Skip to content

Part 1: Provision

This is Part 1 of a multi-part, self-paced quick start exercise that will focus on the use of the RCTL command line to provision an EKS cluster.

What Will You Do

In part 1, you will:

  • Create a new Project in your Org
  • Create a Cloud Credential
  • Provision an Amazon EKS cluster
  • Verify Cluster Health
  • Review available dashboards

Assumptions

  • You have access to an Amazon AWS account
  • You have sufficient privileges to create an IAM Role with the default Full IAM Policy to allow the controller to provision resources on your behalf as part of the EKS cluster creation process.
  • You have downloaded the RCTL CLI
  • You have downloaded and initialized the CLI configuration

Note

The instructions describe the process using the RCTL CLI. The same steps can be performed using the web console.

Step 1: Create Project

In this step, we will create a new project which will serve as a logically isolated "operating environment" (sub tenant).

Note

Creating a project requires "Org Admin" privileges.

  • Create a new project called "aws"

New Project

  • Switch context to this project by clicking on the project in the web console

Step 2: Create Cloud Credential

Cloud credentials provide the controller with privileges to programmatically interact with your Amazon AWS account so that it can manage the lifecycle of infrastructure associated with the Amazon EKS cluster.

  • Follow the step-by-step instructions to create an IAM Role based cloud credential.
  • Validate the newly created cloud credential to ensure it is configured correctly.

Validate Cloud Credential

Step 3: Configure & Provision Cluster

In this step, you will configure and customize your Amazon EKS Cluster specification using a YAML based cluster specification.

This will provision an EKS cluster with the following configuration:

  • A private (cloaked) EKS control plane in the us-west-1 region
  • New VPCs and Subnets will be auto created
  • A managed node group with two worker nodes based on t3.large instance type
  • gp3 storage volumes and Amazon Linux2 OS
  • IAM roles for ASG and ECR access enabled
  • Default cluster blueprint (Monitoring, Log Aggregation enabled)

Provisioning will take approximately 40 minutes to complete. The final step in the process is the blueprint sync for the default blueprint. This can take a few minutes to complete because this requires the download of several container images and deployment of monitoring and log aggregation components.

  • Save the below specification file to your computer as "eks-cluster-basic.yaml"
kind: Cluster
metadata:
  labels:
    env: dev
    type: eks-workloads
  name: test-eks
  project: aws
spec:
  type: eks
  cloudprovider: dev-aws
  blueprint: default
---
apiVersion: rafay.io/v1alpha5
kind: ClusterConfig

metadata:
  name: test-eks
  region: us-west-1
  tags:
    'demo': 'true'

managedNodeGroups:
  - name: ng-1
    instanceType: t3.large
    desiredCapacity: 2

Update the following sections of the specification file with details to match your environment

  • Update the project section with the name of the project in your organization 

        project: aws

  • Update the cloudprovider section with the name of the cloud credential that was previously created 

        cloudprovider: dev-aws

  • Execute the following command to provision the cluster from the specification file previously defined 

    ./rctl apply -f eks-cluster-basic.yaml
    Expected output (with a task id):

Cluster: test-eks
{
  "taskset_id": "d2wg4k8",
  "operations": [
    {
      "operation": "NodegroupCreation",
      "resource_name": "ng-1",
      "status": "PROVISION_TASK_STATUS_PENDING"
    },
    {
      "operation": "ClusterCreation",
      "resource_name": "test-eks",
      "status": "PROVISION_TASK_STATUS_PENDING"
    }
  ],
  "comments": "The status of the operations can be fetched using taskset_id",
  "status": "PROVISION_TASKSET_STATUS_PENDING"
}

To retrieve the status of the apply operation, enter the below command with the generated task id 

./rctl status apply d2wg4k8

Expected Output

{
  "taskset_id": "d2wg4k8",
  "operations": [
    {
      "operation": "NodegroupCreation",
      "resource_name": "ng-1",
      "status": "PROVISION_TASK_STATUS_PENDING"
    },
    {
      "operation": "ClusterCreation",
      "resource_name": "test-eks",
      "status": "PROVISION_TASK_STATUS_INPROGRESS"
    }
  ],
  "comments": "Configuration is being applied to the cluster",
  "status": "PROVISION_TASKSET_STATUS_INPROGRESS"
}
  • Login to the web console and view the cluster being provisioned

Create Cluster

Once the cluster finishes provisioning, download the cluster configuration file and compare it to the specification file used to create the cluster. The two files will match.

  • Go to Clusters -> Infrastructure.
  • Click on the Settings Icon for the newly created cluster and select "Download Cluster Config"

Step 4: Verify Cluster

Once provisioning is complete, you should have a ready to use Amazon EKS Cluster. We will verify the cluster by checking its health and status.

Step 4a: Cluster Status & Health

The Kubernetes management operator automatically deployed on the cluster by the controller will "maintain a heartbeat" with the controller and will "proactively monitor" the status of the components on the worker node required for communication with the EKS control plane and the controller.

  • Cluster reachability should be not more than 1 minute
  • Control plane should report as Healthy

EKS Cluster Health

Step 4b : Zero Trust Kubectl

Your EKS Cluster's API Server is private and secure (i.e. cloaked and not directly reachable on the Internet). The controller provides a zero trust kubectl channel for authorized users.

  • Click on the "Kubectl" on the cluster.
  • This will launch a web based kubectl shell for you to securely interact with the API server over a zero trust channel

ZTKA to EKS

Step 5: Dashboards

The default cluster blueprint automatically deploys Prometheus and other components required to monitor the EKS cluster. This data is aggregated from the cluster on the controller in a central, time series database. This data is then made available to administrators in the form of detailed dashboards.

Step 5a: Cluster Dashboard

Click on the cluster name to view the cluster dashboard. You will be presented with time series data for the following

  • Cluster Health
  • CPU Utilization
  • Memory Utilization
  • Storage Utilization
  • Number of Worker Nodes
  • Number of workloads and their status
  • Number of pods and their status

EKS Cluster Dashboard

Step 5b: Node Dashboard

Click on the "node" to view the node dashboard.

EKS Node Dashboard

Now, click on Overview. You will be presented with time series data for the following metrics:

  • Node Health
  • CPU Utilization
  • Memory Utilization
  • Storage Utilization

EKS Node Overview

Step 5c: Kubernetes Resources

The dashboard also comes with an integrated Kubernetes dashboard. Click on "Resources" and you will be presented with all the Kubernetes resources organized using a number of filters.

EKS k8s Resources

Recap

Congratulations! At this point, you have

  • Successfully configured and provisioned an Amazon EKS cluster in your AWS account using the RCTL CLI
  • Used zero trust kubectl to securely access the EKS cluster's API server
  • Used the integrated cluster, node and k8s dashboards to monitor and view details about the cluster