Installing with x-install Tool (Kubernetes)

The x-install tool is the newest Exostellar installer designed to simplify the setup process. It offers a variety of subcommands to provision a sandbox environment, install Exostellar products, and verify post-installation readiness.

Prerequisites

Before using the x-install tool, ensure that your environment meets the following requirements:

Terraform: Version 1.8+
kubectl: Version 1.28+
Helm: Version 3.14.2+
AWS CLI
AWS Authentication, Credentials, and Region
Please properly configure AWS authentication and default region in your local environment.

AWS Authentication and Credentials Setup Methods

You can set up credentials using various methods such as command-line options, environment variables, assume role, credentials files, configuration files, etc.

Command-line Options

BASH

aws configure sso

BASH

aws s3 ls --profile profile1

Environment Variables

BASH

export AWS_ACCESS_KEY_ID=<AccessKeyId>
export AWS_SECRET_ACCESS_KEY=<SecretAccessKey>
export AWS_SESSION_TOKEN=<SessionToken>

Assume role

CODE

aws sts assume-role \
    --role-arn arn:aws:iam::123456789012:role/xaccounts3access \
    --role-session-name s3-access-example

Credentials and Configuration File:
Update in ~/.aws/credentials and ~/.aws/config
BASH
```
aws configure
```

Please ensure the default region is set for deployment. If not set above, use the following command:

BASH

aws configure set default.region us-east-2

Ensure the account has the following IAM permissions:

