All Private EKS Cluster (beta)

Provisioning a secure, all private AWS EKS Cluster within a private VPC

gopaddle cluster provisioning provides multiple options to provision an AWS EKS cluster in a customer's AWS cloud account. In an all private EKS cluster, the access ends points of the cluster are private and the nodepools and the nodes within the cluster are provisioned in private subnets without an Internet gateway. Since there is no external access, the cluster resources are accessible within a private VPC.

In gopaddle v4.2.6, it is possible to provision an all private EKS cluster. You can use an existing VPC with all private subnets (a minimum of 3 subnets requried) or you can let gopaddle provision a new VPC and 3 new subnets within the VPC;

Currently, this capability requires an IAM user with Administrator Access. We are working on granular access privileges to streamline the access control. Hence please use this capability only in test environments.

Multi-cloud Cluster Provisioning and external Cluster Registration capability is available only on gopaddle SaaS and Enterprise editions.

Provisioning Clusters on Cloud Required corresponding Cloud Accounts to be registered first.

Provision all private EKS cluster

Under the Environments section, choose Add a Cluster and then Create new Cluster.

Step - 1 (Cloud Account, VPC/Subnet, Access & Master Role)

a) Cloud Account and Kubernetes Configuration

  • Provide a Cluster Name

  • Choose the Cloud Provider type as AWS EKS

  • Select the AWS Cloud Account

  • Choose the Kubernetes version

  • Select a Region

b) Access Configuration

  • Select the Cluster Access Type as Private

c) VPC and Subnet Configuration

  • Existing VPC: In order to use an existing VPC, select Use Existing VPC and provide the VPC ID. gopaddle will auto-discover the subnets within the VPC. Select the subnets to be used.

  • Create new VPC: By default, gopaddle provides the option to create a new VPC. Provide the CIDR for the VPC and subnets.

d) Master Role Configuration

  • Click on Add Master Role to create a role in the AWS account. Copy the role ARN from the stack output from the AWS console and paste in the gopaddle cluster creation wizard.

    Make sure there are no trailing spaces in the role ARN.

Step - 2 (Bastion Host)

In the next step, provide the bastion host configuration,

  • Select the AWS Instance Key, AMI ID, Availability zone and the subnet CIDR where the bastion host needs to be created

    Only Ubuntu 18.04 images are supported
  • The AWS Instance Key and the private PEM file will will be used to access the bastion host and register the cluster with gopaddle. You can use the PEM file to SSH to the bastion host and access the cluster once the cluster is ready.

  • Click on Add Automation Role to add bastion host instance profile to the cluster. Copy the role ARN from the stack output from the AWS console and paste in the gopaddle cluster creation wizard.

    Make sure there are no trailing spaces in the role ARN.

Step - 3 (Node Pool Configuration)

In the last step, provide the node pool details:

  • Provide a node pool name, minimum/maximum/desired node count and the disk space required

  • Choose a minimum of 2 availability zones.

  • Click on Create Node Role to create a node instance role. Copy the role ARN from the stack output from the AWS console and paste in the gopaddle cluster creation wizard. Make sure there are no trailing spaces in the role ARN.

Click on finish to create the EKS cluster. This process may take 20 - 30 minutes to complete.

Once the cluster is provisioned, gopaddle will automatically trigger a discovery process to discover existing resources in the EKS cluster. Once the discovery is complete, you can view the Kubernetes specifications under the Design Studio and the namespaces under the Applications tab.

Troubleshooting a cluster provision error

If the cluster provisioning fails, you can find more logs under the Cluster Activities.

Cluster Activities

Cloud Formation Stack Logs

You can find the AWS Cloud Formation stack logs under the logs tab.

Click on view option to view a specific stack log.

Last updated