- Install Terraform on your workstation/server
- Install aws cli on your workstation/server (automated on server)
- Install kubectl on your workstation/server (automated on server)
- Install helm on your workstation/server/Jenkins slave. (automated on server/slave)
- Create a keypair for AWS (in the specific aws_region you are working in, with the specific name
opsschoolprojectand store the pem key under ~/.ssh/ then run the following command:
chmod 400 ~/.ssh/opsschoolproject.pem- **make sure to modify var.source_pem_file_path at the terraform/2.environment/variables.tf var file if needed.
- Change the
aws_regionto your requested region (default:us-east-1) - Change the
key_nameto your requested region (default:opsschoolproject) - Change the
instance_typeto your requested region (default:t2.micro)
Run the following to bring the s3 bucket up (for the env tfstate file):
cd ./Opsschool-project/terraform/1.s3_creation/
terraform init
terraform apply --auto-approveRun the following to bring the environment up:
cd ./Opsschool-project/terraform/2.environment/
terraform init
terraform apply --auto-approveGo directly into the s3 bucket that has been created with the arn: "arn:aws:s3:::opsschool-vpn-client" and download the openvpn client file called "ospschool.ovpn"
Download and install Openvpn connect client on your computer
use the openvpn official client in order to connect to the openvpn server that has been created as part of the process.
click on the icon of the "openvpn connect" app and then import profile. wait for the client to connect to the server and then move on to the next section
- make sure you are on a machine with owner permissions to the EKS cluster
After the environement is up run the following to update your kubeconfig file (you can get the
cluster_namevalue from the cluster_name output in terraform)
aws eks --region=us-east-1 update-kubeconfig --name <cluster_name>- Add the user/group/roles of the AWS account to be able to see information and run commands through Jenkins etc...
- Do it by running the following command:
kubectl get configmap aws-auth -n kube-system -o yaml > aws-auth.yaml- After running the command a file called aws-auth.yaml will be added to your path, edit it carefully and add the user/group/role with its permissions to provide permissions for the Kubernetes cluster as such
mapRoles: |
<previous configuration>
...
- groups:
- system:masters
rolearn: arn:aws:iam::447072968892:user/opschooladmin
username: opsschooladmin
- groups:
- system:masters
rolearn: arn:aws:iam::<need to change>:role/Jenkins
username: Jenkins
...
<other configuration>
- Run the following command to update the Kubernetes config map:
kubectl apply -f aws-auth.yaml(Temp, will be automated) connect to one of the bastions with ssh (command will be prompted at the end of the terraform apply):
ssh -i "~/.ssh/opsschoolproject" [email protected]cd ansible
ansible-playbook all.yaml- Follow the instructions to configure Jenkins Jenkins_config
- Run both Jenkins jobs build_app first to create the docker file and push it to the docker hub then deploy_app to deploy the app to the EKS cluster.
- Go to AWS UI and look for the EKS loadbalancer that has been created, copy its external dns name and post it in your browser.
- ENJOY!
- Run destroy_app Jenkins job to destroy the app inside of the EKS cluster.
- go to the s3 service in the AWS UI, and look for the following s3 bucket: "opsschool-vpn-client" Get in and delete opsschool.ovpn file.
- cd Opsschool-project/terraform/2.environment and "terraform destroy -auto-approve"
- go to the s3 service in the AWS UI, and look for the following s3 bucket: "opsschool-terraform-state-dean" Get in and delete all the state files including the versioning
- destroy the s3 bucket using terraform:
cd ./Opsschool-project/terraform/1.s3_creation
terraform destroy -auto-approve- delete the file Opsschool-project/terraform/2.environment/aws-auth.yaml - its the old permissions file for the EKS cluster you just deleted.
sudo rm -rf ./Opsschool-project/terraform/2.environment/aws-auth.yaml- That's it, you are done and the project has been destroyed completely