Amazon Elastic Kubernetes Service (Amazon EKS) is a managed Kubernetes service provided by Amazon Web Services (AWS). It simplifies the deployment, management, and scaling of containerized applications using Kubernetes.
Advantage of EKS
EKS is fully managed, so AWS handles control plane maintenance, scaling, and updates, allowing you to focus on your applications.
It offers high availability across multiple AWS Availability Zones, ensuring uptime and fault tolerance for your Kubernetes clusters.
Security, It integrates with AWS IAM for authentication and authorization, and you can apply IAM policies for fine-grained access control.
EKS seamlessly integrates with AWS services, simplifying application deployments and operations.
EKS is user-friendly, compatible with standard Kubernetes tools, and simplifies Kubernetes cluster management.
Elastic Kubernetes Service(EKS) can be created in two ways,
- Web Console
- AWS CLI tool
I Web Console
Prerequisites
i) Ensure you have a default VPC. This will automatically createa size /20 default subnet in each availability zone. If you don't have one follow this instructions to create one.
- A default VPC will look like so:
ii) Create an IAM role that your cluster and the node group will assume. A role is a set of permissions to be assigned to an entity.
- Below are the steps you will follow after selecting create a new role
- Click on the Create role button to start the wizard.
- Choose AWS service as the trusted entity.
- Click on the EKS to see EKS use cases. (See the snapshot below)
- Choose EKS - Cluster. It will allow access to other AWS service resources that are required to operate clusters managed by EKS. Click Next.
- The needed policy, AmazonEKSClusterPolicy, will be selected. This policy provides Kubernetes the permissions it requires to manage resources on your behalf.
- Click Next, and ignore the Tags.
- Click Next, and name the role
iii) Create an IAM role for the worker nodes, this wil give permisssion to kubelet running on the worker node to make calls to other APIs on your behalf. The steps will be the same as above only that:
- In the Use case you will select EC2 instead of EKS case.
- In the attach policy you need to give choose the following
AmazonEKSWorkerNodePolicy
AmazonEC2ContainerRegistryReadOnly
-
AmazonEKS_CNI_Policy
iv) Create an SSH key Pair that we'll use to log into EC2 Instance, the public key is placed automatically on the EC2 instances, whereas you use the private key instead of a password to access your instances securely.
- To create, go to EC2 service → Networkk & Security → Key Pairs.
- Click on Create key pair
- name your key pair then chose a format. (.pem format is used by Mac/Linux users, and a .ppk format is used by Windows users.)
- private key file will be downloaded locally.
Create EKS Cluster
An EKS cluster consists of:
Control place which has nodes running the K8 software like the kubernetes API and the etcd which run in AWS-owned accounts.
Data plane is made up of worker nodes which run in customer accounts.
Create a Control Plane
Step 1
Under EKS Service→ Amazon EKS→ Clusters, click on create cluster.
- Give your cluster a name and choose kubernetes version, select the IAM role we created earlier Step 2 Chose the default VPC, subnets and security group in your account. Mark the cluser endpoints as public.
step 3
Accept the default set for the rest of the steps and create the cluster.
Create a Node Group
Node groups are worker nodes(VMs) used to run the pods that your cluster will be serving. We'll create a node group and attach it to the cluster.
step 1
Once the cluster that we created earlier is Active, click on the name for more details
step 2
Click on Compute under the new cluster the click on Add Node Group
Step 3
Give it a name then attache the IAM node role we created earlier.
Step 4
Under Node group and compute and Scaling Configuration, choose the OS,hardware config and worker node count.
Field | Value | Purpose |
---|---|---|
AMI type | Amazon Linux 2 (AL2_x86_64) | OS |
Capacity type | On-Demand | Instance purchasing option |
Instance types | t3.micro | 2 vCPU, 1 GiB memory |
Disk size | 20 GiB | --- |
Scaling configuration | ||
Min size | 2 | Min number of nodes for scaling in. |
Max size | 2 | Max number of nodes for scaling out. |
Desired size | 2 | Initial count |
step 5
Choose the subnets we created earlier while creating the cluster and also choose the SSH key pair we created earlier. Allow remote access from anywhere on the internet.
Clean Up
- Delete the Node Group. Explore how you'd do the deletion. If you need help, refer to the instructions here.
- Delete the cluster.
- Delete the custom IAM roles you have created in this exercise.
II AWS CLI Tool
-
Creating EKS using the AWS CLI involves resources and is way
ekctls
CLI is used to to simplify cluster creation. eksctl uses services of AWS CloudFormation internally to create clusters on AWS.- AWS CloudFormation is an AWS service for creating, managing, and configuring ANY resource on the AWS cloud using a YAML/JSON script. In the script file, you can define the properties of the resource you want to create in the cloud.
In the case of a simple cluster, eksctl will not need to create a script but for a more complex one you will be needed to a minimal YAML script.
eksctl Installation
Linux
curl --silent --location "https://github.com/weaveworks/eksctl/releases/download/latest_release/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
sudo mv /tmp/eksctl /usr/local/bin
Windows
# Install Chocolatey. Refer to the https://chocolatey.org/install for detailed steps
Set-ExecutionPolicy AllSigned
Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
# Exit and re-run Powershell as an Admin
chocolatey install eksctl
# Verify
choco -?
Mac OS
# Check Homebrew
brew --version
# If you do not have Homebrew installed - https://brew.sh/
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
# Install eksctl
brew tap weaveworks/tap
brew install weaveworks/tap/eksctl
If you face any error due to ownership permission, you can change the ownership of those directories to your user.
sudo chown -R $(whoami) /usr/local/<directory_name>
Create a basic cluster
- Once you have you have installed eksctl, create a basic cluster,
eksctl create cluster
The cluster will generate:
- An auto-generated name
- Two m5.large worker nodes. Recall that the worker nodes are the virtual machines, and the m5.large type defines that each VM will have 2 vCPUs, 8 GiB memory, and up to 10 Gbps network bandwidth.
- Use the Linux AMIs as the underlying machine image
- Your default region A dedicated VPC
You can specify it on one command:
eksctl create cluster --name myCluster --nodes=4
Create an advanced cluster
- you will need to write the configurations in a YAML file separately then run
eksctl create cluster --config-file=<path>
List the details
This is specific to a cluster
eksctl get cluster [--name=<name>][--region=<region>]
Delete Cluster
This will delete a cluster and all the resources associated to it
eksctl delete cluster --name=<name> [--region=<region>]
Top comments (1)
welldone Ivy