Kubernetes is an open-source system that helps users automate containerized applications deployment, management, and scaling. Amazon EKS (Amazon Elastic Kubernetes Service) is a managed service that users can use to run Kubernetes on Amazon Web Servers (AWS) without the need to install, maintain, and operate their own Kubernetes control panel or nodes. In this tutorial, we will learn the steps to create all of the required resources to get started with Amazon Elastic Kubernetes Service (Amazon EKS) using the AWS Management Console and the AWS command-line interface (CLI).
Prerequisites
Before creating the required resources, the users must install and configure the following resources and tools that they need to create and manage an Amazon EKS cluster.
- AWS Command-Line Interface: Install and configure a command-line tool for working with AWS services, including Amazon Elastic Kubernetes Service. This tutorial requires that the user use version 2.2.22 or later or 1.20.6 or later. After installing the AWS command-line interface, we recommend that the user also configure it.
- kubectl: Install and configure the command-line tool for working with Kubernetes clusters. This tutorial requires that the user uses version 1.21 or later.
- Required IAM permissions: The Identity Access Management (IAM) security principal that the user uses must have permissions to work with Amazon Elastic Kubernetes IAM roles and service-linked roles, AWS CloudFormation, and a Virtual Private Cloud (VPC) and related resources.
Step 1: Create the Amazon EKS Cluster
To create the Amazon Elastic Kubernetes Service (EKS) Cluster, follow the below steps:
1. First, create an Amazon VPC with private and public subnets that meet Amazon EKS requirements. Users need to replace example values with their own.
aws cloudformation create-stack \ --region us-west-2 \ --stack-name my-eks-vpc-stack \ --template-url https://s3.us-west-2.amazonaws.com/amazon-eks/cloudformation/2020-10-29/amazon-eks-vpc-private-subnets.yaml
2. Next, create a Cluster Identity Access Management (IAM) role and attach the required Amazon EKS IAM managed policy to that role. Kubernetes Clusters managed by Amazon EKS make calls to other AWS services on users behalf to manage the resources they use with the services. For that:
a) First, copy the following contents to a file named cluster-role-trust-policy.json.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "eks.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
b) Next, create the role.
aws iam create-role \ --role-name myAmazonEKSClusterRole \ --assume-role-policy-document file://"cluster-role-trust-policy.json"
c) Finally, attach the Amazon EKS managed IAM policy to the created role.
aws iam attach-role-policy \ --policy-arn arn:aws:iam::aws:policy/AmazonEKSClusterPolicy \ --role-name myAmazonEKSClusterRole
3. Then, open the Amazon EKS console using the below URL:
https://console.aws.amazon.com/eks/home#/clusters
4. Make sure to select the region where the user wants to create their Kubernetes Cluster from the top-right corner drop-down. In this tutorial, we are going to select US West (Oregon) us-west-2.
5. After the Region selection, click the Create cluster button. If the user doesn’t see this option, in the Create EKS cluster box, enter a name for the user’s Cluster, such as my-cluster, and click the Next step button.
6. On the Configure cluster page, enter a name for the user Cluster, such as my-cluster, and choose myAmazonEKSClusterRole for Cluster Service Role.
7. After that, leave the remaining settings at their default values and click the Next button.
8. On the Specify networking page, select vpc-00x0000x000x0x000 | my-eks-vpc-stack-VPC from the VPC drop-down list. Leave the remaining settings at their default values and select the Next button.
9. After that, click the Next button on the Configure logging page.
10. Then, select the Create button on the Review and create page. The cluster status should change to Active before moving to the next step.
Step 2: Configure the System to Communicate with the Cluster
To create a kubeconfig file for the Cluster and to enable Kubectl command-line interface to communicate with the Cluster, follow the below steps:
1. First, create or update the kubeconfig file for the Cluster. If necessary, replace us-west-2 with the Region in which the user has created the Cluster. By default, the configuration file is created in ~/.kube, or the new Cluster’s configuration is added to an existing configuration file in ~/.kube.
aws eks update-kubeconfig \ --region us-west-2 \ --name my-cluster
2. After that, test the configuration by executing the following:
kubectl get svc
Step 3: Create an IAM OpenID Connect (OIDC) provider
We need to create an Identity Access Management (IAM) OpenID Connect (OIDC) provider for the user’s Cluster so that the Kubernetes service accounts can access AWS resources. To do so, follow the below steps:
1. First, select the Configuration tab.
2. In the Details section, copy the value for the OpenID Connect provider URL.
3. Then, open the IAM console using the below URL:
https://console.aws.amazon.com/iam/
4. Select Identity Providers in the navigation panel.
5. then, choose Add Provider.
6. For Provider Type, select OpenID Connect.
7. For Provider URL, paste the OIDC provider URL for the user’s Cluster from step two and then select the Get thumbprint option.
8. For Audience, enter sts.amazonaws.com and click the Add provider button.
Step 4: Create Nodes
Users can create a cluster with one of the following node types. After the user’s Cluster is deployed, they can add other node types.
- Fargate – Linux: Select this type if the user wants to run Linux applications on AWS Fargate.
- Managed nodes – Linux: Select this type if the user wants to run Amazon Linux applications on Amazon EC2 instances.
- Self-managed nodes- Windows: Select this type if the user wants to run Amazon Windows applications on Amazon EC2 instances.
- Bottlerocket nodes – Windows: Select this type if the user wants to run Amazon Windows applications on Amazon EC2 instances.
Note that a Kubernetes Cluster must contain at least one Linux node, even if all their workloads are Windows. To create Fargate or managed nodes, follow the steps mentioned in the “Create Linux Nodes on Amazon EKS Cluster” tutorial.
Step 5: View Resources
To view the nodes and Kubernetes workloads, follow the below steps:
1. Select Clusters from the left pane, and then select the Cluster name that we created from the list of Clusters, such as my-cluster.
2. On the Overview tab, users can see the list of Nodes that were deployed for the Cluster. Users can select the name of a node to see more about that node.
3. On the Workloads tab of the Cluster, users can see a list of the workloads that are deployed by default to an Amazon EKS Cluster. Users can select the name of a workload to see more information about that workload.
Conclusion
This tutorial presents the steps to create all of the required resources to get started with Amazon Elastic Kubernetes Service (Amazon EKS) using the AWS Management Console and the AWS CLI. Hope this tutorial was helpful, and do reach out to us if you have any queries or suggestions.
