Objectives

1. Give Appropriate Permissions

Make sure that the account you will be using to create the EKS cluster has the appropriate permissions. Referring to the official EKS documentation for details.

2. Create Access Key and Secret Key

Use AWS to create an access key and client secret for the IAM account used in 1. Give Appropriate Permissions.

For instructions on how to create these keys, see the AWS documentation Managing Access Keys: To create, modify, or delete a user’s access keys.

3. Create the EKS Cluster

Use Rancher to set up and configure your Kubernetes cluster.

  1. From the Clusters page, click Add Cluster.

  2. Choose Amazon EKS.

  3. Enter a Cluster Name.

  4. Use Member Roles to configure user authorization for the cluster.

    • Click Add Member to add users that can access the cluster.
    • Use the Role drop-down to set permissions for each user.

  5. Configure Account Access for the EKS cluster. Complete each drop-down and field using the information obtained in 2. Create Access Key and Secret Key.

    Setting Description
    Region From the drop-down choose the geographical region in which to build your cluster.
    Access Key Enter the access key that you created in 2. Create Access Key and Secret Key.
    Secret Key Enter the secret key that you created in 2. Create Access Key and Secret Key.
  6. Click Next: Select Service Role. Then choose a service role.

    Service Role Description
    Standard: Rancher generated service role If you choose this role, Rancher automatically adds a service role for use with the cluster.
    Custom: Choose from your existing service roles If you choose this role, Rancher lets you choose from service roles that you’re already created within AWS. For more information on creating a custom service role in AWS, see the Amazon documentation.
  7. Click Next: Select VPC and Subnet.

  8. Choose an option for Public IP for Worker Nodes. Your selection for this option determines what options are available for VPC & Subnet.

    Option Description
    Yes When your cluster nodes are provisioned, they’re assigned a both a private and public IP address.
    No: Private IPs only When your cluster nodes are provisioned, they’re assigned only a private IP address.

    If you choose this option, you must also choose a VPC & Subnet that allow your instances to access the internet. This access is required so that your worker nodes can connect to the Kubernetes control plane.
  9. Now choose a VPC & Subnet. Follow one of the sets of instructions below based on your selection from the previous step.

    Amazon Documentation:

    If you choose to assign a public IP address to your cluster’s worker nodes, you have the option of choosing between a VPC that’s automatically generated by Rancher (i.e., Standard: Rancher generated VPC and Subnet), or a VPC that you’re already created with AWS (i.e., Custom: Choose from your existing VPC and Subnets). Choose the option that best fits your use case.

    1. Choose a VPC and Subnet option.

      Option Description
      Standard: Rancher generated VPC and Subnet While provisioning your cluster, Rancher generates a new VPC and Subnet.
      Custom: Choose from your exiting VPC and Subnets While provisioning your cluster, Rancher configures your nodes to use a VPC and Subnet that you’ve already created in AWS. If you choose this option, complete the remaining steps below.
    2. If you’re using Custom: Choose from your existing VPC and Subnets:

      (If you’re using Standard, skip to step 11)

      1. Make sure Custom: Choose from your existing VPC and Subnets is selected.

      2. From the drop-down that displays, choose a VPC.

      3. Click Next: Select Subnets. Then choose one of the Subnets that displays.

      4. Click Next: Select Security Group.

    If you chose this option, you must also choose a VPC & Subnet that allow your instances to access the internet. This access is required so that your worker nodes can connect to the Kubernetes control plane. Follow the steps below.

    Tip: When using only private IP addresses, you can provide your nodes internet access by creating a VPC constructed with two subnets, a private set and a public set. The private set should have its route tables configured to point toward a NAT in the public set. For more information on routing traffic from private subnets, please see the official AWS documentation.

    1. From the drop-down that displays, choose a VPC.
    
    1. Click **Next: Select Subnets**. Then choose one of the **Subnets** that displays.
    
    1. Click **Next: Select Security Group**.
    

  10. Choose a Security Group. See the documentation below on how to create one.

    Amazon Documentation:

  11. Click Select Instance Options, and then edit the node options available.

    Option Description
    Instance Type Choose the hardware specs for the instance you’re provisioning.
    Custom AMI Override If you want to use a custom Amazon Machine Image (AMI), specify it here.
    Minimum ASG Size The minimum number of instances that your cluster will scale to during low traffic, as controlled by Amazon Auto Scaling.
    Maximum ASG Size The maximum number of instances that your cluster will scale to during high traffic, as controlled by Amazon Auto Scaling.
  12. Click Create.

Result:

  • Your cluster is created and assigned a state of Provisioning. Rancher is standing up your cluster.
  • You can access your cluster after its state is updated to Active.
  • Active clusters are assigned two Projects, Default (containing the namespace default) and System (containing the namespaces cattle-system,ingress-nginx,kube-public and kube-system, if present).