Control Plane Deployment Instructions

1. Download the CloudFormation template above. Log in to your AWS Account. Navigate to CloudFormation > Stacks > Create stack > With new resources

2. The template is ready > Upload a template file

3. Input stack name

4. Input pClusterName , pDBPassword, and pDomainName

1. A new VPC with public and private subnets

2. Route53 HostedZone, for example, nimbus.company.dev, the web app will be accessible via nimbus.company.dev, and the workspace will be accessible via abcde.company.dropbox.dev

3. A new EKS cluster

4. Two IAM Roles
1. One for the EKS cluster, which contains quite a standard policy
2. The other one is for the EKS node group, which contains all permissions that Nimbus needs to operate (policy nimbus), and permissions to create a load balancer via helm chart (policy eks, which we will cover later)

1. In the AWS console, navigate to Certificate Manager

2. Click on the Request button

3. Select “Request a public certificate”

4. “Fully qualified domain name” ⇒ pDomainName in the CloudFormation step ”Select validation method” ⇒ DNS ”Tags” ⇒ Input any tags you use to track

5. Click on the Request button

6. On the certificate details page, find the “Domains” section. Once the “CNAME name” and ”CNAME value” becomes non-empty. Click on “Create records in Route53” > Create records

7. While the status is pending validation, you can move to the next step

Why not include the certificate creation in CloudFormation? It’s definitely feasible. However, the domain validation was a bit error-prone when we did testing on our end. If the validation got stuck or failed, the whole CloudFormation stack will be rolled back. With some failures in between, it can lead to a super long time just waiting for the resources to be ready

1. In your terminal (with the correct AWS credentials), run aws eks update-kubeconfig --region {region} --name {cluster-name} The cluster-namecan be found in the AWS console, or it is {pClusterName}-eks, where pClusterName is the input you use in the last step. This will update the kubeconfig in your local so that you have access to the cluster (as the creator);

2. Make sure you have helm installed, otherwise, install helm following https://helm.sh/. Once helm is installed, run helm repo add eks https://aws.github.io/eks-charts helm repo add nimbus http://helm.usenimbus.com/ helm upgrade --install nimbus nimbus/nimbus -n nimbus --create-namespace --set Host=<domain> --set aws-load-balancer-controller.clusterName=<cluster-name> --set ingress.aws.enabled=true The cluster-name is the same one as above and domainis the pDomainName that you put in as a parameter at the CloudFormation step. This will create an application load balancer for the EKS cluster, and install helm charts for Nimbus.

3. Go to Route 53 > Hosted zones > {your domain} > Create record Record name ⇒ Leave empty Record type ⇒ “A” Alias ⇒ Toggle on Route Traffic to ⇒ “Alias to Application and Classic Load Balancer” Choose Region ⇒ Your region Choose load balancer ⇒ Find the load balancer create in the last step To find the load balancer: EC2 > Load Balancing > Load Balancers > Find the one created recently, and with the tag “elbv2.k8s.aws/cluster”: “{cluster_name}”