Deploy a Container Web App on Amazon EKS
GETTING STARTED GUIDE
Module 1: Create an EKS Cluster
In this module, you will learn how to create an Amazon EKS cluster
Introduction
Before we deploy the containerized application, we need to create a Kubernetes cluster. We will be using Amazon EKS to create the cluster. In this guide, the Amazon EKS cluster consists of a control plane and using Amazon EC2 as worker nodes. To create the Kubernetes cluster, we're going to use AWS CDK. AWS CDK provides flexibility to enable provisioning of a Kubernetes cluster in a predictable and repeatable manner.
What You Will Learn
- Building AWS CDK application to create Amazon EKS cluster with Amazon EC2 as worker nodes
- Testing and performing basic operation to Kubernetes cluster
Time to Complete
10 minutes
Module Prereqs
- AWS Account with administrator-level access**
- Recommended browser: The latest version of Chrome or Firefox
[**]Accounts created within the past 24 hours might not yet have access to the services required for this tutorial.
Implementation
Once that you have defined the IAM role, and EKS cluster, the next step is to deploy the CDK stack. Before you do that, you need to configure CDK to know which Account ID and region to use by changing eks/cluster/app.py and uncommenting line 24:
Build AWS CDK Application
In this step, you will prepare your work folders. You will create two different folders within the root folder eks. The first folder, k8s-cluster, is for cluster creation and will host your CDK code to create it. The second folder, cdk8s, will contain the code to create and deploy your application to the cluster using cdk8s. Create the directories, and create your CDK project using Python by running:
mkdir eks
cd eks
mkdir cluster cdk8s
cd cluster
cdk init app --language=python
This will create the skeleton CDK app, with some useful command outputs:
cdk init app --language=python
Applying project template app for python
# Welcome to your CDK Python project!
This is a blank project for Python development with CDK.
The `cdk.json` file tells the CDK Toolkit how to execute your app.
...
To add additional dependencies, for example other CDK libraries, just add
them to your `setup.py` file and rerun the `pip install -r requirements.txt`
command.
## Useful commands
* `cdk ls` list all stacks in the app
* `cdk synth` emits the synthesized CloudFormation template
* `cdk deploy` deploy this stack to your default AWS account/region
* `cdk diff` compare deployed stack with current state
* `cdk docs` open CDK documentation
Enjoy!
Please run 'python3 -m venv .venv'!
Executing Creating virtualenv...
Please run the code below.
python3 -m venv .venv
source .venv/bin/activate
There are 2 main resources that you need to create in this module, the Amazon EKS cluster and AWS IAM role. By creating an IAM role and attaching it to the cluster, it will grant the systems:masters privileges. In order to do that, we need to add the aws_cdk.aws-iam and aws_cdk.aws-eks libraries into our CDK application. The aws-cdk-lib, constructs and aws-cdk.lambda-layer-kubectl-v28 are required libraries for deployment step. You need to ensure that you use the libraries that match your version of CDK, to check CDK's version, run cdk --version:
cdk --version
2.122.0 (build 7e77e02)
Using the version number shown, open eks/cluster/requirements.txt, and requirements.txt should resemble this:
aws-cdk-lib==2.122.0
constructs>=10.0.0,<11.0.0
aws-cdk.lambda-layer-kubectl-v28==2.2.0
pyyaml
To install these libraries, run
pip3 install -r requirements.txt
Creating a new VPC is best practice for building a Kubernetes cluster using EKS, and you can read more about this in the documentation. To create your EKS cluster, open eks/cluster/cluster_stack.py and add following lines:
from aws_cdk import (
Stack,
aws_iam as iam,
aws_eks as eks,
aws_ec2 as ec2
)
from aws_cdk.lambda_layer_kubectl_v28 import KubectlV28Layer
from constructs import Construct
import yaml
class ClusterStack(Stack):
def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
# Create a master role
iam_role = iam.Role(self, id=f"{construct_id}-iam",
role_name=f"{construct_id}-iam", assumed_by=iam.AccountRootPrincipal())
# Create and EKS Cluster
eks_cluster = eks.Cluster(
self, id=f"{construct_id}-cluster",
cluster_name=f"{construct_id}-cluster",
masters_role=iam_role,
default_capacity_instance=ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE3, ec2.InstanceSize.MICRO),
version=eks.KubernetesVersion.V1_28,
kubectl_layer=KubectlV28Layer(self, "KubectlLayer")
)
Once that you have defined the IAM role, and EKS cluster, the next step is to deploy the CDK stack. Before you do that, you need to configure CDK to know which Account ID and region to use by changing eks/cluster/app.py and uncommenting line 18:
env=cdk.Environment(account=os.getenv('CDK_DEFAULT_ACCOUNT'), region=os.getenv('CDK_DEFAULT_REGION')),
To set different account or different region, it is possible to statically set account and region variables in line 23 while keeping line 18 as comment.
23: env=cdk.Environment(account='123456789012', region='eu-west-1'),
This will use the Account ID and region configured in the AWS CLI. Before you can use CDK, it needs to be bootstrapped - this will create the required infrastructure for CDK to manage infrastructure in your account. To bootstrap CDK, run cdk bootstrap. You should see output similar to:
cdk bootstrap
⏳ Bootstrapping environment aws://0123456789012/...
✅ Environment aws://0123456789012/ bootstrapped
Once the bootstrapping has completed, you will run cdk deploy to deploy the cluster.
cdk deploy
You should see output similar to the following:
CDK will prompt you before creating the infrastructure as it is creating infrastructure that changes security configuration - in your case, by creating IAM roles and security groups. Press y and then hit enter to deploy. CDK will now set up all the infrastructure you defined, and it will take a few minutes to complete.
If everything went successfully, you will get following results at the end of the execution:
✅ ClusterStack
✨ Deployment time: 1150.08s
Outputs:
ClusterStack.ClusterStackclusterConfigCommand1CAA6E63 = aws eks update-kubeconfig --name ClusterStack-cluster --region eu-west-1 --role-arn arn:aws:iam::0123456789012:role/ClusterStack-iam
ClusterStack.ClusterStackclusterGetTokenCommand010D10BE = aws eks get-token --cluster-name ClusterStack-cluster --region eu-west-1 --role-arn arn:aws:iam::0123456789012:role/ClusterStack-iam
Stack ARN:
arn:aws:cloudformation:eu-west-1:0123456789012:stack/ClusterStack/124f8fb0-bb17-11ee-a570-129832dce953
You will see 3 warnings printed out similar to:
[Warning at /ClusterStack/ClusterStack-cluster] Could not auto-tag public subnet subnet-3a618f43 with "kubernetes.io/role/elb=1", please remember to do this manually
Your cluster is now ready. To operate your cluster, you need to update the Kubernetes configuration (kubeconfig) to point to it so that the kubectl command will work. Copy the ConfigCommand from your terminal output and execute it, it should look something like this:
aws eks update-kubeconfig --name ClusterStack-cluster --region <YOUR-REGION> --role-arn arn:aws:iam::<YOUR-ACCT-NUMBER>:role/ClusterStack-iam
The output will resemble the following
Added new context arn:aws:eks:eu-west-1:0123456789012:cluster/ClusterStack-cluster to /home/ubuntu/.kube/config
To confirm that everything is configured correctly, run kubectl get all to confirm, you should see the following:
kubectl get all
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP xxx.xxx.xxx.xxx 443/TCP 15m
Conclusion
In this module, we covered created an Amazon EKS cluster using the CLI. In the next module, we will install and learn about CDK8s.
Up Next: Install CDK8s