Configuring the Elastic Kubernetes Service

Amazon Elastic Kubernetes Service (Amazon EKS) is a fully-managed Kubernetes service control plane. In this section you will set up your EKS cluster.

  1. Using the Find Services search tool, locate and browse to the EKS Dashboard.
  2. Click Create Cluster.

 

 

  1. On the Configure Cluster page, specify values for the following:
    1. Name: Cluster name. Use the same value you passed in your resources creation request to your AWS infrastructure administrators, and recorded in the AWS worksheet. For example, srgdemo-cluster.
    1. Kubernetes version:
    2. To determine the Kubernetes version to use when deploying the ArcSight Platform to AWS, check the Hybrid Cloud Support page of the Technical Requirements for ArcSight Platform 23.3.
    1. Cluster Service Role: Select the role specified for cluster management.
    2. Tags: Tags are optional, but you might add tags to identify the cluster.

     

     

  2. Click Next.
  3. On the Specify Networking page, specify values for the following:
    1. VPC: Select your VPC from the dropdown.
    2. Subnets: Ensure only your private subnets are selected from the dropdown (subnet names are recorded in the AWS worksheet).
    3. Security groups: Add the Intra VPC security group named in the AWS worksheet.
    4. Cluster endpoint access: Select Private to keep the cluster isolated.

     

     

  4. On the Configure Logging page, leave all values at default settings, then click Next.

 

 

  1. On the Review and Create page, check all settings for accuracy and then click Create. The cluster details are displayed.

 

 

The creation process usually takes approximately 20 minutes and the status will change to Active when complete. Click Refresh to refresh the creation status display.

  1. Run the following command:
    aws eks create-cluster \
    --name <Cluster Name> \
    --role-arn <EKS role ARN> \
    --resources-vpc-config subnetIds=<private subnet Ids>,endpointPublicAccess=false,endpointPrivateAccess=true,securityGroupIds=<Intra VPC Security group Id> \
    --kubernetes-version <Kubernetes version>

Where:

<Cluster Name>: Use the same value you passed in your resources creation request to your AWS infrastructure administrators; check the AWS worksheet for the value.

<EKS role>: The IAM role ARN created by your AWS infrastructure administrators; check the AWS worksheet for the value.

<private subnet Ids>: Comma-separated IDs of private subnets created together with the VPC; these values are recored in the AWS worksheet.

<Intra VPC Security group Id>: The ID of the previously created security group.

The value for resources-vpc-config cannot contain spaces; it must be one string.
NOTE: Ensure that the Kubernetes version is the same as the version used when creating the worker nodes

<Kubernetes version>: Use the value from the AWS worksheet.

  1. Record the ARN value in your AWS worksheet.

Example input and output:

aws eks create-cluster \
--name srgdemo-cluster \
--role-arn arn:aws:iam::115370811111:role/srgdemo-eks-svc-role \
--resources-vpc-config subnetIds=subnet-0fb2ebb5882c061f0,subnet-0f0cac4ec6837abed,subnet-0abd7cd806e04c7be,\
endpointPublicAccess=false,endpointPrivateAccess=true,securityGroupIds=sg-09bdc5ca75e5ae8f8 \
--kubernetes-version 1.26
{
   "cluster":{
      "name":"srgdemo-cluster",
      "arn":"arn:aws:eks:eu-central-1:115370811111:cluster/srgdemo-cluster",
      "createdAt":1589877429.005,
      "version":"1.15",
      "roleArn":"arn:aws:iam::115370811111:role/srgdemo-eks-svc-role",
      "resourcesVpcConfig":{
         "subnetIds":[
            "subnet-0fb2ebb5882c061f0",
            "subnet-0f0cac4ec6837abed",
            "subnet-0abd7cd806e04c7be"
         ],
         "securityGroupIds":[
            "sg-09bdc5ca75e5ae8f8"
         ],
         "vpcId":"vpc-0143197ca9bd9c117",
         "endpointPublicAccess":false,
         "endpointPrivateAccess":true,
         "publicAccessCidrs":[
            
         ]
      },
      "logging":{
         "clusterLogging":[
            {
               "types":[
                  "api",
                  "audit",
                  "authenticator",
                  "controllerManager",
                  "scheduler"
               ],
               "enabled":false
            }
         ]
      },
      "status":"CREATING",
      "certificateAuthority":{
         
      },
      "platformVersion":"eks.2",
      "tags":{
         
      }
   }
}

Cluster creation usually takes approximately 20 minutes. Check the cluster status by running the command:

aws eks describe-cluster \
--name <Cluster Name> \
| jq '.cluster.status'

The output immediately after creation should state CREATING. Repeat the command until the output changes to ACTIVE.

A newly created EKS might take up to 20 minutes to become ACTIVE.

Example: 

aws eks describe-cluster \
--name srgdemo-cluster \
| jq '.cluster.status'

Next Steps: Configure kubectl