Step 1
Select the Cloudk8s tab on the left menu.
Step 2
Click on the switcher of the desired cluster.
Step 3
The modal window appears.
Configure Read-Only access - Uniskai Agent
With “Read only” permissions you can get:
1. K8s architecture view in Cloudmap and Cloudnet;
2. K8s Billing;
3. View of rightsizing recommendations;
4. View of Cloudsitter recommendations;
Step 4.1
Click on the "Read only" button.
Step 4.2
The modal window with the connection script appears. Copy the command.
Connect to the cluster.
1. Go to AWS CloudShell and run the command:
aws eks update-kubeconfig --region <region-code> --name <cluster-name>
replace “region-code” with the AWS region code where your cluster is located and “cluster-name” with the name of your cluster
2. When the cluster is connected, run the command from the modal window.
Step 4.3
Install the cost model.
To set up the cost model, click the “installation guide” link and follow the instructions.
If you already have a cost model (Kubecost or Opencost) installed, you do not need to install it again.
Return to Uniskai and click on "I Ran The Script"
Wait until all pods in the Uniskai namespace are running
or close the pop-up "Connect K8s cluster" and refresh your account in Uniskai to see updated cost reports and recommendations.
Do not forget to refresh your account!
Here you can find the button to refresh the account:
The state is changed to read-only.
Troubleshooting
If you encounter a timeout error during agent installation:
Unable to connect to the server: dial tcp 196.255.255.255:443: i/o timeout
, follow these steps.You can use your preferred method to connect to the cluster control plane API (e.g., VPN or bastion-host).
Check cluster availability using a simple kubectl command, e.g., kubectl get nodes.
Configuring Read/Write Access - Uniskai Agent
With a “Read/write” connection you can get:
1. K8s architecture view in Cloudmap and Cloudnet;
2. K8s Billing;
3. K8s Rightsizing;
4. Kubesitter;
5. K8s Cloudsitter;
Step 5.1
Click on the "Read/write" button
Step 5.2
Connect the K8s cluster window open. Click on "Сopy" button.
Connect to the cluster.
1. Go to AWS CloudShell and run the command:
aws eks update-kubeconfig --region <region-code> --name <cluster-name>
replace “region-code” with the AWS region code where your cluster is located and “cluster-name” with the name of your cluster
2. When the cluster is connected, run the command from the modal window.
Step 5.3
Install the cost model.
To set up the cost model, click on the link “installation guide” and follow the instructions.
If you already have a cost model (Kubecost or Opencost) installed, you do not need to install it again.
Step 5.4
Return to Uniskai and click on "I ran the script"
Wait until all pods in the Uniskai namespace are running
or close the pop-up "Connect K8s cluster" and refresh your account in Uniskai to see updated cost reports and recommendations.
Do not forget to refresh your account!
Here you can find the button to refresh the account:
The state is changed to read/write
AWS EKS Cluster with Public API Access
With an AWS API connection, you can get:
1. K8s architecture view in Cloudmap and Cloudnet;
2. K8s Billing;
3. Rightsizing recommendations;
4. Cloudsitter recommendations;
Step 1
Set up the command line environment by running AWS CloudShell in your preferred region. Use this link to run AWS CloudShell.
Step 2
Create or update a kubeconfig file for your cluster. Replace region-code with the AWS region code where your cluster is located and cluster-name with the name of your cluster:
aws eks update-kubeconfig --region region-code --name cluster-name
Step 3
READ ACCESS. Create ClusterRole and ClusterRoleBinding for Uniskai to allow read-only access to the cluster API:
kubectl apply -f https://uniskai-eu-templates.s3.amazonaws.com/eks/uniskai-reader-role-v2.yaml
Step 4
WRITE ACCESS. Create ClusterRole and ClusterRoleBinding for Uniskai to allow resource modification access to the cluster API:
kubectl apply -f https://uniskai-eu-templates.s3.amazonaws.com/eks/uniskai-modifier-role.yaml
Step 5
Depending on the cluster authentication mode in access configuration, select one of the following steps:
When authentication mode is set to “EKS API” or “EKS API and ConfigMap”, you can set up the access entry by executing the CreateAccessEntry/UpdateAccessEntry operation:
To create a new entry, use the create-access-entry CLI command. You can get the account connection details (ACCOUNT_ID, ARN_ROLE) by clicking on the specific account in the Uniskai Account Manager window.
aws eks create-access-entry --cluster-name <cluster-name> --region <region> --principal-arn arn:aws:iam::<ACCOUNT_ID>:role/<ARN_ROLE> --kubernetes-groups uniskai-reader-group uniskai-modifier-group
To update an existing entry, use the update-access-entry CLI command:
aws eks update-access-entry --cluster-name <cluster-name> --region <region> --principal-arn arn:aws:iam::<ACCOUNT_ID>:role/<ARN_ROLE> --kubernetes-groups uniskai-reader-group uniskai-modifier-group
When authentication mode is set to “ConfigMap” or “EKS API and ConfigMap”, you can update the config map within the cluster:
Open the
aws-auth
ConfigMap
for editing:kubectl edit -n kube-system configmap/aws-auth
Add the mappings to the
aws-auth
ConfigMap
to include the Uniskai user or role with the read-only permissions assigned, but don't replace any of the existing mappings. You can get the account connection details by clicking on the specific account in the Uniskai Account Manager window.
If a role was used to connect the AWS account to Uniskai (connection type is
Cross-account role
), update themapRoles
field while replacing the ACCOUNT_ID with the cluster AWS account ID and ARN_ROLE with the IAM role name:apiVersion: v1
data:
mapRoles: |
- groups:
- uniskai-reader-group
- uniskai-modifier-group
rolearn: "arn:aws:iam::ACCOUNT_ID:role/ARN_ROLE"
username: "ARN_ROLE"Save the file and exit the editor.
When using Nano (AWS CloudShell’s default editor), press the Ctrl+X combination to exit the editor, press Y to approve changes and then press Enter to save the file.
When using Vim, press the Esc key and type the
:wq
command.
Step 6 (Optional)
Enable Metrics API in your cluster to enable usage visualization, cost reports, and recommendations by installing a metrics-server :
kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
Step 9.
Refresh the account in Uniskai to see recommendations.