Versions Compared

Old Version 1

changes.mady.by.user Jenni Wallin

Saved on

compared with

New Version 2

changes.mady.by.user Wei Siong Siow

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. We assume you have an existing parent domain i.e. example.com hosted on the same account as the cluster that we going to create in the coming section and you wish to access the cluster environment through the hostname. Terraform will create a subdomain in format <cluster_name>.<domain>.

    1. cluster name: uepe-eks

    2. domain: example.com

    3. final domain: uepe-eks.example.com

  2. In addition, we also assume terraform is allowed to add a NS (NameServer) record to the parent domain. This is to allow DNS delegation from the parent domain to subdomain.

  3. Please note that in case your parent domain is not under the same account or your parent domain is hosted in another cloud provider, then you must set auto_create_ns_record to false in the terraform template to disable subdomain NS record auto creation in parent domain.

  4. The service hostname that created by Usage Engine Private Edition will be accessible in format <service_name>.<cluster_name>.<domain> i.e. desktop-online.uepe-eks.example.com.

  5. Terraform needs to persist the state of your provisioned infrastructure, by default the state file is stored locally on the computer that terraform is executed from. However if you have multiple person working on the infrastructure then it is recommended to store the state file on remote persistent such as S3 bucket, see https://developer.hashicorp.com/terraform/language/settings/backends/s3 for more information.

  6. We use EFS (NFS) as the default persistent storage for data needs to be persisted.

  7. We use RDS for Usage Engine Private Edition database, default engine type is PostgreSQL.

...

Info

https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html has been configured for each cluster add-on under the iam.serviceAccounts section in the above uepe-eks.yaml file. Hence, a service account for each cluster add-on will be created in the specified namespace respectively.

Please make sure to use the same namespace when installing the respective add-on in the Kubernetes Cluster Add-ons - AWS (4.2) section.

For instance, using the namespaces specified in the uepe-eks.yaml file above, means that:

  • external-dns must be installed in namespace uepe.

  • cert-manager must be installed in namespace cert-manager.

...

terraform.tfvars

Where to get the value from?

vpc_id

In the AWS management console, you can find this information by searching for “Your VPCs”. Pick the VPC ID of the cluster that you created in the previous section.

aws_region

From metadata.region in your uepe-eks.yamlfile.

aws_account_id

In the AWS management console, this is the Account ID that is listed on your Account page.

cluster_name

From metadata.name in your uepe-eks.yaml file.

domain

In the AWS management console, on the Route 53 service page, this is the Hosted zone name of your existing Hosted zonezone.

The service hostname that created by Usage Engine Private Edition will be accessible in format <service_name>.<cluster_name>.<domain> i.e. desktop-online.uepe-eks.example.com.

domain_zone_id

In the AWS management console, on the Route 53 service page, this is the Hosted zone ID of your existing Hosted zone.

db_password

Choose a secure password for the system database administrator.

Minimum 10 characters.

auto_create_ns_record

Boolean flag to enable subdomain NS record auto creation in parent domain. In case your parent domain is not under the same account or your parent domain is hosted in another cloud provider, then you must set it to false.

Example:

Code Block
#  ____  _____ _____   _____ _   _ _____ ____  _____
# / ___|| ____|_   _| |_   _| | | | ____/ ___|| ____|_
# \___ \|  _|   | |     | | | |_| |  _| \___ \|  _| (_)
#  ___) | |___  | |     | | |  _  | |___ ___) | |___ _
# |____/|_____| |_|     |_| |_| |_|_____|____/|_____(_)

# The below values must be set explicitly in order for the setup to work correctly.

vpc_id = "vpc-04ff16421e3ccdd94"
aws_region = "eu-west-1"
aws_account_id = "058264429588"

# Name of the cluster, it must be unique in the account.
cluster_name = "example-cluster"

# Domain DNS name
# The DNS zone must already exist in Route53 or in other cloud provider DNS zone.
# We'll create a subdomain zone from parent domain, the final domain will be in format "<cluster_name>.<domain>".
# Please note that if this domain is hosted on another AWS account or other cloud provider, then you must
# set auto_create_ns_record = false and manually add the subdomain NS record to the parent domain.
domain = "stratus.digitalroute.net"

# Admin user password to the database.
db_password = "super_SeCrEt_db_pAsSwOrD_457!"

...

Now proceed to the Kubernetes Cluster Add-ons - AWS (4.2) section.