# Deploy the WEKA client on Amazon EKS

The WEKA client enables Kubernetes workloads on Amazon EKS to connect to and access a WEKA cluster deployed in AWS. Client pods are managed using Kubernetes custom resources and require coordination with the WEKA Operator for installation and lifecycle management.

#### Prerequisites

1. **Verify network access to the WEKA driver distribution service:** Ensure that the deployment environment has network access to `https://drivers.weka.io`. The WEKA client pods automatically download the required driver components from this public distribution service to interface with the WEKA filesystem. For more information, see [drivers-distribution-service](https://docs.weka.io/4.4/drivers-distribution-service "mention").
2. **Verify security groups and** [**NACL**](#user-content-fn-1)[^1] **configuration:** The WEKA client requires the ports specified in the following topics:
   * [#required-ports](https://docs.weka.io/4.4/planning-and-installation/prerequisites-and-compatibility#required-ports "mention") (in the **WEKA Prerequisites and compatibility** topic).
   * [#kubernetes-port-requirements](https://docs.weka.io/4.4/kubernetes/weka-operator-deployment/..#kubernetes-port-requirements "mention") (in the **WEKA Operator deployment** topic).
3. **Obtain setup information:** Contact the [WEKA Customer Success Team](https://docs.weka.io/4.4/support/getting-support-for-your-weka-system) to obtain the necessary setup information.

<table><thead><tr><th width="202">Component</th><th width="272">Parameter</th><th>Example</th></tr></thead><tbody><tr><td>Container repository (<a href="http://quay.io/">quay.io</a>)</td><td><code>QUAY_USERNAME</code> <code>QUAY_PASSWORD</code></td><td><code>example_user</code><br><code>example_password</code></td></tr><tr><td>WEKA Operator Version</td><td><code>VERSION</code></td><td><p><code>v1.6.1</code></p><p><code>v1.7.1</code></p></td></tr><tr><td>WEKA Image</td><td><code>WEKA_IMAGE_VERSION_TAG</code></td><td><code>4.4.5.118-k8s.4</code></td></tr></tbody></table>

By gathering this information in advance, you have all the required values to complete the deployment workflow efficiently. Replace the placeholders with the actual values in the setup files.

4. **A deployed WEKA cluster is required:** Use the same subnets and security groups from the WEKA cluster when configuring the EKS environment for client deployment. For guidance on deploying the WEKA cluster with Terraform, see [weka-installation-on-aws-using-terraform](https://docs.weka.io/4.4/planning-and-installation/aws/weka-installation-on-aws-using-terraform "mention").
5. **EKS deployment prerequisites:** Configure the EKS cluster with the following global settings:
   * **IAM Role and policy configuration:** Configure the appropriate IAM roles and policies for both the EKS cluster and its worker nodes:
   * **Cluster IAM role**

     Attach the IAM role associated with the EKS cluster:

     * AmazonEKSBlockStoragePolicy
     * AmazonEKSClusterPolicy
     * AmazonEKSComputePolicy
     * AmazonEKSLoadBalancingPolicy
     * AmazonEKSNetworkingPolicy

     (These policies are included when using the recommended IAM role: **EKS - Auto Cluster**.)
   * **Node group IAM role**\
     Attach the IAM role for the managed node groups, which host the worker nodes running the WEKA operator:

     * AmazonEC2ContainerRegistryPullOnly
     * AmazonEKSWorkerNodeMinimalPolicy

     Additionally, to ensure proper networking functionality, attach the following policy:

     * AmazonEKS\_CNI\_Policy

     (These policies are included in the recommended IAM role: **EKS - Auto Node**.)
   * **CPU allocation**
     * Enable the Static CPU allocation.
     * Reserve Core 0.
   * **Hugepages allocation**
     * Reserve 1.5 GiB for the client core.

