Skip to main content Link Menu Expand (external link) Document Search Copy Copied

Create EKS Cluster

Table of contents
  1. Create EKS Cluster
    1. Create EKS Cluster with eksctl
      1. The architecture from now
      2. Creating EKS Cluster with eksctl
    2. (Option) AA Console Credential
      1. Attach Console Credential

Amazon EKS clusters can be deployed in various ways.

1

In this lab, we will create an EKS cluster using eksctl.

Create EKS Cluster with eksctl

The architecture from now

the architecture of the services configured from now would be creating a Kubernetes cluster with eksctl like below. 2

Creating EKS Cluster with eksctl

If you use eksctl to execute this command (eksctl create cluster) without giving any setting values, the cluster is deployed as a default parameter.

However, we will create configuration files to customize some values and deploy it. In later labs, when you create Kubernetes’ objects, you create a configuration file that is not just created with the kubectl CLI. This has the advantage of being able to easily identify and manage the desired state of the objects specified by the individual.

  • Paste the values below in the root folder(/home/ec2-user/environment) location.

    cd ~/environment
    
    cat << EOF > eks-demo-cluster.yaml
    ---
    apiVersion: eksctl.io/v1alpha5
    kind: ClusterConfig
    
    metadata:
      name: eks-demo # EKS Cluster name
      region: ${AWS_REGION} # Region Code to place EKS Cluster
      version: "1.23"
    
    vpc:
      cidr: "10.0.0.0/16" # CIDR of VPC for use in EKS Cluster
      nat:
        gateway: HighlyAvailable
    
    managedNodeGroups:
      - name: node-group # Name of node group in EKS Cluster
        instanceType: m5.large # Instance type for node group
        desiredCapacity: 3 # The number of worker node in EKS Cluster
        volumeSize: 10  # EBS Volume for worker node (unit: GiB)
        privateNetworking: true
        ssh:
          enableSsm: true
        iam:
          withAddonPolicies:
            imageBuilder: true # Add permission for Amazon ECR
            albIngress: true  # Add permission for ALB Ingress
            cloudWatch: true # Add permission for CloudWatch
            autoScaler: true # Add permission Auto Scaling
            ebs: true # Add permission EBS CSI driver
    
    cloudWatch:
      clusterLogging:
        enableTypes: ["*"]
    EOF
    
  • If you look at the cluster configuration file, you can define policies through iam.attachPolicyARNs and through iam.withAddonPolicies, you can also define add-on policies. After the EKS cluster is deployed, you can check the IAM Role of the worker node instance in EC2 console to see added policies.

Click here to see the various property values that you can give to the configuration file.

  • Using the commands below, deploy the cluster.

    eksctl create cluster -f eks-demo-cluster.yaml
    

    3 4

The cluster takes approximately 15 to 20 minutes to fully be deployed. You can see the progress of your cluster deployment in AWS Cloud9 terminal and also can see the status of events and resources in AWS CloudFormation console.

  • When the deployment is completed, use command below to check that the node is properly deployed.

    kubectl get nodes
    

    6

  • Also, you can see the cluster credentials added in ~/.kube/config.

(Option) AA Console Credential

Attach Console Credential

The EKS cluster uses IAM entity(user or role) for cluster access control. The rule runs in a ConfigMap named aws-auth. By default, IAM entities used to create clusters are automatically granted system:masters privilege of the cluster RBAC configuration in the control plane.

If you access the Amazon EKS console in the current state, you cannot check any information as below.

5

When you created the cluster through IAM credentials on Cloud9 in Create EKS Cluster with eksctl> chapter, so you need to determine the correct credential(such as your IAM Role not Cloud9 credentials) to add for your AWS EKS Console access.

  • Use the command below to define the role ARN(Amazon Resource Number).

    rolearn=$(aws cloud9 describe-environment-memberships --environment-id=$C9_PID | jq -r '.memberships[].userArn')
    
    echo ${rolearn}
    

    7

    {: .warning )

    assumedrolename=$(echo ${rolearn} | awk -F/ '{print $(NF-1)}')
    rolearn=$(aws iam get-role --role-name ${assumedrolename} --query Role.Arn --output text)
    
  • Create an identity mapping.

    eksctl create iamidentitymapping --cluster eks-demo --arn ${rolearn} --group system:masters --username admin
    

    if you see error message after commanding like below. We can choose two options 8

  • the way of solving method to fixed is like below.

    kubectl edit configmap aws-auth -n kube-system
    
  • Add these scripts like below

    - groups:
    - system:masters
    rolearn: arn:aws:iam::[Account ID]:root
    username: admin
    

    12

  • You can check aws-auth config map information through the command below.

    kubectl describe configmap -n kube-system aws-auth
    

    13

  • When the above operations are completed, you will be able to get information from the control plane, the worker node, logging activation, and update information in Amazon EKS console.

    14 15 16

  • On the Configuration tab, you can get cluster configuration detail.

    17