Mridul Ganga
MG's Blog

MG's Blog

Initial EKS Setup for beginners

Initial EKS Setup for beginners

Mridul Ganga's photo
Mridul Ganga
·Dec 8, 2021·

2 min read

Subscribe to my newsletter and never miss my upcoming articles

When you create a new Kubernetes Cluster in EKS - you still need to do a number of things until you can start using it.

Create Kubernetes Cluster on EKS

  1. Install eksctl

    curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
    sudo mv /tmp/eksctl /usr/local/bin
    

    This will only work on linux for obvious reasons.

  2. Create a cluster.yaml file in a nice folder.

# contents of cluster.yaml
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig

metadata:
  name: cluster-1
  region: us-east-1

nodeGroups:
  - name: ng-1
    instanceType: m5.large
    desiredCapacity: 2
  1. Create the cluster using eksctl (make sure you have awscli and creds setup already)
    eksctl create cluster -f cluster.yaml
    
  2. Create kubeconfig to access the cluster
    mkdir ~/.kube
    eksctl utils write-kubeconfig --cluster=cluster-1 --kubeconfig=~/.kube/config
    

Deploy nginx ingress controller on the cluster

Amazon has good docs on this step - aws.amazon.com/premiumsupport/knowledge-cen..

BONUS:

  1. When you deploy nginx and created the load balancer, get the endpoint for the same using kubectl get svc --namespace=nginx-ingress
  2. You can now point your domain to this endpoint using CNAME records (ex - *.k8s.mridulganga.dev -> aaa71bxxxxx-11xxxxx10.us-east-1.elb.amazona..).

Deploy cert-manager & create cluster issuer

  1. Follow the installation instructions on cert-manager website cert-manager.io/docs/installation

  2. Create ClusterIssuer Save the following content in a file letsencrypt-staging.yaml

    apiVersion: cert-manager.io/v1
    kind: ClusterIssuer
    metadata:
    name: letsencrypt-staging
    spec:
    acme:
     server: https://acme-staging-v02.api.letsencrypt.org/directory
     email: example@example.com
     privateKeySecretRef:
       name: letsencrypt-staging
     solvers:
       - http01:
           ingress:
             class: nginx
    

    Create the resource using kubectl kubectl apply -f letsencrypt-staging.yaml

NOTE: use staging when you are first trying out certs, when you are comfortable with the cert vending process - you can move to letsencrypt-prod by creating a new Issuer using the acme server: https://acme-v02.api.letsencrypt.org/directory. Check the rate limits letsencrypt.org/docs/rate-limits

image credits - opensourceforu.com/2018/06/container-orches..