Part 1: Setup
What Will You Do¶
This is Part 1 of a multi-part, self-paced quick start exercise. In this part, you will perform a few "one-time" tasks required for cluster provisioning.
Step 1: Create Cloud Credentials¶
In this step, you will create a cloud credential which will be used for provisioning and managing the cluster resources in AWS. Cloud credentials provide privileges to programmatically interact with your Amazon AWS account so that the lifecycle of infrastructure associated with the Amazon EKS cluster can be managed.
- Follow the step-by-step instructions to create an IAM Role based cloud credential.
- Provide the name "aws-cloud-credential" for the cloud credential. Note, if a different name is used, the specification files will need to be updated to match the new name.
Step 2: Download RCTL¶
The RCTL CLI allows you to programmatically interact with the controller enabling users to construct sophisticated automation workflows.
- Login into your Org
- Navigate to "My Tools" to download both the RCTL CLI and the "CLI Config" file
- Initialize RCTL using the step-by-step instructions
- Ensure you update your OS's Path environment variable for RCTL
Step 3: Clone Git Repo¶
Declarative specs for the Amazon EKS cluster and other resources are available in a Git repository
- Clone the Git repository to your laptop using the command below.
git clone https://github.com/RafaySystems/getstarted.git
- Once complete, you should see a folder called "karpenter" which contains the specs needed for this guide.
Step 4: Create IAM Role¶
In this step, you will create an IAM role and instance profile in AWS that will be used by Karpenter to manage nodes that it will create. This is not the same role that was used for the Cloud Credential in Step 1.
- Save the below role policy configuration to a file named "node-role-trust-relationship.json"
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
- Run the following AWS CLI command to create a new IAM role with the name "KarpenterNodeRole-Rafay"
aws iam create-role --role-name KarpenterNodeRole-Rafay --assume-role-policy-document file://"node-role-trust-relationship.json"
- Run the following commands to attach additional policies to the role
aws iam attach-role-policy --policy-arn arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy --role-name KarpenterNodeRole-Rafay
aws iam attach-role-policy --policy-arn arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy --role-name KarpenterNodeRole-Rafay
aws iam attach-role-policy --policy-arn arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly --role-name KarpenterNodeRole-Rafay
aws iam attach-role-policy --policy-arn arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore --role-name KarpenterNodeRole-Rafay
- Run the following commands to create an instance profile for the role
aws iam create-instance-profile --instance-profile-name KarpenterNodeRole-Rafay
aws iam add-role-to-instance-profile --instance-profile-name KarpenterNodeRole-Rafay --role-name KarpenterNodeRole-Rafay
Recap¶
At this point, you have everything setup and configured to provision a Amazon EKS Cluster.