docs.aws.amazon.com
Open in
urlscan Pro
13.35.58.2
Public Scan
URL:
https://docs.aws.amazon.com/eks/latest/userguide/getting-started-eksctl.html
Submission: On October 07 via api from US — Scanned from DE
Submission: On October 07 via api from US — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
SELECT YOUR COOKIE PREFERENCES
We use essential cookies and similar tools that are necessary to provide our
site and services. We use performance cookies to collect anonymous statistics so
we can understand how customers use our site and make improvements. Essential
cookies cannot be deactivated, but you can click “Customize cookies” to decline
performance cookies.
If you agree, AWS and approved third parties will also use cookies to provide
useful site features, remember your preferences, and display relevant content,
including relevant advertising. To continue without accepting these cookies,
click “Continue without accepting.” To make more detailed choices or learn more,
click “Customize cookies.”
Accept all cookiesContinue without acceptingCustomize cookies
CUSTOMIZE COOKIE PREFERENCES
We use cookies and similar tools (collectively, "cookies") for the following
purposes.
ESSENTIAL
Essential cookies are necessary to provide our site and services and cannot be
deactivated. They are usually set in response to your actions on the site, such
as setting your privacy preferences, signing in, or filling in forms.
PERFORMANCE
Performance cookies provide anonymous statistics about how customers navigate
our site so we can improve site experience and performance. Approved third
parties may perform analytics on our behalf, but they cannot use the data for
their own purposes.
Allow performance category
Allowed
FUNCTIONAL
Functional cookies help us provide useful site features, remember your
preferences, and display relevant content. Approved third parties may set these
cookies to provide certain site features. If you do not allow these cookies,
then some or all of these services may not function properly.
Allow functional category
Allowed
ADVERTISING
Advertising cookies may be set through our site by us or our advertising
partners and help us deliver relevant marketing content. If you do not allow
these cookies, you will experience less relevant advertising.
Allow advertising category
Allowed
Blocking some types of cookies may impact your experience of our sites. You may
review and change your choices at any time by clicking Cookie preferences in the
footer of this site. We and selected third-parties use cookies or similar
technologies as specified in the AWS Cookie Notice.
CancelSave preferences
UNABLE TO SAVE COOKIE PREFERENCES
We will only store essential cookies at this time, because we were unable to
save your cookie preferences.
If you want to change your cookie preferences, try again later using the link in
the AWS console footer, or contact support if the problem persists.
Dismiss
Contact Us
English
Create an AWS Account
1. AWS
2. ...
3. Documentation
4. Amazon EKS
5. User Guide
Feedback
Preferences
AMAZON EKS
USER GUIDE
* What is Amazon EKS?
* Common use cases
* Architecture
* Kubernetes concepts
* Deployment options
* Set up
* Set up AWS CLI
* Set up kubectl and eksctl
* Quickstart
* Get started
* Create your first cluster – eksctl
* Create your first cluster – AWS Management Console
* Learn Amazon EKS
* Clusters
* Create a cluster
* Cluster insights
* Updating Kubernetes version
* Delete a cluster
* Configure endpoint access
* Enable Windows support
* Disable Windows support
* Private clusters
* Kubernetes versions
* Standard support versions
* Extended support versions
* View support period
* View upgrade policy
* Enable extended support
* Disable extended support
* Platform versions
* Autoscaling
* Manage access
* Grant access to Kubernetes APIs
* Grant permissions with access entries
* Change authentication mode
* Create access entries
* Update access entries
* Delete access entries
* Associate access policies
* Migrate to access entries
