Scribd
Upload
21 views

EKS Deployment Explanation

Uploaded by

ducatmaterials
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
21 views

EKS Deployment Explanation

Uploaded by

ducatmaterials
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 4

# Complete EKS Deployment Guide

## Part 1: VPC Setup (eks-vpc.yaml)


```yaml
AWSTemplateFormatVersion: '2010-09-01'
Description: 'VPC Stack for EKS Cluster'
Resources:
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsHostnames: true
EnableDnsSupport: true
```

### Components Explained:


1. **VPC Configuration**
- Creates a VPC with CIDR block 10.0.0.0/16
- Enables DNS support and hostnames
- This gives us a private network space of 65,536 IP addresses

2. **Subnets**
```yaml
PublicSubnet1:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: 10.0.1.0/24
AvailabilityZone: !Select [0, !GetAZs '']
MapPublicIpOnLaunch: true
```
- Creates 4 subnets: 2 public and 2 private
- Each subnet is in a different availability zone for high availability
- Public subnets automatically assign public IPs to instances
- Each subnet has a /24 CIDR block (256 IP addresses)

3. **Internet Gateway**
```yaml
InternetGateway:
Type: AWS::EC2::InternetGateway
AttachGateway:
Type: AWS::EC2::VPCGatewayAttachment
```
- Creates and attaches an Internet Gateway to the VPC
- Enables internet connectivity for public subnets

## Part 2: EKS Cluster Setup

### Prerequisites
1. **IAM Roles Setup**
- Create EKS Cluster Role:
- Go to IAM → Roles → Create Role
- Select EKS service
- Attach `AWSEKSClusterPolicy`

- Create Node Group Role:


- Go to IAM → Roles → Create Role
- Select EC2 service
- Attach these policies:
* AmazonEKS_CNI_Policy
* AmazonEKSWorkerNodePolicy
* AmazonEC2ContainerRegistryReadOnly

### Cluster Creation Steps


1. Navigate to EKS in AWS Console
2. Click "Create cluster"
3. Configure:
- Name: cluster1
- Kubernetes version: 1.23
- Cluster service role: Select the cluster role created earlier
- VPC: Select the VPC created by CloudFormation
- Subnets: Select all subnets
- Security groups: Select default
- Cluster endpoint access: Public and private

## Part 3: Worker Node Configuration

### Node Group Setup


1. In EKS cluster:
- Go to Compute → Add Node Group
- Select Node IAM role created earlier
- Configure:
* Instance type: t2.medium
* Disk size: 16 GB
* Desired capacity: 2
* Maximum size: 4
* Minimum size: 1

### Instance Setup Script


```bash
#!/bin/bash

# System updates
sudo apt update -y
sudo apt install awscli -y

# AWS IAM Authenticator installation


curl -Lo aws-iam-authenticator https://github.com/kubernetes-sigs/aws-iam-
authenticator/releases/download/v0.5.9/aws-iam-authenticator_0.5.9_linux_amd64
chmod +x ./aws-iam-authenticator
mkdir -p $HOME/bin && cp ./aws-iam-authenticator $HOME/bin/aws-iam-authenticator
```

- This script:
* Updates the system
* Installs AWS CLI
* Sets up AWS IAM authenticator for EKS authentication
* Configures the PATH

## Part 4: Application Deployment

### Deployment Configuration


```yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: mydeployments
spec:
replicas: 2
selector:
matchLabels:
app: web
```

- Creates a deployment with:


* 2 replicas for high availability
* Labels for service selection
* Ubuntu container with Apache2
* Port 80 exposed

### Service Configuration


```yaml
apiVersion: v1
kind: Service
metadata:
name: myservice
spec:
type: NodePort
selector:
app: web
ports:
- port: 80
targetPort: 80
nodePort: 32462
```

- Creates a NodePort service:


* Exposes the application on port 32462
* Routes traffic to pods on port 80
* Enables external access

## Deployment Steps

1. **VPC Setup**
```bash
aws cloudformation create-stack --stack-name eks-vpc --template-body file://eks-
vpc.yaml
```

2. **EKS Cluster Setup**


```bash
# Configure AWS CLI
aws configure

# Update kubeconfig
aws eks --region us-east-1 update-kubeconfig --name cluster1
```

3. **Deploy Application**
```bash
# Apply configurations
kubectl apply -f deployment.yml
kubectl apply -f service.yml

# Verify deployment
kubectl get pods
kubectl get svc
```

4. **Access Application**
- Get worker node public IP
- Access application: http://<worker-node-ip>:32462

## Security Considerations

1. **Security Groups**
- Ensure inbound rules allow:
* Port 32462 for application access
* Port 22 for SSH access
* Port 80 for HTTP traffic

2. **IAM Roles**
- Use principle of least privilege
- Regularly review and audit permissions
- Use AWS managed policies when possible

## Monitoring and Maintenance

1. **Health Checks**
```bash
# Check node status
kubectl get nodes

# Check pod status


kubectl get pods

# Check services
kubectl get svc
```

2. **Logs**
```bash
# Get pod logs
kubectl logs <pod-name>

# Describe pod details


kubectl describe pod <pod-name>
```

You might also like