search

Deploy to AWS

1

hashtag
Build Infrastructure ⏱️ 15 Mins

We've tested automation that provisions the required infra.

Deploy Infrastructure

git clone https://github.com/opengovern/automation.git
cd automation/terraform/eks
terraform init
terraform plan
terraform apply -auto-approve

Connect to Kubernetes Clusters; After infrastructure is provisioned, you will be an output similar to this:

Outputs:

configure_kubectl = "aws eks --region us-east-2 update-kubeconfig --name opencomply-abc123"
eks_cluster_name = "opencomply"

Run the output of configure_kubectl command to connect to Kubernetes Cluster

2

hashtag
Install App

helm repo add opencomply https://charts.opencomply.io
helm repo update
helm install -n opencomply opencomply opencomply/opencomply --create-namespace
3

hashtag
Configure HTTPS Certificate with ACM

circle-info

If you already have an ACM certificate for your domain in the same region as Kubernetes, you can simply export the ARN of the existing certificate

export CERTIFICATE_ARN=arn:aws:acm:us-east-1:123456789012:certificate/abcd1234-5678-90ef-ghij-1234567890a

  1. To request a new ACM certificate for the domain using DNS validation:

    aws acm request-certificate \
  --domain-name $DOMAIN \
  --validation-method DNS \
  --idempotency-token deploy-2024 \

  2. Retrieve the Certificate ARN and DNS Validation Records:

    CERTIFICATE_ARN=$(aws acm list-certificates --region us-east-1 --query "CertificateSummaryList[?DomainName=='demo.opengovernance.io'].CertificateArn" --output text)
echo "Certificate ARN: $CERTIFICATE_ARN"

VALIDATION_RECORDS=$(aws acm describe-certificate --certificate-arn $CERTIFICATE_ARN --region us-east-1 --query "Certificate.DomainValidationOptions[].ResourceRecord" --output json)
echo "Validation Records: $VALIDATION_RECORDS"
4

hashtag
Deploy Load Balancer

a. Create Ingress

Use a heredoc to define and apply the Ingress YAML, injecting environment variables for DOMAIN_NAME and CERTIFICATE_ARN.

kubectl apply -f - <<EOF
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  namespace: opencomply
  name: opencomply-ingress
  annotations:
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/target-type: ip
    alb.ingress.kubernetes.io/backend-protocol: HTTP
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
    alb.ingress.kubernetes.io/certificate-arn: "$CERTIFICATE_ARN"
    kubernetes.io/ingress.class: alb
spec:
  ingressClassName: alb
  rules:
    - host: "$DOMAIN_NAME"
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: nginx-proxy  # Replace with actual service name if different
                port:
                  number: 80
EOF

b. Retrieve the Load Balancer DNS Name:

LB_DNS=$(kubectl get ingress opengovernance-ingress -n opengovernance -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
echo "Load Balancer DNS: $LB_DNS"

c. Create DNS Records

  • Host/Name: demo.example.io

  • Type: CNAME

  • Value/Points to: $LB_DNS

5

hashtag
Restart App

a. Update App Config

helm upgrade opencomply opencomply/opencomply -n opencomply -f <(cat <<EOF
global:
  domain: ${DOMAIN}
dex:
  config:
    issuer: https://${DOMAIN}/dex
EOF
)

b. Restart Services

kubectl delete pods -l app=nginx-proxy -n opencomply && kubectl delete pods -l app.kubernetes.io/name=dex -n opencomply

App is not accessible at https://<your-domain-name>

PreviousDeploy on DigitalOcean / LinodeNextSingle Sign-On

Last updated