Running Ocean For a new EKS Cluster

This guide covers the requirements to launch Amazon EKS and create an Ocean to manage the cluster worker nodes.


In order to complete this guide you will need an IAM user in your AWS account, with both Console and Programmatic Access credentials. If you do not have one,  you can follow this guide by AWS to create one or refer to your account administrator for the necessary permissions. Next, make sure you have the following prerequisites set up:

  1. awscli 1.16.18+ & configure AWS credentials
  2. kubectl (Amazon EKS-vended)
  3. aws-iam-authenticator (only for awscli versions below 1.16.156)


Start the process by heading over to the Spotinst Console.

On the navigation pane, under “Ocean”, select “Cloud Clusters” and click on “Create Cluster” button on the top right:

Next, select the new EKS cluster use case:  “EKS Create a new Cluster”:

Step 1: Create a Spotinst token or use an existing one

Use the “Generate Token” button or use an existing Spotinst Token.

Step 2: Set the generated EKS Cluster parameters

Fill out the following fields:

  1. Cluster Name
  2. Region
  3. Key Pair

Step 3: Provision the Ocean and EKS Clusters

To create new Ocean and EKS clusters, launch the CloudFormation template by clicking the “Launch Cloudformation Stack” button.

The AWS CloudFormation Console will open in a new tab.

To launch the stack mark the checkbox at the bottom, confirming CloudFormation will create IAM resources, and hit “Create stack”:


Alternatively, you can create the Ocean and EKS cluster resources via Terraform:

To create new Ocean and EKS clusters, download and run the following Terraform plan:



Step 4: Configure Worker Nodes Managed by Ocean To Join The EKS Cluster

  • Download the EKS cluster configuration using the following command:
    aws eks update-kubeconfig --name $CLUSTER_NAME
  • Connect kubectl to your EKS cluster:
    kubectl get svc
  • Install the Spotinst Kubernetes Controller by running the provided script:

    The Spotinst  Kubernetes Controller can be installed via alternative methods such as Terraform or Helm. For more details see the following article.

Step 5: Update AWS Authentication Config-Map

  • Download the AWS authenticator configuration map:
    curl -O
  • In the aws-auth-cm.yaml file, replace the <ARN of instance role (not instance profile)> snippet with the NodeInstanceRole value from the Outputs tab of EKS cluster CloudFormation Stack.
  • Apply the updated aws-auth-cm.yaml to the cluster:
    kubectl apply -f aws-auth-cm.yaml
Caution: Do not modify any other lines in this file.



That’s it! Ocean will now manage the worker nodes, optimizing cluster resource utilization and maximizing savings with Spot instances.


  • If you receive the error "aws-iam-authenticator": executable file not found in $PATH, then your kubectl is not configured for Amazon EKS. For more information, see Configure kubectl for Amazon EKS.
  • You can list your cluster nodes with the following command:
    kubectl get nodes