Introducing the all-new TIBCO Community site!

For current users, please click "Sign In" to reset your password and access the enhanced features. If you're a first-time visitor, we extend a warm welcome—click "Sign Up" to become a part of the TIBCO Community!

If you're seeking alternative community sites, explore ibi, Jaspersoft, and Spotfire.

Jump to content
  • Deploying and running TIBCO Hawk® Container Edition with EKS in AWS environment


    Manoj Chaurasia

    Table of Contents

    Introduction

    Amazon Elastic Kubernetes Service (Amazon EKS) is a managed service that makes it easy for you to run Kubernetes on AWS without needing to stand up or maintain your own Kubernetes control plane. Kubernetes is an open-source system for automating the deployment, scaling, and management of containerized applications.

     

    For more details see here What Is Amazon EKS?

    Prerequisites

    Download and install the following tools on your system:

    CLIDownload and Installation Instruction Link
    kubectlhttps://kubernetes.io/docs/tasks/tools/install-kubectl/#install-kubectl-on-linux
    dockerhttps://docs.docker.com/install/
    awshttps://docs.aws.amazon.com/cli/latest/userguide/install-linux-al2017.html
    eksctlhttps://docs.aws.amazon.com/eks/latest/userguide/getting-started-eksctl.html

    Preparation

    If you are not a FederatedUsers, or you have full access to all resources in aws, you can skip this. Otherwise, you can follow the steps below to configure the aws cli using shared account.

    Step 1: Create credential

    https://console.aws.amazon.com/iam/home?region=us-east-1#/users

     

    Go to IAM user webconsole -> users -> Click on your user -> Security credentials tab -> create access key -> download it

    Step 2: Configure credential on local machine

     $ aws configure AWS Access Key ID [None]: AKIAYXXXXXXXXXXXXX AWS Secret Access Key [None]: nDFAREADFAdfadfadfafewafafdaOUctHP Default region name [None]: us-east-1 Default output format [None]: json	#or text

     

    Step 3: Check credentials

     $ aws iam list-users { 	"Users": [     	{         	"UserName": "xxxx@yyy.com",         	"Path": "/",         	"CreateDate": "2019-04-03T19:07:27Z",         	"UserId": "AKIAYXXXXXXXXXXXXX",         	"Arn": "arn:aws:iam::1111111111111:user/xxxx@yyy.com"     	} 	] }

     

    Step 4: Create a role in admin user account

    Open https://console.aws.amazon.com/iam/home, switch to admin user(if you don?t know, please check with your account manger)

     

    -> Roles -> Create role -> Select "Another AWS account" -> give your 12 digital id  -> next permissions -> select policy below:

     

    eks_all

     

    ec2_all

     

    cch_cli  

     

    IAMFullAccess

     

    AutoScalingFullAccess

     

    AmazonEKSClusterPolicy

     

    AmazonEKSWorkerNodePolicy

     

    AmazonEKSServicePolicy

     

    AmazonEKS_CNI_Policy

     

    -> next -> next, name this role, e.g. cch_cli

    eks_all:
     {     "Version": "2012-10-17",     "Statement": [         {             "Effect": "Allow",             "Action": [                 "eks:*"             ],             "Resource": "*"         }     ] }

     

    ec2_all:
     {     "Version": "2012-10-17",     "Statement": [         {             "Effect": "Allow",             "Action": "iam:CreateServiceLinkedRole",             "Resource": "arn:aws:iam::*:role/aws-service-role/*"         },         {             "Effect": "Allow",             "Action": "ec2:DescribeAccountAttributes",             "Resource": "*"         },         {             "Effect": "Allow",             "Action": "ec2:DeleteInternetGateway",             "Resource": "arn:aws:ec2:*:*:internet-gateway/*"         },         {             "Effect": "Allow",             "Action": [                 "ec2:AuthorizeSecurityGroupIngress",                 "ec2:DeleteSubnet",                 "ec2:DeleteTags",                 "ec2:CreateNatGateway",                 "ec2:CreateVpc",                 "ec2:AttachInternetGateway",                 "ec2:DescribeVpcAttribute",                 "ec2:DeleteRouteTable",                 "ec2:AssociateRouteTable",                 "ec2:DescribeInternetGateways",                 "ec2:CreateRoute",                 "ec2:CreateInternetGateway",                 "ec2:RevokeSecurityGroupEgress",                 "ec2:CreateSecurityGroup",                 "ec2:ModifyVpcAttribute",                 "ec2:DeleteInternetGateway",                 "ec2:DescribeRouteTables",                 "ec2:ReleaseAddress",                 "ec2:AuthorizeSecurityGroupEgress",                 "ec2:DescribeTags",                 "ec2:CreateTags",                 "ec2:DeleteRoute",                 "ec2:CreateRouteTable",                 "ec2:DetachInternetGateway",                 "ec2:DescribeNatGateways",                 "ec2:DisassociateRouteTable",                 "ec2:AllocateAddress",                 "ec2:DescribeSecurityGroups",                 "ec2:RevokeSecurityGroupIngress",                 "ec2:DeleteSecurityGroup",                 "ec2:DeleteNatGateway",                 "ec2:DeleteVpc",                 "ec2:CreateSubnet",                 "ec2:DescribeSubnets",                 "ec2:DescribeAvailabilityZones",                 "ec2:DescribeImages",                 "ec2:describeAddresses",                 "ec2:DescribeVpcs",                 "ec2:CreateLaunchTemplate",                 "ec2:DescribeLaunchTemplates",                 "ec2:RunInstances",                 "ec2:DescribeLaunchTemplateVersions"             ],             "Resource": "*"         }     ] }

     

    cch_cli:
     {     "Version": "2012-10-17",     "Statement": [         {             "Sid": "VisualEditor0",             "Effect": "Allow",             "Action": "sts:*",             "Resource": "*"         }     ] }

     

    Step 5: Add shared account profile to config file

     $ cd ~./aws $ cat config [default] output = json region = us-east-1 [profile cch_cli]  #assumed role name role_arn = arn:aws:iam::1111111111111:role/cch_cli  #get this from the new created role. source_profile = default output = json region = us-east-1

     

    Step 6: Create credential

     $ aws --profile cch_cli  sts assume-role --role-arn arn:aws:iam::1111111111111:role/cch_cli --role-session-name testname

     

    Step 7: Verify permissions

     

     

     $ aws eks list-clusters --profile cch_cli { 	"clusters": [ ] }

     

    Steps for deployment

    Step1: Setup Kubernetes cluster

    Create cluster
     $ eksctl create cluster \  --name hkce2a \ [1] --version 1.11 \ [2] --nodegroup-name hkce2agroup \ [3] --node-type t3a.small \ [4] --nodes 3 \ [5] --region=us-east-1 \ [6] --zones=us-east-1a,us-east-1b,us-east-1c \ [7] --profile cch_cli \ [8] --verbose 4 \ [9]   #[1]: The name of EKS cluster #[2]: The version of Kubernetes #[3]: The nodegroup name #[4]: The EC2 instance size. You can select this size based on your requirement. To find more #different size: https://aws.amazon.com/ec2/instance-types/ #[5]: Number of nodes in this cluster #[6]: The region where the EKS cluster will be built #[7]: The zones where the EKS cluster will be built #[8]: Assumed role. It?s optional if you don?t need to assume another role #[9]: verbose mode to see more logs

     

    Configure kubectl
     $ aws eks --region us-east-1 update-kubeconfig --name hkce2a  --profile cch_cli

     

    Verify nodes and other resources
     $ kubectl get nodes NAME                         	STATUS   ROLES    AGE   VERSION ip-192-168-23-74.ec2.internal     Ready    <none>   1h	v1.11.9 ip-192-168-47-163.ec2.internal   Ready    <none>   1h	v1.11.9 ip-192-168-91-101.ec2.internal   Ready    <none>   1h	v1.11.9

     

    Step 2: Create Docker image of TIBCO Hawk® Container Edition components 

    Refer to TIBCO Hawk® documentation: https://docs.tibco.com/pub/hkce/2.0.0/doc/html/GUID-C51B12F3-4C9F-4FC0-9FEC-2F754AF626D5.html

    Step 3: Create docker repository

    If you want to use docker public repository: https://hub.docker.com/

     

    OR any other repository

     

    Login and push images to docker repository

     $ docker login $ docker tag hkce_console:2.0 <your>/<repo>:<new_tag> $ docker push <your>/<repo>:<new_tag>

     

     

    Use AWS repository:

    Go to the EC2 Container Services dashboard and create a repository with the same name as the Docker image of TIBCO Hawk® Container Edition component. Upload the component image to the repository and for help you might use the View Push Commands button.

     

    attach AmazonEC2ContainerRegistryFullAccess to the IAM role

     $ (aws ecr get-login --no-include-email --region us-east-1 --profile cch_cli) $ docker tag hkce_console:2.0 <your>/<repo>:<new_tag> $ docker push <your>/<repo>:<new_tag>

     

    Step 4: Deploy HKCE on AWS

    Sample YAML files configurations of TIBCO Hawk® Container Edition components could be found here:

     

    https://docs.tibco.com/pub/hkce/2.0.0/doc/html/GUID-CFA1CD0A-D559-4944-9217-EBA56EF8FBB6.html

     

    Run the kubectl create command to deploy TIBCO Hawk® Container Edition cluster:

     $ kubectl create -f daemonstateful.yml $ kubectl create -f agentdaemonset.yml $ kubectl create -f consolepod.yml

     

    Check pods:
     $ kubectl get pods

     

    Check services:
     $ kubectl get services NAME                   TYPE           CLUSTER-IP       EXTERNAL-IP                                                               PORT(S)          AGE hkce-console-service   LoadBalancer   10.100.186.108   aadb3d5a9acbf11e99257022d74bbba9-1996949841.us-east-1.elb.amazonaws.com   8083:30383/TCP   3m hkce-service           ClusterIP      None             <none>                                                                    2561/TCP         6m kubernetes             ClusterIP      10.100.0.1       <none>                                                                    443/TCP          5d

     

    Access to the HawkConsole UI in Browser:

    http://aadb3d5a9acbf11e99257022d74bbba9-1996949841.us-east-1.elb.amazonaws.com:8083/HawkConsole

    Troubleshoot commands:
     $ kubectl logs <pods> $ kubectl describe node/pod/service


    User Feedback

    Recommended Comments

    There are no comments to display.


×
×
  • Create New...