This document highlights special considerations when using Amazon Elastic Kubernetes Service (EKS) in your team development AWS accounts.
Review Note: This is a draft document.
eksctl
CLI to Create a Clustereksctl
and kubectl
per Getting Started with eksctl.
eksctl
version 0.14.0
so that permissions boundary support is available.eksctl
does not get installed, you might need to replace the latest_release
portion of the download path with the explicit version of interest. For example, 0.14.0
.VPC
service within the AWS Management Console.eksctl
.nikki-cluster.yml
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
name: nikki-dev
region: us-east-2
iam:
serviceRolePermissionsBoundary: arn:aws:iam::123456789012:policy/example-dev-infra-team-boundary
fargatePodExecutionRolePermissionsBoundary: arn:aws:iam::123456789012:policy/example-dev-infra-team-boundary
vpc:
subnets:
public:
us-east-2a: { id: subnet-... }
us-east-2b: { id: subnet-... }
us-east-2c: { id: subnet-... }
private:
us-east-2a: { id: subnet-... }
us-east-2b: { id: subnet-... }
us-east-2c: { id: subnet-... }
nodeGroups:
- name: ng-1
instanceType: m5.large
desiredCapacity: 1
iam:
instanceRolePermissionsBoundary: arn:aws:iam::123456789012:policy/example-dev-infra-team-boundary
create cluster
:./eksctl create cluster --config-file nikki-cluster.yml
$ aws eks --region us-east-2 describe-cluster --name nikki-dev --query cluster.status