layla/nakama-helm-chart
1
0
Fork 0
mirror of https://github.com/yeslayla/nakama-helm-chart.git synced 2025-09-14 00:03:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: layla:feature/customImage
Branches Tags
layla:master layla:feature/privaterepo layla:feature/customImage
..
compare: layla:7e496a12286ca84e413d59192b805e6721a55e85
Branches Tags
layla:master layla:feature/privaterepo layla:feature/customImage

3 Commits
feature/cu ... 7e496a1228

Author SHA1 Message Date
Joseph Manley
7e496a1228 Change server name to not have - 2020-08-03 22:50:34 -04:00
Joseph Manley
a9e6eb3387 BUGFIX: Give ECS permission to grab private repo secret 2020-07-31 21:05:06 -04:00
Joseph Manley
a57c16a69e Allow ECS to pull docker image from private repo 
Use AWS::NoValue

Remove {}

Try at CredentialsParameter level

Duplicate code :/

Remove volume
 2020-07-28 19:45:34 -04:00
2 changed files with 107 additions and 34 deletions
Expand all files Collapse all files

133
cloudformation/nakama/task.yaml
View File

@ -3,7 +3,7 @@ Description: Nakama ECS Task
Parameters: Parameters:
ServerName: ServerName:
Type: String Type: String
Default: "nakama-default" Default: "main"
NakamaContainer: NakamaContainer:
Type: String Type: String
Description: test Description: test
@ -38,12 +38,49 @@ Parameters:
Type: Number Type: Number
Description: Port for the Postgres server Description: Port for the Postgres server
Default: 5432 Default: 5432
RepositoryCredentialsSecret:
Type: String
Description: Arn of repostiory secret from AWS Secrets Manager. See https://docs.aws.amazon.com/AmazonECS/latest/developerguide/private-auth.html for more information
Default: ""
Conditions: Conditions:
CreateSecret: !Equals [!Ref NakamaPasswordOverride, ""] CreateSecret: !Equals [!Ref NakamaPasswordOverride, ""]
NoRepositoryCredentials: !Equals [!Ref RepositoryCredentialsSecret, ""]
RepositoryCredentials: !Not [!Equals [!Ref RepositoryCredentialsSecret, ""]]
Resources: Resources:
EcsExecutionerRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- ecs-tasks.amazonaws.com
Action:
- sts:AssumeRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/CloudWatchLogsFullAccess
EcsExecutionPolicy:
Condition: RepositoryCredentials
Type: AWS::IAM::Policy
Properties:
PolicyName: AllowGettingSecrets
Roles:
- !Ref EcsExecutionerRole
PolicyDocument:
Statement:
- Sid: ReadDockerSecret
Action:
- secretsmanager:Describe*
- secretsmanager:Get*
- secretsmanager:List*
Effect: Allow
Resource: !Ref RepositoryCredentialsSecret
AdminPortalPassword: AdminPortalPassword:
Type: AWS::SecretsManager::Secret Type: AWS::SecretsManager::Secret
Condition: CreateSecret Condition: CreateSecret
@ -63,40 +100,68 @@ Resources:
TaskDefinition: TaskDefinition:
Type: AWS::ECS::TaskDefinition Type: AWS::ECS::TaskDefinition
Properties: Properties:
ExecutionRoleArn: !Ref EcsExecutionerRole
ContainerDefinitions: ContainerDefinitions:
- Name: nakama - !If
Essential: 'true' - NoRepositoryCredentials
Image: !Ref NakamaContainer - Name: nakama
MemoryReservation: 800 Essential: 'true'
PortMappings: Image: !Ref NakamaContainer
- HostPort: 0 MemoryReservation: 800
ContainerPort: 7348 PortMappings:
- HostPort: 0 - HostPort: 0
ContainerPort: 7349 ContainerPort: 7348
- HostPort: 0 - HostPort: 0
ContainerPort: 7350 ContainerPort: 7349
- HostPort: 0 - HostPort: 0
ContainerPort: 7351 ContainerPort: 7350
LogConfiguration: - HostPort: 0
LogDriver: awslogs ContainerPort: 7351
Options: LogConfiguration:
awslogs-region: LogDriver: awslogs
Ref: AWS::Region Options:
awslogs-group: awslogs-region:
Ref: LogGroup Ref: AWS::Region
MountPoints: awslogs-group:
- ContainerPath: /nakama/volume Ref: LogGroup
SourceVolume: "nakama-volume" EntryPoint:
EntryPoint: - "/bin/sh"
- "/bin/sh" - "-ecx"
- "-ecx" - !Join ["", [
- !Join ["", [ !Sub "/nakama/nakama migrate up --database.address ${DatabaseUsername}:${DatabasePassword}@${DatabaseEndpoint}:${DatabasePort} &&\n",
!Sub "/nakama/nakama migrate up --database.address ${DatabaseUsername}:${DatabasePassword}@${DatabaseEndpoint}:${DatabasePort} &&\n", !Sub "exec /nakama/nakama --name ${ServerName} --database.address ${DatabaseUsername}:${DatabasePassword}@${DatabaseEndpoint}:${DatabasePort} --console.username ${NakamaUsername} --console.password \"",
!Sub "exec /nakama/nakama --name ${ServerName} --database.address ${DatabaseUsername}:${DatabasePassword}@${DatabaseEndpoint}:${DatabasePort} --console.username ${NakamaUsername} --console.password \"", !If [CreateSecret, !Join ["", ["{{resolve:secretsmanager:", !Ref AdminPortalPassword,":SecretString}}" ]], !Ref NakamaPasswordOverride ], "\""
!If [CreateSecret, !Join ["", ["{{resolve:secretsmanager:", !Ref AdminPortalPassword,":SecretString}}" ]], !Ref NakamaPasswordOverride ], "\"" ]]
]] - Name: nakama
Volumes: Essential: 'true'
- Name: "nakama-volume" Image: !Ref NakamaContainer
RepositoryCredentials:
CredentialsParameter: !Ref RepositoryCredentialsSecret
MemoryReservation: 800
PortMappings:
- HostPort: 0
ContainerPort: 7348
- HostPort: 0
ContainerPort: 7349
- HostPort: 0
ContainerPort: 7350
- HostPort: 0
ContainerPort: 7351
LogConfiguration:
LogDriver: awslogs
Options:
awslogs-region:
Ref: AWS::Region
awslogs-group:
Ref: LogGroup
EntryPoint:
- "/bin/sh"
- "-ecx"
- !Join ["", [
!Sub "/nakama/nakama migrate up --database.address ${DatabaseUsername}:${DatabasePassword}@${DatabaseEndpoint}:${DatabasePort} &&\n",
!Sub "exec /nakama/nakama --name ${ServerName} --database.address ${DatabaseUsername}:${DatabasePassword}@${DatabaseEndpoint}:${DatabasePort} --console.username ${NakamaUsername} --console.password \"",
!If [CreateSecret, !Join ["", ["{{resolve:secretsmanager:", !Ref AdminPortalPassword,":SecretString}}" ]], !Ref NakamaPasswordOverride ], "\""
]]
Outputs: Outputs:
TaskArn: TaskArn:
Description: ARN of the TaskDefinition Description: ARN of the TaskDefinition

