CENM Deployment AWS/EKS

You can use the PKI tool to create a set of keys and certificates, which must be shared between all CENM services through the use of a shared file system.

In AWS this is achieved via the AWS Elastic Filesystem (EFS).

Steps

There are three main steps to complete this deployment:

  1. Create an EKS cluster.
  2. Create an EFS.
  3. Deploy EFS Provisioner on the EKS cluster.

Once complete, you can continue with your CENM deployment tasks, such as establishing your network services.

Create EKS

Create an EKS cluster with at least 10-12 GB of free RAM.

Create EFS

For performance reasons, you should use the same region as the one used for the EKS cluster.

  1. Click Create file system
  2. Click Customize
    1. Choose the name of your file system
    2. Encryption: disable
    3. Adjust all the other options according to your needs
    4. Click Next
  3. Network
    1. Virtual Private Cloud (VPC)
      1. VPC: select the one used for the EKS cluster
    2. Mount targets
      1. Availability zone: default
      2. Subnet ID: default
      3. IP address: default
      4. Security groups: add the main primary Security Group which is shown as “Cluster security group” in the Cluster configuration, “Networking” tab within the AWS UI management console
    3. Click Next
  4. File system policy (optional)
    1. Leave empty
    2. Click Next
  5. Review and create
    1. Click Create

Once the EFS has been created, click on it and choose “Access points”.

  1. Click Create access point
    1. Details
      1. Choose Name (optional)
      2. Root directory path: /
    2. POSIX user:
      1. User ID: 1000
      2. Group ID: 1000
      3. Secondary group IDs: leave empty
    3. Root directory creation permissions:
      1. Owner User ID: 1000
      2. Owner Group ID: 1000
      3. Permissions: 0777
    4. Click Create access point

Deploy EFS Provisioner on the EKS cluster

Modify efs.yaml

Use the command line for the following steps:

  1. Provide a correct value for the EFS file system ID field.
  2. Specify the correct region of your EFS file system:
...
kind: ConfigMap
...
data:
  file.system.id: [EFS file system ID]
  aws.region: [REGION]

...

kind: Deployment
...
      volumes:
        - name: pv-volume
          nfs:
            server: [EFS file system ID].efs.[REGION].amazonaws.com

kubectl create -f efs.yaml

Wait until the EFS provisioner gets bootstrapped - the example command is as follows:

kubectl get pods -o wide

Create storage classes

For Azure, use the following file:

kubectl create -f storage-class-azure.yaml

For AWS use this file:

kubectl create -f storage-class-aws.yaml

Complete CENM deployment

Your AWS deployment is complete. You can now complete the rest of your CENM deployment process .

Was this page helpful?

Thanks for your feedback!

Chat with us

Chat with us on our #docs channel on slack. You can also join a lot of other slack channels there and have access to 1-on-1 communication with members of the R3 team and the online community.

Propose documentation improvements directly

Help us to improve the docs by contributing directly. It's simple - just fork this repository and raise a PR of your own - R3's Technical Writers will review it and apply the relevant suggestions.

We're sorry this page wasn't helpful. Let us know how we can make it better!

Chat with us

Chat with us on our #docs channel on slack. You can also join a lot of other slack channels there and have access to 1-on-1 communication with members of the R3 team and the online community.

Create an issue

Create a new GitHub issue in this repository - submit technical feedback, draw attention to a potential documentation bug, or share ideas for improvement and general feedback.

Propose documentation improvements directly

Help us to improve the docs by contributing directly. It's simple - just fork this repository and raise a PR of your own - R3's Technical Writers will review it and apply the relevant suggestions.