Installing Hybrid Manager on AWS EKS using the Hybrid Manager Operator
You can install the Hybrid Manager on Amazon EKS using the Hybrid Manager Operator. This is a Helm chart that deploys the Hybrid Manager platform on your EKS cluster. The operator is responsible for managing the lifecycle of the Hybrid Manager platform, including installing, upgrading, and uninstalling the platform.
Important
Complete the prerequisites before you start this part of the installation process. It will step through the process of creating an EKS cluster, installing the necessary components, and configuring the environment ready for the Hybrid Manager Operator.
Set the version to install
The version of the EDB Hybrid Manager platform is set by the environment variable EDB_PLATFORM_VERSION. This should be set to the version of the platform you wish to install. For example, to install version v1.2.0, you would set the environment variable as follows:
export EDB_PLATFORM_VERSION="v1.2.0"
Set your token
This installation process requires that you save your EDB subscription token as an environment variable. You can obtain it by going to your EDB Account Profile. (Log in if prompted to.) There you will find an entry for Repos 2.0 token:
Take this value and set it as an environment variable:
export EDB_SUBSCRIPTION_TOKEN="your-token"
Obtain the bootstrap kit
Hybrid Manager is installed using a bootstrap kit. This kit is a collection of scripts and charts that are used to install the EDB Hybrid Manager platform.
- eks-install-operator.sh - This script installs the Hybrid Manager Operator on your EKS cluster.
- eks-install-secrets.sh - This script installs the secrets required for the installation process.
- prepare.sh - This script prepares the values file for the installation process.
- default-env.sh - This file contains the default environment variables for the installation process.
- hm-default.yaml - This file contains the default values for a configuration.
Copy all files to a directory on your local machine and cd into that directory.
Install the Hybrid Manager Operator
To install the Hybrid Manager Operator, run the eks-install-operator.sh script.
(As you already set the token as an environment variable, you can pipe it into the script).
You will also need to set the environment variable OPERATOR_VERSION to the version of the operator you wish to install, for example v1.2.0.
This will typically be the same version as the EDB Hybrid Manager platform you are installing, so you can set it as follows:
export OPERATOR_VERSION=$EDB_PLATFORM_VERSION
Then you can run the script to install the operator:
echo $EDB_SUBSCRIPTION_TOKEN | $SHELL eks-install-operator.sh
Install secrets
The install process requires a number of secrets to be installed in the Kubernetes cluster. These secrets are used to authenticate with the EDB Download Repository and to store the credentials for the EDB Software Deployment platform.
to install the secrets required for the bootstrap process, run the install-secrets.sh script. (As you already set the token as an environment variable, you can pipe it into the script.)
echo $EDB_SUBSCRIPTION_TOKEN | $SHELL eks-install-secrets.sh
Enter the password for pgai-platform@docker.enterprisedb.com
namespace/edbpgai-bootstrap created
namespace/upm-replicator created
secret/edb-cred created
secret/edb-cred created
secret/edb-cred annotated
namespace/upm-griptape created
secret/fernet-secret created
namespace/upm-lakekeeper created
secret/pg-confounding-key created
PG_CONFOUNDING_KEY is 01234567890123456789ABCDEFG - store safelyThis process creates secrets needed for Hybrid Manager to run. You can find out more about these secrets in:
A secret for Griptape and configures DeltaLake object storage (optional for GenAI Builder)
A secret for Catalog (optional for using Catalog)
See also custom secrets for Migration Portal (optional to secure internal communications with Migration Portal)
Prepare the values file
The bootstrap process requires a number of values to be set in the Helm chart. These values are stored in a file called values.yaml. You can create this file by running the prepare.sh script, which uses variables from the default-env.sh file. Edit the default-env.sh file to set the values you require.
This is the default default-env.sh file:
# exports for EKS export EDB_PLATFORM_VERSION="v1.2.0" export CONTAINER_REGISTRY_URI="docker.enterprisedb.com/pgai-platform" export IMAGESET_REGISTRY_URI=$CONTAINER_REGISTRY_URI export IMAGESET_AUTHTYPE="token" export PORTAL_DOMAIN_NAME="portal.foo.network" export TRANSPORTER_RW_SERVICE_DOMAIN_NAME="transporter.foo.network" export BEACON_SERVICE_DOMAIN_NAME="beacon.foo.network" export AUTHENTICATION_EMAIL="owner@mycompany.com" export AUTHENTICATION_USER="owner@mycompany.com" export LOCATION_NAME="default-location" export STORAGE_CLASS="gp2" export TRANSPORTER_FIPS_ENABLED=false # Set a password hash for the user or pass a password to have it hashed for you. # If you pass a password, you will need to remove it from your history. # You can hash a password using the following command: # echo -n "password" | htpasswd -BinC 10 admin | cut -d: -f2 # # export AUTHENTICATION_PASSWORD="password" # If setting AUTHENTICATION_PASSWORD_HASH, ensure it is single quoted to prevent variable expansion (e.g. $2y$10$...). export AUTHENTICATION_PASSWORD_HASH='$2y$10$vKOAXfLHbeV1OQxMpxlLdOIwnX.JAN.ZrD9ZU//ocrNQwhQIMtXhy'
Here is a brief guide to the variables in the default-env.sh file.
