Prerequisites for migrating Linux VMs using AWS processing clusters
This topic describes the prerequisites for using Migrate to Containers to migrate Linux VMs using Anthos clusters on AWS.
Confirm your workloads are compatible
Check that your workloads run an operating system supported by Migrate to Containers.
Supported VM source platforms
Migrate to Containers on AWS supports migrating VMs from the following source platforms:
Migrating to Anthos clusters on AWS prerequisites
The following table lists the prerequisites for a migration using Anthos clusters on AWS:
|Anthos clusters on AWS||Anthos clusters on AWS are properly configured and available for hosting the migrated workloads in new containers, including sufficient memory and CPUs available for running the modernized workloads.|
|VMs workloads and Anthos clusters on AWS are located in the same region||Source VM workloads are in the same region and account as the destination Anthos clusters on AWS. If necessary, copy the source VM to the account and region of the Anthos clusters on AWS.|
|Workstation with access to Kubernetes cluster and
The workstation should have
|Access to data repositories||
Migrate to Containers write information to two different data repositories as part of a migration:
Anthos clusters on AWS require read/write access to both repositories to perform a migration. See Defining data repositories for more.
Handling encrypted EBS volumes
A VM running on AWS might reference an encrypted EBS volume. EBS encryption uses the AWS Key Management Service (KMS) to create encrypted volumes and snapshots.
You must consider the following scenarios when a source VM references an encrypted EBS volume:
Ensure that your Anthos clusters on AWS have access to the encrypted volume.
You must grant the control plane of the processing cluster AWS IAM role access to your KMS key. See Using encrypted EBS volumes for more.
If you want to export data to encrypted volumes (such as when using the
Dataintent), ensure you edit the migration plan accordingly.
The migration plan contains a
pvcdefinition for the volumes used by the migrated workload. To use an encrypted volume, edit the migration plan to configure the volume, as described below.
The migration plan is represented by GenerateArtifactsFlow.
The plan includes a default
pvc definition that uses the default StorageClass:
pvc: spec: accessModes: - ReadWriteOnce resources: requests: storage: 10G
To export data to encrypted volumes, you can edit the default
pvc definition, including specifying a custom StorageClass.
For example, you define the following Storage Class for use with an encrypted volume
in a file named
apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: my-encrypted-class labels: component: aws-ebs-csi-driver provisioner: ebs.csi.aws.com reclaimPolicy: Delete volumeBindingMode: WaitForFirstConsumer allowVolumeExpansion: true parameters: encrypted: "true" kmsKeyID: KMS_ENCRYPTION_KEY
Where KMS_ENCRYPTION_KEY specifies the KMS key. See AWS EBS for more.
Apply the yaml:
env HTTPS_PROXY=http://localhost:8118 \ kubectl apply -f my-encrypted-class.yaml
Then you can reference it in the migration plan by name:
pvc: spec: accessModes: - ReadWriteOnce resources: requests: storage: 10G storageclassName: my-encrypted-class
Alternatively, you can change the default StorageClass to use your new StorageClass. See Setting the default StorageClass for more.
Installing Connect for migrations to Anthos clusters on AWS
Connect allows you to connect any of your Anthos clusters on AWS to Google Cloud. This enables access to cluster and to workload management features, including a unified user interface, console, to interact with your cluster.
Get to know the migration best practices
Make your migration experience more efficient by reading the best practices for planning a migration.