CENM Deployment with AWS/EKS

You can use the PKI tool to create a set of keys and certificates, which must be shared between all CENM services through the use of a shared file system.

In AWS this is achieved via the AWS Elastic Filesystem (EFS).

Steps

There are three main steps to complete this deployment:

  1. Create an EKS cluster.
  2. Create an EFS.
  3. Deploy EFS Provisioner on the EKS cluster.

Once complete, you can continue with your CENM deployment tasks, such as establishing your network services.

Create EKS

Create an EKS cluster with at least 10-12 GB of free RAM.

Create EFS

For performance reasons, you should use the same region as the one used for the EKS cluster.

  1. Click Create file system
  2. Click Customize
    1. Choose the name of your file system
    2. Encryption: disable
    3. Adjust all the other options according to your needs
    4. Click Next
  3. Network
    1. Virtual Private Cloud (VPC)
      1. VPC: select the one used for the EKS cluster
    2. Mount targets
      1. Availability zone: default
      2. Subnet ID: default
      3. IP address: default
      4. Security groups: add the main primary Security Group which is shown as “Cluster security group” in the Cluster configuration, “Networking” tab within the AWS UI management console
    3. Click Next
  4. File system policy (optional)
    1. Leave empty
    2. Click Next
  5. Review and create
    1. Click Create

Once the EFS has been created, click on it and choose “Access points”.

  1. Click Create access point
    1. Details
      1. Choose Name (optional)
      2. Root directory path: /
    2. POSIX user:
      1. User ID: 1000
      2. Group ID: 1000
      3. Secondary group IDs: leave empty
    3. Root directory creation permissions:
      1. Owner User ID: 1000
      2. Owner Group ID: 1000
      3. Permissions: 0777
    4. Click Create access point

Deploy EFS Provisioner on the EKS cluster

Modify efs.yaml

Use the command line for the following steps:

  1. Provide a correct value for the EFS file system ID field.
  2. Specify the correct region of your EFS file system:
...
kind: ConfigMap
...
data:
  file.system.id: [EFS file system ID]
  aws.region: [REGION]

...

kind: Deployment
...
      volumes:
        - name: pv-volume
          nfs:
            server: [EFS file system ID].efs.[REGION].amazonaws.com

kubectl create -f efs.yaml

Wait until the EFS provisioner gets bootstrapped - the example command is as follows:

kubectl get pods -o wide

Create storage classes

For Azure, use the following file:

kubectl create -f storage-class-azure.yaml

For AWS use this file:

kubectl create -f storage-class-aws.yaml

Complete CENM deployment

Your AWS deployment is complete. You can now complete the rest of your CENM deployment process.