Complete application built on AWS-EKS architecture

AWS-EKS:

Amazon EKS (Elastic Container Service for Kubernetes) is a managed Kubernetes service that allows you to run Kubernetes on AWS without the hassle of managing the Kubernetes control plane. The Kubernetes control plane plays a crucial role in a Kubernetes deployment as it is responsible for how Kubernetes communicates with your cluster starting and stopping new containers, scheduling containers, performing health checks, and many more management tasks.

Kubernetes:

Kubernetes (also known as k8s or “kube”) is an open source container orchestration platform that automates many of the manual processes involved in deploying, managing, and scaling containerized applications. Kubernetes clusters can span hosts across on-premise, public, private, or hybrid clouds. For this reason, Kubernetes is an ideal platform for hosting cloud-native applications that require rapid scaling.

EKS architecture:

• For doing the task there are multiple steps.

STEP 1:

We require a couple of programs before starting the task.

1. AWS CLI

2. EKSCTL

3. KUBECTL

https://kubernetes.io/docs/tasks/tools/install-kubectl/

4. AWS account which can be created on https://aws.amazon.com/ (NOTE: credit card has to be added as all services and instance type are not free, they take minimal charge)

5. Profile configuration

The access and secret key can be obtained from the csv file downloaded after creating the key pair.

• Now we can start our task. But we are going to use IAAC concept instead of using GUI and CLI. IAAC (Infrastructure as code) helps to deploy the software faster in multiple servers, avoid inconsistencies of software versions in the servers, increases productivity and lower costs. Also helps to achieve automation.

STEP 2: Creation of Cluster

For cluster creation we are going to write a code in YAML format as kubernetes support YAML. After our file is created with necessary requirements we can use eksctl command to create a cluster. eksctl can create and destroy a cluster in just one click.

command: eksctl create cluster -f cluster.yml

Creating cluster require atleast 15-20 minutes as there are a lot of resources (such as VPC, EC2 instances, NAT Gateway, etc.) creating behind the scene. Wait until you see something like EKS cluster <clustername> in ap-south-1 region is ready.

eksctl behind the scene communicates/sends information to AWS CloudFormation, and they create the entire cluster.

Our cluster consists of two node groups each having different instance type and number of desired instances. For public key we can create key pairs in EC2 service, in my case I have one.

After cluster is launched, we need to update our configuration file of kubectl so that we can link our kubectl with the new cluster. kubectl is a client based program which clients can use to connect to the nodes and for this it uses config file.

command: aws eks update-kubeconfig --name=<clustername>

After cluster is created we can use the public key for ssh into each amazon instance so that we can install amazon-efs-utils in every instance.

command: yum install amazon-efs-utils

The amazon-efs-utils package comes with a mount helper and tooling that makes it easier to perform encryption of data in transit for Amazon EFS. A mount helper is a program that you use when you mount a specific type of file system. Here our file system is EFS.

STEP 3: EFS creation (persistent volume)

The nodes created have ephemeral storage i.e after they are terminated all the data will be lost. If we want that our critical data for eg: database data then we need an external storage/volume which is persistent i.e even after node is terminated we still have our data in external volume. In AWS EBS volume could be used but EFS provides file system and it can be attached to instances even if it is not in the same A.Z as the instance.

First go to WEBUI of AWS and Create EFS Storage in Your Region. The container reads a configmap which contains the EFS filesystem ID, the AWS region and the name you want to use for your efs-provisioner. This name will be used later when you create a storage class.

eksctl command also creates a VPC and a common security group for us. We have to make sure to use VPC and security group created by eksctl.

A. Create EFS provisioner:

The efs-provisioner allows you to mount EFS storage as PersistentVolume in kubernetes. It consists of a container that has access to an AWS-EFS resource.

Before creating this one thing we have to do which is creating a new namespace. Namespace is like our own space. Namespaces are Kubernetes objects which partition a single Kubernetes cluster into multiple virtual clusters.

command: kubectl create namespace namesp1

and kubectl get ns (to see all namespaces we have)

command to create efs-provisioner:

kubectl create -f create-efs-provisioner.yaml -n namesp1

B. Create RBAC (Role-Based Access Control):

Role-based access control (RBAC) is a method of regulating access to computer or network resources based on the roles of individual users within an enterprise.

command: kubectl create -f rbac.yaml -n namesp1

C. Storage Class creation:

A StorageClass is used to define which provisioner should be used and what parameters should be passed when dynamic provisioning is invoked. We can define different volume type if we want in storage class.

We are going to create 2 PVC, one for wordpress and other for MySQL. A persistent volume claim (PVC) is a request for storage, which is met by binding the PVC to a persistent volume (PV). A PVC provides an abstraction layer to the underlying storage.

command: kubectl create -f create-sc.yaml -n namesp1

STEP 4: MySQL Deployment

Now, I have created MySQL deployment code for launching MySQL database as a back-end application. In this code, user and password is taken from secret box and volume used is the one created as PVC.

command: kubectl create -f mysql-deploy.yaml -n namesp1

STEP 5: Wordpress Deployment

Now, I have created wordpress deployment code for launching wordpress as a front-end application. Also we require a load balancer so that 1 unique public IP can be provided to the public. We are using LoadBalancer service type which will use ELB service to create a load balancer.

This application can be accessed by clients and the data will be stored in the database i.e MySQL.

command: kubectl create -f wordpress-deploy.yaml -n namesp1

STEP 6: Kustomization File

If we want to run these above YAML files (from efs-provisioner till wordpress-deploy) in some order as per requirement then we can use kustomization file. This file automatically runs all the files in order. Or we can run each file step by step (commands are provided).

First this file will generate a secret box (containing password) for MySQL and wordpress and then efs-provisioner.yaml to wordpress-deploy.yaml will run in the above order.

OUTPUT:

The deployment is now successfully launched and ready to use. The public IP can be seen as highlighted part.

STEP 7:

At last we must delete our cluster using the following command.

command: kubectl delete cluster -f cluster.yml

If we don't delete cluster then per hour EKS service will charge $0.10 which might add up to large amount later. Also crosscheck with AWS console if cluster and all its components are deleted completely.

ADDITIONAL:

The above application can be built on Fargate cluster. AWS Fargate is a serverless compute engine for containers that works with both Amazon Elastic Container Service (ECS) and Amazon Elastic Kubernetes Service (EKS). Fargate makes it easy for you to focus on building your applications.

Fargate removes the need to provision and manage servers, lets you specify and pay for resources per application, and improves security through application isolation by design. Also Fargate provides isolation, better security, less cost, etc.

GITHUB LINK: