/
Amazon Web Services - Create an EKS cluster

Amazon Web Services - Create an EKS cluster

This page offers step-by-step guidance to manually create an EKS cluster using the eksctl tool with the minimum requirements to run AGILITY in High Availability mode.

Requirements

To properly run the application, the cluster must include the following:

Prerequisites

  • eksctl

  • Helm

Create the Cluster

  1. Run the following to generate the cluster definition (adjust the zone if needed)

    export CLUSTER_NAME="demo-cluster" export AWS_REGION="us-west-2" export ACCOUNT_ID=$(aws sts get-caller-identity --output text --query Account) cat <<EOF | tee ${CLUSTER_NAME}.yaml --- apiVersion: eksctl.io/v1alpha5 kind: ClusterConfig metadata: name: ${CLUSTER_NAME} region: us-west-2 version: "1.24" availabilityZones: ["us-west-2a", "us-west-2b", "us-west-2c"] managedNodeGroups: - name: nodegroup minSize: 4 maxSize: 6 desiredCapacity: 4 instanceType: t3.2xlarge ssh: enableSsm: true # To enable all of the control plane logs, uncomment below: # cloudWatch: # clusterLogging: # enableTypes: ["*"] EOF

  2. Execute eksctl.

    eksctl create cluster -f ${CLUSTER_NAME}.yaml

You may have to wait ~10 mins before the cluster is ready.

Install AWS Load Balancer Controller

Reference: Installing the AWS Load Balancer Controller add-on - Amazon EKS.

  1. Create the policy to access LB service from K8s.

    export LBC_VERSION="v2.4.5" export LBC_CHART_VERSION="1.4.6" eksctl utils associate-iam-oidc-provider \ --region ${AWS_REGION} \ --cluster ${CLUSTER_NAME} \ --approve curl -o iam_policy.json https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/${LBC_VERSION}/docs/install/iam_policy.json aws iam create-policy \ --policy-name AWSLoadBalancerControllerIAMPolicy \ --policy-document file://iam_policy.json eksctl create iamserviceaccount \ --cluster ${CLUSTER_NAME} \ --namespace kube-system \ --name aws-load-balancer-controller \ --attach-policy-arn arn:aws:iam::${ACCOUNT_ID}:policy/AWSLoadBalancerControllerIAMPolicy \ --override-existing-serviceaccounts \ --approve

  2. Install the chart

    helm repo add eks https://aws.github.io/eks-charts helm repo update helm upgrade -i aws-load-balancer-controller \ eks/aws-load-balancer-controller \ -n kube-system \ --set clusterName=${CLUSTER_NAME} \ --set serviceAccount.create=false \ --set serviceAccount.name=aws-load-balancer-controller \ --set image.tag="${LBC_VERSION}" \ --version="${LBC_CHART_VERSION}"

  3. Check the controller is deployed

    kubectl -n kube-system rollout status deployment aws-load-balancer-controller

  4. Run a test application

    export EKS_CLUSTER_VERSION=$(aws eks describe-cluster --name ${CLUSTER_NAME} --query cluster.version --output text) if [ "`echo "${EKS_CLUSTER_VERSION} < 1.19" | bc`" -eq 1 ]; then curl -s https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.3.1/docs/examples/2048/2048_full.yaml \ | sed 's=alb.ingress.kubernetes.io/target-type: ip=alb.ingress.kubernetes.io/target-type: instance=g' \ | kubectl apply -f - fi if [ "`echo "${EKS_CLUSTER_VERSION} >= 1.19" | bc`" -eq 1 ]; then curl -s https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.3.1/docs/examples/2048/2048_full_latest.yaml \ | sed 's=alb.ingress.kubernetes.io/target-type: ip=alb.ingress.kubernetes.io/target-type: instance=g' \ | kubectl apply -f - fi

  5. Wait 3 minutes and check the URL generated by the controller.

    kubectl get ingress -A
    NAMESPACE NAME CLASS HOSTS ADDRESS PORTS AGE game-2048 ingress-2048 <none> * k8s-game2048-ingress2-bcac0b5b37-1216204772.us-west-2.elb.amazonaws.com 80 7s

From the example, the page will be available here: http://k8s-game2048-ingress2-bcac0b5b37-1216204772.us-west-2.elb.amazonaws.com.

