How Do You Use Amazon Elastic Kubernetes Service with the Web UI?

Problem scenario
You want to deploy a Kubernetes cluster in AWS.  How do you use Amazon EKS with the web UI?


i.  Optional:  It is recommended to create a separate VPC for each cluster (according to Amazon's documentation here).  If you need to create a VPC, see this posting.

ii.  You need a Linux server with kubectl installed on it.  To install kubectl, on Ubuntu Linux running in AWS, run this command:  sudo snap install kubectl --classic

To install kubectl on a CentOS/RHEL/Fedora server, follow step #1 of this posting and ignore the other steps.

iii.  Install the aws-iam-authenticator on the same Linux server with kubectl.  If you need directions, see this posting.

iv.  Mentally determine which AWS user will run the kubectl commands if one exists.  This console user account (via any one of its access key and secret key pairs) needs to be the one to create the cluster too.  Part 2 of the Procedures below will require you to have access to the web UI console of AWS with this user.  

If you need assistance creating an AWS user (and an AWS group) for this purpose, follow two sets of directions in this order: First follow the steps in this posting.  Secondly do this posting.

v.  These directions require you to configure the AWS CLI with the user account determined in the step above.  "While the AWS CLI is not explicitly required to use Amazon EKS, the update-kubeconfig command greatly simplifies the kubeconfig creation process."  Taken from Amazon's documentation.

Click here if you want directions to install the AWS CLI.  Remember to use the access key (and its secret key) when following those linked directions that are the ones associated with the user referred to in prerequisite iv (above) of these directions.

Part 1  (Performed from a web browser.)
Create the Kubernetes cluster by following this section's directions:
1.  Log into the AWS Console (in a web browser) with the same user associated with the AWS CLI (which may have one, two, or more access keys).
2.a.  Go to this URL:
2.b.  Make sure you are in the region that you want to be in (e.g., us-west-1 or Northern California).
3.  Enter a cluster name (such as "Contint"), then click "Next step."
4.  Configuring the cluster should be self-explanatory.  
    a.  If the role you want is in the drop down box, select it, then choose the subnets and security groups as you desire.  Then click the "Create" button in the lower right-hand corner.  Then skip to step #6.  If you need a role, follow substeps b through k below.  
    b.  If you need to create a Role, go here in a different tab:
    c.  Click "Create role" (a blue button).  
    d.  The type of trusted entity (at the top) should be "AWS Service" (a button like option near the top).
    e.  Click the hyperlink for "EKS".
    f.  Click "Next: Permissions" (a blue button).
    g.  Click "Next: Tag" (a blue button).  
    h.  At your option you may enter a key name.  Click the "Next: Review" blue button in the lower right-hand corner.
    i.  Type in a "Role name" in the appropriate field.  Click the "Create role" blue button in the lower right-hand corner.    
    j.  Check individual security groups as you desire.  
    k.  Click "Create" (an orange button).
5.  You may need to wait a few minutes.  While it is being created you may want to click the refresh button (a semi-circular arrow near the "Delete" button).
6.  You will need various values from this web UI screen in the next step.

Part 2  (From a Linux command prompt)
7.  From the Linux back-end run this command:  aws eks update-kubeconfig --name Contint

We recommend you run the command above, but replace "Contint" with the name of the cluster.  If you do not want to automatically create the config file, you can manually create it.  To do so, follow these directions. If you need help using a new IAM user, see this posting.

Leave a comment

Your email address will not be published. Required fields are marked *