knative
/
func
mirror of https://github.com/knative/func.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
func/docs/provisioning/provision_eks.md

2.3 KiB
Raw Blame History

Provisioning an Amazon EKS (Elastic Kubernetes Service) Cluster

Amazon EKS is a fully managed Kubernetes service suitable for production deoployments. The below instructions were compiled using the following dependency versions:

  • eksctl v1.15
  • kubernetes v1.15

Offical EKS Documentation

AWS CLI tools

Install Python 3 via system package manager, and the AWS cli tools via pip:

pip install awscli --upgrade --user

AWS Account

Install the AWS IAM Authenticator https://github.com/kubernetes-sigs/aws-iam-authenticator

Create AWS account(s) via the AWS console:

https://console.aws.amazon.com/

Users of the cluster require no permissions at this point, but the user creating the cluster does. Once configured, set the local environment variables:

AWS_REGION=us-east-2
AWS_SECRET_ACCESS_KEY=[redacted]
AWS_ACCESS_KEY_ID=[redacted]

Or use aws credentials. To configure the CLI to use credintials, for instance:

To ~/.aws/config append:

[profile alice]
region = us-west-2
output = json

To ~/.aws/credentials append:

[alice]
aws_access_key_id = [redacted]
aws_secret_access_key = [redacted]

The profile to use can then be configured using the environment varaible:

AWS_PROFILE=alice

(note that direnv can be handy here.)

SSH key

Generate cluster SSH key, saving into ./keys/ssh

ssh-keygen -t rsa -b 4096

Cluster Resources

Install eksctl https://github.com/weaveworks/eksctl

Provision the cluster using eksctl. For example, the configuration file ./eks/cluster-config.yaml will create a single-node cluster named "prod" in the "us-west-2" region if used:

eksctl create cluster -f eks/config-cluster.yaml

Users

Install users by modifying the template to include the ARN and username of the IAM users to give access to the cluster:

kubectl patch -n kube-system configmap/aws-auth --patch "$(cat eks/users.yaml)"

Verify Cluster Provisioned

You should be able to retrieve nodes from the cluster, which should include coredns, kube-proxy, etc.

kubectl get po --all-namespaces

Administration

See the eksctl documentation for how to adminster a cluster, such as cluster upgrades using this helper CLI.