IAM Permissions for the AWS Account

JSON

{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Effect": "Allow",
			"Action": [
				"ssm:ListAssociations",
				"ec2:RunInstances",
				"ec2:DescribeSubnets",
				"ec2:DescribeKeyPairs",
				"ec2:DescribeVpcs",
				"ec2:DescribeSecurityGroups",
				"ec2:DescribeSecurityGroupRules",
				"ec2:AuthorizeSecurityGroupIngress",
				"ec2:CreateTags",
				"ec2:CreateSecurityGroup",
				"sns:ListTopics",
				"s3:CreateBucket",
				"iam:AttachRolePolicy",
				"iam:CreateRole",
				"iam:ListRoles",
				"iam:TagRole",
				"iam:PutRolePolicy",
				"iam:CreateInstanceProfile",
				"iam:AddRoleToInstanceProfile",
				"iam:PassRole",
				"ec2:DescribeInstances",
				"ec2:DescribeInstanceTypes",
				"ec2:RunInstances",
				"ec2:DescribeImages",
				"ec2:DescribeImageAttribute",
				"ec2:DescribeAvailabilityZones",
				"ec2:DescribeAccountAttributes",
				"ec2:DescribeRouteTables",
				"ec2:DescribeNetworkAcls",
				"ec2:DescribeInstanceStatus",
				"ec2:DescribeAddresses",
				"ec2:DescribeDhcpOptions",
				"ec2:DescribeSnapshots",
				"ec2:DescribeVolumes",
				"ec2:DescribeVolumeStatus",
				"ec2:DescribeVolumesModifications",
				"cloudwatch:DescribeAlarms",
				"cloudwatch:ListMetrics",
				"iam:ListUsers",
				"iam:ListAccessKeys",
				"iam:CreateAccessKey",
				"ec2:AuthorizeSecurityGroupEgress",
				"iam:ListPolicyVersions",
				"eks:ListClusters",
				"eks:DescribeCluster",
				"eks:ListNodegroups",
				"eks:DescribeNodegroup",
				"eks:DescribeAddon",
				"eks:ListAddons",
				"eks:DescribeIdentityProviderConfig"
			],
			"Resource": "*"
		},
		{
			"Effect": "Allow",
			"Action": [
				"s3:PutObject",
				"s3:GetObject"
			],
			"Resource": "*"
		},
		{
			"Sid": "Statement1",
			"Effect": "Allow",
			"Action": [
				"eks:CreateCluster",
				"eks:DescribeCluster",
				"eks:DeleteCluster",
				"eks:ListClusters",
				"eks:UpdateClusterConfig",
				"eks:UpdateClusterVersion",
				"eks:CreateNodegroup",
				"eks:DescribeNodegroup",
				"eks:ListNodegroups",
				"eks:UpdateNodegroupConfig",
				"eks:UpdateNodegroupVersion",
				"eks:DescribeAddonVersions",
				"eks:CreateAddon",
				"eks:DeleteAddon",
				"eks:DescribeAddon",
				"eks:ListAddons",
				"eks:UpdateAddon",
				"eks:AccessKubernetesApi",
				"eks:ListAccessPolicies",
				"eks:ListAccessEntries",
				"eks:ListIdentityProviderConfigs",
				"eks:DescribeAccessEntry",
				"eks:ListPodIdentityAssociations",
				"eks:ListAssociatedAccessPolicies",
				"eks:CreateAccessEntry",
				"eks:AssociateAccessPolicy"
			],
			"Resource": "*"
		},
		{
			"Effect": "Allow",
			"Action": [
				"iam:DeleteRolePolicy",
				"iam:DeleteRole",
				"iam:GetRole",
				"iam:ListPolicies",
				"iam:ListAttachedRolePolicies",
				"iam:CreateServiceLinkedRole",
				"iam:RemoveRoleFromInstanceProfile",
				"iam:DeleteInstanceProfile",
				"iam:ListEntitiesForPolicy",
				"iam:GetInstanceProfile",
				"iam:ListInstanceProfiles",
				"iam:ListInstanceProfilesForRole",
				"iam:ListOpenIDConnectProviders",
				"iam:GetOpenIDConnectProvider",
				"iam:GetRolePolicy",
				"ec2:RevokeSecurityGroupIngress",
				"ec2:DeleteSecurityGroup",
				"ec2:StopInstances",
				"ec2:TerminateInstances",
				"ec2:DescribeVpcAttribute",
				"ec2:DescribeTags",
				"ec2:DescribeNetworkInterfaces",
				"cloudformation:DeleteStack",
				"ec2:RevokeSecurityGroupEgress",
				"iam:ListRolePolicies",
				"iam:CreatePolicy",
				"iam:GetPolicy",
				"ec2:DescribeInstanceAttribute",
				"iam:GetPolicyVersion"
			],
			"Resource": "*"
		},
		{
			"Sid": "AdditionalPermissions",
			"Effect": "Allow",
			"Action": [
				"iam:DetachRolePolicy",
				"ec2:CreateVpc",
				"ec2:DeleteVpc",
				"ec2:CreateSubnet",
				"ec2:DeleteSubnet",
				"ec2:CreateRouteTable",
				"ec2:CreateRoute",
				"ec2:AssociateRouteTable",
				"ec2:ReplaceRouteTableAssociation",
				"ec2:DeleteRouteTable",
				"ec2:CreateInternetGateway",
				"ec2:AttachInternetGateway",
				"ec2:AllocateAddress",
				"ec2:ReleaseAddress",
				"ec2:CreateNatGateway",
				"ec2:DeleteNatGateway",
				"cloudformation:UpdateStack",
				"cloudformation:DeleteChangeSet",
				"cloudformation:DescribeChangeSet",
				"cloudformation:ExecuteChangeSet",
				"cloudtrail:DescribeTrails",
				"cloudtrail:GetTrailStatus",
				"cloudtrail:GetEventSelectors",
				"logs:DescribeLogGroups",
				"logs:DescribeLogStreams",
				"logs:GetLogEvents",
				"logs:FilterLogEvents",
				"iam:GetUserPolicy",
				"iam:GetGroupPolicy",
				"iam:GetPolicyVersion",
				"ec2:CreateLaunchTemplate",
				"ec2:DescribeLaunchTemplates",
				"ec2:DescribeInternetGateways",
				"ec2:ModifyVpcAttribute",
				"ec2:ModifySubnetAttribute",
				"ec2:DescribeNatGateways",
				"ec2:DescribeInstanceTypeOfferings",
				"ec2:DescribeEgressOnlyInternetGateways",
				"ec2:DescribeLaunchTemplateVersions",
				"ec2:DeleteLaunchTemplate",
				"eks:TagResource",
				"elasticloadbalancing:CreateLoadBalancer",
				"elasticloadbalancing:DescribeLoadBalancers",
				"elasticloadbalancing:DeleteLoadBalancer",
				"elasticloadbalancing:CreateTargetGroup",
				"elasticloadbalancing:DescribeTargetGroups",
				"elasticloadbalancing:RegisterTargets",
				"autoscaling:CreateAutoScalingGroup",
				"autoscaling:UpdateAutoScalingGroup",
				"autoscaling:DeleteAutoScalingGroup",
				"autoscaling:DescribeAutoScalingGroups",
				"autoscaling:DescribeScalingActivities",
				"cloudformation:DescribeChangeSet",
				"cloudformation:ExecuteChangeSet",
				"s3:CreateBucket",
				"s3:DeleteBucket",
				"s3:ListBucket",
				"s3:GetBucketLocation",
				"s3:GetBucketPolicy",
				"s3:PutBucketPolicy",
				"aws-marketplace:ViewSubscriptions",
				"ec2:DescribeKeyPairs",
				"ec2:CreateKeyPair"
			],
			"Resource": "*"
		}
	]
}

Valid AWS Marketplace Subscriptions for Exostellar Management Server, Exostellar Controller, Exostellar Worker AMIs for the same AWS account
SSH Key

SSH Key Creation

Use the following command to create a new SSH key pair:

BASH

aws ec2 create-key-pair --key-name 'my-dev-key' --query 'KeyMaterial' --output text --region us-east-2 > my-dev-key.pem

Modify the permission to secure the key:

BASH

chmod 400 my-dev-key.pem

x-install tool: Version 0.0.10+

x-install Download Options

Platform	Architecture	File	Release Date
macOS	ARM64	x-install-darwin-arm64-.0.0.10.tar.gz	11 Oct 2024
macOS	x86_64	x-install-darwin-x86_64-.0.0.10.tar.gz	11 Oct 2024
Linux	ARM64	x-install-linux-arm64-.0.0.10.tar.gz	11 Oct 2024
Linux	i386	x-install-linux-i386-.0.0.10.tar.gz	11 Oct 2024
Linux	x86_64	x-install-linux-x86_64-.0.0.10.tar.gz	11 Oct 2024
Windows	ARM64	x-install-windows-arm64-.0.0.10.zip	11 Oct 2024
Windows	i386	x-install-windows-i386-.0.0.10.zip	11 Oct 2024
Windows	x86_64	x-install-windows-x86_64-.0.0.10.zip	11 Oct 2024

For macOS users, please grant x-install permissions by clicking the “Allow Anyway” button in the Security settings. This button is available for about an hour after you try to open the app. You can access the Security settings by choosing Apple Menu > System Settings, then clicking Privacy & Security in the sidebar.

Installation Steps

1. Create a Standalone Stack

Go to the directory where x-install is downloaded and use the following command to create a standalone stack:

(Please modify the stack name, VPC CIDR, SSH key pair, and region to suit your environment.)

BASH

x-install create-standalone \
  --stack-name=xio-standalone \
  --vpc-cidr=10.0.0.0/16 \
  --ssh-key-pair-name=my-dev-key \
  --region=us-east-2

The new VPC and EKS cluster will inherit the stack name.
The VPC will be assigned the CIDR block 10.0.0.0/16.
The EC2 SSH key pair, my-dev-key, will be used to access the Exostellar Management Server.

2. Verify Post-Installation Readiness

After the standalone stack is successfully created, use the following command to check if the stack is ready:

BASH

x-install post-install --stack-name=xio-standalone --ssh-private-key-file=my-dev-key.pem --ssh-username=rocky

It might take a few attempts for post-install to pass all system units and containers readiness checks, due to infrastructure readiness latency.

3. Add an X-Compute Node to the Standalone EKS Cluster

To add an X-Compute node to the newly created standalone EKS cluster, first SSH into the Exostellar Management Server:

CODE

ssh -i "my-dev-key.pem" rocky@<management-server-public-ip>

On the server, run the following command to add a new node to the EKS cluster:

BASH

eks-node-cli add -n node-00 -c 1 -m 4096 -p pool-a -r az1 -k xio-standalone

The new node can be verified using the kubectl command:

CODE

kubectl get node -l eks.amazonaws.com/nodegroup=x-compute

Please ensure ~/.kube/config is set up properly. It takes a couple of minutes for the x-compute node to boot and show up.

The output should display the new nodes as ready:

CODE

NAME                                          STATUS   ROLES    AGE     VERSION
ip-10-0-39-220.us-west-1.x-compute.internal   Ready    <none>   4m17s   v1.29.3-eks-ae9a62a

By default, the EKS token used to access the standalone EKS cluster expired after 60 minutes. Following that, all attempts to access the cluster will fail with Unauthorized errors.

To generate a new EKS token and use it with your existing kubeconfig file, run:

BASH

x-install update-kubeconfig --stack-name=xio-standalone

4. Clean Up

Once the free trial period is over, the entire standalone stack can be deleted with the destroy command:

BASH

x-install destroy --stack-name xio-standalone

In some cases, Terraform might time out during the destroy process. If this happens, simply re-run the command to allow Terraform to reconcile its final state.

At this time, all controllers and workers EC2 instances need to be manually terminated.

Additional Help and Support

To explore other subcommands, use the following command for a list of available options:

CODE

x-install help

If you encounter any issues, please take a screenshot of your x-install output and download your ~/.xio/ folder. Then, submit both to Exostellar Customer Support for further assistance.