Skip to content

AWS template parameters#

AWS AMI#

By default AMI ID will be looked up automatically using the latest Amazon Linux 2 image.

You can override lookup parameters to search your desired image automatically or use AMI ID directly. If both AMI ID and lookup parameters are defined AMI ID will have higher precedence.

Image lookup#

To configure automatic AMI lookup 3 parameters are used:

  • .imageLookup.format - used directly as value for the name filter (see the describe-images filters).
  • Supports substitutions for {{.BaseOS}} and {{.K8sVersion}} with the base OS and kubernetes version, respectively.

  • .imageLookup.org - AWS org ID which will be used as value for the owner-id filter.

  • .imageLookup.baseOS - will be used as value for {{.BaseOS}} substitution in the .imageLookup.format string.

AMI ID#

AMI ID can be directly used in the .amiID parameter.

CAPA prebuilt AMIs#

Use clusterawsadm to get available AMIs to deploy managed cluster:

clusterawsadm ami list

For details, see Pre-built Kubernetes AMIs.

SSH access to cluster nodes#

To access the nodes using the SSH protocol, several things should be configured:

  • An SSH key added in the region where you want to deploy the cluster
  • Bastion host is enabled

SSH keys#

Only one SSH key is supported and it should be added in AWS prior to creating the ManagedCluster object. The name of the key should then be placed under .spec.config.sshKeyName.

The same SSH key will be used for all machines and a bastion host.

To enable bastion you should add .spec.config.bastion.enabled option in the ManagedCluster object to true.

Full list of the bastion configuration options could be fould in CAPA docs.

The resulting ManagedCluster can look like this:

apiVersion: hmc.mirantis.com/v1alpha1
kind: ManagedCluster
metadata:
  name: cluster-1
spec:
  template: aws-standalone-cp-0-0-2
  credential: aws-cred
  config:
    sshKeyName: foobar
    bastion:
      enabled: true
...

EKS templates#

Warning

When deploying EKS cluster please note that additional steps may be needed for proper VPC removal.

EKS templates use the parameters similar to AWS and resulting EKS ManagedCluster can look like this:

apiVersion: hmc.mirantis.com/v1alpha1
kind: ManagedCluster
metadata:
  name: cluster-1
spec:
  template: aws-eks-0-0-2
  credential: aws-cred
  config:
    sshKeyName: foobar
    region: ${AWS_REGION}
    workersNumber: 1
...