Skip to content

Commit

Permalink
Merge pull request #10 from mozammil89/main
Browse files Browse the repository at this point in the history
feat: cdk project improvements
  • Loading branch information
pallakartheekreddy authored Nov 20, 2024
2 parents 05fc6c6 + d9e7666 commit 96bfbb1
Show file tree
Hide file tree
Showing 76 changed files with 4,839 additions and 6,427 deletions.
18 changes: 12 additions & 6 deletions .env
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
# MANDATORY INPUT - AWS account Id
ACCOUNT="abc123"
# MANDATORY INPUT - AWS account Id
ACCOUNT="1234"

# AWS region to deploy services, default "ap-south-1"
REGION="ap-south-1"
REGION="ap-south-1"

# AWS Availability Zone count, default 2
MAX_AZS=2
Expand All @@ -12,7 +12,7 @@ CIDR="10.20.0.0/16"

# MANDATORY INPUT - Database password
# Constraints: At least 8 printable ASCII characters. Can't contain any of the following: / (slash), '(single quote), "(double quote) and @ (at sign).
RDS_PASSWORD=""
RDS_PASSWORD="SunbirdRC-987"

# Database user name, default "postgres"
RDS_USER="postgres"
Expand All @@ -21,11 +21,17 @@ RDS_USER="postgres"
EKS_CLUSTER_NAME = "ekscluster-sbrc2"

# MANDATORY INPUT - Amazon EKS mastersRole, to be associated with the system:masters RBAC group, giving super-user access to the cluster.
ROLE_ARN = "arn:aws:iam::abc2123:role/abc123"
ROLE_ARN = "arn:aws:iam::<aws-account-id>:role/Admin"

# MANDATORY INPUT - External domain for Registry and Keycloak
RC_EXTERNAL_DOMAIN="" # E.g. registry.sunbird-rc.io

# MANDATORY INPUT - SSL certificate ARN for External Domain defined above to access Registry and Keycloak services
# AWS Certificate Manager - https://aws.amazon.com/certificate-manager/
CERT_ARN="" # E.g. arn:aws:acm:ap-south-1:<aws-account-id>:certificate/<identifier>. Pls check user guide for SSL public certificate creation steps through AWS Certificate Manager

# Modules to be insalled as part of this deployment
# RC --> both R and C modules of SunBird RC 2.0 (Default)
# R --> only R part of SunBird RC 2.0
# C --> Only C part of SunBird RC 2.0
SUNBIRD_RC_MODULES_CHOICE = 'RC'

2 changes: 2 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,5 @@ node_modules
# CDK asset staging directory
.cdk.staging
cdk.out
.env
cdk.context.json
7 changes: 0 additions & 7 deletions cdk.context.json

This file was deleted.

62 changes: 51 additions & 11 deletions documentation/01-Deployment-CDK-Sunbirdrc2.md
Original file line number Diff line number Diff line change
@@ -1,9 +1,27 @@
## AWS CDK One Click Deployment ##

## Prerequisties:
Configuring AWS CLI is a crucial step in working with AWS CDK. You can do it in your local environment.If you prefer to configure AWS CLI on a remote server, you can SSH-ing into the server and running aws configure to set up the CLI credentials and configuration. Just ensure that the server has network connectivity to AWS services and that you have the necessary permissions to configure AWS CLI and access AWS resources from that server.
## Prerequisites

### AWS CDK Stack Overview
- **AWS Account**: An AWS account to deploy AWS CDK stacks
- **[AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html)**: Configured with AWS account
- **Kubectl Client**: Configured with the Amazon EKS cluster.
- **Public Domain/Sub-Domain**: Along with SSL certificates for HTTPS.

### Public Domain/sub-domain

Sunbird RC requires a public domain to be associated with `Registry` service.

Users must obtain a public domain and/or create subdomains in an existing domain. Additionally, an SSL certificate must be issued for subdomain to enable HTTPS for `Registry` service. You can use [AWS Certificate Manager](https://aws.amazon.com/certificate-manager/pricing/), which provides public SSL/TLS certificates at no cost.

