Software Engineering

How do you create an EKS cluster using CloudFormation


The steps to achieve this

To create an Amazon Elastic Kubernetes Service (EKS) cluster using CloudFormation, you can follow these steps:

  1. Create a CloudFormation template: Start by creating a CloudFormation template in YAML or JSON format. This template will define the resources required for your EKS cluster, including the cluster itself, worker nodes, and other necessary components.

  2. Define the EKS cluster resource: Within your CloudFormation template, define an AWS::EKS::Cluster resource. Specify the desired configuration for your EKS cluster, such as the version, name, and role-based access control (RBAC) configuration.

  3. Define the worker node resources: Next, define the worker node resources in your CloudFormation template. This can be done using AWS::AutoScaling::AutoScalingGroup and AWS::EC2::LaunchTemplate resources. Specify the desired instance type, AMI, and other configurations for your worker nodes.

  4. Define the necessary IAM roles and policies: EKS requires several IAM roles and policies for its operation. In your CloudFormation template, define the necessary IAM roles and policies using AWS::IAM::Role and AWS::IAM::Policy resources. These roles will grant permissions to your EKS cluster and worker nodes to interact with other AWS services.

  5. Add any additional resources or configurations: Depending on your specific requirements, you may need to include additional resources or configurations in your CloudFormation template. For example, you might want to provision a VPC, subnets, security groups, or configure networking settings.

  6. Launch the CloudFormation stack: Once your CloudFormation template is ready, you can launch a CloudFormation stack using the AWS Management Console, AWS CLI, or AWS SDKs. Provide the CloudFormation template file, specify any required parameters, and initiate the stack creation process.

  7. Monitor the stack creation: CloudFormation will create and provision the necessary resources according to your template. You can monitor the progress of the stack creation in the CloudFormation console or use the AWS CLI or SDKs to check the stack status.

  8. Access your EKS cluster: After the CloudFormation stack creation is complete, you can access your EKS cluster using the AWS Management Console, AWS CLI, or Kubernetes command-line tools (kubectl). You will typically need the cluster name and appropriate credentials to authenticate and interact with the cluster.

By following these steps, you can create an EKS cluster using CloudFormation and define the necessary resources and configurations to meet your specific requirements.

The code to achieve this

Here’s an example CloudFormation template in YAML format that you can use to create an EKS cluster with worker nodes:

AWSTemplateFormatVersion: "2010-09-09"
Parameters:
  ClusterName:
    Type: String
    Description: Name of the EKS cluster
  WorkerNodeGroupName:
    Type: String
    Description: Name of the worker node group
  VpcId:
    Type: AWS::EC2::VPC::Id
    Description: ID of the VPC where the cluster will be created
  SubnetIds:
    Type: List<AWS::EC2::Subnet::Id>
    Description: List of subnet IDs in different availability zones
  KeyName:
    Type: AWS::EC2::KeyPair::KeyName
    Description: Name of an existing EC2 key pair for SSH access to worker nodes
Resources:
  EKSCluster:
    Type: AWS::EKS::Cluster
    Properties:
      Name: !Ref ClusterName
      ResourcesVpcConfig:
        SecurityGroupIds:
          - !Ref ClusterSecurityGroup
        SubnetIds: !Ref SubnetIds
  ClusterSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: EKS cluster security group
      VpcId: !Ref VpcId
  NodeInstanceProfile:
    Type: AWS::IAM::InstanceProfile
    Properties:
      Roles:
        - !Ref NodeInstanceRole
  NodeInstanceRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service: ec2.amazonaws.com
            Action: sts:AssumeRole
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
        - arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
        - arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly
  NodeAutoScalingGroup:
    Type: AWS::AutoScaling::AutoScalingGroup
    Properties:
      AutoScalingGroupName: !Ref WorkerNodeGroupName
      VPCZoneIdentifier: !Ref SubnetIds
      MinSize: 1
      MaxSize: 3
      DesiredCapacity: 2
      LaunchConfigurationName: !Ref NodeLaunchConfig
      Tags:
        - Key: kubernetes.io/cluster/${ClusterName}
          Value: "owned"
          PropagateAtLaunch: true
  NodeLaunchConfig:
    Type: AWS::AutoScaling::LaunchConfiguration
    Properties:
      ImageId: ami-xxxxxxxxxxxxxx  # Specify the appropriate worker node AMI ID for your region
      InstanceType: t3.medium     # Specify the desired worker node instance type
      IamInstanceProfile: !Ref NodeInstanceProfile
      SecurityGroups:
        - !Ref NodeSecurityGroup
      KeyName: !Ref KeyName
  NodeSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: EKS worker node security group
      VpcId: !Ref VpcId
Outputs:
  ClusterName:
    Description: EKS cluster name
    Value: !Ref ClusterName
  ClusterEndpoint:
    Description: EKS cluster endpoint
    Value: !GetAtt EKSCluster.Endpoint
  WorkerNodeGroupName:
    Description: EKS worker node group name
    Value: !Ref WorkerNodeGroupName

In this template, you can replace ami-xxxxxxxxxxxxxx with the appropriate AMI ID for your region and specify the desired instance type (t3.medium in the example). Also, make sure to provide valid values for other parameters such as ClusterName, WorkerNodeGroupName, VpcId, SubnetIds, and KeyName.

This template will create an EKS cluster with the specified name and VPC configuration. It will also create a worker node group using an Auto Scaling Group and launch configuration. The worker nodes will be associated with the EKS cluster and will have the necessary IAM roles and security groups.

You can use this CloudFormation template to create a stack using the AWS Management Console, AWS CLI, or AWS SDKs.