DSOSU-Dev

User Tools

Site Tools

Trace:
wiki:setup

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
wiki:setup [2022/09/07 15:20] – [Configure the cluster] keistcwiki:setup [2023/03/01 11:17] (current) keistc
Line 70: Line 70:
  
 To select that namespace and do a k get all to see the various pieces living there including the loadbalancer To select that namespace and do a k get all to see the various pieces living there including the loadbalancer
-assuming that all worked out, the usage dashboard should live at https://<cluster-name>.datasci.oregonstate.edu/grafana/+assuming that all worked out, the usage dashboard should live at https://cluster-name.datasci.oregonstate.edu/grafana/
 login admin / admin by default. login admin / admin by default.
  
Line 103: Line 103:
 <code> <code>
 mapUsers: | mapUsers: |
-    - userarn: arn:aws:iam::395703310923:user/oneils +  - userarn: arn:aws:iam::395763313923:user/name 
-      username: oneils +    username: name 
-      groups: +    groups: 
-        - system:masters+      - system:masters
 </code> </code>
 Spacing is important. You can get the userarn by running **aws sts get coller-identity** Spacing is important. You can get the userarn by running **aws sts get coller-identity**
 +==== Changes to EKS 1.23 ====
 +New to version 1.23, you now have to add the Amazon EBS CSI driver as an Amazon EKS add-on to the EKS cluster.\\
 +Below are the steps to run after running the eksctl create cluster command above.\\
 +First need to Create the Amazon EBS CSI driver IAM role for service accounts. When the plugin is deployed, it creates and is configured to use a service account that's named ebs-csi-controller-sa. The service account is bound to a Kubernetes clusterrole that's assigned the required Kubernetes permissions. Before creating the IAM role first need to enable OIDC provider.
  
 +  eksctl utils associate-iam-oidc-provider --region=us-west-2 --cluster=dev-yellow --approve
 +  eksctl create iamserviceaccount --name ebs-csi-controller-sa --namespace kube-system --cluster NAME_OF_CLUSTER --attach-policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy --approve --role-only --role-name AmazonEKS_EBS_CSI_DriverRole
 +Then we can add on the EBS CSI driver.\\
 +**NOTE:** To get the arn name for the role created above, login to the AWS console and go to the CloudFormation console. In the list of cloud stacks find the one named "eksctl-CLUSTER_NAME-addon-iamserviceaccount-kube-system-ebs-csi-controller-sa. Click on the name linked and then goto to the "Resources" tab. This should list one Role, AmazonEKS_EBS_CSI_DriverRole. Click on that name link and it will bring up a new page with the arn name to use in the diver add on below.\\
 +  eksctl create addon --name aws-ebs-csi-driver --cluster NAME_OF_CLUSTER --service-account-role-arn arn:aws:iam::395703310923:role/AmazonEKS_EBS_CSI_DriverRole --force
wiki/setup.1662589218.txt.gz · Last modified: 2022/09/07 15:20 by keistc
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki