AWS EKS
Deploy Laminar on Amazon Elastic Kubernetes Service (EKS).
Prerequisites
- AWS CLI configured
- kubectl installed
- Helm 3.12+
- eksctl (optional)
Create EKS Cluster
# Create cluster
eksctl create cluster \
--name laminar-cluster \
--region us-east-1 \
--node-type m5.xlarge \
--nodes 3 \
--nodes-min 2 \
--nodes-max 5 \
--with-oidc
# Update kubeconfig
aws eks update-kubeconfig \
--name laminar-cluster \
--region us-east-1Install Laminar
Create Values File
eks-values.yaml:
global:
storageClass: gp3
api:
replicas: 2
resources:
requests:
cpu: 500m
memory: 512Mi
limits:
cpu: 2000m
memory: 2Gi
ingress:
enabled: true
className: alb
annotations:
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
hosts:
- host: laminar.example.com
paths:
- path: /
pathType: Prefix
controller:
replicas: 2
resources:
requests:
cpu: 500m
memory: 1Gi
persistence:
size: 100Gi
storageClass: gp3
storage:
artifacts:
url: "s3://my-bucket/laminar/artifacts"
checkpoints:
url: "s3://my-bucket/laminar/checkpoints"Install
helm repo add laminar https://charts.laminar.dev
helm repo update
helm install laminar laminar/laminar \
--namespace laminar \
--create-namespace \
-f eks-values.yamlIAM Roles for Service Accounts (IRSA)
For S3 access from pipelines:
# Create IAM policy
cat > laminar-s3-policy.json << EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::your-bucket",
"arn:aws:s3:::your-bucket/*"
]
}
]
}
EOF
aws iam create-policy \
--policy-name LaminarS3Access \
--policy-document file://laminar-s3-policy.json
# Create IAM role with OIDC
eksctl create iamserviceaccount \
--name laminar \
--namespace laminar \
--cluster laminar-cluster \
--attach-policy-arn arn:aws:iam::ACCOUNT_ID:policy/LaminarS3Access \
--approveUpdate values:
serviceAccount:
create: false
name: laminarAWS Load Balancer Controller
Install for ALB ingress:
# Install AWS Load Balancer Controller
helm repo add eks https://aws.github.io/eks-charts
helm install aws-load-balancer-controller eks/aws-load-balancer-controller \
--namespace kube-system \
--set clusterName=laminar-cluster \
--set serviceAccount.create=true \
--set serviceAccount.name=aws-load-balancer-controllerEBS CSI Driver
For persistent volumes:
# Create IAM role for EBS CSI
eksctl create iamserviceaccount \
--name ebs-csi-controller-sa \
--namespace kube-system \
--cluster laminar-cluster \
--attach-policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy \
--approve
# Install EBS CSI addon
eksctl create addon \
--name aws-ebs-csi-driver \
--cluster laminar-cluster \
--service-account-role-arn arn:aws:iam::ACCOUNT_ID:role/AmazonEKS_EBS_CSI_DriverRoleCreate StorageClass:
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: gp3
annotations:
storageclass.kubernetes.io/is-default-class: "true"
provisioner: ebs.csi.aws.com
parameters:
type: gp3
encrypted: "true"
volumeBindingMode: WaitForFirstConsumerVerify Installation
# Check pods
kubectl get pods -n laminar
# Get ALB endpoint
kubectl get ingress -n laminar
# Test API
curl https://laminar.example.com/healthNext Steps
- High Availability - HA configuration
- Security Hardening - Security best practices