Table of Contents
Introducing AgileStacks to Your Cluster
Updated
by Rick Richardson
Importing a Kubernetes Cluster into the Control Plane
While AgileStacks can deploy Kubernetes clusters into the cloud provider of your choice, sometimes all you need is the Stack management without the cluster deployment. AgileStacks can manage any Kubernetes cluster that is version 1.11 or newer. After importing the cluster, you will be able to manage it using infrastructure as code approach, deploy overlay stacks, applications, and machine learning pipelines.
Prerequisites
- An onboarded cloud account that contains the k8s cluster that you wish to integrate. For on-prem environments, an AWS account is currently required, as we store many relevant details and configs in an s3 bucket under your account. If you have not yet onboarded a cloud account, please complete the relevant task under Account Onboarding
- An environment that has been created to host the imported cluster.
- Depending on the platform, you might need a Kubeconfig file with valid admin credentials.
Importing an Amazon EKS Cluster
Phase I
Importing an EKS Cluster has two major steps, the first step is to create a ConfigMap in your EKS cluster that grants permissions to the IAM user. Without this, the SuperHub would not be allowed to execute any automation on your behalf. This yaml file contains a ConfigMap that you must edit the file and set the value with the ARN of the IAM Role that was granted to AgileStacks.
Example configmap.yaml:
apiVersion: v1
kind: ConfigMap
metadata:
name: aws-auth
namespace: kube-system
data:
mapRoles: |
- rolearn: <ARN of instance role (not instance profile)>
username: system:node:
groups:
- system:bootstrappers
- system:nodes
# Add this in order to grand permission for AgileStacks to import cluster
# and replace `rolearn` with onboard AgileStacks ARN
- rolearn: <ARN of Agilestacks onboarded role>
username: agilestacks
groups:
- system:masters
mapUsers: |
- userarn: <ARN of cloud account user>
username: admin
groups:
- system:masters
You can find the relevant ARNs by opening up your AWS console and navigating to IAM then Roles. The AgileStacks arn should be named "agilestacks<date><longnumber>" such as the following:

Once you have added your intended rolearn and that of the agilestacks onboarded role, install this into your cluster:
kubectl apply -f configmap.yaml
If that succeeded, then your cluster will now trust the AgileStacks SuperHub to invoke changes.
Phase II
The rest of the import process is almost entirely automatic, just a few details are required, such as the exact name of the EKS cluster with which you need to connect.
- In the ControlPlane, at the top navigation bar, click Stacks, then Import
You should see the screen below.

- Select Cluster type
Amazon EKS
This should take you to a screen that loks like the following.

- Select existing adapter template for EKS cluster.
- Select Environment that you have identified as the proper home for this cluster.
- Enter same name of EKS Cluster with it was created in AWS.
- As part of the import process, the SuperHub will install a standard component to help automate the management of TLS certificates, you can choose either ACM or our own LetsEncrypt component. If you're not sure, choose ACM.
- Press
Import
- You will be redirected to the cluster provisioning screen. Be patient, as cluster import might take up to 10 minutes, You can observe the full log of your deployment in real-time from this screen.
Once the process has completed, if you navigate to Stacks -> List you should see your cluster with a ✔️ Deployed tag.
Importing a Microsoft Azure AKS Cluster
- In the ControlPlane, at the top navigation bar, click Stacks, then Import
You should see the screen below.

- Go ahead and click on Microsoft AKS

Fill in the form:
- Select the
Environment
where your stack will be deployed. TheCloud Account
you have provided during the creation of the environment will be used for your stack and your stack will be able to access all of the licenses and secrets defined on the environment. - Select a
Template
for import cluster stack. If you have not provisioned this type of clusters for the selectedEnvironment
before, then the only available option will be(+) Create a new one
. - Enter a valid domain name where all of the web services of the components deployed on your stack will be accessible.
- Select the AKS cluster you want to import from the
AKS Cluster
dropdown list. We use Azure Service Account credentials from your AzureCloud Account
to fetch AKS clusters that are available for import from your Azure subscription. - In
Included Components
section optionally select components, such as Kubernetes Dashboard or TLS provider, which can be provisioned with the cluster. - Press import.
You will be redirected to the cluster provisioning screen. Be patient, as cluster import might take up to 10 minutes, You can observe the full log of your deployment in real-time from this screen.
Once the process has completed, if you navigate to Stacks -> List you should see your cluster with a ✔️ Deployed tag.
Importing a Google GCP Cluster
- In the ControlPlane, at the top navigation bar, click Stacks, then Import
You should see the screen below:

- Go ahead and select the Google Kubernetes Engine

Fill in the form:
- Select the
Environment
where your stack will be deployed. TheCloud Account
you have provided during the creation of the environment will be used for your stack and your stack will be able to access all of the licenses and secrets defined on the environment. - Select a
Template
for import cluster stack. If you have not provisioned this type of clusters for the selectedEnvironment
before, then the only available option will be(+) Create a new one
. - Enter a valid domain name where all of the web services of the components deployed on your stack will be accessible.
- Select the GKE cluster you want to import from the
GKE Cluster
dropdown list. We use GCP service account credentials from your GCPCloud Account
to fetch GKE clusters that are available for import from your GCP project. - In
Included Components
section optionally select components, such as Kubernetes Dashboard or TLS provider, which can be provisioned with the cluster. - Press import.
You will be redirected to the cluster provisioning screen. Be patient, as cluster import might take up to 10 minutes, You can observe the full log of your deployment in real-time from this screen.
Once the process has completed, you may navigate to Stacks -> List you should see your cluster with a ✔️ Deployed tag.
Importing a Vanilla Kubernetes Cluster
When importing any other Kubernetes cluster, everything that is needed is listed in the Kubeconfig file. It is important to note that the API URL listed in cluster.cluster.server: field must be accessible from the internet or via a private VPC network link from AgileStacks' SuperHub.
- In the ControlPlane, at the top navigation bar, click Stacks, then Import
You should see the screen below:

Select
- Select Cluster type
Kubernetes Cluster

apiVersion: v1
kind: Config
clusters:
- name: example.dev.superhub.io
cluster:
server: https://api.example.dev.superhub.io:6443 <-- Step 4
certificate-authority-data: LS0tLS1CRUdJTi...0tLS0tCg== <-- Step 5a
users:
- name: admin
user:
client-certificate-data: LS0tLS1CRUdJTiB...0tLS0K== <-- Step 5b
client-key-data: LS0tLS1CRUdJTiBSU0E...tLS0tCg== <-- Step 5c
contexts:
- context:
cluster: example.dev.superhub.io
user: admin
- Select existing adapter template for K8S cluster or select
Create a new one
- Select Environment which is using onboarded Cloud Account
- Enter name of Cluster
- Specify Kubernetes API endpoint, this is the variable found at clusters: cluster: server:
- Copy and paste the data from the kubeconfig certificates:
- cluster:certificate-authority-data -> Certificate of authority
- users:user:client-certificate-data -> Client certificate
- users:user:client-key-data -> Client key
- Finally, select the component that the SuperHub will use to automatically issue certificates. For on-prem deployments, LetsEncrypt is recommended, for cloud, ACM will work as well.
- Press the
Import
button
You will be redirected to the cluster provisioning screen. Be patient, as cluster import might take up to 10 minutes, You can observe the full log of your deployment in real-time from this screen.
Once the process has completed, you may navigate to Stacks -> List you should see your cluster with a ✔️ Deployed tag.