Install AWS, kubectl & eksctl CLI's
Step-00: Introduction
Install AWS CLI
Install kubectl CLI
Install eksctl CLI
Step-01: Install AWS CLI Ref:-https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html
1)curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
2)unzip awscliv2.zip
3)sudo ./aws/install --update
4)aws --version
Step-01-03: Configure AWS Command Line using Security Credentials
Go to AWS Management Console --> Services --> IAM
Select the IAM User: kalyan
Important Note: Use only IAM user to generate Security Credentials. Never ever use Root User. (Highly not recommended)
Click on Security credentials tab
Click on Create access key
Copy Access ID and Secret access key
Go to command line and provide the required details
1)aws configure
2)AWS Access Key ID [None]: ABCDEFGHIAZBERTUCNGG (Replace your creds when prompted)
3)AWS Secret Access Key [None]: uMe7fumK1IdDB094q2sGFhM5Bqt3HQRw3IHZzBDTm (Replace your creds when prompted)
4)Default region name [None]: us-east-1
5)Default output format [None]: json
[Test if AWS CLI is working after configuring the above]
aws ec2 describe-vpcs
Step-02: Install kubectl CLI
mkdir kubectlbinary
cd kubectlbinary
curl -O https://s3.us-west-2.amazonaws.com/amazon-eks/1.24.7/2022-10-31/bin/linux/amd64/kubectl
chmod +x ./kubectl
mkdir -p $HOME/bin && cp ./kubectl $HOME/bin/kubectl && export PATH=$PATH:$HOME/bin
echo 'export PATH=$PATH:$HOME/bin' >> ~/.bash_profile
kubectl version --short --client
Step-03: Install eksctl CLI
curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
sudo mv /tmp/eksctl /usr/local/bin
eksctl version
Step-00: Introduction
Create EKS Cluster
Associate EKS Cluster to IAM OIDC Provider
Create EKS Node Groups
Verify Cluster, Node Groups, EC2 Instances, IAM Policies and Node Groups
Step-01: Create EKS Cluster using eksctl
[It will take 15 to 20 minutes to create the Cluster Control Plane]
eksctl create cluster --name=eksdemo1
--region=us-east-1
--zones=us-east-1a,us-east-1b
--without-nodegroup
eksctl get cluster
Step-02: Create & Associate IAM OIDC Provider for our EKS Cluster
To enable and use AWS IAM roles for Kubernetes service accounts on our EKS cluster, we must create & associate OIDC identity provider.
To do so using eksctl we can use the below command.
Use latest eksctl version (as on today the latest version is 0.21.0)
eksctl utils associate-iam-oidc-provider
--region us-east-1
--cluster eksdemo1
--approve
Step-03: Create EC2 Keypair
- Create a new EC2 Keypair with name as kube-demo
- This keypair we will use it when creating the EKS NodeGroup.
- This will help us to login to the EKS Worker Nodes using Terminal.
Step-04: Create Node Group with additional Add-Ons in Public Subnets
1)These add-ons will create the respective IAM policies for us automatically within our Node Group role.
eksctl create nodegroup --cluster=eksdemo1
--region=us-east-1
--name=eksdemo1-ng-public1
--node-type=t3.medium
--nodes=2
--nodes-min=2
--nodes-max=4
--node-volume-size=20
--ssh-access
--ssh-public-key=kube-demo
--managed
--asg-access
--external-dns-access
--full-ecr-access
--appmesh-access
--alb-ingress-access
Step-05: Verify Cluster & Nodes
[Verify Cluster, NodeGroup in EKS Management Console]
1)Go to Services -> Elastic Kubernetes Service -> eksdemo1
eksctl get cluster
eksctl get nodegroup --cluster=
kubectl get nodes -o wide
ssh -i kube-demo.pem ec2-user@
Step-01: Introduction
Create IAM Policy for EBS
Associate IAM Policy to Worker Node IAM Role
Install EBS CSI Driver
Step-02: Create IAM policyy
Go to Services -> IAM
Create a Policy
Select JSON tab and copy paste the below JSON
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:AttachVolume", "ec2:CreateSnapshot", "ec2:CreateTags", "ec2:CreateVolume", "ec2:DeleteSnapshot", "ec2:DeleteTags", "ec2:DeleteVolume", "ec2:DescribeInstances", "ec2:DescribeSnapshots", "ec2:DescribeTags", "ec2:DescribeVolumes", "ec2:DetachVolume" ], "Resource": "*" } ] }
1)Review the same in Visual Editor
2)Click on Review Policy
3)Name: Amazon_EBS_CSI_Driver
4)Description: Policy for EC2 Instances to access Elastic Block Store
5)Click on Create Policy
Step-03: Get the IAM role Worker Nodes using and Associate this policy to that role
kubectl -n kube-system describe configmap aws-auth
rolearn: arn:aws:iam::180789647333:role/eksctl-eksdemo1-nodegroup-eksdemo-NodeInstanceRole-IJN07ZKXAWNN
1)Go to Services -> IAM -> Roles
2)Search for role with name eksctl-eksdemo1-nodegroup and open it
3)Click on Permissions tab
4)Click on Attach Policies
5)Search for Amazon_EBS_CSI_Driver and click on Attach Policy
Step-04: Deploy Amazon EBS CSI Driver
[Verify kubectl version, it should be 1.14 or later]
kubectl version --client --short
[Deploy Amazon EBS CSI Driver]
kubectl apply -k "github.com/kubernetes-sigs/aws-ebs-csi-driver/blob/master/deploy/kubernetes/overlays/ stable/?ref=master"
[Verify ebs-csi pods running]
kubectl get pods -n kube-system
=======
Step-02: Create following Kubernetes manifests
[Create Storage Class manifest]
Ref:-https://kubernetes.io/docs/concepts/storage/storage-classes/#volume-binding-mode
Important Note: WaitForFirstConsumer mode will delay the volume binding and provisioning of a PersistentVolume until a Pod using the PersistentVolumeClaim is created.
Create Persistent Volume Claims manifest
kubectl apply -f kube-manifests/
kubectl get sc
kubectl get pvc
kubectl get pv
kubectl get svc
kubectl get nodes -o wide
[http://EKS-WorkerNode-Public-IP:31231/usermgmt/health-status]
Step-04: Connect to MySQL Database
kubectl run -it --rm --image=mysql:5.6 --restart=Never mysql-client -- mysql -h mysql -pdbpassword11
mysql> show schemas;