AWS EKS Setup
Generate Access keys for CLI, SDK, & API access
- Create Access Key
aws configure
- Set
AWS Access Key ID
- Set
AWS Secret Access Key
- Set
Default region name
- Set
- Create Access Key
Setup Environment Variables
CHART_VERSION=0.2.4+3003
BUILD_CHART_VERSION=0.1.0+7
CLUSTER_NAME=pyrsia-staging
EXTERNALDNS_NAMESPACE=external-dns
PYRSIA_NAMESPACE=pyrsia-node
PYRSIA_BASE_DOMAIN=pyrsia-aws.link
PYRSIA_DOMAIN=staging.${PYRSIA_BASE_DOMAIN}
PYRSIA_BOOTDNS=boot.${PYRSIA_DOMAIN}
PYRSIA_NODE_ZERO=pyrsia-node-0.${PYRSIA_DOMAIN}Create the Cluster
cat <<EOF | eksctl create cluster -f -
---
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
name: ${CLUSTER_NAME}
region: us-east-1
cloudWatch:
clusterLogging:
enableTypes:
- audit
- authenticator
managedNodeGroups:
- name: ng-1
amiFamily: AmazonLinux2
instanceSelector:
cpuArchitecture: x86_64
memory: 2GiB
vCPUs: 2
instanceTypes:
- t3.small
- t3a.small
iam:
withOIDC: true
addons:
- name: aws-ebs-csi-driver
version: v1.13.0-eksbuild.3
attachPolicyARNs:
- arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy
EOFCreate Kubernetes Namespaces
kubectl create namespace ${PYRSIA_NAMESPACE}
kubectl create namespace ${EXTERNALDNS_NAMESPACE}
Create Route 53 Policy
- See route53-policy.json
aws iam create-policy --policy-name "AllowExternalDNSUpdates" --policy-document file://route53-policy.json
Attach Route 53 Policy
aws iam attach-role-policy --role-name $(aws eks describe-nodegroup --cluster-name ${CLUSTER_NAME} --nodegroup-name ng-1 --query nodegroup.nodeRole --out text | awk -F/ '{print $2}') --policy-arn $(aws iam list-policies --query 'Policies[?PolicyName==
AllowExternalDNSUpdates].Arn' --output text)
Setup Route 53 Domain
aws route53 create-hosted-zone --name "${PYRSIA_BASE_DOMAIN}." --caller-reference "external-dns-$(date +%s)"
Get DNS Server List
aws route53 list-resource-record-sets --output text --hosted-zone-id $(aws route53 list-hosted-zones-by-name --output json --dns-name "${PYRSIA_BASE_DOMAIN}." | jq -r ".HostedZones[0].Id") --query "ResourceRecordSets[?Type == 'NS'].ResourceRecords[*].Value | []" | tr '\t' '\n'
Generate Pyrsia Keys using openssl v3
openssl genpkey -algorithm Ed25519 -out ed25519.pem
openssl pkey -in ed25519.pem -pubout -outform DER | tail -c +13 > id_ed25519.pub
openssl pkey -in ed25519.pem -out - -outform DER | tail -c +17 > id_ed25519.pri
cat id_ed25519.pri id_ed25519.pub > ed25519.serCreate DNS Alias
aws route53 change-resource-record-sets \
--hosted-zone-id $(aws route53 list-hosted-zones-by-name --output json --dns-name "${PYRSIA_BASE_DOMAIN}." | jq -r ".HostedZones[0].Id" | cut -d/ -f3) \
--change-batch '
{
"Comment": "Creating Alias resource for '${PYRSIA_BOOTDNS}'",
"Changes": [
{
"Action": "CREATE",
"ResourceRecordSet": {
"Name": "'${PYRSIA_BOOTDNS}'",
"Type": "A",
"AliasTarget": {
"DNSName": "'${PYRSIA_NODE_ZERO}'",
"EvaluateTargetHealth": false,
"HostedZoneId": "'$(aws route53 list-hosted-zones-by-name --output json --dns-name "${PYRSIA_BASE_DOMAIN}}." | jq -r ".HostedZones[0].Id" | cut -d/ -f3 )'"
}
}
}
]
}'Deploy Pyrsia via Helm
helm repo update pyrsia-nightly
helm upgrade node1 --install -n pyrsia-node pyrsia-staging/pyrsia-node --set "domain=${PYRSIA_DOMAIN}" --set bootdns=${PYRSIA_BOOTDNS} --set keys.p2p=$(cat ed25519.ser | base64) --set keys.blockchain=$(cat ed25519.ser | base64) --version "${CHART_VERSION}"
Deploy Build Service via Helm (Optional)
helm upgrade build1 --install -n pyrsia-node pyrsia-nightly/pyrsia-build-service --set bootdns=${PYRSIA_BOOTDNS} --version "${BUILD_ChART_VERSION}"