AWS Standard Installation

Sextant is Kubernetes-native. In other words, one installs Sextant into a Kubernetes cluster.

AWS Subscription

These instructions assume that you have successfully subscribed to the Sextant Standard Edition on the AWS Marketplace.

Tools

You will need the up-to-date versions of the following tools installed:

• aws
• eksctl
• helm
• kubectl

Create EKS Cluster

First create an Amazon EKS cluster by using the following command substituting <CLUSTER_NAME> and <REGION_NAME> with a cluster name and region name of your choice:

eksctl create cluster \
  --name <CLUSTER_NAME> \
  --region <REGION_NAME> \
  --node-type m5.large \
  --nodes 4 \
  --with-oidc \
  --managed

Note

By specifying 4 nodes this cluster can also be added to Sextant as a target cluster for Sawtooth or Besu deployments. However you are also free to use an existing EKS cluster.

Create a Service Account

Sextant requires a service account with an IAM role to enable access to the appropriate Amazon Marketplace metering API. In this instance the policy required is AWSMarketplaceMeteringFullAccess.

Step 1 (Optional)

If your Amazon EKS cluster has not been created with IAM OIDC provider by, for example, using the --with-oidc option with eksctl, enable it with:

eksctl utils associate-iam-oidc-provider \
  --name <CLUSTER_NAME> \
  --region <REGION_NAME> \
  --approve

Step 2: Create Namespace

Create namespace sextant for Sextant and switch to this -

kubectl create namespace sextant
kubectl config set-context --current --namespace=sextant

Step 3: Create Service Account

Next we create a service account sextant-aws-standard using eksctl and attach the policy using its Amazon Resource Name (ARN):

eksctl create iamserviceaccount \
--cluster=<CLUSTER_NAME> \
--region=<REGION_NAME> \
--namespace=sextant \
--name=sextant-aws-standard \
--attach-policy-arn="arn:aws:iam::aws:policy/AWSMarketplaceMeteringFullAccess" \
--override-existing-serviceaccounts \
--approve

Note

If you encounter an error creating (or updating) this service account then you need to delete it using eksctl delete iamserviceaccount ...:

Install Sextant

Step 1: Create values.yaml

Create a values.yaml file that tells helm to specify the service account sextant-aws-standard that we have just created when deploying Sextant:

edition: aws-standard
serviceAccount:
  create: false
  name: sextant-aws-standard
postgres:
  persistence:
    enabled: true

Note

By enabling persistence in the example above you will ensure that state is preserved even if you restart or delete/reinstall Sextant with the same name in the same namespace.

Step 2: Add or Update BTP Helm Charts Repo

Add the BTP helm charts repo:

helm repo add btp-stable https://btp-charts-stable.s3.amazonaws.com/charts/

Note that if you have done this previously you should make sure you have the most up-to-date BTP helm charts repo using this command:

helm repo update

Step 3: Deploy Sextant

Then run this helm command to install Sextant:

helm install -f values.yaml sextant btp-stable/sextant

The output should look something like this:

NAME: sextant
LAST DEPLOYED: Mon Jan  3 14:32:33 2022
NAMESPACE: sextant
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
1. Get the initial Sextant application username and password by running this command
  kubectl describe pod/sextant-0 --namespace sextant-aws | grep INITIAL_

2. Get the application URL by running these commands:
  export POD_NAME=$(kubectl get pods -l "app.kubernetes.io/name=sextant" -o jsonpath="{.items[0].metadata.name}")
  echo "Visit http://127.0.0.1:8080 to use your application"
  kubectl port-forward $POD_NAME 8080:80

Save Admin Credentials

Obtain the initial Sextant application username and password by running this command:

kubectl describe pod/sextant-0 | grep INITIAL_

Make a note of the username and password for admin access to Sextant. You will need these to log in to Sextant.

Note

These details will persist even if you restart or delete/reinstall Sextant with the same name in the same namespace since we enabled postgres persistence.

Set up Access to Sextant

Follow these instructions to set up access to Sextant either via portforward or a more permanent solution such as a load balancer or an ingress controller.

Log in to Sextant

Once you have set up access to Sextant then you can log in using your saved username and password and start using it yourself or set up user access for members of your team.

Instructions on how to do this can be found here.