Skip to main content
Skip table of contents

AWS Bootstrap Cluster

To create Kubernetes clusters, Konvoy uses Cluster API (CAPI) controllers. These controllers run on a Kubernetes cluster. To get started, you need a bootstrap cluster. By default, Konvoy creates a bootstrap cluster for you in a Docker container using the Kubernetes-in-Docker (KIND) tool.

Prerequisites

Before you begin, you must:

  • Complete the steps in Prerequisites.

  • Ensure the dkp binary can be found in your $PATH.

Bootstrap Cluster Lifecycle Services

  1. If an HTTP proxy is required for the bootstrap cluster, set the local http_proxy, https_proxy, and no_proxy environment variables. They are copied into the bootstrap cluster.

  2. Create a bootstrap cluster:

    CODE
    dkp create bootstrap --kubeconfig $HOME/.kube/config

    If your environment uses HTTP/HTTPS proxies, you must include the flags --http-proxy, --https-proxy, and --no-proxy and their related values in this command for it to be successful. More information is available in Configuring an HTTP/HTTPS Proxy.

    The output resembles:

    CODE
     ✓ Creating a bootstrap cluster
     ✓ Initializing new CAPI components

    Konvoy creates a bootstrap cluster using KIND as a library. Konvoy then deploys the following Cluster API providers on the cluster:

    Konvoy waits until the controller-manager and webhook deployments of these providers are ready. List these deployments using this command:

    CODE
    kubectl get --all-namespaces deployments -l=clusterctl.cluster.x-k8s.io

    CODE
    NAMESPACE                           NAME                                            READY   UP-TO-DATE   AVAILABLE   AGE
    capa-system                         capa-controller-manager                         1/1     1            1           2m8s
    capi-kubeadm-bootstrap-system       capi-kubeadm-bootstrap-controller-manager       1/1     1            1           2m10s
    capi-kubeadm-control-plane-system   capi-kubeadm-control-plane-controller-manager   1/1     1            1           2m10s
    capi-system                         capi-controller-manager                         1/1     1            1           2m11s
    cappp-system                        cappp-controller-manager                        1/1     1            1           2m6s
    capv-system                         capv-controller-manager                         1/1     1            1           2m5s
    capz-system                         capz-controller-manager                         1/1     1            1           2m7s
    cert-manager                        cert-manager                                    1/1     1            1           2m21s
    cert-manager                        cert-manager-cainjector                         1/1     1            1           2m21s
    cert-manager                        cert-manager-webhook                            1/1     1            1           2m21s

Using a Custom AWS CA

You need to add the custom CAs into two places:

  • The capa-controller-manager pod, because CAPA controllers interact with AWS API when creating and deleting infrastructure.

  • The trusted root CAs in the AWS AMI used as Kubernetes nodes. The first step of the node bootstrap process is to fetch the sensitive information from the AWS Secrets Manager service, so the aws client on the instances needs to trust this custom CA. This process is unique to your environment but a general flow can be similar to what is documented in adding trusted root certificates to the server.

  1. Place the AWS CA file as ca.pem in your working directory

  2. Create a ConfigMap with the contents of the file:

    CODE
    kubectl create configmap -n capa-system aws-ca --from-file=ca.pem
  3. Update the capa-controller-manager to set an environment variable AWS_CA_BUNDLE in capa-controller-manager:

    CODE
    kubectl patch deployment -n capa-system capa-controller-manager --patch '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"},{"name":"kube-rbac-proxy"}],"$setElementOrder/volumes":[{"name":"cert"},{"name":"credentials"},{"name":"aws-ca"}],"containers":[{"$setElementOrder/env":[{"name":"AWS_SHARED_CREDENTIALS_FILE"},{"name":"AWS_CA_BUNDLE"}],"$setElementOrder/volumeMounts":[{"mountPath":"/tmp/k8s-webhook-server/serving-certs"},{"mountPath":"/home/.aws"},{"mountPath":"/home/.konvoy/aws-ca.pem"}],"env":[{"name":"AWS_CA_BUNDLE","value":"/home/.konvoy/aws-ca.pem"}],"name":"manager","volumeMounts":[{"mountPath":"/home/.konvoy/aws-ca.pem","name":"aws-ca","subPath":"ca.pem"}]}],"volumes":[{"configMap":{"name":"aws-ca"},"name":"aws-ca"}]}}}}'

Next Step:

Create a New Customized AWS Cluster

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.