Import AWS EKS Cluster

Describes detailed steps to import an AWS EKS cluster.

Preconditions

An Access Key & Secret needs to be provided, and its permission policy is as follows:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Optimizer",
      "Effect": "Allow",
      "Action": [
        "ec2:DescribeInstances",
        "ec2:DescribeLaunchTemplates",
        "ec2:DescribeRegions",
        "ec2:DescribeVolumes",
        "ec2:DescribeLaunchTemplateVersions",
        "eks:DescribeNodegroup",
        "eks:ListNodegroups",
        "eks:DescribeCluster",
        "eks:ListClusters"
        "autoscaling:DescribeAutoScalingInstances",
        "autoscaling:DescribeAutoScalingGroups",
      ],
      "Resource": "*"
    }
  ]
}

A Kubernetes cluster, version 1.22 and above, EKS cluster is recommended.

A Kubeconfig needs to be provided to access cluster-related information. The permission requirements are as follows (if it is only a development and test cluster without sensitive information, for the sake of simplicity, you can also grant all read-only permissions to the cluster):

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: optimizer
rules:
  - apiGroups:
      - ""
    resources:
      -nodes
      -pods
      -pods/status
      - persistentvolumes
      - persistentvolumeclaims
      - services
      - namespaces
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - "apps/v1"
    resources:
      -deployments
      -replicasets
      -replicationcontollers
      - statefulsets
      -daemonsets
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - "batch/v1"
    resources:
      - jobs
      - cronjobs
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - "storage/v1"
    resources:
      -storageclasses
    verbs:
      - get
      - list
      - watch

Prometheus/Thanos address corresponding to the cluster.
The application needs to be able to access the EKS cluster and Prometheus/Thanos.

Import Kuberentes cluster

Add cloud account

Enter the cloud account management page from Settings --> Cloud Account, as shown below.

Cloud account management
Wiseinf Inc.
Click the New button to add a cloud account. You can enter Name, select Amazon AWS as Cloud Provider, then enter Access Key and Access Key Secret, and finally click Confirm.

Add cloud account
Wiseinf Inc.

After entering the Access Key and Access Key Secret, you can also test whether the access credentials can connect to the cloud provider normally by clicking the Test Connectivity button at the bottom.

Import cluster

Enter the cluster management page from Settings --> Cluster, as shown below.

Cluster management
Wiseinf Inc.
Click the Import Cluster button and then click on the AWS cloud provider logo to start importing the cluster from AWS. It contains five steps:
1. Connect to AWS
2. Connect to kubernetes
3. Connect to Metrics Server
4. View configuration
5. Complete
In the Connect AWS step, select Use existing credentials and select the cloud account created in the Add Cloud Account section, as shown below.

Import the cluster: Connect to AWS
Wiseinf Inc.

Then click the Next button to go to the Connect kubernetes step.

In the Connect kubernetes step, select Managed cluster, as shown below.

Import the cluster: connect to the kubernetes cluster
Wiseinf Inc.

First select Region, then select Cluster, and then enter the following configuration items:

Configuration item	Description
`Description`	Cluster description
`Use private API Server private address`	Whether to use private API Server address.
`Kubeconfig`	Kubeconfig to connect to the cluster.
`Automatically refresh Kubeconfig`	Whether to automatically refresh kubeconfig.
`Node group label`	Used to identify the node group to which the node belongs. For EKS, the default value is `eks.amazonaws.com/nodegroup`.

Note: Since the platform does not use the AWS client to obtain user authentication information, if obtaining user identity information in your Kubeconfig configuration item relies on the aws get token command, you must enable auto refresh Kubeconfig. This ensures that the platform dynamically obtains user authentication details.

Then click the Next button to go to the Connect Metrics Service step.

In the Connect Metrics Service step, enter the following configuration items as shown below.

Configuration item	Description
`Whether Thanos`	If the Metrics Server is Thanos, this should be selected.
`Metrics service address`	Metrics server address, currently supports Prometheus and Thanos.
`Limit access rate`	Whether to access the access rate limit of the Metrics service address.
`Maximum number of concurrencies`	Specifies the maximum number of concurrent accesses to the Metrics service address.
`cluster label`	Used as a label name to filter the cluster’s metrics from the Metrics service.
`Cluster tag value`	Used as a tag value to filter cluster metrics from the Metrics service.

Import the cluster: Connect to the Metrics service
Wiseinf Inc.

Then click the Next button to go to the View Configuration step.

In the View Configuration step, display the configurations for connecting to AWS, connecting to Kubernetes, and connecting to the Metrics service. You can check whether the configuration is as expected.

Import the cluster: View configuration
Wiseinf Inc.

After confirming these configurations, you can click the Import button to move to the Finish step.
In the Complete step, the submission status will be displayed, as shown below. When the submission status shows that the cluster has been imported, you can click the Finish button.

Import cluster: Complete
Wiseinf Inc.

Next step

After importing the cluster, you can view optimization suggestions for multiple aspects of the cluster, including: