How To create a Fargate profile into EKS

The process for creating a Fargate account is as follows:

You first need to create an IAM role and attach the required Amazon EKS IAM managed policy to this role. You need to call AWS APIs on your behalf when your cluster creates pods on Fargate infrastructure. The components running on Fargate infrastructure need to call AWS APIs on your behalf. For this reason, they can perform actions such as pulling container images from Amazon ECR or routing logs to other Amazon Web Services. The Amazon EKS pod execution role provides the IAM permissions to perform this operation.

To begin with, you will need to copy the following contents into a file named pod-execution-role-trust-policy.json. Where region-code refers to the AWS Region in which the cluster resides. You can use the same role across all AWS Regions in your account if you replace the region code with *. Please replace 111122223333 with your account ID and my-cluster with the name of your cluster. If you want the same role to be assigned to all clusters in your account, replace my-cluster with *.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Condition": {
        "ArnLike": {
            "aws:SourceArn": "arn:aws:eks:region-code:111122223333:fargateprofile/my-cluster/*"
        }
      },
      "Principal": {
        "Service": "eks-fargate-pods.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

B – Create an IAM role for pod execution.

aws iam create-role \

  --role-name AmazonEKSFargatePodExecutionRole \

  --assume-role-policy-document file://"pod-execution-role-trust-policy.json"

C – You will need to attach the required Amazon EKS managed IAM policy to the role.

2 – You can open the Amazon EKS console by going to the following URL:  https://console.aws.amazon.com/eks/home#/clusters

3 – Select the my-cluster cluster from the list of clusters that appears on the Clusters page.   

4 – Do the following on the page for my cluster:

1. Go to the Configuration tab and select it.
2.  Then, choose the Calculate tab.   
3.  Select the Add a Fargate Profile option under Fargate Profiles.

5 – The following should be done on the Configure Fargate Profile page:   

1. In the Name field, you should enter a unique name for your Fargate profile, such as my profile.
2. Choose the AmazonEKSFargatePodExecutionRole you created in a previous step as the Pod execution role.
3. You need to select the Subnets dropdown and deselect any subnets that have the name Public in them.
4. For pods on Fargate that are running on private subnets, only private subnets are supported.
5. Click on the Next button.

6. When you are on the Configure pod selection page, do the following::

1. For Namespace, enter default.
2. Choose Next.

7 Review the information for your Fargate profile on the Review and Create page and then click on Create.   

8 Within a few minutes, the Status of the Fargate profile will change from Creating to Active in the configuration section. Do not proceed to the next step until the Status has changed from Creating to Active.   

9 In the case of deploying all pods to Fargate (no nodes in Amazon EC2), you must follow the instructions below to create another Fargate profile and run the default name resolver (CoreDNS) on Fargate.

Note

If you do not do this, you will not have any nodes.

1. Go to the Fargate Profile page and select My Profile.
2. The Add Fargate Profile option can be found under the Fargate profiles section.
3. Enter CoreDNS in the Name field.
4. You can choose the AmazonEKSFargatePodExecutionRole that you created in the previous step as the Pod execution role.
5. Ensure that the Subnets dropdown is selected and that any subnets with Public in their names are deselected. Private subnets are the only ones supported for pods that are running on Fargate.
6. Choose Next.
7. Enter Kube-system as the Namespace in the field.
8. Then choose Match labels, and then choose Add labels.
9. Please enter the k8s-app for the key and the Kube-DNS for the value. This is a requirement for the default name resolver (CoreDNS) deployed to Fargate.
10. Choose Next.
11. You will be taken to the Review and Create page, where you will be able to review the information for your Fargate profile and then choose to Create.
12. If you would like to remove the default eks.amazonaws.com/compute-type : ec2 annotation from CoreDNS pods, please run the following command.
    

kubectl patch deployment coredns \

    -n kube-system \

    --type json \

    -p='[{"op": "remove", "path": "/spec/template/metadata/annotations/eks.amazonaws.com~1compute-type"}]'

Note

Based on the Fargate profile label you have added, the system creates and deploys two nodes. As node groups don't apply to Fargate nodes, you won't see anything listed in the Node Groups section. However, you will notice the new nodes listed under the Overview section.