This content is no longer being updated or maintained. The content is provided “as is.” Given the rapid evolution of technology, some content, steps, or illustrations may have changed.
The Turbonomic platform can be deployed on a virtual machine (as a VMware OVA image or Microsoft Hyper-V image) or onto any x86 Linux-based Kubernetes cluster or Red Hat OpenShift platform.
While the Turbonomic platform can be deployed anywhere, such as on public clouds or on-prem, it can manage the resources for workloads that are deployed across hybrid environments. So, you can deploy the Turbonomic platform on an Amazon Elastic Kubernetes Service (EKS) cluster to manage the resources for your AWS workloads, any workloads that are deployed across other cloud providers, and also any workloads deployed on-prem.
In this tutorial, we will explain how you can deploy Turbonomic on an Amazon EKS cluster on AWS, secure it using a certificate issued by the AWS Certificate Manager (ACM), terminate transport layer security (TLS) at the network load balancer (NLB), and access the Turbonomic console through a custom domain that you registered in Amazon Route 53.
An Amazon EKS cluster with at least three worker nodes
Each worker node with a minimum configuration of 4 vCPU and 16 GB RAM
Block or file storage class configured on the EKS cluster
Turbonomic on AWS EKS Deployment Architecture
The following architecture diagram depicts our deployment architecture for Turbonomic on the Amazon EKS cluster.
Steps
Step 1: Configure the default block storage class
When an EKS cluster is deployed, a default Amazon Elastic Block Storage (EBS) storage class is pre-configured with the name ‘gp2’. Turbonomic supports both block and file types of storage for its data persistence requirements. We will use this pre-configured storage class.
To configure the default block storage, you need to configure an IAM policy with the appropriate permissions to allow worker nodes to create and modify Amazon EBS volumes. After that, you need to deploy the EBS Container Storage Interface (CSI) driver by following the steps in the Amazon EKS User Guide.
In the AWS EKS dashboard, on the Resources tab, you can see the installed EBS CSI driver:
Step 2: Reserve the domain name for the Turbonomic platform
If you do not have a custom domain already, reserve a domain through the Amazon Route53 service (or any other domain registrar) by using the instructions in the Amazon Route 53 Developer Guide. For example, for my URL for the Turbonomic platform (‘turbo.ibmgsilab.com’) I registered for the domain ‘ibmgsilab.com.’
Step 3: Request the TLS certificate
Now, you need to request a public Transport Layer Security (TLS) certificate that will be enforced at the network load balancer (NLB) by using the instructions in the AWS Certificate Manager User Guide. You can request a certificate for a fully qualified domain name or with a wildcard. In this example, we requested a wildcard certificate for our domain ‘ibmgsilab.com’.
Create a new namespace by using this command kubectl create ns turbonomic. As an example, we created the ‘turbonomic’ namespace, where the turbonomic software would be deployed.
Create the custom resource definition to allow the Turbonomic Operator to deploy all the necessary resources. For Kubernetes version 1.22 and higher, run the following command: kubectl create -f https://raw.githubusercontent.com/turbonomic/t8c-install/master/operator/config/crd/bases/charts.helm.k8s.io_xls.yaml.
If your cluster is on earlier version of Kubernetes, you need to run below command to create the CRD: kubectl create -f https://raw.githubusercontent.com/turbonomic/t8c-install/master/operator/deploy/crds/charts_v1alpha1_xl_crd.yaml
Create the credentials and a custom resource definition to deploy the operator. These resources are namespace scoped and you only need to be the admin of your namespace. Also, because we want Turbonomic to also manage this EKS cluster, which means you need to deploy the KubeTurbo operator on this cluster, you need to create ClusterRole and ClusterRoleBinding resources.
a. Create the operator service account: kubectl create -f https://raw.githubusercontent.com/turbonomic/t8c-install/master/operator/deploy/service_account.yaml -n turbonomic
b. Create the cluster role: kubectl create -f https://raw.githubusercontent.com/turbonomic/t8c-install/master/operator/deploy/cluster_role.yaml -n turbonomic
c. Create the cluster role binding: kubectl create -f https://raw.githubusercontent.com/turbonomic/t8c-install/master/operator/deploy/cluster_role_binding.yaml -n turbonomic
Launch the Turbonomic Operator pod by running this command: kubectl create -f https://raw.githubusercontent.com/turbonomic/t8c-install/master/operator/deploy/operator.yaml -n turbonomic
Wait for the operator to become available (status = running, with the ready column indicating 1/1). Check the status by using the following command: kubectl get pods -n turbonomic.
Deploy Turbonomic by using a custom resource and specifying a few deployment configurations. Turbonomic provides a base deployment configuration file, which can be modified to suit your requirements. The custom resource is namespace scoped, and you only need to be the admin of your namespace to create an instance of the Turbonomic platform.
a. Download the CR sample deployment configuration from the Turbonomic Platform Operator GitHub repo: https://raw.githubusercontent.com/turbonomic/t8c-install/master/operator/deploy/crds/charts_v1alpha1_xl_cr.yaml.
b. Make the modifications required for your environment. You can enable appropriate probes for your environments. You must make two important configurations to provision an NLB with TLS termination at the NLB. First get the ARN of the public certificate that you have created using AWS ACM.
In the CR YAML file that was downloaded, add the following annotations under the spec: global: ingress: annotations section:
Here replace the aws-load-balancer-ssl-cert certificate with the ARN of the one you created earlier.
Also disable httpsRedirect (set to false) and enable nginxIsPrimaryIngress (set as true) under spec: nginx section:
Create the Turbonomic instance using this updated CR YAML file by using the following command: kubectl apply –f {path_to_modified_CR_file.yaml} -n turbonomic.
Wait for few minutes for all the pods to come into ready state. You can check the status of the NLB that is created by using the following command: `kubectl get svc -n turbonomic | grep nginx``.
It might take couple of minutes for the NLB to come into ‘Active’ state.
Step 5: Configure the NLB
Since the TLS termination is happening at the NLB, we need to change the default backend to a non-TLS port on the nginx.
Select the listener ‘TLS:443.’
Click the Actions drop-down button, and then select Edit Listener.
Change the default forward rule to a non-TLS port, and then save the changes.
We recommend that you delete the non-secure listener ‘TCP:80’ of NLB unless you really need to access the Turbonomic portal over non-secure port.
Step 6: Create a routing entry in the hosted zone
Go to the hosted zone for your domain and create an A-record.
Create an A-record, and then route traffic to the NLB with an appropriate routing policy.
After you complete this step, you will see an A-record created in your hosted zone.
Step 7: Access the Turbonomic Console from your browser
Now you can access your Turbonomic platform through the web console. You can verify the enforced TLS certificate.
When you access the Turbonomic console for the first time, it will prompt you to set up the password for the administrator user. Set the appropriate password and keep it safe with you. You can later add more users or integrate with your organizations ActiveDirecotry or LDAP for user authentication and role-based access control (RBAC). After you create the password for the administrator user, it will take you to the screen to apply the license.
If you encounter an “https redirection” error while accessing the Turbonomic console, add the environment variable DISABLE_HTTPS_REDIRECT: true into the spec: containers: env section in your nginx deployment using the following command: kubectl edit deployment nginx -n turbonomic.
Summary and next steps
In this tutorial you learned how to deploy IBM Turbonomic on an AWS EKS cluster and configure the AWS networking components to access the Turbonomic platform securely.
Now, you can configure the target environments in Turbonomic and reap the benefits from the automation of continuous application performance.
About cookies on this siteOur websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising.For more information, please review your cookie preferences options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.