* Update aws-auth ConfigMap
* Link external OIDC provider
* Unlink OIDC provider
* Access cluster resources with console
* Access cluster with kubectl
* Grant workloads access to AWS
* Pod Identity
* How EKS Pod Identity works
* Set up the EKS Pod Identity Agent
* Assign role to service account
* Assign service account to pod
* Use attribute-based access control (ABAC)
* Supported SDKs
* Disable IPv6
* EKS Pod Identity role
* IAM roles for service accounts
* Create IAM OIDC provider
* Assign IAM role to service account
* Assign service account to pod
* Use regional AWS STS endpoints
* Authenticate to another account
* Supported SDKs
* Fetch signing keys
* Manage compute
* Managed node groups
* Create
* Capacity Blocks for ML
* Update
* Behavior details
* Node taints
* Launch templates
* Delete
* Self-managed nodes
* Amazon Linux
* Capacity Blocks for ML
* Bottlerocket
* Windows
* Ubuntu Linux
* Update methods
* Migration
* AWS CloudFormation stack
* AWS Fargate
* Get started
* Define profiles
* Delete a Fargate profile
* Pod configuration details
* OS patching events
* Collect metrics
* Logging
* Amazon EC2 instance types
* Pre-built optimized AMIs
* Dockershim deprecation
* Amazon Linux
* Upgrade from AL2 to AL2023
* Get version information
* Get latest IDs
* Custom builds
* Video transcoding
* Deep learning
* Bottlerocket
* Get version information
* Get latest IDs
* Compliance support
* Ubuntu Linux
* Windows
* Create Windows Server 2022 nodes
* Get version information
* Get latest IDs
* Custom builds
* Store app data
* Amazon EBS
* EBS CSI migration FAQ
* Amazon EFS
* Amazon FSx for Lustre
* Amazon FSx for NetApp ONTAP
* Amazon FSx for OpenZFS
* Amazon File Cache
* Mountpoint for Amazon S3
* CSI snapshot controller
* Configure networking
* VPC and subnet requirements
* Create a VPC
* Security group requirements
* Manage networking add-ons
* Amazon VPC CNI
* Creating the Amazon VPC CNI plugin for Kubernetes Amazon EKS add-on
* Updating the Amazon VPC CNI plugin for Kubernetes Amazon EKS add-on
* Updating the self-managed Amazon EKS add-on
* Configure VPC CNI for IRSA
* Pod networking features
* IPv6 in clusters, Pods, and services
* Deploying an Amazon EKS IPv6 cluster and managed Amazon Linux
nodes
* Outbound traffic
* Kubernetes network policies
* Restrict Pod network traffic with Kubernetes network policies
* Disable Kubernetes network policies for Amazon EKS Pod network
traffic
* Troubleshooting
* Stars policy demo
* Custom networking
* Customizing Amazon EKS networking
* Increase available IP addresses
* Increase the available IP addresses for your Amazon EKS node
* Security groups for Pods
* Configure Amazon VPC CNI plugin for Kubernetes plugin
* Use a security group policy for a Pod
* Attach multiple network interfaces to Pods with Multus
* Alternate CNI plugins
* AWS Load Balancer Controller
* Install with Helm
* Install with Manifests
* Migrate from a deprecated controller
* CoreDNS
* Create the CoreDNS Amazon EKS add-on
* Update the CoreDNS Amazon EKS add-on
* Update the CoreDNS Amazon EKS self-managed add-on
* Scale CoreDNSPods for high DNS traffic
* Monitor Kubernetes DNS resolution with CoreDNS metrics
* kube-proxy
* Update the Kubernetes kube-proxy self-managed add-on
* Workloads
* Sample application deployment
* Vertical Pod Autoscaler
* Horizontal Pod Autoscaler
* Network load balancing
* Application load balancing
* Restrict service external IP address assignment
* Copy an image to a repository
* View Amazon container image registries for Amazon EKS add-ons
* Amazon EKS add-ons
* Available Amazon EKS add-ons from AWS
* Additional Amazon EKS add-ons from independent software vendors
* Creating an add-on
* Updating an add-on
* Verifying add-on version compatibility with a cluster
* Removing an add-on from a cluster
* Kubernetes field management
* IAM roles for add-ons
* Retrieve IAM information about an Amazon EKS add-on
* Use Pod Identities to assign an IAM role to an add-on
* Remove Pod Identity associations from an Amazon EKS add-on
