AWS

This document will help guide you through understanding the process of building, deploying, and orchestrating Diarkis on AWS (EKS).

Overview

Using Diarkis is easy if you make use of our provided k8s configurations. However, please note that these configurations are in a primitive state, so feel free to modify them as necessary.

Requirements

  1. Docker with one of the following configurations:

    1. MacOS - Install Docker for MacOS. See the installation guide here.

    2. Linux - Install Docker for your particular distribution of Linux according to the installation guide here. Note: Docker provides .deb and .rpm packages for major distributions of Linux on x86_64/amd64 architecture, as well as experimental support for Arch-based distributions.

    3. Windows (with WSL2 or Hyper-V backend) - See the installation guide here. If installing Docker for the first time, please consider your use-case prior to backend selection.

  2. AWS account with billing enabled. If you do not have an AWS account nor project created already, please see here to get started.

  3. AWS CLI (aws command) with proper authentication. See the installation guide here (Note: AWS CLI supports all major operating systems). Please check here for help on CLI authentication.

  4. Kubernetes CLI (kubectl command) available for download here.

  5. EKS CLI (eksctl command) available for download on the AWS Workshop here.

Setup Guide

In the following steps we will guide you through the process of building, deploying, and orchestrating a template Diarkis server cluster. These instructions should be enough to help you get started.

Create ECR for Diarkis Images

Before we can push our Diarkis component images for deployment, we must first prepare remote ECR registries. As a base image we make use of alpine by default, it can be retrieved from Docker Hub.

aws sts get-caller-identity  # Verify the correct target  
aws ecr create-repository --repository-name http  
aws ecr create-repository --repository-name udp  
aws ecr create-repository --repository-name tcp  
aws ecr create-repository --repository-name mars

Create and Connect to EKS for Diarkis

eksctl create cluster -f cloud/aws/cluster_config.yaml  # takes about 10 minutes

Note: If an error occurs regarding NAT gateway compatibility in the selected AZ, choose a different AZ

aws eks --region ap-northeast-1 update-kubeconfig --name diarkis  # Get k8s credentials

Open EKS Firewall

Allow TCP and UDP traffic for ports 7000-8000 from 0.0.0.0/0 to EKS nodes. We recommend setting this in the security group named: eks-cluster-sg-diarkis-*.

Tag the Server Image and Push

From the project root generated by server-template, run the following commands:

make build-local

After generating server executables (udp, tcp, http, mars) in ./remote_bin, build the container image:

make setup-aws  
make build-container-aws  
make push-container-aws

Apply Manifest

kustomize build k8s/aws/overlays/dev0 | kubectl apply -f -

Check if the following four components are running:

$ kubectl get po -n dev0
NAME                    READY   STATUS    RESTARTS   AGE  
http-5c7dbbb6d7-lhjlm   1/1     Running   0          3d14h  
mars-0                  1/1     Running   0          3d14h  
tcp-88dc5f97d-7sqk9     1/1     Running   0          3d14h  
udp-fdc6bbccc-dwc5w     1/1     Running   0          3d14h

Check Diarkis Cluster

First, retrieve the public endpoint:

EXTERNAL_IP=$(kubectl get svc http -o json -n dev0 | jq -r '.status.loadBalancer.ingress[].hostname')  
kubectl get svc -n dev0 -o wide  # Alternatively, use this command

Send an HTTP GET request to the obtained EXTERNAL_IP:

curl ${EXTERNAL_IP}/auth/1

If you receive a response like the following, it is working correctly:

{
  "TCP": "ec2-xx-xx-xx-xx.ap-northeast-1.compute.amazonaws.com:7201",
  "UDP": "ec2-yy-yy-yy-yy.ap-northeast-1.compute.amazonaws.com:7101",
  "sid": "xxxxxxxxxx",
  "encryptionKey": "xxxxxxxxxx",
  "encryptionIV": "xxxxxxxxxx",
  "encryptionMacKey": "xxxxxxxxxx"
}

If there are missing items, there may be an issue with one of the deployed components. At this point, we recommend you to contact Diarkis support for further assistance.

Setup Cluster Autoscaler

kubectl apply -f cluster-autoscaler-autodiscover.yaml

This file is pre-configured for the cluster name diarkis. If using a different cluster name, modify references to diarkis in the manifest.

Setup Log Collector

Logs from containers can be aggregated using CloudWatch Logs. fluent-bit is already deployed in the amazon-cloudwatch namespace, but permissions are not set.

Assign the CloudWatchAgentServerPolicy to diarkis-public and diarkis-private nodes to aggregate logs. Logs will appear under /aws/containerinsights/Cluster_Name/application, allowing for filtering.

PreviousLaunch Diarkis Server in Cloud EnvironmentNextMARS Server

Last updated

Was this helpful?