EKS Cloudformation template

This VPC architecture is considered the best practice for common Kubernetes workloads on AWS. In this configuration, nodes are instantiated in the private subnets and ingress resources (like load balancers) are instantiated in the public subnets. This allows for maximum control over traffic to the nodes and works well for a majority of Kubernetes applications.

Check these first:
Managed node groups
Creating a VPC for your Amazon EKS cluster
VPC tagging requirement + VPC considerations
Amazon EKS security group considerations Pod networking (CNI)
Alternate compatible CNI plugins

Resources needed to build an EKS cluster:

  • EKS Cluster (Duh)
  • VPC
  • IGW and attachement
  • Subnet(tagged properly and ditributed in the right fashion across AZs)
  • NatGateway and their EIPs
  • Route tables and their associations
    Optional:
  • Security group(s) for the contorl plane
  • Security group(s) for the workers

To launch the stack:

aws cloudformation package \
--template-file base.yml \
--output-template-file packaged-template.yml \
--s3-bucket yassine-cfn-templates \
--s3-prefix eks-cluster

To launch the stack:

aws cloudformation deploy \
--template-file packaged-template.yml \
--stack-name eks-cluster \
--parameter-overrides $(jq -r '.[] | [.ParameterKey, .ParameterValue] | join("=")' parameters.json) \
--capabilities CAPABILITY_IAM CAPABILITY_AUTO_EXPAND

Estimate stack monthly cost (Doesnt fucking work)

aws cloudformation estimate-template-cost \
--template-body file://packaged-template.yml \
--parameters | cat parameters.json

To get the kubeconfig (NB: this will override the current config)

aws eks update-kubeconfig --name <EKS_CLUSTER_NAME>