Skip to main content
Skip table of contents

AWS Bootstrap Cluster

To create Kubernetes clusters, Konvoy uses Cluster API (CAPI) controllers. These controllers run on a Kubernetes cluster. To get started, you need a bootstrap cluster. By default, Konvoy creates a bootstrap cluster for you in a Docker container using the Kubernetes-in-Docker (KIND) tool.

Prerequisites

Before you begin, you must:

  • Complete the steps in Prerequisites.

  • Ensure the dkp binary can be found in your $PATH.

Bootstrap Cluster Lifecycle Services

  1. Review Universal Configurations for all Infrastructure Providers regarding settings, flags and other choices and then begin bootstrapping.

  2. Create a bootstrap cluster:

    YAML 
    dkp create bootstrap --kubeconfig $HOME/.kube/config
HTTP Flags if needed:

To create a bootstrap cluster in a proxied environment use the flags for HTTP:

CODE 
  --http-proxy <string> \
  --https-proxy <string> \
  --no-proxy <string>
Using a Custom AWS CA

You need to add the custom CAs into two places:

  • The capa-controller-manager pod, because CAPA controllers interact with AWS API when creating and deleting infrastructure.

  • The trusted root CAs in the AWS AMI used as Kubernetes nodes. The first step of the node bootstrap process is to fetch the sensitive information from the AWS Secrets Manager service, so the aws client on the instances needs to trust this custom CA. This process is unique to your environment but a general flow can be similar to what is documented in adding trusted root certificates to the server.

  1. Place the AWS CA file as ca.pem in your working directory

  2. Create a ConfigMap with the contents of the file:

    CODE 
    kubectl create configmap -n capa-system aws-ca --from-file=ca.pem

  3. Update the capa-controller-manager to set an environment variable AWS_CA_BUNDLE in capa-controller-manager:

    CODE 
    kubectl patch deployment -n capa-system capa-controller-manager --patch '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"},{"name":"kube-rbac-proxy"}],"$setElementOrder/volumes":[{"name":"cert"},{"name":"credentials"},{"name":"aws-ca"}],"containers":[{"$setElementOrder/env":[{"name":"AWS_SHARED_CREDENTIALS_FILE"},{"name":"AWS_CA_BUNDLE"}],"$setElementOrder/volumeMounts":[{"mountPath":"/tmp/k8s-webhook-server/serving-certs"},{"mountPath":"/home/.aws"},{"mountPath":"/home/.konvoy/aws-ca.pem"}],"env":[{"name":"AWS_CA_BUNDLE","value":"/home/.konvoy/aws-ca.pem"}],"name":"manager","volumeMounts":[{"mountPath":"/home/.konvoy/aws-ca.pem","name":"aws-ca","subPath":"ca.pem"}]}],"volumes":[{"configMap":{"name":"aws-ca"},"name":"aws-ca"}]}}}}'

Output:

YAML 
 ✓ Creating a bootstrap cluster
 ✓ Initializing new CAPI components

Konvoy creates a bootstrap cluster using KIND as a library and deploys Cluster API providers on the cluster. Refer to Customizing CAPI Components for a Clusterfor more details.

Konvoy waits until the controller-manager and webhook deployments of these providers are ready.

List these deployments using this command:

YAML 
kubectl get --all-namespaces deployments -l=clusterctl.cluster.x-k8s.io

Output:

YAML 
NAMESPACE                           NAME                                            READY   UP-TO-DATE   AVAILABLE   AGE
capa-system                         capa-controller-manager                         1/1     1            1           2m8s
capi-kubeadm-bootstrap-system       capi-kubeadm-bootstrap-controller-manager       1/1     1            1           2m10s
capi-kubeadm-control-plane-system   capi-kubeadm-control-plane-controller-manager   1/1     1            1           2m10s
capi-system                         capi-controller-manager                         1/1     1            1           2m11s
cappp-system                        cappp-controller-manager                        1/1     1            1           2m6s
capv-system                         capv-controller-manager                         1/1     1            1           2m5s
capz-system                         capz-controller-manager                         1/1     1            1           2m7s
cert-manager                        cert-manager                                    1/1     1            1           2m21s
cert-manager                        cert-manager-cainjector                         1/1     1            1           2m21s
cert-manager                        cert-manager-webhook                            1/1     1            1           2m21s

Next Step

AWS Create a New Customized Cluster

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close