Deployment of cSRX in AWS Using EKS for Orchestration
cSRX Container Firewall deployment on AWS can be achieved as plain docker container on EC2 instance using Amazon Elastic Kubernetes Service (Amazon EKS). The cluster management is done by Kubernetes, assisted by AWS and all Kubernetes commands work as is in case of EKS for container creation and management. This topic provides you details on how you can deploy cSRX on AWS cloud using Elastic Kubernetes Services (EKS) for Orchestration.
Deploy cSRX in AWS Using EKS
This topic provides you details to deploy the cSRX on AWS cloud.
Sample File for cSRX Deployment
This topic provides you sample file for deploying cSRX in AWS cloud using AWS EKS orchestration.
vim csrx.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: csrx-byol
labels:
app: csrx-byol
spec:
replicas: 2
selector:
matchLabels:
app: csrx-byol
template:
metadata:
name: csrx-byol
labels:
app: csrx-byol
annotations:
k8s.v1.cni.cncf.io/networks: br-51@eth1, br-52@eth2
spec:
serviceAccountName: csrxpod
containers:
- name: csrx-byol
securityContext:
privileged: true
image: <csrx-image> ## replace image name with repo:tag
ports:
- containerPort: 80
env:
- name: CSRX_SIZE
value: "large"
- name: CSRX_HUGEPAGES
value: "no"
- name: CSRX_PACKET_DRIVER
value: "interrupt"
- name: CSRX_FORWARD_MODE
value: "routing"
- name: CSRX_AUTO_ASSIGN_IP
value: "yes"
- name: CSRX_MGMT_PORT_REORDER
value: "yes"
- name: CSRX_TCP_CKSUM_CALC
value: "yes"
- name: CSRX_JUNOS_CONFIG
value: "/var/jail/csrx_config"
- name: CSRX_LICENSE_FILE
value: "/var/jail/.csrx_license"
volumeMounts:
- name: disk
mountPath: "/dev"
- name: config
mountPath: "/var/jail"
volumes:
- name: disk
hostPath:
path: /dev
type: Directory
- name: config
configMap:
name: cm-byol
items:
- key: csrx_config
path: csrx_config
- key: csrx_license
path: .csrx_license
---
apiVersion: v1
kind: Service
metadata:
labels:
app: csrx-byol
name: csrx-byol
spec:
selector:
app: csrx-byol
ports:
- protocol: TCP
port: 80
targetPort: 80