Amazon EBS CSI driver

Reference: Amazon EBS CSI driver - Amazon EKS.

  1. Create a policy to allow EBS access.

    export EBS_CSI_POLICY_NAME="Amazon_EBS_CSI_Driver" # download the IAM policy document curl -sSL -o ebs-csi-policy.json https://raw.githubusercontent.com/kubernetes-sigs/aws-ebs-csi-driver/master/docs/example-iam-policy.json # Create the IAM policy aws iam create-policy \   --region ${AWS_REGION} \   --policy-name ${EBS_CSI_POLICY_NAME} \   --policy-document file://ebs-csi-policy.json # export the policy ARN as a variable export EBS_CSI_POLICY_ARN=$(aws --region ${AWS_REGION} iam list-policies --query 'Policies[?PolicyName==`'$EBS_CSI_POLICY_NAME'`].Arn' --output text)

  2. Configure IAM Role for Service Account.

    # Create an IAM OIDC provider for your cluster eksctl utils associate-iam-oidc-provider \   --region=$AWS_REGION \   --cluster=${CLUSTER_NAME} \   --approve # Create a service account eksctl create iamserviceaccount \   --cluster ${CLUSTER_NAME} \   --name ebs-csi-controller-irsa \   --namespace kube-system \   --attach-policy-arn $EBS_CSI_POLICY_ARN \   --override-existing-serviceaccounts \   --approve

3- Deploy the Amazon EBS CSI Driver.

# add the aws-ebs-csi-driver as a helm repo helm repo add aws-ebs-csi-driver https://kubernetes-sigs.github.io/aws-ebs-csi-driver # search for the driver helm search repo aws-ebs-csi-driver
helm upgrade --install aws-ebs-csi-driver \   --version=1.2.4 \   --namespace kube-system \   --set serviceAccount.controller.create=false \   --set serviceAccount.snapshot.create=false \   --set enableVolumeScheduling=true \   --set enableVolumeResizing=true \   --set enableVolumeSnapshot=true \   --set serviceAccount.snapshot.name=ebs-csi-controller-irsa \   --set serviceAccount.controller.name=ebs-csi-controller-irsa \   aws-ebs-csi-driver/aws-ebs-csi-driver kubectl -n kube-system rollout status deployment ebs-csi-controller

4- Run a test pod

cat <<EOF | kubectl apply -f - --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: ebs-claim spec: accessModes: - ReadWriteOnce resources: requests: storage: 5Gi --- apiVersion: v1 kind: Pod metadata: name: ebs-app spec: containers: - name: app image: centos command: ["/bin/sh"] args: ["-c", "while true; do echo $(date -u) >> /data/out; sleep 5; done"] volumeMounts: - name: persistent-storage mountPath: /data volumes: - name: persistent-storage persistentVolumeClaim: claimName: ebs-claim EOF

Agility Deployment

Follow the Operator installation steps here.

Cleaning up

1- Remove Agility workloads here.

2- Delete the resources.

kubectl delete pods ebs-app kubectl delete ns game-2048 helm delete -n kube-system aws-ebs-csi-driver aws-load-balancer-controller

3- Delete the cluster.

export CLUSTER_NAME="demo-cluster" eksctl delete cluster -f $CLUSTER_NAME.yaml

4- Delete the policies.

aws iam delete-policy --policy-arn \  $(aws iam list-policies --query 'Policies[?starts_with(PolicyName,`Amazon_EBS_CSI_Driver`)]' | jq -r '.[0].Arn') aws iam delete-policy --policy-arn \  $(aws iam list-policies --query 'Policies[?starts_with(PolicyName,`AmazonEKS_EFS_CSI_Driver_Policy`)]' | jq -r '.[0].Arn') aws iam delete-policy --policy-arn \  $(aws iam list-policies --query 'Policies[?starts_with(PolicyName,`AWSLoadBalancerControllerIAMPolicy`)]' | jq -r '.[0].Arn')