Production ready EKS cluster setup — Part I

Using AWS CloudFormation infrastructure as a tool to provision the EKS cluster

Madhan published on
3 min, 594 words

Tags: eks aws cloud-formation iac k8s

AWS EKS — CloudFormation

In this article, we are going to see how to create a Production ready EKS cluster by following the steps using the CloudFormation template and AWS dashboard.

Overall steps

1. Setting up networking components

When it comes to networking setup Amazon EKS service has specific requirements and considerations for the VPC and subnets in the cluster being deployed. And AWS also maintains a CloudFormation template that can help us create VPC and subnets.

Head on to CloudFormation section, choose to Create stack option, and add the following AWS S3 URL template it has the option of creating subnets in both public and private.

https://s3.us-west-2.amazonaws.com/amazon-eks/cloudformation/2020-10-29/amazon-eks-vpc-private-subnets.yaml

After uploading the template you’ll have the option to customize the CIDR blocks. And I’m naming this stack has the eks-vpc-stack.

VPC parameter config

2. Creating an IAM role

AWS-managed Kubernetes EKS service needs to access other AWS services on your behalf to manage the resources. For that, we need to create an IAM role with access to AmazonEKSClusterPolicy and I’m naming it as eks-cluster-role

IAM role

3. Creating an EKS cluster

Upon creating the EKS cluster make sure to select the previously created VPC & IAM role as follows and complete the setup.

EKS setup

Once the setup is completed, update the kube config details using AWS CLI. You can now access the namespace but not the Kubernetes nodes since we haven’t configured the worker nodes yet.

AWS kubeconfig setup

4. Creating self-managed worker nodes

Go to CloudFormation stack and add the following template to it.

https://s3.us-west-2.amazonaws.com/amazon-eks/cloudformation/2022-12-23/amazon-eks-nodegroup.yaml

In the parameter section, provide the ClusterName matching the EKS cluster name we’ve created and selecting the appropriate VPC, Subnets, Security Group, and SSH key pair.

5. Joining Worker nodes to the Control plane

To attach the worker nodes to the control plane, modify the following yml file key rolearn with the arn value of NodeInstanceRole (created as part of the Worker node CloudFormation template). And apply the k8s file to attach the worker nodes to the control plane.

apiVersion: v1
kind: ConfigMap
metadata:
  name: aws-auth
  namespace: kube-system
data:
  mapRoles: |
    - rolearn: arn:aws:iam::942487838076:role/eks-worker-node-NodeInstanceRole-1B9EVIY7CEYD8
      username: system:node:{{EC2PrivateDNSName}}
      groups:
        - system:bootstrappers
        - system:nodes

Once the above k8s file is applied successfully; we can able to get all the nodes by running the below command.

EKS — nodes

* * * *

Originally published on Medium

References:

[1] https://docs.aws.amazon.com/eks/latest/userguide/what-is-eks.html