Versions Compared

Old Version 62

changes.mady.by.user Wei Siong Siow

Saved on

compared with

New Version 63

changes.mady.by.user Wei Siong Siow

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. We assume you have an existing parent domain i.e. example.com hosted on the same account as the cluster that we going to create in the coming section and you wish to access the cluster environment through the hostname. Terraform will create a subdomain in format <cluster_name>.<domain>.

    1. cluster name: uepe-eks

    2. domain: example.com

    3. final domain: uepe-eks.example.com

  2. Please note that in case your parent domain is not under the same account or your parent domain is hosted in another cloud provider, then you must make some adjustment to the terraform template before apply. See <link> section for more information.

  3. In addition, we also assume terraform is allowed to add a NS (NameServer) record to the parent domain. This is to allow DNS delegation from the parent domain to subdomain.

  4. The service hostname that created by Usage Engine Private Edition will be accessible in format <service_name>.<cluster_name>.<domain> i.e. desktop-online.uepe-eks.example.com.

  5. Terraform need needs to persist the state of your provisioned infrastructure, by default the state file is stored locally on the computer that terraform is executed from. However if you have multiple person working on the infrastructure then it is recommended to store the state file on remote persistent such as S3 bucket, see https://developer.hashicorp.com/terraform/language/settings/backends/s3 for more information.

  6. We use EFS (NFS) as the default persistent storage for data needs to be persisted.

  7. We use RDS for Usage Engine Private Edition database, default engine type is PostgreSQL.

...

Code Block
#  ____  _____ _____   _____ _   _ _____ ____  _____
# / ___|| ____|_   _| |_   _| | | | ____/ ___|| ____|_
# \___ \|  _|   | |     | | | |_| |  _| \___ \|  _| (_)
#  ___) | |___  | |     | | |  _  | |___ ___) | |___ _
# |____/|_____| |_|     |_| |_| |_|_____|____/|_____(_)

# The below values must be set explicitly in order for the setup to work correctly.

vpc_id = "vpc-04ff16421e3ccdd94"
aws_region = "eu-west-1"
aws_account_id = "058264429588"

# cluster_name.domain will be the final domain nameName of the cluster, it must be unique in the account.
cluster_name = "example-cluster"
domain
# = "stratus.digitalroute.net"
Domain DNS name
# RouteThe 53DNS Hostedzone Zonemust IDalready #exist Thisin shouldRoute53 beor thein Zoneother IDcloud ofprovider theDNS Domain above. Ie. that domain must already exist in Route 53.
zone.
# We'll insertcreate thea nameserverssubdomain ofzone thefrom newparent domain, the namefinal "cluster-name.domain" aswill abe NSin record in domain's hosted zone.
domain_zone_id = "Z0916740373QIJBCDJTPL"

# Admin user password to the database.
db_password = "super_SeCrEt_db_pAsSwOrD_457!"format "<cluster_name>.<domain>".
# Please note that if this domain is hosted on another AWS account or other cloud provider, then you must
# set auto_create_ns_record = false and manually add the subdomain NS record to the parent domain.
domain = "stratus.digitalroute.net"

# Admin user password to the database.
db_password = "super_SeCrEt_db_pAsSwOrD_457!"
Info

Important notes if your parent domain zone is not under the same account.

  • You need to set auto_create_ns_record = false to disable subdomain NS record auto creation in the parent domain.

  • Terraform apply will fail due to certificate validation timeout error │ Error: waiting for ACM Certificate (arn:aws:acm:ap-southeast-1:027763730008:certificate/84ae1022-15bd-430a-ab3e-278f01b0edb6) to be issued: timeout while waiting for state to become 'ISSUED' (last state: 'PENDING_VALIDATION', timeout: 2m0s)

  • When above error happened, you need to manually copy the NS record values from the created subdomain to parent domain. If you are not using Route53 as the parent domain, please refer to your Domain Registrar documentation on how to add NS record.

  • Once NS record is added to the parent domain, go to AWS Console |  AWS Certificate Manager (ACM) and wait for the certificate status become verified. It will take 10-20 minutes.

  • Once the certificate is verified, run the terraform apply again to continue provisioning.

  1. Run the following commands

...