DEV Community 👩‍💻👨‍💻

Xmen143
Xmen143

Posted on

AWS EKS — DEEP DIVE

⚜️What is Amazon EKS?

Amazon Elastic Kubernetes Service (Amazon EKS) is a managed service that you can use to run Kubernetes on AWS without needing to install, operate, and maintain your own Kubernetes control plane or nodes. Kubernetes is an open-source system for automating the deployment, scaling, and management of containerized applications. Amazon EKS:

Automatically scales control plane instances based on load, detects and replaces unhealthy control plane instances, and it provides automated version updates and patching for them.
• Is integrated with many AWS services to provide scalability and security for your applications, including the following capabilities:
• Amazon ECR for container images
• Elastic Load Balancing for load distribution
• IAM for authentication.

⚜️How does Amazon EKS work?

⚜️Getting started with Amazon EKS is easy:

Create an Amazon EKS cluster in the AWS Management Console or with the AWS CLI or one of the AWS SDKs.
Launch managed or self-managed Amazon EC2 nodes, or deploy your workloads to AWS Fargate.
When your cluster is ready, you can configure your favorite Kubernetes tools, such as kubectl, to communicate with your cluster.
Deploy and manage workloads on your Amazon EKS cluster the same way that you would with any other Kubernetes environment.
⚜️Management Console and AWS CLI:

⚜️To create your cluster

  1. Create an Amazon VPC with public and private subnets that meets Amazon EKS requirements.

aws cloudformation create-stack \
— region ap-south-1 \
— stack-name my-eks-stack \
— template-url https://s3.us-west-2.amazonaws.com/amazon-eks/
cloudformation/2020–10–29/amazon-eks-vpc-private-subnets.yaml

  1. Create a cluster IAM role and attach the required Amazon EKS IAM managed policy to it. Kubernetes clusters managed by Amazon EKS make calls to other AWS services on your behalf to manage the resources that you use with the service.

a. Copy the following contents to a file named cluster-role-trust-policy.json.
{
“Version”: “2012–10–17”,
“Statement”: [
{
“Effect”: “Allow”,
“Principal”: {
“Service”: “eks.amazonaws.com”
},
“Action”: “sts:AssumeRole”
}
]
}

b. Create the role.

aws iam create-role \
— role-name myAmazonEKSClusterRole \
— assume-role-policy-document file://”cluster-role-trust-policy.json”

c. Attach the required Amazon EKS managed IAM policy to the role.

aws iam attach-role-policy \
— policy-arn arn:aws:iam::aws:policy/AmazonEKSClusterPolicy \
— role-name myAmazonEKSClusterRole

  1. Open the Amazon EKS console.

Step 2: Configure cluster communication

  1. Choose Add cluster, and then choose Create. If you don’t see this option, then choose Clusters in the left navigation pane first.

  2. On the Configure cluster page, do the following:

Enter a Name for your cluster, such as my-cluster.
For Cluster Service Role, choose myAmazonEKSClusterRole.
Leave the remaining settings at their default values and choose Next.

  1. On the Specify networking page, do the following:

Choose the ID of the VPC that you created in a previous step from the VPC dropdown list. It is something like vpc-00x0000x000x0x000 | my-eks-vpc-stack-VPC.
Leave the remaining settings at their default values and choose Next.
7.On the Configure logging page, choose Next.

On the Review and create page, choose Create.

⚜️Step 2: Configure your computer to communicate with your cluster.

In this section, you create a kubeconfig file for your cluster. The settings in this file enable the kubectl CLI to communicate with your cluster.
To configure your computer to communicate with your cluster.

Create or update a kubeconfig file for your cluster.
aws eks update-kubeconfig — region ap-south-1 — name my-cluster

  1. Test your configuration.

kubectl get svc

⚜️Create nodes

Fargate — Linux — Choose this type of node if you want to run Linux applications on AWS Fargate. Fargate is a serverless compute engine that lets you deploy Kubernetes pods without managing Amazon EC2 instances.

• Managed nodes — Linux — Choose this type of node if you want to run Amazon Linux applications on Amazon EC2 instances.
To create a Fargate profile

  1. Create an IAM role and attach the required Amazon EKS IAM managed policy to it. The Amazon EKS pod execution role provides the IAM permissions to do this.

a. Copy the following contents to a file named pod-execution-role-trustpolicy.json.

