Deploy to AWS
1
Build Infrastructure ⏱️ 15 Mins
We've tested automation that provisions the required infra.
Deploy Infrastructure
git clone https://github.com/opengovern/automation.git
cd automation/terraform/eks
terraform init
terraform plan
terraform apply -auto-approve
Connect to Kubernetes Clusters; After infrastructure is provisioned, you will be an output similar to this:
Outputs:
configure_kubectl = "aws eks --region us-east-2 update-kubeconfig --name opencomply-abc123"
eks_cluster_name = "opencomply"
Run the output of configure_kubectl command to connect to Kubernetes Cluster
2
3
Configure HTTPS Certificate with ACM
To request a new ACM certificate for the domain using DNS validation:
aws acm request-certificate \ --domain-name $DOMAIN \ --validation-method DNS \ --idempotency-token deploy-2024 \
Retrieve the Certificate ARN and DNS Validation Records:
CERTIFICATE_ARN=$(aws acm list-certificates --region us-east-1 --query "CertificateSummaryList[?DomainName=='demo.opengovernance.io'].CertificateArn" --output text) echo "Certificate ARN: $CERTIFICATE_ARN" VALIDATION_RECORDS=$(aws acm describe-certificate --certificate-arn $CERTIFICATE_ARN --region us-east-1 --query "Certificate.DomainValidationOptions[].ResourceRecord" --output json) echo "Validation Records: $VALIDATION_RECORDS"
4
Deploy Load Balancer
a. Create Ingress
Use a heredoc to define and apply the Ingress YAML, injecting environment variables for DOMAIN_NAME
and CERTIFICATE_ARN
.
kubectl apply -f - <<EOF
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: opencomply
name: opencomply-ingress
annotations:
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/backend-protocol: HTTP
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
alb.ingress.kubernetes.io/certificate-arn: "$CERTIFICATE_ARN"
kubernetes.io/ingress.class: alb
spec:
ingressClassName: alb
rules:
- host: "$DOMAIN_NAME"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx-proxy # Replace with actual service name if different
port:
number: 80
EOF
b. Retrieve the Load Balancer DNS Name:
LB_DNS=$(kubectl get ingress opengovernance-ingress -n opengovernance -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
echo "Load Balancer DNS: $LB_DNS"
c. Create DNS Records
Host/Name:
demo.example.io
Type:
CNAME
Value/Points to:
$LB_DNS
5
Restart App
a. Update App Config
helm upgrade opencomply opencomply/opencomply -n opencomply -f <(cat <<EOF
global:
domain: ${DOMAIN}
dex:
config:
issuer: https://${DOMAIN}/dex
EOF
)
b. Restart Services
kubectl delete pods -l app=nginx-proxy -n opencomply && kubectl delete pods -l app.kubernetes.io/name=dex -n opencomply
App is not accessible at https://<your-domain-name>
Last updated