spectrocloud · benradstone · Feb 6, 2025 · Feb 5, 2025 · Feb 5, 2025 · Feb 5, 2025
@@ -27,7 +27,7 @@ The following are some architectural highlights of the Amazon Web Services (AWS)
 - The Kubernetes API Server endpoint is accessible through an Elastic Load Balancing (ELB), which load balances across
   all the control plane nodes.
 
-  ![A diagram of AWS architecture](/clusters_aws_architecture_aws_cluster_architecture.webp)
+![A diagram of AWS architecture](/clusters_aws_architecture_aws_cluster_architecture.webp)
 
 ## AWS EKS Architecture
 
@@ -44,6 +44,18 @@ highlights pertaining to EKS when managed by Palette.
 
 ![eks_cluster_architecture.webp](/clusters_aws_create-and-manage-aws-eks-cluster_architecture.webp)
 
+### Worker Node Requirements
+
+Your Amazon EKS cluster must include at least one worker node to host the Palette agent, which is essential for Palette
+to manage the cluster. Due to EKS architectural constraints, the Palette agent cannot be installed on the EKS control
+plane.
+
+- **Minimum Instance Type**: Worker nodes must use an instance type of at least **t3.xlarge** to ensure adequate
+  resources.
+
+- **Ongoing Node Availability**: To maintain continuous management capabilities, at least one worker node should remain
+  available at all times for the Palette agent to operate effectively.
+
 ### Disable OIDC Associate Provider
 
 You can disable the OIDC associate provider if the service provider restricts the cluster deployment with the OIDC

@@ -189,3 +189,22 @@ Palette supports the following authentication methods for your hybrid nodes:
 Refer to
 [Prepare credentials for hybrid nodes](https://docs.aws.amazon.com/eks/latest/userguide/hybrid-nodes-creds.html) for
 guidance on how to set up credentials for your hybrid nodes.
+
+## Amazon EKS Cluster Requirements
+
+- **Hybrid Node Enablement**: The cluster must be enabled for hybrid nodes, as outlined in
+  [Create an Amazon EKS cluster with hybrid nodes](https://docs.aws.amazon.com/eks/latest/userguide/hybrid-nodes-cluster-create.html).
+
+- **Container Network Interface (CNI)**: The **AWS VPC CNI** must be used as the cluster’s CNI. Although the AWS Console
+  may display a warning indicating that the AWS VPC CNI is not supported for hybrid nodes, this can be safely
+  disregarded.
+
+- **Worker Node Requirements for the Palette Agent**: At least one worker node is required to host the Palette agent,
+  which is essential for Palette to manage the cluster. Due to EKS architectural constraints, the Palette agent cannot
+  be installed on the EKS control plane.
+
+  - **Minimum Instance Type**: Worker nodes must use an instance type of at least **t3.xlarge** to ensure adequate
+    resources.
+
+  - **Ongoing Node Availability**: To maintain continuous management capabilities, at least one worker node should
+    remain available at all times for the Palette agent to operate effectively.
@@ -86,6 +86,15 @@ Import your Amazon EKS cluster and enable hybrid mode to be able to create edge
   [Create an Amazon EKS cluster with hybrid nodes](https://docs.aws.amazon.com/eks/latest/userguide/hybrid-nodes-cluster-create.html)
   for guidance.
 
+  - When selecting add-ons, you must use **AWS VPC CNI** as your container network interface. If you are deploying
+    through the AWS Console, you may see a warning that AWS VPC CNI is not supported for hybrid nodes. You can ignore
+    this message.
+  - Your Amazon EKS cluster must include at least one worker node to host the Palette agent, which is necessary for
+    Palette to manage the cluster. Because of EKS architecture constraints, the agent cannot be installed on the control
+    plane.
+    - The minimum instance type required is **t3.xlarge**.
+    - Be sure at least one worker node is always available so Palette can continue managing the cluster.
+
 - A Hybrid Nodes IAM Role with the required Kubernetes permissions to join your Amazon EKS cluster. Refer to
   [Prepare cluster access for hybrid nodes](https://docs.aws.amazon.com/eks/latest/userguide/hybrid-nodes-cluster-prep.html)
   for guidance.

@@ -32,6 +32,10 @@ an AWS account. This section guides you on how to create an EKS cluster in AWS t
   a key pair, refer to the
   [Amazon EC2 key pairs](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html) resource.
 
+- Your Amazon EKS cluster must be deployed with at least one worker node to host the Palette agent, which is necessary for Palette to manage the cluster. Because of EKS architecture constraints, the agent cannot be installed on the control plane.
+  - The minimum instance type required is **t3.xlarge**.
+  - Be sure at least one worker node is always available so Palette can continue managing the cluster.
+
 - To access your EKS cluster using kubectl, you will need the
   [aws-iam-authenticator](https://github.com/kubernetes-sigs/aws-iam-authenticator) plugin installed. If you are using a
   custom OIDC provider, you will need the [kubelogin](https://github.com/int128/kubelogin) plugin installed. Refer to