mirror of
https://github.com/langgenius/aws-cdk-for-dify.git
synced 2026-07-01 20:14:06 -04:00
fix the bug that Opensearch can't be connected (#15)
- change the Opensearch setup params - add the new env variables in .env - update README.md
This commit is contained in:
@@ -17,6 +17,11 @@ REDIS_SUBNETS=
|
||||
RDS_SUBNETS=
|
||||
OPENSEARCH_SUBNETS=
|
||||
|
||||
|
||||
OPENSEARCH_ADMINNAME=
|
||||
OPENSEARCH_PASSWORD=
|
||||
|
||||
|
||||
# AWS EKS Helm chart repository URL (Version 1.8.1)
|
||||
# Set this ONLY if you are using AWS China regions. Please contact us for assistance.
|
||||
# For more information, visit: https://github.com/aws/eks-charts
|
||||
|
||||
@@ -86,6 +86,8 @@ Deploy Dify Enterprise on AWS using CDK.
|
||||
- `REDIS_SUBNETS`: Subnet IDs for Redis deployment.
|
||||
- `RDS_SUBNETS`: subnet ids for RDS database. (At least 2 with different AZs)
|
||||
- `OPENSEARCH_SUBNETS`: Subnet IDs for OpenSearch deployment.
|
||||
- `OPENSEARCH_ADMINNAME`: OpenSearch Domain master ame.
|
||||
- `OPENSEARCH_PASSWORD`: OpenSearch Domain master password.
|
||||
|
||||
- `AWS_EKS_CHART_REPO_URL`: (For AWS China regions ONLY) The AWS EKS Helm chart repository URL.
|
||||
|
||||
@@ -193,7 +195,9 @@ Deploy Dify Enterprise on AWS using CDK.
|
||||
|
||||
12. ### VectorDatabase Configure:
|
||||
|
||||
Change the Helm `values.yaml` file, modify the `externalType` section as follows, replace `{openSearch_endpont}` with aws Opensearch instant's **Domain endpoint**, remove `https://` and use the left:
|
||||
Change the Helm `values.yaml` file, modify the `externalType` section as follows:
|
||||
1. replace `{openSearch_endpont}` with aws Opensearch instant's **Domain endpoint**, remove `https://` and use the left.
|
||||
2. replace the `<OPENSEARCH_ADMINNAME>` and `<OPENSEARCH_PASSWORD>` with the value you have set in `.env`
|
||||
|
||||
```yaml
|
||||
vectorDB:
|
||||
@@ -202,8 +206,8 @@ Deploy Dify Enterprise on AWS using CDK.
|
||||
externalOpenSearch:
|
||||
host: "{openSearch_endpont}"
|
||||
port: 443
|
||||
user: "<your_aos_username>"
|
||||
password: "<your_aos_password>"
|
||||
user: "<OPENSEARCH_ADMINNAME>"
|
||||
password: "<OPENSEARCH_PASSWORD>"
|
||||
useTLS: true
|
||||
```
|
||||
|
||||
|
||||
@@ -14,8 +14,5 @@ export const config: DifyCDKConfig = {
|
||||
}
|
||||
|
||||
export const getConstructPrefix = (config: StackConfig) => {
|
||||
// Generate a 6-character random string consisting of numbers and letters
|
||||
const randomSuffix = Math.random().toString(36).slice(2, 8).toUpperCase();
|
||||
|
||||
return `${PRODUCT_NAME}-${config.environment}-${AWS_RESOURCE_SUFFIX}`;
|
||||
}
|
||||
+1
-1
@@ -9,7 +9,7 @@ export interface ProdStackConfig extends StackConfig {
|
||||
}
|
||||
|
||||
export const prodConfig: ProdStackConfig = {
|
||||
environment: 'Production',
|
||||
environment: 'Prod',
|
||||
region: process.env.CDK_PROD_REGION || process.env.CDK_DEFAULT_REGION || '',
|
||||
account: process.env.CDK_PROD_ACCOUNT || process.env.CDK_DEFAULT_ACCOUNT || '',
|
||||
|
||||
|
||||
@@ -8,7 +8,7 @@ import { S3Config } from './constructs/s3Config';
|
||||
* Basic configuration for a stack
|
||||
*/
|
||||
export interface StackConfig {
|
||||
environment: "Testing" | "Production";
|
||||
environment: "Test" | "Prod";
|
||||
region: string;
|
||||
account: string;
|
||||
|
||||
|
||||
+1
-1
@@ -13,7 +13,7 @@ export interface TestStackConfig extends StackConfig {
|
||||
}
|
||||
|
||||
export const testConfig: TestStackConfig = {
|
||||
environment: 'Testing',
|
||||
environment: 'Test',
|
||||
