Gather Role ARNs
If you have role names, please use the commands below to get the role ARNs. If you already have the role ARNs from the roles created in Prerequisites, you can skip this part.
Note: ensure that you update the <prefix> in the the commands before running them.
external_secrets_iam_role_arn=$(aws iam get-role --role-name role-cdrp-ext-secrets-<prefix> --profile <profile> --query 'Role.Arn')
echo "external_secrets_iam_role_arn=${external_secrets_iam_role_arn}"
efs_iam_role_arn=$(aws iam get-role --role-name role-cdrp-efs-csi-<prefix> --profile <profile> --query 'Role.Arn')
echo "external_secrets_iam_role_arn=${efs_iam_role_arn}"Now that you have access to the Helm charts, they can be deployed.
Install Prerequisite Components
Replace <external_secrets_iam_role_arn> with with the ARN value of the role that has access to secret manager and <region> with Secrets Manager region
Replace <region> with the EKS region and <efs_iam_role_arn> with the ARN value of the role that has access to secret manager
Then run the following commands.
helm upgrade --install rabbitmq-cluster-operator bitnami/rabbitmq-cluster-operator \
-n cdrplatform \
--atomic \
--version 4.4.23 \
--set global.imageRegistry=glasswallhub.azurecr.io \
--set global.imagePullSecrets[0]=acr-secret \
--set global.security.allowInsecureImages=true \
--set msgTopologyOperator.fullnameOverride=rabbitmq-messaging-topology-operator \
--set clusterOperator.image.tag=2.15.0-debian-12-r0 \
--set msgTopologyOperator.image.tag=1.17.2-debian-12-r0 \
--set credentialUpdaterImage.tag=1.0.7-debian-12-r0 \
--set rabbitmqImage.tag=4.1.1-debian-12-r2 \
--set clusterOperator.watchAllNamespaces=false \
--set clusterOperator.watchNamespaces={cdrplatform} \
--set msgTopologyOperator.watchAllNamespaces=false \
--set msgTopologyOperator.watchNamespaces={cdrplatform} \
--set clusterOperator.resources.requests.cpu=100m \
--set clusterOperator.resources.requests.memory=256Mi \
--set clusterOperator.resources.limits.cpu=100m \
--set clusterOperator.resources.limits.memory=256Mi \
--set msgTopologyOperator.resources.requests.cpu=100m \
--set msgTopologyOperator.resources.requests.memory=256Mi \
--set msgTopologyOperator.resources.limits.cpu=100m \
--set msgTopologyOperator.resources.limits.memory=256Mi
# Install keda
helm upgrade --install keda kedacore/keda -n cdrplatform --atomic \
--create-namespace \
--version 2.17.2
# Install nginx ingress controller
helm upgrade --install nginx-ingress ingress-nginx/ingress-nginx -n cdrplatform --atomic --create-namespace \
--version 4.12.3
# Install External Secrets
helm upgrade --install external-secrets external-secrets/external-secrets -n cdrplatform --atomic --create-namespace \
--version 0.16.1 \
--set installCRDs=true
# Replace <external_secrets_iam_role_arn> with with the ARN value of the role that has access to secret manager and <region> with Secrets Manager region
helm upgrade --install cdrplatform-external-secrets -n cdrplatform cdrplatform-external-secrets --atomic --create-namespace \
--set cloud_providers.aws.enabled=true \
--set cloud_providers.aws.secretsManager.iam_role="<external_secrets_iam_role_arn>" \
--set cloud_providers.aws.secretsManager.region="<region>"
# Replace <efs_iam_role_arn> with the ARN value of the role that has access to secret manager
helm upgrade -i aws-efs-csi-driver aws-efs-csi-driver/aws-efs-csi-driver \
--namespace cdrplatform \
--set image.repository=public.ecr.aws/efs-csi-driver/amazon/aws-efs-csi-driver \
--set controller.serviceAccount.create=true \
--set controller.serviceAccount.name=sa-efs-csi-controller \
--set controller.serviceAccount.annotations."eks\.amazonaws\.com/role-arn"="<efs_iam_role_arn>"Note: when upgrading the `rabbitmq-cluster-operator` helm chart CRDs will not be installed. If new CRDs are introduced in the new releases, the CRDs needs to be installed manually to avoid issues with running the rabbitmq cluster operator pods.
helm pull bitnami/rabbitmq-cluster-operator --untar
kubectl apply -f rabbitmq-cluster-operator/crds/Install Supporting Components
Run the following commands:
helm upgrade --install cdrplatform-rabbitmq -n cdrplatform cdrplatform-rabbitmq \
--set image.repository=glasswallhub.azurecr.io/cdrplatform-rabbitmq \
--set image.tag=152974 \
--set cloud_provider=aws --atomic
# Replace <file_system_id> and <efs_iam_role_arn> with values
helm upgrade --install cdrplatform-storage -n cdrplatform cdrplatform-storage --set cloud_provider=aws --set aws.efs.file_system_id=<file_system_id> \
--set aws.efs.role_arn=<efs_iam_role_arn>