AWS EKS Fundamentals: Architecture & Components

Learn about Managed EKS and Create EKS Cluster using eksctl

When it comes to set up a production-grade container orchestration to automate deployment, scaling, and management of containerized applications, Kubernetes is your true mate.

I have already covered Kubernetes fundamentals and architectural components in detail in my article given below:

Kubernetes Fundamentals For Absolute Beginners: Architecture & Components

I recommend that you brush up on the K8s concepts if not done yet.

Today we will learn

• What Is AWS EKS & Why You Should Consider It?
• How To Setup EKS?
• How to create a K8S cluster in AWS?
• EKS Core Components

Let’s Get Started:

What Is AWS EKS?

If you want to manage production-grade deployments, start, run, and scale the same on AWS Cloud or on-premises, Amazon’s Elastic Kubernetes services(EKS) can help you achieve the same.

“AWS EKS provides you the cluster which is highly secure and available. It automates key tasks such as patching, node provisioning, and updates”

In a nutshell:

Amazon EKS is a managed service that makes it easy for you to run Kubernetes on AWS without needing to install and operate your own Kubernetes control plane or worker nodes.

Why EKS?

High Availability :

When you set up EKS on AWS, it gives you a control plane that is available across multiple availability zones, if there is an issue with any of the control planes EKS automatically detects and replaces those unhealthy control plane nodes, and provides on-demand, zero downtime upgrades, and patching.

EKS offers a 99.95% uptime SLA. At the same time, the EKS console provides observability of your Kubernetes clusters so you can identify any issue quickly and get it resolved.

Provision Your Resources For Scale:

EKS managed services come pre-configured with the required compute (Server resources)provisioning which is designed to scale your K8S app. You don’t need to manage those configurations manually.

EKS also supports AWS Fargate to automatically provision on-demand serverless compute for your applications.

Highly Secure K8s Environment :

The Clusters deployed using EKS is highly secured and automatically apply the latest security patches to your cluster’s control plane.

What are the EKS Core Components?

An Amazon EKS cluster consists of the following core objects

• EKS control plane
• EKS nodes(Worker Nodes) that are registered with the control plane
• AWS Fargate Profiles
• VPC

Let’s get into the details of each one

fig 1.0

EKS control plane:

This is one of the core functionality which EKS provides as managed service. The control plane act as a master node for our K8S architecture.

The master node is also known as a control plane that is responsible to manage worker/slave nodes efficiently. They interact with the worker node to

• Schedule the pods
• Monitor the worker nodes/Pods
• Start/restart the pods
• Manage the new worker nodes joining the cluster

The control plane runs in an account managed by AWS, and the Kubernetes API is exposed via the Amazon EKS endpoint associated with your cluster. Each Amazon EKS cluster control plane is single-tenant and unique and runs on its own set of Amazon EC2 instances.

Master Node Processes:

Every master node in the K8s cluster runs the following key processes

• kube-apiserver
• kubectl: kube-controller-manager
• kube-scheduler
• etcd

To understand each of the above terms in detail, do refer to my article on K8S architecture

Kubernetes Fundamentals For Absolute Beginners: Architecture & Components

EKS Worker Nodes:

fig 2.0

Amazon EKS hosts worker nodes :

Where all our workloads(pods/deployments/services etc) regarding front-end or backend in the form of YAML files, are deployed and managed. These nodes are a group of EC2 instances provisioned by AWS. Each Amazon EC2 node is deployed to one subnet. Each node is assigned a private IP address from a CIDR block assigned to the subnet.

As a developer or K8s administrator most of the time you will deal with worker nodes, whether you have to deploy your containerized app or you have to autoscale it, or you have to roll out any new app update on your production-grade server, you will often deal with worker nodes.

If the subnets were created using one of the Amazon EKS provided AWS CloudFormation templates, then nodes deployed to public subnets are automatically assigned a public IP address by the subnet.

Worker node can have one or more pods, these pods are your abstraction of a containerized application. Every worker as shown in the fig:2.0 runs these 3 key processes

• Container Runtime
• kubelet
• kube-proxy

If you want to further understand all these worker node components, do refer to my article below:

Kubernetes Fundamentals For Absolute Beginners: Architecture & Components

AWS Fargate Profiles :

Here instead of EC2 nodes, EKS helps us to provision our workloads to be deployed on AWS Fargate (A serverless component). In the case of Fargate, our workloads are deployed to private subnets only.

Each pod is assigned a private IP address from the CIDR block assigned to the subnet. Fargate does not support all pod networking options. For more information, see AWS Fargate considerations.

EKS VPC: Virtual Private Cloud

EKS Virtual Private Cloud (VPC) is used for secure pod(workload) networking. With EKS VPC we can follow a secured networking standard to run production-grade workloads to run within the VPC environment.

In your EKS clusters running in an AWS VPC, it allows you to use your own VPC security groups and network ACLs. No compute resources are shared with other customers. This provides a high level of isolation and helps you use Amazon EKS to build highly secure and reliable applications.

Now that we have understood the basics of all EKS components, its time to learn how to setup EKS on AWS cloud

How Does EKS Works?

Amazon EKS in the cloud:

The above fig 3.0 depicts the architecture for deploying the workloads in the amazon cloud using EKS managed service.

This process covers the following key steps

Provision EKS Cluster, where EKS will automatically deploy the master node for us. This master node will provide the required control plan to manage the networking and resource requirements for our worker nodes

Deploy Workloads:

Once the master node is deployed via EKS, we need to provide worker nodes in our K8s cluster, which is nothing but the group or EC2 instances.

Connect To EKS:

In order to deploy our workloads in the worker nodes, we need to connect to EKS, to do so we rely on Kubectl(CLI), which is used to create and deploy the workloads (YAML files )

Now App can be run in the cluster

Once the workloads are deployed in the worker nodes, it will be up and ready to be exposed outside the cluster via service(via NodePort) or to be consumed within the cluster

Let’s see all this happening in action, to so so we need to first create our EKS cluster

Installing EKS CLuster on AWS Using eksctl

Now if you are interested to get your hands dirty with some cool EKS functionality and features, the very first thing we need to do is to get started with setting up an EKS cluster on AWS using eksctl CLI, so let’s jump into discussing the steps for the same

eksctl is a simple command-line utility for creating and managing Kubernetes clusters on Amazon EKS.

What are the prerequisites?

Before we go on to create our first k8s cluster, we need must install and configure the following tools and resources

• Installing & Configuring AWS CLI
• kubectl – A command-line tool for working with Kubernetes clusters.
• eksctl – A command-line tool for working with EKS clusters that automates many individual tasks.
• Configure IAM permissions — The IAM security principal that you’re using must have permissions to work with Amazon EKS IAM roles and service-linked roles, AWS CloudFormation, and a VPC and related resources.

1. Installing AWS CLI & Configuring IAM user

It is a command-line tool for working with AWS services, including Amazon EKS.

Step1: Download AWS CLI binary

• For the latest version(on macOS):

$ curl “https://awscli.amazonaws.com/AWSCLIV2.pkg" -o “AWSCLIV2.pkg”
$ sudo installer -pkg AWSCLIV2.pkg -target /

• For any specific version of the AWS CLI, append a hyphen and the version number to the filename. For this example the filename for version 2.0.30 would be AWSCLIV2-2.0.30.pkg resulting in the following command:

$ curl "https://awscli.amazonaws.com/AWSCLIV2-2.0.30.pkg" -o "AWSCLIV2.pkg"
$ sudo installer -pkg AWSCLIV2.pkg -target /

Step 2: Verify that AWS CLI is installed

 
$ aws --version 
aws-cli/2.1.29 Python/3.7.4 Darwin/18.7.0 botocore/2.0.0

For any other OS, follow the official AWS link below:

• For Windows:

Installing, updating, and uninstalling the AWS CLI version 2 on Windows

• For Linux:

Installing, updating, and uninstalling the AWS CLI version 2 on Linux

Now that we have successfully installed AWS CLI, it is time to

Configure AWS Command Line using IAM Security Credentials

• Go to AWS Management Console → Services → IAM
• Create & Select the IAM User
• It is highly recommended that you use only IAM users to generate Security Credentials. Never ever use root User
• Click on the Security credentials tab
• Click on Create access key
• Copy Access ID and Secret access key
• Go to the command line and key in the following details

$ aws configure
AWS Access Key ID [None]: ABCDEFGHIAZBERTUCNGG (Replace your access key when prompted)
AWS Secret Access Key [None]: uMe7fumK1IdDB094q2sGFhM5Bqt3HQRw3IHZzBDTm (Replace your secret key when prompted)
Default region name [None]: ap-south-1(you can put your own availability zone here )
Default output format [None]: json

• Check if AWS CLI is working after configuring IAM security cred

$ aws ec2 describe-vpcs

The output will look something like this:(It will vary for you)

2. Installing Kubectl:

I am going to do the kubectl installation on MacOS :

Step1: We need to download the kubectl binary from the preferred eks k8s version(1.21/1.20/1.19/1.18), we will go with the 1.21 version of k8s, to do so, run the following curl command, in the macOS terminal.

We will do all installation step for Kubernetes version 1.21:

$ curl -o kubectl https://amazon-eks.s3-us-west-2.amazonaws.com/1.21.2/2021-07-05/bin/darwin/amd64/kubectl

Step 2: (Optional) Verify the downloaded binary with the SHA-256 sum for your binary.

$ curl -o kubectl.sha256 https://amazon-eks.s3-us-west-2.amazonaws.com/1.21.2/2021-07-05/bin/darwin/amd64/kubectl.sha256

Once the SHA-256 is downloaded,we need to check the SHA-256 sum

$ openssl sha1 -sha256 kubectl

Compare the generated SHA-256 sum in the command output against your downloaded SHA-256 file. The two should match.

Step 3: Apply to execute permissions to the binary.

$ chmod +x ./kubectl

Step 4:

Copy the binary to a folder in your PATH. If you have already installed a version of, then we recommend creating a $HOME/bin/kubectl and ensuring that $HOME/bin comes first in your $PATH.

$ mkdir -p $HOME/bin && cp ./kubectl $HOME/bin/kubectl && export PATH=$HOME/bin:$PATH

Step 5:

Add the $HOME/bin path to your shell initialization file so that it is configured when you open a shell.

$ echo ‘export PATH=$PATH:$HOME/bin’ >> ~/.bash_profile

Step 6:

After you install kubectl, let’s check the Kubectl version

$ kubectl version — short — client

The output will look like shown in the pic below:

That means you have successfully installed Kubectl CLI .

2. Installing or upgrading eksctl:(For macOS)

One of the quickest ways to get started with Amazon EKS and macOS is by installing eksctl with Homebrew.

The eksctl Homebrew recipe installs eksctl and any other dependencies that are required for Amazon EKS, such as kubectl.

Step 1: Install Homebrew if you have done that, we can use the below-given command

$ /bin/bash -c “$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"

Step 2:

Install the Weaveworks Homebrew tap.

$ brew tap weaveworks/tap

Step 3 : Install or upgrade eksctl(if it exists with an older version)

Install eksctl :

$ brew install weaveworks/tap/eksctl

Upgrade eksctl if it already exists with the following command

$ brew upgrade eksctl && brew link --overwrite eksctl

Step 4: Check whether eksctl is installed
(or upgraded) successfully by the following command

$ eksctl version

The output will look like shown in the image below

Note!

If you are installing kubectl and eksctl on any other OS like Linux or windows

Follow the links given below

For kubectl:

Installing kubectl

For eksctl:

The eksctl command line utility

Now that we have set up all the pre-requisite tools required to create our EKS cluster, its time to:

Create EKS cluster:

• We will make use of eksctl CLI to create our EKS cluster with the command as shown below:
• Create a cluster with the Amazon EKS latest Kubernetes version in your default Region. Replace the <example-values> (including <>) with your own values. You can replace <1.20> with any supported version.

$ eksctl create cluster \
 --name Democluster\
 --version <1.21> \
 --without-nodegroup

• Check if the cluster is created:

$ eksctl get cluster

Summing It Up :

We have learned about the key EKS object and how to set up a quick EKS cluster, as this article is going big in length, it will be wise to cover more details about the EKS cluster in Part 2 of

“EKS fundamentals for absolute beginners”

We will cover the following in part 2 :

• How to create EKS managed Node Group?
• How to Create & Associate IAM OIDC Provider for our EKS Cluster?

In order to use the IAM roles we created for the k8s service account on our EKS cluster, we need to create & associate OIDC identity provider.

• We will deploy our first workloads in the form or pod, into our created cluster

So stay tuned and come back later to continue this EKS K8S learning journey with me.

Would like to end this article with this food for thought

Kubernetes has to be at the core of every startup and emerging tech companies who are looking to adopt DevOps in order build the robust backend infrastructure which will be highly scalable, secure, and reliable.