suse cloud application platform on the aws cloud...page 1 of 25 suse cloud application platform on...
Post on 27-Mar-2020
4 Views
Preview:
TRANSCRIPT
Page 1 of 25
SUSE Cloud Application Platform on the AWS Cloud
Quick Start Reference Deployment
April 2019
(last update: March 2020)
David Rocha, Louis Paul, Kevin Ayres, and Andrew Gracey, SUSE
Jay McConnell, AWS Quick Start team
Visit our GitHub repository for source files and to post feedback,
report bugs, or submit feature ideas for this Quick Start.
Contents
Overview .................................................................................................................................... 2
Cost and licenses .................................................................................................................... 3
Architecture ............................................................................................................................... 4
Planning the deployment .......................................................................................................... 5
Specialized knowledge ........................................................................................................... 5
AWS account .......................................................................................................................... 6
Technical requirements ......................................................................................................... 6
Deployment options ............................................................................................................... 7
Deployment steps ...................................................................................................................... 7
Step 1. Sign in to your AWS account ...................................................................................... 7
Step 2. Subscribe to SUSE Cloud Application Platform ........................................................ 7
Step 3. Launch the Quick Start ..............................................................................................8
Option 1: Parameters for deploying SUSE CAP into a new VPC ..................................... 10
Option 2: Parameters for deploying SUSE CAP into an existing VPC ............................ 13
Step 4. Test the deployment ................................................................................................ 18
Amazon Web Services – SUSE Cloud Application Platform on the AWS Cloud March 2020
Page 2 of 25
Best practices for using SUSE Cloud Application Platform on AWS ..................................... 19
Security .................................................................................................................................... 19
TLS certificates ..................................................................................................................... 19
Stratos web UI ........................................................................................................................ 20
Metrics: Optional installation using an endpoint for Prometheus .................................... 20
Eirini application runtime scheduler ..................................................................................... 20
Cloud Foundry roles and Kubernetes pod placement ........................................................... 20
Scaling application workloads and Availability Zone placement........................................ 21
Minimal-cost deployment without HA ................................................................................ 21
Backup and recovery ............................................................................................................... 22
FAQ .......................................................................................................................................... 22
Send us feedback ..................................................................................................................... 23
Additional resources ............................................................................................................... 23
Document revisions ................................................................................................................. 24
This Quick Start was created by SUSE in collaboration with Amazon Web Services (AWS).
Quick Starts are automated reference deployments that use AWS CloudFormation
templates to deploy key technologies on AWS, following AWS best practices.
Overview
This Quick Start reference deployment guide provides step-by-step instructions for
deploying SUSE Cloud Application Platform (CAP) on AWS.
SUSE CAP is a fully containerized implementation of Cloud Foundry. It provides a modern
application delivery platform that software development and operations teams can use to
streamline lifecycle management of traditional and cloud-native applications. The platform
provides the following features:
One-step, containerized application deployment through a command-line interface
(CLI) or web-based UI
The Stratos web-based UI for managing deployments across platforms
Amazon Web Services – SUSE Cloud Application Platform on the AWS Cloud March 2020
Page 3 of 25
Automation for application lifecycle management by assigning appropriate resources,
managing routing, load balancing, and scaling
Support for multiple languages and frameworks through open-source build packs for
Java, Go, .NET, Node.js, Ruby, PHP, Python, static websites, binary executables, and
more
Configurable service brokers for exposing third-party services to users and applications
through the Open Service Broker API
Amazon Elastic Kubernetes Service (Amazon EKS) support and integration with AWS
Service Broker
Note: This reference deployment uses the Amazon EKS Quick Start as a foundation
to provide a fully managed, highly available, and certified Kubernetes-conformant
control plane for SUSE Cloud Application Platform.
Cost and licenses
You are responsible for the cost of the AWS services used while running this Quick Start
reference deployment. There is no additional cost for using the Quick Start.
The AWS CloudFormation template for this Quick Start includes configuration parameters
that you can customize. Some of these settings, such as instance type, will affect the cost of
deployment. For cost estimates, see the pricing pages for each AWS service you will be
using. Prices are subject to change.
Tip: After you deploy the Quick Start, we recommend that you enable the AWS Cost
and Usage Report to track costs associated with the Quick Start. This report delivers
billing metrics to an S3 bucket in your account. It provides cost estimates based on
usage throughout each month, and finalizes the data at the end of the month. For
more information about the report, see the AWS documentation.
This Quick Start requires a subscription to SUSE Cloud Application Platform. To use SUSE
Cloud Application Platform for your production environments, you must have a support
subscription. To get started, contact your account executive or fill out the Request a Sales
Call form on the SUSE website.
If you don’t have a subscription, the Quick Start runs in trial mode, which allows free usage
in a non-production environment with no technical support. For more information about
proof-of-concept environments, contact aws@suse.com.
Amazon Web Services – SUSE Cloud Application Platform on the AWS Cloud March 2020
Page 4 of 25
Architecture
Deploying this Quick Start for a new virtual private cloud (VPC) builds the following SUSE
Cloud Application Platform environment in the AWS Cloud.
Figure 1: Quick Start architecture for SUSE Cloud Application Platform on AWS
The Quick Start sets up the following:
A highly available VPC architecture that spans three Availability Zones. The VPC is
configured with public and private subnets according to AWS best practices, to provide
you with your own virtual network on AWS.*
In the public subnets:
Amazon Web Services – SUSE Cloud Application Platform on the AWS Cloud March 2020
Page 5 of 25
– Managed NAT gateways to allow outbound internet access for resources in the
private subnets.*
– A Linux bastion host in an Auto Scaling group to allow inbound Secure Shell
(SSH) access to administer the SUSE Cloud Application Platform and Amazon
EKS environment.*
In the private subnets:
– Three Amazon Elastic Compute Cloud (Amazon EC2) instances that function as
Kubernetes nodes that run customer applications, in an Auto Scaling group. You
can configure the number of instances.
– Three EC2 instances that function as Kubernetes nodes that run SUSE Cloud
Application Platform infrastructure components, in an Auto Scaling group. You
can configure the number of instances.
– Security groups to allow internode communication.
Amazon Route 53 hosted zone and records to provide secure access to SUSE Cloud
Application Platform APIs and user applications hosted on the platform.
A Classic Load Balancer that routes traffic to SUSE Cloud Application Platform APIs and
user applications hosted on the platform.
* The template that deploys the Quick Start into an existing VPC skips the components
marked by asterisks and prompts you for your existing VPC configuration.
For a component-level architecture diagram, see SUSE Cloud Application Platform
Architecture in the SUSE documentation.
Planning the deployment
Specialized knowledge
This Quick Start assumes familiarity with Cloud Foundry and Kubernetes.
It also requires a moderate level of familiarity with AWS services. If you’re new to AWS,
visit the Getting Started Resource Center and the AWS Training and Certification website
for materials and programs that can help you develop the skills to design, deploy, and
operate your infrastructure and applications on the AWS Cloud.
Amazon Web Services – SUSE Cloud Application Platform on the AWS Cloud March 2020
Page 6 of 25
AWS account
If you don’t already have an AWS account, create one at https://aws.amazon.com by
following the on-screen instructions. Part of the sign-up process involves receiving a phone
call and entering a PIN using the phone keypad.
Your AWS account is automatically signed up for all AWS services. You are charged only for
the services you use.
Technical requirements
Before you launch the Quick Start, your account must be configured as specified in the
following table. Otherwise, deployment might fail.
Resources If necessary, request service quota increases for the following resources. You may
need this if an existing deployment uses these resources and you exceed the
default quotas with this deployment. The Service Quotas console displays your
usage and quotas for some aspects of some services. For more information, see
the AWS documentation.
AWS Trusted Advisor offers a service quotas check that displays your usage and
limits for some aspects of some services.
Resource This deployment uses
VPC 1
Availability Zone 3
S3 bucket 2
Elastic network
interface 3
Elastic IP address 3
IAM security group 5
IAM role 14
AWS Secrets Manager
secret 1
Auto Scaling group 3
Load balancer 4
NAT gateway 3
SLES 15 instance 7
Regions This deployment includes Amazon EKS, which may not currently be supported in
all AWS Regions. For a current list of supported Regions, see AWS Regions and
Endpoints in the AWS documentation.
Amazon Web Services – SUSE Cloud Application Platform on the AWS Cloud March 2020
Page 7 of 25
Key pair Ensure that at least one Amazon EC2 key pair exists in your AWS account in the
Region where you are planning to deploy the Quick Start. Make note of the key
pair name. You are prompted for this information during deployment. To create a
key pair, follow the instructions in the AWS documentation.
If you’re deploying the Quick Start for testing or proof-of-concept purposes, we
recommend that you create a new key pair instead of specifying a key pair that’s
already being used by a production instance.
IAM permissions To deploy the Quick Start, you must log in to the AWS Management Console with
IAM permissions for the resources and actions the templates deploy. The
AdministratorAccess managed policy within IAM provides enough permissions,
although your organization may choose to use a custom policy with more
restrictions.
Deployment options
This Quick Start provides two deployment options:
Deploy SUSE Cloud Application Platform into a new VPC (end-to-end
deployment). This option builds a new AWS environment consisting of the VPC,
subnets, NAT gateways, security groups, bastion hosts, and other infrastructure
components, and then deploys SUSE Cloud Application Platform into this new VPC.
Deploy SUSE Cloud Application Platform into an existing VPC. This option
provisions SUSE Cloud Application Platform in your existing AWS infrastructure.
The Quick Start provides separate templates for these options. It also lets you configure
classless inter-domain routing (CIDR) blocks, instance types and sizes, and other settings,
as discussed later in this guide.
