Edge Release
Launch DashboardGitHubDiscord Community
Garden Enterprise

AWS

AWS (EKS)

The official AWS EKS user guide guides users to create their cluster using the official eksctl tool.

If you wish to make use of Garden's In-Cluster Building feature that leverages more-powerful remote Kubernetes clusters for image building, you'll need to pass a few additional flags to eksctl.

tl;dr

The following command will create an EKS cluster with a managed node group using any AWS instances that meet the criteria of 4 vCPUs and 16 GiB of memory. It uses IAM Roles for Service Accounts (IRSA) to attach a policy to the cluster allowing power user access to AWS' Elastic Container Registry. Visit the docs for more details on the AmazonEC2ContainerRegistryPowerUser policy.

eksctl create cluster -f - <<EOF
---
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig

metadata:
  name: $USER-cluster
  region: $AWS_REGION

managedNodeGroups:
- name: mng
  instanceSelector:
    vCPUs: 4
    memory: 16

iam:
  withOIDC: true
  serviceAccounts:
  - metadata:
      name: ecr-poweruser
      # set namespace to your developer namespace
      namespace: $USER-dev
    attachPolicyARNs:
    - "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPowerUser"
EOF

Finally, configure Garden to annotate your in-cluster pods with the correct Amazon Resource Name by following Garden's In-Cluster Building guide.

Permissions

IAM users or roles need the following AWS permissions to interact with your EKS cluster: eks:DescribeCluster eks:AccessKubernetesApi

You can select these when creating the policy through the UI, or with this JSON version:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "eks:DescribeCluster",
                "eks:AccessKubernetesApi"
            ],
            "Resource": "<arn identifier>"
        }
    ]
}

You will also need a Kubernetes role and service account in the EKS cluster. This can be achieved with the aws-auth configmap. The instructions are documented here. If you are interested in minimizing the permissions in the cluster, please take a look at our Kubernetes RBAC guide.

Previous1. Create a ClusterNextGCP

Last updated