Deploying Kubernetes Application on AWS

Amazon EKS – AWS Management Console and AWS CLI

This guide helps you to create all of the required resources to get started with Amazon Elastic Kubernetes Service (Amazon EKS) using the AWS Management Console and the AWS CLI. In this guide, you manually create each resource. At the end of this tutorial, you will have a running Amazon EKS cluster that you can deploy applications to.

The procedures in this guide give you complete visibility into how each resource is created and how the resources interact with each other. If you’d rather have most of the resources created for you automatically, use the eksctl CLI to create your cluster and nodes. For more information, see Getting started with Amazon EKS – eksctl.

Prerequisites

Before starting this tutorial, you must install and configure the following tools and resources that you need to create and manage an Amazon EKS cluster.

• AWS CLI– A command line tool for working with AWS services, including Amazon EKS. This guide requires that you use version 2.2.5 or later or 1.19.75 or later. For more information, see Installing, updating, and uninstalling the AWS CLI in the AWS Command Line Interface User Guide. After installing the AWS CLI, we recommend that you also configure it. For more information, see Quick configuration with aws configure in the AWS Command Line Interface User Guide.
• kubectl– A command line tool for working with Kubernetes clusters. This guide requires that you use version 1.20 or later. For more information, see Installing kubectl.
• Required IAM permissions– The IAM security principal that you’re using must have permissions to work with Amazon EKS IAM roles and service linked roles, AWS CloudFormation, and a VPC and related resources. For more information, see Actions, resources, and condition keys for Amazon Elastic Container Service for Kubernetes and Using service-linked roles in the IAM User Guide. You must complete all steps in this guide as the same user.

Step 1: Create your Amazon EKS cluster

Create an Amazon EKS cluster.

Important

To get started as simply and quickly as possible, this topic includes steps to create a cluster and nodes with default settings. Before creating a cluster and nodes for production use, we recommend that you familiarize yourself with all settings and deploy a cluster and nodes with the settings that meet your requirements. For more information, see Creating an Amazon EKS cluster and Amazon EKS nodes.

To create your cluster

1. Create an Amazon VPC with public and private subnets that meets Amazon EKS requirements. You can replace example valueswith your own, but we recommend using the example values in this tutorial.
2. aws cloudformation create-stack \
3. –region us-west-2 \
4. –stack-name my-eks-vpc-stack \

  –template-url https://s3.us-west-2.amazonaws.com/amazon-eks/cloudformation/2020-10-29/amazon-eks-vpc-private-subnets.yaml

5. Create a cluster IAM role and attach the required Amazon EKS IAM managed policy to it. Kubernetes clusters managed by Amazon EKS make calls to other AWS services on your behalf to manage the resources that you use with the service.
   1. Copy the following contents to a file named cluster-role-trust-policy.json.
   2. {
   3. “Version”: “2012-10-17”,
   4. “Statement”: [
   5. {
   6. “Effect”: “Allow”,
   7. “Principal”: {
   8. “Service”: “eks.amazonaws.com”
   9. },
   10. “Action”: “sts:AssumeRole”
   11. }
   12. ]

}

1. Create the role.
2. aws iam create-role \
3. –role-name myAmazonEKSClusterRole \

  –assume-role-policy-document file://”cluster-role-trust-policy.json“

1. Attach the required Amazon EKS managed IAM policy to the role.
2. aws iam attach-role-policy \
3. –policy-arn arn:aws:iam::aws:policy/AmazonEKSClusterPolicy \

  –role-name myAmazonEKSClusterRole

6. Open the Amazon EKS console at https://console.aws.amazon.com/eks/home#/clusters.

Make sure that the Region selected in the top right of your console is Oregon. If not, select the drop-down next to the Region name and select US West (Oregon) us-west-2 . Though you can create a cluster in any Amazon EKS supported Region, in this tutorial, it’s created in US West (Oregon) us-west-2.

7. Select Create cluster. If you don’t see this option, in the Create EKS clusterbox, enter a name for your cluster, such as my-cluster, and select Next step.
8. On the Configure clusterpage enter a name for your cluster, such as my-cluster and select myAmazonEKSClusterRole for Cluster Service Role. Leave the remaining settings at their default values and select Next.
9. On the Specify networkingpage, select vpc-00x0000x000x0x000 | my-eks-vpc-stack-VPC from the VPC drop down list. Leave the remaining settings at their default values and select Next.
10. On the Configure loggingpage, select Next.
11. On the Review and createpage, select Create.

To the right of the cluster’s name, the cluster status is Creating for several minutes until the cluster provisioning process completes. Don’t continue to the next step until the status is Active.

Note

You might receive an error that one of the Availability Zones in your request doesn’t have sufficient capacity to create an Amazon EKS cluster. If this happens, the error output contains the Availability Zones that can support a new cluster. Retry creating your cluster with at least two subnets that are located in the supported Availability Zones for your account. For more information, see Insufficient capacity.

Step 2: Configure your computer to communicate with your cluster

In this section, you create a kubeconfig file for your cluster. The settings in this file enable the kubectl CLI to communicate with your cluster.

To configure your computer to communicate with your cluster

1. Create or update a kubeconfigfile for your cluster. If necessary, replace us-west-2 with the Region that you created your cluster in.
2. aws eks update-kubeconfig \
3. –region us-west-2 \

  –name my-cluster

By default, the config file is created in ~/.kube or the new cluster’s configuration is added to an existing config file in ~/.kube.

4. Test your configuration.

kubectl get svc

Note

If you receive any authorization or resource type errors, see Unauthorized or access denied (kubectl) in the troubleshooting section.

