Following this example creates EKS cluster and its supporting resources using AWS community modules.
After EKS cluster is created it is onboarded to CAST AI.
Kvisor security agent is deployed to the cluster and security policies are enabled.
See install_security_agent and kvisor_values variables in castai.tf file.
Example configuration should be analysed in the following order:
- Create VPC -
vpc.tf - Create EKS cluster -
eks.tf - Create CAST AI related resources to connect EKS cluster to CAST AI with Kvisor enabled -
castai.tf
- Rename
tf.vars.exampletotf.vars - Update
tf.varsfile with your cluster name, cluster region and CAST AI API token
| Variable | Description |
|---|---|
| cluster_name = "" | Name of cluster |
| cluster_region = "" | Name of region of cluster |
| castai_api_token = "" | Cast api token |
| rest_api_service_name = "" | The name of the AWS PrivateLink service for the CAST AI endpoint. |
| grpc_service_name = "" | The name of the AWS PrivateLink service for the CAST AI endpoint |
| api_grpc_service_name = "" | The name of the AWS PrivateLink service for the CAST AI endpoint |
| files_service_name = "" | The name of the AWS PrivateLink service for the CAST AI endpoint |
| kvisor_service_name = "" | The name of the AWS PrivateLink service for the CAST AI endpoint |
| telemetry_service_name = "" | The name of the AWS PrivateLink service for the CAST AI endpoint |
Actual PrivateLink endpoints you can find here: https://github.com/castai/privatelink-aws