Getting Started with Amazon Elastic kubernetes Service (AWS EKS)

No comments

Kubernetes is scalable open source tool that manages the container orchestration in a very effective way. It provides you a platform to deploy your applications with few commands. AWS EKS stands for Amazon Elastic kubernetes service which is AWS managed service where it takes care of managing infrastructure to deployments to further scaling containerized applications.

In this tutorial, you will learn from basics of kubernetes to Amazon EKS.

Table of Content

  1. What is Kubernetes?
  2. What is Amazon Elastic Kubernetes Service (Amazon EKS)
  3. Prerequisites
  4. Install Kubectl in Windows
  5. Install Kubectl in Linux
  6. How to create new Kubernetes cluster in Amazon EKS
  7. Configure & Connect your Local machine to communicate with your cluster
  8. Conclusion

What is Kubernetes?

Kubernetes is an open source container orchestration engine for automating deployments, scaling and managing the containers applications. Kubernetes is an open source Google based tool. It is also known as k8s. It can run on any platforms such as on premises , hybrid or public cloud.

Features of kubernetes

  1. kubernetes scales very well.
  2. Load balancing
  3. Auto restarts if required
  4. Self healing and automatic rollbacks.
  5. You can manage configurations as well like secrets or passwords
  6. Kubernetes can be mounted with various storages such as EFS and local storage.
  7. Kubernetes works very well with networking components such as NFS , flocker etc. automatically.

Kubernetes Components

  • Pod: Pods are group of containers which have shared storage and network.
  • Service: Services are used when you want to expose the application outside of your local environment.
  • Ingress: Ingress helps in exposing http/https routes from outside world to the services in your cluster.
  • ConfigMap: Pod consume configmap as environmental values or command line argument in configuration file .
  • Secrets: Secrets as name suggest it stores sensitive information such as password, OAuth tokens, SSH keys etc.
  • Volumes: These are persistent storage for containers.
  • Deployment: Deployment is additional layer which helps to define how Pod and containers should be created using yaml files.

What is AWS EKS (Amazon Elastic Kubernetes Services) ?

Amazon provides its own managed service AWS EKS where you can host kubernetes without needing to install, operate, and maintain your own Kubernetes control plane or nodes etc. It gives you a platform to host kubernetes control node and applications or service inside it. There are some basic points related to EKS as follows:

  • It expands and scales Kubernetes control plane across many availability zones so that there is always a high availability.
  • It automatically scales and fix control plane instances if any instance is impacted or unhealthy node.
  • It is integrated with various other AWS services such as IAM for authentication, VPC for Isolation , ECR for container images & ELB for load distribution etc.
  • It is very secure service.

How does AWS EKS service work?

  • First step in EKS is to create EKS cluster using AWS CLI or AWS Management console.
  • Next launch self managed EC2 instance where you deploy applications or deploy workloads to AWS Fargate which manages it for you.
  • After cluster is setup , Connect to kubernetes cluster using kubectl commands.
  • Finally deploy and run applications on EKS cluster.

Prerequisites

  • You must have AWS account in order to setup cluster in AWS EKS with full access to AWS EKS. If you don’t have AWS account, please create a account from here AWS account.
  • AWS CLI installed. If you don’t have it already install it from here.

Install Kubectl on Windows machines

  • Open PowerShell and run the command.
curl -o kubectl.exe https://amazon-eks.s3.us-west-2.amazonaws.com/1.19.6/2021-01-05/bin/windows/amd64/kubectl.exe
  • Now verify in C drive if binary file has been downloaded succesfully.
  • Now run kubectl binary file and verify the client.
  • Verify its version with the following command
kubectl version --short --client

Install Kubectl on Linux machine

  • Download the kubectl binary using curl command on ubuntu machine under home directory ie. $HOME
curl -o kubectl https://amazon-eks.s3.us-west-2.amazonaws.com/1.19.6/2021-01-05/bin/linux/amd64/kubectl
  • Apply execute permissions to the binary
chmod +x ./kubectl
  • Copy the binary to a folder in your PATH
mkdir -p $HOME/bin && cp ./kubectl $HOME/bin/kubectl && export PATH=$PATH:$HOME/bin
  • Verify the kubectl version on ubuntu machine
kubectl version --short --client

Amazon EKS Clusters

An Amazon EKS cluster components:

  1. The Amazon EKS control plane is not shared between any account nor with any other clusters. Control Panel contains at least two API servers which are exposed via Amazon EKS endpoint associated with the cluster and three etcd instances which are associated with Amazon EBS volumes which are encrypted using AWS KMS. Amazon EKS automatically monitors load on control panel and removes unhealthy instances when needed. Amazon EKS uses Amazon VPC network policies to restrict traffic between control plane components to within a single cluster.
  2. Amazon EKS nodes are registered with the control plane via the API server endpoint and a certificate file that is created for your cluster. Your Amazon EKS cluster can schedule pods on any combination of Self-managed nodes, Amazon EKS Managed node groups, and AWS Fargate.
    • Self-managed nodes
      • Can run containers that require Windows and Linux.
      • Can run workloads that require Arm processors.
      • All of your pods on each of your nodes share a kernel runtime environment with other pods.
      • If the pod requires more resources than requested, and resources are available on the node, the pod can use additional resources.
      • Can assign IP addresses to pods from a different CIDR block than the IP address assigned to the node.
      • Can SSH into node
    • Amazon EKS Managed node groups
      • Can run containers that require Linux.
      • Can run workloads that require Arm processors.
      • All of your pods on each of your nodes share a kernel runtime environment with other pods.
      • If the pod requires more resources than requested, and resources are available on the node, the pod can use additional resources.
      • Can assign IP addresses to pods from a different CIDR block than the IP address assigned to the node.
      • Can SSH into node
    • AWS Fargate
      • Can run containers that require Linux.
      • Here Each pod has a dedicated kernel.
      • The pod can be re-deployed using a larger vCPU and memory configuration though.
      • There is no Node.
      • As there is no Node, you cannot SSH into node
  1. Workloads: A container contains one or more pods. Workloads define applications running on a Kubernetes cluster. Every workload controls pods. There are five types of workloads on a cluster.
    • Deployment: Ensures that a specific number of pods run and includes logic to deploy changes
    • ReplicaSet: Ensures that a specific number of pods run. Can be controlled by deployments.
    • StatefulSet : Manages the deployment of stateful applications
    • DaemonSet  Ensures that a copy of a pod runs on all (or some) nodes in the cluster
    • Job: Creates one or more pods and ensures that a specified number of them run to completion
  • By default, Amazon EKS clusters have three workloads:
    • coredns: A deployment that deploys two pods that provide name resolution for all pods in the cluster.
    • aws-node A Daemon Set that deploys one pod to each Amazon EC2 node in your cluster which runs the AWS VPC CNI controller, that provides VPC networking functionality to the pods and nodes in your cluster.
    • kube-proxy: A DaemonSet that deploys one pod to each Amazon EC2 node in your cluster which maintains network rules on nodes that enable networking communication to your pods.

