HOWTO: Deploy Deis on EC2
Please note that this blog post is targeted towards Deis v0.11.0. Please read the installation docs on setting up a cluster for the version you wish to run.
I recently deployed https://deis.fishworks.io on EC2, so I thought a blog post on how I configured the cluster may be useful to some users. The process here is mostly to do with EC2, but it can apply to any public/private cloud provider. Alternatively, you can roll your own CoreOS cluster with VMWare, QEMU, or though some other supported platform in their documentation.
There are some prerequisites to this blog post before deploying a cluster:
- you must have an account on EC2
- you must have a wildcard SSL certificate for your cluster
I purchased my RapidSSL wildcard cert through Namecheap, but feel free to use whatever means you prefer.
To get started, let's provision a new cluster on EC2. Following the EC2 docs:
Next, we need to upload an SSH key so we can communicate with the CoreOS cluster though an SSH tunnel. When I uploaded my SSH keypair, instead of generating a new key and uploading that to EC2, I uploaded the key I already use on EC2 with the id "deis":
Next up is to configure fleetctl, as well as some cluster configuration:
To explain what these environment variables represent:
DEISNUMINSTANCES refers to how many nodes in the cluster you wish to provision.
DEISNUMROUTERS refers to the number of routers to install in the cluster. 3 should be more than enough for our needs.
DEIS_HOSTS refers to the hosts in the cluster. This environment variable is used for commands like
make build. We will create the A records for these nodes once they come online.
FLEETCTL_TUNNEL is the host you'll be connecting to communicate to the fleet cluster. More information can be found here.
Now that we have them all set, let's provision a CoreOS cluster:
Once we've finished provisioning the cluster, we can now add the DNS entries. For Deis, it requires that you use a wildcard subdomain for applications. When we provisioned the cluster, we were also provided with an Elastic Load Balancer which points to the three nodes in the cluster. Start by creating a CNAME record for the wildcard DNS:
Then, we can create A records for the CoreOS nodes:
Once we're done with that, let's configure the load balancer to use SSL. We don't want to be sending our login credentials in plain text! We'll tell the load balancer to forward all HTTPS requests to port 80 on the routers. I kept the HTTP listener because I still want my apps to be able to connect via HTTP.
Then, you'll want to open up port 443 on the load balancer. This is done by editing the security group settings for the load balancer:
Now we can deploy Deis.
This will pull all of the Deis components onto the cluster and then start the components.
make pull is optional, but it is nice to pull the images first and make sure that they
are pulled into the cluster (in case of DockerHub downtime).
Once that's done, you can start by creating your first user!
Once you're finished with creating all the users that you wish, you can disable registration. This will prevent others from registering new accounts:
And there you have it! One Deis cluster on EC2, ready to go. If you have any more questions or comments on this post, please feel free to contact me, or open a pull request!