Deploying Ascent on AWS EKS with Aurora PostgreSQL and ElastiCache Redis using Cloud Formation

Deploying Apica Ascent on AWS EKS with Aurora PostgreSQL and ElastiCache Redis on production VPC using Cloudformation

Prerequisites

Before proceeding, ensure the following prerequisites are met:

Amazon EKS Kubernetes Version Compatibility

Note: This deployment method using Helm is only supported on Kubernetes versions till 1.28. Steps described in the document only work if the cluster is created using the given cloud formation template.

Here we need to give the Production VPC and Private Subnets.

AWS Resources

Note: These resources will be automatically generated during the CloudFormation deployment process and are not prerequisites for initiating it.

The Cloudformation template provisions the following resources:

  • S3 Bucket

  • EKS Cluster

  • EKS Node Pools

  • Aurora PostgreSQL

  • ElastiCache Redis

Deploy IAM Role, Aurora PostgreSQL and ElastiCache

Note: Ensure you're operating within the same region as your Virtual Private Cloud (VPC).

Deployment might take a while. Please wait until the stack status shows "CREATE_COMPLETE" before proceeding.

If the stack for some reason would fail, make sure to check the stack events (select your stack, and click on "Events") to understand the error. In order to fix your error, delete the stack and re-do the above.

Create EKS Cluster

Note: This is the second time you're creating a stack in CloudFormation. Do not mix them up.

Create an EKS Cluster with CloudFormation

After successfully deploying the initial CloudFormation stack, follow these steps to create an EKS Cluster:

Deployment might take a while. Please wait until the stack status shows "CREATE_COMPLETE" before proceeding.

AWS CLI commands

Note: Once the stack is fully provisioned, authenticate AWS CLI. If you have not downloaded AWS Cli and set it up yet you can do so here: https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html

FOR APICA ONLY: https://apicasystems.atlassian.net/wiki/spaces/PS/pages/3703013481/Configure+AWS+CLI+to+use+MFA

Deploy Apica Ascent using HELM

Access the Ascent UI

To get the default Service Endpoint, execute the below command:

kubectl get svc -n apica-ascent | grep LoadBalancer

Under the EXTERNAL-IP column you will find a URL similar to below:

NAME                        TYPE           CLUSTER-IP       EXTERNAL-IP
logiq-kubernetes-ingress     LoadBalancer <cluster_ip>    a874cbfee1cc94ea18228asd231da444-2051223870.eu-north-1.elb.amazonaws.com

Use this in your browser to access the Ascent UI

Login credentials is as defined in your values.yaml file

Security Group Rules for EKS Cluster

As the EKS Cluster has been created, we can now set up the access rules for our VPC.

Enabling HTTPS on your instance (optional)

Use auto-generated self-signed certificate

To enable https using self-signed certificates, please add additional options to helm and provide the domain name for the ingress controller.

In the example below, replace apica.my-domain.com with the https domain where this cluster will be available.

helm upgrade --install apica-ascent -n apica-ascent \
--set global.domain=apica.my-domain.com \
--set ingress.tlsEnabled=true \
--set kubernetes-ingress.controller.defaultTLSSecret.enabled=true \
-f values.yaml apica-repo/apica-ascent

Use your own certificate

To customize your TLS configuration by using your own certificate, you need to create a Kubernetes secret. By default, if you do not supply your own certificates, Kubernetes will generate a self-signed certificate and create a secret for it automatically. To use your own certificates, perform the following command, replacing myCert.crt and myKey.key with the paths to your certificate and key files respectively:

kubectl create secret tls https --cert=myCert.crt --key=myKey.key

In order to include your own secret, please execute the below command and replace $secretName with your secret to enable HTTPS and replace apica.my-domain.com with the https domain where this cluster will be available.

helm upgrade --install apica-ascent -n apica-ascent \
--set global.domain=apica.my-domain.com \
--set ingress.tlsEnabled=true \
--set kubernetes-ingress.controller.defaultTLSSecret.enabled=true \
--set kubernetes-ingress.controller.defaultTLSSecret.secret=$secretName \
-f values.yaml apica-repo/apica-ascent

Last updated