Cloud Native Ecosystem / Cloud Services / Kubernetes

Tutorial: Deploy Anthos Apps from GCP Marketplace into Amazon EKS Cluster

26 Jun 2020 9:48am, by

In the last and final part of the Anthos series, we will configure an Amazon Web Services’ Elastic Kubernetes Service cluster registered with Google’s Anthos to deploy Kubernetes Apps from the GCP Marketplace.

Let’s jump right in…

Preparing Amazon EKS for GCP Marketplace Apps

Similar to the gke-connect and config-management-system namespaces used by the Anthos Hub and Anthos Config Management, Anthos expects a namespace called application-system which will run the agent to install the apps from the GCP Marketplace.

We need to create at least two namespaces and enable them to pull the container images from the Google Container Registry (GCR) associated with the Marketplace.

Let’s create the first namespace. Switch to the EKS context to ensure that kubectl is pointed to the right cluster.

Use the kubens utility to modify the context to point to the namespace.

In order to pull the images from GCR, we need to create a service account and download the associated JSON token.

Run the below commands to create the service account with permissions to pull GCR images and download the generated JSON token.

Make sure you set the PROJECT environment variable to your GCP project name.

With the JSON token in place, let’s create a secret with the contents of the token.

We need to patch the default service account within the namespace to use the secret to pull images from GCR instead of Docker Hub.

Finally, let’s annotate the application-system namespace to enable the deployment of Kubernetes Apps from GCP Marketplace.

These steps created a new namespace and enabled it for GCP Marketplace.

Changing the Storage Class

GCP Marketplace expects a storage class by name standard as the default storage class.

Let’s first remove the default flag from the gp2 storage class by patching it.

We will now create a new storage class based Amazon EBS and mark it as the default one.

You can see that the standard storage class is now the default storage class. This will be utilized by the GCP Marketplace Apps to dynamically provision Persistent Volume (PV) and Persistent Volume Claim (PVC).

Creating and Configuring a Namespace for the GCP Marketplace App

The above namespace runs the marketplace app install agent while the new namespace that we create will be used by the workload.

We will follow the same steps used for configuring the application-system namespace but with a slight change in the container registry endpoint.

Notice that the docker-server key is pointing to which holds the container images for the GCP Marketplace Apps.

Similar to the other namespace, we need to patch the default service account within the pgsql namespace to use the secret to pull images from GCR instead of Docker Hub.

Finally, let’s annotate the pgsql namespace to enable the deployment of Kubernetes Apps from GCP Marketplace.

Deploying the App from GCP Marketplace

Visit the GCP Marketplace and search for PostgreSQL Server.

Click on the Configure button to start the deployment process.

Choose the Amazon EKS cluster from the Cluster dropdown.

Choose the pgsql namespace and the standard storage class. Click the deploy button.

In a few seconds, the PostgreSQL pod will be up and running in the pgsql namespace of Amazon EKS cluster.

Since it is a StatefulSet, an associated PV and PVC are also created.

The GCP Console shows the deployment components.

You can connect to the PgSQL instance by running the following commands:

Deleting the app in the Marketplace will remove all the objects in the x namespace.

To recap, we are now accessing a PgSQL running in a pod deployed in Amazon EKS from GCP Marketplace via Anthos.

This concludes the 4-part series on Anthos.  You can watch all the demos covered in this series in this MI2 webinar recording.

Janakiram MSV’s Webinar series, “Machine Intelligence and Modern Infrastructure (MI2)” offers informative and insightful sessions covering cutting-edge technologies. Sign up for the upcoming MI2 webinar at

Amazon Web Services is a sponsor of The New Stack.

At this time, The New Stack does not allow comments directly on this website. We invite all readers who wish to discuss a story to visit us on Twitter or Facebook. We also welcome your news tips and feedback via email: [email protected].

The New Stack is a wholly owned subsidiary of Insight Partners, an investor in the following companies mentioned in this article: Docker.