Introduction to AWS EKS and Its Importance

Amazon Elastic Kubernetes Service (EKS) is a managed Kubernetes service that simplifies deploying, managing, and scaling containerized applications using Kubernetes. AWS EKS is essential for businesses looking to harness Kubernetes’ orchestration power without managing the complexities of the underlying infrastructure. With EKS, you can leverage AWS infrastructure’s high availability, security, and scalability while focusing on your containerized applications.

This comprehensive guide will review the prerequisites for setting up AWS EKS, ensuring your environment is configured correctly before deploying your first cluster.

Essential AWS Resources Required for EKS Deployment

Before diving into the actual deployment of an EKS cluster, there are essential resources that need to be set up in your AWS environment:

  • IAM User with EKS Permissions: EKS requires specific permissions to manage clusters and nodes.
  • Virtual Private Cloud (VPC): EKS needs a VPC to host its network, including subnets, route tables, and internet gateways.
  • Subnets: Both public and private subnets are required for secure access to the nodes and the internet.
  • NAT Gateway: Ensures that nodes in private subnets can access the internet securely.
  • Security Groups manage traffic to the EKS control plane and worker nodes.
  • SSH Key Pair: Used to connect to worker nodes securely.

Creating an IAM User for EKS Operations

AWS Identity and Access Management (IAM) controls access to AWS services, including EKS. To create an IAM user for EKS operations, follow these steps:

  1. Go to the IAM console and select Users.
  2. Click Add User and choose a username (e.g., eks-admin).
  3. Select Programmatic access for CLI/SDK/API access.
  4. Attach the following managed policies:
    • AmazonEKSClusterPolicy
    • AmazonEKSWorkerNodePolicy
    • AmazonEKSServicePolicy
    • AmazonVPCFullAccess
    • AmazonEC2FullAccess
  5. Create the user and note the Access Key ID and Secret Access Key for later use.

Configuring AWS CLI for EKS Management

To interact with AWS EKS, the AWS Command Line Interface (CLI) must be configured. First, install the AWS CLI if you haven’t already:

sudo apt install awscli

Once installed, configure the CLI with your IAM user credentials:

aws configure

Provide the following details:

  • Access Key ID and Secret Access Key (from your IAM user)
  • Default Region Name (e.g., us-west-2)
  • Default Output Format (e.g., json)

This will allow you to execute AWS EKS commands and manage your clusters.

Establishing Network Infrastructure with VPC and Subnets

EKS requires an adequately configured VPC to run your Kubernetes clusters. To create a VPC:

  1. Navigate to the VPC Console.
  2. Select Create VPC and configure the following settings:
    • VPC Name: Choose a name (e.g., eks-vpc).
    • IPv4 CIDR block: Assign a block (e.g., 10.0.0.0/16).
    • Tenancy: Choose default.

Once the VPC is created, proceed to make the necessary subnets.

Creating Public and Private Subnets

  1. In the VPC Console, select Subnets.
  2. Create two public subnets (e.g., public-subnet-1 and public-subnet-2) in different availability zones for redundancy.
  3. Create two private subnets (e.g., private-subnet-1 and private-subnet-2) for the worker nodes.

Ensure the subnets have the proper route table configurations for internet access.

Enabling DNS Hostnames and Setting Up Internet Gateway

To allow your instances to access the internet:

  1. Go to the VPC Dashboard and select Actions > Edit DNS Resolution. Enable DNS Hostnames.
  2. Attach an Internet Gateway to the VPC:
    • In the VPC dashboard, choose Internet Gateway, click Create Internet Gateway, and name it (e.g., eks-igw).
    • Attach the internet gateway to your EKS VPC.

Modify the route table for your public subnets to route traffic through the internet gateway.

Configuring Private Subnets and NAT Gateway for Secure Access

Worker nodes in private subnets need access to the internet for updates and pulling images from container registries. A NAT Gateway allows outbound internet access while keeping your instances private.

  1. In the VPC Console, select NAT Gateways.
  2. Create a NAT Gateway in one of the public subnets.
  3. Update the route table of your private subnets to route internet traffic through the NAT Gateway.

This setup ensures your worker nodes can access necessary resources while maintaining security.

Generating SSH Key Pair for Secure Connections

To securely access your worker nodes via SSH, you need an SSH key pair:

  1. In the EC2 Console, select Key Pairs.
  2. Create a new key pair and download the .pem file (e.g., eks-key.pem).
  3. Ensure the key file has the correct permissions:

chmod 400 eks-key.pem

This key will securely access EC2 instances (worker nodes).

Conclusion

Setting up AWS EKS involves configuring various AWS resources, from IAM users to VPCs and subnets, to ensure your Kubernetes clusters run smoothly. Following the steps outlined in this guide will prepare your environment for a successful EKS deployment, enabling you to focus on running and scaling your containerized applications.

References

Deploy a sample application

Create an Amazon EKS cluster