Deploying an EKS Cluster on AWS with CDKTF

Introduction to Amazon EKS

Amazon Elastic Kubernetes Service (EKS) is a managed service that simplifies containerized applications’ deployment, management, and scalability using Kubernetes on AWS. EKS automates many complex tasks of managing Kubernetes, allowing developers to focus on building and deploying applications.

What is Amazon EKS?

Amazon EKS is a fully managed Kubernetes service that provides a scalable and highly available environment for deploying containerized applications. It eliminates the need to manage the Kubernetes control plane, enabling users to focus on deploying and managing their applications.

Key Features of Amazon EKS

Managed Kubernetes Control Plane: EKS automatically manages the availability and scalability of the Kubernetes control plane.
Integration with AWS Services: Seamless integration with other AWS services such as IAM, VPC, CloudWatch, and more.
Security and Compliance: Built-in security features, including IAM roles for service accounts, encryption, and compliance with various regulatory requirements.
High Availability: EKS runs across multiple AWS availability zones, ensuring high availability and fault tolerance.
Scalability: Automatically scales the Kubernetes control plane and nodes to meet the demands of your applications.

Prerequisites

Before setting up an EKS cluster using CDKTF (Cloud Development Kit for Terraform), ensure you have the following:

An AWS account
AWS CLI installed and configured
Terraform installed
CDKTF installed
Basic knowledge of Kubernetes and AWS

VPC Setup

To set up networking for your EKS cluster, you need a virtual private cloud (VPC), including subnets, route tables, and internet gateways.

import * as cdktf from ‘cdktf’;

import { Vpc, Subnet, RouteTable, RouteTableAssociation, InternetGateway, SecurityGroup, SecurityGroupRule } from ‘./.gen/modules/vpc’;

const vpc = new Vpc(this, ‘EKS-VPC’, {

name: ‘eks-vpc’,

cidr: ‘10.0.0.0/16’,

azs: [‘us-west-2a’, ‘us-west-2b’],

publicSubnets: [‘10.0.1.0/24’, ‘10.0.2.0/24’],

privateSubnets: [‘10.0.3.0/24’, ‘10.0.4.0/24’],

enableDnsHostnames: true,

enableDnsSupport: true,

});

Creating an EKS Cluster using CDKTF

IAM Role and Security Group Creation

IAM roles and security groups are essential for controlling access and ensuring the security of your EKS cluster.

const eksRole = new aws.iam.Role(this, ‘EKSRole’, {

assumeRolePolicy: JSON.stringify({

Version: “2012-10-17”,

Statement: [{

Action: “sts:AssumeRole”,

Principal: { Service: “eks.amazonaws.com” },

Effect: “Allow”,

Sid: “”

}]

})

});

const eksSecurityGroup = new aws.ec2.SecurityGroup(this, ‘EKSSecurityGroup’, {

vpcId: vpc.id,

description: ‘EKS security group’,

ingress: [{

fromPort: 443,

toPort: 443,

protocol: ‘tcp’,

cidrBlocks: [‘0.0.0.0/0’]

}],

egress: [{

fromPort: 0,

toPort: 0,

protocol: ‘-1’,

cidrBlocks: [‘0.0.0.0/0’]

}]

});

Building the EKS Cluster

const eksCluster = new aws.eks.Cluster(this, ‘EKSCluster’, {

name: ‘my-eks-cluster’,

roleArn: eksRole.arn,

vpcConfig: {

subnetIds: vpc.privateSubnets.map(subnet => subnet.id),

securityGroupIds: [eksSecurityGroup.id]

}

});

OIDC Provider

To enable IAM roles for Kubernetes service accounts, create an OIDC provider.

const oidcProvider = new aws.iam.OpenIdConnectProvider(this, ‘OIDCProvider’, {

url: `https://oidc.eks.${aws.region}.amazonaws.com/id/${eksCluster.identity.oidc.issuer}`,

clientIdLists: [‘sts.amazonaws.com’],

thumbprintLists: [‘<thumbprint>’]

});

Waiting for the Cluster to be Ready

Deploy the CDKTF stack and wait for the EKS cluster to be fully provisioned and ready.

cdktf deploy

Conclusion

Setting up an Amazon EKS cluster with CDKTF streamlines the process, allowing you to easily leverage Kubernetes and AWS’s power. Following the steps outlined in this guide, you can quickly set up a robust and scalable EKS environment ready to deploy your containerized applications.