PROD EKS SETUP

# PROD EKS SETUP - [x] Create PROD EKS using Terraform - Repository - Infra Manifests - Add Management Clusters IP in whitelist - Check Correct VPC and subnets are configured of the new EKS - [x] Secrets Migration - Create prod-eks-secret in AWS Secrets Manager - Migrate all secrets from vault to ASM - Verify all secrets # INSTALL MANAGEMENT SERVICES IN PROD EKS - [x] Switch context to PROD EKS - Repository - Management Manifests - [x] Install CloudWatch logging in EKS ``` 1. Update eks cluster name in prod-k8s-support-app/cloudwatch-logging.yaml 2. Create namespace 3. Create Logging config map ``` - [x] Install External Secrets ``` cd prod-k8s-support-app/external-secrets helm install external-secrets -f values.yaml --namespace secrets --create-namespace . kubectl create -f global-secret-store.yaml ``` - [x] Install AWS Load Balancer ``` cd prod-k8s-support-app/aws-load-balancer-controller helm install alb -f values.yaml --namespace ingress --create-namespace . ``` - [x] Install Argo Rollouts ``` cd prod-k8s-support-app/argo-rollouts helm install argo-rollout -f values.yaml --namespace rollout --create-namespace . ``` - [ ] Install AWS WAF on the new ALB - [ ] Install CW setup in Fargate EC2 - [ ] Install SSM setup in Fargate EC2 - [ ] Check usage of .json policy files in OLD Load balanacers folder # ADD EKS CLUSTER IN ARGOCD - [x] Create new `prod-k8s-v1` folder - Copy all content from old `prod-k8s` - Copy all important missing yaml files from `stage-k8s-v1` folder - [x] [MGMT-EKS] Login into argocd ``` argocd login argocd.portone.cloud:443 username - admin password - CzxyLmfyZ-Fm9C-8 ``` - [x] [MGMT-EKS] Add new PROD eks cluster in ArgoCD ``` argocd cluster add arn:aws:eks:ap-southeast-1:977295554259:cluster/prod-eks-cluster ``` * This will create argocd-manager service account on the new prod-eks * End step will timeout with erro * Switch to new prod-eks cluster and do the following steps again once service account is created - [x] Create `argocd-manager-token-custom` ``` kubectl create -f prod-k8s-v1/argo.yaml ``` - [x] Create Secrets mapping on switching in Stage-EKS ``` kubectl edit sa -n kube-system argocd-manager Add secrets mapping in the end secrets: - name: argocd-manager-token-custom ``` - [x] [MGMT-EKS] Retry adding new PROD eks cluster in ArgoCD ``` argocd cluster add arn:aws:eks:ap-southeast-1:977295554259:cluster/prod-eks-cluster Newly added cluster URL -https://65FFA4DA50F6BA669BF22CF1BDB608ED.gr7.ap-southeast-1.eks.amazonaws.com ``` - [x] Add secrets ampping and service account for interal-app ``` kubectl apply -f secret.yaml kubectl apply -f serviceaccount.yaml ``` - [ ]