Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

ECS Fargate:

AWS ECS (Elastic Container Service) Fargate is a serverless compute engine offered by Amazon Web Services (AWS) for deploying and managing containerized applications. It simplifies the process of running containers at scale without the need to manage the underlying infrastructure. With ECS Fargate, you can focus on your application logic and let AWS handle the provisioning, scaling, and maintenance of the compute resources.

To use ECS Fargate, you create task definitions that specify the containers, their configurations, and resource requirements. These task definitions are then used to launch tasks, which represent running instances of your containers. You can also define services to ensure high availability and manage the lifecycle of tasks.

 

All AWS services required to run knowhow in ECS:

 

1- Infrastructure:

  1. VPC (Virtual Private Cloud): A logically isolated section of the AWS cloud where you can launch AWS resources. It allows you to define your own network configuration, including IP address ranges, subnets, and route tables.

  2. Subnets: These are subdivisions of a VPC, used to segment and isolate resources. Two subnets are often created in different Availability Zones for high availability.

  3. Internet Gateway: A VPC component that allows communication between instances in the VPC and the Internet. It serves as a gateway for traffic entering or leaving the VPC.

  4. Route Table: A set of rules that determine where network traffic is directed within the VPC. It specifies how traffic is routed between subnets, the Internet Gateway, and other destinations.

  5. Route Table Association: Associates a subnet with a route table, enabling the subnet to use the routes defined in that table.

 

2- Platform:

ECS Cluster: A logical grouping of container instances that you can manage as a single unit. It allows you to organize and manage containers effectively.

ALB (Application Load Balancer): A load balancer that distributes incoming application traffic across multiple targets (such as EC2 instances, containers, IP addresses) in multiple Availability Zones. It operates at the application layer (Layer 7) of the OSI model.

NLB (Network Load Balancer): A load balancer that routes traffic based on IP protocol data. It is ideal for handling TCP/UDP traffic and performs at the transport layer (Layer 4) of the OSI model.

ALB Listener: A listener is a process that checks for connection requests and forwards them to the appropriate target groups based on rules you define.

ALB Listener Rules: Rules that define how traffic should be routed based on conditions such as URL paths or hostnames. They help control the flow of incoming requests.

Target Group: A group of resources, such as EC2 instances or containers, that serve traffic together. It is associated with a listener and routes traffic to the registered targets based on the listener rules.

Security Group: A virtual firewall that controls inbound and outbound traffic for your resources. It acts as a barrier that specifies allowed communication based on defined rules.

 

3- Application:

  1. ECS Task Definition:

  1. A Task Definition is a blueprint for your containers. It defines various parameters like which Docker images to use, CPU and memory requirements, networking settings, and container relationships.

  2. You would create separate task definitions for each component of your application (Customapi, UI, Jira, devops-processor, and MongoDB).

  1. ECS Service:

  1. An ECS Service is responsible for maintaining a specified number of running instances of a task definition.

  2. For each component of your application, you would create an ECS service to ensure that the desired number of containers/tasks are always running.

  1. CloudWatch:

  1. Amazon CloudWatch is a monitoring and observability service that collects and tracks metrics, logs, and events from various AWS resources.

  2. You would configure CloudWatch to monitor the performance and health of your ECS tasks, services, and other resources.

  1. NFS (Network File System):

  1. NFS is a distributed file system protocol that allows you to share files and directories between servers over a network.

  2. You might use NFS to provide a persistent storage solution for your MongoDB data, enabling data to be retained even if containers are restarted or scaled.

  1. IAM Role & Policy:

  1. An IAM Role is an AWS identity that you can assign to AWS resources. It grants permissions to access and interact with other AWS resources.

  2. An IAM Policy defines permissions that determine what actions are allowed or denied for specific resources.

  3. You would create IAM roles and policies to grant necessary permissions to your ECS tasks and services, enabling them to access other AWS resources securely.

By setting up these components in the application layer, you establish a comprehensive environment for your containerized application. The ECS Task Definitions and Services define how your application's containers are configured and deployed. CloudWatch monitors the performance, and NFS provides persistent storage for your database. Finally, IAM Roles and Policies ensure that your application components can interact with other AWS services securely and efficiently.

 

How do we run terraform script to install knowhow on ECS from scratch:

Terraform Script Repo URL: https://pscode.lioncloud.net/psinnersource/monitor-measure-metrics/speedy-product/knowhow-terraform-scripts/-/tree/main/ecs_fargate

Step 1: Run below command for 1-Infrastructure

cd ecs_fargate

cd 1-Infrastructure

terraform init

terraform apply -auto-approve

Step 2: Run below command for 2-Platform

cd ../2-Platform

##Replace your SSL_certificate_arn at line 122 in 2-Platform/variable.tf file

##Replace with your actual IP address at line no. 118

terraform init

terraform apply -auto-approve

Step 3: Run below command for 3-Application

cd ../3-Application

##In terraform.tfvars you can provide the version of knowhow that you want to install. (Example - 7.2.0)

terraform init

terraform apply -auto-approve

 

How do we run terraform script to install knowhow on ECS with existing services:

  1. Commenting Existing Resource Blocks:

When you're working with existing resources, you generally wouldn't want to recreate them using Terraform, as that could lead to unintended changes or data loss. Instead, you can import the existing resources into your Terraform state.

For example, if you have an existing AWS S3 bucket, you would typically comment out the resource block for the bucket in your Terraform configuration. This prevents Terraform from trying to manage the resource.

Here's an example of what an S3 bucket resource block might look like in Terraform:

# resource "aws_s3_bucket" "example_bucket" {

#   bucket = "example-bucket"

# }

  1. Import Existing Resources:

To start managing existing resources with Terraform, you need to import them into the Terraform state. This is done using the terraform import command. The command requires the resource type and name from your configuration, along with the actual resource identifier from the cloud provider.

For example, to import an existing S3 bucket into Terraform state:

terraform import aws_s3_bucket.example_bucket example-bucket

 

  1. Using Output to Share Resource Information:

Once you've imported the existing resource into Terraform state, you can utilize the information about that resource by using outputs. Outputs allow you to share information from your Terraform configuration with other parts of your infrastructure or external services.

In your output.tf file, you can define an output for the imported S3 bucket's ID:

output "imported_bucket_id" {

  value = aws_s3_bucket.example_bucket.id

}

Now, any other Terraform configurations or external systems can reference this output value to interact with the existing S3 bucket.

Remember, while importing existing resources into Terraform can be convenient, it's important to plan carefully to avoid unintended changes or conflicts between your existing resources and your Terraform-managed infrastructure.

In summary, the process involves:

  1. Commenting out the existing resource block in your Terraform configuration.

  2. Importing the existing resource into Terraform state using the terraform import command.

  3. Defining an output in your http://output.tf file to share the resource's information with other parts of your infrastructure.

 

 

 

 

The PSknowhow application is composed of seven containers that must may be deployed on a Kubernetes ECS cluster. This document will guide you through the installation process step by step. The containers are:

...

  1. Customapi : 8GB RAM & 2 CPU

  2. MongoDB : 2GB & 1CPU

  3. UI : 1GB RAM & 1CPU

  4. Jira-processor: 6GB RAM & 1CPU

  5. devops-Processor: 8GB RAM & 2 CPU

  6. Azure-board-Processor: 4GB RAM & 1CPU

  7. Azure-pipeline-repo-Processor: 4GB RAM & 1CPU

Step 1: Create registry login credentials Secret .

Code Block
kubectl create secret docker-registry regcred --docker-server=setup-speedy.tools.publicis.sapient.com --docker-username=xxxx --docker-password=xxxxx --docker-email=email.demo.com

Step 2: Create the MongoDB Pod

The MongoDB container must be deployed in its own pod. To create the MongoDB pod, create a YAML file and run the following command:

...

