Skip to main content

What You Need for Rok/EKF Installation

Arvind Gupta
  • Updated

 

Deployment Keys

Before the Arrikto Rok and EKF installation, Arrikto provides the deployment keys via email. If you do not have the keys please contact your Arrikto TAM. You will need following keys:

1) GPG encrypted RSA keys to access github

2) GPG encrypted dockerconfig.json to access gcr.io

3) passphrase to decrypt above keys.

Cloud Permissions

For a successful installation of Rok and EKF, it is expected that your AWS account used to install has sufficient permissions. In order to be prepared for the installation please ensure you have following permissions based on what part of installation procedure you will be following. 

1) Create and prepare VPC

https://docs.arrikto.com/release-1.4/install/vpc/aws/vpc.html?highlight=permission#what-you-ll-need

Permissions to create CloudFormation stacks which will create vpc and subnets.

2) Create EKS cluster

a) Permission for cluster IAM

https://docs.arrikto.com/release-1.4/install/cluster/eks/iam-cluster.html?highlight=permission#check-your-environment

  • Deploy AWS CloudFormation stacks.
  • Create IAM roles.
  • Attach managed IAM policies to IAM roles.

b)  Permissions for node IAM

https://docs.arrikto.com/release-1.4/install/cluster/eks/iam-node.html?highlight=permission#check-your-environment

  • Deploy AWS CloudFormation stacks.
  • Create IAM roles.
  • Attach managed IAM policies to IAM roles.

c)  Permissions for EKS cluster creation

https://docs.arrikto.com/release-1.4/install/cluster/eks/cluster.html?highlight=permission#check-your-environment

  • Create EKS clusters.
  • Pass IAM roles to EKS resources.

d) Permissions for node group creation

https://docs.arrikto.com/release-1.4/install/cluster/eks/nodegroup/managed.html?highlight=permission#check-your-environment

  • Create EKS node groups.
  • Pass IAM roles to EKS resources.
  • Describe EC2 resources.

e) Permissions for node EKS cluster access

https://docs.arrikto.com/release-1.4/install/cluster/eks/identity.html?highlight=permission#check-your-environment

In order to create an OIDC provider and associate it with your EKS cluster you need permissions for the following actions:

  • Describe EKS clusters.
  • Describe IAM resources.
  • Create IAM resources.

3) Deploy Rok

a) Permission to create s3 IAM for Rok

https://docs.arrikto.com/release-1.4/install/rok/cloudidentity/eks.html#what-you-ll-need

Permissions to create IAM resources.

b) Permissions to access/manage s3 by Rok

https://docs.arrikto.com/release-1.4/install/rok/objectstorage/eks.html?highlight=permission#what-you-ll-need

A cloud identity with access to the AWS storage service.

4) Expose cluster

a) Permissions for creating ACM certificates

https://docs.arrikto.com/release-1.4/install/expose/eks/alb/acm.html?highlight=permission#check-your-environment

  • Deploy AWS CloudFormation stacks.
  • Request ACM certificates.
  • Describe ACM certificates.
  • Change resource record sets on Route 53.

b) Permissions for creating and managing zones

https://docs.arrikto.com/release-1.4/install/expose/eks/alb/zone.html?highlight=permission#check-your-environment

  • Deploy AWS CloudFormation stacks.
  • Create a public Route53 Hosted Zone.

c) Permissions for ALB IAM

https://docs.arrikto.com/release-1.4/install/expose/eks/alb/iam-alb.html?highlight=permission#check-your-environment

  • Deploy AWS CloudFormation stacks.
  • Create IAM policies.
  • Create IAM roles.

d) Permissions for external DNS IAM 

https://docs.arrikto.com/release-1.4/install/expose/eks/alb/iam-edns.html?highlight=permission#check-your-environment

  • Deploy AWS CloudFormation stacks.
  • Create IAM policies.
  • Create IAM roles.

5) Deploy autoscaler

a) Permissions for deploying autoscaler

https://docs.arrikto.com/release-1.4/install/autoscaler/eks/iam.html?highlight=permission#check-your-environment

  • Deploy AWS CloudFormation stacks.
  • Create IAM roles.
  • Create IAM policies.
  • Attach managed IAM policies to IAM roles.

Sizing guide

There are many individual components are deployed as part of rok and EKF deployment. Below is overall approximate usage by Rok/EKF components which will help you for sizing of the EKS cluster. 

  • Resources reserved by EKF/Rok component (total across all node)=> ~12 cores / ~8 GiB
  • Resource  reserved by Rok daemons sets (on each node) :  ~2 core / ~4GiB
So for example: in a 3 node cluster, total reserved resources (for EKF/Rok components) will be 18 cores and 20G of memory. So for high availability and ability to handle load variation, our suggestion for minimum cluster size is 3 nodes of type  m5d.4xlarge or equivalent. You can surely size your cluster beyond this based on workload requirements.  

 

 

 

Related articles

Comments

0 comments

Please sign in to leave a comment.