A set of instructions and scripts to launch the sudoku-solver website.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Martins Eglitis 0b10219ed5 Removed some EKS related lines, update the user data script 1 day ago
asg Removed some EKS related lines, update the user data script 1 day ago
eks Update output format 1 week ago
scripts Prepare everything for Kubernetes resources 1 week ago
.gitignore Update readme.md, finish with EC2, use terragrunt for vars in backend and env variables for unified use with Terraform, add comments 2 weeks ago
.gitlab-ci.yml Making the pipeline sequential 1 day ago
LICENSE Added new resources and data, moved to launch configuration, autoscaling, and load balancer 1 month ago
README.md Update readme 1 week ago
terragrunt.hcl Update readme.md, finish with EC2, use terragrunt for vars in backend and env variables for unified use with Terraform, add comments 2 weeks ago

README.md

sudoku-devops

A set of instructions and scripts to launch the sudoku-solver website with the following features:

  • Automatically scales horizontally
  • Infrastructure as code using Terraform
  • AWS (ASG) or Kubernetes based (EKS)

TL;DR

In the end, you will have a horizontally scaled website deployed in the AWS and publicly available with a public DNS name.

Requirements

I am using the following tools:

  • terraform 0.13
  • terragrunt
  • awscli 1.18
  • kubectl 1.18

I have the following accounts:

  • https://aws.amazon.com - the cloud computing service provider of choice.
  • https://gitlab.com - a platform for handling the Git repo and CI/CD.
  • https://hub.docker.com - a public repository for the Docker images.

Automated setup

The easiest way is to use GitLab CI/CD pipelines. Just provide the variables described in the following CI/CD section. Then follow the pipeline and use the manual button to deploy.

CI/CD

Set up the following values in GitLab CI/CD variables section:

  • AWS_ACCESS_KEY_ID - AWS IAM user access key ID.
  • AWS_SECRET_ACCESS_KEY - AWS IAM user access key secret.
  • AWS_DEFAULT_REGION - AWS default region.
  • TF_VAR_PUBLIC_KEY - the public key for communicating with EC2 instances.

Manual setup

SSH

Generate a new pair of SSH keys (ssh-keygen), if you don’t have one already.

AWS

  • Create a new AWS IAM user, where access type is “Programmatic access”.
  • Attach policies directly, e.g. attach the “AdministratorAccess” policy.
  • Upon completion, you will be given the “Access key ID” and “Secret access key”. Store these values, as you will need them in the following script.
  • Execute the script below, by substituting the value of the profile, the preferred region, the key ID and the key secret. The script simply creates a new profile under ~/.aws and sets the env variable, so AWS knows which profile is in use.
export PROFILE=john.doe
export REGION=eu-north-1
export KEY_ID=AKIATLOSG4G7EXAMPLE1 
export KEY_SECRET=zxvrQAl2yLurpEb9cr3dc7yDirs/Ag8+AAebOIlja 

./scripts/profile.sh $PROFILE $REGION $KEY_ID $KEY_SECRET

export AWS_PROFILE=$PROFILE

Terraform

  • I am using Terragrunt as it remedies some “flaws” of Terraform, e.g. using variables in backend configuration and easily managing the remote state.
  • The usage of variables differs in Terraform and Terragrunt, however, both accept environment values.
  • The scripts directory hold some variables_*.sh scripts for setting environment values - edit them as you see fit.
  • Execute the script below. Don’t forget to terragrunt destroy after you are finished.
#Don't forget to set the AWS profile
#export AWS_PROFILE=$PROFILE

#For ASG approach

. ./scripts/variables_global.sh && ./scripts/variables_asg.sh

terragrunt apply --terragrunt-working-dir asg

#For EKS approach

. ./scripts/variables_global.sh && ./scripts/variables_eks.sh

aws eks update-kubeconfig --region ${TF_VAR_region} --name ${TF_VAR_name} --alias ${TF_VAR_name}
kubectl config use-context ${TF_VAR_name}

terragrunt apply --terragrunt-working-dir eks

ASG

  • The 443 listener has been disabled by default.
  • However, the ASG approach will most likely fail if you are using the listener for 443 as it requires certificates, and the CNAME that verifies you owning the domain is missing from your current domain’s DNS records. To fix that, go to AWS ACM, select the newly created certificate and update your existing DNS records by adding the respective CNAME record.

EKS

Deploy the website deployment object, and the balancer service object:

kubectl apply -f eks/website.yml
kubectl apply -f eks/balancer.yml

Resources