Mastering AWS EKS: From Cluster Creation to Istio and GitLab Deployment

Introduction

With the rise of cloud computing, Kubernetes has become the de‑facto standard for container orchestration. Amazon Elastic Kubernetes Service (EKS) offers a managed Kubernetes experience, but newcomers may still face a steep learning curve.

1. EKS Core Concepts and Cluster Creation

Control Plane : Managed by AWS, it maintains cluster state and schedules Pods.

Worker Node : EC2 instances that run application Pods.

Node Group : A set of Worker Nodes sharing the same configuration.

Fargate : Serverless compute engine that runs Pods without managing nodes (not covered here).

Cluster creation tool : eksctl (official AWS CLI for EKS).

eksctl create cluster --name demo-eks --region ap-southeast-1 --version 1.32 --nodegroup-name gitlab --node-type t3.medium --nodes 2 --node-volume-size 50 --node-volume-type gp3

Install awscli, eksctl and kubectl.

Run aws configure to set AWS credentials.

Execute the eksctl create cluster command shown above.

2. Configure kubectl Client

After the cluster is ready, configure kubectl to communicate with it:

aws eks update-kubeconfig --name demo-eks --region ap-southeast-1

This updates ~/.kube/config with the cluster’s authentication data.

Verify connectivity:

kubectl get nodes

3. View Node Resource Usage

Quick view : kubectl top nodes shows CPU and memory per node.

Dashboard : Kubernetes Dashboard provides a web UI (setup omitted).

Production monitoring : Deploy Prometheus + Grafana for comprehensive metrics.

Troubleshooting : SSH into a node and use top, df, etc., to inspect resources.

4. Use Taints and Tolerations to Control Scheduling

Taints : Applied to nodes to repel certain Pods.

Tolerations : Added to Pods to allow them to run on tainted nodes.

Example:

kubectl taint nodes node1 dedicated=special-user:NoSchedule

tolerations:
- key: "dedicated"
  operator: "Equal"
  value: "special-user"
  effect: "NoSchedule"

5. Deploy GitLab on EKS

GitLab provides source control, CI/CD, and project management. The recommended approach is to use the official GitLab Helm chart.

Install Helm.

Add the GitLab Helm repository.

Prepare a customized values.yaml (modify domain, Ingress, TLS, nodeSelector, tolerations, etc.).

Run the Helm install command.

Wait for the deployment to finish and obtain the access URL.

6. Persistent Database Storage with EBS

Use Amazon EBS volumes for PostgreSQL data persistence.

# Enable persistence in the Helm chart
postgresql:
  install: true
  auth:
    postgresPassword: "YOUR_STRONG_POSTGRES_PASSWORD"
    username: "gitlab"
    database: "gitlabhq_production"
  primary:
    persistence:
      enabled: true
      size: 50Gi
      storageClass: gp3

7. Object Storage Considerations

If you do not need LFS objects or build artifacts, you can store everything in the database.

If you need them, enable an object store such as S3 or MinIO for better performance and scalability.

8. Install Istio Service Mesh

Istio adds traffic management, security, and observability to the EKS cluster.

Download and install the istioctl CLI.

Select an Istio profile (e.g., demo).

Run istioctl install to install Istio.

Verify the installation.

Deploy a sample application (e.g., Bookinfo).

Enable automatic sidecar injection.

9. Troubleshoot EKS API Server Access

Problem : API server reachable from the internet but times out from within the VPC.

Root causes : Endpoint Access settings, VPC DNS, security groups, network ACLs, route tables, proxy configuration.

Investigation steps :

Check Endpoint Access configuration.

Inspect VPC DNS settings.

Review security group rules.

Examine network ACLs.

Validate route tables.

Test DNS resolution, network connectivity, and proxy settings from an EC2 worker node.

Resolution ideas :

Fix DNS resolution problems.

Adjust security groups, ACLs, and routing as needed.

Verify IAM permissions and Kubernetes RBAC configuration.

Conclusion

This guide provides a comprehensive introduction to AWS EKS, covering cluster creation, essential tooling, node monitoring, scheduling controls, GitLab deployment with persistent storage, optional object storage, Istio service‑mesh installation, and detailed troubleshooting of API server connectivity. Follow these steps to quickly get a stable, production‑ready container platform on EKS.