Improving the operating model of service deployments in AWS EKS

Deploying applications on Amazon Elastic Kubernetes Service (EKS) involves setting up several essential plugins to ensure smooth operation and integration with AWS services. This guide covers key plugins you need to activate and configure, including those that can be activated directly from the AWS console, as well as those requiring manual setup like the ALB Ingress Controller and External DNS that combined, they automate the mapping of the creation of a new load balancer with the existence DNS record, improving the operating model of the platform.

In this article, we assumed that the cluster is up and running, and the kubeconfig is configured on your terminal and you can interact with cluster.

Plugins Activated from the AWS Console

AWS EKS allows you to activate several essential plugins directly from the console:

1. Amazon VPC CNI: This plugin is installed by default and can be updated from the console.
2. kube-proxy: This plugin is responsible for network routing within the cluster and can be managed via the AWS console.
3. CoreDNS: CoreDNS handles service discovery and DNS resolution within the cluster and can also be managed from the console.

To ensure these plugins are up-to-date and correctly configured, navigate to the "Add-ons" section of your EKS cluster in the AWS Management Console and check the status of each.

Now lets setup the ALB Ingress Controller and External DNS:

1. Setting Up the ALB Ingress Controller

The AWS Load Balancer (ALB) Ingress Controller manages Kubernetes ingress resources and provides load balancing. Here’s how to set it up manually:

1. Create IAM Policy for the Controller:

curl -o alb-ingress-controller-iam-policy.json https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/main/docs/install/iam_policy.json

aws iam create-policy \
  --policy-name ALBIngressControllerIAMPolicy \
  --policy-document file://alb-ingress-controller-iam-policy.json        

2. Associate IAM Role with EKS Service Account:

eksctl create iamserviceaccount \
  --cluster <your-cluster-name> \
  --namespace kube-system \
  --name alb-ingress-controller \
  --attach-policy-arn arn:aws:iam::<account-id>:policy/ALBIngressControllerIAMPolicy \
  --approve        

3. Deploy the ALB Ingress Controller:

kubectl apply -k github.com/aws/eks-charts/stable/aws-load-balancer-controller//crds?ref=master

helm repo add eks https://aws.github.io/eks-charts

helm repo update

helm install aws-load-balancer-controller eks/aws-load-balancer-controller -n kube-system --set clusterName=<your-cluster-name>        

2. Deploying External DNS

To automatically update Route 53 records when services are deployed, set up External DNS:

1. Create IAM Policy for External DNS:

curl -o external-dns-policy.json https://raw.githubusercontent.com/kubernetes-sigs/external-dns/master/docs/tutorials/aws.md

aws iam create-policy \
  --policy-name ExternalDNSPolicy \
  --policy-document file://external-dns-policy.json        

2. Deploy External DNS with Helm:

helm repo add bitnami https://charts.bitnami.com/bitnami

helm repo update

helm install external-dns bitnami/external-dns --set provider=aws --set aws.zoneType=public --set policy=sync --set txtOwnerId=external-dns        

3. Configure External DNS for Route 53:

Ensure your services have the correct annotations:

apiVersion: v1
kind: Service
metadata:
  annotations:
    external-dns.alpha.kubernetes.io/hostname: myservice.example.com
spec:
  ports:
    - port: 80
  selector:
    app: myservice        

3. Editing external-dns deployment

After deploying External DNS, you need to add a domain-filter at the external-dns deployment manifest matching the DNS record --domain-filter=example.com

1. Add Wildcard DNS Record in the Kubernetes Manifest:

kubectl edit deployment external-dns -n kube-system        

apiVersion: apps/v1
kind: Deployment
metadata:
  name: external-dns
  namespace: external-dns
spec:
  selector:
    matchLabels:
      app: external-dns
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: external-dns
    spec:
      containers:
      - args:
        - --source=service
        - --source=ingress
        - --domain-filter=example.com
        - --provider=aws
        - --policy=upsert-only
        - --aws-zone-type=public
        - --registry=txt
        - --txt-owner-id=my-hostedzone-identifier
        image: registry.k8s.io/external-dns/external-dns:v0.13.4
        imagePullPolicy: IfNotPresent
        name: external-dns        

This setup ensures that any subdomain of example.com will route to your ALB, allowing for dynamic service discovery and load balancing.

Conclusion

By activating essential plugins from the AWS console and manually setting up the ALB Ingress Controller and External DNS, your EKS cluster will be well-equipped to handle dynamic workloads with seamless integration into AWS services. These steps ensure your cluster is robust, scalable, and easy to manage, allowing you to focus on building and deploying your applications.