<details>

<summary>Example: How to set up CPU allocation and hugepages </summary>

Add to the worker nodes launch template the following sections:

{% code overflow="wrap" %}

```bash
#Set up core alloaction
CONFIG_PATH="/etc/kubernetes/kubelet/kubelet-config.json"
cat <<< $(jq '.systemReserved.cpu = "1"' "$CONFIG_PATH") > "$CONFIG_PATH"
cat <<< $(jq '.cpuManagerPolicy = "static"' "$CONFIG_PATH") > "$CONFIG_PATH"

#Set up hupepages
if [ $(cat /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages) == "` + hugepagesStr + `" ]; then
 echo hugepages already set
else
cat <<EOF > /etc/systemd/system/hugepages.service

[Unit]
Description=Hugepages

[Service]
Type=oneshot
ExecStart=/bin/sh -c 'echo "` + hugepagesStr + `" > /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages;'
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable hugepages
systemctl restart hugepages
fi
```

{% endcode %}

</details>

#### Procedure

1. **Label the EKS nodes (optional):** Label EKS worker nodes intended for WEKA client deployment. Apply the label to each node designated to host WEKA client pods.

```bash
kubectl label nodes <node-name> weka.io/supports-clients=true
```

2. **Create namespaces and configure Quay authentication**: Set up the required Kubernetes namespaces (`weka-operator-system` and `default`), and create a Docker registry secret to authenticate access to WEKA container images hosted on Quay:

```bash
kubectl create namespace weka-operator-system

kubectl create secret docker-registry quay-io-robot-secret \
   --docker-server=quay.io \
   --docker-username=$QUAY_USERNAME \
   --docker-password=$QUAY_PASSWORD \
   --docker-email=$QUAY_USERNAME \
   --namespace=weka-operator-system
   
kubectl create secret docker-registry quay-io-robot-secret \
   --docker-server=quay.io \
   --docker-username=$QUAY_USERNAME \
   --docker-password=$QUAY_PASSWORD \
   --docker-email=$QUAY_USERNAME \
   --namespace=default
```

3. **Install the WEKA Operator:** Install the WEKA Operator using the official Helm chart:

```bash
helm upgrade \
  --install weka-operator oci://quay.io/weka.io/helm/weka-operator \
  --namespace weka-operator-system \
  --version v1.6.1
```

4. **Configure NICs:** Create the `ensure-nics.yaml` manifest to enable multi-NIC support on selected nodes:

{% code title="ensure-nics.yaml" %}

```yaml
apiVersion: weka.weka.io/v1alpha1
kind: WekaPolicy
metadata:
  name: ensure-nics-policy
  namespace: weka-operator-system
spec:
  type: "ensure-nics"
  image: quay.io/weka.io/weka-in-container:4.4.5.118-k8s.4
  imagePullSecret: "quay-io-robot-secret"
  payload:
    ensureNICsPayload:
      type: aws
      nodeSelector:
        support-client: "true"
      dataNICsNumber: 2
```

{% endcode %}

Apply the manifest:

```
kubectl apply -f ensure-nics.yaml
```

5. **Deploy the WEKA client resource:**  Define the WEKA client custom resource. Replace the `joinIpPorts` value with a valid IP or ALB DNS of the deployed WEKA cluster:

{% code title="weka-client.yaml" %}

```yaml
apiVersion: weka.weka.io/v1alpha1
kind: WekaClient
metadata:
  name: cluster-dev-clients
  namespace: default
spec:
  image: quay.io/weka.io/weka-in-container:4.4.5.118-k8s.4
  imagePullSecret: "quay-io-robot-secret"
  driversDistService: "https://drivers.weka.io"
  portRange:
    basePort: 46000
  nodeSelector:
    weka.io/supports-clients: "true"
  joinIpPorts: ["10.0.76.143:14000"]
  coresNum: 4
```

{% endcode %}

Apply the manifest:

```
kubectl apply -f weka-client.yaml
```

6. **Install a CSI plugin:** Follow the procedures in [weka-csi-plugin](https://docs.weka.io/4.4/appendices/weka-csi-plugin "mention").

[^1]: Network Access Control List