+    metadata:
+      labels:
+        role: client 
+    spec:
+      containers:
+      - name: client 
+        image: calico/star-probe:v0.1.0
+        imagePullPolicy: Always
+        command:
+        - probe
+        - --urls=http://frontend.stars:80/status,http://backend.stars:6379/status
+        ports:
+        - containerPort: 9000 
\ No newline at end of file
diff --git a/patterns/aws-vpc-cni-network-policy/demo-application/charts/client/templates/ns.yaml b/patterns/aws-vpc-cni-network-policy/demo-application/charts/client/templates/ns.yaml
deleted file mode 100644
index 2bded998f5..0000000000
--- a/patterns/aws-vpc-cni-network-policy/demo-application/charts/client/templates/ns.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
-kind: Namespace
-apiVersion: v1
-metadata:
-  name: client
-  labels:
-    role: client
\ No newline at end of file
diff --git a/patterns/aws-vpc-cni-network-policy/demo-application/charts/frontend/templates/ns.yaml b/patterns/aws-vpc-cni-network-policy/demo-application/charts/frontend/templates/ns.yaml
deleted file mode 100644
index 2920a0c838..0000000000
--- a/patterns/aws-vpc-cni-network-policy/demo-application/charts/frontend/templates/ns.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
-kind: Namespace
-apiVersion: v1
-metadata:
-  name: stars
\ No newline at end of file
diff --git a/patterns/aws-vpc-cni-network-policy/demo-application/charts/management-ui/templates/ns.yaml b/patterns/aws-vpc-cni-network-policy/demo-application/charts/management-ui/templates/ns.yaml
deleted file mode 100644
index ef0a8ec158..0000000000
--- a/patterns/aws-vpc-cni-network-policy/demo-application/charts/management-ui/templates/ns.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: management-ui 
-  labels:
-    role: management-ui
\ No newline at end of file
diff --git a/patterns/aws-vpc-cni-network-policy/main.tf b/patterns/aws-vpc-cni-network-policy/main.tf
index 13323fb51e..28cbb42d12 100644
--- a/patterns/aws-vpc-cni-network-policy/main.tf
+++ b/patterns/aws-vpc-cni-network-policy/main.tf
@@ -28,6 +28,20 @@ provider "helm" {
   }
 }
 
+provider "kubectl" {
+  apply_retry_count      = 5
+  host                   = module.eks.cluster_endpoint
+  cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
+  load_config_file       = false
+
+  exec {
+    api_version = "client.authentication.k8s.io/v1beta1"
+    command     = "aws"
+    # This requires the awscli to be installed locally where Terraform is executed
+    args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name]
+  }
+}
+
 data "aws_availability_zones" "available" {}
 
 locals {
@@ -124,13 +138,37 @@ module "vpc" {
 # Demo application
 ################################################################################
 
+resource "kubectl_manifest" "management_ui_namespace" {
+  yaml_body  = <<YAML
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: management-ui 
+  labels:
+    role: management-ui
+YAML
+  depends_on = [module.eks]
+}
+
+resource "kubectl_manifest" "client_namespace" {
+  yaml_body  = <<YAML
+apiVersion: v1
+kind: Namespace
+apiVersion: v1
+metadata:
+  name: client
+  labels:
+    role: client
+YAML
+  depends_on = [module.eks]
+}
+
 resource "helm_release" "management_ui" {
   name             = "management-ui"
   chart            = "./demo-application/charts/management-ui"
   namespace        = "management-ui"
-  create_namespace = true
 
-  depends_on = [module.eks]
+  depends_on = [module.eks, kubectl_manifest.management_ui_namespace]
 }
 
 resource "helm_release" "backend" {
@@ -143,7 +181,7 @@ resource "helm_release" "backend" {
 }
 
 resource "helm_release" "frontend" {
-  name             = "backend"
+  name             = "frontend"
   chart            = "./demo-application/charts/frontend"
   namespace        = "stars"
   create_namespace = true
@@ -155,15 +193,15 @@ resource "helm_release" "client" {
   name             = "backend"
   chart            = "./demo-application/charts/client"
   namespace        = "client"
-  create_namespace = true
 
-  depends_on = [module.eks]
+  depends_on = [kubectl_manifest.management_ui_namespace]
 }
 
 ################################################################################
 # Restrict access using K8S Network Policies
 ################################################################################
 
+# Block all ingress and egress traffic within the stars ns
 resource "kubectl_manifest" "default_deny_stars" {
   yaml_body  = <<YAML
 kind: NetworkPolicy
diff --git a/patterns/aws-vpc-cni-network-policy/versions.tf b/patterns/aws-vpc-cni-network-policy/versions.tf
index 4b98ab82b1..a2f5c89e44 100644
--- a/patterns/aws-vpc-cni-network-policy/versions.tf
+++ b/patterns/aws-vpc-cni-network-policy/versions.tf
@@ -14,5 +14,9 @@ terraform {
       source  = "hashicorp/kubernetes"
       version = ">= 2.20"
     }
+    kubectl = {
+      source  = "gavinbunney/kubectl"
+      version = ">= 1.14"
+    }
   }
 }