we will learn about AWS EKS. We will deploy a real-time 2048 game application and expose it to the outside world using Ingress and ALB Ingress Controller.
external user will talk to the application load balancer in the public subnet and then request will go to the pod. ingress will route the traffic inside the cluster. we need an ingress controller that watches for ingress resource and creates an application load balancer for us. in gress file allows user to access <exaMple.com> forward the request to the service and from the service request goes to POD.
prerequisites are -
kubectl – A command line tool for working with Kubernetes clusters.
eksctl – A command line tool for working with EKS clusters that automates many individual tasks. we will create eks cluster with this commands easily.
AWS CLI – A command line tool for working with AWS services, including Amazon EKS.
Create EKS cluster-
write command to easy create of eks cluster. it creates a vpc, subnet and all taken care by eksctl utility. after done eks cluster should reflect in aws UI. we can see resources, networkng, computers in eks cluster details. in overview there is a open ID Connected URL- this aws allows you to attach any identity provider, either we will cuse IAM now. there is a fargate profile also created in the default namespace, we have to adda new fargate profilel later because we have to deploy the app in another namespace, that's a concept in Fargate so we will create a new profile.
- eksctl create cluster --name demo-cluster --region us-east-1 --fargate
to download the kubeconfig file use command below. this will access the information and interact with EKS cluster.
aws eks update-kubeconfig --name<> --region <>
Create fargate profile-
create fargate profile with flag --namespace
eksctl create fargetprofile --cluster demo-cluster02 --region us-east-1 --name=alb-simple-app --namespace game-2048
Create yaml files -
create deployment.yaml, service.yaml and ingress.yaml files to create an application.
target port of svc and container port of deployment should same.
labels and selectors should same.
Ingress file have ingress class- alb, some annotations - internet facing and ip.
flow is - in the ingress file, when there is a matching rule then it forwards Request to SVC - svc forwards req to deployment with the same namespace.
apiVersion: v1 kind: Namespace metadata: name: game-2048 --- apiVersion: apps/v1 kind: Deployment metadata: namespace: game-2048 name: deployment-2048 spec: selector: matchLabels: app.kubernetes.io/name: app-2048 replicas: 5 template: metadata: labels: app.kubernetes.io/name: app-2048 spec: containers: - image: alexwhen/docker-2048 imagePullPolicy: Always name: app-2048 ports: - containerPort: 80 --- apiVersion: v1 kind: Service metadata: namespace: game-2048 name: service-2048 spec: ports: - port: 80 targetPort: 80 protocol: TCP type: NodePort selector: app.kubernetes.io/name: app-2048 --- apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: namespace: game-2048 name: ingress-2048 annotations: kubernetes.io/ingress.class: alb alb.ingress.kubernetes.io/scheme: internet-facing alb.ingress.kubernetes.io/target-type: ip spec: rules: - http: paths: - path: /* backend: serviceName: service-2048 servicePort: 80all pods are running -
all service are running -
we created a ingress-
Here in ingress-2048- address is empty now because we don't have an ingress controller which is necessary. In order to ingress resources to work, the cluster must have an ingress controller running. so we will make a ALB controller then adress will be there and then external users can access this thing. load balancer controller reads the ingress resource and then load balancer will be created.
Create IAM role and policy-
eksctl utils associate-iam-oidc-provider --cluster $cluster_name --approve
The eksctl utils associate-iam-oidc-provider command is used to associate an IAM OIDC (OpenID Connect) identity provider with an Amazon EKS (Elastic Kubernetes Service) cluster. This command is typically used to establish the necessary IAM OIDC trust relationship between your EKS cluster and AWS Identity and Access Management (IAM) roles, allowing Kubernetes service accounts within your cluster to assume IAM roles for certain tasks.
Now ALB controller access to aws services such as application load balancer. we need policies and roles because alb controller will create load balancer and needs to talsk to aws APIs.
Download IAM policy
curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.5.4/docs/install/iam_policy.json
Create IAM Policy
aws iam create-policy \
--policy-name AWSLoadBalancerControllerIAMPolicy \
--policy-document file://iam_policy.json
Create IAM Role
eksctl create iamserviceaccount \
--cluster=<your-cluster-name> \
--namespace=kube-system \
--name=aws-load-balancer-controller \
--role-name AmazonEKSLoadBalancerControllerRole \
--attach-policy-arn=arn:aws:iam::<your-aws-account-id>:policy/AWSLoadBalancerControllerIAMPolicy \
--approve
Deploy ALB controller -
using helm we deploy alb controller in AWS.
Add helm repo
helm repo add eks https://aws.github.io/eks-charts
Update the repo
helm repo update eks
Install
helm install aws-load-balancer-controller eks/aws-load-balancer-controller \
-n kube-system \
--set clusterName=<your-cluster-name> \
--set serviceAccount.create=false \
--set serviceAccount.name=aws-load-balancer-controller \
--set region=<region> \
--set vpcId=<your-vpc-id>
Verify that the deployments are running.
kubectl get deployment -n kube-system aws-load-balancer-controller
Now we get the address-
Go to aws ui and access the load balancer DNS name and paste it to the browser-
Thanks for reading :) happy learning!....