Version: Deploy 22.2

Installing Deploy on Amazon EKS

This section describes how to install the Deploy application on Amazon EKS.

Audience

This guide is intended for administrators with cluster administrator credentials who are responsible for application deployment.

Before You Begin

The following are the prerequisites required to migrate to the operator-based deployment:

Docker version 17.03 or later
The kubectl command-line tool
Access to a Kubernetes cluster version 1.19 or later
Kubernetes cluster configuration

Keycloak as the Default Authentication Manager for Deploy

Keycloak is the default authentication manager with Deploy 22.1 and later.
This is defined by the spec.keycloak.install parameter that is set to true by default in the daideploy_cr.yaml file.
If you want to disable Keycloak as the default authentication manager for Digitial.ai Deploy, set the spec.keycloak.install parameter to false.
After you disable the Keycloak authentication, the default login credentials (admin/admin) will be applicable when you log in to the Digital.ai Deploy interface.
For more information about how to configure Keycloak for Kubernetes Operator-based Installer, see Keycloak Configuration for Kubernetes Operator Installer.

Step 1—Create a Folder for Installation Tasks

Create a folder on your workstation from where you will execute the installation tasks, for example, DeployInstallation.

Step 2—Download the Operator ZIP

Download the Digital.ai Deploy Operator-based installer zip file from the Deploy Software Distribution site. For example, deploy-operator-aws-eks-22.2.0.zip.
Extract the ZIP file to the DeployInstallation folder.

Step 3—Update the Amazon EKS Cluster Resource Files

To deploy the Deploy application on the Kubernetes cluster, update the infrastructure.yaml file parameters (Infrastructure File Parameters) in DeployInstallation folder with the parameters corresponding to the kubeconfig file (Amazon EKS Kubernetes Cluster Configuration File Parameters) as described in the table below. You can find the Kubernetes cluster information in the default location ~/.kube/config. Ensure the location of the kubeconfig configuration file is your home directory.

Note: The deployment will not proceed further if the infrastructure.yaml is updated with wrong details.

Infrastructure File Parameters	Amazon EKS Kubernetes Cluster Configuration File Parameters	Parameter Value
apiServerURL	server	Enter the server details of the cluster.
caCert	certificate-authority-data	Before updating the parameter value, decode to base64 format.
regionName	Region	Enter the AWS Region.
clusterName	cluster-name	Enter the name of the cluster.
accessKey	NA	This parameter defines the access key that allows the Identity and Access (IAM) user to access the AWS using CLI. Note: This parameter is not available in the Kubernetes configuration file.
accessSecret	NA	This parameter defines the secret password that the IAM user must enter to access the AWS using. Note: This parameter is not available in the Kubernetes configuration file.
isAssumeRole	NA	This parameter, when set to `true`, enables IAM user access to the cluster by using the AWS `assumeRole`. Note: When this parameter is set to `true`, the following fields—accountId, roleName, roleArn, durationSeconds, sessionToken—must be defined.
accountId*	NA	Enter the AWS account Id.
roleName*	NA	Enter the AWS IAM assume role name.
roleArn*	NA	Enter the roleArn of the IAM user role. Note: This field is required when roleArn has different principal policy than arn:aws:iam::'accountid':role/rolename
durationSeconds*	NA	Enter the duration in seconds of the role session(900 to max session duration).
sessionToken*	NA	Enter the temporary session token of the IAM user role.

* These marked fields are required only when the parameter isAssumeRole is true.

Step 4—Convert License and Repository Keystore Files To Base64 Format

Run the following command to get the storage class list:
```
kubectl get sc
```

Run the keytool command below to generate the RepositoryKeystore:

keytool -genseckey {-alias alias} {-keyalg keyalg} {-keysize keysize} [-keypass keypass] {-storetype storetype} {-keystore keystore} [-storepass storepass]

Example

keytool -genseckey -alias deployit-passsword-key -keyalg aes -keysize 128 -keypass deployit -keystore /tmp/repository-keystore.jceks -storetype jceks -storepass test123

Convert the Release license and the repository keystore files to the base64 format:
- To convert the xldLicense into base64 format, run:
```
cat <License.lic> | base64 -w 0
```
- To convert RepositoryKeystore to base64 format, run:
```
cat <repository-keystore.jceks> | base64 -w 0
```
Note: The above commands are for Linux-based systems. For Windows, there is no built-in command to directly perform Base64 encoding and decoding. However, you can use the built-in command certutil -encode/-decode to indirectly perform Base64 encoding and decoding.

Step 5—Update the Default Custom Resource Definitions

Update daideploy_cr file with the mandatory parameters as described in the following table:

Note: For deployments on test environments, you can use most of the parameters with their default values in the daideploy_cr.yaml file.

Parameter	Description
AdminPassword	Admin password for xl-deploy
KeystorePassphrase	The passphrase for the RepositoryKeystore.
Persistence.StorageClass	The storage class that must be defined as Amazon EKS cluster
RepositoryKeystore	Convert the license file for Digital.ai Deploy to the base64 format.
ingress.hosts	DNS name for accessing UI of Digital.ai Deploy.
spec.keycloak.ingress.rules[0].host	DNS name for accessing UI of embedded Keycloak.
postgresql.persistence.storageClass	Storage Class to be defined as PostgreSQL.
rabbitmq.persistence.storageClass	Storage Class to be defined as RabbitMQ.
xldLicense	Deploy license

Note: For deployments on production environments, you must configure all the relevant/required parameters for your Amazon EKS production setup, in the daideploy_cr.yaml file. See Default Parameters to know more about the parameters available in the Digital.ai Deploy's daideploy_cr.yaml file and their default values. You must update the default values for the parameters per your requirements.

To configure the Keycloak parameters for OIDC authentication, see Keycloak Configuration for Kubernetes Operator Installer.

Update the relevant/required parameters for your Amazon EKS production setup in the daideploy_cr.yaml file. See Default Parameters.

If you want to use an existing database and messaging queue, see Using Existing DB and Using Existing MQ topics, and update the daideploy_cr.yaml file. For information on how to configure SSL/TLS with Digital.ai Deploy, see Configuring SSL/TLS.

Step 6—Download and Set up the XL CLI

See Install the XL-CLI.

Note: Use the version that matches your product version in the public folder.

Step 7—Set up the Namespace

You can use any namespace for the installation. By default, the digitalai namespace is used.

kubectl create namespace digitalai

To use a custom namespace, create a namespace and replace digitalai with your custom namespace.

If you would like to install multiple Deploy instances on the same cluster, you need to use a custom namespace.

See Install Deploy in a Custom Namespace.

Step 8—Set up the Digital.ai Deploy Container Instance

Run the following command to download and start the Digital.ai Deploy instance:
```
docker run -d -e "ADMIN_PASSWORD=admin" -e "ACCEPT_EULA=Y" -p 4516:4516 --name xld xebialabs/xl-deploy:22.2.0
```
Note: Before running the command check if there is already running docker containers with name xld or the same port with docker ps command. Stop and delete the container with commands, for example with name xld: docker stop xld; docker rm xld.
Wait Deploy has started and access the Deploy interface, go to:
http://<host IP address>:4516/

Step 9—Start the Deployment

Go to the deploy-operator-aws-eks folder of the extracted ZIP file and run the following command:

xl apply -v -f digital-ai.yaml

Step 10—Verify the Deployment Status

Check the deployment job completion using XL CLI.
The deployment job starts the execution of various tasks as defined in the digital-ai.yaml file in a sequential manner. If you encounter an execution error while running the scripts, the system displays error messages. The average time to complete the job is around 10 minutes.

Note: The runtime depends on the environment.

To troubleshoot runtime errors, see Troubleshooting Operator Based Installer.

Verify if the deployment succeeded, do one of the following:

Open the Deploy application, go to the Explorer tab, and from Library, click Monitoring > Deployment tasks

Run the following command in a terminal or command prompt:

Deployment Verification Using CLI Command

Step 11—Perform Sanity Checks

Open the newly installed Deploy application and perform the required sanity checks.

Configure the User Permissions

After the installation, you must configure the user permissions for OIDC authentication using Keycloak.
For more information about how to configure the user permissions, see Keycloak Configuration for Kubernetes Operator Installer.
If you need to update some of the default properties, see apply changes in the CR.

Audience​

Before You Begin​

Keycloak as the Default Authentication Manager for Deploy​

Step 1—Create a Folder for Installation Tasks​

Step 2—Download the Operator ZIP​

Step 3—Update the Amazon EKS Cluster Resource Files​

Step 4—Convert License and Repository Keystore Files To Base64 Format​

Step 5—Update the Default Custom Resource Definitions​

Step 6—Download and Set up the XL CLI​

Step 7—Set up the Namespace​

Step 8—Set up the Digital.ai Deploy Container Instance​

Step 9—Start the Deployment​

Step 10—Verify the Deployment Status​

Step 11—Perform Sanity Checks​

Configure the User Permissions​