Set up Amazon Web Services
A few steps are required to prepare your Amazon Web Services project before you can manage Amazon Elastic Kubernetes Service (EKS) clusters with Astra Control Service.
Quick start for setting up Amazon Web Services
Get started quickly by following these steps or scroll down to the remaining sections for full details.
Review Astra Control Service requirements for Amazon Web Services
Ensure that clusters are healthy and running a supported version of Kubernetes, that worker nodes are online and running Linux or Windows, and more. Learn more about this step.
Create an Amazon account
If you don't already have an Amazon account, you need to create one so that you can use EKS. Learn more about this step.
Install the Amazon Web Services CLI
Install the AWS CLI so that you can manage AWS from the command line. Follow step-by-step instructions.
Optional: Create an IAM user
Create an Amazon Identity and Access Management (IAM) user. You can also skip this step and use an existing IAM user with Astra Control Service.
Create and attach a permissions policy
Create a policy with the required permissions for Astra Control Service to interact with your AWS account.
Save the credentials for the IAM user
Save the credentials for the IAM user so that you can import the credentials in to Astra Control Service.
EKS cluster requirements
A Kubernetes cluster must meet the following requirements so you can discover and manage it from Astra Control Service.
- Kubernetes version
-
A cluster must be running a Kubernetes version in the range of 1.25 to 1.28.
- Image type
-
The image type for each worker node must be Linux.
- Cluster state
-
Clusters must be running in a healthy state and have at least one online worker node with no worker nodes in a failed state.
- Astra Control Provisioner
-
Astra Control Provisioner and an external snapshot controller are required for operations with storage backends. To enable these operations, do the following:
Details
- CSI drivers for Amazon Elastic Block Store (EBS)
-
If you use the Amazon EBS storage backend, you need to install the Container Storage Interface (CSI) driver for EBS (it is not installed automatically).
Refer to the steps for instructions for installing the CSI driver.
Details
Install an external snapshotterIf you haven't already done so, install the snapshot CRDs and the snapshot controller.
Install the CSI driver as an Amazon EKS add-on-
Create the Amazon EBS CSI driver IAM role for service accounts. Follow the instructions in the Amazon documentation, using the AWS CLI commands in the instructions.
-
Add the Amazon EBS CSI add-on using the following AWS CLI command, replacing information in brackets <> with values specific to your environment. Replace <DRIVER_ROLE> with the name of the EBS CSI driver role that you created in the previous step:
aws eks create-addon \ --cluster-name <CLUSTER_NAME> \ --addon-name aws-ebs-csi-driver \ --service-account-role-arn arn:aws:iam::<ACCOUNT_ID>:role/<DRIVER_ROLE>
Configure the EBS storage class-
Clone the Amazon EBS CSI driver GitHub repository to your system.
git clone https://github.com/kubernetes-sigs/aws-ebs-csi-driver.git
-
Navigate to the dynamic-provisioning example directory.
cd aws-ebs-csi-driver/examples/kubernetes/dynamic-provisioning/
-
Deploy the ebs-sc storage class and ebs-claim persistent volume claim from the manifests directory.
kubectl apply -f manifests/storageclass.yaml kubectl apply -f manifests/claim.yaml
-
Describe the ebs-sc storage class.
kubectl describe storageclass ebs-sc
You should see output describing the storage class attributes.
-
Create an Amazon account
If you don't already have an Amazon account, you need to create one to enable billing for Amazon EKS.
-
Go to the Amazon homepage , select Sign in at the top right, and select Start here.
-
Follow the prompts to create an account.
Install the Amazon Web Services CLI
Install the AWS CLI so that you can manage AWS resources from the command line.
-
Go to Getting started with the AWS CLI and follow the instructions to install the CLI.
Optional: Create an IAM user
Create an IAM user so that you can use and manage AWS services and resources with increased security. You can also skip this step, and use an existing IAM user with Astra Control Service.
-
Go to Creating IAM users and follow the instructions to create an IAM user.
Create and attach a permissions policy
Create a policy with the required permissions for Astra Control Service to interact with your AWS account.
-
Create a new file called
policy.json
. -
Copy the following JSON content into the file:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "cloudwatch:GetMetricData", "fsx:DescribeVolumes", "ec2:DescribeRegions", "s3:CreateBucket", "s3:ListBucket", "s3:PutObject", "s3:GetObject", "iam:SimulatePrincipalPolicy", "s3:ListAllMyBuckets", "eks:DescribeCluster", "eks:ListNodegroups", "eks:DescribeNodegroup", "eks:ListClusters", "iam:GetUser", "s3:DeleteObject", "s3:DeleteBucket", "autoscaling:DescribeAutoScalingGroups" ], "Resource": "*" } ] }
-
Create the policy:
POLICY_ARN=$(aws iam create-policy --policy-name <policy-name> --policy-document file://policy.json --query='Policy.Arn' --output=text)
-
Attach the policy to the IAM user. Replace
<IAM-USER-NAME>
with either the user name of the IAM user you created, or an existing IAM user:aws iam attach-user-policy --user-name <IAM-USER-NAME> --policy-arn=$POLICY_ARN
Save the credentials for the IAM user
Save the credentials for the IAM user so that you can make Astra Control Service aware of the user.
-
Download the credentials. Replace
<IAM-USER-NAME>
with the user name of the IAM user you want to use:aws iam create-access-key --user-name <IAM-USER-NAME> --output json > credential.json
The credential.json
file is created, and you can import the credentials in to Astra Control Service.