Deploy a Container Web App on Amazon EKS
GETTING STARTED GUIDE
Module 1: Create an EKS Cluster
In this module, you will learn how to create an Amazon EKS cluster
Introduction
Before we deploy the containerized application, we need to create a Kubernetes cluster. We will be using Amazon EKS to create the cluster. In this guide, the Amazon EKS cluster consists of a control plane and using Amazon EC2 as worker nodes. To create the Kubernetes cluster, we're going to use AWS CDK. AWS CDK provides flexibility to enable provisioning of a Kubernetes cluster in a predictable and repeatable manner.
What You Will Learn
- Building AWS CDK application to create Amazon EKS cluster with Amazon EC2 as worker nodes
- Testing and performing basic operation to Kubernetes cluster
Time to Complete
10 minutes
Module Prereqs
- AWS Account with administrator-level access**
- Recommended browser: The latest version of Chrome or Firefox
[**]Accounts created within the past 24 hours might not yet have access to the services required for this tutorial.
Implementation
Once that you have defined the IAM role, and EKS cluster, the next step is to deploy the CDK stack. Before you do that, you need to configure CDK to know which Account ID and region to use by changing eks/cluster/app.py and uncommenting line 24:
Build AWS CDK Application
In this step, you will prepare your work folders. You will create two different folders within the root folder eks. The first folder, k8s-cluster, is for cluster creation and will host your CDK code to create it. The second folder, cdk8s, will contain the code to create and deploy your application to the cluster using cdk8s. Create the directories, and create your CDK project using Python by running:
mkdir eks
cd eks
mkdir cluster cdk8s
cd cluster
cdk init app --language=pythonThis will create the skeleton CDK app, with some useful command outputs:
cdk init app --language=python
Applying project template app for python
# Welcome to your CDK Python project!
This is a blank project for Python development with CDK.
The `cdk.json` file tells the CDK Toolkit how to execute your app.
...
To add additional dependencies, for example other CDK libraries, just add
them to your `setup.py` file and rerun the `pip install -r requirements.txt`
command.
## Useful commands
* `cdk ls` list all stacks in the app
* `cdk synth` emits the synthesized CloudFormation template
* `cdk deploy` deploy this stack to your default AWS account/region
* `cdk diff` compare deployed stack with current state
* `cdk docs` open CDK documentation
Enjoy!
Please run 'python3 -m venv .venv'!
Executing Creating virtualenv...Please make sure to run python3 -m venv .venv afterwards.
There are 2 main resources that you need to create in this module, the Amazon EKS cluster and AWS IAM role. By creating an IAM role and attaching it to the cluster, it will grant the systems:masters privileges. In order to do that, we need to add the aws_cdk.aws-iam and aws_cdk.aws-eks libraries into our CDK application. The aws_cdk.aws-ec2 and pyyaml are required libraries for deployment step. You need to ensure that you use the libraries that match your version of CDK, to check CDK's version, run cdk --version:
cdk --version
1.121.0 (build 026cb8f)Using the version number shown, open eks/cluster/requirements.txt and append following lines:
aws_cdk.core==1.121.0
aws_cdk.aws-iam==1.121.0
aws_cdk.aws-eks==1.121.0
aws_cdk.aws_ec2==1.121.0
pyyamlTo install these libraries, run pip3 install -r requirements.txt.
Creating a new VPC is best practice for building a Kubernetes cluster using EKS, and you can read more about this in the documentation. For this guide, you will be using the default VPC provided with each new account to simplify the deployment. To create your EKS cluster, open eks/cluster/cluster_stack.py and add following lines:
from aws_cdk import core as cdk
from aws_cdk import aws_iam as iam
from aws_cdk import aws_eks as eks
from aws_cdk import aws_ec2 as ec2
class ClusterStack(cdk.Stack):
def __init__(self, scope: cdk.Construct, construct_id: str, **kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
# Look up the default VPC
vpc = ec2.Vpc.from_lookup(self, id="VPC", is_default=True)
# Create master role for EKS Cluster
iam_role = iam.Role(self, id=f"{construct_id}-iam",
role_name=f"{construct_id}-iam", assumed_by=iam.AccountRootPrincipal())
# Creating Cluster with EKS
eks_cluster = eks.Cluster(
self, id=f"{construct_id}-cluster",
cluster_name=f"{construct_id}-cluster",
vpc=vpc,
vpc_subnets=vpc.public_subnets,
masters_role=iam_role,
default_capacity_instance=ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.MICRO),
version=eks.KubernetesVersion.V1_20,
)Once that you have defined the IAM role, and EKS cluster, the next step is to deploy the CDK stack. Before you do that, you need to configure CDK to know which Account ID and region to use by changing eks/cluster/app.py and uncommenting line 24:
env=core.Environment(account=os.getenv('CDK_DEFAULT_ACCOUNT'), region=os.getenv('CDK_DEFAULT_REGION')),This will use the Account ID and region configured in the AWS CLI. Before you can use CDK, it needs to be bootstrapped - this will create the required infrastructure for CDK to manage infrastructure in your account. To bootstrap CDK, run cdk bootstrap. You should see output similar to:
cdk bootstrap
#output
⏳ Bootstrapping environment aws://0123456789012/<region>...
✅ Environment aws://0123456789012/<region> bootstrappedOnce the bootstrapping has completed, you will run cdk deploy to deploy the cluster.
cdk deployYou should see output similar to the following:
CDK will prompt you before creating the infrastructure as it is creating infrastructure that changes security configuration - in your case, by creating IAM roles and security groups. Press y and then hit enter to deploy. CDK will now set up all the infrastructure you defined, and it will take a few minutes to complete.
If everything went successfully, you will get following results at the end of the execution:
✅ ClusterStack
Outputs:
ClusterStack.ClusterStackclusterConfigCommand1CAA6E63 = aws eks update-kubeconfig --name ClusterStack-cluster --region eu-west-1 --role-arn arn:aws:iam::0123456789012:role/ClusterStack-iam
ClusterStack.ClusterStackclusterGetTokenCommand010D10BE = aws eks get-token --cluster-name ClusterStack-cluster --region eu-west-1 --role-arn arn:aws:iam::0123456789012:role/ClusterStack-iam
ClusterStack.ClusterStackoutclusterName = ClusterStack-cluster
ClusterStack.ClusterStackouteksSgId = sg-08b0517c72f0e2696
ClusterStack.ClusterStackoutkubectlRoleArn = arn:aws:iam::0123456789012:role/ClusterStack-ClusterStackclusterCreationRole9D9F21-29ZO9XWJLC4Q
ClusterStack.ClusterStackoutoidcArn = arn:aws:iam::0123456789012:oidc-provider/oidc.eks.eu-west-1.amazonaws.com/id/168AAF8C86B3F46909C6014D942FD39C
ClusterStack.ClusterStackoutvpcAz = ['eu-west-1a', 'eu-west-1b', 'eu-west-1c']
ClusterStack.ClusterStackoutvpcId = vpc-b8e25ec1
Stack ARN:
arn:aws:cloudformation:eu-west-1:0123456789012:stack/ClusterStack/91f4c430-1225-11ec-bb6c-027a967aed43You will see 3 warnings printed out similar to:
[Warning at /ClusterStack/ClusterStack-cluster] Could not auto-tag public subnet subnet-3a618f43 with "kubernetes.io/role/elb=1", please remember to do this manually
This guide uses Kubernetes 1.20, and subnet tagging was only used prior to 1.19, so you can safely ignore these warnings. Your cluster is now ready. To operate your cluster, you need to update the Kubernetes configuration (kubeconfig) to point to it so that the kubectl command will work. Copy the ConfigCommand from your terminal output and execute it, it should look something like this:
aws eks update-kubeconfig --name ClusterStack-cluster --region eu-west-1 --role-arn arn:aws:iam::0123456789012:role/ClusterStack-iam
Added ew context arn:aws:eks:eu-west-1:0123456789012:cluster/ClusterStack-cluster to /home/ubuntu/.kube/config
To confirm that everything is configured correctly, run kubectl get all to confirm, you should see the following:
kubectl get all
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP xxx.xxx.xxx.xxx <none> 443/TCP 15m
Conclusion
In this module, we covered created an Amazon EKS cluster using the CLI. In the next module, we will install and learn about CDK8s.
Up Next: Install CDK8s