- Install terraform
Mac: brew install terraform
Linux:
wget https://releases.hashicorp.com/terraform/0.11.7/terraform_0.11.7_linux_amd64.zip
unzip terraform_0.11.7_linux_amd64.zip
sudo mv terraform /usr/local/bin
terraform --version
- Create terraform.tfvars
You will need to create a new file in the root of this repo called terraform.tfvars
which configures variables used to install faas-ecs
| Name | Description |
|---|---|
| acme_enabled | (Recommend)1 to use the official acme terraform provider to create TLS certificates. Defaults to 0 |
| acme_email_address | (Recommend) Email address used to register TLS account, used in conjunction with acme_enabled |
| aws_region | (Required) The aws region to create the openfaas ecs cluster in |
| alb_logs_bucket | (Required) S3 bucket to store alb logs |
| debug | (Optional) 1 to create an ec2 bastion in the external subnet and a test instance in the internal subnet. Defaults to 0 |
| developer_ip | your ip address, used to whitelist incoming ssh to the bastion, debug is enabled |
| route53_zone_name | (Recommended) a route 53 zone to create DNS records for the OpenFaaS gateway, i.e. openfaas.example.com, requires acme_enabled |
| self_signed_enabled | (Not recommended) Use a self-signed TLS certificate for the OpenFaaS gateway if not using acme_enabled. Defaults to 0 |
Example file
cat > ./terraform.tfvars <<EOF
acme_enabled = "1"
acme_email_address = "[email protected]"
alb_logs_bucket = "ewilde-logs"
aws_region = "eu-west-1"
debug = "1"
developer_ip = "31.53.195.58"
route53_zone_name = "openfaas.edwardwilde.com"
self_signed_enabled = "0"
EOF
- Create a public key for ssh
Ssh access is only required if
debug = "1", however the ssh key is still required for the install to work even if debug disabled. To create the key run:
make keys
- Create bucket for alb logs
If you don't already have a bucket, please create the bucket you listed in your
terraform.tfvarsin the variablealb_logs_bucket
i.e. aws s3api create-bucket --bucket ewilde-logs --region eu-west-1 --create-bucket-configuration LocationConstraint=eu-west-1
- Run terraform
make
If you get the following error:
Error: Error applying plan:
2 error(s) occurred:
* module.ecs_provider.aws_ecs_service.main: 1 error(s) occurred:
* aws_ecs_service.main: InvalidParameterException: Unable to assume the service linked role. Please verify that the ECS service linked role exists.
status code: 400, request id: d967b493-82f9-11e8-9d63-f5180ba0fbef "ecs-provider"
* module.nats.aws_ecs_service.main: 1 error(s) occurred:
* aws_ecs_service.main: InvalidParameterException: Unable to assume the service linked role. Please verify that the ECS service linked role exists.
status code: 400, request id: dab962b7-82f9-11e8-8cc5-29d47e720a04 "nats"
Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.
Please just re-run make, this is an eventual consistency problem see #4
- Run
make uninstall - Patiently wait about
5-10 minutes
1 error(s) occurred:
* aws_service_discovery_private_dns_namespace.openfaas (destroy): 1 error(s) occurred:
To resolve this problem manually delete all the service registrations
aws servicediscovery list-services | jq '.Services[].Id' -r | xargs -L 1 aws servicediscovery delete-service --id