Amazon EKS clusters requires the AWS IAM Authenticator for Kubernetes to allow IAM authentication for your Kubernetes cluster. Use go get to install the aws-iam-authenticator binary:
go get -u -v github.com/kubernetes-sigs/aws-iam-authenticator/cmd/aws-iam-authenticator
Add $HOME/go/bin to your PATH environment variable:
For Bash shells on macOS:
export PATH=$HOME/go/bin:$PATH && echo 'export PATH=$HOME/go/bin:$PATH' >> ~/.bash_profile
For Bash shells on Linux:
export PATH=$HOME/go/bin:$PATH && echo 'export PATH=$HOME/go/bin:$PATH' >> ~/.bashrc
Run this command to test that the aws-iam-authenticator binary works:
To install the aws cli, check the user guide: https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html
Once installed, check your AWS CLI version with the following command:
aws-cli/1.16.87 Python/3.7.2 Darwin/18.2.0 botocore/1.12.77
Configure your AWS CLI to interact with your AWS account using the command below:
aws configureAWS Access Key ID [None]: <your-access-key-ID>AWS Secret Access Key [None]:<your-secet-access-key>Default region name [None]: <your-region>Default output format [None]: json
To simplify the creation of our cluster on EKS, we are using a simple CLI tool named eksctl available here: https://github.com/weaveworks/eksctl.
To create a basic EKS cluster with a given name and region, run:
eksctl create cluster --name=<name> --region=<region>
A cluster will be created with default parameters:
exciting auto-generated name, e.g. "fabulous-mushroom-1527688624"
m5.large nodes (this instance type suits most common use-cases, and is good value for money)
use official AWS EKS AMI
dedicated VPC (check your quotas)
using static AMI resolver
Check the eksctl doc if you want to change default parameters.
Go to your AWS console and check the details about your EKS cluster.
Use the AWS CLI update-kubeconfig command to create or update your kubeconfig for your cluster.
aws eks update-kubeconfig --name <cluster_name>
Test your configuration:
kubectl get svc
Let's now configure HELM to work in the Cluster. We first need to give HELM permissions to deploy things into the cluster. Download the file below:
Run the following commands in your terminal:
kubectl apply -f helm-service-account-role.yaml
helm init --service-account helm --upgrade
In order to be able to expose our services to be accessed from outside the cluster, we need to set up an Ingress Controller, which will automatically create routes to the internal services that we want to expose. To install the NGINX Ingress controller, run the following command:
helm install stable/nginx-ingress --version 1.8
Now that NGINX Ingress Controller is being deployed, we need to wait for it to expose itself using a Public IP. We need this Public IP to interact with our services from outside the cluster. You can find this IP by running the following command:
kubectl get services