Skip to content

Elastic Kubernetes Service

AWS EKS is a managed Kubernetes service that makes it easier to run Kubernetes on AWS without needing to install and operate your own Kubernetes control plane.

EKS Setup

This command initializes the creation of an EKS cluster using eksctl, a simple CLI tool for creating and managing Kubernetes clusters on EKS:

eksctl create cluster --version 1.32 --name cluster --region us-east-2 --without-nodegroup

The command does the following:

  • Creates an EKS cluster named cluster in the us-east-2 region.
  • Specifies Kubernetes version 1.32 for the control plane.
  • Creates only the control plane (no worker nodes) using --without-nodegroup.

This setup allows for greater control, as node groups can be added and configured later.

Create AWSReservedSSO_AccountUser_ Role

Go to IAM Roles in the AWS Console and locate the full name of the role starting with AWSReservedSSO_AccountUser_.
Store this name for future use.

Create a Dedicated Key in KMS

Create a new KMS Key for encryption/decryption:

  • AWS Key Management Service (KMS) allows you to create and manage cryptographic keys for your applications and services.
  • You will create a symmetric key, ideal for encryption/decryption of secrets, volumes, and other resources.

Step-by-step Configuration

  1. Configure Key
  2. Key Type: Symmetric

  3. Key Usage: Encrypt and Decrypt

  4. Add Labels

  5. Display Name: flexSimmetricKey

  6. Define Key Administrative Permissions

  7. Key Administrators: Select the IAM role named AWSReservedSSO_AccountUser_

  8. Define Key Usage Permissions

  9. Key Users: Add the role AWSServiceRoleForAutoScaling

Once created, keep track of the Key ID — it will be needed by services using encryption.
Example format:

41613329-c2ba-4d7f-a274-c470d8918424

Create the Node Group

After the EKS control plane is up, add a node group (EC2 worker nodes) with the following:

eksctl create nodegroup --config-file=cluster-nodeGroup.yaml

eksctl will create a managed node group based on the YAML configuration.

Sample cluster-nodeGroup.yaml

cluster-nodeGroup.yaml
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig

metadata:
  name: cluster
  region: us-east-2

nodeGroups:
  - name: node-group
    instanceType: t3.medium
    desiredCapacity: 2
    minSize: 1
    maxSize: 3
    volumeSize: 20
    ssh:
      allow: true
      publicKeyName: my-ec2-keypair
    labels:
      role: worker
    tags:
      nodegroup-role: worker
    iam:
      withAddonPolicies:
        autoScaler: true
        ebs: true
        albIngress: true

After creation, check node status:

kubectl get nodes -o wide

Add Ingress Controller to Cluster

An Ingress Controller manages HTTP/HTTPS access to Kubernetes services.

  1. Add the official ingress-nginx Helm repo:
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
  1. Create a namespace for the ingress controller:
kubectl create namespace nginx-ingress
  1. Install the ingress-nginx controller:
helm install ingress-nginx ingress-nginx/ingress-nginx -n nginx-ingress
  1. Confirm the deployment:
kubectl get svc -n nginx-ingress

You can now expose services using Ingress resources managed by the NGINX controller.