AWS Setup accounts for multiple Environments

 When you want to grant permissions for various users who were invoking your project within multi-environments. You can try this solution.



Some Step Flows:

  1. Go to the AWS Organizations


=> Click On Add an AWS Account



=> Fill necessary info



  1. Move on IAM Identity Center

Choose Setting tab

=> Set necessary information


Choose User tab

=> Create User


  1. Assign User into organization

=> Choose aws acounts



=> Choose Users/Groups and then you can grant permission



  1. See the result from awsapp




Vi Nhơn



Xảo yếm đa lao, chuyết yếm nhàn,
Thiện hiềm nhu nhược, ác hiềm ngoan.

Phú tao tật đố, bần tao tiện,
Cần viết tham lam, kiệm viết kiên.

Xúc mục bất phân giai tiếu xuẩn,
Kiến cơ nhi tác hựu ngôn gian.

Tư lượng ná kiện dương giao tố,
Tố nhân nan tố tố nhân nan.

***
Vi nhân nan, vi nhân nan,
Tả đắc chỉ tận bút đầu can,
Cánh tả kỷ cá vi nhân nan.

ArgoCD + Helm + Prometheus + Grafana + Slack Notification Setup

 

  1. Install argo

Create the argo namespace and aplly the manifest with all the yaml for the argo creation in k8s. Finally obtain the secret of the argo admin account

Kubectl create ns argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d

Expose argo by port-forward

kubectl port-forward svc/argocd-server -n argocd 8080:443

2. Install prometheus

Create argo app named prometheus-helm-app-yaml

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: prometheus
namespace: argocd
spec:
source:
path: prometheus
repoURL: https://github.com/javier2419/prometheus-helm.git
targetRevision: HEAD
destination:
server: 'https://kubernetes.default.svc'
namespace: preus
project: default
Kubecetl create namespace preus
Kubectle apply -f prometheus-helm-app.yaml

2. Install Grafana

Create argo app named grafana-helm-app-yaml

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: grafana
namespace: argocd
spec:
source:
path: grafana
repoURL: https://github.com/javier2419/prometheus-helm.git
targetRevision: HEAD
destination:
server: 'https://kubernetes.default.svc'
namespace: grafana
project: default
Kubecetl create namespace grafana
Kubectle apply -f grafana-helm-app.yaml
kubectl port-forward svc/grafana -n grafana 3001:3000

The password is in values.yaml

Now add data source prometheus in grafana

url = http://prometheus-server.preus.svc.cluster.local

click in save & test

3. Import dashboard kubernetes deployment metrics with GPU

4. ArgoCD Slack Notification Setup

4.1 Create Slack Application using https://api.slack.com/apps?new_app=1

4.2 Once application is created navigate to Enter OAuth & Permissions

4.3 Click Permissions under Add features and functionality section and add chat:write:bot scope. To use the optional username and icon overrides in the Slack notification service also add the chat:write.customize scope.

4.4 Scroll back to the top, click ‘Install App to Workspace’ button and confirm the installation.

4.5 Once installation is completed copy the OAuth token.

4.6 Create a Slack Channel, for example argo and ddd your bot to this channel otherwise it won’t work

4.7 Store token in argocd_notifications-secret Secret

apiVersion: v1
kind: Secret
metadata:
name: argocd-notifications-secret
namespace: argocd
stringData:
slack-token: "xoxb-xx-your secret"

The above file is called argocd-notifications-secret.yaml.

kubectl apply -f argocd-notifications-secret.yaml

Finally, use the OAuth token to configure the Slack integration

apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-notifications-cm
namespace: argocd
data:
service.slack: |
token: $slack-token # use as it is
defaultTriggers: |
- on-deployed
trigger.on-deployed: |
- description: Application is synced and healthy. Triggered once per commit.
oncePer: app.status.operationState.syncResult.revision
send:
- app-deployed
when: app.status.operationState.phase in ['Succeeded'] and app.status.health.status == 'Healthy' and app.status.sync.status == 'Synced'
template.app-deployed: |
message: |
{{if eq .serviceType "slack"}}:white_check_mark:{{end}} Application {{.app.metadata.name}} is now running new version of deployments manifests.
slack:
attachments: |
[{
"title": "{{ .app.metadata.name}}",
"title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
"color": "#18be52",
"fields": [
{
"title": "Sync Status",
"value": "{{.app.status.sync.status}}",
"short": true
},
{
"title": "Repository",
"value": "{{.app.spec.source.repoURL}}",
"short": true
},
{
"title": "Revision",
"value": "{{.app.status.sync.revision}}",
"short": true
}
{{range $index, $c := .app.status.conditions}}
{{if not $index}},{{end}}
{{if $index}},{{end}}
{
"title": "{{$c.type}}",
"value": "{{$c.message}}",
"short": true
}
{{end}}
]
}]

The above file is called argocd-notifications-cm.yaml

kubectl apply -f argocd-notifications-cm.yaml

Create a Slack integration subscription:

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: guestbook
namespace: argocd
annotations:
notifications.argoproj.io/subscribe.on-deployed.slack: argo #Slack Channel name
spec:
source:
path: helm-guestbook
repoURL: https://github.com/argoproj/argocd-example-apps.git
targetRevision: HEAD
destination:
server: 'https://kubernetes.default.svc'
namespace: kube-system
project: default

Testing

 what you will need is

AWS account 
virtual machine 
putty or any ssh client

##TERRAFORM INSTALLATION

sudo apt-get update && sudo apt-get install -y gnupg software-properties-common

wget -O- https://apt.releases.hashicorp.com/gpg | \
    gpg --dearmor | \
    sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg

gpg --no-default-keyring \
    --keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg \
    --fingerprint

echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] \
    https://apt.releases.hashicorp.com $(lsb_release -cs) main" | \
    sudo tee /etc/apt/sources.list.d/hashicorp.list

sudo apt update

sudo apt-get install terraform

#AWS CLI

apt install unzip

curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install

sudo ./aws/install --bin-dir /usr/local/bin --install-dir /usr/local/aws-cli --update

aws configure

git clone https://github.com/hashicorp/learn-terraform-provision-eks-cluster

cd learn-terraform-provision-eks-cluster

#comment cloud configuration in terrform.tf

terraform init

terraform apply

curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"

snap install kubectl --classic
kubectl version --client

aws eks --region $(terraform output -raw region) update-kubeconfig \
    --name $(terraform output -raw cluster_name)

kubectl cluster-info
kubectl get nodes

kubectl create namespace argocd

kubectl patch svc argocd-server -n argocd -p '{"spec": {"type": "LoadBalancer"}}'

kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echo

kubectl delete -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
kubectl delete namespace argocd
terraform destroy --auto-approve

The OCR Service to extract the Text Data

Optical character recognition, or OCR, is a key tool for people who want to build or collect text data. OCR uses machine learning to extract...