Versions Compared

Old Version 64

changes.mady.by.user Wei Siong Siow

Saved on

compared with

New Version Current

changes.mady.by.user Jenni Wallin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Before proceeding, go to Release Information, and download the aws.tar.gz file for the Usage Engine Private Edition version that is being installed. Once downloaded, extract its content to a suitable location.

Assumptions

There are a few assumptions been made when using terraform to create cluster resources:

  1. We assume you have an existing parent domain i.e. example.com hosted on the same account as the cluster that we going to create in the coming section and you wish to access the cluster environment through the hostname. Terraform will create a subdomain in format <cluster_name>.<domain>.

    1. cluster name: uepe-eks

    2. domain: example.com

    3. final domain: uepe-eks.example.com

  2. Please note that in case your parent domain is not under the same account or your parent domain is hosted in another cloud provider, then you must set auto_create_ns_record to false in the terraform template. See https://infozone.atlassian.net/wiki/spaces/UEPE4D/pages/161841526/Set+Up+Kubernetes+Cluster+-+AWS#Setup-Additional-Infrastructure-Resources-on-AWS for more information.

  3. In addition, we also assume terraform is allowed to add a NS (NameServer) record to the parent domain. This is to allow DNS delegation from the parent domain to subdomain) record to the parent domain. This is to allow DNS delegation from the parent domain to subdomain.

  4. Please note that in case your parent domain is not under the same account or your parent domain is hosted in another cloud provider, then you must set auto_create_ns_record to false in the terraform template to disable subdomain NS record auto creation in parent domain.

  5. The service hostname that created by Usage Engine Private Edition will be accessible in format <service_name>.<cluster_name>.<domain> i.e. desktop-online.uepe-eks.example.com.

  6. Terraform needs to persist the state of your provisioned infrastructure, by default the state file is stored locally on the computer that terraform is executed from. However if you have multiple person working on the infrastructure then it is recommended to store the state file on remote persistent such as S3 bucket, see https://developer.hashicorp.com/terraform/language/settings/backends/s3 for more information.

  7. We use EFS (NFS) as the default persistent storage for data needs to be persisted.

  8. We use RDS for Usage Engine Private Edition database, default engine type is PostgreSQL.

Create Basic Cluster

The following steps explains how to create a basic Kubernetes cluster using a configuration file named uepe-eks.yaml:

...

Info

https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html has been configured for each cluster add-on under the iam.serviceAccounts section in the above uepe-eks.yaml file. Hence, a service account for each cluster add-on will be created in the specified namespace respectively.

Please make sure to use the same namespace when installing the respective add-on in the Kubernetes Cluster Add-ons - AWS section.

For instance, using the namespaces specified in the uepe-eks.yaml file above, means that:

  • external-dns must be installed in namespace uepe.

  • cert-manager must be installed in namespace cert-manager.

...

Code Block
CLUSTER         NODEGROUP       STATUS          CREATED                 MIN SIZE    MAX SIZE    DESIRED CAPACITY    INSTANCE TYPE   IMAGE ID                ASG NAME                                                                TYPE
example-cluster public-nodes	CREATE_COMPLETE 2024-03-11T13:59:28Z    3           3           3                   m5.large        ami-02e2de73058d55743   eksctl-example-cluster-nodegroup-public-nodes-NodeGroup-eb5aNADEiibs    unmanaged

Setup Additional Infrastructure Resources on AWS

At this stage, a basic Kubernetes cluster has been created. However, some additional infrastructure resources remain to be set up. Namely the following:

...

Info

Important notes if your parent domain zone is not under the same account:

  • You need to set auto_create_ns_record = false to disable subdomain NS record auto creation in the parent domain.

  • Terraform apply will fail due to certificate validation timeout error │ Error: waiting for ACM Certificate (arn:aws:acm:ap-southeast-1:027763730008:certificate/84ae1022-15bd-430a-ab3e-278f01b0edb6) to be issued: timeout while waiting for state to become 'ISSUED' (last state: 'PENDING_VALIDATION', timeout: 2m0s)

  • When the error above happened, you need to manually copy the NS record values retrieve the name servers value from the created subdomain subdomain and add them to parent domain as NS record. If you are not using Route53 as the parent domain, please refer to your Domain Registrar documentation on how to add NS record.

  • Once NS record is added to the parent domain, go to AWS Console |  AWS Certificate Manager (ACM) and wait for the certificate status become verified. It will take 10-20 minutes.

  • After the certificate is verified, run the terraform apply again to continue provisioning.

...

Info

Make sure to save the output from terraform above. Reason being that it is used as input throughout the remainder of this installation guide.

A basic Kubernetes cluster has now been created. A RDS PostgreSQL database instance up and running on private subnet VPC with default listening port 5432. The default database PlatformDatabase is accessible within the cluster at end point example-cluster-db.c70g0ggo8m66.eu-west-1.rds.amazonaws.com with admin username dbadmin.

Now proceed to the Kubernetes Cluster Add-ons - AWS section.