EKS complete with eksctl / Sprint 2

git clone https://github.com/enschede/eks-demo.git
git checkout tag/sprint2
git submodule update

Sprint 2

Coupling a Service Account to AWS

  • Create a bridge between Kubernetes and AWS security (called IAM)
  • Create a IAM policy
  • Create and link a Kubernetes service account

Using eksctl

  • to associate Kubernetes and IAM
  • to create a service account named aws-load-balancer-controller
  • and to use a well know policy. Yes, eksctl knows and maintains the policy for the load balancer controller. Luckily we don’t have to define the policy ourself 😀.

Adding a load balancer controller

helm repo add eks https://aws.github.io/eks-chartshelm install aws-load-balancer-controller \
eks/aws-load-balancer-controller \
--namespace kube-system \
--set clusterName=eks-demo \
--set serviceAccount.create=false \
--set serviceAccount.name=aws-load-balancer-controller

Creating an Ingress

  • that an internet-facing load balancer has to be used.
  • that all Ingresses with the same group.name can share a load balancer for saving costs.
  • about all the health check parameters.

Retro

Alternative 1; create a service account in the shell

  • Starts the cluster by using the eksctl create cluster command
  • Executes the eksctl utils associate-iam-oidc-provider command to couple Kubernetes and IAM using the internal OIDC.
  • Executes the aws iam create-policy command to create a policy
  • And executes the eksctl create iamserviceaccount to create a service account in Kubernetes and couple it to the policy we just created

Alternative 2; don’t use a well known policy

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store