Deploy Flink to EKS - Part 2 - Launching Amazon EKS Worker Nodes - [Description]
2020年07月18日
ClusterName: Enter the name that you used when you created your Amazon EKS cluster. This name must exactly match your Amazon EKS cluster name. Otherwise, your worker nodes will be unable to join it.
ClusterControlPlaneSecurityGroup: Enter the security group or groups that you used when you created your Amazon EKS cluster. This AWS CloudFormation template creates a worker node security group that allows traffic to and from the cluster control plane security group specified.
NodeGroupName: Enter a name for your node group that is included in your Auto Scaling node group name.
NodeAutoScalingGroupMinSize: Enter the minimum number of nodes to which your worker node Auto Scaling group can scale in.
NodeAutoScalingGroupMaxSize: Enter the maximum number of nodes to which your worker node Auto Scaling group can scale out.
NodeInstanceType: Choose an instance type for your worker nodes.
NodeImageId: Enter the current Amazon EKS worker node AMI ID for your Region. The Amazon EKS worker node AMI is based on Amazon Linux 2. You can track security or privacy events for Amazon Linux 2 at the Amazon Linux Security Center or subscribe to the associated RSS feed. Security and privacy events include an overview of the issue, what packages are affected, and how to update your instances to correct the issue.
KeyName: Enter the name of an Amazon EC2 SSH key pair that you can use to connect using SSH into your worker nodes with after they launch.
VpcId: Enter the ID for the VPC that your worker nodes should launch into.
Subnets: Choose the subnets within the above VPC that your worker nodes should launch into.
When your stack has finished creating, select it in the console and choose Outputs. Record the NodeInstanceRole for the node group that was created. You need this when you configure your Amazon EKS worker nodes.
Enable worker nodes to join your cluster
Download, edit, and apply the AWS authenticator configuration map.
Download the configuration map:
~]$ curl -o aws-auth-cm.yaml https://amazon-eks.s3.us-west-2.amazonaws.com/cloudformation/2020-06-10/aws-auth-cm.yaml
Open the file with your favorite text editor. Replace the <ARN of instance role (not instance profile)> snippet with the NodeInstanceRole value that you recorded in the previous procedure, and save the file.
~]$ vim aws-auth-cm.yaml
~]$ kubectl apply -f aws-auth-cm.yaml
Watch the status of your nodes and wait for them to reach the Ready status.
~]$ kubectl get nodes --watch
Install Helm3
Helm now has an installer script that will automatically grab the latest version of Helm and install it locally. You can fetch that script, and then execute it locally. It's well documented so that you can read through it and understand what it is doing before you run it.
~]$ curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
~]$ chmod 700 get_helm.sh
~]$ ./get_helm.sh
Ververica Platform can be installed via Helm into any Kubernetes cluster. It is as easy as adding our Helm repository and running helm install.
~]$ helm repo add ververica https://charts.ververica.com
In order to use Ververica Platform Community Edition, you will need to accept our Community Edition License Agreement. Please read the license agreement carefully, and afterwards, accept it by passing the corresponding flag via Helm:
~]$ helm install vvp ververica/ververica-platform
~]$ helm install vvp ververica/ververica-platform --set acceptCommunityEditionLicense=true
~]$ kubectl port-forward service/vvp-ververica-platform --address 10.0.0.61 8080:80
Forwarding from 10.0.0.61:8080 -> 8080
~]$ kubectl port-forward service/vvp-ververica-platform 8080:80
Access the web UI from an EC2 via http://10.0.0.x:8080
References
create-stack
-
-
~]$ EKS_CLUSTER_NAME=flink
~]$ CLOUDFORMATION_STACK_NAME=EKS-WorkerNodes-Flink
~]$ aws cloudformation create-stack \
> --stack-name $CLOUDFORMATION_STACK_NAME \
> --template-url https://amazon-eks.s3.us-west-2.amazonaws.com/cloudformation/2020-06-10/amazon-eks-nodegroup.yaml \
> --capabilities CAPABILITY_NAMED_IAM \
> --parameters ParameterKey=ClusterName,ParameterValue=$EKS_CLUSTER_NAME ParameterKey=ClusterControlPlaneSecurityGroup,ParameterValue=sg-0dc2###8bb8 ParameterKey=NodeGroupName,ParameterValue=NodeGroupFlink ParameterKey=NodeAutoScalingGroupMinSize,ParameterValue=1 ParameterKey=NodeAutoScalingGroupDesiredCapacity,ParameterValue=1 ParameterKey=NodeAutoScalingGroupMaxSize,ParameterValue=2 ParameterKey=NodeInstanceType,ParameterValue=t3a.medium ParameterKey=NodeImageIdSSMParam,ParameterValue=/aws/service/eks/optimized-ami/1.17/amazon-linux-2/recommended/image_id ParameterKey=KeyName,ParameterValue=vpn-client-aws ParameterKey=VpcId,ParameterValue=vpc-0b05###8b30 ParameterKey=Subnets,ParameterValue=subnet-0173###7750\\,subnet-0caa3###e73d
{
"StackId": "arn:aws:cloudformation:us-west-2:123456789012:stack/EKS-WorkerNodes-Flink/b3b23e80-####-0ac1c883d400"
}
ClusterName: Enter the name that you used when you created your Amazon EKS cluster. This name must exactly match your Amazon EKS cluster name. Otherwise, your worker nodes will be unable to join it.
ClusterControlPlaneSecurityGroup: Enter the security group or groups that you used when you created your Amazon EKS cluster. This AWS CloudFormation template creates a worker node security group that allows traffic to and from the cluster control plane security group specified.
NodeGroupName: Enter a name for your node group that is included in your Auto Scaling node group name.
NodeAutoScalingGroupMinSize: Enter the minimum number of nodes to which your worker node Auto Scaling group can scale in.
NodeAutoScalingGroupMaxSize: Enter the maximum number of nodes to which your worker node Auto Scaling group can scale out.
NodeInstanceType: Choose an instance type for your worker nodes.
NodeImageId: Enter the current Amazon EKS worker node AMI ID for your Region. The Amazon EKS worker node AMI is based on Amazon Linux 2. You can track security or privacy events for Amazon Linux 2 at the Amazon Linux Security Center or subscribe to the associated RSS feed. Security and privacy events include an overview of the issue, what packages are affected, and how to update your instances to correct the issue.
ami-0dfd276ad9d6d5bbe
KeyName: Enter the name of an Amazon EC2 SSH key pair that you can use to connect using SSH into your worker nodes with after they launch.
VpcId: Enter the ID for the VPC that your worker nodes should launch into.
Subnets: Choose the subnets within the above VPC that your worker nodes should launch into.
When your stack has finished creating, select it in the console and choose Outputs. Record the NodeInstanceRole for the node group that was created. You need this when you configure your Amazon EKS worker nodes.
Enable worker nodes to join your cluster
Download, edit, and apply the AWS authenticator configuration map.
Download the configuration map:
~]$ curl -o aws-auth-cm.yaml https://amazon-eks.s3.us-west-2.amazonaws.com/cloudformation/2020-06-10/aws-auth-cm.yaml
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 282 100 282 0 0 3241 0 --:--:-- --:--:-- --:--:-- 3241
Open the file with your favorite text editor. Replace the <ARN of instance role (not instance profile)> snippet with the NodeInstanceRole value that you recorded in the previous procedure, and save the file.
~]$ vim aws-auth-cm.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: aws-auth
namespace: kube-system
data:
mapRoles: |
- rolearn: arn:aws:iam::123456789012:role/EKS-WorkerNodes-Flink-NodeInstanceRole-ZR24GYOO40LZ
username: system:node:{{EC2PrivateDNSName}}
groups:
- system:bootstrappers
- system:nodes
Apply the configuration.~]$ kubectl apply -f aws-auth-cm.yaml
configmap/aws-auth created
Watch the status of your nodes and wait for them to reach the Ready status.