### Requesting a Public SSL Certificate through AWS Certificate Manager

To obtain an SSL certificate through AWS Certificate Manager, follow the easy steps provided in the official [AWS ACM Documentation](https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html).

Once a certificate is issued for your subdomain, copy the certificate ARN to be used in the environment variable later. The certificate ARN follows this format:

`arn:aws:acm:ap-south-1:<aws-account-id>:certificate/<identifier>`

## AWS CDK Stack Overview
The CDK comprises stacks designed to perform unique provisioning steps, making the overall automation modular. Here is an overview of all the stacks along with the actions they perform:

| CDK Stack name | File name/path | Description |
Expand All @@ -17,8 +35,25 @@ The CDK comprises stacks designed to perform unique provisioning steps, making t
| vaulthelmstacksbrc2 | helm-vault-stack.ts | To deploy Vault from Hashicorp |
| vaultinithelmstacksbrc2 | helm-vaultInit-stack | To initialize and unseal the deployed Vault |


### Prepare your environment
## AWS CDK Environment Variables

**Update mandatory environment variables, with your preferred editor. Open '.env' file in the CDK app.**

| ENVIRONMENT VARIABLES | EXAMPLE VALUE | DESCRIPTION |
|----------------------------|-----------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| REGION | us-east-1 | AWS region |
| ACCOUNT | 123456789123 | AWS 12-digit account number |
| CIDR | 10.20.0.0/16 | VPC CIDR, change it as per your environment |
| MAX_AZS | 2 | AWS Availability Zone count, default is 2 |
| RDS_USER | postgres | Database username for core registry service, default is 'postgres' |
| RDS_PASSWORD | NLhL*I-e54e | Database password, used during DB creation and passed down to Sunbird RC services helm chart |
| EKS_CLUSTER_NAME | ekscluster-sbrc2 | AWS EKS Cluster name |
| ROLE_ARN | arn:aws:iam::<aws-account-id>:role/Admin | Amazon EKS master's role to be associated with the system:masters RBAC group, giving super-user access to the cluster |
| CERT_ARN | arn:aws:acm:ap-south-1:<aws-account-id>:certificate/<identifier> | SSL Certificate ARN obtained from AWS Certificate Manager service |
| RC_EXTERNAL_DOMAIN | sunbird-rc.example.com | Domain/subdomain to be used with the `registry` service and for which the SSL CERT ARN is generated |
| SUNBIRD_RC_MODULES_CHOICE | RC | Modules to be installed as part of this deployment. Values may be **'R'** - Registry, **'C'** - Credentialing, **'RC'** - Registry and Credentialing. Default value is 'RC' |

## Prepare your environment
```
# Install TypeScript globally for CDK
npm i -g typescript
Expand All @@ -37,8 +72,9 @@ npm i
cdk bootstrap aws://<ACCOUNT-NUMBER>/<REGION>
```

