name	aws-eks
description	Amazon Elastic Kubernetes Service (EKS) for running Kubernetes on AWS. Use for container orchestration, deploying applications, managing clusters, and Kubernetes workloads on AWS.

AWS EKS (Amazon Elastic Kubernetes Service) Skill

Comprehensive assistance with Amazon EKS development, cluster management, and Kubernetes workloads on AWS.

When to Use This Skill

Trigger this skill when working with:

Cluster Operations

Creating, configuring, or managing EKS clusters
Setting up EKS Auto Mode clusters for simplified compute management
Configuring cluster networking (IPv4/IPv6, VPC, subnets)
Managing cluster access controls and IAM roles
Enabling cluster features (logging, encryption, zonal shift)

Add-ons & Extensions

Installing or managing Amazon EKS add-ons (VPC CNI, CoreDNS, kube-proxy, CSI drivers)
Working with community add-ons (Metrics Server, Prometheus, Cert Manager)
Configuring add-on permissions and service accounts
Running critical add-ons on dedicated system nodes

Application Deployment

Deploying containerized applications to EKS
Creating Kubernetes deployments, services, and ingresses
Configuring Horizontal Pod Autoscaler for scaling
Managing workload namespaces and resource allocation

Networking & Storage

Configuring VPC CNI and pod networking
Setting up IPv6 addressing for pods and services
Integrating storage (EBS, EFS, FSx) with CSI drivers
Managing Application Load Balancers with AWS Load Balancer Controller

Monitoring & Observability

Setting up Prometheus or CloudWatch monitoring
Using the EKS observability dashboard
Configuring control plane logs and metrics
Troubleshooting cluster health issues

Key Concepts

EKS Cluster Types

Standard EKS: Traditional cluster where you manage nodes and compute
EKS Auto Mode: Simplified management where AWS handles compute provisioning, lifecycle, and optimization
EKS with Fargate: Serverless compute for pods without managing nodes

Node Pools (EKS Auto Mode)

General-purpose: For standard application workloads
System: Dedicated nodes for critical add-ons with CriticalAddonsOnly taint

Add-on Types

AWS Add-ons: Built and supported by AWS (VPC CNI, CoreDNS, kube-proxy, CSI drivers)
Community Add-ons: Validated for compatibility but community-supported (Metrics Server, Prometheus)

IAM Integration

Cluster IAM Role: Permissions for EKS control plane to manage AWS resources
Node IAM Role: Permissions for worker nodes (EC2 instances)
IRSA (IAM Roles for Service Accounts): Pod-level IAM permissions via OIDC

Quick Reference

Example 1: Create Basic EKS Cluster with eksctl

# Simple cluster creation with default settings
eksctl create cluster --name my-cluster --region us-west-2

# With specific node configuration
eksctl create cluster \
  --name my-cluster \
  --region us-west-2 \
  --nodegroup-name standard-workers \
  --node-type t3.medium \
  --nodes 3 \
  --nodes-min 1 \
  --nodes-max 4

Use when: Starting a new EKS cluster quickly with standard configuration.

Example 2: Create EKS Auto Mode Cluster

# Command-line approach
eksctl create cluster --name auto-cluster --enable-auto-mode

# YAML configuration approach
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig

metadata:
  name: my-auto-cluster
  region: us-west-2

autoModeConfig:
  enabled: true
  # Leave nodePools empty for defaults (general-purpose, system)
  nodePools: []

Use when: You want AWS to manage compute resources automatically without configuring node groups.

Example 3: Deploy Sample Application

# Create namespace
kubectl create namespace eks-sample-app

# Deploy application
kubectl apply -n eks-sample-app -f - <<EOF
apiVersion: apps/v1
kind: Deployment
metadata:
  name: eks-sample-deployment
spec:
  replicas: 3
  selector:
    matchLabels:
      app: eks-sample
  template:
    metadata:
      labels:
        app: eks-sample
    spec:
      containers:
      - name: nginx
        image: public.ecr.aws/nginx/nginx:latest
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: eks-sample-service
spec:
  selector:
    app: eks-sample
  ports:
  - port: 80
    targetPort: 80
  type: LoadBalancer
EOF

Use when: Deploying a simple application with load balancer exposure.

Example 4: Install Community Add-on (Metrics Server)

# Check add-on type
aws eks describe-addon-versions --addon-name metrics-server

# Install via AWS API
aws eks create-addon \
  --cluster-name my-cluster \
  --addon-name metrics-server \
  --addon-version v1.0.0-eksbuild.1

# Verify installation
kubectl get deployment metrics-server -n kube-system

Use when: Adding the Kubernetes Metrics Server for resource monitoring and HPA.

Example 5: Configure Horizontal Pod Autoscaler

# Deploy sample application
kubectl apply -f https://k8s.io/examples/application/php-apache.yaml

# Create autoscaler (scale between 1-10 pods at 50% CPU)
kubectl autoscale deployment php-apache \
  --cpu-percent=50 \
  --min=1 \
  --max=10

# Check autoscaler status
kubectl get hpa

# Generate load to test scaling
kubectl run -i --tty load-generator --rm --image=busybox:1.28 --restart=Never -- /bin/sh -c "while sleep 0.01; do wget -q -O- http://php-apache; done"

Use when: Implementing automatic scaling based on CPU utilization.

Example 6: Deploy Critical Add-on to System Node Pool (Auto Mode)

apiVersion: apps/v1
kind: Deployment
metadata:
  name: critical-addon
  namespace: kube-system
spec:
  replicas: 2
  selector:
    matchLabels:
      app: critical-addon
  template:
    metadata:
      labels:
        app: critical-addon
    spec:
      # Select system node pool
      nodeSelector:
        eks.amazonaws.com/compute-type: auto
        karpenter.sh/nodepool: system
      # Tolerate system node taint
      tolerations:
      - key: CriticalAddonsOnly
        operator: Exists
        effect: NoSchedule
      containers:
      - name: app
        image: critical-app:latest

Use when: Running critical infrastructure components on dedicated system nodes in EKS Auto Mode.

Example 7: Create Cluster IAM Role

# Create trust policy
cat > eks-cluster-role-trust-policy.json <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "eks.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
EOF

# Create IAM role
aws iam create-role \
  --role-name myEKSClusterRole \
  --assume-role-policy-document file://eks-cluster-role-trust-policy.json

# Attach required policy
aws iam attach-role-policy \
  --role-name myEKSClusterRole \
  --policy-arn arn:aws:iam::aws:policy/AmazonEKSClusterPolicy

Use when: Setting up IAM permissions for EKS cluster control plane.

Example 8: Deploy Prometheus for Monitoring

# Create namespace
kubectl create namespace prometheus

# Add Helm repository
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo update

# Install Prometheus
helm install prometheus prometheus-community/prometheus \
  --namespace prometheus \
  --set alertmanager.persistentVolume.storageClass="gp2" \
  --set server.persistentVolume.storageClass="gp2"

# Port forward to access dashboard
kubectl port-forward -n prometheus deploy/prometheus-server 9090

Use when: Setting up comprehensive monitoring for your EKS cluster.

Example 9: Configure IPv6 for Cluster

# Create cluster with IPv6
aws eks create-cluster \
  --name my-ipv6-cluster \
  --kubernetes-network-config ipFamily=ipv6 \
  --vpc-config subnetIds=subnet-xxx,subnet-yyy,securityGroupIds=sg-xxx \
  --role-arn arn:aws:iam::account-id:role/myEKSClusterRole

# Get IPv6 service CIDR
aws eks describe-cluster \
  --name my-ipv6-cluster \
  --query cluster.kubernetesNetworkConfig.serviceIpv6Cidr \
  --output text

Use when: Building IPv6-native clusters to avoid IPv4 address exhaustion.

Example 10: Deploy Application Load Balancer with Ingress

# Create namespace
kubectl create namespace game-2048 --save-config

# Deploy application with ingress
kubectl apply -n game-2048 -f https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.8.0/docs/examples/2048/2048_full.yaml

# Get ingress address
kubectl get ingress -n game-2048

# Output will show ALB address:
# NAME            CLASS   HOSTS   ADDRESS                                                                  PORTS   AGE
# ingress-2048    alb     *       k8s-game2048-ingress2-xxx.region.elb.amazonaws.com                      80      30s

Use when: Exposing applications via AWS Application Load Balancer with Kubernetes Ingress.

Reference Files

This skill includes comprehensive documentation in references/:

addons.md (4 pages)

Community add-ons: Metrics Server, kube-state-metrics, Prometheus Node Exporter, Cert Manager, External DNS
Amazon EKS add-ons: Managing official AWS add-ons, customization, namespace configuration
Critical workloads: Running add-ons on dedicated system nodes with EKS Auto Mode
Add-on permissions: Custom namespaces, RBAC configuration

When to read: Installing or managing cluster add-ons, configuring system node pools.

cluster_management.md (121 pages)

Cluster creation: Step-by-step guides with eksctl, AWS Console, and API
EKS Auto Mode: Creating and managing Auto Mode clusters
Observability: Dashboard usage, control plane monitoring, cluster health
Networking: IPv6 configuration, VPC setup, subnet requirements
Access control: IAM roles, OIDC providers, cluster endpoint access

When to read: Creating new clusters, troubleshooting cluster issues, configuring monitoring.

deployment.md (10 pages)

Application deployment: Sample applications, deployments, services
Prometheus setup: Helm-based installation and configuration
Horizontal Pod Autoscaler: Configuring automatic scaling based on metrics
Kubernetes workloads: Deployments, ReplicaSets, StatefulSets

When to read: Deploying applications, setting up monitoring, configuring autoscaling.

getting_started.md

Prerequisites: AWS account setup, CLI tools, IAM permissions
First cluster: Quickstart guides for different scenarios
kubectl setup: Connecting to clusters, kubeconfig configuration
Initial workloads: Deploying first applications

When to read: First-time EKS setup, onboarding new team members.

networking.md

VPC CNI plugin: Pod networking, ENI management
IPv4 and IPv6: Address family selection and configuration
Load balancing: ALB, NLB, and ingress controllers
Network policies: Security groups, network isolation

When to read: Configuring cluster networking, troubleshooting connectivity, setting up load balancers.

nodes.md

Node groups: Managed node groups, self-managed nodes
EKS Auto Mode: Automatic compute provisioning
Fargate profiles: Serverless pod execution
Node IAM roles: Permissions and IRSA setup

When to read: Managing compute resources, configuring node groups, setting up Fargate.

security.md

IAM integration: Cluster roles, node roles, IRSA (IAM Roles for Service Accounts)
Certificate management: Kubernetes certificate API, custom signers
Encryption: Control plane encryption, secrets encryption
Security groups: Cluster security group, pod security groups

When to read: Implementing security best practices, configuring IAM permissions, certificate management.

other.md

API reference: Detailed API operation documentation
Advanced features: EKS extensions, hybrid nodes, Outposts
Migration guides: Upgrading clusters, migrating workloads
Troubleshooting: Common issues and solutions

When to read: API integration, advanced use cases, troubleshooting complex issues.

Working with This Skill

For Beginners

Start here: Read getting_started.md for fundamental concepts and your first cluster
Simple deployment: Follow Example 3 to deploy a basic application
Learn networking: Understand how pods communicate via networking.md
Add monitoring: Set up Metrics Server (Example 4) and Prometheus (Example 8)
Practice scaling: Experiment with Horizontal Pod Autoscaler (Example 5)

For Intermediate Users

EKS Auto Mode: Explore simplified cluster management with Examples 2 and 6
Add-on management: Learn community vs AWS add-ons in addons.md
IAM integration: Master IRSA and pod-level permissions in security.md
Storage integration: Configure EBS/EFS CSI drivers for persistent storage
Load balancing: Implement ingress controllers (Example 10)
IPv6 networking: Transition to IPv6 for future-proof addressing (Example 9)

For Advanced Users

Custom networking: Deep dive into VPC CNI customization in networking.md
Hybrid deployments: Explore EKS Hybrid Nodes in other.md
Security hardening: Implement certificate signing, encryption at rest, pod security
Observability: Full-stack monitoring with Prometheus, Grafana, CloudWatch Container Insights
Multi-cluster strategies: Federation, service mesh, cross-cluster communication
Cost optimization: Right-sizing, Spot instances, Auto Mode for better resource utilization

Navigation Tips

By category: Each reference file covers a specific domain (networking, security, etc.)
By task: Use Quick Reference examples as starting points for common tasks
By component: Find specific add-ons or features using file descriptions above
Search within files: Use view command to read specific sections of large reference files

Common Workflows

Creating Your First Cluster

getting_started.md → Example 1 (cluster creation) → Example 3 (deploy app) → Example 4 (add monitoring)

Production Cluster Setup

cluster_management.md → security.md (IAM) → networking.md (VPC/IPv6) → addons.md (install essentials) → deployment.md (deploy workloads)

Troubleshooting Issues

cluster_management.md (observability dashboard) → nodes.md (node health) → networking.md (connectivity) → other.md (common issues)

Migrating to EKS Auto Mode

Example 2 (create Auto Mode cluster) → nodes.md (understand node pools) → Example 6 (critical add-ons) → deployment.md (migrate workloads)

Best Practices

Cluster Configuration

Use EKS Auto Mode for simplified operations unless you need specific instance types
Enable control plane logging to CloudWatch for troubleshooting
Use multiple availability zones for high availability
Configure cluster endpoint access appropriately (public, private, or both)

Networking

Use IPv6 for new clusters to avoid address exhaustion
Implement Network Policies for pod-to-pod security
Use AWS Load Balancer Controller instead of legacy in-tree controllers
Plan CIDR ranges carefully to avoid conflicts with peered VPCs

Security

Use IRSA (IAM Roles for Service Accounts) instead of node-level IAM roles
Enable secrets encryption with AWS KMS
Implement Pod Security Standards to enforce security policies
Regularly update add-ons for security patches

Monitoring

Deploy Metrics Server for basic resource metrics
Use Prometheus + Grafana or CloudWatch Container Insights for production monitoring
Enable control plane metrics for API server health
Set up alerts for cluster health issues

Scaling

Use Horizontal Pod Autoscaler for application scaling
Use Cluster Autoscaler or Karpenter for node scaling (EKS Auto Mode handles this automatically)
Configure resource requests and limits for predictable behavior
Test autoscaling under load before production

Resources

Official Documentation

Tools

eksctl: Simplified cluster management CLI
kubectl: Kubernetes command-line tool
AWS CLI: AWS service management
Helm: Kubernetes package manager

Community

Notes

This skill was automatically generated from official AWS EKS documentation
Examples are extracted from real-world usage patterns and AWS documentation
Code examples include language detection for proper syntax highlighting
Always check AWS documentation for latest API versions and features
EKS Auto Mode is recommended for new users and simplified operations

Updating

To refresh this skill with updated documentation:

Re-run the scraper with the same configuration
The skill will be rebuilt with the latest information from AWS docs
Review changes in cluster versions, API updates, and new features

Install Skill

SKILL.md