Deploying Mobile Foundation on Amazon Elastic Kubernetes Service (Amazon EKS)

Overview

This blogs outlines the steps required to deploy Mobile Foundation on Amazon EKS cluster.

Prerequisites

Procedure

  1. Download Mobile Foundation RHOCP package from IBM Fix Central and extract it.
  2. Create image pull secret.
  3. Create Mobile Foundation DB secret.

    Note: For details on steps 1,2, and 3, see Deploy Mobile Foundation to an existing Red Hat OpenShift Container Platform.

  4. Update image pull secret name in deploy/service_account.yaml (REPLACE_SECRET).
  5. Update namespace name in deploy/role_binding.yaml (REPLACE_NAMESPACE).
  6. Add the following code snippet at the end of deploy/role.yaml file:

    - apiGroups: ['policy']
      resources: ['podsecuritypolicies']
      verbs: ['use']
      resourceNames: ['mf-operator']
    
  7. Save the following yaml content as psp.yaml:

    apiVersion: policy/v1beta1
    kind: PodSecurityPolicy
    metadata:
      name: mf-operator
      annotations:
          apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
          apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default 
          seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default
          seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default
    spec:
       requiredDropCapabilities:
       - ALL
       volumes:
       - configMap
       - emptyDir
       - projected
       - secret
       - downwardAPI
       - persistentVolumeClaim
       seLinux:
          rule: RunAsAny
       runAsUser:
          rule: MustRunAsNonRoot
       supplementalGroups:
          rule: MustRunAs
          ranges:
          - min: 1
            max: 65535
       fsGroup:
         rule: MustRunAs
         ranges:
         - min: 1
           max: 65535
       allowPrivilegeEscalation: false
       forbiddenSysctls:
       - "*"
    
  8. Run the following commands to deploy CRD, Operator, and CR:

    kubectl create -f deploy/crds/charts_v1_mfoperator_crd.yaml
    kubectl create -f deploy/service_account.yaml
    kubectl create -f deploy/role.yaml
    kubectl create -f deploy/role_binding.yaml
    kubectl create -f deploy/psp.yaml
    kubectl create -f deploy/operator.yaml
    

    Update image pull secret, DB details, dbsecret, ingress hostname in deploy/crds/charts_v1_mfoperator_cr.yaml.

    To deploy Mobile Foundation Custom resource, run the following command:

    kubectl apply -f deploy/crds/charts_v1_mfoperator_cr.yaml
    

    To access the Mobile Foundation console launch http://<ingress-hostname>/mfpconsole.

    Note: : Mobile Foundation Elasticsearch operator related yaml files are present in es directory of the extracted package and the deployment also follows the same process as above. Just replace the mf-operator with es-operator in role.yaml and psp.yaml.

    For more details on Mobile Foundation Elasticsearch operator deployment, see here.

Last modified on February 05, 2021