How to set up EKS Cluster from AWS Management Console
Using the AWS Management Console and the AWS CLI, this tutorial shows you how to create all resources needed to get started with Amazon Elastic Kubernetes Service (Amazon EKS). All resources are created manually. You will be able to deploy applications to a running Amazon EKS cluster once you complete this tutorial.
By following the instructions in this guide, you will have complete visibility into how each resource is created and how each resource interacts with others. You may choose to create your cluster and nodes using the eksctl command line interface if you would like to have the majority of these resources created automatically for you. See the article Getting started with Amazon EKS – eksctl for more information.
The following tools and resources are required before beginning this tutorial. You need to install and configure them before creating and managing an Amazon EKS cluster.
- AWS CLI – This guide requires you to use version 2.5.2 or later of the tool, even if you’re using 1.22.86. You can use this tool for working with AWS services, including Amazon EKS. In the AWS Command Line Interface User Guide, you will find more information on installing, updating, and uninstalling the AWS CLI. We recommend that you configure the AWS CLI once you’ve installed it. In the AWS Command Line Interface User Guide, you can find more information on Quick configuration with AWS configure.
- kubectl – Working with Kubernetes clusters is made easier using this command-line tool. It is recommended that you use version 1.22 or later. To find out how to install Kubectl, see Installing Kubectl.
- Required IAM permissions – You must have permissions from the IAM security principal that you are using to perform operations on AWS CloudFormation, Amazon EKS IAM roles, and a VPC and related resources. Check out the IAM User Guides Actions, resources, and condition keys for Amazon Elastic Container Service and Using service-linked roles for more information. Make sure to follow the steps in the same user account throughout.
Step 1: Create your Amazon EKS cluster
Here is a step-by-step guide for creating a cluster with default settings so that you can get up and running as quickly as possible. In order to create a cluster for your production use, we recommend familiarizing yourself with all the settings and deploying a cluster with the configuration that best meets your needs. See the Amazon EKS Cluster Creation Guide for additional information. There are certain settings that can only be enabled when the cluster is created.
To create your cluster.
- Configure Amazon VPC with private and public subnets to meet Amazon EKS requirements. In the Amazon EKS endpoints and quotas section in the AWS General Reference guide, replace region code with any supported AWS Region. For a list of supported AWS Regions, see Amazon EKS endpoints and quotas. The name you give to your eks-vpc-stack is entirely up to you.
AWS cloudformation create-stack \
--region region-code \
--stack-name my-eks-vpc-stack \
An overview of all the resources created by the previous command can be found by opening the AWS CloudFormation console found at https://console.aws.amazon.com/cloudformation. Then select the Resources tab after selecting the my-eks-vpc-stack stack.
- The Amazon EKS IAM managed policy for clusters must be added to a cluster IAM role. Amazon EKS clusters that manage your Kubernetes resources make calls to other AWS services on your behalf to gather and manage the resources for your Kubernetes clusters.
- The contents of this file should be copied into an additional file named cluster-role-trust-policy.json.
- Create the role.
|aws iam create-role \ –role-name myAmazonEKSClusterRole \ –assume-role-policy-document file://”cluster-role-trust-policy.json”
aws iam create-role \
--role-name myAmazonEKSClusterRole \
- Ensure that the role is attached with the necessary Amazon EKS managed IAM policies.
aws iam attach-role-policy \
--policy-arn arn:aws:iam::aws:policy/AmazonEKSClusterPolicy \
- Go to the Amazon EKS console by clicking https://console.aws.amazon.com/eks/home#/clusters
Ensure that you have selected the AWS Region that you wish to create your cluster in from the AWS Region list in the upper right corner of your console. If that’s not the case, pick the AWS Region you would like to use by choosing the dropdown next to the AWS Region name.
- Select Add cluster, then select Create. Alternatively, choose Amazon EKS Clusters from the left navigation pane if you don’t see this option.
- Steps to configure the cluster can be found at Configure cluster:
- Specify the name of your cluster, such as my-cluster.
- Please select myAmazonEKSClusterRole for the Cluster Service Role.
- Choose Next and leave the rest of the settings at their default values.
- Do the following on the page Specify networking:
- Click on the drop-down menu for VPC and pick the ID of the VPC that you created in the previous step. A VPC with the name vpc-00x0000x000x0x000 belongs to my-eks-vpc-stack-VPC.
- Ensure the remaining settings remain the same and click Next.
- Choosing Next on the Configure logging page is the next step.
- You can choose to Create from the Review and create a page.
For several minutes until the cluster provisioning process is complete, the cluster status is Creating next to the cluster name. You cannot proceed to the next step until the cluster status has changed to Active.
The Amazon EKS cluster might not be able to be created if one of the Availability Zones in your request does not have enough capacity. An error output with this configuration includes the Availability Zones that are capable of supporting a new cluster. Make sure you create your cluster in an Availability Zone supported for your account and with at least two subnets. Please see Insufficient capacity for more information.
Step 2: Configure your computer to communicate with your cluster
This section contains instructions on creating a kubeconfig file for your cluster. In this file, you set up settings that allow the kubectl command-line utility to communicate with your cluster.
You should configure your computer accordingly to connect to your cluster as well.
- Set up or update your cluster’s Kubernetes configuration file. If you have created your cluster in an AWS Region, replace region-code with that code. Enter the name of your cluster instead of my cluster.
AWS eks update-kubeconfig --region region-code --name my-cluster
In Kube, the cluster configuration file is stored in */.kube, or new cluster settings are added to an existing config file in ~/.kube.
- You should test your configuration.
kubectl get svc
Check the Troubleshooting section for Unauthorized or access denied (kubectl) if you receive any authorization or resource type errors.
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
svc/kubernetes ClusterIP 10.100.0.1 <none> 443/TCP 1m
Step 3: Create nodes
Here you will find instructions for creating nodes with default settings so that you can get started as quickly as possible. Our recommendations are that you familiarize yourself with all settings before creating production nodes and use the settings that meet your needs. Read about Amazon EKS nodes for more information. A few settings can only be selected during the node creation phase.
Clusters can be created with the following types of nodes. Please refer to Amazon EKS nodes for more details. Other node types can be added after your cluster has been deployed.
- Fargate – Linux – Choose this node type if you intend to use the Fargate service to run Linux applications. Pods distributed by Fargate can be deployed without managing EC2 instances in Amazon Web Services.
- Managed nodes – Linux – EC2 instances were running Amazon Linux applications should be configured for this type of node. Additionally, you can run Windows self-managed nodes and Bottlerocket nodes in your cluster, though this is not addressed here.
Creating a Fargate profile is easy. If Kubernetes pods matching the criteria defined in the profile are deployed to Fargate, these pods are placed on Fargate.
Add the IAM roles for the subnets and managed node groups that you created in the previous step into the managed node group.
Step 4: View resources
You can view your nodes and Kubernetes workloads.
To view your nodes and workloads.
- Choose the Amazon EKS Clusters option from the left navigation pane. Pick the name of the cluster you created in the list of Clusters, for example, my-cluster.
- Select the following options for my cluster:
- Overview tab – A list of the Nodes deployed as part of the cluster can be seen here. Selecting a node’s name will reveal more information about that node.
- Resources tab – In the image below, you can see all the Kubernetes resources deployed to an Amazon EKS cluster by default. You can learn more about each resource type by selecting it and viewing its deployment details.
- Select the following options for my cluster:
Step 5: Delete resources
The resources you created should be deleted after you complete the tutorial and have completed the cluster and nodes. To learn more about how you can proceed before deleting the resources, see the Next steps.
You can delete the resources created by following this guide on your own.
- Your Fargate profiles or node groups should be deleted.
- You can access the Amazon EKS console here https://console.aws.amazon.com/eks/home#/clusters
- Navigate to Amazon EKS Clusters using the left navigation pane. Choose my cluster from the list of clusters.
- Navigate to the Compute tab after selecting the Configuration tab.
- After creating a node group, select the node group my-nodegroup from the drop-down menu and choose Delete. Type my-nodegroup into the text box, and then click Delete.
- If you have created more than one Fargate profile, select each one and then click Delete. You will be asked for the profile name, and then Delete will be selected.
- For the second Fargate profile to be deleted, you may need to wait until the first one is deleted first.
- Keep from continuing until the fargate profiles and node groups have been deleted.
- Clusters must be deleted.
- Select Amazon EKS Clusters from the navigation pane on the left. Then select my-cluster from the list of clusters.
- Then click Delete cluster.
- Then enter my-cluster, and then click Delete cluster. Wait until the cluster is totally removed before continuing.
- The stack of Amazon AWS CloudFormation that you created should be deleted.
- At https://console.aws.amazon.com/cloudformation, you can view the AWS CloudFormation console.
- You can delete my-eks-vpc-stack by selecting it and then choosing Delete.
- You can delete the stack by selecting Delete stack from the confirmation dialog box.
- You must delete all IAM roles that you have created.
- You can access the IAM console here https://console.aws.amazon.com/iam/
- Navigate to the Roles section from the left navigation pane.
- Pick each role you created (myAmazonEKSSClusterRole, AmazonEKSSFargatePodExecutionRole, or myAmazonEKSNodeRole) from the list. Click Delete, type the requested confirmation text and click Delete once more.