Document toolboxDocument toolbox

IO+EKS Prerequisites Summary

Owned by Yajing Wang
Last updated: May 18, 2024
7 min read

Eo_circle_deep-purple_number-1.svg.png EKS Cluster Requirements

Eo_circle_deep-purple_number-2.svg.png3.png IO+EKS Controller Requirements

Screenshot 2024-03-13 at 18.51.19.png

EKS Cluster Requirements

Number

Component

Item

Detail

Requirements

Number

Component

Item

Detail

Requirements

Eo_circle_deep-purple_number-1.svg.png

 

 

Cluster

Software

Kubernetes version

1.29+ (Recommended)

IAM

EKS cluster role

Required Policy:

[AWS managed]

  • AmazonEKSClusterPolicy -> This is to allow Kubernetes control plane to manage AWS resources on your behalf

Permission

Cluster administrator access

Allow:

  • EKS API and ConfigMap -> This is to allow how cluster administor is authorized

Cluster Endpoint Access

Kubernetes API server endpoint access

Allow:

  • Public and private

Network

VPC

Virtual networking resources

IPv4 CIDR block:

  • Please specify a range other than 192.168.137.0/24 (Recommended)

Number of public subnets:

  • Please select two or more

Number of private subnets:

  • Please select two or more

NAT gateways:

  • Please create at least one

NAT Gateway

Network address translation service to connect private subnets to other internet

  • Connectivity type: Public

Security Group

Virtual firewall to control inbound and outbound traffic

Created by CloudFormation Template.

Compute

Node Groups IAM

Allows EC2 instances to call AWS services on your behalf

Required Policies:

[AWS managed]

  • AmazonEC2ContainerRegistryReadOnly → This allows read-only access to Amazon EC2 Container Registry repositories

  • AmazonEKS_CNI_Policy → This provides the Amazon VPC CNI Add-on permissions it requires to modify the IP address configuration on your EKS worker nodes

  • AmazonEKSWorkerNodePolicy → This allows Amazon EKS worker nodes to connect to Amazon EKS Clusters

  • AmazonSSMManagedInstanceCore → This is to enable AWS Systems Manager service core functionality

Add-ons

Kube-proxy

Enables service networking

v.1.29.1-eksbuild.2+ (Latest Recommended)

Amazon VPC CNI

Enables pod networking

v1.16.3-eksbuild.2+ (Latest Recommended)

Amazon EBS CSI Driver

Enables EBS within cluster

-

Exostellar Karpenter

Integrates with X-IO

v0.0.6+

helm registry logout public.ecr.aws
export HEADNODE="http://192.168.78.xxx:5000" export CLUSTER_NAME="integration-new" export ENV_NAME="k8s"
helm upgrade --install karpenter oci://public.ecr.aws/x5d4i9x1/exostellar-karpenter/karpenter \ --version v0.0.6 \ --namespace karpenter \ --create-namespace \ --set "settings.clusterName=${CLUSTER_NAME}" \ --set controller.resources.requests.cpu=1 \ --set controller.resources.requests.memory=1Gi \ --set controller.resources.limits.cpu=1 \ --set controller.resources.limits.memory=1Gi \ --set headnode=$HEADNODE \ --set environmentName=$ENV_NAME \ --wait

Kubernetes

ConfigMap

 

IO+EKS Requirements

Number

Component

Item

Detail

Requirements

Number

Component

Item

Detail

Requirements

Eo_circle_deep-purple_number-2.svg.png

 

Controller

Instance Type

Instance type for the controller

m5d.xlarger (Recommended)

VPC

Virtual networking resources

Select the virtual networking resources created above

Security Group

Virtual firewall to control inbound and outbound traffic

Select the security group created above by the EKS cluster

IAM

Instance profile

Required Policies:

[Customer inline]

3.png

 

Worker

IAM

Instance profile

Required Policies:

[AWS managed]

  • AmazonEC2ContainerRegistryReadOnly → This allows read-only access to Amazon EC2 Container Registry repositories

  • AmazonEKS_CNI_Policy → This provides the Amazon VPC CNI Add-on permissions it requires to modify the IP address configuration on your EKS worker nodes

  • AmazonEKSWorkerNodePolicy → This allows Amazon EKS worker nodes to connect to Amazon EKS Clusters

  • AmazonSSMManagedInstanceCore → This is to enable AWS Systems Manager service core functionality

[Customer inline]