Problem scenario
You want to deploy Kubernetes to AWS. How do you use Amazon EKS to create a cluster with the AWS CLI?
Solution
Prerequisites
i. This assumes that your AWS CLI has been installed. If you need assistance with this, see this posting.
ii. This assumes that you have a role created. If you need assistance with this, see this posting.
iii. You need to have kubeadm installed. The server with it needs to have 2 vCPUs and 1.7 GB of RAM or the installation will fail. If you need assistance installing it, see this posting.
Procedures
The command will look something like this (replace "contint" with the name you want to give your cluster):
aws eks create-cluster --name contint --role-arn arn:aws:iam::123456789:role/contint1 --resources-vpc-config subnetIds=subnet-87cb36dd,subnet-2e1ba163,subnet-d355a3c1,securityGroupIds=sg-33e3abbe
If you need help on how to craft the above statement, read the following. (After running the command be prepared to wait 15 minutes for the cluster to be created.)
The hyperlink in prerequisite ii can help you determine the "arn.../contint1" value.
If you do not know the role-arn value, run this query:
aws iam list-roles | jq -r '.Roles[] | select(.AssumeRolePolicyDocument.Statement[].Principal.Service=="eks.amazonaws.com")'
If you do no know what subnet IDs or security group IDs to use, try these commands if you already have an EKS cluster running:
aws eks list-clusters
aws eks describe-cluster --name contint # where "contint" is the name of the cluster that the above command produces
If you do not have EKS clusters set up yet, run these commands to find your subnet IDs and Security Group ID:
For finding the default VPC ID (for the next suggestions), use this command: aws ec2 describe-vpcs | jq -r '.Vpcs[] | select(.IsDefault)'
For finding the Subnets, say, if you know the VPC you are looking for vpc-abc123, use this command but substitute the vpc-abc123 accordingly:
aws ec2 describe-subnets | jq -r '.Subnets[] | select(.VpcId=="vpc-abc123")' | grep SubnetId
To find the security group Ids if you know the VPC you are looking for vpc-abc123, use this command but substitute the vpc-abc123 accordingly:
aws ec2 describe-security-groups | jq -r '.SecurityGroups[] | select(.VpcId=="vpc-abc123")' | grep -i groupid
If you have a simple AWS environment, these can be useful (but are not necessary if you ran the more complex commands with "jq" above):
#aws ec2 describe-subnets | grep -i subnetid
#aws ec2 describe-security-groups | grep -i groupid
aws eks --region us-east-2 update-kubeconfig --name contint #change "us-east-2" to the region of your choice
To install the AWS IAM Authenticator, run the following commands (but replace "ec2-user:ec2-user" with the username and group name of your choice):
curl -Lk https://amazon-eks.s3.us-west-2.amazonaws.com/1.17.9/2020-08-04/bin/linux/amd64/aws-iam-authenticator > /tmp/aws-iam-authenticator
# If you need a newer version in the future, go here: https://docs.aws.amazon.com/eks/latest/userguide/install-aws-iam-authenticator.html
sudo cp /tmp/aws-iam-authenticator /usr/local/bin
sudo chown ec2-user:ec2-user /usr/local/bin/aws-iam-authenticator
sudo chmod u+x /usr/local/bin/aws-iam-authenticator
If you want to create nodes, see this posting. Before you run the following command, be sure that there are two CPUs on your server (e.g., with cat /proc/cpuinfo
) and be sure that Docker has been installed: sudo kubeadm init
You may want to run these commands to get flannel working such that the worker nodes are ready:
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/2140ac876ef134e0ed5af15c65e414cf26827915/Documentation/kube-flannel.yml
kubectl -n kube-system apply -f https://raw.githubusercontent.com/coreos/flannel/bc79dd1505b0c8681ece4de4c0d86c5cd2643275/Documentation/kube-flannel.yml
Finally, if the pods are not in the "Ready" state and "kubectl describe pods" shows an error about the CNI plugin not working or subnet.env not existing, you may want to log into the worker nodes and create /run/flannel/. This directory could house a copy of subnet.env. This file can sometimes be found on the worker nodes in /etc/flannel/subnet.env. The contents of the file should be as follows:
FLANNEL_NETWORK=10.244.0.0/16
FLANNEL_SUBNET=10.244.0.1/24
FLANNEL_MTU=1450
FLANNEL_IPMASQ=true
(The four lines above were taken from this page.)