DO NOT PROCEED with this step unless you have validated the IAM role in use by the Cloud9 IDE. You will not be able to run the necessary kubectl commands in the later modules unless the EKS cluster is built using the IAM role.
How do I check the IAM role on the workspace?
Use the GetCallerIdentity CLI command to validate that the Cloud9 IDE is using the correct IAM role.
aws sts get-caller-identity
Select the tab and validate the assumed role…
The output assumed-role name should contain:
eksworkshop-admin
If the Arn contains the role name from above and an Instance ID, you may proceed.
{
"Account": "123456789012",
"UserId": "AROA1SAMPLEAWSIAMROLE:i-01234567890abcdef",
"Arn": "arn:aws:sts::123456789012:assumed-role/eksworkshop-admin/i-01234567890abcdef"
}The output assumed-role name should contain:
TeamRole
If the Arn contains the role name from above and an Instance ID, you may proceed.
{
"Account": "123456789012",
"UserId": "AROA1SAMPLEAWSIAMROLE:i-01234567890abcdef",
"Arn": "arn:aws:sts::216876048363:assumed-role/TeamRole/i-0dd09eac19be01448"
}If you do not see the correct role, please go back and validate the IAM role for troubleshooting.
If you do see the correct role, proceed to next step to create an EKS cluster.
The following command will create an eks cluster with the name eksworkshop-eksctl. It will also create a nodegroup with 2 on-demand instances.
eksctl create cluster \
--version=1.20 \
--name=eksworkshop-eksctl \
--node-private-networking \
--managed --nodes=2 \
--alb-ingress-access \
--region=${AWS_REGION} \
--node-labels="intent=control-apps" \
--asg-accesseksctl allows us to pass parameters to initialize the cluster. While initializing the cluster, eksctl does also allow us to create nodegroups.
The managed nodegroup will have two m5.large nodes (m5.large is the default instance type used if no instance types are specified) and it will bootstrap with the label intent=control-apps.
Amazon EKS adds the following Kubernetes label to all nodes in your managed node group: eks.amazonaws.com/capacityType: ON_DEMAND. You can use this label to schedule stateful or fault intolerant applications on On-Demand nodes.
Launching EKS and all the dependencies will take approximately 15 minutes
The command above, created a Managed Node Group. Amazon EKS managed node groups automate the provisioning and lifecycle management of nodes. Managed Nodegroups use the latest EKS-optimized AMIs. The node run in your AWS account provisioned as apart of an EC2 Auto Scaling group that is managed for you by Amazon EKS. This means EKS takes care of the lifecycle management and undifferentiated heavy lifting on operations such as node updates, handling of terminations, gracefully drain of nodes to ensure that your applications stay available.