Administering Amazon EKS Clusters Using CCP Control Plane

Before you begin, make sure you do the following:

• Added your Amazon provider profile.

• Added the required AMI files to your account.

• Created an AWS IAM role for the CCP usage to create AWS EKS clusters.

Here is the procedure for administering Amazon EKS clusters using the CCP control plane:

Step 1. In the left pane, click Clusters and then click the AWS tab.

Step 2. Click NEW CLUSTER.

Step 3. In the Basic Information screen, enter the following information:

a. From the INFRASTUCTURE PROVIDER drop-down list, choose the provider related to the appropriate Amazon account.

b. From the AWS REGION drop-down list, choose an appropriate AWS region.

Note

Not all regions support EKS. Ensure that you select a supported region. Currently, CCP supports the ap-northeast-1, ap-northeast-2, ap-southeast-1, ap-southeast-2, eu-central-1, eu-north-1, eu-west-1, eu-west-2, eu-west-3, us-east-1, us-east-2, and us-west-2 regions.

c. In the KUBERNETES CLUSTER NAME field, enter a name for your cluster.

d. Click NEXT.

Step 4. In the Node Configuration screen, specify the following information:

a. From the INSTANCE TYPE drop-down list, choose an instance type for your cluster.

b. From the MACHINE IMAGE drop-down list, choose an appropriate CCP Amazon Machine Image (AMI) file.

To add AMI files to your Amazon account.

c. In the WORKER COUNT field, enter an appropriate number of worker nodes.

d. In the SSH PUBLIC KEY drop-down field, choose an appropriate authentication key.

This field is optional. It is needed if you want to ssh to the worker nodes for troubleshooting purposes. Ensure that you use the Ed25519 or ECDSA format for the public key.

Note

Because RSA and DSA are less-secure formats, Cisco prevents the use of these formats.

e. In the IAM ACCESS ROLE ARN field, enter the Amazon Resource Name (ARN) information.

Note

By default, the AWS credentials specified at the time of Amazon EKS cluster creation (that is, the credentials configured in the Infrastructure Provider) are mapped to the Kubernetes cluster-admin ClusterRole. A default ClusterRoleBinding binds the credentials to the system:masters group, thereby granting superuser access to the holders of the IAM identity. The IAM ACCESS ROLE ARN field allows you to specify the ARN of an additional AWS IAM role or IAM user who is also granted administrative control of the cluster.

f. Click NEXT.

Step 5. In the VPC Configuration screen, specify the following information:

a. In the SUBNET CIDR field, enter a value of the overall subnet CIDR for your cluster.

b. In the PUBLIC SUBNET CIDR field, enter values for your cluster on separate lines.

c. In the PRIVATE SUBNET CIDR field, enter values for your cluster on separate lines.

Step 6. In the Summary screen, review the cluster information and then click FINISH.

Cluster creation can take up to 20 minutes. You can monitor the cluster creation status on the Clusters screen.

Note

If you receive the “Could not get token: AccessDenied” error message, this indicates that the AWS account is not a trusted entity for the Role ARN.

Liam Smith Cisco Applications in Finance

Leave a Reply

Your email address will not be published. Required fields are marked *