Help improve this page
Want to contribute to this user guide? Scroll to the bottom of this page and select Edit this page on GitHub. Your contributions will help make our user guide better for everyone.
Amazon EKS add-ons
An add-on is software that provides supporting operational capabilities to Kubernetes
applications, but is not specific to the application. This includes software like
observability agents or Kubernetes drivers that allow the cluster to interact with underlying
AWS resources for networking, compute, and storage. Add-on software is typically built and
maintained by the Kubernetes community, cloud providers like AWS, or third-party vendors. Amazon EKS
automatically installs self-managed add-ons such as the Amazon VPC CNI plugin for Kubernetes, kube-proxy
, and
CoreDNS for every cluster. You can change the default configuration of the add-ons and
update them when desired.
Amazon EKS add-ons provide installation and management of a curated set of add-ons for Amazon EKS
clusters. All Amazon EKS add-ons include the latest security patches, bug fixes, and are
validated by AWS to work with Amazon EKS. Amazon EKS add-ons allow you to consistently ensure that
your Amazon EKS clusters are secure and stable and reduce the amount of work that you need to do
in order to install, configure, and update add-ons. If a self-managed add-on, such as
kube-proxy
is already running on your cluster and is available as an Amazon EKS add-on, then
you can install the kube-proxy
Amazon EKS add-on to start benefiting from the capabilities of
Amazon EKS add-ons.
You can update specific Amazon EKS managed configuration fields for Amazon EKS add-ons through the Amazon EKS API. You can also modify configuration fields not managed by Amazon EKS directly within the Kubernetes cluster once the add-on starts. This includes defining specific configuration fields for an add-on where applicable. These changes are not overridden by Amazon EKS once they are made. This is made possible using the Kubernetes server-side apply feature. For more information, see Kubernetes field management.
You can use Amazon EKS add-ons with any Amazon EKS node type.
Considerations
-
To configure add-ons for the cluster your IAM principal must have IAM permissions to work with add-ons. For more information, see the actions with
Addon
in their name in Actions defined by Amazon Elastic Kubernetes Service. -
Amazon EKS add-ons run on the nodes that you provision or configure for your cluster. Node types include Amazon EC2 instances and Fargate.
-
You can modify fields that aren't managed by Amazon EKS to customize the installation of an Amazon EKS add-on. For more information, see Kubernetes field management.
-
If you create a cluster with the AWS Management Console, the Amazon EKS
kube-proxy
, Amazon VPC CNI plugin for Kubernetes, and CoreDNS Amazon EKS add-ons are automatically added to your cluster. If you useeksctl
to create your cluster with aconfig
file,eksctl
can also create the cluster with Amazon EKS add-ons. If you create your cluster usingeksctl
without aconfig
file or with any other tool, the self-managedkube-proxy
, Amazon VPC CNI plugin for Kubernetes, and CoreDNS add-ons are installed, rather than the Amazon EKS add-ons. You can either manage them yourself or add the Amazon EKS add-ons manually after cluster creation. -
The
eks:addon-cluster-admin
ClusterRoleBinding
binds thecluster-admin
ClusterRole
to theeks:addon-manager
Kubernetes identity. The role has the necessary permissions for theeks:addon-manager
identity to create Kubernetes namespaces and install add-ons into namespaces. If theeks:addon-cluster-admin
ClusterRoleBinding
is removed, the Amazon EKS cluster will continue to function, however Amazon EKS is no longer able to manage any add-ons. All clusters starting with the following platform versions use the newClusterRoleBinding
.Kubernetes version EKS platform version 1.20 eks.12 1.21 eks.14 1.22 eks.9 1.23 eks.5 1.24 eks.3
You can add, update, or delete Amazon EKS add-ons using the Amazon EKS API, AWS Management Console, AWS CLI, and
eksctl
. For more information, see Managing Amazon EKS add-ons. You can also create Amazon EKS add-ons using AWS CloudFormation.
Available Amazon EKS add-ons from Amazon EKS
The following Amazon EKS add-ons are available to create on your cluster. You can always
view the most current list of available add-ons using eksctl
, the AWS Management Console, or the
AWS CLI. To see all available add-ons or to install an add-on, see Creating an add-on. If an add-on
requires IAM permissions, then you must have an IAM OpenID Connect (OIDC) provider for
your cluster. To determine whether you have one, or to create one, see Create an IAM OIDC provider
for your cluster. You can update or delete an add-on once you've installed it.
Choose an add-on to learn more about it and its installation requirements.
-
Name –
vpc-cni
-
Description – A Kubernetes container network interface (CNI) plugin
that provides native VPC networking for your cluster. The self-managed or managed type of this add-on is installed on each Amazon EC2 node, by default. -
Required IAM permissions – This add-on utilizes the IAM roles for service accounts capability of Amazon EKS. If your cluster uses the
IPv4
family, the permissions in the AmazonEKS_CNI_Policy are required. If your cluster uses theIPv6
family, you must create an IAM policy with the permissions in IPv6 mode. You can create an IAM role, attach one of the policies to it, and annotate the Kubernetes service account used by the add-on with the following command. Replace
with the name of your cluster andmy-cluster
with the name for your role. If your cluster uses theAmazonEKSVPCCNIRole
IPv6
family, then replace
with the name of the policy that you created. This command requires that you haveAmazonEKS_CNI_Policy
eksctl
installed on your device. If you need to use a different tool to create the role, attach the policy to it, and annotate the Kubernetes service account, see Configure a Kubernetes service account to assume an IAM role. eksctl create iamserviceaccount --name aws-node --namespace kube-system --cluster
my-cluster
--role-nameAmazonEKSVPCCNIRole
\ --role-only --attach-policy-arn arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
--approve -
Additional information – To learn more about the add-on's configurable settings, see aws-vpc-cni-k8s
on GitHub. To learn more about the plugin, see Proposal: CNI plugin for Kubernetes networking over AWS VPC . For more information about creating the add-on, see Creating the Amazon EKS add-on. -
Update information – You can only update one minor version at a time. For example, if your current version is
1.28.
and you want to update tox
-eksbuild.y
1.30.
, then you must update your current version tox
-eksbuild.y
1.29.
and then update it again tox
-eksbuild.y
1.30.
. For more information about updating the add-on, see Updating the Amazon EKS add-on.x
-eksbuild.y
-
Name –
coredns
-
Description – A flexible, extensible DNS server that can serve as the Kubernetes cluster DNS. The self-managed or managed type of this add-on was installed, by default, when you created your cluster. When you launch an Amazon EKS cluster with at least one node, two replicas of the CoreDNS image are deployed by default, regardless of the number of nodes deployed in your cluster. The CoreDNS Pods provide name resolution for all Pods in the cluster. You can deploy the CoreDNS Pods to Fargate nodes if your cluster includes an AWS Fargate profile with a namespace that matches the namespace for the CoreDNS
deployment
. -
Required IAM permissions – This add-on doesn't require any permissions.
-
Additional information – To learn more about CoreDNS, see Using CoreDNS for Service Discovery
and Customizing DNS Service in the Kubernetes documentation.
-
Name –
kube-proxy
-
Description – Maintains network rules on each Amazon EC2 node. It enables network communication to your Pods. The self-managed or managed type of this add-on is installed on each Amazon EC2 node in your cluster, by default.
-
Required IAM permissions – This add-on doesn't require any permissions.
-
Additional information – To learn more about
kube-proxy
, seekube-proxy
in the Kubernetes documentation. -
Update information – Before updating your current version, consider the following requirements:
-
Kube-proxy
on an Amazon EKS cluster has the same compatibility and skew policy as Kubernetes.
-
-
Name –
aws-ebs-csi-driver
-
Description – A Kubernetes Container Storage Interface (CSI) plugin that provides Amazon EBS storage for your cluster.
