Versions Compared

Version Old Version 11 New Version Current
Changes made by

Harish Agrawal

Harish Agrawal

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

You can use the AWS option to launch 2 3 instances.

  • Public Jump for accessing Private EC2 Instance

  • Private Roost Control Plane

  • Private EaaS Server Or Jump Host Server for Managed/User K8s

1. Public EC2 Instance: For access to private instance

Attribute

Selection

AMI

Choose Ubuntu 20 (ubuntu-focal-20.04) SSD Volume Type

Instance Type

t2.micro

Shutdown behaviour (Stop)

Enable Termination Protection

Storage

Root Volume: 8GB (gp2)

Termination protection

Enable

Security Group Rules

Default Security Group

Inbound Rules with “Source as MyIP or Anywhere”

  1. SSH (port 22)

Tag

Name: RoostAccessJump

Public IP

Enabled

VPC and AZ

Same as the entire setup (suggest that you create a dedicated VPC and other networking components for Roost)

  1. Download key-pair; change permissions to 0400

  2. Review configuration and Launch Instance

2. EC2 Instance: Roost Control Plane

Below configuration is good for 2-3 team size

Attribute

Selection

AMI

Choose Ubuntu 20 (ubuntu-focal-20.04) SSD Volume Type

Instance Type

t3a.large

c5.2xlarge or bigger in CPU & memory

Shutdown behaviour (Stop)

Enable Termination Protection

Storage

Root Volume: 30GB (gp3)
EBS: 100GB (gp3) (Disable Delete on termination)

Termination protection

Enable

Security Group Rules

Inbound Rules with “Source as VPC Default SG”

  1. SSH (port 22)

  • HTTP (port 80)

  • HTTPS (port 443)

    • Custom TCP Port 2502 (for Stun

    1. HTTPS (port 443)

    Tag

    Name: Roost Control Plane

    Public IP

    Disabled

    1. Download key-pair; change permissions to 0400

    2. SCP the PEM key to the public instance (created in Part 1)

    3. Review configuration and Launch Instance

    3: EC2 Instance: Roost EAAS Server or JumpHost

    Similar to EC2 Instance 1 with few changes

    Use the tags to give a different “Name” like “Roost EAAS Server” for ease of identification

    This instance will also act as the default “JumpHost” for user managed clusters. Optionally, it can host a Docker Host and Docker Insecure Registry.

    Attribute

    Selection

    AMI

    Choose Ubuntu 20 (ubuntu-focal-20.04) SSD Volume Type

    Instance Type

    c5.2xlarge or bigger in CPU & memory

    Shutdown behaviour (Stop)

    Enable Termination Protection

    Storage

    Root Volume: 30GB (gp3)
    EBS: 100GB (gp3) ( Disable Delete on termination)

    Termination protection

    Enable

    Security Group Rules

    Please note if Controlplane and EaaS Server are in the same VPC, then we can use just Private IP and configure “All TCP” from security-group of the controlplane

    If this instance is in a different region/VPC then we have to enable Public/External IP and open below traffic from anywhere

    Inbound Rules with “Source as Roost Control plane SG”

    1. SSH (port 22)

    2. HTTPS (port 443)

    3. TCP Port 5000 for Docker Host

    4. TCP Port 5002 for Docker Insecure Registry

    5. TCP Port 60001 for

    JumpHost

    1. Jump Host RoostApi Server

    2. TCP Port 60002 for

    ClusterLauncher

    1. Roost Cluster Launcher

    2. TCP Port 60003 for EaaS API Server

    3. TCP Port 60005 for Cypress Video Server

    4. TCP Port 60006 for Web-console(gotty) default service - ubuntu user

    5. TCP Port 62020-

    62050

    1. 62120 for dynamic gotty ports - mapped to individual users

    Tag

    Name: Roost

    Control Plane

    EaaS Server

    Public IP

    Disabled

    Check the 100GB disk NAME

    Code Block
    lsblk

    Use the EBS disk name that is not mounted

    Code Block
    sudo mkfs -t ext4 /dev/nvme1n1
sudo mkdir /var/tmp/Roost
sudo mount /dev/nvme1n1 /var/tmp/Roost
sudo chown `id -u`:`id -g` /var/tmp/Roost/
if [ ! -d /var/tmp/Roost ]; then
  sudo mkdir /var/tmp/Roost
  sudo chown `id -u`:`id -g` /var/tmp/Roost/
fi

mkdir /var/tmp/Roost/certs;

    2: EC2 Instance: Roost EAAS Server

    Similar to EC2 Instance 1

    Use the tags to give a different “Name” like “Roost EAAS Server” for ease of identification

    This instance will also act as the default jumpHost for user managed clusters. Optionally, it can host a Docker Host and Docker Insecure Registry.

    ...

    1. Download key-pair; change permissions to 0400

    ...

    Review configuration and Launch Instance

    ...

    Connect to EC2 using SSH once it is running

    ...

    Mount EBS Volume

    1. SCP the PEM key to the public instance (created in Part 1)

    2. Review configuration and Launch Instance

    ...

    Connect to EC2 using SSH once it is running

    ...

    Mount EBS volume

    << Oauth Setup Database Setup Further configuration of EaaS Server and JumpHost is enabled via the Admin page on Roost Enterprise Control Plane

    << VPC, Subnet & NAT Setup 6. AWS Route 53, ALB, ACM >>