Page History

...

Run the following commands to setup load balncerbalancer,

• eksctl utils associate-iam-oidc-provider --region us-east-2 --cluster pnda --approve
• curl -o iam-policy.json https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/master/docs/examples/iam-policy.json
• aws iam create-policy --policy-name ALBIngressControllerIAMPolicy --policy-document file://iam-policy.json
• Attach ingress policies for Node Instance role.

IAM Console --> Roles --> search for the NodeInstanceRole.

(Example: eksctl-pnda-eks-NodeInstanceRole-xxxxxx.) --> Attach policy select ingressController-iam-policy.

• kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.4/docs/examples/rbac-role.yaml
• curl -sS "https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.4/docs/examples/alb-ingress-controller.yaml" > alb-ingress-controller.yaml
• Open alb-ingress-controller and edit ingress-class, cluster-name, aws-vpc-id and region.

...

• kubectl apply -f alb-ingress-controller.yaml
• kubectl get pods -n kube-system à This should return running alb ingress controller pod.

 Step 3) Helm tiller Installation on EKS cluster:

$helm init

Create rbac-config.yaml

apiVersion: v1

kind: ServiceAccount

metadata:

  name: tiller

  namespace: kube-system

---

apiVersion: rbac.authorization.k8s.io/v1beta1

kind: ClusterRoleBinding

metadata:

  name: tiller

roleRef:

  apiGroup: rbac.authorization.k8s.io

  kind: ClusterRole

  name: cluster-admin

subjects:

  - kind: ServiceAccount

    name: tiller

    namespace: kube-system

$kubectl create -f rbac-config.yaml

$helm init --service-account tiller --upgrade

$helm version               

Note: Default EBS General Purpose SSD(gp2) volume types only supports read-write-once persistent volume (PV) access-mode. The PV which we create for Deployment Manager requires read-write-many access-mode, as multiple pods (Deployment Manager, Spark Operatoretc..) share same PV. Hence, we have to create/setup EFS CSI driver which supports read-write-many access-mode for a PV.

Step 4) To deploy Amazon EFS CSI driver to an Amazon EKS cluster

1.   kubectl apply -k "github.com/kubernetes-sigs/aws-efs-csi-driver/deploy/kubernetes/overlays/stable/?ref=master"
2. aws eks describe-cluster --name pnda --query "cluster.resourcesVpcConfig.vpcId" --output

...

1. text 
   1. (Above command will return VPC ID and use the same in below command)
2. aws ec2 describe-vpcs --vpc-ids vpc-exampledb76d3e813 --query "Vpcs[].CidrBlock" --output text

...

1. (Above command returns VPC CODR range and use the same while adding rule for NFS inbound traffic)
   1. Create a security group that allows inbound NFS traffic for your Amazon EFS mount points.
   2. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/
   3. Choose Security Groups in the left navigation pane, and then Create security group.
   4. Enter a name and description for your security group, and choose the VPC that your Amazon EKS cluster is using.
   5. Choose Create and then Close to finish.
2. Add a rule to your security group to allow inbound NFS traffic from your VPC CIDR range.
   1. Choose the security group that you created in the previous step.
   2. Choose the Inbound Rules tab and then choose Edit rules.
   3. Choose Add Rule, fill out the following fields, and then choose Save rules.

   ...

   1. 1. 1. Type: NFS

   ...

   1. 1. 1. Source: Custom. Paste the VPC CIDR range.
         2. Description: Add a description, such as "Allows inbound NFS traffic from within the VPC."

   Step 5) Create AWS EFS

   (https://us-east-2.console.aws.amazon.com/efs/home?region=us-east-2#/get-started)

    Note: Use same region as EKS cluster created region in above URL 

   There are 2 ways to create AWS elastic file system

   1. Using GUI:
      1. Open the Amazon Elastic File System console at https://console.aws.amazon.com/efs/ .
      2. Choose File systems in the left navigation pane, and then choose Create file system.
      3. On the Create file system page, choose Customize.
      4. On the File system settings page, you don't need to enter or select any information, but can if desired, and then select Next.
      5. On the Network access page, for Virtual Private Cloud (VPC), choose your VPC.
      1. Note: If you don't see your VPC, at the top right of the console, make sure that the region that your VPC is in is selected.
      2. Under Mount targets, if a default security group is already listed, select the X in the top right corner of the box with the default security group name to remove it from each mount point, select the security group that you created in a previous step for each mount target, and then select Next.
      3. On the File system policy page, select Next.
      4. On the Review and create page, select Create.

   (Or)

   2. Using CLI:

       Follow the steps from following link,

       https://docs.aws.amazon.com/efs/latest/ug/wt1-create-efs-resources.html

    Step 6) Setup K8S-EFS provisioner

   ...