~]$ kubectl get nodes --watch
NAME STATUS ROLES AGE VERSION ip-10-0-1-28.us-west-2.compute.internal Ready <none> 2m23s v1.17.7-eks-bffbac
Install Helm3
Helm now has an installer script that will automatically grab the latest version of Helm and install it locally. You can fetch that script, and then execute it locally. It's well documented so that you can read through it and understand what it is doing before you run it.
~]$ curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
~]$ chmod 700 get_helm.sh
~]$ ./get_helm.sh
Downloading https://get.helm.sh/helm-v3.2.4-linux-amd64.tar.gz Preparing to install helm into /usr/local/bin helm installed into /usr/local/bin/helm
Ververica Platform can be installed via Helm into any Kubernetes cluster. It is as easy as adding our Helm repository and running helm install.
~]$ helm repo add ververica https://charts.ververica.com
"ververica" has been added to your repositories
In order to use Ververica Platform Community Edition, you will need to accept our Community Edition License Agreement. Please read the license agreement carefully, and afterwards, accept it by passing the corresponding flag via Helm:
~]$ helm install vvp ververica/ververica-platform
Error: template: ververica-platform/templates/pvc.yaml:1:11: executing "ververica-platform/templates/pvc.yaml" at <include "vvp.should.create.pvc" .>: error calling include: template: ververica-platform/templates/_helpers.tpl:74:15: executing "vvp.should.create.pvc" at <include "vvp.pvc.enabled" .>: error calling include: template: ververica-platform/templates/_helpers.tpl:66:12: executing "vvp.pvc.enabled" at <include "vvp.private.process.application.config" .>: error calling include: template: ververica-platform/templates/_helpers.tpl:128:8: executing "vvp.private.process.application.config" at <include "vvp.private.inject.license.config" .>: error calling include: template: ververica-platform/templates/_helpers.tpl:196:106: executing "vvp.private.inject.license.config" at <fail>: error calling fail:
================================================================================
ERROR: No Ververica Platform license provided.
Actions to resolve:
* Provide a valid license at `vvp.license.data`.
- OR -
* Read the printed Ververica Platform Community Edition license agreement and
indicate that you accept it by setting `acceptCommunityEditionLicense=true`.
================================================================================
COMMUNITY EDITION LICENSE AGREEMENT
IMPORTANT- READ THIS COMMUNITY EDITION LICENSE AGREEMENT ("AGREEMENT") BEFORE AGREEING TO USE THE SOFTWARE. BY PASSING “acceptCommunityEditionLicense=true” YOU ACKNOWLEDGE THAT YOU HAVE READ AND AGREE TO ALL THE TERMS AND CONDITIONS OF THIS AGREEMENT WITH VERVERICA GMBH ("VERVERICA") AS AN AUTHORIZED REPRESENTATIVE OF YOUR COMPANY ON WHOSE BEHALF YOU DOWNLOAD THE SOFTWARE. IF YOU DO NOT AGREE WITH THE TERMS AND CONDITIONS OF THIS AGREEMENT DO NOT PASS "acceptCommunityEditionLicense=true" DURING INSTALLATION WITH HELM AND YOU WILL NOT BE ABLE TO INSTALL OR USE THE SOFTWARE. THE DATE THAT YOU AGREE TO THIS AGREEMENT IS THE "EFFECTIVE DATE." This Agreement is between You and Ververica and governs Your use of the Product hereunder for internal business use only.
1. Definitions.
1.1. “Product” means the Software and all associated documentation (if any) (“Documentation”), collectively.
1.2. “Software” means the Ververica proprietary software.
2. License Grant. Subject to the terms and conditions of this Agreement, Ververica grants You a non-exclusive, non-transferable, limited license (without the right to sublicense) to (i) use the Product solely for internal business use; (ii) use all associated Documentation in connection with such authorized use of the Software; and (iii) make one copy of the Documentation solely for archival and backup purposes.
3. Open Source Software. The Software may contain or be distributed with open source software components (“Open Source Components”). Such Open Source Components are not licensed under this Agreement, but are instead licensed under the terms of the applicable open source license. Your use of each Open Source Component is subject to the terms of each applicable license which are available to You and can be found in the readme file. You are solely responsible for its compliance with such licenses.
4. Restrictions. Except as expressly permitted in this Agreement, You shall not, and shall not permit any third party to: (i) redistribute the Software or host the Software as a service or as a cloud, SaaS, PaaS or other service where the value of the service derives substantially or primarily from the Software; (ii) reverse engineer, reverse assemble, or otherwise attempt to discover the source code of all or any portion of the Software; (iii) reproduce, modify, translate or create derivative works of all or any portion of the Product; (iv) assist any third party to gain access, license, sublicense, resell, distribute, assign, transfer or use the Product; (v) remove or destroy any proprietary notices contained on or in the Product or any copies thereof; or (vi) publish or disclose the results of any benchmarking of the Software, or use such results for Your own competing software development activities, without the prior written permission of Ververica.
5. Disclaimer of Warranty. YOU AGREE THAT VERVERICA AND ITS LICENSORS PROVIDE THE PRODUCT ON AN “AS IS” AND “WHERE-AS” BASIS WITH NO SUPPORT SERVICES. NEITHER VERVERICA NOR ITS LICENSORS MAKE ANY WARRANTIES WITH RESPECT TO THE PERFORMANCE OF THE SOFTWARE, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, AND VERVERICA AND ITS LICENSORS EXPRESSLY DISCLAIM ALL OTHER WARRANTIES, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF NON-INFRINGEMENT OF THIRD PARTY RIGHTS, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
6. Intellectual Property Rights; Feedback.
6.1. Intellectual Property Rights. All rights, title and interest in and to the Product and any improved, updated, modified or additional parts thereof, shall at all times remain the property of Ververica or its licensors. Nothing herein shall give or be deemed to give You any right, title or interest in or to the same except as expressly provided in this Agreement. Ververica reserves all rights not expressly granted herein.
6.2. Feedback. You agree to make reasonable efforts to provide Ververica with oral feedback and/or written feedback related to Your use of the Product, including, but not limited to, a report of any errors which You discover in the Product. Such reports, and any other materials, information, ideas, concepts, feedback and know-how provided by You to Ververica concerning the Product and any information reported automatically through the Product to Ververica (“Feedback”) will be the property of Ververica. You agree to assign, and hereby assign, all right, title and interest worldwide in the Feedback, and the related intellectual property rights, to Ververica and agree to assist Ververica, at Ververica’s expense, in perfecting and enforcing such rights.
6.3. Statistical Information. You agree that Ververica and its affiliates may collect and use technical information which You provide or which is acquired by Ververica as part of Your use of the Software, including country name, uptime, size and status of the deployments, Software version, screen size, URL of visited pages, Referrer header and User Agent header. Ververica uses this information to generate statistics on the use of the Software for market research and to drive improvements in Software infrastructure. Ververica agrees not to publish any of this information in a form that personally identifies You.
6.4. Publicity. You agree that Ververica may refer to the name of Your company as one its customers, both internally and in externally published media, and use your company’s logo, unless You expressly, and in writing, restrict Ververica from mentioning You and/or using Your logo. You hereby grant to Ververica, a nonexclusive, non transferable, worldwide, royalty-free, personal license to use Your logo solely in connection with marketing Ververica’s Software.
7. Limitation of Liability; Allocation of Risk.
7.1. Limitation of Liability. NEITHER VERVERICA NOR ITS LICENSORS SHALL BE LIABLE FOR SPECIAL, INCIDENTAL, CONSEQUENTIAL OR INDIRECT DAMAGES, RELATED TO THIS AGREEMENT, INCLUDING WITHOUT LIMITATION, LOST PROFITS, LOST SAVINGS, OR DAMAGES ARISING FROM LOSS OF USE, LOSS OF CONTENT OR DATA OR ANY ACTUAL OR ANTICIPATED DAMAGES, REGARDLESS OF THE LEGAL THEORY ON WHICH SUCH DAMAGES MAY BE BASED, AND EVEN IF VERVERICA OR ITS LICENSORS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN NO EVENT SHALL VERVERICA’S DIRECT DAMAGES EXCEED ONE HUNDRED DOLLARS (US $100.00). ADDITIONALLY, IN NO EVENT SHALL VERVERICA’S LICENSORS BE LIABLE FOR ANY DAMAGES OF ANY KIND.
