Skip to main content

Satellite on AWS EKS using Fargate

Fargate enables you to run containers without the overhead of managing and scaling servers and clusters. AWS handles the maintenance, security, and health of the instances, allowing you to focus on your applications.

1. Set Up Environment Variables

export CLUSTER_NAME='Cluster Name'
export REGION='AWS Region'
export ACCOUNT_ID='AWS Account ID'

2. Create the EKS Cluster

Create a cluster using Fargate by running:

eksctl create cluster --name ${CLUSTER_NAME} --region ${REGION} --fargate

The --fargate flag specifies that the cluster should run on Fargate and initially assigns 2 Fargate nodes.

Verify the nodes by running kubectl get nodes. The output should look similar to:

fargate-ip-192.168.1.1.<aws-region>.compute.internal   Ready    <none>   1m   v1.25
fargate-ip-192-168-1.1.<aws-region>.compute.internal   Ready    <none>   1m   v1.25

3. Configure Cluster Access

AWS EKS grants cluster admin permissions to the account that created the cluster. If you don't need to grant access to other AWS users, you can skip this section.

You can grant access to other AWS users in the same account using one of these methods:

Adding individuals to the cluster

Run this command to add an individual user account to the cluster's aws-auth ConfigMap:

eksctl create iamidentitymapping \
    --cluster ${CLUSTER_NAME} \
    --region ${REGION} \
    --arn <AWS ACCOUNT ARN FOR THE USER> \
    --group system:masters \
    --no-duplicate-arns \
    --username <AWS USERNAME FOR THE USER>

Giving access to an IAM User Group

Create a role developer.assume-access.role and attach two policies to it:

  1. EKSFullAccess: Grants access to all EKS resources
  2. developer.assume-eks-access-role.policy: Allows assuming the role

A detailed guide on defining roles and policies can be found here.

After creating the roles and attaching the policies, add the role to the cluster's aws-auth ConfigMap to grant the developers group access:

eksctl create iamidentitymapping \
    --cluster ${CLUSTER_NAME} \
    --region ${REGION} \
    --arn arn:aws:iam::${ACCOUND_ID}:role/developer.assume-access.role \
    --group system:masters \

Run this command to grant access to the cluster.

Users can connect to the cluster with a single command:

aws eks update-kubeconfig --name ${CLUSTER_NAME} --region ${REGION}> --role-arn arn:aws:iam::${ACCOUNT_ID}:role/developer.assume-access.role

This command updates the kubeconfig, adds the cluster context, and sets it as the current context.

The --role-arn argument specifies the correct role and policies for seamless cluster access.

4. Install the Satellite

Follow the instructions in the Install on Kubernetes section to install the Satellite.

Ensure you record the Collector's address for future configuration.