This project shows how you can install the SSM agent onto ROSA clusters using a Kubernetes DaemonSet.
This project was heavily inspired by Jeremy Cowan's SSM Agent Daemonset Installer Project.
- Add the
AmazonSSMManagedInstanceCore
policy the the EC2 Instance Profiles of the EC2 Instances.
aws iam attach-role-policy --role-name ManagedOpenShift-ControlPlane-Role --policy-arn arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore
aws iam attach-role-policy --role-name ManagedOpenShift-Worker-Role --policy-arn arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore
- Create namespace
oc create namespace node-configuration-daemonset
- Add Privileged SCC to user ssm-agent-installer
oc adm policy add-scc-to-user privileged -z ssm-agent-installer -n node-configuration-daemonset
- Apply the manifest:
oc apply -f https://raw.githubusercontent.com/scouturier/rosa-ssm-agent-daemonset-installer/main/setup.yaml
You can verify that the installation was successful by looking at the logs of a DaemonSet pod. If the installation was successfull, the last line in the log file will read Success
otherwise it will read Fail
. The nodes will also appears as managed instances in the SSM console if the installation was successful.
Based on the EKS SSM Agent deployment: https://github.com/aws-samples/ssm-agent-daemonset-installer