7.2. Allocation of Risk. You and Ververica agree that the foregoing Section 7.1 on limitation of liability and the Section 5 above on warranty disclaimer fairly allocate the risks in the Agreement between the parties. You and Ververica further agree that this allocation is an essential element of the basis of the bargain between the parties and that the limitations specified in this Section 7 shall apply notwithstanding any failure of the essential purpose of this Agreement or any limited remedy hereunder.
8. Confidentiality. The terms of this Section 8 shall not apply to the extent that You and Ververica have executed a separate nondisclosure agreement.
8.1. Definition of Confidential Information. “Confidential Information” of a party shall mean (i) any technical and non-technical information related to such party’s business and current, future and proposed products and Software, including for example and without limitation, information concerning research, development, design details and specifications, financial information, procurement requirements, engineering and manufacturing information, customer lists, business forecasts, sales information, marketing plans and business plans, logs and other debugging artifacts, benchmark or comparison tests, bug tracking and quality measurements, information exchanged in the course of providing or receiving support, and encrypted or obfuscated information, whether or not decrypted; and (ii) any information that may be made known to the receiving party and which the disclosing party has received from others that the disclosing party is obligated to treat as confidential or proprietary, or is of a nature that should be considered confidential based on the circumstances surrounding the disclosure.
8.2. Nondisclosure of Confidential Information and Confidentiality Obligations. Neither party will use, disseminate or in any way disclose any Confidential Information of the other party to any person, firm or business. Each party shall treat all Confidential Information with the same degree of care as such party accords to its own confidential information but not less than reasonable care. Each party shall disclose Confidential Information only to its employees or representatives who have a need to know such information. Each party certifies that each such employee or representative will have agreed, either as a condition of employment or in order to obtain the Confidential Information, to be bound by terms and conditions substantially similar to those terms and conditions applicable to such party under this Agreement. Each party shall immediately give notice to the other party of any unauthorized use or disclosure of the other party’s Confidential Information. Each party shall assist the other party in remedying any such unauthorized use or disclosure of the other party’s Confidential Information.
8.3. Exceptions. Confidential Information shall not include any information that (i) was in the public domain at or subsequent to the time such information was communicated to the receiving party by the disclosing party through no fault of the receiving party; (ii) was rightfully in the receiving party’s possession free of any obligation of confidence at or subsequent to the time such information was communicated to the receiving party by the disclosing party; or (iii) is or was developed by the receiving party’s employees, contractors or agents independently of and without reference to any Confidential Information of the disclosing party. A disclosure of any Confidential Information by the receiving party (a) in response to a valid order by a court or other governmental body or (b) as otherwise required by law shall not be considered to be a breach of this Agreement or a waiver of confidentiality for other purposes; provided, however, that the receiving party shall provide prompt prior written notice thereof to the disclosing party to enable the disclosing party to seek a protective order or otherwise prevent such disclosure.
8.4. Ownership of Materials. All Confidential Information shall be the property of the disclosing party and no license or other rights to Confidential Information is granted or implied hereby. Within five (5) days after any request by the disclosing party, the receiving party shall destroy or deliver to the disclosing party, at the disclosing party’s option, all Confidential Information of the disclosing party in the possession of the receiving party. The receiving party will provide the disclosing party, upon request, a written certification of such party’s compliance with the obligations under this Section.
9. Term and Termination.
9.1. Term. The term of this Agreement will commence on the Effective Date and will continue for one (1) year. The term will automatically renew for successive periods of one (1) year unless a party notifies the other of its intent not to renew at least thirty (30) days in advance of the renewal date.
