Create and connect new AWS EKS cluster

The following document shows how to create an AWS EKS cluster using the OCLI.

Prerequisites

  1. Install git if not already present.
  2. Install aws cli == 2.x.x and create an AWS profile locally with admin access to the AWS account where you want to create the new cluster.

📘

Suggestion

We highly recommend you to please go through the AWS Infrastructure requirements carefully.

Installing OCLI

  1. Download the binary using the below command.
    curl -H 'Cache-Control: max-age=0' -s https://releases.ocli.truefoundry.tech/binaries/ocli_$(curl -H 'Cache-Control: max-age=0' -s https://releases.ocli.truefoundry.tech/stable.txt)_darwin_arm64 -o ocli
    
    curl -H 'Cache-Control: max-age=0' -s https://releases.ocli.truefoundry.tech/binaries/ocli_$(curl -H 'Cache-Control: max-age=0' -s https://releases.ocli.truefoundry.tech/stable.txt)_darwin_amd64 -o ocli
    
    curl -H 'Cache-Control: max-age=0' -s https://releases.ocli.truefoundry.tech/binaries/ocli_$(curl -H 'Cache-Control: max-age=0' -s https://releases.ocli.truefoundry.tech/stable.txt)_linux_arm64 -o ocli
    
    curl -H 'Cache-Control: max-age=0' -s https://releases.ocli.truefoundry.tech/binaries/ocli_$(curl -H 'Cache-Control: max-age=0' -s https://releases.ocli.truefoundry.tech/stable.txt)_linux_amd64 -o ocli
    
  2. Make the binary executable and move it to $PATH
    sudo chmod +x ./ocli
    sudo mv ocli /usr/local/bin
    
  3. Confirm by running the command
    ocli --version
    

Configuring Input Config file

  1. To create a new cluster, you would require your AWS Account ID, Region, and an AWS Profile
  2. Run the following command to fill in the inputs interactively
    ocli init-compute-plane
    
  3. For networking, there are two possible configurations:
    1. New VPC (Recommended) - This creates a new VPC for your new cluster.
    2. Existing VPC - You can enter your existing VPC and subnet IDs.
  4. Once all the inputs are filled, a config file with the nametfy-config.yaml would be generated in your current directory. We highly recommend you to once go through the generated config file and tally your inputs. You can also customize the inputs directly by editing the file. Below is the sample for the same:
aws:
  account:
    id: "xxxxxxxxxxxxxxxxx"
  cluster:
    name: "coolml"
    public_access:
      cidrs:
        - 0.0.0.0/0
      enabled: true
    version: "1.28"
  iam_role:
    assume_role_arns:
      - arn:aws:iam::416964291864:role/tfy-ctl-euwe1-production-truefoundry-deps
    ecr:
      enabled: true
    enabled: true
    role_enable_override: false
    role_override_name: ""
    s3:
      bucket_enable_override: false
      bucket_override_name: ""
      enabled: true
    ssm:
      enabled: true
  network:
    existing: true
    private_subnets_cidrs: []
    private_subnets_ids:
      - subnet-xxxxxxxxxxxxxxxxx
      - subnet-xxxxxxxxxxxxxxxxx
      - subnet-xxxxxxxxxxxxxxxxx
    public_subnets_cidrs: []
    public_subnets_ids:
      - subnet-xxxxxxxxxxxxxxxxx
      - subnet-xxxxxxxxxxxxxxxxx
      - subnet-xxxxxxxxxxxxxxxxx
    vpc_cidr: ""
    vpc_id: vpc-xxxxxxxxxxxxxxxxx
  profile:
    name: administrator-xxxxxxxxxxxxxxxxx
  region:
    availability_zones:
      - us-east-1a
      - us-east-1b
      - us-east-1c
    name: us-east-1
  tags: {}
azure: null
binaries:
  terraform:
    binary_path: null
  terragrunt:
    binary_path: null
gcp: null
provider: aws

aws:
  account:
    id: "xxxxxxxxxxxxxxxxx"
  cluster:
    name: coolml
    public_access:
      cidrs:
      - 0.0.0.0/0
      enabled: true
    version: "1.28"
  iam_role:
    assume_role_arns:
    - arn:aws:iam::416964291864:role/tfy-ctl-euwe1-production-truefoundry-deps
    ecr:
      enabled: true
    enabled: true
    role_enable_override: false
    role_override_name: ""
    s3:
      bucket_enable_override: false
      bucket_override_name: ""
      enabled: true
    ssm:
      enabled: true
  network:
    existing: false
    private_subnets_cidrs:
    - 10.222.0.0/20
    - 10.222.16.0/20
    - 10.222.32.0/20
    private_subnets_ids: []
    public_subnets_cidrs:
    - 10.222.176.0/20
    - 10.222.192.0/20
    - 10.222.208.0/20
    public_subnets_ids: []
    vpc_cidr: 10.222.0.0/16
    vpc_id: ""
  profile:
    name: administrator-xxxxxxxxxxxxxxxxx
  region:
    availability_zones:
    - us-east-2a
    - us-east-2b
    - us-east-2c
    name: us-east-2
  tags: {}
azure: null
binaries:
  terraform:
    binary_path: null
  terragrunt:
    binary_path: null
gcp: null
provider: aws

Create the cluster

Run the following command to create the EKS cluster and IAM roles needed to provide access to various infrastructure components as per the inputs configured above.

ocli run --file tfy-config.yaml

This command may take around 30-45 minutes to complete.

Connecting the cluster

  1. Head over to the TrueFoundry platform and log in. If you haven't logged in, then you can sign up here.
  2. Once you have logged in, navigate to Integrations tab from the left panel and click on Setup Cluster.
  3. Give the name of the EKS cluster and select the cluster type as AWS EKS.
  4. Copy the resulting ocli command. This command installs the agent in your EKS cluster which will connect your cluster to the TrueFoundry control plane. The command looks similar to the following:
ocli connect-compute-plane --cloud aws-eks --control-plane-url https://coolml.truefoundry.tech \
--token xxxxxxx  --tenant coolml
  1. Run the command from the current directory where your tfy-config.yaml is present.

Saving the output file

Once the above command finishes, save the output using the command below:

ocli output --file tfy-config.yaml > output.txt

Follow the guide below to connect the compute-plane cluster you just created to the control-plane.

  1. Go to Truefoundry Control-plane UI and go to Integrations.
  2. Click New Cluster