Jenkins X : An opinionated cloud native CI/CD tool (series blog-1)
In this blog we will create a Kubernetes cluster in AWS with minimal steps. No to little knowledge of AWS is required to follow this blog.
aws configure
command by passing AWS Secret Key ID & AWS Secret Access Key. Enter your desired AWS region and default output format.Create an AWS VPC with public and private subnets. Replace the region-code with any AWS region that is supported by AWS EKS(Elastic Kubernetes Service). Replace the name my-eks-vpc-stack with any name you like.
aws cloudformation create-stack \
--region region-code \
--stack-name my-eks-vpc-stack \
--template-url https://amazon-eks.s3.us-west-2.amazonaws.com/cloudformation/2020-10-29/amazon-eks-vpc-private-subnets.yaml
Create an AWS IAM role to be assumed by your K8S cluster and add policies to that role. K8S cluster will make calls to other AWS services (like S3,ELB etc) on your behalf via this role. To create a role, copy the below code to a file and name it as eks_role.json
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "eks.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
Run below command to actually create the role in AWS account
aws iam create-role \
--role-name myAmazonEKSRole \
--assume-role-policy-document file://"eks_role.json"
Attach the required EKS managed policy to this role
aws iam attach-role-policy \
--policy-arn arn:aws:iam::aws:policy/AmazonEKSClusterPolicy \
--role-name myAmazonEKSRole
Open the AWS console at : https://console.aws.amazon.com/eks/home#/clusters to create a minimal EKS cluster
NOTE: Ensure you have chosen the desired region to create the EKS cluster.
You will see a similar webpage as below.
Click on Create Cluster and fill the form as below:
Proceed ahead only after the EKS cluster is in active state.
Configure your workstation/laptop to send request to the newly created AWS EKS cluster Give the region-code same as where EKS cluster is provisioned above.
aws eks update-kubeconfig --region region-code --name my-eks-cluster
To verify you are able to communicate to EKS cluster from your workstation, run below command
kubectl get svc
You will see similar output.
Create an IAM role that will be assumed by the EC2 nodes that will act as worker nodes in EKS cluster and attach the EKS managed policies to it.
Copy the below content in a file and name it eks-node-group-role.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
Create the node IAM role
aws iam create-role \
--role-name myEKSNodeRole \
--assume-role-policy-document file://"eks-node-group-role.json"
Add required EKS managed policies to above role
aws iam attach-role-policy \
--policy-arn arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy \
--role-name myEKSNodeRole
aws iam attach-role-policy \
--policy-arn arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryFullAccess \
--role-name myEKSNodeRole
aws iam attach-role-policy \
--policy-arn arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly \
--role-name myEKSNodeRole
aws iam attach-role-policy \
--policy-arn arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy \
--role-name myEKSNodeRole
**
In AWS Console go inside your EKS cluster (my-eks-cluster), then Configuration, then Compute, click on Add Node group (follow below snapshot)
Fill out the form with following details:
To verify if your EKS cluster is running fine, run below command
kubect get nodes
You should see similar output.
Learn about Rackspace Managed AWS Services.
Learn about Rackspace Cloud Native Technologies.
Use the Feedback tab to make any comments or ask questions. You can also start a conversation with us.