Deep dive into AWS EKS

AWS EKS has two main components. These components are as follows:

  • Control plane
  • Worker nodes

Control Plane is the managed Kubernetes master by AWS, which includes an etcd database. AWS helps to deploy the Kubernetes master on multiple availability zones. A user can monitor and access the control plane via the AWS Web Console or AWS CLI. As well as this, a user can gain access to Kubernetes API server via Kubernetes clients such as the kubectl command.

As of December 2018, AWS only provides a custom Amazon Machine Images (AMI) for worker nodes. AWS provides neither Web Console nor AWS CLI to create and configure the worker nodes yet. Therefore, the user needs to use that AMI to launch EC2 instance(s) to configure worker nodes manually.

Amazon and Weaveworks made an open source project named eksctl (https://eksctl.io/). It's easier to deploy an EKS cluster than AWS CLI and some manual steps.
If you have difficulty understanding AWS basics and EKS provisioning, it's recommended to use eksctl instead.

Fortunately, AWS provides a CloudFormation template that's easy to use to launch and configure worker nodes, so let's extend the previous example of VPC to set up Amazon EKS. To do that, you need to prepare the following settings beforehand:

  • Set up the IAM Service Role (defines which AWS user can create EKS resources) as follows:
$ aws iam create-role --role-name eksServiceRole --assume-role-policy-document '{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "eks.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }'

$ aws iam attach-role-policy --role-name eksServiceRole --policy-arn arn:aws:iam::aws:policy/AmazonEKSClusterPolicy

$ aws iam attach-role-policy --role-name eksServiceRole --policy-arn arn:aws:iam::aws:policy/AmazonEKSServicePolicy
  • Set up the security group (assign to Control Plane, then worker nodes use this security group to allow access from Control Plane):
$ aws ec2 create-security-group --vpc-id vpc-0ca37d4650963adbb --group-name eks-control-plane --description "EKS Control Plane"
{
 "GroupId": "sg-0fbac0a39bf64ba10"
}
  • Tag this to a private subnet (to tell Internal ELB that this is a private subnet):
$ aws ec2 create-tags --resources subnet-04b78ed9b5f96d76e --tags Key=kubernetes.io/role/internal-elb,Value=1

$ aws ec2 create-tags --resources subnet-08e16157c15cefcbc --tags Key=kubernetes.io/role/internal-elb,Value=1
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset