The following guide will show steps to deploy Joget on EKS using Terraform
Prerequisites
- Ensure that you have these CLI tools installed:
- Configured AWS CLI with Access Keys or assumed role with sufficient permissions
- You have downloaded the Terraform IaC from here
Configuring Terraform Remote Backend
Disclaimer: The Terraform code provisions the minimum required infrastructure. You may have to modify some of the parameters to ensure that it works in your environment. You may refer to the official AWS and Hashicorp documentation for more details
- Create a terraform.tfvars file in the backend directory and ensure the following variables are includedApp Name
app_name="<your-app-name>
- Run
terraform init - Run
terraform planto observe the resources that will be deployed (optional) - Once verified, run
terraform apply -auto-approve - Once the backend has been deployed, go to the
infrastructuredirectory and openmain.tf - Find the block:Terraform Backend Settings
backend "s3" { bucket = "xxx" key = "terraform.infrastructure.tfstate" region = "xxx" dynamodb_table = "xxx" } - Fill in the xxx with the service details that you have created on step 1 - 5
Note: This process will create a local Terraform state. The remote state will only apply for infrastructure.
Deploying AWS Infrastructure
- Create a
terraform.tfvarsfile and ensure the following variables are includedtfvarsapp_name=”<your-app-name>” cluster_name=”<your-eks-cluster-name>” rds_username=”<your-rds-username>” rds_password=”<your-rds-password>”
- Run
terraform init - Run
terraform planto observe the resources that will be deployed (optional) - Once verified, run
terraform apply -auto-approve
Note: This step will take some time, around 20-30 minutes.
Core Services and Resource Deployed
These are the core services and resources (non exhaustive) list deployed from Terraform:
- Virtual Private Cloud (VPC)
- Elastic Kubernetes Service (EKS)
- Elastic File System (EFS)
- Relational Database System (RDS) - Serverless
- Helm Charts:
- AWS Load Balancer Controller
- AWS EFS CSI Driver
- EC2 Servers - Created through EKS provisioning
Deploying Joget DX 8
- Download the Kubernetes manifest here.
- Run
kubectl apply -f joget-dx8-tomcat9-deployment.yaml - Wait for the containers to initialize. Run
kubectl get pods -Ato obtain the status of the pods.
Note: The manifest file creates a Storage Class with EFS CSI as provisioner which will dynamically create a Persistent Volume.
Accessing Joget through Load Balancer
- Run
kubectl get ingress -A. You should see the DNS under Address column as follows:Ingressk8s-namespace-RANDOM-STRING.REGION.elb.amazonaws.com
- Use the Address and go to
/jw. It will redirect you to the database setup. - Enter your database information on the above page
Note: The Terraform IaC has RDS Aurora Serverless included in the Infrastructure, and as such, it will be deployed alongside the EKS. You may use the RDS to better synergize with the VPC configuration. Ensure that you use the writer endpoint when setting up Joget database
- Click Save. Wait for the database to be setup
- Once the setup is complete, click Done. It will redirect you to the Joget main page
Common Errors
Terraform
Error: error configuring S3 Backend: no valid credential sources for S3 Backend found.
- You may have not setup your AWS Credentials yet, or if you are assuming role, your session may have expire.
- Solution: Run aws configure and input the Access Keys or export the Access Keys into your terminal environment or assume the previous role once again to get new session credentials.
Kubernetes/EKS
Unable to locate credentials. You can configure credentials by running "aws configure".
- You may have not setup your AWS Credentials yet, or if you are assuming role, your session may have expire.
- Solution: Run aws configure and input the Access Keys or export the Access Keys into your terminal environment or assume the previous role once again to get new session credentials.
You must be logged in to the server (Unauthorized)
- This happens when you are using different credentials - different users or roles to access the cluster. If you are the cluster creator, you should be able to access the cluster
- Solution:
- In the Terraform Iac, go to infrastructure/compute/eks/eks.tf
- Under the module “eks”, add the following
- If you are using users credential:
aws_auth_users= [ { userarn = "arn:aws:iam::<account-id>:user/<username>" username = "<username>" groups = ["system:masters"] } ] If you are using roles, you may append the aws_auth_roles block like so:
{ rolearn = “arn:aws:iam::<account-id>:role/<role-name>” username = "<role-name>" groups = ["system:masters"] }
- If you are using users credential:
AWS Marketplace
Quicklaunch: Cloudformation Stack failed to be created
- There can be numerous reasons the stack can be failed.
- The most common and important reason is the Helm chart failed to be deployed.
- Check the reason of failure from the Cloudformation console > Quicklaunch stack > Helm stack in the reason column.