How to Create Amazon EKS using AWS Management Console and AWS CLI 

In this article, we will explain the step-by-step process of creating an Amazon EKS using AWS management console and AWS CLI. 

Prerequisites

  1. Basic knowledge of AWS Management Console and CLI
  2. Basic knowledge and the access rights required to run AWS CLI container 
  3. Ensure that the IAM security principle you’re using has permissions to work with Amazon EKS 

IAM roles and service-linked roles, AWS CloudFormation, and a VPC with related resources.

Step 1: Create your Amazon EKS cluster.

Let’s look at how to create an EKS cluster.

Create an Amazon VPC with public and private subnets that meet Amazon EKS requirements.

Copy to Clipboard

image

We can verify VPC and subnet creation using the AWS console as follows. Select CloudFormation > Stacks > appz-eks-vpc-stack (stack-name given )> Outputs

image (2)

Create a cluster IAM role and attach the required Amazon EKS IAM managed policy to it. Kubernetes clusters managed by Amazon EKS make calls to other AWS services on your behalf to manage the resources that you use with the service.

a. Copy the following contents to a file named cluster-role-trust-policy.json:

Copy to Clipboard

Create the role using the command given below:

Copy to Clipboard

image (3)

C. Attach the required Amazon EKS managed IAM policy to the role.

Copy to Clipboard

3. Open the Amazon EKS console at https://console.aws.amazon.com/eks/home#/clusters.

4. Select Create cluster. If you don’t see this option, in the Create EKS cluster box, enter a name for your cluster, such as appz-cluster, and select Next step. You will most likely be able to see the Create cluster option as shown below:

2

5. On the Configure cluster page, enter a name for your cluster, such as appz-cluster, and select a role like appzAmazonEKSClusterRole for Cluster Service Role. Leave the remaining settings at their default values and select Next.

1

6. On the Specify networking page, select vpc-00x0000x000x0x000 | appz-eks-vpc-stack-VPC from the VPC drop-down list. Leave the remaining settings at their default values and select Next.

aws 6

7. On the Configure logging page, select Next.

8. On the Review and create the page, select Create.

To the right of the cluster’s name, the cluster status is marked as “Creating” for several minutes until the cluster provisioning process is completed. Continue to the next step only after the cluster status changes to “Active as shown in the figures below.

aws 7

aws 8

Step 2: Configure your computer to communicate with your cluster. 

In this step, we will create a kubeconfig file for our cluster. The settings in this file enable the kubectl CLI to communicate with your cluster.

Let’s take a look at how you can configure your computer to communicate with your cluster.

1. Create or update a kubeconfig file for your cluster. If necessary, replace with the Region that you created your cluster in.

Copy to Clipboard

By default, the config file is created in ~/.kube or the new cluster’s configuration is added to an existing config file in ~/.kube.

image (2)

2. Test your configuration.

Copy to Clipboard

Step 3: Create an IAM OpenID Connect (OIDC) provider. 

Now, create an IAM OpenID Connect (OIDC) provider for your cluster so that the Kubernetes service accounts used by workloads can access the AWS resources. You need to complete this step only once for a cluster.

  1. Select the appz-cluster which we have created. 
  2. Select the Configuration tab.
  3. In the Details section, copy the value for OpenID Connect provider URL.

aws 10

4. Open the IAM console at https://console.aws.amazon.com/iam/

5. In the navigation panel, choose Identity Providers.

6. Choose Add Provider.

aws 11

7. For Provider Type, choose OpenID Connect.

8. For Provider URL, paste the OIDC provider URL for your cluster from step three, and then choose Get thumbprint.

aws12

9. For Audience, enter sts.amazonaws.com and choose Add provider.

aws13

Step 4: Create nodes

Let’s now take a look at how you can create your Amazon EC2 Linux managed node group.

  1. Create an IAM role for the Amazon VPC CNI plugin and attach the required Amazon EKS IAM managed policy to it. The Amazon EKS Amazon VPC CNI plugin is installed on a cluster by default. This plugin allows Kubernetes pods to have the same IP address inside the pod as they do on the VPC network.
  • Copy the following contents to a file named cni-role-trust-policy.json. Replace <111122223333> (including <>) with your account ID and replace with the value after the last / of your OpenID Connect provider URL and replace with the region you are working from.
Copy to Clipboard

2

  • Create an IAM role for the Amazon VPC CNI plugin.
Copy to Clipboard

image (4)

  • Attach the required Amazon EKS managed IAM policy to the role.
Copy to Clipboard

2. Associate the Kubernetes service account used by the VPC CNI plugin to the IAM role. Replace <111122223333> (including <>) with your account ID.

Copy to Clipboard

aws16

3. Create a node IAM role and attach the required Amazon EKS IAM managed policy to it. The Amazon EKS node kubelet daemon makes calls to AWS APIs on your behalf. Nodes receive permissions for these API calls through an IAM instance profile and associated policies

  • Copy the following contents to a file named node-role-trust-policy.json.
Copy to Clipboard
  • Create the node IAM role.
Copy to Clipboard
  • Attach the required Amazon EKS managed IAM policies to the role.

Copy to Clipboard
Copy to Clipboard

Here’s how you can add  the Node group:

Requirement 

Our requirement is to create a three node cluster in EKS. In order to achieve this, we are will create three node groups in three different availability zones. 

We have already created subnets for clusters with the help of the cloud-formation template in step one of the EKS cluster creation.

Note that the subnet ID is allocated for the respective availability zones in which we plan to create node groups. You can view subnet details by going VPC > Subnets > in AWS console

In this tutorial, we will create three node groups in us-east-2a, us-east-2b, and us-east-2c availability zones.

Steps to Create a Node Group in an Availability Zone 

1. Open the Amazon EKS console at https://console.aws.amazon.com/eks/home#/clusters

2. Choose the name of the cluster that you created, such as appz-cluster.

3. Select the Configuration

4. From the Configuration tab, select the Compute tab, and then choose Add Node Group.

aws17

5. On the Configure node group page, fill out the parameters accordingly, accept the remaining default values, and then choose Next

  • Name – Enter a unique name for your managed node group, such as firstnode_useast2a.
  • Node IAM role name – Choose myAmazonEKSNodeRole.

aws 18

6. On the Set compute and scaling configuration page, change the Node Group compute configuration  values to the ones given below:

aws19

Now, change Node Group scaling configuration as shown below:

aws20

Leave the remaining settings at their default values and select Next.

7. On the Specify networking page, select only the respective subnet which is created for the availability zone in which you want to create the node group.

aws21

Here, we selected subnet-06394d4180a018262 which is created in us-east-2a availability zone, so that our node group will be created in us-east-2a. Check  VPC > Subnets >   to get subnet and availability-zone details.

aws22

8. Select an existing key pair to use for SSH key pair and then choose Next. If you don’t have a key pair, you can create one with the following command: 

Copy to Clipboard

In the above command, change to the region that you created your cluster in. Be sure to save the return output in a file on your local computer.

aws23

Leave the remaining settings at their default values and select Next.

9. On the Review and create the page, review your managed node group configuration and choose Create.
10. After several minutes, the Status in the Node Group configuration section will change from Creating to Active.

aws24

11. Repeat the whole steps 1 to 10 to create the rest of the node groups in desired availability zones.

About the Author

Pratheesh P

Cloud DevOps Engineer | Cloud Control

Cloud DevOps Engineer with 2+ years of experience in supporting, automating, and optimizing deployments to hybrid cloud platforms using DevOps processes, CI/CD, containers, and Kubernetes in both production and development environments.