Documentation
Introduction
- Overview
- Getting Started
- Support for K8s Installers
- Deploying on Kind
- Deploying on Minikube
- Configuration
- Installing with Helm
Cloud Deployment
Reference
- Antrea Network Policy
- Antctl
- Architecture
- Traffic Encryption (Ipsec / WireGuard)
- Securing Control Plane
- Security considerations
- Troubleshooting
- OS-specific Known Issues
- OVS Pipeline
- Feature Gates
- Antrea Proxy
- Network Flow Visibility
- Traceflow Guide
- NoEncap and Hybrid Traffic Modes
- Egress Guide
- NodePortLocal Guide
- Antrea IPAM Guide
- Exposing Services of type LoadBalancer
- Traffic Control
- BGP Support
- Versioning
- Antrea API Groups
- Antrea API Reference
Windows
Integrations
Cookbooks
Multicluster
Developer Guide
Project Information
Deploying EKS with Antrea
Antrea may run in networkPolicyOnly mode in AKS and EKS clusters. This document describes the steps to create an EKS cluster with Antrea using terraform.
Common Prerequisites
- To run EKS cluster, install and configure AWS cli(either version 1 or 2), see https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html, and https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html
- Install aws-iam-authenticator, see https://docs.aws.amazon.com/eks/latest/userguide/install-aws-iam-authenticator.html
- Install terraform, see https://learn.hashicorp.com/tutorials/terraform/install-cli
- You must already have ssh key-pair created. This key pair will be used to access worker Node via ssh.
ls ~/.ssh/
id_rsa id_rsa.pub
Create an EKS cluster via terraform
Ensures that you have permission to create EKS cluster, and have already created EKS cluster role as well as worker Node profile.
export TF_VAR_eks_cluster_iam_role_name=YOUR_EKS_ROLE
export TF_VAR_eks_iam_instance_profile_name=YOUR_EKS_WORKER_NODE_PROFILE
export TF_VAR_eks_key_pair_name=YOUR_KEY_PAIR_TO_ACCESS_WORKER_NODE
Where
- TF_VAR_eks_cluster_iam_role_name may be created by following these instructions
- TF_VAR_eks_iam_instance_profile_name may be created by following these instructions
- TF_VAR_eks_key_pair_name is the aws key pair name you have configured by following these instructions, using ssh-pair created in Prerequisites item 4
Create EKS cluster
./hack/terraform-eks.sh create
Interact with EKS cluster
./hack/terraform-eks.sh kubectl ... # issue kubectl commands to EKS cluster
./hack/terraform-eks.sh load ... # load local built images to EKS cluster
./hack/terraform-eks.sh destroy # destroy EKS cluster
and worker Node can be accessed with ssh via their external IPs.
Apply Antrea to EKS cluster
./hack/generate-manifest.sh --encap-mode networkPolicyOnly | ~/terraform/eks kubectl apply -f -