EKS Implementation Steps

Posted on July 13, 2024

Different ways to approach
1. AWS Mnagement Console
2. Eksctl utility by AWS
3. Iac (Terraform, Ansible)

Prerequisites
1. AWS account with admin privileges
2. AWS CLI access to use kubernetis utility
3. Instance to manage cluster by kubectl

Step by Step method to create the cluster
1. Signin in your account
a. Visit: https://aws.amazon.com

aws console
b. Sign in with your credentials.

AWS console

2. Create IAM role for EKS cluster

a. Click on services on the top left hand side and click on IAM

IAM Dashboard

b. Go to Roles on left hand side.

IAM dashboard

c. Creating Roles

1. Click on create roles and Search for the EKS

2. Then Select EKS cluster below

3. Next permsission

4. Select Amazon EKSCluster Policy and procees to next steps

5. Then tags are optional and then next for review

6. And write role name like eks_cluster_role and description is optional

EKS cluster role

3. Create Dedicated VPC for EKS cluster

a. Goto the Services and Click on VPC

b. You can the the one that was default VPC

VPC

c. Create the Customized VPC for EKS cluster with the help for cloud formation stack

1. Click on Services and click on cloud formation

AWS cloud formation

a. Then Click on Create Stack and Prepare template is (Template is Ready) and Specify template is choose Amazon s3 URL and write this url below https://s3.us-west-2.amazonaws.com/amazon-eks/cloudformation/2020-10-29/amazon-eks-vpc-private-subnets.yaml then click on next

Template
c. Below the stack is creating and it take time after that verify our NAT and all vpc services from VPC which is created by stack and proceed next once stack is created.

vpc stack

4. Create EKS cluster

a. Select EKS from services and provide the name like ekscluster, provide the kubernetis version and select our existing created role eks_cluster_role.

configure cluster

b. Click on the next and choose our early created VPC (created from cloudformation. You can see the name like eksvpcstack-VPC) and choose proper security group eksvpc security group which was created earlier and then select your network public, private or public and private (I choose public and private)

specify network

c. You can see Configure Logging . Control plane logging so enable the required parameters for test i am not enable anything and click on next and finally create the cluster. Image shown below for Configure Logging and wait for till the Cluster will create.

configure logging

5. Install and setup IAM authenticator and Kubectl utility

a. We need one instance to configure IAM authenticator and Kubectl utility to manage the worker node. So deploy one instance and as root in that instance follow the steps to configure the above one. So first to setup aws cli on that instance. The below Aws access and secret key will generate from IAM . See the below Image and create it

IAM dashboard

$ curl "https://s3.amazonaws.com/aws-cli/awscli-bundle.zip" -o "awscli-bundle.zip"
$ unzip awscli-bundle.zip
$ sudo ./awscli-bundle/install -i /usr/local/aws -b /usr/local/bin/aws
Add your Access Key ID and Secret Access Key to ~/.aws/config using this format:
$ aws configure
then fill your secret and access keys

[default]

aws_access_key_id = enter_your_key

aws_secret_access_key = enter_your_key

region = your region

Protect the config file:

chmod 600 ~/.aws/config

Optionally, you can set an environment variable pointing to the config file. This is especially important if you want to keep it in a non-standard location. For future convenience, also add this line to your ~/.bashrc file:

export AWS_CONFIG_FILE=$HOME/.aws/config

That should be it. Try out the following from your command prompt and if you have any s3 buckets you should see them listed:

aws s3 ls

Here is the basic AWS CLI command structure. Keep in mind that any commands you enter in the CLI will have this standard format:

aws [options and parameters*]

6. Create IAM role for EKS worker nodes

a. Once the Instance is ready then check any aws command. In my case I am checking aws iam list-user

cli

b. But for our fresh instance we are not able to run kubectl and aws-iam-authenticator command as shown on above image . So lets install it first with following commands

***********Aws-iam authenticator steps (for linux in my case)**********

$ curl -o aws-iam-authenticator https://amazon-eks.s3.us-west-2.amazonaws.com/1.19.6/2021-01-05/bin/linux/amd64/aws-iam-authenticator

$ curl -o aws-iam-authenticator.sha256 https://amazon-eks.s3.us-west-2.amazonaws.com/1.19.6/2021-01-05/bin/linux/amd64/aws-iam-authenticator.sha256

$ openssl sha1 -sha256 aws-iam-authenticator

$ chmod +x ./aws-iam-authenticator

$ mkdir -p $HOME/bin && cp ./aws-iam-authenticator $HOME/bin/aws-iam-authenticator && export PATH=$PATH:$HOME/bin

$ echo ‘export PATH=$PATH:$HOME/bin’ >> ~/.bashrc

$ aws-iam-authenticator help

*********** kubectl steps (for linux in my case and kubectl version 1.18)**********

Note:- If want other version the search for aws kubectl on google and refer first site

$ curl -o kubectl https://amazon-eks.s3.us-west-2.amazonaws.com/1.19.6/2021-01-05/bin/linux/amd64/kubectl

$ chmod +x ./kubectl $

mkdir -p $HOME/bin && cp ./kubectl $HOME/bin/kubectl && export PATH=$PATH:$HOME/bin

$ echo ‘export PATH=$PATH:$HOME/bin’ >> ~/.bashrc $ kubectl version –short –client

c. $ kubectl get svc (check our Control SVC but not work here says connection refused)

d. $ aws eks --region ap-south-1 update-kubeconfig --name ekscluster (local kubeconfig configuration set )

e. $ export KUBECONFIG=~/.kube/config

f. $ kubectl get svc (this command work here)

g. $ kubectl get nodes and $kubectl get namespace (otutput shown below)

cli

7. Create worker nodes

a. Create IAM role for worker nodes. Go to Services and Select IAM and select Roles

b. Select Ec2 and click next then select the AmazonEks_CNI policy, AmazonEKSWorkerNodePolicy,AmazonEC2ContainerRegistryReadOnly policy

c. Click next, Tags are optional and Again next and enter the name of the role in my case name is eksworkernoderole and then create the role.

eksworkermode

d. Then goto EKS service then cluster then EKS cluster and select Configuration and at bottom then select Compute

e. Click on Add node group and type name in my case eks-worker-node and select role eksworkernoderole (As we created above) and click on next

f. Now node group configuration fill all the given fields like AMI type, Capacity, Instance type and Disk Size then select min and maz size nodes click Next

g. Then specify network fields , then select the fields below shown in diagram then next and click on create. (Please create your ssh keys first)

key pair

h. Then wait for Active the state after that just fire the $ kubectl get nodes and you can see the 2 worker nodes as I mention size 2 in above step.

cli

i. Now check pods and deploy to check is there any pods or deployment are there. But this is fresh new setup so no pods and no deploy. Please see below

cli

8. Deploy our sample application

$ git clone https://github.com/vmudigal/microservices-sample.git

$ cd microservices-sample

$ mkdir yamls

$ cd yamls

$ kubectl apply -f xyz.yaml (here apply one by one all the yamls )

$ kubectl get svc

Note (All the above below ports in diagram must be open in your VPC and replace awslink with your EIP link when generated at the time of creating cluster )

And then verify

Tools:

Consul Management console: http://awslink:8500/ui/

consul

MONITORING AND VIZUALIZATION

Monitoring, visualisation & management of the container in docker is done by weave scope.

Tools: Weavescope Management Console: http://awslink:4040/

CENTRALIZED LOGGING USING ELK

Our services use Logback to create application logs and send the log data to the logging server (Logstash). Logstash formats the data and send it to the indexing server (Elasticsearch). The data stored in elasticsearch server can be beautifully visualized using Kibana.

Tools: Elasticsearch: http://awslink:9200/_search?pretty Kibana:

http://awslink:5601/app/kibana

kibana

MICROSERVICES COMMUNICATION

Intercommunication between microservices happens asynchronously with the help of RabbitMQ.

Tools: RabbitMQ Management Console: http://awslink:15672/

rabbitmq

Categories: AWS

Tags: aws, cli, consul, eks, kibana, kubernetes, kubernetes cluster, linux, rabbitmq, weavescope

EKS Implementation Steps

About Me

Follow Me:

Home Blogs EKS Implementation Steps

EKS Implementation Steps

About Me

Follow Me: