Skip to main content
Version: 1.9.0

Creating an EKS Kubernetes Cluster

This how-to was written using the following versions:

*) Additional requirements for EKS v1.23 and v1.24
  • Since EKS v1.23 it is necessary to configure and install an out-of-tree AWS EBS CSI driver as an addon into your EKS cluster. Please refer to this EKS documentation for more details.

  • Since EKS v1.24 it is necessary to explicitly allow the pulling of Epinio's app container images from its internal HTTP registry, due to the removal of dockershim CRI support and its replacement by containerd, which supports only trusted HTTPS registries by default. The following configuration must be done on all EKS nodes prior deploying an Epinio app:

    mkdir -p /etc/containerd/certs.d/127.0.0.1:30500
    cat > /etc/containerd/certs.d/127.0.0.1:30500/hosts.toml <<EOF
    server = "http://127.0.0.1:30500"

    [host."http://127.0.0.1:30500"]
    capabilities = ["pull"]
    EOF

    Instead of doing this manually it should be easier to simply apply this manifest which will do the nodes configuration for you, after editing it to use the correct node count.

Prerequisites

Create EKS Kubernetes Cluster

Ensure that you ran aws configure before you proceed with the steps below.

eksctl create cluster \
--name=<cluster-name> \
--region=us-west-1 \
--nodes=2 \
--node-type=t3.xlarge \
--node-volume-size=40 \
--managed \
--kubeconfig=kubeconfig-eks

Once EKS cluster is deployed try to access the cluster:

export KUBECONFIG=$PWD/kubeconfig-eks
kubectl get nodes

Install Cert Manager

helm repo add cert-manager https://charts.jetstack.io
helm repo update
helm install cert-manager --namespace cert-manager --create-namespace jetstack/cert-manager --set installCRDs=true --set extraArgs={--enable-certificate-owner-ref=true}

Install Nginx Ingress Controller

Add Helm repo

helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update

Install

helm upgrade --install nginx ingress-nginx/ingress-nginx --namespace nginx --create-namespace --set controller.ingressClassResource.default=true

Create a CNAME DNS entry pointing to ELB endpoint

The ELB endpoint is automatically assigned after installing ingress-nginx-controller. For getting the assigned ELB endpoint in your cluster run this command:

kubectl get svc -n nginx nginx-ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].hostname}'
>a113b33f6500241a77dcacc1b62c54eb-1234567890.us-west-1.elb.amazonaws.com

Use that ELB endpoint value when creating the CNAME record for your DNS zone (for eg. in AWS Route53 service):

Record name: *.example.com
Type: CNAME
Value: a113b33f6500241a77dcacc1b62c54eb-1234567890.us-west-1.elb.amazonaws.com

Test it:

nslookup test.example.com

You should get the ELB endpoint value as an answer.

Install Epinio on the Cluster

helm upgrade --install epinio epinio/epinio --namespace epinio --create-namespace --set global.domain=example.com --set global.tlsIssuer=letsencrypt-production --set global.tlsIssuerEmail=email@example.com