The workshop provides multiple ways to provision the EKS cluster for the lab exercises, with eksctl being the default. In order for the labs to be compatible with all of the provisioning methods there are certain requirements that need to be met. This document records these requirements.
The following global requirements must be implemented:
- The configuration should be parameterized so that the infrastructure can be installed multiple times in the same AWS account/region
- All infrastructure should be tagged with
created-by: eks-workshop-v2andenv: ${EKS_CLUSTER_NAME}
The VPC for the lab cluster must implement the following:
- The default VPC CIDR should be
10.42.0.0/16 - It should have 3 public subnets and 3 private subnets across different availability zones
- The public subnet CIDR ranges should be
10.42.0.0/19,10.42.32.0/19and10.42.64.0/19 - The private subnet CIDR ranges should be
10.42.96.0/19,10.42.128.0/19and10.42.160.0/19 - The VPC must provide an Internet Gateway and NAT Gateway for internet access from both public and private subnets
- The private subnets must have name that includes the string
Privatein it for lookup purposes - The public subnets should be tagged with
kubernetes.io/role/elb: 1
The EKS cluster for the lab must implement the following:
- It should have both public and private EKS control plane endpoints enabled
- It should have the VPC CNI EKS Managed Addon installed with the following configuration:
{"env":{"ENABLE_PREFIX_DELEGATION":"true", "ENABLE_POD_ENI":"true", "POD_SECURITY_GROUP_ENFORCING_MODE":"standard"}} - It should have a single node group, if possible named
defaultwith the following characteristics:- Desired + Minimum size = 3, Maximum size = 6
- Instance type of
m5.large - Utilizing only the private subnets
- An AMI release version explicitly specified that matches the other implementations
- The label
workshop-default: 'yes'