Introduction to Amazon EKS
Amazon Elastic Kubernetes Service (EKS) is a managed service that simplifies containerized applications’ deployment, management, and scalability using Kubernetes on AWS. EKS automates many complex tasks of managing Kubernetes, allowing developers to focus on building and deploying applications.
What is Amazon EKS?
Amazon EKS is a fully managed Kubernetes service that provides a scalable and highly available environment for deploying containerized applications. It eliminates the need to manage the Kubernetes control plane, enabling users to focus on deploying and managing their applications.
Key Features of Amazon EKS
- Managed Kubernetes Control Plane: EKS automatically manages the availability and scalability of the Kubernetes control plane.
- Integration with AWS Services: Seamless integration with other AWS services such as IAM, VPC, CloudWatch, and more.
- Security and Compliance: Built-in security features, including IAM roles for service accounts, encryption, and compliance with various regulatory requirements.
- High Availability: EKS runs across multiple AWS availability zones, ensuring high availability and fault tolerance.
- Scalability: Automatically scales the Kubernetes control plane and nodes to meet the demands of your applications.
Prerequisites
Before setting up an EKS cluster using CDKTF (Cloud Development Kit for Terraform), ensure you have the following:
- An AWS account
- AWS CLI installed and configured
- Terraform installed
- CDKTF installed
- Basic knowledge of Kubernetes and AWS
VPC Setup
To set up networking for your EKS cluster, you need a virtual private cloud (VPC), including subnets, route tables, and internet gateways.
import * as cdktf from ‘cdktf’;
import { Vpc, Subnet, RouteTable, RouteTableAssociation, InternetGateway, SecurityGroup, SecurityGroupRule } from ‘./.gen/modules/vpc’;
const vpc = new Vpc(this, ‘EKS-VPC’, {
name: ‘eks-vpc’,
cidr: ‘10.0.0.0/16’,
azs: [‘us-west-2a’, ‘us-west-2b’],
publicSubnets: [‘10.0.1.0/24’, ‘10.0.2.0/24’],
privateSubnets: [‘10.0.3.0/24’, ‘10.0.4.0/24’],
enableDnsHostnames: true,
enableDnsSupport: true,
});
Creating an EKS Cluster using CDKTF
IAM Role and Security Group Creation
IAM roles and security groups are essential for controlling access and ensuring the security of your EKS cluster.
const eksRole = new aws.iam.Role(this, ‘EKSRole’, {
assumeRolePolicy: JSON.stringify({
Version: “2012-10-17”,
Statement: [{
Action: “sts:AssumeRole”,
Principal: { Service: “eks.amazonaws.com” },
Effect: “Allow”,
Sid: “”
}]
})
});
const eksSecurityGroup = new aws.ec2.SecurityGroup(this, ‘EKSSecurityGroup’, {
vpcId: vpc.id,
description: ‘EKS security group’,
ingress: [{
fromPort: 443,
toPort: 443,
protocol: ‘tcp’,
cidrBlocks: [‘0.0.0.0/0’]
}],
egress: [{
fromPort: 0,
toPort: 0,
protocol: ‘-1’,
cidrBlocks: [‘0.0.0.0/0’]
}]
});
Building the EKS Cluster
const eksCluster = new aws.eks.Cluster(this, ‘EKSCluster’, {
name: ‘my-eks-cluster’,
roleArn: eksRole.arn,
vpcConfig: {
subnetIds: vpc.privateSubnets.map(subnet => subnet.id),
securityGroupIds: [eksSecurityGroup.id]
}
});
OIDC Provider
To enable IAM roles for Kubernetes service accounts, create an OIDC provider.
const oidcProvider = new aws.iam.OpenIdConnectProvider(this, ‘OIDCProvider’, {
url: `https://oidc.eks.${aws.region}.amazonaws.com/id/${eksCluster.identity.oidc.issuer}`,
clientIdLists: [‘sts.amazonaws.com’],
thumbprintLists: [‘<thumbprint>’]
});
Waiting for the Cluster to be Ready
Deploy the CDKTF stack and wait for the EKS cluster to be fully provisioned and ready.
cdktf deploy
Conclusion
Setting up an Amazon EKS cluster with CDKTF streamlines the process, allowing you to easily leverage Kubernetes and AWS’s power. Following the steps outlined in this guide, you can quickly set up a robust and scalable EKS environment ready to deploy your containerized applications.
References
Deploy a Container Web App on Amazon EKS
Continuous Integration using Jenkins and HashiCorp Terraform on Amazon EKS