...
Recommended Configuration
Environments | EKS | SQL |
---|---|---|
Production | Worker node: EC2 T3.large, 2 vCPU, 16 GiB RAM Worker node count: 3;
| Amazon RDS for SQL Server
|
|
Databases:
| ||
Non-production | Worker node: EC2 T3.large, 2 vCPU, 16 GiB RAM Worker node count: 3; | Amazon RDS for SQL Server
|
|
Databases: the "x" represents the environment tag, e.g. d for Development, q for QA.
|
Connect to EKS cluster
Configure your AWS CLI credential if it is not yet configured.
Run command below andinput information prompted.
aws configure
For more information, see Configuring the AWS CLI.Set context to the EKS cluster. Run the command below.
aws eks --region <region> update-kubeconfig --name <cluster_name>
...
Config
RoleManager__MachineKey
The value is the generated machine key.Database__ConnectionString
The value is the SQL Server connection string. The name of the databases will be automatically specified by the services.ASPNETCORE_ENVIRONMENT
The value is <environment>.Smtp__UserName
Smtp__Password
Smtp__From
This is the sender email address of notifications from OneListSmtp__Host
This is the SMTP server OneList use to send notifications.Smtp__Port
This is the port of SMTP server.Smtp__UseSsl
Define if SMTP server uses SSL connection. For Office365 SMTP service, the value is always false.Localization__DefaultCulture
The default culture. Use the code from: Supported LanguagesLocalization__DefaultTimeZone
The default time zone. The time zone id is the “TZ database name” from this page: https://en.wikipedia.org/wiki/List_of_tz_database_time_zonessupportedCultures
Localization__SupportedCultures__0
The other supported cultures. Use the code from: Supported Languages. When there is more than one supported culture, add another Localization__SupportedCultures__n entry and increase the trailing number n by 1. E.g. Localization__SupportedCultures__1
imageCredentials
username
Login username of IQX container registry.password
Login password of IQX container registry.email
Your email address.
ingress
host
The DNS host name of the OneList application.alb.ingress.kubernetes.io/certificate-arn
ARN of the SSL certificate in ACM.alb.ingress.kubernetes.io/wafv2-acl-arn
ARN of the WAF ACL.
persistentVolumeVolumeHandle
EFS ID for supporting the EKS persistent volume.
The ID is in this format: <file system ID>::<access point ID>
Example: fs-09b1fb3a7c9299901::fsap-07ab32df8345e6591image
tag
Tag name of the images that are going to be deployed.
Save the "values.yaml" file.
3.
...
Create ALB Ingress Controller. Skip this step if ALB Ingress Controller has already been created.
...
Install the AWS Load Balancer Controller add-on (if not installed)
Verify that if the controller is installed. Skip this section if already installed.
Code Block kubectl get deployment -n kube-system aws-load-balancer-controller
If you see the following. The Controller is installed.
Code Block NAME READY UP-TO-DATE AVAILABLE AGE aws-load-balancer-controller 2/2 2 2 20h
Follow this instruction to create a n OIDC provider for the cluster.
https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.htmlSkip this step if AWSLoadBalancerControllerIAMPolicy policy already exist.
Download an IAM policy file.
https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.4.7/docs/install/iam_policy.jsonCreate an IAM policy using the policy downloaded in the previous step.
Code Block aws iam create-policy \ --policy-name AWSLoadBalancerControllerIAMPolicy \ --policy-document file://iam_policy.json
Check if role AmazonEKSLoadBalancerControllerRole already exists. If already exists, use another role name.
a. Create an IAM role. Replace my-cluster with the name of your cluster, 111122223333 with your account ID, AmazonEKSLoadBalancerControllerRole with your role name and then run the command.
Code Block eksctl create iamserviceaccount \ --cluster=my-cluster \ --namespace=kube-system \ --name=aws-load-balancer-controller \ --role-name AmazonEKSLoadBalancerControllerRole \ --attach-policy-arn=arn:aws:iam::111122223333:policy/AWSLoadBalancerControllerIAMPolicy \ --approve
Install the AWS Load Balancer Controller using Helm. Replace region-code, vpc-xxxxxxxx and my-cluster with the correct value.
Code Block helm repo add eks https://aws.github.io/eks-charts helm repo update eks helm install aws-load-balancer-controller eks/aws-load-balancer-controller \ -n kube-system \ --set clusterName=my-cluster \ --set serviceAccount.create=false \ --set serviceAccount.name=aws-load-balancer-controller \ --set region=region-code \ --set vpcId=vpc-xxxxxxxx
4. Deploy OneList Helm chart
...