Cloud-Native Microservices GitOps Pipeline on AWS with Spring Boot, Terraform, Kubernetes, Keycloak Oauth2 Authorization Server, Github Actions, Spring Cloud Gateway, AWS SSL Certificate, External DNS, Nginx Ingress Controller, Spring Cloud Kubernetes, Swagger UI REST API Documentation and Grafana Observability Stack
Keycloak Administration Console will be available here: https://keycloak.yourdomain.com
Movies Online UI, secured with Keycloak Server will be available here: https://movie.yourdomain.com
Swagger UI Spring Cloud Gateway REST API Documentation, secured with Keycloak Server will be available here: https://erp.yourdomain.com
Grafana Observability Stack, will be available here: https://grafana.yourdomain.com
https://github.com/greeta-erp/erp-api (API Source Code and Github Docker Images Pipeline)
https://github.com/greeta-erp/erp-infra (Terraform Infrastructure and GitOps Pipeline)
https://github.com/greeta-erp/erp-ui (UI Source Code and Github Docker Image Pipeline)
-
make sure you have AWS Account with enough permissions
-
make sure you have your own registered domain and hosted zone
-
create wildcard AWS Certificate for your domain: "*.yourdomain.com" (you will need ssl_certificate_arn later)
-
make sure you have your own Github Account or Organization
-
clone erp-api and erp-infra repositories to your github profile or organization
-
In your cloned erp-api Github Repository, go to Settings -> Secrets and Variables -> Actions -> New Repository Secret and create DISPATCH_TOKEN secret with the value of your personal github token (You need to create personal token in Developer Settings and make sure you give it workflow permissions)
-
if you use github organization, then you need to make github docker image packages public by default (not sure how to do it if you use github profile directly, but if github docker images are not public by default, you also need to change it in github settings)
-
in github organization settings, go to packages -> Package Creation -> set public as defult (skip it, if you use github profile directly, but I'm not 100% sure, please, refer to github actions docker images documentation, if you have any issues)
-
if you want to create your own UI docker image, you should also clone erp-ui repository (instructions for creation of docker image pipeline are similar to erp-api, but you will also need to change keycloak and api url in constants.js and provide your omdb account secret in env.local file. Please, read this article for more details: https://github.com/ivangfr/springboot-react-keycloak
-
go to the root directory of your cloned erp-api github repository
-
Edit ".github/workflows" files: replace "greeta-erp" with the name of your github profile or organization; replace "erp-api and erp-infra" with the names of your cloned or forked repositories (or leave the names like this if you don't want to change the names); replace "master" with the name of your main branch (or leave it like this, if you don't want to change, but please, note that you would have to change default main branch name in github settings)
-
go to the root directory of your cloned erp-infra github repository
-
create terraform.auto.tfvars in your erp-infra repository and provide your own aws_region and ssl_certificate_arn
aws_region = "eu-central-1"
environment = "dev"
business_division = "it"
cluster_name = "erp-cluster"
ssl_certificate_arn = "arn:aws:acm:eu-central-1:your-certificate-arn"
-
replace "greeta.net" in terraform files of erp-infra repository, with the name of your domain (please, use search to find all files, where "greeta.net" is used)
-
Commit your erp-infra changes to github (don't worry, terraform.auto.tfvars is in .gitignore and it won't be committed)
git add .
git commit -m "your comment"
git push origin
-
go to the root directory of your cloned erp-api github repository
-
Commit your erp-api changes to github (it should trigger creation of docker images pipeline and then erp-infra pipeline)
git add .
git commit -m "your comment"
git push origin
-
wait until erp-api pipeline in github is finished and erp-infra pipeline is started
-
erp-infra pipeline automatically changes docker image versions to the versions of docker images, created in erp-api pipeline and pushes new docker image versions to erp-infra repository
-
go to the root directory of your cloned erp-infra github repository
-
pull changes from erp-infra repository and run terraform
git pull
terraform apply --auto-approve
-
if terraform script is failed during creation of grafana observability stack, please, run terraform apply --auto-approve again (it sometimes happens when kubernetes cluster is not ready yet)
-
grafana observability stack will be available by url: https://grafana.yourdomain.com; username: user; password: you should see the password in the output of terraform script. Sometimes it is empty. In this case, you can get the password with this command:
kubectl get secret --namespace observability-stack loki-stack-grafana -o jsonpath="{.data.admin-password}" | base64 --decode;
-
go to "https://erp.yourdomain.com"
-
you should see successfully loaded "Swagger UI REST API Documentation" page with drop-down selection of microservices
-
Select any microservice from the drop-donw list
-
Click Authorize button and login with admin/admin (full access) or user/user (read-only access)
-
In Authorize dialog window you should also provide the name of the OAuth2 Client (erp-app )
-
After successfull authorization, try any REST API endpoint
-
Go to https://grafana.yourdomain.com and find the logs and traces, generated by the endpoints (Find "Explore" menu, then go to "Loki", select "app" and then select the name of the microservice and then "Run Query")
-
as a bonus, you can clone "erp-ui" repository and test "movie" microservice UI with keycloak authorization and redirect login page (see https://github.com/ivangfr/springboot-react-keycloak for more details)
-
go to "https://movie.yourdomain.com" and login with admin/admin (full access) or user/user (read-only access) (see https://github.com/ivangfr/springboot-react-keycloak for more details)
Congratulations! You sucessfully tested Cloud-Native Microservices GitOps Pipeline on AWS with Terraform, Kubernetes, Spring Cloud Gateway and Keycloak!
terraform destroy --auto-approve