Hello and welcome to this lecture covering the Elastic Container Service for Kubernetes, more commonly known as EKS. Kubernetes is an open-source container orchestration tool designed to automate, deploying, scaling, and operating containerized applications. It is designed to grow from tens, thousands, or even millions of containers. Kubernetes is also container-runtime agnostic, which means you can actually use Kubernetes to run rocket and docker containers.
Resources referenced within this lecture:
IAM Authenticator:
- Linux
- MacOS
- Windows
Configuration map to joing the Worker Node to the EKS Cluster
Transcript
Hello and welcome to this lecture covering the Elastic Container Service for Kubernetes, more commonly known as EKS.
Firstly, for those unfamiliar with Kubernetes let me briefly explain what it is at a high level. Kubernetes is an open-source container orchestration tool designed to automate, deploy, scale, and operate containerized applications. It is designed to grow from tens, thousands, or even millions of containers. Kubernetes is also container-runtime agnostic, which means you can actually use Kubernetes to run rocket and docker containers.
So back to EKS, with EKS, AWS provides a managed service allowing you to run Kubernetes across your AWS infrastructure without having to take care of provisioning and running the Kubernetes management infrastructure in what's referred to as the control plane. You, the AWS account owner, only need to provision and maintain the worker nodes.
What is a control plane and what are worker nodes?
Kubernetes Control Plane:
There are a number of different components that make up the control plane and these include a number of different APIs, the kubelet processes and the Kubernetes Master, and these dictate how kubernetes and your clusters communicate with each other. The control plane itself is run across master nodes.
The control plane schedules containers onto nodes. The term scheduling does not refer to time in this context. Scheduling, in this case, refers to the decision process of placing containers onto nodes in accordance with their declared, compute requirements. The Control Plane also tracks the state of all kubernetes objects by continually monitoring the objects. So in EKS, AWS is responsible for provisioning, scaling and managing the control plane and they do this by utilising multiple availability zones for additional resilience.
Worker nodes:
Kubernetes clusters are composed of nodes and the term cluster refers to the aggregate of all of the nodes. A node is a worker machine in Kubernetes and runs as an on-demand EC2 instance and includes software to run containers managed by the Kubernetes control plane. For each node created, a specific AMI is used which also ensures docker and kubelet in addition to the AWS IAM authenticator is installed for security controls. These nodes are what us as the customer are responsible for managing within EKS. Once the worker nodes are provisioned they can then connect to EKS using an endpoint.
For more information on Kubernetes, please see our existing course ‘Introduction to Kubernetes’ here
Let me provide a brief overview of what’s required to start using the EKS service.
-
Create an EKS Service Role: Before you begin working with EKS you need to configure and create an IAM service-role that allows EKS to provision and configure specific resources. This role only needs to be created once and can be used for all other EKS clusters created going forward. The role needs to have the following permissions policies attached to the role: AmazonEKSServicePolicy and AmazonEKSClusterPolicy
-
Create an EKS Cluster VPC: Using AWS CloudFormation you need to create a and run a CloudFormation stack based on the following template: https://amazon-eks.s3-us-west-2.amazonaws.com/cloudformation/2019-02-11/amazon-eks-vpc-sample.yaml which will configure a new VPC for you to use with EKS
-
Install kubectl and the AWS-IAM-Authenticator: Kubectl is a command line utility for Kubernetes and can be installed following the details supplied here The IAM-Authenticator is required to authenticate with the EKS cluster. Depending on your client OS (Linux, MacOS or Windows) it can be downloaded from here:
-
Create your EKS Cluster: Using the EKS console you can now create your EKS cluster using the details and information from the VPC created in step 1 and 2
-
Configure kubectl for EKS: Using the update-kubeconfig command via the AWS CLI you need to create a kubeconfig file for your EKS cluster
-
Provision and configure Worker Nodes: Once your EKS cluster shows an ‘Active’ status you can launch your worker nodes using CloudFormation based on the following template: https://amazon-eks.s3-us-west-2.amazonaws.com/cloudformation/2019-02-11/amazon-eks-nodegroup.yaml
-
Configure the Worker Node to join the EKS Cluster: Using a configuration map downloaded here:
curl -O https://amazon-eks.s3-us-west-2.amazonaws.com/cloudformation/2019-02-11/aws-auth-cm.yaml
You must edit it and Replace the <ARN of instance role (not instance profile)> with the NodeInstanceRole value from step 6
Your EKS Cluster and worker nodes are now configured ready for your to deploy your applications with Kubernetes.
For more information on EKS, please see our existing course ‘Introduction to EKS’ which will cover these points and more in greater detail https://cloudacademy.com/course/introduction-to-aws-eks/