# AWS EKS Deployment Guide

This directory contains the Helm chart and configuration for deploying My Recipes application to Amazon EKS (Elastic Kubernetes Service).

## Structure

```
aws/
├── my-recipes-chart/          # Base Helm chart with default values
│   ├── Chart.yaml
│   ├── values.yaml            # Base configuration (don't modify directly)
│   └── templates/             # Kubernetes resource templates
└── values.yaml                # Project-specific values (override base values)
```

## Prerequisites

1. **AWS CLI** - Configured with appropriate credentials
2. **kubectl** - Kubernetes command-line tool
3. **Helm 3** - Package manager for Kubernetes
4. **eksctl** (optional) - For creating EKS clusters

## Setup Steps

### 1. Create EKS Cluster (if not already exists)

```bash
eksctl create cluster \
  --name my-recipes-cluster \
  --region eu-central-1 \
  --nodegroup-name standard-workers \
  --node-type t3.medium \
  --nodes 2 \
  --nodes-min 1 \
  --nodes-max 3
```

### 2. Configure kubectl

```bash
aws eks update-kubeconfig --region eu-central-1 --name my-recipes-cluster
```

### 3. Create Namespace

```bash
kubectl create namespace my-apps
```

### 4. Install Ingress Controller (if not already installed)

For AWS ALB Ingress Controller:
```bash
# Install AWS Load Balancer Controller
helm repo add eks https://aws.github.io/eks-charts
helm install aws-load-balancer-controller eks/aws-load-balancer-controller \
  -n kube-system \
  --set clusterName=my-recipes-cluster
```

Or for NGINX Ingress Controller:
```bash
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm install nginx-ingress ingress-nginx/ingress-nginx \
  -n ingress-nginx --create-namespace
```

### 5. Install cert-manager (for SSL certificates)

```bash
helm repo add jetstack https://charts.jetstack.io
helm install cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --create-namespace \
  --set installCRDs=true
```

### 6. Configure values.yaml

Edit `values.yaml` in this directory and update:

- **Container images**: Update ECR repository URLs
- **Domain names**: Replace `<YOUR_DOMAIN>` with your actual domain
- **S3 credentials**: Add your AWS access key and secret key
- **Database**: Configure RDS connection details
- **OAuth**: Update redirect URIs with your domain

### 7. Create S3 Bucket for Backups

```bash
aws s3 mb s3://my-recipes-backups --region eu-central-1
```

### 8. Push Docker Images to ECR

```bash
# Create ECR repositories
aws ecr create-repository --repository-name my-recipes-backend --region eu-central-1
aws ecr create-repository --repository-name my-recipes-frontend --region eu-central-1

# Login to ECR
aws ecr get-login-password --region eu-central-1 | docker login --username AWS --password-stdin <AWS_ACCOUNT_ID>.dkr.ecr.eu-central-1.amazonaws.com

# Build and push backend
cd backend
docker build -t my-recipes-backend .
docker tag my-recipes-backend:latest <AWS_ACCOUNT_ID>.dkr.ecr.eu-central-1.amazonaws.com/my-recipes-backend:latest
docker push <AWS_ACCOUNT_ID>.dkr.ecr.eu-central-1.amazonaws.com/my-recipes-backend:latest

# Build and push frontend
cd ../frontend
docker build -t my-recipes-frontend .
docker tag my-recipes-frontend:latest <AWS_ACCOUNT_ID>.dkr.ecr.eu-central-1.amazonaws.com/my-recipes-frontend:latest
docker push <AWS_ACCOUNT_ID>.dkr.ecr.eu-central-1.amazonaws.com/my-recipes-frontend:latest
```

### 9. Deploy with Helm

```bash
# From the aws directory
helm install my-recipes ./my-recipes-chart \
  -f values.yaml \
  -n my-apps
```

### 10. Verify Deployment

```bash
# Check pods
kubectl get pods -n my-apps

# Check services
kubectl get svc -n my-apps

# Check ingress
kubectl get ingress -n my-apps

# View logs
kubectl logs -f deployment/my-recipes-backend -n my-apps
```

## Upgrading

To update the deployment:

```bash
# Update values.yaml with new configuration
helm upgrade my-recipes ./my-recipes-chart \
  -f values.yaml \
  -n my-apps
```

## Using AWS RDS (Recommended for Production)

1. Create RDS PostgreSQL instance
2. Configure security groups to allow EKS node group access
3. Update `database` section in `values.yaml` with RDS connection details
4. The chart will automatically use external database instead of in-cluster PostgreSQL

## Using S3 for Backups

The application is configured to use AWS S3 for database backups instead of Cloudflare R2. Ensure:

1. S3 bucket exists and is accessible
2. AWS credentials have appropriate permissions:
   - `s3:PutObject`
   - `s3:GetObject`
   - `s3:ListBucket`
   - `s3:DeleteObject`

## Environment Variables

The chart automatically creates secrets from `values.yaml`:
- Database credentials
- OAuth client secrets
- Email SMTP credentials
- S3 access keys

All sensitive data should be stored in AWS Secrets Manager in production and referenced via External Secrets Operator.

## Monitoring

To view application logs:

```bash
# Backend logs
kubectl logs -f deployment/my-recipes-backend -n my-apps

# Frontend logs
kubectl logs -f deployment/my-recipes-frontend -n my-apps

# Database logs (if using in-cluster DB)
kubectl logs -f statefulset/my-recipes-db -n my-apps
```

## Troubleshooting

### Pods not starting
```bash
kubectl describe pod <pod-name> -n my-apps
```

### Database connection issues
```bash
kubectl exec -it deployment/my-recipes-backend -n my-apps -- env | grep DB_
```

### Ingress not working
```bash
kubectl describe ingress -n my-apps
```

## Uninstall

```bash
helm uninstall my-recipes -n my-apps
```

## Cost Optimization

For non-production environments:
- Reduce replica counts to 1
- Use smaller instance types (t3.small)
- Use in-cluster PostgreSQL instead of RDS
- Configure cluster autoscaling