Deploying Antrea on a cloud provider

Antrea may run in networkPolicyOnly mode in some cloud managed clusters. This document describes steps to create EKS using terraform.

Common Prerequisites

  1. To run EKS cluster, install and configure AWS cli(either version 1 or 2), see https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html, and https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html
  2. Install aws-iam-authenticator, see https://docs.aws.amazon.com/eks/latest/userguide/install-aws-iam-authenticator.html
  3. Install terraform, see https://learn.hashicorp.com/terraform/getting-started/install.html
  4. You must already have ssh key-pair created. This key pair will be used to access worker Node via ssh. bash ls ~/.ssh/ id_rsa id_rsa.pub

Create an EKS cluster via terraform

Ensures that you have permission to create EKS cluster, and have already created EKS cluster role as well as worker Node profile.

  1. export TF_VAR_eks_cluster_iam_role_name=YOUR_EKS_ROLE
  2. export TF_VAR_eks_iam_instance_profile_name=YOUR_EKS_WORKER_NODE_PROFILE
  3. export TF_VAR_eks_key_pair_name=YOUR_KEY_PAIR_TO_ACCESS_WORKER_NODE

Where - TF_VAR_eks_cluster_iam_role_name may be created by following these instructions - TF_VAR_eks_iam_instance_profile_name may be created by following these instructions - TF_VAR_eks_key_pair_name is the aws key pair name you have configured by following these instructions, using ssh-pair created in Prerequisites item 4

Create EKS cluster

  1. ./hack/terraform-eks.sh create

Interact with EKS cluster

  1. ./hack/terraform-eks.sh kubectl ... // issue kubectl commands to EKS cluster
  2. ./hack/terraform-eks.sh load ... // load local built images to EKS cluster
  3. ./hack/terraform-eks.sh destroy // destroy EKS cluster

and worker Node can be accessed with ssh via their external IPs.

Apply Antrea to EKS cluster

  1.  ./hack/generate-manifest.sh --encap-mode networkPolicyOnly | ~/terraform/eks kubectl apply -f -