Creating Kubernetes cluster in Amazon EKS

In this demonstration we will create and setup kubernetes cluster in Amazon EKS using Amazon management console and AWS CLI commands. Before we start make sure you have VPC created and IAM role with Full access to EKS permissions.

  • We already have one VPC in every AWS account by default. If you wish to create another VPC specifically for AWS EKS in AWS account you can create it.
  • Hop over to IAM service and create a IAM policy with full EKS permissions.
  • Click on Create policy and then click on choose service
  • Now give a name to the policy and click create
  • Now Go to IAM role and create a role.
  • Now choose EKS service and then select EKS cluster as your use case:
  • Give a name to role and then hit create role
  • Now attach a policy to IAM role which we created.
  • Also I point here , please add STS permissions to the role’s Trust relationship which will be required when client makes request.
  • Make sure your JSON policy should like this.
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "*",
        "Service": "eks.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
  • So now we are done with IAM role and policy attachment , we can now create and work with kubernetes cluster.
  • Now go to AWS EKS console and click on Create cluster
  • Now add all the configurations
  • Now add VPC details and two public subnets if you have. You can skip subnets as of now.
  • Keep hitting NEXT and finally click on Create cluster
  • Lets verify if cluster is up and active . It takes sometime for cluster to come up.

Now, kubernetes cluster on AWS EKS is successfully created. Now lets initiate communication from client which we installed to the kubernetes cluster.

Configure & Connect your Local machine to communicate with your cluster

Up to now we created Kubernetes cluster in AWS EKS with proper IAM role permissions and configuration , but please make sure to configure AWS credentials on local machine to match with same IAM user or IAM role used while creating the cluster. That means use same IAM user or IAM role credentials in local machine which we used to create Kubernetes cluster.

  • Open Visual studio or GIT bash or command prompt.
  • Now , configure kubeconfig to make communication from your local machine to Kubernetes cluster in AWS EKS
aws eks update-kubeconfig --region us-east-2 --name Myekscluster
  • Now finally test the communication between local machine and cluster .
kubectl get svc

Great you can see the connectivity from our local machine to Kubernetes cluster !!

Create nodes on Kubernetes cluster

Amazon EKS cluster can schedule pods on any combination of self managed nodes, Amazon EKS managed nodes and AWS Fargate.

Amazon EKS Managed node group

  • With Amazon managed node group you don’t need to provision or register Amazon EC2 instances. All the managed nodes are part of Amazon EC2 auto scaling group.
  • You can add a managed node group to new or existing clusters using the Amazon EKS console, eksctl, AWS CLI; AWS API, or using AWS Cloud Formation. Managed node group manage Amazon EC2 instances for you.
  • A managed node group’s Auto Scaling group spans all of the subnets that you specify when you create the group.
  • Amazon EKS managed node groups can be launched in both public and private subnets.
  • You can create multiple managed node groups within a single cluster

Creating Managed node group using AWS Management Console.

  • Go to Amazon EKS page and there navigate to the Configuration tab, select the Compute tab, and then choose Add Node Group and fill all the details such as name , node IAM role that you created earlier while creating the cluster.
  • Next, On the Set compute and scaling configuration page, enter all the details such as Instance type, Capacity type and then click on NEXT
  • Now , add the networking details such as VPC details, subnets, SSH Keys details.
  • You can also find details of node from your location machine by running the following commands.
aws eks update-kubeconfig --region us-east-2 --name "YOUR_CLUSTER_NAME"
kubectl get nodes --watch

Lets learn how to create Fargate(Linux) nodes and use them in kubernetes cluster.

  • In order to create Fargate(Linux) nodes first thing you need to do is to create Fargate profile. This profile is needed because when any pod gets deployed in Fargate it first matches the desired configuration from the profile then it gets deployed. The configuration contains permissions such as ability of pod to get the containers image from ECR etc. You can find the steps to create Fargate profile from here.

Conclusion

In this tutorial , we definitely learnt a lot . Firstly we went through detailed view of what is kubernetes , what is Amazon Elastic Kubernetes service ie. AWS EKS . Then we learnt how to install kubernetes client kubectl on windows as well as Linux machine and finally we created Kubernetes cluster and connected using kubectl client.

Hope you had wonderful experience going through this ultimate Guide of kubernetes and EKS. If you like this , please share with your friends and spread the word.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s