Prime EDMAWS EKS Deployment Guide
Prerequisites
Before deploying to Amazon EKS, ensure you have:
- AWS CLI installed and configured
eksctlinstalled- Kubernetes CLI (
kubectl) installed - Helm 3.x installed
Cluster Setup
- Create an EKS cluster:
bash
eksctl create cluster \
--name prime-edm-cluster \
--region us-west-2 \
--nodes 3 \
--node-type t3.medium- Configure kubectl:
bash
aws eks update-kubeconfig --name prime-edm-cluster --region us-west-2Installing Prime EDM Charts
- Add the Helm repository:
bash
helm repo add prime-edm https://charts.acx-sandbox.net --username $USER --password $PASSWORD
helm repo update- Create a values file for AWS-specific settings:
yaml
# aws-values.yaml
global:
provider: aws
region: us-west-2
storage:
class: gp2
serviceAccount:
annotations:
eks.amazonaws.com/role-arn: arn:aws:iam::ACCOUNT_ID:role/EKS_ROLE_NAME
ingress:
annotations:
kubernetes.io/ingress.class: alb- Install the chart:
bash
helm install prime-edm prime-edm/prime-edm -f aws-values.yamlAWS-Specific Configuration
Storage Classes
AWS EKS provides several storage class options:
yaml
storage:
# GP2 - General Purpose SSD
class: gp2
# IO1 - Provisioned IOPS SSD
# class: io1
# SC1 - Cold Storage
# class: sc1Load Balancer
Using AWS Application Load Balancer (ALB):
yaml
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ipIAM Integration
Configure IAM roles for service accounts:
yaml
serviceAccount:
create: true
annotations:
eks.amazonaws.com/role-arn: arn:aws:iam::ACCOUNT_ID:role/EKS_ROLE_NAMESecrets Management
AWS Secrets Manager Setup
- Create an IAM policy for Secrets Manager access:
bash
aws iam create-policy \
--policy-name prime-edm-secrets-policy \
--policy-document '{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"secretsmanager:GetSecretValue",
"secretsmanager:DescribeSecret"
],
"Resource": "*"
}
]
}'- Create IAM role for service account (IRSA):
bash
eksctl create iamserviceaccount \
--name prime-edm-sa \
--namespace default \
--cluster prime-edm-cluster \
--attach-policy-arn arn:aws:iam::ACCOUNT_ID:policy/prime-edm-secrets-policy \
--approve- Install External Secrets Operator:
bash
helm repo add external-secrets https://charts.external-secrets.io
helm repo update
helm install external-secrets \
external-secrets/external-secrets \
--namespace external-secrets \
--create-namespace \
--set installCRDs=true- Create SecretStore:
yaml
apiVersion: external-secrets.io/v1beta1
kind: SecretStore
metadata:
name: aws-backend
spec:
provider:
aws:
service: SecretsManager
region: us-west-2
auth:
jwt:
serviceAccountRef:
name: prime-edm-sa- Create ExternalSecret:
yaml
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: database-secret
spec:
refreshInterval: 1h
secretStoreRef:
name: aws-backend
kind: SecretStore
target:
name: db-credentials
data:
- secretKey: username
remoteRef:
key: prod/db/credentials
property: username
- secretKey: password
remoteRef:
key: prod/db/credentials
property: passwordMonitoring
CloudWatch Integration
Enable CloudWatch metrics:
yaml
monitoring:
cloudwatch:
enabled: true
region: us-west-2
logGroupName: /aws/eks/prime-edmBest Practices
- Use node selectors for workload placement:
yaml
nodeSelector:
eks.amazonaws.com/nodegroup: prime-edm-group- Configure resource requests and limits:
yaml
resources:
requests:
cpu: 250m
memory: 512Mi
limits:
cpu: 500m
memory: 1Gi- Enable auto-scaling:
yaml
autoscaling:
enabled: true
minReplicas: 2
maxReplicas: 10
targetCPUUtilizationPercentage: 80Troubleshooting
Common issues and solutions:
ALB not provisioning:
- Verify IAM roles
- Check ALB controller deployment
- Validate subnet tags
Storage issues:
- Confirm storage class exists
- Check PVC status
- Verify IAM permissions
Network connectivity:
- Review security groups
- Check VPC configuration
- Validate CoreDNS setup