{"id":289,"date":"2025-11-16T02:02:00","date_gmt":"2025-11-16T02:02:00","guid":{"rendered":"https:\/\/blog.ngocha.biz\/?p=289"},"modified":"2025-11-16T02:02:00","modified_gmt":"2025-11-16T02:02:00","slug":"create-aws-eks-cluster-eksctl","status":"publish","type":"post","link":"https:\/\/blog.ngocha.biz\/?p=289","title":{"rendered":"How to Create AWS EKS Cluster Using eksctl"},"content":{"rendered":"<p>In this <a href=\"https:\/\/devopscube.com\/kubernetes-tutorials-beginners\/\">Kubernetes tutorial<\/a>, you will learn to create an AWS EKS cluster using eksctl. I will also cover the important eksctl concepts.<\/p><p>By the end of this guide, you will be able to:<\/p><ul><li>Build a fully working EKS cluster.<\/li><li>Setup on\u2011demand and spot instances for the cluster.<\/li><li>Configure key add\u2011ons needed for EKS production.<\/li><li>Adding users\/roles to eks cluster.<\/li><li>Deploy Metrics\u202fServer for HPA and VPA<\/li><li>Understand how eksctl works behind the scenes.<\/li><li>Troubleshoot common EKS problems.<\/li><\/ul><h2 id=\"setup-prerequisites\">Setup Prerequisites<\/h2><p>To work with <code>eksctl<\/code> you need to have the following installed and configured on your workstation.<\/p><ol><li>AWS CLI installed and configured with required IAM permissions to launch eks cluster.<\/li><li><code>kubectl<\/code> should be installed.<\/li><\/ol><h2 id=\"install-eksctl\">Install eksctl<\/h2><p><code>eksctl<\/code> installation instructions for Linux and MAC systems are given below. For other platforms, please check the <a href=\"https:\/\/eksctl.io\/installation\/?ref=devopscube.com\" rel=\"noreferrer noopener\">official documentation<\/a> for detailed instructions.<\/p><p>For Linux based system, you can install <strong><code>eksctl<\/code><\/strong> using the following commands.<\/p><pre><code class=\"language-bash\"># for ARM systems, set ARCH to: `arm64`, `armv6` or `armv7`\nARCH=amd64\nPLATFORM=$(uname -s)_$ARCH\n\ncurl -sLO \"https:\/\/github.com\/eksctl-io\/eksctl\/releases\/latest\/download\/eksctl_$PLATFORM.tar.gz\"\n\n# (Optional) Verify checksum\ncurl -sL \"https:\/\/github.com\/eksctl-io\/eksctl\/releases\/latest\/download\/eksctl_checksums.txt\" | grep $PLATFORM | sha256sum --check\n\ntar -xzf eksctl_$PLATFORM.tar.gz -C \/tmp &amp;&amp; rm eksctl_$PLATFORM.tar.gz\n\nsudo mv \/tmp\/eksctl \/usr\/local\/bin<\/code><\/pre><p>For Mac,<\/p><p>Use the following command to install eksctl on mac<\/p><pre><code class=\"language-bash\">brew tap weaveworks\/tap\nbrew install weaveworks\/tap\/eksctl<\/code><\/pre><h2 id=\"create-eks-cluster-using-eksctl\">Create EKS Cluster Using eksctl<\/h2><p>You can launch an EKS cluster using eksctl in two ways.<\/p><ol><li>Using eksctl CLI and parameters<\/li><li>Using eksctl CLI and YAML config.<\/li><\/ol><p>Using CLI and parameters is pretty straightforward. However I would prefer the YAML config as you can have the cluster configuration as a config file.<\/p><p>Create a file named <code>eks-cluster.yaml<\/code><\/p><pre><code class=\"language-bash\">vi eks-cluster.yaml <\/code><\/pre><p>Copy the following contents to the file. You need to replace the <strong>VPC id, CIDR, and subnet IDs <\/strong>with your own ids. Replace <code>techiescamp<\/code> with the name of your <strong>keypair<\/strong>.<\/p><pre><code class=\"language-yaml\">apiVersion: eksctl.io\/v1alpha5\nkind: ClusterConfig\n\nmetadata:\n  name: eks-spot-cluster\n  region: us-west-2\n\nvpc:\n  id: \"vpc-0951fe2c76e36eab9\"\n  cidr: \"10.0.0.0\/16\"\n  subnets:\n    public:\n      us-west-2a: { id: subnet-01b8ff5eaa0b39c10 }\n      us-west-2b: { id: subnet-0e5de906289149fc0 }\n      us-west-2c: { id: subnet-0185f1eee8a1a6561 }\n\nmanagedNodeGroups:\n  - name: ng-workers\n    instanceType: t3.small\n    labels: { role: workers }\n    minSize: 2\n    maxSize: 4\n    ssh: \n      allow: true\n      publicKeyName: techiescamp\n    tags:\n      Name: ng-db\n  - name: ng-spot\n    instanceType: t3.medium\n    labels: { role: builders }\n    minSize: 3\n    maxSize: 6\n    spot: true\n    ssh: \n      allow: true\n      publicKeyName: techiescamp\n    tags:\n      Name: ng-spot\n\naddons:\n  - name: aws-ebs-csi-driver\n    version: latest\n  - name: eks-pod-identity-agent\n    version: latest\n\naddonsConfig:    \n   autoApplyPodIdentityAssociations: true<\/code><\/pre><p>The above config has the following.<\/p>\n<!--kg-card-begin: html-->\n<ol class=\"wp-block-list is-style-cnvs-list-styled\">\n<li>Cluster VPC configurations with public subnet spanning three availability zones.<\/li>\n\n\n<li>Two managed node groups. One with regular <strong>on-demand instances<\/strong> and one with <strong>spot instances<\/strong>.<\/li>\n\n\n<li>There are two add-ons. There are required one when working in real projects.\n<ul class=\"wp-block-list\">\n<li><strong>aws-ebs-csi-driver:<\/strong> For managing EBS (Elastic Block Store) volumes <\/li>\n\n\n<li><strong>eks-pod-identity-agent:<\/strong> For managing pod identities. It allows pods to assume IAM roles directly, without the need for long-lived AWS credentials. It maps the Kubernetes service account to an AWS IAM role, giving any pod using that service account access to to interact with AWS services (like S3, DynamoDB, etc.) without embedding AWS credentials directly into the application code. Instead, permissions are managed through IAM roles associated with specific service accounts<\/li>\n<\/ul>\n<\/li>\n\n\n<li><code>autoApplyPodIdentityAssociations: true<\/code> : With this option eksctl automatically resolves and applies the recommended IAM roles and pod identity associations for the add-ons. For example, the aws-ebs-csi-driver addon requires certain IAM privileges to create and manage EBS volumes. It gets automatically created by this option.<\/li>\n<\/ol>\n<!--kg-card-end: html-->\n<p>Now that you have a config ready, deploy the cluster using the following command. It will take a while for the cluster control plane and worker nodes to be provisioned.<\/p><pre><code class=\"language-bash\">eksctl create cluster -f eks-cluster.yaml<\/code><\/pre><p>The following security groups get created during the cluster launch.<\/p><figure class=\"kg-card kg-image-card\"><img decoding=\"async\" src=\"https:\/\/storage.ghost.io\/c\/5f\/2f\/5f2f4d20-2abf-4534-8d40-7aa233aedd43\/content\/images\/2025\/03\/image-14-21.png\" class=\"kg-image\" alt=\"eks security groups created by eksctl\" loading=\"lazy\" width=\"531\" height=\"351\"><\/figure><p>This eksctl configuration creates two node groups, one with on-demand and the other with spot instance, you can use the <a href=\"https:\/\/devopscube.com\/cluster-autoscaler\/\" rel=\"noreferrer noopener\">Cluster AutoScaler<\/a> to manage node scaling for both node groups automatically.<\/p><h2 id=\"connect-to-eks-cluster\">Connect to EKS cluster<\/h2><p>Once the cluster is provisioned, you can use the following AWS CLI command to get or update the <a href=\"https:\/\/devopscube.com\/kubernetes-kubeconfig-file\/\">kubeconfig file<\/a>.<\/p><pre><code class=\"language-bash\">aws eks update-kubeconfig --region us-west-2 --name eks-spot-cluster<\/code><\/pre><p>You should see the following output.<\/p><pre><code class=\"language-bash\">\u279c  public git:(main) \u2717 aws eks update-kubeconfig --region us-west-2 --name eks-spot-cluster\nAdded new context arn:aws:eks:us-west-2:936855596904:cluster\/eks-spot-cluster to \/Users\/bibinwilson\/.kube\/config\n<\/code><\/pre><p>Verify the cluster connectivity by executing the following kubectl commands.<\/p><pre><code class=\"language-bash\">kubectl cluster-info\nkubectl get nodes\nkubectl get po -n kube-system<\/code><\/pre><figure class=\"kg-card kg-image-card kg-card-hascaption\"><img decoding=\"async\" src=\"https:\/\/storage.ghost.io\/c\/5f\/2f\/5f2f4d20-2abf-4534-8d40-7aa233aedd43\/content\/images\/2025\/03\/image-16-16.png\" class=\"kg-image\" alt=\"eks cluster validation using kubectl\" loading=\"lazy\" width=\"664\" height=\"590\" srcset=\"https:\/\/storage.ghost.io\/c\/5f\/2f\/5f2f4d20-2abf-4534-8d40-7aa233aedd43\/content\/images\/size\/w600\/2025\/03\/image-16-16.png 600w, https:\/\/storage.ghost.io\/c\/5f\/2f\/5f2f4d20-2abf-4534-8d40-7aa233aedd43\/content\/images\/2025\/03\/image-16-16.png 664w\"><figcaption><span style=\"white-space: pre-wrap;\">Click to view in HD<\/span><\/figcaption><\/figure><h2 id=\"add-a-default-storageclass\">Add a Default StorageClass<\/h2><p>By default there will be a gp2 based storage class in the cluster. However, if you try to create any EBS based persistent volume for any pod without specifying the gp2 storage class, the pod will be in pending state. <\/p><p>To avoid that, you can create one by setting the <code>storageclass.kubernetes.io\/is-default-class: \"true\"<\/code> annotation to a storage class as given below.<\/p><pre><code class=\"language-yaml\">kubectl apply -f - &lt;&lt;EOF\napiVersion: storage.k8s.io\/v1\nkind: StorageClass\nmetadata:\n  name: gp3\n  annotations:\n    storageclass.kubernetes.io\/is-default-class: \"true\"\nprovisioner: ebs.csi.aws.com\nvolumeBindingMode: WaitForFirstConsumer\nallowVolumeExpansion: true\nparameters:\n  type: gp3\n  fsType: ext4\n  encrypted: \"true\"\nEOF<\/code><\/pre><p>Verify it using the following command. You should see the new <code>gp3<\/code> storage class set to default.<\/p><pre><code>$ k get sc\n\nNAME            PROVISIONER             RECLAIMPOLICY   VOLUMEBINDINGMODE      ALLOWVOLUMEEXPANSION   AGE\ngp2             kubernetes.io\/aws-ebs   Delete          WaitForFirstConsumer   false                  3h15m\ngp3 (default)   ebs.csi.aws.com         Delete          WaitForFirstConsumer   true                   18s<\/code><\/pre><h2 id=\"adding-users-roles-to-eks-cluster\">Adding Users &amp; Roles To EKS Cluster<\/h2><p>By default, only the user or role that <strong>creates<\/strong> the EKS cluster will have full access to it. Other users, even if they have AWS admin permissions, will get an <strong>&#8220;Unauthorized&#8221;<\/strong> error like this:<\/p><pre><code>error: You must be logged in to the server (Unauthorized)<\/code><\/pre><p>You will also see a permission error in the EKS web console as shown below.<\/p><figure class=\"kg-card kg-image-card\"><img decoding=\"async\" src=\"https:\/\/storage.ghost.io\/c\/5f\/2f\/5f2f4d20-2abf-4534-8d40-7aa233aedd43\/content\/images\/2025\/05\/image-30.png\" class=\"kg-image\" alt=\"\" loading=\"lazy\" width=\"1506\" height=\"970\" srcset=\"https:\/\/storage.ghost.io\/c\/5f\/2f\/5f2f4d20-2abf-4534-8d40-7aa233aedd43\/content\/images\/size\/w600\/2025\/05\/image-30.png 600w, https:\/\/storage.ghost.io\/c\/5f\/2f\/5f2f4d20-2abf-4534-8d40-7aa233aedd43\/content\/images\/size\/w1000\/2025\/05\/image-30.png 1000w, https:\/\/storage.ghost.io\/c\/5f\/2f\/5f2f4d20-2abf-4534-8d40-7aa233aedd43\/content\/images\/2025\/05\/image-30.png 1506w\" sizes=\"auto, (min-width: 720px) 720px\"><\/figure><p>If you want other users or roles to access the cluster, you must add them to the EKS access entries.<\/p><p>Next, assign access policies to these entries to give them the right permissions in the cluster.<\/p><p>AWS EKS provides predefined access policies. You can list them using this command.<\/p><pre><code>aws eks list-access-policies --output table<\/code><\/pre><p>Let\u2019s say you want to add an IAM user or role.<\/p><p>First, get the <a href=\"https:\/\/devopscube.com\/aws-arn-guide\/\" rel=\"noreferrer\">ARN<\/a> of the user or role. Then, add the access configuration in your <code>eksctl<\/code> config file.<\/p><p>Here is an example. This config gives full cluster access to a user or role by attaching the <code>AmazonEKSClusterAdminPolicy<\/code>. Replace <code>&lt;user\/role-arn-here&gt;<\/code> with your actual user or role ARN.<\/p><pre><code class=\"language-yaml\">accessConfig:\n  authenticationMode: API_AND_CONFIG_MAP\n  accessEntries:\n  - principalARN: &lt;user\/role-arn-here&gt;\n    type: STANDARD\n    accessPolicies:\n    - policyARN: arn:aws:eks::aws:cluster-access-policy\/AmazonEKSClusterAdminPolicy\n      accessScope:\n        type: cluster<\/code><\/pre><p>Once you add the config, you can apply only the the <code>accessConfig<\/code> using the following command.<\/p><pre><code class=\"language-bash\">eksctl create accessentry -f eks-cluster.yaml <\/code><\/pre><p>You can follow the same method to add multiple users or roles with specific permissions in the cluster.<\/p><h2 id=\"eks-capabilities\">EKS Capabilities<\/h2><p>We can even enable the AWS managed platform tools, such as ArgoCD, AWS Controllers for Kubernetes, and Kubernetes Resource Orchestrator, over the Eksctl manifest.<\/p><pre><code>capabilities:\n  - name: dev-argocd\n    type: ARGOCD\n    roleARN: arn:aws:iam::123456789012:role\/ArgoCDCapabilityRole\n  \n  - name: dev-ack\n    type: ACK\n    roleARN: arn:aws:iam::123456789012:role\/ACKCapabilityRole\n    ackServiceControllers: \n      - s3\n      - rds\n\n  - name: dev-kro\n    type: KRO\n    roleARN: arn:aws:iam::123456789012:role\/KROCapabilityRole<\/code><\/pre><p>Change the Role to the appropriate one.<\/p><p>These tools are not run inside your cluster instead AWS manage them on their own infra so as the scaling and security.<\/p><h2 id=\"install-kubernetes-metrics-server\">Install Kubernetes Metrics Server<\/h2><p>By default the <a href=\"https:\/\/devopscube.com\/setup-kube-state-metrics\/\">metrics server<\/a> is not installed on the EKS cluster. It is required in the EKS cluster for HPA or VPA to work.<\/p><p>Without the metrics server, you will get the following error if you try to get the pod or node metrics.<\/p><pre><code class=\"language-bash\">$ kubectl top nodes\nerror: Metrics API not available\n$ kubectl top pods\nerror: Metrics API not available<\/code><\/pre><p>You can install the metrics server using the following command.<\/p><pre><code class=\"language-bash\">kubectl apply -f https:\/\/github.com\/kubernetes-sigs\/metrics-server\/releases\/latest\/download\/components.yaml<\/code><\/pre><p>Validate the deployment using the following command. It will take a couple of minutes for the metrics server deployment to be in ready state.<\/p><pre><code class=\"language-bash\">kubectl get deployment metrics-server -n kube-system<\/code><\/pre><p>Now if you check the node metrics, you should be able to see it.<\/p><pre><code class=\"language-bash\">$ kubectl top nodes\nNAME                                        CPU(cores)   CPU%   MEMORY(bytes)   MEMORY%   \nip-10-0-19-135.eu-west-2.compute.internal   29m          1%     410Mi           28%       \nip-10-0-3-139.eu-west-2.compute.internal    27m          1%     381Mi           26%       <\/code><\/pre><h2 id=\"how-does-eksctl-work\">How Does eksctl Work?<\/h2><p>Now that we have deploying a working eks cluster using eksctl, lets understand how it works behind the scenes. This understanding will help you troubleshoot issues when working in real-world production setup.<\/p><p>When you create an EKS cluster using eksctl (either via YAML configuration or command line parameters), it translates your specifications into CloudFormation templates.<\/p><p>It then deploys the generated <strong>Cloudformation template to <\/strong>provision the necessary AWS resources for EKS<strong>.<\/strong> So, ideally, even though you deploy the YAML file using eksctl, behind the scenes, the <strong>Cloudformation templates deploy<\/strong> the clusters.<\/p><p><strong>eksctl<\/strong> is just a wrapper for Cloudformation.<\/p><p>Once you execute the eksctl cluster create command and if you look at the AWS Cloudformation dashboard, you can see all the Cloudformation stacks deployed for creating the EKS clusters. <\/p><p>Here is an example.<\/p><figure class=\"kg-card kg-image-card\"><img decoding=\"async\" src=\"https:\/\/storage.ghost.io\/c\/5f\/2f\/5f2f4d20-2abf-4534-8d40-7aa233aedd43\/content\/images\/2025\/03\/image-15-12.png\" class=\"kg-image\" alt=\"eksctl eks cloudformation stacks\" loading=\"lazy\" width=\"601\" height=\"489\" srcset=\"https:\/\/storage.ghost.io\/c\/5f\/2f\/5f2f4d20-2abf-4534-8d40-7aa233aedd43\/content\/images\/size\/w600\/2025\/03\/image-15-12.png 600w, https:\/\/storage.ghost.io\/c\/5f\/2f\/5f2f4d20-2abf-4534-8d40-7aa233aedd43\/content\/images\/2025\/03\/image-15-12.png 601w\"><\/figure><p>Also, when you update the cluster configs, it again creates a Cloudformation stack to update the new configs.<\/p><h2 id=\"increase-eks-pods-per-node\">Increase EKS Pods Per Node<\/h2><p>You can host <strong>110 Pods per node<\/strong> is in a standard Kubernetes cluster.<\/p><p>However, For EKS by default, there is a  <strong>pod per node limitation<\/strong> based on the instance type.<\/p><p>You can increase this limit by setting <strong><code>maxPodsPerNode<\/code><\/strong> parameter in the YAML<\/p><p>For example, If you dont  parameter, the default and recommended pods per node for <code>t3.medium<\/code> instance is <code>17<\/code>.<\/p><p>For testing purposes, I am giving the value <code>110<\/code>, so that I can create more than <code>17<\/code> pods in each node.<\/p><p>If you want to calculate the recommended pods for your node, then first download this script.<\/p><pre><code>curl -O https:\/\/raw.githubusercontent.com\/awslabs\/amazon-eks-ami\/master\/files\/max-pods-calculator.sh<\/code><\/pre><p>Giving executable permission for this script<\/p><pre><code>chmod +x max-pods-calculator.sh<\/code><\/pre><p>Before you run the script, you need two things, one is <strong>instance type<\/strong> and the other one is the <strong>cni version.<\/strong><\/p><p>You know the instance type, so we have to find the <strong>cni version<\/strong>. for that, use the following command.<\/p><pre><code>kubectl describe daemonset aws-node --namespace kube-system | grep Image | cut -d \"\/\" -f 2<\/code><\/pre><p>You will get a similar output<\/p><figure class=\"kg-card kg-image-card\"><img decoding=\"async\" src=\"https:\/\/storage.ghost.io\/c\/5f\/2f\/5f2f4d20-2abf-4534-8d40-7aa233aedd43\/content\/images\/2025\/03\/image-34-8.png\" class=\"kg-image\" alt=\"\" loading=\"lazy\" width=\"1612\" height=\"473\" srcset=\"https:\/\/storage.ghost.io\/c\/5f\/2f\/5f2f4d20-2abf-4534-8d40-7aa233aedd43\/content\/images\/size\/w600\/2025\/03\/image-34-8.png 600w, https:\/\/storage.ghost.io\/c\/5f\/2f\/5f2f4d20-2abf-4534-8d40-7aa233aedd43\/content\/images\/size\/w1000\/2025\/03\/image-34-8.png 1000w, https:\/\/storage.ghost.io\/c\/5f\/2f\/5f2f4d20-2abf-4534-8d40-7aa233aedd43\/content\/images\/size\/w1600\/2025\/03\/image-34-8.png 1600w, https:\/\/storage.ghost.io\/c\/5f\/2f\/5f2f4d20-2abf-4534-8d40-7aa233aedd43\/content\/images\/2025\/03\/image-34-8.png 1612w\" sizes=\"auto, (min-width: 720px) 720px\"><\/figure><p>Here, <code>1.15.3-eksbuild.1<\/code> is the cni version.<\/p><p>Now, we can run the script.<\/p><pre><code>.\/max-pods-calculator.sh --instance-type t3.medium --cni-version 1.15.3-eksbuild.1<\/code><\/pre><p>If you are also using the <code>t3.medium<\/code> instance, then it will give the output is <code>17<\/code>.<\/p><p>To create a cluster using the above configuration, use the following command.<\/p><pre><code>eksctl create cluster -f eks-cluster.yml<\/code><\/pre><p>After the cluster creation, use the following command to enable more IPs for the network interface.<\/p><pre><code>kubectl set env daemonset aws-node -n kube-system ENABLE_PREFIX_DELEGATION=true<\/code><\/pre><h2 id=\"specifying-kubernetes-version-in-eksctl\">Specifying Kubernetes Version in eksctl<\/h2><p>There are scenarios where you need to deploy a specific version on Kubernetes in EKS<\/p><p>eksctl supports version parameter to specify the required supported version.<\/p><p>Here is an example.<\/p><pre><code class=\"language-yaml\">apiVersion: eksctl.io\/v1alpha5\nkind: ClusterConfig\n\nmetadata:\n  name: eks-spot-cluster\n  region: us-west-2\n  version: \"1.31\"<\/code><\/pre><h2 id=\"delete-recreating-node-group\">Delete &amp; Recreating Node Group<\/h2><p>If you want to change the instance type of a node group, you will have to delete the node group and recreating it again.<\/p><p>For example,<\/p><pre><code class=\"language-bash\">eksctl delete nodegroup \\\n  --cluster &lt;cluster-name&gt; \\\n  --name &lt;node-group-name&gt; <\/code><\/pre><p>When you try to delete a node group, you might get the following <em><code>pods are unevictable<\/code><\/em> error.<\/p><pre><code class=\"language-bash\">2025-11-16 16:43:38 [!] 1 pods are unevictable from node ip-172-31-43-101.us-west-2.compute.internal<\/code><\/pre><p>To rectify this, you can use the &#8211;disable-eviction flag with eksctl as shown below.<\/p><pre><code class=\"language-bash\">eksctl delete nodegroup \\\n  --cluster &lt;cluster-name&gt; \\\n  --name &lt;node-group-name&gt; \\\n  --disable-eviction<\/code><\/pre><h2 id=\"possible-eksctl-errors\">Possible eksctl Errors<\/h2><p>Based on my hands-on experience with eksctl, I&#8217;ve documented common issues and their solutions to save you troubleshooting time. This section contains regularly updated solutions for challenges I&#8217;ve encountered in different environments.<\/p><p>Let&#8217;s look at some of the possible eksctl errors.<\/p><h3 id=\"stack-already-exists-error\">Stack Already Exists Error<\/h3><p>If you try to create a NodeGroup using <strong><code>eksctl<\/code><\/strong> with an existing Cloudformation stack, you will get the following error.<\/p><pre><code>creating CloudFormation stack \"stack-name\": operation error CloudFormation: CreateStack, https response error StatusCode: 40, AlreadyExistsException: Stack [stack-name] already exists<\/code><\/pre><p>To rectify this, Go to the Cloudformation dashboard and delete the cloud formation stack for the NodeGroup.<\/p><h3 id=\"subnet-autoassign-public-ip-error\">Subnet Autoassign Public IP Error<\/h3><pre><code>Resource handler returned message: \"[Issue(Code=Ec2SubnetInvalidConfiguration, Message=One or more Amazon EC2 Subnets of [subnet-0eea88c0faa8241d4, subnet-05ff592bd0095ad75] for node group ng-app does not automatically assign public IP addresses to instances launched into it. If you want your instances to be assigned a public IP address, then you need to enable auto-assign public IP address for the subnet<\/code><\/pre><p>To rectify this error, go the subent settings and enable &#8220;<strong><code>Enable Autoassign Public IPv4 Address<\/code>&#8220;<\/strong> Option.<\/p><figure class=\"kg-card kg-image-card kg-card-hascaption\"><img decoding=\"async\" src=\"https:\/\/storage.ghost.io\/c\/5f\/2f\/5f2f4d20-2abf-4534-8d40-7aa233aedd43\/content\/images\/2025\/03\/image-17-12.png\" class=\"kg-image\" alt=\"EKS Subnet Autoassign Public IP Error\" loading=\"lazy\" width=\"698\" height=\"495\" srcset=\"https:\/\/storage.ghost.io\/c\/5f\/2f\/5f2f4d20-2abf-4534-8d40-7aa233aedd43\/content\/images\/size\/w600\/2025\/03\/image-17-12.png 600w, https:\/\/storage.ghost.io\/c\/5f\/2f\/5f2f4d20-2abf-4534-8d40-7aa233aedd43\/content\/images\/2025\/03\/image-17-12.png 698w\"><figcaption><span style=\"white-space: pre-wrap;\">Click to view in HD<\/span><\/figcaption><\/figure><h3 id=\"invalid-apiversion-%E2%80%9Cclientauthenticationk8sio-error\">invalid apiversion \u201cclient.authentication.k8s.io Error<\/h3><p>This error primarily happens due to IAM RBAC issues.<\/p><p>We have created a detailed blog explaining the solutions for this issue.<\/p><p>Please refer <a href=\"https:\/\/devopscube.com\/invalid-apiversion-client-authentication-k8s-io\/\">client.authentication.k8s.io Error<\/a> blog for more information.<\/p><h3 id=\"latest-eks-version-is-not-available-in-eksctl\">Latest EKS version is not available in eksctl<\/h3><p>If you are trying to deploy the latest Kubernetes version with eksctl, you might get the following error.<\/p><pre><code>Error: invalid version, supported values: 1.23, 1.24, 1.25, 1.26, 1.27, 1.28, 1.29, 1.30<\/code><\/pre><p>To set up the latest Kubernetes versions in EKS, ensure you have the most recent version of the <code>eksctl<\/code> utility. Check for updates and upgrade it to the latest version if necessary.<\/p><p>Then you will be able to deploy the latest version available in EKS.<\/p><h2 id=\"cleanup-eks-resources\">Cleanup EKS Resources<\/h2><p>When you finish testing your EKS setup, make sure you clean up the cluster and all related AWS resources. This helps avoid unwanted charges.<\/p><p>Use the following command to delete the cluster.<\/p><pre><code class=\"language-bash\">eksctl delete cluster --name eks-spot-cluster --region us-west-2\n<\/code><\/pre><p>This removes Control plane, Managed node groups and CloudFormation stacks<\/p><h2 id=\"conclusion\">Conclusion<\/h2><p>We have looked into AWS EKS cluster creation using eksctl CLI.<\/p><p>When it comes to production deployment, ensure you follow the <a href=\"https:\/\/devopscube.com\/key-considerations-kubernetes-cluster-design-setup\/\">kubernetes cluster best practices.<\/a><\/p><p>You can also use tools like <a href=\"https:\/\/devopscube.com\/set-up-amazon-q-cli\/\" rel=\"noreferrer\">Amazon Q CLI<\/a> to manage EKS clusters.<\/p><p>If you are planning for <a href=\"https:\/\/devopscube.com\/best-kubernetes-certifications\/\">Kubernetes certification<\/a>, you can use eksctl to deploy test clusters very easily. Also, check out the kubernetes certification coupon to save money on CKA, CKAD, and CKS certification exams.<\/p>\n<hr><p><strong>Ngu\u1ed3n:<\/strong> <a href=\"https:\/\/devopscube.com\/create-aws-eks-cluster-eksctl\/\" target=\"_blank\" rel=\"noopener noreferrer\">How to Create AWS EKS Cluster Using eksctl \u2014 DevOpsCube<\/a><\/p>","protected":false},"excerpt":{"rendered":"<p>Source: https:\/\/devopscube.com\/create-aws-eks-cluster-eksctl\/<\/p>\n","protected":false},"author":1,"featured_media":290,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-289","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-devops"],"_links":{"self":[{"href":"https:\/\/blog.ngocha.biz\/index.php?rest_route=\/wp\/v2\/posts\/289","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.ngocha.biz\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.ngocha.biz\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.ngocha.biz\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.ngocha.biz\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=289"}],"version-history":[{"count":0,"href":"https:\/\/blog.ngocha.biz\/index.php?rest_route=\/wp\/v2\/posts\/289\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.ngocha.biz\/index.php?rest_route=\/wp\/v2\/media\/290"}],"wp:attachment":[{"href":"https:\/\/blog.ngocha.biz\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=289"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.ngocha.biz\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=289"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.ngocha.biz\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=289"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}