Amazon Elastic Kubernetes Service

Amazon EKS is a managed service that makes it easy for you to run Kubernetes on AWS without needing to stand up or maintain your own Kubernetes control plane.

It is also integrated with many AWS services to provide scalability and security for your applications, including the following:

  • Amazon ECR for container images
  • Elastic Load Balancing for load distribution
  • IAM for authentication
  • Amazon VPC for isolation

 

You will find the EKS service under the Compute section and click on EKS.

eks_console

In the EKS service page, enter your cluster name and click on the “Next step” button.

eks_create.PNG

In the next page, choose the kubernetes version, select the IAM role, select VPC and availability zones and Security groups.

eks_version

If the IAM role is not available, click on Role name link. It will take you to the IAM Roles page. 

Click on “Create role” and choose the service as EKS. 

eks_role

Enter the role name EKSRole and click on the “Next” button until the finish.

Once you created the EKS IAM role, refresh the page and select IAM and click on the “Create” button.

eks_create_final

It will take some time to create an EKS cluster. Once it is created, we will see API server endpoint.

eks_created

 

Amazon EKS Worker Nodes

Now that your VPC and Kubernetes control plane are created, you can launch and configure your worker nodes.

Goto “Cloud formation” service and click on the “Create stack” button.

eks_cloudformation.PNG

For Choose a template, select Specify an Amazon S3 template URL.

Paste the following URL into the text area and choose Next:

https://amazon-eks.s3-us-west-2.amazonaws.com/cloudformation/2019-01-09/amazon-eks-nodegroup.yaml

eks_cf_stack

On the Specify Details page, fill out the parameters accordingly, and choose Next.

eks_worker-details

Click here to get AMI ID details for different regions.

On the Options page, you can choose to tag your stack resources. Choose Next.

On the Review page, review your information, acknowledge that the stack might create IAM resources, and then choose Create.

When your stack has finished creating, select it in the console and choose the Outputs tab.

eks_cf_output.PNG

Record the NodeInstanceRole for the node group that was created. You need this when you configure your Amazon EKS worker nodes.

Join worker node to your cluster

Download, edit, and apply the AWS authenticator configuration map:

$ curl -O https://amazon-eks.s3-us-west-2.amazonaws.com/cloudformation/2019-01-09/aws-auth-cm.yaml

Open the file and replace the < ARN of instance role (not instance profile) > snippet with the NodeInstanceRole value that you recorded in the previous procedure, and save the file.

apiVersion: v1
kind: ConfigMap
metadata:
  name: aws-auth
  namespace: kube-system
data:
  mapRoles: |
    - rolearn: arn:aws:iam::359530497780:role/WorkerNodes-NodeInstanceRole-17W3YTT14Y7LX
      username: system:node:{{EC2PrivateDNSName}}
      groups:
        - system:bootstrappers
        - system:nodes

Amazon EKS clusters require the “AWS IAM Authenticator for Kubernetes” to allow IAM authentication for your Kubernetes cluster.

Linux :

$ curl -o aws-iam-authenticator https://amazon-eks.s3-us-west-2.amaz
  onaws.com/1.11.5/2018-12-06/bin/linux/amd64/aws-iam-authenticator

$ chmod +x ./aws-iam-authenticator
$ sudo mv aws-iam-authenticator /usr/local/bin/

To connect to EKS, you have to configure “aws cli” and install the kubectl. 

When you execute kubectl command, it read the configuration from config file under .kube directory.

To generate the config file, run the following command:

$ aws eks --region us-east-1 update-kubeconfig --name my-cluster

I have created EKS cluster in the “us-east-1” region (N.Virginia).

Now apply the configuration. This command may take a few minutes to finish.

$ kubectl apply -f aws-auth-cm.yaml

Check the nodes joined to the cluster with kubectl get nodes

$ kubectl get nodes
NAME                          STATUS ROLES    AGE VERSION
ip-172-31-12-1.ec2.internal   Ready  < none > 1m  v1.11.5
ip-172-31-29-14.ec2.internal  Ready  < none > 1m  v1.11.5
ip-172-31-39-133.ec2.internal Ready  < none > 1m  v1.11.5

Delete EKS Cluster

To delete the cluster, delete the cloud formation stack and then delete in the EKS service console.

eks_worker_delete

Once stack deleted successfully, goto EKS service and delete the cluster.

eks_delete.PNG

 

Advertisements