...

kubectl apply -f mongodb.yaml

Here is an example YAML file for the MongoDB container:

View file
namemongodb.yaml

The YAML file specifies the name of the pod, the container image to use, the container port 27017 to expose. and the environmental variables to use

Environmental Variable’s for MongoDB:

  1. MONGODB_ADMIN_USER=<DB ROOT USER>

  2. MONGODB_ADMIN_PASS=<DB ROOT PASSWORD>

  3. MONGODB_APPLICATION_DATABASE=kpidashboard

  4. MONGODB_APPLICATION_USER=<DB APPLICATION USER>

  5. MONGODB_APPLICATION_PASS=<DB APPLICATION PASSWORD>

Step 3: Deploy customapi Pod

Download the customapi-deploy.yaml manifest file

View file
namecustomapi-deploy.yaml

The YAML file specifies the name of the Deployment, the container image to use, the container port 8080 to expose, and the Environmental variable for MongoDB host to connect to.

Replace the Environmental Variable’s with appropriate once

  1. corsFilterValidOrigin = "UI laodbalancer IP/DNS"

  2. forgotPassword.uiHost= "UI laodbalancer IP/DNS"

  3. versionnumber="the current version"

  4. JAVA_OPTS= (Optional) This will assign external variables to the application

  5. auth.secret: <Pass your auth key>

  6. aesEncryptionKey: <Pass your aes key >

Step 4: Deploy the UI Containers

Deploy the UI containers in the same way as the customapi and MongoDB containers. Here is an example YAML file for the ui container:

View file
nameui.yaml

The YAML file specifies the name of the pod, the container image to use, and the container port to expose.

Step 5: Deploy the Processor Containers

Attaching the list of all the processor you may run

Jira-Processor

View file
namejira-processor.yaml

Devops-processor

View file
namedevops-processor.yaml

Azure-board-processor

View file
nameazure-board-processor.yaml

Azure-pipeline-repo-Processor

View file
nameInvalid file id - b3ae520f-f6a4-4f0a-b8a3-cd44f2629350

Step 6: Verify the Deployment

You can verify that the containers are running run the following command:

Code Block
kubectl get pod

To persist the MongoDB data, you can use your preferred cloud provider's storage solution. Here are the steps you can follow:

  1. Create a persistent volume and claim in your cloud provider's storage solution. This will provide a storage location that will persist even if the MongoDB pod is deleted.

  2. Modify the MongoDB YAML file to use the persistent volume. Here's an example of how to modify the YAML file:

Code Block
apiVersion: v1
kind: Pod
metadata:
  name: mongodb
spec:
  replicas: 1
  containers:
  - name: mongodb
    image: setup-speedy.tools.publicis.sapient.com/speedy/mongodb:latest
    ports:
    - containerPort: 27017
    volumeMounts:
    - name: mongodb-data
      mountPath: /data/db
  volumes:
  - name: mongodb-data
    persistentVolumeClaim:
      claimName: mongodb-pvc

The volumeMounts section specifies where the persistent volume should be mounted inside the container. The volumes section specifies the name of the volume and where it should be claimed from.

  1. Create the persistent volume claim by running the following command:

Code Block
kubectl apply -f mongodb-pvc.yaml

Here's an example YAML file for the persistent volume claim:

Code Block
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: mongodb-pvc
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 10Gi

The YAML file specifies the name of the persistent volume claim, the access mode, and the requested storage size.

By following these steps, you can persist the MongoDB data in your preferred cloud provider's storage solution.

Upgrade Steps:

  1. If you are upgrading PSknowhow from 7.0.0 to 7.x.x please execute the bellow step

    Code Block
    kubectl exec -it <Mongodb Pod name> sh
    mongo admin --username="${MONGODB_ADMIN_USER}" --password="${MONGODB_ADMIN_PASS}" --eval "db.shutdownServer()"
  2. Edit the deployment in following order
    mongodb
    customapi
    ui
    jira-processor
    devops-processor
    azure-pipeline-repo
    azure-board-processor
    by

    Code Block
    kubectl edit deploy <Deploy name> -o yaml
  3. Replace the tag version with the latest version in image section

  4. Check for environmental variable section and add if any variables are missing in current manifest file Refer this docs . And save it.