Login to Amazon Elastic Container Registry (ECR).
aws ecr get-login-password --region eu-west-1 | helm registry login --username AWS --password-stdin 494148202604.dkr.ecr.eu-west-1.amazonaws.com
Installation and Setup
Overview
To use OBLV Deploy, you will need to install the Kube OBLV Stack. The Kube OBLV Stack is an umbrella Helm chart that you can install onto your Kubernetes cluster. By installing this chart, you will have all that OBLV Deploy needs to run smoothly. Installation should take around one hour to complete, including the Prerequisites.
User guide
This page content is for administrators who want to deploy an application with OBLV Deploy. If you are a user and want to connect to a deployed application, refer to the Making an Attested Connection guide.
Install Kube OBLV Stack
To install Kube OBLV Stack, you need to follow the steps below:
Requirements
Be sure that you have completed the steps presented in the Prerequisites before proceeding with the installation of Kube OBLV Stack and OBLV Client.
1
2
Install Kube OBLV Stack with Helm package manager.
helm upgrade -i oblv-deploy-stack oci://<OBLV-AWS-ACCOUNT-ID>.dkr.ecr.eu-west-1.amazonaws.com/kube-oblv-stack \
--version 1.2.1-alpha \
-n kube-system \
--set oblv-deploy-chart.enabled=true \
--set aws-load-balancer-controller.enabled=true \
--set aws-load-balancer-controller.clusterName=<EKS-CLUSTER-NAME> \
--set aws-load-balancer-controller.serviceAccount.create=false \
--set aws-load-balancer-controller.serviceAccount.name=aws-load-balancer-controller \
--set external-dns.enabled=true \
--set external-dns.provider=aws \
--set external-dns.txtOwnerId=<EKS-CLUSTER-NAME>-external-dns \
--set external-dns.domainFilters="{oblv.com}" \
--set external-dns.serviceAccount.name=external-dns \
--set external-dns.serviceAccount.create=false \
--set external-dns.policy=sync
Using the Amazon EC2 IMDSv2 with the Load Balancer Controller
If you are using the IMDSv2, set the hop limit to 2 or higher in order to allow the LBC to perform the metadata introspection.
aws ec2 modify-instance-metadata-options --http-put-response-hop-limit 2 --region <region> --instance-id <instance-id>
Alternatively, you can specify the AWS Region and the VPC ID via helm values:
--set aws-load-balancer-controller.region=<aws-region>
--set aws-load-balancer-controller.vpcId=<aws-vpc-id>
Helm information
Auxiliary Commands for debugging
If you need help understanding the installation process, you can use the list of helpful commands for the development and debugging process available on the Auxiliary Commands Reference page.
Resources Created
Details of the AWS and Kubernetes resources created in this guide, including Prerequisites, are shown below:
AWS Resources
AWS Resources
The following AWS resources will be created:
- EKS Nodegroup
- EKS Nodes (quantity specified by the user)
- IAM Policy for AWS Load Balancer Controller (if selected)
- IAM Role for AWS Load Balancer Controller, bound to a Kubernetes Service Account (if selected)
- IAM Policy for External DNS controller (if selected)
- IAM Role for External DNS controller, bound to a Kubernetes Service Account (if selected)
Please note that normal AWS charges apply for EC2 instances created within EKS Nodegroups.
Kubernetes Resources
Kubernetes Resources
The following Kubernetes resources will be created:
- AWS Nitro Enclaves Plugin DaemonSet (one AWS Nitro Enclaves Plugin pod per node)
- OBLV Deploy controller
- AWS Load Balancer controller (if selected)
- External DNS controller (if selected)
What's Next?
After finishing configuring Kube OBLV Stack, your cluster environment is ready for deployment. Access the Deployment page to continue with the Getting Started guide.