AWS EKS in Action
AWS EKS in Action
➔ Secure by default
I will be using Amazon Linux 2 EC instance with admin IAM role attached to it for
entire demo. Don’t forget to assign administrator IAM role to the instance or if you
are doing set-up in personal machine then make sure to configure aws cli locally.
➔ Install kubectl
https://docs.aws.amazon.com/eks/latest/user
guide/install-kubectl.html
➔ Install aws-iam-authenticator
https://docs.aws.amazon.com/eks/latest/user
guide/install-aws-iam-authenticator.html
➔ Install eksctl
https://docs.aws.amazon.com/eks/latest/user
guide/getting-started-eksctl.html or
https://eksctl.io/introduction/installation/
Create AWS EKS Cluster
Create Cluster:
Check that kubectl client get auto set properly or not by:
cat /home/ec2-user/.kube/config
https://gist.github.com/sd031/e72eb9f454340a7c844da31b97716e0a
Installing: Dashboard, Heapster, InfluxDb
Check: https://github.com/kubernetes/dashboard
kubectl apply -f
https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
https://github.com/kubernetes/dashboard/wiki/Accessing-Dashboard---1.7.X-and-above
Start proxy
Get a token
Log in
http://ip:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login
If any issue check all pods running properly or not: kubectl get pods -o wide --all-namespaces
Build the docker image using Dockerfile
use it with AWS ECR same way. To get the docker login and auto execute
The image: (All command are already given in AWS ECR UI, just use the same)
https://gist.github.com/sd031/d28f1bd0ca1b0aec7eb109804f966c60
https://gist.github.com/sd031/e5cd4a3d80813e779a7bb20b6cc3a8ea
Tip
If any issue check logs: Stories become more
credible when they use
kubectl get pods concrete details such as
the specific complex
kubectl describe pod pod_name_here moves Alberto learned
through Translate and
his 30 goals in 21 games
performance stats.
Auto Scaling: Horizontal Pod Autoscaler (HPA)
Install Helm
Find Auto Scaling group using the AWS Management Console, noting its name.
Edit the ASG's min/max size to 2 and 8 nodes, respectively.
Edit `cluster_autoscaler.yaml`, replacing `<AUTOSCALING GROUP NAME>` with the ASG name you found in the console.
Cluster_autoscaler.yaml file: https://gist.github.com/sd031/3f0f4c89559e0c4bf026d44db4855ad3
Optionally change the `AWS_REGION` to something other than `us-east-1` if you are working in a different region.
We need to configure an inline policy and add it to the EC2 instance profile of the worker nodes
## Deploy Prometheus
helm install -f prometheus-values.yaml stable/prometheus --name prometheus --namespace prometheus
Prometheus-values.yaml file: https://gist.github.com/sd031/1cd40bb5a5b14c39e87242845a92d1f3
## Install Grafana
kubectl create namespace grafana
Execute Script:
https://gist.github.com/sd031/2c54da7bb4476045a4ae7d3fda90e707
Run the following command to check if Grafana is deployed properly:
kubectl get all -n grafana
Get Load Balancer url:
export ELB=$(kubectl get svc -n grafana grafana -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
echo "http://$ELB"
When logging in, use the username admin and get the password hash by running the following:
kubectl get secret --namespace grafana grafana -o jsonpath="{.data.admin-password}" | base64 --decode ; echo
Final Grafana Dashboard Set-up
Create Dashboards:
You will notice that ‘Install Grafana’ & ‘create your first data source’ are already completed. We will import community created dashboard for
this tutorial
Click ‘+’ button on left panel and select ‘Import’
Enter 3131 dashboard id under Grafana.com Dashboard & click ‘Load’.
Leave the defaults, select ‘Prometheus’ as the endpoint under prometheus data sources drop down, click ‘Import’.
This will show monitoring dashboard for all cluster nodes
For creating dashboard to monitor all pods, repeat same process as above and enter 3146 for dashboard id, I personally like: 7249, 3091, 1860
You can find more dashboards and plugins in: https://grafana.com/grafana/dashboards/ - but as long term goal, learn how to do it by yourself
Clean up everything
Since we have used eksctl, it’s a lot easier,
Before doing anything, remove the inline policy from cluster instance role, just got to instance worker node, then check details, you will
find the role link: IAM role e.g. eksctl-mean-eks-demo-nodegroup-ng…..
Click on that, and you will see, under permission the policy you had added, e.g. CA, just delete that.
Then remove autoscaling, deployment , services, prometheus , grafana etc etc e.g.
kubectl delete -f cluster_autoscaler.yaml
kubectl delete -f nginx.yaml
Delete the horizontal pod autoscaler and load test:
kubectl delete hpa,svc php-apache
kubectl delete deployment php-apache load-generator
kubectl delete -f deplyment.yaml
helm delete prometheus
helm del --purge prometheus
helm delete grafana
helm del --purge grafana
Delete cluster:
Behind the scene the cloud formation stack will get deleted and accordingly resources will be deleted as well, must do it if you are doing in development or test as a temporary
deployment otherwise it will cost you a lot
There are few more things you need to know
This demo is just the start points and there is a lot more out there, the more you use it , the more
experience you will gather, so I will highly suggest try by yourself and deploy your own AWS EKS Cluster.
After trying the basic app deployments , the next thing you might be interested to learn are:
There are lot of resources available online you can learn (check the linked resources) or maybe you want
another meet-up to dig deeper into any of these, Let Me or Chirag know the same.
Good luck!
I hope you’ll use this knowledge and build
awesome solutions.