...
The following tools are required to complete the integration setup:
EKS Nodegroup IAM
By default, the EKS node group should have the following AWS-managed IAM roles attached:
AmazonEC2ContainerRegistryReadOnly→ This allows read-only access to Amazon EC2 Container Registry repositoriesAmazonEKS_CNI_Policy→ This provides the Amazon VPC CNI Add-on permissions it requires to modify the IP address configuration on your EKS worker nodesAmazonEKSWorkerNodePolicy→ This allows Amazon EKS worker nodes to connect to Amazon EKS ClustersAmazonSSMManagedInstanceCore→ This is to enable AWS Systems Manager service core functionality
AWS IAM Authenticator
Apply the following changes to the EKS cluster’s aws-auth ConfigMap to ensure the dynamic X-Compute EKS nodes can join the cluster:
Edit the
aws-authConfigMap in thekube-systemnamespace:Code Block language bash kubectl edit configmap aws-auth -n kube-system
Insert the following groups into the
mapRolessection and replace the role ARN values with the outputs generated at this prerequisite step.Code Block language yaml - groups: - system:masters rolearn: <Insert the Role ARN of your Worker IAM Role> username: admin - groups: - system:masters rolearn: <Insert the Role ARN of your Controller IAM Role> username: admin
Amazon VPC CNI
Infrastructure Optimizer supports the Amazon VPC CNI pluginv1.18.2-eksbuild.1 or newer.
...
| Info |
|---|
This script will restart the Amazon VPC CNI DaemonSet |
Amazon VPC CNI Plugin With IRSA
| Info |
|---|
OPTIONAL - This section is required only if your cluster customized the IAM roles used by the Amazon VPC CNI plugin’s service account (IRSA). For more information about the EKS IRSA, see documentation here. |
...