Deploying Apica Ascent on AWS EKS (Private End poi with Aurora PostgreSQL and ElastiCache Redis on production VPC using Cloudformation
Last updated
Was this helpful?
Before proceeding, ensure the following prerequisites are met:
is installed on your machine.
AWS CLI is installed and configured on your machine.
You have permissions on your AWS account to create resources including Elastic Kubernetes Service (EKS), S3 Bucket, Aurora PostgreSQL, and ElastiCache.
You have configured an AWS Virtual Private Cloud (VPC) and two (2) Private subnets.
Note: These resources will be automatically generated during the CloudFormation deployment process and are not prerequisites for initiating it.
The Cloudformation template provisions the following resources:
S3 Bucket
EKS Cluster
EKS Node Pools
Aurora PostgreSQL
ElastiCache Redis
Note: Ensure you're operating within the same region as your Virtual Private Cloud (VPC).
Click "Next"
Enter a stack name
Enter an IAM role name for Logiq-EKS (Save this value for later),This will create the IAM role
Enter a master username for Postgresql. (Save this value for later),Master Username can include any printable ASCII character except /, ', ", @, or a spac
Enter a password for the above Postgresql user. (Save this value for later),Master Password should be > 8 characters.
Enter a database name for the Postgresql database,Start with small letter.
You can find this by searching for "VPC" on the top left search bar, select the VPC service, click the VPCs resource and select your region. Locate your VPC and copy the VPC ID.
From where you left of extracting your VPC ID, on the left hand side menu, select Private Subnets and copy the two Subnet IDs you intend you use
Nothing required here, navigate to the bottom of the page and click "Next"
You can review your configurations, acknowledge the capabilities and click "Submit"
Deployment might take a while. Please wait until the stack status shows "CREATE_COMPLETE" before proceeding.
Enter a stack name (Whatever you want to call the cluster)
Enter a name for the EKS cluster (Save this value)
Enter the ARN value of the IAM role you created in the previous CloudFormation deployment (Navigate to the previous stack and check outputs tab to find the value for the key LogiqEKSClusterRole)
Select a VPC id in the dropdown (This guide assumes you’ve created these previously)
Select two VPC Private subnets with NAT GATEWAY Attatched for the above VPC from each dropdown.
Enter "2" in the fields for “Ingest Worker Node count” and “Common Worker Node count”
Enter the S3 bucket name you used in the previous CloudFormation deploy in “S3 bucket for Logiq”
Click "Next"
Step 3: Configure stack options and Click "Next"
Step 4: Review and create
Access the bastion host via SSH from your workstation to ensure it works as expected.
Check that the security group attached to your EKS control plane can receive 443 traffic from the public subnet. You can create a rule by adding port HTTPS (443) and giving the Security group id of bastion host in EKS security group. This will enable communication between the bastion host in the public subnet and the cluster in the private subnets.
Access the bastion host and then use it to communicate with the cluster just as you would with your personal machine.
Update your kubeconfig using below command.
Execute the following command:
To get the default Service Endpoint, execute the below command:
Under the EXTERNAL-IP column you will find a URL similar to below:
Create windows server with same vpc and create a rule for RDP in security group of windows server. RDP into that and access the application with "EXTERNAL-IP"
Login credentials is as defined in your values.yaml file
As the EKS Cluster has been created, we can now set up the access rules for our VPC.
To enable https using self-signed certificates, please add additional options to helm and provide the domain name for the ingress controller.
In the example below, replace apica.my-domain.com with the https domain where this cluster will be available.
To customize your TLS configuration by using your own certificate, you need to create a Kubernetes secret. By default, if you do not supply your own certificates, Kubernetes will generate a self-signed certificate and create a secret for it automatically. To use your own certificates, perform the following command, replacing myCert.crt and myKey.key with the paths to your certificate and key files respectively:
In order to include your own secret, please execute the below command and replace $secretName with your secret to enable HTTPS and replace apica.my-domain.com with the https domain where this cluster will be available.
On the following page (step 1 of Stack creation) select "Template is ready" and "Amazon S3 URL". In the "Amazon S3 URL" textfield, enter
Enter an S3 bucket name (Save this value for later),Make sure to apply
On the following page (step 1 of Stack creation) select "Template is ready" and "Amazon S3 URL". In the "Amazon S3 URL" textfield, enter
Create a in the public subnet of your VPC with a key pair. Launch this host with user data that installs kubectl and aws CLI tools you need.
VPC, select your region in the VPCs dropdown and on the VPC list you have a column called IPv4 CIDR, copy your CIDR and use it as a source.
