# Deploy EMQX On Amazon Elastic Kubernetes Service
EMQX Operator supports deploying EMQX on Amazon Container Service EKS (Elastic Kubernetes Service). Amazon EKS is a managed Kubernetes service that makes it easy to deploy, manage, and scale containerized applications. EKS provides the Kubernetes control plane and node groups, automatically handling node replacements, upgrades, and patching. It supports AWS services such as Load Balancers, RDS, and IAM, and integrates seamlessly with other Kubernetes ecosystem tools. For details, please see What is Amazon EKS (opens new window)
# Before You Begin
Before you begin, you must have the following:
Activate Amazon Container Service and create an EKS cluster. For details, please refer to: Create an Amazon EKS cluster (opens new window)
Connect to EKS cluster by installing kubectl tool locally: For details, please refer to: Using kubectl to connect to the cluster (opens new window)
Deploy an AWS Load Balancer Controller on a cluster, for details, please refer to: Create a Network Load Balancer (opens new window)
Install EMQX Operator: For details, please refer to: Install EMQX Operator
# Quickly Deploy An EMQX Cluster
The following is the relevant configuration of EMQX custom resources. You can select the corresponding APIVersion according to the EMQX version you want to deploy. For the specific compatibility relationship, please refer to Compatibility list between EMQX and EMQX Operator
# Use MQTT X CLI To Publish/Subscribe Messages
MQTT X CLI (opens new window) is an open source MQTT 5.0 command line client tool, designed to help developers to more Quickly develop and debug MQTT services and applications.
Obtain External IP of EMQX cluster
Subscribe to news
$ mqttx sub -t 'hello' -h ${external_ip} -p 1883 [10:00:25] › … Connecting... [10:00:25] › ✔ Connected [10:00:25] › … Subscribing to hello... [10:00:25] › ✔ Subscribed to hello
1
2
3
4
5
6create a new terminal window and publish message
$ mqttx pub -t 'hello' -h ${external_ip} -p 1883 -m 'hello world' [10:00:58] › … Connecting... [10:00:58] › ✔ Connected [10:00:58] › … Message Publishing... [10:00:58] › ✔ Message published
1
2
3
4
5
6View messages received in the subscribed terminal window
[10:00:58] › payload: hello world
1
# Terminate TLS Encryption With LoadBalancer
In Amazon EKS, you can use the NLB to do TLS termination, which you can do in the following steps:
Import relevant certificates in AWS Console (opens new window), then enter the details page by clicking the certificate ID, Then record the ARN information
TIP
For the import format of certificates and keys, please refer to import certificate (opens new window)
Add some annotations in EMQX custom resources' metadata, just as shown below:
## Specifies the ARN of one or more certificates managed by the AWS Certificate Manager. service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-west-2:xxxxx:certificate/xxxxxxx ## Specifies whether to use TLS for the backend traffic between the load balancer and the kubernetes pods. service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp ## Specifies a frontend port with a TLS listener. This means that accessing port 1883 through AWS NLB service requires TLS authentication, ## but direct access to K8S service port does not require TLS authentication service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "1883"
1
2
3
4
5
6
7The value of
service.beta.kubernetes.io/aws-load-balancer-ssl-cert
is the ARN information we record in step 1.