Post

Create an EKS cluster with eksctl and aws cli

Posted Updated
By Riz 2 min read

Install aws cli

Install aws cli from here

Install eksctl

Install eksctl from here

Define the cluster config

File: 01-cluster-config.yaml

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58

apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig

metadata:
  name: my-eks-cluster
  region: eu-west-2

nodeGroups:
  - name: workers
    desiredCapacity: 3
    instancesDistribution:
      maxPrice: 0.085 # Set an appropriate max price for Spot instances
    availabilityZones: ["eu-west-2a", "eu-west-2b", "eu-west-2c"]
    privateNetworking: true # If you want to use private networking for the nodes
    iam:
      attachPolicyARNs:
        - arn:aws:iam:YOUR-ACCOUNT-NUMBER:aws:policy/worker-policy

    # insatnce types for the nodes
    instanceType:
      - m5.large
      - c5.large


    # Specify subnets for each Availability Zone
    subnets:
      - subnet-0-az-a
      - subnet-1-az-b
      - subnet-2-az-c

vpc:
  # create vpc with this cidr
  cidr: 10.0.0.0/16

  subnets:
    private:
      eu-west-2a:
        id: subnet-0-az-a
        cidr: 10.0.1.0/24
      eu-west-2b:
        id: subnet-1-az-b
        cidr: 10.0.2.0/24
      eu-west-2c:
        id: subnet-2-az-c
        cidr: 10.0.3.0/24
    public:
      eu-west-2a:
        id: subnet-public-0-az-a
        natGateway: true
        cidr: 10.0.4.0/24
      eu-west-2b:
        id: subnet-public-1-az-b
        natGateway: true
        cidr: 10.0.5.0/24
      eu-west-2c:
        id: subnet-public-2-az-c
        natGateway: true
        cidr: 10.0.6.0/24

Replace YOUR-ACCOUNT-NUMBER with your aws account number in the file above this can be done using the following sed command

1

sed -i 's/arn:aws:iam:YOUR-ACCOUNT-NUMBER:/arn:aws:iam:111111111:/g' 01-cluster-config.yaml

Define worker policy for aws worker nodes

Create policy for worker nodes in the cluster to able to pull images from your private ecr repository.

File: 02-worker-iam-policy.json

1
2
3
4
5
6
7
8
9
10
11
12
13
14

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ecr:GetDownloadUrlForLayer",
        "ecr:BatchGetImage",
        "ecr:BatchCheckLayerAvailability"
      ],
      "Resource": "*"
    }
  ]
}

Deploy AWS policy for worker nodes

Run the following command in terminal

1

aws iam create-policy --policy-name worker-policy --policy-document 02-worker-iam-policy.json

Deploy the eks cluster

Run the following command in terminal

1

eksctl create cluster -f 01-cluster-config.yaml

Enable OIDC for EKS cluster

Enable OIDC on your cluster so that IRSA can be used in the cluster. This allows associating kubernetes service account roles to aws iam roles to allow pods and services to access aws services.

Set cluster name

1

export cluster_name=my-eks-cluster

Retrieve oidc_id

1

oidc_id=$(aws eks describe-cluster --name $cluster_name --query "cluster.identity.oidc.issuer" --output text | cut -d '/' -f 5)

Check whether oidc has already been set up

1

aws iam list-open-id-connect-providers | grep $oidc_id | cut -d "/" -f4

If oidc has not been set up, then set it up

1

eksctl utils associate-iam-oidc-provider --cluster $cluster_name --approve
k8s
eks k8s aws eksctl
This post is licensed under CC BY 4.0 by the author.

Trending Tags

aws eks eksctl k8s