1. Setting Up License Manager and Purchasing Support
First, complete the first step of the license manager one-time setup. Next, go to the AWS Marketplace. Locate the "Rancher Premium Support Billing Container Starter Pack". Purchase at least one entitlement.
If you have installed Rancher using the "Rancher Setup" AWS Marketplace offering, skip to Step 4.
Note: Each entitlement grants access to support for a certain amount of nodes. You can purchase more licenses as necessary later on.
2. Create an EKS Cluster
- EKS version 1.22.
- Each node in the cluster has access to the registry containing Rancher and its related images.
- Each node in the cluster has access to the ECR repo storing the CSP Adapter.
- Each node in the cluster has access to the license manager service.
- Each node in the cluster has access to global endpoints for the STS service.
3. Install Rancher
In addition to the options specified to install Rancher in the Rancher docs, you will also need to enable extra metrics. This can be done through the Helm CLI through the following options:
--set extraEnv\[0\].name="CATTLE_PROMETHEUS_METRICS" --set-string extraEnv\[0\].value=true
You can also use a values.yaml like the below:
- name: "CATTLE_PROMETHEUS_METRICS"
You will also need to install Rancher version 2.6.7 or higher.
4. Create an OIDC Provider
Follow the AWS documentation to create an OIDC provider for the cluster specified in the previous section.
5. Create an IAM Role
An IAM role is required for the CSP adapter to check-in/check-out entitlements.
First, configure the trust policy as below. Replace
MY_AWS_ACC with your AWS account number,
MY_AWS_REGION with your AWS region, and
MY_OIDC_PROVIDER with the id of your OIDC provider:
Next, use a policy for the role which has the following permissions:
Save the name of the role. You will need it later on when installing the CSP adapter.