Part 1: Provision
This is Part 1 of a multi-part, self-paced quick start exercise that will focus on the use of the RCTL command line to provision an EKS cluster.
What Will You Do¶
In part 1, you will:
- Create a new Project in your Org
- Create a Cloud Credential
- Provision an Amazon EKS cluster
- Verify Cluster Health
- Review available dashboards
Assumptions¶
- You have access to an Amazon AWS account
- You have sufficient privileges to create an IAM Role with the default Full IAM Policy to allow the controller to provision resources on your behalf as part of the EKS cluster creation process.
- You have downloaded the RCTL CLI
- You have downloaded and initialized the CLI configuration
Note
The instructions describe the process using the RCTL CLI. The same steps can be performed using the web console.
Step 1: Create Project¶
In this step, we will create a new project which will serve as a logically isolated "operating environment" (sub tenant).
Note
Creating a project requires "Org Admin" privileges.
- Create a new project called "aws"
- Switch context to this project by clicking on the project in the web console
Step 2: Create Cloud Credential¶
Cloud credentials provide the controller with privileges to programmatically interact with your Amazon AWS account so that it can manage the lifecycle of infrastructure associated with the Amazon EKS cluster.
- Follow the step-by-step instructions to create an IAM Role based cloud credential.
- Validate the newly created cloud credential to ensure it is configured correctly.
Step 3: Configure & Provision Cluster¶
In this step, you will configure and customize your Amazon EKS Cluster specification using a YAML based cluster specification.
This will provision an EKS cluster with the following configuration:
- A private (cloaked) EKS control plane in the us-west-1 region
- New VPCs and Subnets will be auto created
- A managed node group with two worker nodes based on t3.large instance type
- gp3 storage volumes and Amazon Linux2 OS
- IAM roles for ASG and ECR access enabled
- Default cluster blueprint (Monitoring, Log Aggregation enabled)
Provisioning will take approximately 40 minutes to complete. The final step in the process is the blueprint sync for the default blueprint. This can take a few minutes to complete because this requires the download of several container images and deployment of monitoring and log aggregation components.
- Save the below specification file to your computer as "eks-cluster-basic.yaml"
kind: Cluster
metadata:
labels:
env: dev
type: eks-workloads
name: test-eks
project: aws
spec:
type: eks
cloudprovider: dev-aws
blueprint: default
---
apiVersion: rafay.io/v1alpha5
kind: ClusterConfig
metadata:
name: test-eks
region: us-west-1
tags:
'demo': 'true'
managedNodeGroups:
- name: ng-1
instanceType: t3.large
desiredCapacity: 2
Update the following sections of the specification file with details to match your environment
-
Update the project section with the name of the project in your organization
project: aws
-
Update the cloudprovider section with the name of the cloud credential that was previously created
cloudprovider: dev-aws
-
Execute the following command to provision the cluster from the specification file previously defined
Expected output (with a task id):./rctl apply -f eks-cluster-basic.yaml
Cluster: test-eks
{
"taskset_id": "d2wg4k8",
"operations": [
{
"operation": "NodegroupCreation",
"resource_name": "ng-1",
"status": "PROVISION_TASK_STATUS_PENDING"
},
{
"operation": "ClusterCreation",
"resource_name": "test-eks",
"status": "PROVISION_TASK_STATUS_PENDING"
}
],
"comments": "The status of the operations can be fetched using taskset_id",
"status": "PROVISION_TASKSET_STATUS_PENDING"
}
To retrieve the status of the apply operation, enter the below command with the generated task id
./rctl status apply d2wg4k8
Expected Output
{
"taskset_id": "d2wg4k8",
"operations": [
{
"operation": "NodegroupCreation",
"resource_name": "ng-1",
"status": "PROVISION_TASK_STATUS_PENDING"
},
{
"operation": "ClusterCreation",
"resource_name": "test-eks",
"status": "PROVISION_TASK_STATUS_INPROGRESS"
}
],
"comments": "Configuration is being applied to the cluster",
"status": "PROVISION_TASKSET_STATUS_INPROGRESS"
}
- Login to the web console and view the cluster being provisioned
Once the cluster finishes provisioning, download the cluster configuration file and compare it to the specification file used to create the cluster. The two files will match.
- Go to Clusters -> Infrastructure.
- Click on the Settings Icon for the newly created cluster and select "Download Cluster Config"
Step 4: Verify Cluster¶
Once provisioning is complete, you should have a ready to use Amazon EKS Cluster. We will verify the cluster by checking its health and status.
Step 4a: Cluster Status & Health¶
The Kubernetes management operator automatically deployed on the cluster by the controller will "maintain a heartbeat" with the controller and will "proactively monitor" the status of the components on the worker node required for communication with the EKS control plane and the controller.
- Cluster reachability should be not more than 1 minute
- Control plane should report as Healthy
Step 4b : Zero Trust Kubectl¶
Your EKS Cluster's API Server is private and secure (i.e. cloaked and not directly reachable on the Internet). The controller provides a zero trust kubectl channel for authorized users.
- Click on the "Kubectl" on the cluster.
- This will launch a web based kubectl shell for you to securely interact with the API server over a zero trust channel
Step 5: Dashboards¶
The default cluster blueprint automatically deploys Prometheus and other components required to monitor the EKS cluster. This data is aggregated from the cluster on the controller in a central, time series database. This data is then made available to administrators in the form of detailed dashboards.
Step 5a: Cluster Dashboard¶
Click on the cluster name to view the cluster dashboard. You will be presented with time series data for the following
- Cluster Health
- CPU Utilization
- Memory Utilization
- Storage Utilization
- Number of Worker Nodes
- Number of workloads and their status
- Number of pods and their status
Step 5b: Node Dashboard¶
Click on the "node" to view the node dashboard.
Now, click on Overview. You will be presented with time series data for the following metrics:
- Node Health
- CPU Utilization
- Memory Utilization
- Storage Utilization
Step 5c: Kubernetes Resources¶
The dashboard also comes with an integrated Kubernetes dashboard. Click on "Resources" and you will be presented with all the Kubernetes resources organized using a number of filters.
Recap¶
Congratulations! At this point, you have
- Successfully configured and provisioned an Amazon EKS cluster in your AWS account using the RCTL CLI
- Used zero trust kubectl to securely access the EKS cluster's API server
- Used the integrated cluster, node and k8s dashboards to monitor and view details about the cluster