Deployment Keys
Before the Arrikto Rok and EKF installation, Arrikto provides the deployment keys via email. If you do not have the keys please contact your Arrikto TAM. You will need following keys:
1) GPG encrypted RSA keys to access github
2) GPG encrypted dockerconfig.json to access gcr.io
3) passphrase to decrypt above keys.
Cloud Permissions
For a successful installation of Rok and EKF, it is expected that your AWS account used to install has sufficient permissions. In order to be prepared for the installation please ensure you have following permissions based on what part of installation procedure you will be following.
1) Create and prepare VPC
https://docs.arrikto.com/release-1.4/install/vpc/aws/vpc.html?highlight=permission#what-you-ll-need
Permissions to create CloudFormation stacks which will create vpc and subnets.
2) Create EKS cluster
a) Permission for cluster IAM
- Deploy AWS CloudFormation stacks.
- Create IAM roles.
- Attach managed IAM policies to IAM roles.
b) Permissions for node IAM
- Deploy AWS CloudFormation stacks.
- Create IAM roles.
- Attach managed IAM policies to IAM roles.
c) Permissions for EKS cluster creation
- Create EKS clusters.
- Pass IAM roles to EKS resources.
d) Permissions for node group creation
- Create EKS node groups.
- Pass IAM roles to EKS resources.
- Describe EC2 resources.
e) Permissions for node EKS cluster access
In order to create an OIDC provider and associate it with your EKS cluster you need permissions for the following actions:
- Describe EKS clusters.
- Describe IAM resources.
- Create IAM resources.
3) Deploy Rok
a) Permission to create s3 IAM for Rok
https://docs.arrikto.com/release-1.4/install/rok/cloudidentity/eks.html#what-you-ll-need
Permissions to create IAM resources.
b) Permissions to access/manage s3 by Rok
A cloud identity with access to the AWS storage service.
4) Expose cluster
a) Permissions for creating ACM certificates
- Deploy AWS CloudFormation stacks.
- Request ACM certificates.
- Describe ACM certificates.
- Change resource record sets on Route 53.
b) Permissions for creating and managing zones
- Deploy AWS CloudFormation stacks.
- Create a public Route53 Hosted Zone.
c) Permissions for ALB IAM
- Deploy AWS CloudFormation stacks.
- Create IAM policies.
- Create IAM roles.
d) Permissions for external DNS IAM
- Deploy AWS CloudFormation stacks.
- Create IAM policies.
- Create IAM roles.
5) Deploy autoscaler
a) Permissions for deploying autoscaler
- Deploy AWS CloudFormation stacks.
- Create IAM roles.
- Create IAM policies.
- Attach managed IAM policies to IAM roles.
Sizing guide
There are many individual components are deployed as part of rok and EKF deployment. Below is overall approximate usage by Rok/EKF components which will help you for sizing of the EKS cluster.
- Resources reserved by EKF/Rok component (total across all node)=> ~12 cores / ~8 GiB
- Resource reserved by Rok daemons sets (on each node) : ~2 core / ~4GiB
m5d.4xlarge or equivalent. You can surely size your cluster beyond this based on workload requirements.
Comments
0 comments
Please sign in to leave a comment.