Install AWS, kubectl & eksctl CLI's

Step-03-02: eksctl on windows or linux

For windows and linux OS, you can refer below documentation link.
Reference: https://docs.aws.amazon.com/eks/latest/userguide/eksctl.html#installing-eksctl

References:

https://docs.aws.amazon.com/eks/latest/userguide/getting-started-eksctl.html

eks-22

Create EKS Cluster with Node Groups

Step-00: Introduction

Understand about EKS Core Objects
- Control Plane
- Worker Nodes & Node Groups
- Fargate Profiles
- VPC
Create EKS Cluster
Associate EKS Cluster to IAM OIDC Provider
Create EKS Node Groups
Verify Cluster, Node Groups, EC2 Instances, IAM Policies and Node Groups

Step-01: Create EKS Cluster using eksctl

It will take 15 to 20 minutes to create the Cluster Control Plane

# Create Cluster
eksctl create cluster --name=myeks22 \
                      --region=us-east-1 \
                      --zones=us-east-1a,us-east-1b \
                      --without-nodegroup 

# Get List of clusters
eksctl get clusters

Step-02: Create & Associate IAM OIDC Provider for our EKS Cluster

To enable and use AWS IAM roles for Kubernetes service accounts on our EKS cluster, we must create & associate OIDC identity provider.
To do so using eksctl we can use the below command.
Use latest eksctl version (as on today the latest version is 0.21.0)

# Replace with region & cluster name
eksctl utils associate-iam-oidc-provider \
    --region us-east-1 \
    --cluster myeks22 \
    --approve

Step-03: Create EC2 Keypair

Create a new EC2 Keypair with name as kube-demo
This keypair we will use it when creating the EKS NodeGroup.
This will help us to login to the EKS Worker Nodes using Terminal.

Step-04: Create Node Group with additional Add-Ons in Public Subnets

These add-ons will create the respective IAM policies for us automatically within our Node Group role.

# Create Public Node Group   
eksctl create nodegroup --cluster=myeks22 \
                       --region=us-east-1 \
                       --name=myeks22-ng-public1 \
                       --node-type=t3.medium \
                       --nodes=2 \
                       --nodes-min=2 \
                       --nodes-max=14 \
                       --node-volume-size=20 \
                       --ssh-access \
                       --ssh-public-key=eks \
                       --managed \
                       --asg-access \
                       --external-dns-access \
                       --full-ecr-access \
                       --appmesh-access \
                       --alb-ingress-access

Step-05: Verify Cluster & Nodes

Verify NodeGroup subnets to confirm EC2 Instances are in Public Subnet

Verify the node group subnet to ensure it created in public subnets
- Go to Services -> EKS -> eksdemo -> eksdemo1-ng1-public
- Click on Associated subnet in Details tab
- Click on Route Table Tab.
- We should see that internet route via Internet Gateway (0.0.0.0/0 -> igw-xxxxxxxx)

Verify Cluster, NodeGroup in EKS Management Console

Go to Services -> Elastic Kubernetes Service -> eksdemo1

List Worker Nodes

# List EKS clusters
eksctl get cluster

# List NodeGroups in a cluster
eksctl get nodegroup --cluster=<clusterName>

# List Nodes in current kubernetes cluster
kubectl get nodes -o wide

# Our kubectl context should be automatically changed to new cluster
kubectl config view --minify

Verify Worker Node IAM Role and list of Policies

Go to Services -> EC2 -> Worker Nodes
Click on IAM Role associated to EC2 Worker Nodes

Verify Security Group Associated to Worker Nodes

Go to Services -> EC2 -> Worker Nodes
Click on Security Group associated to EC2 Instance which contains remote in the name.

Verify CloudFormation Stacks

Verify Control Plane Stack & Events
Verify NodeGroup Stack & Events

Login to Worker Node using Keypai kube-demo

Login to worker node

# For MAC or Linux or Windows10
ssh -i kube-demo.pem ec2-user@<Public-IP-of-Worker-Node>

# For Windows 7
Use putty

Step-06: Update Worker Nodes Security Group to allow all traffic

We need to allow All Traffic on worker node security group

Additional References

https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html
https://docs.aws.amazon.com/eks/latest/userguide/create-service-account-iam-policy-and-role.html

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

Install AWS, kubectl & eksctl CLI's

Step-03-02: eksctl on windows or linux

References:

eks-22

Create EKS Cluster with Node Groups

Step-00: Introduction

Step-01: Create EKS Cluster using eksctl

Step-02: Create & Associate IAM OIDC Provider for our EKS Cluster

Step-03: Create EC2 Keypair

Step-04: Create Node Group with additional Add-Ons in Public Subnets

Step-05: Verify Cluster & Nodes

Verify NodeGroup subnets to confirm EC2 Instances are in Public Subnet

Verify Cluster, NodeGroup in EKS Management Console

List Worker Nodes

Verify Worker Node IAM Role and list of Policies

Verify Security Group Associated to Worker Nodes

Verify CloudFormation Stacks

Login to Worker Node using Keypai kube-demo

Step-06: Update Worker Nodes Security Group to allow all traffic

Additional References

Files

README.md

Latest commit

History

README.md

File metadata and controls

Install AWS, kubectl & eksctl CLI's

Step-03-02: eksctl on windows or linux

References:

eks-22

Create EKS Cluster with Node Groups

Step-00: Introduction

Step-01: Create EKS Cluster using eksctl

Step-02: Create & Associate IAM OIDC Provider for our EKS Cluster

Step-03: Create EC2 Keypair

Step-04: Create Node Group with additional Add-Ons in Public Subnets

Step-05: Verify Cluster & Nodes

Verify NodeGroup subnets to confirm EC2 Instances are in Public Subnet

Verify Cluster, NodeGroup in EKS Management Console

List Worker Nodes

Verify Worker Node IAM Role and list of Policies

Verify Security Group Associated to Worker Nodes

Verify CloudFormation Stacks

Login to Worker Node using Keypai kube-demo

Step-06: Update Worker Nodes Security Group to allow all traffic

Additional References