How do I build an EKS Managed Node Group?
To build an EKS managed node group, we will define an Amazon Elastic Kubernetes Service (EKS) cluster and a managed node group within that cluster. The managed node group will automatically manage the lifecycle of the nodes, simplifying the scaling and maintenance of your Kubernetes workers.
Before we begin, we need the following resources:
- VPC: The networking layer to host our EKS cluster
- EKS Cluster: The container orchestration platform
- IAM Roles: Permissions needed for EKS to manage nodes
- Security Groups: Network access control
Here’s a detailed example:
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const main = new aws.ec2.Vpc("main", {cidrBlock: "10.0.0.0/16"});
const subnet1 = new aws.ec2.Subnet("subnet1", {
vpcId: main.id,
cidrBlock: "10.0.1.0/24",
});
const eks = new aws.ec2.SecurityGroup("eks", {vpcId: main.id});
const eksRole = new aws.iam.Role("eks_role", {
name: "eks_role",
assumeRolePolicy: JSON.stringify({
Version: "2012-10-17",
Statement: [{
Action: "sts:AssumeRole",
Principal: {
Service: "eks.amazonaws.com",
},
Effect: "Allow",
}],
}),
});
const eksAmazonEKSClusterPolicy = new aws.iam.RolePolicyAttachment("eks_AmazonEKSClusterPolicy", {
policyArn: "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
role: eksRole.name,
});
const example = new aws.eks.Cluster("example", {
name: "example-cluster",
roleArn: eksRole.arn,
vpcConfig: {
subnetIds: [subnet1.id],
},
}, {
dependsOn: [eksAmazonEKSClusterPolicy],
});
const nodeRole = new aws.iam.Role("node_role", {
name: "node_role",
assumeRolePolicy: JSON.stringify({
Version: "2012-10-17",
Statement: [{
Action: "sts:AssumeRole",
Principal: {
Service: "ec2.amazonaws.com",
},
Effect: "Allow",
}],
}),
});
const amazonEKSWorkerNodePolicy = new aws.iam.RolePolicyAttachment("AmazonEKSWorkerNodePolicy", {
policyArn: "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy",
role: nodeRole.name,
});
const exampleNodes = new aws.eks.NodeGroup("example_nodes", {
clusterName: example.name,
nodeGroupName: "example-ng",
nodeRoleArn: nodeRole.arn,
subnetIds: [subnet1.id],
scalingConfig: {
desiredSize: 2,
maxSize: 3,
minSize: 1,
},
});
export const clusterId = example.id;
export const nodeGroupId = exampleNodes.id;
This code sets up:
- A VPC and a subnet to host the EKS cluster
- Security groups for network access control
- IAM roles with policies attached for EKS and node management
- An EKS cluster with a managed node group that handles scaling and lifecycle of Kubernetes nodes
In this example, the aws_vpc
provides the network, aws_security_group
controls access, aws_iam_role
and aws_iam_role_policy_attachment
manage permissions, and aws_eks_cluster
creates the Kubernetes control plane. Lastly, the aws_eks_node_group
automatically manages EC2 instances that are part of the Kubernetes cluster.
In summary, we’ve successfully created an Amazon EKS cluster with a managed node group, using code from this markdown. Enjoy your automated Kubernetes infrastructure!
Deploy this code
Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.
Sign upNew to Pulumi?
Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.
Sign upThank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.