Zero Access Deployment | Galileo on EKS
Create a private Kubernetes Cluster with EKS in your AWS Account, upload containers to your container registry, and deploy Galileo.
**
Total time for deployment:** 45-60 minutesThis deployment requires the use of AWS CLI commands. If you only have cloud console access, follow the optional instructions below to get eksctl working with AWS CloudShell.
Step 0: (Optional) Deploying via AWS CloudShell
To use eksctl
via CloudShell in the AWS console, open a CloudShell session and do the following:
The rest of the installation deployment can now be run from the CloudShell session. You can use vim
to create/edit the required yaml and json files within the shell session.
Recommended Cluster Configuration
Galileo recommends the following Kubernetes deployment configuration:
Configuration | Recommended Value |
---|---|
Nodes in the cluster’s core nodegroup | 4 (min) 5 (max) 4 (desired) |
CPU per core node | 4 CPU |
RAM per core node | 16 GiB RAM |
Number of nodes in the cluster’s runners nodegroup | 1 (min) 5 (max) 1 (desired) |
CPU per runner node | 8 CPU |
RAM per runner node | 32 GiB RAM |
Minimum volume size per node | 200 GiB |
Required Kubernetes API version | 1.21 |
Storage class | gp2 |
Here’s an example EKS cluster configuration.
Step 1: Deploying the EKS Cluster
The cluster itself can be deployed in a single command using eksctl. Using the cluster template here, create a galileo-cluster.yaml
file and edit the contents to replace CLUSTER_NAME
with a name for your cluster like galileo
. Also check and update all availabilityZones
as appropriate.
With the yaml file saved, run the following command to deploy the cluster:
Step 2: Required Configuration Values
Customer specific cluster values (e.g. domain name, slack channel for notifications etc) will be placed in a base64 encoded string, stored as a secret in GitHub that Galileo’s deployment automation will read in and use when templating a cluster’s resource files.\
Mandatory fields the Galileo team requires:
Mandatory Field | Description |
---|---|
Domain Name | The customer wishes to deploy the cluster under e.g. google.com |
Root subdomain | e.g. “galileo” as in galileo.google.com |
Trusted SSL Certificates | These certificate should support the provided domain name. You should submit 2 base64 encoded strings; 1. one for the full certificate chain 2. one for the signing key. |
Step 3: Deploy the Galileo Applications
VPN access is required to connect to the Kubernetes API when interacting with a private cluster. If you do not have appropriate VPN access with private DNS resolution, you can use a bastion machine with public ssh access as a bridge to the private cluster. The bastion will only act as a simple shell environment, so a machine type of t3.micro
or equivalent will suffice.
Except where specifically noted, these steps are to be performed on a machine with internet access
-
Download version 1.23 of
kubectl
as explained here, andscp
that file to the working directory of the bastion. -
Generate the cluster config file by running
aws eks update-kubeconfig --name $CLUSTER_NAME --region $REGION
-
If using a bastion machine, prepare the required environment with the following:
-
Either
scp
or copy and paste the contents of~/.kube/config
from your local machine to the same directory on the bastion -
scp
the provideddeployment-manifest.yaml
file to the working directory of the bastion
-
-
With your VPN connected, or if using a bastion, ssh’ing into the bastion’s shell:
-
Run
kubectl cluster-info
to verify your cluster config is set appropriately. If the cluster information is returned, you can proceed with the deployment. -
Run
kubectl apply -f deployment-manifest.yaml
to deploy the Galileo applications. Re-run this command if there are errors related to custom resources not being defined as there are sometimes race conditions when applying large templates.
-
Step 4: Customer DNS Configuration
Galileo has 4 main URLs (shown below). In order to make the URLs accessible across the company, you have to set the following DNS addresses in your DNS provider after the platform is deployed.
**
Time taken :** 5-10 minutes (post the ingress endpoint / load balancer provisioning)Service | URL |
---|---|
API | api.galileo.company.[com|ai|io…] |
Data | data.galileo.company.[com|ai|io…] |
UI | console.galileo.company.[com|ai|io…] |
Grafana | grafana.galileo.company.[com|ai|io…] |
Each URL must be entered as a CNAME record into your DNS management system as the ELB address. You can find this address by running kubectl -n galileo get svc/ingress-nginx-controller
and looking at the value for EXTERNAL-IP
.
Was this page helpful?