At the onboarding meeting

This topic describes the steps that will take place at the onboarding meeting.

These steps will be completed:

1. Open a user account in the Zesty platform.

2. Integrate (“onboard”) AWS accounts, IAM, and CURs.

   • Master account

   • Subaccount

3. Set up Athena

4. Set up IAM permissions

5. Install the Zesty K8s Agent Helm chart

6. Install the Zesty K8s Agent

The first two steps will be done together with the Zesty representative and are not documented here.

Prerequisites

• crawler-cfn.yml file in the subaccount CUR S3 bucket (this is the account that will be used for the K8s onboarding)

• AWS permissions:

  • Subaccount:

    • Add Zesty IAM roles with the required roles

    • EKS access

    • CUR access

    • Athena access

  • Master account:

    • Add Zesty IAM roles with the required roles

    • CUR access

• The administrator client on which the Zesty K8s Agent will be installed must be able to use the following:

  • AWS CLI

  • Kubectl

  • Helm

  • Required permissions

  • EKS  v1.28 or later

  • Karpenter v1.0 or later

  • HPA

• Agent permissions

  • Cluster role permissions

  • Helpers permissions

Step 3 - Set up Athena

This topic describes how to set up Athena.

1. Use AWS to create the CloudFormation stack:

   1. Log in to the AWS Management Console for the sub account.

   2. Navigate to the AWS CloudFormation Console.

   3. Click Create Stack > With new resources (standard).

   4. In the Specify template section:

      1. Select Amazon S3 URL.

      2. Do one of the following:

         • Provide the URL to your crawler-cfn.yml file, for example:
           https://<your-bucket>.s3.amazonaws.com/cloudformation/crawler-cfn.yml

         • Download the file from the bucket and use it as a template.

   5. Click Next.

   6. Fill out the stack details, such as name, etc.
      Give your stack a name like Zesty-CUR-Athena-Setup.

   7. Click Next to configure stack options (tags, permissions, etc.).

   8. Click Create Stack.
      A database will be created, with a name similar to athenacurcfn
      Leave this tab open. You will need it for a future step.

2. Set up a new S3 bucket for the Athena query results:

   1. In the AWS Management Console, open a new tab to the S3 Management Console.

   2. Create the bucket:

      1. Select Create bucket.
         The Create Bucket page is displayed.
         Use the same region used for the CUR bucket and pick a name like <account-id>-aws-athena-query-results-<region>

      2. Select Create bucket at the bottom of the page.

   3. Navigate to the Amazon Athena dashboard.

   4. Select Query editor.

   5. Select the relevant database, with the name of the S3 bucket created earlier in this step.

   6. Select Settings > Manage.
      The Manage settings window is displayed.

   7. Set the location of query results to the S3 bucket you just created, which will look like s3://<account-id>-aws-athena-query-results-<region>

   8. Select Save.

Note: For Athena query results written to an S3 bucket accessed only by Zesty, you can expire or delete the objects after 1 day of retention.

Leave this tab open. You will need it for a future step.

Step 4 - Set up IAM permissions via CloudFormation

This step installs the IAM roles with Zesty CloudFormation.

1. Download the Zesty-supplied CloudFormation template.

2. In the AWS Management Console, open a new tab to the CloudFormation console.

3. Create a new stack:

   1. Select Create Stack then select With new resources (standard).
      The Create stack page is displayed.

   2. In the Prerequisite - Prepare template section, select Choose an existing template.

   3. In the Specify Template section, select Upload a template file.

   4. Select Choose file, select your downloaded YAML file, then select Next.
      The Specify stack page is displayed.

   5. Enter a name for your stack, then provide the following parameters:

      • AthenaDatabase: The name of the Athena database (from step 3, part 2e, also in the Athena Database field).

      • S3BucketResult: The bucket where Athena stores query results (that was created in step 3, part 2).

      • S3CURBucket: The bucket where the CUR is stored (from the preparation of the CUR, before the POC).

      • ZestyRoleName: Provide a meaningful name for the Athena role.

      • ZestyUserName: Provide a meaningful name for the Athena user.

   6. On the Configure stack options page, select Next.

   7. On the Review stack page, confirm all information, then select I acknowledge that AWS CloudFormation might create IAM resources with custom names.

   8. Select Submit.

Step 5 - Install the Zesty Agent Helm chart

When the CUR, Athena, and IAM are configured, install the Zesty Agent using Helm.

During this step, you’ll grant read-only access to the services defined in the YAML so that Zesty can see your workload needs. (The only non-read-only permissions are for the Zesty qscaler.qubex.ai agent. This agent is only installed later, with your permission, if you want Zesty to manage your environment in the future.)

1. Add the Helm repository:
   helm repo add zesty https://zesty-co.github.io/zesty-k8s-helm

   The values.yaml file will be provided during the call.

   The file contains these attributes:

   • athenaTable - The Athena table name (can be found in the Athena tab in the AWS console under your Athena Database)

   • athenaProjectID - <AWS account ID>

   • athenaBucketName - s3://[the name of the Athena query results]/

   • athenaRegion - Region where the source is located

   • athenaWorkgroup - The Athena Workgroup (can be found in the Athena tab in AWS console)

   • athenaCatalog - The Athena Data source (can be found in the Athena tab in AWS console)

   • athenaDatabase - The Athena AWS database (can be found in the Athena tab in AWS console)

2. Fill in the credentials:

   • If your cluster supports the external-secrets.io/v1beta1 CRD (kubectl get crd clusterexternalsecrets.external-secrets.io), it is recommended that you:

     1. Put the encryptedCredentials in a secret and refer to it using the secret fields.

     2. Remove the encryptedCredentials field from the file.

   • If your cluster does not support the above CRD, you will need to fill in the awsCluster.accessKeyID and awsCluster.secretAccessKey fields from the secret that was created by the CloudFormation Stack in step 2.
     If necessary, you can see the secret in the AWS Secrets Manager.

3. If your cluster does not have metrics-server, you can enable the metricsServer.enabled boolean and the Helm chart will include a metrics-server along with the agent.

4. Check for a storage-class value (kubectl get storageclass). If there is no default, then add to values:

persistence:

 spec:

   storageClassName: "<name of existing storageclass>"

Step 6 - Install the Zesty K8s agent

Install the Agent and then verify the deployment.

1. Install the Agent by running the following command:

   helm install zesty-k8s zesty/zesty-k8s-helm --namespace zesty-system --create-namespace -f values.yaml

2. Verify the deployment by running the following command:

   kubectl get pods -n zesty-system

You should see one Pod running and then a second one.

Note: To have sufficient data for cost analysis and accurate recommendations, the Agent needs to run for 7-14 days after installation.