Deployment steps
Step 1. Sign in to your AWS account
1. Sign in to your AWS account at https://aws.amazon.com with an IAM user role that has
the necessary permissions. For details, see Planning the deployment earlier in this
guide.
2. Ensure that your AWS account is configured correctly, as discussed in the Technical
requirements section.
Step 2. Subscribe to SUSE Cloud Application Platform
This Quick Start requires a subscription for SUSE Cloud Application Platform to enable
SUSE support.
Amazon Web Services – SUSE Cloud Application Platform on the AWS Cloud March 2020
Page 8 of 25
To use SUSE Cloud Application Platform for your production environments, you must have
a support subscription. To get started, contact your account executive or fill out the Request
a Sales Call form on the SUSE website. If you don’t have a subscription, the Quick Start
runs in trial mode, which allows free usage in a non-production environment with no
technical support. For more information about proof-of-concept environments, contact
aws@suse.com.
Step 3. Launch the Quick Start
Notes: The instructions in this section reflect the older version of the AWS
CloudFormation console. If you’re using the redesigned console, some of the user
interface elements might be different.
You are responsible for the cost of the AWS services used while running this Quick
Start reference deployment. There is no additional cost for using this Quick Start.
For full details, see the pricing pages for each AWS service you will be using in this
Quick Start. Prices are subject to change.
1. Choose one of the following options to launch the Quick Start into your AWS account.
For help with choosing an option, see deployment options earlier in this guide.
Deploy SUSE Cloud Application
Platform into a new VPC on AWS
Deploy SUSE Cloud Application
Platform into an existing VPC on AWS
Important: You must have registered a root domain name and a DNS zone ID
within Route 53. If you are using an externally registered domain, you must
configure the appropriate delegation set from your registrar and the corresponding
subdomain and zone within Route 53.
You must also have created an SSH key in the Region in which you plan to launch the
Quick Start.
• new VPC
• workloadDeploy • workload onlyDeploy
Amazon Web Services – SUSE Cloud Application Platform on the AWS Cloud March 2020
Page 9 of 25
If you’re deploying SUSE Cloud Application Platform into an existing VPC, ensure
that your VPC has three private subnets in different Availability Zones for the
workload instances, and that the subnets aren’t shared. This Quick Start doesn’t
support shared subnets. These subnets require NAT gateways in their route tables, to
allow the instances to download packages and software without exposing them to the
internet. You must also configure the domain name in the DHCP options, as
explained in the Amazon VPC documentation. You are prompted for your VPC
settings when you launch the Quick Start.
Each deployment takes about 45 minutes to complete.
2. Check the AWS Region that’s displayed in the upper-right corner of the navigation bar,
and change it if necessary. This is where the network infrastructure for SUSE Cloud
Application Platform is built. The Quick Start is launched in the US East (Ohio) Region
by default.
Note: This deployment includes Amazon EKS, which isn’t currently supported in all
AWS Regions. For a current list of supported Regions, see the AWS Regions and
Endpoints webpage.
3. On the Select Template page, keep the default setting for the template URL, and then
choose Next.
4. On the Specify Details page, change the stack name if needed. Review the parameters
for the template. Provide values for the parameters that require input. For all other
parameters, review the default settings and customize them as necessary.
In the following tables, parameters are listed by category and described separately for
the two deployment options:
– Parameters for deploying SUSE Cloud Application Platform into a new VPC
– Parameters for deploying SUSE Cloud Application Platform into an existing VPC
When you finish reviewing and customizing the parameters, choose Next.
Amazon Web Services – SUSE Cloud Application Platform on the AWS Cloud March 2020
Page 10 of 25
OPTION 1: PARAMETERS FOR DEPLOYING SUSE CAP INTO A NEW VPC
View template
Route 53 DNS configuration:
Parameter label
(name)
Default Description
Hosted zone ID
(HostedZoneID)
Requires
input
The Route 53 hosted zone ID to use as a base domain (e.g.,
Z2HBG4MXXV2ZI1).
Domain name
(DomainName)
Requires
input
The domain name to use as a base domain. If there is an externally
registered domain name, it will be in the format
subdomain.rootdomain.extension (e.g., suse.com or cap.suse.com).
Subdomain prefix
(SubDomainPrefix)
scf The prefix to add to the base domain to create a new Route 53 hosted zone.
Before you launch the Quick Start, ensure that a hosted zone with this name
does not exist.
Amazon EC2 configuration:
Parameter label
(name)
Default Description
SSH key name
(KeyPairName)
Requires input The name of an existing public/private key pair, which allows
you to securely connect to your instances after they launch.
VPC network configuration:
Parameter label
(name)
Default Description
Availability Zones
(AvailabilityZones)
Requires input The list of Availability Zones to use for the subnets in the VPC.
The Quick Starts uses three Availability Zones for this
deployment and preserves the logical order of your selections.
