Prerequisites for migrating Linux VMs using AWS processing clusters

This topic describes the prerequisites for using Migrate for Anthos to migrate Linux VMs using Anthos clusters on AWS.

Confirm your workloads are compatible

Compatible OSes

Check that your workloads run an operating system supported by Migrate for Anthos.

Supported VM source platforms

Migrate for Anthos on AWS supports migrating VMs from the following source platforms:

  • AWS

Migrating to Anthos clusters on AWS prerequisites

The following table lists the prerequisites for a migration using Anthos clusters on AWS:

Prerequisite Details
Anthos clusters on AWS Anthos clusters on AWS are properly configured and available for hosting the migrated workloads in new containers, including sufficient memory and CPUs available for running the modernized workloads.
VMs workloads and Anthos clusters on AWS are located in the same region Source VM workloads are in the same region and account as the destination Anthos clusters on AWS. If necessary, copy the source VM to the account and region of the Anthos clusters on AWS.
Workstation with access to Kubernetes cluster and migctl installed

Workstation that can access the Anthos clusters on AWS, optionally using a configured ssh tunnel to the environment's bastion VM See Connecting to the management service for more.

The workstation should have migctl installed. See Installing Migrate for Anthos for more.

Access to data repositories

Migrate for Anthos write information to two different data repositories as part of a migration:

  • Docker image files representing a migrated VM are written to a Docker registry.
  • Migration artifacts that represent the migrated workload are written to a data repository.

Anthos clusters on AWS require read/write access to both repositories to perform a migration. See Defining data repositories for more.

Handling encrypted EBS volumes

A VM running on AWS might reference an encrypted EBS volume. EBS encryption uses the AWS Key Management Service (KMS) to create encrypted volumes and snapshots.

You must consider the following scenarios when a source VM references an encrypted EBS volume:

  • Ensure that your Anthos clusters on AWS have access to the encrypted volume.

    You must grant the control plane of the processing cluster AWS IAM role access to your KMS key. See Using encrypted EBS volumes for more.

  • If you want to export data to encrypted volumes (such as when using the ImageAndData or Data intent), ensure you edit the migration plan accordingly.

    The migration plan contains a pvc definition for the volumes used by the migrated workload. To use an encrypted volume, edit the migration plan to configure the volume, as described below.

The migration plan is represented by GenerateArtifactsFlow. The plan includes a default pvc definition that uses the default StorageClass:

   pvc:
     spec:
       accessModes:
       - ReadWriteOnce
       resources:
         requests:
           storage: 10G

To export data to encrypted volumes, you can edit the default pvc definition, including specifying a custom StorageClass.

For example, you define the following Storage Class for use with an encrypted volume in a file named my-encrypted-class.yaml:

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: my-encrypted-class
  labels:
    component: aws-ebs-csi-driver
provisioner: ebs.csi.aws.com
reclaimPolicy: Delete
volumeBindingMode: WaitForFirstConsumer
allowVolumeExpansion: true
parameters:
  encrypted: "true"
  kmsKeyID: KMS_ENCRYPTION_KEY

Where KMS_ENCRYPTION_KEY specifies the KMS key. See AWS EBS for more.

Apply the yaml:

env HTTP_PROXY=http://localhost:8118 \
  kubectl apply -f my-encrypted-class.yaml

Then you can reference it in the migration plan by name:

   pvc:
     spec:
       accessModes:
       - ReadWriteOnce
       resources:
         requests:
           storage: 10G
       storageclassName: my-encrypted-class

Alternatively, you can change the default StorageClass to use your new StorageClass. See Setting the default StorageClass for more.

Installing Connect for migrations to Anthos clusters on AWS

Connect allows you to connect any of your Anthos clusters on AWS to Google Cloud. This enables access to cluster and to workload management features, including a unified user interface, Cloud Console, to interact with your cluster.

Get to know the migration best practices

Make your migration experience more efficient by reading the best practices for planning a migration.

Next Steps