DevZero Logo
DevZero
InstallAWS

Data Plane

Self-hosting a DevZero Data Plane on AWS EKS.

By following this guide, you'll set up a DevZero Data Plane hosted on AWS EKS, enabling you to:

  1. Deploy an EKS cluster configured for seamless DevZero integration.
  2. Launch self-hosted DevZero Workspaces and Kubernetes Clusters to kickstart your development projects.
  3. Manage and scale your infrastructure directly on AWS with ease.

This step-by-step guide will walk you through creating an AWS EKS cluster, deploying DevZero Helm charts, and integrating your setup with the DevZero dashboard allowing your team to quickly start building in a production-like environment.

Let's get started!

Hosting the DevZero Data Plane on AWS EKS

For a detailed overview of the DevZero Data Plane, click here

Prerequisites

The following tools are needed to setup a DevZero region hosted on EKS:

Permissions Needed

Check out the Required Permissions on AWS

Also see Control Plane Permissions

Setting up the infrastructure

AWS CLI configuration and IAM setup

If you have an AWS account, use the AWS CLI to connect with it locally. Or, log in to your AWS console.

Configuring AWS CLI to interact with your AWS account locally

First, create aws_access_key and aws_secret_access_key from IAM Console.

Select Security Credentials of your user and click on 'Create Access Key'

Create Access Key

Set the usecase as CLI and give it a description in the next panel.

After creating the keys, copy them to configure your AWS CLI locally.

Copy Access Key

Run this AWS command to configure your account:

aws configure

You will have to enter your aws_access_key and aws_secret_access_key in the input:

You are now logged in to your AWS acount.

Setting up an EKS cluster

Deploying the Data Plane

Update your kube-config file to connect to the EKS cluster:

aws eks update-kubeconfig --region <region> --name <cluster-name>

Install the dependencies which are prerequisites to set up a DevZero data plane on the EKS cluster.

git clone https://github.com/devzero-inc/self-hosted.git
cd self-hosted/charts/dz-data-plane-deps
make install
Release "dz-data-plane-crds" does not exist. Installing it now.
Pulled: registry-1.docker.io/devzeroinc/dz-data-plane-crds:0.1.2
Digest: sha256:c037129d1021339f35f1b03336b6d00471f8f858cb6cfdbba59babe004d140fe
NAME: dz-data-plane-crds
LAST DEPLOYED: Wed Jan  8 20:17:29 2025
NAMESPACE: devzero-self-hosted
STATUS: deployed
REVISION: 1
TEST SUITE: None

If you are using private subnets and all of your traffic is routed through the VPN (private network). You should modify the values/devzero-data-ingress_overrides.yaml to reflect your configuration, but usually it should be something like this:

controller:
  replicaCount: 1
  service:
    type: LoadBalancer
    annotations:
      service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
      service.beta.kubernetes.io/aws-load-balancer-scheme: "internal"
      service.beta.kubernetes.io/aws-load-balancer-type: "external"
      service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip"
      service.beta.kubernetes.io/aws-load-balancer-name: "devzero-data-ingress"
      service.beta.kubernetes.io/aws-load-balancer-subnets: <private_subnet_1>,<private_subnet_2>
 
  ingressClass: devzero-data-ingress
  ingressClassByName: true
  ingressClassResource:
    name: devzero-data-ingress
    controllerValue: devzero.io/devzero-data-ingress
  extraArgs:
    enable-ssl-passthrough: "true"

Run make install after the changes.

Install the helm charts to set up the DevZero data plane. Contact the DevZero team at support@devzero.io to get your credentials to install and set up the DevZero data plane.

cd ../dz-data-plane
make install

Make sure to update the values.yaml in dz-data-plane directory with your registry, email, username and password in the credentials section.

Installing the helm charts

To track progress:

watch kubectl get pods -n devzero-self-hosted

Verify that everything works:

kubectl get pods -n devzero-self-hosted

Running pods within the deployment

Create new Records in Route 53

Create a CNAME record and add the address of your Nginx ingress service in the value. Set the record name as *: CNAME Record

Create an A record with an alias. Keep Subdomain empty, route traffic to Alias to Application and Classic Load Balancer. Set dualstack.<your-ingress-service-address> as the load balancer: A Record

Connecting to DevZero

Connect this Data Plane to DevZero

Visit the regions page on the DevZero dashboard and click Add New. Configuring the cluster in the DevZero dashboard

Use the retrieved values (token, URL, and CA certificate) to connect the self-hosted DevZero region to your team: Configuring the cluster in the DevZero dashboard

Fetching Cluster Configuration

After deploying the Helm chart, retrieve the following values for integration with the DevZero dashboard:

Cluster Name

Enter something meaningful and unique.

Examples: Frankfurt (eu-central-1), Mumbai (ap-south-1), N. California (us-west-1), SÃŖo Paulo (sa-east-1)

Region ID

Enter a cloud-friendly region name (does not necessarily have to be unique).

To preserve familiarility, feel free to reuse existing GCP terms. For a list of AWS Region Names, click here.

Examples: ap-south-1 (Mumbai), eu-central-1 (Frankfurt), sa-east-1 (SÃŖo Paulo), us-west-1 (N. California)

Cluster URL

To get the Cluster URL/IP:

kubectl config view --minify --raw -o jsonpath='{.clusters[0].cluster.server}'

For example,

% kubectl config view --minify --raw -o jsonpath='{.clusters[0].cluster.server}'
https://35.236.26.173

Add the string as is, without leading or trailing whitespaces.

Cluster CA Certificate

To get the Cluster CA certificate:

kubectl config view --minify --raw -o jsonpath='{.clusters[0].cluster.certificate-authority-data}'

For example,

% kubectl config view --minify --raw -o jsonpath='{.clusters[0].cluster.certificate-authority-data}'
LS0tLS1CRUdJTi.....FUlRJRklDQVRFLS0tLS0K

Add the string as is, without leading or trailing whitespaces.

Service Account Name

To get the name of the Service Account:

kubectl get serviceaccounts -n devzero-self-hosted

Usually, this should be devzero-sa-token.

Add the string as is, without leading or trailing whitespaces.

Service Account Token

To get the Service Account Token:

kubectl get secret devzero-sa-token -n devzero-self-hosted -o jsonpath='{.data.token}' | base64 -d

For example,

% kubectl get secret devzero-sa-token -n devzero-self-hosted -o jsonpath='{.data.token}' | base64 -d
eyJhbGciOi......pMWncc3bxGtreh9fDTgg

Add the string as is, without leading or trailing whitespaces.

Slug

Set any memorable value for the slug (ideally the same name you see in the AWS Dashboard).

For example: test-cluster, dev-cluster-1

Previous

Control Plane

Next

Azure

On this page