mirror of
https://github.com/autistic-symposium/backend-and-orchestration-toolkit.git
synced 2025-06-08 23:13:08 -04:00
🥨 Add refs for eks
This commit is contained in:
parent
33b03a7a4a
commit
56a50b39a4
1 changed files with 13 additions and 11 deletions
|
@ -1,4 +1,6 @@
|
||||||
# Creating EKS cluster using the eksctl CLI
|
# AWS EKS
|
||||||
|
|
||||||
|
## Creating EKS cluster using the eksctl CLI
|
||||||
|
|
||||||
eksctl create cluster \
|
eksctl create cluster \
|
||||||
--name staging \
|
--name staging \
|
||||||
|
@ -10,7 +12,7 @@
|
||||||
--nodes-max 10 \
|
--nodes-max 10 \
|
||||||
--node-ami auto
|
--node-ami auto
|
||||||
|
|
||||||
## Create RDS PostgreSQL instance
|
### Create RDS PostgreSQL instance
|
||||||
|
|
||||||
Create `hydra` database and `hydradbadmin` user/role in the database.
|
Create `hydra` database and `hydradbadmin` user/role in the database.
|
||||||
|
|
||||||
|
@ -26,13 +28,13 @@ Create `hydra` database and `hydradbadmin` user/role in the database.
|
||||||
|
|
||||||
DB connection string: `postgres://hydradbadmin:PASS@staging.cjwa4nveh3ws.us-west-2.rds.amazonaws.com:5432/hydra`
|
DB connection string: `postgres://hydradbadmin:PASS@staging.cjwa4nveh3ws.us-west-2.rds.amazonaws.com:5432/hydra`
|
||||||
|
|
||||||
## Create MongoDB database and user in Atlas
|
### Create MongoDB database and user in Atlas
|
||||||
|
|
||||||
MONGO_OPLOG_URL: mongodb://domain:PASS@cluster0-shard-00-02-gk3cz.mongodb.net.:27017,[cluster0-shard-00-01-gk3cz.mongodb.net](http://cluster0-shard-00-01-gk3cz.mongodb.net/).:27017,[cluster0-shard-00-00-gk3cz.mongodb.net](http://cluster0-shard-00-00-gk3cz.mongodb.net/).:27017/local?authSource=admin&gssapiServiceName=mongodb&replicaSet=Cluster0-shard-0&ssl=true
|
MONGO_OPLOG_URL: mongodb://domain:PASS@cluster0-shard-00-02-gk3cz.mongodb.net.:27017,[cluster0-shard-00-01-gk3cz.mongodb.net](http://cluster0-shard-00-01-gk3cz.mongodb.net/).:27017,[cluster0-shard-00-00-gk3cz.mongodb.net](http://cluster0-shard-00-00-gk3cz.mongodb.net/).:27017/local?authSource=admin&gssapiServiceName=mongodb&replicaSet=Cluster0-shard-0&ssl=true
|
||||||
|
|
||||||
MONGO_URL: mongodb://domain:PASS@cluster0-shard-00-02-gk3cz.mongodb.net.:27017,[cluster0-shard-00-01-gk3cz.mongodb.net](http://cluster0-shard-00-01-gk3cz.mongodb.net/).:27017,[cluster0-shard-00-00-gk3cz.mongodb.net](http://cluster0-shard-00-00-gk3cz.mongodb.net/).:27017/rc-staging?authSource=admin&gssapiServiceName=mongodb&replicaSet=Cluster0-shard-0&ssl=true
|
MONGO_URL: mongodb://domain:PASS@cluster0-shard-00-02-gk3cz.mongodb.net.:27017,[cluster0-shard-00-01-gk3cz.mongodb.net](http://cluster0-shard-00-01-gk3cz.mongodb.net/).:27017,[cluster0-shard-00-00-gk3cz.mongodb.net](http://cluster0-shard-00-00-gk3cz.mongodb.net/).:27017/rc-staging?authSource=admin&gssapiServiceName=mongodb&replicaSet=Cluster0-shard-0&ssl=true
|
||||||
|
|
||||||
## Generate kubeconfig files for administrator and developer roles
|
### Generate kubeconfig files for administrator and developer roles
|
||||||
|
|
||||||
Save the above file somewhere, then
|
Save the above file somewhere, then
|
||||||
|
|
||||||
|
@ -91,7 +93,7 @@ This was created in the EKS cluster with:
|
||||||
name: k8s-developer-role
|
name: k8s-developer-role
|
||||||
apiGroup: rbac.authorization.k8s.io
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
|
||||||
## Install nginx ingress controller and create ALB in front of nginx ingress service
|
### Install nginx ingress controller and create ALB in front of nginx ingress service
|
||||||
|
|
||||||
The `Service` type for the `ingress-nginx` service is `NodePort` and not `LoadBalancer`
|
The `Service` type for the `ingress-nginx` service is `NodePort` and not `LoadBalancer`
|
||||||
because we don't want AWS to create a new Load Balancer every time we recreate the ingress.
