Nowadays, most organizations have a multi-cloud or hybrid strategy (as per the blog post from Faction) and sometimes it's hard to keep track of various parts across the infrastructure. Some organizations may have Kubernetes clusters across multiple cloud providers such as AWS (Amazon Web Services), GCP (Google Cloud Platform), Civo Cloud, etc.
In September last year, AWS introduced a service called EKS (Elastic Kubernetes Service) Connector, with which you can visualize any non-EKS clusters in the AWS EKS Console. This post will show how to connect a Civo Kubernetes cluster in the AWS EKS Console. With this, Civo users who are also users of AWS will have a unified view of their clusters.
The client-side utility is completely open-source and you can check it out here on Github
Let’s do it!
Creating a Civo Kubernetes cluster
Note: If you already have a Civo Kubernetes cluster, you can skip this step.
You can follow this quick start guide and create a Kubernetes cluster on Civo.
Registering our cluster in the Amazon EKS Console
To start with, let’s go to Amazon EKS Console
- Click on "Add Cluster"
- You’ll see a dropdown and then click on "Register"
Give a unique name for the cluster, in this case, we will say
surajincloud-civo-1
Now on the provider dropdown, we will select
Other
- Under 'connection configuration', select the IAM (Identity and Access Management which provides fine-grained access control for AWS resources) role (follow this guide to create this role)
- Add any tags if you want (tags is just key-value pair and enables you to categorize AWS resources)
- Then click on "Register Cluster"
- Now you’ll see a pop-up like the below image. This is a very important step to register the cluster in the connector and if you miss this, you won’t be able to connect and you’ll have to repeat the entire process
- Click on "Download the YAML file"
Once you have downloaded the file, open it and see what it has:
It will have:
- Namespace
eks-connector
- Secret
eks-connector-activation-config
,eks-connector-token
- ServiceAccount
eks-connector
- Role
eks-connector-secret-access
- Rolebinding
eks-connector-secret-access
- Configmap
eks-connector-agent
- Statefulset
eks-connector
Apply this file on the Civo cluster:
kubectl apply -f surajincloud-civo-1.yml
The cluster is now active but we can’t access it and will see the following error:
This error is because our IAM user is not able to impersonate users in Kubernetes. To fix this, download the following file which will give your IAM user the power to visualize all the kubernetes resources in all namespaces
curl -o eks-connector-clusterrole.yaml https://s3.us-west-2.amazonaws.com/amazon-eks/eks-connector/manifests/eks-connector-console-roles/eks-connector-clusterrole.yaml
- Open the file and change the IAM_ARN to your IAM user/role with which you are accessing the EKS Console
- Apply the file to your cluster now
Kubectl apply -f eks-connector-clusterrole.yaml
Now our user can impersonate and get the cluster role but still, it does not have permission to list the resources and you will see the following error:
Now we have download the EKS cluster role which will give us the power to visualize all the Kubernetes resources in all namespaces
In the following command, we will use curl Linux utility to download the file, -o
which is used to provide output file locations to where it will download the file from a given URL
curl -o eks-connector-console-dashboard-full-access-group.yaml https://s3.us-west-2.amazonaws.com/amazon-eks/eks-connector/manifests/eks-connector-console-roles/eks-connector-console-dashboard-full-access-group.yaml
- Open the file and find the clusterrolebinding, under the subject, you’ll see IAMARN under
User
change this IAMARN with your IAM user - Apply the file
Kubectl apply -f eks-connector-console-dashboard-full-access-group.yaml
Once we apply this Clusterrole and Clusterrolebinding, we will be able to see Kubernetes resources from our Civo cluster in the Amazon EKS console.
Depending on how Clusterrole is configured, we can see:
- Nodes
- Events
- All the Kubernetes resources such as Deployments, Pods, Configmaps, Jobs, etc
Clean up
Follow the steps to clean up the environment on both Civo and AWS sides.
On the AWS Side
Go to Amazon EKS Console
Select the Civo cluster from the Amazon EKS console and click on "Deregister"
- Once again, click on "Deregister"
On the Civo side
- Delete all the resources we created earlier
-
yaml Kubectl delete -f surajincloud-civo-1.yaml Kubectl delete -f eks-connector-clusterrole.yaml Kubectl delete -f eks-connector-console-dashboard-full-access-group.yaml
Conclusion
Through this tutorial we learnt how AWS users can visualize their Civo Cluster from the same EKS Console. They won’t be able to operate these clusters but having an overview of all the clusters. As part of the multi-cloud approach, users can now have their clusters hosted in multiple cloud providers.
With the help of EKS Connector, users can now visualize all the clusters in one place. This gives users a high level overview of all the clusters, which can be helpful for the initial data gathering in the case of troubleshooting an application. Whilst EKS Connector is still an early stage project, hopefully there will be more features in the future with which we will be able to do more stuff with non EKS Clusters.
If you have any issues or doubts, you can reach out to me on Twitter or check out the video explanation for this blog post.