DEV Community

Learn2Skills for AWS Community Builders

Posted on • Edited on

EKS Connector connect to Kubernetes cluster

The updated Amazon EKS console now includes all standard Kubernetes API resource types such as service resources, configuration and storage resources, authorization resources, policy resources and more. You can easily filter your Kubernetes resources by a specific namespace and search by property values, making it quick and easy to find objects, all within a single consistent experience in the console.

Amazon EKS Connector to register and connect any conformant Kubernetes cluster to AWS and visualize it in the Amazon EKS console. After a cluster is connected, you can see the status, configuration, and workloads for that cluster in the Amazon EKS console.
The Amazon EKS Connector is also an open source project on Github

Before you use Amazon EKS Connector, understand the following:

  • You must have administrative privileges to the Kubernetes cluster to connect the cluster to Amazon EKS.

  • The Kubernetes cluster must have Linux 64-bit (x86) worker nodes present before connecting. ARM worker nodes aren't supported.

  • You must have worker nodes in your Kubernetes cluster that have outbound access to the ssm. and ssmmessages. Systems Manager endpoints. For more information, see Systems Manager endpoints in the AWS General Reference.

  • By default, you can connect up to 10 clusters in a Region. You can request an increase through the service quota console. See Requesting a quota increase for more information.

  • Only the Amazon EKS RegisterCluster, ListClusters, DescribeCluster, and DeregisterCluster APIs are supported for external Kubernetes clusters.

  • You must have the following permissions to register a cluster:
    eks:RegisterCluster
    ssm:CreateActivation
    ssm:DeleteActivation
    iam:PassRole

  • You must have the following permissions to deregister a cluster:
    eks:DeregisterCluster
    ssm:DeleteActivation
    ssm:DeregisterManagedInstance

Using the Amazon EKS Connector requires the following two IAM roles:

To enable cluster and workload view permission for another user, you must apply the eks-connector and Amazon EKS Connector cluster roles to your cluster. Follow the steps in Granting access to a user to view Kubernetes resources on a cluster.

*Connecting a cluster: *
Registering the cluster
You can connect an external Kubernetes cluster to Amazon EKS with AWS CLI and the AWS Management Console. This process involves two steps: registering the cluster with Amazon EKS and applying a YAML manifest file to enable connectivity. To allow another user to view the cluster, follow the instructions in Granting access to a user to view Kubernetes resources on a cluster.

You must have the following permissions to register a cluster:

  • eks:RegisterCluster
  • ssm:CreateActivation
  • ssm:DeleteActivation
  • iam:PassRole

AWS Management Console- Prerequisites
Ensure the Amazon EKS Connector agent role was created.
To register your Kubernetes cluster with the console.
1.Open the Amazon EKS console at
https://console.aws.amazon.com/eks/home#/clusters.
2.Choose Add cluster and select Register to bring up the
configuration page.
3.On the Configure cluster section, fill in the following fields:
•Name – A unique name for your cluster.
•Provider – Choose to display the dropdown list of Kubernetes
cluster providers. If you don't know the specific provider, select Other.
•EKS Connector role – Select the role to use for connecting the cluster.
4.Select Register cluster.
5.The Cluster overview page displays. Choose Download YAML file to
download the manifest file to your local drive.

Applying the manifest file
Complete the connection by applying the Amazon EKS Connector manifest file to your Kubernetes cluster. To do this, you must use the AWS CLI or eksctl for the registration methods described previously. If the manifest is applied within three days, the Amazon EKS Connector registration expires. If the cluster connection expires, the cluster must be deregistered before connecting the cluster again.

1.In the native environment of the cluster, you can apply the
updated manifest file by running the following command:
kubectl apply -f eks-connector.yaml
2.After the Amazon EKS Connector manifest and role binding YAML
files are applied to your Kubernetes cluster, confirm that the
cluster is now connected.
aws eks describe-cluster \
--name "my-first-registered-cluster" \
--region AWS_REGION

The output should include status=ACTIVE.
3.You can now add Tags to your cluster (optional). See Tagging
your Amazon EKS resources for more information
.
To grant additional IAM users access to the Amazon EKS console
to view Kubernetes resources in a connected cluster, see
Granting access to a user to view Kubernetes resources on a
cluster
.

more details: AWS EKS Connecter


Top comments (0)