Zero Access Deployment | Galileo on EKS

​

Step 0: (Optional) Deploying via AWS CloudShell

To use eksctl via CloudShell in the AWS console, open a CloudShell session and do the following:

# Create directory
mkdir -p $HOME/.local/bin
cd $HOME/.local/bin

# eksctl
curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
sudo mv /tmp/eksctl $HOME/.local/bin

The rest of the installation deployment can now be run from the CloudShell session. You can use vim to create/edit the required yaml and json files within the shell session.

​

Recommended Cluster Configuration

Galileo recommends the following Kubernetes deployment configuration:

Here’s an example EKS cluster configuration.

​

Step 1: Deploying the EKS Cluster

The cluster itself can be deployed in a single command using eksctl. Using the cluster template here, create a galileo-cluster.yaml file and edit the contents to replace CLUSTER_NAME with a name for your cluster like galileo. Also check and update all availabilityZones as appropriate.

With the yaml file saved, run the following command to deploy the cluster:

eksctl create cluster -f galileo-cluster.yaml

​

Step 2: Required Configuration Values

Customer specific cluster values (e.g. domain name, slack channel for notifications etc) will be placed in a base64 encoded string, stored as a secret in GitHub that Galileo’s deployment automation will read in and use when templating a cluster’s resource files.\

Mandatory fields the Galileo team requires:

​

Step 3: Deploy the Galileo Applications

VPN access is required to connect to the Kubernetes API when interacting with a private cluster. If you do not have appropriate VPN access with private DNS resolution, you can use a bastion machine with public ssh access as a bridge to the private cluster. The bastion will only act as a simple shell environment, so a machine type of t3.micro or equivalent will suffice.

Except where specifically noted, these steps are to be performed on a machine with internet access

1. Download version 1.23 of kubectl as explained here, and scp that file to the working directory of the bastion.

2. Generate the cluster config file by running aws eks update-kubeconfig --name $CLUSTER_NAME --region $REGION

3. If using a bastion machine, prepare the required environment with the following:

   1. Either scp or copy and paste the contents of ~/.kube/config from your local machine to the same directory on the bastion

   2. scp the provided deployment-manifest.yaml file to the working directory of the bastion

4. With your VPN connected, or if using a bastion, ssh’ing into the bastion’s shell:

   1. Run kubectl cluster-info to verify your cluster config is set appropriately. If the cluster information is returned, you can proceed with the deployment.

   2. Run kubectl apply -f deployment-manifest.yaml to deploy the Galileo applications. Re-run this command if there are errors related to custom resources not being defined as there are sometimes race conditions when applying large templates.

​

Step 4: Customer DNS Configuration

Galileo has 4 main URLs (shown below). In order to make the URLs accessible across the company, you have to set the following DNS addresses in your DNS provider after the platform is deployed.

Each URL must be entered as a CNAME record into your DNS management system as the ELB address. You can find this address by running kubectl -n galileo get svc/ingress-nginx-controller and looking at the value for EXTERNAL-IP.