How Do You Use Amazon Elastic Kubernetes Service with the CLI?

Problem scenario
You want to deploy Kubernetes to AWS.  How do you use Amazon EKS to create a cluster with the AWS CLI?

Solution
Prerequisites

i.  This assumes that your AWS CLI has been installed.  If you need assistance with this, see this posting.
ii.  This assumes that you have a role created.  If you need assistance with this, see this posting.

Procedures
The command will look something like this (replace "contint" with the name you want to give your cluster):

aws eks create-cluster --name contint --role-arn arn:aws:iam::123456789:role/contint1 --resources-vpc-config subnetIds=subnet-87cb36dd,subnet-2e1ba163,subnet-d355a3c1,securityGroupIds=sg-33e3abbe

If you need help on how to craft the above statement, read the following. (After running the command be prepared to wait 15 minutes for the cluster to be created.)

The hyperlink in prerequisite ii can help you determine the "arn.../contint1" value. 

If you do not know the role-arn value, run this query:

aws iam list-roles | jq -r '.Roles[] | select(.AssumeRolePolicyDocument.Statement[].Principal.Service=="eks.amazonaws.com")'

If you do no know what subnet IDs or security group IDs to use, try these commands if you already have an EKS cluster running:

aws eks list-clusters

aws eks describe-cluster --name contint # where "contint" is the name of the cluster that the above command produces

If you do not have EKS clusters set up yet, run these commands to find your subnet IDs and Security Group ID:

For finding the default VPC ID (for the next suggestions), use this command: aws ec2 describe-vpcs | jq -r '.Vpcs[] | select(.IsDefault)'

For finding the Subnets, say, if you know the VPC you are looking for vpc-abc123, use this command but substitute the vpc-abc123 accordingly:
aws ec2 describe-subnets | jq -r '.Subnets[] | select(.VpcId=="vpc-abc123")' | grep SubnetId

To find the security group Ids if you know the VPC you are looking for vpc-abc123, use this command but substitute the vpc-abc123 accordingly:
aws ec2 describe-security-groups | jq -r '.SecurityGroups[] | select(.VpcId=="vpc-abc123")' | grep -i groupid

If you have a simple AWS environment, these can be useful (but are not necessary if you ran the more complex commands with "jq" above):
#aws ec2 describe-subnets | grep -i subnetid
#aws ec2 describe-security-groups | grep -i groupid

aws eks --region us-east-2 update-kubeconfig --name contint #change "us-east-2" to the region of your choice

To install the AWS IAM Authenticator, run the following commands (but replace "ec2-user:ec2-user" with the username and group name of your choice):

curl -Lk https://amazon-eks.s3.us-west-2.amazonaws.com/1.17.9/2020-08-04/bin/linux/amd64/aws-iam-authenticator > /tmp/aws-iam-authenticator

# If you need a newer version in the future, go here: https://docs.aws.amazon.com/eks/latest/userguide/install-aws-iam-authenticator.html

sudo cp /tmp/aws-iam-authenticator /usr/local/bin

sudo chown ec2-user:ec2-user /usr/local/bin/aws-iam-authenticator

sudo chmod u+x /usr/local/bin/aws-iam-authenticator

If you want to create nodes, see this posting. Before you run the following command, be sure that there are two CPUs on your server (e.g., with cat /proc/cpuinfo) and be sure that Docker has been installed: sudo kubeadm init

You may want to run these commands to get flannel working such that the worker nodes are ready:

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/2140ac876ef134e0ed5af15c65e414cf26827915/Documentation/kube-flannel.yml

kubectl -n kube-system apply -f https://raw.githubusercontent.com/coreos/flannel/bc79dd1505b0c8681ece4de4c0d86c5cd2643275/Documentation/kube-flannel.yml

Finally, if the pods are not in the "Ready" state and "kubectl describe pods" shows an error about the CNI plugin not working or subnet.env not existing, you may want to log into the worker nodes and create /run/flannel/. This directory could house a copy of subnet.env. This file can sometimes be found on the worker nodes in /etc/flannel/subnet.env. The contents of the file should be as follows:

FLANNEL_NETWORK=10.244.0.0/16
FLANNEL_SUBNET=10.244.0.1/24
FLANNEL_MTU=1450
FLANNEL_IPMASQ=true  

(The file was taken from this page.)

Leave a comment

Your email address will not be published. Required fields are marked *