1. Answers
  2. Building an EKS Managed Node Group with Pulumi

How do I build an EKS Managed Node Group?

To build an EKS managed node group, we will define an Amazon Elastic Kubernetes Service (EKS) cluster and a managed node group within that cluster. The managed node group will automatically manage the lifecycle of the nodes, simplifying the scaling and maintenance of your Kubernetes workers.

Before we begin, we need the following resources:

  • VPC: The networking layer to host our EKS cluster
  • EKS Cluster: The container orchestration platform
  • IAM Roles: Permissions needed for EKS to manage nodes
  • Security Groups: Network access control

Here’s a detailed example:

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const main = new aws.ec2.Vpc("main", {cidrBlock: "10.0.0.0/16"});
const subnet1 = new aws.ec2.Subnet("subnet1", {
    vpcId: main.id,
    cidrBlock: "10.0.1.0/24",
});
const eks = new aws.ec2.SecurityGroup("eks", {vpcId: main.id});
const eksRole = new aws.iam.Role("eks_role", {
    name: "eks_role",
    assumeRolePolicy: JSON.stringify({
        Version: "2012-10-17",
        Statement: [{
            Action: "sts:AssumeRole",
            Principal: {
                Service: "eks.amazonaws.com",
            },
            Effect: "Allow",
        }],
    }),
});
const eksAmazonEKSClusterPolicy = new aws.iam.RolePolicyAttachment("eks_AmazonEKSClusterPolicy", {
    policyArn: "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
    role: eksRole.name,
});
const example = new aws.eks.Cluster("example", {
    name: "example-cluster",
    roleArn: eksRole.arn,
    vpcConfig: {
        subnetIds: [subnet1.id],
    },
}, {
    dependsOn: [eksAmazonEKSClusterPolicy],
});
const nodeRole = new aws.iam.Role("node_role", {
    name: "node_role",
    assumeRolePolicy: JSON.stringify({
        Version: "2012-10-17",
        Statement: [{
            Action: "sts:AssumeRole",
            Principal: {
                Service: "ec2.amazonaws.com",
            },
            Effect: "Allow",
        }],
    }),
});
const amazonEKSWorkerNodePolicy = new aws.iam.RolePolicyAttachment("AmazonEKSWorkerNodePolicy", {
    policyArn: "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy",
    role: nodeRole.name,
});
const exampleNodes = new aws.eks.NodeGroup("example_nodes", {
    clusterName: example.name,
    nodeGroupName: "example-ng",
    nodeRoleArn: nodeRole.arn,
    subnetIds: [subnet1.id],
    scalingConfig: {
        desiredSize: 2,
        maxSize: 3,
        minSize: 1,
    },
});
export const clusterId = example.id;
export const nodeGroupId = exampleNodes.id;

This code sets up:

  • A VPC and a subnet to host the EKS cluster
  • Security groups for network access control
  • IAM roles with policies attached for EKS and node management
  • An EKS cluster with a managed node group that handles scaling and lifecycle of Kubernetes nodes

In this example, the aws_vpc provides the network, aws_security_group controls access, aws_iam_role and aws_iam_role_policy_attachment manage permissions, and aws_eks_cluster creates the Kubernetes control plane. Lastly, the aws_eks_node_group automatically manages EC2 instances that are part of the Kubernetes cluster.

In summary, we’ve successfully created an Amazon EKS cluster with a managed node group, using code from this markdown. Enjoy your automated Kubernetes infrastructure!

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up