Setup in Amazon Kubernetes Services (EKS)

This guide walks through deploying Capacity Private Cloud on Amazon Elastic Kubernetes Service (EKS). It covers EKS cluster creation, node group configuration, persistent storage with EFS, AWS CLI and kubectl setup, service mesh installation, ingress configuration, TLS setup, and Helm chart deployment. The instructions are intended for administrators provisioning a production or test environment in AWS and assume familiarity with the AWS Management Console and basic Kubernetes concepts.

Create EKS Cluster

Begin by creating a new EKS cluster in the AWS Management Console. Provide a cluster name and configure networking options (e.g., whether the cluster will be publicly accessible). Kubernetes version 1.33 is currently recommended. Refer to the lumenvox/helm-charts GitHub repository for the latest minimum version requirements.

EKS Cluster Networking

Specify the VPC, select subnets, and add the relevant security groups. The default VPC security group is suitable for most deployments. If a VPC does not already exist, create one before proceeding.

Select Cluster Endpoint Access

Configure the cluster endpoint access settings. The recommended defaults provide a balance between accessibility and security. Adjust based on your organization's network policies.

Networking Add-ons

Review and accept the recommended networking add-on settings. These provide the core networking capabilities required by the cluster.

Configure Logging

Review and accept the recommended logging settings. Once all cluster settings are configured, click Create. Cluster creation can take several minutes to complete. Monitor the process for any errors.

Create Node Group

After the cluster is created, navigate to the Compute tab and click Add Node Group.

Configure Node Group

The default values shown in the console are a reasonable starting point but should be adjusted to meet your specific requirements. Set Compute and Scaling Configuration

Select the operating system that best suits your operational needs. The recommended instance type is m6a.2xlarge. Scaling parameters can be adjusted based on your expected call volumes and workload requirements.

Specify Networking

Configure networking for the node group. Review and click Create. Node group creation can take several minutes. Monitor for any errors.

Create EFS Instance

Amazon Elastic File System (EFS) is required as the persistent storage device for the platform. Configure the EFS instance according to your storage and performance requirements.

Configure EFS Network Access

Ensure you select the same VPC as the EKS cluster. Add both the default security group and the eks-cluster-sg-* security group that was automatically created by the cluster.

After creating the EFS instance:

Click Access points and then Create access point.
Accept the defaults and click Create.
Click Attach to associate the access point with the file system.

Create IAM Access Keys

Before installing kubectl, you need AWS access keys to authenticate CLI operations.

Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.
In the navigation pane, choose Users.
Choose the name of the user whose access keys you want to create, then choose the Security credentials tab.
In the Access keys section, choose Create access key.

Choose Showto view the new key pair. Your credentials will look similar to:

Access key ID:     AKIAIOSFODNN7EXAMPLE
Secret access key: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

Choose Download .csv file to save the keys. Store them in a secure location.

Important: You will not have access to the secret access key again after closing this dialog. Keep the keys confidential, never share them via email, and do not share them outside your organization.

Install AWS CLI

Install the AWS CLI by following the official guide: https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html

Verify the installation and your current identity:

aws --version
aws sts get-caller-identity

If you need to configure or change the active identity:

aws configure
AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE
AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Default region name [None]: us-east-1
Default output format [None]: json

Update kubeconfig

Configure kubectl to communicate with your EKS cluster. Replace <region> and <cluster-name> with your values:

aws eks --region <region> update-kubeconfig --name <cluster-name>

Install Helm

curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
chmod 700 get_helm.sh
./get_helm.sh

Install Linkerd CLI

Linkerd is the supported service mesh for Capacity Private Cloud. Only versions up to Linkerd edge-24.5.5 are supported.

curl --proto '=https' --tlsv1.2 -sSfL https://run.linkerd.io/install | sh

Add the Linkerd CLI to Your Path

export PATH=$PATH:$HOME/.linkerd2/bin

Install Linkerd

linkerd check --pre
linkerd install --crds | kubectl apply -f -
linkerd install --set proxyInit.runAsRoot=true | kubectl apply -f -
linkerd check

Note: The EKS installation uses --set proxyInit.runAsRoot=true for the Linkerd install command. This is required for EKS environments where the proxy init container needs root privileges to configure networking.

Install Jaeger

linkerd jaeger install | kubectl apply -f -

Install Linkerd Dashboard

linkerd viz install | kubectl apply -f -

Uninstall Linkerd

If you need to uninstall Linkerd for troubleshooting purposes (e.g., resolving issues with Linkerd sidecars or decommissioning a cluster), use the following commands in order:

linkerd viz uninstall | kubectl delete -f -
linkerd jaeger uninstall | kubectl delete -f -
linkerd uninstall | kubectl delete -f -

Install nginx Ingress

helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
kubectl create ns ingress-nginx
helm upgrade --install ingress-nginx ingress-nginx \
  --repo https://kubernetes.github.io/ingress-nginx \
  -n ingress-nginx \
  --create-namespace \
  --set controller.hostNetwork=true \
  --set controller.allowSnippetAnnotations=true

Create the Namespace

kubectl create namespace lumenvox

Set the Active Namespace

kubectl config set-context --current --namespace=lumenvox

Set Up TLS for Ingress

Generate a self-signed TLS certificate for the ingress controller. Replace <hostnameSuffix> with the value configured in your Helm chart's values.yaml.

openssl genrsa -out server.key 2048

openssl req -new -x509 -sha256 -key server.key -out server.crt -days 3650 \
  -addext "subjectAltName = DNS:lumenvox-api.<hostnameSuffix>, \
  DNS:biometric-api.<hostnameSuffix>, \
  DNS:management-api.<hostnameSuffix>, \
  DNS:reporting-api.<hostnameSuffix>, \
  DNS:admin-portal.<hostnameSuffix>, \
  DNS:deployment-portal.<hostnameSuffix>"

kubectl create secret tls speech-tls-secret --key server.key --cert server.crt

Apply Secrets File

kubectl apply -f lumenvox-secrets.yaml

Configure Helm Repository

helm repo add lumenvox https://lumenvox.github.io/helm-charts
helm repo update

Deploy the Helm Chart

helm install lumenvox lumenvox/lumenvox -f aws-speech-values-internal-resources.yaml -n lumenvox

Complete the Installation

After the Helm chart has been deployed, proceed to set up your deployment configuration. See Setting up a Deployment for the final steps required to complete the installation.

Was this article helpful?