Choose three Availability Zones from the available list for your
Region. Regions supporting EKS but with fewer than three
Availability Zones are not be supported.
Allowed external
access CIDR
(RemoteAccessCIDR)
Requires input The CIDR IP range that is permitted to access the instances.
We recommend that you set this value to a trusted IP range
and NOT to 0.0.0.0/0
VPC CIDR
(VPCCIDR)
10.0.0.0/16 The CIDR block for the VPC.
Private subnet 1 CIDR
(PrivateSubnet1CIDR)
10.0.0.0/19 The CIDR block for private subnet 1 located in Availability
Zone 1.
Private subnet 2 CIDR
(PrivateSubnet2CIDR)
10.0.32.0/19 The CIDR block for private subnet 2 located in Availability
Zone 2.
Amazon Web Services – SUSE Cloud Application Platform on the AWS Cloud March 2020
Page 11 of 25
Parameter label
(name)
Default Description
Private subnet 3 CIDR
(PrivateSubnet3CIDR)
10.0.64.0/19 The CIDR block for private subnet 3 located in Availability
Zone 3.
Public subnet 1 CIDR
(PublicSubnet1CIDR)
10.0.128.0/20 The CIDR block for the public (DMZ) subnet 1 located in
Availability Zone 1.
Public subnet 2 CIDR
(PublicSubnet2CIDR)
10.0.144.0/20 The CIDR block for the public (DMZ) subnet 2 located in
Availability Zone 2.
Public subnet 3 CIDR
(PublicSubnet3CIDR)
10.0.160.0/20 The CIDR block for the public (DMZ) subnet 3 located in
Availability Zone 3.
Amazon EKS configuration:
Parameter label
(name)
Default Description
Nodes instance type
(NodeInstanceType)
m5.large The EC2 instance type to use for the worker node instances.
Number of
infrastructure nodes
(NumberOfInfraNodes)
3 The number of Amazon EKS worker node instances to create
in the infrastructure Auto Scaling group.
Number of application
nodes
(NumberOfAppNodes)
3 The number of Amazon EKS worker node instances to create
in the customer Application Auto Scaling group.
Node group name
(NodeGroupName)
Default The name for the Amazon EKS node group.
Node volume size
(NodeVolumeSize)
80 The size of the node volumes, in GiB.
Additional EKS admin
ARNs
(AdditionalEKSAdmin
Arns)
Optional A comma-separated list of IAM users/roles to be granted
administrative access to the Amazon EKS cluster. This is
necessary for other access methods, such as allowing another
user to connect to the EKS cluster from a host other than the
created bastion host. The format must be a complete ARN for
the designated UserID.
SUSE Cloud Application Platform scaling:
Parameter label
(name)
Default Description
Number of UAA
replicas
(UaaReplicas)
2 The number of SUSE User Account and Authentication (UAA)
replicas to deploy.
Amazon Web Services – SUSE Cloud Application Platform on the AWS Cloud March 2020
Page 12 of 25
Parameter label
(name)
Default Description
Number of UAA
MySQL replicas
(UaaMysqlReplicas)
3 The number of UAA MySQL replicas to deploy.
Number of TCP router
replicas
(TcpRouterReplicas)
2 The number of TCP router replicas to deploy.
Number of SCF
MySQL replicas
(ScfMysqlReplicas)
3 The number of SUSE Cloud Foundry (SCF) MySQL replicas to
deploy.
Number of routing
API replicas
(RoutingApiReplicas)
2 The number of routing API replicas to deploy.
Number of router
replicas
(RouterReplicas)
2 The number of router replicas to deploy.
Number of NATS
replicas
(NatsReplicas)
2 The number of NATS replicas to deploy.
Number of Diego SSH
replicas
(DiegoSshReplicas)
2 The number of Diego SSH replicas to deploy.
Number of Diego
brain replicas
(DiegoBrainReplicas)
2 The number of Diego brain replicas to deploy.
Number of Diego API
replicas
(DiegoApiReplicas)
2 The number of Diego API replicas to deploy.
Number of CC
uploader replicas
(CcUploaderReplicas)
2 The number of Cloud Controller (CC) uploader replicas to
deploy.
Number of adapter
replicas
(AdapterReplicas)
2 The number of adapter replicas to deploy.
Number of API group
replicas
(ApiGroupReplicas)
2 The number of API group replicas to deploy.
Number of CC clock
replicas
(CcClockReplicas)
2 The number of CC clock replicas to deploy.
Amazon Web Services – SUSE Cloud Application Platform on the AWS Cloud March 2020
Page 13 of 25
Parameter label
(name)
Default Description
Number of CC worker
replicas
(CcWorkerReplicas)
2 The number of CC worker replicas to deploy.
Number of CF USB
replicas
(CfUsbReplicas)
2 The number of Cloud Foundry USB replicas to deploy.
AWS Quick Start configuration:
Note: We recommend that you keep the default settings for the following
parameters, unless you are customizing the Quick Start templates for your own
deployment projects. Changing the settings of these parameters automatically
updates code references to point to a new Quick Start location. For additional details,
see the AWS Quick Start Contributor’s Guide.
