Aks Clusters
Platform9 can connect to AWS and import any existing EKS clusters, bringing them under the management of Platform9 to enable centralized administration. Once a cluster has been imported and the External Cluster Operator has been installed Platform9, enables:
View EKS clusters alongside BareOS, Azure Native Clusters and AWS Native Clusters
View and Edit RBAC configuration
View and Managed Cluster Workloads
Use the Application Catalog to deploy Helm 3 app
Deploy Platform9 Monitoring
IAM User Role/Group
Platform9 requires that the user that owns the Secret Key and Access Key be part of the "system: masters" group on each EKS cluster. We recommend that a service account be created within AWS and added to all EKS Clusters. To validate IAM access download auto$ CLI
AWS EKS Cluster Import
To help centralize and simplify multi-cluster and hybrid Kubernetes deployments Platform9 can import existing EKS Clusters. Imported clusters have a limited set of functionality compared to AWS Native Clusters; Platform9 does not support any lifecycle actions for imported clusters or kubeconfig generation.
A full comparison of AWS Native Clusters vs EKS Imports can be found here auto$
Pre-requisites for EKS Cluster Imports
AWS Service Account
Platform9 recommends that a service account be created in AWS and an associated Secret Key and Access Key be setup for connecting Platform9 and AWS.
Access Key and Secret Key
PMK requires that you specify an AWS access key ID and associated secret access key for a single IAM user in your AWS account. The keys are used to import EKS clusters and perform all cluster actions. The account that owns the Access Key and Secret Key must have access to the AWS EKS API for all List and Describe endpoints as detailed here: https://docs.aws.amazon.com/eks/latest/APIReference/Welcome.html
EKS Cluster Permissions
For data collection to function correctly the AWS user used to import the cluster must be added to the clusters RBAC ConfigMap to provide either the User/Service Account or a Role that the Service Account is enrolled within access to the cluster. Specifically the system:mastersgroup
To add the service account used to import the cluster to the EKS Cluster follow the steps outlined by AWS - Provide Access for IAM Users and Roles to Existing EKS Clusters
EKS Cluster API Server Access
EKS Cluster Access and Service Account User
The Service Account or User that owns the Access Key and Secret Key must have system:master group access on the EKS clusters that are being imported.
For PMK to function correctly the EKS Clusters API Server must be available on a Public or Public+Private VPC. Clusters with a Private only endpoint will import however only the Cluster and Cluster Details dashboards will function.
Importing an EKS Cluster
Create Accounts
To import an EKS cluster, users must first:
Create a service account for Platform9 in AWS
Create an Access Key/Secret Key pair for that service account
Grant the service account access to each EKS cluster
Create an AWS Cloud Provider within Platform9
Import Clusters
Once the Cloud provider has been added, users can import any EKS cluster that the Service Account has access to.
Below are the steps to import an EKS Cluster.
Within AWS, create a service account for Platform9
Generate an access key for the service account
Grant the service account access to each EKS cluster
Log into Platform9 and navigate to Infrastructure → Cloud Providers tab
On the Cloud Providers tab, click “+ Add Cloud Provider”
Provide a Name for the Cloud Provider and the Access Key Secret Key pair for the Service account and click next
Once the Cloud Provider is validated, save the credentials to Platform9
Validate the Cloud Provider has access to the regions you are running EKS clusters and then click Done
Navigate to the Infrastructure → Clusters tab and select 'Import' from the Add Cluster button
Select AWS as the target cloud and click “Import EKS Cluster”
Select the Cloud Provider configured with EKS Cluster Access and click Next
Select each region where EKS clusters are running and select each cluster to be imported, several clusters can be imported in one action. Once all clusters are selected, click next.
Review the final list for import and click “Import”
Install ECO for each imported cluster
Last updated
Was this helpful?