| Variable | Description |
|---|---|
| CONTAINER_REGISTRY_URI | The URI of the container registry to use. This is set to the EDB Download Repository. |
| IMAGESET_REGISTRY_URI | The URI of the image set registry. This is set to the EDB Download Repository. |
| IMAGESET_AUTHTYPE | The authentication type for the image set registry. Set to token as we are using a token to authenticate with the EDB Download Repository. |
| TRANSPORTER_RW_SERVICE_DOMAIN_NAME | The domain name for the Transporter service. |
| PORTAL_DOMAIN_NAME | The domain name for the portal. |
| BEACON_SERVICE_DOMAIN_NAME | The domain name for the beacon service. |
| AUTHENTICATION_EMAIL | The email address of the user to create. |
| AUTHENTICATION_USER | The username of the user to create. |
| AUTHENTICATION_PASSWORD | The password of the user to create. This can be set as plain text or as a hash with AUTHENTICATION_PASSWORD_HASH. |
| AUTHENTICATION_PASSWORD_HASH | The hash of the password to create. |
| LOCATION_NAME | The location name for the beacon agent, also known as Agent. |
| STORAGE_CLASS | The storage class to use for the installation. This is set to gp2 for EBS volumes on AWS. |
| TRANSPORTER_FIPS_ENABLED | Whether to enable FIPS mode for the Transporter service. |
Run the prepare.sh script to create the values.yaml file.
$SHELL prepare.shThis create a values.yaml file with the values set in the default-env.sh file.
You must start with the `hcp- You need to create two values for the bootstrap process. These are the AES_256_KEY and the AUTHENTICATION_PASSWORD_HASH. You can create these values with the following commands:
export AES_256_KEY=$(openssl rand -base64 32)
If you have a password to hash, you can do so with the following command:
export AUTHENTICATION_PASSWORD_HASH=$(echo -n $AUTHENTICATION_PASSWORD | htpasswd -BinC 10 admin | cut -d: -f2)
You now need to edit values.yaml file and set the values required for your installation. Find the appropriate key in the values.yaml file and set the values as follows. Replace $<name> entries with the value you have set the environment variables of the same name to.
- Set
spec.componentsParameters.upm-istio-gateway.cookie_aeskeyto $AES_256_KEY. - Set
spec.imageRegistryto $CONTAINER_REGISTRY_URI. - Set
spec.globalParameters.portal_domain_nameto $PORTAL_DOMAIN_NAME. - Set
spec.componentsParameters.transporter-rw-service.domain_nameto $TRANSPORTER_RW_SERVICE_DOMAIN_NAME. - Set
spec.componentsParameters.transporter-dp-agent.rw_service_urltohttps://followed by $TRANSPORTER_RW_SERVICE_DOMAIN_NAME followed by/transporter. eg, given the values above, this would behttps://transporter.foo.network/transporter. - Set
spec.componentsParameters.upm-beacon.server_hostto $BEACON_SERVICE_DOMAIN_NAME. - Set
spec.pgai.portal.authentication.staticPasswords[0].emailto $AUTHENTICATION_EMAIL. - Set
spec.pgai.portal.authentication.staticPasswords[0].hashto $AUTHENTICATION_PASSWORD_HASH. - Set
spec.pgai.portal.authentication.staticPasswords[0].usernameto $AUTHENTICATION_USER. - Set
spec.pgai.portal.authentication.staticPasswords[0].userID"c5998173-a605-449a-a9a5-4a9c33e26df". - Set
spec.beaconAgent.locationto $LOCATION_NAME - Set
spec.globalParameters.storage_classto $STORAGE_CLASS. - Set
spec.componentsParameters.transporter-data-operator.fips_enabledto $TRANSPORTER_FIPS_ENABLED. (Ensure the boolean value is quoted as it is handled as a string.)
The hm-values.yaml file should now contain the values required for the installation process.
Install the Hybrid Manager platform
The next step is to apply the values file which you created in the previous step to the Hybrid Manager Operator. This will trigger the installation of the Hybrid Manager platform on your EKS cluster.
kubectl apply -f ./hm-values.yamlYou can check the status of the installation by running:
kubectl get hybridcontrolplanes.edbpgai.edb.com
When complete, the output should look similar to this:
NAME PHASE
edbpgai deployedIf not deploying, run:
kubectl get hybridcontrolplanes.edbpgai.edb.com -o yamlFor more information on the status of the installation, you can check the logs of the Hybrid Manager Operator:
Configure the IP address in /etc/hosts
Obtain the IP address of your ingress gateway to configure in your /etc/hosts file. Run:
kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].hostname}' | strings | nslookup
This command returns output like:
Server: 192.168.111.1
Address: 192.168.111.1#53
Non-authoritative answer:
Name: k8s-istiosys-istioing-b3dc9b4f3c-81dc5c45b1d5f6d2.elb.us-east-1.amazonaws.com
Address: 52.70.180.102At this point your have the IP address of the portal. You can add this IP address to your DNS service and map it to the domain name you set in the default-env.sh file, which is portal.foo.network in this example.
If you do not have a DNS service configured, consider adding the IP address to your local /etc/hosts file. This will allow you to access the Hybrid Manager portal using the domain name you set in the default-env.sh file.
You can then add IP address to your /etc/hosts file like this:
echo "52.70.180.102 portal.foo.network" | sudo tee -a /etc/hosts
Substitute the IP address with the value you obtained earlier.
Next steps
You can now verify the installation by connecting to the HM Console.
← Prev
Installing Hybrid Manager on AWS EKS
↑ Up
Install Hybrid Manager on EKS
Next →
Connecting to the Hybrid Manager Console
Could this page be better? Report a problem or suggest an addition!