Parameter label
(name)
Default Description
Quick Start S3 bucket
name
(QSS3BucketName)
aws-quickstart The S3 bucket you created for your copy of Quick Start assets,
if you decide to customize or extend the Quick Start for your
own use. The bucket name can include numbers, lowercase
letters, uppercase letters, and hyphens, but should not start or
end with a hyphen.
Quick Start S3 key
prefix
(QSS3KeyPrefix)
quickstart-suse-
cloud-application-
platform/
The S3 key name prefix used to simulate a folder for your copy
of Quick Start assets, if you decide to customize or extend the
Quick Start for your own use. This prefix can include
numbers, lowercase letters, uppercase letters, hyphens, and
forward slashes.
Lambda zips bucket
name
(LambdaZipsBucket
Name)
Optional The name of the S3 bucket where the AWS Lambda zip files
should be placed. If you leave this setting blank, the Quick
Start creates a bucket.
OPTION 2: PARAMETERS FOR DEPLOYING SUSE CAP INTO AN EXISTING VPC
View template
Network configuration:
Parameter label
(name) Default Description
VPC ID
(VPCID)
Requires input The ID of your existing VPC (e.g., vpc-0343606e).
Amazon Web Services – SUSE Cloud Application Platform on the AWS Cloud March 2020
Page 14 of 25
Parameter label
(name) Default Description
Private subnet 1 ID
(PrivateSubnet1ID)
Requires input The ID of the private subnet in Availability Zone 1 in your
existing VPC (e.g., subnet-fe9a8b32).
Private subnet 2 ID
(PrivateSubnet2ID)
Requires input The ID of the private subnet in Availability Zone 2 in your
existing VPC (e.g., subnet-be8b01ea).
Private subnet 3 ID
(PrivateSubnet3ID)
Requires input The ID of the private subnet in Availability Zone 3 in your
existing VPC (e.g., subnet-abd39039).
Public subnet 1 ID
(PrivateSubnet1ID)
Requires input The ID of the public subnet in Availability Zone 1 in your
existing VPC (e.g., subnet-a0246dcd).
Public subnet 2 ID
(PrivateSubnet2ID)
Requires input The ID of the public subnet in Availability Zone 2 in your
existing VPC (e.g., subnet-b58c3d67).
Public subnet 3 ID
(PrivateSubnet3ID)
Requires input The ID of the public subnet in Availability Zone 3 in your
existing VPC (e.g., subnet-c3456aba).
Allowed external
access CIDR
(RemoteAccessCIDR)
Requires input The CIDR IP range that is permitted to access the instances.
We recommend that you set this value to a trusted IP range.
Amazon EC2 configuration:
Parameter label
(name)
Default Description
SSH key name
(KeyPairName)
Requires input The name of an existing public/private key pair, which allows
you to securely connect to your instances after they launch
Route 53 DNS configuration:
Parameter label
(name)
Default Description
Hosted zone ID
(HostedZoneID)
Requires input The Route 53 hosted zone ID to use as a base domain.
Domain name
(DomainName)
Requires input The domain name to use as a base domain.
Sub-domain prefix
(SubDomainPrefix)
scf The prefix to add to the base domain to create a new Route 53
hosted zone. Before you launch the Quick Start, ensure that a
hosted zone with this name does not exist.
Amazon EKS configuration:
Parameter label
(name)
Default Description
Nodes instance type
(NodeInstanceType)
m5.large The EC2 instance type to use for the worker node instances.
Amazon Web Services – SUSE Cloud Application Platform on the AWS Cloud March 2020
Page 15 of 25
Parameter label
(name)
Default Description
Number of
infrastructure nodes
(NumberOfInfraNodes)
3 The number of Amazon EKS worker node instances to create
in the infrastructure Auto Scaling group.
Number of application
nodes
(NumberOfAppNodes)
3 The number of Amazon EKS worker node instances to create
in the customer Application Auto Scaling group.
Node group name
(NodeGroupName)
Default The name for the Amazon EKS node group.
Node volume size
(NodeVolumeSize)
80 The size of the node volumes, in GiB.
Additional EKS admin
ARNs
(AdditionalEKSAdmin
Arns)
Optional A comma-separated list of IAM users/roles to be granted
administrative access to the Amazon EKS cluster.
SUSE Cloud Application Platform scaling:
Parameter label
(name)
Default Description
Number of UAA
replicas
(UaaReplicas)
2 The number of SUSE User Account and Authentication (UAA)
replicas to deploy.
Number of UAA
MySQL replicas
(UaaMysqlReplicas)
3 The number of UAA MySQL replicas to deploy.
Number of TCP router
replicas
(TcpRouterReplicas)
2 The number of TCP router replicas to deploy.
Number of SCF
MySQL replicas
(ScfMysqlReplicas)
3 The number of SUSE Cloud Foundry (SCF) MySQL replicas to
deploy.
