How to set up Amazon EKS ? by VISEO

Thought Leadership article

How to set up Amazon EKS ?

What is the process of setting up a new kubernetes cluster using Amazon EKS once the desired architecture is published? Andrew, Cloud Solution Architect VISEO APAC, answers in 11 steps. Discover his article.

Kubernetes has become the de-facto industry standard for container orchestration. Amazon Web Services (AWS) is a well-known provider of cloud services, while Kubernetes is quickly becoming the standard way to manage application containers in production environment.  

 

Amazon EKS (Elastic Container Service for Kubernetes) is a managed Kubernetes service that allows you to run Kubernetes on AWS without the hassle of managing the Kubernetes control plane. Amazon EKS brings these two solutions together, allowing users to quickly and easily create Kubernetes clusters in the cloud. 

 

This guide walks you, step by step, through the process of provisioning a new Kubernetes cluster using Amazon EKS once the desired architecture is published. Amazon also has a setup guide, though, by itself, it will not enough to actually get started. You can find their documentation here

Step 1: Create a new IAM role for EKS to use.

[AWS docs

Using the AWS console, create a new role. You only need one role for as many EKS clusters as you plan to create, name it generically. The permissions matter, though. Choose EKS from the list of services, then Allows Amazon EKS to manage your clusters on your behalf. 

Step 2: Create a new VPC using CloudFormation.

[AWS docs]

You will probably want to create your own VPC. Don’t create one yourself — EKS is incredibly particular about things. Just use CloudFormation. Use this Amazon S3 template URL. The name for this VPC should be application specific. Name it "uat," "production," or whatever specific name you prefer. Each EKS cluster you create will have its own VPC. 

Step 3: Install the awscli version 1.16.73 or higher.

[AWS docs

Even on newer versions of Ubuntu, the awscli is not up-to-date enough in the apt repos. You’ll have to manually install using python’s pip utility, but first you’ll want to make sure that the awscli package is removed. Here, I’m using python3, but you could easily use python2 if you already have it. To do this, replace all instances of “python3” with “python” (not “python2”) and “pip3” with “pip” (not “pip2”). 

 

sudo apt-get remove -y --purge awscli 

sudo apt-get install -y python3 python3-pip 

sudo pip3 install awscli --upgrade 

aws --version 

Step 4: Create your EKS cluster with the AWS CLI.

[AWS docs]

I recommend not using the AWS console, because it could mess up permissions later. The IAM user who creates the EKS cluster is the only user who will have access to it once created. I created a cluster using root credentials (not realizing it), and then used kubectl with my user’s credentials. To create your cluster, use the following command, but replace the following:

 

1) the role ARN with the role ARN in the first step of this tutorial;

2) the subnet IDs with the subnets created using the CloudFormation template in this tutorial;

3) the security group ID with the security group ID created using the same CloudFormation template; and

4) the name “devel” with whatever you want to call your EKS cluster.

To get these IDs from CloudFormation, go to the created stack, and click the Outputs tab. 

 

aws eks create-cluster --name devel --role-arn arn:aws:iam::111122223333:role/eks-service-role-AWSServiceRoleForAmazonEKS-EXAMPLEBKZRQR --resources-vpc-config subnetIds=subnet-a9189fe2,subnet-50432629,securityGroupIds=sg-f5c54184 

Step 5: Install kubectl.

[kubernetes docs

This tool (kubectl) is how you manage kubernetes clusters. This step is not specific to AWS, so if you already have kubectl, you are good to go. For Ubuntu, I recommend using the system package manager by running these simple commands: 

 

sudo apt-get update && sudo apt-get install -y apt-transport-https 

curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add - 

echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee -a /etc/apt/sources.list.d/kubernetes.list 

sudo apt-get update 

sudo apt-get install -y kubectl 

Step 6: Install Amazon’s authenticator for kubectl and IAM.

[AWS docs

Amazon EKS uses IAM for user management and access to clusters. Out of the box, kubectl does not support IAM. To bridge the gap, you must install a binary on your system called  aws-iam-authenticator. Run these commands on Ubuntu: 

 

curl -o aws-iam-authenticator https://amazon-eks.s3-us-west-2.amazonaws.com/1.11.5/2018-12-06/bin/linux/amd64/aws-iam-authenticator 

chmod +x aws-iam-authenticator 

sudo mv aws-iam-authenticator /usr/bin/aws-iam-authenticator 

Step 7: Wait until the EKS cluster status is “ACTIVE”.

It should take about 10 minutes from when you ran the AWS CLI command to create it. 

Step 8: Update your ~/.kube/config using AWS CLI.

[AWS docs]

If you’ve followed the tutorial exactly to this point, all you need to do is run this command. It will update your kubectl configuration file with the context, user, and authentication commands. You will need to replace the name “devel” with the name of your cluster used in the “aws eks create-cluster” command above. Then, you can test your connection using the kubectl command listed next. 

 

aws eks update-kubeconfig --name devel 

kubectl get svc  

Step 9: Launch worker nodes into your EKS cluster.

[AWS docs]

There are a lot of options here, so I’ll just defer to the AWS docs link I posted. This step will help you create EC2 instances, place them in the right subnets, and help them connect to the EKS cluster. As such, it’s important to follow the directions exactly. 

Step 10: Download, edit, and apply the AWS authenticator configuration map.

This is a continuation of the previous step (even in the AWS docs), but worthy of note, since your nodes will not show up in the EKS cluster otherwise. To watch your nodes show up, run this kubectl command: 

 

kubectl get nodes --watch 

Step 11: Use kubectl like you would with any other kubernetes cluster.

[kubernetes docs, AWS docs for guestbook app]

At this point, you have a fully functioning EKS cluster. Congratulations!.