Deploy ArcGIS Enterprise on Kubernetes in AWS
This walkthrough will guide you through the process of initial deployment of a standalone highly available ArcGIS Enterprise on Kubernetes in Amazon Web Services (AWS) using GitHub Actions.
The walkthrough uses aws/arcgis-enterprise-k8s template.
Duration: about 1 hour
Before you begin this walkthrough:
- A private GitHub repository "gitops-demo" for the site must be created and properly configured.
- The core resources for the ArcGIS Enterprise site, including the Amazon EKS cluster, must be provisioned in the AWS account.
Refer to the Create Site Core in AWS walkthrough for detailed instructions.
You will need the following resources and accounts:
- GitHub.com user account
- Access keys of an AWS user with permissions to create and update IAM users, TLS/SSL certificates, S3 buckets, and SSM parameters (IAMFullAccess, AWSCertificateManagerFullAccess, AmazonS3FullAccess, and AmazonSSMFullAccess AWS managed IAM policies)
- Software authorization files for ArcGIS Enterprise on Kubernetes 11.4
- Helm charts for ArcGIS Enterprise on Kubernetes 11.4 (ArcGIS_Enterprise_on_Kubernetes_Helm_Charts_1.4.2_193012.tgz)
- Domain name for the ArcGIS Enterprise site
- SSL/TLS certificate for the ArcGIS Enterprise site domain name
This step creates a codespace workspace in the "gitops-demo" repository, installs AWS CLI v2, and configures it with the AWS account access keys.
Open the GitHub.com URL in a web browser, log in to your GitHub.com account, and select "gitops-demo" private repository form the "Your repositories" list.
In the "gitops-demo" repository, click the green "Code" button, switch to the "Codespaces" tab, and click the "Create codespace on main" button. The codespace will be created and opened in a new browser tab.
 |
|---|
Note that instead of creating a codespace, you can also reuse the codespace created in Getting Started in AWS walkthrough if it is still available. In this case, you can skip this step and go to Step 2.
In the codespace, click on the "Terminal" tab in the bottom panel, and run the following commands:
cd /tmpcurl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"unzip awscliv2.zipsudo ./aws/installOutput:
You can now run: /usr/local/bin/aws --version
Run the following commands and enter the AWS account user's access keys and the default AWS region ID when prompted:
aws configureThis step copies the required workflows to .github/workflows directory, creates IAM policies for the workflows, attaches them to the IAM user, and lists the available workflows in the repository.
Switch back to the codespace browser tab and run the following commands:
cd /workspaces/gitops-democp -r aws/arcgis-enterprise-k8s/workflows/* .github/workflows/git add --allgit commit -m "Enable arcgis-enterprise-k8s workflows"git push origin mainAttach the policies required for running the workflows used by this walkthrough to gitops-demo IAM user.
export AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)aws iam attach-user-policy --policy-arn arn:aws:iam::$AWS_ACCOUNT_ID:policy/ArcGISEnterpriseK8s --user-name gitops-demoThis step updates the configuration files used by the workflows.
Update config/aws/arcgis-enterprise-k8s/image.vars.json config file to specify the ArcGIS Enterprise version and patches to be installed.
In EXPLORER sidebar of the codespace window, click on "config" folder, then on "aws" subfolder, and then on "arcgis-enterprise-k8s" subfolder. Double-click on "image.vars.json" file to open it in the editor.
- Change "arcgis_version" value to "11.4".
3.2 Import the SSL/TLS certificate for ArcGIS Enterprise site domain name to AWS Certificate Manager
Upload the SSL certificate files to the /workspaces/gitops-demo/config/certificates directory in the workspace.
In the EXPLORER sidebar of the codespace window, click on "config" folder, then right-click on "certificates" folder, and select "Upload..." from the context menu. In the file selector dialog window navigate to the SSL certificate files location, select the certificate, private key and chain files, and click the "Open" button to upload the files.
Run the following command in the codespace Terminal replacing arcgis-enterprise.crt, arcgis-enterprise.key, and arcgis-enterprise.ca-bundle by the uploaded file names:
cd /workspaces/gitops-demo/config/certificatesaws acm import-certificate --certificate fileb://arcgis-enterprise.crt --private-key fileb://arcgis-enterprise.key --certificate-chain fileb://arcgis-enterprise.ca-bundle --tags Key=ArcGISSiteId,Value=arcgisOutput:
{
"CertificateArn": "arn:aws:acm:us-west-2:012345678900:certificate/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
}Alternatively, you can provision the SSL certificate using AWS Certificate Manager.
Open config/aws/arcgis-enterprise-k8s/ingress.tfvars.json file in the editor and update the following properties:
- Replace the "deployment_fqdn" property value by the ArcGIS Enterprise deployment fully qualified domain name.
- Replace the "ssl_certificate_arn" property value by the imported SSL certificate ARN.
The Helm Charts are used to deploy the ArcGIS Enterprise components in the Kubernetes cluster. Each ArcGIS Enterprise on Kubernetes version requires its own Helm Charts version.
