Skip to content

Part 1: Setup

What Will You Do

This is Part 1 of a multi-part, self-paced quick start exercise. In this part, you will perform a few "one-time" tasks required for cluster provisioning.


Step 1: Create Cloud Credentials

In this step, you will create a cloud credential which will be used for provisioning and managing the cluster resources in AWS. Cloud credentials provide privileges to programmatically interact with your Amazon AWS account so that the lifecycle of infrastructure associated with the Amazon EKS cluster can be managed.

  • Follow the step-by-step instructions to create an IAM Role based cloud credential.
  • Provide the name "aws-cloud-credential" for the cloud credential. Note, if a different name is used, the specification files will need to be updated to match the new name.

Step 2: Download RCTL

The RCTL CLI allows you to programmatically interact with the controller enabling users to construct sophisticated automation workflows.

  • Login into your Org
  • Navigate to "My Tools" to download both the RCTL CLI and the "CLI Config" file
  • Initialize RCTL using the step-by-step instructions
  • Ensure you update your OS's Path environment variable for RCTL

Step 3: Clone Git Repo

Declarative specs for the Amazon EKS cluster and other resources are available in a Git repository

  • Clone the Git repository to your laptop using the command below.
git clone https://github.com/RafaySystems/getstarted.git
  • Once complete, you should see a folder called "karpenter" which contains the specs needed for this guide.

Step 4: Create IAM Role

In this step, you will create an IAM role and instance profile in AWS that will be used by Karpenter to manage nodes that it will create. This is not the same role that was used for the Cloud Credential in Step 1.

  • Save the below role policy configuration to a file named "node-role-trust-relationship.json"
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "ec2.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
  • Run the following AWS CLI command to create a new IAM role with the name "KarpenterNodeRole-Rafay"
aws iam create-role --role-name KarpenterNodeRole-Rafay --assume-role-policy-document file://"node-role-trust-relationship.json"
  • Run the following commands to attach additional policies to the role
aws iam attach-role-policy --policy-arn arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy --role-name KarpenterNodeRole-Rafay 
aws iam attach-role-policy --policy-arn arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy --role-name KarpenterNodeRole-Rafay 
aws iam attach-role-policy --policy-arn arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly --role-name KarpenterNodeRole-Rafay 
aws iam attach-role-policy --policy-arn arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore --role-name KarpenterNodeRole-Rafay 
  • Run the following commands to create an instance profile for the role
aws iam create-instance-profile --instance-profile-name KarpenterNodeRole-Rafay 
aws iam add-role-to-instance-profile --instance-profile-name KarpenterNodeRole-Rafay --role-name KarpenterNodeRole-Rafay 

Recap

At this point, you have everything setup and configured to provision a Amazon EKS Cluster.