Kubernetes is one of those things that is very easy if simplified correctly but can be a tad hard once you start looking at the details. Do not worry about details right now, try to get something going.
Let's get to it.
Kubernetes is one of those things that is very easy if simplified correctly but can be a tad hard once you start looking at the details. Do not worry about details right now, try to get something going, and believe me, with time and experience, everything will make sense. :)
A couple of basics "reminders" first. I will not bore you with the definition, I assume you know what it is.
Kubernetes stands on multiple "core" resources. You can add others (as StatefulSets, LimitRange, …) but with those, you will have something working :
- Services. It is basically what defines access to pods,
- Deployments: you declare the pods and the replicas you want (how many pods you want),
- Ingress: manage how to access your services in a cluster,
- Ingress Controller: I highly recommend Ingress Nginx Controller,
- Namespaces: Environments.
On top of that, you would add DNS names (route53 …) and certificates.
To deploy, you would follow those "general" steps:
- Create the cluster,
- Create the Ingress controller and load balancer, link the DNS/certificates,
- Write the resources needed (deployments, ingress, …), those "needs" to be cut by environments and applications.
In this series, we will be focusing on EKS.
Create the cluster:
You can create a cluster in various ways, with the console, CloudFormation and Terraform. I have tried those 3 different ways. I started with the Cloudformation, then went on manual then Terraform. I am someone that needs to understand how something works, therefore the need to do manually before going to TF.
I followed the guide of AWS https://docs.aws.amazon.com/eks/latest/userguide/getting-started-console.html and can only recommend it. I do know I struggled at the beginning, here are a few things I remembered:
- You need to install everything in the same VPC.
- At the time, totally private clusters were not possible. I think they are working on this, but something will always be open. I reckon it was because the instances need to register they are Kubernetes. But that was in v1.10. The situation might have changed.
- If something does not work, try the "let me open too many ports, check it works, then restrict gradually".
The best thing I can recommend is to try to do it a couple of times. If you struggle, twitter has a big kubernetes community. Feel free to contact me as well (@SkylerDevops or in the comments here).
Create the Ingress Controller and Load balancer
To be honest, this guide (https://www.digitalocean.com/community/tutorials/how-to-set-up-an-nginx-ingress-with-cert-manager-on-digitalocean-kubernetes [you don't need the cert-manager]) is really straight forward and easy to follow.
An Ingress Controller basically gets the request someone places and send it to the correct services/deployment. I would suggest creating the nginx ingress controller, then the load balancer. The LB can take some time to appear in AWS.
Here is the NLB version:
kind: Service
apiVersion: v1
metadata:
name: ingress-nginx
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: nlb
service.beta.kubernetes.io/aws-load-balancer-internal: "true"
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: #{Certificate}
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "ssl"
spec:
externalTrafficPolicy: Cluster
type: LoadBalancer
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
ports:
- name: http
port: 80
targetPort: http
- name: https
port: 443
targetPort: https
Write the resources needed
I will give you the template I am currently using. Feel free to tweak it.
With time, you might look into moving the environment variables to a ConfigMap. Envs are not the "safest" way to do, but they do the job good enough.
You don't need to use the same ports than me. However, you will need to expose those ports in your Dockerfile.
apiVersion: apps/v1
kind: Deployment
metadata:
name: #{Name}
namespace: #{Namespace}
spec:
replicas: 2
selector:
matchLabels:
app: #{Name}
template:
metadata:
labels:
app: #{Name}
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- #{Name}
containers:
- name: #{Name}
image: #{AWSAccount}.dkr.ecr.#{Region}.amazonaws.com/#{Name}:#{Number}
env:
- name: "something"
value: "something"
ports:
- containerPort: 80
name: #{ContainerPort}
---
apiVersion: v1
kind: Service
metadata:
name: #{Name}-svc
namespace: #{Namespace}
spec:
ports:
- port: 8080
targetPort: 80
selector:
app: #{Name}
type: NodePort
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: #{Name}
namespace: #{Namespace}
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/rewrite-target: /$2
spec:
rules:
- host: #{Host}
http:
paths:
- path: #{Path}(/|$)(.*)
backend:
serviceName: #{Name}-svc
servicePort: 8080
And that's basically it for a beginner-friendly EKS cluster!
I would as well suggest installing the UI dashboard (https://docs.aws.amazon.com/eks/latest/userguide/dashboard-tutorial.html).
Have fun!
Top comments (0)