Git-Mirrors/backend-and-orchestration-toolkit
1
0
Fork 0
mirror of https://github.com/autistic-symposium/backend-and-orchestration-toolkit.git synced 2025-06-30 09:27:21 -04:00
Code Issues Projects Releases Packages Wiki Activity

🥨 Add refs for eks

Browse source
This commit is contained in:
MvS 2019-11-03 09:30:38 -08:00
parent 33b03a7a4a
commit 56a50b39a4
1 changed files with 13 additions and 11 deletions

24
references_for_eksctl.md → references_for_eks.md
View file

@ -1,4 +1,6 @@
# Creating EKS cluster using the eksctl CLI # AWS EKS
## Creating EKS cluster using the eksctl CLI
eksctl create cluster \ eksctl create cluster \
--name staging \ --name staging \
@ -10,7 +12,7 @@
--nodes-max 10 \ --nodes-max 10 \
--node-ami auto --node-ami auto
## Create RDS PostgreSQL instance ### Create RDS PostgreSQL instance
Create `hydra` database and `hydradbadmin` user/role in the database. Create `hydra` database and `hydradbadmin` user/role in the database.
@ -26,13 +28,13 @@ Create `hydra` database and `hydradbadmin` user/role in the database.
DB connection string: `postgres://hydradbadmin:PASS@staging.cjwa4nveh3ws.us-west-2.rds.amazonaws.com:5432/hydra` DB connection string: `postgres://hydradbadmin:PASS@staging.cjwa4nveh3ws.us-west-2.rds.amazonaws.com:5432/hydra`
## Create MongoDB database and user in Atlas ### Create MongoDB database and user in Atlas
MONGO_OPLOG_URL: mongodb://domain:PASS@cluster0-shard-00-02-gk3cz.mongodb.net.:27017,[cluster0-shard-00-01-gk3cz.mongodb.net](http://cluster0-shard-00-01-gk3cz.mongodb.net/).:27017,[cluster0-shard-00-00-gk3cz.mongodb.net](http://cluster0-shard-00-00-gk3cz.mongodb.net/).:27017/local?authSource=admin&gssapiServiceName=mongodb&replicaSet=Cluster0-shard-0&ssl=true MONGO_OPLOG_URL: mongodb://domain:PASS@cluster0-shard-00-02-gk3cz.mongodb.net.:27017,[cluster0-shard-00-01-gk3cz.mongodb.net](http://cluster0-shard-00-01-gk3cz.mongodb.net/).:27017,[cluster0-shard-00-00-gk3cz.mongodb.net](http://cluster0-shard-00-00-gk3cz.mongodb.net/).:27017/local?authSource=admin&gssapiServiceName=mongodb&replicaSet=Cluster0-shard-0&ssl=true
MONGO_URL: mongodb://domain:PASS@cluster0-shard-00-02-gk3cz.mongodb.net.:27017,[cluster0-shard-00-01-gk3cz.mongodb.net](http://cluster0-shard-00-01-gk3cz.mongodb.net/).:27017,[cluster0-shard-00-00-gk3cz.mongodb.net](http://cluster0-shard-00-00-gk3cz.mongodb.net/).:27017/rc-staging?authSource=admin&gssapiServiceName=mongodb&replicaSet=Cluster0-shard-0&ssl=true MONGO_URL: mongodb://domain:PASS@cluster0-shard-00-02-gk3cz.mongodb.net.:27017,[cluster0-shard-00-01-gk3cz.mongodb.net](http://cluster0-shard-00-01-gk3cz.mongodb.net/).:27017,[cluster0-shard-00-00-gk3cz.mongodb.net](http://cluster0-shard-00-00-gk3cz.mongodb.net/).:27017/rc-staging?authSource=admin&gssapiServiceName=mongodb&replicaSet=Cluster0-shard-0&ssl=true
## Generate kubeconfig files for administrator and developer roles ### Generate kubeconfig files for administrator and developer roles
Save the above file somewhere, then Save the above file somewhere, then
@ -91,7 +93,7 @@ This was created in the EKS cluster with:
name: k8s-developer-role name: k8s-developer-role
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
## Install nginx ingress controller and create ALB in front of nginx ingress service ### Install nginx ingress controller and create ALB in front of nginx ingress service
The `Service` type for the `ingress-nginx` service is `NodePort` and not `LoadBalancer` The `Service` type for the `ingress-nginx` service is `NodePort` and not `LoadBalancer`
because we don't want AWS to create a new Load Balancer every time we recreate the ingress. because we don't want AWS to create a new Load Balancer every time we recreate the ingress.