Number of routing
API replicas
(RoutingApiReplicas)
2 The number of routing API replicas to deploy.
Number of router
replicas
(RouterReplicas)
2 The number of router replicas to deploy.
Number of NATS
replicas
(NatsReplicas)
2 The number of NATS replicas to deploy.
Amazon Web Services – SUSE Cloud Application Platform on the AWS Cloud March 2020
Page 16 of 25
Parameter label
(name)
Default Description
Number of Diego SSH
replicas
(DiegoSshReplicas)
2 The number of Diego SSH replicas to deploy.
Number of Diego
brain replicas
(DiegoBrainReplicas)
2 The number of Diego brain replicas to deploy.
Number of Diego API
replicas
(DiegoApiReplicas)
2 The number of Diego API replicas to deploy.
Number of CC
uploader replicas
(CcUploaderReplicas)
2 The number of Cloud Controller (CC) uploader replicas to
deploy.
Number of adapter
replicas
(AdapterReplicas)
2 The number of adapter replicas to deploy.
Number of API group
replicas
(ApiGroupReplicas)
2 The number of API group replicas to deploy.
Number of CC clock
replicas
(CcClockReplicas)
2 The number of CC clock replicas to deploy.
Number of CC worker
replicas
(CcWorkerReplicas)
2 The number of CC worker replicas to deploy.
Number of CF USB
replicas
(CfUsbReplicas)
2 The number of Cloud Foundry USB replicas to deploy.
AWS Quick Start configuration:
Note: We recommend that you keep the default settings for the following
parameters, unless you are customizing the Quick Start templates for your own
deployment projects. Changing the settings of these parameters automatically
updates code references to point to a new Quick Start location. For additional details,
see the AWS Quick Start Contributor’s Guide.
Amazon Web Services – SUSE Cloud Application Platform on the AWS Cloud March 2020
Page 17 of 25
Parameter label
(name)
Default Description
Quick Start S3 bucket
name
(QSS3BucketName)
aws-quickstart The S3 bucket you created for your copy of Quick Start assets,
if you decide to customize or extend the Quick Start for your
own use. The bucket name can include numbers, lowercase
letters, uppercase letters, and hyphens, but should not start or
end with a hyphen.
Quick Start S3 key
prefix
(QSS3KeyPrefix)
quickstart-suse-
cloud-application-
platform/
The S3 key name prefix used to simulate a folder for your copy
of Quick Start assets, if you decide to customize or extend the
Quick Start for your own use. This prefix can include
numbers, lowercase letters, uppercase letters, hyphens, and
forward slashes.
Lambda zips bucket
name
(LambdaZipsBucket
Name)
Optional The name of the S3 bucket where the AWS Lambda zip files
should be placed. If you leave this setting blank, the Quick
Start creates a bucket.
5. On the Options page, you can specify tags (key-value pairs) for resources in your stack
and set advanced options. When you’re done, choose Next.
6. On the Review page, review and confirm the template settings. Under Capabilities,
select the two check boxes to acknowledge that the template creates IAM resources and
that it might require the capability to auto-expand macros.
7. Choose Create to deploy the stack.
8. Monitor the status of the stack. When the status is CREATE_COMPLETE, the SUSE
Cloud Application Platform cluster is ready.
Figure 2: SUSE Cloud Application Platform outputs after successful deployment
Amazon Web Services – SUSE Cloud Application Platform on the AWS Cloud March 2020
Page 18 of 25
9. Use the URLs displayed in the Outputs tab for the stack, to view the resources that
were created.
Step 4. Test the deployment
1. Log in to the bastion host with the configured key pair and the user name ec2-user. You
can get the IP address of the bastion host from the Outputs tab of the AWS
CloudFormation console.
ssh -i "~/.ssh/cap.pem" ec2-user@12.23.34.45
2. Verify that the client software was installed through the bastion host:
> kubectl version Client Version: version.Info <version#> > helm version Client: <version#> > aws –version <version#> > cf –version cf version <version#> > git version git version <version#>
3. Verify the health of the Amazon EKS cluster through the bastion host. Use the installed
kubectl and helm commands to verify access to the environment and the running state
of the cluster and packages.
> kubectl cluster-info > kubectl get nodes > kubectl get pods -n uaa > kubectl get pods -n scf > helm list > helm status scf |grep https
4. Retrieve the Cloud Foundry administrative password from AWS Secrets Manager. Sign
in to the AWS Secrets Manager console at
https://console.aws.amazon.com/secretsmanager/. Choose the secret that has an
AdminPassword prefix, and then choose Retrieve secret value.