9.2. Termination. You may terminate this Agreement at any time by ceasing use of the Product. This Agreement will terminate immediately upon written notice from Ververica if You fail to comply with any provision of this Agreement. Except for Section 2 (“License Grant”), all Sections of this Agreement shall survive termination for a period of three (3) years from the date hereof. On termination of this Agreement, Ververica may destroy all of Your data that You have submitted through the Software.
10. Government End Users. The Software provided under this Agreement is commercial computer software programs developed solely at private expense. As defined in U.S. Federal Acquisition Regulations (FAR) section 2.101 and U.S. Defense Federal Acquisition Regulations (DFAR) sections 252.227-7014(a)(1) and 252.227-7014(a)(5) (or otherwise as applicable to You), the Software licensed in this Agreement is deemed to be “commercial items” and “commercial computer software” and “commercial computer software documentation.” Consistent with FAR section 12.212 and DFAR section 227.7202, (or such other similar provisions as may be applicable to You), any use, modification, reproduction, release, performance, display, or disclosure of such commercial Software or commercial Software documentation by the U.S. government (or any agency or contractor thereof) shall be governed solely by the terms of this Agreement and shall be prohibited except to the extent expressly permitted by the terms of this Agreement.
11. No Export. You agree and certify that neither the Software nor any other technical data received from Ververica, nor the direct product thereof, will be exported except as authorized and as permitted by applicable laws and regulations.
12. General Provisions. All notices permitted or required under this Agreement shall be in writing and shall be delivered by personal delivery, or by certified or registered mail, return receipt requested, and shall be deemed given upon personal delivery, five (5) calendar days after deposit in the mail, or upon acknowledgment of receipt of electronic transmission. This Agreement shall be governed by the laws of the State of California, U.S.A. without regard to conflict of laws principles. The parties agree that the United Nations Convention on Contracts for the International Sale of Goods is specifically excluded from application to this Agreement. If any provision hereof shall be held illegal, invalid or unenforceable, in whole or in part, such provision shall be modified to the minimum extent necessary to make it legal, valid and enforceable, and the remaining provisions of this Agreement shall not be affected thereby. The failure of either party to enforce any right or provision of this Agreement shall not constitute a waiver of such right or provision. Nothing contained herein shall be construed as creating an agency, partnership, or other form of joint enterprise between the parties. This Agreement may not be assigned, sublicensed or otherwise transferred by either party without the other party's prior written consent except that either party may assign this Agreement without the other party's consent to any entity that acquires all or substantially all of such party’s business or assets, whether by merger, sale of assets, or otherwise, provided that such entity assumes and agrees in writing to be bound by all of such party’s obligations under this Agreement. In the event any judicial proceeding, lawsuit or claim is brought by one party against the other party in connection with this Agreement, the prevailing party shall be entitled to recover its reasonable fees and costs, including but not limited to attorneys’ fees, expert witness fees, consultant fees, and related costs and expenses. This Agreement constitutes the parties’ entire understanding regarding the Software, and supersedes any and all other prior or contemporaneous agreements, whether written or oral.
================================================================================
ERROR: No Ververica Platform license provided.
Actions to resolve:
* Provide a valid license at `vvp.license.data`.
- OR -
* Read the printed Ververica Platform Community Edition license agreement and
indicate that you accept it by setting `acceptCommunityEditionLicense=true`.
================================================================================
~]$ helm install vvp ververica/ververica-platform --set acceptCommunityEditionLicense=true
NAME: vvp LAST DEPLOYED: Sat Jul 18 05:03:46 2020 NAMESPACE: default STATUS: deployed REVISION: 1 TEST SUITE: NoneNow, you can access the web user interface and the REST API with a port-forward from the Ververica Platform Kubernetes service.
~]$ kubectl port-forward service/vvp-ververica-platform --address 10.0.0.61 8080:80
Forwarding from 10.0.0.61:8080 -> 8080
~]$ kubectl port-forward service/vvp-ververica-platform 8080:80
Forwarding from 10.0.0.61:8080 -> 808010.0.0.61 is the IP address of the current Linux server, not the EKS worker node's IP.
Access the web UI from an EC2 via http://10.0.0.x:8080
References
create-stack
-