Deploying Antrea on a cloud provider

Antrea may run in networkPolicyOnly mode in some cloud managed clusters. This document describes steps to create EKS using terraform.

Common Prerequisites

  1. To run EKS cluster, install and configure AWS cli(either version 1 or 2), see, and
  2. Install aws-iam-authenticator, see
  3. Install terraform, see
  4. You must already have ssh key-pair created. This key pair will be used to access worker Node via ssh. bash ls ~/.ssh/ id_rsa

Create an EKS cluster via terraform

Ensures that you have permission to create EKS cluster, and have already created EKS cluster role as well as worker Node profile.

export TF_VAR_eks_cluster_iam_role_name=YOUR_EKS_ROLE
export TF_VAR_eks_iam_instance_profile_name=YOUR_EKS_WORKER_NODE_PROFILE

Where - TF_VAR_eks_cluster_iam_role_name may be created by following these instructions - TF_VAR_eks_iam_instance_profile_name may be created by following these instructions - TF_VAR_eks_key_pair_name is the aws key pair name you have configured by following these instructions, using ssh-pair created in Prerequisites item 4

Create EKS cluster

./hack/ create

Interact with EKS cluster

./hack/ kubectl ... // issue kubectl commands to EKS cluster
./hack/ load ... // load local built images to EKS cluster
./hack/ destroy // destroy EKS cluster

and worker Node can be accessed with ssh via their external IPs.

Apply Antrea to EKS cluster

 ./hack/ --encap-mode networkPolicyOnly | ~/terraform/eks kubectl apply -f -
Getting Started

To help you get started, see the documentation.