Provision Amazon EKS K8s

Two ways to provision EKS Cluster in AWS

AWS CLI

Getting Started:

1. Create Free Tier Account

2. Configure AWS CLI

# Run Amazon CLI

docker run -it --rm -v ${PWD}:/work -w /work --entrypoint /bin/sh amazon/aws-cli:2.0.17

# switch directories

cd ./amazon

# install utilities

yum install jq gzip nano tar git

# Login to AWS
# Access your "My Security Credentials" section in your profile.
# Create an access key

aws configure

3. Create IAM role & Assign IAM role with Policies

# create our role for EKS

# create role and extract ARN

role_arn=$(aws iam create-role --role-name <custom-role-name> --assume-role-policy-document file://assume-policy.json | jq .Role.Arn | sed s/\"//g)

# attach an AWS managed policy (AmazonEKSClusterPolicy) to the IAM role

aws iam attach-role-policy --role-name <custom-role-name> --policy-arn arn:aws:iam::aws:policy/AmazonEKSClusterPolicy

4. Create VPC with Subnets for Cluster

# download VPC CloudFormation template

curl https://amazon-eks.s3.us-west-2.amazonaws.com/cloudformation/2020-05-08/amazon-eks-vpc-sample.yaml -o vpc.yaml

# deploy VPC with Public subnets using CloudFormation

aws cloudformation deploy --template-file vpc.yaml --stack-name <custom-cf-stack>

# get stack details
# use resource info in stack.json file in next section

aws cloudformation list-stack-resources --stack-name <custom-cf-stack> > stack.json

5. Create EKS Cluster

# create cluster

aws eks create-cluster \
--name <custom-eks-cluster> \
--role-arn $role_arn \
--resources-vpc-config subnetIds=<subnet-Id1>,<subnet-Id2>,<subnet-Id3>,securityGroupIds=<sg-Id>,endpointPublicAccess=true,endpointPrivateAccess=false

aws eks list-clusters
aws eks describe-cluster --name <custom-eks-cluster>

6. Accessing EKS Cluster

# get a kubeconfig for our cluster

aws eks update-kubeconfig --name getting-started-eks --region <eks-cluster-region>

# grab the config if you want it

cp ~/.kube/config .

# download kubectl

curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.23.6/bin/linux/amd64/kubectl

# move to /usr/bin

chmod +x ./kubectl && mv ./kubectl /usr/local/bin/kubectl

7. Add Nodes to EKS Cluster

# create role for nodes

role_arn=$(aws iam create-role --role-name <custom-eks-role-nodes> --assume-role-policy-document file://assume-node-policy.json | jq .Role.Arn | sed s/\"//g)

# assign security, networking & registry policies

aws iam attach-role-policy --role-name <custom-eks-role-nodes> --policy-arn arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
aws iam attach-role-policy --role-name <custom-eks-role-nodes> --policy-arn arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
aws iam attach-role-policy --role-name <custom-eks-role-nodes> --policy-arn arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly

# create nodes

aws eks create-nodegroup \
--cluster-name <custom-eks-cluster> \
--nodegroup-name <node-group-name> \
--node-role $role_arn \
--subnets <subnet-Id> \
--disk-size 30 \
--scaling-config minSize=1,maxSize=1,desiredSize=1 \
--instance-types t2.micro

# verify nodes
kubectl get nodes

8. Clean Up EKS Deployments

aws eks delete-nodegroup --cluster-name <custom-eks-cluster> --nodegroup-name <node-group-name>

aws eks delete-cluster --name <custom-eks-cluster>

aws iam detach-role-policy --role-name <custom-role-name> --policy-arn arn:aws:iam::aws:policy/AmazonEKSClusterPolicy
aws iam delete-role --role-name <custom-role-name>

aws iam detach-role-policy --role-name <custom-eks-role-nodes> --policy-arn  arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
aws iam detach-role-policy --role-name <custom-eks-role-nodes> --policy-arn arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
aws iam detach-role-policy --role-name <custom-eks-role-nodes> --policy-arn arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly

aws iam delete-role --role-name <custom-eks-role-nodes>

aws cloudformation delete-stack --stack-name <custom-cf-stack>

EKS CLI (EKS CTL)

# Install EKS CTL
curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
mv /tmp/eksctl /usr/local/bin

# verify installation
eksctl

# Create SSH key for Node access (if you need it)

yum install openssh
mkdir -p ~/.ssh/
PASSPHRASE="mysuperstrongpassword"
ssh-keygen -t rsa -b 4096 -N "${PASSPHRASE}" -C "your_email@example.com" -q -f  ~/.ssh/id_rsa
chmod 400 ~/.ssh/id_rsa*

eksctl create cluster --name getting-started-eks \
--region <eks-region> \
--version 1.16 \
--managed \
--node-type t2.micro \
--nodes 1 \
--node-volume-size 30 \
--ssh-access \
--ssh-public-key=~/.ssh/id_rsa.pub \

Clean Up

eksctl delete cluster --name <custom-eks-cluster>

Kolawole-Ikeoluwa-Joshua/amazon-eks

Provision Amazon EKS K8s

AWS CLI

Getting Started:

1. Create Free Tier Account

2. Configure AWS CLI

3. Create IAM role & Assign IAM role with Policies

4. Create VPC with Subnets for Cluster

5. Create EKS Cluster

6. Accessing EKS Cluster

7. Add Nodes to EKS Cluster

8. Clean Up EKS Deployments

EKS CLI (EKS CTL)

Clean Up