Output

NAME             TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE

svc/kubernetes   ClusterIP   10.100.0.1   <none>        443/TCP   1m

Step 3: Create an IAM OpenID Connect (OIDC) provider

Create an IAM OpenID Connect (OIDC) provider for your cluster so that Kubernetes service accounts used by workloads can access AWS resources. You only need to complete this step one time for a cluster.

1. Select the Configuration
2. In the Detailssection, copy the value for OpenID Connect provider URL.
3. Open the IAM console at https://console.aws.amazon.com/iam/.
4. In the navigation panel, choose Identity Providers.
5. Choose Add Provider.
6. For Provider Type, choose OpenID Connect.
7. For Provider URL, paste the OIDC provider URL for your cluster from step two, and then choose Get thumbprint.
8. For Audience, enter amazonaws.comand choose Add provider.

Step 4: Create nodes

You can create a cluster with one of the following node types. To learn more about each type, see Amazon EKS nodes. After your cluster is deployed, you can add other node types.

• Fargate – Linux– Select this type if you want to run Linux applications on AWS Fargate.
• Managed nodes – Linux– Select this type if you want to run Amazon Linux applications on Amazon EC2 instances. Though not covered in this guide, you can also add Windows self-managed and Bottlerocket nodes to your cluster. A cluster must contain at least one Linux node, even if all your workloads are Windows.

Select the tab with the name of the node type that you’d like to create.

• Fargate – Linux
• Managed nodes – Linux

Create a Fargate profile. When Kubernetes pods are deployed with criteria that matches the criteria defined in the profile, the pods are deployed to Fargate.

To create a Fargate profile

1. Create an IAM role and attach the required Amazon EKS IAM managed policy to it. When your cluster creates pods on Fargate infrastructure, the components running on the Fargate infrastructure need to make calls to AWS APIs on your behalf to do things like pull container images from Amazon ECR or route logs to other AWS services. The Amazon EKS pod execution role provides the IAM permissions to do this.
   1. Copy the following contents to a file named pod-execution-role-trust-policy.json.
   2. {
   3. “Version”: “2012-10-17”,
   4. “Statement”: [
   5. {
   6. “Effect”: “Allow”,
   7. “Principal”: {
   8. “Service”: “eks-fargate-pods.amazonaws.com”
   9. },
   10. “Action”: “sts:AssumeRole”
   11. }
   12. ]

}

1. Create a pod execution IAM role.
2. aws iam create-role \
3. –role-name myAmazonEKSFargatePodExecutionRole \

  –assume-role-policy-document file://”pod-execution-role-trust-policy.json“

1. Attach the required Amazon EKS managed IAM policy to the role.
2. aws iam attach-role-policy \
3. –policy-arn arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy \

  –role-name myAmazonEKSFargatePodExecutionRole

2. Open the Amazon EKS console at https://console.aws.amazon.com/eks/home#/clusters.
3. Choose the cluster to create a Fargate profile for and select the Configurationtab, then the Compute
4. Under Fargate profiles, choose Add Fargate profile.
5. On the Configure Fargate profilepage, enter the following information and choose Next.
   1. For Name, enter a unique name for your Fargate profile, such as my-profile.
   2. For Pod execution role, choose the myAmazonEKSFargatePodExecutionRolerole that you created in step one.
   3. Select the Subnetsdropdown and unselect any subnet with Public in its name. Only private subnets are supported for pods running on Fargate.
6. On the Configure pods selectionpage, enter the following information and choose Next.
   1. For Namespace, enter default.
7. On the Review and createpage, review the information for your Fargate profile and choose Create.

Step 5: View resources

You can view your nodes and Kubernetes workloads.

To view your nodes

1. In the left pane, select Clusters, and then in the list of Clusters, select the name of the cluster that you created, such as my-cluster.
2. On the Overviewtab, you see the list of Nodes that were deployed for the cluster. You can select the name of a node to see more information about it. For more information about what you see here, see View nodes.
3. On the Workloadstab of the cluster, you see a list of the workloads that are deployed by default to an Amazon EKS cluster. You can select the name of a workload to see more information about it. For more information about what you see here, see View workloads.

Step 6: Delete your cluster and nodes

After you’ve finished with the cluster and nodes that you created for this tutorial, you should clean up by deleting the cluster and nodes. If you want to do more with this cluster before you clean up, see Next steps.

To delete your cluster and nodes

1. Delete all node groups and Fargate profiles.
   1. Open the Amazon EKS console at https://console.aws.amazon.com/eks/home#/clusters.
   2. In the left navigation, select Clusters, and then in the list of clusters, select the name of the cluster that you want to delete.
   3. Select the Configuration On the Computetab, select:
      • The node group that you created in a previous step and select Delete. Enter the name of the node group, and then select Delete.
      • The Fargate Profilethat you created in a previous step and select Delete. Enter the name of the profile, and then select Delete.
   4. Delete the cluster.
      1. Open the Amazon EKS console at https://console.aws.amazon.com/eks/home#/clusters.
      2. Select the cluster to delete and choose Delete.
      3. On the delete cluster confirmation screen, choose Delete.
   5. Delete the VPC AWS CloudFormation stack that you created in this guide.
      1. Open the AWS CloudFormation console at https://console.aws.amazon.com/cloudformation.
      2. Select the VPC stack to delete, and choose Delete.
      3. On the Delete Stackconfirmation screen, choose Delete stack.
   6. Delete the IAM roles that you created.
      1. Open the IAM console at https://console.aws.amazon.com/iam/.
      2. In the left navigation pane, select Roles.
      3. Select the myAmazonEKSClusterRolefrom the list. Select Delete role, and then select Yes, Delete. Delete the myAmazonEKSFargatePodExecutionRole or myAmazonEKSNodeRole role that you created and the myAmazonEKSCNIRole role, if you created one.

 courtesy : https://docs.aws.amazon.com/eks/latest/userguide/getting-started-console.html