Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs(aar): add instructions to use instance profiles with AAR #37

Merged
merged 1 commit into from
Feb 21, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
docs(aar): add instructions to use instance profiles with AAR
This commit adds the instructions to make use of the newly added support
for instance profiles in AAR.
  • Loading branch information
jat-canonical committed Feb 21, 2024
commit 33f6fa158f9e4dd848276efd6c6da67fc1f92345
24 changes: 19 additions & 5 deletions howto/aar/deploy.md
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,9 @@ To use the AWS S3 storage backend, you must create a dedicated S3 bucket for the

If you don’t plan to use the [CloudFront CDN](#aws-cloudfront-cdn-support-3), you should use a region close to your Anbox Cloud deployment to keep download times low.

To allow the AAR to access the S3 bucket, create an [IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html) user with the following policy:
### Configure bucket access for AAR

To allow the AAR to access the S3 bucket, create an [IAM Policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html):

```json
{
Expand Down Expand Up @@ -51,17 +53,26 @@ To allow the AAR to access the S3 bucket, create an [IAM](https://docs.aws.amazo

Replace `aar0` in the policy with the name of your bucket.

Once you created the IAM user, create an access key for the user, which the AAR will use. See the [AWS documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html) for more details on this.
There are two ways to configure the bucket access for AAR using the policy created earlier:

Add the credentials to the `config.yaml` file:
1. Create an IAM user and an access key for this user, which the AAR will use. See the [AWS documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html) for more details on this. Assign the policy created earlier to this user.

```
2. Create an instance profile using the IAM policy created earlier and attach the instance profile to the instance where AAR is deployed. For more information, see the [AWS documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html) for more details on this.

### Configure AAR

Add the following configuration to the `config.yaml` file:

```yaml
aar:
storage_config: |
storage:
s3:
region: eu-west-3
bucket: aar0
# Access Key and Secret Access Key are only required if an IAM user is
# used to access the bucket. They can be omitted if an instance profile
# is going to be attached to the instance.
access-key: <your access key>
secret-access-key: <your secret access key>
```
Expand All @@ -78,13 +89,16 @@ Once you have set up a CloudFront distribution for your S3 bucket, you only need

Add the credentials to the `config.yaml` file:

```
```yaml
aar:
storage_config: |
storage:
s3:
region: eu-west-3
bucket: aar0
# Access Key and Secret Access Key are only required if an IAM user is
# used to access the bucket. They can be omitted if an instance profile
# is going to be attached to the instance.
access-key: <your access key>
secret-access-key: <your secret access key>
cloudfront:
Expand Down
2 changes: 1 addition & 1 deletion reference/release-notes/1.21.0.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

The Anbox Cloud team is pleased to announce the release of Anbox Cloud 1.21.0.

Please see [component versions](https://anbox-cloud.io/docs/reference/component-versions) for a list of updated components.

Check failure on line 5 in reference/release-notes/1.21.0.md

View workflow job for this annotation

GitHub Actions / Check docs links

Incorrect docs link

Documentation links should point to Discourse

## New features & improvements

Expand All @@ -10,18 +10,18 @@

### Core stack improvements

* Android Automotive (AAOS) images with experimental VHAL support are available. See [Provided images](https://anbox-cloud.io/docs/reference/provided-images) for more details.

Check failure on line 13 in reference/release-notes/1.21.0.md

View workflow job for this annotation

GitHub Actions / Check docs links

Incorrect docs link

Documentation links should point to Discourse
* Initial support for installing Anbox Cloud Appliance on Ubuntu 24.04.<!--AC-2229-->
* Production support for Vulkan on NVIDIA GPUs is available but remains opt-in. Support must be explicitly enabled and set up. For instructions on enabling the VirGL rendering path for Vulkan support, see [How to enable VirGL](https://anbox-cloud.io/docs/howto/anbox/enable-virgl).<!--AC-2152-->

Check failure on line 15 in reference/release-notes/1.21.0.md

View workflow job for this annotation

GitHub Actions / Check docs links

Incorrect docs link

Documentation links should point to Discourse

This release also provides [Renderdoc](https://github.com/baldurk/renderdoc) support for debugging purposes. See [Graphics debugging with renderdoc](https://anbox-cloud.io/docs/howto/android/graphics-debugging-with-renderdoc) for more information. <!--AC-2093-->

Check failure on line 17 in reference/release-notes/1.21.0.md

View workflow job for this annotation

GitHub Actions / Check docs links

Incorrect docs link

Documentation links should point to Discourse
* The NVIDIA UDA driver variant with version 545 or later can be installed with the Anbox Cloud Appliance by using the `nvidia-driver-series` and `use-nvidia-uda-driver` flags with the `anbox-cloud-appliance init` command. <!--AC-2259-->
* GL Async swap support is disabled by default. See [GL Async swap support](https://discourse.ubuntu.com/t/ams-configuration/20872#gl-async-swap-support-11) for more information.<!--AC-2228-->
* In the [AMS HTTP API](https://canonical.github.io/anbox-cloud.github.com/latest/ams/), `/1.0` endpoint exposes the cluster ID and name to enable identifying a subcluster.<!--AC-2148-->
* The [Anbox Cloud NFS operator](https://github.com/canonical/anbox-cloud-nfs-operator) charm now supports mounting EFS file system on AWS when you require Transport Layer Security (TLS). With an EFS file system, you can [configure](https://github.com/canonical/anbox-cloud-nfs-operator/blob/main/config.yaml) the charm with the following parameters:<!--AC-2119/2001-->
- `mount_type` set to `efs`
- `nfs_extra_options` set to `tls`
* The Anbox Application Registry(AAR) can make use of Identity and Access Management(IAM) roles applied to an AWS instance using instance profiles. This relieves you from having to configure an access key/secret for instances. For information on how to use an IAM role in instance profiles, see [AWS IAM documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html). <!--AC-2025/1700-->
* The Anbox Application Registry(AAR) can make use of Identity and Access Management(IAM) roles applied to an AWS instance using instance profiles. This relieves you from having to configure an access key/secret for instances. For information on how to use an IAM role in AAR, see [how to deploy AAR](https://anbox-cloud.io/docs/howto/aar/deploy). <!--AC-2025/1700-->

Check failure on line 24 in reference/release-notes/1.21.0.md

View workflow job for this annotation

GitHub Actions / Check docs links

Incorrect docs link

Documentation links should point to Discourse
* The NATS charm is switched from its [older version](https://charmhub.io/nats-charmers-nats) to a [newer version](https://charmhub.io/nats) on Charmhub. This would require that you switch to the new charm source. For more information, see [How to upgrade Anbox Cloud](https://discourse.ubuntu.com/t/how-to-upgrade-anbox-cloud/17750).

### Dashboard improvements
Expand Down Expand Up @@ -61,4 +61,4 @@

## Upgrade instructions

See [Upgrade Anbox Cloud](https://anbox-cloud.io/docs/howto/update/upgrade-anbox) or [Upgrade the Anbox Cloud Appliance](https://anbox-cloud.io/docs/howto/update/upgrade-appliance) for instructions on how to update your Anbox Cloud deployment to the 1.21.0 release.

Check failure on line 64 in reference/release-notes/1.21.0.md

View workflow job for this annotation

GitHub Actions / Check docs links

Incorrect docs link

Documentation links should point to Discourse