-
Notifications
You must be signed in to change notification settings - Fork 1
Home
Venkata Mutyala edited this page Nov 7, 2023
·
27 revisions
- Create a new AWS account underneath your existing AWS Organization
- Request via AWS Support or your account representative from AWS that they "activate" your account. This can take hours if not, 10+ days to finish activating. This is entirely based on your AWS Account History so if you have an AWS representative, it helps to ask them to "Activate" your account. As they might be able to get it done faster.
Learn more:
- https://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html
- https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_create.html
- https://repost.aws/knowledge-center/create-and-activate-aws-account
- For the IAM user, within your sub account create an IAM user/key with full "Administrator Access".
- For the IAM role, you will need to make it assumable by the IAM User you just created and grant the role full "Administrator Access". Here is a video on how to create the role.
- Keep track of the IAM user accesskey/secret as well as the IAM Role ARN (Amazon Resource Name) as you will need these 3 values when setting your cluster.
Learn more:
- https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html
- https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html
- We recommend creating a
.env
file with these values for future use but export the following using the IAM user Access Key and Secret from earlier. The region should be whatever your preferred AWS region is. - You must use these environment variables anytime you execute your terraform or work with the kubernetes API (including kubectl commands).
export AWS_ACCESS_KEY_ID=XXXXXXXXXXXXXXXXXXXXXX
export AWS_SECRET_ACCESS_KEY=XXXXXXXXXXXXXXXXXXXXXX
export AWS_DEFAULT_REGION=us-west-2
Learn more:
- https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html
- https://registry.terraform.io/providers/hashicorp/aws/latest/docs#authentication-and-configuration
- You need to deploy the base cluster first (see the example usage of the module and keep the node pools commented out).
- Once you deploy the EKS cluster by itself you need to setup calico CNI:
- Authenticate to the cluster as shown in the
Create a kubeconfig
section of this page - Delete thh existing AWS Daemonset:
- Authenticate to the cluster as shown in the
kubectl delete daemonset -n kube-system aws-node
-
Create a calico.yaml (confirm the CIDR to use but in most cases this default will be fine): https://github.com/GlueOps/terraform-module-cloud-aws-kubernetes-cluster/wiki/calico.yaml
-
Install the CNI: https://github.com/GlueOps/terraform-module-cloud-aws-kubernetes-cluster/wiki/install-calico
-
Lastly, deploy a nodepool via terraform (remove the comments) and you will be all set.
- You need your environment variables (
.env
) to be set before you can run the command below.
aws eks update-kubeconfig --region us-west-2 --name captain-cluster --role-arn arn:aws:iam::XXXXXXXXXXXXXXXXXXXXXX:role/glueops-captain-role
Learn more about the command: