Amazon Elastic Kubernetes Service (Amazon EKS) is a managed service that runs Kubernetes on AWS and we don’t need to manage the data plane. All installation/maintenance/patching and high availability will be handled automatically by AWS. This way we don’t have to spend our time managing the data warehouse so we can run our applications (i.e. applications /services) on Kubernetes |
What will you learn from this Externals-0.Us-East-1.elb.amazonaws.com.
For this blog, we will build a ready-to-use 3-tier application that will consist of a web portal, an application portal, and a database portal in EKS. We will create all relevant Kubernetes manifests and end them in EKS and ensure end-to-end consistency.
Components in EKS;
Kubernetes pods, replica sets, deployments, configmaps , privacy, applications ( external/ nodeport / clusterrip ), imports and so on.
Uses AWS services;
AWS EKS, AWS Load Balancer ( ALB), AWS Certificate Manager, AWS Route53, a .W.S.E.C.R.
Minimal/fair knowledge of Kubernetes and AWS tools mentioned above is required to fully understand this blog .
Let’s take a quick look at the architecture of the application. We deploy AWSEKS on a public network in the US-East-1A and US-East-1B availability zones. We also have 2 EC2 nodes ( i.e. node groups ) that handle the workload and reside on dedicated subnets in the US-East-1A and US-East-1B availability zones. The EC2 node will reach the Kubepi server of the EKS cluster through the NAT gateway on the public network .
The AWS Application Load Balancer ( ALB) resides on a public subnet and all user requests will be passed through the ALB. In ELB we have context based routing configured with Kubernetes ingress, so any HTTP request using /app1/* goes to the app1 NodePort service and will be balanced in the app1 pod . Similarly, any request using /app2/* will land on the app2 pod using the app2 NodePort server. Alternatively, app1 can connect to AWS RDS using external services in Kubernetes.
Develop a control strategy.
$ exctl group name create = exit –region=clock-1 –zone=clock-1a,clock-1b –with nodegroup 2021-09-23 16:18:46 [ ✔ ] Created ” exccluster ”
for all EKS cluster resources 2021-09-23 16:20:55 [ N ] kubectl should use the “/Users/deepabi/.kube/config ” command , try ‘ kubectl get nodes’
2021 -09- 23 16 : 20:55 [ ✔ ] ‘us- . EKS group ‘ excluster ‘ stored in east-1 ‘ is ready and
will include $ eksctl for group –region=us-east-1 NAME KEY EKSCTL CREATED
exclude us-east-1 true $ exctl utils associate- iam – oidc – provider — . region us-east-1 –cluster exclude –approve 2021-09-23 16:25:38 [N] ” IAM provider connection ID for cluster
This will automatically create an EKS control plane segment for you on the public subnet. A patrol plane will take about 20-30 minutes.
Create a path group.
$ create exctl nodegroup –cluster = eks group –region = an-old-1 –name = eksng — node-type = t2.average –nodes = 2 — node-that = 2 –nodes – max = 4 –node-volume-size=20 — ssh -access — ssh -public-key= cube –manged — asg -access –external- dns – access –full- ecr -access – – appmesh – access — alb -ingress-access –node-private-networking 2021-09-23 16:34:17 [ ✔ ] 1 managed node group(s) group
” excluster ” 2021-09 -23 16 : : : . 19 [ R ] Check security group configuration for all nodegroups
2021-09-23 16:34:19 [ R ] All nodegroups have been reconfigured.
The above command creates 4 subnets, 2 private and 2 public, 2 nodes as private in the subnet. It will also create an IAM role with the appropriate permissions and associate it with 2 EC2 instances. Now we have managed our EKS control plane and configured our node group of 2 nodes (to take our workload). Check the node using the kubectl command .
$ get kubectl nodes -o Full Name Account Group Year Version
ip-192-168-104-179.ec2.internal Configuration <Specific> 38m v1.20.7-eks-135321
ip-192-168-88-107.ec2 . Internal <any> 37m v1.20.7-ex-135321 fix.
Equipment Manufacture and Equipment Repair .
Here we will create a simple web application using python3 and containerize the application using docker.
App1 is named User-Service-App and adds/lists users to the MySQL database. App2 is a simple nginx web application. Based on the URL location, the request will be sent to App1 and App2 via AWS ALB.
I created a token, in kubernetes.io/cluster/ekscluster and for shared values in 2 public networks, after the access controller found the subnet to create the ALB and sent ‘ALB’.
We have created a nodegroup group and we have added nodegroup. If you get the same error , list the values accordingly.
Implement the alb resource , which automatically creates an ALB in AWS and adds domain routing rules. Check with the target group and make sure it passes external testing. Once you pass the health check, you can access the program using the following URL .
The user’s application node port service has a backend on port 32275. and our target group has a target that processes traffic on port 32275. This means that the LB port is . 32275 We also have a nodeport service listening on port 32275 that receives traffic and load balancing traffic between available backend pods. Second service nginxapp .
Elastic Load Balancing Developer Guide. I have also added an AAAA record with the –rr -type AAAA flag described in the manual.
The route 53 GUI populates forms A and AAAA after running the elb-associate-route53-hosted-zone commands. I deleted the document by saving the state of the document in the GUI and tried to rebuild it using only the GUI. I am getting this error.
In RRSset , type A is a target name with a host domain that is a valid alternative target name.
For this I used the Route 53 GUI. Does the Route 53 GUI support the creation of apex zone aliases that point to the elastic load balancer ?
DNS Name: New Balance-751654286.us-old-1.elb.amazonaws.com (registered)
Outer-0.US-East-1.alb.amazonous.com (AAAA records).
Outer-0.us-east-1.alb.amazonous.com (Certificate A or AAAA).
Never create an “A” column with a specific IP address, as the set of IP addresses associated with the load balancer may change over time. If you want to use a friendly DNS name for your loadbalancer instead of the one from the Elastic Load Balancing service , you need to create a CNAME record for the loadbalancer DNS name or use this Amazon Route 53 to create the host zone.