From f819369b95e8dfb763b9fa6b8196c9655c912839 Mon Sep 17 00:00:00 2001 From: Jason Andrews Date: Wed, 24 Jun 2026 11:45:49 -0500 Subject: [PATCH] EKS cluster with Graviton nodes using Rafay --- .../rafay-eks/_index.md | 70 +++ .../rafay-eks/_next-steps.md | 8 + .../rafay-eks/cluster.md | 182 ++++++++ .../images/rafay-cloud-credential.webp | Bin 0 -> 8894 bytes .../rafay-eks/nginx.md | 169 +++++++ .../rafay-eks/setup.md | 441 ++++++++++++++++++ 6 files changed, 870 insertions(+) create mode 100644 content/learning-paths/servers-and-cloud-computing/rafay-eks/_index.md create mode 100644 content/learning-paths/servers-and-cloud-computing/rafay-eks/_next-steps.md create mode 100644 content/learning-paths/servers-and-cloud-computing/rafay-eks/cluster.md create mode 100644 content/learning-paths/servers-and-cloud-computing/rafay-eks/images/rafay-cloud-credential.webp create mode 100644 content/learning-paths/servers-and-cloud-computing/rafay-eks/nginx.md create mode 100644 content/learning-paths/servers-and-cloud-computing/rafay-eks/setup.md diff --git a/content/learning-paths/servers-and-cloud-computing/rafay-eks/_index.md b/content/learning-paths/servers-and-cloud-computing/rafay-eks/_index.md new file mode 100644 index 0000000000..53f46080f4 --- /dev/null +++ b/content/learning-paths/servers-and-cloud-computing/rafay-eks/_index.md @@ -0,0 +1,70 @@ +--- +title: "Deploy an EKS cluster with Graviton nodes using Rafay" + +description: Use the Rafay Kubernetes Operations Platform to provision an Amazon EKS cluster with an Arm Graviton node group and deploy NGINX to verify the setup. + +draft: true +cascade: + draft: true + +minutes_to_complete: 60 + +who_is_this_for: > + This is an advanced topic for software developers familiar with Kubernetes and AWS who want to learn how to use the Rafay platform to provision and manage EKS clusters backed by Arm Graviton instances. + +learning_objectives: + - Connect your AWS account to the Rafay platform using a cross-account IAM role + - Provision an Amazon EKS cluster with an Arm Graviton node group using Rafay + - Deploy and verify NGINX on Arm nodes and clean up all cloud resources + +prerequisites: + - An Amazon Web Services (AWS) [account](https://aws.amazon.com/) + - A [Rafay account](https://rafay.co) + - The [AWS CLI](/install-guides/aws-cli/) installed and configured + +author: Jason Andrews + +generate_summary_faq: true +rerun_summary: false +rerun_faqs: false + +### Tags +skilllevels: Advanced +subjects: Containers and Virtualization +cloud_service_providers: + - AWS +armips: + - Neoverse +operatingsystems: + - Linux +tools_software_languages: + - Kubernetes + - AWS Elastic Kubernetes Service (EKS) + - Rafay + - NGINX + - rctl + +# FIXED, DO NOT MODIFY +# ================================================================================ +further_reading: + - resource: + title: Rafay CLI overview + link: https://docs.rafay.co/cli/overview/ + type: documentation + - resource: + title: Amazon EKS documentation + link: https://aws.amazon.com/eks/ + type: documentation + - resource: + title: AWS Graviton processors + link: https://aws.amazon.com/ec2/graviton/ + type: documentation + - resource: + title: Kubernetes documentation + link: https://kubernetes.io/docs/home/ + type: documentation + +weight: 1 # _index.md always has weight of 1 to order correctly +layout: "learningpathall" # All files under learning paths have this same wrapper +learning_path_main_page: "yes" # Indicates this should be surfaced when looking for related content. Only set for _index.md of learning path content. +--- diff --git a/content/learning-paths/servers-and-cloud-computing/rafay-eks/_next-steps.md b/content/learning-paths/servers-and-cloud-computing/rafay-eks/_next-steps.md new file mode 100644 index 0000000000..727b395ddd --- /dev/null +++ b/content/learning-paths/servers-and-cloud-computing/rafay-eks/_next-steps.md @@ -0,0 +1,8 @@ +--- +# ================================================================================ +# FIXED, DO NOT MODIFY THIS FILE +# ================================================================================ +weight: 21 # The weight controls the order of the pages. _index.md always has weight 1. +title: "Next Steps" # Always the same, html page title. +layout: "learningpathall" # All files under learning paths have this same wrapper for Hugo processing. +--- diff --git a/content/learning-paths/servers-and-cloud-computing/rafay-eks/cluster.md b/content/learning-paths/servers-and-cloud-computing/rafay-eks/cluster.md new file mode 100644 index 0000000000..b14b9ad2a5 --- /dev/null +++ b/content/learning-paths/servers-and-cloud-computing/rafay-eks/cluster.md @@ -0,0 +1,182 @@ +--- +title: "Create the EKS cluster" +weight: 3 + +### FIXED, DO NOT MODIFY +layout: learningpathall +--- + +In this section, you define and provision an EKS cluster with a Graviton-based node group using Rafay's declarative manifest format. You then apply the manifest with RCTL, wait for the cluster to reach a ready state, and download the kubeconfig so you can interact with the cluster. + +## Create the cluster manifest + +The Rafay platform uses a declarative YAML manifest to define your EKS cluster. Create a file named `demo-eks-graviton.yaml` with the following content: + +```yaml +apiVersion: infra.k8smgmt.io/v3 +kind: Cluster +metadata: + # The name of the cluster + name: demo-eks-graviton + # The name of the project the cluster will be created in + project: defaultproject +spec: + blueprintConfig: + # The name of the blueprint the cluster will use + name: minimal + # The version of the blueprint the cluster will use + version: latest + # The name of the cloud credential that will be used to create the cluster + cloudCredentials: aws-cloud-credential + config: + # The EKS addons that will be applied to the cluster + addons: + - name: kube-proxy + version: latest + - name: vpc-cni + version: latest + - name: coredns + version: latest + managedNodeGroups: + # The AWS AMI family type the nodes will use + - amiFamily: AmazonLinux2023 + # The desired number of nodes that can run in the node group + desiredCapacity: 1 + iam: + withAddonPolicies: + # Enables the IAM policy for cluster autoscaler + autoScaler: true + # Allows for full ECR (Elastic Container Registry) access. This is useful for building, for example, a CI server that needs to push images to ECR + imageBuilder: true + # The AWS EC2 instance type that will be used for the nodes + instanceType: m7g.large + # The maximum number of nodes that can run in the node group + maxSize: 1 + # The minimum number of nodes that can run in the node group + minSize: 1 + # The name of the node group that will be created in AWS + name: graviton + metadata: + # The name of the cluster + name: demo-eks-graviton + # The AWS region the cluster will be created in + region: us-east-1 + # The tags that will be applied to the AWS cluster resources + tags: + email: user@rafay.co + env: qa + # The Kubernetes version that will be installed on the cluster + version: latest + vpc: + # AutoAllocateIPV6 requests an IPv6 CIDR block with /56 prefix for the VPC + autoAllocateIPv6: false + clusterEndpoints: + # Enables private access to the Kubernetes API server endpoints + privateAccess: true + # Enables public access to the Kubernetes API server endpoints + publicAccess: false + # The CIDR that will be used by the cluster VPC + cidr: 192.168.0.0/16 + type: aws-eks +``` + +Key fields to note: + +- `cloudCredentials` — must exactly match the credential name you entered in the Rafay console +- `project` - must be the project you attached the credential to +- `instanceType: m7g.large` — a Graviton3 instance with Arm Neoverse processors +- `publicAccess: false` — the Kubernetes API server has no public endpoint. You reach the cluster exclusively through RCTL, which routes traffic through the Rafay control plane. + +## Apply the cluster manifest + +Submit the manifest to Rafay using `rctl`: + +```console +rctl apply -f demo-eks-graviton.yaml +``` + +The output is similar to: + +```output +[ + { + "tasksetId": "ko9176k", + "tasksetOperations": [ + { + "operationName": "ClusterCreation", + "resourceName": "demo-eks-graviton", + "operationStatus": "PROVISION_TASK_STATUS_INPROGRESS" + }, + { + "operationName": "NodegroupCreation", + "resourceName": "graviton", + "operationStatus": "PROVISION_TASK_STATUS_PENDING" + }, + { + "operationName": "BlueprintSync", + "resourceName": "demo-eks-graviton", + "operationStatus": "PROVISION_TASK_STATUS_PENDING" + } + ], + "tasksetStatus": "PROVISION_TASKSET_STATUS_INPROGRESS", + "comments": "Configuration is being applied to the cluster" + } +] +``` + +## Monitor cluster provisioning + +Poll the cluster status until it reports `READY`. Provisioning typically takes 15–20 minutes as Rafay creates the VPC, EKS control plane, and managed node group. + +```console +rctl get cluster demo-eks-graviton +``` + +The output is similar to: + +```output ++-------------------+-----------------------------+---------+-----------+-----------+---------------------------+---------------------+ +| NAME | CREATED AT | TYPE | STATUS | BLUEPRINT | PROVISION STATUS | ENVIRONMENT CREATED | ++-------------------+-----------------------------+---------+-----------+-----------+---------------------------+---------------------+ +| demo-eks-graviton | 2026-06-24T15:32:19.936269Z | aws-eks | NOT_READY | minimal | INFRA_CREATION_INPROGRESS | false | ++-------------------+-----------------------------+---------+-----------+-----------+---------------------------+---------------------+ +``` + +While waiting, you can run the command again every few minutes. You will see various status values before the status changes to `READY`. You can also check the AWS CloudFormation console to see project and look for any stack errors. + +## Download the kubeconfig + +Once the cluster is `READY`, download the kubeconfig file: + +```console +rctl kubeconfig download --cluster demo-eks-graviton -f ~/.kube/demo-eks-graviton.kubeconfig +``` + +The output is similar to: + +```output +kubeconfig downloaded to ~/.kube/demo-eks-graviton.kubeconfig +``` + +Export the path so that `kubectl` uses this cluster: + +```console +export KUBECONFIG=~/.kube/demo-eks-graviton.kubeconfig +``` + +## Verify the nodes + +Confirm that the cluster has a running node and that it reports the `arm64` architecture: + +```console +kubectl get nodes -L kubernetes.io/arch +``` + +The output is similar to: + +```output +NAME STATUS ROLES AGE VERSION ARCH +ip-192-168-13-74.ec2.internal Ready 26m v1.36.2-eks-93b80c6 arm64 +``` + +The `arm64` value in the `ARCH` column confirms that the node is running on an AWS Graviton instance. Your EKS cluster is ready to accept workloads. In the next section, you will deploy NGINX to this cluster and verify it runs on the Graviton node. diff --git a/content/learning-paths/servers-and-cloud-computing/rafay-eks/images/rafay-cloud-credential.webp b/content/learning-paths/servers-and-cloud-computing/rafay-eks/images/rafay-cloud-credential.webp new file mode 100644 index 0000000000000000000000000000000000000000..b9dd2a8265e346c40960374912c87595da86bd30 GIT binary patch literal 8894 zcma);WmFwZvaUA{!QGwU?!nzHxVyW%X5$(>xVyW%Yk=SqoZ#*oHuwAH{y68%otblg zJZp7#t*%=2R@LfOm6eier2qi5B*j!TRd~rN|5~F>0CFJc;b0UXgc4=)6iSLI3d!zx zz3VX$Y#iV8GR7`Zgk&0St!{cJg$n|8f~@bAZW(fp%}gZ>XXlaqq#P zw#T}yzMH_=pyW6AJJMUD#i0H`+mD17n76DKV%z5l#3I_t9)ECTz08NgRBq`^){q-#MJA8{Y@S0f)E8y}Z-A0Hp2Xk>3yBo0EM zYZw0swuQ2ol=2*{_d19g^5Gf{DU0cT~{H~u=crP#A zhVn`ePD55zl770;d@kV{6E<%-LvUg^J|ZIePSz-y-7j{-v#OZ;>-b+|Rj?BPtiMqZ z%X*JPsN9tne6Xaa7CyFvNmw~o*&m-rE5v1=9xnTwc%IgX%HrMeotO^(7fZeMK_oZ#C`UtRk@N%#M1>OP<;u*n)= zOZ$PPCT_P6IvvYWF5ve2pQzUOVp=u7{zq&ty<7k3+CRJD_Ny1H`d{2wwZO=C{Udt* zc#T!_G>qb973x(LA^%PIo;jqLbk$tthTl}d?I)jqI0C^qW(u)bO(rJrr62Py-YP|Z zjkEhZhpe>u*Lr?U(FUhUHMg?m5NsKijV~w-Jx}h=eO|i45Kt+z=V)XP7hMi-y0GFI= z2#dF>AP7v;UmJ2v=%G+esWa<`rkOx_9=ksc0cP6Muxc!OKlUng;1;aUdmvg`aH&5N z4J^Tp_NBFmH3}pPU|l}p!u-(Q6z;A5D;aG1mH(!@zH^pf*<6-YXMvFs=`l-P!qq=U zY&~+V&~1#n-F9o>uM+>u>G+=|rnXT2+xfq!+-R`4vAaIk7{wJ^3vOAt^ACD3j?cae z=Z!Dd+>qH>V9|jhFMEu)rEiP{V}rN>?)Px58m4Qy`VIUbS_zf%x*1B#R5E*4mWj?- z1%t9x22&-1vhWCU+rSLPR)|RjhPlr4#_@oVASThF9cgEhsYjkFZX?#Gj}Bjnvrr-* zi+JT}&hPI6aux z8PigKcdmW+wx+P5(_bPA!=iHMiP_)Dqyb;kl*4&A28bZ^hY)^~HU((k1)NKvT^tKb zcoH?hBgWJJ?)rb7;{X8QkHP7gb?0CJikU0cYkXSu@ohtvaFpZ}fMmf=2;NsS zbdFK1-^)fVaY~5M?TXSSl^UXSui0ptu$NtWdX{tvS}~{6?+j9W6Zn$E#drb4c)G3G zwqvXa*u8=vcTj|;_*twVxsV@!_Xg4wfDZ*qb2chJhx+>co?=1Xx(!{GI;SUHXEDnD z?T03&pU1q_{~==llgG9$wuis2mKJhCTRo?84EnSz)>K0|a(E;%z`+y5|E4^ELh7zP zeAL;>H}=;3%C!+8j9)E4I#{W*;58wJVW|j57UqW9WFNL1>xI?&h8aYU$dth@E(kKx zGPO@zkjdBCUk(dGwvjISZVa5PH)6p&=6+u1`*WI&laBzVq+^c6#q8nIEPp&#*jJG` z3r*doqeQ{6^U?OrqK7`24v?*B8hO{X8@uek2o-jWVhNT!UrzP%g`20V$9%V}RWAaU zJ$giLRWME`ZnD%b^6+9BMlYi`s_sB53#>wU`X3rD+UuWc)Og{?T5+GzFF|CstS72| zl2@EBtyg+K;u}LA-B!=$jCwtbMfIdgF-&15VHm2i3OJH|p-PdW={0&g0%QimHarz5 zj9PcyZA#7)Cvr*kVl$#MBgT=7eHjlARv0~h+%{`wx%d4QZbF7xN@;|7WsG+*;4PN$ zM_U=^Pv+?JottK5bI{C?&RRqNZx^AWh)He8+Pl&)qm03CNB6j_SxoFgge2n$>43@M z0a@j-!g5nE)eZu4!Z{?=pWKa?itN;1t`=yVHy?Bs<0^76PV)jWM1A(k=AW!>%VIxk zIw-_dqY_;+)~9}(KU1O0hVtI+1sQM4qt7a-=2WC(dT)bX@zD*^uaF8U0yA|vHZRd~eubuXZRSS#V1fhH5H!ajOY1cFr5~Tz$NQu5z0+ktL zSNw6jBr**hMwS6%pKt5ou5)An$n^`$4iY8N#y4v+;mwO|{6+?i0Mj5~i^IB00xRxg zH4IH~tU1!~v|0UcM-udvbi#aYEE&We8r%oU;Pma->DXZ3PMLw3$Q*>IG~FqLD08lG zD;JF|-o$T?r@^Dxn|W1ULI|O(LX*L=1xKejQu?)9g$F_$PA;iqj;PLv+Jw7^IcabF zP{PWK^{pH8jaq6$kGP<0e9ubkXJkm}7P&Xt)~q*L*Bd?w7r`*;k?%w`Uj8Z3MCy0n zy@JnN?n}+eO|z%}aG4u4dJs|<;!WQ09_~&v8ZGmqqKyiSyfO_nxWBW0PEh>u!_ULT_ytCLw3)+7`=pEW zWChioYc_X)Xn<`?MSlBMBJ!fYJ6-Nbdz7wq_n4!`gy7KA*q;Vn;*13Ofe`6D5Cs5k{kj2l2`(JT_p(U#ZtF`OGv%{in<)AW?d5FQyH`i@x9 zmE@CA+?yT`(p~_NG(zsL-hs%F8(Vc`m22;9FPCp$E$l0~zY8*I#WA`D`xu*xSUZ-5 zOO1LfZA(bCQjr*zB?v-rdw2&7hRa-#%H%7eRIrC>s3xdsv_yvxdVYP(9jn=CW#LFF z>|rGOJ(#Y1bmg(?&~PB#;d_j~y{kMFIWvy*lwhzzCSL{>xN5L8!bbantHVl-$Z0Q^ zcD?vYia4*bT}~CxJ)GCKyO9}+V=5KFP~C7^G9RvH?v(Rq*jI~g@kEN&r6Q%@kOM|d zPwU(1Lr~p7Lau+0oEZ0S?~e1+7^cupaCerpkU`B{=qCU`m1k>5rtP@JwJzM3>X=rn zQvK3A4!9G=By#@tDbdHSax_>afXC86w%`ALG`(TlON=>a@25PWSAnbyzM|)~gtOqd zatSEz^wkB?Br@N^cf3sVQms=kj( zNWyVXE~Dghec5nd;`M32=sq=vc$X5+4eiKpW@WIa(RvlgRq}bo?sWbS61-^9>!9yU zvBQ!C*JVc%6Ud?{gLB}=FN=g92i@8Gq7gj3FerrD#hnM}X@ z*`tcCC-!>Pl|cxJpC@x7?-=73 zG*GgY1c`2gs1YhwFk%_{{b?;*Cw6Z)u;5XcdYZ+AH~Q25u-uS_fpJ}CqzG~*>!qjd zL;#6RESoZtf}&GxKgKCbNeSc{cd#TwVA0%KC(T~ifRGR9sTR+_8u05?*=M{ zq2Hrhf^61?2lW@0a$)#r{8WS=S2;d9Ko-7wy+^Ux=r+_F94-9ipQR$FC%pl9^Z1l9 zvjHO}q`*Ck%RK*TM&>m+(SY?wC=<(z$5U){nZ}e-la}jHF0}!KYpofuHf-ASdvNkW z6hp^+WwK^>kkl_Q)Zk4fl@cSAwfwVt*?9q@(U{#Um|3t? zkg)#keb81B>H$0aQrHj*nLgD)g)o2$bW0i0LxRiUTPn#lBM0)uEoA}iS2R@`6hRDy zaW43u))wjZnzb%qFs8Zq<@GRqB{ALJJTh;+|G7)VWhWK=>HVXSwVmZ`S z>JVe%8(Da1jjuQ3SEJr=wESUY7`5iA2L|D@jYn+l&hjMTxM z#_a9GmRqVWl9}sH&Ru1Sz35x#bE|^nmfBtut(i}C5?_%j>L7VT>1lED7X$T9C{QeI z_79JQY6dY)3!RNmm-R_G_c`4N=o_@t%YJ@mQe`JPYZH{pt$tO#AdAjsHs|IVsX2cX za;>oc`2(gK;+94azWxVG*Rvpv#E@&gbDHr)ftcnZTVdrsQdse}Uur8;^23oV+#cAa zu$p@?E?O_0CAj@&P`9O}$Kdi;6jaI8wdn(R;UdA;eg^?<{kIw>RwmfSD7H0_V}t_(SC}Sb*9=Yk22VH=AY$|t zl=T|kyN+j1{dxV-P3DotXRjs(iZ{JNIB7jS;$q42=;fS861V}&xpzJtitVP}@g$*C z#X~@NpA`FvVLvNxAaYi;I+yN4ANzQG%45e>vuU@#B~>}T%~)<8)>rprp@3LOE#?HO zrIIFLHFRHf0Ec*A*@|jCt(AOOKeQQIY>Z!5TK+ zv;Mr(39ha>#xT8dqF9+sdbwNYpiqCc;_-tB6C;c^8onCd$4%go;C4bPt3Z8DLd z`|HQR&i(V~!KuSPPO~+cT*5+wZ;9Gjfd6NbXRb$q_jOvQ9ju@iR&)Gha3ISc0(z~M zXaQ@<6ZVIE&OP(D(@F9l1dXd{FjddrpsXUdJK;U`&^!w$23=^R%D{$r_l5Tw^HjEl;BqqyUK z!lDkB6+$lH7#;TRMeSF=o3Z4TvopYQSJD+J>HuXa&Y)>VYfq8lYF8dmS-6Wd*8Zc1W5q$Z}Z zKDts4eqF>YjN^K$(dUK1=%jY3O#ni*3G>EF0T@AZ0+bHeAj|T_)AIB4I8;Nv>Kqzi zpHgqWE>&ysoAIcl=3&o@fUlRB+u8<3k>^mR7q_e~$UFxw7bb5Jdp$Myt6`bkSh2oD zLP{BQSR|@(CbBa%Y(h=tbsM=AFC_v|OE<V~H~VO5AZB(s`D9z7+um7=3Lp?$FH5$HEGAcKw3tsoy`rbJ_V+lOV!Yx- zmwhXl+G8xn61%-^ZfT)+_IT?jj#l9>e37C`*J*JvJpB`_-$P$|)W7q*$2jeMv|vh7kKIzR-(+Z52sh15Ge4hWdsNMY)!$FDfOOn%R;$rjiHT zwFS?7dwRyZO8OXVoJKsRwt*1J6DnyftZ5(gt4&ZXJV~ga7#w{^Z`!xX*U6_`fySYf zuq{AlleqF~PVUBLF9J#4gi@B%Ljnl*g8}GNHSjwt*0cbCwd5E8Hc5~Wu~t0))u5dQ zPrv6kFlp;e=ngKDBiYFZN=cp0SJS2unGH@yvBV6!osk24o6qT48KAz2LA<96zH`3` zsY|5Vic`OO)UEG@DQU*KVHl0+87h7YJmEK_oDBMf04+IY17yNu)q!08S{KIKhQ-Xa zGJAP|O+0;+4sTGbSdo{{lByIQyQI2qYxor<%O-KrYgVeZAOIij+?aKE&h{xIHPTo5 z1r-|^i&FRg?=--VR+O+B>S#S(kxw1N1f3y+xo<}I% z+h`MYM0cYD-oT=9aEr+gD#@^Lyv@iuDA))ttc}1rGz^UTy7+1SVl+TUR`t3?tq#_i zf||Zkcsx%LLJTaVfvF=4tG^OMt`_z1A|UkUA50Qdh9A<2KjHs4czW0O&W{(thn!%Q zh^wXL;7kywptTK)h6%sx>8Wjy1e0GJcnM3#EeEb9$8#q#uO-Zh7dl{q5|IGErRw>2 zpH6WBdM{46k6S-*t$>O&8B&OOO5T3c4Q|Fy zKFYD~C+WC(PR`lQYsMy>*?H`#3GF-`?Z_{Ip<#P4xOwcHB=-j~JlxrM1dsm9V4hz- z9fYkY*c}r2tkT%&d5Jx%r}rWr=0rcxjh)(;jf9KQCPi7pJsnqMNi;Lh5xj-*J1vw> zJgC8Jw$S{}LfoIBF-yql)db7swk;-VRiE7CljFPt#XT&4YPpX*5LGF}%6AOZ!!d`7 zZ}V_^e$a?pWYCjT^3WBpG@fI(=3gKoz!UOHLs(%TWOkQUyxjajx119fuajh$n?7w% ze^TzDzcHu9%46QkJg$8TMHsX%Hn2E{g)54)!B%(g&K=vCRk)YM{t2WB!W6{h%+SR~ zzmf6E*F5g&CGUuNNd;sTKyei+Gb!Hia|_7;iU)#rsqvJh3kgCjE#G*A%Q>S!e72Wr zA@VGegzh;4CRxiU?OTri4@v}KgT2vzJxq(VX||_07%Kj@vl<>Z2Z5PLJVdN%a>-7V zSj#ws$j>hXzcCCdzST1z5U^E;GXqc8EhJ>V$^;gxKV$9NadzfBBcMa|L~%N&iw8bH zGiR9ik7i>@FPy0%CpBI#uJpbNBUS2NLB48%Du)j3Sly17a8EiP>9Kr{Ob$QxV^f=4Cl$)uprt!|o>C z$}7}&J}$DIRk3tAeI|LOHUdn>eAFkEoCdC)r)DA39XawsniG#iN5k=hSZIt(=r)1H z6!6i7==ZnOi8d{l&F3DFA>L6#^3stZP|F&^8C_CLM=C#e65n6kW@9K|FFgbf zv0qr+*lhtI7E;zUNq*qG%MaszIcQd?9kaKVP;w6r*mm7`X_~z~dl=C#&^H~7dqZ-G zJhnzb3ipIWAlxgRccpNbIAtCslUzOOETeH!f7pGTKlQPySUcvv<{oL7T)n-<30l3@ zIJbA65jlye{4R?;%@+Z*_avJ;L`~&rqftht)BUBr13sygQ`hb)KG&5BLD*`nJA7(Y z`r!2wZ?QSX887YaUy?mvK&>{xTK)frC z4{!9RQF2)FkK^uT=g+F|#4(LjlZgaGXCxGNtlz^^Kdp5_?Qscv%#&)aQhS|wCHfFz z`T7@X$Y}xcn%kJz0Pk7&^K;kG`S^(p3gBMDDsMEc?*OW*b7JK1R@G1Vl*|W%a+Riw z#*xB_bz=$~9s@Y3@wx$Py}N{1JwNL7Hf3A){n~bGU{52N#jJ>dJXE_8m-@fE`c=>A zcj;S|N??+RkDMFq)(j+#3>fAM5ehdpZNrGC!iCSx>1*JwBTscdAek=O^K+M4&_Z~K zJ>H$FBxN!IHVn5v;WE9%Oh};h*Jzt=pJLT{e2sF??03!kkaO&Ns}OW)Q9X5m4+r@t zvC9jTxDkRD3n)*jf?43bZ+SA)Xz%4<(Fh;%{?!0)VrVEivuwX-GxvF6Rly6?`#Ljp zL5J%|(S8ZM_`BS%QCvZ6oeY7ZK2pEgF!Es+$pfaeD%%mrxr+in#BR~3sDt%!U$J%g zSLjVwY#2s6o>PKg0$J7S1vWjuI^Ps>Zmv}`7*>i@Q|z>nfDDos8O_b*Bu;%_$*lEZ zF#X1ZugBE}-n`eq0jVzLrQDWpWYy*VfI~fYCxBVOQQYMkow!=P zd!4+n=PzQ7Z0j>5*1mJ2L@GY$i1puYAlvmN!~kXcu&<|^I-iq|K<5^&AKu0r7vstk zg?QtWrpmf0`o(m`p3<<1d8!1kA$&P`0z>yhvbTGxBze9*_lsM{Nf{-&wke|YzjolJ z-XH2%#w{gKUNOv<;nA%?QzeRtLGfq!3KA5agi5k6d#2b z%!^nF7Bp!3d}9D873_t*1==|coqDw|j(+*MKerWLzDhqa96*nyn}$DwZb`4*M5Fhm z+^8iIGST6$zk!EijCWD7+?cg>bopt`p1vCO3%|{3Z}nC!^czZTX$5;vru*i-C8ev- z&ImDC)!QUsFE_t7(9)hsUF+!wlWHK3Tm*Nd(qcPyU<%@+5Yo308x&qoW{QbzoR+=j zoT;=J6HOJ*|A?|9c~^j(Z;hyb8tW;>`(1ESF#})_xC&X+eUNTs_d{r?69HHz<9rc; S3 80/TCP 30s +``` + +## Test NGINX connectivity + +The NGINX service is type `ClusterIP`, which means it has no external IP and is only reachable from within the cluster network. The cluster also has `publicAccess: false`, so there is no public Kubernetes API endpoint. Both constraints mean you cannot test connectivity from your laptop directly. Instead, run a one-off pod inside the cluster that sends a request to the service and then deletes itself: + +```console +kubectl run curl-test --rm -it --image=curlimages/curl --restart=Never -- curl http://nginx-arm-svc.nginx.svc +``` + +The output is similar to: + +```output + + + +Welcome to nginx! + + +

Welcome to nginx!

+

If you see this page, the nginx web server is successfully installed and +working. Further configuration is required.

+ + +pod "curl-test" deleted +``` + +The NGINX welcome page confirms that the workload is running and reachable on your Graviton-backed EKS cluster. + +## Clean up + +Remove the NGINX workload and then delete the cluster to avoid ongoing AWS charges. + +Delete the NGINX resources: + +```console +kubectl delete -f nginx-graviton.yaml +``` + +The output is similar to: + +```output +namespace "nginx" deleted +deployment.apps "nginx-arm-deployment" deleted +service "nginx-arm-svc" deleted +``` + +{{< notice warning >}} +Deleting the cluster through RCTL triggers the removal of the EKS control plane, managed node group, and associated CloudFormation stacks in your AWS account. If you do not run this command, AWS will continue to charge you for the running EC2 instances and EKS control plane. +{{< /notice >}} + +Delete the EKS cluster through Rafay: + +```console +rctl delete cluster demo-eks-graviton +``` + +## Summary + +In this Learning Path you: + +- Connected your AWS account to the Rafay platform using a cross-account IAM role and cloud credential. +- Provisioned a private Amazon EKS cluster with a Graviton (`m7g.large`) node group using a declarative Rafay manifest and `rctl`. +- Deployed NGINX with a `nodeSelector` that pins workloads to `arm64` nodes, confirming that Arm-native containers schedule and run correctly. +- Tested in-cluster connectivity using a one-off curl pod, and cleaned up all AWS and Rafay resources. + +Rafay's control plane handles cluster access without requiring a public Kubernetes API endpoint, making it straightforward to run private, Graviton-backed EKS clusters at scale. diff --git a/content/learning-paths/servers-and-cloud-computing/rafay-eks/setup.md b/content/learning-paths/servers-and-cloud-computing/rafay-eks/setup.md new file mode 100644 index 0000000000..981e9eed12 --- /dev/null +++ b/content/learning-paths/servers-and-cloud-computing/rafay-eks/setup.md @@ -0,0 +1,441 @@ +--- +title: "Set up your environment" +weight: 2 + +### FIXED, DO NOT MODIFY +layout: learningpathall +--- + +## Before you begin + +[Rafay](https://rafay.co) is a Kubernetes operations platform that provisions, secures, and manages the full cluster lifecycle across public cloud, private, and hybrid environments. It provides a single control plane for fleet-wide operations including automated provisioning, upgrades, and governance. You can use Rafay to provision an Amazon EKS cluster with an Arm Graviton node group and deploy a workload to verify the setup. + +You need the following accounts and tools before starting this Learning Path: + +- An [AWS account](https://aws.amazon.com/) with sufficient IAM permissions to create roles, EKS clusters, EC2 instances, CloudFormation stacks, and related resources. +- A [Rafay account](https://console.rafay.dev). You can [sign up](https://console.rafay.dev/#/signup) if you do not have an account. +- The AWS CLI installed and configured with credentials that have the required permissions. + +Confirm your AWS CLI is working by running the following command, which prints your account and user information: + +```console +aws sts get-caller-identity +``` + +## Install kubectl + +Install the Kubernetes command-line tool, by following the [kubectl install guide](/install-guides/kubectl/). + +Confirm the installation: + +```console +kubectl version --client +``` + +The output is similar to: + +```output +Client Version: v1.32.1 +Kustomize Version: v5.5.0 +``` + +## Install RCTL + +RCTL is the Rafay CLI. You use it to submit cluster manifests, check cluster status, download kubeconfig files, and delete clusters. + +To download RCTL, log in to the Rafay console, navigate to **My Tools** > **Download CLI**, and download the binary for your operating system. + +The downloads are `.tar.bz2` files. + +On macOS with Apple Silicon extract the file with: + +```console +tar xvf rctl-darwin-arm64.tar.bz2 +``` + +On Arm Linux, use the filename: + +```console +tar xvf rctl-linux-arm64.tar.bz2 +``` + +{{% notice Note %}} +RCTL is also available for x86_64 Linux and Windows. Modify the filename to match your platform as needed. +{{% /notice %}} + +Move the binary to a directory in your search path: + +```console +sudo mv rctl /usr/local/bin/ +``` + +## Configure RCTL + +Download the RCTL configuration file from the Rafay console. Navigate to **My Tools** > **Download CLI Config** and save the file. + +The file name is formatted for your user information. + +Copy the downloaded file to a known location and initialize `rctl` with it: + +```console +cp ~/Downloads/.json ~/rafay-config.json +rctl config init ~/rafay-config.json +``` + +The config command doesn't have any output. + +Verify the installation: + +```console +rctl version +``` + +The output is similar to: + +```output +VERSION: r4.2.0 +BUILD: r4.2.0-1 +BUILD-TIME: Thu 04 Jun 2026 07:17:05 AM UTC +ARCH: darwin/arm64 +``` + +Confirm that `rctl` can reach the Rafay platform: + +```console +rctl config show +``` + +The output lists your account information, including the endpoints, keys, project, and organization information. + +## Create an AWS IAM role for Rafay + +Rafay provisions EKS resources in your AWS account using a cross-account IAM role. You need two values from the Rafay console before running the script: + +1. Log in to the Rafay console +2. Select **defaultproject** (or another project) from the project selector in the top navigation bar +3. Navigate to **Infrastructure** > **Cloud Credentials** > **New Credential**. +4. Select **AWS** as the provider select **ROLE**. Copy the **Rafay Account ID** and **External ID** displayed on the screen. You will pass these values to the script below. + +Save the following script as `create-rafay-role.sh`: + +```bash +#!/bin/bash +set -euo pipefail + +read -rp "Enter Rafay Account ID: " RAFAY_ACCOUNT_ID +read -rp "Enter External ID: " EXTERNAL_ID + +ROLE_NAME="RafayEKSProvisioner" +REGION="us-east-1" + +TRUST_POLICY=$(cat < **Cloud Credentials** > **New Credential** in the Rafay console +2. Paste the Role ARN into the **Role ARN** field. +4. Enter `aws-cloud-credential` as the credential name. +5. Click **Save**. + +![Screenshot of the Rafay console showing the cloud credential registration form with the AWS Role ARN field filled in #center](images/rafay-cloud-credential.webp "Registered AWS cloud credential in the Rafay console") + +You now have `kubectl` and `rctl` installed, `rctl` authenticated to Rafay, and an AWS cloud credential registered. You are ready to create the EKS cluster.