Skip to main content
Version: 1.2.0

Creating an EKS Kubernetes Cluster

This how-to was written using the following versions:

Prerequisites

Create EKS Kubernetes Cluster

Ensure that you ran aws configure before you proceed with the steps bellow.

eksctl create cluster \
--name <cluster-name> \
--version 1.22 \
--nodegroup-name <node-group-name> \
--node-type <node-size> \
--nodes <node-qty>

Install AWS Load Balancer Controller

The AWS controller is needed to let us interact with AWS ELB service.

Please follow the Official Installation Guide to get it up and running.

Install Cert Manager

helm repo add cert-manager https://charts.jetstack.io
helm repo update
helm install cert-manager --namespace cert-manager --create-namespace jetstack/cert-manager --set installCRDs=true --set extraArgs[0]=--enable-certificate-owner-ref=true

Install Nginx Ingress Controller

Add Helm repo

helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update

Install

Important:

  • controller.service.type: must be 'NodePort' to be able to create AWS Application LoadBalancer.
  • controller.config.use-forwarded-headers: must be set TRUE, if not, you are not be able to run 'epinio app exec' command.
helm upgrade --install nginx ingress-nginx/ingress-nginx --namespace nginx --create-namespace --set controller.service.type=NodePort  --set-string controller.config.use-forwarded-headers="true"

Create Ingress object for Nginx

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-ingress
namespace: nginx
annotations:
alb.ingress.kubernetes.io/healthcheck-path: /healthz
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/ssl-redirect: '443'
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
alb.ingress.kubernetes.io/certificate-arn: <put_your_certificate_arn_here>
alb.ingress.kubernetes.io/wafv2-acl-arn: <put_your_waf_arn_here>
spec:
ingressClassName: alb
rules:
- host: '*.example.com' #Change it to you domain
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: nginx-ingress-nginx-controller
port:
number: 80

After execute 'kubectl apply', AWS will automatically:

  • Provision a new Application LB;
  • Create a Target Group pointing to your nginx-controller POD;
  • Associate the Application LB and Target Group;
  • Associate the Application LB with WAF.

Get the ALB DNS name and create a CNAME dns entry pointing to it:

  • Record name: *.example.com
  • Type: CNAME
  • Value: ALB DNS name

Test it:

nslookup test.example.com

You should get the ALB dns name as an answer

Install Epinio on the Cluster

helm install epinio -n epinio --create-namespace epinio/epinio --set global.domain=example.com --set global.tlsIssuer=letsencrypt-epinio --set ingress.ingressClassName=nginx