Setup

Requirements

Before setting up the Control and Data Planes, review these:

Access to DevZero Self-Hosted Repository
Custom EKS Nodes with DevZero AMI
Custom domain - domain setup with wildcard (*) alternative name
EKS cluster (v1.29+)
Storage - EBS or alternatives

Setup

If you have an existing cluster that meets the Requirements and have an environment that meets the Prerequisites, skip to directly deploy the Control and Data Planes.

If your company has an established way to create Kubernetes clusters, use that to create a cluster that meets these Requirements. By continuing, you will provision AWS infrastructure using DevZero's examples.

Clone the DevZero Self-Hosted repository

Clone this repository:

git clone https://github.com/devzero-inc/self-hosted.git
cd self-hosted

Prepare to configure the `permission-helper`

cd terraform/examples/aws/permission-helper

Update `main.tf`

Replace AWS_REGION in provider “aws” in terraform/examples/aws/permission-helper/main.tf with the target deployment region.

provider "aws" {
-  region = "AWS_REGION"
+  region = "us-west-2" # target deployment region
}

Update `terraform.tfvars`

Replace AWS_REGION, ACCOUNT_ID, CLUSTER_NAME in terraform/examples/aws/permission-helper/terraform.tfvars.

-  AWS_REGION   = "*"
-  ACCOUNT_ID   = "AWS_ACCOUNT_ID"
-  CLUSTER_NAME = "permissions-test"
+  AWS_REGION   = "us-west-2"           # target deployment region
+  ACCOUNT_ID   = "1234-1234-1234"      # AWS account ID
+  CLUSTER_NAME = "devzero-self-hosted" # DevZero deployment identifier

Run the module

terraform init
terraform apply

Review generated policies under `permissions/`

# in: terraform/examples/aws/permission-helper
% ls permissions
cluster-creation-permissions.json       efs-creation-permissions.json           vpc-creation-permissions.json
cluster-deletion-permissions.json       efs-deletion-permissions.json           vpc-deletion-permissions.json

Example permissions: GitHub Gist.

Create an IAM user

Send the generated policies (step 6) to your AWS administrator. Then log in with that IAM user before proceeding to the next step.

Create AWS infrastructure using DevZero's examples

Set up the base cluster

# terraform/examples/aws/base-cluster
cd ../base-cluster

Replace region, cluster_name and domain in terraform/examples/aws/base-cluster/terraform.tfvars.

-  region       = "us-west-1"
-  cluster_name = "devzero-dsh"
-  domain       = "devzero.internal"
+  region       = "us-west-2"        # target deployment region
+  cluster_name = "devzero-cluster"  # EKS cluster name
+  domain       = "devzero.io"       # custom domain

terraform init
terraform apply

Set up the cluster extensions

# terraform/examples/aws/cluster-extensions
cd ../cluster-extensions

Replace the cluster_name in terraform/examples/aws/cluster-extensions/terraform.tfvars.

- cluster_name = "devzero-dsh"
+ cluster_name = "devzero-cluster" # EKS cluster name

terraform init
terraform apply

Deploy the DevZero Control and Data Planes.

Setup

Ensure policy strictness

Create AWS User

To use an existing VPC

On this page