A lot has happened since the last update of EKSctl. A recent blog post by Bob Wise, General Manager of EKS at AWS stated that EKSctl is now “the official CLI for EKS”.

Let’s continue that excitement by bringing you up to speed on the many new features and improvements that the EKSctl development team and community contributors have recently released.

Create an EKS cluster with one command

If you’re new to EKSctl, here is a short overview of what it is and why we created it. Jointly developed by AWS and Weaveworks, EKSctl automates much of the experience of creating EKS clusters. EKSctl is written in Go and makes use of AWS CloudFormation. Here is what happens when you run ‘EKSctl create cluster’:

  • Sets up the AWS Identity and Access Management (IAM) Role for the master control plane to connect to EKS.
  • Creates the Amazon VPC architecture, and the master control plane.
  • Brings up instances, and deploys the ConfigMap so nodes can join the cluster.
  • Provides instant access to the cluster with a predefined config file.

More than just a CLI for cluster creation, EKSctl can manage and configure an entire cluster with GitOps. Anyone using Kubernetes in production knows the importance of configuration management. Even though there are multiple ways to solve this problem, many DevOps engineers and SREs using Kubernetes today have adopted GitOps as a way of automating Kubernetes.

What’s New in EKSctl Release 0.2.0?

Since the first release EKSctl in August 2018, there have been many new features and improvements. For easier reading, these new features are grouped into these main areas: 

  • General
  • Virtual Private Cloud (VPC)
  • Nodegroup
  • Identity Access Management (IAM)
  • Utilities

General Features

To make EKSctl even easier to use, EKSctl supports Kubernetes versions 1.11 and greater with 1.13 as the default. This release also deprecates Kubernetes version 1.10 with a more explicit message. 

Other new capabilities include support for all EKS regions, as well as the ability to upgrade clusters, and any default add-ons.

FeatureGitHub IssuesDocs
Eksctl supports Kubernetes versions 1.11, 1.12 and 1.13 and deprecates version Kubernetes version 1.10.#971,#1026, #1049Getting Started
Clusters can now be upgraded with EKSctl.#1000Cluster upgrades
Ability to update default add-ons during cluster upgrades (coredns, kube-proxy and aws-node)#608,#692, #878Cluster upgrades - Updating default add-ons
All EKS regions now supported. #908Getting Started

Virtual Private Cloud (VPC) features

More flexible networking options were added to this release of EKSctl. You can now reuse existing VPCs, incorporate public and private subnet topologies or implement a NAT gateway that supports the following options: Highly Available, Single (default) or Disabled. 

FeatureGitHub IssuesDocs
Allow reuse of existing VPCs such as those shared by kops.#42, #277, #279, #283, #293, #305, #308, #310Use existing VPC: shared with kops
Support for both public and private subnet topologies.


Use private subnets for initial nodegroup
NAT Gateway support (HA, single or disable)#694, #392NAT Gateway

Nodegroup features

More control over nodegroup creation, management and access, is added in this release of EKSctl. Also included are improvements to node scalability, instance type choices, networking types, security groups as well as a number of other new capabilities like support for EC2 tags and Kubernetes labels. Find out more from the table below.

FeatureGitHub IssuesDocs
Improved nodegroup management (create, get, scale, delete).#477, #832, #695, #1010Managing nodegroups
Support for spot instances and mixed instance types.#794, #1012Spot instances
Support for extra kubelet configuration parameters.#795, #912Customizing the kubelet configuration
Can now use custom EC2 tags and Kubernetes labels.#580, #582,#763Managing nodegroups - update labels
Allowance for custom bootstrap logic.#522 Config file schema

Creating a nodegroup from a config file
Support for single-AZ nodegroups.#435 Managing nodegroups

Supports either public or private networking.

#305Use private subnets for initial nodegroup
Can now use existing security groups.Adding a custom instance role
Support for root EBS volume size, type and encryption#889, #952, #1006
More options for SSH access#657 #673 #713Using config files

Identity Access Management (IAM)

More flexible options to manage and set up IAM roles have been added to EKSctl with canned pre-configured policies for some popular add-ons.

FeatureGitHub IssuesDocs
Use custom service role for cluster#745Adding a custom instance role
Use custom roles or policies for nodegroups#841, #885Adding a custom instance role
EKSctl now provides canned policies for popular Kubernetes add-ons:
  • External DNS
  • Cluster Autoscaler
  • Cert Manager
  • ALB Ingress
  • AppMesh & XRay
  • EBS, EFS and xFS CSI
Supported IAM add-on policies
Execute CloudFormation actions using a dedicated role.#330


Need auditing capabilities? If you’ve been customizing your CloudFormation stacks, you can now make use of CloudTrail to meet governance, compliance, operational auditing, and risk auditing of your entire AWS account. 

FeatureGitHub IssuesDocs
CloudTrail can now be used to describe and troubleshoot CloudFormation stacks.CloudTrail

Try it for yourself

If you have never used EKSctl and are wondering why it has become popular, there are two fundamental answers: 

  1. It uses a single command to start EKS clusters. 
  2. Configuration management for versioning cluster configuration changes is managed with GitOps.

EKSctl creates a fully functional cluster with a single commands: 

$ EKSctl create cluster  

With that single command, the proper AWS identity and Access management (IAM) Role is set up for the control plane, the control plane is added to an Amazon VPC for network access control, and a corresponding kubeconfig file is provided. Additional command line options can also attach an EC2 autoscaling group, allowing your cluster to be ready to schedule pods as soon as your application is deployed.

New EKSctl release cadence

Starting with 0.2.0 onwards, any minor releases of EKSctl can be expected every two weeks with patch releases made available as needed. In addition to this, one or more Release Candidate (RC) builds will also be made available prior to each minor release. RC builds are intended for testing purposes only.

Keep up with the EKSctl project on the EKSctl roadmap.

Thanks to the many EKSctl contributors!

Weaveworks team would like to sincerely thank all of you who have contributed to the project, your work is highly appreciated and the project wouldn’t get this far without you!


We have received many very useful contributions from so many of you, some of which came as code, and some as issues and some from Slack participants, (signup) and we'd like to thank all of you!