Creating a Kubernetes Cluster

This section describes how to create a Kubernetes Cluster on Amazon Elastic Kubernetes Service (EKS) using eksctl, which is a command line tool for creating clusters. The Kubernetes cluster is required for both Dynamic and Static-based deployments.

Note: The steps listed in this section for creating a Kubernetes cluster are for reference use. If you have a Kubernetes cluster or want to create a cluster based on custom requirements, then navigate to step 4 to connect your cluster and the Linux instance. However, you must ensure that your ingress port is enabled on the Network Security group of your VPC.

Important: Ensure that the Kubernetes Metrics Server and Cluster Autoscaler are already deployed.

To create a Kubernetes cluster:

  1. Create a key pair for the EC2 instances that will be launched as part of your Kubernetes cluster.

    For more information on creating the key pair, refer to the section Create a key pair for your Amazon EC2 instance in the Amazon EC2 documentation.

    After the key pair is created, you need to specify the key pair name in the publicKeyName field of the createCluster.yaml file, for creating a Kubernetes cluster.

  2. Log in to the Linux instance and create a file named createCluster.yaml to specify the configurations for creating the Kubernetes cluster.

    The following snippet displays the contents of the createCluster.yaml file.

    apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
  name: <Name of your Kubernetes cluster>
  region: <Region where you want to deploy your Kubernetes cluster>
  version: "<Kubernetes version>"
vpc:
  id: "<ID of the VPC where you want to deploy the Kubernetes cluster>"
  subnets: #In this section specify the subnet region and subnet id accordingly
    private:
      <Availability zone for the region where you want to deploy your Kubernetes cluster>:
          id: "<Subnet ID>"
      <Availability zone for the region where you want to deploy your Kubernetes cluster>
          id: "<Subnet ID>"
nodeGroups:
  - name: <Name of your Node Group>
    instanceType: m5.large
    minSize: 1
    maxSize: 3
    tags:
      k8s.io/cluster-autoscaler/enabled: "true"
      k8s.io/cluster-autoscaler/<Name of your Kubernetes cluster>: "owned"
    privateNetworking: true
    securityGroups:
      withShared: true
      withLocal: true
      attachIDs: ['<Security group linked to your VPC>']
    ssh:
      publicKeyName: '<EC2 keypair>'
    iam:
      attachPolicyARNs:
        - "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
      withAddonPolicies:
        autoScaler: true

    Important: If you want to copy the contents of the createCluster.yaml file, then ensure that you indent the file as per YAML requirements.

    For more information about the sample configuration file used to create a Kubernetes cluster, refer to the section Create cluster using config file in the eksctl documentation.

    In the ssh/publicKeyName parameter, you must specify the value of the key pair that you have created in step 1.

    In the iam/attachPolicyARNs parameter, you must specify the following policy ARNs:

    • ARN of the AmazonEKS_CNI_Policy policy - This is a default AWS policy that enables the Amazon VPC CNI Plugin to modify the IP address configuration on your EKS nodes.

      For more information about this policy, refer to the AWS documentation.

      You need to sign in to your AWS account to access the AWS documentation for this policy.

    The content snippet displays the reference configuration required to create a Kubernetes cluster using a private VPC. If you want to use a different configuration for creating your Kubernetes cluster, then you need to refer to the section Creating and managing clusters in the eksctl documentation.

    For more information about creating a configuration file to create a Kubernetes cluster, refer to the section Creating and managing clusters in the eksctl documentation.

  3. Run the following command to create a Kubernetes cluster.

    eksctl create cluster -f ./createCluster.yaml

    Important: IAM User 1, who creates the Kubernetes cluster, is automatically assigned the cluster-admin role in Kubernetes.

  1. Run the following command to connect your Linux instance to the Kubernetes cluster.

    aws eks update-kubeconfig --name <Name of Kubernetes cluster>

  2. Validate whether the cluster is up by running the following command.

    kubectl get nodes

    The command lists the Kubernetes nodes available in your cluster.

  3. Deploy the Cluster Autoscaler component to enable the autoscaling of nodes in the EKS cluster.

    This step is required only if the Cluster Autoscaler component is not installed.

    For more information about deploying the Cluster Autoscaler, refer to the section Deploy the Cluster Autoscaler in the Amazon EKS documentation.

  4. Install the Metrics Server to enable the horizontal autoscaling of pods in the Kubernetes cluster.

    This step is required only if the Metric Server is not installed.

    For more information about installing the Metrics Server, refer to the section Horizontal Pod Autoscaler in the Amazon EKS documentation.

    After you have created the Kubernetes cluster, you can deploy the Application Protector Java Container using dynamic or static mode of deployment.

  5. Run following commands to tag the cluster subnets to ensure that the Elastic load balancer can discover them.

    • aws ec2 create-tags --tags Key=kubernetes.io/cluster/<Cluster Name>,Value=shared --resources <Subnet ID>
    • aws ec2 create-tags --tags Key=kubernetes.io/role/internal-elb,Value=1 --resources <Subnet ID>
    • aws ec2 create-tags --tags Key=kubernetes.io/role/elb,Value=1 --resources <Subnet ID>


    Repeat this step for all the cluster subnets.


Last modified : December 18, 2025