8
cloudformation/nakama/top.yaml
View File

@ -25,6 +25,10 @@ Parameters:
Type: String Type: String
Description: The cluster to run the Nakama service on, if empty will create new cluster. Description: The cluster to run the Nakama service on, if empty will create new cluster.
Default: "" Default: ""
RepositoryCredentialsSecret:
Type: String
Description: Arn of repostiory secret from AWS Secrets Manager. See https://docs.aws.amazon.com/AmazonECS/latest/developerguide/private-auth.html for more information
Default: ""
#----------------- #-----------------
# Load Balancing # Load Balancing
@ -149,6 +153,7 @@ Metadata:
default: "ECS Configuration" default: "ECS Configuration"
Parameters: Parameters:
- EcsClusterOverride - EcsClusterOverride
- RepositoryCredentialsSecret
- Label: - Label:
default: "Database Configuration" default: "Database Configuration"
Parameters: Parameters:
@ -212,6 +217,8 @@ Metadata:
default: "RDS Storage" default: "RDS Storage"
RdsAccessCidr: RdsAccessCidr:
default: "RDS Allow Access CIDR" default: "RDS Allow Access CIDR"
RepositoryCredentialsSecret:
default: "Docker Repository Credentials"
Conditions: Conditions:
@ -298,6 +305,7 @@ Resources:
DatabasePort: !If ["CreateRdsStack", !GetAtt RdsDatabase.Outputs.RdsPort, !Ref DatabasePort] DatabasePort: !If ["CreateRdsStack", !GetAtt RdsDatabase.Outputs.RdsPort, !Ref DatabasePort]
NakamaUsername: !Ref NakamaUsername NakamaUsername: !Ref NakamaUsername
NakamaPasswordOverride: !Ref NakamaPasswordOverride NakamaPasswordOverride: !Ref NakamaPasswordOverride
RepositoryCredentialsSecret: !Ref RepositoryCredentialsSecret
EcsService: EcsService:
DependsOn: LoadBalancing DependsOn: LoadBalancing