Create EKS Cluster & Node Groups¶
Step-00: Introduction¶
- Understand about EKS Core Objects
- Control Plane
- Worker Nodes & Node Groups
- Fargate Profiles
- VPC
- Create EKS Cluster
- Associate EKS Cluster to IAM OIDC Provider
- Create EKS Node Groups
- Verify Cluster, Node Groups, EC2 Instances, IAM Policies and Node Groups
Step-01: Create EKS Cluster using eksctl¶
- It will take 15 to 20 minutes to create the Cluster Control Plane
Step-02: Create & Associate IAM OIDC Provider for our EKS Cluster¶
- To enable and use AWS IAM roles for Kubernetes service accounts on our EKS cluster, we must create & associate OIDC identity provider.
- To do so using
eksctlwe can use the below command. - Use latest eksctl version (as on today the latest version is
0.21.0)
Step-03: Create EC2 Keypair¶
- Create a new EC2 Keypair with name as
kube-demo - This keypair we will use it when creating the EKS NodeGroup.
- This will help us to login to the EKS Worker Nodes using Terminal.
Step-04: Create Node Group with additional Add-Ons in Public Subnets¶
- These add-ons will create the respective IAM policies for us automatically within our Node Group role.
# Create Public Node Group
eksctl create nodegroup --cluster=eksdemo1 \
--region=us-east-1 \
--name=eksdemo1-ng-public1 \
--node-type=t3.medium \
--nodes=2 \
--nodes-min=2 \
--nodes-max=4 \
--node-volume-size=20 \
--ssh-access \
--ssh-public-key=kube-demo \
--managed \
--asg-access \
--external-dns-access \
--full-ecr-access \
--appmesh-access \
--alb-ingress-access
AWS EKS - Elastic Kubernetes Service - Masterclass¶
Step-05: Verify Cluster & Nodes¶
Verify NodeGroup subnets to confirm EC2 Instances are in Public Subnet¶
- Verify the node group subnet to ensure it created in public subnets
- Go to Services -> EKS -> eksdemo -> eksdemo1-ng1-public
- Click on Associated subnet in Details tab
- Click on Route Table Tab.
- We should see that internet route via Internet Gateway (0.0.0.0/0 -> igw-xxxxxxxx)
Verify Cluster, NodeGroup in EKS Management Console¶
- Go to Services -> Elastic Kubernetes Service -> eksdemo1
List Worker Nodes¶
# List EKS clusters
eksctl get cluster
# List NodeGroups in a cluster
eksctl get nodegroup --cluster=<clusterName>
# List Nodes in current kubernetes cluster
kubectl get nodes -o wide
# Our kubectl context should be automatically changed to new cluster
kubectl config view --minify
Verify Worker Node IAM Role and list of Policies¶
- Go to Services -> EC2 -> Worker Nodes
- Click on IAM Role associated to EC2 Worker Nodes
Verify Security Group Associated to Worker Nodes¶
- Go to Services -> EC2 -> Worker Nodes
- Click on Security Group associated to EC2 Instance which contains
remotein the name.
Verify CloudFormation Stacks¶
- Verify Control Plane Stack & Events
- Verify NodeGroup Stack & Events
Login to Worker Node using Keypai kube-demo¶
- Login to worker node
Step-06: Update Worker Nodes Security Group to allow all traffic¶
- We need to allow
All Trafficon worker node security group
Additional References¶
- https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html
- https://docs.aws.amazon.com/eks/latest/userguide/create-service-account-iam-policy-and-role.html
🎉 New Course
Ultimate DevOps Real-World Project Implementation on AWS
$15.99
$84.99
81% OFF
APRIL2026
Enroll Now on Udemy
🎉 Offer