lib/ide-services-app.ts (135 lines of code) (raw):
import * as cdk from 'aws-cdk-lib';
import { Construct } from 'constructs';
import * as eks from 'aws-cdk-lib/aws-eks';
import * as s3 from 'aws-cdk-lib/aws-s3';
import {KubernetesManifest} from "aws-cdk-lib/aws-eks/lib/k8s-manifest";
import {HelmChart} from "aws-cdk-lib/aws-eks";
interface IdeServicesChartProps extends cdk.NestedStackProps {
cluster: eks.Cluster;
externalSecret: KubernetesManifest;
mellumExternalSecret?: KubernetesManifest;
dataBucket: s3.Bucket;
serviceAccount: eks.ServiceAccount;
}
export class IdeServicesApp extends cdk.NestedStack {
ideServicesChart: HelmChart;
constructor(scope: Construct, id: string, props: IdeServicesChartProps) {
super(scope, id, props);
const {cluster, externalSecret, mellumExternalSecret, dataBucket, serviceAccount} = props
// Deploy application using Helm
let ideServicesVersion = this.node.tryGetContext('ideServicesChartVersion');
const useMellum = this.node.tryGetContext('useMellum') || false;
const mellumPodsCount = this.node.tryGetContext('gpuNodeGroupMinSize') || 1;
this.ideServicesChart = cluster.addHelmChart('IdeServicesChart', {
chart: 'ide-services-helm',
repository: 'https://download.jetbrains.com/ide-services/charts/stable',
namespace: serviceAccount.serviceAccountNamespace,
release: 'jb-ide-services',
version: ideServicesVersion,
values: {
serviceAccountName: serviceAccount.serviceAccountName,
ides: {
config: {
deploymentUrl: 'http://localhost',
db: {
secretName: 'ide-services-rds-credentials'
},
storage: {
type: 's3',
s3: {
autoConfiguration: true,
bucket: dataBucket.bucketName,
}
},
...(useMellum ? {
mellum: {
jwtPrivateKeySecretName: 'ide-services-mellum-credentials',
}
} : {})
},
resources: {
requests: {
cpu: '400m',
memory: '600Mi',
},
limits: {
cpu: 2,
memory: '2000Mi',
},
},
metrics: {
enabled: true,
serviceMonitor: {
enabled: true
}
},
logging: {
enabled: true, // Enable logging
fluentBit: { // Fluent Bit configuration for CloudWatch
cloudWatch: {
enabled: true,
region: cdk.Stack.of(this).region, // AWS region
logGroupName: '/eks/ide-services', // CloudWatch Log Group
autoCreateLogGroup: true,
logStreamPrefix: 'ide-services-', // Prefix for log streams
},
},
},
ingress: {
enabled: true,
ingressClassName: "alb",
annotations: {
'kubernetes.io/ingress.class': 'alb',
'alb.ingress.kubernetes.io/scheme': 'internal',
'alb.ingress.kubernetes.io/target-type': 'ip',
'alb.ingress.kubernetes.io/listen-ports': '[{"HTTP": 80}]',
'alb.ingress.kubernetes.io/healthcheck-path': '/actuator/health',
'alb.ingress.kubernetes.io/success-codes': '200-399',
'alb.ingress.kubernetes.io/group.name': 'ide-services-group',
'alb.ingress.kubernetes.io/target-group-name': 'ide-services-target-group',
'alb.ingress.kubernetes.io/security-groups': cluster.clusterSecurityGroupId
},
pathType: 'Prefix'
},
},
...(useMellum ? {
aie: {
mellum: {
enabled: true,
config: {
jwtPublicKeySecretName: 'ide-services-mellum-credentials',
},
providerDefaults: {
resources: {
requests: {
memory: '12Gi',
}
},
podNodeSelector: {
'node-type': 'gpu',
'accelerator': 'gpu'
},
replicaCount: mellumPodsCount
},
providers: {
'mellum-all': {
model: 'jet-all-medium',
image: {
registry: "docker.io",
repository: "jetbrains/mellum-all-enterprise",
tag: '2025.2.9',
pullSecrets: ['ide-services-medium-registry-credentials']
}
}
}
}
}
} : {}),
},
});
// Ensure the external secret is created before the app chart
this.ideServicesChart.node.addDependency(externalSecret);
// Ensure the mellum external secret is created before the app chart if mellum is enabled
if (useMellum && mellumExternalSecret) {
this.ideServicesChart.node.addDependency(mellumExternalSecret);
}
// Ensure the service account is created before the app chart
this.ideServicesChart.node.addDependency(serviceAccount);
}
}