#### Update mandatory environment variables, with your preferred editor. Open '.env' file in the CDK app.
## Deploy CDK

<<<<<<< HEAD
| ENVIRONMENT VARIABLES | EXAMPLE VALUE | DESCRIPTION |
|---------------------------|---------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| REGION | us-east-1 | AWS region |
Expand All @@ -47,14 +83,18 @@ cdk bootstrap aws://<ACCOUNT-NUMBER>/<REGION>
| MAX_AZS | 2 | AWS Availability Zone count, default 2 |
| RDS_USER | postgres | Database user name for core registory service, default 'postgres' |
| RDS_PASSWORD | NLhL*I-e54e | Database password, used while DB creation and passed down to Sunbrd RC services helm chart |
| EKS_CLUSTER_NAME | ekscluster-sbrc2 | AWS EKS Cluster name |
| ROLE_ARN | arn:aws:iam::123456789012:role/ AWSReservedSSO_AWSAdministratorAccess | Amazon EKS mastersRole, to be associated with the system:masters RBAC group, giving super-user access to the cluster |
| EKS_CLUSTER_NAME | ekscluster-sbrc2 | AWS EKS Cluster name |
| ROLE_ARN | `arn:aws:iam::<aws-account-id>:role/Admin` | Amazon EKS mastersRole, to be associated with the system:masters RBAC group, giving super-user access to the cluster
| CERT_ARN | `arn:aws:acm:ap-south-1:<aws-account-id>:certificate/<identifier>` | SSL Certificate Role ARN obtain from AWS Certificate Manager service
|
| RC_EXTERNAL_DOMAIN | `sunbric-rc.exmaple.com` | Domain/subdomain to be used with `registry` service and for which SSL CERT ARN is generated.
|
| SUNBIRD_RC_MODULES_CHOICE | RC | Modules to be installed as part of this deployment. Values may be **'R'** - Registry, **'C'** - Credentialing, **'RC'** - Registry and Credentialing. Default value is 'RC' |
=======
**Ensure you have updated the .env file before running following commands to begin deployment.**
>>>>>>> 934116f0a2f90356de78f18792b55e39e7f0a9fc
**Deploy CDK**
```
# After updating the .env file, run AWS CDK commands to begin with deploy
# Emits the synthesized CloudFormation template
cdk synth
Expand Down
2 changes: 1 addition & 1 deletion helm/sunbird-c-charts/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.0.1
version: 0.0.3

# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -57,8 +57,8 @@ ingress:

resources:
requests:
cpu: 500m
memory: 2G
cpu: 250m
memory: 1G

autoscaling:
enabled: true
Expand Down
4 changes: 2 additions & 2 deletions helm/sunbird-c-charts/charts/credentials-service/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -57,8 +57,8 @@ ingress:

resources:
requests:
cpu: 500m
memory: 2G
cpu: 250m
memory: 1G

autoscaling:
enabled: true
Expand Down
4 changes: 2 additions & 2 deletions helm/sunbird-c-charts/charts/identity-service/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -57,8 +57,8 @@ ingress:

resources:
requests:
cpu: 500m
memory: 2G
cpu: 250m
memory: 1G

autoscaling:
enabled: true
Expand Down
11 changes: 8 additions & 3 deletions helm/sunbird-c-charts/values.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
global:
host: "registry.demodpgs.net"
host: ""
certificateARN: ""
database:
host: ""
user: "postgres"
Expand Down Expand Up @@ -100,7 +101,9 @@ registry:
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/target-group-attributes: stickiness.enabled=true,stickiness.lb_cookie.duration_seconds=3600
ingress.kubernetes.io/rewrite-target: / # Added rewrite annotation here for / to /selfservice
#alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:370803901956:certificate/59fa4298-f8da-4d53-9314-8b7266416460
# SSL certificate ARN from AWS ACM, required for HTTPS
alb.ingress.kubernetes.io/certificate-arn: ""
alb.ingress.kubernetes.io/ssl-redirect: '443'
hosts:
- paths:
- path: /
Expand All @@ -116,7 +119,9 @@ keycloak-service:
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/target-group-attributes: stickiness.enabled=true,stickiness.lb_cookie.duration_seconds=3600
ingress.kubernetes.io/rewrite-target: / # Added rewrite annotation here for / to /selfservice
#alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:370803901956:certificate/59fa4298-f8da-4d53-9314-8b7266416460
# SSL certificate ARN from AWS ACM, required for HTTPS
alb.ingress.kubernetes.io/certificate-arn: ""
alb.ingress.kubernetes.io/ssl-redirect: '443'
hosts:
- paths:
- path: /auth
Expand Down
2 changes: 1 addition & 1 deletion helm/sunbird-r-charts/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.0.1
version: 0.0.3

# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
Expand Down

This file was deleted.

4 changes: 2 additions & 2 deletions helm/sunbird-r-charts/charts/certificate-api/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -54,8 +54,8 @@ ingress:

resources:
requests:
cpu: 500m
memory: 2G
cpu: 250m
memory: 1G

autoscaling:
enabled: true
Expand Down

This file was deleted.

4 changes: 2 additions & 2 deletions helm/sunbird-r-charts/charts/certificate-signer/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -54,8 +54,8 @@ ingress:

resources:
requests:
cpu: 500m
memory: 2G
cpu: 250m
memory: 1G

autoscaling:
enabled: true
Expand Down
Loading

0 comments on commit 96bfbb1

Please sign in to comment.