This guide explains how to install hoop self-hosted with helm on AWS in a EKS cluster
Requirements
- Valid DNS for gRPC & HTTP(s) services (e.g.: hoopdev.yourdomain.com)
- Valid certificated issued by ACM
- Hoop Command Line installed locally
- Helm installed locally
Before starting provisioning the app, make sure to create a security group inbound rule to
0.0.0.0/0
that opens traffic to ports 443 (HTTPS) and 8443 (Custom TCP).For this demo we're going to use as example the dns appdemo.hoop.dev.
Install a Postgres Instance
Deploy the Gateway
Change the attributes
config
, ingressApi
and ingressGrpc
accordingly to your system configuration, save this file to appdemo.yaml
Helm values file: appdemo.yaml
To deploy it, download the latest version of the helm chart and create the app with helm
bashVERSION=$(curl -s https://releases.hoop.dev/release/latest.txt) helm upgrade --install hoop \ https://releases.hoop.dev/release/$VERSION/hoop-chart-$VERSION.tgz \ -f appdemo.yaml \ --namespace appdemo
Wait for the application to start and follow the provisioning of the load balancer to obtain the DNS of the load balancer, the command below should show the address of the load balancer.
bash$ kubectl get ing -n appdemo NAME CLASS HOSTS ADDRESS PORTS AGE hoopgateway-grpc alb appdemo.hoop.dev k8s-appdemo-8fb788e609-333220751.us-east-1.elb.amazonaws.com 80 81m hoopgateway-web alb appdemo.hoop.dev k8s-appdemo-8fb788e609-333220751.us-east-1.elb.amazonaws.com 80 81m
ADDRESS
If the address doesn't appear, check if you installed the load balancer controller properly
Configuring DNS
Configure the
ADDRESS
as a CNAME
record in your dns provider. For this demo, the following configuration is necessary.DNS | TYPE | VALUE |
appdemo.hoop.dev | CNAME | k8s-appdemo-8fb788e609-333220751.us-east-1.elb.amazonaws.com |
Testing
Once the DNS has propagated, visit the address
https://appdemo.hoop.dev
and complete the initial signup process. If everything is configured correctly, you should be able to successfully log in with your provider.Setting up your initial Agent
Now you can start connecting your private infrastructure with agents. Our helm-chart includes a default agent that runs in the same network as the gateway. This is useful if you need to connect to something already available in the Kubernetes cluster network.
- Open your terminal and configure the command line to connect to your instance
shellhoop config create --api-url https://appdemo.hoop.dev
- Login to your instance
shellhoop login
- Create a default agent
shellHOOP_KEY=$(hoop admin create agents default)
- Re-deploy the gateway enabling the agent container
shellhelm upgrade --install hoop \ https://releases.hoop.dev/release/$VERSION/hoop-chart-$VERSION.tgz \ -f appdemo.yaml \ --set "agentConfig.enabled=true" \ --set "agentConfig.gateway.key=$HOOP_KEY" \ --namespace appdemo
This will enable an agent running as a sidecar container alongside with the gateway deployment.
- Check if the agent is ONLINE
shell$ hoop admin get agents UID NAME MODE VERSION HOSTNAME PLATFORM STATUS ... default standard 1.16.3 ... linux/amd64 ONLINE
Create your first Connection
With your agent running, it is possible to create a connection to interact with a private resource. Let's try creating a connection to interact with the PostgreSQL instance.
Create a Postgres Connection
shellhoop admin create connection pg-root -a default --type postgres \ -e HOST=pg.appdemo \ -e USER=root \ -e DB=hoopdemo \ -e PORT=5432 \ -e PASS=1a2b3c4d
This connection utilizes the root credentials from the postgres deployment. It is now possible to interact with the connection using the command line.
Native Access (Port Forward)
In this mode you can connect using your favorite IDE or any postgres client available.
bash$ hoop connect pg-root connection: pg-root | session: 98f0905c-e1b2-4360-8c4b-3e464730316a --------------------postgres-credentials-------------------- host=127.0.0.1 port=5433 user=noop password=noop ------------------------------------------------------------
Open a new terminal and try to connect it with a postgres client
bashpsql -h 127.0.0.1 --port 5433 postgres -c '\l'
Ad-hoc Queries
If the user does not have a client installed locally, they can interact with "hoop exec". However, this connection is by default limited to the "hoopdemo" database.
bashhoop exec pg-root -i '\d+'