Versions Compared

Old Version 63

changes.mady.by.user Wei Siong Siow

Saved on

compared with

New Version 64

changes.mady.by.user Wei Siong Siow

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. We assume you have an existing parent domain i.e. example.com hosted on the same account as the cluster that we going to create in the coming section and you wish to access the cluster environment through the hostname. Terraform will create a subdomain in format <cluster_name>.<domain>.

    1. cluster name: uepe-eks

    2. domain: example.com

    3. final domain: uepe-eks.example.com

  2. Please note that in case your parent domain is not under the same account or your parent domain is hosted in another cloud provider, then you must make some adjustment to set auto_create_ns_record to false in the terraform template before apply. See <link> section . See https://infozone.atlassian.net/wiki/spaces/UEPE4D/pages/161841526/Set+Up+Kubernetes+Cluster+-+AWS#Setup-Additional-Infrastructure-Resources-on-AWS for more information.

  3. In addition, we also assume terraform is allowed to add a NS (NameServer) record to the parent domain. This is to allow DNS delegation from the parent domain to subdomain.

  4. The service hostname that created by Usage Engine Private Edition will be accessible in format <service_name>.<cluster_name>.<domain> i.e. desktop-online.uepe-eks.example.com.

  5. Terraform needs to persist the state of your provisioned infrastructure, by default the state file is stored locally on the computer that terraform is executed from. However if you have multiple person working on the infrastructure then it is recommended to store the state file on remote persistent such as S3 bucket, see https://developer.hashicorp.com/terraform/language/settings/backends/s3 for more information.

  6. We use EFS (NFS) as the default persistent storage for data needs to be persisted.

  7. We use RDS for Usage Engine Private Edition database, default engine type is PostgreSQL.

...

Info

Important notes if your parent domain zone is not under the same account.:

  • You need to set auto_create_ns_record = false to disable subdomain NS record auto creation in the parent domain.

  • Terraform apply will fail due to certificate validation timeout error │ Error: waiting for ACM Certificate (arn:aws:acm:ap-southeast-1:027763730008:certificate/84ae1022-15bd-430a-ab3e-278f01b0edb6) to be issued: timeout while waiting for state to become 'ISSUED' (last state: 'PENDING_VALIDATION', timeout: 2m0s)

  • When the error above error happened, you need to manually copy the NS record values from the created subdomain to parent domain. If you are not using Route53 as the parent domain, please refer to your Domain Registrar documentation on how to add NS record.

  • Once NS record is added to the parent domain, go to AWS Console |  AWS Certificate Manager (ACM) and wait for the certificate status become verified. It will take 10-20 minutes.

  • Once After the certificate is verified, run the terraform apply again to continue provisioning.

...