region: process.env.CDK_TESTING_REGION || process.env.CDK_DEFAULT_REGION || '',
|
||||
account: process.env.CDK_TESTING_ACCOUNT || process.env.CDK_DEFAULT_ACCOUNT || '',
|
||||
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
import * as blueprints from '@aws-quickstart/eks-blueprints';
|
||||
import * as cdk from 'aws-cdk-lib';
|
||||
import * as ec2 from 'aws-cdk-lib/aws-ec2';
|
||||
import * as iam from 'aws-cdk-lib/aws-iam';
|
||||
import * as opensearch from 'aws-cdk-lib/aws-opensearchservice';
|
||||
import { getConstructPrefix } from '../../configs';
|
||||
import { DESTROY_WHEN_REMOVE } from '../../configs/constants';
|
||||
@@ -14,10 +15,12 @@ interface OpenSearchProps {
|
||||
export class OpensearchResourceProvider implements blueprints.ResourceProvider<opensearch.IDomain> {
|
||||
private readonly config: StackConfig;
|
||||
private readonly vpc: ec2.IVpc;
|
||||
private readonly domainName: string;
|
||||
|
||||
constructor(readonly props: OpenSearchProps) {
|
||||
this.vpc = props.vpc;
|
||||
this.config = props.config;
|
||||
this.domainName = `${getConstructPrefix(props.config)}-Domain`.toLowerCase();
|
||||
}
|
||||
|
||||
provide(context: blueprints.ResourceContext): opensearch.IDomain {
|
||||
@@ -66,9 +69,18 @@ export class OpensearchResourceProvider implements blueprints.ResourceProvider<o
|
||||
"Allow OpenSearch traffic"
|
||||
)
|
||||
|
||||
const masterUserName = process.env.OPENSEARCH_ADMINNAME;
|
||||
if (!masterUserName) {
|
||||
throw new Error("environment variable 'OPENSEARCH_ADMINNAME' is missing");
|
||||
}
|
||||
const masterUserPassword = process.env.OPENSEARCH_PASSWORD;
|
||||
if (!masterUserPassword) {
|
||||
throw new Error("environment variable 'OPENSEARCH_PASSWORD' is missing");
|
||||
}
|
||||
const domainProps: opensearch.DomainProps = {
|
||||
version: opensearch.EngineVersion.OPENSEARCH_2_13,
|
||||
removalPolicy: DESTROY_WHEN_REMOVE ? cdk.RemovalPolicy.DESTROY : cdk.RemovalPolicy.RETAIN,
|
||||
domainName: this.domainName,
|
||||
vpcSubnets: [{ subnets: selectedSubnets }],
|
||||
capacity: {
|
||||
...capacity,
|
||||
@@ -85,6 +97,24 @@ export class OpensearchResourceProvider implements blueprints.ResourceProvider<o
|
||||
enabled: multiAz.enabled,
|
||||
availabilityZoneCount: multiAz.azCount,
|
||||
},
|
||||
|
||||
nodeToNodeEncryption: true,
|
||||
enforceHttps: true,
|
||||
encryptionAtRest: {
|
||||
enabled: true,
|
||||
},
|
||||
fineGrainedAccessControl: {
|
||||
masterUserName: masterUserName,
|
||||
masterUserPassword: cdk.SecretValue.unsafePlainText(masterUserPassword),
|
||||
},
|
||||
accessPolicies: [
|
||||
new iam.PolicyStatement({
|
||||
effect: iam.Effect.ALLOW,
|
||||
principals: [new iam.AnyPrincipal()],
|
||||
actions: ['es:*'],
|
||||
resources: [`arn:aws:es:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:domain/${this.domainName}/*`],
|
||||
}),
|
||||
],
|
||||
vpc: this.vpc,
|
||||
};
|
||||
|
||||
|
||||
Generated
-2
@@ -1614,7 +1614,6 @@
|
||||
"version": "2.148.1",
|
||||
"resolved": "https://registry.npmjs.org/aws-cdk/-/aws-cdk-2.148.1.tgz",
|
||||
"integrity": "sha512-wiAi4vFJ52A42PpU3zRi2gVDqbTXSBVFrqKRqEd8wYL1mqa0qMv9FR35NsgbM1RL9s7g5ZljYvl+G2tXpcp5Eg==",
|
||||
"dev": true,
|
||||
"bin": {
|
||||
"cdk": "bin/cdk"
|
||||
},
|
||||
@@ -2313,7 +2312,6 @@
|
||||
"version": "2.3.2",
|
||||
"resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz",
|
||||
"integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==",
|
||||
"dev": true,
|
||||
"hasInstallScript": true,
|
||||
"optional": true,
|
||||
"os": [
|
||||
|
||||
Reference in New Issue
Block a user