Help improve this page
To contribute to this user guide, choose the Edit this page on GitHub link that is located in the right pane of every page.
Getting started with the Amazon EKS Provisioned Control Plane
This guide walks you through the steps to set up and use EKS Provisioned Control Plane using Amazon CLI and Amazon Web Services Management Console.
Prerequisites
Before you begin, ensure you have:
-
Amazon CLI – A command line tool for working with Amazon services, including Amazon EKS. For more information, see Installing in the Amazon Command Line Interface User Guide. After installing the Amazon CLI, we recommend that you also configure it. For more information, see Quick configuration with aws configure in the Amazon Command Line Interface User Guide. Note that Amazon CLI v2 is required to use the update-kubeconfig option shown in this page.
-
Required IAM permissions – The IAM security principal that you’re using must have permissions to work with Amazon EKS IAM roles, service linked roles, Amazon CloudFormation, a VPC, and related resources. For more information, see Actions and Using service-linked roles in the IAM User Guide. You must complete all steps in this guide as the same user. To check the current user, run the following command:
aws sts get-caller-identity
Note
We recommend that you complete the steps in this topic in a Bash shell. If you aren’t using a Bash shell, some script commands such as line continuation characters and the way variables are set and used require adjustment for your shell. Additionally, the quoting and escaping rules for your shell might be different. For more information, see Using quotation marks with strings in the Amazon CLI in the Amazon Command Line Interface User Guide.
EKS Provisioned Control Plane - Amazon CLI
Create cluster with EKS Provisioned Control Plane Scaling Tier
aws eks create-cluster --name prod-cluster \ --role-arn arn:aws:iam::012345678910:role/eks-service-role-AWSServiceRoleForAmazonEKS-J7ONKE3BQ4PI \ --resources-vpc-config subnetIds=subnet-6782e71e,subnet-e7e761ac,securityGroupIds=sg-6979fe18 \ --control-plane-scaling-config tier=tier-xl
Response:
{ "cluster": { "name": "my-eks-cluster", "arn": "arn:aws:eks:us-east-2:111122223333:cluster/my-eks-cluster", "createdAt": "2024-03-14T11:31:44.348000-04:00", "version": "1.26", "endpoint": "https://JSA79429HJDASKJDJ8223829MNDNASW.yl4.us-east-2.eks.amazonaws.com", "roleArn": "arn:aws:iam::111122223333:role/eksctl-my-eks-cluster-cluster-ServiceRole-zMF6CBakwwbW", "resourcesVpcConfig": { "subnetIds": [ "subnet-0fb75d2d8401716e7", "subnet-02184492f67a3d0f9", "subnet-04098063527aab776", "subnet-0e2907431c9988b72", "subnet-04ad87f71c6e5ab4d", "subnet-09d912bb63ef21b9a" ], "securityGroupIds": [ "sg-0c1327f6270afbb36" ], "clusterSecurityGroupId": "sg-01c84d09d70f39a7f", "vpcId": "vpc-0012b8e1cc0abb17d", "endpointPublicAccess": true, "endpointPrivateAccess": true, "publicAccessCidrs": [ "22.19.18.2/32" ] }, "controlPlaneScalingConfig": { "tier": "tier-xl" }, "kubernetesNetworkConfig": { "serviceIpv4Cidr": "10.100.0.0/16", "ipFamily": "ipv4" }, "logging": { "clusterLogging": [ { "types": [ "api", "audit", "authenticator", "controllerManager", "scheduler" ], "enabled": true } ] }, "identity": { "oidc": { "issuer": "https://oidc.eks.us-east-2.amazonaws.com/id/JSA79429HJDASKJDJ8223829MNDNASW" } }, "status": "CREATING", "certificateAuthority": { "data": "CA_DATA_STRING..." }, "platformVersion": "eks.14", "tags": { "aws:cloudformation:stack-name": "eksctl-my-eks-cluster-cluster", "alpha.eksctl.io/cluster-name": "my-eks-cluster", "karpenter.sh/discovery": "my-eks-cluster", "aws:cloudformation:stack-id": "arn:aws:cloudformation:us-east-2:111122223333:stack/eksctl-my-eks-cluster-cluster/e752ea00-e217-11ee-beae-0a9599c8c7ed", "auto-delete": "no", "eksctl.cluster.k8s.io/v1alpha1/cluster-name": "my-eks-cluster", "EKS-Cluster-Name": "my-eks-cluster", "alpha.eksctl.io/cluster-oidc-enabled": "true", "aws:cloudformation:logical-id": "ControlPlane", "alpha.eksctl.io/eksctl-version": "0.173.0-dev+a7ee89342.2024-03-01T03:40:57Z", "Name": "eksctl-my-eks-cluster-cluster/ControlPlane" }, "health": { "issues": [] }, "accessConfig": { "authenticationMode": "API_AND_CONFIG_MAP" } } }
View cluster’s Control Plane Scaling Tier
aws eks describe-cluster --name prod-cluster
Response:
{ "cluster": { "name": "my-eks-cluster", "arn": "arn:aws:eks:us-east-2:111122223333:cluster/my-eks-cluster", "createdAt": "2024-03-14T11:31:44.348000-04:00", "version": "1.26", "endpoint": "https://JSA79429HJDASKJDJ8223829MNDNASW.yl4.us-east-2.eks.amazonaws.com", "roleArn": "arn:aws:iam::111122223333:role/eksctl-my-eks-cluster-cluster-ServiceRole-zMF6CBakwwbW", "resourcesVpcConfig": { "subnetIds": [ "subnet-0fb75d2d8401716e7", "subnet-02184492f67a3d0f9", "subnet-04098063527aab776", "subnet-0e2907431c9988b72", "subnet-04ad87f71c6e5ab4d", "subnet-09d912bb63ef21b9a" ], "securityGroupIds": [ "sg-0c1327f6270afbb36" ], "clusterSecurityGroupId": "sg-01c84d09d70f39a7f", "vpcId": "vpc-0012b8e1cc0abb17d", "endpointPublicAccess": true, "endpointPrivateAccess": true, "publicAccessCidrs": [ "22.19.18.2/32" ] }, "controlPlaneScalingConfig": { "tier": "tier-xl" }, "kubernetesNetworkConfig": { "serviceIpv4Cidr": "10.100.0.0/16", "ipFamily": "ipv4" }, "logging": { "clusterLogging": [ { "types": [ "api", "audit", "authenticator", "controllerManager", "scheduler" ], "enabled": true } ] }, "identity": { "oidc": { "issuer": "https://oidc.eks.us-east-2.amazonaws.com/id/JSA79429HJDASKJDJ8223829MNDNASW" } }, "status": "ACTIVE", "certificateAuthority": { "data": "CA_DATA_STRING..." }, "platformVersion": "eks.14", "tags": { "aws:cloudformation:stack-name": "eksctl-my-eks-cluster-cluster", "alpha.eksctl.io/cluster-name": "my-eks-cluster", "karpenter.sh/discovery": "my-eks-cluster", "aws:cloudformation:stack-id": "arn:aws:cloudformation:us-east-2:111122223333:stack/eksctl-my-eks-cluster-cluster/e752ea00-e217-11ee-beae-0a9599c8c7ed", "auto-delete": "no", "eksctl.cluster.k8s.io/v1alpha1/cluster-name": "my-eks-cluster", "EKS-Cluster-Name": "my-eks-cluster", "alpha.eksctl.io/cluster-oidc-enabled": "true", "aws:cloudformation:logical-id": "ControlPlane", "alpha.eksctl.io/eksctl-version": "0.173.0-dev+a7ee89342.2024-03-01T03:40:57Z", "Name": "eksctl-my-eks-cluster-cluster/ControlPlane" }, "health": { "issues": [] }, "accessConfig": { "authenticationMode": "API_AND_CONFIG_MAP" } } }
Update cluster to use EKS Provisioned Control Plane
aws eks update-cluster-config --name prod-cluster \ --control-plane-scaling-config tier=tier-2xl
Response:
{ "update": { "id": "7551c64b-1d27-4b1e-9f8e-c45f056eb6fd", "status": "InProgress", "type": "ScalingTierConfigUpdate", "params": [ { "type": "UpdatedTier", "value": "tier-2xl" }, { "type": "PreviousTier", "value": "tier-xl" } ], "createdAt": 1565807210.37, "errors": [] } }
View Control Plane Scaling update
aws eks list-updates --name example
Response:
{ "updateIds": [ "7551c64b-1d27-4b1e-9f8e-c45f056eb6fd1" ] }
Exit Provisioned Control Plane to Standard Control Plane
aws eks update-cluster-config --name prod-cluster \ --control-plane-scaling-config tier=standard
Response:
{ "update": { "id": "7551c64b-1d27-4b1e-9f8e-c45f056eb6fd", "status": "InProgress", "type": "ScalingTierConfigUpdate", "params": [ { "type": "UpdatedTier", "value": "standard" }, { "type": "PreviousTier", "value": "tier-2xl" } ], "createdAt": 1565807210.37, "errors": [] } }
EKS Provisioned Control Plane - Amazon Web Services Management Console
-
Open the Amazon EKS console
. -
Choose Create cluster.
-
Under Configuration options, select Custom configuration.
-
Scroll down to Control plane scaling tier. Select Use a scaling tier to enable Provisioned Control Plane.
-
Select the control plane scaling tier that you would like to provision for the cluster from various scaling tier options such as XL, 2XL, and 4XL.
-
Select other cluster configurations options as needed. On the final step select Create cluster. Note it may take several minutes for cluster creation to complete.