clusterawsadmCLI installed locally.AWS_B64ENCODED_CREDENTIALSenvironment variable to be exported. See AWS credentials (p. 1-3)
By default AMI id will be looked up automatically (latest Amazon Linux 2 image will be used).
You can override lookup parameters to search your desired image automatically or use AMI ID directly. If both AMI ID and lookup paramters are defined AMI ID will have higher precedence.
To configure automatic AMI lookup 3 parameters are used:
.imageLookup.format - used directly as value for the name filter
(see the describe-images filters).
Supports substitutions for {{.BaseOS}} and {{.K8sVersion}} with the base OS
and kubernetes version, respectively.
.imageLookup.org - AWS org ID which will be used as value for the owner-id
filter.
.imageLookup.baseOS - will be used as value for {{.BaseOS}} substitution in
the .imageLookup.format string.
AMI ID can be directly used in the .amiID parameter.
Use clusterawsadm to get available AMIs to deploy managed cluster:
clusterawsadm ami listFor details, see Pre-built Kubernetes AMIs.
To access the nodes using the SSH protocol, several things should be configured:
- An SSH key added in the region where you want to deploy the cluster
- Bastion host is enabled
Only one SSH key is supported and it should be added in AWS prior to creating
the ManagedCluster object. The name of the key should then be placed under .spec.config.sshKeyName.
The same SSH key will be used for all machines and a bastion host.
To enable bastion you should add .spec.config.bastion.enabled option in the
ManagedCluster object to true.
Full list of the bastion configuration options could be fould in CAPA docs.
The resulting ManagedCluster can look like this:
apiVersion: hmc.mirantis.com/v1alpha1
kind: ManagedCluster
metadata:
name: cluster-1
spec:
template: aws-standalone-cp
config:
sshKeyName: foobar
bastion:
enabled: true
...