Amazon Web Services – SUSE Cloud Application Platform on the AWS Cloud March 2020
Page 19 of 25
5. Retrieve the Cloud Foundry API endpoint from the CloudFormation stack outputs, and
log in to the Cloud Foundry CLI:
> cf login -a <API_ENDPOINT>
6. (Optional) Deploy a sample application:
> cf create-org SUSE > cf create space DEMO > cf target -s DEMO # Push your first application. Try Dizzy Lizard. > git clone https://github.com/troytop/dizzylizard # Push application and return its URL > cf push | grep http
To learn about how to deploy and manage your applications on SUSE Cloud Application
Platform, see the Developer Guide on the Cloud Foundry website.
Best practices for using SUSE Cloud Application Platform on AWS
The optimal configuration for running SUSE Cloud Application Platform on an Amazon
EKS cluster requires a minimum of three worker nodes with at least 16 GiB RAM and 4
vCPUs each. This configuration provides minimal support for high availability and failover
of the infrastructure components and allows 12–16 GiB for application workloads. If you
need a leaner environment for a lighter workload or for testing, you can change the default
number of worker nodes, their instance types, and volume size when you deploy the Quick
Start.
SUSE Cloud Application Platform requires storage for databases used by the pods that are
related to Cloud Foundry and User Authentication and Authorization (UAA). This Quick
Start uses the Amazon Elastic Block Store (Amazon EBS) backed gp2 storage class. This
storage class dynamically provisions and attaches EBS volumes as needed.
Security
TLS certificates
This Quick Start automatically sets up Elastic Load Balancing (ELB) to support the critical
services of a Cloud Application Platform cluster. These subdomains and zone entries are
added to the Amazon Route 53 hosted zone during installation.
Amazon Web Services – SUSE Cloud Application Platform on the AWS Cloud March 2020
Page 20 of 25
TLS is set up on the ELB entry point to the SUSE Cloud Application Platform API. This is
accomplished with AWS Certificate Manager (ACM), which manages the certificate keys
and attaches the certificate to the load balancer. Except for the Gorouter component, the
backend connection from the load balancer is also encrypted using self-signed certificates
that are generated during installation.
Stratos web UI
SUSE provides a web UI called Stratos for connecting to Cloud Foundry instances and
viewing cross-referenced metrics to Kubernetes endpoints. Stratos is available within the
QuickStart and can be deployed by setting the optional parameter Stratos web console to
Enabled either initially or by way of a stack update.
After the Stratos web application is deployed, you can access it from the browser via
https://scf.<DomainName>.
Note: Stratos is a large client UI that is based on Node.js/Angular, with a Golang
backend application. If the staging phase exceeds the default timeout of 180 seconds,
you may need to pre-build the Node.js components; see the SUSE Stratos
documentation for details.
Metrics: Optional installation using an endpoint for Prometheus
It is possible to optionally enable metrics for Stratos through Prometheus. For more
information, see https://github.com/SUSE/stratos-metrics.
Eirini application runtime scheduler
SUSE Cloud Application Platform supports the option of Kubernetes, rather than Diego.
This Quick Start, however, currently deploys using the traditional Diego model. For more
information, see Eirini and CF Containerization: a field guide.
Cloud Foundry roles and Kubernetes pod placement
SUSE Cloud Application Platform deployment differs from upstream Cloud Foundry
deployment, where BOSH manages the placement of the Cloud Foundry roles onto virtual
machines (VMs).
Amazon Web Services – SUSE Cloud Application Platform on the AWS Cloud March 2020
Page 21 of 25
The installation uses Helm to specify affinity/anti-affinity and placement rules onto
Kubernetes nodes to provide the best resiliency and scaling capabilities. This Quick Start
enforces the following rules by default.
Anti-affinity rule:
Go-router
Diego-cells
Note: All other Cloud Foundry roles also have anti-affinity to themselves, which
allows an even distribution of instances and roles across the worker nodes.
SUSE Cloud Application Platform deploys the Cloud Foundry User Authentication and
Authorization Service (UAA) independently of the remaining Cloud Foundry roles. This
allows UAA to be used by multiple services (such as SUSE CAP Stratos Web UI or other
third-party or custom applications). To optimize UAA and its data store, the following rule
is set.
Affinity rule:
UAA
MySQL
Scaling application workloads and Availability Zone placement
When applications are deployed to SUSE Cloud Application Platform by using the Cloud
Foundry CLI or Stratos UI, the Cloud Foundry component called Diego (Droplet Execution
Agent — DEA written in Golang) determines the placement of the application workloads
onto the available Kubernetes worker nodes.
This placement depends on the application’s resource requirements (memory, disk, CPU)
and the number of customer application instances to start and scale up to. To facilitate
scaling the cluster, this Quick Start implements appropriate Kubernetes node labeling to
enable even distribution of the Diego cell pods on the initial number of nodes.
Minimal-cost deployment without HA
If you want a low-cost development environment without high availability, you can set all
resource multipliers to 1. This would deploy two nodes in total.