* Troubleshoot Pod Identities for EKS add-ons
* Verify container images
* Machine learning training
* Machine learning inference
* Cluster management
* Cost monitoring
* AWS Billing
* Install Kubecost
* Learn about Kubecost
* Metrics server
* Deploy apps with Helm
* Tagging your resources
* Service quotas
* Security
* Analyze vulnerabilities
* Validate compliance
* Considerations for Amazon EKS
* Infrastructure security
* AWS PrivateLink for Amazon EKS
* Resilience
* Considerations for Kubernetes
* Certificate signing
* Default Kubernetes roles and users
* Legacy default pod security policy
* Migrate from legacy PSP
* Enable secret encryption
* Manage Kubernetes secrets with AWS Secrets Manager
* Security best practices
* IAM Reference
* How Amazon EKS works with IAM
* Identity-based policy examples
* Using service-linked roles
* Amazon EKS cluster role
* Amazon EKS node groups role
* Amazon EKS Fargate profile role
* Amazon EKS cluster connector role
* Amazon EKS local cluster role
* Cluster IAM role
* Node IAM role
* Pod execution IAM role
* Connector IAM role
* AWS managed policies
* Troubleshooting
* Monitor clusters
* Prometheus metrics
* Deploy Prometheus using Helm
* Control plane
* Amazon CloudWatch
* Control plane logs
* AWS CloudTrail
* References
* Log file entries
* Auto Scaling group metrics
* ADOT Operator
* Working with other services
* Create Amazon EKS resources with AWS CloudFormation
* Train and serve TensorFlow models on EKS with Deep Learning Containers
* Analyze security events on EKS with Amazon Detective
* Detect threats with Amazon GuardDuty
* Assess EKS cluster resiliency with AWS Resilience Hub
* Centralize and analyze EKS security data with Security Lake
* Enable secure cross-cluster connectivity with Amazon VPC Lattice
* Launch low-latency EKS clusters with AWS Local Zones
* Troubleshooting
* Amazon EKS Connector
* Connect a cluster
* Grant access to Kubernetes clusters from AWS console
* Deregister a cluster
* Troubleshoot Amazon EKS Connector
* Frequently asked questions
* Security considerations
* Amazon EKS on AWS Outposts
* Run local clusters
* Deploy a local cluster
* Learn Kubernetes platform versions
* Create a VPC and subnets
* Prepare for network disconnects
* Capacity considerations
* Troubleshoot clusters
* Nodes
* Projects related to Amazon EKS
* New features and roadmap
* Document history
Get started with Amazon EKS – eksctl - Amazon EKS
AWSDocumentationAmazon EKSUser Guide
PrerequisitesStep 1: Create cluster and nodesStep 2: View Kubernetes
resourcesStep 3: Delete cluster and nodesNext steps
Help improve this page
Want to contribute to this user guide? Scroll to the bottom of this page and
select Edit this page on GitHub. Your contributions will help make our user
guide better for everyone.
Help improve this page
Want to contribute to this user guide? Scroll to the bottom of this page and
select Edit this page on GitHub. Your contributions will help make our user
guide better for everyone.
GET STARTED WITH AMAZON EKS – EKSCTL
PDFRSS
This guide helps you to create all of the required resources to get started with
Amazon Elastic Kubernetes Service (Amazon EKS) using eksctl, a simple command
line utility for creating and managing Kubernetes clusters on Amazon EKS. At the
end of this tutorial, you will have a running Amazon EKS cluster that you can
deploy applications to.
The procedures in this guide create several resources for you automatically that
you have to create manually when you create your cluster using the AWS
Management Console. If you'd rather manually create most of the resources to
better understand how they interact with each other, then use the AWS Management
Console to create your cluster and compute. For more information, see Get
started with Amazon EKS – AWS Management Console and AWS CLI.
PREREQUISITES
Before starting this tutorial, you must install and configure the AWS CLI,
kubectl, and eksctl tools as described in Set up to use Amazon EKS.
