How to create an Amazon EKS : Step by Step guide to create an Amazon EKS cluster.

The complete documentation to create an Amazon Elastic Container Service for Kubernetes (Amazon EKS) Cluster.

Task Statement –

Use the AWS EKS service/developer tool to spin up a Kubernetes infrastructure and deploy a sample application. As part of our setup, we will use many AWS services like AWS EC2, AWS CloudFormation and AWS EKS.

Kubernetes

Kubernetes is an open source orchestrator for deploying and managing containerized applications at a large scale. It provides tools necessary to build and deploy reliable, scalable distributed applications.

Understanding about the some Amazon Web Services tools.

The AWS services that we will be using are as follows-

AWS EKS

Amazon Elastic Container Service for Kubernetes (Amazon EKS) makes it easy to deploy, manage, and scale containerized applications using Kubernetes on AWS. Amazon EKS runs the Kubernetes management infrastructure for you across multiple AWS availability zones to eliminate a single point of failure. 

AWS CloudFormation

AWS CloudFormation is a service that helps you model and set up your Amazon Web Services resources so that you can spend less time managing those resources and more time focusing on your applications that run in AWS. You create a template that describes all the AWS resources that you want (like Amazon EC2 instances or Amazon RDS DB instances), and AWS CloudFormation takes care of provisioning and configuring those resources for you.

AWS EC2 –

Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers. Amazon EC2’s simple web service interface allows you to obtain and configure capacity with minimal friction. It provides you with complete control of your computing resources and lets you run on Amazon’s proven computing environment.

WorkFlow –

  • In this, we will create one instance, then we will install and configure kubectl for EKS on this instance, this will also contain AWS CLI to configure EKS.
  • Then we will create an EKS cluster on the default VPC from the instance.
  • We will then create a stack of worker nodes and deploy it to our EKS cluster.
  • Lastly we will deploy a sample application on the kubernetes cluster from the instance.

Steps to Create an Amazon EKS Cluster

1. Amazon EKS Prerequisites

a. Create your Amazon EKS Service Role

First of all, we will create an Amazon EKS Service Role that Kubernetes can assume to create AWS resources.

  • Under Services, type IAM and click.
    • Choose Roles and then click Create Role.
    • Choose EKS from the list of services and click Next:Permissions.
    • Click Next:Tags and then Click Next:Review.

Give Role name as ‘eksServiceRole’. And then click Create role, this will create an EKS IAM role.              

2. Creation of an EC2 instance

a. Generate a Key Pair

First of all, we will create an instance and access it through putty (free and open source terminal emulator). For accessing it through putty, we need to have a key pair.

  • Under Services, type EC2 and click.
    • On the left side, scroll down and click ‘Key Pairs’.
    • Click create Key Pair.
  • Give name as ‘EksKeyPair’. A file with .pem extension will be generated and download automatically.
  • On your windows machine, search for PuttyGen and click ‘Load’.
  • After clicking Load, select type as -> All Files (*.*) and then select the .pem file which is downloaded and click open.
  • Click Save private key and click yes.
  • Give file name as ‘EksKeyPair’ and save it.

b. Generate Security Group

Every instance is associated with some security group that provide security at the protocol and port access level.

  • Go to AWS console. On the left side, click on Security Groups.
  • Click create Security Group.
  • Give name and description as ‘EksSecurityGroup’.
  • Under VPC select the VPC as the default VPC.
  • Under Inbound section, click Add Rule.
  • Give port range as 22 and Source should be as -> 0.0.0.0/0, ::/0
  • Click Add Rule.
  • Give port range as 80 and Source should be as -> 0.0.0.0/0, ::/0
  • Click Add Rule.
  • Give port range as 8080 and Source should be as -> 0.0.0.0/0, ::/0
  • Click Add Rule.
  • Give port range as 30914 and Source should be as -> 0.0.0.0/0, ::/0
  • Click create.
  • You should see your security group here.

c. EC2 Instance

An EC2 instance is a virtual server in Amazon’s Elastic Compute Cloud (EC2) for running applications on the Amazon Web Services (AWS) infrastructure.

  • Under Services, type EC2 and click.
  • Click on launch instance. Select the sixth one as shown in fig below.
  • Select the second one which is t2.micro (Free Tier Eligible) and click Configure Instance Details.
  • Click next for Add Storage Page. Click next for Add Tags.
  • Click Add Tag.  Key – ‘Name’, Value – ‘Eks’. Click next.
  • Check Select an existing security group.
  • Select the ‘EksSecurityGroup’ which you created earlier.
  • Click Review and Launch. Click launch.
  • Select ‘Choose an existing key pair’.  Select ‘EksKeyPair’ that you generated earlier. Select the checkbox. Click Launch Instance.
  • Click View instances. You will see your instance being created. It will take 2 minutes to be in running state.

d. Access the EC2 instance through putty (free and open source terminal emulator).

  • In the above figure, copy the public DNS(IPv4) and add a prefix to it as [email protected]<Copied DNS> . Example – If DNS is ‘ ec2-3-86-92-240.compute-1.amazonaws.com’, then it will be ‘[email protected]
  • In your Windows, search for putty and paste it in the Hostname.
  • On the left, Click on SSH and then AUTH. Click Browse, and select the private key (with .ppk extension) that you saved earlier. Click open. Click Yes.

Through this, you will be accessing your Virtual Machine (EC2). You will see it like this ->


3. Install and Configure kubectl for Amazon EKS

Kubernetes uses a command-line utility called kubectl for communicating with the cluster    API server. Amazon EKS clusters also require the AWS IAM Authenticator for Kubernetes to allow IAM authentication for your Kubernetes cluster.

a. To install kubectl for Amazon EKS

On the terminal that you opened through putty execute the following commands to install kubectl. Using kubectl, you can inspect cluster resources; create, delete, and update components; look at your new cluster; and bring up example apps.

Execute these commands.

To download kubectl binary :

curl -o kubectl https://amazon-eks.s3-us-west-2.amazonaws.com/1.11.5/2018-12-06/bin/linux/amd64/kubectl

To add executable permissions to the downloaded binary file :

chmod +x ./kubectl

Add the kubectl to the bin path :

mkdir $HOME/bin && cp ./kubectl $HOME/bin/kubectl && export PATH=$HOME/bin:$PATH

echo ‘export PATH=$HOME/bin:$PATH’ >> ~/.bashrc

Finally we can verify using this command,

kubectl version –short –client

b. To install aws-iam-authenticator for Amazon EKS

Execute these commands.

To download the aws-iam-authenticator binary file :

curl -o aws-iam-authenticator https://amazon-eks.s3-us-west-2.amazonaws.com/1.11.5/2018-12-06/bin/linux/amd64/aws-iam-authenticator

To add executable permissions to the downloaded binary file :

chmod +x ./aws-iam-authenticator

Add the aws-iam-authenticator to the bin path :

cp ./aws-iam-authenticator $HOME/bin/aws-iam-authenticator && export PATH=$HOME/bin:$PATH

echo ‘export PATH=$HOME/bin:$PATH’ >> ~/.bashrc

Test that the aws-iam-authenticator binary works by executing this command

aws-iam-authenticator help

c. Download and Install the Latest AWS CLI

Execute these following commands.

sudo apt update

sudo apt install python3-pip

pip3 –version

pip3 install awscli –upgrade –user

To use the AWS CLI with Amazon EKS, you must have at least version 1.16.73 of the AWS CLI installed. You can check your AWS CLI version with the following command:

aws –version

4. Create an Amazon EKS cluster

a. Download and Install the Latest AWS CLI

  • Under services, type VPC and click.
  • On the top right select the region as US East (N. Virginia).
  • On the left navigation pane click on subnets.
  • Copy the Subnet ID of the first three subnets and paste in a notepad.
  • Under services type IAM and click.
  • Click on Roles and in the Search bar enter eksServiceRole.
  • Click on the eksServiceRole and copy the Role ARN into a notepad.
  • Under services, type EC2 and click.
  • Click Security Groups and select the ‘EksSecurityGroup’.
  • Copy the Group ID into a notepad.
  • Execute the following command to create a Cluster :

aws eks –region us-east-1 create-cluster –name eksCluster –role-arn ROLE_ARN –resources-vpc-config  subnetIds=SUBNET_1,SUBNET_2,SUBNET_3,securityGroupIds=SECURITY_GROUP

Replace ROLE_ARN with the Role ARN copied in the previous steps.

Replace SUBNET_1,SUBNET_2 and SUBNET_3 with three Subnet Ids copied in the previous steps.

Replace SECURITY_GROUP with the Security Group Id you just copied.

For Example :

aws eks –region us-east-1 create-cluster –name feb13eks –role-arn arn:aws:iam::061350173834:role/eksServiceRole –resources-vpc-config subnetIds=subnet-0eb98944,subnet-9280e0f5,subnet-3196fb6d,securityGroupIds=sg-03acfbcea9ea83ee4

It will take about 5-10 minutes in order to create the cluster.

b. Configure kubectl for Amazon EKS

  • Access the EC2 instance you created and execute the  command :

aws configure

  • Enter the Access Key Id and Secret Access Key. Enter the region as us-east-1(the region where your vpc and cluster was created) and output format as json.
  • To create your kubeconfig file execute the following command :

aws eks –region us-east-1 update-kubeconfig –name eksCluster

  • The resulting configuration file is created at the default kubeconfig path (.kube/config) in your home directory. The kubectl command-line tool uses kubeconfig files to find the information it needs to choose a cluster and communicate with the API server of a cluster.
  • To test your configuration :

kubectl get svc

Output:

NAME             TYPE          CLUSTER-IP      EXTERNAL-IP    PORT(S)    AGE

kubernetes    ClusterIP   10.100.0.1       <none>              443/TCP   1m

c. Launch and Configure Amazon EKS Worker Nodes

  • Under services, type CloudFormation and click.
  • On the top right of the navigation bar, select the region as US East (N. Virginia).
  • Click Create Stack.
  • Select Specify an Amazon S3 template URL and paste the following URL, then click Next.

