Prerequisites

Install Kubernetes CLI tool - kubectl. Instructions can be found here: Install Tools
Install the AWS CLI version 2:
- Installing or updating to the latest version of the AWS CLI - AWS Command Line Interface
Install Helm package manager
- Helm | Installing Helm
SQL Server connection string.
- The SQL user account specified in the connection string must have the db_owner role of the databases so it can create or change tables.
Request the container registry login from IQX for pulling OneList images;
SMTP server login and sender email address. A full mailbox is required if email approval channel is enabled;
Generate the Machine Key for each environment. This is a Base64 string representing an array of 50 bytes.
- Use tools like Generate free random base64 string +> GeneratePlus to generate a random string of the required length.
Define the Kubernetes namespace for the OneList environment to be deployed. E.g. onelist-dev, onelist-qa, onelist-prod. It may be required to follow your company's naming standard for these namespaces.
- Use this value to replace the <ONELIST_NAMESPACE> placeholder in the instructions below.
Define the label for the OneList environment to be deployed. This is a short label, e.g. dev, qa, prod. The first letter must be unique in all the environments planned and it is used as the suffix of the database names.
- Use this value to replace the <environment> placeholder in the instructions below.
Request a Public Certificate using ACM or Import a Certificate into ACM.
Download the below two files and put them in the same directory.

Recommended Configuration

Environments	EKS	SQL

Environments

EKS

SQL

Production

Worker node: EC2 T3.large, 2 vCPU, 16 GiB RAM

Worker node count: 3;

Amazon RDS for SQL Server

collation: SQL_Latin1_General_CP1_CI_AS
size: Standard instance, db.t4.large

Databases:

OneList_p
RoleManager_p
Comms_p

Non-production

Worker node: EC2 T3.large, 2 vCPU, 16 GiB RAM

Worker node count: 3;

Amazon RDS for SQL Server

collation: SQL_Latin1_General_CP1_CI_AS
size: Standard instance, db.t4.large

Databases: the "x" represents the environment tag, e.g. d for Development, q for QA.

OneList_x
RoleManager_x
Comms_x

Connect to EKS cluster

Configure your AWS CLI credential if it is not yet configured.
Run command below and input information prompted.
aws configure
For more information, see Configuring the AWS CLI.
Set context to the EKS cluster. Run the command below.
aws eks --region <region> update-kubeconfig --name <cluster_name>

Deployment steps

Open a command prompt from the folder that contains the YAML deployment files. Flow steps below to deploy OneList.

1. Create the Kubernetes namespace

Run the command below to create the Kubernetes namespace for the OneList environment, e.g. onelist-dev.

kubectl create namespace <ONELIST_NAMESPACE>

For example:

kubectl create namespace onelist-dev

2. Create ConfigMap and Secret

The values.yaml file configures the required environment variables that are used by OneList services.

Open the "values.yaml" in notepad and update the following fields with the actual value.

Config
- RoleManager__MachineKey
  The value is the generated machine key.
- Database__ConnectionString
  The value is the SQL Server connection string. The name of the databases will be automatically specified by the services.
- ASPNETCORE_ENVIRONMENT
  The value is <environment>.
- Smtp__UserName
- Smtp__Password
- Smtp__From
  This is the sender email address of notifications from OneList
- Smtp__Host
  This is the SMTP server OneList use to send notifications.
- Smtp__Port
  This is the port of SMTP server.
- Smtp__UseSsl
  Define if SMTP server uses SSL connection. For Office365 SMTP service, the value is always false.
- Localization__DefaultCulture
  The default culture. Use the code from: Supported Languages
- Localization__DefaultTimeZone
  The default time zone. The time zone id is the “TZ database name” from this page: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
- supportedCultures
  - Localization__SupportedCultures__0
    The other supported cultures. Use the code from: Supported Languages. When there is more than one supported culture, add another Localization__SupportedCultures__n entry and increase the trailing number n by 1. E.g. Localization__SupportedCultures__1
imageCredentials
- username
  Login username of IQX container registry.
- password
  Login password of IQX container registry.
- email
  Your email address.
ingress
- host
  The DNS host name of the OneList application.
- alb.ingress.kubernetes.io/certificate-arn
  ARN of the SSL certificate in ACM.
- alb.ingress.kubernetes.io/wafv2-acl-arn
  ARN of the WAF ACL.
persistentVolumeVolumeHandle
EFS ID for supporting the EKS persistent volume.
The ID is in this format: <file system ID>::<access point ID>
Example: fs-09b1fb3a7c9299901::fsap-07ab32df8345e6591
image
- tag
  Tag name of the images that are going to be deployed.

Save the "values.yaml" file.

3. Install the AWS Load Balancer Controller add-on (if not installed)

Verify that if the controller is installed. Skip this section if already installed.
kubectl get deployment -n kube-system aws-load-balancer-controller
If you see the following. The Controller is installed.
NAME READY UP-TO-DATE AVAILABLE AGE aws-load-balancer-controller 2/2 2 2 20h
Follow this instruction to create a n OIDC provider for the cluster.
https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html
Skip this step if AWSLoadBalancerControllerIAMPolicy policy already exist.
Download an IAM policy file.
https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.4.7/docs/install/iam_policy.json
Create an IAM policy using the policy downloaded in the previous step.
aws iam create-policy \ --policy-name AWSLoadBalancerControllerIAMPolicy \ --policy-document file://iam_policy.json
Check if role AmazonEKSLoadBalancerControllerRole already exists. If already exists, use another role name.
a. Create an IAM role. Replace my-cluster with the name of your cluster, 111122223333 with your account ID, AmazonEKSLoadBalancerControllerRole with your role name and then run the command.
Install the AWS Load Balancer Controller using Helm. Replace region-code, vpc-xxxxxxxx and my-cluster with the correct value.

4. Deploy OneList Helm chart

Enter the folder that contains the values.yaml and onelist.tgz files. Run the command below.

helm install <ONELIST_NAMESPACE> -n <ONELIST_NAMESPACE> -f .\values.yaml onelist.tgz

For example:

helm install onelist-dev -n onelist-dev -f .\values.yaml onelist.tgz

5. Get the generated AWS public URL for OneList DNS configuration

Run the following command to discover the public URL of the environment for configuring the OneList DNS alias.

kubectl get ingress -n <ONELIST_NAMESPACE>

The AWS public URL is similar to this: e6325261-onelist650-onelis-7461-1342161572.ap-southeast-2.elb.amazonaws.com

6. Create the administrator user account

Navigate to the OneList URL in the browser, you will be presented to the following page to create the first user account. The System Administrator access is automatically granted to this user account.

Log on using the email and password of the newly created user account to complete the application configuration steps.

IQX OneList Documentation

Deploying new OneList instance to EKS