EKS Import

Platform9 can connect to AWS and import any existing EKS clusters, bringing them under the management of Platform9 to enable centralized administration. Once a cluster has been imported and the External Cluster Operator has been installed Platform9, enables:

Platform9 requires that the user that owns the Secret Key and Access Key be part of the "system: masters" group on each EKS cluster. We recommend that a service account be created within AWS and added to all EKS Clusters. To validate IAM access download Cloud Provider Checks CLI

AWS EKS Cluster Import

To help centralize and simplify multi-cluster and hybrid Kubernetes deployments Platform9 can import existing EKS Clusters. Imported clusters have a limited set of functionality compared to AWS Native Clusters; Platform9 does not support any lifecycle actions for imported clusters or kubeconfig generation.

A full comparison of AWS Native Clusters vs EKS Imports can be found here EKS vs AWS Native Cluster FAQ

Pre-requisites for EKS Cluster Imports

AWS Service Account

Platform9 recommends that a service account be created in AWS and an associated Secret Key and Access Key be setup for connecting Platform9 and AWS.

Access Key and Secret Key

PMK requires that you specify an AWS access key ID and associated secret access key for a single IAM user in your AWS account. The keys are used to import EKS clusters and perform all cluster actions. The account that owns the Access Key and Secret Key must have access to the AWS EKS API for all List and Describe endpoints as detailed here: https://docs.aws.amazon.com/eks/latest/APIReference/Welcome.html

EKS Cluster Permissions

For data collection to function correctly the AWS user used to import the cluster must be added to the clusters RBAC ConfigMap to provide either the User/Service Account or a Role that the Service Account is enrolled within access to the cluster. Specifically the system:mastersgroup

To add the service account used to import the cluster to the EKS Cluster follow the steps outlined by AWS - Provide Access for IAM Users and Roles to Existing EKS Clusters

EKS Cluster API Server Access

The Service Account or User that owns the Access Key and Secret Key must have system:master group access on the EKS clusters that are being imported.

For PMK to function correctly the EKS Clusters API Server must be available on a Public or Public+Private VPC. Clusters with a Private only endpoint will import however only the Cluster and Cluster Details dashboards will function.

Importing an EKS Cluster

Create Accounts

To import an EKS cluster, users must first:

  1. Create a service account for Platform9 in AWS
  2. Create an Access Key/Secret Key pair for that service account
  3. Grant the service account access to each EKS cluster
  4. Create an AWS Cloud Provider within Platform9

Import Clusters

Once the Cloud provider has been added, users can import any EKS cluster that the Service Account has access to.

Below are the steps to import an EKS Cluster.

  1. Within AWS, create a service account for Platform9
  2. Generate an access key for the service account
  3. Grant the service account access to each EKS cluster
  4. Log into Platform9 and navigate to Infrastructure → Cloud Providers tab
  5. On the Cloud Providers tab, click “+ Add Cloud Provider”
  6. Provide a Name for the Cloud Provider and the Access Key Secret Key pair for the Service account and click next
  7. Once the Cloud Provider is validated, save the credentials to Platform9
  8. Validate the Cloud Provider has access to the regions you are running EKS clusters and then click Done
  9. Navigate to the Infrastructure → Clusters tab and select 'Import' from the Add Cluster button
  10. Select AWS as the target cloud and click “Import EKS Cluster”
  11. Select the Cloud Provider configured with EKS Cluster Access and click Next
  12. Select each region where EKS clusters are running and select each cluster to be imported, several clusters can be imported in one action. Once all clusters are selected, click next.
  13. Review the final list for import and click “Import”
    1. IMPORTANT: ECO must be installed into each cluster after import to ensure that Platform9 can communicate with the clusters API server
  15. Install ECO for each imported cluster

Installing ECO

To connect to the external clusters API Server the Platform9 External Cluster Operator must be installed. This can only be done after the cluster has been imported.

  1. Once the external cluster import is complete, click Install ECO on the Imported cluster table or select the cluster via the radio checkbox and click edit
  2. On the External Cluster Operator tab, download the YAML and save to your client machine. Then, use Kubectl apply -f <fileLocation>/<fileName> to install ECO
  3. The status of ECO will refresh once all ECO components are installed

Conclusion

Should you encounter any difficulties adopting or deploying the information noted above, our talented and responsive support team is available 24/7/365 to provide any additional assistance needed.

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
  Last updated by Madhura Maskasky on Jan 17, 2023
Next to read:
Imported AKS Clusters

© 2023 Platform9. All Rights Reserved

On This Page
EKS ImportAWS EKS Cluster ImportPre-requisites for EKS Cluster ImportsAWS Service AccountAccess Key and Secret KeyEKS Cluster PermissionsEKS Cluster API Server AccessImporting an EKS ClusterCreate AccountsImport ClustersInstalling ECOConclusion