Configuration and Setup for Fabric on Amazon EKS

Extracting Fabric Image Tars

Quantum Fabric images will no longer be available to the public. Please ensure to download the tar files and extract the images.

For further information, refer to Extracting Images from tar files and pushing into private registry.

Configure the properties file

  1. Extract the FabricKube.zip file. The zip file is organized as follows:
    • lib: Contains dependent jars and helper bash functions
    • samples: Contains sample Fabric deployments
    • templates: Contains the following files
      • fabric-app-tmpl.yml: YAML template for Fabric deployments
      • fabric-db-tmpl.yml: YAML template for Fabric Database schema creation
      • fabric-services.yml: YAML template for Fabric services
      • fabric-ingress.yml: YAML template for Ingress configuration
    • config.properties: Contains inputs that you must configure for the installation
    • generate-kube-artifacts.sh: A user script that is used to generate required artifacts
    • helm_charts [V9SP6 or later]: Contains the following packages, which can be used to deploy Quantum Fabric
      • fabric_app: Helm charts that are used to deploy Fabric
      • fabric_db: Helm charts that are used to create a database and insert tables into the Fabric database server

    As a result of executing the generate-kube-artifacts.sh script, the artifacts folder is created containing YAML configuration files. The YAML configuration files are generated based on the config.properties file, and they must be applied later to deploy Quantum Fabric on EKS.

  2. Update the config.properties file with relevant information.

For more information about the properties, refer to the following section.

  1. INSTALL_ENV_NAME: The install environment name must be a in string value in lowercase. For example: dev, qa, prod, or eastusprod.
  2. KONY_FABRIC_BUILD_VER: The build version of Fabric that you want to install. While upgrading, this specifies the build version to which you want to upgrade.
  3. KONY_FABRIC_BUILD_TYPE: The type of Fabric environment that must be created. For production environments, the value must be PRODUCTION. For dev, QA, or other non-production environments, the value must be NON-PRODUCTION.

  4. Install Components: The following properties must be set to either Y (yes) or N (no). Make sure that at least one of the following input properties must be set to Y. If ALL_COMPONENTS_ENABLED is set to Y, the rest of the inputs can be left empty.

    • ALL_COMPONENTS_ENABLED
    • INTEGRATION_ENABLED
    • IDENTITY_ENABLED
    • MESSAGING_ENABLED
    • CONSOLE_ENABLED
    • APIPORTAL_ENABLED
  5. Application Server Details
    • SERVER_DOMAIN_NAME: The Domain Name for Quantum Fabric. This value should be the hostname of the LoadBalancer. For example: abc.companyname (DNS name).
    • COM_PROTOCOL: The communication protocol for Quantum Fabric. This value can be either http or https.
  6. Database Details
    • DB_TYPE - The Database type that is used to host Quantum Fabric. The possible values are:
      • For MySQL DB server: mysql
      • For Azure MSSQL or SQL Server: sqlserver
      • For Oracle DB server: oracle
      • For PostgreSQL DB server: postgresql
    • DB_HOST - The Database Server hostname that is used to connect to the Database Server.
    • DB_PORT– The Port Number that is used to connect to the Database Server. This can be empty for cloud manage service.
    • DB_USER - The Database Username that is used to connect to the Database Server.
    • DB_PASS - The Database Password that is used to connect to the Database Server. Make sure that the value is enclosed in single quotes, for example, 'password'.
    • DB_PASS_SECRET_KEY - This is the decryption key for the database password, which is required only if you are using an encrypted password.

      • IMPORTANT: If you are using an encrypted password, use the values that you receive from the encryption utility. For more information, refer to Encrypting the Database Password.

    • DB_PREFIX – This is the Database server prefix for Quantum Fabric Schemas/Databases.
    • DB_SUFFIX – This is the Database server suffix for Quantum Fabric Schemas/Databases.
      • NOTE:
      • Database Prefix and Suffix are optional inputs.
      • In case of upgrade, ensure that the values of the Database Prefix and Suffix that you provide are the same as you had provided during the initial installation.
    • If DB_TYPE is set as oracle, the following String values must be provided:
      • DB_DATA_TS: Database Data tablespace name.
      • DB_INDEX_TS: Database Index tablespace name.
      • DB_LOB_TS: Database LOB tablespace name.
      • DB_SERVICE: Database service name.
    • USE_EXISTING_DB: If you want to use an existing database from a previous Quantum Fabric instance, set this property to Y. Otherwise, set the property to N.

      If you want to use an existing database, you must provide the location of the previously installed artifacts (the location must contain the upgrade.properties file).

      For example: PREVIOUS_INSTALL_LOCATION = /C/kony-fabric-containers-onprem/kubernetes.

    • AWS_JDBC_WRAPPER_ENABLED:If you want to connect to the underlying Fabric database using only the user name, set this property to true. Otherwise, set the property to false.
    • AWS_RDS_REGION: This property identifies the AWS Region of the database server. For more information, refer List of AWS Regions.
  7. Time Zone: The time zone must be set to maintain consistency between the application server and the database. This section contains the following property:
    • TIME_ZONE: The country code of the time zone from the tz database. For more information, refer to List of tz database time zones. The default value is UTC.
  8. Readiness and Liveness Probes Details: The readiness and liveness probes are used to check the status of a container. The probes can check whether a container is ready to receive traffic, or if a container can be stopped and restarted. The following properties specify the initial delay (in seconds) of the probes for the Fabric components:
    • IDENTITY_READINESS_INIT_DELAY
    • IDENTITY_LIVENESS_INIT_DELAY
    • CONSOLE_READINESS_INIT_DELAY
    • CONSOLE_LIVENESS_INIT_DELAY
    • INTEGRATION_READINESS_INIT_DELAY
    • INTEGRATION_LIVENESS_INIT_DELAY
    • ENGAGEMENT_READINESS_INIT_DELAY
    • ENGAGEMENT_LIVENESS_INIT_DELAY
  9. Minimum and Maximum RAM percentage Details: These properties specify the minimum and maximum RAM (in percentage) that a Fabric component can use on the server. For example: CONSOLE_MAX_RAM_PERCENTAGE="80". This section contains the following properties:
    • CONSOLE_MIN_RAM_PERCENTAGE
    • CONSOLE_MAX_RAM_PERCENTAGE
    • ENGAGEMENT_MIN_RAM_PERCENTAGE
    • ENGAGEMENT_MAX_RAM_PERCENTAGE
    • IDENTITY_MIN_RAM_PERCENTAGE
    • IDENTITY_MAX_RAM_PERCENTAGE
    • INTEGRATION_MIN_RAM_PERCENTAGE
    • INTEGRATION_MAX_RAM_PERCENTAGE
    • APIPORTAL_MIN_RAM_PERCENTAGE
    • APIPORTAL_MAX_RAM_PERCENTAGE
  10. Container resource limits for memory and CPU: The resource limits are used to restrict resource usage for the Fabric components. The values must be provided in gigabytes (G) or megabytes (m). For example: CONSOLE_RESOURCE_REQUESTS_CPU="300m". This section contains the following properties:
    • IDENTITY_RESOURCE_MEMORY_LIMIT
    • IDENTITY_RESOURCE_REQUESTS_MEMORY
    • IDENTITY_RESOURCE_REQUESTS_CPU
    • CONSOLE_RESOURCE_MEMORY_LIMIT
    • CONSOLE_RESOURCE_REQUESTS_MEMORY
    • CONSOLE_RESOURCE_REQUESTS_CPU
    • APIPORTAL_RESOURCE_MEMORY_LIMIT
    • APIPORTAL_RESOURCE_REQUESTS_MEMORY
    • APIPORTAL_RESOURCE_REQUESTS_CPU
    • INTEGRATION_RESOURCE_MEMORY_LIMIT
    • INTEGRATION_RESOURCE_REQUESTS_MEMORY
    • INTEGRATION_RESOURCE_REQUESTS_CPU
    • ENGAGEMENT_RESOURCE_MEMORY_LIMIT
    • ENGAGEMENT_RESOURCE_REQUESTS_MEMORY
    • ENGAGEMENT_RESOURCE_REQUESTS_CPU
  11. Custom JAVA_OPTS Details: The custom JAVA_OPTS properties specify Java options that must be configured for the Fabric components on the application server. The following properties can be used to configure additional Java options for the Fabric components:
    • CONSOLE_CUSTOM_JAVA_OPTS
    • ENGAGEMENT_CUSTOM_JAVA_OPTS
    • IDENTITY_CUSTOM_JAVA_OPTS
    • INTEGRATION_CUSTOM_JAVA_OPTS
    • APIPORTAL_CUSTOM_JAVA_OPTS
  12. Number of instances to be deployed for each component: These properties specify the number of instances that must be deployed for every component. This section contains the following properties:
    • IDENTITY_REPLICAS
    • CONSOLE_REPLICAS
    • APIPORTAL_REPLICAS
    • INTEGRATION_REPLICAS
    • ENGAGEMENT_REPLICAS

Deploy Fabric on Amazon EKS

After you update the config.properties file, follow these steps to deploy Quantum Fabric on Amazon EKS:

  1. Generate the fabric services by running the following command:
    ./generate-kube-artifacts.sh config.properties

    IMPORTANT: For V9SP6 (or later), you can use Helm charts to install and deploy Quantum Fabric on Amazon EKS. For more information, refer to Deploy Fabric using Helm Charts.

  2. Create the services by running the following command:
    

kubectl apply -f ./artifacts/<INSTALL_ENV_NAME>/fabric-services.yml

    <INSTALL_ENV_NAME> is the install environment name input that you provided in the config.properties file.

  3. Create the ingress controller and the internet facing application load balancer (ALB). For more information, refer to the following blog post: Kubernetes Ingress with AWS ALB Ingress Controller.
    Use the fabric-ingress.yml file, which will map the created services to the load balancer paths.
    

kubectl apply -f ./artifacts/<INSTALL_ENV_NAME>/fabric-ingress.yml

    The specified process generates a load balancer domain name. Temenos recommends that you use a custom domain name and terminate your SSL connection at the public load balancer. You need to obtain a custom domain name from a DNS provider and an SSL certificate. To generate a certificate for your custom domain name and the corresponding ARN (Amazon Resource Name), refer to Requesting a public certificate.

    The generated ARN needs to be updated in the annotations section of the fabric-ingress.yml file as shown in the following screenshot:

NOTE:
  • All fabric services are exposed by using a single ALB.
  • You need to create a security group rule to allow traffic from the ALB to the EC2 Managed nodes on the 8080 port, which is the listen port for the Fabric Services.
  • The Fabric components for accounts, mfconsole, and workspace share the same deployment and service. Therefore, while creating the ingress objects for accounts, mfconsole, and workspace, the paths are mapped to the same service: kony-fabric-console.


Make sure that the format of the route location is as follows:

<scheme>://<common_domain_name>/<fabric_context_path>

For example, https://quantum-fabric.domain/mfconsole

Reference table for the mapping of paths and service names:

Fabric Component Fabric Service Name Context Path
mfconsole kony-fabric-console /mfconsole
workspace kony-fabric-console /workspace
accounts kony-fabric-console /accounts
Identity kony-fabric-identity /authService
Integration kony-fabric-integration /admin
Services kony-fabric-integration /services
apps kony-fabric-integration /apps
Engagement kony-fabric-engagement /kpns
ApiPortal kony-fabric-apiportal /apiportal

 

Deploy Kubernetes artifacts

After deploying the Fabric components on EKS, follow these steps to deploy the remaining Fabric Kubernetes artifacts:

  1. Create the database schema by executing the following command.
    

kubectl apply -f ./artifacts/<INSTALL_ENV_NAME>/fabric-db.yml

    The <INSTALL_ENV_NAME> is the name of the install environment that you provided in the config.properties file.

  2. The previous step executes a job that is responsible for creating the schemas. Verify the completion of the job by executing the following command.
    kubectl get job

  3. Create the Fabric deployments by executing the following command.
    

kubectl apply -f ./artifacts/<INSTALL_ENV_NAME>/fabric-app.yml

    Based on the default replica count that is provided in the config.properties file, one deployment of every Fabric component is created. The Fabric deployments can be scaled up later as required.

Deploy Fabric using Helm Charts

To deploy Fabric by using Helm charts, make sure that you have installed Helm, and then follow these steps:

  1. Open a terminal console and navigate to the extracted folder.
  2. Generate the Fabric services by running the following command:
    ./generate-kube-artifacts.sh config.properties svcs

    To generate the services configuration, you only need to fill the INSTALL_ENV_NAME property and the ## Install Components ### section in the config.properties file.
  3. Navigate to the helm_charts folder by executing the following command.
    cd helm_charts
  4. Create the fabricdb and fabricapp Helm charts by executing the following commands.
    helm package fabric_db/
    helm package fabric_app/
  5. Install the fabricdb Helm chart by executing the following command.
    helm install fabricdb  fabric-db-<Version>.tgz
  6. Install the fabricapp Helm chart by executing the following command.
    helm install fabricapp  fabric-app-<Version>.tgz
IMPORTANT:
  • Make sure that you generate the artifacts (generate-artifacts.sh) before creating the Helm charts.
  • Make sure that the fabricdb Helm chart installation is complete before installing the fabricapp Helm chart.

Custom CA Certificates Support in Helm Chart

Enhanced support for incorporating custom CA certificates, streamlining the manual configuration process. To enable the utilization of a custom CA certificate in the deployment, follow these steps:

  1. Set the enabled parameter to true under the cacert section in the values.yaml file located in the fabric-dbinit directory, as illustrated below:

cacert:

# Set to true to enable custom CA certificate


enabled: true

2. Update the values.yaml file under the fabric directory as follows:


cacert:

# Set to true to enable custom CA certificate


enabled: true

# Provide the relative path to the cacerts file within the Helm directory to establish a custom truststore in the pods

# Ensure that the cacerts file is located within the fabric Helm chart directory

path: "cacerts"

The cacerts file provided must be present within the fabric directory, and the path to that file should be specified.

Launch the Fabric Console

  1. After all the Fabric services are up and running, launch the Fabric console by using the following URL.
    <scheme>://<fabric-hostname>/mfconsole

    The <scheme> is http or https based on your domain. The <fabric-hostname> is the host name of your publicly accessible Fabric domain.
  2. After you launch the Fabric Console, create an administrator account by providing the appropriate details.

After you create an administrator account, you can sign-in to the Fabric Console by using the credentials that you provided.

 

Data Plane Configuration Options

AWS Fargate is a computation engine for containers. With AWS Fargate, you do not require servers, and you can manage and pay for resources based on the number of applications. As all the apps are isolated in Fargate, you also get improved security.

With Amazon EKS, you can create a data plane that consists of a Fargate profile, or a combination of both EC2 instances and a Fargate profile as shown in the following diagram:

For the advantages and disadvantages of the various data plane options, refer to the following table:

Data Plane Architecture Advantages Disadvantages
Managed EC2
  • Better control and visibility into the infrastructure that is being used.
  • Allows Auto-Scaling, which needs to be configured.
  • You need to manage both Infrastructure and applications.
  • Node capacity can lie unused, that is, you are responsible to pack the maximum number of containers on the node.
AWS Fargate
  • Less Complexity. You can focus on deploying and managing applications rather than managing infrastructure.
  • Security. You are responsible only for application-level security.
  • Scaling: Auto-Scaling. You don't need to set up and scale the cluster capacity. The clusters can handle sudden spikes in traffic very well.
  • Lower Costs. You are charged for the duration of container workload usage and not for the duration for which the VM instance is running.
  • Some features of Kubernetes, such as Daemon Sets and hostPath volumes, are not available.
Mixed Mode
  • In case you have acquired EC2 instances at a reasonable cost (Spot or Reserved), you can run the fixed component of the workload on EC2 and the variable component of the workload on Fargate
  • Additional planning is required to decide how the workload must be split between managed EC2 and Fargate
  • Additional manual configuration changes are required.


The choice of Managed EC2, Fargate, or Mixed Mode depends on what works best based on the advantages and disadvantages that are highlighted in the table. For more information, refer to the Amazon documentation, especially the section on Fargate Pricing.

Steps to setup a Fargate data plane

  1. Create a Fargate Profile. Select the namespace as default while creating the profile.

    NOTE: All the generated fabric artifacts are configured with the default namespace. Unless you want to deploy the artifacts to a different namespace, no further configuration is needed.

  2. Deploy the Ingress controller to the Fargate profile. profile by following the steps in the following blog post: How do I set up the AWS Load Balancer Controller on an Amazon EKS cluster for Fargate?
  3. Deploy the Fabric artifacts as described in the earlier sections. For more information, refer to Deploying Fabric on Amazon EKS.

Steps to setup a Mixed data plane

  1. Extra planning is required to decide which components must be deployed to the EC2 managed data plane and which components must be deployed to the Fargate profile.
  2. Based on the planning, while creating a Fargate profile, you need to specify the namespace on which the fabric components need to be deployed.
  3. The generated Fabric artifact YAML files need to be edited to specify the namespace on which the deployment must occur.
  4. An Ingress object from one namespace cannot communicate with services in another namespace. To work around this issue, you need to create ingress objects that correspond to the services that are deployed in the namespace. The alb.ingress.kubernetes.io/group.name annotation can be used to group both ingress objects together and ensure that a single ALB is provisioned by Amazon.
  5. The fabric-common-secrets need to be duplicated in both namespaces so that it can be accessed by the deployments in both namespaces.

NOTE: You can refer to the Samples/mixedDataPlane folder in the FabricKube.zip file for a sample configuration where the Identity and Integration components are deployed to the fabric-runtime namespace in a Fargate data plane; and the rest of the components (Console, API Portal, and Engagement) are deployed in the EC2 managed data plane.