Showing posts with label aws. Show all posts
Showing posts with label aws. Show all posts

Thursday, June 2, 2022

Vault : Another product from HashiCorp for Secrets Management across Infrastructure and Applications

Posted by at No comments:
Labels: , , , , , ,

Terraform : Infrastructure as Code : Quick Example

 Here we will see.

  • Install Terraform on Windows Machine - Manual


  • Install Terraform on AWS EC2 - Manal

  • Install Docker on AWS EC2 using Terraform Script

  • Install Jenkins on AWS EC2 using Terraform Script

  • Install AWS Components and provisioning using Terraform Script

  • Upload the Terraform Script (Code into GitHub)

  • terraform.tfstate - Track, Security, Access Provisioning 

  • Terraform Registry and Providers

  • Change Infrastructure using Script

  • Destroy Infrastructure using Script - terraform destroy 

  • Terraform Cloud 

allows teams to easily version, audit, and collaborate on infrastructure changes. It also securely stores variables, including API tokens and access keys, and provides a safe, stable environment for long-running Terraform processes.


For more hands-on experience with the Terraform configuration language, resource provisioning, or importing existing infrastructure, review the tutorials below.

  • Configuration Language - Get more familiar with variables, outputs, dependencies, meta-arguments, and other language features to write more sophisticated Terraform configurations.

  • Modules - Organize and re-use Terraform configuration with modules.

  • Provision - Use Packer or Cloud-init to automatically provision SSH keys and a web server onto a Linux VM created by Terraform in AWS.

  • Import - Import existing infrastructure into Terraform.



Posted by at No comments:
Labels: , , , ,

Wednesday, June 1, 2022

Spring Boot, Jenkins, Docker, Kubernetes on AWS EKS

Here we will

  1. Simple Spring Webflux based API
  2. Containerize the application using Docker
  3. Create CI Jenkins Pipeline 
    1. Build
    2. Run Unit Tests
    3. Run Jacoco Reports
    4. Create Docker Image and Push to DockerHub
  4. Create CD Pipeline
    1. Login to AWS
    2. Pull Docker Image from Docker Hub and create container
    3. Deploy in AWS EKS
  5. Configure CI pipeline to be triggered only when code checked-in to any feature/* branches
  6. Configure CI pipeline to be triggered only when PR raised
  7. Configure CD pipeline to be triggered only when PR merged

1. Simple Spring Webflux based API

For Sample API, please checkout the code from 

  1. Please check the README.md for how to build locally
  2. Beer-Service.postman_collection.json for testing the application using postman. 

2. Containerize the application using Docker

    Add a file name "Dockerfile" into the application folder location. 
    Add below configuration 


FROM adoptopenjdk/openjdk11 COPY build/libs/*SNAPSHOT.jar beerOrderService.jar EXPOSE 8080 CMD ["java", "-jar", "beerOrderService.jar" ]

    

 Here in above file we use the image adoptopenjdk/openjdk11
We copy the built jar file as beerOrderService.jar
We expose the post it need to be executed. 
The execution command to run application once container started 


3. Create CI Jenkins Pipeline 

  1. Build
  2. Run Unit Tests
  3. Run Jacoco Reports
  4. Create Docker Image and Push to DockerHub

Create Jenkins 


Create CD Pipeline
  1. Login to AWS
  2. Pull Docker Image from Docker Hub and create container
  3. Deploy in AWS EKS
Configure CI pipeline to be triggered only when code checked-in to any feature/* branches
Configure CI pipeline to be triggered only when PR raised
Configure CD pipeline to be triggered only when PR merged




    

Posted by at No comments:
Labels: , , , , , , , , , , ,

Tuesday, July 20, 2021

AWS : VPC and Subnet Selection : IPV4 and IPV6

What is VPC? Why do we need? 

VPC is better knows as Virtual Private Cloud, a virtual private network where you can create your AWS resources S3, EC2 etc., It is isolated virtual network defined by you. 
Also you have privilege to: 
  • Choose your own IP address range
  • Choose your gateways
  • Configure route tables
  • Add subnets
  • And create VPN connection 
  • ACL - Access Control Lists
You must have and default VPC, otherwise you cannot create any AWS resources. Its is like an Data Center without networking. You can access any resource within this VPC from public internet through Internet Gateway. Route tables enables router which routes the traffic from public internet to resources, between resources, etc.,

You can create custom VPC and configure if you do not want to use default VPC. Else you can edit the default VPC and configure according to your needs.

They are highly scalable and without any bandwidth limitations.

Using ACLs and Security Groups you can control your inbound and outbound traffic. ACLs for subnets and Security Groups for instances.

What is Subnet? How to configure?

It is just range of IP addresses within your VPC. You can create any resource and it will have the IP address assigned to it and within the Subnet range.  By  editing CIDR IPV4 or IPV6 you can increase IP address range. See below for detailed explanation. 

Subnet Selection : IPV4


When we work on AWS, we all must come across a mandate step, that is defining our subnets and setting subnet ranges based on our required IP addresses needed for our components with in the VPC. Here let us see how to choose Subnet and range. 

Lets define Subnet: What is Subnet? 

Subnets are part of available networks within the Availability zone. Each VPC has its own isolated virtual private networks which are parts of available network addresses with-in the availability zone. The subnets cannot span across multiple availability zones.


Here we will see how to choose the subnet and define its range.

When we create VPC,  we have to choose the Subnet block either in IPV4 block or IPV6 block. We will discuss the differences between IPV4 and IPV6 later. Let us look at the IPV4 block now. 
Here are the default options 10.0.0.0/24. 

Now lets decode the 10.0.0./24. 
IPV4 has the address ranges of 2^32 it is equal to 4,29,49,67,296 different IP addresses. 

If we define 10.0.0.0/0 -  it means 32-0 = 32, so 2^32 = 4,29,49,67,296 addresses with in the VPC. But we are not going to have such big number of AWS Services or  EC2 instances with-in our VPC. So we are going to have less number of IP addresses. 

If we want 16 addresses in our VPC, we have to go for 10.0.0.0/28 it means, 32-28=4, 2^4=16. So we will be having the 16 IP addresses range. 

OK that's cool. What will be my IP addresses.


 If we have chosen, 10.0.0.0/28, then it is 32-28=4, 2^4=16, ranges from  10.0.0.0 to 10.0.0.15. 
If we have chosen, 10.0.0.0/24, then it is 32-24=8, 2^8= 256, ranges from 10.0.0.0 to 10.0.0.255. 


Lets see what happen is the range is beyond 256. Lets choose, 10.0.0.0/16.
32-20=12, 2^16= 4096, ranges from 10.0.0.0 to 10.0.15.255. 


Let's see if we have chosen 10.0.0.0/16, 32-16=16, 2^16=65536, ranges from 10.0.0.0 to 10.0.255.255.

Can we have only one IP address in my VPC?

Yes it is possible. Give 10.0.00/32, 32-32=0, 2^0=1, ranges from 10.0.0.0 to 10.0.0.0


IPV6 Subnet:


If you want to set bigger range of IP addresses, then go with IPV6, where you can set 2^64  


Posted by at No comments:
Labels: , , , , , ,
Subscribe to: Posts (Atom)