Create nodegroup using custom launch template for EKS cluster
Aakash Sai Raj
Posted on November 23, 2024
Creating a managed node group using a launch template in Amazon Elastic Kubernetes Service (EKS) allows you to have more control over the configuration of your worker nodes. Launch templates offer advanced configuration options that aren’t available in the standard EKS managed node groups, such as specifying custom Amazon Machine Images (AMIs), additional EBS volumes, or specific instance metadata options. In this article, I’ll guide you through the process of creating a managed node group with a launch template in EKS.
Step 1: Prerequisites
Before you begin, ensure that you have the following:
An existing EKS cluster: You need a running EKS cluster. If you don’t have one, you can create it using the AWS Management Console, AWS CLI, or using tools like eksctl.
AWS CLI configured: Make sure the AWS CLI is installed and configured on your local machine with the appropriate permissions to create and manage EKS resources.
IAM Roles: Ensure that your EKS cluster has the necessary IAM roles and permissions to manage resources on your behalf.
Step 2: Retrieving details before creating the launch template.
Retrieving EKS optimized AMI: If you wish to use an EKS optimized AMI, then refer to this page to retrieve the latest EKS optimized AMI.
For example, to get the latest EKS optimized AMI for Amazon linux 2 AMI for x86 based instances in eu-west-1 region for EKS cluster of version 1.30 is as follows:
aws ssm get-parameter --name /aws/service/eks/optimized-ami/1.30/amazon-linux-2/recommended/image_id \
--region eu-west-1 --query "Parameter.Value" --output text
Sample output: ami-0f1a6febb470709da
Retrieving cluster details: When creating the launch template, user-data is necessary. The below three AWS CLI commands will be helpful in getting the cluster details. These details will be useful in the next step.
Cluster endpoint:
aws eks describe-cluster --name <cluster-name> --query "cluster.endpoint" --output text --region <region-code>
Certificate Authority:
aws eks describe-cluster --name <cluster-name> --query "cluster.certificateAuthority.data" --output text --region <region-code>
Service IPv4 range:
aws eks describe-cluster --name <cluster-name> --query "cluster.kubernetesNetworkConfig.serviceIpv4Cidr" --output text --region <region-code>
Step 3: Create a Launch Template
A launch template is a resource that contains the configuration information for your EC2 instances. It allows you to define things like AMI IDs, instance types, key pairs, security groups, and more.
- Navigate to the EC2 Dashboard
- Steps to create launch template are as follows:
- In the left-hand navigation pane, select Launch Templates. Click Create launch template.
- Enter a name and description for your launch template.
- Under Launch template content, configure the following settings:
- AMI ID: Specify the Amazon Machine Image (AMI) ID. You can use the EKS optimized AMI, or a custom AMI if needed.
- Instance Type: Choose an instance type that is appropriate for your workloads.
- Key Pair: Select an existing key pair to enable SSH access to your instances (optional).
- Network Settings: Leave this blank since the networking is managed by the EKS cluster.
- Security Groups: You can select a security group here, but it’s better to manage this through the node group configuration.
- Storage: Add any additional EBS volumes if required.
- Navigate to “Advanced details” in the bottom while creating the launch template, and navigate to user data section.
In the below user data, we use certificate authority, cluster endpoint, IPv4 service range which were retrieved in the Step 2 of this article.
The CoreDNS IP would be the 10th IP of the IPv4 range which was also retrieved earlier. For example, if the IPv4 range is “10.100.0.0/16”, then its CoreDNS IP would be “10.100.0.10”.
If the IPv4 range is “172.20.0.0/16”, then its CoreDNS IP would be “172.20.0.10”.
User data required fro AMIs based on Amazon Linux 2:
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="//"
--//
Content-Type: text/x-shellscript; charset="us-ascii"
#!/bin/bash
set -ex
B64_CLUSTER_CA=<certificate-authority>
API_SERVER_URL=<cluster-endpoint>
K8S_CLUSTER_DNS_IP=<coredns-ip>
/etc/eks/bootstrap.sh <cluster-name> \\
--b64-cluster-ca $B64_CLUSTER_CA \\
--apiserver-endpoint $API_SERVER_URL \\
--dns-cluster-ip $K8S_CLUSTER_DNS_IP
--//--
User data required fro AMIs based on Amazon Linux 2023:
--//
Content-Type: application/node.eks.aws
---
apiVersion: node.eks.aws/v1alpha1
kind: NodeConfig
spec:
cluster:
apiServerEndpoint: <cluster-endpoint>
certificateAuthority: <certificate-authority>
cidr: <IPv4-service-range>
name: <cluster-name>
kubelet:
config:
clusterDNS:
- <coredns-ip>
--//--
Step 3: Create an EKS Managed Node Group with the Launch Template
With your launch template ready, you can now create a managed node group in your EKS cluster using this template.
Navigate to the EKS Console, and select your cluster from the list of clusters.
In the navigation pane, select Compute and then click Add Node Group.
Enter a name for your node group.
Select IAM role for EKS nodes. Refer to this documentation which has the list of minimum IAM policies required for the EKS nodegroup role.
Choose the previously created launch template, and its respective version, and click next.
Choose the desired configurations as per your use-case, and click next.
In the next page, you’ll be viewing a “Node group network configuration” section. Here, choose the subnets where you wish to have nodes to be deployed on.
Review all the configurations, and click on create.
Soon (4–5mins), the nodes will join the cluster, and transition into ready state.
That’s it, the nodegroup is now created using a custom launch template.
If the nodegroup creation has failed, be sure to check out this AWS repost article on troubleshooting article.
Thank you for taking the time to read this article! Keep up the great work, and happy deploying! 🚀 😊
Posted on November 23, 2024
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.