The scripts provided in these exercise files will allow you to create and delete Kubernetes clusters with Elastic Kubernetes Service (EKS) by Amazon Web Services. This README will guide you on how to do this.
The resources created by these scripts will cost you money.
At this time of writing, an EKS cluster in us-east-2 costs approx. $0.10/hour. This script also
provisions kubelets inside of the cluster, which run on EC2 and are created through the
Spot market. These instances will cost no more than
$0.04/hour total (2 instances * $0.02/hour).
NOTE: Chapter 0.4 of our course guides you through this process.
-
Create an AWS account. Go here to open a new account if you don't already have one.
-
Create an IAM user with no permissions. Go here to learn how.
Ensure that the IAM user has "Programmatic-Level Access".
At the end of the workflow shown above, you should be shown an "Access Key" and a "Secret Key." Save the secret key somewhere safe. You will need both of these later, but the secret key is irrecoverable once you leave this page.
-
Create an IAM role with an
AdministratorAccessIAM policy attached to it. Go here to learn how.You will be shown an ARN after completing this workflow. Save this somewhere safe, as you will need it later.
-
Configure the IAM role with a trust policy back to your account and an External ID. The External ID will ensure that users can only assume this role if they know what it is. Go here and here to learn how.
You can see your account number by clicking on your name in the upper-right hand corner of the AWS console.
-
Install
awscliby runningbrew install awsclion a Mac orchoco install awsclion a Windows machine. -
Run
aws configure. Paste the access and secret keys and your AWS region when prompted. You should pick an AWS region that is closest to you. Visit this page to see a list of regions.Leave the output format as
json. -
Create a temporary secure credentials set with AWS Security Token Service, or STS. Use this command to do so:
$: aws sts assume-role --role-arn [PASTE_ROLE_ARN_HERE] \ --role-session-name [ANYTHING_YOU_WANT] \ --external-id [TYPE_EXTERNAL_ID_HERE]
This will generate a JSON blob that looks like this:
{ "Credentials": { "AccessKeyId": "ASIA12345...", "SecretAccessKey": "abcde12345...", "SessionToken": "abcde12345...", "Expiration": "123456789" } } -
Copy the text next to
AccessKeyId, then run:export AWS_ACCESS_KEY_ID=[PASTE_HERE]. (Replace[PASTE_HERE]with what you just copied.) -
Copy the text next to
SecretAccessKey, then run:export AWS_SECRET_ACCESS_KEY=[PASTE_HERE]. (Replace[PASTE_HERE]with what you just copied.) -
Copy the text next to
SessionToken, then run:export AWS_SESSION_TOKEN=[PASTE_HERE]. (Replace[PASTE_HERE]with what you just copied.) -
Verify that you are now an admin by running:
aws iam list-roles. You should get a JSON object back.
-
Create an S3 bucket to store information about the cluster that you'll be creating:
aws s3 mb s3://[RANDOM_STRING]_kubernetes_fundamentals.(Replace
[RANDOM_STRING]with anything you want.) -
Run the
create_clusterscript like this:TERRAFORM_S3_BUCKET=[BUCKET_FROM_STEP_1] TERRAFORM_S3_KEY=state create_cluster.shThis will take approximately 20 minutes to complete.
Once you've created your cluster, verify that it works by following these steps:
-
Create or update your Kubeconfig:
aws eks update-kubeconfig --cluster-name explore-california-cluster -
Ensure that your nodes show up:
kubectl get nodes
Run this to delete your cluster:
TERRAFORM_S3_BUCKET=[BUCKET_FROM_STEP_1] TERRAFORM_S3_KEY=state delete_cluster.sh