Introducing the all-new TIBCO Community site!

For current users, please click "Sign In" to reset your password and access the enhanced features. If you're a first-time visitor, we extend a warm welcome—click "Sign Up" to become a part of the TIBCO Community!

If you're seeking alternative community sites, explore ibi, Jaspersoft, and Spotfire.

Jump to content
  • Deploying and running TIBCO Hawk® Container Edition with EKS in AWS environment

    Manoj Chaurasia

    Table of Contents


    Amazon Elastic Kubernetes Service (Amazon EKS) is a managed service that makes it easy for you to run Kubernetes on AWS without needing to stand up or maintain your own Kubernetes control plane. Kubernetes is an open-source system for automating the deployment, scaling, and management of containerized applications.


    For more details see here What Is Amazon EKS?


    Download and install the following tools on your system:

    CLIDownload and Installation Instruction Link


    If you are not a FederatedUsers, or you have full access to all resources in aws, you can skip this. Otherwise, you can follow the steps below to configure the aws cli using shared account.

    Step 1: Create credential


    Go to IAM user webconsole -> users -> Click on your user -> Security credentials tab -> create access key -> download it

    Step 2: Configure credential on local machine

     $ aws configure AWS Access Key ID [None]: AKIAYXXXXXXXXXXXXX AWS Secret Access Key [None]: nDFAREADFAdfadfadfafewafafdaOUctHP Default region name [None]: us-east-1 Default output format [None]: json	#or text


    Step 3: Check credentials

     $ aws iam list-users { 	"Users": [     	{         	"UserName": "",         	"Path": "/",         	"CreateDate": "2019-04-03T19:07:27Z",         	"UserId": "AKIAYXXXXXXXXXXXXX",         	"Arn": "arn:aws:iam::1111111111111:user/"     	} 	] }


    Step 4: Create a role in admin user account

    Open, switch to admin user(if you don?t know, please check with your account manger)


    -> Roles -> Create role -> Select "Another AWS account" -> give your 12 digital id  -> next permissions -> select policy below:




















    -> next -> next, name this role, e.g. cch_cli

     {     "Version": "2012-10-17",     "Statement": [         {             "Effect": "Allow",             "Action": [                 "eks:*"             ],             "Resource": "*"         }     ] }


     {     "Version": "2012-10-17",     "Statement": [         {             "Effect": "Allow",             "Action": "iam:CreateServiceLinkedRole",             "Resource": "arn:aws:iam::*:role/aws-service-role/*"         },         {             "Effect": "Allow",             "Action": "ec2:DescribeAccountAttributes",             "Resource": "*"         },         {             "Effect": "Allow",             "Action": "ec2:DeleteInternetGateway",             "Resource": "arn:aws:ec2:*:*:internet-gateway/*"         },         {             "Effect": "Allow",             "Action": [                 "ec2:AuthorizeSecurityGroupIngress",                 "ec2:DeleteSubnet",                 "ec2:DeleteTags",                 "ec2:CreateNatGateway",                 "ec2:CreateVpc",                 "ec2:AttachInternetGateway",                 "ec2:DescribeVpcAttribute",                 "ec2:DeleteRouteTable",                 "ec2:AssociateRouteTable",                 "ec2:DescribeInternetGateways",                 "ec2:CreateRoute",                 "ec2:CreateInternetGateway",                 "ec2:RevokeSecurityGroupEgress",                 "ec2:CreateSecurityGroup",                 "ec2:ModifyVpcAttribute",                 "ec2:DeleteInternetGateway",                 "ec2:DescribeRouteTables",                 "ec2:ReleaseAddress",                 "ec2:AuthorizeSecurityGroupEgress",                 "ec2:DescribeTags",                 "ec2:CreateTags",                 "ec2:DeleteRoute",                 "ec2:CreateRouteTable",                 "ec2:DetachInternetGateway",                 "ec2:DescribeNatGateways",                 "ec2:DisassociateRouteTable",                 "ec2:AllocateAddress",                 "ec2:DescribeSecurityGroups",                 "ec2:RevokeSecurityGroupIngress",                 "ec2:DeleteSecurityGroup",                 "ec2:DeleteNatGateway",                 "ec2:DeleteVpc",                 "ec2:CreateSubnet",                 "ec2:DescribeSubnets",                 "ec2:DescribeAvailabilityZones",                 "ec2:DescribeImages",                 "ec2:describeAddresses",                 "ec2:DescribeVpcs",                 "ec2:CreateLaunchTemplate",                 "ec2:DescribeLaunchTemplates",                 "ec2:RunInstances",                 "ec2:DescribeLaunchTemplateVersions"             ],             "Resource": "*"         }     ] }


     {     "Version": "2012-10-17",     "Statement": [         {             "Sid": "VisualEditor0",             "Effect": "Allow",             "Action": "sts:*",             "Resource": "*"         }     ] }


    Step 5: Add shared account profile to config file

     $ cd ~./aws $ cat config [default] output = json region = us-east-1 [profile cch_cli]  #assumed role name role_arn = arn:aws:iam::1111111111111:role/cch_cli  #get this from the new created role. source_profile = default output = json region = us-east-1


    Step 6: Create credential

     $ aws --profile cch_cli  sts assume-role --role-arn arn:aws:iam::1111111111111:role/cch_cli --role-session-name testname


    Step 7: Verify permissions



     $ aws eks list-clusters --profile cch_cli { 	"clusters": [ ] }


    Steps for deployment

    Step1: Setup Kubernetes cluster

    Create cluster
     $ eksctl create cluster \  --name hkce2a \ [1] --version 1.11 \ [2] --nodegroup-name hkce2agroup \ [3] --node-type t3a.small \ [4] --nodes 3 \ [5] --region=us-east-1 \ [6] --zones=us-east-1a,us-east-1b,us-east-1c \ [7] --profile cch_cli \ [8] --verbose 4 \ [9]   #[1]: The name of EKS cluster #[2]: The version of Kubernetes #[3]: The nodegroup name #[4]: The EC2 instance size. You can select this size based on your requirement. To find more #different size: #[5]: Number of nodes in this cluster #[6]: The region where the EKS cluster will be built #[7]: The zones where the EKS cluster will be built #[8]: Assumed role. It?s optional if you don?t need to assume another role #[9]: verbose mode to see more logs


    Configure kubectl
     $ aws eks --region us-east-1 update-kubeconfig --name hkce2a  --profile cch_cli


    Verify nodes and other resources
     $ kubectl get nodes NAME                         	STATUS   ROLES    AGE   VERSION ip-192-168-23-74.ec2.internal     Ready    <none>   1h	v1.11.9 ip-192-168-47-163.ec2.internal   Ready    <none>   1h	v1.11.9 ip-192-168-91-101.ec2.internal   Ready    <none>   1h	v1.11.9


    Step 2: Create Docker image of TIBCO Hawk® Container Edition components 

    Refer to TIBCO Hawk® documentation:

    Step 3: Create docker repository

    If you want to use docker public repository:


    OR any other repository


    Login and push images to docker repository

     $ docker login $ docker tag hkce_console:2.0 <your>/<repo>:<new_tag> $ docker push <your>/<repo>:<new_tag>



    Use AWS repository:

    Go to the EC2 Container Services dashboard and create a repository with the same name as the Docker image of TIBCO Hawk® Container Edition component. Upload the component image to the repository and for help you might use the View Push Commands button.


    attach AmazonEC2ContainerRegistryFullAccess to the IAM role

     $ (aws ecr get-login --no-include-email --region us-east-1 --profile cch_cli) $ docker tag hkce_console:2.0 <your>/<repo>:<new_tag> $ docker push <your>/<repo>:<new_tag>


    Step 4: Deploy HKCE on AWS

    Sample YAML files configurations of TIBCO Hawk® Container Edition components could be found here:



    Run the kubectl create command to deploy TIBCO Hawk® Container Edition cluster:

     $ kubectl create -f daemonstateful.yml $ kubectl create -f agentdaemonset.yml $ kubectl create -f consolepod.yml


    Check pods:
     $ kubectl get pods


    Check services:
     $ kubectl get services NAME                   TYPE           CLUSTER-IP       EXTERNAL-IP                                                               PORT(S)          AGE hkce-console-service   LoadBalancer   8083:30383/TCP   3m hkce-service           ClusterIP      None             <none>                                                                    2561/TCP         6m kubernetes             ClusterIP       <none>                                                                    443/TCP          5d


    Access to the HawkConsole UI in Browser:

    Troubleshoot commands:
     $ kubectl logs <pods> $ kubectl describe node/pod/service

    User Feedback

    Recommended Comments

    There are no comments to display.

  • Create New...