https://amazon-eks.s3-us-west-2.amazonaws.com/cloudformation/2019-01-09/amazon-eks-nodegroup.yaml

  • Enter the following details :
  • Stack name : eks-worker-nodes
  • ClusterName : eksCluster (the name of the cluster should exactly match)
  • ClusterControlPlaneSecurityGroup : EksSecurityGroup
  • NodeGroupName : eks-node-group
  • NodeAutoScalingGroupMinSize : 1
  • NodeAutoScalingGroupDesiredCapacity : 1
  • NodeAutoScalingGroupMaxSize : 2
  • NodeInstanceType : t2.small
  • NodeImageId : ami-0c5b63ec54dd3fc38
  • NodeVolumeSize : 20
  • KeyName : EksKeyPair
  • VpcId : default
  • Subnets : Copy the three subnet ids that you selected while creating the cluster.
  • And then click Next.
  • Scroll down and click Next again.
  • Check the box next to ‘I acknowledge that AWS CloudFormation might create IAM resources’ and then click create.

It takes around 5 minutes to create the stack.

d. Enable Worker Nodes to join your Cluster

  • Access the EC2 instance that you previously created through putty and execute the following command :

This will download a configmap file. To grant additional AWS users or roles the ability to interact with your cluster, you must edit the aws-auth ConfigMap within Kubernetes.

curl -o https://amazon-eks.s3-us-west-2.amazonaws.com/cloudformation/2019-01-09/aws-auth-cm.yaml

  • Now go to services , type cloudformation and click.
  • Then select the stack of worker nodes you created and click Outputs on the bottom left. And copy the NodeInstanceRole of this stack.
  • Now in your EC2 instance run the following commands :

cd ~

sudo vi aws-auth-cm.yaml

  • And then press ‘I’ to enter insert mode .
  • Replace the line <ARN of instance role (not instance profile)> with the NodeInstanceRole you just copied. As shown below :
  • Then execute the following command :

cd ~

kubectl apply –f aws-auth-cm.yaml

This command will enable the worker nodes to join the cluster.

  • We can check our instances running in the cluster by executing the following command :

kubectl get nodes

5. Deploying the application on the Kubernetes cluster

a. Clone the Deployment and Service files from github

git clone https://github.com/reviewscholar/DeploymentFiles

  • Move to the cloned directory :

cd DeploymentFiles/

This directory contains scripts for deployments and services.

The Deployment instructs Kubernetes how to create and update instances of your application. Once you’ve created a Deployment, the Kubernetes master schedules mentioned application instances onto individual Nodes in the cluster.

A Service in Kubernetes is an abstraction which defines a logical set of Pods and a policy by which to access them. Services enable a loose coupling between dependent Pods. 

In this directory there are two deployments, one for the Frontend and the other for the Mysql database as a backend.

 There is only one replica of the database and it runs on a container on a different pod, on any one of the worker nodes and is accessible to any number of the frontend pods.

Deployments and services can be defined using yaml or json format.

b. Deploy the application

To deploy the application execute these following commands which will create the necessary deployments and services :

kubectl create -f mysql-secret.yml

kubectl create -f Application-Deployment.yml

kubectl create -f Application-Service.yml

kubectl create -f Mysqldb-Deployment.yml

kubectl create -f Mysqldb-Service.yml

  • We can check the deployments, the services created and the pods created using the following commands.

To check the deployments :

kubectl get deployments

To check the services :

kubectl get svc

To check the pods :

kubectl get pods

To check the secret we defined for the mysql password :

kubectl get secrets

  • Once all the deployments and services are created. It should look like this :

c. Accessing the deployed application

  • To access the deployed application, we have to get the public IP where the application pod is running.
  • To get that, run the command :

kubectl get pods

  • Copy the name of the application deployment, any one of the first two deployments would do :
  • Then paste the copied name in place of application_deployment_name in the following command.

kubectl describe pod application_deployment_name

  • This will give the entire description about the pod and also the node which it is running on. Make a note of the IP address of the Node it is running on.
  • Now login to the aws account on the browser and under services type EC2 and click.
  • There must be EC2 instances of the name eksCluster-eksNodeGroup-Node.
  • Select such an instance and then match the private IP of the instance with IP address you noted in the previous step.
  • Copy the public IP of that instance and try to access it in the browser as follows :

Public_IP_of_Instance:30914/application/login                                                                                                 

Note : Replace the Public_IP_of_Instance with the IP address you copied. This URL must be blocked by the proxy, so you will have to use your mobile hotspot to access the application on your browser.

  • Once we access the IP on the browser, the following page should show up :
  • Now click Create an account. And enter the relevant details.
  • Then it will log you in and greet you with a message. At this point of time the username and password is stored in the database.
  • Click Logout. This will take you back to the login page.
  • The next time we try to login we can give the same credentials that we used to create a user. The application will authenticate it from the database.

Hence we have successfully setup an Amazon EKS Infrastructure and also deployed a sample application on the AWS EKS Cluster.

Leave a Reply

Your email address will not be published. Required fields are marked *