Cloud Specific Details

Cloud vendor specific tool installations and environment variables are required at certain steps based on your deployment path

Prerequisites

Provision Enabling Systems

For quick deployment, mainly for development and testing purposes, you may wish to use cloud marketplaces, managed providers or Rierino playbooks for enabling systems:

For this MongoDB package, configuration updates and restart details can be found from the vendor site.

If you will be using Keycloak with http for development / testing purposes, you may need to open up the port on local firewall (e.g. sudo ufw allow 8080/tcp) and set "Require SSL" option to false on master realm.

Set-up Initial Deployment Host

Ansible playbooks require access to VM inventory as well as kubernetes cluster from initial deployment host, which requires installation of certain collections and tools:

ansible-galaxy collection install amazon.aws community.aws

Set-up environment variables used by Ansible and AWS tools:

export KUBECONFIG=[kubeconfig file path]
export K8S_AUTH_KUBECONFIG=[same as KUBECONFIG]
export AWS_REGION=[AWS deployment region]
export AWS_ACCESS_KEY_ID=[AWS access key id]
export AWS_SECRET_KEY=[AWS secret key]
export AWS_SECRET_ACCESS_KEY=[same as AWS_SECRET_KEY]

If you are using WSL for initial deployment and receive error on valid AWS credentials, your instance's time may be out of sync with Amazon servers.

You may use a command such as sudo hwclock -s for synchronization.

As a best practice, it is recommended not to use AWS account root user credentials for these environment variables which are used during deployment.

pip install google-auth
ansible-galaxy collection install google.cloud
gcloud components install gke-gcloud-auth-plugin

Set-up environment variables used by Ansible and GCP tools:

export KUBECONFIG=[kubeconfig file path]
export K8S_AUTH_KUBECONFIG=[same as KUBECONFIG]
export GCP_PROJECT=[GCP deployment project]
export GCP_REGION=[GCP deployment region]
export GOOGLE_APPLICATION_CREDENTIALS=[GCP service account json file path]

For authentication, service account file is used with GCP, which is passed as a parameter.

If you are using WSL for initial deployment and receive error on valid GCP credentials, your instance's time may be out of sync with Google servers.

You may use a command such as sudo date -s "$(wget -qSO- --max-redirect=0 google.com 2>&1 | grep Date: | cut -d' ' -f5-8)Z" for synchronization.

Provision a Kubernetes Cluster

Note that for AWS installations, you may need to manually update kubeconfig file contents output from "terraform apply" step, setting authentication apiVersion to "v1beta1" if you are receiving "invalid apiVersion client.authentication.k8s.io/v1alpha1"error.

This is due to a compatibility bug between AWS CLI and recent helm/kubectl versions.

It is possible to deploy Rierino platform on any AWS region that has EKS and ELB availability. For the latest list of regions supported for these services, please refer to AWS availability listing.

AWS

Configure Network Connectivity

You can use security groups for configuring connectivity between kubernetes cluster and enabling systems (such as one group allowing ingress from all sources within the group and another granting access to static admin IPs).

You can issue SSL certificates using ACM for your domain.

You can reserve static IPs to assign them to external facing load balancers.

You can map your static IPs to DNS records.

Deployments

Load Balancer Variables

For ansible-playbook deployments including external facing load balancers (admin gateway and admin UI), include the following variables for static IP and certificate assignments:

Variable

Definition

Default

awsACMARN

ARN for ACM certificate (if certificate is used)

awsLBSubnets

List of subnets on which static IPs shall be assigned (if static ip is used)

PreviousAlternative 2: Ansible - Step-by-Step NextSandbox VM Deployment

Last updated 1 year ago