Creating an Amazon EKS Cluster
Objective
Creating an Amazon EKS cluster with eksctl allows for a wide range of configurations to cater to different needs. This can be achieved directly via command-line parameters or, for more complex setups, by utilizing a configuration file. This lab shows you how to create an Amazon EKS cluster using a configuration file specifically aimed at deploying the python-fastapi-demo-docker project's resources.
Initial Setup
Navigate to the root directory of the python-fastapi-demo-docker project where your environment variables are sourced:
cd ~/environment/python-fastapi-demo-docker
- Fargate
- Managed Node Groups
1. Using the cluster configuration file for Fargate nodes
The create-fargate-python.yaml eksctl configuration file sets up a Fargate-based cluster for deploying our python-fastapi-demo-docker with the following components:
- Metadata: This section contains crucial metadata about your cluster, such as the cluster's name ("fargate-quickstart"), the AWS region where the cluster will be hosted ("us-east-1"), and the Kubernetes version ("1.26") that the cluster will run.
- Fargate Profiles: This section configures the Fargate profiles, which determine how and which pods are launched on Fargate. By default, a maximum of five namespaces can be included. In our configuration, we're using the
defaultandkube-systemnamespaces and have also added a custom namespace,my-cool-app, to host the application we plan to deploy on the cluster. - Permissions (IAM): This section outlines how the configuration utilizes IAM roles for service accounts through an OpenID Connect (OIDC) identity provider. Two service accounts are established here:
aws-load-balancer-controller, which authorizes Kubernetes to manage the AWS Load Balancer Controller (LBC),ecr-access-service-account, which facilitates interactions with the Amazon Elastic Container Registry (ECR). - Logs (CloudWatch): The configuration wraps up with a
cloudWatchsection, which sets up Amazon CloudWatch logging for the cluster. All categories of Kubernetes control plane logs are enabled and are set to be retained for 30 days.
2. Creating the Cluster
From the python-fastapi-demo-docker project directory, create the cluster using the eksctl configuration file:
Make sure to verify the region specified in eks/create-fargate-python.yaml and change it, if needed. The region must be same as the one you used in your .env file.
eksctl create cluster -f eks/create-fargate-python.yaml
- To avoid execution errors, update eksctl to the latest version using eksctl official documentation.
- If you receive an
Error: checking AWS STS accessin the response, be sure to check that you’re using the right IAM user identity for the current shell session. Depending on how you configured the AWS CLI, you may also need to specify a named profile (for example,--profile clusteradmin).
Upon completion, the output should look something like this:
2023-05-26 13:10:23 [✔] EKS cluster "fargate-quickstart" in "us-east-1" region is ready
3. View Namespaces
Check the namespaces in your cluster by running the following command:
kubectl get namespaces
The output should look something like this:
NAME STATUS AGE
default Active 27m
kube-node-lease Active 27m
kube-public Active 27m
kube-system Active 27m
my-cool-app Active 27m
- If you receive authentication errors, update kubeconfig using the following command
aws eks update-kubeconfig --name fargate-quickstart
4. Creating a Namespace
While we've already created the necessary Fargate profile and namespace for this workshop, to create any additional namespace and fargate profile, run the following commands:
kubectl create namespace my-cool-app-v2
Before creating a Fargate Profile, first ensure that Fargate PodExecutionRole exists in the account. Create a PodExecutionRole with name AmazonEKSFargatePodExecutionRole if it doesn't exist following the steps in EKS Fargate documentation.
Then create a Fargate profile running the command below:
aws eks create-fargate-profile \
--region ${AWS_REGION} \
--cluster fargate-quickstart \
--fargate-profile-name fp-dev \
--pod-execution-role-arn arn:aws:iam::${AWS_ACCOUNT_ID}:role/AmazonEKSFargatePodExecutionRole \
--selectors namespace=my-cool-app-v2
Conclusion
This lab has walked you through the process of creating an Amazon EKS Fargate cluster pre-configured to deploy the python-fastapi-demo-docker project's resources. By following these instructions, you've set up a functioning Kubernetes cluster on Amazon EKS, ready for deploying applications.
1. Using the cluster configuration file for Managed Node Groups
The create-mng-python.yaml eksctl configuration file sets up a managed node groups-based cluster for deploying our python-fastapi-demo-docker with the following components:
- Metadata: This section contains crucial metadata about your cluster, such as the cluster's name ("managednode-quickstart"), the target AWS region ("us-east-1"), and the Kubernetes version ("1.26") to be deployed.
- Permissions (IAM): This section outlines how the configuration utilizes IAM roles for service accounts through an OpenID Connect (OIDC) identity provider. Two service accounts are established here:
aws-load-balancer-controller, which authorizes Kubernetes to manage the AWS Load Balancer Controller (LBC),ecr-access-service-account, which facilitates interactions with the Amazon Elastic Container Registry (ECR). - Managed node groups: This section defines a managed node group called
eks-mng. Nodes within this group are based ont3.mediuminstance types, with an initial deployment of two nodes. For more instance types, see Amazon EC2 Instance Types. - Managed add-ons: The configuration contains an
addonssection, which defines the EKS add-ons to be enabled on the cluster. In this case,kube-proxy,vpc-cni(a networking plugin for pods in VPC), andcoredns(a DNS server) are activated. Thevpc-cniaddon is additionally linked with the AmazonEKS_CNI_Policy policy. - Logs (CloudWatch): The configuration wraps up with a
cloudWatchsection, which sets up Amazon CloudWatch logging for the cluster. All categories of Kubernetes control plane logs are enabled and are set to be retained for 30 days.
2. Creating the Cluster
From the 'python-fastapi-demo-docker' project directory, create the cluster using the eksctl configuration file. The cluster creation can take upwards of 15 minutes so now is a good time to stretch:
Make sure to verify the region specified in eks/create-mng-python.yaml and change it, if needed. The region must be same as the one you used in your .env file.
eksctl create cluster -f eks/create-mng-python.yaml
- To avoid execution errors, update eksctl to the latest version using eksctl official documentation.
- If you receive an “Error: checking AWS STS access” in the response, be sure to check that you’re using the right user identity for the current shell session. Depending on how you configured the AWS CLI, you may also need to specify a named profile (for example,
--profile clusteradmin).
Upon completion, the output should look something like this:
2023-05-26 13:10:23 [✔] EKS cluster "managednode-quickstart" in "us-east-1" region is ready
3. Viewing Namespaces
Check the namespaces in your cluster by running the following command:
kubectl get namespaces
The output should look something like this:
NAME STATUS AGE
default Active 41h
kube-node-lease Active 41h
kube-public Active 41h
kube-system Active 41h
my-cool-app Active 41h
- If you receive authentication errors, update kubeconfig using the following command
aws eks update-kubeconfig --name managednode-quickstart
Conclusion
This tutorial walked you through the process of creating and connecting to an Amazon EKS cluster using managed node groups for the python-fastapi-demo-docker application. By using the eksctl tool and understanding the ClusterConfig file, you are now better equipped to deploy and manage Kubernetes applications, while AWS takes care of the node lifecycle management.