GuidesAPI Reference
Join the Mailing List

Orka on AWS: Getting Started

With Orka coming to AWS, you can now effortlessly integrate macOS development and macOS CI/CD into your AWS workflows and environments.

Suggest Edits

🚧

Quick navigation

Time to read: 4 minutes, 36 seconds

Jump to: How does Orka on AWS work? | Licensing and cost | Terms | Initial configuration | Using Orka on AWS at a glance

See also: Initial configuration guide | Known limitations | VNC and Screen Sharing to a VM | Accessing the Orka Web UI

Orka (Orchestration with Kubernetes on Apple) is a virtualization layer for Mac build infrastructures based on Docker and Kubernetes technology. Orka lets you orchestrate macOS in a cloud environment using Kubernetes on genuine Apple hardware.

With Orka coming to AWS, you can now effortlessly integrate macOS development and macOS CI/CD into your AWS workflows and environments.

How does Orka on AWS work?

Your Orka cluster is a Virtual Private Cloud (VPC) within a MacStadium-owned and operated account, dedicated exclusively to you and your cluster. The resources from your own VPC (the customer VPC) and the Orka cluster connect to and access each other via VPC peering.

The VPC peering between the Orka cluster and your customer VPC acts as a permanent VPN tunnel. After the MacStadium team completes the cluster and VPC peering configuration, you can use your Orka on the AWS cluster as a regular Orka cluster (with a few known limitations).

Licensing and cost

For licensing and cost information, reach out to [email protected].

For questions related to licensing management, reach out to [email protected].

Terms

  • The Orka prefix (Orka cluster, Orka network, Orka VPC, etc.) indicates that the term pertains to the Orka AWS infrastructure managed by MacStadium. To report issues with the Orka on AWS infrastructure or to request any changes, submit a ticket through the MacStadium portal.
  • The customer prefix indicates that the term pertains to your own AWS infrastructure, managed by you.

Initial configuration

❗️

CAUTION

Do not use the customer account root user to complete any steps of the configuration.

  1. Contact MacStadium for access to Orka on AWS.
  2. When prompted, provide the following information to the MacStadium team.
    • The region of your customer VPC
    • The account ID of your customer Amazon account
    • The VPC ID of your customer VPC that will have access to your Orka cluster
    • The customer network CIDR of the customer VPC network
    • The Orka network CIDR (it must not overlap with the customer network CIDR)
    • The Security groups IDs will have access to the Orka cluster
  3. The MacStadium team creates the AWS account for the Orka cluster and the VPC peering request, and returns the following information to you.
    • Peering connection ID
    • Requester owner ID
    • Requester VPC
  4. Accept the VPC peering request and notify the MacStadium team that the peering connection is active. Verify the request data against the information provided by MacStadium earlier.

🚧

Time to complete

The MacStadium team will take up to 24 hours to configure the request and send back the details. You will have up to 7 days to accept the pending request, before it expires.

As soon as you confirm the VPC peering request, the peering connection instantly becomes live and active.

  1. Modify the route tables of the customer VPC to enable communication between the instances in the customer VPC and the Orka VPC.
  2. The MacStadium team completes the security and traffic configuration of the Orka VPC and returns the following information to you.
    • Orka account ID
    • Orka VPC ID
    • Peering connection ID
    • Orka endpoint
    • Orka network CIDR
    • Orka security group ID (if configured)

Using Orka on AWS at a glance

The VPC peering between the Orka cluster and your customer VPC acts as a permanent VPN tunnel. After the MacStadium team completes the cluster and VPC peering configuration, you can use your Orka on AWS cluster as a regular Orka cluster (with a few known limitations).

📘

IMPORTANT

You will run all CLI commands and API requests against the Orka endpoint. The MacStadium team will provide you with your Orka endpoint.

👍

Looking for the Orka Web UI?

You need to configure port forwarding to be able to use the Orka Web UI with Orka on AWS. See here.

Workflow overview

❗️

CAUTION

Never use the customer account root user when working with your Orka VPC.

  1. Deploy a VM in your customer VPC.

  2. Configure the VM in your customer VPC for access to the Orka cluster. For example, install the Orka CLI, configure your CI/CD plugins, or make sure that you can run API calls from the machine.

  3. Setup your CLI and obtain an access token.

    ToolCommand
    Orka CLIorka3 config set --api-url <ORKA_API_URL> && orka3 login
    Orka APIN/A- use the orka3 CLI to obtain an access token

  4. Deploy a VM.

    ToolCommand
    Orka CLIorka3 vm deploy --image sonoma-90gb-orka3
    Orka APIcurl --request POST --url <ORKA_API_URL/api/v1/namespaces/orka-default/vms> --header 'Authorization: Bearer <ACCESS_TOKEN>' --header 'accept: application/json' --header 'content-type: application/json' --data '{"image": "sonoma-90gb-orka3"}'

  5. Connect to the Orka instance, make changes to the system, and save the VM image.

    ToolCommand
    Orka CLIorka3 vm commit <VM_NAME>
    Orka APIcurl --request POST --url <ORKA_API_URL/api/v1/namespaces/orka-default/vms/<VM_NAME/commit --header 'Authorization: Bearer \<ACCESS_TOKEN>' --header 'accept: application/json' --header 'content-type: application/json'

  6. Deploy instances with the updated configuration.

    ToolCommand
    Orka CLIorka3 vm deploy --image sonoma-90gb-orka3
    Orka APIcurl --request POST --url <ORKA_API_URL/api/v1/namespaces/orka-default/vms> --header 'Authorization: Bearer <ACCESS_TOKEN>' --header 'accept: application/json' --header 'content-type: application/json' --data '{"image": "sonoma-90gb-orka3"}'

  7. Delete your instances.

    ToolCommand
    Orka CLIorka3 vm delete <VM_NAME>
    Orka APIcurl --request DELETE --url <ORKA_API_URL/api/v1/namespaces/orka-default/vms/<VM_NAME> --header 'Authorization: Bearer <ACCESS_TOKEN>' --header 'accept: application/json'

Connecting to a VM in the Orka cluster

❗️

CAUTION

Never use the customer account root user when working with your Orka VPC.

When working from within the customer VPC, you need to connect to your Orka VMs via SSH from a VM in the customer VPC. You will not be able to use VNC and any GUI features of the Orka VM.

To connect to an Orka VM via VNC and be able to work with the GUI of the VM, you need to connect from your local machine. To achieve that, you need to configure port forwarding via the customer VPC.

Reporting issues

MacStadium handles all issues with your Orka cluster and respective AWS account and services.

If you experience any issues, submit a ticket through the MacStadium portal.

For more information about the available support tiers, see here.

For more information about how MacStadium support works, see here and here.

See also

Updated 4 months ago