Quick Setup (AWS)
Installation guide for quick deployment of DIGIT via GitHub Actions in AWS. (This setup is strictly for setting up dev and test environments)
Before you begin with the installation:
ap-south-1 is hardcoded in terraform script. It will be moved to input.yaml shortly.
Secrets should be encrypted using SOPS. Currently, a private repository is needed to restrict access to sensitive information.
Overview
This guide provides step-by-step instructions for installing DIGIT using GitHub Actions within an AWS environment.
Secrets should be encrypted using SOPS. Currently, the private repo will be required to restrict access to sensitive information
Pre-requisites
AWS account with administrative privilege
Github account
Create IAM User and generate Access Key & Secret Key
Skip this step if you already have access and a secret key
Create an IAM User with administrative privilege in your AWS account
Generate
ACCESS_KEY
andSECRET_KEY
for the IAM user.
Configure GitHub Repository
Fork the DIGIT-DevOps Repository into your account on GitHub (Uncheck Copy the master branch only while forking) see the below image where to find a fork in GitHub.
Enable GitHub workflow by clicking on I understand my workflow, go ahead and enable them
Navigate to the repository settings, under the security section go to Secrets and Variables, click on actions and add the following repository secrets one by one by clicking on New repository secret:
The following secrets need to be added:
AWS_ACCESS_KEY_ID
<GENERATED_ACCESS_KEY>
AWS_SECRET_ACCESS_KEY
<GENERATED_SECRET_KEY>
AWS_DEFAULT_REGION
<AWS_REGION>
AWS_REGION
<AWS_REGION>
Once all four secrets are added it will look like the below:
Clone the forked DIGIT-DevOps repository (using
git clone
command) and open the repo in the code editor or optionally you can use github web editor by replicating github.com with github.dev.
Switch the branch from master to DIGIT-2.9LTS using the below command.
Generate SSH Key Pair
Choose the following method to generate an SSH key pair:
Method a: Use an online website (Note: This is not recommended for production setups, only for demo purposes):
https://8gwifi.org/sshfunctions.jsp
Store the generated private key and public key in separate files on your local.
The private key will look like:
-----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEAue4+1*********************K7mGXRIv6enEP4lN/y9i287wsNBpg+IDGjIV************************************************************************************ +zrt79wBgG5vlGMoT1hysRDpxNNlDdimE6G8OHaCj6e5cwhXrMt1swKFUwVsZaFx UMv1xVFU/OsrJ8v8***************************************************************** **********************Sd74a4d2h28pIEHNbrlvAVn7Zt9IDC kgske+VBY+X0D2en1l8bt3Vdnn5xgcDQsPmp6GdoRfE2luJ6lAe+mdkCgYEA0wUj tUHRH9sI3X86wZVREt*************************************************************** **********************************poTy6hNQr9IT2TsBckuN/qqockBR/j+iRap7lec3tJM vdmMVP0Ed7GjBiSBVeHeHVg+Dt6+AqayWqU0hPkCgYB6o+bof7XnnsmBjvLVFO15 LlDiIZQFBtr7CriRDD2Nx************************************************************* ************************************TCaHk8CGmA+TXSKM9q7cTtMb6ythUQhZrpq 0EEY5TgQKBgQ*************************************************************8/PD+mT 5jFvon5Q== -----END RSA PRIVATE KEY-----
And the public key will look like the below:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQA*************************************HBFUNjyMLpFltqwbsA*************************************MaMhX7Ou3*************************************PWHKx*************************************oVTBWxloXFQy/XFU*************************************W/QVdgs5xp+P5hhZgm9WpdN3Cz*************************************clYmUHoPCPwKIqElX2DZzYGJc*************************************y4gR
Configure Infrastructure Parameters
In your editor go to
DIGIT-DevOps/infra-as-code/terraform/sample-aws
.Open
input.yaml
and enter details such asdomain_name
,cluster_name
,bucket_name
,db_name
and addpublic_ssh_key
generated in the above step. (Fill in the inputs as per the regex mentioned in the comments). The following variables need to be set in the input.yaml
cluster_name
Name of the EKS cluster. The Cluster name can have only lowercase alphanumeric characters and hyphens
ssh_key_name
The name of the ssh key. Can contain any alphanumeric character
public_ssh_key
The public ssh key generated in section above (Generate SSH Key Pair)
db_name
Name of the database. The name that you enter should contain only alphanumeric characters
db_username
Username of the root user. DB user name must contain only alphanumeric characters
domain_name
The domain url for the UI
terraform_state_bucket_name
Name to be given to S3 bucket which will be created in terraform. This bucket will store the terraform state.
Configure Application Secrets
Go to
deploy-as-code/charts/environments
.Open
env-secrets.yaml
.Enter
db_password
andssh_private_key (in git-sync section)
. (please make sure that the indentation is the same as the sample value given forssh_private_key
)Add the public key to your GitHub account.
Trigger Installation
After entering all the details, push these changes to the remote GitHub repository (in the same DIGIT-2.9LTS branch). Open the Actions
tab in your GitHub account to view the workflow. You should see that the workflow has started, and the pipelines are completed successfully.
This indicates that your setup is correctly configured, and your application is ready to be deployed. Monitor the output of the workflow for any errors or success messages to ensure everything is functioning as expected.
KubeConfig Setup
For guidance on setting up your AWS CLI, please follow the instructions provided in Installation Guide - Production Setup on AWS. Additionally, ensure your AWS CLI is correctly configured by referring to the official AWS documentation on Configuring the AWS CLI - AWS Command Line Interface. Confirm your AWS credentials are correctly set by executing:
If not create the profile using:
Run the below command to export AWS Credentials
Proceed only after verifying the correct configuration of your credentials. For any uncertainties on how to set up the credentials, consult the AWS documentation for detailed instructions. To check if credentials are properly set run the command:
Run the following command to get Kubernetes configuration:
Verify that you can connect to the cluster by running the following command.
Once the deployment is done get the CNAME of the nginx-ingress-controller:
The output of this will be something like this:
ae210873da6ff4c03bde2ad22e18fe04-233d3411.ap-south-1.elb.amazonaws.com
Add the CNAME to your domain provider against your domain name.
Post Deployment
Login to the employee dashboard with the username and password provided in env-secrets.yaml file using the domain name provided in input.yaml.
Cleanup & Uninstallation Of DIGIT Infrastructure
As you wrap up your work with DIGIT, ensuring a smooth and error-free cleanup of the resources is crucial. Regular monitoring of the GitHub Actions workflow's output is essential during the destruction process. Watch out for any error messages or signs of issues. A successful job completion will be confirmed by a success message in the GitHub Actions window, indicating that the infrastructure has been effectively destroyed.
When you're ready to remove DIGIT and clean up the resources it created, proceed with executing the terraform_infra_destruction
job. This action is designed to dismantle all setup resources, clearing the environment neatly.
We hope your experience with DIGIT was positive and that this guide makes the uninstallation process straightforward.
How to Run the Terraform Infrastructure Destruction Job
To initiate the destruction of a Terraform-managed infrastructure, follow these steps:
Navigate to Actions.
Click DIGIT-Install workflow.
Select Run workflow.
When prompted, type "destroy". This action starts the
terraform_infra_destruction
job.
You can observe the progress of the destruction job in the actions window.
Note: For DIGIT configurations created using the master branch.
If DIGIT is installed from a branch other than the main one, ensure that the branch name is correctly specified in the workflow file. For instance, if the installation is done from the digit-install branch, the following snippet should be updated to reflect that.
Last updated