Integration of AWS Elastic Kubernetes Service with EFS
Deepak Sharma
3 x RedHat Certified Engineer (EX200, EX294, EX180) || DevOps Engineer || Docker || K8s || Ansible || Linux || Git || Github || Gitlab || Terraform || Jenkins || Cloud Computing || AWS
Objective
In this tasks we will see about the EKS and its uses case how it use and how it configure .Also integrate EKS with other aws services like ELB, EFS , and EBS .After doing Integration we can launch a pod that will be Wordpress with MySQL and we first configure MySQL and then Wordpress.
Tools Required:
- AWS CLI
- Kubectl
- eksctl
Step-1 First aws configure with IAM user with admin power
After create IAM user login by Command line. For this ,we use "aws configure" command and gives access and secret key to login.
This is the cluster file to create cluster.Here we attach our public key .So we can login using ssh and manage our node or slave.
apiVersion: eksctl.io/v1alpha5 kind: ClusterConfig metadata: name: lwcluster region: ap-south-1 nodeGroups: - name: ng1 desiredCapacity: 2 instanceType: t2.micro ssh: publicKeyName: cloudkey - name: ng2 desiredCapacity: 1 instanceType: t2.micro ssh: publicKeyName: cloudkey
We are going to create k8s cluster using cli. But by default aws cli do not provide so much functions and properties for EKS so, there is a client called eksctl we are going to configure that and then using kubectl client we are going to deploy out services on our cluster and for PVC we create EFS and provision it.So we can create our cluster by command line using eksctl command
eksctl create cluster -f cluster.yml
It takes about 10-20 minutes to create cluster setup. eksctl used cloudformation to create cluster in aws.
After cluster created ,we have to configure it ,so we can use kubectl command .
aws eks update-kubeconfig --name lwcluster { to configure k8s cluster}
kubectl get nodes { to verify }
Step-2 Create EFS
We want our PVC should create in EFS so we need to create EFS but, before going further we need to do a very small thing. By default amazon nodes do not have utility to connect with EFS. We need to login to each node using ssh and install it.
ssh -i cloudkey.pem -l ec2-user 13.126.175.74 sudo yum install amazon-efs-utils -y
Now create EFS manually.And create EFS with same vpc and security group( CLuster ShareNode Security Group) used within cluster. It is good pratice to create EFS storage in all region.
Let’s create namespace for our cluster to launch services there.Here I created namespace:- for wordpress and mysql and make as bydefault namespace .
Kubectl create ns wp-ms kubectl config set-context --current --namespace=wp-ms
Now all pods are launched in wp-ms namespace.
STEP-3 Create efs-provisioner
Let’s wordpress namespace is used to launch services.We now, have to create YAML code for EFS provisioner to be able to mount PVC to EFS or we can can that to create PVC in EFS.
kind: Deployment apiVersion: apps/v1 metadata: name: efs-provisioner spec: selector: matchLabels: app: efs-provisioner replicas: 1 strategy: type: Recreate template: metadata: labels: app: efs-provisioner spec: containers: - name: efs-provisioner image: quay.io/external_storage/efs-provisioner:v0.1.0 env: - name: FILE_SYSTEM_ID value: fs-b526ac64 - name: AWS_REGION value: ap-south-1 - name: PROVISIONER_NAME value: wordpress/aws-efs volumeMounts: - name: pv-volume mountPath: /persistentvolumes volumes: - name: pv-volume nfs: server: fs-b526ac64.efs.ap-south-1.amazonaws.com
path: /
In this file we change file id ,provisioner name's value and server before run ..Run this file by command :--
kubectl create -f create-efs-provisioner.yml -n wp-ms
We see one pod is launched in our namespace .Now, we are giving cluster role binding permission.
--- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: nfs-provisioner-role-binding subjects: - kind: ServiceAccount name: default namespace: wp-ms roleRef: kind: ClusterRole name: cluster-admin apiGroup: rbac.authorization.k8s.io
kubectl create -f create-rbac.yml -n wp-ms
Step-4 Deploy wordpress and mysql
- First we create storage class and pvc
kind: StorageClass apiVersion: storage.k8s.io/v1 metadata: name: aws-efs provisioner: wordpress/aws-efs --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: efs-wordpress annotations: volume.beta.kubernetes.io/storage-class: "aws-efs" spec: accessModes: - ReadWriteMany resources: requests: storage: 10Gi --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: efs-mysql annotations: volume.beta.kubernetes.io/storage-class: "aws-efs" spec: accessModes: - ReadWriteMany resources: requests: storage: 10Gi
In this code we will create 2 pvc .One for mysql and one for wordpress . We provide 10gi as a storage for both . In access modes ,we gives ReadWriteMany ,so when load increase,replicas are also connect to same pvc.
kubectl create -f create-storage.yaml -n wp-ms
2. Create secret box for mysql and wordpress .So some critical information can put inside it like login information.
kubectl create secret generic mysql-pass --from-literal=password=redhat
3. Now we can deploy wordpress and mysql .First we launch mysql and start service ,then launch wordpress.
Mysql file
apiVersion: v1 kind: Service metadata: name: wordpress-mysql labels: app: wordpress spec: ports: - port: 3306 selector: app: wordpress tier: mysql clusterIP: None --- apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2 kind: Deployment metadata: name: wordpress-mysql labels: app: wordpress spec: selector: matchLabels: app: wordpress tier: mysql strategy: type: Recreate template: metadata: labels: app: wordpress tier: mysql spec: containers: - image: mysql:5.6 name: mysql env: - name: MYSQL_ROOT_PASSWORD valueFrom: secretKeyRef: name: mysql-pass key: password ports: - containerPort: 3306 name: mysql volumeMounts: - name: mysql-persistent-storage mountPath: /var/lib/mysql volumes: - name: mysql-persistent-storage persistentVolumeClaim: claimName: efs-mysql
To run this file ,we use kubectl create command
kubectl create -f deploy-mysql.yaml -n wp-ms
I create a MySQL pod or server by using deployment and get password of MySQL from secret and mount our pvc to its path.
Now we deploy wordpress by:-
kubectl create -f deploy-wordpress.yaml -n wp-ms
apiVersion: v1 kind: Service metadata: name: wordpress labels: app: wordpress spec: ports: - port: 80 selector: app: wordpress tier: frontend type: LoadBalancer --- apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2 kind: Deployment metadata: name: wordpress labels: app: wordpress spec: selector: matchLabels: app: wordpress tier: frontend strategy: type: Recreate template: metadata: labels: app: wordpress tier: frontend spec: containers: - image: wordpress:4.8-apache name: wordpress env: - name: WORDPRESS_DB_HOST value: wordpress-mysql - name: WORDPRESS_DB_PASSWORD valueFrom: secretKeyRef: name: mysql-pass key: password ports: - containerPort: 80 name: wordpress volumeMounts: - name: wordpress-persistent-storage mountPath: /var/www/html volumes: - name: wordpress-persistent-storage persistentVolumeClaim: claimName: efs-wordpress
Now this Wordpress can joint with MySQL database .and store data inside it.After it ,we can access wordpress by service external ip .
kubectl get svc -n wp-ms
By using external ip ,we get webui of wordpress sit.
Additional
We can also use fargate service which provide a server less for EKS.
eksctl create cluster -f fargatecluster.yml
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
name: far-cluster
region: ap-southeast-1
fargateProfiles:
- name: fargate-default
selectors:
- namespace: kube-system
- namespace: default
To check fargate profile
eksctl get fargateprofile --cluster far-cluster
This is the integration of amazon Elastic Kubernates service with EFS
Thank you