Creating the EKS Cluster

Complete the steps provided here to create the EKS cluster by running commands on the machine for the Protegrity Anonymization API.

Note: The steps listed in this procedure for creating the EKS cluster are for reference use. If you have an existing EKS cluster or want to create an EKS cluster based on your own requirements, then you can directly navigate to the section Accessing the EKS Cluster to connect your EKS cluster and the Linux instance.

To create an EKS cluster:

1. Log in to the Linux machine.

2. Obtain and extract the Protegrity Anonymization API files to a directory on your system.

   1. Download and extract the ANON-API_DEB-ALL-64_x86-64_Docker-ALL-64_1.4.0.x.tgz file.
   2. Verify that the following files are available in the package:
      • ANON-REST-API_1.4.0.x.tgz: The files for working with Protegrity Anonymization REST API.
      • ANON-NOTEBOOK_1.4.0.x.tgz: This file contains the image for the Anon-workstation.
   3. Extract the contents of the ANON-REST-API_1.4.0.x.tgz and ANON-NOTEBOOK_1.4.0.x.tgz files to a directory.

3. Add the Cloud-related settings in the configuration files using one of the following options:

   Note: Use the checklist at AWS Checklist to update the YAML files.

   • For eksctl: Update the cluster-aws.yaml template file with the EKS authentication values for creating the EKS cluster.

     • Update the following placeholder information in the cluster-aws.yaml file.

         apiVersion: eksctl.io/v1alpha5
         kind: ClusterConfig
         metadata:
           name: <cluster_name>   #(provide an appropriate name for your cluster)
           region: <Region where you want to deploy Kubernetes Cluster>   #(specify the region to be used)
           version: "1.27"
         vpc:
           id: "#Update_vpc_here#  #   (enter the vpc id to be used)
           subnets:             # (In this section specify the subnet region and subnet id accordingly)
             private:
               <Availability zone for the region where you want to deploy your Kubernetes cluster>:
                 id: "#Update_id_here#"
               <Availability zone for the region where you want to deploy your Kubernetes cluster>:
                 id: "#Update_id_here#"
         nodeGroups:
           - name: <Name of your Node Group>
             instanceType: t3a.xlarge
             minSize: 2
             maxSize: 4        # (Set max node size according to load to be processed, for cluster-autoscaling)
             desiredCapacity: 3
             privateNetworking: true
             iam:
               attachPolicyARNs:
                 - "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
                 - "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"
                 - "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
               withAddonPolicies:
                 autoScaler: true
                 awsLoadBalancerController: true
                 ebs: true
             securityGroups:
               withShared: true
               withLocal: true
               attachIDs: ['#Update_security_group_id_linked_to_your_VPC_here#']
             tags:
               #Add required tags (Product, name, etc.) here
               k8s.io/cluster-autoscaler/<cluster_name>: "owned"       # (Update your cluster name in this line) ## These tags are required for
               k8s.io/cluster-autoscaler/enabled: "true"                                                 ##     cluster-autoscaling
               Product: "Anonymization"
             ssh:
               publicKeyName: '<EC2 Key Pair>'                    rgba(4, 4, 4, 1) SSH key to login to Nodes in the cluster if needed.</ns:clipboard
       

       Note: In the ssh/publicKeyName parameter, you must specify the name of the key pair that you have created.

       For more information about creating the EC2 key pair, refer to Amazon EC2 key pairs and Amazon EC2 instances.

       The AmazonEKSWorkerNodePolicy policy allows Amazon EKS worker nodes to connect to Amazon EKS Clusters. For more information about the policy, refer to Amazon EKS Worker Node Policy.

       For more information about the attached role arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy in the nodegroup, refer to Amazon EKS node IAM role.

       The ARN of the AmazonEKS_CNI_Policy policy is a default AWS policy that enables the Amazon VPC CNI Plugin to modify the IP address configuration on your EKS nodes. For more information about this policy, refer to Amazon EKS CNI Policy.

       For more information about the attached role arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy in the nodegroup, refer to Configure Amazon VPC CNI plugin to use IRSA.

   • For Terraform: Update the following placeholder information in the aws-terraform/vars.tf file with the Terraform values for creating the cluster.

     variable "cluster_name" {
     default = "<Cluster_name>" ## Supply the name for your EKS cluster.
     }
     variable "cluster_version" {
     default = "1.27"
     }
     variable "aws_region" {
     default = "<Region>" ## The region in which EKS cluster will be
     created.
     }
     variable "role_arn" {
     default = "<Specify Role_arn>" ## Amazon Resource Name (ARN) of the IAM
     role that provides permissions for the Kubernetes control plane to make calls to AWS
     API operations on your behalf.
     }
     variable "security_group_id" {
     default = ["<Specify security group id>"] ## The Security Group ID for your VPC.
     }
     variable "subnet_ids" {
     default = ["<subnet-1 id>", "<subnet-2 id>"] ## Supply the subnet ID's. Ensure the
     subnets should be in different Availability Zone.
     }
     variable "node_group_name" {
     default = "<Nodegroup Name>" ## Name of the nodegroup that will join the
     EKS cluster.
     }
     variable "node_role_arn" { ## Amazon Resource Name (ARN) of the IAM
     Role that provides permissions for the EKS Node Group.
     default = "<IAM-Node ROLE ARN>" ## Refer
     }
     variable "instance_type" {
     default = ["<instance_type>"] ## Type of Nodes in EKS cluster. Eg:
     t3a.xlarge.
     }
     variable "desired_nodes_count" {
     default = "<Desired node count>" ## Desired number of Nodes Running in EKS
     cluster.
     }
     variable "max_nodes" {
     default = "<Max node count>" ## Maximum number of Nodes in EKS cluster
     can Autoscale to.
     }
     variable "min_nodes" {
     default = "<Min node count>" ## Minimum number of Nodes in EKS cluster.
     }
     variable "ssh_key" {
     default = "<EC2-SSH-key>" ## EC2-SSH Key Pair to SSH to Nodes of
     cluster.
     }
     output "endpoint" {
     value = aws_eks_cluster.eks_Anon.endpoint
     }
     

4. Run one of the the following commands to create the Kubernetes cluster. This process might take time to complete. You might need to wait for 10 to 15 minutes for the cluster creation process to complete:

   • For eksctl:

     eksctl create cluster -f cluster-aws.yaml
     

   • For Terraform:

     terraform init terraform plan terraform apply
     

5. Deploy the Cluster Autoscaler component to enable the autoscaling of nodes in the EKS cluster.

   For more information about deploying the Cluster Autoscaler, refer to the Deploy the Cluster Autoscaler section in the Amazon EKS documentation.

6. Install the Metrics Server to enable the horizontal autoscaling of pods in the Kubernetes cluster.

   For more information about installing the Metrics Server, refer to the Horizontal Pod Autoscaler section in the Amazon EKS documentation.