Add pattern for native network policy integration

patterns/aws-vpc-cni-network-policy/README.md

@@ -0,0 +1,46 @@
+# Amazon EKS Cluster w/ ArgoCD
+
+This pattern demonstrates an EKS cluster that uses the native Network Policy support provided by the AWS VPC CNI (v1.14.0 or higher).
+
+- [Documentation](https://argo-cd.readthedocs.io/en/stable/)
+- [EKS Blueprints Add-ons Repo](https://github.com/aws-samples/eks-blueprints-add-ons)
+- [EKS Blueprints Workloads Repo](https://github.com/aws-samples/eks-blueprints-workloads)
+
+## Deploy
+
+See [here](https://aws-ia.github.io/terraform-aws-eks-blueprints/getting-started/#prerequisites) for the prerequisites and steps to deploy this pattern.
+
+## Validate
+
+1. List out the pods running currently:
+
+    ```sh
+    kubectl get pods -A
+    ```
+
+    ```text
+   NAMESPACE         NAME                                       READY   STATUS    RESTARTS   AGE
+    [...]
+    client            client-xlffc                               1/1     Running   0          5m19s
+    [...]
+    management-ui     management-ui-qrb2g                        1/1     Running   0          5m24s
+    stars             backend-sz87q                              1/1     Running   0          5m23s
+    stars             frontend-cscnf                             1/1     Running   0          5m21s
+    [...]
+    ```
+
+    In your output, you should see pods in the namespaces shown in the following output. The NAMES of your pods and the number of pods in the READY column are different than those in the following output. Don't continue until you see pods with similar names and they all have Running in the STATUS column.
+
+2. Connect to the management user interface using the EXTERNAL IP of the running service and observe the traffic flow and restrictions based on the Network Policies deployed:
+
+    ```sh
+    kubectl get service/management-ui -n management-ui
+    ```
+
+    Open the browser based on the URL obtained from the previous step to see the connection map.
+
+## Destroy
+
+{%
+   include-markdown "../../docs/_partials/destroy.md"
+%}

patterns/aws-vpc-cni-network-policy/demo-application/charts/backend/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

patterns/aws-vpc-cni-network-policy/demo-application/charts/backend/Chart.yaml

@@ -0,0 +1,5 @@
+apiVersion: v2
+name: backend
+description: A Helm chart to deploy the backend
+type: application
+version: 1.0.0

patterns/aws-vpc-cni-network-policy/demo-application/charts/backend/templates/deploy.yaml

@@ -0,0 +1,25 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: backend 
+  namespace: stars
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      role: backend
+  template:
+    metadata:
+      labels:
+        role: backend 
+    spec:
+      containers:
+      - name: backend 
+        image: calico/star-probe:v0.1.0
+        imagePullPolicy: Always
+        command:
+        - probe
+        - --http-port=6379
+        - --urls=http://frontend.stars:80/status,http://backend.stars:6379/status,http://client.client:9000/status
+        ports:
+        - containerPort: 6379

patterns/aws-vpc-cni-network-policy/demo-application/charts/backend/templates/ns.yaml

@@ -0,0 +1,4 @@
+kind: Namespace
+apiVersion: v1
+metadata:
+  name: stars

patterns/aws-vpc-cni-network-policy/demo-application/charts/backend/templates/svc.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: backend 
+  namespace: stars
+spec:
+  ports:
+  - port: 6379
+    targetPort: 6379 
+  selector:
+    role: backend

patterns/aws-vpc-cni-network-policy/demo-application/charts/client/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

patterns/aws-vpc-cni-network-policy/demo-application/charts/client/Chart.yaml

@@ -0,0 +1,5 @@
+apiVersion: v2
+name: client
+description: A Helm chart to deploy the client
+type: application
+version: 1.0.0

patterns/aws-vpc-cni-network-policy/demo-application/charts/client/templates/deploy.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: client
+  namespace: client
+spec:
+  ports:
+  - port: 9000 
+    targetPort: 9000
+  selector:
+    role: client 

patterns/aws-vpc-cni-network-policy/demo-application/charts/client/templates/ns.yaml

@@ -0,0 +1,6 @@
+kind: Namespace
+apiVersion: v1
+metadata:
+  name: client
+  labels:
+    role: client

patterns/aws-vpc-cni-network-policy/demo-application/charts/client/templates/svc.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: client
+  namespace: client
+spec:
+  ports:
+  - port: 9000 
+    targetPort: 9000
+  selector:
+    role: client

patterns/aws-vpc-cni-network-policy/demo-application/charts/frontend/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

patterns/aws-vpc-cni-network-policy/demo-application/charts/frontend/Chart.yaml

@@ -0,0 +1,5 @@
+apiVersion: v2
+name: frontend
+description: A Helm chart to deploy the frontend
+type: application
+version: 1.0.0

patterns/aws-vpc-cni-network-policy/demo-application/charts/frontend/templates/deploy.yaml

@@ -0,0 +1,25 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: frontend 
+  namespace: stars
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      role: frontend
+  template:
+    metadata:
+      labels:
+        role: frontend 
+    spec:
+      containers:
+      - name: frontend 
+        image: calico/star-probe:v0.1.0
+        imagePullPolicy: Always
+        command:
+        - probe
+        - --http-port=80
+        - --urls=http://frontend.stars:80/status,http://backend.stars:6379/status,http://client.client:9000/status
+        ports:
+        - containerPort: 80

patterns/aws-vpc-cni-network-policy/demo-application/charts/frontend/templates/ns.yaml

@@ -0,0 +1,4 @@
+kind: Namespace
+apiVersion: v1
+metadata:
+  name: stars

patterns/aws-vpc-cni-network-policy/demo-application/charts/frontend/templates/svc.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: frontend 
+  namespace: stars
+spec:
+  ports:
+  - port: 80 
+    targetPort: 80 
+  selector:
+    role: frontend

patterns/aws-vpc-cni-network-policy/demo-application/charts/management-ui/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

patterns/aws-vpc-cni-network-policy/demo-application/charts/management-ui/Chart.yaml

@@ -0,0 +1,5 @@
+apiVersion: v2
+name: management-ui
+description: A Helm chart to deploy the management-ui
+type: application
+version: 1.0.0

patterns/aws-vpc-cni-network-policy/demo-application/charts/management-ui/templates/deploy.yaml

@@ -0,0 +1,21 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: management-ui 
+  namespace: management-ui 
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      role: management-ui
+  template:
+    metadata:
+      labels:
+        role: management-ui 
+    spec:
+      containers:
+      - name: management-ui 
+        image: calico/star-collect:v0.1.0
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 9001

patterns/aws-vpc-cni-network-policy/demo-application/charts/management-ui/templates/ns.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: management-ui 
+  labels:
+    role: management-ui

patterns/aws-vpc-cni-network-policy/demo-application/charts/management-ui/templates/svc.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: management-ui 
+  namespace: management-ui 
+spec:
+  type: LoadBalancer
+  ports:
+  - port: 80 
+    targetPort: 9001
+  selector:
+    role: management-ui