Creating an EKS cluster using onboarding-cli

The Onboarding CLI is a powerful command-line tool designed to streamline the process of deploying Amazon Elastic Kubernetes Service (EKS) clusters along with their essential requirements. Developed to simplify the setup of Kubernetes clusters, this CLI automates the entire deployment process, minimising manual intervention and enabling users to focus on their core tasks. By asking a few crucial inputs from the user, the CLI swiftly configures the necessary infrastructure, easing the burden of cluster creation and management.


  1. Download aws cli == 2.x.x
  2. Download git
  3. Create an AWS profile locally which is using an IAM user having admin access to the AWS account where you want to deploy the cluster.
  4. Ensuring AWS Infrastructure requirements are read carefully.

Download the CLI

  1. Download the binary using the below command.
    1. For Apple Silicon MacOS
      curl -H 'Cache-Control: max-age=0' -s -o ocli
    2. For Intel MacOS
      curl -H 'Cache-Control: max-age=0' -s -o ocli
    3. For Linux (arm)
      curl -H 'Cache-Control: max-age=0' -s -o ocli
    4. For Linux (amd)
      curl -H 'Cache-Control: max-age=0' -s -o ocli
  2. Make the binary executable and move it to $PATH
    sudo chmod +x ./ocli
    sudo mv ocli /usr/local/bin
  3. Confirm by running the command
    $ ocli 
    version: v0.1.4


Update to latest version

Always make sure to update ocli to the latest version.


Creating a config file

  1. In this document we will check what are the options available for configuring AWS EKS cluster.

  2. There are two ways to go about it

    1. Existing VPC - This is the case when you have an already existing network setup for your existing AWS environment. The onboarding CLI can use the VPC ID and the private and public subnet IDs to deploy the EKS cluster inside it. So before running the command make sure you have these handy
    2. New VPC - If you don't have any existing VPC or want to deploy the Truefoundry EKS cluster inside a new VPC then you can select this option. In this option you will be prompted for the VPC CIDR which is the CIDR range of the VPC you want. If you are not sure will be taken as default. You will also be asked for private and public CIDRS.
  3. Run the below command

    ocli infra init
  4. Screen will be cleared and you will be asked for cloud provider choice. Select aws here and for the next question add your account ID

    Truefoundry is a platform that makes it very easy to deploy microservices, ML models training jobs, LLMs on Kubernetes. We will start the process of bootstrapping a Kubernetes cluster. This CLI is useful only if you don't have a Kubernetes cluster. If you already have a cluster, please go to
    Let's get started!
    1. Cloud Provider
    In which cloud provider you would like to deploy your cluster: :
    >  aws
    2. Account ID
    What is the AWS Account ID where you want to deploy your cluster:


exec: "aws": executable file not found in $PATH

The above error indicates that aws cli is not present in your local machine. Make sure you have downloaded the aws CLI.


GetLocalAWSProfiles: exit status 2

The above error indicates that the version of aws CLI is not matching the required version. For ocli to work aws == 2.x.x

  1. Select the right profile and enter the cluster name( substring which will be part of all AWS resources created by this script). Here it will show all the local AWS profile name and you can select the one that you have created before or the one which has admin access to the AWS account where you want to deploy your cluster.

    3. AWS profiles
    Which AWS profile you want to use: :
    >  newcluster
    4. AWS cluster name
    What is the cluster name that you want for your cluster: newcluster
  2. Select the region and the availability zone where you want to deploy the cluster. If you don't select the no of availability zones, by default 3 will be selected in format us-east-1a, us-east-1b, us-east-1c, if selected region is us-east-1. In the below example we selected to availability zones

    5(B). Avilability Zones
    Enter the number of availability zones (Default: 3, 2 <= range <=4): 2
    Enter the name of availability zones 1 (default: ap-south-1a): ap-south-1a
    Enter the name of availability zones 2 (default: ap-south-1b): ap-south-1c
    "ap-south-1a" "ap-south-1c"

Existing VPC

  1. Select existing when you want to deploy the cluster in an existing VPC, followed by inputting the VPC ID.

  2. Next enter the subnet IDs of both private and public subnets

    6(A). VPC ID
    What is you existing VPC ID: vpc-029827189eaa2c22e
    Below we will ask you to enter the subnet ID details for your existing VPC. We need total of 2 subnets, private and public each6(B). Private Subnet IDs
    Enter the ID private subnet 1: subnet-0be5bd498c2869c67
    Enter the ID private subnet 2: subnet-0321f13d89fce5bdf
    "subnet-0be5bd498c2869c67" "subnet-0321f13d89fce5bdf" 
    6(B). Public Subnet IDs
    Enter the ID of public subnet 1: subnet-0da043d78612040f3
    Enter the ID of public subnet 2: subnet-0cc42609184649379
    "subnet-0da043d78612040f3" "subnet-0cc42609184649379" 


  1. Select new when you want to deploy the cluster in a new VPC, followed by your expected CIDR range. If you press enter will be selected as default and then subnets will be automatically selected.

  2. If you chose a different CIDR range for your VPC you have to select the subnet CIDR explicitly.

    6(A). VPC CIDR
    What should be the CIDR for your new VPC (Default: Chose a range between /8 and /24):
    Below we will ask you to enter the subnet CIDR details for your new VPC. We need to create total of 3 subnets for each availability zones
    6(B). Private Subnet CIDRS
    Enter the CIDR of private subnet 1:
    Enter the CIDR of private subnet 2:
    Enter the CIDR of private subnet 3:
    "" "" "" 
    6(C). Public Subnet CIDRS
    Enter the CIDR of public subnet 1:
    Enter the CIDR of public subnet 2:
    Enter the CIDR of public subnet 3:

Running the config file

  1. Once the config file is created, the file will have below contents
            id: "123456789098"
            name: cluster-substring
            existing: false
            private_subnets_ids: []
            public_subnets_ids: []
            vpc_id: ""
            name: newcluster
                - ap-south-2a
                - ap-south-2b
                - ap-south-2c
            name: ap-south-2
        tags: {}
    azure: null
            binary_path: null
            binary_path: null
    gcp: null
    provider: aws
  2. If you have selected new VPC then vpc_cidr, private_subnets_cidrs and public_subnets_cidrs will be filled and existing will be false. In case of existing VPC vpc_id, private_subnets_ids, public_subnets_ids will be filled and existing will be true.
  3. Run the config file by
    ocli infra create --file config.yaml

Saving the output

The above process generates some output which are helpful for deployment of some applications which require IAM role ARNs. For this save the output in some file

ocli infra output --file config.yaml > output.txt

Post cluster-creation steps

  1. Once the cluster gets created we need to attach this cluster to the TrueFoundry platform.
  2. Export the important variables
    export AWS_REGION=""
    export CLUSTER_NAME=""
    export AWS_PROFILE=""
  3. Run the below command to get its kubeconfig file on your local
aws eks --region $AWS_REGION update-kubeconfig --name $CLUSTER_NAME --profile $AWS_PROFILE

  1. Download kubectl == 1.26.x
  2. Follow the Connecting the cluster to connect your tenant.