Upload the Helm charts package ArcGIS_Enterprise_on_Kubernetes_Helm_Charts_1.4.2_193012.tgz to "aws/arcgis-enterprise-k8s/organization/helm-charts/arcgis-enterprise/" directory in the workspace.
In the EXPLORER sidebar of the codespace window, navigate to "aws/arcgis-enterprise-k8s/organization/helm-charts/arcgis-enterprise/" folder and select "Upload..." from the context menu. In the file selector dialog window navigate to the Helm charts location, select ArcGIS_Enterprise_on_Kubernetes_Helm_Charts_1.4.2_193012.tgz file and click "Open" button to upload the file to the workspace.
Change the current folder to the Helm charts subfolder:
cd aws/arcgis-enterprise-k8s/organization/helm-charts/arcgis-enterprise/Extract the Helm charts from the archive:
tar -xzf ArcGIS_Enterprise_on_Kubernetes_Helm_Charts_1.4.2_193012.tgzRename the extracted subfolder to the Helm chart version:
mv arcgis-enterprise 1.4.2Delete the Helm charts archive:
rm ArcGIS_Enterprise_on_Kubernetes_Helm_Charts_1.4.2_193012.tgzGo back to the workspace root folder:
cd /workspaces/arcgis-aksUpload the ArcGIS Enterprise on Kubernetes 11.4 authorization file to "config/authorization/11.4/" directory in the codespace workspace.
In the EXPLORER sidebar of the codespace window, click on "config" folder, then right-click on "authorization" folder, select "New Folder..." from the context menu, and enter "11.4" as the folder name. Right-click on the new "11.4" folder, and select "Upload..." from the context menu. In the file selector dialog window navigate to the ArcGIS Enterprise on Kubernetes authorization file location, select the file and click "Open" button to upload the file to the workspace.
Open config/aws/arcgis-enterprise-k8s/organization.tfvars.json file in the editor and update the following properties:
- Replace the "helm_charts_version" property value by "1.4.2".
- Replace the "authorization_file_path" property to the uploaded authorization file paths
"~/config/authorization/11.4/<authorization file name>". - Replace the "deployment_fqdn" property value by the ArcGIS Enterprise site fully qualified domain name.
- Replace the "admin_first_name", "admin_last_name", "admin_username", "admin_password", "admin_email", "security_question_index", and "security_question_answer" values by the ArcGIS Enterprise primary administrator account properties.
The primary administrator user name must be at least six characters in length. The only special characters allowed are the at sign (@), dash (-), dot (.), and underscore (_). The primary administrator password must be at least eight characters in length. It must contain at least one alphabet letter (uppercase or lowercase), at least one digit, and at least one special character. All special characters are allowed.
Change the "passcode" property value in backup.vars.json and restore.vars.json config files to a passcode that will be used when restoring the backup.
Replace the "deployments" property value in config/aws/site-index.json file by ["arcgis-enterprise-k8s"].
git add --allgit commit -m "Update arcgis-enterprise-k8s config"git push origin mainRun "verify-site-config-aws" workflow to verify the site configuration.
Click on "Actions" tab in the repository, select "verify-site-config-aws" workflow on the left sidebar, click "Run workflow" on the right, and click "Run workflow" button.
This step runs the workflows to build Enterprise Admin CLI container image, create Kubernetes namespace for the deployment and configure ingress, create ArcGIS Enterprise organization, test and backup the deployment.
Run "enterprise-k8s-aws-image" workflow that builds Enterprise Admin CLI container image and pushes it to the private ECR repository of the EKS cluster.
Run "enterprise-k8s-aws-ingress" workflow that creates the ingress resources for the ArcGIS Enterprise on Kubernetes deployment.
After the workflow run is complete, retrieve the DNS name of the load balancer created by the workflow from SSM Parameter Store:
aws ssm get-parameter --name "/arcgis/arcgis/enterprise-k8s/alb/dns-name" --query "Parameter.Value" --output textCreate a CNAME record for the load balancer DNS name in the DNS server managing the base ArcGIS Enterprise domain name.
Run "enterprise-k8s-aws-organization" workflow to deploy ArcGIS Enterprise on Kubernetes in the EKS cluster and create an ArcGIS Enterprise organization.
After the workflow run is complete, the ArcGIS Enterprise site will be accessible at the deployment FQDN https://<deployment FQDN>/arcgis/manager.
Run "enterprise-k8s-aws-test" workflow.
Run "enterprise-k8s-aws-backup" workflow.
Sign in to the AWS Console and open the URL https://console.aws.amazon.com/cloudwatch/home?#dashboards:name=enterprise-k8s in a web browser.
The walkthrough demonstrates only the basic capabilities of ArcGIS Automation using GitHub Actions. Check instructions of the templates and workflows for more advanced features and options.
Follow Destroy ArcGIS Enterprise on Kubernetes in AWS walkthrough to destroy the deployment and clean up the resources created during this walkthrough.