Skip to content

Part 1: Provision EKS Cluster

This is Part 1 of a multi-part, self paced quick start exercise.


What Will You Do

In part 1, you will


Assumptions

  • You have access to an Amazon AWS account
  • You have sufficient privileges to create an IAM Role with the default Full IAM Policy to allow the controller to provision resources on your behalf as part of the EKS cluster creation process.

Note

The instructions describe the process using the web console. The same steps can be performed using the RCTL CLI for automation.


Step 1: Create Project

In this step, we will create a new project which will serve as a logically isolated "operating environment" (sub tenant) for developers.

Note

Creating a project requires "Org Admin" privileges.

  • Login into your Org as an Org Admin
  • Create a new project called "dev"

New Project

  • Switch context to this project.

View New Project


Step 2: Provision EKS Cluster

In this step, you will configure and provision an Amazon EKS cluster using the controller. You will use the default blueprint which comes with a number of foundational services out of the box.


Step 2a: Create Cloud Credentials

Cloud credentials provides the controller with privileges to programmatically interact with your Amazon AWS account so that it can manage the lifecycle of infrastructure associated with the Amazon EKS cluster.

  • Follow the step-by-step instructions to create an IAM Role based cloud credential.
  • Validate the newly cloud credential to ensure it is configured correctly.

Validate Cloud Credential


Step 2b: Configure & Provision Cluster

In this step, you will configure and customize your Amazon EKS Cluster specification using the self-service wizard. Note that you can also create and manage a version controlled YAML based cluster specification in your Git repository.

  • Configure your EKS cluster by following the step-by-step instructions
  • Provide a name for the cluster such as "eks-dev"
  • Unless your AWS account has specific controls in place, use the default settings for now

This will provision an EKS cluster with the following configuration:

  • Current Kubernetes version supported by Amazon
  • A private (cloaked) EKS control plane in the us-west-2/Oregon region
  • New VPCs and Subnets will be auto created
  • A self managed node group with two worker nodes based on m5.xlarge instance type
  • gp3 storage volumes and Amazon Linux2 OS
  • IAM roles for ASG and ECR access enabled
  • Default cluster blueprint (Monitoring, Log Aggregation enabled)

Click on provision and wait for this step to complete. Provisioning will take 10-15 minutes to complete. The final step in the process is the blueprint sync for the default blueprint. This can also take a few minutes to complete because this requires the download of several container images and deployment of monitoring and log aggregation components.


Step 3: Verify Cluster

Once provisioning is complete, you should have a ready to use Amazon EKS Cluster. We will verify the cluster by checking its health and status.


Step 3a: Cluster Status & Health

The Kubernetes management operator automatically deployed on the cluster by the controller will "maintain a heartbeat" with the controller and will "proactively monitor" the status of the components on the worker node required for communication with the EKS control plane and the controller.

  • Cluster reachability should be not more than 1 minute
  • Control plane should report as Healthy

EKS Cluster Health


Step 3b : Zero Trust Kubectl

Your EKS Cluster's API Server is private and secure (i.e. cloaked and not directly reachable on the Internet). The controller provides a zero trust kubectl channel for authorized users.

  • Click on the "Kubectl" on the cluster.
  • This will launch a web based kubectl shell for you to securely interact with the API server

ZTKA to EKS


Step 4: Dashboards

The default cluster blueprint automatically deploys Prometheus and other components required to monitor the EKS cluster. This data is aggregated from the cluster on the controller in a central, time series database. This data is then made available to administrators in the form of detailed dashboards.

Step 4a: Cluster Dashboard

Click on the cluster name to view the cluster dashboard. You will be presented with time series data for the following

  • Cluster Health
  • CPU Utilization
  • Memory Utilization
  • Storage Utilization
  • Number of Worker Nodes
  • Number of workloads and their status
  • Number of pods and their status

EKS Cluster Dashboard


Step 4b: Node Dashboard

Click on the "node" to view the node dashboard.

EKS Node Overview

Now, click on Overview. You will be presented with time series data for the following metrics:

  • Node Health
  • CPU Utilization
  • Memory Utilization
  • Storage Utilization

EKS Node Dashboard


Step 4c: Kubernetes Resources

The dashboard also comes with an integrated Kubernetes dashboard. Click on "Resources" and you will be presented with all the Kubernetes resources organized using a number of filters.

EKS k8s Resources


Recap

Congratulations! At this point, you have

  • Successfully configured and provisioned an Amazon EKS cluster in your AWS account.
  • Used zero trust kubectl to securely access the EKS cluster's API server
  • Used the integrated cluster, node and k8s dashboards to monitor and view details about the cluster