Skip to main content

Deploying the EKS Platform

Quick Start

StepsExample
1. Vendor EKS componentsatmos workflow vendor -f eks
2. Connect to the VPN
3. Deploy roles for each EKS stackatmos workflow deploy/iam-service-linked-roles -f eks
4. Deploy cluster into each stackatmos workflow deploy/cluster -s plat-use1-dev -f eks
5. Deploy resources into each stackatmos workflow deploy/resources -s plat-use1-dev -f eks
NOTE:

Repeat steps 4 and 5 for each EKS stack, typically plat-dev, plat-staging, and plat-prod

Requirements

In order to deploy EKS, Networking must be fully deployed and functional. In particular, the user deploying the cluster must have a working VPN connection to the targeted account. See the network documentation for details.

All deployment steps below assume that the environment has been successfully set up with the following steps.

  1. Sign into AWS via Leapp
  2. Connect to the VPN
  3. Open Geodesic

Steps

0 Vendor Components

EKS adds many components required to set up a cluster. Generally, all these components are contained in the EKS components and catalog folders, under components/terraform/eks and catalog/stacks/eks respectively.

Vendor these components with the included Atmos Workflows.

atmos workflow vendor -f eks

or for each component. See stacks/workflows/eks.yaml for a complete list.

atmos vendor pull --component eks/cluster

0 Deploy EKS Cluster

EKS provisioning includes many components packaged together into a single import per stack. Leveraging Atmos inheritance, we have defined a baseline set of required components for all EKS deployments and a unique set of additional components for a particular stack's EKS deployment. Find these catalog set definitions under catalog/stacks/eks/clusters.

To provision a cluster, these components need to be deployed in order. The included Atmos Workflows will carry out this deployment in the proper order, but any of these step can be run outside of a workflow if desired.

See the eks workflow (stacks/workflows/eks.yaml) for each individual deployment step.

0 Deploy IAM Service Linked Roles

In order for Karpenter to reserve Spot Instances, the cluster needs to have a Service-Linked Role. Deploy these to all cluster accounts with iam-service-linked-roles

atmos workflow deploy/iam-service-linked-roles -f eks

0 Deploy Initial Platform Dev Cluster

First deploy the cluster and AWS EFS. Since Karpenter will be used in the following steps, the initial cluster is deployed without Nodes.

atmos workflow deploy/cluster -s plat-use1-dev -f eks

0 Deploy Platform Dev Cluster Resources

Once the cluster is up and running, continue with the EKS plat resources deployment. These need to be deployed in the given order by the include Atmos Workflow. For additional details on each component, see the included README.md for the individual component.

Run the Atmos Workflow to deploy all required plat components.

atmos workflow deploy/resources -s plat-use1-dev -f eks

Validate the cluster deployment with eks/echo-server and the targeted service domain. The following URL should return a success message for dev:

https://echo.use1.dev.plat.acme-svc.com/

0 Deploy Staging

Once the dev cluster is deployed and validated, continue with staging and then prod.

Repeat the same deployment steps in staging

atmos workflow deploy/cluster -s plat-use1-staging -f eks
atmos workflow deploy/resources -s plat-use1-staging -f eks

Validate staging: https://echo.use1.staging.plat.acme-svc.com/

0 Deploy Production

Then deploy prod

atmos workflow deploy/cluster -s plat-use1-prod -f eks
atmos workflow deploy/resources -s plat-use1-prod -f eks

Validate prod: https://echo.use1.prod.plat.acme-svc.com/

Related Topics