Installing Hybrid Manager on AWS EKS

You can install the Hybrid Manager (HM) on Amazon EKS using Helm and the bootstrap kit.

Important

Completed the prerequisites before you start this part of the installation process.

Set the version to install

The version of the EDB Software Deployment platform is set by the environment variable EDB_PLATFORM_VERSION. This should be set to the version of the platform you wish to install. For example, to install version v1.2.0, you would set the environment variable as follows:

export EDB_PLATFORM_VERSION="v1.2.0"

Set your token

This installation process requires that you save your EDB subscription token as an environment variable. You can obtain it by going to your EDB Account Profile. (Log in if prompted to.) There you will find an entry for Repos 2.0 token:

Repo Token

Take this value and set it as an environment variable:

export EDB_SUBSCRIPTION_TOKEN="your-token"

Obtain the bootstrap kit

Hybrid Manager is installed using a bootstrap kit. This kit is a collection of scripts and Helm charts that are used to install the EDB Software Deployment platform.

Copy all files to a directory on your local machine and cd into that directory.

Install secrets

The bootstrap process requires a number of secrets to be installed in the Kubernetes cluster. These secrets are used to authenticate with the EDB Download Repository and to store the credentials for the EDB Software Deployment platform.

to install the secrets required for the bootstrap process, run the install-secrets.sh script. (As you already set the token as an environment variable, you can pipe it into the script.)

echo $EDB_SUBSCRIPTION_TOKEN | $SHELL eks-install-secrets.sh
Enter the password for pgai-platform@docker.enterprisedb.com
Creating secret edb-cred
namespace/upm-replicator configured
secret/edb-cred configured
namespace/edbpgai-bootstrap configured
secret/edb-cred configured
secret/edb-cred annotated
PG_CONFOUNDING_KEY is 01234567890123456789ABCDEFG - store safely
Installation completed

This process creates secrets needed for Hybrid Manager to run. You can find out more about these secrets in:

Prepare the values file

The bootstrap process requires a number of values to be set in the Helm chart. These values are stored in a file called values.yaml. You can create this file by running the prepare.sh script, which uses variables from the default-env.sh file. Edit the default-env.sh file to set the values you require.

This is the default default-env.sh file:

# exports for EKS
export EDB_PLATFORM_VERSION="v1.2.0"
export EDB_TARGET_PLATFORM="eks"
export CONTAINER_REGISTRY_URI="docker.enterprisedb.com/pgai-platform"
export IMAGESET_REGISTRY_URI=$CONTAINER_REGISTRY_URI
export IMAGESET_AUTHTYPE="token"
export PORTAL_DOMAIN_NAME="portal.foo.network"
export TRANSPORTER_RW_SERVICE_DOMAIN_NAME="transporter.foo.network"
export BEACON_SERVICE_DOMAIN_NAME="beacon.foo.network"
export AUTHENTICATION_EMAIL="owner@mycompany.com"
export AUTHENTICATION_USER="owner@mycompany.com"
export LOCATION_NAME="default-location"

# Set a password hash for the user or pass a password to have it hashed for you.
# If you pass a password, you will need to remove it from your history.
# You can hash a password using the following command:
# echo -n "password" | htpasswd -BinC 10 admin | cut -d: -f2
#

#export AUTHENTICATION_PASSWORD="password"
export AUTHENTICATION_PASSWORD_HASH="$2y$10$vKOAXfLHbeV1OQxMpxlLdOIwnX.JAN.ZrD9ZU//ocrNQwhQIMtXhy"

Here is a brief guide to the variables in the default-env.sh file.

VariableDescription
EDB_TARGET_PLATFORMThe target platform for the installation. Set to eks as we are installing on Amazon EKS.
CONTAINER_REGISTRY_URIThe URI of the container registry to use. This is set to the EDB Download Repository.
IMAGESET_REGISTRY_URIThe URI of the image set registry. This is set to the EDB Download Repository.
IMAGESET_AUTHTYPEThe authentication type for the image set registry. Set to token as we are using a token to authenticate with the EDB Download Repository.
TRANSPORTER_RW_SERVICE_DOMAIN_NAMEThe domain name for the Transporter service.
PORTAL_DOMAIN_NAMEThe domain name for the portal.
BEACON_SERVICE_DOMAIN_NAMEThe domain name for the beacon service.
AUTHENTICATION_EMAILThe email address of the user to create.
AUTHENTICATION_USERThe username of the user to create.
AUTHENTICATION_PASSWORDThe password of the user to create. This can be set as plain text or as a hash with AUTHENTICATION_PASSWORD_HASH.
AUTHENTICATION_PASSWORD_HASHThe hash of the password to create.
LOCATION_NAMEThe location name for the beacon agent, also known as Agent.

Apply the Helm chart

With the values.yaml file prepared, you can apply the Helm chart to start the bootstrap process. This create the necessary resources in the Kubernetes cluster to start the bootstrap process.

helm upgrade -n edbpgai-bootstrap \
   --install -f ./values.yaml \
   --version "${EDB_PLATFORM_VERSION/-appl/+appl}" \
   edbpgai-bootstrap edbpgai/edbpgai-bootstrap

This command installs the bootstrap container in the Kubernetes cluster. The bootstrap container then installs the rest of the EDB Software Deployment platform.

Follow the bootstrap process

The bootstrap process takes time to complete. You can follow the progress by looking at the logs of the bootstrap container:

kubectl logs -f -l app=edbpgai-bootstrap -n edbpgai-bootstrap

Configure host name resolution

Obtain the IP address of your ingress gateway. Run:

kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].hostname}' | strings | nslookup

This command returns output like:

Server:         192.168.111.1
Address:        192.168.111.1#53

Non-authoritative answer:
Name:   k8s-istiosys-istioing-b3dc9b4f3c-81dc5c45b1d5f6d2.elb.us-east-1.amazonaws.com
Address: 52.70.180.102

You now need to configure your DNS service or your /etc/hosts file to point the domains specified in default-env.sh to the IP address you obtained from the command above. Those domains are in PORTAL_DOMAIN_NAME, TRANSPORTER_RW_SERVICE_DOMAIN_NAME, and BEACON_SERVICE_DOMAIN_NAME. In the example above, they are set to portal.foo.network, transporter.foo.network, and beacon.foo.network respectively.

Configure DNS

In your DNS configuration, create a CNAME record for each of these domains that points to the IP address you obtained. So for our example, you would create the following records in your DNS zone file for foo.network:

cluster IN A 52.70.180.102
portal      IN CNAME cluster.foo.network
transporter IN CNAME cluster.foo.network
beacon      IN CNAME cluster.foo.network

This is a simplified example. The actual configuration will depend on your DNS provider and how you manage your DNS records.

Configure /etc/hosts (if no DNS service)

If you don't have a DNS service configured, consider adding the IP address to your local /etc/hosts file. This addition allows you to access Hybrid Manager Console using the domain name you set in the default-env.sh file.

You can then add the IP address to your /etc/hosts file like this:

echo "52.70.180.102 portal.foo.network transporter.foo.network beacon.foo.network" | sudo tee -a /etc/hosts

Substitute the IP address with the value you obtained earlier. This is a temporary solution and should not be used in production environments. We recommend that you use a proper DNS service for production deployments. The settings in the /etc/hosts file work only on the machine where you set them.

Next steps

You can now verify the installation by connecting to the HM Console.


Could this page be better? Report a problem or suggest an addition!