- Getting Started
-
Administration Guide
-
Get Started with Administering Wyn Enterprise
- System Requirements
- Installing on Windows
- Installing on Linux
- Installing using Docker
- License Wyn Enterprise
- Deploying with HTTPS
- Deploying with Reverse Proxy
- Deploying to Azure App Service (AAS)
- Deploying to Azure Kubernetes Service (AKS)
- Deploying to AKS using Helm Chart
- Deploying to Local Kubernetes
- Deploying to Kubernetes Cluster using Helm Chart
- Deploying as a Virtual Directory or Sub-Application
- Deploying to Amazon ECS
-
Deploying to Amazon EKS using Helm Charts
- Deploying in a Distributed Environment
- Migration from ActiveReports Server 12
- Upgrade Wyn Enterprise to Latest Version
- Logging on to the Administrator Portal
- Ports in Firewall
- Configuration Settings
- Account Management
- Security Management
- System Management
- Document Management
- How To and Troubleshooting
-
Get Started with Administering Wyn Enterprise
- User Guide
- Developer Guide
Deploying to Amazon EKS using Helm Charts
Amazon EKS (Elastic Kubernetes Service) is a service used to run Kubernetes in the AWS cloud and the local servers.
Before deploying the Wyn Enterprise in the Amazon Elastic Kubernetes Service (EKS) using Helm Charts ensure that you have installed the following tools on your local machine;
Kubectl: Kubectl is a command line tool used to communicate with the Kubernetes API Server. See the Installing or updating Kubectl help doc on AWS Knowledgebase for more information on installing Kubectl.
eksctl: Eksctl is a command line tool used to communicate and manage Kubernetes clusters on Amazon EKS. See the Installing or updating eksctl help doc on AWS Knowledgebase for more information on installing eksctl.
Helm: Helm is the package manager for the Kubernetes services that are used to provide, share, and use the software built for Kubernetes. See the Helm Docs help doc for more information on using Helm Charts.
aws-cli: Aws-cli is a command line tool used to work with AWS services including Amazon EKS. See the Installing, updating, and uninstalling AWS CLI help doc for more information.
Follow the below steps to deploy Wyn in Amazon EKS using Helm charts,
Create AWS EKS Cluster
Run the following command to create your AWS EKS Cluster,
eksctl create cluster --name {your-cluster-name} --region {your-region-code}
See the Getting started with Amazon EKS – eksctl for more information on Amazon EKS Cluster.
Note: This step may take several minutes to complete.
Create an IAM OIDC Provider
To create an IAM OIDC identity provider for your cluster with eksctl, follow the below instructions,
i) Retrieve the OIDC issuer ID of your cluster and store it in a variable. Replace the {your-cluster-name} with your own value.
cluster_name={your-cluster-name} oidc_id=$(aws eks describe-cluster --name $cluster_name --query "cluster.identity.oidc.issuer" --output text | cut -d '/' -f 5) echo $oidc_id
ii) Use the following command to determine whether an IAM OIDC provider with your cluster's issuer ID is already in your account.
aws iam list-open-id-connect-providers | grep $oidc_id | cut -d "/" -f4
If the output is returned, then an IAM OIDC provider is already present and you can skip the next step.
iii) In case no output is returned, you must create an IAM OIDC provider for your cluster using the following command.
eksctl utils associate-iam-oidc-provider --cluster $cluster_name --approve
See the Creating an IAM OIDC provider for your cluster help article for more information on creating an IAM OIDC provider.
Install the AWS Load Balancer Controller
To install the AWS Load Balancer controlled, use the following commands,
# To download the IAM policy file # AWS GovCloud (US-East) or AWS GovCloud (US-West) AWS Regions curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.5.4/docs/install/iam_policy_us-gov.json mv iam_policy_us-gov.json iam_policy.json # All other AWS Regions curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.5.4/docs/install/iam_policy.json # To create an IAM policy aws iam create-policy \ --policy-name AWSLoadBalancerControllerIAMPolicy \ --policy-document file://iam_policy.json # To create an IAM role and a Kubernetes service account eksctl create iamserviceaccount \ --cluster={your_cluster_name} \ --namespace=kube-system \ --name=aws-load-balancer-controller \ --role-name AmazonEKSLoadBalancerControllerRole \ --attach-policy-arn=arn:aws:iam::{your_account_id}:policy/AWSLoadBalancerControllerIAMPolicy \ --approve # To install the AWS load balancer controller using Helm v3 helm repo add eks https://aws.github.io/eks-charts helm repo update eks helm install aws-load-balancer-controller eks/aws-load-balancer-controller \ -n kube-system \ --set clusterName={your_cluster_name} \ --set serviceAccount.create=false \ --set serviceAccount.name=aws-load-balancer-controller
See the Installing the AWS Load Balancer Controller add-on help article for more information on installing the AWS load balancer controller.
Install Amazon EFS CSI Driver
To install the Amazon EFS CSI Driver, follow the below instructions,
i) Create the IAM role and Kubernetes service account using the following commands,
# To download the IAM policy document curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-efs-csi-driver/master/docs/iam-policy-example.json # To create the policy aws iam create-policy \ --policy-name AmazonEKS_EFS_CSI_DriverPolicy \ --policy-document file://iam-policy-example.json # To create the IAM role AmazonEKS_EFS_CSI_DriverRole eksctl create iamserviceaccount \ --name efs-csi-fake-sa \ --namespace kube-system \ --cluster {your_cluster_name} \ --role-name AmazonEKS_EFS_CSI_DriverRole \ --role-only \ --attach-policy-arn arn:aws:iam::aws:policy/service-role/AmazonEKS_EFS_CSI_DriverPolicy \ --approve # Edit the trust policy of the role AmazonEKS_EFS_CSI_DriverRole TRUST_POLICY=$(aws iam get-role --role-name AmazonEKS_EFS_CSI_DriverRole --query 'Role.AssumeRolePolicyDocument' | \ sed -e 's/efs-csi-controller-sa/efs-csi-*/' -e 's/StringEquals/StringLike/') aws iam update-assume-role-policy --role-name AmazonEKS_EFS_CSI_DriverRole --policy-document "$TRUST_POLICY" # To create the service account efs-csi-controller-sa eksctl create iamserviceaccount \ --name efs-csi-controller-sa \ --namespace kube-system \ --cluster {your_cluster_name} \ --attach-policy-arn arn:aws:iam::aws:policy/service-role/AmazonEKS_EFS_CSI_DriverPolicy \ --attach-role-arn arn:aws:iam::{your_account_id}:role/AmazonEKS_EFS_CSI_DriverRole \ --approve # To create the service account efs-csi-controller-sa eksctl create iamserviceaccount \ --name efs-csi-node-sa \ --namespace kube-system \ --cluster {your_cluster_name} \ --attach-policy-arn arn:aws:iam::aws:policy/service-role/AmazonEKS_EFS_CSI_DriverPolicy \ --attach-role-arn arn:aws:iam::{your_account_id}:role/AmazonEKS_EFS_CSI_DriverRole \ --approve
See the Amazon EFS CSI driver help article for more information on installing Amazon EFS CSI Driver.
ii) Install the Amazon EFS Driver using the following command,
# To install the Amazon EFS CSI driver using Helm v3, helm repo add aws-efs-csi-driver https://kubernetes-sigs.github.io/aws-efs-csi-driver/ helm repo update aws-efs-csi-driver helm upgrade --install aws-efs-csi-driver aws-efs-csi-driver/aws-efs-csi-driver \ --namespace kube-system \ --set image.repository={amazon_container_image_registry}/eks/aws-efs-csi-driver \ --set controller.serviceAccount.create=false \ --set controller.serviceAccount.name=efs-csi-controller-sa
Download the container image registry from this link.
iii) Create an Amazon EFS File system using the following commands,
# To retrieve the VPC ID of the cluster vpc_id=$(aws eks describe-cluster \ --name {your_cluster_name} \ --query "cluster.resourcesVpcConfig.vpcId" \ --output text) # To retrieve the CIDR range for your cluster's VPC cidr_range=$(aws ec2 describe-vpcs \ --vpc-ids $vpc_id \ --query "Vpcs[].CidrBlock" \ --output text \ --region {your_region_code}) # To create a security group with an inbound rule that allows inbound NFS traffic for your Amazon EFS mount points security_group_id=$(aws ec2 create-security-group \ --group-name AmazonEfsSecurityGroup \ --description "Amazon EFS security group" \ --vpc-id $vpc_id \ --output text) aws ec2 authorize-security-group-ingress \ --group-id $security_group_id \ --protocol tcp \ --port 2049 \ --cidr $cidr_range # To create an Amazon EFS file system for your Amazon EKS cluster file_system_id=$(aws efs create-file-system \ --region {your_region_code} \ --performance-mode generalPurpose \ --query 'FileSystemId' \ --output text) # To get the IDs of the subnets in your VPC aws ec2 describe-subnets \ --filters "Name=vpc-id,Values=$vpc_id" \ --query 'Subnets[*].{SubnetId: SubnetId,AvailabilityZone: AvailabilityZone,CidrBlock: CidrBlock}' \ --output table # To add mount target for each subnet that in your VPC aws efs create-mount-target \ --file-system-id $file_system_id \ --subnet-id {subnet_id} \ --security-groups $security_group_id
See this help article for more information on creating an Amazon EFS file system.
iv) Create a storage class for EFS using the following command;
# retrieve your Amazon EFS file system id aws efs describe-file-systems --query "FileSystems[*].FileSystemId" --output text # download a storage manifest file curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-efs-csi-driver/master/examples/kubernetes/dynamic_provisioning/specs/storageclass.yaml # replace the value for "fileSystemId" with your EFS file system id in the file "storageclass.yaml" and save it # fileSystemId: {your_EFS_file_system_id} # deploy the storage class kubectl apply -f storageclass.yaml
See this help article for more information on creating a storage class for EFS.
Create Docker Image Pulling Secret (Optional Step)
In case you are using a private docker repository, this step is mandatory. Otherwise, you can skip this step. Use the following command,
kubectl create secret docker-registry {secret\_name} --docker-server={docker\_server} --docker-username={user\_name} --docker-password={password}
Use the following command to fetch the secret;
kubectl get secret
Create PVC Resources
For PVC Resources, we dynamically use the efs-sc storage class to provision the persistent volumes. Follow the below instructions to create PVC resource,
i) Prepare a YAML file (name it pvc.yaml) like the one below,
apiVersion: v1 kind: PersistentVolumeClaim metadata: name: pvc-wyn-data spec: accessModes: - ReadWriteMany storageClassName: efs-sc resources: requests: storage: 30Gi
ii) Use the following command to create the PVC resource;
kubectl apply -f pvc.yaml
iii) Fetch the PVC resource using the following command;
kubectl get pvc
Deploy Wyn
Follow the below instructions to deploy Wyn in Amazon EKS;
i) Prepare the configuration file like the one below,
pvcName: pvc-wyn-data ingress: enabled: true apiVersion: networking.k8s.io/v1 name: wyn-ingress annotations: kubernetes.io/ingress.class: alb alb.ingress.kubernetes.io/scheme: internet-facing alb.ingress.kubernetes.io/target-type: ip hosts: \- paths: \- / identityServerUrl: http://wyn-server:51980 database: provider: {database_provider} connectionStrings: dataExtraction: {database_connection_string} serverStorage: {database_connection_string} identityServer: {database_connection_string} server: replicas: 1 enabled: true analysisDbService: enabled: false schedulerService: enabled: true memoryDbService: enabled: true dataSourceService: enabled: true cotWorker: enabled: true replicas: 1 reportingWorker: enabled: true replicas: 1 dashboardWorker: enabled: true replicas: 1
ii) Deploy Wyn with Helm v3 using the following commands;
# add helm repo helm repo add wyn https://cdn.mescius.com/wyn/repos/helm-charts/ helm repo update wyn # deploy Wyn helm install wyn -f eks-values.yaml wyn/wyn-enterprise # wait all pods are running and ready to work kubectl get pod # get the public address provided by ingress kubectl get ingress wyn-ingress
Now, you can visit Wyn Enterprise using the URL - http://{ingress_address}
Update the Settings
To update the Helm chart settings, edit the eks-values.yaml configuration file, and then update your deployment using the following command;
helm upgrade wyn -f eks-values.yaml wyn/wyn-enterprise
Horizontal Pod Autoscaler (HPA)
The Kubernetes Horizontal Pod Autoscaler is used to scale the number of pods in a deployment. See Horizontal Pod Autoscaler for more information. Follow the below instructions to deploy HPA,
i) Use the following command to install the Kubernetes Metrics Server,
# Deploy the Metrics Server with the following command kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml # Verify that the metrics-server deployment is running the desired number of Pods with the following command kubectl get deployment metrics-server -n kube-system
See Installing the Kubernetes Metrics Server help article for more information.
ii) Create HPA based on your requirements
Use the following command to create your HPA resource;
kubectl autoscale deployment wyn-server --cpu-percent=25 --min=2 --max=4`
You can also create a YAML file like the one below,
apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: hpa-wyn-server spec: maxReplicas: 2 minReplicas: 1 scaleTargetRef: apiVersion: apps/v1 kind: Deployment name: wyn-server metrics: - type: Resource resource: name: cpu target: type: Utilization averageUtilization: 25 --- apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: hpa-wyn-cot-worker spec: maxReplicas: 2 minReplicas: 1 scaleTargetRef: apiVersion: apps/v1 kind: StatefulSet name: wyn-cot-worker metrics: - type: Resource resource: name: memory target: type: Utilization averageUtilization: 40
Deploy the autoscalers using the following command;
kubectl apply -f hpa.yaml kubectl get hpa
See the HorizontalPodAutoscaler Walkthrough article for more information.
To Uninstall Wyn
Use the following command to uninstall the Wyn Enterprise application;
helm uninstall wyn