{
“Version”: “2012–10–17”,
“Statement”: [
{
“Effect”: “Allow”,
“Condition”: {
“ArnLike”: {
“aws:SourceArn”: “arn:aws:eks:regioncode:111122223333:fargateprofile/my-cluster/*”
}
},
“Principal”: {
“Service”: “eks-fargate-pods.amazonaws.com”
},
“Action”: “sts:AssumeRole”
}
]
}

b. Create a pod execution IAM role.

aws iam create-role \
— role-name AmazonEKSFargatePodExecutionRole \
— assume-role-policy-document file://”pod-execution-role-trust-policy.json”

c. Attach the required Amazon EKS managed IAM policy to the role.

aws iam attach-role-policy \
— policy-arn arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy \
— role-name AmazonEKSFargatePodExecutionRole

  1. Open the Amazon EKS console.
  2. On the Clusters page, choose the my-cluster cluster.
  3. On the my-cluster page, do the following:
    a. Choose the Compute tab.
    b. Under Fargate Profiles, choose Add Fargate Profile.

  4. On the Configure Fargate Profile page, do the following:
    a. For Name, enter a unique name for your Fargate profile, such as my-profile.
    b. For Pod execution role, choose the AmazonEKSFargatePodExecutionRole that you created in a previous step.
    c. Choose the Subnets dropdown and deselect any subnet with Public in its name. Only private subnets are supported for pods that are running on Fargate.
    d. Choose Next.

  5. On the Configure pod selection page, do the following:
    a. For Namespace, enter default.
    b. Choose Next.

  6. On the Review and create page, review the information for your Fargate profile and choose Create.

  7. After a few minutes, the Status in the Fargate Profile configuration section will change from Creating to Active. Don’t continue to the next step until the status is Active.

  8. If you plan to deploy all pods to Fargate (none to Amazon EC2 nodes), do the following to create another Fargate profile and run the default name resolver (CoreDNS) on Fargate.

⚜️Amazon EC2 Linux managed node group
To create your Amazon EC2 Linux managed node group

  1. Create a node IAM role and attach the required Amazon EKS IAM managed policy to it. Nodes receive permissions for these API calls through an IAM instance profile and associated policies.

a. Copy the following contents to a file named node-role-trust-policy.json.
{
“Version”: “2012–10–17”,
“Statement”: [
{
“Effect”: “Allow”,
“Principal”: {
“Service”: “ec2.amazonaws.com”
},
“Action”: “sts:AssumeRole”
}
]
}

b. Create the node IAM role.
aws iam create-role \
— role-name myAmazonEKSNodeRole \
— assume-role-policy-document file://”node-role-trust-policy.json”

c. Attach the required managed IAM policies to the role.
aws iam attach-role-policy \
— policy-arn arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy \
— role-name myAmazonEKSNodeRole

⚜️
aws iam attach-role-policy \
— policy-arn arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly \
— role-name myAmazonEKSNodeRole
aws iam attach-role-policy \
— policy-arn arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy \
— role-name myAmazonEKSNodeRole

  1. Open the Amazon EKS console at https://console.aws.amazon.com/eks/home#/clusters.
  2. Choose the name of the cluster that you created in Step 1: Create your Amazon EKS cluster , such as my-cluster.
  3. On the my-cluster page, do the following: a. Choose the Compute tab. b. Choose Add Node Group.
  4. On the Configure Node Group page, do the following: a. For Name, enter a unique name for your managed node group, such as my-nodegroup. b. For Node IAM role name, choose myAmazonEKSNodeRole role that you created in a previous step. We recommend that each node group use its own unique IAM role. c. Choose Next.
  5. On the Set compute and scaling configuration page, accept the default values and choose Next.
  6. On the Specify networking page, accept the default values and choose Next.
  7. On the Review and create page, review your managed node group configuration and choose Create.
  8. After several minutes, the Status in the Node Group configuration section will change from Creating to Active. Don’t continue to the next step until the status is Active.

THANK YOU !!

💠Keep Learning Keep Sharing💠

Top comments (0)

🌚 Friends don't let friends browse without dark mode.

Sorry, it's true.