diff --git a/charts/databunker/README.md b/charts/databunker/README.md index 065fa33..72e3a99 100644 --- a/charts/databunker/README.md +++ b/charts/databunker/README.md @@ -457,8 +457,8 @@ You can configure this chart to load certificates you created outside of contain ```yaml certificates: - customCertificate: "mytls" - certificateSecret: "" + customCertificate: + certificateSecret: "databunkertls" chainSecret: name: "" key: "" @@ -470,7 +470,7 @@ certificates: > Tip! You can create a self-signed certificate and a secret containing your certificates using the following command: ```bash openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=localhost" -kubectl create secret tls mytls --key="tls.key" --cert="tls.crt" +kubectl create secret tls databunkertls --key="tls.key" --cert="tls.crt" ``` ### Setting Pod's affinity diff --git a/terraform/aws/README.md b/terraform/aws/README.md index 498b8ff..095fa73 100644 --- a/terraform/aws/README.md +++ b/terraform/aws/README.md @@ -1,13 +1,54 @@ +## Terraform script to prepare environment for Databunker +1. Create VPC +2. Create MySQL RDS +3. Create EKS + +### How to set up everything ``` +terraform init terraform apply +``` + +Make sure to save the database hostname displayed as **rds_hostname** variable. + +Same RDS hostname is printed using the following command: + +``` +terraform output rds_hostname +``` + +### Next steps +1. Set KUBECONFIG to point to new generated kubernetes config file +2. Create SSL certificate for Databunker and save it as Kubernetes secret +3. Start Databunker process + +``` +export KUBECONFIG=`pwd`/`ls -1 kubeconfig_*` +cd ../../charts +openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=localhost" +kubectl create secret tls databunkertls --key="tls.key" --cert="tls.crt" +helm install myprj ./databunker --set mariadb.enabled=false \ + --set externalDatabase.host=MYSQL-RDS-HOST \ + --set externalDatabase.existingSecret=databunker-mysql-rds \ + --set certificates.customCertificate.certificateSecret=databunkertls +``` + +The **MYSQL-RDS-HOST** is the same as ```terraform output rds_hostname```. + +### View generated database password + +``` +terraform output rds_password +``` + +### Troubleshooting +``` terraform destroy -target aws_eks_cluster.yuli-cluster terraform destroy -target module.eks.aws_eks_cluster.this\[0\] -terraform output rds_password - -export KUBECONFIG=/Users/yuli/Desktop/code/databunker/terraform/kubeconfig_yuli-cluster -export KUBE_CONFIG_PATH=/Users/yuli/Desktop/code/databunker/terraform/kubeconfig_yuli-cluster - +terraform destroy +helm uninstall myprj +kubectl get secret databunkertls -o json +kubectl get secret databunker-mysql-rds -o json ``` - diff --git a/terraform/aws/rds.tf b/terraform/aws/rds.tf index 13ff494..4c1e535 100644 --- a/terraform/aws/rds.tf +++ b/terraform/aws/rds.tf @@ -47,7 +47,7 @@ resource "aws_db_parameter_group" "mydb" { resource "aws_db_instance" "mydb" { # https://github.com/tmknom/terraform-aws-rds-mysql/blob/master/main.tf # The name of the database. If this parameter is not specified, no database is created in the DB instance. - name = "bunkerdb" + name = "databunkerdb" identifier = "mydb" tags = { "Name" = "mydb"} instance_class = "db.t3.medium" @@ -86,7 +86,7 @@ resource "kubernetes_secret" "databunker-mysql-rds" { #port = aws_db_instance.mydb.port #dbname = aws_db_instance.mydb.name #username = aws_db_instance.mydb.username - "mariadb-password" = aws_db_instance.mydb.password + "db-password" = aws_db_instance.mydb.password } type = "Opaque" }