Amazon Web Services – SUSE Cloud Application Platform on the AWS Cloud March 2020
Page 22 of 25
Backup and recovery
To configure backups for Cloud Foundry data (user, organizations/spaces, application
metadata), please contact SUSE for installation and configuration instructions.
FAQ
Q. I encountered a CREATE_FAILED error when I launched the Quick Start.
A. If AWS CloudFormation fails to create the stack, we recommend that you relaunch the
template with Rollback on failure set to No. (This setting is under Advanced in the
AWS CloudFormation console, Options page.) With this setting, the stack’s state is
retained and the instance is left running so you can troubleshoot the issue.
Important: When you set Rollback on failure to No, you continue to incur AWS
charges for this stack. Ensure that you delete the stack after you finish
troubleshooting.
For additional information, see Troubleshooting AWS CloudFormation on the AWS
website.
Q. I encountered a size limitation error when I deployed the AWS CloudFormation
templates.
A. We recommend that you launch the Quick Start templates from the links in this guide or
from another S3 bucket. If you deploy the templates from a local copy on your computer or
from a non-S3 location, you might encounter template size limitations when you create the
stack. For more information about AWS CloudFormation limits, see the AWS
documentation.
Q. Custom::KubeManifest/Custom::Helm failed on stack create, update, or deletion.
A. These resources are backed by Lambda functions that are defined in the Functions stack.
Their logs are stored in Amazon CloudWatch Logs. To access the logs, open the AWS
Lambda console at https://console.aws.amazon.com/lambda/, select the relevant Lambda
function, and then choose Open in CloudWatch Logs.
Q. The Route53::HostedZone resource fails to create with the error “Hosted zone already
exists.”
A. When you deploy the Quick Start, the value you provide for the Subdomain prefix
(SubDomainPrefix) parameter must be unique. Ensure that it doesn’t point to an existing
Route 53 hosted zone name.
Amazon Web Services – SUSE Cloud Application Platform on the AWS Cloud March 2020
Page 23 of 25
Q. UAA for SCF resources failed with an error.
A. These resources represent the installation of the SUSE Cloud Application Platform Helm
charts. To troubleshoot, use the Kubernetes CLI (kubectl command) to check the status of
the running pods:
> kubectl get namespaces > kubectl get pods –n uaa > kubectl get pods –n scf > kubectl describe pods -n uaa > kubectl describe pod -n scf > kubectl get pv,pvc –all-namespaces
Q. Can I enable Eirini?
A. It is advised that you wait for the Git fork that includes a “Technical Preview” of the
Eirini Project.
Send us feedback
To post feedback, submit feature ideas, or report bugs, use the Issues section of the
GitHub repository for this Quick Start. If you’d like to submit code, please review the Quick
Start Contributor’s Guide.
Additional resources
SUSE Cloud Application Platform
SUSE Documentation - Deploying SUSE Cloud Application on Amazon EKS
Cloud Foundry Developer Guide
Deploying and Using the AWS Service Broker
Marketing materials and case studies
Client tools
Cloud Foundry CLI (cf)
Kubernetes CLI (kubectl)
Helm CLI (helm)
AWS resources
Getting Started Resource Center
Amazon Web Services – SUSE Cloud Application Platform on the AWS Cloud March 2020
Page 24 of 25
AWS General Reference
AWS Glossary
Amazon EKS documentation
Amazon EKS
Other AWS services
AWS CloudFormation
Amazon CloudWatch Logs
Amazon EBS
Amazon EC2
Elastic Load Balancing
IAM
AWS Lambda
Amazon VPC
Other Quick Start reference deployments
AWS Quick Start home page
Document revisions
Date Change In sections
March 2020 Update for CAP 1.5.2 Eirini application
runtime scheduler
FAQ
September 2019 Domain information; parameter descriptions
Health-verification code update
Stratos information
Erini information
Step 3
Step 4
Stratos web UI
Erini application
runtime scheduler
FAQ
April 2019 Initial publication —
Amazon Web Services – SUSE Cloud Application Platform on the AWS Cloud March 2020
Page 25 of 25
© 2020, Amazon Web Services, Inc. or its affiliates, and SUSE. All rights reserved.
Notices
This document is provided for informational purposes only. It represents AWS’s current product offerings
and practices as of the date of issue of this document, which are subject to change without notice. Customers
are responsible for making their own independent assessment of the information in this document and any
use of AWS’s products or services, each of which is provided “as is” without warranty of any kind, whether
express or implied. This document does not create any warranties, representations, contractual
commitments, conditions or assurances from AWS, its affiliates, suppliers or licensors. The responsibilities
and liabilities of AWS to its customers are controlled by AWS agreements, and this document is not part of,
nor does it modify, any agreement between AWS and its customers.
The software included with this paper is licensed under the Apache License, Version 2.0 (the "License"). You
may not use this file except in compliance with the License. A copy of the License is located at
http://aws.amazon.com/apache2.0/ or in the "license" file accompanying this file. This code is distributed on
an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and limitations under the License.
top related