STEP 1: CREATE YOUR AMAZON EKS CLUSTER AND NODES
IMPORTANT
To get started as simply and quickly as possible, this topic includes steps to
create a cluster and nodes with default settings. Before creating a cluster and
nodes for production use, we recommend that you familiarize yourself with all
settings and deploy a cluster and nodes with the settings that meet your
requirements. For more information, see Create an Amazon EKS cluster and Manage
compute resources by using nodes. Some settings can only be enabled when
creating your cluster and nodes.
You can create a cluster with one of the following node types. To learn more
about each type, see Manage compute resources by using nodes. After your cluster
is deployed, you can add other node types.
* Fargate – Linux – Select this type of node if you want to run Linux
applications on AWS Fargate. Fargate is a serverless compute engine that lets
you deploy Kubernetes Pods without managing Amazon EC2 instances.
* Managed nodes – Linux – Select this type of node if you want to run Amazon
Linux applications on Amazon EC2 instances. Though not covered in this guide,
you can also add Windows self-managed and Bottlerocket nodes to your cluster.
Create your Amazon EKS cluster with the following command. You can replace
my-cluster with your own value. The name can contain only alphanumeric
characters (case-sensitive) and hyphens. It must start with an alphanumeric
character and can't be longer than 100 characters. The name must be unique
within the AWS Region and AWS account that you're creating the cluster in.
Replace region-code with any AWS Region that is supported by Amazon EKS. For a
list of AWS Regions, see Amazon EKS endpoints and quotas in the AWS General
Reference guide.
Fargate – Linux
eksctl create cluster --name my-cluster --region region-code --fargate
Managed nodes – Linux
eksctl create cluster --name my-cluster --region region-code
anchoranchor
* Fargate – Linux
* Managed nodes – Linux
eksctl create cluster --name my-cluster --region region-code --fargate
Cluster creation takes several minutes. During creation you'll see several lines
of output. The last line of output is similar to the following example line.
[...]
[✓] EKS cluster "my-cluster" in "region-code" region is ready
eksctl created a kubectl config file in ~/.kube or added the new cluster's
configuration within an existing config file in ~/.kube on your computer.
After cluster creation is complete, view the AWS CloudFormation stack named
eksctl-my-cluster-cluster in the AWS CloudFormation console at
https://console.aws.amazon.com/cloudformation to see all of the resources that
were created.
STEP 2: VIEW KUBERNETES RESOURCES
1. View your cluster nodes.
kubectl get nodes -o wide
An example output is as follows.
Fargate – Linux
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
fargate-ip-192-0-2-0.region-code.compute.internal Ready <none> 8m3s v1.2.3-eks-1234567 192.0.2.0 <none> Amazon Linux 2 1.23.456-789.012.amzn2.x86_64 containerd://1.2.3
fargate-ip-192-0-2-1.region-code.compute.internal Ready <none> 7m30s v1.2.3-eks-1234567 192-0-2-1 <none> Amazon Linux 2 1.23.456-789.012.amzn2.x86_64 containerd://1.2.3
Managed nodes – Linux
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
ip-192-0-2-0.region-code.compute.internal Ready <none> 6m7s v1.2.3-eks-1234567 192.0.2.0 192.0.2.2 Amazon Linux 2 1.23.456-789.012.amzn2.x86_64 containerd://1.2.3
ip-192-0-2-1.region-code.compute.internal Ready <none> 6m4s v1.2.3-eks-1234567 192.0.2.1 192.0.2.3 Amazon Linux 2 1.23.456-789.012.amzn2.x86_64 containerd://1.2.3
anchoranchor
* Fargate – Linux
* Managed nodes – Linux
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
fargate-ip-192-0-2-0.region-code.compute.internal Ready <none> 8m3s v1.2.3-eks-1234567 192.0.2.0 <none> Amazon Linux 2 1.23.456-789.012.amzn2.x86_64 containerd://1.2.3
fargate-ip-192-0-2-1.region-code.compute.internal Ready <none> 7m30s v1.2.3-eks-1234567 192-0-2-1 <none> Amazon Linux 2 1.23.456-789.012.amzn2.x86_64 containerd://1.2.3
For more information about what you see in the output, see View Kubernetes
resources in the AWS Management Console.
2. View the workloads running on your cluster.
kubectl get pods -A -o wide
An example output is as follows.
Fargate – Linux
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
kube-system coredns-1234567890-abcde 1/1 Running 0 18m 192.0.2.0 fargate-ip-192-0-2-0.region-code.compute.internal <none> <none>
kube-system coredns-1234567890-12345 1/1 Running 0 18m 192.0.2.1 fargate-ip-192-0-2-1.region-code.compute.internal <none> <none>
Managed nodes – Linux
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
kube-system aws-node-12345 1/1 Running 0 7m43s 192.0.2.1 ip-192-0-2-1.region-code.compute.internal <none> <none>
kube-system aws-node-67890 1/1 Running 0 7m46s 192.0.2.0 ip-192-0-2-0.region-code.compute.internal <none> <none>
kube-system coredns-1234567890-abcde 1/1 Running 0 14m 192.0.2.3 ip-192-0-2-3.region-code.compute.internal <none> <none>
kube-system coredns-1234567890-12345 1/1 Running 0 14m 192.0.2.4 ip-192-0-2-4.region-code.compute.internal <none> <none>
kube-system kube-proxy-12345 1/1 Running 0 7m46s 192.0.2.0 ip-192-0-2-0.region-code.compute.internal <none> <none>
kube-system kube-proxy-67890 1/1 Running 0 7m43s 192.0.2.1 ip-192-0-2-1.region-code.compute.internal <none> <none>
anchoranchor
* Fargate – Linux
* Managed nodes – Linux
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
kube-system coredns-1234567890-abcde 1/1 Running 0 18m 192.0.2.0 fargate-ip-192-0-2-0.region-code.compute.internal <none> <none>
kube-system coredns-1234567890-12345 1/1 Running 0 18m 192.0.2.1 fargate-ip-192-0-2-1.region-code.compute.internal <none> <none>
For more information about what you see in the output, see View Kubernetes
resources in the AWS Management Console.
STEP 3: DELETE YOUR CLUSTER AND NODES
After you've finished with the cluster and nodes that you created for this
tutorial, you should clean up by deleting the cluster and nodes with the
following command. If you want to do more with this cluster before you clean up,
see Next steps.
eksctl delete cluster --name my-cluster --region region-code
NEXT STEPS
The following documentation topics help you to extend the functionality of your
cluster.
* Deploy a sample application to your cluster.
* The IAM principal that created the cluster is the only principal that can
make calls to the Kubernetes API server with kubectl or the AWS Management
Console. If you want other IAM principals to have access to your cluster,
then you need to add them. For more information, see Grant IAM users and
roles access to Kubernetes APIs and Required permissions.
* Before deploying a cluster for production use, we recommend familiarizing
yourself with all of the settings for clusters and nodes. Some settings (such
as enabling SSH access to Amazon EC2 nodes) must be made when the cluster is
created.
* To increase security for your cluster, configure the Amazon VPC Container
Networking Interface plugin to use IAM roles for service accounts.
Javascript is disabled or is unavailable in your browser.
To use the Amazon Web Services Documentation, Javascript must be enabled. Please
refer to your browser's Help pages for instructions.
Document Conventions
Get started
Create your first cluster – AWS Management Console
Did this page help you? - Yes
Thanks for letting us know we're doing a good job!
If you've got a moment, please tell us what we did right so we can do more of
it.
Did this page help you? - No
Thanks for letting us know this page needs work. We're sorry we let you down.
If you've got a moment, please tell us how we can make the documentation better.
DID THIS PAGE HELP YOU?
Yes
No
Provide feedback
Edit this page on GitHub
NEXT TOPIC:
Create your first cluster – AWS Management Console
PREVIOUS TOPIC:
Get started
NEED HELP?
* Try AWS re:Post
* Connect with an AWS IQ expert
PrivacySite termsCookie preferences
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
ON THIS PAGE
* Prerequisites
* Step 1: Create cluster and nodes
* Step 2: View Kubernetes resources
* Step 3: Delete cluster and nodes
* Next steps