DevZero Logo
DevZero
InstallAWS

Control Plane

Self-hosting a DevZero Control Plane on AWS EKS.

By following this guide, you'll set up the Control Plane software in a region hosted on AWS EKS, enabling you to:

  1. Deploy an EKS cluster configured for DevZero integration.
  2. Launch self-hosted DevZero Workspaces and Kubernetes Clusters to kickstart your development projects.
  3. Automatically scale your application's infrastructure on AWS

This step-by-step guide will walk you through creating an AWS EKS cluster, deploying DevZero Helm charts, and integrating your setup with the DevZero dashboard allowing your team to quickly start building in a production-like environment.

Let's get started with creating an AWS EKS cluster, deploying DevZero Helm charts, and integrating your setup with the DevZero dashboard, so that you can start building in a production-like environment.

Hosting the DevZero Control Plane on AWS EKS

For a detailed overview of the DevZero Control Plane, click here

Control Plane Architecture (AWS EKS)

Prerequisites

The following tools are needed to setup a DevZero Control Plane hosted on EKS:

Permissions Required

Check out the Required Permissions on AWS

Also see Data Plane Permissions

Setting up Control Plane on the self-hosted Cluster

Configuring AWS CLI to interact with your AWS account locally

Create aws_access_key and aws_secret_access_key from IAM Console.

Select Security Credentials of your user and click on 'Create Access Key'

Create Access Key

Set the usecase as CLI and give it a description in the next panel.

After creating the keys, copy them to configure your AWS CLI locally.

Copy Access Key

First, run this AWS command to configure your account:

aws configure

You will have to enter your aws_access_key and aws_secret_access_key in the input.

You are now logged in to your AWS acount.

Setting up the Infrastructure

Clone this repository which contains all the Terraform configuration to set up the infrastructure (and change into that directory).

git clone https://github.com/devzero-inc/self-hosted.git
cd self-hosted/terraform/examples/aws/base-cluster

Contact DevZero Support if you don't have access to the repository.

If you already have an existing VPC and want to use it for your Terraform deployment, Open the terraform.tfvars file in the Terraform project directory and update it with your VPC and subnet IDs. Since you're using an existing VPC, you need to tell Terraform not to create a new one. Set create_vpc to false.

Terraform VPC Variables

Skip this step and allow Terraform to create a new VPC automatically. The default setup will handle VPC creation if create_vpc is set to true.

Set cluster_endpoint_public_access to true if you want to access the EKS cluster from the public internet else set it to false for private access.

Run this to create the AWS resources such as VPC, EKS, ALB, VPN, etc.

terraform init
terraform apply

Copy the cluster name, VPC ID and the Subnet IDs from the output for the next step.

Go to cluster-extension directory and update the terraform.tfvars.

cd ../cluster-extensions

Update the VPC ID, Subnet IDs, Region and the EKS cluster name from the previous step.

Run this Terraform in cluster-extension to create EKS Addons, Storage Class and EFS.

terraform init
terraform apply

Deploying the Control Plane

Kubeconfig set up

Set up your local kubeconfig to connect to the EKS cluster using the region and cluster name from the terraform output:

aws eks update-kubeconfig --region <region> --name <cluster-name>

DockerHub Credentials

Contact the DevZero team at support@devzero.io to get the DockerHub credentials.

Setting Up the Dependencies

Go to the dz-control-plane-deps directory to install the dependencies which are prerequisites to set up a DevZero Control Plane on the EKS cluster.

cd ../../../../charts/dz-control-plane-deps
make install

DZ Control Plane CRD output

If you are using private subnets and all of your traffic is routed through the VPN (private network). You should modify the values/ingress-nginx_overrides.yaml to reflect your configuration, but usually it should be something like this:

controller:
  replicaCount: 1
  service:
    type: LoadBalancer
    annotations:
      service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
      service.beta.kubernetes.io/aws-load-balancer-scheme: "internal"
      service.beta.kubernetes.io/aws-load-balancer-type: "external"
      service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip"
      service.beta.kubernetes.io/aws-load-balancer-name: "devzero-control-ingress"
      service.beta.kubernetes.io/aws-load-balancer-subnets: <private_subnet_1>,<private_subnet_2>
      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: <acm_cert_arn>
      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https, http"

Modify the Grafana values too values/grafana_overrides.yaml:

ingress:
  enabled: true
  ingressClassName: nginx
  path: /
  hosts:
    - grafana.<domain>
  tls:
    - secretName: devzero-registry-tls
      hosts:
        - grafana.<domain>

Run make install after the changes.

Set up your Route 53 Domain

Ignore this step if you already have a domain. But if you don't have one, register a domain on AWS Route 53.

Route 53 Domain

Install the Control Plane

Go to the dz-control-plane directory to install the control plane. Contact the DevZero team at support@devzero.io to get the DockerHub credentials to install and set up the DevZero control plane.

cd ../dz-control-plane
export DOCKERHUB_USERNAME=<dockerhub_username>
export DOCKERHUB_TOKEN=<dockerhub_token>
make add-docker-creds
make install

Make sure to update the values.yaml in dz-control-plane directory with your domain, credentials (email, username and password), and thelicenseKey in backend.

If your applications are behing private network and your are not using lets encrypt to issue certificates you should modify values.yaml and change all ingress references from what we currently have to this:

  ## @subsection Gateway Ingress Configuration
  ingress:
    ## @param gateway.ingress.enabled Specify if the Api Gateway Ingress is enabled
    enabled: enable
    ## @param gateway.ingress.ingressClassName Ingress Class Name. May be required for k8s >= 1.18
    ingressClassName: "nginx"
    # @param gateway.ingress.annotations Annotations for ingress
    annotations:
    # @param gateway.ingress.hosts Hosts configuration
    hosts:
      ## @param gateway.ingress.hosts[0].host Host name for ingress
    - host: "api.{{ .Values.domain }}"
        # @param gateway.ingress.hosts[0].paths List of path configurations for ingress
      paths:
          ## @param gateway.ingress.hosts[0].paths[0].path Path for ingress route
      - path: /
            ## @param gateway.ingress.hosts[0].paths[0].pathType Path type for ingress route
        pathType: Prefix

This removes the annotations for cluster issuer and tls secrets as we potentially want to terminate SSL on the cluster. Now you can run make install

DZ Control Plane output

Ingress Setup

Get the ingress service in the cluster:

kubectl get ingress -n devzero

Running ingress

Copy the address of your ingress services.

Create new Records in Route 53

Create a CNAME record and add the address of your ingress service in the value. Set the record name as *: CNAME Record

Create an A record with an alias. Keep Subdomain empty, route traffic to Alias to Application and Classic Load Balancer. Set dualstack.<your-ingress-service-address> as the load balancer: A Record

Visit the DevZero Dashboard

Go to <your-dz-control-plane-web-host>/dashboard to check out the DevZero UI.

DevZero dashboard

Setting up Data Plane on a self-hosted EKS cluster

To set up the data plane in the same cluster, follow the guide for Setting up the Data Plane in AWS EKS from here.

Previous

Checklist

Next

Data Plane

On this page