Skip to main content
All CollectionsUniskai and Kubernetes
Step-by-step connecting Kubernetes Cluster — AWS
Step-by-step connecting Kubernetes Cluster — AWS

You can connect the EKS cluster to Uniskai by installing the agent or allowing direct access to the cluster API

Updated this week

Step 1

Select the Cloudk8s tab on the left menu.

Step 2

Click on the switcher of the desired cluster.

Step 3

The modal window appears.

Configure Read-Only access - Uniskai Agent

With “Read only” permissions you can get:

1. K8s architecture view in Cloudmap and Cloudnet;

2. K8s Billing;

3. View of rightsizing recommendations;

4. View of Cloudsitter recommendations;

Step 4.1

Click on the "Read only" button.

Step 4.2

The modal window with the connection script appears. Copy the command.

Connect to the cluster.

1. Go to AWS CloudShell and run the command:

aws eks update-kubeconfig --region <region-code> --name <cluster-name>

​replace “region-code” with the AWS region code where your cluster is located and “cluster-name” with the name of your cluster

2. When the cluster is connected, run the command from the modal window.

Step 4.3

Install the cost model.

To set up the cost model, click the “installation guide” link and follow the instructions.

If you already have a cost model (Kubecost or Opencost) installed, you do not need to install it again.

Return to Uniskai and click on "I Ran The Script"

Wait until all pods in the Uniskai namespace are running

or close the pop-up "Connect K8s cluster" and refresh your account in Uniskai to see updated cost reports and recommendations.

Do not forget to refresh your account!

Here you can find the button to refresh the account:

The state is changed to read-only.

Troubleshooting

  1. If you encounter a timeout error during agent installation: Unable to connect to the server: dial tcp 196.255.255.255:443: i/o timeout , follow these steps.

    • You can use your preferred method to connect to the cluster control plane API (e.g., VPN or bastion-host).

      • Check cluster availability using a simple kubectl command, e.g., kubectl get nodes.

Configuring Read/Write Access - Uniskai Agent

With a “Read/write” connection you can get:

1. K8s architecture view in Cloudmap and Cloudnet;

2. K8s Billing;

3. K8s Rightsizing;

4. Kubesitter;

5. K8s Cloudsitter;

Step 5.1

Click on the "Read/write" button

Step 5.2

Connect the K8s cluster window open. Click on "Сopy" button.

Connect to the cluster.

1. Go to AWS CloudShell and run the command:

aws eks update-kubeconfig --region <region-code> --name <cluster-name>

replace “region-code” with the AWS region code where your cluster is located and “cluster-name” with the name of your cluster

2. When the cluster is connected, run the command from the modal window.

Step 5.3

Install the cost model.

To set up the cost model, click on the link “installation guide” and follow the instructions.

If you already have a cost model (Kubecost or Opencost) installed, you do not need to install it again.

Step 5.4

Return to Uniskai and click on "I ran the script"

Wait until all pods in the Uniskai namespace are running

or close the pop-up "Connect K8s cluster" and refresh your account in Uniskai to see updated cost reports and recommendations.

Do not forget to refresh your account!

Here you can find the button to refresh the account:

The state is changed to read/write

AWS EKS Cluster with Public API Access

With an AWS API connection, you can get:

1. K8s architecture view in Cloudmap and Cloudnet;

2. K8s Billing;

3. Rightsizing recommendations;

4. Cloudsitter recommendations;

Step 1

Set up the command line environment by running AWS CloudShell in your preferred region. Use this link to run AWS CloudShell.

Step 2

Create or update a kubeconfig file for your cluster. Replace region-code with the AWS region code where your cluster is located and cluster-name with the name of your cluster:

aws eks update-kubeconfig --region region-code --name cluster-name

Step 3

READ ACCESS. Create ClusterRole and ClusterRoleBinding for Uniskai to allow read-only access to the cluster API:

kubectl apply -f https://uniskai-eu-templates.s3.amazonaws.com/eks/uniskai-reader-role-v2.yaml

Step 4

WRITE ACCESS. Create ClusterRole and ClusterRoleBinding for Uniskai to allow resource modification access to the cluster API:

kubectl apply -f https://uniskai-eu-templates.s3.amazonaws.com/eks/uniskai-modifier-role.yaml

Step 5

Depending on the cluster authentication mode in access configuration, select one of the following steps:

  1. When authentication mode is set to “EKS API” or “EKS API and ConfigMap”, you can set up the access entry by executing the CreateAccessEntry/UpdateAccessEntry operation:

    1. To create a new entry, use the create-access-entry CLI command. You can get the account connection details (ACCOUNT_ID, ARN_ROLE) by clicking on the specific account in the Uniskai Account Manager window.


      aws eks create-access-entry --cluster-name <cluster-name> --region <region> --principal-arn arn:aws:iam::<ACCOUNT_ID>:role/<ARN_ROLE> --kubernetes-groups uniskai-reader-group uniskai-modifier-group

    2. To update an existing entry, use the update-access-entry CLI command:

      aws eks update-access-entry --cluster-name <cluster-name> --region <region> --principal-arn arn:aws:iam::<ACCOUNT_ID>:role/<ARN_ROLE> --kubernetes-groups uniskai-reader-group uniskai-modifier-group

  2. When authentication mode is set to “ConfigMap” or “EKS API and ConfigMap”, you can update the config map within the cluster:

    1. Open the aws-auth ConfigMap for editing:

      kubectl edit -n kube-system configmap/aws-auth

    2. Add the mappings to the aws-auth ConfigMap to include the Uniskai user or role with the read-only permissions assigned, but don't replace any of the existing mappings. You can get the account connection details by clicking on the specific account in the Uniskai Account Manager window.

    3. If a role was used to connect the AWS account to Uniskai (connection type is Cross-account role), update the mapRoles field while replacing the ACCOUNT_ID with the cluster AWS account ID and ARN_ROLE with the IAM role name:

      apiVersion: v1
      data:
        mapRoles: |
          - groups:
            - uniskai-reader-group
            - uniskai-modifier-group
            rolearn: "arn:aws:iam::ACCOUNT_ID:role/ARN_ROLE"
            username: "ARN_ROLE"

    4. Save the file and exit the editor.

      1. When using Nano (AWS CloudShell’s default editor), press the Ctrl+X combination to exit the editor, press Y to approve changes and then press Enter to save the file.

      2. When using Vim, press the Esc key and type the :wq command.

Step 6 (Optional)

Enable Metrics API in your cluster to enable usage visualization, cost reports, and recommendations by installing a metrics-server :

kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml

Step 9.

Refresh the account in Uniskai to see recommendations.

Related Articles
Uniskai and Kubernetes
Step-by-step connecting Kubernetes Cluster for Azure
Switch cluster from Read only to Read/Write connection
Switch cluster from Read/Write to Read only connection
Supported resource types per provider
Did this answer your question?