Deploying Mobile Foundation on Amazon Elastic Kubernetes Service (Amazon EKS)

Yathendra Prasad February 05, 2021

Announcement Mobile_Foundation EFK OpenShift Elastic Search Fluentd Kibana

Overview

This blogs outlines the steps required to deploy Mobile Foundation on Amazon EKS cluster.

Prerequisites

Procedure

  1. Download Mobile Foundation RHOCP package from IBM Fix Central and extract it.
  2. Create image pull secret.

  3. Create Mobile Foundation DB secret.

    Note: For details on steps 1,2, and 3, see Deploy Mobile Foundation to an existing Red Hat OpenShift Container Platform.

  4. Update image pull secret name in deploy/service_account.yaml (REPLACE_SECRET).
  5. Update namespace name in deploy/role_binding.yaml (REPLACE_NAMESPACE).

  6. Add the following code snippet at the end of deploy/role.yaml file:

    - apiGroups: ['policy']
  resources: ['podsecuritypolicies']
  verbs: ['use']
  resourceNames: ['mf-operator']

  7. Save the following yaml content as psp.yaml:

    apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
  name: mf-operator
  annotations:
      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
      apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default 
      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default
      seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default
spec:
   requiredDropCapabilities:
   - ALL
   volumes:
   - configMap
   - emptyDir
   - projected
   - secret
   - downwardAPI
   - persistentVolumeClaim
   seLinux:
      rule: RunAsAny
   runAsUser:
      rule: MustRunAsNonRoot
   supplementalGroups:
      rule: MustRunAs
      ranges:
      - min: 1
        max: 65535
   fsGroup:
     rule: MustRunAs
     ranges:
     - min: 1
       max: 65535
   allowPrivilegeEscalation: false
   forbiddenSysctls:
   - "*"

  8. Run the following commands to deploy CRD, Operator, and CR:

    kubectl create -f deploy/crds/charts_v1_mfoperator_crd.yaml
kubectl create -f deploy/service_account.yaml
kubectl create -f deploy/role.yaml
kubectl create -f deploy/role_binding.yaml
kubectl create -f deploy/psp.yaml
kubectl create -f deploy/operator.yaml

    Update image pull secret, DB details, dbsecret, ingress hostname in deploy/crds/charts_v1_mfoperator_cr.yaml.

    To deploy Mobile Foundation Custom resource, run the following command:

    kubectl apply -f deploy/crds/charts_v1_mfoperator_cr.yaml

    To access the Mobile Foundation console launch http://<ingress-hostname>/mfpconsole.

    Note: : Mobile Foundation Elasticsearch operator related yaml files are present in es directory of the extracted package and the deployment also follows the same process as above. Just replace the mf-operator with es-operator in role.yaml and psp.yaml.

    For more details on Mobile Foundation Elasticsearch operator deployment, see here.
Inclusive terminology note: The Mobile First Platform team is making changes to support the IBM® initiative to replace racially biased and other discriminatory language in our code and content with more inclusive language. While IBM values the use of inclusive language, terms that are outside of IBM's direct influence are sometimes required for the sake of maintaining user understanding. As other industry leaders join IBM in embracing the use of inclusive language, IBM will continue to update the documentation to reflect those changes.
Last modified on February 05, 2021