@ -123,7 +125,7 @@ the EKS worker nodes (which is the `nodePort` in the manifest above for HTTP tra
**NOTE**: need to add rule in EKS worker SG to allow SG of ALB to access port 30080. **NOTE**: need to add rule in EKS worker SG to allow SG of ALB to access port 30080.
## Create Kubernetes Secret for DockerHub credentials (for pulling private images) ### Create Kubernetes Secret for DockerHub credentials (for pulling private images)
apiVersion: v1 apiVersion: v1
type: kubernetes.io/dockerconfigjson type: kubernetes.io/dockerconfigjson
@ -137,7 +139,7 @@ the EKS worker nodes (which is the `nodePort` in the manifest above for HTTP tra
This Secret was created in several namespaces (`default`, `staging`, `monitoring`, `logging`, `flux-system`) This Secret was created in several namespaces (`default`, `staging`, `monitoring`, `logging`, `flux-system`)
## Install and customize Flux for GitOps workflow ### Install and customize Flux for GitOps workflow
Flux is installed in its own `flux-system` namespace. Flux is installed in its own `flux-system` namespace.
@ -233,7 +235,7 @@ To redeploy a Flux container for example when the underlying Docker image change
kustomize build overlays/staging | kubectl apply -f - kustomize build overlays/staging | kubectl apply -f -
## Management of Kubernetes secrets ### Management of Kubernetes secrets
We use sops to encrypt secret values for environment variables representing credentials, database connections, etc. We use sops to encrypt secret values for environment variables representing credentials, database connections, etc.
@ -287,7 +289,7 @@ The Flux container needs to be able to use the KMS key for decryption, so we had
] ]
} }
## Kubernetes manifest generation with Kustomize ### Kubernetes manifest generation with Kustomize
We use Kustomize to generate Kubernetes manifests in YAML format. We use Kustomize to generate Kubernetes manifests in YAML format.
There are several directories under the `kustomize` directory, one for each service to be deployed. There are several directories under the `kustomize` directory, one for each service to be deployed.
@ -434,7 +436,7 @@ Another example of a patch is adding `serviceMonitorNamespaceSelector` and `serv
**In short, the Kustomize patching mechanism is powerful, and it represents the main method for customizing manifests for a given environment while keeping intact the default manifests under the `base` directory.** **In short, the Kustomize patching mechanism is powerful, and it represents the main method for customizing manifests for a given environment while keeping intact the default manifests under the `base` directory.**
## Automated PR creation into reaction-gitops from example-storefront ### Automated PR creation into reaction-gitops from example-storefront
We added a job to the CircleCI workflow for `reactioncommerce/example-storefront` (`master` branch) to create a PR automatically against `reactioncommerce/reaction-gitops`. We added a job to the CircleCI workflow for `reactioncommerce/example-storefront` (`master` branch) to create a PR automatically against `reactioncommerce/reaction-gitops`.
@ -444,7 +446,7 @@ Details here:
[https://github.com/reactioncommerce/example-storefront/blob/master/.circleci/config.yml#L101](https://github.com/reactioncommerce/example-storefront/blob/master/.circleci/config.yml#L101) [https://github.com/reactioncommerce/example-storefront/blob/master/.circleci/config.yml#L101](https://github.com/reactioncommerce/example-storefront/blob/master/.circleci/config.yml#L101)
## Set up ElasticSearch and Fluentd for Kubernetes pod logging ### Set up ElasticSearch and Fluentd for Kubernetes pod logging
Create IAM policy and add it to EKS worker node role: Create IAM policy and add it to EKS worker node role: