- Create SSH key pair (Optional)
aws ec2 create-key-pair --region {{region}} --key-name {{keypair}}
- Create
cluster.yaml
file
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
name: {{cluster_name}}
region: {{region}}
iam:
withOIDC: true
nodeGroups:
- name: mng-m5large
instanceType: m5.large
desiredCapacity: 2
volumeSize: 100
iam:
attachPolicyARNs:
- arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
- arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
- arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly
- arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy # CWAgent
- arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore # SSM
- arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess # xray
- arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess # xray
- arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess # s3
- arn:aws:iam::aws:policy/AmazonPrometheusFullAccess
ssh:
allow: true
publicKeyName: {{keypair}}
cloudWatch:
clusterLogging:
enableTypes: [ "*" ]
You can customize vpc to use an existing one.
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
name: {{cluster_name}}
region: {{region}}
iam:
withOIDC: true
vpc:
subnets:
public:
us-west-2a: { id: {{subnet-id1}} }
us-west-2b: { id: {{subnet-id2}} }
us-west-2c: { id: {{subnet-id3}} }
nodeGroups:
- name: mng-m5large
instanceType: m5.large
desiredCapacity: 2
volumeSize: 100
iam:
attachPolicyARNs:
- arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
- arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
- arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly
- arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy
- arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore
- arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess
- arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess
- arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess
- arn:aws:iam::aws:policy/AmazonPrometheusFullAccess
ssh:
allow: true # will use ~/.ssh/id_rsa.pub as the default ssh key
publicKeyName: {{keypair}}
cloudWatch:
clusterLogging:
enableTypes: [ "*" ]
- Create EKS cluster
eksctl create cluster -f cluster.yaml
To create a cluster with fargate nodes, or look for other customization to your cluster, see Getting started with Amazon EKS – eksctl for more details.
- Open the Amazon EC2 console.
- Select one of the worker node instances and choose the IAM role in the description.
- On the IAM role page, choose Attach policies.
- Attach the following policies to node instance role.
AmazonEKSWorkerNodePolicy
AmazonEKS_CNI_Policy
AmazonEC2ContainerRegistryReadOnly
CloudWatchAgentServerPolicy
AmazonSSMManagedInstanceCore
AWSXrayWriteOnlyAccess
AWSXRayDaemonWriteAccess
AmazonS3ReadOnlyAccess
AmazonPrometheusFullAccess