Setting up Anthos clusters on AWS

Aug 16, 2023

Setting up Anthos clusters on AWS

Lisa Shen demos how to set up Anthos / GKE clusters on AWS

Content

1.199 -> hi my name is lisa chen and i'm a

3.439 -> product manager in google cloud

6.16 -> in this video i'll talk a bit about

8.08 -> insoles in enzo's multi-cloud

10.48 -> then i'll give you a demo of setting up

12.48 -> enzo's gke cluster on aws via the

15.36 -> terraform script

17.6 -> i'll also show you how to view the logs

19.68 -> and deploy a simple application to the

21.68 -> cluster and examine the workload from

24.08 -> the gcp console

28 -> more enterprise customers are either

30 -> using or look into leveraging multiple

32.32 -> cloud providers

33.84 -> the multi-cloud approach comes with

35.68 -> added complexity in the form of multiple

38 -> management interface disparate policy

40.8 -> enforcement and complex security

43.04 -> implications

44.96 -> nsos provides a unified platform for

47.36 -> managing the clusters across different

50 -> clouds as well as on-prem

52.16 -> the clusters can be running inside of

54.079 -> virtual machines and instances as well

56.64 -> as on bare metal

58.559 -> enzos is a hundred percent software

60.719 -> product that extends google cloud

62.48 -> services and engineering best practices

65.36 -> to your environments so you can

67.6 -> modernize apps faster and establish

70.159 -> operational consistence across them

73.76 -> enzo's configuration management provides

76.08 -> a central place to manage and

77.68 -> configuration and security policies

80.08 -> across your fleet so you can get the

82.159 -> right governance at scale

85.439 -> enzos also features a managed service

88.08 -> mesh offering to connect manage and

90.72 -> secure your vms and containers

94.64 -> google cloud logging and cloud

96.479 -> monitoring provides integrated logging

99.04 -> and monitoring service for the

100.56 -> containers services and applications

105.6 -> and on top of everything esos provides

108.079 -> developers with a rich set of tools such

110.399 -> as google cloud belt cloud deploy for

113.04 -> its most modern application development

115.2 -> experience

119.2 -> specific to multi-cloud enso allows you

121.68 -> to manage clusters on google cloud aws

124.719 -> and azure

126.24 -> enso manages not only nsos gke clusters

129.44 -> on-prem and in multiple clouds it also

132.239 -> manages ending standard cncf compliant

135.28 -> kubernetes clusters

137.12 -> nsos is a great multi-cluster management

139.28 -> tool to manage standardize secure your

141.92 -> clusters across multiple environments

144.64 -> and kubernetes vendors

147.04 -> let's now dive a bit deeper into enzo's

149.36 -> multi-cloud architecture on aws and

152.239 -> azure

156.16 -> enzo's multi-cloud is a managed service

158.64 -> that helps you provision operate and

161.12 -> scale kubernetes clusters in your aws or

164.239 -> azure account

166.48 -> enso's clusters are four kubernetes

168.56 -> clusters based on the aws azure

170.72 -> infrastructure they run on ec2 or azure

173.92 -> vms

175.12 -> and are fully integrated with cloud

176.879 -> providers native platform resources

180.4 -> with n-source clusters you get same

182.64 -> distribution bits same security patches

185.2 -> same networking technologies

187.519 -> as you get with the gcp gke cluster

192 -> the enzo's multi-cloud architecture has

194.159 -> a few key component

196.48 -> for example the multi-cloud cluster api

199.44 -> is a standard google cloud rest api

202.159 -> which provide cluster create read

204.64 -> updates delete operations

207.68 -> enso's cluster on aws use aws api to

211.2 -> provision resources needed by the

213.2 -> cluster including virtual machines

215.44 -> managed disks auto scaling group

217.84 -> security groups and load balancers and

220.72 -> the same goes with azure

223.76 -> and an enso service account with the

226.48 -> enzo's multi-cloud api is enabled in

228.879 -> your google cloud project a google

231.36 -> managed service account will be

232.959 -> automatically created with your project

236 -> this service account will be the

237.36 -> security principle calling the azure or

239.519 -> aws api

243.84 -> for the connect api when you register a

246.239 -> cluster outside google cloud

248.879 -> google cloud uses a deployment called

251.12 -> connect agent in the cluster to

253.2 -> establish a secure connection where the

255.2 -> connect api between the cluster and your

257.519 -> google cloud project

259.359 -> and to handle the kubernetes requests

262.32 -> this enables access to the cluster and

264.639 -> into workload management features in

266.72 -> google cloud so you have a unified user

269.36 -> interface and cloud console to manage

271.36 -> the classroom

274.16 -> the multi-cloud architecture gives

276 -> customers a hosted cloud-backed

278.08 -> management control plan

280 -> google takes care of the provisioning

282.08 -> upgrading or backing up the management

284.08 -> layer

285.12 -> rollouts can be done on a regular basis

287.52 -> by google to deliver bug fixes and

290.24 -> features

291.28 -> when the change is rolled out it becomes

293.52 -> available automatically for all

295.36 -> customers without any action required on

297.759 -> their part

304.24 -> there are multiple ways to perform life

306 -> cycle management of enso's cluster on

308.24 -> aws or azure one option is to use gcloud

312.16 -> cois as you can see the cri example here

315.44 -> in the slide

316.72 -> you'll create a cluster control plan

318.479 -> node first followed by the no pool

320.639 -> creations with the coi

323.6 -> and terraform is another option for

325.52 -> provisioning the enzo's multi-cloud

327.36 -> clusters

328.72 -> now let's jump right into the demo

334.639 -> in this demo we'll be using the

336.4 -> terraform to set up the enzo's cluster

338.56 -> on aws

340.08 -> there are some prerequisites you need to

341.919 -> perform beforehand

344.16 -> first ensure your gcloud sdk version is

347.28 -> 365 or greater

351.44 -> if you don't have the right sdk version

353.52 -> you can use the gcloud component update

356.319 -> to get the right version

358.479 -> and also make sure that you have the aws

360.96 -> coi installed and set up with the aws

364.08 -> access key and a secret

367.199 -> we also need to configure the gcp

369.44 -> terraform authentication via the

371.44 -> gcloudos command

373.52 -> i have taken care of this prerequisite

375.759 -> prior to this video recording so i will

379.12 -> put a note here

383.44 -> next step is to ensure you are in the

385.52 -> correct google project and then enable

388.4 -> the gcp services in this project

393.199 -> in this demo we're going to use a quick

395.44 -> start tarot form script in the github

397.6 -> repo

398.8 -> to provision the enzo's clusters on aws

402.16 -> i will share the link at the end of this

404.08 -> video for the repo

409.919 -> since i've already cloned enso's

411.84 -> multi-cloud terraform repo beforehand

414.88 -> i will directly go to the aws folder in

417.52 -> my local disk

427.039 -> after copying the repo to the local disk

429.68 -> you may need to update the terraform tf

432 -> raw files with the specific environment

434.8 -> variables

437.52 -> as you can see i've already put in my

440.479 -> project id and email address in this

443.28 -> file

444.16 -> you can find the project number in the

446.24 -> gcp console on the left side of the

448.479 -> dashboard page or via the gcloud cri

451.919 -> command

452.88 -> the admin user will be the gcp account

455.68 -> email address that can log into the

457.84 -> cluster once it's created via the

460.4 -> connect gateway

462.4 -> in addition you can put a cluster prefix

465.039 -> name here and then define the type of

467.599 -> ec2 instances and the regions you'd like

470.56 -> to use with the cluster creation

474.479 -> and that's it

476.08 -> so now let's go ahead initialize and

478.639 -> create a terraform plan

492.72 -> once started the installation process

495.919 -> will take about 12 minutes

498.72 -> after the script completes it will

500.639 -> install all relevant is prerequisite in

503.36 -> aws including vpc subnets internet

506.96 -> gateway net gateway im rows route tables

511.12 -> and so on

512.56 -> the enzos gke cluster on aws will be

515.919 -> provisioned with three control plan

518.479 -> nodes with one in each availability zone

522.159 -> and a single node pool with two t3 dot

525.04 -> medium nodes in the auto scaling group

527.36 -> to a maximum of five nodes

531.839 -> now let's fast forward to the end of the

534.08 -> cluster creation the enzo cluster on aws

538.399 -> is created successfully as you can see

540.72 -> here

541.92 -> now that we have the aws cluster set up

