This comprehensive guide is designed to assist you in efficiently setting up and provisioning the necessary stack. By adhering to the outlined steps and recommendations, you'll facilitate a seamless setup experience.
Before initiating the setup process, please ensure the following tools are installed and configured on your system:
- Terraform: Automate infrastructure management with ease. Installation Guide
- Kubectl: Interact with your Kubernetes cluster. Installation Guide
- Flux CLI: Manage GitOps for your cluster. Installation Guide
- AWS CLI: Control AWS services directly from your terminal. Installation Guide
- AWS Credentials: Essential for authenticating AWS CLI and Terraform commands. Configuration Guide
- Key Pairs (Private and Public): Secure your connections with SSH keys. SSH Key Generation Guide
To securely clone repositories, you must add AWS CodeCommit to your known_hosts
. Replace AWS_REGION
with your target AWS region:
export AWS_REGION=""
ssh-keyscan "git-codecommit.$AWS_REGION.amazonaws.com" >> ~/.ssh/known_hosts
Replace the following variables with your own values.
REPO_PATH
: Where to clone the created CodeCommit repositories. eg./tmp/workshop
PUBLIC_KEY
: Path to the public key generated previouslyPRIVATE_KEY
: Path to the private key generated previouslyKNOWN_HOSTS
: Path to known hosts file.
export REPO_PATH=""
export PUBLIC_KEY=""
export PRIVATE_KEY=""
export KNOWN_HOSTS=""
The install.sh
script streamlines the provisioning process.
./install.sh $PUBLIC_KEY $PRIVATE_KEY $REPO_PATH $KNOWN_HOSTS
Post-installation, use the configure_kubectl
Terraform output to connect to your Kubernetes cluster:
aws eks --region $AWS_REGION update-kubeconfig --name eks-saas-gitops
Argo Workflows needs access to the git repository. Create a secret to store the private keys that Argo will use to clone and push changes to git during workflows.
kubectl create secret generic github-ssh-key --from-file=ssh-privatekey= ~/.ssh/id_rsa --from-literal=ssh-privatekey.mode=0600 -nargo-workflows --kubeconfig ~/.kube/config
To guarantee a smooth installation:
- Confirm the installation and configuration of all prerequisites.
- Verify the AWS region in
echo $AWS_REGION
matches your intended provision region. - Ensure AWS credentials are correctly set to prevent any access or permission issues.
Occasionally, you might encounter errors due to race conditions during the provisioning process, such as failed Helm releases. Typical errors include:
- Helm install failures due to webhook service unavailability.
- Artifacts not being stored correctly for certain Helm releases.
Should these or similar errors arise, run the quick_fix_flux.sh
script to resolve them swiftly:
./quick_fix_flux.sh
This script dynamically identifies and deletes failed Helm releases, then reconciles your flux-system
source to reattempt their installation. Running quick_fix_flux.sh
ensures your environment stabilizes by rectifying transient errors that commonly occur due to race conditions during initial setup.
For a detailed guide on deploying and testing the architecture, including the deployment of tenants, setting up SQS queues, and managing Kubernetes deployments, please refer to the following Workshop: