Creating the EKS Cluster

Complete the steps provided here to create the EKS cluster by running commands on the machine for the Protegrity Anonymization API.

Note: The steps listed in this procedure for creating the EKS cluster are for reference use. If you have an existing EKS cluster or want to create an EKS cluster based on your own requirements, then you can directly navigate to the section Accessing the EKS Cluster to connect your EKS cluster and the Linux instance.

To create an EKS cluster:

1. Log in to the Linux machine.

2. Obtain and extract the Protegrity Anonymization API files to a directory on your system.

   a. Download and extract the ANON-API_RHUBI-ALL-64_x86-64_Generic.K8S_1.4.1.14.tgz file.

   b. Verify that the following files are available in the package:
   - anonrestapi_1.4.1.14.tgz
   - cluster-autoscaler-autodiscover.yaml
   - cluster-aws.yaml
   - dependent_images.tgz

3. Add the Cloud-related settings in the configuration files using one of the following options:

   Note: Use the checklist at AWS Checklist to update the YAML files.

   • For eksctl: Update the cluster-aws.yaml template file with the EKS authentication values for creating the EKS cluster.

     • Update the following placeholder information in the cluster-aws.yaml file.

         apiVersion: eksctl.io/v1alpha5
         kind: ClusterConfig
       
         metadata:
           name: "<Your Cluster Name>" # Proposed name. This needs to match your cluster name on install.properties. This needs to be reflected below in the tags. 
           region: "<Your AWS region>"
           version: "1.35"
       
         vpc:
           id: "<VPC ID>" #   (enter the vpc id to be used)
           subnets:             # (In this section specify the subnet region and subnet id accordingly)
             private:
               <Availability zone 1, e.g., us-east-1a>:
                 id: "<Subnet ID>"
                 cidr: "<cidr>"
       
               <Availability zone 1, e.g., us-east-1b>:
                 id: "<Subnet ID>"
                 cidr: "<cidr>"
       
         addons:
         - name: aws-ebs-csi-driver
           wellKnownPolicies:
             ebsCSIController: true
       
         nodeGroups:
           - name: "<Your Node Group Name>"               #Update as required.
             instanceType: t3a.xlarge
             minSize: 2
             maxSize: 4        # (Set max node size according to load to be processed , for cluster-autoscaling )
             desiredCapacity: 3
             privateNetworking: true
             iam:
               attachPolicyARNs:
                 - "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
                 - "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"
                 - "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
               withAddonPolicies:
                 autoScaler: true
                 awsLoadBalancerController: true
                 ebs: true
             securityGroups:
               withShared: true
               withLocal: true
               attachIDs: ["<Security Group ID>"]
             tags:
               #Add required tags (Product, name, etc.) here. These tags are required for cluster-autoscaling.
               k8s.io/cluster-autoscaler/<Your Cluster Name>: "owned"       # (Update your cluster name in this line if required)
               k8s.io/cluster-autoscaler/enabled: "true"                                               
               Product: "Anonymization"
             ssh:
               publicKeyName: "<SSH key pair name>" #Add SSH key to login to Nodes in the cluster if needed.
       

       Note: In the ssh/publicKeyName parameter, you must specify the name of the key pair that you have created.

       For more information about creating the EC2 key pair, refer to Amazon EC2 key pairs and Amazon EC2 instances.

       The AmazonEKSWorkerNodePolicy policy allows Amazon EKS worker nodes to connect to Amazon EKS Clusters. For more information about the policy, refer to Amazon EKS Worker Node Policy.

       For more information about the attached role arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy in the nodegroup, refer to Amazon EKS node IAM role.

       The ARN of the AmazonEKS_CNI_Policy policy is a default AWS policy that enables the Amazon VPC CNI Plugin to modify the IP address configuration on your EKS nodes. For more information about this policy, refer to Amazon EKS CNI Policy.

       For more information about the attached role arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy in the nodegroup, refer to Configure Amazon VPC CNI plugin to use IRSA.

4. Run the the following commands to create the Kubernetes cluster. This process might take time to complete. You might need to wait for 10 to 15 minutes for the cluster creation process to complete:

   • For eksctl:

     eksctl create cluster -f cluster-aws.yaml
     

5. Deploy the Cluster Autoscaler component to enable the autoscaling of nodes in the EKS cluster.

   For more information about deploying the Cluster Autoscaler, refer to the Deploy the Cluster Autoscaler section in the Amazon EKS documentation.

6. Install the Metrics Server to enable the horizontal autoscaling of pods in the Kubernetes cluster.

   For more information about installing the Metrics Server, refer to the Horizontal Pod Autoscaler section in the Amazon EKS documentation.