545.04 -> we can use the cube ctl to interact with

547.519 -> the cluster

548.959 -> but before that

550.56 -> we need to set up the context by using

552.8 -> the gcloud container get credentials

554.88 -> command

555.92 -> so let's get credentials for the aws

558.399 -> cluster

563.279 -> this command sets up the context for

565.36 -> cubectl that uses gke connect gateway as

568.56 -> the endpoint and authenticates the

570.88 -> caller using the google identity

572.8 -> provided by gcloud

575.44 -> the command works out of box for private

578.32 -> clusters even if you don't have outside

580.56 -> internet access

590 -> once we have the cube cto set up we can

593.04 -> start to use the cube cto to export the

595.36 -> clusters and deploy the workloads on the

597.6 -> node ports

604.959 -> now let's navigate to the google cloud

607.36 -> console where we can interact with the

609.44 -> cluster we've just created

611.839 -> there are two clusters here in the gke

614 -> cluster page one is the gke cluster that

617.2 -> i provisioned before this video the

619.92 -> other cluster is the aws cluster that

622.56 -> we've just created via the tarot phone

625.6 -> the clusters appear on the gke and

628.399 -> enso's cluster page in the google cloud

630.72 -> console however to see more details such

634.32 -> as the nodes and workloads for any

636.72 -> cluster outside google cloud you need to

639.44 -> log in and authenticate to the cluster

654.88 -> there are a few options provided to you

657.519 -> and the next login is the google

659.2 -> identity option

661.04 -> now we'll be able to see the similar

662.88 -> cluster information as we have observed

665.36 -> with cubecto coi command earlier

676.16 -> remember we have enabled the system

678.16 -> container login via the gcloud command a

680.64 -> moment ago in the terminal

682.8 -> let's explore the system logs related to

685.2 -> this cluster

687.12 -> you can see your logs directly from the

689.12 -> log explorer by using the login filters

691.68 -> to select the kubernetes resources such

693.92 -> as cluster node namespace

696.959 -> or the container logs

698.959 -> and let's type in a query here

702.32 -> there are a few resource types such as

704.16 -> the control plan component logs or the

706.56 -> node pro logs

708.399 -> the kubernetes container resource type

710.48 -> that i put in here refers to the system

712.639 -> apps log

715.04 -> now you can see all the aws cluster logs

717.76 -> related to the system

719.6 -> apps

720.399 -> under the namespace of gkeconnect gke

723.2 -> system and cube system in the gcp

726 -> console

732.32 -> now let's go back to the terminal and

734.56 -> we'll create a new simple deployment and

737.44 -> run a hello app from the enso's cluster

740 -> on aws that we've just created

743.36 -> and to do that we're going to use the

745.44 -> cube cto command here

752.56 -> next step is to create a kubernetes

755.68 -> service which is a kubernetes resource

758.079 -> that lets you expose your application to

760.079 -> the external traffic

762.48 -> and let's run the following cube cto

764.639 -> expose command

768.88 -> to inspect the hollow server service

771.12 -> let's run the cube cto get service

773.2 -> command

776.56 -> now we can view the application from the

778.56 -> web browser using the external ip

780.88 -> address shown here let's do that from

783.279 -> the google cloud console

787.2 -> on the gcp console there is our aws

789.92 -> cluster listed in the kubernetes engine

792.24 -> cluster page

794 -> let's take a look at the workload we've

796.16 -> just created

800.8 -> here is the hello server deployment and

803.279 -> let's click on it to view the details of

805.6 -> the deployment

809.839 -> remember we have exposed the service

812 -> where the cube cto command earlier

814.72 -> and now let's actually click on the

816.48 -> external ip address listed up here

821.199 -> a new browser window is open with our

823.68 -> app up and running

826.639 -> that concludes the demo for setting up

828.56 -> the nsos cluster on aws

832.72 -> you can check out the step-by-step guide

834.959 -> and the tarot form script for running

836.959 -> the demo in the github site here

839.44 -> to learn more about enzo's multi-cloud

841.6 -> solution

842.48 -> please visit nsos multi-cloud website

845.68 -> thank you for watching the video

Source: https://www.youtube.com/watch?v=ILYCgbEnAEs