# AWS

## Overview

Using Diarkis is easy if you make use of our provided k8s configurations. However, please note that these configurations are in a primitive state, so feel free to modify them as necessary.

***

### Requirements

1. **Docker** with one of the following configurations:
   1. **MacOS** - Install Docker for MacOS. See the installation guide [here](https://docs.docker.com/desktop/setup/install/mac-install/).
   2. **Linux** - Install Docker for your particular distribution of Linux according to the installation guide [here](https://docs.docker.com/desktop/setup/install/linux/). **Note**: Docker provides `.deb` and `.rpm` packages for major distributions of Linux on `x86_64/amd64` architecture, as well as [experimental support ](https://docs.docker.com/desktop/setup/install/linux/#supported-platforms)for Arch-based distributions.
   3. **Windows** (with WSL2 or Hyper-V backend) - See the installation guide [here](https://docs.docker.com/desktop/setup/install/windows-install/). If installing Docker for the first time, please consider your use-case prior to backend selection.
2. **AWS account** with billing enabled. If you do not have an AWS account nor project created already, please see [here](https://aws.amazon.com/getting-started/) to get started.
3. **AWS CLI** (`aws` command) with proper authentication. See the installation guide [here](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html) (**Note**: AWS CLI supports all major operating systems). Please check [here](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-authentication.html) for help on CLI authentication.
4. **Kubernetes CLI** (`kubectl` command) available for download [here](https://kubernetes.io/docs/tasks/tools/#kubectl).
5. **EKS CLI** (`eksctl` command) available for download on the AWS Workshop [here](https://eksctl.io/installation/).

***

## Setup Guide

In the following steps we will guide you through the process of building, deploying, and orchestrating a template Diarkis server cluster. These instructions should be enough to help you get started.

### Create ECR for Diarkis Images

Before we can push our Diarkis component images for deployment, we must first prepare remote ECR registries. As a base image we make use of `alpine` by default, it can be retrieved from [Docker Hub](https://hub.docker.com/_/alpine/).

```bash
aws sts get-caller-identity  # Verify the correct target  
aws ecr create-repository --repository-name http  
aws ecr create-repository --repository-name udp  
aws ecr create-repository --repository-name tcp  
aws ecr create-repository --repository-name mars  
```

***

### Create and Connect to EKS for Diarkis

```bash
eksctl create cluster -f cloud/aws/cluster_config.yaml  # takes about 10 minutes  
```

**Note**: If an error occurs regarding NAT gateway compatibility in the selected AZ, choose a different AZ

```bash
aws eks --region ap-northeast-1 update-kubeconfig --name diarkis  # Get k8s credentials  
```

***

### Open EKS Firewall

Allow TCP and UDP traffic for ports `7000-8000` from `0.0.0.0/0` to EKS nodes.\
We recommend setting this in the security group named: `eks-cluster-sg-diarkis-*`.

***

### Tag the Server Image and Push

From the project root generated by `server-template`, run the following commands:

```bash
make build-local  
```

After generating server executables (`udp`, `tcp`, `http`, `mars`) in `./remote_bin`, build the container image:

```bash
make setup-aws  
make build-container-aws  
make push-container-aws  
```

***

### Apply Manifest

```bash
kustomize build k8s/aws/overlays/dev0 | kubectl apply -f -  
```

Check if the following four components are running:

```bash
$ kubectl get po -n dev0
NAME                    READY   STATUS    RESTARTS   AGE  
http-5c7dbbb6d7-lhjlm   1/1     Running   0          3d14h  
mars-0                  1/1     Running   0          3d14h  
tcp-88dc5f97d-7sqk9     1/1     Running   0          3d14h  
udp-fdc6bbccc-dwc5w     1/1     Running   0          3d14h  
```

***

### Check Diarkis Cluster

First, retrieve the public endpoint:

```bash
EXTERNAL_IP=$(kubectl get svc http -o json -n dev0 | jq -r '.status.loadBalancer.ingress[].hostname')  
kubectl get svc -n dev0 -o wide  # Alternatively, use this command  
```

Send an HTTP GET request to the obtained `EXTERNAL_IP`:

```bash
curl ${EXTERNAL_IP}/auth/1  
```

If you receive a response like the following, it is working correctly:

```json
{
  "TCP": "ec2-xx-xx-xx-xx.ap-northeast-1.compute.amazonaws.com:7201",
  "UDP": "ec2-yy-yy-yy-yy.ap-northeast-1.compute.amazonaws.com:7101",
  "sid": "xxxxxxxxxx",
  "encryptionKey": "xxxxxxxxxx",
  "encryptionIV": "xxxxxxxxxx",
  "encryptionMacKey": "xxxxxxxxxx"
}
```

If there are missing items, there may be an issue with one of the deployed components. At this point, we recommend you to contact Diarkis support for further assistance.

***

### Setup Cluster Autoscaler

```bash
kubectl apply -f cluster-autoscaler-autodiscover.yaml  
```

This file is pre-configured for the cluster name `diarkis`. If using a different cluster name, modify references to `diarkis` in the manifest.

***

### Setup Log Collector

Logs from containers can be aggregated using CloudWatch Logs.\
`fluent-bit` is already deployed in the `amazon-cloudwatch` namespace, but permissions are not set.

Assign the `CloudWatchAgentServerPolicy` to `diarkis-public` and `diarkis-private` nodes to aggregate logs. Logs will appear under `/aws/containerinsights/Cluster_Name/application`, allowing for filtering.