This topic describes the prerequisites for using Migrate for Anthos to migrate Linux VMs using Anthos clusters on AWS.
Confirm your workloads are compatible
Compatible OSes
Check that your workloads run an operating system supported by Migrate for Anthos.
Supported VM source platforms
Migrate for Anthos on AWS supports migrating VMs from the following source platforms:
- AWS
Migrating to Anthos clusters on AWS prerequisites
The following table lists the prerequisites for a migration using Anthos clusters on AWS:
| Prerequisite | Details |
|---|---|
| Anthos clusters on AWS | Anthos clusters on AWS are properly configured and available for hosting the migrated workloads in new containers, including sufficient memory and CPUs available for running the modernized workloads. |
| VMs workloads and Anthos clusters on AWS are located in the same region | Source VM workloads are in the same region and account as the destination Anthos clusters on AWS. If necessary, copy the source VM to the account and region of the Anthos clusters on AWS. |
Workstation with access to Kubernetes cluster and migctl installed |
Workstation that can access the Anthos clusters on AWS, optionally using a configured ssh tunnel to the environment's bastion VM See Connecting to the management service for more. The workstation should have |
| Access to data repositories | Migrate for Anthos write information to two different data repositories as part of a migration:
Anthos clusters on AWS require read/write access to both repositories to perform a migration. See Defining data repositories for more. |
Handling encrypted EBS volumes
A VM running on AWS might reference an encrypted EBS volume. EBS encryption uses the AWS Key Management Service (KMS) to create encrypted volumes and snapshots.
You must consider the following scenarios when a source VM references an encrypted EBS volume:
Ensure that your Anthos clusters on AWS have access to the encrypted volume.
You must grant the control plane of the processing cluster AWS IAM role access to your KMS key. See Using encrypted EBS volumes for more.
If you want to export data to encrypted volumes (such as when using the
ImageAndDataorDataintent), ensure you edit the migration plan accordingly.The migration plan contains a
pvcdefinition for the volumes used by the migrated workload. To use an encrypted volume, edit the migration plan to configure the volume, as described below.
The migration plan is represented by GenerateArtifactsFlow.
The plan includes a default pvc definition that uses the default StorageClass:
pvc:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10G
To export data to encrypted volumes, you can edit the default
pvc definition, including specifying a custom StorageClass.
For example, you define the following Storage Class for use with an encrypted volume
in a file named my-encrypted-class.yaml:
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: my-encrypted-class
labels:
component: aws-ebs-csi-driver
provisioner: ebs.csi.aws.com
reclaimPolicy: Delete
volumeBindingMode: WaitForFirstConsumer
allowVolumeExpansion: true
parameters:
encrypted: "true"
kmsKeyID: KMS_ENCRYPTION_KEY
Where KMS_ENCRYPTION_KEY specifies the KMS key. See AWS EBS for more.
Apply the yaml:
env HTTP_PROXY=http://localhost:8118 \ kubectl apply -f my-encrypted-class.yaml
Then you can reference it in the migration plan by name:
pvc:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10G
storageclassName: my-encrypted-class
Alternatively, you can change the default StorageClass to use your new StorageClass. See Setting the default StorageClass for more.
Installing Connect for migrations to Anthos clusters on AWS
Connect allows you to connect any of your Anthos clusters on AWS to Google Cloud. This enables access to cluster and to workload management features, including a unified user interface, Cloud Console, to interact with your cluster.
Get to know the migration best practices
Make your migration experience more efficient by reading the best practices for planning a migration.