"Version":"2012-10-17", "Statement":[
{
"Action":[
"aws-marketplace:RegisterUsage"
],
See the Amazon website for more information regarding the use and licensing of the Amazon Linux Docker Image.
About AWS Deployment Templates
TIBCO provides templates to jumpstart your development and let you get started quickly.
Templates for ECS and Fargate
Under Container Images > Deployment template, click Set up a Fargate Stack for Flogo app deployment to download the template and run it automatically to set up the application for you.
Example: Deploying a Flogo App on AWS EKS
This example guides you through deploying a Flogo app on Amazon Elastic Kubernetes Service (Amazon EKS).
Prerequisites
● Build a Docker image of the Flogo app which you want to upload to the AWS ECR repository. For more information, refer to Build the Flogo App Docker Image.
● Create an AWS account.
● Create an AWS ECR Repository. Push the Flogo app image from the local repository to the AWS ECR repository.
● Install the latest version of AWS CLI using the following command:
pip install awscli
● Configure the AWS CLI credentials using the following command:
aws configure
● Install eksctl, a command-line utility for creating and managing Kubernetes clusters on Amazon EKS. For example, on Linux, use the following command:
curl --silent --location
● Install and configure kubectl for Amazon EKS. Kubernetes uses the kubectl command-line utility for communicating with the cluster API server.
For more information on installing and configuring eksctl and kubectl, refer to the section "Getting Started with eksctleksctl" in the Amazon EKS documentation.
Deploying a Flogo App on AWS EKS Procedure
1. Create a new EKS cluster using the following command:
eksctl create cluster <cluster name>
For example:
eksctl create cluster flogoDemo
By default, the kubeconfig configuration file is created at the default kubeconfig path (.kube/config) in your home directory or merged with an existing kubeconfig at that location.
2. Set up the OIDC ID provider (IdP) in AWS. This enables the IAM role for service accounts on EKS cluster:
eksctl utils associate-iam-oidc-provider --name <cluster name> --approve
For example:
eksctl utils associate-iam-oidc-provider --name flogoDemo --approve
3. Create a new policy which allows you to access to AWS Marketplace Metering.
The JSON policy looks as follows:
4. Add this policy to the role created in step # 1.
5. Create a Kubernetes service account, set up the IAM role that defines access to the targeted services (such as AWS Marketplace Metering), specify the IAM trust policy that allows the specified
Kubernetes service account to assume the IAM role:
eksctl create iamserviceaccount --name
<Name of service account> --namespace default --cluster <cluster name> --attach-policy-arn <Policy ARN> --approve
Where:
<Name of service account> is the identity of your app towards the Kubernetes API server. The pod that hosts your app uses this service account.
<Policy ARN> is the policy created in step # 3.
For example:
eksctl create iamserviceaccount name my-serviceaccount namespace default --cluster flogoDemo --attach-policy-arn arn:aws:iam::338799163723:policy/
marketPlaceRegisterUsage --approve
6. Set up a pod:
a) Set up a pod to use the service account created in the previous step. Add the details to a pod spec, for example, pod-definition-sample.yaml:
- image: <Flogo application image from ECR>
name: sample-pod stdin: true tty: true
serviceAccountName: <Name of service account>
Where <Flogo application image from ECR> is the URI of the image pushed to the AWS ECR Repository or the name of the image from the public Docker hub repository.
b) Create the pod and deploy the app:
kubectl apply -f pod-definition-sample.yaml
A pod is created.
The kubectl get pods command returns the following:
NAME READY STATUS RESTARTS AGE sample-pod 1/1 Running 0 7s
The kubectl logs <pod name> command returns the following logs (as an example):
######################## Starting Flogo Application #######################
TIBCO Flogo® Runtime - 2.7.0 (Powered by Project Flogo™ - v0.9.3) TIBCO Flogo® connector for General - 1.1.0.251
2019-09-15T06:59:52.007Z INFO [flogo] - AWS region environment variable not present, obtaining via ec2 instance metadata.
2019-09-15T06:59:53.288Z INFO [flogo] - Product usage is registered with AWS metering service.
2019-09-15T06:59:53.288Z INFO [flogo] - Standard TIBCO connectors used in the app - 1
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Starting TIBCO Flogo® Runtime
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
2019-09-15T06:59:53.289Z WARN [flogo] - unable to create child logger named:
ReceiveHTTPMessage - unable to create child logger
2019-09-15T06:59:53.289Z INFO [general-trigger-rest] - Name:
ReceiveHTTPMessage, Port: 9999
2019-09-15T06:59:53.289Z INFO [general-trigger-rest] - ReceiveHTTPMessage:
Registered handler [Method: GET, Path: /books]
2019-09-15T06:59:53.289Z INFO [flogo.engine] - Starting app [ fe-270-payg-rest ] with version [ 1.1.0 ]
2019-09-15T06:59:53.289Z INFO [flogo.engine] - Engine Starting...
2019-09-15T06:59:53.289Z INFO [flogo.engine] - Starting Services...
2019-09-15T06:59:53.289Z INFO [flogo] - ActionRunner Service: Started 2019-09-15T06:59:53.289Z INFO [flogo.engine] - Started Services
2019-09-15T06:59:53.289Z INFO [flogo] - Trigger [ ReceiveHTTPMessage ]: Started
2019-09-15T06:59:53.290Z INFO [flogo] - Management Service started successfully on Port[7777]
7. If you want to deploy a Flogo App with a REST endpoint:
a) Create a Service in Kubernetes using a YAML file. For example, service-definition-sample.yaml:
serviceAccountName: <Name of service account>
b) Create a service using the following command:
kubectl apply -f service-definition-sample.yaml
c) You can get service information, such as External-IP/PORT, using the following command:
kubectl get svc <name of service>
For example, the command returns:
d) Access the REST endpoint of the Flogo app as follows:
http://<EXTERNAL-IP>:PORT/<Resource name defined in Flogo app>
For example:
http://a8674b572d7a811e99b4206034ad335a-1518682477.eu-west-1.elb.amazonaws.com:9999/books
8. (Optional) Deploy the Kubernetes Web UI (Dashboard) to your EKS cluster. For more information, refer to https://docs.aws.amazon.com/eks/latest/userguide/dashboard-tutorial.html.
9. To clean up all the Kubernetes resources (such deployments, pods, replica sets, services, secrets, and so on), run the following command:
kubectl delete all --all
Troubleshooting
Issue Resolution
While running a Flogo application on a pod or running it as a Kubernetes service, the following error is displayed.
Can not start application
due to permission issue with current task role. Below policy must
be configured for the task IAM role.
{
Make sure you have created a policy with the specified JSON and attached the policy to the Kubernetes service account as described in step
# 5 of section "Deploying a Flogo App on AWS EKS.
While running the kubectl get pods or
kubectl get svc commands, the following error is displayed.
You must be
logged in to the server (Unauthorized)
Make sure the kubeconfig configuration file is created at the default kubeconfig path (.kube/
config ) in the home directory and it has user information in it.
For more troubleshooting information, see the Amazon EKS Documentation.