How Do You Create Nodes for EKS That Are Accessible to Log in?

Problem scenario
You want to create EC-2 instances (nodes) for Kubernetes in AWS using EKS. You want to be able to connect to them or log into them for the sake of troubleshooting. You want to configure the Kubernetes nodes to use a .pem or .ppk file for SSHing into them. You analyzed the create node group documentation on the internet, but found a vague reference to a --remote-access flag and a ec2Sshkey pointing to a string. You want to provide an identifier or otherwise supply credentials when the nodes are created. What do you do to have the aws eks commands create underlying EC-2 servers for Kubernetes nodes that can be logged into [for the purpose of troubleshooting the kubelet etc.]?

Solution
Prerequisites
i. This assumes you have an EKS cluster already created -- even though it may have no nodes yet. If you need help with this, see this posting if you want to use the CLI or this posting if you want to use the GUI.

ii. This assumes you have installed and configured the AWS CLI. If you need help with this, see this posting.

Procedures
Run a command like this:

aws eks create-nodegroup --cluster-name cnfoo --nodegroup-name "ngbar" --subnets subnet-0abcd1234 --node-role arn:aws:iam::123456:role/romeo --remote-access ec2SshKey=juliet,sourceSecurityGroups=sg-01234abcd,sg-9876zxy

# replace "cnfoo" with the name of the EKS cluster that has already been created.
# replace "ngbar" with the name you want to give to this new node group.

# replace "subnet-0abcd1234" with a subnet.  For ease of setting it up, you may want to configure the subnet to  
# automatically proved a public IP address.  In the AWS GUI, you would just modify the subnet.  It is easy to do this.

# replace "arn:aws:iam::123456:role/romeo" with the ARN of the role for the nodes.  If you need help, see this posting. 

# replace "juliet" with the key pair name that AWS has to log in.  For example, when you create an EC-2 instance, you are asked what key pair to choose.  This name (not any other string) is used where "juliet" is in the example command above.  
# To find the "juliet" value, run this command: aws ec2 describe-key-pairs | grep KeyName

# replace "sg-01234abcd" with a security group ID of your choice
# either delete or replace "sg-9876zxy" with a security group ID of your choice

Leave a comment

Your email address will not be published. Required fields are marked *