Amazon EKS - managed k8s service
What is EKS?
Amazon Elastic Kubernetes Service (Amazon EKS) is a fully managed service that makes it easy for you to run Kubernetes on AWS without needing to stand up or maintain your Kubernetes control plane. Kubernetes is an open-source system for automating the deployment, scaling, and management of containerized applications.
The biggest advantage of EKS over the other similar hosted Kubernetes services are taking away the operational burden involved in running this control plane. EKS uses the CloudFormation to do automate provisioning, scaling, and managing the Kubernetes control plane to ensure high availability, security, and scalability.
EKS is one of the powerful and popular services provided by AWS. Most of the big companies such as Intel, Snap, Intuit, GoDaddy, and Autodesk trust EKS to run their most sensitive and mission-critical applications because of its security, reliability, and scalability.
There are two ways through which we can implement the EKS cluster:
- WebUI
- CLI
Here we are going to use the CLI for creating a Multi-Node EKS Cluster
Prerequisite:
- AWS Account
- AWS CLI: Download from : https://kubernetes.io/docs/tasks/tools/install-kubectl/
- eksctl Download from: https://docs.aws.amazon.com/eks/latest/userguide/getting-started-eksctl.html
- kubectl, Download from: https://kubernetes.io/docs/tasks/tools/install-kubectl/
eksctl command:
eksctl is a simple CLI tool for creating clusters on EKS - Amazon's new managed Kubernetes service for EC2.
kubectl Command
The Kubernetes command-line tool, kubectl, allows you to run commands against Kubernetes clusters. You can use kubectl to deploy applications, inspect and manage cluster resources, and view logs.
Let's get started with the implementation-
Before starting making sure that the aws configuration is done in CLI
Now configure aws account:
Now lets create EKS cluster:
The Amazon EKS control plane consists of control plane instances that run the Kubernetes software, such as etcd and the API server. The control plane runs in an account managed by AWS, and the Kubernetes API is exposed via the Amazon EKS API server endpoint. Each Amazon EKS cluster control plane is single-tenant and unique and runs on its own set of Amazon EC2 instances.
The cluster control plane is provisioned across multiple Availability Zones and fronted by an Elastic Load Balancing Network Load Balancer. Amazon EKS also provisions elastic network interfaces in your VPC subnets to provide connectivity from the control plane instances to the worker nodes (for example, to support kubectl exec, logs, and proxy data flows).
Amazon EKS worker nodes run in your AWS account and connect to your cluster's control plane via the Kubernetes API server endpoint and a certificate file that is created for your cluster.
Cluster creation typically takes between 10 and 15 minutes. After you create an Amazon EKS cluster, you must configure your Kubernetes tooling to communicate with the API server and launch worker nodes into your cluster.
below yml code creates cluster for you
apiVersion: eksctl.io/v1alpha5 kind: ClusterConfig metadata: name: EKS-CLuster region: ap-south-1 nodeGroups: - name: ng1 desiredCapacity: 2 instanceType: t2.micro ssh:
publicKeyName: EKS-key
Use this command to create cluster, it may take some minutes to create the cluster.
eksctl create cluster -f cluster.yml
After launching cluster update the configaration file:
aws eks update-kubeconfig --name wp-mysql_cluster
View your Kubernetes config file using
kubectl config view
Creating EFS for storing data
Amazon Elastic File System (Amazon EFS) provides a simple, scalable, fully managed elastic NFS file system for use with AWS Cloud services and on-premises resources. It is built to scale on demand to petabytes without disrupting applications, growing and shrinking automatically as you add and remove files, eliminating the need to provision and manage capacity to accommodate growth.
Creating EFS Provisioner
kind: Deployment apiVersion: apps/v1 metadata: name: efs-provisioner spec: selector: matchLabels: app: efs-provisioner replicas: 1 strategy: type: Recreate template: metadata: labels: app: efs-provisioner spec: containers: - name: efs-provisioner image: quay.io/external_storage/efs-provisioner:v0.1.0 env: - name: FILE_SYSTEM_ID value: fs-d055df01 - name: AWS_REGION value: ap-south-1 - name: PROVISIONER_NAME value: eks/aws-efs volumeMounts: - name: pv-volume mountPath: /persistentvolumes volumes: - name: pv-volume nfs: server: fs-d055df01.efs.ap-south-1.amazonaws.com
path: /
Replace the File system ID with the ID you get from EFS service page in the AWS management console or we can print the same through the Terraform code. Also, replace the server.
Modifying RBAC
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: nfs-provisioner-role-binding
subjects:
- kind: ServiceAccount
name: default
namespace: thegreat
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
We have created a YML code to modify some permissions using ROLE BASED ACCESS CONTROL (RBAC).
Creating Storage Class
apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: aws-efs
provisioner: eks-efs/aws-efs
Now deploy MySQL.yml
apiVersion: v1 kind: Service metadata: name: wordpress-mysql labels: app: wordpress spec: ports: - port: 3306 selector: app: wordpress tier: mysql clusterIP: None --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: efs-mysql annotations: volume.beta.kubernetes.io/storage-class: "aws-efs" spec: accessModes: - ReadWriteMany resources: requests: storage: 20Gi --- apiVersion: apps/v1 kind: Deployment metadata: name: wordpress-mysql labels: app: wordpress spec: selector: matchLabels: app: wordpress tier: mysql strategy: type: Recreate template: metadata: labels: app: wordpress tier: mysql spec: containers: - image: mysql:5.6 name: mysql env: - name: MYSQL_ROOT_PASSWORD valueFrom: secretKeyRef: name: mysql-pass key: password ports: - containerPort: 3306 name: mysql volumeMounts: - name: mysql-persistent-storage mountPath: /var/lib/mysql volumes: - name: mysql-persistent-storage persistentVolumeClaim:
claimName: efs-mysql
After deploy WordPress.yml
apiVersion: v1 kind: Service metadata: name: wordpress labels: app: wordpress spec: ports: - port: 80 selector: app: wordpress tier: frontend type: LoadBalancer --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: efs-wordpress annotations: volume.beta.kubernetes.io/storage-class: "aws-efs" spec: accessModes: - ReadWriteMany resources: requests: storage: 5Gi --- apiVersion: apps/v1 kind: Deployment metadata: name: wordpress labels: app: wordpress spec: selector: matchLabels: app: wordpress tier: frontend strategy: type: Recreate template: metadata: labels: app: wordpress tier: frontend spec: containers: - image: wordpress:4.8-apache name: wordpress env: - name: WORDPRESS_DB_HOST value: wordpress-mysql - name: WORDPRESS_DB_PASSWORD valueFrom: secretKeyRef: name: mysql-pass key: password ports: - containerPort: 80 name: wordpress volumeMounts: - name: wordpress-persistent-storage mountPath: /var/www/html volumes: - name: wordpress-persistent-storage persistentVolumeClaim:
claimName: efs-wordpress
And Our whole setup is ready.
GitHub code: