2.3 KiB
Provisioning an Amazon EKS (Elastic Kubernetes Service) Cluster
Amazon EKS is a fully managed Kubernetes service suitable for production deoployments. The below instructions were compiled using the following dependency versions:
- eksctl v1.15
- kubernetes v1.15
AWS CLI tools
Install Python 3 via system package manager, and the AWS cli tools via pip:
pip install awscli --upgrade --user
AWS Account
Install the AWS IAM Authenticator https://github.com/kubernetes-sigs/aws-iam-authenticator
Create AWS account(s) via the AWS console:
https://console.aws.amazon.com/
Users of the cluster require no permissions at this point, but the user creating the cluster does. Once configured, set the local environment variables:
AWS_REGION=us-east-2
AWS_SECRET_ACCESS_KEY=[redacted]
AWS_ACCESS_KEY_ID=[redacted]
Or use aws credentials. To configure the CLI to use credintials, for instance:
To ~/.aws/config
append:
[profile alice]
region = us-west-2
output = json
To ~/.aws/credentials
append:
[alice]
aws_access_key_id = [redacted]
aws_secret_access_key = [redacted]
The profile to use can then be configured using the environment varaible:
AWS_PROFILE=alice
(note that direnv can be handy here.)
SSH key
Generate cluster SSH key, saving into ./keys/ssh
ssh-keygen -t rsa -b 4096
Cluster Resources
Install eksctl
https://github.com/weaveworks/eksctl
Provision the cluster using eksctl
. For example, the configuration file ./eks/cluster-config.yaml
will create a single-node cluster named "prod" in the "us-west-2" region if used:
eksctl create cluster -f eks/config-cluster.yaml
Users
Install users by modifying the template to include the ARN and username of the IAM users to give access to the cluster:
kubectl patch -n kube-system configmap/aws-auth --patch "$(cat eks/users.yaml)"
Verify Cluster Provisioned
You should be able to retrieve nodes from the cluster, which should include coredns, kube-proxy, etc.
kubectl get po --all-namespaces
Administration
See the eksctl documentation for how to adminster a cluster, such as cluster upgrades using this helper CLI.