Skip to main content

AWS EKS

Importing an AWS EKS engine connects an existing EKS cluster to AIchor without transferring ownership. AIchor schedules workloads on the cluster using IAM role assumption, while infrastructure management remains with the cluster administrator.

Prerequisites

  • The EKS cluster must already exist and be accessible.

  • An IAM role with the necessary permissions must be available. The role ARN follows the format arn:aws:iam::account-id:role/role-name.

  • The Kubernetes API server endpoint is required. Run the following command to retrieve it:

    kubectl cluster-info

and look for the Kubernetes control plane endpoint.

  • Either the DNS name of the Network Load Balancer or a Base Host value must be available (see form fields below).

  • To populate the CA Data field, run the following command against the cluster:

    kubectl config view --minify --raw --output 'jsonpath={..cluster.certificate-authority-data}' | base64 -d

Steps

  1. In the AIchor UI, open Engines and click Add Engine.
  2. Select In The Cloud, then AWS, then EKS.
  3. Select Import Existing Engine.
  4. Fill in the form fields described below and submit.

AWS EKS import form AWS EKS import form

Form fields

FieldRequiredDescription
Engine NameYesName of the engine in AIchor. Lowercase alphanumeric characters and hyphens. Must start with a letter.
EKS Cluster NameYesName of the existing EKS cluster to import in AKS.
EcosystemNoTag passed to infrastructure-as-code tooling. Required only for specific organisations on InstaDeep recommendation.
API HostnameYesKubernetes API server endpoint. Found in ~/.kube/config under the cluster's server field.
AWS RegionYesRegion where the cluster runs.
Assume Role ARNYesIAM role ARN with the necessary permissions. Format: arn:aws:iam::account-id:role/role-name.
Load Balancer DNSConditionalDNS name of the Network Load Balancer. Either this or Base Host must be provided.
Base HostConditionalAlternative to Load Balancer DNS for specific organisations on InstaDeep recommendation. Either this or Load Balancer DNS must be provided. Can be ignored in most cases.

Certificates

TLS verification behaviour is controlled through the certificate fields below. By default, certificate verification is enabled.

FieldRequiredDescription
InsecureNoWhen checked, certificate verification is skipped. Not recommended for production.
Server NameNoSNI hostname used during the TLS handshake.
Certificate DataNoClient certificate in PEM format.
CA DataNoCertificate Authority certificate in PEM format. See the retrieval command in the Prerequisites section above.

Authentication

Authentication to the EKS cluster is performed via IAM role assumption. The Assume Role ARN field specifies the IAM role that AIchor will assume when communicating with the cluster. Ensure the role has the required permissions to manage Kubernetes workloads on the target cluster.