-
Required IAM permissions – This add-on utilizes the IAM roles for service accounts capability of Amazon EKS. The permissions in the
AmazonEBSCSIDriverPolicy
AWS managed policy are required. You can create an IAM role and attach the managed policy to it with the following command. Replace
with the name of your cluster andmy-cluster
with the name for your role. This command requires that you haveAmazonEKS_EBS_CSI_DriverRole
eksctl
installed on your device. If you need to use a different tool or you need to use a custom KMS key for encryption, see Create an Amazon EBS CSI driver IAM role. eksctl create iamserviceaccount \ --name ebs-csi-controller-sa \ --namespace kube-system \ --cluster
my-cluster
\ --role-nameAmazonEKS_EBS_CSI_DriverRole
\ --role-only \ --attach-policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy \ --approve -
Additional information – To learn more about the add-on, see Use Amazon EBS storage.
-
Name –
aws-efs-csi-driver
-
Description – A Kubernetes Container Storage Interface (CSI) plugin that provides Amazon EFS storage for your cluster.
-
Required IAM permissions – This add-on utilizes the IAM roles for service accounts capability of Amazon EKS. The permissions in the
AmazonEFSCSIDriverPolicy
AWS managed policy are required. You can create an IAM role and attach the managed policy to it with the following commands. Replace
with the name of your cluster andmy-cluster
with the name for your role. These commands require that you haveAmazonEKS_EFS_CSI_DriverRole
eksctl
installed on your device. If you need to use a different tool, see Create an IAM role. export cluster_name=
my-cluster
export role_name=AmazonEKS_EFS_CSI_DriverRole
eksctl create iamserviceaccount \ --name efs-csi-controller-sa \ --namespace kube-system \ --cluster $cluster_name \ --role-name $role_name \ --role-only \ --attach-policy-arn arn:aws:iam::aws:policy/service-role/AmazonEFSCSIDriverPolicy \ --approve TRUST_POLICY=$(aws iam get-role --role-name $role_name --query 'Role.AssumeRolePolicyDocument' | \ sed -e 's/efs-csi-controller-sa/efs-csi-*/' -e 's/StringEquals/StringLike/') aws iam update-assume-role-policy --role-name $role_name --policy-document "$TRUST_POLICY" -
Additional information – To learn more about the add-on, see Use Amazon EFS storage.
-
Name –
aws-mountpoint-s3-csi-driver
-
Description – A Kubernetes Container Storage Interface (CSI) plugin that provides Amazon S3 storage for your cluster.
-
Required IAM permissions – This add-on utilizes the IAM roles for service accounts capability of Amazon EKS. The IAM role that is created will require a policy that gives access to S3. Follow the Mountpoint IAM permissions recommendations
when creating the policy. Alternatively, you may use the AWS managed policy AmazonS3FullAccess , but this managed policy grants more permissions than are needed for Mountpoint. You can create an IAM role and attach your policy to it with the following commands. Replace
my-cluster
with the name of your cluster,
with the correct AWS Region code,region-code
AmazonEKS_S3_CSI_DriverRole
with the name for your role, andAmazonEKS_S3_CSI_DriverRole_ARN
with the role ARN. These commands require that you haveeksctl
installed on your device. For instructions on using the IAM console or AWS CLI, see Create an IAM role. CLUSTER_NAME=
my-cluster
REGION=
ROLE_NAME=region-code
AmazonEKS_S3_CSI_DriverRole
POLICY_ARN=AmazonEKS_S3_CSI_DriverRole_ARN
eksctl create iamserviceaccount \ --name s3-csi-driver-sa \ --namespace kube-system \ --cluster $CLUSTER_NAME \ --attach-policy-arn $POLICY_ARN \ --approve \ --role-name $ROLE_NAME \ --region $REGION \ --role-only -
Additional information – To learn more about the add-on, see Use Mountpoint for Amazon S3 storage.
-
Name –
snapshot-controller
-
Description – The Container Storage Interface (CSI) snapshot controller enables the use of snapshot functionality in compatible CSI drivers, such as the Amazon EBS CSI driver.
-
Required IAM permissions – This add-on doesn't require any permissions.
-
Additional information – To learn more about the add-on, see Use snapshot controller with CSI storage.
-
Name –
adot
-
Description – The AWS Distro for OpenTelemetry
(ADOT) is a secure, production-ready, AWS supported distribution of the OpenTelemetry project. -
Required IAM permissions – This add-on only requires IAM permissions if you’re using one of the preconfigured custom resources that can be opted into through advanced configuration.
-
Additional information – For more information, see Getting Started with AWS Distro for OpenTelemetry using EKS Add-Ons
in the AWS Distro for OpenTelemetry documentation. ADOT requires that
cert-manager
is deployed on the cluster as a prerequisite, otherwise this add-on won't work if deployed directly using the Amazon EKS Terraformcluster_addons
property. For more requirements, see Requirements for Getting Started with AWS Distro for OpenTelemetry using EKS Add-Onsin the AWS Distro for OpenTelemetry documentation.
-
Name –
aws-guardduty-agent
-
Description – Amazon GuardDuty is a security monitoring service that analyzes and processes foundational data sources including AWS CloudTrail management events and Amazon VPC flow logs. Amazon GuardDuty also processes features, such as Kubernetes audit logs and runtime monitoring.
-
Required IAM permissions – This add-on doesn't require any permissions.
-
Additional information – For more information, see Runtime Monitoring for Amazon EKS clusters in Amazon GuardDuty.
-
To detect potential security threats in your Amazon EKS clusters, enable Amazon GuardDuty runtime monitoring and deploy the GuardDuty security agent to your Amazon EKS clusters.
-
-
Name –
amazon-cloudwatch-observability
-
Description Amazon CloudWatch Agent is the monitoring and observability service provided by AWS. This add-on installs the CloudWatch Agent and enables both CloudWatch Application Signals and CloudWatch Container Insights with enhanced observability for Amazon EKS.
-
Required IAM permissions – This add-on utilizes the IAM roles for service accounts capability of Amazon EKS. The permissions in the AWSXrayWriteOnlyAccess
and CloudWatchAgentServerPolicy AWS managed policies are required. You can create an IAM role, attach the managed policies to it, and annotate the Kubernetes service account used by the add-on with the following command. Replace
with the name of your cluster andmy-cluster
with the name for your role. This command requires that you haveAmazonEKS_Observability_role
eksctl
installed on your device. If you need to use a different tool to create the role, attach the policy to it, and annotate the Kubernetes service account, see Configure a Kubernetes service account to assume an IAM role. eksctl create iamserviceaccount \ --name cloudwatch-agent \ --namespace amazon-cloudwatch \ --cluster
my-cluster
\ --role-nameAmazonEKS_Observability_Role
\ --role-only \ --attach-policy-arn arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess \ --attach-policy-arn arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy \ --approve -
Additional information – For more information, see Install the CloudWatch agent.
-
Name –
eks-pod-identity-agent
-
Description – Amazon EKS Pod Identity provide the ability to manage credentials for your applications, similar to the way that Amazon EC2 instance profiles provide credentials to EC2 instances.
-
Required IAM permissions – This add-on users permissions from the Amazon EKS node IAM role.
-
Update information – You can only update one minor version at a time. For example, if your current version is
1.28.
and you want to update tox
-eksbuild.y
1.30.
, then you must update your current version tox
-eksbuild.y
1.29.
and then update it again tox
-eksbuild.y
1.30.
. For more information about updating the add-on, see Updating the Amazon EKS add-on.x
-eksbuild.y
Additional Amazon EKS add-ons from independent software vendors
In addition to the previous list of Amazon EKS add-ons, you can also add a wide selection of operational software Amazon EKS add-ons from independent software vendors. Choose an add-on to learn more about it and its installation requirements.
-
Publisher – Accuknox
-
Name –
accuknox_kubearmor
-
Namespace –
kubearmor
-
Service account name – A service account isn't used with this add-on.
-
AWS managed IAM policy – A managed policy isn't used with this add-on.
-
Custom IAM permissions – Custom permissions aren't used with this add-on.
-
Setup and usage instructions – See Getting Started with KubeArmor
in the KubeArmor documentation.
-
Publisher – Akuity
-
Name –
akuity_agent
-
Namespace –
akuity
-
Service account name – A service account isn't used with this add-on.
-
AWS managed IAM policy – A managed policy isn't used with this add-on.
-
Custom IAM permissions – Custom permissions aren't used with this add-on.
-
Setup and usage instructions – See Installing the Akuity Agent on Amazon EKS with the Akuity EKS add-on
in the Akuity Platform documentation.
-
Publisher – Calyptia
-
Name –
calyptia_fluent-bit
-
Namespace –
calytia-fluentbit
-
Service account name –
clyptia-fluentbit
-
AWS managed IAM policy – AWSMarketplaceMeteringRegisterUsage.
-
Command to create required IAM role – The following command requires that you have an IAM OpenID Connect (OIDC) provider for your cluster. To determine whether you have one, or to create one, see Create an IAM OIDC provider for your cluster. Replace
with the name of your cluster andmy-cluster
with the name for your role. This command requires that you havemy-calyptia-role
eksctl
installed on your device. If you need to use a different tool to create the role and annotate the Kubernetes service account, see Configure a Kubernetes service account to assume an IAM role. eksctl create iamserviceaccount --name
service-account-name
--namespace calyptia-fluentbit --clustermy-cluster
--role-namemy-calyptia-role
\ --role-only --attach-policy-arn arn:aws:iam::aws:policy/AWSMarketplaceMeteringRegisterUsage --approve -
Setup and usage instructions – See Calyptia for Fluent Bit
in the Calyptia documentation.
-
Publisher – Cisco
-
Name –
cisco_cisco-cloud-observability-collectors
-
Namespace –
appdynamics
-
Service account name – A service account isn't used with this add-on.
-
AWS managed IAM policy – A managed policy isn't used with this add-on.
-
Custom IAM permissions – Custom permissions aren't used with this add-on.
-
Setup and usage instructions – See Use the Cisco Cloud Observability AWS Marketplace Add-Ons
in the Cisco AppDynamics documentation.
-
Publisher – Cisco
-
Name –
cisco_cisco-cloud-observability-operators
-
Namespace –
appdynamics
-
Service account name – A service account isn't used with this add-on.
-
AWS managed IAM policy – A managed policy isn't used with this add-on.
-
Custom IAM permissions – Custom permissions aren't used with this add-on.
-
Setup and usage instructions – See Use the Cisco Cloud Observability AWS Marketplace Add-Ons
in the Cisco AppDynamics documentation.
-
Publisher – CLOUDSOFT
-
Name –
cloudsoft_cloudsoft-amp
-
Namespace –
cloudsoft-amp
-
Service account name – A service account isn't used with this add-on.
-
AWS managed IAM policy – A managed policy isn't used with this add-on.
-
Custom IAM permissions – Custom permissions aren't used with this add-on.
-
Setup and usage instructions – See Amazon EKS ADDON
in the CLOUDSOFT documentation.
-
Publisher – Cribl
-
Name –
cribl_cribledge
-
Namespace –
cribledge
-
Service account name – A service account isn't used with this add-on.
-
AWS managed IAM policy – A managed policy isn't used with this add-on.
-
Custom IAM permissions – Custom permissions aren't used with this add-on.
-
Setup and usage instructions – See Installing the Cribl Amazon EKS Add-on for Edge
in the Cribl documentation.
-
Publisher – Dynatrace
-
Name –
dynatrace_dynatrace-operator
-
Namespace –
dynatrace
-
Service account name – A service account isn't used with this add-on.
-
AWS managed IAM policy – A managed policy isn't used with this add-on.
-
Custom IAM permissions – Custom permissions aren't used with this add-on.
-
Setup and usage instructions – See Kubernetes monitoring
in the dynatrace documentation.
-
Publisher – Datree
-
Name –
datree_engine-pro
-
Namespace –
datree
-
Service account name – datree-webhook-server-awsmp
-
AWS managed IAM policy – AWSLicenseManagerConsumptionPolicy.
-
Command to create required IAM role – The following command requires that you have an IAM OpenID Connect (OIDC) provider for your cluster. To determine whether you have one, or to create one, see Create an IAM OIDC provider for your cluster. Replace
with the name of your cluster andmy-cluster
with the name for your role. This command requires that you havemy-datree-role
eksctl
installed on your device. If you need to use a different tool to create the role and annotate the Kubernetes service account, see Configure a Kubernetes service account to assume an IAM role. eksctl create iamserviceaccount --name datree-webhook-server-awsmp --namespace datree --cluster
my-cluster
--role-namemy-datree-role
\ --role-only --attach-policy-arn arn:aws:iam::aws:policy/service-role/AWSLicenseManagerConsumptionPolicy --approve -
Custom IAM permissions – Custom permissions aren't used with this add-on.
-
Setup and usage instructions – See Amazon EKS-intergration
in the Datree documentation.
-
Publisher – Datadog
-
Name –
datadog_operator
-
Namespace –
datadog-agent
-
Service account name – A service account isn't used with this add-on.
-
AWS managed IAM policy – A managed policy isn't used with this add-on.
-
Custom IAM permissions – Custom permissions aren't used with this add-on.
-
Setup and usage instructions – See Installing the Datadog Agent on Amazon EKS with the Datadog Operator Add-on
in the Datadog documentation.
-
Publisher – groundcover
-
Name –
groundcover_agent
-
Namespace –
groundcover
-
Service account name – A service account isn't used with this add-on.
-
AWS managed IAM policy – A managed policy isn't used with this add-on.
-
Custom IAM permissions – Custom permissions aren't used with this add-on.
-
Setup and usage instructions – See Installing the groundcover Amazon EKS Add-on
in the groundcover documentation.
-
Publisher – Grafana Labs
-
Name –
grafana-labs_kubernetes-monitoring
-
Namespace –
monitoring
-
Service account name – A service account isn't used with this add-on.
-
AWS managed IAM policy – A managed policy isn't used with this add-on.
-
Custom IAM permissions – Custom permissions aren't used with this add-on.
-
Setup and usage instructions – See Configure Kubernetes Monitoring as an Add-on with Amazon EKS
in the Grafana Labs documentation.
-
Publisher – HA Proxy
-
Name –
haproxy-technologies_kubernetes-ingress-ee
-
Namespace –
haproxy-controller
-
Service account name –
customer defined
-
AWS managed IAM policy – AWSLicenseManagerConsumptionPolicy.
-
Command to create required IAM role – The following command requires that you have an IAM OpenID Connect (OIDC) provider for your cluster. To determine whether you have one, or to create one, see Create an IAM OIDC provider for your cluster. Replace
with the name of your cluster andmy-cluster
with the name for your role. This command requires that you havemy-haproxy-role
eksctl
installed on your device. If you need to use a different tool to create the role and annotate the Kubernetes service account, see Configure a Kubernetes service account to assume an IAM role. eksctl create iamserviceaccount --name
service-account-name
--namespace haproxy-controller --clustermy-cluster
--role-namemy-haproxy-role
\ --role-only --attach-policy-arn arn:aws:iam::aws:policy/service-role/AWSLicenseManagerConsumptionPolicy --approve -
Custom IAM permissions – Custom permissions aren't used with this add-on.
-
Setup and usage instructions – See Install HAProxy Enterprise Kubernetes Ingress Controller on Amazon EKS from AWS
in the HAProxy documentation.
-
Publisher – Factorhouse
-
Name –
factorhouse_kpow
-
Namespace –
factorhouse
-
Service account name –
kpow
-
AWS managed IAM policy – AWSLicenseManagerConsumptionPolicy
-
Command to create required IAM role – The following command requires that you have an IAM OpenID Connect (OIDC) provider for your cluster. To determine whether you have one, or to create one, see Create an IAM OIDC provider for your cluster. Replace
with the name of your cluster andmy-cluster
with the name for your role. This command requires that you havemy-kpow-role
eksctl
installed on your device. If you need to use a different tool to create the role and annotate the Kubernetes service account, see Configure a Kubernetes service account to assume an IAM role. eksctl create iamserviceaccount --name kpow --namespace factorhouse --cluster
my-cluster
--role-namemy-kpow-role
\ --role-only --attach-policy-arn arn:aws:iam::aws:policy/service-role/AWSLicenseManagerConsumptionPolicy --approve -
Custom IAM permissions – Custom permissions aren't used with this add-on.
-
Setup and usage instructions – See AWS Marketplace LM
in the Kpow documentation.
-
Publisher – Kubecost
-
Name –
kubecost_kubecost
-
Namespace –
kubecost
-
Service account name – A service account isn't used with this add-on.
-
AWS managed IAM policy – A managed policy isn't used with this add-on.
-
Custom IAM permissions – Custom permissions aren't used with this add-on.
-
Setup and usage instructions – See AWS Cloud Billing Integration
in the Kubecost documentation. -
If your cluster is version
1.23
or later, you must have the Use Amazon EBS storage installed on your cluster. otherwise you will receive an error.
-
Publisher – Kasten by Veeam
-
Name –
kasten_k10
-
Namespace –
kasten-io
-
Service account name –
k10-k10
-
AWS managed IAM policy – AWSLicenseManagerConsumptionPolicy.
-
Command to create required IAM role – The following command requires that you have an IAM OpenID Connect (OIDC) provider for your cluster. To determine whether you have one, or to create one, see Create an IAM OIDC provider for your cluster. Replace
with the name of your cluster andmy-cluster
with the name for your role. This command requires that you havemy-kasten-role
eksctl
installed on your device. If you need to use a different tool to create the role and annotate the Kubernetes service account, see Configure a Kubernetes service account to assume an IAM role. eksctl create iamserviceaccount --name k10-k10 --namespace kasten-io --cluster
my-cluster
--role-namemy-kasten-role
\ --role-only --attach-policy-arn arn:aws:iam::aws:policy/service-role/AWSLicenseManagerConsumptionPolicy --approve -
Custom IAM permissions – Custom permissions aren't used with this add-on.
-
Setup and usage instructions – See Installing K10 on AWS using Amazon EKS Add-on
in the Kasten documentation. -
Additional information – If your Amazon EKS cluster is version Kubernetes
1.23
or later, you must have the Amazon EBS CSI driver installed on your cluster with a defaultStorageClass
.
-
Publisher – Kong
-
Name –
kong_konnect-ri
-
Namespace –
kong
-
Service account name – A service account isn't used with this add-on.
-
AWS managed IAM policy – A managed policy isn't used with this add-on.
-
Custom IAM permissions – Custom permissions aren't used with this add-on.
-
Setup and usage instructions – See Installing the Kong Gateway EKS Add-on
in the Kong documentation.
-
Publisher – LeakSignal
-
Name –
leaksignal_leakagent
-
Namespace –
leakagent
-
Service account name – A service account isn't used with this add-on.
-
AWS managed IAM policy – A managed policy isn't used with this add-on.
-
Custom IAM permissions – Custom permissions aren't used with this add-on.
-
Setup and usage instructions – See Install the LeakAgent add-on
in the LeakSignal documentation.
-
Publisher – NetApp
-
Name –
netapp_trident-operator
-
Namespace –
trident
-
Service account name – A service account isn't used with this add-on.
-
AWS managed IAM policy – A managed policy isn't used with this add-on.
-
Custom IAM permissions – Custom permissions aren't used with this add-on.
-
Setup and usage instructions – See Configure the Astra Trident EKS add-on
in the NetApp documentation.
-
Publisher – New Relic
-
Name –
new-relic_kubernetes-operator
-
Namespace –
newrelic
-
Service account name – A service account isn't used with this add-on.
-
AWS managed IAM policy – A managed policy isn't used with this add-on.
-
Custom IAM permissions – Custom permissions aren't used with this add-on.
-
Setup and usage instructions – See Installing the New Relic Add-on for EKS
in the New Relic documentation.
-
Publisher – Rafay
-
Name –
rafay-systems_rafay-operator
-
Namespace –
rafay-system
-
Service account name – A service account isn't used with this add-on.
-
AWS managed IAM policy – A managed policy isn't used with this add-on.
-
Custom IAM permissions – Custom permissions aren't used with this add-on.
-
Setup and usage instructions – See Installing the Rafay Amazon EKS Add-on
in the Rafay documentation.
-
Publisher – Solo.io
-
Name –
solo-io_istio-distro
-
Namespace –
istio-system
-
Service account name – A service account isn't used with this add-on.
-
AWS managed IAM policy – A managed policy isn't used with this add-on.
-
Custom IAM permissions – Custom permissions aren't used with this add-on.
-
Setup and usage instructions – See Installing Istio
in the Solo.io documentation.
-
Publisher – Stormforge
-
Name –
stormforge_optimize-Live
-
Namespace –
stormforge-system
-
Service account name – A service account isn't used with this add-on.
-
AWS managed IAM policy – A managed policy isn't used with this add-on.
-
Custom IAM permissions – Custom permissions aren't used with this add-on.
-
Setup and usage instructions – See Installing the StormForge Agent
in the StormForge documentation.
-
Publisher – Splunk
-
Name –
splunk_splunk-otel-collector-chart
-
Namespace –
splunk-monitoring
-
Service account name – A service account isn't used with this add-on.
-
AWS managed IAM policy – A managed policy isn't used with this add-on.
-
Custom IAM permissions – Custom permissions aren't used with this add-on.
-
Setup and usage instructions – See Install the Splunk add-on for Amazon EKS
in the Splunk documentation.
-
Publisher – Teleport
-
Name –
teleport_teleport
-
Namespace –
teleport
-
Service account name – A service account isn't used with this add-on.
-
AWS managed IAM policy – A managed policy isn't used with this add-on.
-
Custom IAM permissions – Custom permissions aren't used with this add-on.
-
Setup and usage instructions – See How Teleport Works
in the Teleport documentation.
-
Publisher – Tetrate Io
-
Name –
tetrate-io_istio-distro
-
Namespace –
istio-system
-
Service account name – A service account isn't used with this add-on.
-
AWS managed IAM policy – A managed policy isn't used with this add-on.
-
Custom IAM permissions – Custom permissions aren't used with this add-on.
-
Setup and usage instructions – See the Tetrate Istio Distro
web site.
-
Publisher – Upbound
-
Name –
upbound_universal-crossplane
-
Namespace –
upbound-system
-
Service account name – A service account isn't used with this add-on.
-
AWS managed IAM policy – A managed policy isn't used with this add-on.
-
Custom IAM permissions – Custom permissions aren't used with this add-on.
-
Setup and usage instructions – See Upbound Universal Crossplane (UXP)
in the Upbound documentation.
-
Publisher – Upwind
-
Name –
upwind
-
Namespace –
upwind
-
Service account name – A service account isn't used with this add-on.
-
AWS managed IAM policy – A managed policy isn't used with this add-on.
-
Custom IAM permissions – Custom permissions aren't used with this add-on.
-
Setup and usage instructions – See the installation steps in the Upwind documentation
.