Skip to main content
Version: 1.4.x

Onboard Workload(s) from AWS Auto Scaling Group

To onboard a workload deployed on AWS Auto Scaling Group (ASG), you will need to perform all setup actions as part of the instance launch script instead of executing commands on the EC2 instance.

In a nutshell, you will need to move setup commands from previous steps into the cloud-init configuration associated with instances in the Auto Scaling Group.

Specifically,

  1. Move setup commands from the Install Bookinfo Ratings application step
  2. Move setup commands from the Install Istio sidecar step
  3. Move setup commands from the Install Workload Onboarding Agent on AWS EC2 instance step
  4. Move setup commands from the Onboard workload from AWS EC2 instance step

The following configuration is a sample that has all of the steps joined together. Replace example-ca-certificate with the with the value of example-ca.crt.pem, and ONBOARDING_ENDPOINT_IP with the value that you have obtained earlier.

#cloud-config

write_files:
# Certificate of the custom CA
- content: |
    <example-ca-certificate>
  path: /usr/local/share/ca-certificates/example-ca.crt
  owner: root:root
  permissions: '0644'
# Onboarding Configuration
- content: |
    apiVersion: config.agent.onboarding.tetrate.io/v1alpha1
    kind: OnboardingConfiguration
    onboardingEndpoint:
      host: <ONBOARDING_ENDPOINT_IP>
      transportSecurity:
        tls:
          sni: onboarding-endpoint.example
    workloadGroup:
      namespace: bookinfo
      name: ratings
    workload:
      labels:
        version: v5
    settings:
      connectedOver: INTERNET
  path: /etc/onboarding-agent/onboarding.config.yaml
  owner: root:root
  permissions: '0644'

runcmd:
- |
  #!/usr/bin/env bash

  set -ex

  # Install the latest version of trusted CA certificates
  sudo apt-get update -y
  sudo apt-get install -y ca-certificates
  # Trust certificate of the custom CA
  sudo update-ca-certificates

  # Install Bookinfo ratings app
  curl --silent --location https://deb.nodesource.com/setup_12.x | sudo bash -
  sudo apt-get install -y nodejs
  curl -LO https://gist.github.com/yskopets/0eca41a2c8ca5b33acebe2a77c6bdedc/raw/a542df1d67dc2f453cac92a3577404a4a062b366/bookinfo-ratings.deb
  sudo apt-get install -y ./bookinfo-ratings.deb
  rm bookinfo-ratings.deb
  sudo systemctl enable bookinfo-ratings
  sudo systemctl start bookinfo-ratings

  ONBOARDING_ENDPOINT_IP=<ONBOARDING_ENDPOINT_IP>

  # Install Istio Sidecar
  curl -LO \
    --resolve "onboarding-endpoint.example:443:${ONBOARDING_ENDPOINT_IP}" \
    "https://onboarding-endpoint.example/install/deb/amd64/istio-sidecar.deb"
  curl -LO \
    --resolve "onboarding-endpoint.example:443:${ONBOARDING_ENDPOINT_IP}" \
    "https://onboarding-endpoint.example/install/deb/amd64/istio-sidecar.deb.sha256"
  sha256sum --check istio-sidecar.deb.sha256
  sudo apt-get install -y ./istio-sidecar.deb
  rm istio-sidecar.deb istio-sidecar.deb.sha256

  # Install Workload Onboarding Agent
  curl -LO \
   --resolve "onboarding-endpoint.example:443:${ONBOARDING_ENDPOINT_IP}" \
   "https://onboarding-endpoint.example/install/deb/amd64/onboarding-agent.deb"
  curl -LO \
    --resolve "onboarding-endpoint.example:443:${ONBOARDING_ENDPOINT_IP}" \
    "https://onboarding-endpoint.example/install/deb/amd64/onboarding-agent.deb.sha256"
  sha256sum --check onboarding-agent.deb.sha256
  sudo apt-get install -y ./onboarding-agent.deb
  rm onboarding-agent.deb onboarding-agent.deb.sha256
  sudo systemctl enable onboarding-agent
  sudo systemctl start onboarding-agent

Once the data is associated with the user data of your Auto Scaling Group, try scaling up and down the Auto Scaling Group, and verify that the Workload is onboarded properly