Version: v0.0.0-...-7288552 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Jul 4, 2021 License: GPL-3.0


Getting Started with EKS


  • brew install awscli
  • brew install jq
  • brew install kubectl
  • brew install --cask docker

aws configure

aws configure

Access your "My Security Credentials" section in your profile. 
Create an access key

AWS CLI will look to configure your default region:

AWS EKS service account

Required IAM permissions – The IAM security principal that you're using must have permissions to work with Amazon EKS IAM roles and service linked roles, AWS CloudFormation, and a VPC and related resources. Kubernetes clusters managed by Amazon EKS make calls to other AWS services on your behalf to manage the resources that you use with the service.

CREATE ROLE: role_arn=$(aws iam create-role --role-name eks-getting-started-role --assume-role-policy-document file://eks_getting_started_role.json | jq .Role.Arn | sed s/\"//g)

ATTACH ROLE: aws iam attach-role-policy --role-name eks-getting-started-role --policy-arn arn:aws:iam::aws:policy/AmazonEKSClusterPolicy

create the cluster VPC

All Amazon EKS resources are deployed to one Region in an existing subnet in an existing VPC. Each subnet exists in one Availability Zone. The VPC and subnets must meet requirements such as the following:

  • VPCs and subnets must be tagged appropriately, so that Kubernetes knows that it can use them for deploying resources, such as load balancers.
  • A subnet may or may not have internet access. If a subnet does not have internet access, the pods deployed within it must be able to access other AWS services, such as Amazon ECR, to pull container images. For more information about using subnets that don't have internet access, see Private clusters.
  • Any public subnets that you use must be configured to auto-assign public IP addresses for Amazon EC2 instances launched within them. For more information, see VPC IP addressing.
  • The nodes and control plane must be able to communicate over all ports through appropriately tagged security groups. For more information, see Amazon EKS security group considerations.
  • You can implement a network segmentation and tenant isolation network policy. Network policies are similar to AWS security groups in that you can create network ingress and egress rules. Instead of assigning instances to a security group, you assign network policies to pods using pod selectors and labels. For more information, see Installing Calico on Amazon EKS.
  • You can deploy a VPC and subnets that meet the Amazon EKS requirements through manual configuration, or by deploying the VPC and subnets using eksctl, or an Amazon EKS provided AWS CloudFormation template. Both eksctl and the AWS CloudFormation template create the VPC and subnets with the required configuration. For more information, see Creating a VPC for your Amazon EKS cluster.
  1. curl -o vpc.yaml
  2. aws cloudformation deploy --template-file vpc.yaml --stack-name getting-started-eks

when this is complete , we are ready to install an EKS cluster into this VPC!

create the cluster

  1. grab stack details: aws cloudformation list-stack-resources --stack-name getting-started-eks > stack.json
  2. create cluster: use the subnet and security group IDs from the stack.json file aws eks create-cluster --name getting-started-eks --role-arn $role_arn --resources-vpc-config subnetIds=subnet-09fe8f0ca92715947,subnet-026cce0272749c0c3,subnet-06e17c1cf13aa7457,securityGroupIds=sg-04be60bd8e98912ca,endpointPublicAccess=true,endpointPrivateAccess=false
  3. aws eks describe-cluster --name getting-started-eks | jq '.cluster.status'

create kube config functionality

  1. run command to download kube config file aws eks update-kubeconfig --name getting-started-eks --region us-east-2
  2. copy kube config file to the project repository (this is just to see the file in VS) cp /Users/robert/.kube/config .
  3. test kubectl command to validate that thigns are wired in: kubectl get nodes

Therea are no nodes as of yet. AWS EKS installs an aws-managed control plane; by default no nodes are attached to the cluster. Nodes must be attached to the cluster via intial configuration with IAC

Nodes and NodeGroups

  1. create another role that manages node groups: role_arn=$(aws iam create-role --role-name getting-started-eks-role-nodes --assume-role-policy-document file://assume-node-policy.json | jq .Role.Arn | sed s/\"//g)

  2. attach policies to the role: aws iam attach-role-policy --role-name getting-started-eks-role-nodes --policy-arn arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy aws iam attach-role-policy --role-name getting-started-eks-role-nodes --policy-arn arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy aws iam attach-role-policy --role-name getting-started-eks-role-nodes --policy-arn \ arn:aws:iam::aws:policyAmazonEC2ContainerRegistryReadOnly

  3. add ec2 instances to the EKCS vpc subnet:

aws eks create-nodegroup \
--cluster-name getting-started-eks \
--nodegroup-name test \
--node-role $role_arn \
--subnets subnet-09fe8f0ca92715947 \
--scaling-config minSize=1,maxSize=2,desiredSize=1 \
--instance-types t2.micro
  1. kubectl get nodes

Create Sample Namespce:

"namespace" is intended for separating resources in the Kubernetes cluster. Examples of namespace use cases would be

kubectl create ns example-app

kubectl get namespaces

kubernetes PODS:

a pod is the smallest deployable unit in Kubernetes pods will consume resources from nodes.

Hence every node can only as many pods as its resources can provide. We cannot deploy the exact same pod in the same namespace.

But we can use a replica set to create a replica of our pod. Using replica sets we can maintain a stable set of our pod inside the cluster --this is useful to scale the application "horizontally"

Go modules

A module is a collection of Go packages stored in a file tree with a go.mod file at its root.

The go.mod file defines the module’s module path, and dependency requirements

module path: the import path used for the root directory, dependency requirements: the other modules needed for a successful build; each dependency requirement is written as a module path and a specific semantic version.

the go command enables the use of modules when the current directory or any parent directory has a go.mod, provided the directory is outside $GOPATH/src.

Each dependency requirement is written as a module path and a specific semantic version.

Building Docker images

What is a container?

a container is simply another process on your machine that has been isolated from all other processes on the host machine.
kernel namespaces and cgroups
features that have been in Linux for a long time; Docker has worked to make these capabilities approachable and easy to use
container image
the image contains a container's custom filesystem; everything needed to run an application - all dependencies, configuration, scripts, binaries, etc
container metadata
The image also contains other configuration for the container, such as environment variables, a default command to run, etc

Docker build commands

docker build -t exampleApp .

docker images --filter reference=exampleApp

docker run -it -p 80:80 example-app

Working with Docker on Mac!

  1. Docker app for MAC runs as a desktop application
  2. installation: brew install --cask docker
  3. click on the Docker app from the app tray, you will see something like this: Docker
  4. if the container starts successfully you should see: Docker
  5. you shoudl now see this as your first running container: docker ps
  6. the same startup command could have been run as docker run -dp 80:80 docker/getting-started
  7. stop a running container: docker stop {CONTAINER ID}

Working with AWS ECR

aws ecr create-repository --repository-name exampleApp --region us-east-1 aws ecr get-login-password --region us-east-1 aws ecr --region us-east-1 | docker login -u AWS -p {PASSWORD STRING FROM LAST COMMAND} docker tag exampleApp:latest {STRING OF ECR IMAGE LOCATION} docker push {STRING OF ECR IMAGE LOCATION}

AT THIS POINT, YOU WOULD NEED THE EKS CLUSTER TO BE READY IN ORDER TO DEPLOY THE APP see below for AWS Cloud Formation approach to building the EKS cluster kubectl apply -f deployment.yml kubectl get deployments

Working with AWS Cloud Formation template: an alternate way to create the cluster

aws cloudformation deploy --template-file {PATH-to-FILE.yml} --stack-name my-new-app-stack eksctl create cluster -f cluster.yaml --kubconfig={PATH-TO-FILE.yml} kubectl get svc kubectl apply -f service.yml kubectl get pods -o wide kubectl get nodes -o wide kubectl get services

Application Deplooyment in EKS

kubectl apply -n example-app -f secrets/secret.yaml

kubectl apply -n example-app -f configmaps/configmap.yaml

kubectl apply -n example-app -f deployments/deployment.yaml

Create Service Type: type: LoadBalancer

kubectl apply -n example-app -f services/service.yaml

Checkout and Troubleshooting:

kubectl get svc -n example-app


  • Delete all pods and services in namespace:

kubectl -n example-app delete pod,svc --all

  • Delete deployments in namespace: kubectl delete deployment example-deploy -n example-app


Path Synopsis
from /Users/robert/Documents/code/go/src/aws/go_code/simpleapp/backend/cmd/simplebackend
from /Users/robert/Documents/code/go/src/aws/go_code/simpleapp/backend/cmd/simplebackend

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL