How do I build an AWS EKS cluster?
Creating an Amazon EKS (Elastic Kubernetes Service) cluster involves several steps to ensure that the necessary infrastructure is set up and configured correctly. Here’s a detailed look at how to do this:
Overview
- VPC Configuration: Set up a Virtual Private Cloud (VPC) where your EKS cluster will reside.
- EKS Cluster Configuration: Define the EKS cluster itself.
- Node Group Setup: Create a managed node group for the EKS cluster.
- Output Configuration: Export essential information for future reference.
Steps and Resources
- VPC: We’ll create a VPC with public subnets for our EKS cluster.
- Security Groups: Define security groups to allow the necessary traffic within the VPC.
- IAM Roles: Necessary IAM roles and policies for the EKS cluster and node group.
- EKS Cluster: Define the EKS cluster.
- Node Group: Set up the EKS managed node group that will join the cluster.
Program
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const eksVpc = new aws.ec2.Vpc("eks_vpc", {
cidrBlock: "10.0.0.0/16",
tags: {
Name: "eks-vpc",
},
});
const eksSubnet: aws.ec2.Subnet[] = [];
for (const range = {value: 0}; range.value < 2; range.value++) {
eksSubnet.push(new aws.ec2.Subnet(`eks_subnet-${range.value}`, {
vpcId: eksVpc.id,
cidrBlock: [
"10.0.1.0/24",
"10.0.2.0/24",
][range.value],
availabilityZone: [
"us-west-2a",
"us-west-2b",
][range.value],
tags: {
Name: `eks-subnet-${range.value}`,
},
}));
}
const eksClusterSg = new aws.ec2.SecurityGroup("eks_cluster_sg", {
vpcId: eksVpc.id,
tags: {
Name: "eks-cluster-sg",
},
});
const eksClusterRole = new aws.iam.Role("eks_cluster_role", {
name: "eksClusterRole",
assumeRolePolicy: JSON.stringify({
Version: "2012-10-17",
Statement: [{
Effect: "Allow",
Principal: {
Service: "eks.amazonaws.com",
},
Action: "sts:AssumeRole",
}],
}),
});
const eksClusterPolicy = new aws.iam.RolePolicyAttachment("eks_cluster_policy", {
role: eksClusterRole.name,
policyArn: "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
});
const eksCluster = new aws.eks.Cluster("eks_cluster", {
name: "my-cluster",
roleArn: eksClusterRole.arn,
vpcConfig: {
subnetIds: eksSubnet.map(__item => __item.id),
},
}, {
dependsOn: [eksClusterPolicy],
});
const eksNodeGroupRole = new aws.iam.Role("eks_node_group_role", {
name: "eksNodeRole",
assumeRolePolicy: JSON.stringify({
Version: "2012-10-17",
Statement: [{
Effect: "Allow",
Principal: {
Service: "ec2.amazonaws.com",
},
Action: "sts:AssumeRole",
}],
}),
});
const eksWorkerNodePolicy = new aws.iam.RolePolicyAttachment("eks_worker_node_policy", {
role: eksNodeGroupRole.name,
policyArn: "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy",
});
const eksCniPolicy = new aws.iam.RolePolicyAttachment("eks_cni_policy", {
role: eksNodeGroupRole.name,
policyArn: "arn:aws:iam::aws:policy/AmazonEKSCNIPolicy",
});
const eksRegistryPolicy = new aws.iam.RolePolicyAttachment("eks_registry_policy", {
role: eksNodeGroupRole.name,
policyArn: "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly",
});
const eksNodeGroup = new aws.eks.NodeGroup("eks_node_group", {
clusterName: eksCluster.name,
nodeGroupName: "my-node-group",
nodeRoleArn: eksNodeGroupRole.arn,
subnetIds: eksSubnet.map(__item => __item.id),
scalingConfig: {
desiredSize: 2,
maxSize: 3,
minSize: 1,
},
}, {
dependsOn: [
eksWorkerNodePolicy,
eksCniPolicy,
eksRegistryPolicy,
],
});
export const eksClusterName = eksCluster.name;
export const eksClusterEndpoint = eksCluster.endpoint;
export const eksClusterArn = eksCluster.arn;
export const eksNodeRoleArn = eksNodeGroupRole.arn;
Summary
In this setup, we defined and created a VPC with subnets, IAM roles and policies required for managing the EKS cluster, the EKS cluster itself, and a node group. Imports at the end make it easier to verify and use the created EKS cluster and its associated components. This setup ensures that the infrastructure is correctly configured to run an EKS Kubernetes cluster in AWS.
Deploy this code
Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.
Sign upNew to Pulumi?
Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.
Sign upThank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.