Containers on AWS - Amazon Elastic Kubernetes Service (EKS) on Amazon EC2

Hello everyone. I am Budi and want to write about try experience using Amazon Elastic Kubernetes Services (EKS) on Amazon EC2. Amazon EKS is an AWS service that managed Kubernetes on AWS.

Amazon EKS managed your Kubernetes control plane node. Amazon EKS also can deploy worker nodes to Amazon EC2 or AWS Fargate. But for this tutorial, I try the first time using Amazon EKS (on Amazon EC2).

NOTE OPTIONAL: Use AWS Cloud9 for text editor online. If you want to try AWS Cloud9, you can see the link.

Before creating the EKS cluster, install several configurations:

• eksctl is a command line for creating an EKS cluster. Install eksctl with the command:

    curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
    sudo mv /tmp/eksctl /usr/local/bin
    eksctl version

• kubectl is a command line for manage Kubernetes worker nodes. Install kubectl with the command:

    curl -o kubectl https://s3.us-west-2.amazonaws.com/amazon-eks/1.23.7/2022-06-29/bin/linux/amd64/kubectl
    chmod +x ./kubectl
    mkdir -p $HOME/bin && cp ./kubectl $HOME/bin/kubectl && export PATH=$PATH:$HOME/bin
    kubectl version --short --client

• AWS CLI is a command line from AWS. Install AWS CLI with the command:

    curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
    unzip awscliv2.zip
    sudo ./aws/install
    aws --version

For YAML file, I share my YAML file for creating an EKS cluster in my GitHub:

learnaws/firsteks.yaml at main · budionosan/learnaws (github.com)

After 3 steps is already finished, you can create an EKS cluster:

eksctl create cluster -f firsteks.yaml

If may to read about VPC, you can see the link. Go to VPC to check VPC in the EKS cluster and find VPC with the name eksctl-budionosaneks-cluster.

Filter subnets based on VPC ID. This VPC has 4 subnets — 2 public subnets and 2 private subnets.

Filter route table based on VPC ID. This VPC has 4 route tables — 1 default route table, 1 public route table and 2 private route tables.

The public route table has 2 subnets that associated with VPC — 2 public subnets — availability zone us-west-2a and us-west-2b.

Filter internet gateway based on VPC ID. This VPC has 1 internet gateway.

Check elastic IP. Elastic IP associated with NAT gateway. When creating a NAT gateway, must have elastic IP (for the public).

Filter security group based on VPC ID. This VPC has 4 security groups — 1 default security group, 1 security group for EKS cluster, 1 security group for Kubernetes control plane and 1 security group for Kubernetes node group.

Wait 15–20 minutes to create the EKS cluster and EC2 node group. The EC2 node group has 2 instances. After the EKS cluster is created, your EKS cluster is ready for use.

Go to CloudFormation and focus on the EKS cluster. EKS cluster created by CloudFormation and managed by eksctl. Focus also on EKS managed node. EKS managed node is the same process.

Go to EC2 and see available 2 EC2 instances that already managed node groups with different availability zone.

Go to the EKS cluster, click Compute and see Node groups. The managed node groups have 2 EC2 instances and have an Auto scaling template. For Fargate profiles, you can use this when you create EKS on AWS Fargate.

On the EC2 page, go to Auto Scaling groups. This Auto scaling has 2 instances.

UPDATE: This tutorial has an update with add AWS Load Balancer Controller for the application load balancer (not classic load balancer).

After the EKS cluster is ready to use, create IAM OIDC (Identity and Access Management OpenID Connect) to use IAM roles for service accounts in the EKS cluster.

eksctl utils associate-iam-oidc-provider --cluster budionosaneks --region us-west-2 --approve

AWS Load Balancer Controller managed Elastic Load Balancers for an EKS cluster.

• An AWS Application Load Balancer (ALB) when you create a Kubernetes Ingress.

Ingress exposes HTTP and HTTPS routes from outside the cluster to services within the cluster. Traffic routing is controlled by rules defined on the Ingress resource.

To create Ingress, you must have ingress controller. For this tutorial, use AWS Load Balancer Controller for the ingress controller.

• An AWS Network Load Balancer (NLB) when you create a Kubernetes service of type LoadBalancer.

For this tutorial, use AWS Application Load Balancer (ALB). Create IAM policy for AWS Load Balancer Controller.

curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.4.4/docs/install/iam_policy.json
aws iam create-policy \
    --policy-name AWSLoadBalancerControllerIAMPolicy \
    --policy-document file://iam_policy.json

Create IAM role for EKS service account named aws-load-balancer-controller in the kube-system namespace.

eksctl create iamserviceaccount \
  --cluster=budionosaneks \
  --namespace=kube-system \
  --name=aws-load-balancer-controller \
  --attach-policy-arn=arn:aws:iam::<YOUR_AWS_ACCOUNT>:policy/AWSLoadBalancerControllerIAMPolicy \
  --override-existing-serviceaccounts \
  --approve

Installing Helm. Helm is package manager for Kubernetes.

curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
chmod 700 get_helm.sh
./get_helm.sh

Install AWS Load Balancer Controller use Helm that already installed.

helm repo add eks https://aws.github.io/eks-charts
helm repo update

helm install aws-load-balancer-controller eks/aws-load-balancer-controller \
  -n kube-system \
  --set clusterName=budionosaneks \
  --set serviceAccount.create=false \
  --set serviceAccount.name=aws-load-balancer-controller \
  --set region=us-west-2

After install AWS Load Balancer Controller, check AWS Load Balancer Controller already installed or not.

kubectl get deployment -n kube-system aws-load-balancer-controller

Create deployment in the EKS cluster using my Amazon ECR private.

kubectl create deployment budionosaneks --image=<YOUR_ECR_IMAGE>

For service, I share my service YAML file for creating service EKS cluster in my GitHub:

learnaws/service.yaml at main · budionosan/learnaws (github.com)

Also for ingress, I share my ingress YAML file for creating ingress EKS cluster in my GitHub:

learnaws/ingress.yaml at main · budionosan/learnaws (github.com)

When creating an ingress, use variable — load balancer name, scheme (internet-facing or internal), target type (ip or instance), and ingress class name — ALB (Application Load Balancer).

After creating the service and ingress YAML file, apply two YAML files to create a load balancer in AWS.

kubectl apply -f service.yaml
kubectl apply -f ingress.yaml

Check Amazon EC2, scroll, and click Load Balancer. See the Load Balancer has 2 URL load balancers — classic (deprecated) and application type.

Click the application load balancer name for detail. This load balancer is associated with VPC which was already created when creating the EKS cluster.

Still on Amazon EC2, then check Target Groups. Target groups associated with the load balancer. Click the target group name for detail.

Back to the load balancer, copy the DNS name to a new tab. My web application is running and ready to use. It means the load balancer is successful.

Thank you for the reading. Coming soon, I share my experience when use Amazon EKS on AWS Fargate and also Amazon EKS with Amazon RDS :)