Infrastructure as Code (IaC) to deploy Managed EKS Cluster and Node Group on AWS - Part 2

Infrastructure as Code (IaC) to deploy Managed EKS Cluster and Node Group on AWS - Part 2

Cloudformation as IaC tool

Hi friends 👋, let's continue building our EKS environment by deploying managed EKS Node Groups in AWS.

Continuing on from where we left before in Part 1 , we will now use a Cloudformation template to deploy EKS Addons ( CNI plugin ) and then a managed Node Group. To enable pod networking, we need to deploy a networking layer into our EKS environment.

Lets deploy the following cloudformation template which will deploy an addon - VPC CNI Plugin to our EKS environment,

AWSTemplateFormatVersion: 2010-09-09
Description: Deploy EKS Addons

    Type: AWS::EKS::Addon
      AddonName: vpc-cni
      AddonVersion: v1.7.10-eksbuild.1
      ClusterName: !ImportValue pras-kube-cluster-name ## Replace this with your cluster name
      ResolveConflicts: OVERWRITE
        - Key: created_by
          Value: pras
        - Key: eks_addon
          Value: True

Run the following command to deploy the addon,

aws cloudformation deploy \
    --s3-bucket pras-cloudformation-artifacts-bucket \
    --template-file cloudformation/eks-addons.yaml \
    --stack-name pras-eks-addons \
    --capabilities CAPABILITY_NAMED_IAM \
    --no-fail-on-empty-changeset \
    --tags \
        Name='Kubernetes Cluster Resources - EKS Addons'

Verify that the cloudformation stack created fine, cfn-addon-cni

Verify from the EKS Console that the addon has been successfully deployed, eks-addon

Now that we have pod networking ready, we can go ahead and deploy an EKS managed Nodegroup. Let's look at the cloudformation template below,

AWSTemplateFormatVersion: 2010-09-09
Description: Deploy Managed Kubernetes Resources - Worker Nodes

    Type: AWS::IAM::Role
        Version: 2012-10-17
        - Effect: Allow
          - sts:AssumeRole
        - arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
        - arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly
        - arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy

    Type: AWS::EKS::Nodegroup
      ClusterName: !ImportValue pras-kube-cluster-name
      NodeRole: !GetAtt PrasKubeNodeGroupRole.Arn
        - t3.large
      CapacityType: SPOT
        MinSize: 1
        DesiredSize: 1
        MaxSize: 3
        pras-kube-node-group: True
        app: cool-app
        - Fn::ImportValue: pras-vpc-private-subnet-a-id
        - Fn::ImportValue: pras-vpc-private-subnet-b-id
      Tags: {"created_by": "pras", "purpose": "learning", "eks_role": "node_group"}

The IAM Role is for NodeGroup to perform certain actions like joining the cluster, communicating with the cluster and reading from container registry to deploy containers into pods. Find out more on Node IAM permissions here . I am also making use of SPOT instances as this is my test environment, you surely don't want to use SPOT when running production workloads. Learn more about spot instances here .

Use the following AWS cli command to deploy Node Group via CloudFormation,

aws cloudformation deploy \
        --s3-bucket pras-cloudformation-artifacts-bucket \
        --template-file cloudformation/eks-nodegroup.yaml \
        --stack-name pras-eks-nodegroup \
        --capabilities CAPABILITY_NAMED_IAM \
        --no-fail-on-empty-changeset \
        --tags \
            Name='Kubernetes Cluster Resources - Worker Nodes'

Verify from Cloudformation Console that the stack has been created successfully, cfn-node-group

Verify from EKS Console that the Node Group has been created, eks-node-group

Run kubectl get nodes -o wide to get a list of nodes, kubectl-get-nodes

Click on the node from EKS console to see more information like what pods are currently deployed on the node, resource requirements and so on, node-info

Congratulations, we have successfully deployed a managed EKS Environment on AWS. We first created the cluster resources and the cluster itself, eks addon to support pod networking and finally managed node group as our worker nodes. We are now ready to run applications on the managed EKS environment 🎉

Share this