EKS Node creation
This section describes the requirements that must be satisfied for an AWS Nitro-based EC2 instance to be added to an EKS cluster.
Overview
In Getting started with the Anjuna Nitro Kubernetes Toolset, you learned
how to create a simple EKS cluster using the Anjuna Nitro Kubernetes terraform
sample script.
If you already have an existing EKS cluster, using the Anjuna Nitro Kubernetes terraform
sample script might not be convenient or consistent with your deployment policies.
This section provides information to allow you to provision EKS Nodes using your tool of choice (for example, Terraform or CloudFormation).
Supported EC2 instances
Adding an AWS Nitro-based Node to your EKS cluster is similar to adding a regular node to EKS. The main differences are:
-
EC2 instance type: you must select an AWS Nitro-based instance. See Nitro Instance for an up-to-date list of instances/regions that support AWS Nitro.
-
Amazon Machine Image: It is recommended to use one of the EKS-Optimized Amazon Machine Images (see a complete list of EKS-ready AMIs), which already contain all the dependencies required for an EC2 node to join your EKS cluster. The Anjuna Nitro Kubernetes Tools have been tested on the
Amazon Linux
AMI.
Additional software packages
In addition to the standard packages needed on an EKS Node, you need to install the
aws-nitro-enclaves-cli
package. If your EC2 host is based on the Amazon Linux AMI
, run
the following command:
$ sudo amazon-linux-extras install aws-nitro-enclaves-cli
EC2 host configuration
The EC2 host should be configured to allow EKS to manage the resources required to create AWS Nitro Enclaves:
-
Number of vCPUs reserved for an AWS Nitro Enclave (must be even due to hyperthreading).
-
Memory configuration for the AWS Nitro Enclave Allocator Service.
-
Kernel parameter for Huge Page support.
Here is an example of a UserData
script that will set up an EC2 host that can be managed
by an EKS cluster and also allow the creation of AWS Nitro Enclaves:
#!/bin/bash
amazon-linux-extras install aws-nitro-enclaves-cli
# To build EIFs on-the-fly on EKS v1.24 and later, you must ensure that the
# Docker service is installed and running:
INSTALL_DOCKER=true
RES_CPU="${nitro_reserved_cpu}"
RES_MEM_MB="${nitro_reserved_mem_mb}"
# Find out number of pages (2MB in size) required to allocate
RES_PAGES=$(( "${RES_MEM_MB}" / 2 ))
# If requested memory is odd number, add one more
REMAINDER=$(( "${RES_MEM_MB}" % 2 ))
if [[ "${REMAINDER}" == "1" ]]; then
RES_PAGES=$(( "${RES_PAGES}" + 1 ))
fi
cp /etc/nitro_enclaves/allocator.yaml /etc/nitro_enclaves/allocator-orig.yaml
echo "---" | tee /etc/nitro_enclaves/allocator.yaml
echo cpu_count: "${RES_CPU}" | tee -a /etc/nitro_enclaves/allocator.yaml
# Keep memory_mib < 1GB to force usage of 2MB hugepage
echo memory_mib: 512 | tee -a /etc/nitro_enclaves/allocator.yaml
systemctl start nitro-enclaves-allocator.service
systemctl enable nitro-enclaves-allocator.service
sysctl -w vm.nr_hugepages="${RES_PAGES}"
echo vm.nr_hugepages = "${RES_PAGES}" | tee /etc/sysctl.d/99-anjuna.conf
if [[ "$INSTALL_DOCKER" == "true" ]]; then
sudo amazon-linux-extras install -y docker
sudo systemctl daemon-reload
sudo systemctl enable docker.service
sudo systemctl start docker.service
fi
The script above uses the
You must update this script to match the syntax required by your provisioning tool. |