AWS Standard Installation¶
Sextant is Kubernetes-native. In other words, one installs Sextant into a Kubernetes cluster.
AWS Subscription¶
These instructions assume that you have successfully subscribed to the Sextant Standard Edition on the AWS Marketplace.
Tools¶
You will need the up-to-date versions of the following tools installed:
Create EKS Cluster¶
First create an Amazon EKS cluster by using the following command substituting
<CLUSTER_NAME>
and <REGION_NAME>
with a cluster name and region name of your
choice:
eksctl create cluster \
--name <CLUSTER_NAME> \
--region <REGION_NAME> \
--node-type m5.large \
--nodes 4 \
--with-oidc \
--managed
Note
By specifying 4 nodes this cluster can also be added to Sextant as a target cluster for Sawtooth or Besu deployments. However you are also free to use an existing EKS cluster.
Create a Service Account¶
Sextant requires a service account with an IAM role to enable access to the appropriate Amazon Marketplace metering API. In this instance the policy required is AWSMarketplaceMeteringFullAccess.
Step 1 (Optional)¶
If your Amazon EKS cluster has not been created with
IAM OIDC provider
by, for example, using the --with-oidc
option with eksctl
, enable it with:
eksctl utils associate-iam-oidc-provider \
--name <CLUSTER_NAME> \
--region <REGION_NAME> \
--approve
Step 2: Create Namespace¶
Create namespace sextant
for Sextant and switch to this -
Step 3: Create Service Account¶
Next we create a service account sextant-aws-standard
using eksctl
and
attach the policy using its Amazon Resource Name (ARN):
eksctl create iamserviceaccount \
--cluster=<CLUSTER_NAME> \
--region=<REGION_NAME> \
--namespace=sextant \
--name=sextant-aws-standard \
--attach-policy-arn="arn:aws:iam::aws:policy/AWSMarketplaceMeteringFullAccess" \
--override-existing-serviceaccounts \
--approve
Note
If you encounter an error creating (or updating) this service account then
you need to delete it using eksctl delete iamserviceaccount ...
:
Install Sextant¶
Step 1: Create values.yaml¶
Create a values.yaml
file that tells helm
to specify the service account
sextant-aws-standard
that we have just created when deploying Sextant:
edition: aws-standard
serviceAccount:
create: false
name: sextant-aws-standard
postgres:
persistence:
enabled: true
Note
By enabling persistence in the example above you will ensure that state is preserved even if you restart or delete/reinstall Sextant with the same name in the same namespace.
Step 2: Add or Update BTP Helm Charts Repo¶
Add the BTP helm charts repo:
Note that if you have done this previously you should make sure you have the most up-to-date BTP helm charts repo using this command:
Step 3: Deploy Sextant¶
Then run this helm
command to install Sextant:
The output should look something like this:
NAME: sextant
LAST DEPLOYED: Mon Jan 3 14:32:33 2022
NAMESPACE: sextant
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
1. Get the initial Sextant application username and password by running this command
kubectl describe pod/sextant-0 --namespace sextant-aws | grep INITIAL_
2. Get the application URL by running these commands:
export POD_NAME=$(kubectl get pods -l "app.kubernetes.io/name=sextant" -o jsonpath="{.items[0].metadata.name}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl port-forward $POD_NAME 8080:80
Save Admin Credentials¶
Obtain the initial Sextant application username and password by running this command:
Make a note of the username and password for admin access to Sextant. You will need these to log in to Sextant.
Note
These details will persist even if you restart or delete/reinstall Sextant with the same name in the same namespace since we enabled postgres persistence.
Set up Access to Sextant¶
Follow these instructions to set up access to Sextant either via
portforward
or a more permanent solution such as a load balancer or an
ingress controller.
Log in to Sextant¶
Once you have set up access to Sextant then you can log in using your saved username and password and start using it yourself or set up user access for members of your team.
Instructions on how to do this can be found here.