Versions Compared

Old Version 24

changes.mady.by.user Yajing Wang

Saved on

compared with

New Version Current

changes.mady.by.user Yajing Wang

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Number

Component

Item

Detail

Requirements

Eo_circle_deep-purple_number-1.svg.pngImage Modified

Cluster

Software

Kubernetes version

1.29+ (Recommended)

IAM

EKS cluster role

Required Policy:

[AWS managed]

  • AmazonEKSClusterPolicy -> This is to allow Kubernetes control plane to manage AWS resources on your behalf

Permission

Cluster administrator access

Allow:

  • EKS API and ConfigMap -> This is to allow how cluster administor is authorized

Network

VPC

Virtual networking resources

IPv4 CIDR block:

  • Please specify a range other than 192.168.137.0/24 (Recommended)

Number of public subnets:

  • Please select two or more

Number of private subnets:

  • Please select two or more

NAT gateways:

  • Please create at least one

NAT Gateway

Network address translation service to connect private subnets to other internet

  • Connectivity type: Public

Security Group

Virtual firewall to control inbound and outbound traffic

Created by CloudFormation Template.

Cluster Endpoint Access

Kubernetes API server endpoint access

Allow:

  • Public and private

Compute

Node Groups IAM

Allows EC2 instances to call AWS services on your behalf

Required Policies:

[AWS managed]

  • AmazonEC2ContainerRegistryReadOnly → This allows read-only access to Amazon EC2 Container Registry repositories

  • AmazonEKS_CNI_Policy → This provides the Amazon VPC CNI Add-on permissions it requires to modify the IP address configuration on your EKS worker nodes

  • AmazonEKSWorkerNodePolicy → This allows Amazon EKS worker nodes to connect to Amazon EKS Clusters

  • AmazonSSMManagedInstanceCore → This is to enable AWS Systems Manager service core functionality

Add-ons

Kube-proxy

Enables service networking

v.1.29.1-eksbuild.2+ (Latest Recommended)

Amazon VPC CNI

Enables pod networking

v1.16.3-eksbuild.2+ (Latest Recommended)

Amazon EBS CSI Driver

Enables EBS within cluster

-

Exostellar Karpenter

Integrates with X-IO

v0.0.6+

Expand
titleLogout ECR If Logged in
Code Block
helm registry logout public.ecr.aws
Expand
titleSet Environment Variables
Code Block
export HEADNODE="http://192.168.78.xxx:5000"
export CLUSTER_NAME="integration-new"
export ENV_NAME="k8s"
Expand
titleInstall Exostellar Helm Chart
Code Block
helm upgrade --install karpenter oci://public.ecr.aws/x5d4i9x1/exostellar-karpenter/karpenter \
   --version v0.0.6 \
   --namespace karpenter \
   --create-namespace \
   --set "settings.clusterName=${CLUSTER_NAME}" \
   --set controller.resources.requests.cpu=1 \
   --set controller.resources.requests.memory=1Gi \
   --set controller.resources.limits.cpu=1 \
   --set controller.resources.limits.memory=1Gi \
   --set headnode=$HEADNODE \
   --set environmentName=$ENV_NAME \
   --wait

Kubernetes

ConfigMap

Expand
titleConfigMap.yaml
Code Block
apiVersion: v1
kind: ConfigMap
data:
  mapRoles: |
    - groups:
      - system:bootstrappers
      - system:nodes
      rolearn: <Ignore this ARN>
      username: system:node:{{EC2PrivateDNSName}}
    - groups:
      - system:masters
      rolearn: <Insert the Role ARN of your Worker IAM Role>
      username: admin
    - groups:
      - system:masters
      rolearn: <Insert the Role ARN of your Controller IAM Role>
      username: admin
  mapUsers: |
    []

...