AWS EKS Cluster Controller

The aws-eks-cluster-controller manages cross account EKS clusters and supported Kubernetes resources.

This controller is built using the kubebuilder framework. For more information read their docs

Concepts

• Parent EKS Cluster: The Kubernetes cluster where this controller runs.
• Child EKS Clusters: These are the Kubernetes clusters managed by the controller running in parent EKS cluster.

Turn Key Installation

Prerequisites

Make sure you have following tools installed on your workstation:

1. aws-cli
2. kubectl
3. eksctl
4. jq
5. aws-iam-authenticator
6. kubebuilder - install step

-- or on MacOS via brew --

brew tap weaveworks/tap/eksctl
brew install kustomize kubernetes-cli eksctl awscli jq
go get -u -v github.com/kubernetes-sigs/aws-iam-authenticator/cmd/aws-iam-authenticator

And install kubebuilder

IMPORTANT make sure your AWS user/role has sufficient permissions to use eksctl.

Setup Parent EKS cluster

1. Create the Parent EKS cluster

   eksctl create cluster

2. Once eksctl has finished, verify you can access the cluster.

   kubectl get nodes

3. For this installation process we use kube2iam to manage IAM permissions for pods running on the parent cluster.

   kubectl apply -f deploy/kube2iam.yaml

Build and deploy the Controller

1. Clone this project

   mkdir -p some/path
   cd some/path
   git clone git@github.com:awslabs/aws-eks-cluster-controller.git

2. Create the IAM role that the controller will use

   export NODE_INSTANCE_ROLE_ARNS=`aws iam list-roles | jq -r --arg reg_exp "^eksctl-.*-NodeInstanceRole-.*$" '.Roles | map(select(.RoleName|test($reg_exp))) | map(.Arn) | join(",")'`; \
   
   aws cloudformation create-stack \
   --stack-name aws-eks-controller-role \
   --capabilities CAPABILITY_IAM CAPABILITY_NAMED_IAM \
   --template-body file://config/setup/aws-eks-cluster-controller-role.yaml \
   --parameters \
     ParameterKey=WorkerArn,ParameterValue="'${NODE_INSTANCE_ROLE_ARNS}'"
   
   export IAMROLEARN=`aws iam get-role --role-name aws-eks-cluster-controller | jq -r .Role.Arn`

3. Create repository and build/push image

   # Create ECR Repository
   aws ecr create-repository --repository-name aws-eks-cluster-controller
   export REPOSITORY=`aws ecr describe-repositories --repository-name aws-eks-cluster-controller | jq -r '.repositories[0].repositoryUri'`
   
   # Build/tag the docker image
   IMG=${REPOSITORY}:latest IAMROLEARN=${IAMROLEARN} make docker-build
   
   # Push the docker image
   aws ecr get-login --no-include-email | bash -
   docker push ${REPOSITORY}:latest

4. Install required Kubernetes CustomResourceDefinitions (CRDs) and deploy controller

   make deploy

License

This library is licensed under the Apache 2.0 License.