Skip to main content
Version: 8.0

Deployment of Actions Pro on an AWS EKS Cluster

Step 1: Create S3 Bucket

  • Bucket Name Format: <eks-actionpro-clientname-environment>
  • Copy the following from source bucket:
    • Kibana – Check URL
    • Certs
    • License data
  • Upload a valid license to the new bucket.

Step 2: Create VPC

  • Name: eks-Action-pro-<client-name>
  • Availability Zones: 2
  • Subnets:
    • Public Subnets: 2
    • Private Subnets: 0
  • CIDR Blocks: Customize as required
  • Subnet Tags:
    • Public Subnets:
      • kubernetes.io/role/elb = 1
    • Private Subnets:
      • kubernetes.io/role/internal-elb = 1
  • Enable “Auto-assign IP settings” for each subnet.

Step 3: Create RDS (Region-wise)

3.1 Create a Separate VPC for RDS

  • VPC Name: eks-rds-actionpro-<region-name>
  • Ensure it includes 2 private subnets in different AZs.

3.2 Create a DB Subnet Group

  • Go to RDS > Subnet Groups
  • Create new DB subnet group using private subnets
    • Name: rds-subnet-group-<region-name>
    • Description: Optional but recommended

3.3 Create the RDS Instance

  • Engine: MariaDB
  • Version: As required
  • Instance Class: db.m5.large (supports Optimized Writes)
  • Identifier: eks-rds-actionpro-<region-name>
  • VPC: RDS VPC
  • Subnet Group: Select the one created above
  • Create customer parameter group and update max_connection to a minimum 1500
  • Attach newly created parameter group to RDS and reboot it

3.4 Peering Between EKS and RDS VPCs

  • Create a VPC Peering Connection
  • Accept the peering request (if cross-account or region)
  • Update route tables:
    • EKS VPC: Route to RDS VPC CIDR via peering
    • RDS VPC: Route to EKS VPC CIDR via peering

Step 4: Create EKS Cluster

4.1 Configure Cluster

  • Configuration Options: Custom
  • EKS Auto Mode: Disabled
  • Cluster Access: EKS API
  • Cluster Name: eks-actionpro-<clientname-environment>
  • Cluster IAM Role: An IAM role with the required EKS permissions
  • Envelope Encryption: Disabled
  • ARC Zonal Shift: Disabled
  • Tags: Add project-specific tags

4.2 Networking

  • VPC: Select VPC from Step 2
  • Subnets: Select public subnets
  • Endpoint Access: Public and Private

4.3 Add-ons

  • CoreDNS
  • kube-proxy
  • Amazon VPC CNI (with appropriate IAM permissions)
  • Node Monitoring Agent
  • Mountpoint for Amazon S3 CSI Driver (add post-cluster creation)
  • Amazon EBS CSI Driver (with appropriate IAM permissions)
  • Amazon EKS Pod Identity Agent
  • Metrics Server

Step 5: Create Node Group

  • Nodegroup Role: An IAM role with the required EKS permissions
  • AMI Type: Amazon Linux 2023

Instance Types

  • HA Setup: 3 x r5a.xlarge
  • Standalone Setup: 1 x r5a.xlarge
  • Disk Size: 60 GB

Scaling Configuration

  • Desired: 1 / 3
  • Minimum: 1 / 3
  • Maximum: 1 / 3

Step 6: Add OIDC in IAM Provider

The IAM role used by Actions Pro pods must allow access to S3 and Secrets Manager via OIDC.

note

Follow AWS documentation to enable IAM OIDC provider for your EKS cluster.

IAM Roles

  • Add the required S3 bucket name to the role policy to grant appropriate access.
  • If a new secret is created in AWS region, its ARN must be added to this role's policy to ensure access.
  • Add the EKS Cluster OIDC provider to the trust relationship to allow federated access from the cluster.

Step 7: Deploy AWS Load Balancer Controller

Create an IAM Service Account

eksctl create iamserviceaccount \
  --cluster=<cluster name> \
  --namespace=kube-system \
  --name=aws-load-balancer-controller \
  --attach-policy-arn=arn:aws:iam::<account-id>:policy/AWSLoadBalancerControllerIAMPolicy \
  --override-existing-serviceaccounts \
  --region <region> \
  --approve

Install Using Helm

helm install aws-load-balancer-controller eks/aws-load-balancer-controller \
  -n kube-system \
  --set clusterName=my-cluster \
  --set serviceAccount.create=false \
  --set serviceAccount.name=aws-load-balancer-controller \
  --set region=<region> \
  --set vpcId=<vpc-id>

Step 8: Deploy Actions Pro on EKS Using Helm

Download the Helm Chart

Clone the repository containing Helm charts for Actions Pro.

Find the two directories:

  • standalone
  • ha

Choose the appropriate directory based on your deployment type.

note

Before deploying Actions Pro using Helm, review and update the values.yaml

::: note Verify the Java home directory and update the commented Java-related values in action-pro-env-configmap.yaml according to the deployed Actions Pro version. :::

Deploy Standalone Setup

helm install action-pro-standalone ./action-pro-standalone/

Deploy HA (High Availability) Setup

helm install action-pro-ha ./action-pro-ha/

Additional RSRemote Configuration

This section contains steps to configure an additional RSRemote with RabbitMQ.

Step 1: Fetch RabbitMQ Service Details

When deploying the additional RSRemote for the first time:

  1. Run the following command to fetch RabbitMQ service details: kubectl get svc -n <namespace>
  2. From the output, locate the external address of the RabbitMQ service.
  3. Create a DNS record pointing to this external address.
note

If additional RSRemote nodes already exist, obtain the existing DNS record from the Resolve support instead of creating a new one.

Step 2: Configure Additional RSRemote

  1. Open the blueprint.properties file for the new RSRemote node.
  2. Update the following property: RSMQ_PRIMARY_HOST=<DNS record created or provided by Resolve support>
  3. Confirm the following setting: RSMQ_PRIMARY_PORT=4004
  4. Update the RabbitMQ password if it changed during EKS setup: rsmq.password=<new password>
  5. Install the RSRemote.

Deployment of HTTP Gateway on an EKS Setup

To configure the HTTP Gateway on EKS:

  1. While deploying the HTTP Gateway, you must add the /rsremote-gw/ prefix when specifying the gateway URI.
note

The HTTP Gateway is configured on port 7777 only. To deploy on a different port, please contact Resolve support.