|
because we don't want AWS to create a new Load Balancer every time we recreate the ingress.
|
||||||
|
@ -123,7 +125,7 @@ the EKS worker nodes (which is the `nodePort` in the manifest above for HTTP tra
|
||||||
|
|
||||||
**NOTE**: need to add rule in EKS worker SG to allow SG of ALB to access port 30080.
|
**NOTE**: need to add rule in EKS worker SG to allow SG of ALB to access port 30080.
|
||||||
|
|
||||||
## Create Kubernetes Secret for DockerHub credentials (for pulling private images)
|
### Create Kubernetes Secret for DockerHub credentials (for pulling private images)
|
||||||
|
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
type: kubernetes.io/dockerconfigjson
|
type: kubernetes.io/dockerconfigjson
|
||||||
|
@ -137,7 +139,7 @@ the EKS worker nodes (which is the `nodePort` in the manifest above for HTTP tra
|
||||||
|
|
||||||
This Secret was created in several namespaces (`default`, `staging`, `monitoring`, `logging`, `flux-system`)
|
This Secret was created in several namespaces (`default`, `staging`, `monitoring`, `logging`, `flux-system`)
|
||||||
|
|
||||||
## Install and customize Flux for GitOps workflow
|
### Install and customize Flux for GitOps workflow
|
||||||
|
|
||||||
Flux is installed in its own `flux-system` namespace.
|
Flux is installed in its own `flux-system` namespace.
|
||||||
|
|
||||||
|
@ -233,7 +235,7 @@ To redeploy a Flux container for example when the underlying Docker image change
|
||||||
kustomize build overlays/staging | kubectl apply -f -
|
kustomize build overlays/staging | kubectl apply -f -
|
||||||
|
|
||||||
|
|
||||||
## Management of Kubernetes secrets
|
### Management of Kubernetes secrets
|
||||||
|
|
||||||
We use sops to encrypt secret values for environment variables representing credentials, database connections, etc.
|
We use sops to encrypt secret values for environment variables representing credentials, database connections, etc.
|
||||||
|
|
||||||
|
@ -287,7 +289,7 @@ The Flux container needs to be able to use the KMS key for decryption, so we had
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
## Kubernetes manifest generation with Kustomize
|
### Kubernetes manifest generation with Kustomize
|
||||||
|
|
||||||
We use Kustomize to generate Kubernetes manifests in YAML format.
|
We use Kustomize to generate Kubernetes manifests in YAML format.
|
||||||
There are several directories under the `kustomize` directory, one for each service to be deployed.
|
There are several directories under the `kustomize` directory, one for each service to be deployed.
|
||||||
|
@ -434,7 +436,7 @@ Another example of a patch is adding `serviceMonitorNamespaceSelector` and `serv
|
||||||
|
|
||||||
**In short, the Kustomize patching mechanism is powerful, and it represents the main method for customizing manifests for a given environment while keeping intact the default manifests under the `base` directory.**
|
**In short, the Kustomize patching mechanism is powerful, and it represents the main method for customizing manifests for a given environment while keeping intact the default manifests under the `base` directory.**
|
||||||
|
|
||||||
## Automated PR creation into reaction-gitops from example-storefront
|
### Automated PR creation into reaction-gitops from example-storefront
|
||||||
|
|
||||||
We added a job to the CircleCI workflow for `reactioncommerce/example-storefront` (`master` branch) to create a PR automatically against `reactioncommerce/reaction-gitops`.
|
We added a job to the CircleCI workflow for `reactioncommerce/example-storefront` (`master` branch) to create a PR automatically against `reactioncommerce/reaction-gitops`.
|
||||||
|
|
||||||
|
@ -444,7 +446,7 @@ Details here:
|
||||||
|
|
||||||
[https://github.com/reactioncommerce/example-storefront/blob/master/.circleci/config.yml#L101](https://github.com/reactioncommerce/example-storefront/blob/master/.circleci/config.yml#L101)
|
[https://github.com/reactioncommerce/example-storefront/blob/master/.circleci/config.yml#L101](https://github.com/reactioncommerce/example-storefront/blob/master/.circleci/config.yml#L101)
|
||||||
|
|
||||||
## Set up ElasticSearch and Fluentd for Kubernetes pod logging
|
### Set up ElasticSearch and Fluentd for Kubernetes pod logging
|
||||||
|
|
||||||
Create IAM policy and add it to EKS worker node role:
|
Create IAM policy and add it to EKS worker node role:
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue