docs
docs copied to clipboard
dapr
How to set up Dapr on an EKS cluster guide
Adding an AWS EKS guide for Dapr install to complement the others https://docs.dapr.io/operations/hosting/kubernetes/cluster/
We just started an internal POC for Dapr on EKS and I'll take a stab at getting a guide together in the next couple of weeks here as we go through this journey.
(deleted the previous message - was logged in as the wrong account)
We just started an internal POC for Dapr on EKS and I'll take a stab at getting a guide together in the next couple of weeks here as we go through this journey.
(deleted the previous message - was logged in as the wrong account)
Thanks! That would be great.
@joshdcar friendly bump - I can help with documenting if you have an example I can test/work from?
Hi @hhunter-ms - Thanks for the nudge :) This did drop off my radar. I'll add it to my queue for next week. I do still have access to our EKS cluster (or the ability to spin up a new temporary one to document) so this should be pretty easy. I'll let you know if I need any assistance on the documentation. Thanks!
Hi @hhunter-ms.
I'm trying to install DAPR on my EKS cluster. My cluster has Security Group for Pods enabled and we use IAM roles for service accounts to provide temporary AWS credentials to our pods.
I have difficulties to understand the necessary AWS perms each component require, and the protos and ports to open between my application pod where the dapr sidecard is injected, the DAPR control plane (dapr-system) and the EKS cluster control plane.
I saw this issue was marked as completed but I can't find the EKS cluster guide on DAPR doc: https://docs.dapr.io/operations/hosting/kubernetes/cluster/
Could you please please share the EKS guide link?
Thanks in advance
Regards Mickael
derstand the necessary AWS perms each component req
Hello @mickael-ange , were you able to solve your issue? I'm trying to deploy dapr to AWS EKS too and sidecar injection doesn't seem to be working for me.
Hi @paulafahmy
Yes, I come up with the following simple security groups configuration.
I created 2 Security groups:
- The
DaprSystemsSG which should be attached to pods in thedapr-systemnamespace. To attach the SG to all DAPR systems, I created thedapr-systemsSecurityGroupPolicywith the following (Ansible) config.
- name: Configure k8s SecurityGroupPolicy for DAPR Systems
kubernetes.core.k8s:
definition:
apiVersion: vpcresources.k8s.aws/v1beta1
kind: SecurityGroupPolicy
metadata:
name: dapr-systems
namespace: dapr-system
spec:
podSelector:
matchLabels:
app.kubernetes.io/name: dapr
securityGroups:
groupIds:
- sg-xxxxxx # The `DaprSystems` SG ID
- sg-yyyyyy # EksPod SG which is attached to all my pods which allows communication from my EKS Nodes
- The
DaprSidecarSG which should be attached to the pod containing your application where the DAPR sidecar will be injected. To attach the SG to the application pod, I created themy-appSecurityGroupPolicywith the following (Ansible) config.
- name: Configure k8s SecurityGroupPolicy
kubernetes.core.k8s:
definition:
apiVersion: vpcresources.k8s.aws/v1beta1
kind: SecurityGroupPolicy
metadata:
name: my-app
namespace: my-app-ns
spec:
podSelector:
matchLabels:
app.kubernetes.io/name: my-app
securityGroups:
groupIds:
- sg-xxxxx # My app SG ID
- sg-yyyyy # DaprSidecar SG ID
- sg-zzzzz # EksPod SG which is attached to all my pods which allows communication from my EKS Nodes
The ingress rules for each security group are as follows:
- DaprSystems (The EksCluster SG is the one that is attached to my EKS cluster)
- DaprSidecar: No rules
- EksPod: allow all TCP ports from EKS Nodes SG to EKS Pods. Mainly for probes.
I hope it can help you. Cheers