Welcome to AWS Full-Stack Developer Template: React UI + Spring Boot + Terraform + Kubernetes + Keycloak Oauth2 Authorization Server + Github Actions + Spring Cloud Gateway + AWS SSL Certificate + External DNS + AWS Load Balancer Controller + Spring Cloud Kubernetes + Spring Boot Modulith + Swagger UI + Grafana Observability Stack
Keycloak Administration Console will be available here: https://keycloak.yourdomain.com
Order UI, secured with Keycloak Server will be available here: https://order.yourdomain.com
Swagger UI Spring Cloud Gateway REST API Documentation, secured with Keycloak Server will be available here: https://orderapi.yourdomain.com
Grafana Observability Stack, will be available here: https://grafana.yourdomain.com
https://github.com/greeta-order-01/order-api (API Source Code and Docker Images Repository)
https://github.com/greeta-order-01/order-infra (Terraform Infrastructure and GitOps Pipeline)
https://github.com/greeta-order-01/order-ui (UI Source Code and Docker Images Repository)
-
make sure you have AWS Account with enough permissions
-
make sure you have your own registered domain and hosted zone
-
create wildcard AWS Certificate for your domain: "*.yourdomain.com" (you will need ssl_certificate_arn later)
-
make sure you have your own Github Account or Organization
-
clone order-ui, order-api and order-infra repositories to your github profile or organization
-
In your cloned order-api Github Repository, go to Settings -> Secrets and Variables -> Actions -> New Repository Secret and create DISPATCH_TOKEN secret with the value of your personal github token (You need to create personal token in Developer Settings and make sure you give it workflow permissions)
-
make sure your order-ui and order-api repository docker images are public by default (you need to change it in github settings: https://docs.github.com/en/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility)
-
in your order-ui repository, you will also need to change keycloak and api url in Constants.js. Please, read this article for more details: https://github.com/ivangfr/springboot-react-keycloak
-
go to the root directory of your cloned order-ui, order-api, order-infra github repository
-
Edit ".github/workflows" files: replace "greeta-order-01" with the name of your github profile or organization; replace "order-ui, order-api and order-infra" with the names of your cloned or forked repositories (or leave the names like this if you don't want to change the names); replace "master" with the name of your main branch (or leave it like this, if you don't want to change, but please, note that you would have to change default main branch name in github settings)
-
go to the root directory of your cloned order-infra github repository
-
create terraform.auto.tfvars in your order-infra repository and provide your own aws_region and ssl_certificate_arn
aws_region = "eu-central-1"
environment = "dev"
business_division = "it"
cluster_name = "order-cluster"
ssl_certificate_arn = "arn:aws:acm:eu-central-1:your-certificate-arn"
-
replace "greeta.net" in terraform files of order-infra repository, with the name of your domain (please, use search to find all files, where "greeta.net" is used)
-
Commit your order-infra changes to github (don't worry, terraform.auto.tfvars is in .gitignore and it won't be committed)
git add .
git commit -m "your comment"
git push origin
-
go to the root directory of your cloned order-ui, order-api github repository
-
Commit your order-ui or order-api changes to github (it should trigger creation of docker images pipeline and for order-api changes it should also trigger order-infra pipeline)
git add .
git commit -m "your comment"
git push origin
-
wait until order-api pipeline in github is finished and order-infra pipeline is started
-
order-infra pipeline automatically changes docker image versions to the versions of docker images, created in order-api pipeline and pushes new docker image versions to order-infra repository
-
go to the root directory of your cloned order-infra github repository
-
pull changes from orders-infra repository and run terraform
git pull
terraform apply --auto-approve
-
if terraform script is failed during creation of grafana observability stack, please, run terraform apply --auto-approve again (it sometimes happens when kubernetes cluster is not ready yet)
-
grafana observability stack will be available by url: https://grafana.yourdomain.com; username: user; password: you should see the password in the output of terraform script. Sometimes it is empty. In this case, you can get the password with this command:
kubectl get secret --namespace observability-stack loki-stack-grafana -o jsonpath="{.data.admin-password}" | base64 --decode;
-
go to "https://orderapi.yourdomain.com"
-
you should see successfully loaded "Swagger UI REST API Documentation" page with drop-down selection of microservices
-
Select Order or ERP microservice from the drop-down list
-
Click Authorize button and login with admin/admin (full access) or user/user (limited access)
-
In Authorize dialog window you should also provide the name of the OAuth2 Client (order-app )
-
After successfull authorization, try any REST API endpoint
-
Go to https://grafana.yourdomain.com and find the logs and traces, generated by the endpoints (Find "Explore" menu, then go to "Loki", select "app" and then select the name of the microservice and then "Run Query")
-
Test Order UI with keycloak authorization and redirect login page:
-
Go to "https://order.yourdomain.com" and login with admin/admin (full access) or user/user (limited access) (see https://github.com/ivangfr/springboot-react-jwt-token for more details, but please note that we are using keycloak authorization, instead of internal jwt token authorization, described in this article)
Congratulations! You sucessfully tested Cloud-Native Microservices GitOps Pipeline on AWS with Terraform, Kubernetes, Spring Cloud Gateway and Keycloak!
Please make sure you run terraform-destroy.sh script, instead of just calling terraform destroy (otherwise you will have issues with deletion of kubernetes ingress resources by terraform)
sh terraform-destroy.sh