AWS EKS Cluster Creation Guide

This is a guide to create an EKS Cluster on your AWS account, along with all the necessary IAM, VPC, subnet, security group, node group and add-on dependencies to make your cluster set-up ready for Scoutflo Deploy.

Method: Using the AWS Console

Steps:

  1. Create an IAM user (eg: ‘scoutflo-test-user’) using your AWS root account. Enable AWS Console access and create a secure password for the user. 2. IMPORTANT: Log in using the IAM user created in Step 1 (eg: ‘scoutflo-test-user’) via IAM user login with the password created in Step 1

  2. Go to the ‘Security Credentials’ section of the IAM user created in Step 1, and create an Access Key and Secret Key for the user. Assign CLI access to the keys, enter a description and copy the access key and secret key in a secure place for future use, post the creation is completed.

  3. Navigate to the Permissions section for ‘scoutflo-test-user’ and create a new policy (eg: ‘scoutflo_test_permissions’) and add the following permissions in a JSON format for that custom policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "application-autoscaling:*",
                "tag:GetResources",
                "rds:*",
                "events:PutRule",
                "logs:*",
                "es:CreateElasticsearchDomain",
                "dynamodb:*",
                "es:ListTags",
                "autoscaling:*",
                "es:AddTags",
                "events:ListRuleNamesByTarget",
                "es:DeleteElasticsearchDomain",
                "es:DescribeElasticsearchDomain",
                "kms:*",
                "events:RemoveTargets",
                "events:ListTargetsByRule",
                "cloudtrail:LookupEvents",
                "events:DescribeRule",
                "s3:*",
                "cloudformation:*",
                "sts:*",
                "elasticloadbalancing:*",
                "iam:*",
                "events:DeleteRule",
                "events:PutTargets",
                "es:RemoveTags",
                "cloudwatch:*",
                "route53:*",
                "ecs:*",
                "ecr:*",
                "ec2:*",
                "eks:*",
                "elasticache:*",
                "apigateway:*",
                "lambda:*",
                "elasticloadbalancing:*"
            ],
            "Resource": "*"
        }
    ]
}

5. Now go to IAM Roles, and create a new EKS Cluster Role (eg: ‘scoutflo-test-eks-role’) and add the AWS Managed Policy called AmazonEKSClusterPolicy to it. 6. Within IAM Roles, create a new EC2 Role (eg: ‘scoutflo-node-group-eks’) and attach the following AWS Managed Policies to it:

a. AmazonEC2ContainerRegistryReadOnly

b. AmazonEKS_CNI_Policy

c. AmazonEKSWorkerNodePolicy

  1. Select the AWS Region where you want to create your EKS cluster (eg: ‘ap-south-1’)

  2. Go to VPC Creation Page, and click on ‘Create New VPC’. Select ‘Create VPC and more’.

  3. Add Name Tag (eg: ‘scoutflo-test-vpc’) and custom Tag ‘kubernetes.io/cluster/<cluster-name>: owned’

  4. Select the ipv4 CIDR as: ‘10.0.0.0/16’ [Ideally, use the CIDR Range that is not used by any other AWS resources, and use ‘/16’ as the CIDR range identifier]

  5. Select ‘no ipv6 CIDR’ and select ‘Default Tenancy’

  6. IMPORTANT: Select no. of AZs as 3, no. of public subnets as 3, no. of private subnets as 0

  7. Add this label ‘kubernetes.io/cluster/<cluster-name>: shared’ and ‘kubernetes.io/cluster/<cluster-name>: owned’ on all the 3 subnets for sharing these subnets across multiple clusters [the ‘owned’ label should ideally be inherited by default from the VPC tags itself]

  8. Select NAT Gateways and VPC Endpoints as ‘None’ and click on ‘Create VPC’

  9. ‘Enable auto-assign public IPv4 address’ - tick this check box for all the 3 subnets created by editing the subnet settings for all the 3 subnets for the VPC created in Step 14

  10. On the VPC page, go to Security Groups and select ‘Create Security Group’

  11. Enter Security Group name (eg: ‘scoutflo-test-sg’), description and select the same VPC as the one created in Step 14 (eg: ‘scoutflo-test-vpc’)

  12. In both the inbound and outbound rules, select ‘Type’ as ‘All Traffic’, ‘Source’ and ‘Destination’ as ‘Anywhere ipv4’ and click on ‘Create Security Group’

  13. On the EKS page, go to ‘Create Cluster’ and enter cluster name (eg: ‘scoutflo-test-new’), select Kubernetes version as 1.23 [we currently do not support k8 versions > 1.23] and cluster service role as the same one created in Step 5 (eg: ‘scoutflo-test-eks-role’)

  14. Click on Next and in the Networking config, select the VPC that you created in Step 14 (eg: ‘scoutflo-test-vpc’). Select all the 3 subnets you created as part of VPC setup from the subnet dropdown, and select the Security Group created in Step 18

  15. Select ‘ipv4’ as ‘Cluster IP Address Family’ and select ‘Public’ for ‘Cluster Endpoint Access’, and click Next

  16. Click Next on ‘Configure logging’ page, Next on ‘Select add-ons’ page and Next on the ‘Configure selected add-ons settings’ page (keep all default configs and continue)

  17. Review all the details on the review page, and click on ‘Create cluster’. Wait for the cluster to be provisioned and change from ‘Creating’ to ‘Active’ state

  18. Go to ‘Compute’ section in your created cluster in Step 23 and click on ‘Add Node Group’

  19. Add Name (eg: ‘scoutflo-test-new-ng’), Node IAM group (’scoutflo-node-group-eks’) created in Step 6, disable ‘Select from Launch template’, add Tags (’kubernetes.io/cluster/<cluster-name>: owned’) and click on Next

  20. Select ‘AMI Type’ as ‘Amazon Linux 2’ (AL2_x86_64), ‘Capacity type’ as ‘On-demand’, ‘Instance Type’ as ‘t3a.large’, ‘Disk Size’ as ‘50 GiB’, ‘Node group scaling config’ (min size as 3, desired as 5, max size as 10), ‘maximum value for unavailable nodes’ as ‘1 node’ and click on Next

  21. In network config, select all 3 subnets of the created VPC in step 14 and click on Next

  22. Review all the config in the review page, and click on ‘Create’. Wait until the node group creation is completed and the status changes from ‘Creating’ to ‘Active’ state.

  23. Go to the ‘Add-ons’ section of the new cluster created in Step 23, and search for the add-on Amazon EBS CSI Driver and install it. For this add-on installation and configuration, check the following references:

    a. Create an ‘IAM OIDC Provider’ for the cluster created in Step 23 ( Ref: https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html )

    b. Create an ‘Amazon EBS CSI Driver IAM role’ for the service accounts ( Ref: https://docs.aws.amazon.com/eks/latest/userguide/csi-iam-role.html )

    c. Install the Amazon EBS CSI Driver as an add-on on the cluster created in Step 23 with the IAM role created in Step 28.b and the default add-on version. Select the Conflict Resolution Method as None. ( Ref: https://docs.aws.amazon.com/eks/latest/userguide/managing-ebs-csi.html )

  24. Finally, your AWS EKS Cluster should now be ready for deploying ‘Scoutflo Choice’ COSS applications using Scoutflo Deploy. Visit https://atlas.scoutflo.com/deploy to deploy your favourite COSS apps on your newly created AWS EKS cluster, with a few simple clicks! [Scoutflo Atlas account required]

PreviousEnhanced IaC Management with Terraform WrapperNextSteps to create an IAM user and Access Keys on AWS

Last updated