Visit Azul.com Support

Installing Optimizer Hub on AWS Elastic Kubernetes Service

Table of Contents
Need help?
Schedule a consultation with an Azul performance expert.
Contact Us

If you are using Amazon Web Services, you can simplify the process of starting and maintaining your cluster considerably by using the Elastic Kubernetes Service (EKS).

Configuring AWS S3 Storage

Optimizer Hub requires a bucket and R/W permissions to the bucket.

  1. Within the AWS system, create the bucket and R/W permissions.

  2. Configure the Optimizer Hub storage by adding the following to your values-override.yaml file:

     
    storage:
  blobStorageService: s3
  s3:
    commonBucket: opthub-storage0

  3. Configure the permissions by adding the following to your values-override.yaml file:

     
    deployment:
    serviceAccount:
      annotations:
        eks.amazonaws.com/role-arn: arn:aws:iam::<...>:role/opthub-s3-role

Using Kubernetes Nodes and Permissions

To configure AWS S3 storage, use the following configuration. Ensure that your Kubernetes nodes with opthub-compilebroker and opthub-gateway have RW permissions to S3 bucket(s), and the target buckets exist.

A role with the below policy must be assigned to instances (EC2, EC2 ASG, Fargate, etc) for the opthub-compilebroker and opthub-gateway pods.

 
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "s3:ListBucket"
      ],
      "Resource": [
        "arn:aws:s3:::opthub-*"
      ],
      "Effect": "Allow"
    },
    {
      "Action": [
        "s3:*Object"
      ],
      "Resource": [
        "arn:aws:s3:::opthub-*/*"
      ],
      "Effect": "Allow"
    }
  ]
}

Using AWS Service Accounts

If your security practices do not allow you to give nodes access to S3 buckets, you can also grant access to just the key services in Optimizer Hub. You can do this by configuring AWS IAM, roles, and permissions as described in the AWS documentation.

In the next steps, Optimizer Hub assumes the role name is opthub-s3-role. The IAM role trust relationship entry needs the following additional settings in AWS (you will need to change the IDs in this example to align with your configuration):

 
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Federated": "arn:aws:iam::163957972732:oidc-provider/oidc.eks.us-west-2.amazonaws.com/id/F7E8B430691CFE3B776B8CA663896762"
            },
            "Action": "sts:AssumeRoleWithWebIdentity",
            "Condition": {
                "StringLike": {
                    "oidc.eks.us-west-2.amazonaws.com/id/F7E8B430691CFE3B776B8CA663896762:sub": "system:serviceaccount:*:opthub*",
                    "oidc.eks.us-west-2.amazonaws.com/id/F7E8B430691CFE3B776B8CA663896762:aud": "sts.amazonaws.com"
                }
            }
        }
    ]
}

After creating the Service Accounts, add the following settings to your values-override.yaml file:

 
deployment:
    serviceAccount:
      annotations:
        eks.amazonaws.com/role-arn: arn:aws:iam::<...>:role/opthub-s3-role

The Helm chart of Optimizer Hub creates the following Service Accounts:

  • opthub-cache

  • opthub-compile-broker

  • opthub-gateway

  • opthub-operator

Storage for ReadyNow Orchestrator

You can limit the usage of persistent storage by ReadyNow Orchestrator with the appropriate settings.

Installing Optimizer Hub on EKS

Please download opthub-install-1.11.0.zip for additional files to configure Optimizer Hub on AWS EKS.

Cluster Requirements

You can create a cluster following the steps in Cluster Provisioning on EKS, or use a cluster created by any other means according to these requirements:

  • ReadyNow Orchestrator requires on-demand EC2 instances. Don’t use spot instances.

  • All the nodes must have at least 8 vCores and 32 GB RAM to fit the Optimizer Hub pods.

  • The suggested EC2 instance types are m6 or m7. Using instances with less powerful CPUs may negatively impact the performance of Optimizer Hub.

Cluster Provisioning on EKS

If you don’t have a cluster available to run Optimzer Hub, you can provision one on EKS with the following steps:

  1. Install and configure the eksctl and aws command-line tools.

    If you don’t have permissions to set up networking components, have your administrator create the Virtual Public Cloud.

  2. In the downloaded package, navigate to the eks directory.

  3. In opthub_eks.yaml, replace the placeholders {your-cluster-name}, {your-region}, and {path-to-your-key} with the correct values.

  4. If you are working with an existing VPC and do not want eksctl to create one, uncomment the vpc section and replace {your-vpc} and {your-subnet} with the correct values.

  5. Pass the modified opthub_eks.yaml file to eksctl to create the cluster. For more information, look at the eskctl config file schema. Apply the file with the following command:

     
    eksctl create cluster -f opthub_eks.yaml

    This command takes several minutes to execute, and when successful ends with the following output:

     
    [✔] EKS cluster "eks-opthub-cluster" in "eu-central-1" region is ready

By using opthub_eks.yaml, the following gets created in your AWS account:

  • CloudFormation stacks for the main EKS cluster and each of the NodeGroups in the cluster.

  • A Virtual Private Cloud called eksctl-{cluster-name}-cluster/VPC. If you chose to use an existing VPC, this is not created. You can explore the VPC and its related networking components in the AWS VPC console. The VPC has all of the required networking components configured:

    • A set of three public subnets and three private subnets

    • An Internet Gateway

    • Route Tables for each of the subnets

    • An Elastic IP Address for the cluster

    • A NAT Gateway

  • An EKS Cluster, including four nodegroups with one m5.2xlarge instance provisioned:

    • infra - For running Grafana and Prometheus.

    • opthubinfra - For running the Optimizer Hub infrastructure components.

    • opthubcache - For running the Optimizer Hub cache.

    • opthubserver - For running the Optimizer Hub compile broker settings.

  • IAM artifacts for the Autoscaling Groups:

    • Roles for the Autoscaler groups for the cluster and for each subnet

    • Policies for the EKS autoscaler

Install Optimizer Hub on an EKS Cluster

Follow the installation instructions on "Installing Optimizer Hub on Kubernetes" to install all services of Optimizer Hub. Or, in case you don’t want to install the full Optimizer Hub but only a part of the services, check "Configuring the Active Optimizer Hub Services".

In the step where Helm is used to create the node groups in the cluster, pass in the additional configuration file eks/values-eks.yaml, located in the installation package. This file includes the nodegroup affinity settings and other settings expected by EKS.

The Helm installation command needs to be extended with the values-eks.yaml config file:

 
helm install opthub opthub-helm/azul-opthub \
  -n my-opthub \
  -f values-eks.yaml \
  -f values-override.yaml

When adding multiple values files, remember the last one takes precedence.

Setting Up an External Load Balancer

As described on Configuring Optimizer Hub Host, it is highly recommend to use a load-balanced setup.

To set up an AWS load balancer, please follow the documentation on Route internet traffic with AWS Load Balancer Controller.

Cleaning Up

Run the following command:

 
eksctl delete cluster -f opthub_eks.yaml