- Kubernetes is an open-source platform for automating containerized application deployment, scaling, and management.
- AWS offers managed Kubernetes services through Amazon EKS (Elastic Kubernetes Service), which simplifies the process of running Kubernetes clusters on AWS infrastructure.
- Amazon EKS is a managed service that simplifies running Kubernetes on AWS by handling the control plane and providing integration with AWS services.
-
Using AWS Management Console:
- Go to the Amazon EKS console.
- Click Create cluster.
- Follow the wizard to configure cluster settings, including VPC, subnets, and IAM roles.
-
Using AWS CLI:
aws eks create-cluster --name my-cluster --role-arn arn:aws:iam::123456789012:role/EKS-Cluster-Role --resources-vpc-config subnetIds=subnet-0bb1c79de4EXAMPLE,subnet-0bb1c79de4EXAMPLE
-
Update kubeconfig:
aws eks update-kubeconfig --name my-cluster
-
Create Node Group Using Console:
- Go to the Amazon EKS console.
- Select your cluster.
- Navigate to the Compute tab and click Add Node Group.
- Configure settings such as instance types, scaling options, and IAM roles.
-
Create Node Group Using AWS CLI:
aws eks create-nodegroup --cluster-name my-cluster --nodegroup-name my-node-group --scaling-config minSize=1,maxSize=3,desiredSize=2 --disk-size 20 --subnets subnet-0bb1c79de4EXAMPLE,subnet-0bb1c79de4EXAMPLE --instance-types t3.medium --node-role arn:aws:iam::123456789012:role/EKS-Node-Role
-
Create IAM Roles:
- EKS Cluster Role: Grants EKS permissions to interact with AWS services.
- Node Instance Role: Grants permissions for the worker nodes.
-
Attach Policies:
- AmazonEKSClusterPolicy
- AmazonEKSWorkerNodePolicy
- AmazonEC2ContainerRegistryReadOnly
-
Create VPC:
aws ec2 create-vpc --cidr-block 10.0.0.0/16
-
Create Subnets:
aws ec2 create-subnet --vpc-id vpc-0bb1c79de4EXAMPLE --cidr-block 10.0.1.0/24 --availability-zone us-west-2a
-
Configure Security Groups:
- Allow inbound traffic on port 443 (Kubernetes API server).
- Allow outbound traffic for node communication.
-
Use Amazon VPC CNI Plugin:
- Ensures that Kubernetes pods get IP addresses from the VPC network.
kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/master/config/v1.12/aws-k8s-cni.yaml
-
Create a Deployment:
apiVersion: apps/v1 kind: Deployment metadata: name: my-deployment spec: replicas: 2 selector: matchLabels: app: my-app template: metadata: labels: app: my-app spec: containers: - name: my-container image: my-image:latest ports: - containerPort: 80
-
Apply the Deployment:
kubectl apply -f deployment.yaml
-
Create a Service:
apiVersion: v1 kind: Service metadata: name: my-service spec: selector: app: my-app ports: - protocol: TCP port: 80 targetPort: 80 type: LoadBalancer
-
Apply the Service:
kubectl apply -f service.yaml
-
Install NGINX Ingress Controller:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/aws/deploy.yaml
-
Create an Ingress Resource:
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: my-ingress spec: rules: - host: myapp.example.com http: paths: - path: / pathType: Prefix backend: service: name: my-service port: number: 80
- Create and Attach an EBS Volume:
-
Create Volume:
aws ec2 create-volume --size 10 --availability-zone us-west-2a --volume-type gp2
-
Attach Volume:
aws ec2 attach-volume --volume-id vol-0bb1c79de4EXAMPLE --instance-id i-0bb1c79de4EXAMPLE --device /dev/xvdf
-
-
Create a Persistent Volume:
apiVersion: v1 kind: PersistentVolume metadata: name: my-pv spec: capacity: storage: 10Gi accessModes: - ReadWriteOnce hostPath: path: /mnt/data
-
Create a Persistent Volume Claim:
apiVersion: v1 kind: PersistentVolumeClaim metadata: name: my-pvc spec: accessModes: - ReadWriteOnce resources: requests: storage: 10Gi
-
Install CloudWatch Agent:
kubectl apply -f https://s3.amazonaws.com/amazoncloudwatch-agent-kubernetes/amazon-cloudwatch-agent.yaml
-
Configure CloudWatch Logs:
- Create log groups and streams in CloudWatch.
- Set up IAM roles to allow Kubernetes to push logs to CloudWatch.
-
Install Prometheus:
kubectl create namespace monitoring kubectl apply -f https://github.com/prometheus/prometheus/releases/download/v2.26.0/prometheus-2.26.0.yaml
-
Install Grafana:
kubectl apply -f https://raw.githubusercontent.com/grafana/grafana/main/deploy/kubernetes/grafana-deployment.yaml
-
Configure Prometheus and Grafana:
- Set up Prometheus as a data source in Grafana.
- Import pre-built dashboards or create custom ones.
-
Create IAM Role for Service Account:
aws iam create-role --role-name my-k8s-role --assume-role-policy-document file://trust-policy.json
-
Attach Policies:
aws iam attach-role-policy --role-name my-k8s-role --policy-arn arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess
-
Associate IAM Role with Kubernetes Service Account:
apiVersion: v1 kind: ServiceAccount metadata: name: my-service-account annotations: eks.amazonaws.com/role-arn: arn:aws:iam::123456789012:role/my-k8s-role
-
Create a Network Policy:
apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: allow-front-end spec: podSelector: matchLabels: role: front-end ingress: - from: - podSelector: matchLabels: role: back-end
-
Create a Kubernetes Secret:
kubectl create secret generic my-secret --from-literal=password=my-password
-
Access Secret in Pods:
apiVersion: v1 kind: Pod metadata: name: my-pod spec: containers: - name: my-container image: my-image env: - name: MY
_SECRET valueFrom: secretKeyRef: name: my-secret key: password
---
## 9. Auto-scaling and Load Balancing
### Horizontal Pod Autoscaler
- **Create Horizontal Pod Autoscaler**:
```bash
kubectl autoscale deployment my-deployment --cpu-percent=50 --min=1 --max=10
-
Install Cluster Autoscaler:
kubectl apply -f https://github.com/kubernetes/autoscaler/releases/download/<version>/cluster-autoscaler-v<version>.yaml
-
Configure ELB for Load Balancing:
- Ensure the service type is
LoadBalancer.
apiVersion: v1 kind: Service metadata: name: my-service spec: type: LoadBalancer selector: app: my-app ports: - protocol: TCP port: 80 targetPort: 80
- Ensure the service type is
-
Create Snapshot:
aws ec2 create-snapshot --volume-id vol-0bb1c79de4EXAMPLE --description "My snapshot" -
Restore from Snapshot:
aws ec2 create-volume --snapshot-id snap-0bb1c79de4EXAMPLE --availability-zone us-west-2a
-
Use Velero for Backup and Restore:
-
Install Velero:
velero install --provider aws --bucket <bucket-name> --secret-file <credentials-file> --backup-location-config region=<region>
-
-
Create a Backup:
velero backup create my-backup --include-namespaces my-namespace
- Upgrade Control Plane:
-
Using Console: Select your cluster and choose to upgrade.
-
Using CLI:
aws eks update-cluster-version --name my-cluster --kubernetes-version 1.21
-
-
Update Node Groups:
aws eks update-nodegroup-version --cluster-name my-cluster --nodegroup-name my-node-group --release-version 1.21
- Monitor Cluster Health: Use AWS CloudWatch and Prometheus for monitoring.
- Check for Vulnerabilities: Regularly scan images and clusters for security vulnerabilities.