You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: latest/ug/nodes/hybrid-nodes-cluster-create.adoc
+14-11
Original file line number
Diff line number
Diff line change
@@ -10,7 +10,9 @@ include::../attributes.txt[]
10
10
Create hybrid nodes cluster
11
11
--
12
12
13
-
This topic provides an overview of the available options and describes what to consider when you create a hybrid nodes-enabled Amazon EKS cluster. If you are not planning to use hybrid nodes, see <<create-cluster>>.
13
+
This topic provides an overview of the available options and describes what to consider when you create a hybrid nodes-enabled Amazon EKS cluster. EKS Hybrid Nodes have the same <<kubernetes-versions,Kubernetes version support>> as Amazon EKS clusters with cloud nodes, including standard and extended support.
14
+
15
+
If you are not planning to use EKS Hybrid Nodes, see the primary Amazon EKS create cluster documentation at <<create-cluster>>.
14
16
15
17
16
18
[#hybrid-nodes-cluster-create-prep]
@@ -27,6 +29,7 @@ This topic provides an overview of the available options and describes what to c
27
29
* Your cluster must use either `API` or `API_AND_CONFIG_MAP` for the cluster authentication mode.
28
30
* Your cluster must use IPv4 address family.
29
31
* Your cluster must use either Public or Private cluster endpoint connectivity. Your cluster cannot use “Public and Private” cluster endpoint connectivity, because the Amazon EKS Kubernetes API server endpoint will resolve to the public IPs for hybrid nodes running outside of your VPC.
32
+
* OIDC authentication is supported for EKS clusters with hybrid nodes.
30
33
* You can add, change, or remove the hybrid nodes configuration of an existing cluster. For more information, see <<hybrid-nodes-cluster-update>>.
31
34
32
35
@@ -117,7 +120,7 @@ remoteNetworkConfig:
117
120
iam:
118
121
provider: CREDS_PROVIDER # default SSM, can also be set to IRA
. Deploy the CloudFormation stack. Replace `STACK_NAME` with your name for the CloudFormation stack and `AWS_REGION` with your desired {aws} Region where the cluster will be created.
192
+
. Deploy the CloudFormation stack. Replace `STACK_NAME` with your name for the CloudFormation stack and `AWS_REGION` with your {aws} Region where the cluster will be created.
190
193
+
191
194
[source,bash,subs="verbatim,attributes"]
192
195
----
@@ -198,7 +201,7 @@ aws cloudformation deploy \
198
201
--capabilities CAPABILITY_NAMED_IAM
199
202
----
200
203
+
201
-
Cluster provisioning takes several minutes. You can check the status of your stack with the following command. Replace `STACK_NAME` with your name for the CloudFormation stack and `AWS_REGION` with your desired {aws} Region where the cluster will be created.
204
+
Cluster provisioning takes several minutes. You can check the status of your stack with the following command. Replace `STACK_NAME` with your name for the CloudFormation stack and `AWS_REGION` with your {aws} Region where the cluster will be created.
. Run the following command to create a hybrid nodes-enabled EKS cluster. Before running the command, replace the following with your desired settings. For a full list of settings, see the <<create-cluster>> documentation.
220
+
. Run the following command to create a hybrid nodes-enabled EKS cluster. Before running the command, replace the following with your settings. For a full list of settings, see the <<create-cluster>> documentation.
218
221
.. `CLUSTER_NAME`: name of the EKS cluster to be created
219
-
.. `AWS_REGION`: {aws} Region where the cluster will be created.
222
+
.. `AWS_REGION`: {aws} Region where the cluster will be created.
220
223
.. `K8S_VERSION`: the Kubernetes version to use for your cluster. See Amazon EKS supported versions.
221
224
.. `ROLE_ARN`: the Amazon EKS cluster role you configured for your cluster. See Amazon EKS cluster IAM role for more information.
222
225
.. `SUBNET1_ID`: the ID of the first subnet you created in the prerequisite steps
223
226
.. `SUBNET2_ID`: the ID of the second subnet you created in the prerequisite steps
224
227
.. `SG_ID`: the security group ID you created in the prerequisite steps
225
228
.. You can use `API` and `API_AND_CONFIG_MAP` for your cluster access authentication mode. In the command below, the cluster access authentication mode is set to `API_AND_CONFIG_MAP`.
226
229
.. You can use the `endpointPublicAccess` and `endpointPrivateAccess` parameters to enable or disable public and private access to your cluster's Kubernetes API server endpoint. In the command below `endpointPublicAccess` is set to false and `endpointPrivateAccess` is set to true.
227
-
.. `REMOTE_NODE_CIDRS`: the on-premises node CIDR for your hybrid nodes.
230
+
.. `REMOTE_NODE_CIDRS`: the on-premises node CIDR for your hybrid nodes.
228
231
.. `REMOTE_POD_CIDRS` (optional): the on-premises pod CIDR for workloads running on hybrid nodes.
229
232
.. Your on-premises node and pod CIDR blocks must meet the following requirements:
230
233
... Be within one of the IPv4 RFC-1918 ranges: `10.0.0.0/8`, `172.16.0.0/12`, or `192.168.0.0/16`.
. It takes several minutes to provision the cluster. You can query the status of your cluster with the following command. Replace `CLUSTER_NAME` with the name of the cluster you are creating and `AWS_REGION` with the {aws} Region where the cluster is creating. Don't proceed to the next step until the output returned is `ACTIVE`.
@@ -294,8 +297,8 @@ aws eks describe-cluster \
294
297
.. You can choose as many *Amazon EKS add-ons* and *{aws} Marketplace add-ons* as you require. Amazon EKS add-ons that are not compatible with hybrid nodes are marked with “Not compatible with Hybrid Nodes” and the add-ons have an anti-affinity rule to prevent them from running on hybrid nodes. See Configuring add-ons for hybrid nodes for more information. If the *{aws} Marketplace* add-ons that you want to install isn't listed, you can search for available *{aws} Marketplace add-ons* by entering text in the search box. You can also search by *category*, *vendor*, or *pricing model* and then choose the add-ons from the search results.
295
298
.. Some add-ons, such as CoreDNS and kube-proxy, are installed by default. If you disable any of the default add-ons, this may affect your ability to run Kubernetes applications.
296
299
.. When you're done with this page, choose `Next`.
297
-
. On the *Configure selected add-ons settings* page, select the version that you want to install.
298
-
.. You can always update to a later version after cluster creation. You can update the configuration of each add-on after cluster creation. For more information about configuring add-ons, see <<updating-an-add-on>>. For the add-ons versions that are compatible with hybrid nodes, see <<hybrid-nodes-add-ons>>.
300
+
. On the *Configure selected add-ons settings* page, select the version that you want to install.
301
+
.. You can always update to a later version after cluster creation. You can update the configuration of each add-on after cluster creation. For more information about configuring add-ons, see <<updating-an-add-on>>. For the add-ons versions that are compatible with hybrid nodes, see <<hybrid-nodes-add-ons>>.
299
302
.. When you're done with this page, choose Next.
300
303
. On the *Review and create* page, review the information that you entered or selected on the previous pages. If you need to make changes, choose *Edit*. When you're satisfied, choose *Create*. The *Status* field shows *CREATING* while the cluster is provisioned. Cluster provisioning takes several minutes.
301
304
. Continue with <<hybrid-nodes-cluster-create-kubeconfig>>.
Copy file name to clipboardExpand all lines: latest/ug/nodes/hybrid-nodes-cluster-update.adoc
+20-20
Original file line number
Diff line number
Diff line change
@@ -10,7 +10,7 @@ include::../attributes.txt[]
10
10
Modify hybrid nodes configuration on an existing cluster
11
11
--
12
12
13
-
This topic provides an overview of the available options and describes what to consider when you add, change, or remove the hybrid nodes configuration from an Amazon EKS cluster. If you are not planning to use hybrid nodes, see <<create-cluster>>.
13
+
This topic provides an overview of the available options and describes what to consider when you add, change, or remove the hybrid nodes configuration for an Amazon EKS cluster.
14
14
15
15
To enable an Amazon EKS cluster to use hybrid nodes, add the IP address CIDR ranges of your on-premises node and optionally pod network in the `RemoteNetworkConfig` configuration. EKS uses this list of CIDRs to enable connectivity between the cluster and your on-premises networks. For a full list of options when updating your cluster configuration, see the link:eks/latest/APIReference/API_UpdateClusterConfig.html[UpdateClusterConfig,type="documentation"] in the _Amazon EKS API Reference_.
16
16
@@ -23,13 +23,13 @@ You can do any of the following actions to the EKS Hybrid Nodes networking confi
23
23
[#hybrid-nodes-cluster-enable-prep]
24
24
== Prerequisites
25
25
26
-
* The latest version of the {aws} Command Line Interface ({aws} CLI) installed and configured on your device. To check your current version, use `aws --version`. Package managers such yum, apt-get, or Homebrew for macOS are often several versions behind the latest version of the {aws} CLI. To install the latest version, see link:cli/latest/userguide/getting-started-install.html[Installing or updating to the latest version of the {aws} CLI,type="documentation"] and link:cli/latest/userguide/cli-configure-quickstart.html#cli-configure-quickstart-config[Configuring settings for the {aws} CLI,type="documentation"] in the {aws} Command Line Interface User Guide.
27
26
* Before enabling your Amazon EKS cluster for hybrid nodes, ensure your environment meets the requirements outlined at <<hybrid-nodes-prereqs>>, and detailed at <<hybrid-nodes-networking>>, <<hybrid-nodes-os>>, and <<hybrid-nodes-creds>>.
28
27
* Your cluster must use IPv4 address family.
29
-
* Your cluster must use either API or API_AND_CONFIG_MAP for the cluster authentication mode. The process for modifying the cluster authentication mode is described at <<setting-up-access-entries>>.
30
-
* It is recommended to use either public or private endpoint access for the Amazon EKS Kubernetes API server endpoint. If you choose “Public and Private”, the Amazon EKS Kubernetes API server endpoint will always resolve to the public IPs for hybrid nodes running outside of your VPC, which can prevent your hybrid nodes from joining the cluster. The process for modifying network access to your cluster is described at <<cluster-endpoint>>.
28
+
* Your cluster must use either `API` or `API_AND_CONFIG_MAP` for the cluster authentication mode. The process for modifying the cluster authentication mode is described at <<setting-up-access-entries>>.
29
+
* We recommend that you use either public or private endpoint access for the Amazon EKS Kubernetes API server endpoint, but not both. If you choose “Public and Private”, the Amazon EKS Kubernetes API server endpoint will always resolve to the public IPs for hybrid nodes running outside of your VPC, which can prevent your hybrid nodes from joining the cluster. The process for modifying network access to your cluster is described at <<cluster-endpoint>>.
30
+
* The latest version of the {aws} Command Line Interface ({aws} CLI) installed and configured on your device. To check your current version, use `aws --version`. Package managers such yum, apt-get, or Homebrew for macOS are often several versions behind the latest version of the {aws} CLI. To install the latest version, see link:cli/latest/userguide/getting-started-install.html[Installing or updating to the latest version of the {aws} CLI,type="documentation"] and link:cli/latest/userguide/cli-configure-quickstart.html#cli-configure-quickstart-config[Configuring settings for the {aws} CLI,type="documentation"] in the {aws} Command Line Interface User Guide.
31
31
* An link:IAM/latest/UserGuide/id_roles#iam-term-principal[IAM principal,type="documentation"] with permission to call link:eks/latest/APIReference/API_UpdateClusterConfig.html[UpdateClusterConfig,type="documentation"] on your Amazon EKS cluster.
32
-
* Update add-ons to versions that are compatible with hybrid nodes. For the add-ons versions that are compatible with hybrid nodes, see <<hybrid-nodes-add-ons>>.
32
+
* Update add-ons to versions that are compatible with hybrid nodes. For the add-ons versions that are compatible with hybrid nodes, see <<hybrid-nodes-add-ons>>.
33
33
* If you are running add-ons that are not compatible with hybrid nodes, ensure that the add-on https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/[DaemonSet] or https://kubernetes.io/docs/concepts/workloads/controllers/deployment/[Deployment] has the following affinity rule to prevent deployment to hybrid nodes. Add the following affinity rule if it is not already present.
34
34
+
35
35
[source,yaml]
@@ -48,7 +48,7 @@ affinity:
48
48
49
49
50
50
[#hybrid-nodes-cluster-enable-consider]
51
-
== Considerations
51
+
== Considerations
52
52
The `remoteNetworkConfig` JSON object has the following behavior during an update:
53
53
54
54
* Any existing part of the configuration that you don't specify is unchanged. If you don't specify either of the `remoteNodeNetworks` or `remotePodNetworks`, that part will remain the same.
@@ -87,18 +87,18 @@ RemoteNetworkConfig:
87
87
[#hybrid-nodes-cluster-enable-cli]
88
88
=== Enable EKS Hybrid Nodes in an existing cluster - {aws} CLI
89
89
90
-
. Run the following command to enable `RemoteNetworkConfig` for EKS Hybrid Nodes for your EKS cluster. Before running the command, replace the following with your desired settings. For a full list of settings, see the link:eks/latest/APIReference/API_UpdateClusterConfig.html[UpdateClusterConfig,type="documentation"] in the _Amazon EKS API Reference_.
90
+
. Run the following command to enable `RemoteNetworkConfig` for EKS Hybrid Nodes for your EKS cluster. Before running the command, replace the following with your settings. For a full list of settings, see the link:eks/latest/APIReference/API_UpdateClusterConfig.html[UpdateClusterConfig,type="documentation"] in the _Amazon EKS API Reference_.
91
91
.. `CLUSTER_NAME`: name of the EKS cluster to update.
92
-
.. `AWS_REGION`: {aws} Region where the EKS cluster is running.
93
-
.. `REMOTE_NODE_CIDRS`: the on-premises node CIDR for your hybrid nodes.
92
+
.. `AWS_REGION`: {aws} Region where the EKS cluster is running.
93
+
.. `REMOTE_NODE_CIDRS`: the on-premises node CIDR for your hybrid nodes.
94
94
.. `REMOTE_POD_CIDRS` (optional): the on-premises pod CIDR for workloads running on hybrid nodes.
. It takes several minutes to update the cluster. You can query the status of your cluster with the following command. Replace `CLUSTER_NAME` with the name of the cluster you are modifying and `AWS_REGION` with the {aws} Region where the cluster is running. Don't proceed to the next step until the output returned is `ACTIVE`.
@@ -126,16 +126,16 @@ aws eks describe-cluster \
126
126
127
127
. Continue to <<hybrid-nodes-cluster-prep>>.
128
128
129
-
[#hybrid-nodes-cluster-update-config]
129
+
[#hybrid-nodes-cluster-update-config]
130
130
== Update hybrid nodes configuration in an existing cluster
131
131
132
-
You can modify `remoteNetworkConfig` in an existing hybrid cluster using:
132
+
You can modify `remoteNetworkConfig` in an existing hybrid cluster by using any of the following:
=== Update hybrid configuration in an existing cluster - {aws} CloudFormation
140
140
141
141
. Update your CloudFormation template with the new network CIDR values.
@@ -148,15 +148,15 @@ RemoteNetworkConfig:
148
148
RemotePodNetworks:
149
149
- Cidrs: [NEW_REMOTE_POD_CIDRS]
150
150
----
151
-
NOTE: When updating `RemoteNodeNetworks` or `RemotePodNetworks` CIDR lists, include all desired CIDRs (new and existing). EKS replaces the entire list during updates.
151
+
NOTE: When updating `RemoteNodeNetworks` or `RemotePodNetworks` CIDR lists, include all CIDRs (new and existing). EKS replaces the entire list during updates.
152
152
Omitting these fields from the update request retains their existing configurations.
153
153
154
154
. Update your CloudFormation stack with the modified template and wait for the stack update to complete.
155
155
156
-
[#hybrid-nodes-cluster-update-cli]
156
+
[#hybrid-nodes-cluster-update-cli]
157
157
=== Update hybrid configuration in an existing cluster - {aws} CLI
158
158
159
-
. To modify the remote network CIDRs, run the following command. Replace the values with your desired settings:
159
+
. To modify the remote network CIDRs, run the following command. Replace the values with your settings:
NOTE: When updating `remoteNodeNetworks` or `remotePodNetworks` CIDR lists, include all desired CIDRs (new and existing). EKS replaces the entire list during updates.
168
+
NOTE: When updating `remoteNodeNetworks` or `remotePodNetworks` CIDR lists, include all CIDRs (new and existing). EKS replaces the entire list during updates.
169
169
Omitting these fields from the update request retains their existing configurations.
170
170
171
171
. Wait for the cluster status to return to ACTIVE before proceeding.
172
172
173
-
[#hybrid-nodes-cluster-update-console]
173
+
[#hybrid-nodes-cluster-update-console]
174
174
=== Update hybrid configuration in an existing cluster - {aws-management-console}
175
175
176
176
. Open the Amazon EKS console at link:eks/home#/clusters[Amazon EKS console,type="console"].
@@ -204,7 +204,7 @@ RemoteNetworkConfig:
204
204
205
205
[#hybrid-nodes-cluster-disable-cli]
206
206
=== Disable EKS Hybrid Nodes in an existing cluster - {aws} CLI
207
-
. Run the following command to remove `RemoteNetworkConfig` from your EKS cluster. Before running the command, replace the following with your desired settings. For a full list of settings, see the link:eks/latest/APIReference/API_UpdateClusterConfig.html[UpdateClusterConfig,type="documentation"] in the _Amazon EKS API Reference_.
207
+
. Run the following command to remove `RemoteNetworkConfig` from your EKS cluster. Before running the command, replace the following with your settings. For a full list of settings, see the link:eks/latest/APIReference/API_UpdateClusterConfig.html[UpdateClusterConfig,type="documentation"] in the _Amazon EKS API Reference_.
208
208
.. `CLUSTER_NAME`: name of the EKS cluster to update.
209
209
.. `AWS_REGION`: {aws} Region where the EKS cluster is running.
. It takes several minutes to update the cluster. You can query the status of your cluster with the following command. Replace `CLUSTER_NAME` with the name of the cluster you are modifying and `AWS_REGION` with the {aws} Region where the cluster is running. Don't proceed to the next step until the output returned is `ACTIVE`.
0 commit comments