A lot has happened since the last update of EKSctl. A recent blog post by Bob Wise, General Manager of EKS at AWS stated that EKSctl is now “the official CLI for EKS”.
Let’s continue that excitement by bringing you up to speed on the many new features and improvements that the EKSctl development team and community contributors have recently released.
Create an EKS cluster with one command
If you’re new to EKSctl, here is a short overview of what it is and why we created it. Jointly developed by AWS and Weaveworks, EKSctl automates much of the experience of creating EKS clusters. EKSctl is written in Go and makes use of AWS CloudFormation. Here is what happens when you run ‘EKSctl create cluster’:
- Sets up the AWS Identity and Access Management (IAM) Role for the master control plane to connect to EKS.
- Creates the Amazon VPC architecture, and the master control plane.
- Brings up instances, and deploys the ConfigMap so nodes can join the cluster.
- Provides instant access to the cluster with a predefined config file.
More than just a CLI for cluster creation, EKSctl can manage and configure an entire cluster with GitOps. Anyone using Kubernetes in production knows the importance of configuration management. Even though there are multiple ways to solve this problem, many DevOps engineers and SREs using Kubernetes today have adopted GitOps as a way of automating Kubernetes.
What’s New in EKSctl Release 0.2.0?
Since the first release EKSctl in August 2018, there have been many new features and improvements. For easier reading, these new features are grouped into these main areas:
- Virtual Private Cloud (VPC)
- Identity Access Management (IAM)
To make EKSctl even easier to use, EKSctl supports Kubernetes versions 1.11 and greater with 1.13 as the default. This release also deprecates Kubernetes version 1.10 with a more explicit message.
Other new capabilities include support for all EKS regions, as well as the ability to upgrade clusters, and any default add-ons.
|Eksctl supports Kubernetes versions 1.11, 1.12 and 1.13 and deprecates version Kubernetes version 1.10.||#971,#1026, #1049||Getting Started|
|Clusters can now be upgraded with EKSctl.||#1000||Cluster upgrades|
|Ability to update default add-ons during cluster upgrades (coredns, kube-proxy and aws-node)||#608,#692, #878||Cluster upgrades - Updating default add-ons|
|All EKS regions now supported.||#908||Getting Started|
Virtual Private Cloud (VPC) features
More flexible networking options were added to this release of EKSctl. You can now reuse existing VPCs, incorporate public and private subnet topologies or implement a NAT gateway that supports the following options: Highly Available, Single (default) or Disabled.
|Allow reuse of existing VPCs such as those shared by kops.||#42, #277, #279, #283, #293, #305, #308, #310||Use existing VPC: shared with kops|
|Support for both public and private subnet topologies.||Use private subnets for initial nodegroup|
|NAT Gateway support (HA, single or disable)||#694, #392||NAT Gateway|
More control over nodegroup creation, management and access, is added in this release of EKSctl. Also included are improvements to node scalability, instance type choices, networking types, security groups as well as a number of other new capabilities like support for EC2 tags and Kubernetes labels. Find out more from the table below.
|Improved nodegroup management (create, get, scale, delete).||#477, #832, #695, #1010||Managing nodegroups|
|Support for spot instances and mixed instance types.||#794, #1012||Spot instances|
|Support for extra kubelet configuration parameters.||#795, #912||Customizing the kubelet configuration|
|Can now use custom EC2 tags and Kubernetes labels.||#580, #582,#763||Managing nodegroups - update labels|
|Allowance for custom bootstrap logic.||#522||Config file schema|
Creating a nodegroup from a config file
|Support for single-AZ nodegroups.||#435||Managing nodegroups|
Supports either public or private networking.
|#305||Use private subnets for initial nodegroup|
|Can now use existing security groups.||Adding a custom instance role|
|Support for root EBS volume size, type and encryption||#889, #952, #1006|
|More options for SSH access||#657 #673 #713||Using config files|
Identity Access Management (IAM)
More flexible options to manage and set up IAM roles have been added to EKSctl with canned pre-configured policies for some popular add-ons.
|Use custom service role for cluster||#745||Adding a custom instance role|
|Use custom roles or policies for nodegroups||#841, #885||Adding a custom instance role|
|EKSctl now provides canned policies for popular Kubernetes add-ons:||#53,#242,#351,|
|Supported IAM add-on policies|
|Execute CloudFormation actions using a dedicated role.||#330|
Need auditing capabilities? If you’ve been customizing your CloudFormation stacks, you can now make use of CloudTrail to meet governance, compliance, operational auditing, and risk auditing of your entire AWS account.
|CloudTrail can now be used to describe and troubleshoot CloudFormation stacks.||CloudTrail|
Try it for yourself
If you have never used EKSctl and are wondering why it has become popular, there are two fundamental answers:
- It uses a single command to start EKS clusters.
- Configuration management for versioning cluster configuration changes is managed with GitOps.
EKSctl creates a fully functional cluster with a single commands:
$ EKSctl create cluster
With that single command, the proper AWS identity and Access management (IAM) Role is set up for the control plane, the control plane is added to an Amazon VPC for network access control, and a corresponding kubeconfig file is provided. Additional command line options can also attach an EC2 autoscaling group, allowing your cluster to be ready to schedule pods as soon as your application is deployed.
New EKSctl release cadence
Starting with 0.2.0 onwards, any minor releases of EKSctl can be expected every two weeks with patch releases made available as needed. In addition to this, one or more Release Candidate (RC) builds will also be made available prior to each minor release. RC builds are intended for testing purposes only.
Keep up with the EKSctl project on the EKSctl roadmap.
Thanks to the many EKSctl contributors!
Weaveworks team would like to sincerely thank all of you who have contributed to the project, your work is highly appreciated and the project wouldn’t get this far without you!