** Total time for deployment:** 45-60 minutes
This deployment requires the use of AWS CLI commands. If you only have cloud console access, follow the optional instructions below to get eksctl working with AWS CloudShell.

Step 0: (Optional) Deploying via AWS CloudShell

To use eksctl via CloudShell in the AWS console, open a CloudShell session and do the following: 
# Create directory
mkdir -p $HOME/.local/bin
cd $HOME/.local/bin

# eksctl
curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
sudo mv /tmp/eksctl $HOME/.local/bin
The rest of the installation deployment can now be run from the CloudShell session. You can use vim to create/edit the required yaml and json files within the shell session. Galileo recommends the following Kubernetes deployment configuration:
ConfigurationRecommended Value
Nodes in the cluster’s core nodegroup4 (min) 5 (max) 4 (desired)
CPU per core node4 CPU
RAM per core node16 GiB RAM
Number of nodes in the cluster’s runners nodegroup1 (min) 5 (max) 1 (desired)
CPU per runner node8 CPU
RAM per runner node32 GiB RAM
Minimum volume size per node200 GiB
Required Kubernetes API version1.21
Storage classgp2
Here’s an example EKS cluster configuration.

Step 1: Deploying the EKS Cluster

The cluster itself can be deployed in a single command using eksctl. Using the cluster template here, create a galileo-cluster.yaml file and edit the contents to replace CLUSTER_NAME with a name for your cluster like galileo. Also check and update all availabilityZones as appropriate. With the yaml file saved, run the following command to deploy the cluster: 
eksctl create cluster -f galileo-cluster.yaml

Step 2: Required Configuration Values

Customer specific cluster values (e.g. domain name, slack channel for notifications etc) will be placed in a base64 encoded string, stored as a secret in GitHub that Galileo’s deployment automation will read in and use when templating a cluster’s resource files.\ Mandatory fields the Galileo team requires:
Mandatory FieldDescription
Domain NameThe customer wishes to deploy the cluster under e.g. google.com
Root subdomaine.g. “galileo” as in galileo.google.com
Trusted SSL CertificatesThese certificate should support the provided domain name. You should submit 2 base64 encoded strings;

1. one for the full certificate chain

2. one for the signing key.

Step 3: Deploy the Galileo Applications

VPN access is required to connect to the Kubernetes API when interacting with a private cluster. If you do not have appropriate VPN access with private DNS resolution, you can use a bastion machine with public ssh access as a bridge to the private cluster. The bastion will only act as a simple shell environment, so a machine type of t3.micro or equivalent will suffice. Except where specifically noted, these steps are to be performed on a machine with internet access
  1. Download version 1.23 of kubectl as explained here, and scp that file to the working directory of the bastion.
  2. Generate the cluster config file by running aws eks update-kubeconfig --name $CLUSTER_NAME --region $REGION
  3. If using a bastion machine, prepare the required environment with the following:
    1. Either scp or copy and paste the contents of ~/.kube/config from your local machine to the same directory on the bastion
    2. scp the provided deployment-manifest.yaml file to the working directory of the bastion
  4. With your VPN connected, or if using a bastion, ssh’ing into the bastion’s shell:
    1. Run kubectl cluster-info to verify your cluster config is set appropriately. If the cluster information is returned, you can proceed with the deployment.
    2. Run kubectl apply -f deployment-manifest.yaml to deploy the Galileo applications. Re-run this command if there are errors related to custom resources not being defined as there are sometimes race conditions when applying large templates.

Step 4: Customer DNS Configuration

Galileo has 4 main URLs (shown below). In order to make the URLs accessible across the company, you have to set the following DNS addresses in your DNS provider after the platform is deployed.
** Time taken :** 5-10 minutes (post the ingress endpoint / load balancer provisioning)
ServiceURL
APIapi.galileo.company.[com|ai|io…]
Datadata.galileo.company.[com|ai|io…]
UIconsole.galileo.company.[com|ai|io…]
Grafanagrafana.galileo.company.[com|ai|io…]
Each URL must be entered as a CNAME record into your DNS management system as the ELB address. You can find this address by running kubectl -n galileo get svc/ingress-nginx-controller and looking at the value for EXTERNAL-IP.