Commit 1673e76c authored by Thong Kuah's avatar Thong Kuah

Merge branch '119296-docs-aqualls-fix-cluster-docs' into 'master'

Revise role and policy creation

Closes #119296

See merge request gitlab-org/gitlab!42907
parents 8c58e99d 59dd3d58
...@@ -61,21 +61,10 @@ To create and add a new Kubernetes cluster to your project, group, or instance: ...@@ -61,21 +61,10 @@ To create and add a new Kubernetes cluster to your project, group, or instance:
- **Admin Area > Kubernetes**, for an instance-level cluster. - **Admin Area > Kubernetes**, for an instance-level cluster.
1. Click **Add Kubernetes cluster**. 1. Click **Add Kubernetes cluster**.
1. Under the **Create new cluster** tab, click **Amazon EKS**. You will be provided with an 1. Under the **Create new cluster** tab, click **Amazon EKS**. You will be provided with an
`Account ID` and `External ID` to use in the next step. `Account ID` and `External ID` needed for later steps.
1. In the [IAM Management Console](https://console.aws.amazon.com/iam/home), create an EKS management IAM role. 1. In the [IAM Management Console](https://console.aws.amazon.com/iam/home), create an IAM policy:
To do so, follow the [Amazon EKS cluster IAM role](https://docs.aws.amazon.com/eks/latest/userguide/service_IAM_role.html) instructions 1. From the left panel, select **Policies**.
to create a IAM role suitable for managing the AWS EKS cluster's resources on your behalf. 1. Click **Create Policy**, which opens a new window.
In addition to the policies that guide suggests, you must also include the `AmazonEKSClusterPolicy`
policy for this role in order for GitLab to manage the EKS cluster correctly.
1. In the [IAM Management Console](https://console.aws.amazon.com/iam/home), create an IAM role:
1. From the left panel, select **Roles**.
1. Click **Create role**.
1. Under `Select type of trusted entity`, select **Another AWS account**.
1. Enter the Account ID from GitLab into the `Account ID` field.
1. Check **Require external ID**.
1. Enter the External ID from GitLab into the `External ID` field.
1. Click **Next: Permissions**.
1. Click **Create Policy**, which will open a new window.
1. Select the **JSON** tab, and paste in the following snippet in place of the existing content: 1. Select the **JSON** tab, and paste in the following snippet in place of the existing content:
```json ```json
...@@ -131,7 +120,20 @@ To create and add a new Kubernetes cluster to your project, group, or instance: ...@@ -131,7 +120,20 @@ To create and add a new Kubernetes cluster to your project, group, or instance:
1. Click **Review policy**. 1. Click **Review policy**.
1. Enter a suitable name for this policy, and click **Create Policy**. You can now close this window. 1. Enter a suitable name for this policy, and click **Create Policy**. You can now close this window.
1. Switch back to the "Create role" window, and select the policy you just created.
1. In the [IAM Management Console](https://console.aws.amazon.com/iam/home), create an EKS management IAM role.
To do so, follow the [Amazon EKS cluster IAM role](https://docs.aws.amazon.com/eks/latest/userguide/service_IAM_role.html) instructions
to create a IAM role suitable for managing the AWS EKS cluster's resources on your behalf.
In addition to the policies that guide suggests, you must also include the `AmazonEKSClusterPolicy`
policy for this role in order for GitLab to manage the EKS cluster correctly.
1. In the [IAM Management Console](https://console.aws.amazon.com/iam/home), create an IAM role:
1. From the left panel, select **Roles**.
1. Click **Create role**.
1. Under `Select type of trusted entity`, select **Another AWS account**.
1. Enter the Account ID from GitLab into the `Account ID` field.
1. Check **Require external ID**.
1. Enter the External ID from GitLab into the `External ID` field.
1. Click **Next: Permissions**, and select the policy you just created.
1. Click **Next: Tags**, and optionally enter any tags you wish to associate with this role. 1. Click **Next: Tags**, and optionally enter any tags you wish to associate with this role.
1. Click **Next: Review**. 1. Click **Next: Review**.
1. Enter a role name and optional description into the fields provided. 1. Enter a role name and optional description into the fields provided.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment