Amazon EKS
What is AWS EKS?
Amazon Elastic Kubernetes Service (Amazon EKS) is a fully managed Kubernetes service. Customers such as Intel, Snap, Intuit, GoDaddy, and Autodesk trust EKS to run their most sensitive and mission critical applications because of its security, reliability, and scalability.
Amazon EKS helps run Kubernetes control plane instances over multiple Availability Zones which makes sure that they are highly available and it also can be integrated with other Amazon service in order to provide scalability and security for user applications.
EKS creates master and slave nodes and set up entire Kubernetes cluster.
Amazon EKS Features
The main benefit of using Amazon EKS is that organizations can take full advantage of the reliability, availability, performance, and scale of the AWS platform, essential to which are integrations with AWS security and networking services.
- Managed Control Plane
- Managed Worker Nodes
- Service Discovery
- VPC Support
- Load Balancing
- Managed Cluster Updates
What is Kubernetes?
Kubernetes is a open-source,extensible and portable platform for container-orchestration system that is used for automating the process of deploying, scaling, and managing computer applications.It has a large, rapidly growing ecosystem. It keeps on monitoring the containers, if any container goes down, behind the scenes it requests docker to create another container with the same data.
How does AWS EKS work?
- First, create an Amazon EKS cluster in the AWS Management Console or with the AWS CLI or one of the AWS SDKs.
- Then, launch worker nodes that register with the Amazon EKS cluster. We provide you with an AWS CloudFormation template that automatically configures your nodes.
- When your cluster is ready, you can configure your favorite Kubernetes tools (such as kubectl) to communicate with your cluster.
- Deploy and manage applications on your Amazon EKS cluster the same way that you would with any other Kubernetes environment.
How can we deploy K8S cluster on EKS?
There are two ways to deploy our kubernetes cluster on top of EKS.
- Fargate Service of AWS: This gives us server less kubernetes cluster, server less doesn't mean they don't have servers, it is dynamic in nature, hence created only when it's required.
- EKS Cluster: Using the power of EKS Sevice which stand for Elastic Kubernetes Service.
How to create EKS Cluster on Fargate?
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
name: f-cluster
region: ap-southeast-1
fargateProfiles:
- name: fargate-default
selectors:
- namespace: kube-system
- namespace: default
This is the YAML code to create Fargate cluster.
Then this code is create the fargate cluster use following cmd to launch the cluster...
eksctl create cluster -f fargetcluster.yml
This will launch your EKS cluster on Fargate cluster.
After launching this we have to configure the kubectl.
aws eks update-kubeconfig --name f-cluster
This will automatically update the config file for kubectl and if it's not created it will create a new one.
How to create EKS Cluster?
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
name: awscluster
region: ap-south-1
nodeGroups:
- name: ng1
desiredCapacity: 3
instanceType: t2.micro
ssh:
publicKeyName: amzlinux
- name: ng2
desiredCapacity: 2
instanceType: t2.small
ssh:
publicKeyName: amzlinux
This is the YAML file for creating the EKS Cluster on AWS.
We can create this in any region.
Now similarly we can update the config file with the same command, we just have to change the cluster name.
aws eks update-kubeconfig --name awscluster
Creating EFS
As we have already launched our cluster either as fargate or eks cluster. We need to have EFS storage. For that go to WebUI of AWS.
EFS is a service of AWS which is used for providing persistent storage to our pods. For using aws EFS as storage we have to just install amazon-efs-utils on all worker nodes.While creating the EFS storage we have to create it in same VPC in which our nodes has been created so that they can connect to the EFS storage.
Create file system and the next page be careful to choose the VPC of the cluster we created.
Then leave everything default.
You will see your EFS is created and then you will get the details below which we will need to make files.
Create efs provisioner
apiVersion: apps/v1
kind: Deployment
metadata:
name: efs-provisioner
spec:
selector:
matchLabels:
app: efs-provisioner
replicas: 1
strategy:
type: Recreate
template:
metadata:
labels:
app: efs-provisioner
spec:
containers:
- name: efs-provisioner
image: quay.io/external_storage/efs-provisioner:v0.1.0
env:
- name: FILE_SYSTEM_ID
value: fs-3061ebe1
- name: AWS_REGION
value: ap-south-1
- name: PROVISIONER_NAME
value: eks-prov/aws-efs
volumeMounts:
- name: pv-volume
mountPath: /persistentvolumes
volumes:
- name: pv-volume
nfs:
server: fs-3061ebe1.efs.ap-south-1.amazonaws.com
path: /
Create RBAC (Role Based Access)
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: nfs-prov-role-binding
subjects:
- kind: ServiceAccount
name: default
namespace: wp-mysql
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
Role-based access control (RBAC) is a method of regulating access to computer or network resources based on the roles of individual users within your organization.
Now, we need PVC as storage class. But why?
If we write anything in our pod , and restart the pod, we will lose entire data . so if we attach PVC then, we can retrieve our data even if we delete or restart the pods.
apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: aws-efs provisioner: eks-prov/aws-efs
Necessary
Before moving further we need to install some program inside the nodes for having support for EFS. This software is amazon-efs-utils. So we need to install it in every node using yum install amazon-efs-utils
sudo yum install amazon-efs-utils -y
Do this in all the nodes.
Create MYSQL Deployment
Now, we are launching a MYSQL database which will be connected to WordPress. For this, I have launched a pod using MYSQL version 5.7 image. I have picked the environment variables form the pre-created secret and I have also created a service type- ClusterIP which would be connected to this pod.
apiVersion: v1
kind: Service
metadata:
name: wordpress-mysql
labels:
app: wordpress
spec:
ports:
- port: 3306
selector:
app: wordpress
tier: mysql
clusterIP: None
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: efs-mysql
annotations:
volume.beta.kubernetes.io/storage-class: "aws-efs"
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 20Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: wordpress-mysql
labels:
app: wordpress
spec:
selector:
matchLabels:
app: wordpress
tier: mysql
strategy:
type: Recreate
template:
metadata:
labels:
app: wordpress
tier: mysql
spec:
containers:
- image: mysql:5.6
name: mysql
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-pass
key: password
ports:
- containerPort: 3306
name: mysql
volumeMounts:
- name: mysql-persistent-storage
mountPath: /var/lib/mysql
volumes:
- name: mysql-persistent-storage
persistentVolumeClaim:
claimName: efs-mysql
Create Wordpress Deployment
Now I have launched a pod using WordPress version 4.8-apache image and provided the environment variables and I have created a service type-Load Balancer which would help us to expose this pod to the outside world so that we could connect to the WordPress.
apiVersion: v1
kind: Service
metadata:
name: wordpress
labels:
app: wordpress
spec:
ports:
- port: 80
selector:
app: wordpress
tier: frontend
type: LoadBalancer
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: efs-wordpress
annotations:
volume.beta.kubernetes.io/storage-class: "aws-efs"
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 20Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: wordpress
labels:
app: wordpress
spec:
selector:
matchLabels:
app: wordpress
tier: frontend
strategy:
type: Recreate
template:
metadata:
labels:
app: wordpress
tier: frontend
spec:
containers:
- image: wordpress:4.8-apache
name: wordpress
env:
- name: WORDPRESS_DB_HOST
value: wordpress-mysql
- name: WORDPRESS_DB_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-pass
key: password
ports:
- containerPort: 80
name: wordpress
volumeMounts:
- name: wordpress-persistent-storage
mountPath: /var/www/html
volumes:
- name: wordpress-persistent-storage
persistentVolumeClaim:
claimName: efs-wordpress
Create Kustomization file:
Kustomization file declares the customization provided by the kustomize program.
apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization secretGenerator: - name: mysql-pass literals: - password=redhat resources: - efs-provis.yml - rbac.yml - storage.yml - mysql.yml - wordpress.yml
Here we will first create secret box which will create password which we want for MySql and Wordpress.
Then we will tell the sequence in which we want the execution of the files.
Finally we will run the Kustomization file
kubectl create -k .
We will run this command in the directory where we have the Kustomization and all other files.
This will create our multi-tier architecture with persistent storage and very easy scale-able and fault tolerated with high availability.
Finally we will get the Wordpress site up and running good
It’s Done😎. Thanks For Reading🙏.
Any Suggestions and queries are most welcome .Feel free to comment below for any query or suggestions !!!
Amazing my friend Tushar Dighe